From a4c8fe9237914ad26343437fd1adc776f5473d02 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 9 Aug 2024 11:55:49 -0600
Subject: [PATCH] chore(deps): update test-infra (#412)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[github.com/defenseunicorns/terraform-aws-uds-irsa](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa)
| module | patch | `v0.0.2` -> `v0.0.3` |
|
[github.com/defenseunicorns/terraform-aws-uds-kms](https://togithub.com/defenseunicorns/terraform-aws-uds-kms)
| module | patch | `v0.0.2` -> `v0.0.3` |
| [hashicorp/terraform](https://togithub.com/hashicorp/terraform) |
required_version | minor | `1.5.7` -> `1.9.4` |
| [random](https://registry.terraform.io/providers/hashicorp/random)
([source](https://togithub.com/hashicorp/terraform-provider-random)) |
required_provider | minor | `3.5.1` -> `3.6.2` |
---
### Release Notes
defenseunicorns/terraform-aws-uds-irsa
(github.com/defenseunicorns/terraform-aws-uds-irsa)
###
[`v0.0.3`](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa/releases/tag/v0.0.3)
[Compare
Source](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa/compare/v0.0.2...v0.0.3)
#### 0.0.3 (2023-09-20)
#### What's Changed
- Restrict testing to US regions. by
[@justin-o12](https://togithub.com/justin-o12) in
[https://github.com/defenseunicorns/terraform-aws-uds-irsa/pull/7](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa/pull/7)
- feat: Initial IRSA OSCAL with new versioning by
[@CloudBeard](https://togithub.com/CloudBeard) in
[https://github.com/defenseunicorns/terraform-aws-uds-irsa/pull/8](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa/pull/8)
#### New Contributors
- [@justin-o12](https://togithub.com/justin-o12) made their first
contribution in
[https://github.com/defenseunicorns/terraform-aws-uds-irsa/pull/7](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa/pull/7)
- [@CloudBeard](https://togithub.com/CloudBeard) made their first
contribution in
[https://github.com/defenseunicorns/terraform-aws-uds-irsa/pull/8](https://togithub.com/defenseunicorns/terraform-aws-uds-irsa/pull/8)
**Full Changelog**:
https://github.com/defenseunicorns/terraform-aws-uds-irsa/compare/v0.0.2...v0.0.3
defenseunicorns/terraform-aws-uds-kms
(github.com/defenseunicorns/terraform-aws-uds-kms)
###
[`v0.0.3`](https://togithub.com/defenseunicorns/terraform-aws-uds-kms/releases/tag/v0.0.3)
[Compare
Source](https://togithub.com/defenseunicorns/terraform-aws-uds-kms/compare/v0.0.2...v0.0.3)
#### 0.0.3 (2024-03-27)
#### What's Changed
- Restrict testing to US regions. by
[@justin-o12](https://togithub.com/justin-o12) in
[https://github.com/defenseunicorns/terraform-aws-uds-kms/pull/10](https://togithub.com/defenseunicorns/terraform-aws-uds-kms/pull/10)
- fix: updating to new version method by
[@CloudBeard](https://togithub.com/CloudBeard) in
[https://github.com/defenseunicorns/terraform-aws-uds-kms/pull/12](https://togithub.com/defenseunicorns/terraform-aws-uds-kms/pull/12)
- feat: add vars for kms key policy by
[@corang](https://togithub.com/corang) in
[https://github.com/defenseunicorns/terraform-aws-uds-kms/pull/17](https://togithub.com/defenseunicorns/terraform-aws-uds-kms/pull/17)
#### New Contributors
- [@corang](https://togithub.com/corang) made their first
contribution in
[https://github.com/defenseunicorns/terraform-aws-uds-kms/pull/17](https://togithub.com/defenseunicorns/terraform-aws-uds-kms/pull/17)
**Full Changelog**:
https://github.com/defenseunicorns/terraform-aws-uds-kms/compare/v0.0.2...v0.0.3
hashicorp/terraform (hashicorp/terraform)
###
[`v1.9.4`](https://togithub.com/hashicorp/terraform/releases/tag/v1.9.4)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.9.3...v1.9.4)
##### 1.9.4 (August 7, 2024)
BUG FIXES:
- core: Unneeded variable validations were being executed during a
destroy plan, which could cause plans starting with incomplete state to
fail.
([#35511](https://togithub.com/hashicorp/terraform/issues/35511))
- init: Don't crash when discovering invalid syntax in duplicate
required_providers blocks.
([#35533](https://togithub.com/hashicorp/terraform/issues/35533))
###
[`v1.9.3`](https://togithub.com/hashicorp/terraform/releases/tag/v1.9.3)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.9.2...v1.9.3)
##### 1.9.3 (July 24, 2024)
ENHANCEMENTS:
- Terraform now returns a more specific error message in the awkward
situation where an input variable validation rule is known to have
failed (`condition` returned `false`) but the error message is derived
from an unknown value.
([#35400](https://togithub.com/hashicorp/terraform/pull/35400))
BUG FIXES:
- core: Terraform no longer performs an unnecessary refresh when
removing an instance targeted by a `removed` block.
([#35458](https://togithub.com/hashicorp/terraform/pull/35458))
- config generation: Fix validation error when using nested computed or
deprecated attributes.
([#35484](https://togithub.com/hashicorp/terraform/pull/35484))
- Updated to newer github.com/hashicorp/go-retryablehttp version,
addressing CVE-2024-6104, and bringing in updates for several indirect
dependencies.
([#35473](https://togithub.com/hashicorp/terraform/pull/35473))
- Moved to building with Go 1.22.5, which addresses CVE-2024-24791 and
several other non-security bugs.
([#35494](https://togithub.com/hashicorp/terraform/pull/35494))
###
[`v1.9.2`](https://togithub.com/hashicorp/terraform/releases/tag/v1.9.2)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.9.1...v1.9.2)
##### 1.9.2 (July 10, 2024)
BUG FIXES:
- core: Fix panic when self-referencing direct instances from `count`
and `for_each` meta attributes.
