Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package opentofu for openSUSE:Factory checked in at 2026-02-13 12:49:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opentofu (Old) and /work/SRC/openSUSE:Factory/.opentofu.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opentofu" Fri Feb 13 12:49:48 2026 rev:44 rq:1332799 version:1.11.5 Changes: -------- --- /work/SRC/openSUSE:Factory/opentofu/opentofu.changes 2026-01-27 16:11:57.729169153 +0100 +++ /work/SRC/openSUSE:Factory/.opentofu.new.1977/opentofu.changes 2026-02-13 12:49:55.278284053 +0100 @@ -1,0 +2,12 @@ +Fri Feb 13 06:19:31 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.11.5: + * BUG FIXES: + - Add universe_domain option in the gcs backend to support + sovereign GCP services (#3758) + - The azurerm backend's MSI authentication method will now + respect the provided client ID (#3586) + - Using a network mirror for the providers source does not + print debug logs without being asked for (#3736) + +------------------------------------------------------------------- Old: ---- opentofu-1.11.4.obscpio New: ---- opentofu-1.11.5.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opentofu.spec ++++++ --- /var/tmp/diff_new_pack.IBsP0d/_old 2026-02-13 12:49:57.906394122 +0100 +++ /var/tmp/diff_new_pack.IBsP0d/_new 2026-02-13 12:49:57.910394289 +0100 @@ -19,7 +19,7 @@ %define executable_name tofu Name: opentofu -Version: 1.11.4 +Version: 1.11.5 Release: 0 Summary: Declaratively manage your cloud infrastructure License: MPL-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.IBsP0d/_old 2026-02-13 12:49:57.950395965 +0100 +++ /var/tmp/diff_new_pack.IBsP0d/_new 2026-02-13 12:49:57.954396132 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/opentofu/opentofu/</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.11.4</param> + <param name="revision">v1.11.5</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.IBsP0d/_old 2026-02-13 12:49:57.982397306 +0100 +++ /var/tmp/diff_new_pack.IBsP0d/_new 2026-02-13 12:49:57.986397473 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/opentofu/opentofu/</param> - <param name="changesrevision">2a9b7ac61409f7f22bde65c192c5814eb4b75cdf</param></service></servicedata> + <param name="changesrevision">67fe9db49b7dafd46470cf9ac7f437aaa95f5c40</param></service></servicedata> (No newline at EOF) ++++++ opentofu-1.11.4.obscpio -> opentofu-1.11.5.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/CHANGELOG.md new/opentofu-1.11.5/CHANGELOG.md --- old/opentofu-1.11.4/CHANGELOG.md 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/CHANGELOG.md 2026-02-12 15:14:04.000000000 +0100 @@ -1,6 +1,13 @@ The v1.11.x release series is supported until **August 1 2026**. +## 1.11.6 (Unreleased) -## 1.11.5 (Unreleased) +## 1.11.5 + +BUG FIXES: + +* Add `universe_domain` option in the `gcs` backend to support sovereign GCP services ([#3758](https://github.com/opentofu/opentofu/issues/3758)) +* The `azurerm` backend's MSI authentication method will now respect the provided client ID ([#3586](https://github.com/opentofu/opentofu/issues/3586)) +* Using a network mirror for the providers source does not print debug logs without being asked for ([#3736](https://github.com/opentofu/opentofu/issues/3736)) ## 1.11.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/azure/README.md new/opentofu-1.11.5/internal/backend/remote-state/azure/README.md --- old/opentofu-1.11.4/internal/backend/remote-state/azure/README.md 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/azure/README.md 2026-02-12 15:14:04.000000000 +0100 @@ -114,6 +114,14 @@ $ ./azure.test -test.v -test.run "TestAcc.*ManagedServiceIdentity" ``` +Sometimes may you want to test something against the full `tofu` binary (as happened in [this issue](https://github.com/opentofu/opentofu/issues/3586)). From the root of this `opentofu` repository, you can run: + +```bash +$ GOOS=linux GOARCH=amd64 make build +``` + +You can then `scp` the resulting binary and run `./tofu init`, `./tofu apply`, etc., on the server. + ### Running AKS Workload Identity Test We strongly recommend using the workspace in the `meta-test` folder to set up the AKS Kubernetes cluster and associated authorizations. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/azure/auth/msi_auth.go new/opentofu-1.11.5/internal/backend/remote-state/azure/auth/msi_auth.go --- old/opentofu-1.11.4/internal/backend/remote-state/azure/auth/msi_auth.go 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/azure/auth/msi_auth.go 2026-02-12 15:14:04.000000000 +0100 @@ -40,9 +40,14 @@ func (cred *managedIdentityAuth) Construct(ctx context.Context, config *Config) (azcore.TokenCredential, error) { client := httpclient.New(ctx) + var id azidentity.ManagedIDKind + if config.ClientID != "" { + id = azidentity.ClientID(config.ClientID) + } c, err := azidentity.NewManagedIdentityCredential( &azidentity.ManagedIdentityCredentialOptions{ ClientOptions: clientOptions(client, config.CloudConfig), + ID: id, }, ) endpoint := reconcileMSIEndpoint(config.Endpoint) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/gcs/backend.go new/opentofu-1.11.5/internal/backend/remote-state/gcs/backend.go --- old/opentofu-1.11.4/internal/backend/remote-state/gcs/backend.go 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/gcs/backend.go 2026-02-12 15:14:04.000000000 +0100 @@ -119,6 +119,13 @@ "GOOGLE_STORAGE_CUSTOM_ENDPOINT", }, nil), }, + "universe_domain": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.MultiEnvDefaultFunc([]string{ + "GOOGLE_BACKEND_UNIVERSE_DOMAIN", + }, nil), + }, }, } @@ -212,6 +219,11 @@ endpoint := option.WithEndpoint(storageEndpoint.(string)) opts = append(opts, endpoint) } + // Custom universe domain for sovereign cloud authentication + if universeDomain, ok := data.GetOk("universe_domain"); ok { + domain := option.WithUniverseDomain(universeDomain.(string)) + opts = append(opts, domain) + } client, err := storage.NewClient(ctx, opts...) if err != nil { return fmt.Errorf("storage.NewClient() failed: %w", err) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/gcs/backend_test.go new/opentofu-1.11.5/internal/backend/remote-state/gcs/backend_test.go --- old/opentofu-1.11.4/internal/backend/remote-state/gcs/backend_test.go 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/gcs/backend_test.go 2026-02-12 15:14:04.000000000 +0100 @@ -47,6 +47,22 @@ var keyRingLocation = os.Getenv("GOOGLE_REGION") +// TestBackendConfig checks that the fields provided in the config works well with the schema configured +// in the backend. +func TestBackendConfig(t *testing.T) { + expectedBucketName := bucketName(t) + config := map[string]interface{}{ + "bucket": expectedBucketName, + "access_token": "dummy token", + "storage_custom_endpoint": "https://storage.s3nsapis.fr/storage/v1/";, + "universe_domain": "s3nsapis.fr", + } + + // This is meant only to parse the configuration and ensure that the configuration given matches the schema configured + // in the backend + _ = backend.TestBackendConfig(t, New(encryption.StateEncryptionDisabled()), backend.TestWrapConfig(config)).(*Backend) +} + func TestStateFile(t *testing.T) { t.Parallel() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/pg/README.md new/opentofu-1.11.5/internal/backend/remote-state/pg/README.md --- old/opentofu-1.11.4/internal/backend/remote-state/pg/README.md 1970-01-01 01:00:00.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/pg/README.md 2026-02-12 15:14:04.000000000 +0100 @@ -0,0 +1,7 @@ +Run the integration tests: +```shell +container_id=$(docker run --rm --name opentofu-psql -p 5432:5432 -e POSTGRES_PASSWORD=tofu -d postgres) +TF_ACC=1 TF_PG_TEST=1 DATABASE_URL="postgresql://postgres:tofu@localhost:5432/postgres?sslmode=disable" \ + go test github.com/opentofu/opentofu/internal/backend/remote-state/pg +docker rm ${container_id} -f +``` \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/pg/backend.go new/opentofu-1.11.5/internal/backend/remote-state/pg/backend.go --- old/opentofu-1.11.4/internal/backend/remote-state/pg/backend.go 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/pg/backend.go 2026-02-12 15:14:04.000000000 +0100 @@ -9,15 +9,21 @@ "context" "database/sql" "fmt" - "github.com/lib/pq" "os" "strconv" + "github.com/lib/pq" + "github.com/opentofu/opentofu/internal/backend" "github.com/opentofu/opentofu/internal/encryption" "github.com/opentofu/opentofu/internal/legacy/helper/schema" ) +const ( + sequenceName = "global_states_id_seq" + publicSchema = "public" +) + func defaultBoolFunc(k string, dv bool) schema.SchemaDefaultFunc { return func() (interface{}, error) { if v := os.Getenv(k); v != "" { @@ -143,16 +149,18 @@ } if !skipTableCreation { - query = "CREATE SEQUENCE IF NOT EXISTS public.global_states_id_seq AS bigint" + query = fmt.Sprintf("CREATE SEQUENCE IF NOT EXISTS %s.