Commit Graph

4162 Commits

Author SHA1 Message Date
Radek Simko 4a671fc92e provider/aws: Retry IAM Role deletion on DeleteConflict (#14707)
* provider/aws: Retry IAM Role deletion on DeleteConflict

* provider/aws: Add 'IAM' to relevant test names
2017-05-22 00:35:09 +03:00
Radek Simko 3a41e45180 provider/aws: Retry ECS service update on InvalidParameterException (#14708) 2017-05-21 22:19:41 +03:00
Radek Simko 60bae99a94 provider/aws: Retry ElastiCache cluster deletion when it's snapshotting (#14700) 2017-05-21 00:42:33 +03:00
Radek Simko 66ed50866d provider/aws: Increase timeout for creation of route_table (#14701) 2017-05-21 00:40:33 +03:00
Radek Simko c0a2aa3b49 provider/aws: Allow updating tuples in WAF XssMatchSet + no tuples (#14671)
* provider/aws: Allow updating tuples in WAF XssMatchSet

* provider/aws: Allow WAF XssMatchSet with no tuples
2017-05-20 02:55:58 +02:00
Jake Champlin 85895cecc7
provider/aws: rename usEast1Sess to r53Sess and document 2017-05-19 17:03:34 -04:00
Jake Champlin 0abfda4d8b
provider/aws: Allow lightsail resources to work in other regions
Previously lightsail was limited to `us-east-1` only. This restriction has now been lifted to new regions.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLightsailInstance_euRegion'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 16:40:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLightsailInstance_euRegion -timeout 120m
=== RUN   TestAccAWSLightsailInstance_euRegion
--- PASS: TestAccAWSLightsailInstance_euRegion (45.31s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    45.319s
```

Fixes: #14668
2017-05-19 16:44:07 -04:00
Jake Champlin dffa575591
add docstring on ignored error 2017-05-19 14:36:39 -04:00
Kit Ewbank ca898d8d19 Add ability to 'terraform import' aws_kms_alias resources. 2017-05-19 14:35:54 -04:00
Radek Simko 79903cd7ea provider/aws: Allow updating tuples in WAF SQLInjectionMatchSet + no tuples (#14667)
* provider/aws: Allow updating tuples in WAF SQL Injection Match Set

* provider/aws: Allow WAF SQL Injection match set with no tuples
2017-05-19 17:59:15 +02:00
Jake Champlin 96e83817ef
provider/aws: validation: Add validation function for IAM Policies
The previous JSON validator that we were using for IAM policy documents wouldn't catch AWS IAM Policy errors.
The supplied policy document would pass our validator, then fail with the following API error:

```
 * aws_iam_role_policy.foo: Error putting IAM role policy tf_test_policy_ymw7hbil9w: MalformedPolicyDocument: The policy failed legacy parsing
                        status code: 400, request id: e7615d90-3c99-11e7-babc-c14e741605bf
```

This happens if the Policy Document doesn't start with the opening JSON bracket, and often happens in the following case:

```
policy = <<EOF
  {
      "Version": "2012-10-17",
      "Statement": [
          {
            ...
          }
      ]
  }
  EOF
```

Where, when using a HEREDOC, the policy document is indented incorrectly.

The new validation function for the IAM policies verifies that the first character of the supplied policy document is the leading JSON bracket, prior to validating the JSON string.

Test Output:

```
$ make test TEST=./builtin/providers/aws/ TESTARGS="-v -run=TestValidateIAMPolicyJsonString"
==> Checking that code complies with gofmt requirements...
==> Checking AWS provider for unchecked errors...
==> NOTE: at this time we only look for uncheck errors in the AWS package
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:56:32 Generated command/internal_plugin_list.go
go test -i ./builtin/providers/aws/ || exit 1
echo ./builtin/providers/aws/ | \
        xargs -t -n4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4
go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 ./builtin/providers/aws/
=== RUN   TestValidateIAMPolicyJsonString
--- PASS: TestValidateIAMPolicyJsonString (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    0.009s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:38:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSPolicy_ -timeout 120m
=== RUN   TestAWSPolicy_namePrefix
--- PASS: TestAWSPolicy_namePrefix (20.01s)
=== RUN   TestAWSPolicy_invalidJson
--- PASS: TestAWSPolicy_invalidJson (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    20.027s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMRolePolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 11:02:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMRolePolicy_ -timeout 120m
=== RUN   TestAccAWSIAMRolePolicy_importBasic
--- PASS: TestAccAWSIAMRolePolicy_importBasic (18.45s)
=== RUN   TestAccAWSIAMRolePolicy_basic
--- PASS: TestAccAWSIAMRolePolicy_basic (35.92s)
=== RUN   TestAccAWSIAMRolePolicy_namePrefix
--- PASS: TestAccAWSIAMRolePolicy_namePrefix (14.78s)
=== RUN   TestAccAWSIAMRolePolicy_generatedName
--- PASS: TestAccAWSIAMRolePolicy_generatedName (20.20s)
=== RUN   TestAccAWSIAMRolePolicy_invalidJSON
--- PASS: TestAccAWSIAMRolePolicy_invalidJSON (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    89.363s
```
2017-05-19 11:11:44 -04:00
Paul Stack 65283fb47c provider/aws: Change AWS ssm_maintenance_window Read func (#14665)
Fixes: #14653

I was originally calling the wrong API method and only some of the
values were being persisted to state. By changing the API method, we can
now get all of the values and therefore can detech manual drift

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMMaintenanceWindow_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 16:56:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSSMMaintenanceWindow_ -timeout 120m
=== RUN   TestAccAWSSSMMaintenanceWindow_basic
--- PASS: TestAccAWSSSMMaintenanceWindow_basic (41.39s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	41.419s
```
2017-05-19 17:23:40 +03:00
Radek Simko a567cf00ce Merge pull request #14661 from hashicorp/b-aws-waf-size-constraint
provider/aws: Allow updating constraints in WAF SizeConstraintSet + no constraints
2017-05-19 16:00:36 +02:00
Radek Simko cacaf91ff2 provider/aws: Increase timeout for retrying deletion IAM server cert (#14655) 2017-05-19 16:37:07 +03:00
Radek Simko bf99b53d17
provider/aws: Allow WAF SizeConstraint with no tuples 2017-05-19 09:20:33 +02:00
Radek Simko 3fb671be1f
provider/aws: Allow updating constraints in WAF SizeConstraintSet 2017-05-19 09:20:26 +02:00
Radek Simko afe45b62df provider/aws: Allow updating tuples in WAF ByteMatchSet + no tuples (#14071)
* provider/aws: Allow updating tuples in WAF ByteMatchSet

* provider/aws: Allow WAF ByteMatchSet with no tuples
2017-05-19 09:13:58 +02:00
Radek Simko 740c92fc67 provider/aws: Support filtering in ASG data source (#14501) 2017-05-18 17:40:49 +02:00
Paul Stack 62347ea833 provider/aws: Fall back to old tagging mechanism for AWS gov and aws China (#14627)
Fixes: #14535

When in a `restricted` cloud, we should fall back to the old method of
tagging. Before this change we saw the following:

```
% terraform apply                                                                                                                                                                                         ✭
aws_instance.foo: Creating...
  ami:                          "" => "ami-0fa3c42c"
  associate_public_ip_address:  "" => "<computed>"
  availability_zone:            "" => "<computed>"
  ebs_block_device.#:           "" => "<computed>"
  ephemeral_block_device.#:     "" => "<computed>"
  instance_state:               "" => "<computed>"
  instance_type:                "" => "m1.small"
  ipv6_address_count:           "" => "<computed>"
  ipv6_addresses.#:             "" => "<computed>"
  key_name:                     "" => "<computed>"
  network_interface.#:          "" => "<computed>"
  network_interface_id:         "" => "<computed>"
  placement_group:              "" => "<computed>"
  primary_network_interface_id: "" => "<computed>"
  private_dns:                  "" => "<computed>"
  private_ip:                   "" => "<computed>"
  public_dns:                   "" => "<computed>"
  public_ip:                    "" => "<computed>"
  root_block_device.#:          "" => "<computed>"
  security_groups.#:            "" => "<computed>"
  source_dest_check:            "" => "true"
  subnet_id:                    "" => "<computed>"
  tags.%:                       "" => "1"
  tags.foo:                     "" => "bar"
  tenancy:                      "" => "<computed>"
  volume_tags.%:                "" => "<computed>"
  vpc_security_group_ids.#:     "" => "<computed>"
aws_instance.foo: Creation complete (ID: i-0009f227ae24791b9)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

% terraform plan                                                                                                                                                                                          ✭
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_instance.foo: Refreshing state... (ID: i-0009f227ae24791b9)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

~ aws_instance.foo
    tags.%:   "0" => "1"
    tags.foo: "" => "bar"

Plan: 0 to add, 1 to change, 0 to destroy.
```