([#35432](https://togithub.com/hashicorp/terraform/pull/35432))
###
[`v1.9.1`](https://togithub.com/hashicorp/terraform/releases/tag/v1.9.1)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.9.0...v1.9.1)
##### 1.9.1 (Unreleased)
UPGRADE NOTES:
- Library used by Terraform (hashicorp/go-getter) for
installing/updating modules was upgraded from v1.7.5 to v1.7.6. This
addresses
[CVE-2024-6257](https://nvd.nist.gov/vuln/detail/CVE-2024-6257). This
change may have a negative effect on performance of `terraform init` or
`terraform get` in case of larger git repositories. Please do file an
issue if you find the performance difference noticable.
([#35376](https://togithub.com/hashicorp/terraform/pull/35376))
BUG FIXES:
- `terraform test`: Removed additional erroneous error message when
referencing attributes that don't exist.
([#35408](https://togithub.com/hashicorp/terraform/pull/35408))
- `import` blocks: Fix crash that occurs when incorrectly referencing
the `to` resource from the `id` attribute.
([#35420](https://togithub.com/hashicorp/terraform/pull/35420))
###
[`v1.9.0`](https://togithub.com/hashicorp/terraform/compare/v1.8.5...v1.9.0)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.8.5...v1.9.0)
###
[`v1.8.5`](https://togithub.com/hashicorp/terraform/releases/tag/v1.8.5)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.8.4...v1.8.5)
#### 1.8.5 (June 5, 2024)
BUG FIXES:
- `terraform test`: Remove duplicate warning diagnostic when providing
values for unknown variables in run blocks.
([#35172](https://togithub.com/hashicorp/terraform/issues/35172))
###
[`v1.8.4`](https://togithub.com/hashicorp/terraform/releases/tag/v1.8.4)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.8.3...v1.8.4)
#### 1.8.4 (May 22, 2024)
BUG FIXES:
- `core`: Fix exponential slowdown in some cases when modules are using
`depends_on`.
([#35157](https://togithub.com/hashicorp/terraform/issues/35157))
- `import` blocks: Fix bug where resources with nested, computed, and
optional `id` attributes would fail to generate configuration.
([#35220](https://togithub.com/hashicorp/terraform/issues/35220))
- Updated to new `golang.org/x/net` release, which addressed
CVE-2023-45288
([#35165](https://togithub.com/hashicorp/terraform/issues/35165))
###
[`v1.8.3`](https://togithub.com/hashicorp/terraform/releases/tag/v1.8.3)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.8.2...v1.8.3)
#### 1.8.3 (May 8, 2024)
BUG FIXES:
- `terraform test`: Providers configured within an overridden module
could panic.
([#35110](https://togithub.com/hashicorp/terraform/issues/35110))
- `core`: Fix crash when a provider incorrectly plans a nested object
when the configuration is `null`
([#35090](https://togithub.com/hashicorp/terraform/issues/35090))
###
[`v1.8.2`](https://togithub.com/hashicorp/terraform/releases/tag/v1.8.2)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.8.1...v1.8.2)
#### 1.8.2 (April 24, 2024)
BUG FIXES:
- `terraform apply`: Prevent panic when a provider erroneously provides
unknown values.
([#35048](https://togithub.com/hashicorp/terraform/pull/35048))
- `terraform plan`: Replace panic with error message when
self-referencing resources and data sources from the `count` and
`for_each` meta attributes.
([#35047](https://togithub.com/hashicorp/terraform/pull/35047))
- `terraform test`: Restore `TF_ENV_*` variables being made available to
testing modules.
([#35014](https://togithub.com/hashicorp/terraform/pull/35014))
- `terraform test`: Prevent crash when referencing local variables
within overridden modules.
([#35030](https://togithub.com/hashicorp/terraform/pull/35030))
ENHANCEMENTS:
- Improved performance by removing unneeded additional computation for a
disabled experimental feature.
([#35066](https://togithub.com/hashicorp/terraform/pull/35066))
OTHER CHANGES:
- Update all references to Terraform Cloud to refer to HCP Terraform,
the service's new name. This only affects display text; the `cloud`
block and environment variables like `TF_CLOUD_ORGANIZATION` remain
unchanged.
([#35050](https://togithub.com/hashicorp/terraform/pull/35050))
NOTE:
Starting with this release, we are including a copy of our license file
in all packaged versions of our releases, such as the release .zip
files. If you are consuming these files directly and would prefer to
extract the one terraform file instead of extracting everything, you
need to add an extra argument specifying the file to extract, like this:
unzip terraform_1.8.2_linux_amd64.zip terraform
###
[`v1.8.1`](https://togithub.com/hashicorp/terraform/releases/tag/v1.8.1)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.8.0...v1.8.1)
#### 1.8.1 (April 17, 2024)
BUG FIXES:
- Fix crash in terraform plan when referencing a module output that does
not exist within the try(...) function.
([#34985](https://togithub.com/hashicorp/terraform/pull/34985))
- Fix crash in terraform apply when referencing a module with no planned
changes.
([#34985](https://togithub.com/hashicorp/terraform/pull/34985))
- `moved` block: Fix crash when move targets a module which no longer
exists.
([#34986](https://togithub.com/hashicorp/terraform/pull/34986))
- `import` block: Fix crash when generating configuration for resources
with complex sensitive attributes.
([#34996](https://togithub.com/hashicorp/terraform/pull/34996))
- Plan renderer: Correctly render strings that begin with JSON
compatible text but don't end with it.
([#34959](https://togithub.com/hashicorp/terraform/pull/34959))
###
[`v1.8.0`](https://togithub.com/hashicorp/terraform/releases/tag/v1.8.0)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.7.5...v1.8.0)
#### 1.8.0 (April 10, 2024)
If you are upgrading from Terraform v1.7 or earlier, please refer to
[the Terraform v1.8 Upgrade
Guide](https://developer.hashicorp.com/terraform/language/v1.8.x/upgrade-guides).
NEW FEATURES:
- Providers can now offer functions which can be used from within the
Terraform configuration language.
The syntax for calling a provider-contributed function is
`provider::provider_name::function_name()`.
([#34394](https://togithub.com/hashicorp/terraform/issues/34394))
- Providers can now transfer the ownership of a remote object between
resources of different types, for situations where there are two
different resource types that represent the same remote object type.
This extends the `moved` block behavior to support moving between two
resources of different types only if the provider for the target
resource type declares that it can convert from the source resource
type. Refer to provider documentation for details on which pairs of
resource types are supported.
- New `issensitive` function returns true if the given value is marked
as sensitive.
ENHANCEMENTS:
- `terraform test`: File-level variables can now refer to global
variables.
([#34699](https://togithub.com/hashicorp/terraform/issues/34699))
- When generating configuration based on `import` blocks, Terraform will
detect strings that contain valid JSON syntax and generate them as calls
to the `jsonencode` function, rather than generating a single string.
This is primarily motivated by readability, but might also be useful if
you need to replace part of the literal value with an expression as you
generalize your module beyond the one example used for importing.
- `terraform plan` now uses a different presentation for describing
changes to lists where the old and new lists have the same length. It
now compares the elements with correlated indices and shows a separate
diff for each one, rather than trying to show a diff for the list as a
whole. The behavior is unchanged for lists of different lengths.
- `terraform providers lock` accepts a new boolean option
`-enable-plugin-cache`. If specified, and if a [global plugin
cache](https://developer.hashicorp.com/terraform/cli/config/config-file#provider-plugin-cache)
is configured, Terraform will use the cache in the provider lock
process.
([#34632](https://togithub.com/hashicorp/terraform/issues/34632))
- built-in "terraform" provider: new `decode_tfvars`, `encode_tfvars`,
and `encode_expr` functions, for unusual situations where it's helpful
to manually generate or read from Terraform's "tfvars" format.
([#34718](https://togithub.com/hashicorp/terraform/issues/34718))
- `terraform show`'s JSON rendering of a plan now includes two explicit
flags `"applyable"` and `"complete"`, which both summarize
characteristics of a plan that were previously only inferrable by
consumers replicating some of Terraform Core's own logic.
([#34642](https://togithub.com/hashicorp/terraform/issues/34642))
`"applyable"` means that it makes sense for a wrapping automation to
offer to apply this plan.
`"complete"` means that applying this plan is expected to achieve
convergence between desired and actual state. If this flag is present
and set to `false` then wrapping automations should ideally encourage an
operator to run another plan/apply round to continue making progress
toward convergence.
BUG FIXES:
- core: Sensitive values will now be tracked more accurately in state
and plans, preventing unexpected updates with no apparent changes.
([#34567](https://togithub.com/hashicorp/terraform/issues/34567))
- core: Fix incorrect error message when using in invalid `iterator`
argument within a dynamic block.
([#34751](https://togithub.com/hashicorp/terraform/issues/34751))
- core: Fixed edge-case bug that could cause loss of floating point
precision when round-tripping due to incorrectly using a MessagePack
integer to represent a large non-integral number.
([#24576](https://togithub.com/hashicorp/terraform/issues/24576))
- config: Converting from an unknown map value to an object type now
correctly handles the situation where the map element type disagrees
with an optional attribute of the target type, since when a map value is
unknown we don't yet know which keys it has and thus cannot predict what
subset of the elements will get converted as attributes in the resulting
object.
([#34756](https://togithub.com/hashicorp/terraform/issues/34756))
- cloud: Fixed unparsed color codes in policy failure error messages.
([#34473](https://togithub.com/hashicorp/terraform/issues/34473))
#### Previous Releases
For information on prior major and minor releases, see their changelogs:
-
[v1.7](https://togithub.com/hashicorp/terraform/blob/v1.7/CHANGELOG.md)
-
[v1.6](https://togithub.com/hashicorp/terraform/blob/v1.6/CHANGELOG.md)
-
[v1.5](https://togithub.com/hashicorp/terraform/blob/v1.5/CHANGELOG.md)
-
[v1.4](https://togithub.com/hashicorp/terraform/blob/v1.4/CHANGELOG.md)
-
[v1.3](https://togithub.com/hashicorp/terraform/blob/v1.3/CHANGELOG.md)
-
[v1.2](https://togithub.com/hashicorp/terraform/blob/v1.2/CHANGELOG.md)
-
[v1.1](https://togithub.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md)
-
[v1.0](https://togithub.com/hashicorp/terraform/blob/v1.0/CHANGELOG.md)
-
[v0.15](https://togithub.com/hashicorp/terraform/blob/v0.15/CHANGELOG.md)
-
[v0.14](https://togithub.com/hashicorp/terraform/blob/v0.14/CHANGELOG.md)
-
[v0.13](https://togithub.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md)
-
[v0.12](https://togithub.com/hashicorp/terraform/blob/v0.12/CHANGELOG.md)
- [v0.11 and
earlier](https://togithub.com/hashicorp/terraform/blob/v0.11/CHANGELOG.md)
###
[`v1.7.5`](https://togithub.com/hashicorp/terraform/releases/tag/v1.7.5)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.7.4...v1.7.5)
#### 1.7.5 (March 13, 2024)
BUG FIXES:
- backend/s3: When using s3 backend and encountering a network issue,
the retry code would fail with "failed to rewind transport stream for
retry". Now the retry should be successful.
([#34796](https://togithub.com/hashicorp/terraform/pull/34796))
###
[`v1.7.4`](https://togithub.com/hashicorp/terraform/releases/tag/v1.7.4)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.7.3...v1.7.4)
#### 1.7.4 (February 21, 2024)
BUG FIXES:
- `terraform test`: Fix automatic loading of variable files within the
test directory on `windows` platforms.
([#34666](https://togithub.com/hashicorp/terraform/pull/34666))
- plan renderer: Very large numbers (> 2^63) will no longer be truncated
in the human-readable plan.
([#34702](https://togithub.com/hashicorp/terraform/pull/34702))
###
[`v1.7.3`](https://togithub.com/hashicorp/terraform/releases/tag/v1.7.3)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.7.2...v1.7.3)
#### 1.7.3 (February 7, 2024)
BUG FIXES:
- `terraform test`: Fix crash when dynamic-typed attributes are not
assigned values in mocks.
([#34610](https://togithub.com/hashicorp/terraform/pull/34511))
- provisioners/file: Fix panic when source is null.
([#34621](https://togithub.com/hashicorp/terraform/pull/34621))
- `import`: Throw helpful error message if an import block is configured
with an empty ID
([34625](https://togithub.com/hashicorp/terraform/pull/34625))
###
[`v1.7.2`](https://togithub.com/hashicorp/terraform/releases/tag/v1.7.2)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.7.1...v1.7.2)
#### 1.7.2 (January 31, 2024)
BUG FIXES:
- backend/s3: No longer returns error when IAM user or role does not
have access to the default workspace prefix `env:`.
