Terraform 0.9.0 was released

It has been two weeks since Terraform 0.9.0-beta2 was released, and now we can enjoy a new stable version! It’s a pleasure to say that 3 hours ago Hashicorp has released Terraform 0.9.0. In the current version you can find changes I mentioned in the previous post and of course much more! I think that the most important things in the newest release are Remote Backends and State Locking.

Remote Backend replaces remote state and it changes architecture of tracking the state of your infrastructure. You can find more information in the #11286 Pull Request and in official Terraform documentation. There is a list of all supported backend types now:

  • Artifactory
  • Atlas
  • Azure
  • Consul
  • Etcd
  • Google Cloud Storage
  • HTTP (via REST API)
  • Manta
  • AWS S3 Simple Storage
  • Swift

State Locking is exactly what it means – now you can lock your state and prevent your infrastructure from parallel builds. But you cannot always lock your state – it is supported only with three backends:

  • local
  • AWS S3 bucket
  • Consul

If you use another backend type, you unfortunately cannot enjoy this fantastic new feature. Terraform 0.9.0 was released and as you can see it is getting better and better every day!

If it’s not enough to convince you that it is worth updating to the newest version, 0.9.0 release also introduces some new resources, new provider – Circonus, Destroy Provisioners (allows you to run provisioner during the resource destruction) and State Environments.

There is a full changelog (0.8.8 to 0.9.0), which you can find in the project GitHub repository:

