This commit catches an error when the instance is parsing and building
its network list. This can happen when a cloud provider responds with
a non-JSON response for the list of networks.
Previously lightsail was limited to `us-east-1` only. This restriction has now been lifted to new regions.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLightsailInstance_euRegion'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 16:40:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLightsailInstance_euRegion -timeout 120m
=== RUN TestAccAWSLightsailInstance_euRegion
--- PASS: TestAccAWSLightsailInstance_euRegion (45.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 45.319s
```
Fixes: #14668
The previous JSON validator that we were using for IAM policy documents wouldn't catch AWS IAM Policy errors.
The supplied policy document would pass our validator, then fail with the following API error:
```
* aws_iam_role_policy.foo: Error putting IAM role policy tf_test_policy_ymw7hbil9w: MalformedPolicyDocument: The policy failed legacy parsing
status code: 400, request id: e7615d90-3c99-11e7-babc-c14e741605bf
```
This happens if the Policy Document doesn't start with the opening JSON bracket, and often happens in the following case:
```
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
...
}
]
}
EOF
```
Where, when using a HEREDOC, the policy document is indented incorrectly.
The new validation function for the IAM policies verifies that the first character of the supplied policy document is the leading JSON bracket, prior to validating the JSON string.
Test Output:
```
$ make test TEST=./builtin/providers/aws/ TESTARGS="-v -run=TestValidateIAMPolicyJsonString"
==> Checking that code complies with gofmt requirements...
==> Checking AWS provider for unchecked errors...
==> NOTE: at this time we only look for uncheck errors in the AWS package
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:56:32 Generated command/internal_plugin_list.go
go test -i ./builtin/providers/aws/ || exit 1
echo ./builtin/providers/aws/ | \
xargs -t -n4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4
go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 ./builtin/providers/aws/
=== RUN TestValidateIAMPolicyJsonString
--- PASS: TestValidateIAMPolicyJsonString (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.009s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:38:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSPolicy_ -timeout 120m
=== RUN TestAWSPolicy_namePrefix
--- PASS: TestAWSPolicy_namePrefix (20.01s)
=== RUN TestAWSPolicy_invalidJson
--- PASS: TestAWSPolicy_invalidJson (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 20.027s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMRolePolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 11:02:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMRolePolicy_ -timeout 120m
=== RUN TestAccAWSIAMRolePolicy_importBasic
--- PASS: TestAccAWSIAMRolePolicy_importBasic (18.45s)
=== RUN TestAccAWSIAMRolePolicy_basic
--- PASS: TestAccAWSIAMRolePolicy_basic (35.92s)
=== RUN TestAccAWSIAMRolePolicy_namePrefix
--- PASS: TestAccAWSIAMRolePolicy_namePrefix (14.78s)
=== RUN TestAccAWSIAMRolePolicy_generatedName
--- PASS: TestAccAWSIAMRolePolicy_generatedName (20.20s)
=== RUN TestAccAWSIAMRolePolicy_invalidJSON
--- PASS: TestAccAWSIAMRolePolicy_invalidJSON (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 89.363s
```
Fixes: #14653
I was originally calling the wrong API method and only some of the
values were being persisted to state. By changing the API method, we can
now get all of the values and therefore can detech manual drift
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMMaintenanceWindow_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 16:56:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSSMMaintenanceWindow_ -timeout 120m
=== RUN TestAccAWSSSMMaintenanceWindow_basic
--- PASS: TestAccAWSSSMMaintenanceWindow_basic (41.39s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 41.419s
```
When a `google_compute_disk` is attached to a `google_compute_instance`,
deleting can be tricky. GCP doesn't allow disks that are attached to
instances to be deleted. Normally, this is fine; the instance depends on
the disk, so by the time the disk is deleted, the instance should
already be gone.
However, some reports have cropped up (#8667) that deleting disks is
failing because they're still attached to instances. Though this
shouldn't happen, it appears it can happen under some unknown
conditions.
This PR adds logic that will attempt to detach disks from any instances
they're attached to before deleting the disks, adding another safeguard
that should prevent this behaviour.
* provider/google: Fix server/state diff with disk_autoresize
* provider/google: Default true for disk.auto_resize
For sql_database_instance , to match the new API default.
Also adds diff suppression func for autoresize on 1st gen instances
* fix typos
Fixes: #14535
When in a `restricted` cloud, we should fall back to the old method of
tagging. Before this change we saw the following:
```
% terraform apply ✭
aws_instance.foo: Creating...
ami: "" => "ami-0fa3c42c"
associate_public_ip_address: "" => "<computed>"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "m1.small"
ipv6_address_count: "" => "<computed>"
ipv6_addresses.#: "" => "<computed>"
key_name: "" => "<computed>"
network_interface.#: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
primary_network_interface_id: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tags.%: "" => "1"
tags.foo: "" => "bar"
tenancy: "" => "<computed>"
volume_tags.%: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.foo: Creation complete (ID: i-0009f227ae24791b9)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
% terraform plan ✭
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_instance.foo: Refreshing state... (ID: i-0009f227ae24791b9)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
~ aws_instance.foo
tags.%: "0" => "1"
tags.foo: "" => "bar"
Plan: 0 to add, 1 to change, 0 to destroy.
```
After this patch, we see the following:
```
% terraform apply ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
aws_instance.foo: Creating...
ami: "" => "ami-0fa3c42c"
associate_public_ip_address: "" => "<computed>"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "m1.small"
ipv6_address_count: "" => "<computed>"
ipv6_addresses.#: "" => "<computed>"
key_name: "" => "<computed>"
network_interface.#: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
primary_network_interface_id: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tags.%: "" => "1"
tags.foo: "" => "bar"
tenancy: "" => "<computed>"
volume_tags.%: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.foo: Creation complete (ID: i-04cd122e28f167a14)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_instance.foo: Refreshing state... (ID: i-04cd122e28f167a14)
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
Fixes: #14530
When we found an update of IPv6 cidr block, we first tried to
disassociate the old cidr block association. This caused errors if there
was none, it threw an error, as we passed an empty associationId:
```
* aws_subnet.public_subnet.0: InvalidSubnetCidrBlockAssociationId.Malformed: The subnet CIDR block with association ID is malformed
status code: 400, request id: f438f468-9ca4-4000-ba78-63a0f25d390a
* aws_subnet.public_subnet[1]: 1 error(s) occurred:
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSubnet_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/16 18:28:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m
=== RUN TestAccAWSSubnet_importBasic
--- PASS: TestAccAWSSubnet_importBasic (55.40s)
=== RUN TestAccAWSSubnet_basic
--- PASS: TestAccAWSSubnet_basic (53.62s)
=== RUN TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (125.87s)
=== RUN TestAccAWSSubnet_enableIpv6
--- PASS: TestAccAWSSubnet_enableIpv6 (88.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 323.787s
```
* core/providersplit: Split OPC Provider to separate repo
As we march towards Terraform 0.10.0, we are going to start building the
terraform providers as separate binaries - this will allow us to
continually release them. Before we go to 0.10.0, we need to be able to
continue building providers in the same manner, therefore, we have
hardcoded the path of the provider in the generate-plugins.go file
The interim solution will require us to vendor the opc provider and any
child dependencies, but when we get to 0.10.0, we will no longer have to
do this - the core will auto download the plugin binary. The plugin
package will have it's own dependencies vendored as well.
* core/providersplit: Removing the builtin version of OPC provider
* core/providersplit: Vendoring the OPC plugin
* core/providersplit: update internal plugin list
* core/providersplit: remove unused govendor item
Fixes: #14361
An IPv6 CIDR block is option and can be added *after* a subnet has been
created. Therefore, we should set it to `Computed: true`
Otherwise, a manually created IPv6 association will be removed on the
next terraform run
Correctly sets the attribute `ip_address` in the `opc_compute_ip_address_reservation` resource.
Also updates documentation for the `ip_address_pool` attribute.
```
$ make testacc TEST=./builtin/providers/opc TESTARGS="-run=TestAccOPCIPAddressReservation_Basic"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/16 10:15:53 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/opc -v -run=TestAccOPCIPAddressReservation_Basic -timeout 120m
=== RUN TestAccOPCIPAddressReservation_Basic
--- PASS: TestAccOPCIPAddressReservation_Basic (22.60s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/opc 22.604s
```
This changeset fixes how some digitalocean dns records were getting
parsed. In particular, it allows for understanding "@" as shorthand for
the domain itself, preventing terraform from suggesting changes that
wouldn't have any actual effect. This changeset also adds a trailing "."
to certain record types which are required to be submitted with a
trailing dot, but which digitalocean does not return with a trailing
dot, again preventing changes that wouldn't have an effect.