After this patch, we see the following:

```
% terraform apply                                                                                                                                                                                       ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
aws_instance.foo: Creating...
  ami:                          "" => "ami-0fa3c42c"
  associate_public_ip_address:  "" => "<computed>"
  availability_zone:            "" => "<computed>"
  ebs_block_device.#:           "" => "<computed>"
  ephemeral_block_device.#:     "" => "<computed>"
  instance_state:               "" => "<computed>"
  instance_type:                "" => "m1.small"
  ipv6_address_count:           "" => "<computed>"
  ipv6_addresses.#:             "" => "<computed>"
  key_name:                     "" => "<computed>"
  network_interface.#:          "" => "<computed>"
  network_interface_id:         "" => "<computed>"
  placement_group:              "" => "<computed>"
  primary_network_interface_id: "" => "<computed>"
  private_dns:                  "" => "<computed>"
  private_ip:                   "" => "<computed>"
  public_dns:                   "" => "<computed>"
  public_ip:                    "" => "<computed>"
  root_block_device.#:          "" => "<computed>"
  security_groups.#:            "" => "<computed>"
  source_dest_check:            "" => "true"
  subnet_id:                    "" => "<computed>"
  tags.%:                       "" => "1"
  tags.foo:                     "" => "bar"
  tenancy:                      "" => "<computed>"
  volume_tags.%:                "" => "<computed>"
  vpc_security_group_ids.#:     "" => "<computed>"
aws_instance.foo: Creation complete (ID: i-04cd122e28f167a14)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

% terraform plan                                                                                                                                                                                        ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_instance.foo: Refreshing state... (ID: i-04cd122e28f167a14)
No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
2017-05-18 17:28:37 +03:00
Vladislav Rassokhin 5e8306d02a Ensure schemas of `default_cache_behavior` and `cache_behavior` are same except `path_pattern` (#12628) 2017-05-18 16:42:04 +03:00
Radek Simko cf67a689db provider/aws: Randomize CloudFormation acceptance tests (#14623) 2017-05-18 15:39:51 +02:00
Paul Stack 4bb16ad7f8 provider/aws: Fix the aws_codebuild_project acceptance tests (#14626) 2017-05-18 16:19:56 +03:00
Radek Simko 506eaaa247 provider/aws: Raise timeout for attaching/detaching VPN GW (#14624) 2017-05-18 15:02:34 +02:00
Jake Champlin 9e4b62556a Merge pull request #14571 from hashicorp/b-handle-limit-exceeded
provider/aws: Handle LimitExceededException for subscriber limits
2017-05-18 08:34:30 -04:00
Radek Simko 02cacceee4 provider/aws: Fix RDS DB snapshot data source acc test (#14610) 2017-05-18 13:52:33 +02:00
Techbrunch 71e5602d79 Fixes #14620 Handle migration of data when restoring db cluster from snapshot (#14622)
Add `preparing-data-migration` to the list of pending statuses when creating a cluster from a snapshot using a different engine.
2017-05-18 14:23:55 +03:00
Radek Simko f77ccc0520 provider/aws: Randomize SNS topic names in acceptance tests (#14618) 2017-05-18 11:45:19 +02:00
Radek Simko 1b532b519f provider/aws: Increase timeout for retrying creation of IAM server cert (#14609) 2017-05-18 11:43:50 +02:00
Clint 2a36e75b9e provider/aws: Tag VPCs created in our tests to help track down leaks (#14596) 2017-05-17 16:26:40 -05:00
Jake Champlin d05fc51aa0
provider/aws: Handle LimitExceededException for subscriber limits
- Updates aws-sdk-go/request for retryer fix
 - Fixes dynamoDB exception handling to catch subscriber limit error

When the `aws-sdk-go` dep releases the next release, we can tag the vendor with the new
release version, and merge this. Until then, soft-updated the vendor solely for the `request` package to post fix.

DynamoDB Fix:
```
aws_dynamodb_table.bar: Creating...
  arn:                       "" => "<computed>"
  attribute.#:               "" => "1"
  attribute.4228504427.name: "" => "id"
  attribute.4228504427.type: "" => "S"
  hash_key:                  "" => "id"
  name:                      "" => "over-cap-test"
  read_capacity:             "" => "5"
  stream_arn:                "" => "<computed>"
  stream_enabled:            "" => "<computed>"
  stream_view_type:          "" => "<computed>"
  write_capacity:            "" => "5"
Error applying plan:

1 error(s) occurred:

* aws_dynamodb_table.bar: 1 error(s) occurred:

* aws_dynamodb_table.bar: AWS Error creating DynamoDB table: LimitExceededException: Subscriber limit exceeded: There is a limit of 256 tables per subscriber
        status code: 400, request id: J2MC7MR060VKBPHP9P6JG5B6Q3VV4KQNSO5AEMVJF66Q9ASUAAJG
```
2017-05-17 08:59:47 -04:00
Jake Champlin da2659b8e9 Merge pull request #11710 from ewbankkit/aws_default_vpc-resource
resource/aws: Add 'aws_default_vpc' resource
2017-05-17 08:37:14 -04:00
Jake Champlin a53c8825a8 Merge pull request #14463 from ewbankkit/issue-5653
Nothing to update in cloudformation should not result in errors
2017-05-17 08:08:11 -04:00
Kit Ewbank 2ed7297fa3 Add 'aws_default_vpc' resource. 2017-05-16 20:15:40 -04:00
Paul Stack 8b7f17c039 provider/aws: Change of aws_subnet ipv6 causing update failure (#14545)
Fixes: #14530

When we found an update of IPv6 cidr block, we first tried to
disassociate the old cidr block association. This caused errors if there
was none, it threw an error, as we passed an empty associationId:

