Closed
Description
Should be done after: #1613
TODO:
- https://www.hashicorp.com/blog/announcing-hashicorp-terraform-1-0-general-availability
- https://www.hashicorp.com/blog/new-terraform-planning-options-refresh-false-refresh-only-replace
- https://www.hashicorp.com/blog/terraform-1-1-improves-refactoring-and-the-cloud-cli-experience
- https://www.terraform.io/language/upgrade-guides/1-1
- https://github.com/hashicorp/terraform/blob/v1.1/CHANGELOG.md
- consider using
nullable = false(https://developer.hashicorp.com/terraform/language/values/variables#disallowing-null-input-values) (resolution: it seem like it's intended mostly for modules and as we don't use them, we won't have much benefits out of it) - https://support.hashicorp.com/hc/en-us/articles/4412991179539-v1-1-0-v1-1-1-Bug-Terraform-applied-no-changes-and-unexpectedly-emptied-the-State-File
- https://www.hashicorp.com/blog/terraform-1-2-improves-exception-handling-and-updates-to-the-cli-driven-workflow
- https://www.hashicorp.com/blog/terraform-1-3-improves-extensibility-and-maintainability-of-terraform-modules
- https://www.hashicorp.com/blog/terraform-1-4-improves-the-cli-experience-for-terraform-cloud
- https://www.hashicorp.com/blog/terraform-1-5-brings-config-driven-import-and-checks
- https://github.com/hashicorp/terraform/blob/v1.5/CHANGELOG.md
- https://developer.hashicorp.com/terraform/language/v1.5.x/upgrade-guides
- consider to use
importblock for importing existing resources (withfor_eachfrom 1.7) (extracted to Terraform: automate import of the existing resources #1733)
- https://www.hashicorp.com/blog/terraform-1-6-adds-a-test-framework-for-enhanced-code-validation
- https://www.hashicorp.com/blog/terraform-1-7-adds-test-mocking-and-config-driven-remove
- https://www.hashicorp.com/blog/terraform-1-8-improves-extensibility-with-provider-defined-functions
- https://www.hashicorp.com/blog/terraform-1-9-enhances-input-variable-validations
- https://www.hashicorp.com/blog/terraform-1-10-improves-handling-secrets-in-state-with-ephemeral-values
- https://github.com/hashicorp/terraform/blob/v1.10/CHANGELOG.md
- https://developer.hashicorp.com/terraform/language/v1.10.x/upgrade-guides
- 1.10: consider using
ephemeral(https://developer.hashicorp.com/terraform/language/values/variables#exclude-values-from-state) (resolution: it's intended not for security but for limiting a lifetime of a value, so I'm doubted that we should use it)
- https://support.hashicorp.com/hc/en-us/articles/6302733655315-Terraform-Upgrade-Best-Practices
Upgrade instructions:
cd infra/terraform
vim .terraform-version
vim versions.tf
export HTTPS_PROXY=socks5://127.0.0.1:1122 # optionally
tfenv install
tfenv list
tfenv uninstall <previous version>
terraform init
terraform plan -out terraform.tfplan
terraform apply terraform.tfplan
docker run -e VAULT_PASSWORD="$(cat ../../src/main/scripts/ci/ansible/ci-pass.txt)" -v "$PWD:/data/mystamps" -w /data/mystamps --rm -it ansible:2.10.17
ansible-vault encrypt --vault-password-file vault-pass.txt --output terraform-data/terraform.tfstate.enc terraform.tfstate
<exit shell>
cd terraform-data
git commit -a
git push
cd -
git commit -a