Commit Graph

1067 Commits

Author SHA1 Message Date
John Engelman 052ff83670 Handle public zones correctly. Check for associate when reading. 2015-05-14 16:03:51 -05:00
John Engelman 8e62a14f29 verify VPC association on private zone 2015-05-14 16:03:50 -05:00
John Engelman a51bc6007d DelegationSet is not support in private zones. 2015-05-14 16:03:50 -05:00
John Engelman bf97d6a80f AWS/Route53Zone - create private hosted zone associated with VPC. 2015-05-14 16:03:50 -05:00
Paul Hinze e47987651e Merge pull request #1970 from hashicorp/f-asg-wait-for-elb-inservice
provider/aws: ASGs can wait for ELB InService
2015-05-14 15:09:45 -05:00
Paul Hinze b56a42627f provider/aws: ASGs can wait for ELB InService
This enhances the waiting strategy introduced in #1839 to wait for each
ASG instance to become InService in attached ELBs before continuing.
2015-05-14 15:03:53 -05:00
Clint 0b548a4a99 Merge pull request #1965 from hashicorp/f-export-cache-cluster-endpoints
provider/aws: export elasticache nodes
2015-05-14 14:05:33 -05:00
Clint Shryock d81e63cc3c provider/aws: ElastiCache test updates
- rename test to have _basic suffix, so we can run it individually
- use us-east-1 for basic test, since that's probably the only region that has
  Classic
- update the indexing of nodes; cache nodes are 4 digits
2015-05-14 13:57:01 -05:00
Clint Shryock 10fc184c97 add tags helper library for ElastiCache 2015-05-14 12:32:40 -05:00
Mitchell Hashimoto 32f6eb77f3 Merge pull request #1960 from hashicorp/b-lc-ami
provider/aws: bad AMI won't block LC refresh [GH-1901]
2015-05-14 09:58:58 -07:00
Clint Shryock 2809280e98 cleanup 2015-05-14 11:51:08 -05:00
Clint Shryock d8f3783d09 provider/aws: Add tag support to ElastiCache 2015-05-14 11:44:24 -05:00
Clint Shryock aad0808cc5 make parameter group optional 2015-05-14 11:12:07 -05:00
Clint Shryock a552db0c8c provider/aws: ElastiCache enhancements
- request cache node info
- read after create, to populate nodes
2015-05-14 11:10:21 -05:00
Paul Hinze 7d9ee79660 provider/aws: add license_model to db_instance 2015-05-14 09:57:51 -05:00
Paul Hinze 6f3ce6bf3c WIP export cache nodes
Needs to wait for len(cluster.CacheNodes) == cluster.NumCacheNodes, since
apparently that takes a bit of time and the initial response always has
an empty collection of nodes
2015-05-14 09:16:39 -05:00
Mitchell Hashimoto e7c6cb22c5 provider/aws: bad AMI won't block LC refresh [GH-1901] 2015-05-13 20:28:36 -07:00
Clint Shryock 898fa91595 network acl cleanups 2015-05-12 22:23:55 -05:00
Clint Shryock f7b6b6b2b5 Strip 'sdk' suffix from methods; it's a remnant 2015-05-12 14:58:10 -05:00
Clint Shryock 0dda704cbf provider/aws: Support multiple subnets in Network ACL 2015-05-12 13:50:28 -05:00
Justin Campbell b8cd6b2bae providers/aws: Add support for S3 website redirect 2015-05-12 11:24:08 -04:00
Radek Simko 931d05198c Merge pull request #1886 from TimeIncOSS/subnet-timeout-fix
Increase subnet & security group deletion timeout (2 -> 5 mins)
2015-05-12 07:02:28 +01:00
Mitchell Hashimoto e1627883b2 Merge pull request #1907 from PeopleNet/rds-update
provider/aws: Closes #1906. Only submit modification requests if there is a change
2015-05-11 16:38:02 -07:00
John Engelman 1798df8e03 Closes #1906. Only submit modification requests if there is a change 2015-05-11 11:49:43 -05:00
John Engelman 04214c8c1a Closes #1908. Parse AccountId from User ARN for RDS tags 2015-05-11 10:32:06 -05:00
Radek Simko 754bcd8307 Increase subnet & security group deletion timeout (2 -> 5 mins)
- this should prevent DependencyViolation errors while waiting for larger ASGs to shut down
2015-05-09 22:18:04 +01:00
Clint Shryock eaf96d9d6f provider/aws: Document AWS ElastiCache cluster
- ElastiCache subnet group name is computed
2015-05-08 14:33:41 -05:00
Radek Simko ce8351ddef provider/aws: Add FQDN as output to route53_record 2015-05-08 20:19:40 +01:00
Justin Campbell 870b48b1c0 Merge pull request #1865 from justincampbell/s3-region-zone
providers/aws: Add hosted_zone_id and region to attributes
2015-05-08 14:49:12 -04:00
Paul Hinze a28267b886 provider/aws: SG description should be ForceNew
Description cannot be handled in Update (there is no ModifySecurityGroup
API call), so we have to recreate to change the description.