```
* aws_subnet.public_subnet.0: InvalidSubnetCidrBlockAssociationId.Malformed: The subnet CIDR block with association ID  is malformed
    status code: 400, request id: f438f468-9ca4-4000-ba78-63a0f25d390a
* aws_subnet.public_subnet[1]: 1 error(s) occurred:
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSubnet_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/16 18:28:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m
=== RUN   TestAccAWSSubnet_importBasic
--- PASS: TestAccAWSSubnet_importBasic (55.40s)
=== RUN   TestAccAWSSubnet_basic
--- PASS: TestAccAWSSubnet_basic (53.62s)
=== RUN   TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (125.87s)
=== RUN   TestAccAWSSubnet_enableIpv6
--- PASS: TestAccAWSSubnet_enableIpv6 (88.88s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	323.787s
```
2017-05-16 23:06:28 +03:00
Paul Stack f351de9758 provider/aws: Set aws_subnet ipv6_cidr_block to computed (#14542)
Fixes: #14361

An IPv6 CIDR block is option and can be added *after* a subnet has been
created. Therefore, we should set it to `Computed: true`

Otherwise, a manually created IPv6 association will be removed on the
next terraform run
2017-05-16 17:34:16 +03:00
Jake Champlin b9e188c5e0 Merge pull request #14528 from ewbankkit/issue-14527
Create rule(s) for prefix-list-only AWS security group ingress/egress permissions on 'terraform import'
2017-05-16 08:38:22 -04:00
Christopher Elkins e1c4194dea Propagate AWS CodePipeline action roles (#14263)
* Propagate AWS CodePipeline action roles

* Add acceptance test for AWS CodePipeline action roles

* Isolate AWS CodePipeline service role acceptance test
2017-05-16 11:55:42 +03:00
Kit Ewbank 36888278b5 Add 'aws_default_vpc_dhcp_options' resource. (#14475) 2017-05-16 11:44:23 +03:00
Kit Ewbank 534dca00b2 Add 'aws_default_subnet' resource. (#14476) 2017-05-16 11:40:56 +03:00
Sergiusz Urbaniak 399830f1b7 providers/aws: add tags for resource_aws_autoscaling_group (#13574)
The existing "tag" field on autoscaling groups is very limited in that it
cannot be used in conjunction with interpolation preventing from adding
dynamic tag entries.

Other AWS resources don't have this restriction on tags because they work
directly on the map type.

AWS autoscaling groups on the other hand have an additional field
"propagate_at_launch" which is not usable with a pure map type.

This fixes it by introducing an additional field called "tags" which
allows specifying a list of maps. This preserves the possibility to
declare tags as with the "tag" field but additionally allows to
construct lists of maps using interpolation syntax.
2017-05-16 10:39:41 +02:00
Radek Simko ba7f1aec1e provider/aws: Avoid IP space overlap in EIP acc test (#14519) 2017-05-16 07:06:53 +02:00
Radek Simko 30ea3aee12 provider/aws: Only catch 'terminated' if we're not terminating instance (#14517) 2017-05-16 07:04:56 +02:00
Kit Ewbank f81dfbcf8b Create rule(s) for prefix-list-only AWS security group ingress/egress permissions on 'terraform import'. 2017-05-15 19:21:28 -04:00
Paul Stack 0a645294a0 provider/aws: ForceNew aws_launch_config when root_block_device changes (#14507)
Fixes: #14503

Changes to root_block_device were not picked up as we had a hash func to
return 0. We changed from set -> list as we only allow 1 value and
immediately we can get changes propagating

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLaunchConfiguration_updateRootBlockDevice'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 19:27:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLaunchConfiguration_updateRootBlockDevice -timeout 120m
=== RUN   TestAccAWSLaunchConfiguration_updateRootBlockDevice
--- PASS: TestAccAWSLaunchConfiguration_updateRootBlockDevice (51.12s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	51.140s
```
2017-05-15 20:18:40 +03:00
Paul Stack 2276e981ee provider/aws: Add new aws_db_snapshot data source (#10291)
* provider/aws: Add ability to create AWS DB Snapshots

* provider/aws: Add AWS DB Snapshot resource acceptance tests

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSnapshot_
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/22 18:24:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBSnapshot_ -timeout 120m
=== RUN   TestAccAWSDBSnapshot_basic
--- PASS: TestAccAWSDBSnapshot_basic (892.75s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	892.773s
```

* provider/aws: Add new aws_db_snapshot data source

* docs/aws: Add documentation for aws_db_snapshot resource

* provider/aws: Add datasource for aws_db_snapshot acceptance tests

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSDbSnapshotDataSource_'     2 ↵ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/22 18:55:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDbSnapshotDataSource_ -timeout 120m
=== RUN   TestAccAWSDbSnapshotDataSource_basic
--- PASS: TestAccAWSDbSnapshotDataSource_basic (966.68s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws966.699s
```

* docs/aws: Adding documentation for aws_db_snapshot datasource
2017-05-15 20:17:26 +03:00
clint shryock 6d0786cccb provider/aws: Improve Checkdestroy to not fail if the ami is not found (it's deleted afterall) and improve tagging 2017-05-15 10:24:43 -05:00
Paul Stack d5bb844684 provider/aws: Allow Internet Gateway IPv6 routes (#14484)
Fixes: #14006
Fixes: #14464

