BUG FIXES:
terraform_remote_state
: fix incompatibility with states produced by Terraform 1.5 or later which include check
block results. (#33814)BUG FIXES
terraform show -json
output. (#33059)# forces replacement
suffix. (#33065)terraform_data
to fail when being replaced with create_before_destroy
(#32988)Due to an incident while migrating build systems for the 1.4.3 release where CGO_ENABLED=0
was not set, we are rebuilding that version as 1.4.4 with the flag set. No other changes have been made between 1.4.3 and 1.4.4.
BUG FIXES:
BUG FIXES:
setproduct
caused Terraform to crash (#32860)BUG FIXES:
depends_on
attribute set, while still preventing the depends_on
attribute itself from being overridden. (#32796)terraform providers mirror
: when a dependency lock file is present, mirror the resolved providers versions, not the latest available based on configuration. (#32749)TF_CLI_CONFIG_FILE
(#32846)UPGRADE NOTES:
config: The textencodebase64
function when called with encoding “GB18030” will now encode the euro symbol € as the two-byte sequence 0xA2,0xE3
, as required by the GB18030 standard, before applying base64 encoding.
config: The textencodebase64
function when called with encoding “GBK” or “CP936” will now encode the euro symbol € as the single byte 0x80
before applying base64 encoding. This matches the behavior of the Windows API when encoding to this Windows-specific character encoding.
terraform init
: When interpreting the hostname portion of a provider source address or the address of a module in a module registry, Terraform will now use non-transitional IDNA2008 mapping rules instead of the transitional mapping rules previously used.
This matches a change to the WHATWG URL spec's rules for interpreting non-ASCII domain names which is being gradually adopted by web browsers. Terraform aims to follow the interpretation of hostnames used by web browsers for consistency. For some hostnames containing non-ASCII characters this may cause Terraform to now request a different “punycode” hostname when resolving.
terraform init
will now ignore entries in the optional global provider cache directory unless they match a checksum already tracked in the current configuration‘s dependency lock file. This therefore avoids the long-standing problem that when installing a new provider for the first time from the cache we can’t determine the full set of checksums to include in the lock file. Once the lock file has been updated to include a checksum covering the item in the global cache, Terraform will then use the cache entry for subsequent installation of the same provider package. There is an interim CLI configuration opt-out for those who rely on the previous incorrect behavior. (#32129)
The Terraform plan renderer has been completely rewritten to aid with future Terraform Cloud integration. Users should not see any material change in the plan output between 1.3 and 1.4. If you notice any significant differences, or if Terraform fails to plan successfully due to rendering problems, please open a bug report issue.
BUG FIXES:
yamldecode
function now correctly handles entirely-nil YAML documents. Previously it would incorrectly return an unknown value instead of a null value. It will now return a null value as documented. (#32151)terraform workspace
now returns a non-zero exit when given an invalid argument (#31318)-json
mode, messages will now be written in JSON format (#32451)NEW FEATURES:
ENHANCEMENTS:
terraform plan
can now store a plan file even when encountering errors, which can later be inspected to help identify the source of the failures (#32395)terraform_data
is a new builtin managed resource type, which can replace the use of null_resource
, and can store data of any type (#31757)terraform init
will now ignore entries in the optional global provider cache directory unless they match a checksum already tracked in the current configuration‘s dependency lock file. This therefore avoids the long-standing problem that when installing a new provider for the first time from the cache we can’t determine the full set of checksums to include in the lock file. Once the lock file has been updated to include a checksum covering the item in the global cache, Terraform will then use the cache entry for subsequent installation of the same provider package. There is an interim CLI configuration opt-out for those who rely on the previous incorrect behavior. (#32129)-or-create
flag was added to terraform workspace select
, to aid in creating workspaces in automated situations (#31633)terraform metadata functions -json
(#32487)kms_encryption_key
argument, to allow encryption of state files using Cloud KMS keys. (#24967)storage_custom_endpoint
argument, to allow communication with the backend via a Private Service Connect endpoint. (#28856)gcs
with terraform_remote_state
(#32065)cloud
backend terraform workspace delete
will use Terraform Cloud's Safe Delete API if the -force
flag is not provided. (#31949)quiet
argument. If quiet
is set to true
, Terraform will not print the entire command to stdout during plan. (#32116)terraform show
will now print an explanation when called on a Terraform workspace with empty state detailing why no resources are shown. (#32629)GOOGLE_BACKEND_IMPERSONATE_SERVICE_ACCOUNT
env var to allow impersonating a different service account when GOOGLE_IMPERSONATE_SERVICE_ACCOUNT
is configured for the GCP provider. (#32557)assume_role
authentication method with the tencentcloud
provider. This can be configured via the Terraform config or environment variables.security_token
authentication method with the tencentcloud
provider. This can be configured via the Terraform config or environment variables.EXPERIMENTS:
Since its introduction the yamlencode
function‘s documentation carried a warning that it was experimental. This predated our more formalized idea of language experiments and so wasn’t guarded by an explicit opt-in, but the intention was to allow for small adjustments to its behavior if we learned it was producing invalid YAML in some cases, due to the relative complexity of the YAML specification.
From Terraform v1.4 onwards, yamlencode
is no longer documented as experimental and is now subject to the Terraform v1.x Compatibility Promises. There are no changes to its previous behavior in v1.3 and so no special action is required when upgrading.
For information on prior major and minor releases, see their changelogs: