Merge pull request #31063 from hashicorp/jbardin/v1.2-upgrade-guide

v1.2 upgrade guide
hashicorp · May 18, 2022 · f7f4a82 · f7f4a82
2 parents cb181e9 + 1a60b3b
commit f7f4a82
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/website/data/language-nav-data.json b/website/data/language-nav-data.json
@@ -1096,6 +1096,10 @@
     "title": "Upgrade Guides",
     "routes": [
       { "title": "Overview", "path": "upgrade-guides" },
+      {
+        "title": "Upgrading to Terraform v1.2",
+        "path": "upgrade-guides/1-2"
+      },
       {
         "title": "Upgrading to Terraform v1.1",
         "path": "upgrade-guides/1-1"

diff --git a/website/docs/language/upgrade-guides/1-2.mdx b/website/docs/language/upgrade-guides/1-2.mdx
@@ -0,0 +1,43 @@
+---
+page_title: Upgrading to Terraform v1.2
+description: Upgrading to Terraform v1.2
+---
+
+# Upgrading to Terraform v1.2
+
+Terraform v1.2 is a minor release in the stable Terraform v1.0 series.
+
+Terraform v1.2 continues to honor the
+[Terraform v1.0 Compatibility Promises](/language/v1-compatibility-promises),
+but there are some behavior changes outside of those promises that may affect a
+small number of users. Specifically, the following updates may require additional upgrade steps:
+
+* [terraform-credentials-env functionality is built into the Terraform CLI](#the-terraform-credentials-env-functionality-is-built-into-the-terraform-cli)
+* [Terraform requires Linux kernel 2.6.32 or later](#terraform-requires-linux-kernel-2-6-32-or-later)
+* [Remote servers must support TLSv1.2](#remote-servers-must-support-tlsv1-2)
+* [Outdated TLS features are no longer supported](#outdated-tls-features-are-no-longer-supported)
+
+## The `terraform-credentials-env` Functionality is Built Into the Terraform CLI
+
+We recommend disabling the [third-party credentials helper plugin terraform-credentials-env](https://github.com/apparentlymart/terraform-credentials-env) when you upgrade to Terraform v1.2. Terraform now contains similar built-in functionality.
+
+The new v1.2 functionality supports the same environment variable naming scheme as the credentials helper, but has a difference in priority order. Specifically, `TF_TOKEN_...` environment variables now take priority over both credentials blocks in CLI configuration and credentials stored automatically when you run `terraform login`. After upgrading, ensure you do not specify credentials for the same host in multiple locations.
+
+We also recommend upgrading the [hashicorp/tfe](https://registry.terraform.io/providers/hashicorp/tfe) provider to version 0.31 if you currently use it with the credentials helper to manage Terraform Cloud or Terraform Enterprise objects. Version 0.31 contains built-in support for the built-in `TF_TOKEN_...` environment variables.
+
+## Terraform Requires Linux kernel 2.6.32 or Later
+
+The Terraform runtime no longer supports Linux kernels prior to
+2.6.32, and official releases of Terraform v1.2 for Linux
+require distributions using kernel 2.6.32 or later. The CLI behavior on earlier
+kernel versions is undefined.
+
+## Outdated TLS Features Are No Longer Supported
+
+Terraform no longer supports the following features when making outgoing HTTPS or other TLS connections as a client:
+
+- TLS v1.0 and v1.1. Terraform now requires the server to support TLS v1.2. All up-to-date servers should support TLS 1.2, and mainstream web browsers have required it since 2020.
+ - CA certificates signed using the SHA-1 hash function. Publicly-trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
+
+This change only affects requests from Terraform, including provider installation, module installation, and interactions with your configured backend. Provider plugins are separate programs that have
+their own rules about which TLS versions are supported.