CraigW
October 28, 2022, 7:10pm
1
The Terraform team has removed a statement from Aug 2021 from our CONTRIBUTING.md , which does not reflect the current status for reviews of community-contributed pull requests.
The HashiCorp team actively encourages contributions, and the Terraform core team has been actively reviewing community-contributed pull requests, as well as reviewing every issue, working actively to close reported bugs, and use the list of the most-voted feature requests to inform our roadmap planning. We deeply value your comments, issues, and code contributions, and are committed to making sure your voice is heard.
1 Like
CraigW
November 7, 2022, 9:43pm
3
Hi @radon , thanks for this feedback! We appreciate it.
CraigW
November 28, 2023, 7:35pm
5
Hi @radon . As the person who shepherds community-contributed PRs, I can assure you we triage every community-submitted PR every week. Some of these get reviewed and accepted, some are put on hold, some are integrated into other PRs after conversation with the contributor (the recent upgrade to the S3 backend had a lot of functionally-overlapping PRs from the community). And some are not reviewed for a variety of reasons. Where possible, I attempt to update the PRs as transparently as possible with what the decision was on a PR and why.
Here are some examples of accepted code-based PRs in the past few months:
hashicorp:main ← k0da:kubernetes_multipart
opened 03:43PM - 30 Sep 21 UTC
By now kubernetes backend could hold up to defaultETCDSize gzipped data
(which … is 1-1.5Mb). This doesn't scale for larger states.
This commit implements spliting data across multiple secrets bound by
the same Secret labels. This practically removes etcd value size
limitation and allows backend to scale across multiple secrets.
This also takes care of cases when state needs to be shrinked. In such
case code will cleanup unneeded secrets.
Signed-off-by: Dinar Valeev <dinar.valeev@absa.africa>
hashicorp:main ← knoppiks:no-sts-s3-backend
opened 10:29AM - 06 Oct 23 UTC
As recent (1.6) changes to the s3 backend are breaking for anyone using an s3 ap… i without STS API (like minio), this PR introduces a `skip_requesting_account_id` param analogously to the [aws provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#skip_requesting_account_id).
Fixes #33983
## Target Release
1.6.1
## Draft CHANGELOG entry
### ENHANCEMENTS
- Add `skip_requesting_account_id` param to s3 backend for use with S3 APIs without STS.
hashicorp:main ← andrewhertog:fix/s3-backend-kms-alias
opened 03:50PM - 05 Oct 23 UTC
<!--
Describe in detail the changes you are proposing, and the rationale.
… See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
Release 1.6.0 broke the ability to use s3 key aliases in the s3 backend. This change adjusts the tests, and validation of kms key arn's to look for aliases
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Fixes #33979
Fixes #34005
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.6.1
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### BUG FIXES
- Fixes the ability to use KMS key aliases in the S3 backend
<!--
Write a short description of the user-facing change. Examples:
- `terraform show -json`: Fixed crash with sensitive set values.
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier.
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration.
-->
hashicorp:main ← jaykishanmutkawoa:bash_enhancement
opened 01:37AM - 24 Oct 23 UTC
`cd` can fail for a variety of reasons: misspelled paths, missing directories, m… issing permissions, broken symlinks and more.
If/when it does, the script will keep going and do all its operations in the wrong directory. This can be messy, especially if the operations involve creating or deleting a lot of files. To avoid this, make sure you handle the cases when cd fails. Ways to do this include:
`cd foo || exit` as suggested to abort immediately, using exit code from failed cd command
hashicorp:main ← joaocc:patch-1
opened 10:29AM - 09 Sep 23 UTC
https://github.com/hashicorp/terraform/issues/28222 and https://github.com/hashi… corp/terraform/issues/31693 and other issues describe a set of situations where users are effectively locked into a situation where they can't use derivations of collections of objects where some fields are marked as sensitive into for_each, and are also unable to use nonsensitive because some of the values are indeed nonsensitive already. It also applies to arrays of elements where some are marked as sensitive while others are not.
In these hybrid situations, there doesn't seem to be an way to mark everything as nonsensitive.
The behaviour in 1.5.x causes an error if nonsensitive is called on a value that is not marked as "sensitive".
