Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
BUG FIXES:
terraform apply
: Prevent panic when a provider erroneously provides unknown values. (#35048)terraform plan
: Replace panic with error message when self-referencing resources and data sources from the count
and for_each
meta attributes. (#35047)terraform test
: Restore TF_ENV_*
variables being made available to testing modules. (#35014)terraform test
: Prevent crash when referencing local variables within overridden modules. (#35030)ENHANCEMENTS:
OTHER CHANGES:
cloud
block and environment variables like TF_CLOUD_ORGANIZATION
remain unchanged. (#35050)NOTE:
Starting with this release, we are including a copy of our license file in all packaged versions of our releases, such as the release .zip files. If you are consuming these files directly and would prefer to extract the one terraform file instead of extracting everything, you need to add an extra argument specifying the file to extract, like this:
unzip terraform_1.8.2_linux_amd64.zip terraform
BUG FIXES:
moved
block: Fix crash when move targets a module which no longer exists. (#34986)import
block: Fix crash when generating configuration for resources with complex sensitive attributes. (#34996)If you are upgrading from Terraform v1.7 or earlier, please refer to the Terraform v1.8 Upgrade Guide.
NEW FEATURES:
Providers can now offer functions which can be used from within the Terraform configuration language.
The syntax for calling a provider-contributed function is provider::provider_name::function_name()
. (#34394)
Providers can now transfer the ownership of a remote object between resources of different types, for situations where there are two different resource types that represent the same remote object type.
This extends the moved
block behavior to support moving between two resources of different types only if the provider for the target resource type declares that it can convert from the source resource type. Refer to provider documentation for details on which pairs of resource types are supported.
New issensitive
function returns true if the given value is marked as sensitive.
ENHANCEMENTS:
terraform test
: File-level variables can now refer to global variables. (#34699)
When generating configuration based on import
blocks, Terraform will detect strings that contain valid JSON syntax and generate them as calls to the jsonencode
function, rather than generating a single string. This is primarily motivated by readability, but might also be useful if you need to replace part of the literal value with an expression as you generalize your module beyond the one example used for importing.
terraform plan
now uses a different presentation for describing changes to lists where the old and new lists have the same length. It now compares the elements with correlated indices and shows a separate diff for each one, rather than trying to show a diff for the list as a whole. The behavior is unchanged for lists of different lengths.
terraform providers lock
accepts a new boolean option -enable-plugin-cache
. If specified, and if a global plugin cache is configured, Terraform will use the cache in the provider lock process. (#34632)
built-in "terraform" provider: new decode_tfvars
, encode_tfvars
, and encode_expr
functions, for unusual situations where it's helpful to manually generate or read from Terraform's "tfvars" format. (#34718)
terraform show
's JSON rendering of a plan now includes two explicit flags "applyable"
and "complete"
, which both summarize characteristics of a plan that were previously only inferrable by consumers replicating some of Terraform Core's own logic. (#34642)
"applyable"
means that it makes sense for a wrapping automation to offer to apply this plan.
"complete"
means that applying this plan is expected to achieve convergence between desired and actual state. If this flag is present and set to false
then wrapping automations should ideally encourage an operator to run another plan/apply round to continue making progress toward convergence.
BUG FIXES:
iterator
argument within a dynamic block. (#34751)For information on prior major and minor releases, see their changelogs:
ENHANCEMENTS:
terraform console
: Now has basic support for multi-line input in interactive mode. (#34822)
If an entered line contains opening paretheses/etc that are not closed, Terraform will await another line of input to complete the expression. This initial implementation is primarily intended to support pasting in multi-line expressions from elsewhere, rather than for manual multi-line editing, so the interactive editing support is currently limited.
BUG FIXES:
remote-exec
: Each remote connection will be closed immediately after use (#34137)backend/s3
: Fixed the digest value displayed for DynamoDB/S3 state checksum mismatches (#34387)EXPERIMENTS:
Experiments are only enabled in alpha releases of Terraform CLI. The following features are not yet available in stable releases.
terraform test
accepts a new option -junit-xml=FILENAME
. If specified, and if the test configuration is valid enough to begin executing, then Terraform writes a JUnit XML test result report to the given filename, describing similar information as included in the normal test output. (#34291)terraform rpcapi
exposes some Terraform Core functionality through an RPC interface compatible with go-plugin
. The exact RPC API exposed here is currently subject to change at any time, because it's here primarily as a vehicle to support the Terraform Stacks private preview and so will be broken if necessary to respond to feedback from private preview participants, or possibly for other reasons. Do not use this mechanism yet outside of Terraform Stacks private preview.-allow-deferral
option to terraform plan
, permits count
and for_each
arguments in module
, resource
, and data
blocks to have unknown values and allows providers to react more flexibly to unknown values. This experiment is under active development, and so it's not yet useful to participate in this experiment.For information on prior major and minor releases, see their changelogs:
If you are upgrading from Terraform v1.7 or earlier, please refer to the Terraform v1.8 Upgrade Guide.
NEW FEATURES:
Providers can now offer functions which can be used from within the Terraform configuration language.
The syntax for calling a provider-contributed function is provider::provider_name::function_name()
. (#34394)
Providers can now transfer the ownership of a remote object between resources of different types, for situations where there are two different resource types that represent the same remote object type.
This extends the moved
block behavior to support moving between two resources of different types only if the provider for the target resource type declares that it can convert from the source resource type. Refer to provider documentation for details on which pairs of resource types are supported.
New issensitive
function returns true if the given value is marked as sensitive.
ENHANCEMENTS:
terraform test
: File-level variables can now refer to global variables. (#34699)
When generating configuration based on import
blocks, Terraform will detect strings that contain valid JSON syntax and generate them as calls to the jsonencode
function, rather than generating a single string. This is primarily motivated by readability, but might also be useful if you need to replace part of the literal value with an expression as you generalize your module beyond the one example used for importing.
terraform plan
now uses a different presentation for describing changes to lists where the old and new lists have the same length. It now compares the elements with correlated indices and shows a separate diff for each one, rather than trying to show a diff for the list as a whole. The behavior is unchanged for lists of different lengths.
terraform providers lock
accepts a new boolean option -enable-plugin-cache
. If specified, and if a global plugin cache is configured, Terraform will use the cache in the provider lock process. (#34632)
built-in "terraform" provider: new decode_tfvars
, encode_tfvars
, and encode_expr
functions, for unusual situations where it's helpful to manually generate or read from Terraform's "tfvars" format. (#34718)
terraform show
's JSON rendering of a plan now includes two explicit flags "applyable"
and "complete"
, which both summarize characteristics of a plan that were previously only inferrable by consumers replicating some of Terraform Core's own logic. (#34642)
"applyable"
means that it makes sense for a wrapping automation to offer to apply this plan.
"complete"
means that applying this plan is expected to achieve convergence between desired and actual state. If this flag is present and set to false
then wrapping automations should ideally encourage an operator to run another plan/apply round to continue making progress toward convergence.
BUG FIXES:
iterator
argument within a dynamic block. (#34751)For information on prior major and minor releases, see their changelogs:
If you are upgrading from Terraform v1.7 or earlier, please refer to the Terraform v1.8 Upgrade Guide.
NEW FEATURES:
Providers can now offer functions which can be used from within the Terraform configuration language.
The syntax for calling a provider-contributed function is provider::provider_name::function_name()
. (#34394)
Providers can now transfer the ownership of a remote object between resources of different types, for situations where there are two different resource types that represent the same remote object type.
This extends the moved
block behavior to support moving between two resources of different types only if the provider for the target resource type declares that it can convert from the source resource type. Refer to provider documentation for details on which pairs of resource types are supported.
New issensitive
function returns true if the given value is marked as sensitive.
ENHANCEMENTS:
terraform test
: File-level variables can now refer to global variables. (#34699)
When generating configuration based on import
blocks, Terraform will detect strings that contain valid JSON syntax and generate them as calls to the jsonencode
function, rather than generating a single string. This is primarily motivated by readability, but might also be useful if you need to replace part of the literal value with an expression as you generalize your module beyond the one example used for importing.
terraform plan
now uses a different presentation for describing changes to lists where the old and new lists have the same length. It now compares the elements with correlated indices and shows a separate diff for each one, rather than trying to show a diff for the list as a whole. The behavior is unchanged for lists of different lengths.
terraform providers lock
accepts a new boolean option -enable-plugin-cache
. If specified, and if a global plugin cache is configured, Terraform will use the cache in the provider lock process. (#34632)
built-in "terraform" provider: new decode_tfvars
, encode_tfvars
, and encode_expr
functions, for unusual situations where it's helpful to manually generate or read from Terraform's "tfvars" format. (#34718)
terraform show
's JSON rendering of a plan now includes two explicit flags "applyable"
and "complete"
, which both summarize characteristics of a plan that were previously only inferrable by consumers replicating some of Terraform Core's own logic. (#34642)
"applyable"
means that it makes sense for a wrapping automation to offer to apply this plan.
"complete"
means that applying this plan is expected to achieve convergence between desired and actual state. If this flag is present and set to false
then wrapping automations should ideally encourage an operator to run another plan/apply round to continue making progress toward convergence.
BUG FIXES:
iterator
argument within a dynamic block. (#34751)For information on prior major and minor releases, see their changelogs:
BUG FIXES:
UPGRADE NOTES:
If you are upgrading from Terraform v1.7 or earlier, please refer to the Terraform v1.8 Upgrade Guide.
use_legacy_workflow
argument has been removed to encourage consistency with the AWS SDKs. The backend will now search for credentials in the same order as the default provider chain in the AWS SDKs and AWS CLI.NEW FEATURES:
provider::provider_name::function_name()
. (#34394)issensitive
function added to detect if a value is marked as sensitiveENHANCEMENTS:
terraform show
's JSON rendering of a plan now includes two explicit flags "applyable"
and "complete"
, which both summarize characteristics of a plan that were previously only inferrable by consumers replicating some of Terraform Core's own logic. (#34642)
"applyable"
means that it makes sense for a wrapping automation to offer to apply this plan.
"complete"
means that applying this plan is expected to achieve convergence between desired and actual state. If this flag is present and set to false
then wrapping automations should ideally encourage an operator to run another plan/apply round to continue making progress toward convergence.
Improved plan diff rendering for lists to display item-level differences on lists with unchanged length.
terraform provider lock
accepts a new boolean option -enable-plugin-cache
. If specified, and if a global plugin cache is configured Terraform will use the cache in the provider lock process. (#34632)
terraform test
: File-level variables can now reference global variables. (#34699)
In import-generated code represent JSON values in HCL instead of as strings
built-in "terraform" provider: new tfvarsdecode
, tfvarsencode
, and exprencode
functions, for unusual situations where it's helpful to manually generate or read from Terraform's "tfvars" format. (#34718)
BUG FIXES:
For information on prior major and minor releases, see their changelogs:
UPGRADE NOTES:
-refresh-only
or -refresh=false
is used. The fix introduced for #34567 may require rewriting the state for some resources, which will be done automatically during the first normal plan and apply operation.NEW FEATURES:
provider::provider_name::function_name()
. (#34394)issensitive
function added to detect if a value is marked as sensitiveENHANCEMENTS:
terraform show
's JSON rendering of a plan now includes two explicit flags "applyable"
and "complete"
, which both summarize characteristics of a plan that were previously only inferrable by consumers replicating some of Terraform Core's own logic. (#34642)
"applyable"
means that it makes sense for a wrapping automation to offer to apply this plan.
"complete"
means that applying this plan is expected to achieve convergence between desired and actual state. If this flag is present and set to false
then wrapping automations should ideally encourage an operator to run another plan/apply round to continue making progress toward convergence.
Improved plan diff rendering for lists to display item-level differences on lists with unchanged length.
terraform provider lock
accepts a new boolean option -enable-plugin-cache
. If specified, and if a global plugin cache is configured Terraform will use the cache in the provider lock process. (#34632)
terraform test
: File-level variables can now reference global variables. (#34699)
In import-generated code represent JSON values in HCL instead of as strings
built-in "terraform" provider: new tfvarsdecode
, tfvarsencode
, and exprencode
functions, for unusual situations where it's helpful to manually generate or read from Terraform's "tfvars" format. (#34718)
BUG FIXES:
EXPERIMENTS:
Experiments are only enabled in alpha releases of Terraform CLI. The following features are not yet available in stable releases.
terraform test
accepts a new option -junit-xml=FILENAME
. If specified, and if the test configuration is valid enough to begin executing, then Terraform writes a JUnit XML test result report to the given filename, describing similar information as included in the normal test output. (#34291)
The new command terraform rpcapi
exposes some Terraform Core functionality through an RPC interface compatible with go-plugin
. The exact RPC API exposed here is currently subject to change at any time, because it's here primarily as a vehicle to support the Terraform Stacks private preview and so will be broken if necessary to respond to feedback from private preview participants, or possibly for other reasons. Do not use this mechanism yet outside of Terraform Stacks private preview.
The language-level experiment unknown_instances
permits count
and for_each
arguments in module
, resource
, and data
blocks to have unknown values.
This is at an early stage and so currently setting these arguments to unknown values will only yield broken behavior, and so it's not yet useful to participate in this experiment. Future work will improve support for this new possibility, gradually making this experiment viable.
For information on prior major and minor releases, see their changelogs: