Change8

v1.11.0-rc2

📦 terraform
8 features🐛 4 fixes1 deprecations🔧 12 symbols

Summary

Terraform 1.11.0-rc2 introduces S3-native state locking and JUnit XML output for tests as GA features, alongside write-only resource attributes and enhanced Azure backend authentication.

Migration Steps

  1. Migrate S3 state locking from DynamoDB to the new S3-native mechanism by enabling the 'use_lockfile' argument.
  2. Update Azure backend configurations to utilize new authentication fields if matching terraform-provider-azurerm behavior is required.

✨ New Features

  • Add write-only attributes to resources which are not persisted in state and support ephemeral values.
  • The -junit-xml option for 'terraform test' is now generally available for creating test reports.
  • S3 native state locking is now generally available via the 'use_lockfile' argument.
  • Provider installation now supports .netrc file credentials for registry downloads.
  • Added 'override_during' attribute to 'terraform test' to allow mocked/overridden values during plan phases.
  • Added 'state_key' attribute for 'run' blocks in 'terraform test' to control internal state file usage.
  • Updated Azure backend with new authentication properties: use_cli, use_aks_workload_identity, client_id_file_path, client_certificate, and client_secret_file_path.
  • Included ca-certificates package in the official Docker image.

🐛 Bug Fixes

  • Corrected error message when ephemeral values are included in provisioner output.
  • Changed misleading error to a warning when attempting to override a variable during apply via TF_VAR_.
  • Fixed crash in backends when interrupting during interactive prompts.
  • Fixed hanging behavior when applying a saved plan with -auto-approve using the cloud backend.

🔧 Affected Symbols

terraform testterraform test -junit-xmlbackend.s3.use_lockfilebackend.azurermbackend.azurerm.use_clibackend.azurerm.use_aks_workload_identitybackend.azurerm.client_id_file_pathbackend.azurerm.client_certificatebackend.azurerm.client_secret_file_pathrun.state_keyrun.override_duringephemeral

⚡ Deprecations

  • DynamoDB-related arguments for S3 state locking are deprecated in favor of the new S3-native locking mechanism (use_lockfile).