The documentation at https://developer.hashicorp.com/terraform/language/functions/nonsensitive offers a rationale
> nonsensitive will return an error if you pass a value that isn't marked as sensitive, because such a call would be redundant and potentially confusing or misleading to a future maintainer of your module.
Also, this behaviour is not consistent with that of sensitive, where sensitive can be applied to any value, regardless of whether it is already sensitive or not.
However, from the sheer amount of issues complaining about the implications of this decision, this well-intentioned decision is causing unintended pain.
The current behaviour is not only interfering with developer decision of determining what is and what isn't sensitive, but also doing that when there is not even a security risk (fields are already nonsensitive). The workarounds proposed force developers away from simpler and more straightforward solutions, more difficult to understand and maintain, without any tangible benefit in terms of security.
For this reason, this PR proposes that nonsensitive does what it is meant to do, which is to allow developers to mark fields as nonsensitive, leaving softer aspects of maintainability and maintainer confusion to be decided by each developer.
This PR should not cause breaking behaviours, as it is enabling a behaviour that wasn't allowed before.
Fixes #
https://github.com/hashicorp/terraform/issues/31693
Relates #
https://github.com/hashicorp/terraform/issues/32880
https://github.com/hashicorp/terraform/issues/32828
https://github.com/hashicorp/terraform/issues/31646
https://github.com/hashicorp/terraform/issues/31609
https://github.com/hashicorp/terraform/issues/31609
https://github.com/hashicorp/terraform/issues/29744
https://github.com/hashicorp/terraform/issues/28222#issuecomment-816819118
https://github.com/hashicorp/terraform/issues/28222
## Target Release
1.5.x
## Draft CHANGELOG entry
* nonsensitive no longer produces error when applied to values that are not sensitive
### BUG FIXES
- nonsensitive can now be used to remove sensitive from any element, regardless of it's original sensitivity flag.
Documentation related PRs:
hashicorp:main ← togakangaroo:patch-1
opened 01:38PM - 09 Oct 23 UTC
<!--
Describe in detail the changes you are proposing, and the rationale.
… See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Fixes #
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.5.x
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### NEW FEATURES | UPGRADE NOTES | ENHANCEMENTS | BUG FIXES | EXPERIMENTS
<!--
Write a short description of the user-facing change. Examples:
- `terraform show -json`: Fixed crash with sensitive set values.
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier.
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration.
-->
-
hashicorp:main ← AgustinRamiroDiaz:patch-1
opened 12:49PM - 12 Jul 23 UTC
Explain edge case with empty list
<!--
Describe in detail the changes you … are proposing, and the rationale.
See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Fixes #
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.5.x
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### NEW FEATURES | UPGRADE NOTES | ENHANCEMENTS | BUG FIXES | EXPERIMENTS
<!--
Write a short description of the user-facing change. Examples:
- `terraform show -json`: Fixed crash with sensitive set values.
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier.
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration.
-->
-
hashicorp:main ← OriHoch:patch-1
opened 09:36AM - 22 May 23 UTC
Documentation fix: the uuid function is not RFC compatible.
I copied over the… relevant description and clarification from [go-uuid](https://github.com/hashicorp/go-uuid) which the uuid function is using.
hashicorp:main ← wata727:wata727-patch-1
opened 01:43PM - 14 Oct 23 UTC
<!--
Describe in detail the changes you are proposing, and the rationale.
… See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
This PR fixes a broken syntax example in the `import/generating-configuration` documentation.
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.5.x/1.6.x
## Draft CHANGELOG entry
N/A. This change is a documentation fix only.
hashicorp:main ← Dmitry-White:docs/add-default-example-flatten
opened 05:46PM - 17 Apr 23 UTC
<!--
Describe in detail the changes you are proposing, and the rationale.
… See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Add a sensible default value for `networks` variable for `flatten` function
Fixes #33017
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.4.x
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### ENHANCEMENTS
<!--
Write a short description of the user-facing change. Examples:
- `terraform show -json`: Fixed crash with sensitive set values.
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier.
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration.
