v1.5.6

1.5.6 (August 23, 2023)

BUG FIXES:

• terraform_remote_state: Fixed a potential unsafe read panic when reading from multiple terraform_remote_state data sources (#33333)

v1.6.0-alpha20230816

1.6.0-alpha20230816 (Unreleased)

NEW FEATURES:

• terraform test: The previously experimental terraform test command has been moved out of experimental. This comes with a significant change in how Terraform tests are written and executed.

  Terraform tests are now written within .tftest.hcl files, controlled by a series of run blocks. Each run block will execute a Terraform plan or apply command against the Terraform configuration under test and can execute conditions against the resultant plan and state.

ENHANCEMENTS:

• config: Terraform can now track some additional detail about values that won't be known until the apply step, such as the range of possible lengths for a collection or whether an unknown value can possibly be null. When this information is available, Terraform can potentially generate known results for some operations on unknown values. This doesn't mean that Terraform can immediately track that detail in all cases, but the type system now contains the facility for that and so over time we will improve the level of detail generated by built-in functions, language operators, Terraform providers, etc. (#33234)
• jsonplan: Added errored field to JSON plan output, indicating whether a plan errored. (#33372)
• cloud: Remote plans on Terraform Cloud/Enterprise can now be saved using the -out flag, referenced in the show command, and applied by specifying the plan file name. (#33492)
• config: The import block id field now accepts an expression referencing other values such as resource attributes, as long as the value is a string known at plan time. (#33618)

BUG FIXES:

• The upstream dependency that Terraform uses for service discovery of Terraform-native services such as Terraform Cloud/Enterprise state storage was previously not concurrency-safe, but Terraform was treating it as if it was in situations like when a configuration has multiple terraform_remote_state blocks all using the "remote" backend. Terraform is now using a newer version of that library which updates its internal caches in a concurrency-safe way. (#33364)
• Transitive dependencies were lost during apply when the referenced resource expanded into zero instances (#33403)
• Terraform will no longer override SSH settings in local git configuration when installing modules. (#33592)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.5.5

1.5.5 (August 9, 2023)

• terraform init: Fix crash when using invalid configuration in backend blocks. (#33628)

v1.6.0-alpha20230802

1.6.0-alpha20230802 (August 02, 2023)

NEW FEATURES:

• terraform test: The previously experimental terraform test command has been moved out of experimental. This comes with a significant change in how Terraform tests are written and executed.

  Terraform tests are now written within .tftest.hcl files, controlled by a series of run blocks. Each run block will execute a Terraform plan or apply command against the Terraform configuration under test and can execute conditions against the resultant plan and state.

ENHANCEMENTS:

• config: Terraform can now track some additional detail about values that won't be known until the apply step, such as the range of possible lengths for a collection or whether an unknown value can possibly be null. When this information is available, Terraform can potentially generate known results for some operations on unknown values. This doesn't mean that Terraform can immediately track that detail in all cases, but the type system now contains the facility for that and so over time we will improve the level of detail generated by built-in functions, language operators, Terraform providers, etc. (#33234)
• jsonplan: Added errored field to JSON plan output, indicating whether a plan errored. (#33372)
• cloud: Remote plans on Terraform Cloud/Enterprise can now be saved using the -out flag, referenced in the show command, and applied by specifying the plan file name. (#33492)
• cloud: Terraform now supports setting the Terraform Cloud project via the cloud block and TF_CLOUD_PROJECT environment variable. When a cloud configuration creates a new workspace it will be created in the given project. If the project does not exist it will be created. terraform workspace list will also respect listing matching workspaces in the configured project.
• config: The import block id field now accepts an expression referencing other values such as resource attributes, as long as the value is a string known at plan time. (#33618)

BUG FIXES:

• The upstream dependency that Terraform uses for service discovery of Terraform-native services such as Terraform Cloud/Enterprise state storage was previously not concurrency-safe, but Terraform was treating it as if it was in situations like when a configuration has multiple terraform_remote_state blocks all using the "remote" backend. Terraform is now using a newer version of that library which updates its internal caches in a concurrency-safe way. (#33364)
• Transitive dependencies were lost during apply when the referenced resource expanded into zero instances (#33403)
• Terraform will no longer override SSH settings in local git configuration when installing modules. (#33592)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.5.4

1.5.4 (July 26, 2023)

BUG FIXES:

• check blocks: Fixes crash when nested data sources are within configuration targeted by the terraform import command. (#33578)
• check blocks: Check blocks now operate in line with other checkable objects by also executing during import operations. (#33578)

v1.6.0-alpha20230719

1.6.0-alpha20230719 (Unreleased)

NEW FEATURES:

• terraform test: The previously experimental terraform test command has been moved out of experimental. This comes with a significant change in how Terraform tests are written and executed.

  Terraform tests are now written within .tftest files, controlled by a series of run blocks. Each run block will execute a Terraform plan or apply command against the Terraform configuration under test and can execute conditions against the resultant plan and state.

ENHANCEMENTS:

• config: Terraform can now track some additional detail about values that won't be known until the apply step, such as the range of possible lengths for a collection or whether an unknown value can possibly be null. When this information is available, Terraform can potentially generate known results for some operations on unknown values. This doesn't mean that Terraform can immediately track that detail in all cases, but the type system now contains the facility for that and so over time we will improve the level of detail generated by built-in functions, language operators, Terraform providers, etc. [GH-33234]
• jsonplan: Added errored field to JSON plan output, indicating whether a plan errored. [GH-33372]

BUG FIXES:

• The upstream dependency that Terraform uses for service discovery of Terraform-native services such as Terraform Cloud/Enterprise state storage was previously not concurrency-safe, but Terraform was treating it as if it was in situations like when a configuration has multiple terraform_remote_state blocks all using the "remote" backend. Terraform is now using a newer version of that library which updates its internal caches in a concurrency-safe way. [GH-33364]
• Transitive dependencies were lost during apply when the referenced resource expanded into zero instances [GH-33403]

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

v1.5.3

1.5.3 (July 12, 2023)

BUG FIXES:

• core: Terraform could fail to evaluate module outputs when they are used in a provider configuration during a destroy operation (#33462)
• backend/consul: When failing to save state, consul CAS failed with transaction errors no longer shows an error instance memory address, but an actual error message. (#33108)
• plan renderer: Fixes crash when rendering the plan if a relevant attribute contains an integer index specified as a string. (#33475)

v1.5.2

1.5.2 (June 28, 2023)

BUG FIXES:

• configs: Multiple import blocks with the same id string no longer result in a validation error (#33434)

v1.5.1

1.5.1 (June 21, 2023)

BUG FIXES:

• core: plan validation would fail for providers using nested set attributes with computed object attribute (#33377)

v1.5.0

1.5.0 (June 12, 2023)

NEW FEATURES:

• check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.

  The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing Custom Condition Checks.
  Additionally, check blocks can optionally load a scoped data source. Scoped data sources match the existing data sources with the exception that they can only be referenced from within their check block.

  Unlike the existing precondition and postcondition blocks, Terraform will not halt execution should the scoped data block fail or error or if any of the assertions fail.
  This allows practitioners to continually validate the state of their infrastructure outside the usual lifecycle management cycle.

• import blocks for importing infrastructure: Root module authors can now use the import block to declare their intent that Terraform adopt an existing resource.

  Import is now a configuration-driven, plannable action, and is processed as part of a normal plan. Running terraform plan will show a summary of the resources that Terraform has planned to import, along with any other plan changes.

  The existing terraform import CLI command has not been modified.

  This is an early version of the import block feature, for which we are actively seeking user feedback to shape future development. The import block currently does not support interpolation in the id field, which must be a string.

• Generating configuration for imported resources: in conjunction with the import block, this feature enables easy templating of configuration when importing existing resources into Terraform. A new flag -generate-config-out=PATH is added to terraform plan. When this flag is set, Terraform will generate HCL configuration for any resource included in an import block that does not already have associated configuration, and write it to a new file at PATH. Before applying, review the generated configuration and edit it as necessary.

• Adds a new plantimestamp function that returns the timestamp at plan time. This is similar to the timestamp function which returns the timestamp at apply time (#32980).

• Adds a new strcontains function that checks whether a given string contains a given substring. (#33069)

UPGRADE NOTES:

• This is the last version of Terraform for which macOS 10.13 High Sierra or 10.14 Mojave are officially supported. Future Terraform versions may not function correctly on these older versions of macOS.

• This is the last version of Terraform for which Windows 7, 8, Server 2008, and Server 2012 are supported by Terraform's main implementation language, Go. We already ended explicit support for versions earlier than Windows 10 in Terraform v0.15.0, but future Terraform versions may malfunction in more significant ways on these older Windows versions.

• On Linux (and some other non-macOS Unix platforms we don't officially support), Terraform will now notice the trust-ad option in /etc/resolv.conf and, if set, will set the "authentic data" option in outgoing DNS requests in order to better match the behavior of the GNU libc resolver.

  Terraform does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from Terraform might get a different response than a similar request from other software on your system.

ENHANCEMENTS:

• Terraform CLI's local operations mode will now attempt to persist state snapshots to the state storage backend periodically during the apply step, thereby reducing the window for lost data if the Terraform process is aborted unexpectedly. (#32680)
• If Terraform CLI receives SIGINT (or its equivalent on non-Unix platforms) during the apply step then it will immediately try to persist the latest state snapshot to the state storage backend, with the assumption that a graceful shutdown request often typically followed by a hard abort some time later if the graceful shutdown doesn't complete fast enough. (#32680)
• pg backend: Now supports the PG_CONN_STR, PG_SCHEMA_NAME, PG_SKIP_SCHEMA_CREATION, PG_SKIP_TABLE_CREATION and PG_SKIP_INDEX_CREATION environment variables. (#33045)

BUG FIXES:

• terraform init: Fixed crash with invalid blank module name. (#32781)
• moved blocks: Fixed a typo in the error message that Terraform raises when you use -target to exclude an object that has been moved. (#33149)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier