* helper/schema: Add custom Timeout block for resources
* refactor DefaultTimeout to suuport multiple types. Load meta in Refresh from Instance State
* update vpc but it probably wont last anyway
* refactor test into table test for more cases
* rename constant keys
* refactor configdecode
* remove VPC demo
* remove comments
* remove more comments
* refactor some
* rename timeKeys to timeoutKeys
* remove note
* documentation/resources: Document the Timeout block
* document timeouts
* have a test case that covers 'hours'
* restore a System default timeout of 20 minutes, instead of 0
* restore system default timeout of 20 minutes, refactor tests, add test method to handle system default
* rename timeout key constants
* test applying timeout to state
* refactor test
* Add resource Diff test
* clarify docs
* update to use constants
Fixes:#11750
Before this change, adding a log_subscription_filter and then deleting
it manually would yield this error on terraform plan/apply:
```
% terraform plan ✹ ✭
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123)
aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name)
aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy)
aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123)
aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs)
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504)
Error refreshing state: 1 error(s) occurred:
* aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Subscription filter for log group example_lambda_name with name prefix test_lambdafunction_logfilter not found!
```
After this patch, we get the following behaviour:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123)
aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name)
aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123)
aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy)
aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs)
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter
destination_arn: "arn:aws:lambda:us-west-2:187416307283:function:example_lambda_name_example123"
filter_pattern: "logtype test"
log_group_name: "example_lambda_name"
name: "test_lambdafunction_logfilter"
role_arn: "<computed>"
Plan: 1 to add, 0 to change, 0 to destroy.
```
Fixes: #12232
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEFSFileSystem_pagedTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEFSFileSystem_pagedTags -timeout 120m
=== RUN TestAccAWSEFSFileSystem_pagedTags
--- PASS: TestAccAWSEFSFileSystem_pagedTags (39.51s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.537s
```
not found
Fixes: #12279
When manually deleting an autoscaling_group from the console, a
terraform plan would look as follows:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: test-0096cf26c7eebdc9fcb5bd1837)
aws_autoscaling_group.foobar: Refreshing state... (ID: test)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
Error refreshing state: 1 error(s) occurred:
* aws_autoscaling_schedule.foobar: aws_autoscaling_schedule.foobar: Error retrieving Autoscaling Scheduled Actions: ValidationError: Group test not found
status code: 400, request id: 093e9ed5-fe01-11e6-b990-1f64334b3a10
```
After this patch:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: test-0096cf26c7eebdc9fcb5bd1837)
aws_autoscaling_group.foobar: Refreshing state... (ID: test)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_autoscaling_group.foobar
arn: "<computed>"
availability_zones.#: "1"
availability_zones.2487133097: "us-west-2a"
default_cooldown: "<computed>"
desired_capacity: "<computed>"
force_delete: "true"
health_check_grace_period: "300"
health_check_type: "ELB"
launch_configuration: "test-0096cf26c7eebdc9fcb5bd1837"
load_balancers.#: "<computed>"
max_size: "1"
metrics_granularity: "1Minute"
min_size: "1"
name: "test"
protect_from_scale_in: "false"
tag.#: "1"
tag.157008572.key: "Foo"
tag.157008572.propagate_at_launch: "true"
tag.157008572.value: "foo-bar"
termination_policies.#: "1"
termination_policies.0: "OldestInstance"
vpc_zone_identifier.#: "<computed>"
wait_for_capacity_timeout: "10m"
+ aws_autoscaling_schedule.foobar
arn: "<computed>"
autoscaling_group_name: "test"
desired_capacity: "0"
end_time: "2017-12-12T06:00:00Z"
max_size: "1"
min_size: "0"
recurrence: "<computed>"
scheduled_action_name: "foobar"
start_time: "2017-12-11T18:00:00Z"
Plan: 2 to add, 0 to change, 0 to destroy.
```
Fixes: #12205
You cannot use an index of an empty slide therefore, we got a panic as follows:
```
aws_ssm_association.foo: Creating...
instance_id: "" => "i-002f3898dc95350e7"
name: "" => "test_document_association-%s"
parameters.%: "" => "2"
parameters.directoryId: "" => "d-926720980b"
parameters.directoryName: "" => "corp.mydomain.com"
Error applying plan:
1 error(s) occurred:
* aws_ssm_association.foo: 1 error(s) occurred:
* aws_ssm_association.foo: unexpected EOF
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
panic: runtime error: index out of range
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws:
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: goroutine 1419 [running]:
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: panic(0x1567480, 0xc42000c110)
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: /usr/local/Cellar/go/1.7.4_1/libexec/src/runtime/panic.go:500 +0x1a1
```
This feature allows sending a notification to either an SQS queue or an
SNS topic when an error occurs running an AWS Lambda function.
