chore(deps): bump prd

[sajidk1]

This PR contains the following updates:

Package	Type	Update	Change
github.com/cloudposse/terraform-null-label	github	patch	0.24.0 -> 0.24.1
gruntwork-io/terragrunt		minor	0.28.18 -> 0.31.3
hashicorp/terraform		minor	0.14.8 -> 0.15.5

---

Release Notes

cloudposse/terraform-null-label

v0.24.1

Compare Source

Allow control of letter case of outputs @​SweetOps (#​107)

You now have control over the letter case of generated tag names and supplied labels, which means you also have control over the letter case of the ultimate id.

Labels are the elements you can include in label_order, namely namespace, environment, stage, name, and attributes. For every non-empty label, a corresponding tag name is generated. For namespace, environment, stage, the output is the formatted, normalized input. (By "normalized" we mean that it goes through regex_replace_chars.), For attributes, which is a list, each element is normalized, duplicates are removed, and the resulting list is converted to a string by joining the elements with the delimiter (defaults to hyphen). For name, which is special, the output is the same as id, which is the joining of the labels in the order specified by label_order and separated by delimiter.

• You can set label_key_case to one of upper, lower, or title, which will result in generated tag names in the corresponding case: NAME, name, or Name. For backwards compatibility, title is the default
• You can set label_value_case to one of upper, lower, title, or none, which will result in output label values in the corresponding case (with none meaning no case conversion of any kind will be done, though the labels will still be subject to regex_replace_chars). The case converted labels will show up not just in the module output of the labels themselves, but also in the tag values and in the id string.

You can look at the test cases in examples/complete and the expected results in test/src/examples_complete_test.go to see examples of how this is supposed to work.

One interesting example is that you can create ids in Pascal case by setting label_value_case = "title" and delimiter = "".

Include updates to exports/context.tf @​Nuru (#​122 and #​123)

#### what - Include updates to `exports/context.tf` - Update README with features and compatibilty - Add validation for `id_length_limit` #### why - The `exports/context.tf` is what gets distributed and needs to be in sync - Replace outdated information - Was not validated earlier because validators are not supported in TF 0.12 but now we are dropping support for TF 0.12 and so we can add validators

Restore backward compatibility with v0.22.1 and earlier @​Nuru (#​121)

#### what - Restore backward compatibility with v0.22.1 and earlier - Allow setting of `label_key_case` and `label_value_case` by vars, not just by context attributes. #### why - Allow interoperability of old and new modules - Normally, root modules make settings via individual variables, not by setting an entire context block.

Incorporates and closes #​120

gruntwork-io/terragrunt

v0.31.3

Compare Source

Updated CLI args, config attributes and blocks

• include [block]

Description

• Added deep merge strategy for include. Refer to the updated documentation for more information on what deep merge means.

Related links

• Deep merge strategy gruntwork-io/terragrunt#1759

v0.31.2

Compare Source

Updated CLI args, config attributes and blocks

• include [block]

Description

• Added new attribute to include: merge_strategy. merge_strategy indicates how the included parent config should be merged with the child config. Currently, this only supports no_merge and shallow. When omitted, the merge strategy defaults to shallow (the same strategy as previous versions).

Related links

• Introduce concept of merge strategy for includes gruntwork-io/terragrunt#1724

v0.31.1

Compare Source

Updated CLI args, config attributes and blocks

• CLI args

Description

• Addressed bug where plan file args were not always passed to the end of the arg list when calling terraform. Now terragrunt will check all the args and determine if an arg is a plan file (a filename that exists on disk and ends with extension tfplan), and if it is, feed it to the end of the args list.

Special thanks

• A special thank you to @​PertsevRoman for the fix!

Related links

• fix: Check planfile and put it in the end of an arguments list gruntwork-io/terragrunt#1740

v0.31.0

Compare Source

Description

• Terraform 1.0 support: We are now testing Terragrunt against Terraform 1.0 and is confirmed to be working.
• Terraform functions have been updated to the versions shipped with Terraform 0.15.3 (previously the functions were pulled in from Terraform 0.12.24). These may include backward incompatibilities. Refer to the terraform release notes for more information.

Related links

gruntwork-io/terragrunt#1726

v0.30.7

Compare Source

Updated CLI args, config attributes and blocks

• include [block]

Description

Fix bug where using an exposed include with local in the same expression did not work when referencing in locals blocks.