([#34511](https://togithub.com/hashicorp/terraform/pull/34511))
- cloud: When triggering a run, the .terraform/modules directory was
being excluded from the configuration upload causing Terraform Cloud to
try (and sometimes fail) to re-download the modules.
([#34543](https://togithub.com/hashicorp/terraform/issues/34543))
ENHANCEMENTS:
- `terraform fmt`: Terraform mock data files (`.tfmock.hcl`) will now be
included when executing the format command.
([#34580](https://togithub.com/hashicorp/terraform/issues/34580))
- Add additional diagnostics when a generated provider block that fails
schema validation requires explicit configuration.
([#34595](https://togithub.com/hashicorp/terraform/issues/34595))
###
[`v1.7.1`](https://togithub.com/hashicorp/terraform/releases/tag/v1.7.1)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.7.0...v1.7.1)
#### 1.7.1 (January 24, 2024)
BUG FIXES:
- `terraform test`: Fix crash when referencing variables or functions
within the file level `variables` block.
([#34531](https://togithub.com/hashicorp/terraform/issues/34531))
- `terraform test`: Fix crash when `override_module` block was missing
the `outputs` attribute.
([#34563](https://togithub.com/hashicorp/terraform/issues/34563))
###
[`v1.7.0`](https://togithub.com/hashicorp/terraform/releases/tag/v1.7.0)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.6...v1.7.0)
#### 1.7.0 (January 17, 2024)
UPGRADE NOTES:
- Input validations are being restored to the state file in this version
of Terraform. Due to a state interoperability issue
([#33770](https://togithub.com/hashicorp/terraform/issues/33770))
in earlier versions, users that require interaction between different
minor series should ensure they have upgraded to the following patches:
- Users of Terraform prior to 1.3.0 are unaffected;
- Terraform 1.3 series users should upgrade to 1.3.10;
- Terraform 1.4 series users should upgrade to 1.4.7;
- Terraform 1.5 series users should upgrade to 1.5.7;
- Users of Terraform 1.6.0 and later are unaffected.
This is important for users with `terraform_remote_state` data sources
reading remote state across different versions of Terraform.
- `nonsensitive` function no longer raises an error when applied to a
value that is already non-sensitive.
([#33856](https://togithub.com/hashicorp/terraform/issues/33856))
- `terraform graph` now produces a simplified graph describing only
relationships between resources by default, for consistency with the
granularity of information returned by other commands that emphasize
resources as the main interesting object type and de-emphasize the other
"glue" objects that connect them.
The type of graph that earlier versions of Terraform produced by default
is still available with explicit use of the `-type=plan` option,
producing an approximation of the real dependency graph Terraform Core
would use to construct a plan.
- `terraform test`: Simplify the ordering of destroy operations during
test cleanup to simple reverse run block order.
([#34293](https://togithub.com/hashicorp/terraform/issues/34293))
- backend/s3: The `use_legacy_workflow` argument now defaults to
`false`. The backend will now search for credentials in the same order
as the default provider chain in the AWS SDKs and AWS CLI. To revert to
the legacy credential provider chain ordering, set this value to `true`.
This argument, and the ability to use the legacy workflow, is
deprecated. To encourage consistency with the AWS SDKs, this argument
will be removed in a future minor version.
NEW FEATURES:
- `terraform test`: Providers, modules, resources, and data sources can
now be mocked during executions of `terraform test`. The following new
blocks have been introduced within `.tftest.hcl` files:
- `mock_provider`: Can replace provider instances with mocked providers,
allowing tests to execute in `command = apply` mode without requiring a
configured cloud provider account and credentials. Terraform will create
fake resources for mocked providers and maintain them in state for the
lifecycle of the given test file.
- `override_resource`: Specific resources can be overridden so Terraform
will create a fake resource with custom values instead of creating
infrastructure for the overridden resource.
- `override_data`: Specific data sources can be overridden so data can
be imported into tests without requiring real infrastructure to be
created externally first.
- `override_module`: Specific modules can be overridden in their
entirety to give greater control over the returned outputs without
requiring in-depth knowledge of the module itself.
- `removed` block for refactoring modules: Module authors can now record
in source code when a resource or module call has been removed from
configuration, and can inform Terraform whether the corresponding object
should be deleted or simply removed from state.
This effectively provides a configuration-driven workflow to replace
`terraform state rm`. Removing an object from state is a new type of
action which is planned and applied like any other. The `terraform state
rm` command will remain available for scenarios in which directly
modifying the state file is appropriate.
BUG FIXES:
- Ignore potential remote terraform version mismatch when running
force-unlock
([#28853](https://togithub.com/hashicorp/terraform/issues/28853))
- Exit Dockerfile build script early on `cd` failure.
([#34128](https://togithub.com/hashicorp/terraform/issues/34128))
- `terraform test`: Stop attempting to destroy run blocks that have no
actual infrastructure to destroy. This fixes an issue where attempts to
destroy "verification" run blocks that load only data sources would fail
if the underlying infrastructure referenced by the run blocks had
already been destroyed.
([#34331](https://togithub.com/hashicorp/terraform/pull/34331))
- `terraform test`: Improve error message for invalid run block names.
([#34469](https://togithub.com/hashicorp/terraform/pull/34469))
- `terraform test`: Fix bug where outputs in "empty" modules were not
available to the assertions from Terraform test files.
([#34482](https://togithub.com/hashicorp/terraform/pull/34482))
- security: Upstream patch to mitigate the security advisory
CVE-2023-48795, which potentially affects `local-exec` and `file`
provisioners connecting to remote hosts using SSH.
([#34426](https://togithub.com/hashicorp/terraform/issues/34426))
ENHANCEMENTS:
- `terraform test`: Providers defined within test files can now
reference variables from their configuration that are defined within the
test file.
([#34069](https://togithub.com/hashicorp/terraform/issues/34069))
- `terraform test`: Providers defined within test files can now
reference outputs from run blocks.
([#34118](https://togithub.com/hashicorp/terraform/issues/34118))
- `terraform test`: Terraform functions are now available within
variables and provider blocks within test files.
([#34204](https://togithub.com/hashicorp/terraform/issues/34204))
- `terraform test`: Terraform will now load variables from any
`terraform.tfvars` within the testing directory, and apply the variable
values to tests within the same directory.
([#34341](https://togithub.com/hashicorp/terraform/pull/34341))
- `terraform graph`: Now produces a simplified resources-only graph by
default.