This fixes#10630.
* provider/aws: New resource codepipeline
* Vendor aws/codepipeline
* Add tests
* Add docs
* Bump codepipeline to v1.6.25
* Adjustments based on feedback
* Force new resource on ID change
* Improve tests
* Switch update to read
Since we don't require a second pass, only do a read.
* Skip tests if GITHUB_TOKEN is not set
* Added new resource aws_elastic_beanstalk_application_version.
* Changing bucket and key to required.
* Update to use d.Id() directly in DescribeApplicationVersions.
* Checking err to make sure that the application version is successfully deleted.
* Update `version_label` to `Computed: true`.
* provider/aws: Updating to python solution stack
* provider/aws: Beanstalk App Version delete source
The Elastic Beanstalk API call to delete `application_version` resource
should not delete the s3 bundle, as this object is managed by another
Terraform resource
* provider/aws: Update application version docs
* Fix application version test
* Add `version_label` update test
Adds test that fails after rebasing branch onto v0.8.x. `version_label`
changes do not update the `aws_elastic_beanstalk_environment` resource.
* `version_label` changes to update environment
* Prevent unintended delete of `application_version`
Prevents an `application_version` used by multiple environments from
being deleted.
* Add `force_delete` attribute
* Update documentation
Fixes the `TestAccAWSAutoscalingLifecycleHook_omitDefaultResult` acceptance test to run in parallel.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingLifecycleHook_omitDefaultResult'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/15 22:33:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingLifecycleHook_omitDefaultResult -timeout 120m
=== RUN TestAccAWSAutoscalingLifecycleHook_omitDefaultResult
--- PASS: TestAccAWSAutoscalingLifecycleHook_omitDefaultResult (146.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 146.917s
```
This allows for updates to size, type and iops
Fixes: #11931
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_update'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/15 22:35:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_update -timeout 120m
=== RUN TestAccAWSEBSVolume_updateSize
--- PASS: TestAccAWSEBSVolume_updateSize (53.57s)
=== RUN TestAccAWSEBSVolume_updateType
--- PASS: TestAccAWSEBSVolume_updateType (57.53s)
=== RUN TestAccAWSEBSVolume_updateIops
--- PASS: TestAccAWSEBSVolume_updateIops (53.63s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 164.753s
```
This extends the work in #11668 to enable final snapshots by default.
This time it's for redshift
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_withFinalSnapshot'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/04 13:53:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftCluster_withFinalSnapshot -timeout 120m
=== RUN TestAccAWSRedshiftCluster_withFinalSnapshot
--- PASS: TestAccAWSRedshiftCluster_withFinalSnapshot (859.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 859.986s
```
If we get `InvalidParameterException` with the message "Could not deliver test
message to specified" then retry as this is often down to some sort of internal
delay in Amazons API. Also increase the timeout from 30 seconds to 3 minutes as
it has been observed to take that long sometimes for the creation to succeed.
This applies to both log destinations and subscription filters.
We now enable the final_snapshot of aws_rds_cluster by default. This is
a continuation of the work in #11668
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSCluster_takeFinalSnapshot'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/04 13:19:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSCluster_takeFinalSnapshot -timeout 120m
=== RUN TestAccAWSRDSCluster_takeFinalSnapshot
--- PASS: TestAccAWSRDSCluster_takeFinalSnapshot (141.59s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 141.609s
```
Validate the policy supplied via `assume_role_policy` in an `aws_iam_role`
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRole_badJSON'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 14:13:47 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRole_badJSON -timeout 120m
=== RUN TestAccAWSRole_badJSON
--- PASS: TestAccAWSRole_badJSON (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.019s
```
Introduced in #11369, this fixes an issue with the diff suppress function when creating a new `aws_db_instance` resource, while using the default `engine_version`.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_diffSuppressInitialState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 11:52:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBInstance_diffSuppressInitialState -timeout 120m
=== RUN TestAccAWSDBInstance_diffSuppressInitialState
--- PASS: TestAccAWSDBInstance_diffSuppressInitialState (480.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 480.793s
```
A security_group_rule can also be created from a `prefix_list_id`.
Introduced in #11809
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroupRule_PrefixListEgress'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/10 12:41:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroupRule_PrefixListEgress -timeout 120m
=== RUN TestAccAWSSecurityGroupRule_PrefixListEgress
--- PASS: TestAccAWSSecurityGroupRule_PrefixListEgress (33.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 33.970s
```
* provider/aws: output the log group name when create fails
* adjusted formatting to match other error output
* fixup detailed error message for ResourceAlreadyExistsException
* forgot an import
* show the log group name regardless of error type
Previously the AMI creation accepted a static value for the AMI's block device's volume size.
This change allows the user to omit the `volume_size` attribute, in order to mimic the AWS API behavior, which will use the EBS Volume's size.
Also fixes a potential panic case when setting `iops` on the AMI's block device.
The `aws_ami` resource previously didn't have any acceptance tests, adds two acceptance tests and a full testing suite for the `aws_ami` resource, so further tests can be written, as well as expansion upon the other `aws_ami_*` acceptance tests
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 20:18:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_ -timeout 120m
=== RUN TestAccAWSAMI_basic
--- PASS: TestAccAWSAMI_basic (44.21s)
=== RUN TestAccAWSAMI_snapshotSize
--- PASS: TestAccAWSAMI_snapshotSize (45.08s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 89.320s
```
Allows redshift security group tests to better handle being ran in parallel.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:40:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftSecurityGroup_ -timeout 120m
=== RUN TestAccAWSRedshiftSecurityGroup_importBasic
--- PASS: TestAccAWSRedshiftSecurityGroup_importBasic (12.98s)
=== RUN TestAccAWSRedshiftSecurityGroup_ingressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressCidr (11.02s)
=== RUN TestAccAWSRedshiftSecurityGroup_updateIngressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressCidr (32.81s)
=== RUN TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup (14.82s)
=== RUN TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup (37.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 109.090s
```
Allows the redshift parameter group acceptance tests handle being ran in parallel better
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftParameterGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:16:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftParameterGroup_ -timeout 120m
=== RUN TestAccAWSRedshiftParameterGroup_importBasic
--- PASS: TestAccAWSRedshiftParameterGroup_importBasic (15.17s)
=== RUN TestAccAWSRedshiftParameterGroup_withParameters
--- PASS: TestAccAWSRedshiftParameterGroup_withParameters (13.16s)
=== RUN TestAccAWSRedshiftParameterGroup_withoutParameters
--- PASS: TestAccAWSRedshiftParameterGroup_withoutParameters (12.58s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.940s
```
Updates the aws_elb acceptance tests to better handle parallel test runs
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLoadBalancerPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:04:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLoadBalancerPolicy_ -timeout 120m
=== RUN TestAccAWSLoadBalancerPolicy_basic
--- PASS: TestAccAWSLoadBalancerPolicy_basic (24.50s)
=== RUN TestAccAWSLoadBalancerPolicy_updateWhileAssigned
--- PASS: TestAccAWSLoadBalancerPolicy_updateWhileAssigned (42.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 66.866s
```
When ran in parallel the tests `TestAccAwsEcsTaskDefinition_withNetwork` and `TestAccAwsEcsTaskDefinition_withTask` will overlap with each other due to the shared naming of the `iam_role` resource.
This fixes these tests to allow running in parallel on TeamCity.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsEcsTaskDefinition_withTask'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:20:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsEcsTaskDefinition_withTask -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.022s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsEcsTaskDefinition_withNetwork'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:21:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsEcsTaskDefinition_withNetwork -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.026s
```
Fixes the `TestAccAwsAPIGatewayMethod_customauthorizer` acceptance test which would previously fail if the iam_role resources would leak
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAPIGatewayMethod_customauthorizer'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:10:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsAPIGatewayMethod_customauthorizer -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.022s
```
An AWS Security Group Rule requires at least one of `cidr_blocks`, `self`, or `source_security_group_id` in order to be successfully created.
If the `aws_security_group_rule` doesn't contain one of these attributes, the AWS API will still return a `200` response, and not report any error in the response.
Example response from the API on a malformed submission:
```
2017/02/08 16:04:33 [DEBUG] plugin: terraform: -----------------------------------------------------
2017/02/08 16:04:33 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/08 16:04:33 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/AuthorizeSecurityGroupIngress Details:
2017/02/08 16:04:33 [DEBUG] plugin: terraform: ---[ RESPONSE ]--------------------------------------
2017/02/08 16:04:33 [DEBUG] plugin: terraform: HTTP/1.1 200 OK
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Connection: close
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Transfer-Encoding: chunked
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Content-Type: text/xml;charset=UTF-8
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Date: Wed, 08 Feb 2017 21:04:33 GMT
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Server: AmazonEC2
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Vary: Accept-Encoding
2017/02/08 16:04:33 [DEBUG] plugin: terraform:
2017/02/08 16:04:33 [DEBUG] plugin: terraform: 102
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <?xml version="1.0" encoding="UTF-8"?>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <requestId>ac08c33f-8043-46d4-b637-4c4b2fc7a094</requestId>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <return>true</return>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: </AuthorizeSecurityGroupIngressResponse>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: 0
2017/02/08 16:04:33 [DEBUG] plugin: terraform:
2017/02/08 16:04:33 [DEBUG] plugin: terraform:
2017/02/08 16:04:33 [DEBUG] plugin: terraform: -----------------------------------------------------
```
This previously caused Terraform to wait until the security_group_rule propagated, which never happened due to the silent failure.
