Skip to content

chore: Update Terraform minimum version to 1.12 #9

@posquit0

Description

@posquit0

Terraform Version Update

Current State

  • Current Minimum Version: 1.6
  • Target Version: 1.12.2 (latest stable)
  • Affected Modules: All modules (account, organization, organizational-unit, ram-share, sso-access-control-attributes, sso-account-assignment, sso-permission-set)

Major Changes ⚠️

1.6 -> 1.7

New Features:

  • New removed block for module refactoring - allows module authors to specify when a resource/module has been removed
  • Enhanced Terraform Test capabilities with mocking for providers, modules, resources, and data sources
  • Import block improvements with for_each support

Breaking Changes:

  • S3 Backend: use_legacy_workflow now defaults to false - backend will search for credentials in the same order as the default provider chain in AWS SDKs (this argument is deprecated)

Important for AWS modules:

  • Improved credential handling for S3 backend affects state management
  • New testing capabilities can improve module reliability

1.7 -> 1.8

New Features:

  • Provider Functions - providers can now offer custom functions callable in configurations with syntax provider::provider_name::function_name()
  • Remote Object Ownership Transfer between different resource types
  • New issensitive() function to check if a value is marked as sensitive

Enhancements:

  • Import configuration generation improvements with JSON syntax detection
  • Enhanced plan presentation with more granular diff display for lists
  • Terraform Test improvements with file-level variables referencing global variables

Impact on AWS modules:

  • Better sensitive value handling
  • Improved import workflows for AWS resources

1.8 -> 1.9

New Features:

  • Enhanced Input Variable Validation - validation rules can now refer to other objects in the same module
  • New templatestring function for dynamically rendering templates

Performance Improvements:

  • Graph building optimizations for large configurations
  • Reduced state copying for better performance with large resource sets

Breaking Changes:

  • Terraform test files: Provider version constraints must now be in main configuration, not in .tftest.hcl files
  • Import behavior: Invalid import blocks pointing to non-existent modules will now raise errors

1.9 -> 1.10

New Features:

  • Ephemeral Resources and Values - resources that are read during each Terraform evaluation
  • Ephemeral input variables and outputs
  • New ephemeralasnull() function

Breaking Changes:

  • S3 backend: Removed deprecated IAM role attributes
  • Backend changes: Deprecated -state flag with warning to use local backend path attribute
  • Configuration parsing: Moved blocks now respect reserved keywords

Performance:

  • Resource evaluation performance enhancements
  • Improved import block validation

Impact on AWS modules:

  • S3 backend configuration may need updates
  • Ephemeral resources can improve dynamic AWS resource handling

1.10 -> 1.11

New Features:

  • Write-only Attributes for Resources - providers can specify attributes that are not persisted in state
  • S3 native state locking is now generally available
  • JUnit XML reporting for Terraform test
  • Enhanced test mocking capabilities

Deprecations:

  • DynamoDB-related arguments for state locking (superseded by S3 native locking)

Impact on AWS modules:

  • Improved state locking with S3 native support
  • Write-only attributes can enhance security for sensitive AWS resources

1.11 -> 1.12

New Features:

  • Enhanced import blocks with new identity attribute support
  • Terraform test parallelism control with -parallelism=n option
  • OCI Object Storage backend implementation

System Requirements:

  • ⚠️ Linux kernel 3.2 or later now required on Linux systems

Language Improvements:

  • Logical binary operators can now short-circuit
  • Enhanced test execution with detailed diagnostic objects

Required Changes

  • Update versions.tf minimum version from >= 1.6 to >= 1.12 in all modules:
    • modules/account/versions.tf
    • modules/organization/versions.tf
    • modules/organizational-unit/versions.tf
    • modules/ram-share/versions.tf
    • modules/sso-access-control-attributes/versions.tf
    • modules/sso-account-assignment/versions.tf
    • modules/sso-permission-set/versions.tf
  • Review and update S3 backend configurations if using deprecated IAM role attributes
  • Update any test configurations to move provider version constraints to main configuration
  • Test all modules with Terraform 1.12.2
  • Update documentation with new minimum version requirement
  • Consider leveraging new features:
    • Evaluate ephemeral resources for dynamic AWS resource management
    • Consider write-only attributes for sensitive AWS configurations
    • Upgrade test suites to use enhanced testing capabilities

Migration Guide

Step 1: Update Version Constraints

Update all modules/*/versions.tf files to change:

terraform {
  required_version = ">= 1.6"
  # ...
}

to:

terraform {
  required_version = ">= 1.12"
  # ...
}

Step 2: Review Backend Configuration

If using S3 backend with deprecated IAM role attributes, update configuration to use the new credential chain approach.

Step 3: Update Test Files

Move any provider version constraints from .tftest.hcl files to main configuration files.

Step 4: Validation

  • Run terraform init to ensure compatibility
  • Run terraform plan with existing configurations
  • Execute terraform test if tests are available
  • Verify all modules work with AWS provider

Step 5: Documentation

Update README files and documentation to reflect the new minimum Terraform version requirement.

Benefits of Upgrading

  • Enhanced testing capabilities with mocking and improved test execution
  • Better performance with graph building and resource evaluation optimizations
  • Improved AWS integration with S3 native state locking
  • Enhanced security with write-only attributes and better sensitive value handling
  • Future-proofing with support for ephemeral resources and modern Terraform features

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    💾 accountThis issue or pull request is related to account module.💾 organizationThis issue or pull request is related to organization module.💾 organizational-unitThis issue or pull request is related to organizational-unit module.💾 ram-shareThis issue or pull request is related to ram-share module.💾 sso-access-control-attributesThis issue or pull request is related to sso-access-control-attributes module.💾 sso-account-assignmentThis issue or pull request is related to sso-account-assignment module.💾 sso-permission-setThis issue or pull request is related to sso-permission-set module.size/MMedium size issue or PR.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions