Skip to content

chore(deps): update terraform cloudposse/stack-config/yaml to v1 (release/v0) #151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: release/v0
Choose a base branch
from
Open

chore(deps): update terraform cloudposse/stack-config/yaml to v1 (release/v0) #151

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jun 8, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
cloudposse/stack-config/yaml (source) module major 0.22.4 -> 1.8.0

Release Notes

cloudposse/terraform-yaml-stack-config (cloudposse/stack-config/yaml)

v1.8.0: [remote-state] Improve backend compatibility

Compare Source

Among other things detailed below, this release enables users to fix deprecation warnings like:

│ Warning: Deprecated Parameters
│ 
│   with module.account_map.data.terraform_remote_state.data_source[0],
│   on .terraform/modules/account_map/modules/remote-state/data-source.tf line 88, in data "terraform_remote_state" "data_source":
│   88: data "terraform_remote_state" "data_source" {
│ 
│ The following parameters have been deprecated. Replace them as follows:
│   * role_arn -> assume_role.role_arn

(cf. #​93 and #​96)

If you are receiving deprecation warnings from remote-state, they can now be resolved by updating your backend/remote_state_backend configuration to match the version of Terraform or Tofu you are using. For example, change

terraform:
  backend:
    s3:
      bucket: my-tfstate-bucket
      dynamodb_table: my-tfstate-lock-table
      role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-role
  remote_state_backend:
    s3:
      role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-read-only-role

to

terraform:
  backend:
    s3:
      bucket: my-tfstate-bucket
      dynamodb_table: my-tfstate-lock-table
      assume_role:
        role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-role
  remote_state_backend:
    s3:
      assume_role:
        role_arn: arn:aws:iam::123456789012:role/my-tfstate-access-read-only-role

🚀 Enhancements

[remote-state] Improve backend compatibility @​Nuru (#​105)

what

  • Improve remote-state backend compatibility

Rather than trying to parse the backend configuration, as a general rule we now just pass it through to the data source. This provides future-proof compatibility with all backends supported by Terraform and OpenTofu.

why

  • This prevents the need for updates like #​99 to provide configuration for future S3 backends, while eliminating compatibility issues like #​102.
  • This also eliminates deprecation warnings caused by forcing configuration to look a certain way.
  • Now, users can manage their own remote state configuration to match their toolset.

references

v1.7.0: (not recommended)

Compare Source

feat: support for gcs backends @​burnzy (#​95)

what

Simple change to add support for GCS backends

why

Allows GCP users (users with gcs backends) to make use of this remote-state module for sharing data between components.

references

🚀 Enhancements

Support local backend @​Nuru (#​104)

what

  • Support retrieving remote state from local backends
    • NOTE: Using relative paths in local backends is tricky, because the path needs to resolve to the same directory from the source root module directory as from the client root module directory.
  • Fix Terratests
    • The spacelift test suite is broken, and we never previously required it to work, so it is now skipped
  • Update test suite to use go v1.21 and update dependencies

why

  • When running demos and tests, it is more convenient to use local backends
  • Maintain some degree of testing
  • Closes multiple dependabot PRs:

🤖 Automatic Updates

Bump the go_modules group in /test/src with 5 updates @​dependabot (#​94) Bumps the go_modules group in /test/src with 5 updates:
Package From To
github.com/hashicorp/go-getter 1.7.1 1.7.5
golang.org/x/crypto 0.1.0 0.17.0
golang.org/x/net 0.8.0 0.10.0
google.golang.org/grpc 1.51.0 1.56.3
google.golang.org/protobuf 1.28.1 1.30.0

Updates github.com/hashicorp/go-getter from 1.7.1 to 1.7.5

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.7.5

What's Changed

New Contributors

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.4...v1.7.5

v1.7.4

What's Changed

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4

v1.7.3

What's Changed

New Contributors

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3

v1.7.2

What's Changed

Full Changelog: https://github.com/hashicorp/go-getter/compare/v1.7.1...v1.7.2

Commits
  • 5a63fd9 Merge pull request #​497 from hashicorp/fix-git-update
  • 5b7ec5f fetch tags on update and fix tests
  • 9906874 recreate git config during update to prevent config alteration
  • 268c11c escape user provide string to git (#​483)
  • 975961f Merge pull request #​433 from adrian-bl/netrc-fix
  • 0298a22 Merge pull request #​459 from hashicorp/jbardin/setup-git-env
  • c70d9c9 don't change GIT_SSH_COMMAND if there's no keyfile
  • 3d5770f Merge pull request #​458 from hashicorp/tsccr-auto-pinning/trusted/2023-09-18
  • 0688979 Result of tsccr-helper -log-level=info -pin-all-workflows .
  • e66f244 Merge pull request #​454 from hashicorp/tsccr-auto-pinning/trusted/2023-09-11
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.1.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • 325b735 ssh/test: skip TestSSHCLIAuth on Windows
  • 1eadac5 go.mod: update golang.org/x dependencies
  • b2d7c26 ssh: add (*Client).DialContext method
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.8.0 to 0.10.0

Commits
  • daac0ce go.mod: update golang.org/x dependencies
  • 82780d6 http2: don't reuse connections that are experiencing errors
  • 0bfab66 ipv4, ipv6: drop redundant skip checks based on GOOS
  • 938ff15 ipv4, ipv6, nettest: skip unsupported tests on wasip1
  • eb1572c html: another shot at security doc
  • 9001ca7 nettest: re-enable unixpacket tests on netbsd/386
  • 3d5a8ee internal/socks: permit authenticating with an empty password
  • 694cff8 go.mod: update golang.org/x dependencies
  • 6960703 http2: log the correct error when retrying in (*Transport).RoundTripOpt
  • 9f24bb4 http2: properly discard data received after request/response body is closed
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.51.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

  • server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

    In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#​6374)

Release 1.56.1

  • client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

  • client: support channel idleness using WithIdleTimeout dial option (#​6263)
    • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
  • client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#​6306)
  • xds: Add support for Custom LB Policies (gRFC A52) (#​6224)
  • xds: support pick_first Custom LB policy (gRFC A62) (#​6314) (#​6317)
  • client: add support for pickfirst address shuffling (gRFC A62) (#​6311)
  • xds: Add support for String Matcher Header Matcher in RDS (#​6313)
  • xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#​6145)
  • xds: enable RLS in xDS by default (#​6343)
  • orca: add support for application_utilization field and missing range checks on several metrics setters
  • balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#​6241)
  • authz: add conversion of json to RBAC Audit Logging config (#​6192)
  • authz: add support for stdout logger (#​6230 and #​6298)
  • authz: support customizable audit functionality for authorization policy (#​6192 #​6230 #​6298 #​6158 #​6304 and #​6225)

Bug Fixes

  • orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#​6245)
  • xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#​6361)
  • xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#​6361)

API Changes

  • orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#​6223)

Release 1.55.1

  • status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#​6374)

Release 1.55.0

Behavior Changes

  • xds: enable federation support by default (#​6151)
  • status: status.Code and status.FromError handle wrapped errors (#​6031 and #​6150)

... (truncated)

Commits

Updates google.golang.org/protobuf from 1.28.1 to 1.30.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Migrate new test account @​osterman (#​103)

what

  • Update .github/settings.yml
  • Update .github/chatops.yml files

why

  • Re-apply .github/settings.yml from org level to get terratest environment
  • Migrate to new test account

References

  • DEV-388 Automate clean up of test account in new organization
  • DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
  • DEV-386 Update terratest to use new testing account with GitHub OIDC
Update .github/settings.yml @​osterman (#​101)

what

  • Update .github/settings.yml
  • Drop .github/auto-release.yml files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub
Update .github/settings.yml @​osterman (#​100)

what

  • Update .github/settings.yml
  • Drop .github/auto-release.yml files

why

  • Re-apply .github/settings.yml from org level
  • Use organization level auto-release settings

references

  • DEV-1242 Add protected tags with Repository Rulesets on GitHub

v1.6.0: (not recommended)

Compare Source

NOTE: Requires Terraform v1.6.4 or later to work with S3 backends. See #​102

what

Add options required by S3-compatible backend for Oracle Cloud Infrastructure as described here

why

Some of the options available for S3 backend for Terraform are not supported by remote-state module. However, they are useful when working with cloud providers other than AWS.