The changeset ensures that one of the required attributes are set prior to creating the aws_security_group_rule.
Also catches the error returned from the retry function. Previously the error was ignored, and only logged at the `DEBUG` level.
Previously, an `aws_rds_cluster` that contains active instance groups would timeout on a destroy, if the destroy was able to only target the rds_cluster and not include the instance groups.
This would result in a `400` response from AWS, and Terraform would sit in a wait-loop until a 15-minute timeout while waiting for the cluster to be destroyed.
This catches the error returned from the `DeleteDBCluster` function call such that the proper error case can be returned to the user.
`400` from the AWS API:
```
2017/02/08 13:40:47 [DEBUG] plugin: terraform: ---[ RESPONSE ]--------------------------------------
2017/02/08 13:40:47 [DEBUG] plugin: terraform: HTTP/1.1 400 Bad Request
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Connection: close
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Content-Length: 337
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Content-Type: text/xml
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Date: Wed, 08 Feb 2017 18:40:46 GMT
2017/02/08 13:40:47 [DEBUG] plugin: terraform: X-Amzn-Requestid: 1b4a76cc-ee2e-11e6-867d-2311ebaffd3e
2017/02/08 13:40:47 [DEBUG] plugin: terraform:
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <ErrorResponse xmlns="http://rds.amazonaws.com/doc/2014-10-31/">
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Error>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Type>Sender</Type>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Code>InvalidDBClusterStateFault</Code>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Message>Cluster cannot be deleted, it still contains DB instances in non-deleting state.</Message>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: </Error>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <RequestId>1b4a76cc-ee2e-11e6-867d-2311ebaffd3e</RequestId>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: </ErrorResponse>
2017/02/08 13:40:47 [DEBUG] plugin: terraform:
2017/02/08 13:40:47 [DEBUG] plugin: terraform: -----------------------------------------------------
```
Error returns now, as expected:
```
Error applying plan:
2017/02/08 13:40:47 [DEBUG] plugin: waiting for all plugin processes to complete...
1 error(s) occurred:
* aws_rds_cluster.jake (destroy): 1 error(s) occurred:
2017/02/08 13:40:47 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/08 13:40:47 [DEBUG] plugin: waiting for all plugin processes to complete...
* aws_rds_cluster.jake: RDS Cluster cannot be deleted: Cluster cannot be deleted, it still contains DB instances in non-deleting state.
```
Found in testing that a timeout of 30 seconds didn't allow for the error
message that codebuild wasn't supported in eu-west-2
Discussed this with @radeksimko and he suggested a timeout raise
Previously the db_event_subscription import would only work if there was a single db_event_subscription resource. This fixes the import, allowing it to work as expected.
Also fixes the acceptance test for the resource to reflect this.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/07 10:38:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBEventSubscription_importBasic -timeout 120m
=== RUN TestAccAWSDBEventSubscription_importBasic
--- PASS: TestAccAWSDBEventSubscription_importBasic (633.33s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 633.353s
```
Fixes the `TestAccAWSDBEventSubscription_basicUpdate` acceptance test
`TestAccAWSDBEventSubscription_importBasic` is still failing, but has been failing since November.
Discovered after #11619 was fixed, and while fixing acceptance tests for the `aws_spot_instance_request` resource.
Previously the `aws_spot_instance_request` resource wouldn't populate any of the block device attributes from the resulting instance's metadata. This fixes that issue, and also fixes the `aws_spot_instance_request` acceptance tests to be more equipped for running in parallel.
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotInstanceRequest_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/02 18:02:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotInstanceRequest_ -timeout 120m
=== RUN TestAccAWSSpotInstanceRequest_basic
--- PASS: TestAccAWSSpotInstanceRequest_basic (111.96s)
=== RUN TestAccAWSSpotInstanceRequest_withBlockDuration
--- PASS: TestAccAWSSpotInstanceRequest_withBlockDuration (105.12s)
=== RUN TestAccAWSSpotInstanceRequest_vpc
--- PASS: TestAccAWSSpotInstanceRequest_vpc (115.81s)
=== RUN TestAccAWSSpotInstanceRequest_SubnetAndSG
--- PASS: TestAccAWSSpotInstanceRequest_SubnetAndSG (130.46s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 463.377s
```
Better handle parallel testing of the `aws_spot_fleet_request` resource. Previously we were catching a lot of errors due to naming the policy_attachment resource the same between tests.