Related links

gruntwork-io/terragrunt#1727
gruntwork-io/terragrunt#1728

v0.30.6

Compare Source

Updated CLI args, config attributes and blocks

• remote_state [block]

Description

• Fix the way the remote_state block handles the AWS partition settings so that it works correctly with GovCloud.

Special thanks

• A special thank you to @​ryno75 for the fix!

Related links

• Resolves #1369 gruntwork-io/terragrunt#1718

v0.30.5

Compare Source

Updated CLI args, config attributes and blocks

• include [block]

Description

Fix bug where exposing include did not work when referencing in locals blocks.

Related links

gruntwork-io/terragrunt#1721
gruntwork-io/terragrunt#1723

v0.30.4

Compare Source

Updated CLI args, config attributes and blocks

• include [block]

Description

You can now access values from included config. E.g., if you want to access a local var region defined in the parent terragrunt config, you can reference include.locals.region in the child config.

Note that there are a few limitations/differences with read_terragrunt_config:

• include references do not include fetched dependencies. This will change in the future.
• include references are not automatically available. You must set the new expose attribute to true to access the included references.
• At the moment, you can only have a single include block in the child, and you can only include one level deep (no nested includes). This will change in the future.

(This is the first of several features that implement the Imports RFC)

Related links

gruntwork-io/terragrunt#1566
gruntwork-io/terragrunt#1716

v0.30.3

Compare Source

Updated CLI args, config attributes and blocks

• run-all [command]

Description

Improved error messaging when multiple errors are returned.

Special thanks

Special thanks to @​derom for their contribution!

Related links

gruntwork-io/terragrunt#1703

v0.30.2

Compare Source

Updated CLI args, config attributes and blocks

• aws-provider-patch (command)

Description

Improve error messages in aws-provider-patch when the json input is malformed.

Related links

gruntwork-io/terragrunt#1715

v0.30.1

Compare Source

Updated CLI args, config attributes and blocks

• hclfmt (command)

Description

Updated documentation and help text in hclfmt command to clarify that it works on all files with hcl extension, not just terragrunt.hcl.

Special thanks

Special thanks to @​edgarsandi for their contribution!

Related links

gruntwork-io/terragrunt#1713

v0.30.0

Compare Source

Updated CLI args, config attributes and blocks

• aws-provider-patch (command)

Description

aws-provider-patch now supports additional data types. Previously aws-provider-patch only supported patching strings, which made it impossible to patch provider attributes that are not strings (e.g., the allowed_account_ids attribute of the aws provider, which is list(string) type).

Note that to support this, the aws-provider-patch now expects attribute values to be json encoded when passed in. That means that you need to quote the values in order for it to work. For example, if you previously ran:

terragrunt aws-provider-patch --terragrunt-override-attr region=us-east-2

you need to update the call to:

terragrunt aws-provider-patch --terragrunt-override-attr 'region="us-east-2"'

Related links

gruntwork-io/terragrunt#1714
gruntwork-io/terragrunt#1709

v0.29.10

Compare Source

Updated CLI args, config attributes and blocks

• yamldecode (helper function)

Description

Fix bug where yamldecode is unable decode certain forms of yaml.

Special thanks

Special thanks to @​andreykaipov for the contribution!

Related links

gruntwork-io/terragrunt#1706

v0.29.9

Compare Source

Updated CLI args, config attributes and blocks

• --terragrunt-include-external-dependencies

Description

You can now configure the --terragrunt-include-external-dependencies setting via the environment variable TERRAGRUNT_INCLUDE_EXTERNAL_DEPENDENCIES.

Special thanks

Special thanks to @​elebertus for the contribution!

Related links

gruntwork-io/terragrunt#1548

v0.29.8

Compare Source

Updated CLI args, config attributes and blocks

• --terragrunt-debug

Description

You can now control the --terragrunt-debug flag using the TERRAGRUNT_DEBUG environment variable.

Related links

gruntwork-io/terragrunt#1698

v0.29.7

Compare Source

Updated CLI args, config attributes and blocks

• iam_role

Description

Fix a bug where Terragrunt would not properly assume the IAM role specified via the iam_role parameter if you were using AWS SSO.

Special thanks

Thank you to @​stevie- for the contribution!

Related links

• fix(aws_helper): make sure AWS SSO shared profiles are considered by default gruntwork-io/terragrunt#1689

v0.29.6

Compare Source

Updated CLI args, config attributes and blocks

• --help

Description

Update the usage text for Terragrunt to reflect that options should go after the command. There should be no impact on Terragrunt's behavior in this release.

Special thanks

Thank you to @​Tarasovych for the contribution!

Related links

• Update command usage gruntwork-io/terragrunt#1687

v0.29.5

Compare Source

Updated CLI args, config attributes and blocks

• --terragrunt-source-map [CLI Arg]

Description

You can now configure the Terragrunt source map option using the environment variable TERRAGRUNT_SOURCE_MAP. You can configure multiple mappings using comma separated value encoding. For example, the following configures three mappings:

github.com/org/modules.git=/local/path/to/modules,gitlab.com/org-lab/modules.git=/local/path/to/modules,bitbucket.org/bitorg/modules.git=/local/path/to/modules,gitlab.com/org-lab/modules.git=/local/path/to/modules

Related links

• Add support for setting terragrunt-source-map using env vars gruntwork-io/terragrunt#1676

v0.29.4

Compare Source

Updated CLI args, config attributes and blocks

• --terragrunt-iam-assume-role-duration [new CLI Arg]
• iam_assume_role_duration [new config]

Description

You can now use the new CLI arg and config setting to configure the duration for the IAM role from --terragrunt-iam-role.

Special thanks

Thank you to @​thehunt33r for the contribution!

Related links

• Add support for STS duration option gruntwork-io/terragrunt#1673

v0.29.3

Compare Source

Updated CLI args, config attributes and blocks

• --terragrunt-source-map [CLI Arg]

Description

This release introduces --terragrunt-source-map, which can be used to provide multiple mappings to translate terragrunt source URLs in the config with another path. See the documentation for more information.

Related links

• Implement --terragrunt-source-map gruntwork-io/terragrunt#1674

v0.29.2

Compare Source

Updated CLI args, config attributes and blocks

• get_aws_account_id [func]
• get_aws_caller_identity_arn [func]
• get_aws_caller_identity_user_id [func]

Description

• Fixes bug where the default credentials chain for the get_aws_** functions ignored the config file (~/.aws/config).

Related links

• Honor the shared config in the default session gruntwork-io/terragrunt#1663

v0.29.1

Compare Source

Updated CLI args, config attributes and blocks

• remote_state ; s3

Description

• Fixes bug where AWS profile based authentication was not fully honored when automatic s3 bucket creation was happening.

Related links

• remote_state backend S3 bucket parameters not set when using an assumed role profile gruntwork-io/terragrunt#1650
• Fix #1650: Make sure credentials for STS get caller identity uses the configuration parameters gruntwork-io/terragrunt#1654

v0.29.0

Compare Source

Updated CLI args, config attributes and blocks

• (none)

Description

• Update Terragrunt to work with Terraform 0.15. There are no code or behavior changes, but marking this release as incompatible because from this release onwards, we are only testing with Terraform 0.15 and up.

Related links

• Update to Terraform 0.15 gruntwork-io/terragrunt#1651

v0.28.24

Compare Source

Updated CLI args, config attributes and blocks

• skip_bucket_versioning

Description

• If skip_bucket_versioning is set to true, and you are using GCS as a backend, Terragrunt will not only not enable versioning automatically, but now it will also no longer try to check if versioning is enabled either.

Special thanks

• Thank you to @​davidalger for the fix!

Related links

• Only check if versioning is enabled on GCS bucket when skip_bucket_versioning is false gruntwork-io/terragrunt#1610

v0.28.23

Compare Source

Updated CLI args, config attributes and blocks

• get_terraform_commands_that_need_locking()

Description

• Remove init from the list of commands returned by get_terraform_commands_that_need_locking(), as init does not support locking, and as of Terraform 0.15, will exit with an error if you try to use the lock parameters with it.

Special thanks

• Thank you to @​grimm26 for the fix!

Related links

• Remove init from TERRAFORM_COMMANDS_NEED_LOCKING gruntwork-io/terragrunt#1642

v0.28.22

Compare Source

Updated CLI args, config attributes and blocks

• sops_decrypt_file()

Description

• Updated the versions of sops, aws-sdk-go, and vault libraries that we depend on. As a result, the sops_decrypt_file() function should now work with data encrypted via HashiCorp Vault.

Special thanks

• Thank you to @​teamfighter for the contribution!

Related links

• Added vault support for sops encryption mechanism gruntwork-io/terragrunt#1564

v0.28.21

Compare Source

Updated CLI args, config attributes and blocks

• get_original_terragrunt_dir() [NEW]
• generate
• remote_state

Description

• Added a new get_original_terragrunt_dir() helper, which returns the directory where the original Terragrunt configuration file (by default terragrunt.hcl) lives. This is primarily useful when one Terragrunt config is being read from another: e.g., if /terraform-code/terragrunt.hcl calls read_terragrunt_config("/foo/bar.hcl"), and within bar.hcl, you call get_original_terragrunt_dir(), you'll get back /terraform-code.
• Updated the generate and remote_state settings so that they can be set either as blocks or attributes. This makes it possible to, for example, read these settings from common.hcl using read_terragrunt_config and set them dynamically.

Related links

• Add new get_original_terragrunt_dir() helper gruntwork-io/terragrunt#1637
• Allow generate and remote_state to be set as attrs gruntwork-io/terragrunt#1639

v0.28.20

Compare Source

Updated CLI args, config attributes and blocks

• --terragrunt-strict-include

Description

• When you pass in --terragrunt-strict-include, Terragrunt will now only execute within the directories passed in via --terragrunt-include-dir. If you set --terragrunt-strict-include, but don't pass in any directories via --terragrunt-include-dir, then Terragrunt will exit without doing anything. This is arguably a backwards incompatible change, but this is the behavior the --terragrunt-strict-include flag was intended to have originally, and is less surprising, so we're treating this as a bug fix.

Special thanks

• Thank you to @​celestialorb for the contribution!

Related links

• Fixing behavior of --terragrunt-strict-include when no --terragrunt-include-dir flags are included gruntwork-io/terragrunt#1631

v0.28.19

Compare Source

Updated CLI args, config attributes and blocks

• retry_max_attempts [NEW]
• retry_sleep_interval_sec [NEW]

Description

• Updated Terragrunt's auto retry functionality so that you can now configure the number of retry attempts and the time between retries using the new config attributes retry_max_attempts and retry_sleep_interval_sec, respectively.
• Switch log level of terragrunt dependency fetching informational messages to debug.

Special thanks

• Thank you to @​andreykaipov for the contribution!

Related links

• Add configurable retries gruntwork-io/terragrunt#1632
• Switch log level of terragrunt dependency fetching informational messages gruntwork-io/terragrunt#1628

hashicorp/terraform

v0.15.5

Compare Source

0.15.5 (June 02, 2021)

BUG FIXES:

• terraform plan and terraform apply: Don't show "Objects have changed" notification when the detected changes are only internal details related to legacy SDK quirks. (#​28796)
• core: Prevent crash during planning when encountering a deposed instance that has been removed from the configuration. (#​28766)
• core: Fix crash when rendering changes to deposed instances outside of Terraform. (#​28796)
• core: Restore a missing error when attempting to import a non-existent remote object. (#​28808)
• core: Fix bug where Terraform failed to release the state lock when applying a stale saved plan failed. (#​28819)

v0.15.4

Compare Source

0.15.4 (May 19, 2021)

NEW FEATURES:

• Noting changes made outside of Terraform: Terraform has always, by default, made a point during the planning operation of reading the current state of remote objects in order to detect any changes made outside of Terraform, to make sure the plan will take those into account.

  Terraform will now report those detected changes as part of the plan result, in order to give additional context about the planned changes. We've often heard that people find it confusing when a plan includes a change that doesn't seem to be prompted by any recent change in the configuration, and so this feature is aiming to provide the previously-missing explanation for situations where Terraform is planning to undo a change.

  It can also be useful just as general information when the change won't be undone by Terraform: if you've intentionally made a change outside of Terraform and mirrored that change in your configuration then Terraform will now confirm that it noticed the change you made and took it into account when planning.

  By default this new output is for information only and doesn't change any behavior. If Terraform detects a change you were expecting then you don't need to take any additional action to respond to it. However, we've also added a new planning mode -refresh-only which allows you to explicitly plan and apply the action of writing those detected changes to the Terraform state, which serves as a plannable replacement for terraform refresh. We don't have any plans to remove the long-standing terraform refresh command, but we do recommend using terraform apply -refresh-only instead in most cases, because it will provide an opportunity to review what Terraform detected before updating the Terraform state.

UPGRADE NOTES:

• This release adds some new reserved reference prefixes to make them available for later work. These are resource., template., arg., and lazy.. We don't expect these additions to cause problems for most existing configurations, but could cause a conflict if you are using a custom provider which has a resource type named exactly "resource", "template", "arg", or "lazy". In that unlikely event, you can escape references to resources of those types by adding a resource. prefix; for example, if you have a resource "template" "foo" then you can change references to it from template.foo to resource.template.foo in order to escape the new meaning.

ENHANCEMENTS:

• config: The various functions that compute hashs of files on disk, like filesha256, will now stream the contents of the given file into the hash function in smaller chunks. Previously they would always read the entire file into memory before hashing it, due to following a similar implementation strategy as the file function. (#​28681)
• config: Some new escaping syntax which is not yet useful but will be part of the backward-compatibility story for certain future language editions. (#​28709)
• core: Rsource diagnostics are no longer lost on remote state storage fails (#​28724)
• core: Diagnostics from provisioner failures are now shown in CLI output (#​28753)
• terraform init: add a new -migrate-state flag instead of automatic state migration, to prevent failing when old backend config is not usable (#​28718)
• terraform plan and terraform apply: will now report any changes Terraform detects during the "refresh" phase for each managed object, providing confirmation that Terraform has seen those changes and, where appropriate, extra context to help understand the planned change actions that follow. (#​28634)
• terraform plan and terraform apply: now have a new option -refresh-only to activate the "refresh only" planning mode, which causes Terraform to ignore any changes suggested by the configuration but still detect any changes made outside of Terraform since the latest terraform apply. (#​28634)
• backend/gcs: Terraform Core now supports Workload Identity Federation. The federated JSON credentials must be loaded through the GOOGLE_APPLICATION_CREDENTIALS environment variable. This is also available in the Google Provider in versions newer than v3.61. (#​28296)
• backend/remote: supports several new CLI options when running plans and applies with Terraform Cloud: -refresh=false, -replace, and -refresh-only. (#​28746)

BUG FIXES:

• core: Fix sensitivity handling with plan values, which could cause the sensitive marks to be lost during apply leading to a perpetual diff (#​28687)
• core: Fix crash when specifying SSH bastion_port in a resource connection block (#​28665)
• core: Terraform will now upgrade and refresh (unless disabled) deposed objects during planning, in a similar manner as for objects that have been removed from the configuration. "Deposed" is how Terraform represents the situation where a create_before_destroy replacement failed to destroy the old object, in which case Terraform needs to track both the new and old objects until the old object is successfully deleted. Refreshing these during planning means that you can, if you wish, delete a "deposed" object manually outside of Terraform and then have Terraform detect that you've done so. (#​28634)
• config: Improve the sensitivity support for lookup and length functions, which were accidentally omitted from the larger update in 0.15.1 (#​28509)
• backend/gcs: Fixed a bug where service account impersonation didn't work if the original identity was another service account (#​28139)

v0.15.3

Compare Source

0.15.3 (May 06, 2021)

ENHANCEMENTS:

• terraform show: Add data to the JSON plan output describing which changes caused a resource to be replaced (#​28608)

BUG FIXES:

• terraform show: Fix crash for JSON plan output of new resources with sensitive attributes in nested blocks (#​28624)

v0.15.2

Compare Source

0.15.2 (May 05, 2021)

ENHANCEMENTS:

• terraform plan and terraform apply: Both now support a new planning option -replace=... which takes the address of a resource instance already tracked in the state and forces Terraform to upgrade either an update or no-op plan for that instance into a "replace" (either destroy-then-create or create-then-destroy depending on configuration), to allow replacing a degraded object with a new object of the same configuration in a single action and preview the effect of that before applying it.
• terraform apply: Now has a -destroy option for symmetry with terraform plan -destroy, which makes terraform destroy effectively an alias for terraform apply -destroy. This change is only for consistency between terraform plan and terraform apply; there are no current plans to deprecate terraform destroy. (#​28489)
• core: Update HCL to allow better planning of dynamic blocks (#​28424)
• core: Unmark values when planning data sources (#​28539)

BUG FIXES:

• command/format: Fix various issues with nested-type attribute formatting (#​28600)
• core: Fix JSON plan output to add sensitivity data for provider-specified sensitive attribute values (#​28523)
• cli: Fix missing "forces replacement" UI for attribute changes which are marked as sensitive by the provider (#​28583)
• cli: Fix crash when rendering diagnostic caused by missing trailing quote (#​28598)
• functions: Fix crash when calling setproduct with one or more empty collections (#​28607)

v0.15.1

Compare Source

0.15.1 (April 26, 2021)

ENHANCEMENTS:

• config: Various Terraform language functions now have more precise inference rules for propagating the "sensitive" characteristic values.