BACKWARDS INCOMPATIBILITIES / NOTES:
  • provider/aws: aws_codebuild_project renamed timeout to build_timeout
  • provider/azurem: azurerm_virtual_machine and azurerm_virtual_machine_scale_set now store has of custom_data not all custom_data
  • provider/azurerm: scale_sets os_profile_master_password now marked as sensitive
  • provider/azurerm: sql_server administrator_login_password now marked as sensitive
  • provider/dnsimple: Provider has been upgraded to APIv2 therefore, you will need to use the APIv2 auth token
  • provider/google: storage buckets have been updated with the new storage classes. The old classes will continue working as before, but should be migrated as soon as possible, as there’s no guarantee they’ll continue working forever.
  • provider/google: compute_instance, compute_instance_template, and compute_disk all have a subtly changed logic when specifying an image family as the image; in 0.8.x they would pin to the latest image in the family when the resource is created; in 0.9.x they pass the family to the API and use its behaviour. New input formats are also supported.
  • provider/google: removed the unused and deprecated region field from google_compute_backend_service
  • provider/google: removed the deprecated account_file field for the Google Cloud provider
  • provider/google: removed the deprecated fields from google_project
FEATURES:
  • Remote Backends: This is a successor to “remote state” and includes file-based configuration, an improved setup process (just run terraform init), no more local caching of remote state, and more.
  • Destroy Provisioners: Provisioners can now be configured to run on resource destruction.
  • State Locking: State will be automatically locked when supported by the backend. Backends supporting locking in this release are Local, S3 (via DynamoDB), and Consul.
  • State Environments: You can now create named “environments” for states. This allows you to manage distinct infrastructure resources from the same configuration.
  • New Provider: Circonus
  • New Data Source: openstack_networking_network_v2
  • New Resource: aws_iam_account_alias
  • New Resource: datadog_downtime
  • New Resource: ns1_notifylist
  • New Resource: google_container_node_pool
  • New Resource: rancher_certificate
  • New Resource: rancher_host
  • helper/schema: Added Timeouts to allow Provider/Resource developers to expose configurable timeouts for actions
IMPROVEMENTS:
  • core: Data source values can now be used as part of a count calculation
  • core: “terraformrc” can contain env var references with $FOO
  • core: report all errors encountered during config validation
  • command: CLI args can be specified via env vars. Specify TF_CLI_ARGS or TF_CLI_ARGS_name (where name is the name of a command) to specify additional CLI args
  • command/init: previous behavior is retained, but init now also configures the new remote backends as well as downloads modules. It is the single command to initialize a new or existing Terraform configuration.
  • command: Display resource state ID in refresh/plan/destroy output
  • provider/aws: AWS Lambda DeadLetterConfig support
  • provider/aws: Return errors from Elastic Beanstalk
  • provider/aws: Set aws_db_cluster to snapshot by default
  • provider/aws: Enable final snapshots for aws_rds_cluster by default
  • provider/aws: Enable snapshotting by default on aws_redshift_cluster
  • provider/aws: Add support for ACM certificates to api_gateway_domain_name
  • provider/aws: Add support for IPv6 to aws_security_group_rule
  • provider/aws: Add IPv6 Support to aws_route_table
  • provider/aws: Add support for IPv6 to aws_network_acl_rule
  • provider/aws: Add support for IPv6 to aws_default_route_table
  • provider/aws: Add support for IPv6 to aws_network_acl
  • provider/aws: Add support for IPv6 in aws_route
  • provider/aws: Add support for IPv6 to aws_security_group
  • provider/aws: Add replace_unhealthy_instances to spot_fleet_request
  • provider/aws: Remove restriction on running aws_opsworks_* on us-east-1
  • provider/aws: Improve error message on S3 Bucket Object deletion
  • provider/aws: Add log message about if changes are being applied now or later
  • provider/azurerm: Mark the azurerm_scale_set machine password as sensitive
  • provider/azurerm: Mark the azurerm_sql_server admin password as sensitive
  • provider/azurerm: Add support for managed availability sets.
  • provider/azurerm: Add support for extensions on virtual machine scale sets
  • provider/dnsimple: Upgrade DNSimple provider to API v2
  • provider/docker: added support for linux capabilities
  • provider/fastly: Add Fastly SSL validation fields
  • provider/ignition: Migrate all of the igition resources to data sources
  • provider/openstack: Set Availability Zone in Instances
  • provider/openstack: Force Deletion of Instances
  • provider/rancher: Better comparison of compose files
  • provider/azurerm: store only hash of azurerm_virtual_machine and azurerm_virtual_machine_scale_set custom_data – reduces size of state
  • provider/vault: read vault token from ~/.vault-token as a fallback for the VAULT_TOKEN environment variable.
  • provisioners: All provisioners now respond very quickly to interrupts for fast cancellation.
BUG FIXES:
  • core: targeting will remove untargeted providers
  • core: doing a map lookup in a resource config with a computed set no longer crashes
  • provider/aws: Fixes issue for aws_lb_ssl_negotiation_policy of already deleted ELB
  • provider/aws: Populate the iam_instance_profile uniqueId
  • provider/aws: Only send iops when creating io1 devices
  • provider/aws: Fix spurious aws_spot_fleet_request diffs
  • provider/aws: Changing volumes in ECS task definition should force new revision
  • provider/aws: Ignore whitespace in json diff for aws_dms_replication_task options
  • provider/aws: Check spot instance is running before trying to attach volumes
  • provider/aws: Add the IPV6 cidr block to the vpc datasource
  • provider/aws: Error on trying to recreate an existing customer gateway
  • provider/aws: Prevent aws_dms_replication_task panic
  • provider/aws: output the task definition name when errors occur during refresh
  • provider/aws: Refresh iam saml provider from state on 404
  • provider/aws: Add address, port, hosted_zone_id and endpoint for aws_db_instance datasource
  • provider/aws: Allow recreation of aws_opsworks_user_profile when the user_arn is changed
  • provider/aws: Guard clause to prevent panic on ELB connectionSettings
  • provider/azurerm: bug fix to prevent crashes during azurerm_container_service provisioning
  • provider/cobbler: Fix Profile Repos
  • provider/datadog: Update to datadog_monitor to use default values
  • provider/datadog: Default notify_no_data on datadog_monitor to false
  • provider/google: Correct the incorrect instance group manager URL returned from GKE
  • provider/google: Fix a plan/apply cycle in IAM policies
  • provider/google: Fix a plan/apply cycle in forwarding rules when only a single port is specified
  • provider/google: Minor correction : “Deleting disk” message in Delete method
  • provider/mysql: Avoid crash on un-interpolated provider cfg
  • provider/ns1: Fix incorrect schema (causing crash) for ‘ns1_user.notify’
  • provider/openstack: Handle cases where volumes are disabled
  • provider/openstack: Toggle Creation of Default Security Group Rules
  • provider/openstack: Change Port fixed_ip to a Set
  • provider/openstack: Add network_id to Network data source
  • provider/openstack: Check for ErrDefault500 when creating/deleting pool member
  • provider/rancher: Apply the set value for finish_upgrade to set to prevent recurring plans
  • provider/scaleway: work around API concurrency issue
  • provider/statuscake: use default status code list when updating test

Leave a Reply

Your email address will not be published. Required fields are marked *