-->
- Affects https://github.com/hashicorp/terraform/blob/main/website/docs/language/functions/flatten.mdx
- Expands [Flattening nested structures for `for_each`](https://developer.hashicorp.com/terraform/language/functions/flatten#flattening-nested-structures-for-for_each) section by adding a default value for `networks` variable example
- CIDR ranges are dummy
hashicorp:main ← Frankkkkk:patch-1
opened 10:03AM - 24 Jul 23 UTC
## Target Release
1.5.x
## Draft CHANGELOG entry
### DOCUMENTATION
…
Specify the action of `terraform fmt` without any flags
-
Hi,
This trivial commit only specifies (again) what the default action of `terraform fmt` does as some coworkers didn't know how to use it.
Cheers
hashicorp:main ← hashicorp:s3/s3-compatible-support-policy
opened 03:21PM - 20 Oct 23 UTC
<!--
Describe in detail the changes you are proposing, and the rationale.
… See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
Explicitly documents the `s3` backend support model for "S3 compatible" storage providers. This has always been "best effort" with no guaranteed support, but has not been formally stated in the backend documentation.
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Relates #34086
Relates #34053
Relates #33847
Relates #19733
Relates #34099
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.6.x
## Draft CHANGELOG entry
N/a docs
hashicorp:main ← hongshaoyang:patch-1
opened 06:18AM - 26 Jul 23 UTC
Add another example to `~>` operator, following https://thoughtbot.com/blog/ruby… s-pessimistic-operator
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.5.x
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### ENHANCEMENTS
- Improve "Version Constraints" doc.
hashicorp:main ← abuxton:abuxton-patch-1
opened 04:12PM - 08 Aug 23 UTC
Add link and reference to generic hostname feature
<!--
Describe in detail… the changes you are proposing, and the rationale.
See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Fixes #
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.5.x
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### NEW FEATURES | UPGRADE NOTES | ENHANCEMENTS | BUG FIXES | EXPERIMENTS
<!--
Write a short description of the user-facing change. Examples:
- `terraform show -json`: Fixed crash with sensitive set values.
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier.
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration.
-->
-
hashicorp:main ← cadamini:main
opened 02:02AM - 05 Aug 23 UTC
New to Terraform, I was reading the docs to learn about the syntax.
My change… s do not remove any information and include:
- minor text changes.
- some changes to the order of information to create a more logical flow.
- moving links to the sentence to which they refer.
I hope this makes the docs more readable and easier to understand.
I have read the [contributing guide](https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md). I guess and hope that I have not changed or removed something crucial.
hashicorp:main ← Varriount:patch-1
opened 07:44PM - 31 Aug 23 UTC
While direct injection of Terraform variables in the `local-exec` provisioner's … `command` parameter is _possible_, it should be avoided due to its possibility of creating shell injection vulnerabilities. This PR adds mention of this to the documentation, and suggests the alternative of passing Terraform variables to a command as environment variables.
I can add a "do this/not that" example to the documentation as well, if that is desired.
## Target Release
1.5.x
hashicorp:main ← jleeothon:patch-1
opened 04:19PM - 10 Nov 23 UTC
Added "import" under values of "action" for "planned_change". This is my first P… R, let me know if I missed anything!
There are other lists of actions under in the same page; I _assume_ that they need to be updated too, but I'm not familiar enough with them.
<!--
Describe in detail the changes you are proposing, and the rationale.
See the contributing guide:
https://github.com/hashicorp/terraform/blob/main/.github/CONTRIBUTING.md
-->
<!--
Link all GitHub issues fixed by this PR, and add references to prior
related PRs.
-->
Fixes #
## Target Release
<!--
In normal circumstances we only target changes at the upcoming minor
release, or as a patch to the current minor version. If you need to
port a security fix to an older release, highlight this here by listing
all targeted releases.
If targeting the next patch release, also add the relevant x.y-backport
label to enable the backport bot.
-->
1.5.x
## Draft CHANGELOG entry
<!--
Choose a category, delete the others:
-->
### UPGRADE NOTES
<!--
Write a short description of the user-facing change. Examples:
- `terraform show -json`: Fixed crash with sensitive set values.
- When rendering a diff, Terraform now quotes the name of any object attribute whose string representation is not a valid identifier.
- The local token configuration in the cloud and remote backend now has higher priority than a token specified in a credentials block in the CLI configuration.
-->
- Adds missing possible values of `action` for the documentation of the machine readable UI.
Thanks!