Closes #1870
2015-05-08 12:16:54 -05:00
Justin Campbell 73651e2c70 providers/aws: Extract normalizeRegion 2015-05-08 10:49:21 -04:00
Justin Campbell 445f92e48a providers/aws: Move HostedZoneIDForRegion into TF 2015-05-08 10:49:20 -04:00
Justin Campbell 64d2b495c3 providers/aws: Add region to S3 attrs 2015-05-08 10:02:16 -04:00
Justin Campbell 839688d477 providers/aws: Add hosted_zone_id to S3 attrs 2015-05-08 10:02:16 -04:00
Justin Campbell d7c9d8702c providers/aws: Extract website endpoint logic 2015-05-08 10:02:16 -04:00
Felix Rodriguez 60c3ca0430 typo 2015-05-07 23:21:47 +01:00
Clint Shryock 44461f49fd update structure test 2015-05-07 17:18:47 -05:00
Clint Shryock 70984526a4 Merge remote-tracking branch 'ctiwald/ct/fix-protocol-problem'
* ctiwald/ct/fix-protocol-problem:
  aws: Document the odd protocol = "-1" behavior in security groups.
  aws: Fixup structure_test to handle new expandIPPerms behavior.
  aws: Add security group acceptance tests for protocol -1 fixes.
  aws: error on expndIPPerms(...) if our ports and protocol conflict.
2015-05-07 17:13:21 -05:00
Clint 4874179e9a Merge pull request #1843 from ctiwald/ct/fix-network-acls
Fix a number of issues in AWS network ACLs
2015-05-07 16:39:10 -05:00
Paul Hinze 1594cb3dbe provider/aws: remove names from LCs in ASG tests
Makes the tests a little more durable if your account happens to end up
with a dangling LC.
2015-05-07 10:14:49 -05:00
Clint Shryock 20ebb38b8f update s3bucket website tests 2015-05-07 10:13:08 -05:00
Clint Shryock fed42fe1b3 update tests so go vet is happy 2015-05-07 10:03:28 -05:00
Paul Hinze e7b101dba4 provider/aws: elasticache_cluster engine_version is computed
fixes the TestAccAWSElasticacheCluster test
2015-05-07 08:47:52 -05:00
Christopher Tiwald 9e8aefcd40 aws: Fix network ACL acceptance tests and add -1 protocol rule. 2015-05-06 23:54:14 -04:00
Christopher Tiwald 5b0d61727e aws: Only store protocol numbers for ingress/egress rules on ACLs.
Users can input a limited number of protocol names (e.g. "tcp") as
inputs to network ACL rules, but the API only supports valid protocol
number:

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Preserve the convenience of protocol names and simultaneously support
numbers by only writing numbers to the state file. Also use numbers
when hashing the rules, to keep everything consistent.
2015-05-06 23:54:12 -04:00
Christopher Tiwald 8056b5f8f7 aws: Force users to use valid network masks on ACL ingress/egress
AWS will accept any overly-specific IP/mask combination, such as
10.1.2.2/24, but will store it by its implied network: 10.1.2.0/24.
This results in hashing errors, because the remote API will return
hashing results out of sync with the local configuration file.

Enforce a stricter API rule than AWS. Force users to use valid masks,
and run a quick calculation on their input to discover their intent.
2015-05-06 23:53:34 -04:00
Christopher Tiwald b888b31e08 aws: Force users to use from_port, to_port = 0 on network ACLs with -1 protocol
AWS doesn't store ports for -1 protocol rules, thus the read from the
API will always come up with a different hash. Force the user to make a
deliberate port choice when enabling -1 protocol rules. All from_port
and to_port's on these rules must be 0.
2015-05-06 23:51:23 -04:00
Christopher Tiwald d14049c8ad aws: Don't try to modify or delete the untouchable network_acl rules.
AWS includes default rules with all network ACL resources which cannot
be modified by the user. Don't attempt to store them locally or change
them remotely if they are already stored -- it'll consistently result
in hashing problems.
2015-05-06 23:03:25 -04:00
Christopher Tiwald 03ee059da3 aws: Write ingress/egress rules into a map so they can be set.
resourceAwsNetworkAclRead swallowed these errors resulting in rules
that never properly updated. Implement an entry-to-maplist function
that'll allow us to write something that Set knows how to read.
2015-05-06 23:03:24 -04:00
Paul Hinze a9678bd252 Merge pull request #1840 from hashicorp/f-aws-asg-handle-scaling-activity-in-progress-errors
provider/aws: handle in progress errs from ASG deletes
2015-05-06 19:39:23 -05:00
Paul Hinze 90907c8be5 Merge pull request #1738 from justincampbell/s3-website
providers/aws: S3 bucket website support
2015-05-06 19:37:29 -05:00
Paul Hinze 03530d1285 provider/aws: handle in progress errs from ASG deletes
If an AutoScalingGroup is in the middle of performing a Scaling
Activity, it cannot be deleted, and yields a ScalingActivityInProgress
error.

Retry the delete for up to 5m so we don't choke on this error. It's
telling us something's in progress, so we'll keep trying until the
scaling activity completed.
2015-05-06 18:54:59 -05:00
Paul Hinze 761523e8f9 Merge pull request #1839 from hashicorp/f-aws-asg-wait-for-capacity
provider/aws: wait for ASG capacity on creation
2015-05-06 18:40:13 -05:00
Paul Hinze 063454e9b8 provider/aws: wait for ASG capacity on creation
On ASG creation, waits for up to 10m for desired_capacity or min_size
healthy nodes to show up in the group before continuing.

With CBD and proper HealthCheck tuning, this allows us guarantee safe
ASG replacement.
2015-05-06 18:34:20 -05:00
Clint c44ba73a2a Merge pull request #1837 from hashicorp/b-fix-aws-sg-vpcid
provider/aws: fix issue with reading VPC id in AWS Security Group
2015-05-06 17:01:20 -05:00
Clint Shryock 8705f0f78f provider/aws: fix issue with reading VPC id in AWS Security Group 2015-05-06 16:54:43 -05:00
Mitchell Hashimoto 4a61d0abc9 provider/aws: do connection draining stuff totally separate 2015-05-06 11:47:06 -07:00
Clint Shryock acbca8101c provider/aws: Update Elasticache Subnet test 2015-05-06 13:44:24 -05:00
Mitchell Hashimoto 5378d904a2 provider/aws: remove debug 2015-05-06 11:43:36 -07:00
Mitchell Hashimoto 74665f27c8 provider/aws: must set connection draining timeout separate frrom
enabled
2015-05-06 11:43:18 -07:00
Mitchell Hashimoto 5d12c79d90 provider/aws: retry VGW connection a bit due to eventual consistency 2015-05-06 11:09:51 -07:00
Mitchell Hashimoto f2ddb53c8f provider/aws: only include network in hash if instance is not set 2015-05-06 10:32:17 -07:00
Mitchell Hashimoto 7311019efe provider/aws: fix incorrect test 2015-05-06 10:20:19 -07:00
Mitchell Hashimoto 4db68cee89 providers/aws: eip network interface is computed 2015-05-06 10:04:38 -07:00
Mitchell Hashimoto 37c56d0084 provider/aws: fix alias test 2015-05-06 09:55:14 -07:00
Clint Shryock 4e717829f8 Merge branch 'master' of github.com:hashicorp/terraform
* 'master' of github.com:hashicorp/terraform:
  provider/aws: detach VPN gateway with proper ID
  update CHANGELOG
  provider/aws: Update ARN in instanceProfileReadResult
  provider/aws: remove placement_group from acctest
  core: module targeting
  Added support for more complexly images repos such as images on a private registry that are stored as namespace/name
2015-05-06 11:45:35 -05:00
Mitchell Hashimoto b184e283b9 provider/aws: detach VPN gateway with proper ID 2015-05-06 09:45:08 -07:00
Clint Shryock cd90648d4e provider/aws: Fix acceptance issue with Network Acls 2015-05-06 11:44:09 -05:00
TANABE Ken-ichi 5be4ecdcdb provider/aws: Update ARN in instanceProfileReadResult 2015-05-07 00:26:57 +09:00
Paul Hinze 010a39a58e provider/aws: remove placement_group from acctest
Depends on there being an existing placement group in the account called
"terraform-placement-group" - we'll need to circle back around to cover
this with AccTests after TF gets an `aws_placement_group` resource.
2015-05-06 10:13:24 -05:00
Clint Shryock 34609c6c22 provider/aws: Change Route 53 record test name, so it can be ran individually 2015-05-06 09:48:15 -05:00
Paul Hinze 66fa633b80 provider/aws: move EBS test into us-west-2 2015-05-06 09:22:34 -05:00
Paul Hinze bcb4067cb3 provider/aws: update test name 2015-05-06 09:20:40 -05:00
Paul Hinze 7303568469 providers/aws: update test name 2015-05-06 09:18:41 -05:00
Paul Hinze b91796368f provider/aws: update test name 2015-05-06 09:18:00 -05:00
Justin Campbell 2745adba56 providers/aws: Test S3 website endpoint attr 2015-05-06 09:41:02 -04:00
Justin Campbell 87e6d3d17f providers/aws: Fix S3 website error doc 2015-05-06 09:41:02 -04:00
Justin Campbell 0b78a71ed5 providers/aws: Test S3 website removal 2015-05-06 09:41:02 -04:00
Justin Campbell eeb65b8d4c providers/aws: Read S3 website config 2015-05-06 09:41:02 -04:00
Paul Hinze 6c6eafa232 provider/aws: removing stray "Ecache" in tests 2015-05-06 08:33:05 -05:00
Justin Campbell 20e531ae0d providers/aws: Check that S3 website sets docs 2015-05-06 08:15:56 -04:00
Justin Campbell be84cf8a8c providers/aws: Add note for us-east-1 empty location 2015-05-06 08:15:56 -04:00
Justin Campbell 348942d3fb providers/aws: Use GetOk instead of Get + cast 2015-05-06 08:15:56 -04:00
Justin Campbell 562bd6541b providers/aws: Use explicit returns in websiteEndpoint 2015-05-06 08:15:56 -04:00
Justin Campbell 30f737c781 providers/aws: Change S3 website to block 2015-05-06 08:15:56 -04:00
Justin Campbell 38e04b3765 providers/aws: Add website_endpoint to S3 output 2015-05-06 08:15:55 -04:00
Justin Campbell b7a9ef5ef6 providers/aws: Add S3 error_document
Also fix when index/error document is empty
2015-05-06 08:15:55 -04:00
Justin Campbell e6d9dcfb1a providers/aws: Initial S3 bucket website support 2015-05-06 08:15:55 -04:00
Mitchell Hashimoto 1a2bac7645 provider/aws: main route table refresh handles VPC being gone [GH-1806] 2015-05-05 18:07:22 -07:00
Clint Shryock 885efa0837 provider/aws: Add Security Group Rule as a top level resource
- document conflict with sg rules and sg in-line rules
- for this to work, ingress rules need to be computed
2015-05-05 16:56:39 -05:00
Clint a4000941c2 Merge pull request #1765 from hashicorp/f-aws-security-group-remove-default-egress
provider/aws: Remove default egress rule from Security Group on creation
2015-05-05 16:47:23 -05:00
Mitchell Hashimoto fb4ac42c65 Merge pull request #1516 from henrikhodne/aws-propagating-vgws
provider/aws: add propagating_vgws to route tables
2015-05-05 14:42:45 -07:00
Clint Shryock eb7c1bb218 fix go formatting 2015-05-05 16:42:08 -05:00
Clint Shryock e9b08cf31f revert the required part 2015-05-05 16:23:26 -05:00
Clint Shryock 1ed81da9a9 update ENI test for SG egress constraint 2015-05-05 16:23:26 -05:00
Clint Shryock 85b1756c27 revise tests and check for vpc_id 2015-05-05 16:23:26 -05:00
Clint Shryock 8ded3c2d1b Move block for deleing default rule into the create method; only invoke once 2015-05-05 16:23:26 -05:00
Clint Shryock ee65684abe Add spec for removing default egress rule 2015-05-05 16:23:26 -05:00
Clint Shryock b145ce88b7 Document Egress+VPC change, update link 2015-05-05 16:23:26 -05:00
Clint Shryock 1558fd1c3e provider/aws: Remove default egress rule from Security Group on creation 2015-05-05 16:23:25 -05:00