references

S3-compatible backend for OCI
Terraform S3 backend

v1.5.0

Compare Source

update version pinning of cloudposse/utils @​mcalhoun (#​68)

what

Update the pinning of upstream cloudposse/utils to <2.0.0

why

We previously added this pinning because we mistakenly released some changes to the provider without testing backward compatibility and left customers in a broken state. In future releases of cloudposse/utils we will release any potential breaking changes as 2.0.0. Pinning to <2.0.0 will allow us to continue to take advantage of bug fixes in the 1.x.x versions and allow the caller to specify a pinned version in their root module if desired.

v1.4.3

Compare Source

Sync github @​max-lobur (#​65)

Rebuild github dir from the template

🚀 Enhancements

Update `remote-state` module @​aknysh (#​66)

what

  • Update remote-state module
  • Add example using bypass=true
  • Update terratest
  • Update Go to 1.20

why

  • If var.bypass is set to true, don't call the datasources, just return the defaults

test

TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: Outputs:
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: 
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: remote_state_using_context = {
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val1" = true
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val2" = "2"
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val3" = 3
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val4" = null
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: }
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: remote_state_using_context_ignore_errors = {
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "default_output" = "default-value"
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: }
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: remote_state_using_stack = {
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val1" = true
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val2" = "2"
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val3" = 3
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "val4" = null
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: }
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: remote_state_with_bypass = {
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66:   "default_output" = "default-value"
TestExamplesRemoteState 2023-06-02T04:23:42Z logger.go:66: }

v1.4.2

Compare Source

🚀 Enhancements

Update "cloudposse/utils" provider versions. Update GitHub workflows @​aknysh (#​64)

what

  • Update cloudposse/utils provider versions
  • Update GitHub workflows

why

references

Supersedes and close #​63

v1.4.1

Compare Source

🚀 Enhancements

Update "cloudposse/utils" provider versions to `1.7.1` @​aknysh (#​62)

what

  • Update "cloudposse/utils" provider versions to 1.7.1

why

v1.4.0

Compare Source

add azurerm backend to remote-state @​SlavaNL (#​61)

what

  • Allow to use azurerm backend to read a state from

why

  • Currently only s3 and remote backend supported

references

v1.3.1

Compare Source

This release is fully backward compatible with v1.1.1 and earlier, and has a workaround for hashicorp/terraform#32023 in the remote-state module. Use of version 1.2.0 or 1.3.0 is not recommended.

🐛 Bug Fixes

Fix bug introduced into remote-state in #​57 @​Nuru (#​58)

what

  • Fix bug introduced into modules/remote-state in #​57

why

  • Restore intended behavior to remote-state

references

v1.3.0: Broken, do not use

Compare Source

Restore support for Terraform Cloud @​Nuru (#​57)

what

  • Restore support for Terraform Cloud remote state backend that was removed in #​56 / release v1.2.0

why

  • Restore temporarily disabled feature

v1.2.0

Compare Source

In order to cope with hashicorp/terraform#32023, this release disables automatic support of Terraform Cloud remote state backends for retrieving remote state in the modules/remote-state module. To access a Terraform Cloud remote state, you must set the backend_type input to "remote" in the module input as well as in the stack YAML configuration.

We hope and plan on removing this limitation in the next release with a revised solution, but are making this available while we are working on that.

Disable automatic support for Terraform Cloud remote state backend @​Nuru (#​56)

what

  • Disable automatic support for Terraform Cloud remote state backend
  • Require Terraform >= 1.1.0 for remote-state
  • Drop support for Terraform 0.13.0

why

  • Workaround for hashicorp/terraform#32023 which affects remote-state
  • Version 1.1.0 is first version with fix for hashicorp/terraform#27849 which affects remote-state
  • Cloud Posse is generally dropping support for Terraform < 1.0, but at a minimum requiring 0.14.0 because of changes to Terraform formatting introduced in that version

references

v1.1.1

Compare Source

🚀 Enhancements

Updating utils pin version to 1.5.0 in remote-state module @​danjbh (#​55)

what & why?