IPv6 wasn't supported for adding routes to the internet gateway.
Resulted in a message as follows:

```
Error creating route: MissingParameter: The request must contain the parameter destinationCidrBlock or destinationIpv6CidrBlock
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 11:50:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute_ -timeout 120m
=== RUN   TestAccAWSRoute_basic
--- PASS: TestAccAWSRoute_basic (67.27s)
=== RUN   TestAccAWSRoute_ipv6Support
--- PASS: TestAccAWSRoute_ipv6Support (59.35s)
=== RUN   TestAccAWSRoute_ipv6ToInternetGateway
--- PASS: TestAccAWSRoute_ipv6ToInternetGateway (67.39s)
=== RUN   TestAccAWSRoute_changeCidr
--- PASS: TestAccAWSRoute_changeCidr (103.68s)
=== RUN   TestAccAWSRoute_noopdiff
--- PASS: TestAccAWSRoute_noopdiff (194.32s)
=== RUN   TestAccAWSRoute_doesNotCrashWithVPCEndpoint
--- PASS: TestAccAWSRoute_doesNotCrashWithVPCEndpoint (71.36s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	563.397s
```
2017-05-15 15:48:38 +03:00
Paul Stack 59955a7523 provider/aws: Override spot_instance_requests volume_tags schema (#14481)
The acceptance tests for spot_instance_requests were showing falures as
follows:

```
------- Stdout: -------
=== RUN   TestAccAWSSpotInstanceRequest_basic
--- FAIL: TestAccAWSSpotInstanceRequest_basic (100.40s)
    testing.go:280: Step 0 error: After applying this step, the plan was not empty:

        DIFF:

        UPDATE: aws_spot_instance_request.foo
          volume_tags.%: "" => "<computed>"
```

This was because we were setting volume_tags as computed and thus the
diff. We needed to override the schema to make sure that it was not
being computed - it's only aws_instance that needs computed tags because
of EBS volumes

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotInstanceRequest_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/15 10:41:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotInstanceRequest_ -timeout 120m
=== RUN   TestAccAWSSpotInstanceRequest_basic
--- PASS: TestAccAWSSpotInstanceRequest_basic (86.93s)
=== RUN   TestAccAWSSpotInstanceRequest_withBlockDuration
--- PASS: TestAccAWSSpotInstanceRequest_withBlockDuration (97.47s)
=== RUN   TestAccAWSSpotInstanceRequest_vpc
--- PASS: TestAccAWSSpotInstanceRequest_vpc (234.56s)
=== RUN   TestAccAWSSpotInstanceRequest_SubnetAndSG
--- PASS: TestAccAWSSpotInstanceRequest_SubnetAndSG (146.16s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	565.131s
```
2017-05-15 11:55:56 +03:00
Radek Simko 2964f7bc78 provider/aws: Show state reason when EC2 instance fails to launch (#14479) 2017-05-15 10:31:12 +02:00
Radek Simko 9c2a3d6248 provider/aws: Show last scaling activity when ASG creation/update fails (#14480) 2017-05-15 10:30:10 +02:00
Kit Ewbank f7b8fe82bc Nothing to update in cloudformation should not result in errors. 2017-05-13 17:08:08 -04:00
Yusuke Goto 3b14fc90d9 provider/aws: AWS WAF Regional IPSet + ByteMatchSet support (#13705)
* provider/aws: AWS WAF Regional ByteMatchSet support

* providor/aws: AWS WAF Regional IPSet support

* fix typo

* Nested ByteMatchTuples of WAF Regional support

* fix name byte_match_tuple singular WAF Regional

* update wafregional_byte_match_set doc

* fix wafregional ipset to look descriptor

* Add wafregional_byte_match_set test

* fix wafregional_ipset_descriptor to be singular

* fix newWafRegionalRetryer to receive region

* fix updateSetWR argument

* fix wafregional_ipset_descriptor doc

* Separate out logic into flatteners

* Fix failing test
2017-05-13 22:01:27 +02:00
Andres Koetsier 3266da055a Do not fail on non-existent pipeline (#14431) 2017-05-12 16:14:07 +03:00
Bryan Burgers 7fac1ab1f6 provider/aws: Allow IPv6/IPv4 addresses to coexist
Fix an issue when trying to get a public IPv4 address and a public IPv6
address that results in the following error:

    Error launching source instance: InvalidParameterCombination:
    Network interfaces and an instance-level IPv6 address count may not
    be specified on the same request

To fix, in situations where we want a IPv6 addresses AND we need to
manually specify network interfaces on the instance, create the IPv6
addresses on the network interface that we're creating rather than on
the instance itself.

Fixes #13250
2017-05-12 07:00:55 -05:00
Radek Simko 68aebee1e5 provider/aws: Fix Content-Encoding for S3 object acc test (#14400) 2017-05-11 18:35:50 +02:00
Radek Simko d00d0bdfe9 provider/aws: Increase timeout for (dis)associating IPv6 addr to a subnet (#14401) 2017-05-11 18:33:56 +02:00
Radek Simko 145fa084f9 provider/aws: Randomize key pair name for EC2 instance test (#14389) 2017-05-11 14:06:06 +02:00
stack72 dc00c6bc09
provider/aws: Add AWS devicefarm docs to AWS navbar 2017-05-11 14:53:49 +03:00
stack72 4942c4d44d
Merge branch 'feat/device-farm-integration' of https://github.com/DanielMSchmidt/terraform into DanielMSchmidt-feat/device-farm-integration 2017-05-11 14:39:30 +03:00
Andy Chan dc2835d84f Using the timeout schema helper to make alb timeout cofigurable 2017-05-11 14:05:01 +03:00
Radek Simko 1b2055dfa5 provider/aws: Increase timeout for creating security group (#14380) 2017-05-11 13:04:53 +02:00
Andy Chan cb1b2acc97 Using timeout schema helper for RDS cluster resource lifecycle mgmt 2017-05-11 14:01:44 +03:00
Andy Chan 4c8b382936 Using the new time schema helper for RDS Instance lifecycle management (https://github.com/hashicorp/terraform/pull/12311) 2017-05-11 14:01:44 +03:00
Radek Simko e773e59aaf provider/aws: Increase EIP update timeout (#14381) 2017-05-11 12:51:48 +02:00
Radek Simko a846b1b3b0 provider/aws: Fix test config for SES Receipt Rule (#14383) 2017-05-11 12:51:26 +02:00
Jake Champlin 570651bb06 Merge pull request #14299 from hashicorp/f-sg-add-issue-3205
provider/aws: Fix SG update on instance with multiple network interfaces
2017-05-10 20:14:06 -04:00
Evan Phoenix f1a8b2888b Merge pull request #14334 from hashicorp/f-govcloud-s3-tags
Don't error out getting s3 object tags in govcloud
2017-05-10 14:45:13 -07:00
Paddy 51b1c7b084 Merge pull request #14089 from hashicorp/b-aws-waf-rule
provider/aws: Allow updating predicates in WAF Rule + no predicates
2017-05-10 13:58:17 -07:00
Clint 24e00af217 provider/aws: Force lowercasing for DB Option group name or name_prefix (#14366) 2017-05-10 15:42:10 -05:00
Evan Phoenix 3c68a992c6 Be explicit about when tags are supported on S3 2017-05-10 11:13:03 -07:00
stack72 db432ad765 provider/aws: Adding IPv6 address to instance causes perpetual diff
Fixes: #14032

When you are using an IPv6 address directly to an instance, it was
causing the ipv6_address_count to try and ForceNew resource. It wasn't
marked as computed

I was able to see this here:

```
-/+ aws_instance.test
    ami:                          "ami-c5eabbf5" => "ami-c5eabbf5"
    associate_public_ip_address:  "false" => "<computed>"
    availability_zone:            "us-west-2a" => "<computed>"
    ebs_block_device.#:           "0" => "<computed>"
    ephemeral_block_device.#:     "0" => "<computed>"
    instance_state:               "running" => "<computed>"
    instance_type:                "t2.micro" => "t2.micro"
    ipv6_address_count:           "1" => "0" (forces new resource)
    ipv6_addresses.#:             "1" => "1"
    ipv6_addresses.0:             "2600:1f14:bb2:e501::10" => "2600:1f14:bb2:e501::10"
    key_name:                     "" => "<computed>"
    network_interface.#:          "0" => "<computed>"
    network_interface_id:         "eni-d19115ec" => "<computed>"
    placement_group:              "" => "<computed>"
    primary_network_interface_id: "eni-d19115ec" => "<computed>"
    private_dns:                  "ip-10-20-1-252.us-west-2.compute.internal" => "<computed>"
    private_ip:                   "10.20.1.252" => "<computed>"
    public_dns:                   "" => "<computed>"
    public_ip:                    "" => "<computed>"
    root_block_device.#:          "1" => "<computed>"
    security_groups.#:            "0" => "<computed>"
    source_dest_check:            "true" => "true"
    subnet_id:                    "subnet-3fdfb476" => "subnet-3fdfb476"
    tags.%:                       "1" => "1"
    tags.Name:                    "stack72" => "stack72"
    tenancy:                      "default" => "<computed>"
    volume_tags.%:                "0" => "<computed>"
    vpc_security_group_ids.#:     "1" => "<computed>"
```

It now works as expected:

```
% terraform plan                                                                                 ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_vpc.foo: Refreshing state... (ID: vpc-fa61669d)
aws_subnet.foo: Refreshing state... (ID: subnet-3fdfb476)
aws_internet_gateway.foo: Refreshing state... (ID: igw-70629a17)
aws_route_table.test: Refreshing state... (ID: rtb-0a52e16c)
aws_instance.test: Refreshing state... (ID: i-0971755345296aca5)
aws_route_table_association.a: Refreshing state... (ID: rtbassoc-b12493c8)
No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
2017-05-10 18:39:20 +03:00
Radek Simko 6b4643fbdc provider/aws: Increase timeouts for Route Table retries (#14345) 2017-05-10 14:41:49 +02:00
Evan Phoenix 1ff7fe5ebe Use properly described error 2017-05-09 15:41:12 -07:00
Evan Phoenix 2171e2118f Don't error out getting s3 object tags in govcloud 2017-05-09 15:39:58 -07:00
stack72 930a41b7c0 provider/aws: Slight design change to aws_elasticache_replication_group
We should error check up front on the use of num_cache_nodes and
cluster_mode. This allows us to write a test to make sure all works as
expected

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 19:04:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError -timeout 120m
=== RUN   TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError
--- PASS: TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError (40.58s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	40.603s
```
2017-05-09 20:37:28 +03:00
Derrick Petzold 55a4ce2838 Feature request: Support for ElastiCache Redis cluster mode #9419
Added support for provisioning a native redis cluster elasticache replication group.
A new TypeSet attribute `cluster_mode` has been added. It requires the following
fields:

  - `replicas_per_node_group` - The number of replica nodes in each node group
  - `num_node_groups` - The number of node groups for this Redis replication group

Notes:

  - `automatic_failover_enabled` must be set to true.
  - `number_cache_clusters` is now a optional and computed field. If `cluster_mode` is set
    its value will be computed as:
 	  ```num_node_groups + num_node_groups * replicas_per_node_group```

Below is a sample config:

  resource "aws_elasticache_replication_group" "bar" {
      replication_group_id = "tf-redis-cluser"
      replication_group_description = "test description"
      node_type = "cache.t2.micro"
      port = 6379
      parameter_group_name = "default.redis3.2.cluster.on"
      automatic_failover_enabled = true
      cluster_mode {
          replicas_per_node_group = 1
          num_node_groups = 2
      }
  }
2017-05-09 20:37:28 +03:00
Paul Stack 67bbad1cf0 provider/aws: Update the ignoring of AWS specific tags (#14321)
We were too greedy with the AWS specific tags ignore function - we
basically were ignoring anything starting with `aws` rather than just
using `aws:`

Fixes: #14308
Fixes: #14247
2017-05-09 20:19:33 +03:00
Jake Champlin 770b861508 Merge pull request #14304 from paybyphone/zero-value-aws-lb-names
Allows zero-value ELB and ALB names
2017-05-09 13:16:41 -04:00
Jake Champlin 4677aca349 Merge pull request #14319 from hashicorp/f-update-partition-check
provider/aws: Use helper methods for checking partition
2017-05-09 12:30:07 -04:00
Jake Champlin 67ea7a3a08
reverse if statement 2017-05-09 12:19:50 -04:00
Jake Champlin 19e29c2944
provider/aws: Use helper methods for checking partition 2017-05-09 12:17:27 -04:00
Clint 88c2e29f91 provider/aws: Consolidate IAM Account Alias tests (#14316)
* provider/aws: combine aws alias tests

* tweaks

* fix up

* uncomment
2017-05-09 11:12:07 -05:00
Jake Champlin 7b05d7f050 Merge pull request #12414 from jmcarp/govcloud-cloudwatchlogs-tags
Skip tag operations on cloudwatch logs in govcloud partition.
2017-05-09 12:10:09 -04:00
Paul Stack 9dd4e5bcb0 provider/aws: Add support for targets to aws_ssm_association (#14246)
* provider/aws: Add support for targets to aws_ssm_association

Fixes: #13975

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/05 20:32:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSSMAssociation_ -timeout 120m
=== RUN   TestAccAWSSSMAssociation_basic
--- PASS: TestAccAWSSSMAssociation_basic (139.13s)
=== RUN   TestAccAWSSSMAssociation_withTargets
--- PASS: TestAccAWSSSMAssociation_withTargets (33.19s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	172.343s
```

* Update ssm_association.html.markdown
2017-05-09 17:48:57 +03:00
stack72 d637885dc3
provider/aws: Removal of Optional from aws_ses_domain_identity arn param
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsSESDomainIdentity_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 13:05:15 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsSESDomainIdentity_ -timeout 120m
=== RUN   TestAccAwsSESDomainIdentity_basic
--- PASS: TestAccAwsSESDomainIdentity_basic (23.53s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	23.545s
```
2017-05-09 13:06:11 +03:00
stack72 880071ded5
Merge branch 'ses-arn' of https://github.com/joshuaspence/terraform into joshuaspence-ses-arn 2017-05-09 13:04:27 +03:00
Daniel Schmidt 6a7e81d8ae provider/aws: add devicefarm project resource 2017-05-09 09:48:44 +02:00
Daniel Schmidt 995121f9ce provider/aws: add devicefarm configuration 2017-05-09 09:48:08 +02:00
Joshua Spence f488e385f2 Add `arn` attribute to `aws_ses_domain_identity` resource 2017-05-09 17:14:51 +10:00
Graham Davison 7ad0cdd8b0 Allows zero-value ELB and ALB names 2017-05-08 23:06:59 -07:00
Jake Champlin 0d6891d505
provider/aws: Fix attach of SG to instance with multiple network interfaces
With an EC2 instance that only had a single network interface, the primary interface, the Update function would call `ModifyInstanceAttribute()` on the target instance. This would only work if there was a single network interface attached to the EC2 instance. If, however, a secondary network interface was attached to the instance, the `ModifyInstanceAttribute()` API call would fail with the following error message:

 > There are multiple interfaces attached to instance 'i-XXXXX'. Please specify an interface ID for the operation instead.

 After this changeset, modifying instance security groups now makes the correct call to `ModifyNetworkInterfaceAttribute()` in order to modify the list of security groups on the primary network interface, as initially configured during the instances creation.

 This change is also safe from an instance that has a non-default primary network interface, as the instance attribute `vpc_security_group_ids` conflicts with the new `network_interface` attribute.

 Test Output:

 ```
 $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_addSecurityGroupNetworkInterface"
 ==> Checking that code complies with gofmt requirements...
 go generate $(go list ./... | grep -v /terraform/vendor/)
 2017/05/08 17:52:42 Generated command/internal_plugin_list.go
 TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_addSecurityGroupNetworkInterface -timeout 120m
 === RUN   TestAccAWSInstance_addSecurityGroupNetworkInterface
 --- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (327.75s)
 PASS
 ok      github.com/hashicorp/terraform/builtin/providers/aws    327.756s
```
2017-05-08 18:30:22 -04:00
clint shryock 8b252d19ab provider/aws: Update TestAccAWSCloudWatchEventTarget_ssmDocument / TestAccAWSCloudWatchEventTarget_full tests to avoid name collisions 2017-05-08 16:22:58 -05:00
Paul Stack 221a88610b provider/aws: Add support for importing Kinesis Streams (#14278)
Fixes: #14260

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKinesisStream_import'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/08 10:32:47 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKinesisStream_import -timeout 120m
=== RUN   TestAccAWSKinesisStream_importBasic
--- PASS: TestAccAWSKinesisStream_importBasic (101.93s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	101.978s
```
2017-05-08 14:11:23 +03:00
Paul Stack 03e4e00673 provider/aws: Refresh ssm document from state on 404 (#14279)
* provider/aws: Refresh ssm document from state on 404

Originally reported in #13976

When an SSM Document was deleted outside of Terraform, a terraform
refresh would return the following:

```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_ssm_document.foo: Refreshing state... (ID: test_document-stack72)
Error refreshing state: 1 error(s) occurred:

* aws_ssm_document.foo: aws_ssm_document.foo: [ERROR] Error describing SSM document: InvalidDocument:
	status code: 400, request id: 70c9bed1-33bb-11e7-99aa-697e9b0914e9

```

On applying this patch, it now looks as follows:

```
% terraform plan
  [WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
    If you did not expect to see this message you will need to remove the old plugin.
    See https://www.terraform.io/docs/internals/internal-plugins.html
  Refreshing Terraform state in-memory prior to plan...
  The refreshed state will be used to calculate this plan, but will not be
  persisted to local or remote state storage.

  aws_ssm_document.foo: Refreshing state... (ID: test_document-stack72)
  The Terraform execution plan has been generated and is shown below.
  Resources are shown in alphabetical order for quick scanning. Green resources
  will be created (or destroyed and then created if an existing resource
  exists), yellow resources are being changed in-place, and red resources
  will be destroyed. Cyan entries are data sources to be read.

  Note: You didn't specify an "-out" parameter to save this plan, so when
  "apply" is called, Terraform can't guarantee this is what will execute.

  + aws_ssm_document.foo
      arn:              "<computed>"
      content:          "    {\n      \"schemaVersion\": \"1.2\",\n      \"description\": \"Check ip configuration of a Linux instance.\",\n      \"parameters\": {\n\n      },\n      \"runtimeConfig\": {\n        \"aws:runShellScript\": {\n          \"properties\": [\n            {\n              \"id\": \"0.aws:runShellScript\",\n              \"runCommand\": [\"ifconfig\"]\n            }\n          ]\n        }\n      }\n    }\n"
      created_date:     "<computed>"
      default_version:  "<computed>"
      description:      "<computed>"
      document_type:    "Command"
      hash:             "<computed>"
      hash_type:        "<computed>"
      latest_version:   "<computed>"
      name:             "test_document-stack72"
      owner:            "<computed>"
      parameter.#:      "<computed>"
      platform_types.#: "<computed>"
      schema_version:   "<computed>"
      status:           "<computed>"

  Plan: 1 to add, 0 to change, 0 to destroy.
```

* Update resource_aws_ssm_document.go
2017-05-08 13:50:16 +03:00
Radek Simko b3eefecc05 provider/aws: Retry deletion of AWSConfig Rule on ResourceInUseException (#14269) 2017-05-08 11:15:12 +02:00
Russ Van Bert e88ca0b744 Grammar correction in alarm description (#14276) 2017-05-08 09:35:59 +03:00
Jake Champlin 00de514749 Merge pull request #14256 from alexwlchan/fix-error-message
Improve the wording of an error message
2017-05-05 17:15:09 -04:00
Alex Chan 8b22a85736
Improve the wording of an error message 2017-05-05 22:00:42 +01:00
Jake Champlin 88c6e95e4f Merge pull request #14245 from hashicorp/f-add-arn-security-group-data-source
provider/aws: Add ARN to security group data source
2017-05-05 15:12:34 -04:00
Jake Champlin ed403882e2
provider/aws: Add ARN to security group data source
Adds computed `arn` to security group data source

```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccDataSourceAwsSecurityGroup"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/05 10:17:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccDataSourceAwsSecurityGroup -timeout 120m
=== RUN   TestAccDataSourceAwsSecurityGroup
--- PASS: TestAccDataSourceAwsSecurityGroup (56.72s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    56.725s
```
2017-05-05 10:25:52 -04:00