Martin Atkins
Martin Atkins
@diofeher previously the test was ignoring the error result altogether, and so I expect it has _always_ been returning an error but this PR changed it to check the error...
Having it be under control of the module that happens to contain the `provider` block also means that an attacker-controlled module could indirectly start an attacker-controlled provider _without_ specifying any...
Thanks for reporting this! Digging through all of the indirection in the code, is seems like what ultimately triggers this message about the connection to HCP Terraform is when a...
Right after I posted the above I noticed something that contradicts my conclusion: ``` HTTP client GET request to https://app.terraform.io/.well-known/terraform.json ``` Terraform CLI apparently _did_ manage to fetch the service...
Hi @theflyingnerd! Thanks for pointing this out. Currently removing a resource from configuration is treated as intent to remove the resource, since that's an explicit action on your part rather...
This is a pretty old issue that predates a lot of later features that make it possible to do various operations through the normal plan/apply workflow instead of via separate...
Thanks for this feature request, @haoliangyu! The core maintainers will discuss this, but we currently have a backlog of proposals to discuss so it may take some time. In the...
Thanks for that extra context, @haoliangyu. I don't think we can just unilaterally expand the existing environment variables (and the associated CLI configuration settings) to send credentials in additional situations...
Hi @kkgthb, In today's OpenTofu the registry lookup and the final package download are completely independent, with no shared authentication between them regardless of what hostnames you deploy each on....
I think our main constraint here is that we must not make any change that causes new versions of OpenTofu to immediately send pre-existing credentials to any place it wasn't...