  The affected functions are chunklist, concat, flatten, keys, length, lookup, merge, setproduct, tolist, tomap, values, and zipmap. The details are a little different for each of these but the general idea is to, as far as possible, preserve the sensitive characteristic on individual element or attribute values in result structures rather than always conservatively applying sensitivity to the whole result.

  The primary benefit of these improvements is that you can now use these functions as part of constructing maps for for_each in situations where the input collection is never sensitive but some of the elements/attributes inside might be. (#​28446] [#​28460)

• cli: Update the HashiCorp public key (#​28505)

• cli: Diagnostic messages can now be annotated with resource and provider addresses. (#​28275)

• cli: terraform login now has a new user experience for successful log-ins to Terraform Cloud and Terraform Enterprise. (#​28487)

• core: Minor graph performance optimizations. (#​28329)

BUG FIXES:

• config: Fix validation error when passing providers from a non-default namespace into modules. (#​28414)
• cli: Fix missing colors and extraneous resource summary for plan/apply with the remote backend. (#​28409)
• cli: Diagnostics messages will only indicate that a referenced value is sensitive if that value is directly sensitive, as opposed to being a complex-typed value that contains a sensitive value. (#​28442)
• core: Don't trigger data source reads from changes in sibling module instances. (#​28267)
• core: Restore saved dependencies when a resource destroy operation fails. (#​28317)
• core: Fix crash when setting sensitive attributes to a sensitive value. (#​28383)
• core: Loosen output value sensitivity requirement for non-root modules. This means that modules which may receive sensitive values as input variables no longer need to mark all related outputs as sensitive. The requirement for root modules to specify the sensitive attribute for sensitive values remains, with an extended diagnostic message to explain why. (#​28472)
• provisioner: Fix panic with unexpected null values in provisioner configuration (#​28457)

v0.15.0

Compare Source

0.15.0 (April 14, 2021)

UPGRADE NOTES AND BREAKING CHANGES:

The following is a summary of each of the changes in this release that might require special consideration when upgrading. Refer to the Terraform v0.15 upgrade guide for more details and recommended upgrade steps.

• "Proxy configuration blocks" (provider blocks with only alias set) in shared modules are now replaced with a more explicit configuration_aliases argument within the required_providers block. Some support for the old syntax is retained for backward compatibility, but we've added explicit error messages for situations where Terraform would previously silently misinterpret the purpose of an empty provider block. (#​27739)

• The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#​26818)

• Terraform now requires UTF-8 character encoding and virtual terminal support when running on Windows. This unifies Terraform's terminal handling on Windows with that of other platforms, as per Microsoft recommendations. Terraform previously required these terminal features on all other platforms, and now requires them on Windows too.

  UTF-8 and virtual terminal support were introduced across various Windows 10 updates, and so Terraform is no longer officially supported on the original release of Windows 10 or on Windows 8 and earlier. However, there are currently no technical measures to artificially prevent Terraform from running on these obsolete Windows releases, and so you may still be able to use Terraform v0.15 on older Windows versions if you either disable formatting (using the -no-color) option, or if you use a third-party terminal emulator package such as ConEmu, Cmder, or mintty.

  We strongly encourage planning to migrate to a newer version of Windows rather than relying on these workarounds for the long term, because the Terraform team will test future releases only on up-to-date Windows 10 and can therefore not guarantee ongoing support for older versions.

• Built-in vendor provisioners (chef, habitat, puppet, and salt-masterless) have been removed. (#​26938)

• Interrupting execution will now cause terraform to exit with a non-zero exit status. (#​26738)

• The trailing [DIR] argument to specify the working directory for various commands is no longer supported. Use the global -chdir option instead. (#​27664)

  For example, instead of terraform init infra, write terraform -chdir=infra init.

• The -lock and -lock-timeout options are no longer available on terraform init (#​27464)

• The -verify-plugins=false option is no longer available on terraform init. (Terraform now always verifies plugins.) (#​27461)

• The -get-plugins=false option is no longer available on terraform init. (Terraform now always installs plugins.) (#​27463)

• The -force option is no longer available on terraform destroy. Use -auto-approve instead (#​27681)

• The -var and -var-file options are no longer available on terraform validate. These were deprecated and have had no effect since Terraform v0.12. (#​27906)

• terraform version -json output no longer includes the (previously-unpopulated) "revision" property (#​27484)

• In the gcs backend the path config argument, which was deprecated since Terraform v0.11, is now removed. Use the prefix argument instead. (#​26841)

• The deprecated ignore_changes = ["*"] wildcard syntax is no longer supported. Use ignore_changes = all instead. (#​27834)

• Previously deprecated quoted variable type constraints are no longer supported. Follow the instructions in the error message to update your type signatures to be more explicit. For example, use map(string) instead of "map". (#​27852)

• Terraform will no longer make use of the HTTP_PROXY environment variable to determine proxy settings for connecting to HTTPS servers. You must always set HTTPS_PROXY if you intend to use a proxy to connect to an HTTPS server. (Note: This affects only connections made directly from Terraform CLI. Terraform providers are separate programs that make their own requests and may thus have different proxy configuration behaviors.)

• Provider-defined sensitive attributes will now be redacted throughout the plan output. You may now see values redacted as (sensitive) that were previously visible, because sensitivity did not follow provider-defined sensitive attributes.

  If you are transforming a value and wish to force it not to be sensitive, such as if you are transforming a value in such a way that removes the sensitive data, we recommend using the new nonsensitive function to hint Terraform that the result is not sensitive.

• The atlas backend, which was deprecated since Terraform v0.12, is now removed. (#​26651)

• We've upgraded the underlying TLS and certificate-related libraries that Terraform uses when making HTTPS requests to remote systems. This includes the usual tweaks to preferences for different cryptographic algorithms during handshakes and also some slightly-stricter checking of certificate syntax. These changes should not cause problems for correctly-implemented HTTPS servers, but can sometimes cause unexpected behavior changes with servers or middleboxes that don't comply fully with the relevant specifications.

ENHANCEMENTS:

• config: A required_providers entry can now contain configuration_aliases to declare additional configuration aliases names without requirring a configuration block (#​27739)
• config: Improved type inference for conditional expressions. (#​28116)
• config: Provider-defined sensitive attributes will now be redacted throughout the plan output. (#​28036)
• config: New function one for concisely converting a zero-or-one element list/set into a single value that might be null. (#​27454)
• config: New functions sensitive and nonsensitive allow module authors to explicitly override Terraform's default infererence of value sensitivity for situations where it's too conservative or not conservative enough. (#​27341)
• config: Terraform will now emit a warning if you declare a backend block in a non-root module. Terraform has always ignored such declarations, but previously did so silently. This is a warning rather than an error only because it is sometimes convenient to temporarily use a root module as if it were a child module in order to test or debug its behavior separately from its main backend. (#​26954)
• config: Removed warning about interpolation-only expressions being deprecated, because terraform fmt now automatically fixes most cases that the warning would previously highlight. We still recommend using simpler expressions where possible, but the deprecation warning had caused a common confusion in the community that the interpolation syntax is always deprecated, rather than only in the interpolation-only case. (#​27835)
• config: The family of error messages with the summary "Invalid for_each argument" will now include some additional context about which external values contributed to the result, making it easier to find the root cause of the error. (#​26747)
• config: Terraform now does text processing using the rules and tables defined for Unicode 13. Previous versions were using Unicode 12 rules.
• terraform init: Will now make suggestions for possible providers on some registry failures, and generally remind of required_providers on all registry failures. (#​28014)
• terraform init: Provider installation will now only attempt to rewrite .terraform.lock.hcl if it would contain new information. (#​28230)
• terraform init: New -lockfile=readonly option, which suppresses writing changes to the dependency lock file. Any installed provider packages must already be recorded in the lock file, or initialization will fail. Use this if you are managing the lock file via a separate process and want to avoid adding new checksums for existing dependencies. (#​27630)
• terraform show: Improved performance when rendering large plans as JSON. (#​27998)
• terraform validate: The JSON output now includes a code snippet object for each diagnostic. If present, this object contains an excerpt of the source code which triggered the diagnostic, similar to what Terraform would include in human-oriented diagnostic messages. (#​28057)
• cli: Terraform now uses UTF-8 and full VT mode even when running on Windows. Previously Terraform was using the "classic" Windows console API, which was far more limited in what formatting sequences it supported and which characters it could render. (#​27487)
• cli: Improved support for Windows console UI on Windows 10, including bold colors and underline for HCL diagnostics. (#​26588)
• cli: Diagnostic messages now have a vertical line along their left margin, which we hope will achieve a better visual hierarchy for sighted users and thus make it easier to see where the errors and warnings start and end in relation to other content that might be printed alongside. (#​27343)
• cli: Typing an invalid top-level command, like terraform destory instead of destroy, will now print out a specific error message about the command being invalid, rather than just printing out the usual help directory. (#​26967)
• cli: Plugin crashes will now be reported with more detail, pointing out the plugin name and the method call along with the stack trace (#​26694)
• cli: Core and Provider logs can now be enabled separately for debugging, using TF_LOG_CORE and TF_LOG_PROVIDER (#​26685)
• backend/azurerm: Support for authenticating as AzureAD users/roles. (#​28181)
• backend/pg: Now allows locking of each workspace separately, whereas before the locks were global across all workspaces. (#​26924)

