From 7ed0a38ab81780fd1aeff59b7f3cf7d519360eb7 Mon Sep 17 00:00:00 2001 From: Riley Karson Date: Tue, 12 Nov 2019 12:56:18 -0800 Subject: [PATCH] Add misc entries to the upgrade guide (#2657) * Add misc entries to the upgrade guide * Remove extra space --- .../guides/version_3_upgrade.html.markdown | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown b/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown index 447355a14c8a..a892d17fd615 100644 --- a/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown +++ b/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown @@ -52,6 +52,7 @@ so Terraform knows to manage them. - [Provider Version Configuration](#provider-version-configuration) +- [Provider](#provider) - [ID Format Changes](#id-format-changes) - [Data Source: `google_container_engine_versions`](#data-source-google_container_engine_versions) - [Resource: `google_app_engine_application`](#resource-google_app_engine_application) @@ -121,6 +122,37 @@ provider "google" { } ``` +## Provider + +### `userinfo.email` added to default scopes + +`userinfo.email` has been added to the default set of OAuth scopes in the +provider. This provides the Terraform user specified by `credentials`' (generally +a service account) email address to GCP APIs in addition to an obfuscated user +id; particularly, it makes the email of the Terraform user available for some +Kubernetes and IAP use cases. + +If this was previously defined explicitly, the definition can now be removed. + +#### Old Config + +```hcl +provider "google" { + scopes = [ + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/ndev.clouddns.readwrite", + "https://www.googleapis.com/auth/devstorage.full_control", + "https://www.googleapis.com/auth/userinfo.email", + ] +} +``` + +#### New Config + +```hcl +provider "google" {} +``` ## ID Format Changes @@ -359,6 +391,43 @@ in config files, `interface` is now required on the `google_compute_instance.scr ## Resource: `google_compute_instance_template` +### Disks with invalid scratch disk configurations are now rejected + +The instance template API allows specifying invalid configurations in some cases, +and an error is only returned when attempting to provision them. Terraform will +now report that some configs that previously appeared valid at plan time are +now invalid. + +A disk with `type` `"SCRATCH"` must have `disk_type` `"local-ssd"`. For example, +the following is valid: + +```hcl +disk { + auto_delete = true + type = "SCRATCH" + disk_type = "local-ssd" +} +``` + +These configs would have been accepted by Terraform previously, but will now +fail: + +```hcl +disk { + source_image = "https://www.googleapis.com/compute/v1/projects/gce-uefi-images/global/images/centos-7-v20190729" + auto_delete = true + type = "SCRATCH" +} +``` + +```hcl +disk { + source_image = "https://www.googleapis.com/compute/v1/projects/gce-uefi-images/global/images/centos-7-v20190729" + auto_delete = true + disk_type = "local-ssd" +} +``` + ### `kms_key_self_link` is now required on block `google_compute_instance_template.disk_encryption_key` In an attempt to avoid allowing empty blocks in config files, `kms_key_self_link` is now