Tests have been added for the above, and with just adding the tests, the
current code is failing, as it is handling some records(e.g. MX)
incorrectly
* Propagate AWS CodePipeline action roles
* Add acceptance test for AWS CodePipeline action roles
* Isolate AWS CodePipeline service role acceptance test
The existing "tag" field on autoscaling groups is very limited in that it
cannot be used in conjunction with interpolation preventing from adding
dynamic tag entries.
Other AWS resources don't have this restriction on tags because they work
directly on the map type.
AWS autoscaling groups on the other hand have an additional field
"propagate_at_launch" which is not usable with a pure map type.
This fixes it by introducing an additional field called "tags" which
allows specifying a list of maps. This preserves the possibility to
declare tags as with the "tag" field but additionally allows to
construct lists of maps using interpolation syntax.
This commit modifies the openstack_compute_floatingip_associate_v2 resource
to handle cases where the floating IP or instance were deleted outside of
Terraform.
Fixes: #14503
Changes to root_block_device were not picked up as we had a hash func to
return 0. We changed from set -> list as we only allow 1 value and
immediately we can get changes propagating
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLaunchConfiguration_updateRootBlockDevice'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 19:27:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLaunchConfiguration_updateRootBlockDevice -timeout 120m
=== RUN TestAccAWSLaunchConfiguration_updateRootBlockDevice
--- PASS: TestAccAWSLaunchConfiguration_updateRootBlockDevice (51.12s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 51.140s
```
Fixes: #14006Fixes: #14464
IPv6 wasn't supported for adding routes to the internet gateway.
Resulted in a message as follows:
```
Error creating route: MissingParameter: The request must contain the parameter destinationCidrBlock or destinationIpv6CidrBlock
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 11:50:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute_ -timeout 120m
=== RUN TestAccAWSRoute_basic
--- PASS: TestAccAWSRoute_basic (67.27s)
=== RUN TestAccAWSRoute_ipv6Support
--- PASS: TestAccAWSRoute_ipv6Support (59.35s)
=== RUN TestAccAWSRoute_ipv6ToInternetGateway
--- PASS: TestAccAWSRoute_ipv6ToInternetGateway (67.39s)
=== RUN TestAccAWSRoute_changeCidr
--- PASS: TestAccAWSRoute_changeCidr (103.68s)
=== RUN TestAccAWSRoute_noopdiff
--- PASS: TestAccAWSRoute_noopdiff (194.32s)
=== RUN TestAccAWSRoute_doesNotCrashWithVPCEndpoint
--- PASS: TestAccAWSRoute_doesNotCrashWithVPCEndpoint (71.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 563.397s
```
The acceptance tests for spot_instance_requests were showing falures as
follows:
```
------- Stdout: -------
=== RUN TestAccAWSSpotInstanceRequest_basic
--- FAIL: TestAccAWSSpotInstanceRequest_basic (100.40s)
testing.go:280: Step 0 error: After applying this step, the plan was not empty:
DIFF:
UPDATE: aws_spot_instance_request.foo
volume_tags.%: "" => "<computed>"
```
This was because we were setting volume_tags as computed and thus the
diff. We needed to override the schema to make sure that it was not
being computed - it's only aws_instance that needs computed tags because
of EBS volumes
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotInstanceRequest_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 10:41:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotInstanceRequest_ -timeout 120m
=== RUN TestAccAWSSpotInstanceRequest_basic
--- PASS: TestAccAWSSpotInstanceRequest_basic (86.93s)
=== RUN TestAccAWSSpotInstanceRequest_withBlockDuration
--- PASS: TestAccAWSSpotInstanceRequest_withBlockDuration (97.47s)
=== RUN TestAccAWSSpotInstanceRequest_vpc
--- PASS: TestAccAWSSpotInstanceRequest_vpc (234.56s)
=== RUN TestAccAWSSpotInstanceRequest_SubnetAndSG
--- PASS: TestAccAWSSpotInstanceRequest_SubnetAndSG (146.16s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 565.131s
```
* Adds ExpressRoute circuit documentation
* Adds tests and doc improvements
* Code for basic Express Route Circuit support
* Use the built-in validation helper
* Added ignoreCaseDiffSuppressFunc to a few fields
* Added more information to docs
* Touchup
* Moving SKU properties into a set.
* Updates doc
* A bit more tweaks
* Switch to Sprintf for test string
* Updating the acceptance test name for consistency