BUG FIXES:

• config: Fix multiple upstream crashes with optional attributes and sensitive values. (#​28116)
• config: Fix various panics in the experimental defaults function. (#​27979, #​28067)
• config: Fix crash with resources which have sensitive iterable attributes. (#​28245)
• config: Fix crash when referencing resources with sensitive fields that may be unknown. (#​28180)
• terraform validate: Validation now ignores providers that lack configuration, which is useful for validating modules intended to be called from other modules which therefore don't include their own provider configurations. (#​24896)
• terraform fmt: Fix fmt output when unwrapping redundant multi-line string interpolations (#​28202)
• terraform console: expressions using path (path.root, path.module) now return the same result as they would in a configuration (#​27263)
• terraform show: Fix crash when rendering JSON plans containing iterable unknown values. (#​28253)
• terraform show: fix issue with child_modules not properly displaying in certain circumstances. (#​27352)
• terraform state list: fix bug where nested modules' resources were missing (#​27268)
• terraform state mv: fix display names in errors and improve error when failing to target a whole resource (#​27482)
• terraform taint: show resource name in -allow-missing warning (#​27501)
• terraform untaint: show resource name in -allow-missing warning (#​27502)
• cli: All commands will now exit with an error if unable to read input at an interactive prompt. For example, this may happen when running in a non-interactive environment but without -input=false. Previously Terraform would behave as if the user entered an empty string, which often led to confusing results. (#​26509)
• cli: TF_LOG levels other than trace will now work reliably. (#​26632)
• core: Fix crash when trying to create a destroy plan with -refresh=false. (#​28272)
• core: Extend the Terraform plan file format to include information about sensitivity and required-replace. This ensures that the output of terraform show saved.tfplan matches terraform plan, and sensitive values are elided. (#​28201)
• core: Ensure that stored dependencies are retained when a resource is removed entirely from the configuration, and create_before_destroy ordering is preserved. (#​28228)
• core: Resources removed from the configuration will now be destroyed before their dependencies are updated. (#​28165)
• core: Refresh data sources while creating a destroy plan, in case their results are important for destroy operations. (#​27408)
• core: Fix missing deposed object IDs in apply logs (#​27796)
• backend/azurerm: Fix nil pointer crashes with some state operations. (#​28181, #​26721)
• backend/azure: Fix interactions between state reading, state creating, and locking. (#​26561)

EXPERIMENTS:

• provider_sensitive_attrs: This experiment has now concluded, and its functionality is now on by default. If you were previously participating in this experiment then you can remove the experiment opt-in with no other necessary configuration changes.
• There is now a terraform test command, which is currently an experimental feature serving as part of the Module Testing Experiment.

v0.14.11

Compare Source

0.14.11 (April 26, 2021)

ENHANCEMENTS:

• cli: Update the HashiCorp public key (#​28503)

v0.14.10

Compare Source

0.14.10 (April 07, 2021)

BUG FIXES:

• cli: Only rewrite provider locks file if its contents has changed. (#​28230)

v0.14.9

Compare Source

0.14.9 (March 24, 2021)

BUG FIXES:

• backend/remote: Fix error when migrating existing state to a new workspace on Terraform Cloud/Enterprise. (#​28093)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by Renovate Bot.