As of go-getter v1.8.0, which we already upgraded in an earlier commit,
the S3 "getter" now uses the AWS SDK's default credentials chain
configuration and so follows the same set of credentials-searching
strategies that AWS CLI and other AWS SDK applications would follow.
We learned this only after having already merged that upgrade, so this is
a retroactive documentation and changelog update to describe the change.
Since go-getter is now delegating this whole question to the AWS SDK, our
future upgrades of the AWS SDK will automatically adopt any upstream
changes to the default credentials chain and so our documentation about
this is now more general than before: the intention is that our users can
generally assume that OpenTofu should support everything that is documented
as supported for the AWS CLI, instead of us listing out an explicit search
sequence that will be long and inevitably become outdated again.
Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
This is a first draft of documentation describing our new capability to
treat artifacts in OCI Distribution repositories as a new kind of remote
module package.
This documentation includes both some caller-focused documentation that
extends our existing "Module Sources" page, and some documentation intended
more for the author of a module package describing how they could publish
their package as an OCI artifact that OpenTofu will accept.
As usual, we'll continue to refine this documentation based on feedback
during the prerelease period and beyond.
Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
The current documentation wording seems to suggest that the only `.netrc` file that will be considered by Terraform is the one sitting in the current user's HOME directory. However, unless I am missing something, Terraform uses `go-getter` to fetch remote modules which mean that the `NETRC` environment variable will also be respected and, in fact, will take precedence over any `.netrc` file on the user's home directory.
See: f7a8c48a1f/netrc.go (L23-L36)
There was an unintended regression in go-getter v1.5.9's GitGetter which
caused us to temporarily fork that particular getter into Terraform to
expedite a fix. However, upstream v1.5.10 now includes a
functionally-equivalent fix and so we can heal that fork by upgrading.
We'd also neglected to update the Module Sources docs when upgrading to
go-getter v1.5.9 originally and so we were missing documentation about the
new "depth" argument to enable shadow cloning, which I've added
retroactively here along with documenting its restriction of only
supporting named refs.
This new go-getter release also introduces a new credentials-passing
method for the Google Cloud Storage getter, and so we must incorporate
that into the Terraform-level documentation about module sources.