([#34288](https://togithub.com/hashicorp/terraform/pull/34288))
- `terraform console`: Now supports a `-plan` option which allows
evaluating expressions against the planned new state, rather than
against the prior state. This provides a more complete set of values for
use in console expressions, at the expense of a slower startup time due
first calculating the plan.
([#34342](https://togithub.com/hashicorp/terraform/issues/34342))
- `import`: `for_each` can now be used to expand the `import` block to
handle multiple resource instances
([#33932](https://togithub.com/hashicorp/terraform/issues/33932))
- If the proposed change for a resource instance is rejected either due
to a `postcondition` block or a `prevent_destroy` setting, Terraform
will now include that proposed change in the plan output alongside the
relevant error, whereas before the error would *replace* the proposed
change in the output.
([#34312](https://togithub.com/hashicorp/terraform/issues/34312))
- `.terraformignore`: improve performance when ignoring large
directories
([#34400](https://togithub.com/hashicorp/terraform/pull/34400))
#### Previous Releases
For information on prior major and minor releases, see their changelogs:
-
[v1.6](https://togithub.com/hashicorp/terraform/blob/v1.6/CHANGELOG.md)
-
[v1.5](https://togithub.com/hashicorp/terraform/blob/v1.5/CHANGELOG.md)
-
[v1.4](https://togithub.com/hashicorp/terraform/blob/v1.4/CHANGELOG.md)
-
[v1.3](https://togithub.com/hashicorp/terraform/blob/v1.3/CHANGELOG.md)
-
[v1.2](https://togithub.com/hashicorp/terraform/blob/v1.2/CHANGELOG.md)
-
[v1.1](https://togithub.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md)
-
[v1.0](https://togithub.com/hashicorp/terraform/blob/v1.0/CHANGELOG.md)
-
[v0.15](https://togithub.com/hashicorp/terraform/blob/v0.15/CHANGELOG.md)
-
[v0.14](https://togithub.com/hashicorp/terraform/blob/v0.14/CHANGELOG.md)
-
[v0.13](https://togithub.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md)
-
[v0.12](https://togithub.com/hashicorp/terraform/blob/v0.12/CHANGELOG.md)
- [v0.11 and
earlier](https://togithub.com/hashicorp/terraform/blob/v0.11/CHANGELOG.md)
###
[`v1.6.6`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.6)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.5...v1.6.6)
#### 1.6.6 (December 13, 2023)
BUG FIXES:
- `terraform test`: Stop attempting to destroy run blocks that have no
actual infrastructure to destroy. This fixes an issue where attempts to
destroy "verification" run blocks that load only data sources would fail
if the underlying infrastructure referenced by the run blocks had
already been destroyed.
([#34331](https://togithub.com/hashicorp/terraform/pull/34331))
- cloud: prevent running saved cloud plans in VCS-connected workspaces.
Saved plans might be applied later, and VCS workspaces shouldn't apply
configurations that don't come from their designated VCS branch.
- core: Unmanaged plugins (mainly used by provider acceptance testing)
would not have a provider address set, preventing the caching of their
schemas
([#34380](https://togithub.com/hashicorp/terraform/issues/34380))
###
[`v1.6.5`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.5)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.4...v1.6.5)
#### 1.6.5 (November 29, 2023)
BUG FIXES:
- backend/s3: Fixes parsing errors in shared config and credentials
files.
([#34313](https://togithub.com/hashicorp/terraform/pull/34313))
- backend/s3: Fixes error with AWS SSO when using FIPS endpoints.
([#34313](https://togithub.com/hashicorp/terraform/pull/34313))
###
[`v1.6.4`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.4)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.3...v1.6.4)
#### 1.6.4 (November 15, 2023)
ENHANCEMENTS:
- backend/s3: Add the parameter `endpoints.sso` to allow overriding the
AWS SSO API endpoint.
([#34195](https://togithub.com/hashicorp/terraform/pull/34195))
BUG FIXES:
- `terraform test`: Fix bug preventing passing sensitive output values
from previous run blocks as inputs to future run blocks.
([#34190](https://togithub.com/hashicorp/terraform/pull/34190))
- backend/s3: Add `https_proxy` and `no_proxy` parameters to allow fully
specifying proxy configuration
([#34243](https://togithub.com/hashicorp/terraform/pull/34243))
###
[`v1.6.3`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.3)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.2...v1.6.3)
#### 1.6.3 (November 1, 2023)
ENHANCEMENTS:
- backend/s3: Adds the parameter `skip_s3_checksum` to allow users to
disable checksum on S3 uploads for compatibility with "S3-compatible"
APIs.
([#34127](https://togithub.com/hashicorp/terraform/pull/34127))
###
[`v1.6.2`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.2)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.1...v1.6.2)
#### 1.6.2 (October 18, 2023)
BUG FIXES
- `terraform test`: Fix performance issues when using provisioners
within configs being tested.
([#34026](https://togithub.com/hashicorp/terraform/pull/34026))
- `terraform test`: Only process and parse relevant variables for each
run block.
([#34072](https://togithub.com/hashicorp/terraform/pull/34072))
- Fix occasional crash when destroying configurations with variables
containing validations.
([#34101](https://togithub.com/hashicorp/terraform/pull/34101))
- Fix interoperability issues between v1.6 series and earlier series by
removing variable validations from the state file
([#34058](https://togithub.com/hashicorp/terraform/pull/34058)).
- cloud: Fixes panic when saving state in Terraform Cloud when certain
types of API errors are returned
([#34074](https://togithub.com/hashicorp/terraform/pull/34074)).
- config: Fix crash in conditional statements with certain combinations
of unknown values. Improve handling of refined values into the
conditional expression results
([#34096](https://togithub.com/hashicorp/terraform/issues/34096))
- config: Update HCL to fix bug when decoding objects with optional
attributes
([#34108](https://togithub.com/hashicorp/terraform/issues/34108))
- backend/s3: Some configurations would require `-reconfigure` during
each `init` when config was not decoded correctly
([#34108](https://togithub.com/hashicorp/terraform/issues/34108))
###
[`v1.6.1`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.1)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.6.0...v1.6.1)
#### 1.6.1 (October 10, 2023)
ENHANCEMENTS:
- backend/s3: The `skip_requesting_account_id` argument supports AWS API
implementations that do not have the IAM, STS, or metadata API.
([#34002](https://togithub.com/hashicorp/terraform/pull/34002))
BUG FIXES:
- config: Using sensitive values as one or both of the results of a
conditional expression will no longer crash.
\[[GH-33996](https://togithub.com/hashicorp/terraform/issues/33996)]
- config: Conditional expression returning refined-non-null result will
no longer crash.
\[[GH-33996](https://togithub.com/hashicorp/terraform/issues/33996)]
- cli: Reverted back to previous behavior of ignoring signing key
expiration for provider installation, since it's the provider registry's
responsibility to verify key validity at publication time.
\[[GH-34004](https://togithub.com/hashicorp/terraform/issues/34004)]
- cli: `GIT_SSH_COMMAND` is now preserved again when fetching modules
from git source addresses.
\[[GH-34045](https://togithub.com/hashicorp/terraform/issues/34045)]
- cloud: The `TF_WORKSPACE` environment variable works with the `cloud`
block again; it can specify a workspace when none is configured, or
select an active workspace when the config specifies `tags`.
\[[GH-34012](https://togithub.com/hashicorp/terraform/issues/34012)]
- backend/s3: S3, DynamoDB, IAM, and STS endpoint parameters will no
longer fail validation if the parsed scheme or hostname is empty.
([#34017](https://togithub.com/hashicorp/terraform/pull/34017))
- backend/s3: Providing a key alias to the `kms_key_id` argument will no
longer fail validation.
([#33993](https://togithub.com/hashicorp/terraform/pull/33993))
###
[`v1.6.0`](https://togithub.com/hashicorp/terraform/releases/tag/v1.6.0)
[Compare
Source](https://togithub.com/hashicorp/terraform/compare/v1.5.7...v1.6.0)
#### 1.6.0 (October 4, 2023)
UPGRADE NOTES:
- On macOS, Terraform now requires macOS 10.15 Catalina or later;
support for previous versions has been discontinued.
- On Windows, Terraform now requires at least Windows 10 or Windows
Server 2016; support for previous versions has been discontinued.
- The S3 backend has a number of significant changes to its
configuration format in this release, intended to match with recent
changes in the `hashicorp/aws` provider:
- Configuration settings related to assuming IAM roles now belong to a
nested block `assume_role`. The top-level arguments `role_arn`,
`session_name`, `external_id`, `assume_role_duration_seconds`,
`assume_role_policy_arns`, `assume_role_tags`, and
`assume_role_transitive_tag_keys` are all now deprecated in favor of the
nested equivalents.
([#30495](https://togithub.com/hashicorp/terraform/issues/30495))
- Configuration settings related to overriding the locations of AWS
service endpoints used by the provider now belong to a nested block
`endpoints`. The top-level arguments `dynamodb_endpoint`,
`iam_endpoint`, `endpoint` (fir S3), and `sts_endpoint` are now
deprecated in favor of the nested equivalents.
([#30492](https://togithub.com/hashicorp/terraform/issues/30492))
- The backend now uses the following environment variables for
overriding the default locations of AWS service endpoints used by the
provider: `AWS_ENDPOINT_URL_DYNAMODB`, `AWS_ENDPOINT_URL_IAM`,
`AWS_ENDPOINT_URL_S3`, and `AWS_ENDPOINT_URL_STS`. The old non-standard
names for these environment variables are now deprecated:
`AWS_DYNAMODB_ENDPOINT`, `AWS_IAM_ENDPOINT`, `AWS_S3_ENDPOINT`, and
`AWS_STS_ENDPOINT`.
([#30479](https://togithub.com/hashicorp/terraform/issues/30479))
- The singular `shared_credentials_file` argument is deprecated in favor
of the plural `shared_credentials_files`.
- The `force_path_style` argument is deprecated in favor of
`use_path_style` for consistency with the AWS SDK.
([#30491](https://togithub.com/hashicorp/terraform/issues/30491))
NEW FEATURES:
- `terraform test`: The `terraform test` command is now generally
available. This comes with a significant change to how tests are written
and executed, based on feedback from the experimental phase.
Terraform tests are written in `.tftest.hcl` files, containing a series
of `run` blocks. Each `run` block executes a Terraform plan and optional
apply against the Terraform configuration under test and can check
conditions against the resulting plan and state.
ENHANCEMENTS:
- config: The `import` block `id` field now accepts expressions
referring to other values such as resource attributes, as long as the
value is a string known at plan time.
([#33618](https://togithub.com/hashicorp/terraform/issues/33618))
- Terraform Cloud integration: Remote plans on Terraform
Cloud/Enterprise can now be saved using the `-out` option, viewed using
`terraform show`, and applied using `terraform apply` with the saved
plan filename.
([#33492](https://togithub.com/hashicorp/terraform/issues/33492))
- config: Terraform can now track some additional detail about values
that won't be known until the apply step, such as the range of possible
lengths for a collection or whether an unknown value can possibly be
null.
- core: Provider schemas can now be cached globally for compatible
providers, allowing them to be reused throughout core without requesting
them for each new provider instance. This can significantly reduce
memory usage when there are many instances of the same provider in a
single configuration
([#33482](https://togithub.com/hashicorp/terraform/pull/33482))
When this information is available, Terraform can potentially generate
known results for some operations on unknown values. This doesn't mean
that Terraform can immediately track that detail in all cases, but the
type system now supports that and so over time we can improve the level
of detail generated by built-in functions, language operators, Terraform
providers, etc.
([#33234](https://togithub.com/hashicorp/terraform/issues/33234))
- config: The `try` and `can` functions can now return more precise and
consistent results when faced with unknown arguments
([#33758](https://togithub.com/hashicorp/terraform/pull/33758))
- `terraform show -json`: Now includes `errored` property, indicating
whether the planning process halted with an error. An errored plan is
not applyable.
([#33372](https://togithub.com/hashicorp/terraform/issues/33372))
- core: Terraform will now skip requesting the (possibly very large)
provider schema from providers which indicate during handshake that they
don't require that for correct behavior, in situations where Terraform
Core itself does not need the schema.
([#33486](https://togithub.com/hashicorp/terraform/pull/33486))
- backend/kubernetes: The Kubernetes backend is no longer limited to
storing states below 1MiB in size, and can now scale by splitting state
across multiple secrets.
([#29678](https://togithub.com/hashicorp/terraform/pull/29678))
- backend/s3: Various improvements for consistency with `hashicorp/aws`
provider capabilities:
- `assume_role_with_web_identity` nested block for assuming a role with
dynamic credentials such as a JSON Web Token.
([#31244](https://togithub.com/hashicorp/terraform/issues/31244))
- Now honors the standard AWS environment variables for credential and
configuration files: `AWS_CONFIG_FILE` and
`AWS_SHARED_CREDENTIALS_FILE`.
([#30493](https://togithub.com/hashicorp/terraform/issues/30493))
- `shared_config_files` and `shared_credentials_files` arguments for
specifying credential and configuration files as part of the backend
configuration.
([#30493](https://togithub.com/hashicorp/terraform/issues/30493))
- Internally the backend now uses AWS SDK for Go v2, which should
address various other missing behaviors that are handled by the SDK
rather than by Terraform itself.
([#30443](https://togithub.com/hashicorp/terraform/issues/30443))
- `custom_ca_bundle` argument and support for the corresponding AWS
environment variable, `AWS_CA_BUNDLE`, for providing custom root and
intermediate certificates.
([#33689](https://togithub.com/hashicorp/terraform/issues/33689))
- `ec2_metadata_service_endpoint` and
`ec2_metadata_service_endpoint_mode` arguments and support for the
corresponding AWS environment variables,
`AWS_EC2_METADATA_SERVICE_ENDPOINT` and
`AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE` for setting the EC2 metadata
service (IMDS) endpoint. The environment variable `AWS_METADATA_URL` is
also supported for compatibility with the AWS provider, but is
deprecated.
([#30444](https://togithub.com/hashicorp/terraform/issues/30444))
- `http_proxy`, `insecure`, `use_fips_endpoint`, and
`use_dualstack_endpoint` arguments and support for the corresponding
environment variables, `HTTP_PROXY` and `HTTPS_PROXY`, which enable
custom HTTP proxy configurations and the resolution of AWS endpoints
with extended capabilities.
([#30496](https://togithub.com/hashicorp/terraform/issues/30496))
- `sts_region` argument to use an alternative region for STS operations.
([#33693](https://togithub.com/hashicorp/terraform/issues/33693))
- `retry_mode` argument and support for the corresponding
`AWS_RETRY_MODE` environment variable to configure how retries are
attempted.
([#33692](https://togithub.com/hashicorp/terraform/issues/33692))
- `allowed_account_ids` and `forbidden_account_ids` arguments to prevent
unintended modifications to specified environments.
([#33688](https://togithub.com/hashicorp/terraform/issues/33688))
- backend/cos: Support custom HTTP(S) endpoint and root domain for the
API client.
([#33656](https://togithub.com/hashicorp/terraform/issues/33656))
BUG FIXES:
- core: Transitive dependencies were lost during apply when the
referenced resource expanded into zero instances.
([#33403](https://togithub.com/hashicorp/terraform/issues/33403))
- cli: Terraform will no longer override SSH settings in local git
configuration when installing modules.
([#33592](https://togithub.com/hashicorp/terraform/issues/33592))
- `terraform` built-in provider: The upstream dependency that Terraform
uses for service discovery of Terraform-native services such as
Terraform Cloud/Enterprise state storage was previously not
concurrency-safe, but Terraform was treating it as if it was in
situations like when a configuration has multiple
`terraform_remote_state` blocks all using the "remote" backend.
Terraform is now using a newer version of that library which updates its
internal caches in a concurrency-safe way.
([#33364](https://togithub.com/hashicorp/terraform/issues/33364))
- `terraform init`: Terraform will no longer allow downloading remote
modules to invalid paths.
([#33745](https://togithub.com/hashicorp/terraform/issues/33745))
- Ignore potential remote terraform version mismatch when running
force-unlock
([#28853](https://togithub.com/hashicorp/terraform/issues/28853))
- cloud: Fixed a bug that would prevent nested symlinks from being
dereferenced into the config sent to Terraform Cloud
([#31895](https://togithub.com/hashicorp/terraform/issues/31895))
- cloud: state snapshots could not be disabled when header
x-terraform-snapshot-interval is absent
([#33820](https://togithub.com/hashicorp/terraform/pull/33820))
#### Previous Releases
For information on prior major and minor releases, see their changelogs:
-
[v1.5](https://togithub.com/hashicorp/terraform/blob/v1.5/CHANGELOG.md)
-
[v1.4](https://togithub.com/hashicorp/terraform/blob/v1.4/CHANGELOG.md)
-
[v1.3](https://togithub.com/hashicorp/terraform/blob/v1.3/CHANGELOG.md)
-
[v1.2](https://togithub.com/hashicorp/terraform/blob/v1.2/CHANGELOG.md)
-
[v1.1](https://togithub.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md)
-
[v1.0](https://togithub.com/hashicorp/terraform/blob/v1.0/CHANGELOG.md)
-
[v0.15](https://togithub.com/hashicorp/terraform/blob/v0.15/CHANGELOG.md)
-
[v0.14](https://togithub.com/hashicorp/terraform/blob/v0.14/CHANGELOG.md)
-
[v0.13](https://togithub.com/hashicorp/terraform/blob/v0.13/CHANGELOG.md)
-
[v0.12](https://togithub.com/hashicorp/terraform/blob/v0.12/CHANGELOG.md)
- [v0.11 and
earlier](https://togithub.com/hashicorp/terraform/blob/v0.11/CHANGELOG.md)
hashicorp/terraform-provider-random (random)
###
[`v3.6.2`](https://togithub.com/hashicorp/terraform-provider-random/blob/HEAD/CHANGELOG.md#362-May-21-2024)
[Compare
Source](https://togithub.com/hashicorp/terraform-provider-random/compare/v3.6.1...v3.6.2)
NOTES:
- resource/random_pet: Results have been updated to the latest upstream
petname data
([#581](https://togithub.com/hashicorp/terraform-provider-random/issues/581))