%s AS bigint", publicSchema, sequenceName) if _, err = db.Exec(query); err != nil { return err } + // The `public` schema is required for the sequence because the pg_advisory_lock is a global locking + // relying on the uniqueness of the ids of the states across the db instance. query = fmt.Sprintf(`CREATE TABLE IF NOT EXISTS %s.%s ( - id bigint NOT NULL DEFAULT nextval('public.global_states_id_seq') PRIMARY KEY, + id bigint NOT NULL DEFAULT nextval('%s.%s') PRIMARY KEY, name text UNIQUE, data text - )`, pq.QuoteIdentifier(b.schemaName), pq.QuoteIdentifier(b.tableName)) + )`, pq.QuoteIdentifier(b.schemaName), pq.QuoteIdentifier(b.tableName), publicSchema, sequenceName) if _, err = db.Exec(query); err != nil { return err diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/backend/remote-state/pg/backend_test.go new/opentofu-1.11.5/internal/backend/remote-state/pg/backend_test.go --- old/opentofu-1.11.4/internal/backend/remote-state/pg/backend_test.go 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/backend/remote-state/pg/backend_test.go 2026-02-12 15:14:04.000000000 +0100 @@ -66,6 +66,8 @@ Name string EnvVars map[string]string Config map[string]interface{} + Setup func(db *sql.DB) error + Teardown func(t *testing.T, db *sql.DB) ExpectConfigurationError string ExpectConnectionError string }{ @@ -102,6 +104,46 @@ }, }, { + Name: "valid-config-creates-only-index", + Setup: func(db *sql.DB) error { + schemaName := fmt.Sprintf("terraform_%s", t.Name()) + tableName := fmt.Sprintf("terraform_table_%s", t.Name()) + query := fmt.Sprintf(`CREATE SCHEMA IF NOT EXISTS %s`, pq.QuoteIdentifier(schemaName)) + if _, err := db.Exec(query); err != nil { + return fmt.Errorf("failed to create schema during setup: %w", err) + } + query = fmt.Sprintf("CREATE SEQUENCE IF NOT EXISTS %s.%s AS bigint", publicSchema, sequenceName) + if _, err := db.Exec(query); err != nil { + return fmt.Errorf("failed to create sequence during setup: %w", err) + } + + quotedSchema := pq.QuoteIdentifier(schemaName) + query = fmt.Sprintf(`CREATE TABLE IF NOT EXISTS %s.%s ( + id bigint NOT NULL DEFAULT nextval('%s.%s') PRIMARY KEY, + -- compared with the backend implementation, we skip the UNIQUE constraint from here on + -- purpose to test the separate unique index creation. + name text, + data text + )`, quotedSchema, pq.QuoteIdentifier(tableName), publicSchema, sequenceName) + + if _, err := db.Exec(query); err != nil { + return fmt.Errorf("failed to create table during setup: %w", err) + } + return nil + }, + Teardown: func(t *testing.T, db *sql.DB) { + dropSchema(t, db, fmt.Sprintf("terraform_%s", t.Name())) + }, + Config: map[string]interface{}{ + "conn_str": connStr, + "schema_name": fmt.Sprintf("terraform_%s", t.Name()), + "index_name": fmt.Sprintf("terraform_%s", t.Name()), + "table_name": fmt.Sprintf("terraform_table_%s", t.Name()), + "skip_schema_creation": true, + "skip_table_creation": true, + }, + }, + { Name: "missing-conn_str-defaults-to-localhost", EnvVars: map[string]string{ "PGSSLMODE": "disable", @@ -213,9 +255,22 @@ } else if diags.HasErrors() { t.Fatal(diags.ErrWithWarnings()) } - obj = newObj + dbCleaner, err := sql.Open("postgres", connStr) + if err != nil { + t.Fatal(err) + } + + if tc.Setup != nil { + if tc.Teardown == nil { + t.Fatalf("invalid configuration of the test. A teardown is required when a setup is configured") + } + defer tc.Teardown(t, dbCleaner) + if err := tc.Setup(dbCleaner); err != nil { + t.Fatalf("failed to run setup for test: %s", err) + } + } confDiags := b.Configure(t.Context(), obj) if tc.ExpectConnectionError != "" { err := confDiags.InConfigBody(config, "").ErrWithWarnings() @@ -235,60 +290,62 @@ t.Fatal("Backend could not be configured") } + validateQueryCount := func(query string, expectedCount int, queryArgs ...any) error { + var count int + if err = b.db.QueryRow(query, queryArgs...).Scan(&count); err != nil { + t.Fatal(err) + } + + if count != expectedCount { + return fmt.Errorf("expected to have %d entries but got %d", expectedCount, count) + } + return nil + } schemaName := b.Config().Get("schema_name").