  • Bumping utils version in remote-state module to take advantage of recent updates

v1.1.0

Compare Source

Add `atmos_cli_config_path` and `atmos_base_path` variables to `remote-state` module @​aknysh (#​53)

what

  • Add atmos_cli_config_path and atmos_base_path variables to remote-state module
  • Update utils provider versions

why

  • atmos_cli_config_path and atmos_base_path variables will be used to override the atmos CLI config path and atmos base path in the remote-state module
  • We already supported the ATMOS_CLI_CONFIG_PATH and ATMOS_BASE_PATH ENV vars to specify the CLI config file (atmos.yaml) path and atmos base path to be used to get a remote state of a component from a remote repo, e.g.
module "other_repo" {
  source = "git::ssh://[email protected]/xxxx/other-repo.git"
}

locals {
  other_repo_local_path = "${path.module}/.terraform/modules/other_repo"

  env = {
    ATMOS_BASE_PATH       = local.other_repo_local_path
    ATMOS_CLI_CONFIG_PATH = "${local.other_repo_local_path}/rootfs/usr/local/etc/atmos"
  }
}

module "account_map" {
  source  = "cloudposse/stack-config/yaml//modules/remote-state"
  version = "1.0.0"

  component   = "account-map"
  env         = local.env

  context = module.always.context
}

  • The problems with using the ENV vars are as follows:

    • Terraform executes a provider code in a separate process and calls it using RPC
    • But this separate process is only one per provider, so if we call the code the get the remote state of two different components from two diff repos, the same process will be called
    • When we specify the ENV vars ATMOS_BASE_PATH and ATMOS_CLI_CONFIG_PATH, the provider process gets the ENV vars set in the process space
    • Then, if we call the provider a second time from the same terraform component (e.g. to get a remote state of another component from a different repo), the initially set ENV vars ATMOS_BASE_PATH and ATMOS_CLI_CONFIG_PATH are still set in the provider process space, which prevents the provider from finding the atmos.yaml CLI config related to the current repo (since the ENV vars still point to the other/remote repo config), which in turn causes an error when searching for the component in the stack
    • Even if we unset the ENV vars in the second call to the provider, it does not help since terraform executes data sources in parallel, so one of them will get the ENV vars set, and the other call will fail during the time window when the ENV vars are still set in the same process

  • We need to be able to specify atmos base path and atmos CLI config path in the utils provider w/o using ENV vars - the component processor code now supports additional parameters to specify it (and they override all other paths set by the ENV vars)

references

v1.0.0

Compare Source

Use `namespace` in `utils_component_config` data source @​aknysh (#​52)

what

  • Use namespace in utils_component_config data source
  • Pin to the latest utils provider version

why

  • For stacks config using multiple Orgs, we use namespace in stack names, and need to be able to find the remote state of the components provisioned in these stack

references

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from a team as code owners June 8, 2023 18:21
@renovate renovate bot requested review from florian0410 and korenyoni and removed request for a team June 8, 2023 18:21
@renovate renovate bot added the auto-update This PR was automatically generated label Jun 8, 2023
@renovate renovate bot force-pushed the renovate/release/v0-cloudposse-stack-config-yaml-1.x branch from be439c5 to 3377d53 Compare June 8, 2023 18:24
@renovate renovate bot force-pushed the renovate/release/v0-cloudposse-stack-config-yaml-1.x branch from 3377d53 to 3fc50da Compare July 19, 2023 19:20
@renovate renovate bot force-pushed the renovate/release/v0-cloudposse-stack-config-yaml-1.x branch 2 times, most recently from 1972ad4 to e6be3ef Compare March 2, 2024 23:01
@mergify
Copy link

mergify bot commented Jul 22, 2024

/terratest

@renovate renovate bot force-pushed the renovate/release/v0-cloudposse-stack-config-yaml-1.x branch from e6be3ef to eb1b272 Compare August 19, 2024 21:31
@renovate renovate bot force-pushed the renovate/release/v0-cloudposse-stack-config-yaml-1.x branch from eb1b272 to 7a5ff55 Compare October 12, 2024 06:04
@renovate renovate bot force-pushed the renovate/release/v0-cloudposse-stack-config-yaml-1.x branch from 7a5ff55 to c496c96 Compare October 13, 2024 04:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@korenyoni korenyoni Awaiting requested review from korenyoni korenyoni is a code owner automatically assigned from cloudposse/contributors

@florian0410 florian0410 Awaiting requested review from florian0410 florian0410 is a code owner automatically assigned from cloudposse/contributors

Assignees

No one assigned

Labels

auto-update This PR was automatically generated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant