Pss/safe provider download during init in automation#38215
Closed
SarahFrench wants to merge 2 commits intopss/safe-provider-download-during-initfrom
Closed
Pss/safe provider download during init in automation#38215SarahFrench wants to merge 2 commits intopss/safe-provider-download-during-initfrom
SarahFrench wants to merge 2 commits intopss/safe-provider-download-during-initfrom
Conversation
Contributor
Changelog WarningCurrently this PR would target a v1.15 release. Please add a changelog entry for in the .changes/v1.15 folder, or discuss which release you'd like to target with your reviewer. If you believe this change does not need a changelog entry, please add the 'no-changelog-needed' label. |
SarahFrench
force-pushed
the
pss/safe-provider-download-during-init-in-automation
branch
2 times, most recently
from
27fe596 to
c84f220
Compare
SarahFrench
force-pushed
the
pss/safe-provider-download-during-init
branch
from
bf0f17d to
388bcbd
Compare
… use of -safe-init and -intput=false; can write a dep lock file when init stops after downloading config-derived providers only.
…nd is run in automation Terraform saves config providers to the lock file and exits early, prompting users to review the file's contents.
SarahFrench
force-pushed
the
pss/safe-provider-download-during-init-in-automation
branch
from
c84f220 to
e52de48
Compare
Member
Author
|
Closing this PR, as it'll be impacted by other changes. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
See previous PR for background: #38205
Terraform run in automation
This is broadly the same for Terraform when run in automation, but of course Terraform cannot prompt for input in automation. Therefore instead of prompting Terraform will save the config locks to the dependency lock file and exit early, at which point a user should review the dependency lock file and make a judgement about the provider. Accepting the provider requires running
initagain, rejecting requires making necessary edits to config (changing the providersourcevalue, adjusting version constraints etc) and runninginitwith the-safe-initflag again.Target Release
N/A
Rollback Plan
Changes to Security Controls
Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.
CHANGELOG entry