###
[`v3.6.1`](https://togithub.com/hashicorp/terraform-provider-random/blob/HEAD/CHANGELOG.md#361-April-16-2024)
[Compare
Source](https://togithub.com/hashicorp/terraform-provider-random/compare/v3.6.0...v3.6.1)
BUG FIXES:
- all: Prevent `keepers` from triggering an in-place update following
import
([#385](https://togithub.com/hashicorp/terraform-provider-random/issues/385))
- resource/random_shuffle: Prevent inconsistent result after apply when
result_count is set to 0
([#409](https://togithub.com/hashicorp/terraform-provider-random/issues/409))
- provider/random_password: Fix bug which causes panic when special,
upper, lower and number/numeric are all false
([#551](https://togithub.com/hashicorp/terraform-provider-random/issues/551))
- provider/random_string: Fix bug which causes panic when special,
upper, lower and number/numeric are all false
([#551](https://togithub.com/hashicorp/terraform-provider-random/issues/551))
###
[`v3.6.0`](https://togithub.com/hashicorp/terraform-provider-random/blob/HEAD/CHANGELOG.md#360-December-04-2023)
[Compare
Source](https://togithub.com/hashicorp/terraform-provider-random/compare/v3.5.1...v3.6.0)
FEATURES:
- resource/random_bytes: New resource that generates an array of random
bytes intended to be used as key or secret
([#272](https://togithub.com/hashicorp/terraform-provider-random/issues/272))
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
â™» **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Micah Nagel
---
.github/test-infra/buckets-iac/main.tf | 8 ++++----
.github/workflows/test-eks.yaml | 7 ++++---
tasks/iac.yaml | 26 +++++++++++++-------------
3 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/.github/test-infra/buckets-iac/main.tf b/.github/test-infra/buckets-iac/main.tf
index ecff53b71..71e7bc809 100644
--- a/.github/test-infra/buckets-iac/main.tf
+++ b/.github/test-infra/buckets-iac/main.tf
@@ -9,7 +9,7 @@ provider "aws" {
}
terraform {
- required_version = "1.5.7"
+ required_version = ">= 1.8.0"
backend "s3" {
}
required_providers {
@@ -20,7 +20,7 @@ terraform {
random = {
source = "hashicorp/random"
- version = "3.5.1"
+ version = "3.6.2"
}
}
}
@@ -67,7 +67,7 @@ resource "random_id" "unique_id" {
module "generate_kms" {
for_each = local.bucket_configurations
- source = "github.com/defenseunicorns/terraform-aws-uds-kms?ref=v0.0.2"
+ source = "github.com/defenseunicorns/terraform-aws-uds-kms?ref=v0.0.3"
key_owners = var.key_owner_arns
# A list of IAM ARNs for those who will have full key permissions (`kms:*`)
@@ -91,7 +91,7 @@ module "S3" {
module "irsa" {
for_each = local.bucket_configurations
- source = "github.com/defenseunicorns/terraform-aws-uds-irsa?ref=v0.0.2"
+ source = "github.com/defenseunicorns/terraform-aws-uds-irsa?ref=v0.0.3"
name = each.value.name
kubernetes_service_account = each.value.service_account
kubernetes_namespace = each.value.namespace
diff --git a/.github/workflows/test-eks.yaml b/.github/workflows/test-eks.yaml
index 05b00d1e3..b943957fe 100644
--- a/.github/workflows/test-eks.yaml
+++ b/.github/workflows/test-eks.yaml
@@ -43,10 +43,11 @@ jobs:
- name: Install eksctl
run: uds run -f tasks/iac.yaml install-eksctl --no-progress
- - name: Setup Terraform
- uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3
+ - name: Setup Tofu
+ uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
with:
- terraform_version: "1.5.7"
+ tofu_version: 1.8.1
+ tofu_wrapper: false
- name: Create UDS Core Package
run: ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package --no-progress
diff --git a/tasks/iac.yaml b/tasks/iac.yaml
index b030dd142..92c09b4ff 100644
--- a/tasks/iac.yaml
+++ b/tasks/iac.yaml
@@ -81,16 +81,16 @@ tasks:
- name: create-iac
actions:
- - task: apply-terraform
- - task: terraform-outputs
+ - task: apply-tofu
+ - task: tofu-outputs
- task: create-uds-config
- name: destroy-iac
actions:
- - cmd: terraform destroy -auto-approve
+ - cmd: tofu destroy -auto-approve
dir: .github/test-infra/buckets-iac
- - name: apply-terraform
+ - name: apply-tofu
actions:
- cmd: echo ${STATE_KEY} | sed 's/\.tfstate/-buckets1.tfstate/g'
setVariables:
@@ -98,38 +98,38 @@ tasks:
dir: .github/test-infra/buckets-iac
- cmd: echo ${BUCKETS_STATE_KEY}
- cmd: |
- terraform init -force-copy \
+ tofu init -force-copy \
-backend-config="bucket=${STATE_BUCKET_NAME}" \
-backend-config="key=${BUCKETS_STATE_KEY}" \
-backend-config="region=${REGION}" \
-backend-config="dynamodb_table=${STATE_DYNAMODB_TABLE_NAME}"
dir: .github/test-infra/buckets-iac
- - cmd: terraform apply -auto-approve
+ - cmd: tofu apply -auto-approve
dir: .github/test-infra/buckets-iac
- - name: terraform-outputs
+ - name: tofu-outputs
actions:
- - cmd: terraform output -raw loki_s3_bucket
+ - cmd: tofu output -raw loki_s3_bucket
setVariables:
- name: "LOKI_S3_BUCKET"
dir: .github/test-infra/buckets-iac
- - cmd: terraform output -raw aws_region
+ - cmd: tofu output -raw aws_region
setVariables:
- name: LOKI_S3_AWS_REGION
dir: .github/test-infra/buckets-iac
- - cmd: terraform output -raw loki_irsa_role_arn
+ - cmd: tofu output -raw loki_irsa_role_arn
setVariables:
- name: LOKI_S3_ROLE_ARN
dir: .github/test-infra/buckets-iac
- - cmd: terraform output -raw velero_s3_bucket
+ - cmd: tofu output -raw velero_s3_bucket
setVariables:
- name: VELERO_S3_BUCKET
dir: .github/test-infra/buckets-iac
- - cmd: terraform output -raw aws_region
+ - cmd: tofu output -raw aws_region
setVariables:
- name: VELERO_S3_AWS_REGION
dir: .github/test-infra/buckets-iac
- - cmd: terraform output -raw velero_irsa_role_arn
+ - cmd: tofu output -raw velero_irsa_role_arn
setVariables:
- name: VELERO_S3_ROLE_ARN
dir: .github/test-infra/buckets-iac