-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #31063 from hashicorp/jbardin/v1.2-upgrade-guide
v1.2 upgrade guide
- Loading branch information
Showing
2 changed files
with
47 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
page_title: Upgrading to Terraform v1.2 | ||
description: Upgrading to Terraform v1.2 | ||
--- | ||
|
||
# Upgrading to Terraform v1.2 | ||
|
||
Terraform v1.2 is a minor release in the stable Terraform v1.0 series. | ||
|
||
Terraform v1.2 continues to honor the | ||
[Terraform v1.0 Compatibility Promises](/language/v1-compatibility-promises), | ||
but there are some behavior changes outside of those promises that may affect a | ||
small number of users. Specifically, the following updates may require additional upgrade steps: | ||
|
||
* [terraform-credentials-env functionality is built into the Terraform CLI](#the-terraform-credentials-env-functionality-is-built-into-the-terraform-cli) | ||
* [Terraform requires Linux kernel 2.6.32 or later](#terraform-requires-linux-kernel-2-6-32-or-later) | ||
* [Remote servers must support TLSv1.2](#remote-servers-must-support-tlsv1-2) | ||
* [Outdated TLS features are no longer supported](#outdated-tls-features-are-no-longer-supported) | ||
|
||
## The `terraform-credentials-env` Functionality is Built Into the Terraform CLI | ||
|
||
We recommend disabling the [third-party credentials helper plugin terraform-credentials-env](https://github.com/apparentlymart/terraform-credentials-env) when you upgrade to Terraform v1.2. Terraform now contains similar built-in functionality. | ||
|
||
The new v1.2 functionality supports the same environment variable naming scheme as the credentials helper, but has a difference in priority order. Specifically, `TF_TOKEN_...` environment variables now take priority over both credentials blocks in CLI configuration and credentials stored automatically when you run `terraform login`. After upgrading, ensure you do not specify credentials for the same host in multiple locations. | ||
|
||
We also recommend upgrading the [hashicorp/tfe](https://registry.terraform.io/providers/hashicorp/tfe) provider to version 0.31 if you currently use it with the credentials helper to manage Terraform Cloud or Terraform Enterprise objects. Version 0.31 contains built-in support for the built-in `TF_TOKEN_...` environment variables. | ||
|
||
## Terraform Requires Linux kernel 2.6.32 or Later | ||
|
||
The Terraform runtime no longer supports Linux kernels prior to | ||
2.6.32, and official releases of Terraform v1.2 for Linux | ||
require distributions using kernel 2.6.32 or later. The CLI behavior on earlier | ||
kernel versions is undefined. | ||
|
||
## Outdated TLS Features Are No Longer Supported | ||
|
||
Terraform no longer supports the following features when making outgoing HTTPS or other TLS connections as a client: | ||
|
||
- TLS v1.0 and v1.1. Terraform now requires the server to support TLS v1.2. All up-to-date servers should support TLS 1.2, and mainstream web browsers have required it since 2020. | ||
- CA certificates signed using the SHA-1 hash function. Publicly-trusted Certificate Authorities have not issued SHA-1 certificates since 2015. | ||
|
||
This change only affects requests from Terraform, including provider installation, module installation, and interactions with your configured backend. Provider plugins are separate programs that have | ||
their own rules about which TLS versions are supported. |