(string) tableName := b.Config().Get("table_name").(string) indexName := b.Config().Get("index_name").(string) skipSchemaCreation := b.Config().Get("skip_schema_creation").(bool) skipTableCreation := b.Config().Get("skip_table_creation").(bool) skipIndexCreation := b.Config().Get("skip_index_creation").(bool) - - dbCleaner, err := sql.Open("postgres", connStr) - if err != nil { - t.Fatal(err) - } defer dropSchema(t, dbCleaner, schemaName) // Make sure everything has been created - if skipSchemaCreation { + if !skipSchemaCreation { // Make sure schema exists - var count int query := `select count(*) from information_schema.schemata where schema_name=$1` - if err = b.db.QueryRow(query, schemaName).Scan(&count); err != nil { - t.Fatal(err) - } - - if count != 1 { - t.Fatalf("The schema has not been created (%d)", count) + if err := validateQueryCount(query, 1, schemaName); err != nil { + t.Fatalf("The schema %q has not been created: %s", schemaName, err) } } - if skipTableCreation { - // Make sure that the index exists - var count int - - query := `select count(*) from pg_catalog.pg_tables where schemaname=$1 and tablename=$2;` - err = b.db.QueryRow(query, schemaName, tableName).Scan(&count) - if err != nil { - t.Fatal(err) + var implicitIndexCreated bool + if !skipTableCreation { + // Make sure that the sequence exists + seqQuery := `select count(*) from pg_catalog.pg_sequences where schemaname=$1 and sequencename=$2;` + if err := validateQueryCount(seqQuery, 1, "public", sequenceName); err != nil { + t.Fatalf("The sequence %q has not been created in schema %q: %s", sequenceName, schemaName, err) } - - if count != 1 { - t.Fatalf("The table has not been created (%d)", count) + // Make sure that the table exists + tableQuery := `select count(*) from pg_catalog.pg_tables where schemaname=$1 and tablename=$2;` + if err := validateQueryCount(tableQuery, 1, schemaName, tableName); err != nil { + t.Fatalf("The table %q has not been created in schema %q: %s", tableName, schemaName, err) } - } - - if skipIndexCreation { - // Make sure that the index exists - var count int - - query := `select count(*) from pg_indexes where schemaname=$1 and tablename=$2 and indexname=$3;` - err = b.db.QueryRow(query, schemaName, tableName, indexName+"_name_key").Scan(&count) - if err != nil { - t.Fatal(err) + // If the table has been created, it creates automatically a unique index on the name field + // composed from the table name and the automatically added suffix "_<field>_key". + // In this case it needs to be "<table_name>_name_key. + fullIndexName := fmt.Sprintf("%s_name_key", tableName) + indexQuery := `select count(*) from pg_indexes where schemaname=$1 and tablename=$2 and indexname=$3;` + if err := validateQueryCount(indexQuery, 1, schemaName, tableName, fullIndexName); err != nil { + t.Fatalf("The index %q has not been created for table %s.%s: %s", indexName, schemaName, tableName, err) } + implicitIndexCreated = true + } - if count != 1 { - t.Fatalf("The index has not been created (%d)", count) + if !skipIndexCreation && !implicitIndexCreated { + // Make sure that the index on the name column exists + indexQuery := `select count(*) from pg_indexes where schemaname=$1 and tablename=$2 and indexname=$3;` + if err := validateQueryCount(indexQuery, 1, schemaName, tableName, indexName); err != nil { + t.Fatalf("The index %q has not been created for table %s.%s: %s", indexName, schemaName, tableName, err) } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/internal/httpclient/registry_client.go new/opentofu-1.11.5/internal/httpclient/registry_client.go --- old/opentofu-1.11.4/internal/httpclient/registry_client.go 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/internal/httpclient/registry_client.go 2026-02-12 15:14:04.000000000 +0100 @@ -12,6 +12,7 @@ "time" "github.com/hashicorp/go-retryablehttp" + "github.com/opentofu/opentofu/internal/logging" ) // NewForRegistryRequests is a variant of [New] that deals with some additional @@ -49,6 +50,7 @@ retryableClient.RetryMax = retryCount retryableClient.RequestLogHook = registryRequestLogHook retryableClient.ErrorHandler = registryMaxRetryErrorHandler + retryableClient.Logger = logging.HCLogger() return retryableClient } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/version/VERSION new/opentofu-1.11.5/version/VERSION --- old/opentofu-1.11.4/version/VERSION 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/version/VERSION 2026-02-12 15:14:04.000000000 +0100 @@ -1 +1 @@ -1.11.4 +1.11.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/website/docs/cli/commands/output.mdx new/opentofu-1.11.5/website/docs/cli/commands/output.mdx --- old/opentofu-1.11.4/website/docs/cli/commands/output.mdx 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/website/docs/cli/commands/output.mdx 2026-02-12 15:14:04.000000000 +0100 @@ -52,6 +52,7 @@ root module of the configuration, using definitions from a ["tfvars" file](../../language/values/variables.mdx#variable-definitions-tfvars-files). Use this option multiple times to include values from more than one file. +* `-show-sensitive` - If specified, sensitive values will be displayed. There are several other ways to set values for input variables in the root module, aside from the `-var` and `-var-file` options. Refer to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/website/docs/cli/commands/show.mdx new/opentofu-1.11.5/website/docs/cli/commands/show.mdx --- old/opentofu-1.11.4/website/docs/cli/commands/show.mdx 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/website/docs/cli/commands/show.mdx 2026-02-12 15:14:04.000000000 +0100 @@ -43,6 +43,7 @@ - `-var` and `-var-file`: Specifies values for any input variables used in module source addresses or backend settings in the current configuration. +- `-show-sensitive`: If specified, sensitive values will be displayed. Unless using the `-module=DIR` option, this command relies on schema information from provider plugins to fully understand the provider-specific data structures diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/website/docs/cli/commands/state/show.mdx new/opentofu-1.11.5/website/docs/cli/commands/state/show.mdx --- old/opentofu-1.11.4/website/docs/cli/commands/state/show.mdx 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/website/docs/cli/commands/state/show.mdx 2026-02-12 15:14:04.000000000 +0100 @@ -46,6 +46,8 @@ ["tfvars" file](../../../language/values/variables.mdx#variable-definitions-tfvars-files). Use this option multiple times to include values from more than one file. +* `-show-sensitive` - If specified, sensitive values will be displayed. + There are several other ways to set values for input variables in the root module, aside from the `-var` and `-var-file` options. Refer to [Assigning Values to Root Module Variables](../../../language/values/variables.mdx#assigning-values-to-root-module-variables) for more information. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/website/docs/language/settings/backends/gcs.mdx new/opentofu-1.11.5/website/docs/language/settings/backends/gcs.mdx --- old/opentofu-1.11.4/website/docs/language/settings/backends/gcs.mdx 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/website/docs/language/settings/backends/gcs.mdx 2026-02-12 15:14:04.000000000 +0100 @@ -137,3 +137,4 @@ For more information, including IAM requirements, see [Customer-managed Encryption Keys](https://cloud.google.com/storage/docs/encryption/customer-managed-keys). - `storage_custom_endpoint` / `GOOGLE_BACKEND_STORAGE_CUSTOM_ENDPOINT` / `GOOGLE_STORAGE_CUSTOM_ENDPOINT` - (Optional) A URL containing three parts: the protocol, the DNS name pointing to a Private Service Connect endpoint, and the path for the Cloud Storage API (`/storage/v1/b`, [see here](https://cloud.google.com/storage/docs/json_api/v1/buckets/get#http-request)). You can either use [a DNS name automatically made by the Service Directory](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#configure-p-dns) or a [custom DNS name](https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#configure-dns-default) made by you. For example, if you create an endpoint called `xyz` and want to use the automatically-created DNS name, you should set the field value as `https://storage-xyz.p.googleapis.com/storage/v1/b`. For help creating a Private Service Connect endpoint using OpenTofu, [see this guide](https://cloud.google.com/vpc/docs/configure-private- service-connect-apis#terraform_1). +- `universe_domain` / `GOOGLE_BACKEND_UNIVERSE_DOMAIN` / `GOOGLE_CLOUD_UNIVERSE_DOMAIN` - (Optional) The domain of the Private Service Connect endpoint. Most of the times, the value provided here is the root domain of the value configured in `storage_custom_endpoint`. This instructs the GCP sdk to allow requests to a sovereign cloud with credentials that are already generated for that cloud universe. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/opentofu-1.11.4/website/docs/language/settings/backends/pg.mdx new/opentofu-1.11.5/website/docs/language/settings/backends/pg.mdx --- old/opentofu-1.11.4/website/docs/language/settings/backends/pg.mdx 2026-01-21 16:57:28.000000000 +0100 +++ new/opentofu-1.11.5/website/docs/language/settings/backends/pg.mdx 2026-02-12 15:14:04.000000000 +0100 @@ -95,7 +95,7 @@ The following configuration options or environment variables are supported: - `conn_str` - Postgres connection string; a `postgres://` URL. The `PG_CONN_STR` and [standard `libpq`](https://www.postgresql.org/docs/current/libpq-envars.html) environment variables can also be used to indicate how to connect to the PostgreSQL database. -- `schema_name` - Name of the automatically-managed Postgres schema, default to `terraform_remote_state`. Can also be set using the `PG_SCHEMA_NAME` environment variable. +- `schema_name` - Name of the automatically-managed Postgres schema, default to `terraform_remote_state`. Can also be set using the `PG_SCHEMA_NAME` environment variable. The `public` schema will still be used for the sequence that creates state IDs. See the [locking section](#locking-approach) for more details. - `skip_schema_creation` - If set to `true`, the Postgres schema must already exist. Can also be set using the `PG_SKIP_SCHEMA_CREATION` environment variable. OpenTofu won't try to create the schema, this is useful when it has already been created by a database administrator. - `table_name` - Name of the automatically-managed Postgres table, default to `states`. Can also be set using the `PG_TABLE_NAME` environment variable. - `skip_table_creation` - If set to `true`, the Postgres table must already exist. Can also be set using the `PG_SKIP_TABLE_CREATION` environment variable. OpenTofu won't try to create the table, this is useful when it has already been created by a database administrator. @@ -119,3 +119,14 @@ - a serial integer `id`, used as the key for advisory locks - the workspace `name` key as _text_ with a unique index - the OpenTofu state `data` as _text_ + +### Locking approach + +The locking uses [Postgres advisory locks](https://www.postgresql.org/docs/9.5/explicit-locking.html#ADVISORY-LOCKS) which +is a global per database locking mechanism. +To be able to lock correctly different configurations that use the same database, the [postgres sequence](https://www.postgresql.org/docs/current/sql-createsequence.html) +used to generate the state IDs is stored in the `public` schema and will be used by all the configurations that use +that database instance for the locking needs. + +Therefore, ensure that the postgres user has access to the schema for that particular configuration and to the `public` schema too. + ++++++ opentofu.obsinfo ++++++ --- /var/tmp/diff_new_pack.IBsP0d/_old 2026-02-13 12:50:04.022650279 +0100 +++ /var/tmp/diff_new_pack.IBsP0d/_new 2026-02-13 12:50:04.030650614 +0100 @@ -1,5 +1,5 @@ name: opentofu -version: 1.11.4 -mtime: 1769011048 -commit: 2a9b7ac61409f7f22bde65c192c5814eb4b75cdf +version: 1.11.5 +mtime: 1770905644 +commit: 67fe9db49b7dafd46470cf9ac7f437aaa95f5c40 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/opentofu/vendor.tar.gz /work/SRC/openSUSE:Factory/.opentofu.new.1977/vendor.tar.gz differ: char 31, line 1