* Add aws dms vendoring
* Add aws dms endpoint resource
* Add aws dms replication instance resource
* Add aws dms replication subnet group resource
* Add aws dms replication task resource
* Fix aws dms resource go vet errors
* Review fixes: Add id validators for all resources. Add validator for endpoint engine_name.
* Add aws dms resources to importability list
* Review fixes: Add aws dms iam role dependencies to test cases
* Review fixes: Adjustments for handling input values
* Add aws dms replication subnet group tagging
* Fix aws dms subnet group doesn't use standard error for resource not found
* Missed update of aws dms vendored version
* Add aws dms certificate resource
* Update aws dms resources to force new for immutable attributes
* Fix tests failing on subnet deletion by adding explicit dependencies. Combine import tests with basic tests to cut down runtime.
* provider/aws: Update Application Auto Scaling service model
- Add support for automatically scaling an Amazon EC2 Spot fleet.
* Remove duplicate policy_type check.
* Test creating a scalable target for a splot fleet request.
* Test creating a scaling policy for a splot fleet request.
* Update resource docs to support scaling an Amazon EC2 Spot fleet.
- aws_appautoscaling_policy
- aws_appautoscaling_target
* Remove arn attribute from aws_appautoscaling_target
- No arn is generated or returned for this resource.
* Remove optional name attribute from aws_appautoscaling_target
- ScalableTargets do not have a name
- I think this was copied from aws_appautoscaling_policy
* AWS Application Autoscaling resource documentation tweaks
- include a target resource in the policy example
- sort attributes by alpha
- fixup markdown
- add spaces to test config
Previously the `root_block_device` config map was a `schema.TypeSet` with an empty `Set` function, and a hard-limit of 1 on the attribute block.
This prevented a user from making any real changes inside the attribute block, thus leaving the user with a `Apply complete!` message, and nothing changed.
The schema API has since been updated, and we can now specify the `root_block_device` as a `schema.TypeList` with `MaxItems` set to `1`. This fixes the issue, and allows the user to update the `aws_instance`'s `root_block_device` attribute, and see changes actually propagate.
Adds tag support to the `aws_dynamodb_table` resource. Also adds a test for the resource, and a test to ensure that the tags are populated correctly from a resource import.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDynamoDBTable_tags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 15:35:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDynamoDBTable_tags -timeout 120m
=== RUN TestAccAWSDynamoDBTable_tags
--- PASS: TestAccAWSDynamoDBTable_tags (28.69s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.713s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDynamoDbTable_importTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 15:39:49 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDynamoDbTable_importTags -timeout 120m
=== RUN TestAccAWSDynamoDbTable_importTags
--- PASS: TestAccAWSDynamoDbTable_importTags (30.62s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 30.645s
```
I believe that if no VPC Endpoints were returned from the AWS API, we
were not guarding against a panic. We were strill trying to inspect the
RouteTableIds. This commit will ensure that no errors are thrown before
trying to use the RouteTableIds
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpcEndpointRouteTableAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 18:06:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpcEndpointRouteTableAssociation_ -timeout 120m
=== RUN TestAccAWSVpcEndpointRouteTableAssociation_basic
--- PASS: TestAccAWSVpcEndpointRouteTableAssociation_basic (42.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 42.859s
```
Fixes the beanstalk env tests such that they can run in parallel better. Previously, only the beanstalk application was randomized, now the beanstalk environment is also randomized to help better facilitate running our tests in parallel.
```
=== RUN TestAccAWSBeanstalkEnv_outputs
--- PASS: TestAccAWSBeanstalkEnv_outputs (388.74s)
=== RUN TestAccAWSBeanstalkEnv_cname_prefix
--- PASS: TestAccAWSBeanstalkEnv_cname_prefix (386.78s)
=== RUN TestAccAWSBeanstalkEnv_config
--- PASS: TestAccAWSBeanstalkEnv_config (532.56s)
=== RUN TestAccAWSBeanstalkEnv_resource
--- PASS: TestAccAWSBeanstalkEnv_resource (420.47s)
=== RUN TestAccAWSBeanstalkEnv_vpc
--- PASS: TestAccAWSBeanstalkEnv_vpc (516.02s)
=== RUN TestAccAWSBeanstalkEnv_template_change
--- PASS: TestAccAWSBeanstalkEnv_template_change (623.38s)
=== RUN TestAccAWSBeanstalkEnv_basic_settings_update
--- PASS: TestAccAWSBeanstalkEnv_basic_settings_update (705.32s)
```
If an `aws_volume_attachment` is identical to one that already exists in
the API, don't attempt to re-create it (which fails), simply act as
though the creation command had already been run and continue.
This allows Terraform to cleanly recover from a situation where a volume
attachment action hangs indefinitely, possibly due to a bad instance
state, requiring manual intervention such as an instance reboot. In such
a situation, Terraform believes the attachment has failed, when in fact
it succeeded after the timeout had expired. On the subsequent retry run,
attempting to re-create the attachment will fail outright, due to the
AttachVolume API call being non-idempotent. This patch implements the
idempotency client-side by matching the (name, vID, iID) tuple.
Note that volume attachments are not assigned an ID by the API.
message
Fixes: #11568
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSCluster_missingUserNameCausesError'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 12:11:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSCluster_missingUserNameCausesError -timeout 120m
=== RUN TestAccAWSRDSCluster_missingUserNameCausesError
--- PASS: TestAccAWSRDSCluster_missingUserNameCausesError (3.22s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 3.243s
```
The error message for a required parameter being missing has a wrong parameter baked into it. Therefore, when the error message tried to fire, it was throwing a panic. Added a test to make sure that we know the condition still fires and with a correct message
Fixes: #11549
When a user passes the wrong argument to a route53_record import, they
got a crash. This was because we expected the ID to parse correctly. The
crash looked like this:
```
% terraform import aws_route53_record.import1 mike.westredd.com
aws_route53_record.import1: Importing from ID "mike.westredd.com"...
aws_route53_record.import1: Import complete!
Imported aws_route53_record (ID: mike.westredd.com)
aws_route53_record.import1: Refreshing state... (ID: mike.westredd.com)
Error importing: 1 error(s) occurred:
* aws_route53_record.import1: unexpected EOF
panic: runtime error: index out of range
```
Rather than throwing a panic to the user, we should present them with a more useful message that tells them what the error is:
```
% terraform import aws_route53_record.import mike.westredd.com
aws_route53_record.import: Importing from ID "mike.westredd.com"...
aws_route53_record.import: Import complete!
Imported aws_route53_record (ID: mike.westredd.com)
aws_route53_record.import: Refreshing state... (ID: mike.westredd.com)
Error importing: 1 error(s) occurred:
* aws_route53_record.import: Error Importing aws_route_53 record. Please make sure the record ID is in the form ZONEID_RECORDNAME_TYPE (i.e. Z4KAPRWWNC7JR_dev_A
```
At least they can work out what the problem is in this case
The `aws_availability_zones` data source test was panicking. This fixes both tests
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAvailabilityZones'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/31 15:47:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAvailabilityZones -timeout 120m
=== RUN TestAccAWSAvailabilityZones_basic
--- PASS: TestAccAWSAvailabilityZones_basic (12.56s)
=== RUN TestAccAWSAvailabilityZones_stateFilter
--- PASS: TestAccAWSAvailabilityZones_stateFilter (13.59s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 26.187s
```
* Added Step Function Activity & Step Function State Machine
* Added SFN State Machine documentation
* Added aws_sfn_activity & documentation
* Allowed import of sfn resources
* Added more checks on tests, fixed documentation
* Handled the update case of a SFN function (might be already deleting)
* Removed the State Machine import test file
* Fixed the eventual consistency of the read after delete for SFN functions
The API asks you to send lower case values, but returns uppercase ones.
Here we lowercase the returned API values.
There is no migration here because the field in question is nested in a
set, so the hash will change regardless. Anyone using this feature now
has it broken anyway.
Fixes 2 acceptance tests for the `aws_instance` data source
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstanceDataSource_SecurityGroups'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/31 12:12:15 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstanceDataSource_SecurityGroups -timeout 120m
=== RUN TestAccAWSInstanceDataSource_SecurityGroups
--- PASS: TestAccAWSInstanceDataSource_SecurityGroups (119.14s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 119.172s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstanceDataSource_tags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/31 12:15:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstanceDataSource_tags -timeout 120m
=== RUN TestAccAWSInstanceDataSource_tags
--- PASS: TestAccAWSInstanceDataSource_tags (118.87s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 118.900s
```
* added server_side_encryption to s3_bucket_object resource including associated acceptance test and documentation.
* got acceptance tests passing.
* made server_side_encryption a computed attribute and only set kms_key_id attribute if an S3 non-default master key is in use.
* ensured kms api is only interrogated if required.
Fixes `aws_rds_cluster_parameter_group` acceptance tests, which have been broken since aa8c2ac587
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroupOnly'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:20:38 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroupOnly -timeout 120m
=== RUN TestAccAWSDBClusterParameterGroupOnly
--- PASS: TestAccAWSDBClusterParameterGroupOnly (15.26s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 15.282s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:22:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroup_basic -timeout 120m
=== RUN TestAccAWSDBClusterParameterGroup_basic
--- PASS: TestAccAWSDBClusterParameterGroup_basic (29.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 29.510s
```
Fixes `aws_cloudwatch_log_subscription_filter` acceptance tests that had been failing since mid December
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudwatchLogSubscriptionFilter_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:00:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudwatchLogSubscriptionFilter_basic -timeout 120m
=== RUN TestAccAWSCloudwatchLogSubscriptionFilter_basic
--- PASS: TestAccAWSCloudwatchLogSubscriptionFilter_basic (26.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 26.364s
```
Implementing vpc_peering_connection_accept.
Additions from @ewbankkit:
Rename 'aws_vpc_peering_connection_accept' to 'aws_vpc_peering_connection_accepter'.
Get it working reusing functionality from 'aws_vpc_peering_connection' resource.
* Add a new data provider to decrypt AWS KMS secrets
* Address feedback
* Rename aws_kms_secrets to aws_kms_secret
* Add more examples to the documentation
Fixes: #11461
This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
According to https://github.com/hashicorp/errwrap
'{{err}}' has to be used instead of '%s'
Without this patch, error output from terraform is missing important information:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: %s
With this patch, I get the important information. E.g.:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: AccessDeniedException: User: arn:aws:sts::XYZ:assumed-role/AAA-BBB-CCC/terraform-assuming-role-assume-role-ReadOnly is not authorized to perform: logs:ListTagsLogGroup on resource: arn:aws:logs:us-east-1:XYZ:log-group:logs:log-stream:
Allows the user to import a default aws_alb_listener_rule. When creating the resource with TF, the AWS API requires that `priority` be an integer.
However, the `DescribeRules` API call returns a string for `priority`. This would work in every case except for the `default` listener rule, which sets the `priority` value to the string "default".
This fixes the previous error:
```
Error importing: 1 error(s) occurred:
* aws_alb_listener_rule.test: Cannot convert rule priority %q to int: strconv.ParseInt: parsing "default": invalid syntax
```
Fixes: #11464
Previously an attempt to destroy a LB stickiness policy would
result in an error like this:
```
* aws_lb_cookie_stickiness_policy.foo: Error removing LBCookieStickinessPolicy: LoadBalancerNotFound: There is no ACTIVE Load Balancer named 'tf-test-lb-tqatd'
status code: 400, request id: 28af1167-e4a4-11e6-8ddd-57ba410cbbb6
```
This checks for a missing load balancer on the policy read and allows
the destroy.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLBCookieStickinessPolicy_missingLB'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/27 07:21:11 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLBCookieStickinessPolicy_missingLB -timeout 120m
=== RUN TestAccAWSLBCookieStickinessPolicy_missingLB
--- PASS: TestAccAWSLBCookieStickinessPolicy_missingLB (28.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.929s
```
Adds EBS Volume support and tests for EMR Instnace Groups
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEMRInstanceGroup_ebsBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/25 10:14:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEMRInstanceGroup_ebsBasic -timeout 120m
=== RUN TestAccAWSEMRInstanceGroup_ebsBasic
--- PASS: TestAccAWSEMRInstanceGroup_ebsBasic (675.14s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 675.171s
```
Type of change:
===============
- Bug fix
What changed? ... and Why:
==========================
The regexp is currently set to:
`pattern := `^[a-zA-Z0-9$_]+$`
The AWS docs state that qualifer names must conform to the following
regexp:
`Pattern: (|[a-zA-Z0-9$_-]+)`
As you can see, the current regexp in Terraform is missing the `-` at
the end.
This addresses that.
How has it been tested?
=======================
Added a few test cases to the existing spec for `AwsLambdaQualifier`
validation.
Adds a diff suppress function for the `engine_version` attribute of the `db_instance` AWS resource.
The function only supresses the state diff, if the attribute key `auto_minor_version_upgrade` is set, and if the returned `engine_version` from the running RDS instance shares the same prefix as the configured `engine_version`.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_MinorVersion'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/23 17:59:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBInstance_MinorVersion -timeout 120m
=== RUN TestAccAWSDBInstance_MinorVersion
--- PASS: TestAccAWSDBInstance_MinorVersion (503.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 503.518s
```
This commit switches out the use of `fmt.Errorf` to `errwrap.Wrapf` in
the `aws_autoscaling_lifecycle_hook` resource, and corrects a typo which
causes the parameter object to be returned to a user rather than the
underlying error.
Allows users from govcloud and other regions (aws-cn) to now use the following resources correctly:
```
- data "aws_billing_service_account"
- data "aws_elb_service_account"
- resource "aws_cloudfront_origin_access_identity"
- resource "aws_ecs_service"
- resource "aws_iam_saml_provider"
- resource "aws_lambda_permission"
- resource "aws_sns_topic_policy"
```
* provider/aws: Remove hardcoded https from the ecr repository
When the ECR resource was created, we hardcoded the repository URL to
start with https://
This was a mistake as all interaction with the repository now must
include a replace function for the https:// to "" for this to be usable
We need to note this change in the backward incompatibilities
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcrRepository_' ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/20 14:37:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (20.46s)
=== RUN TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (18.77s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.251s
```
* Update ecr_repository.html.markdown
Fixes AwsS3BucketPolicy Acceptance Tests to match policy document changes from upstream.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSS3BucketPolicy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/20 11:55:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSS3BucketPolicy -timeout 120m
=== RUN TestAccAWSS3BucketPolicy_basic
--- PASS: TestAccAWSS3BucketPolicy_basic (33.64s)
=== RUN TestAccAWSS3BucketPolicy_policyUpdate
--- PASS: TestAccAWSS3BucketPolicy_policyUpdate (61.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 95.591s
```
Updates ECS task_definition documentation, and schema validation functions to match the AWS API documentation.
Updates ECS service documentation, and schema validation functions match the AWS API documentation.
statistic
Fixes: #11189
This introduces a new parameter and makes an existing parameter from
`required` to `optional` as both cannot be specified together
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchMetricAlarm_' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/13 11:25:24 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudWatchMetricAlarm_ -timeout 120m
=== RUN TestAccAWSCloudWatchMetricAlarm_importBasic
--- PASS: TestAccAWSCloudWatchMetricAlarm_importBasic (19.80s)
=== RUN TestAccAWSCloudWatchMetricAlarm_basic
--- PASS: TestAccAWSCloudWatchMetricAlarm_basic (20.42s)
=== RUN TestAccAWSCloudWatchMetricAlarm_extendedStatistic
--- PASS: TestAccAWSCloudWatchMetricAlarm_extendedStatistic (18.92s)
PASS
```
* provider/aws: New DataSource: aws_elb_hosted_zone_id
This datasource is a list of all of the ELB DualStack Hosted Zone IDs.
This will allow us to reference the correct hosted zone id when creating
route53 alias records
There are many bugs for this - this is just the beginning of fixing them
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElbHostedZoneId_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/04 13:04:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElbHostedZoneId_basic -timeout 120m
=== RUN TestAccAWSElbHostedZoneId_basic
--- PASS: TestAccAWSElbHostedZoneId_basic (20.46s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 20.484s
```
* Update elb_hosted_zone_id.html.markdown
us-east-1
Fixes#11175
Because of a previous limitation that codecommit only ran in us-east-1,
we hard coded the session under which it should run. This has caused the
repository to be spun up in the wrong region regardless of what region
was passed to the provider
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCodeCommitRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/12 16:09:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCodeCommitRepository_ -timeout 120m
=== RUN TestAccAWSCodeCommitRepository_basic
--- PASS: TestAccAWSCodeCommitRepository_basic (23.28s)
=== RUN TestAccAWSCodeCommitRepository_withChanges
--- PASS: TestAccAWSCodeCommitRepository_withChanges (33.71s)
=== RUN TestAccAWSCodeCommitRepository_create_default_branch
--- PASS: TestAccAWSCodeCommitRepository_create_default_branch (22.70s)
=== RUN TestAccAWSCodeCommitRepository_create_and_update_default_branch
--- PASS: TestAccAWSCodeCommitRepository_create_and_update_default_branch (32.72s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 112.437s
```
Utilize the ChangeResourceRecordSets to change the type of a record by
deleting and recreating with a new type.
As change batches are considered transactional changes, Amazon Route 53
either makes all or none of the changes in the batch request ensuring the
update will never be partially applied.
Documentation for the `aws_route_table` data source mentions that it supports a route table `id` as an argument, however it was missing from the actual provider code.
Adds in the missing provider code, adds a test, and updates the documentation to use `rtb_id` as the argument, instead of the more ambiguous `id`.
A VPC's main route table has an implicit subnet association, not an explicit subnet association. This caused a Terraform panic when using the `data_source_aws_route_table` resource to query the main route table for a VPC.
This fixes the Terraform panic, and allows the data lookup to complete successfully. Also added an acceptance test to verify the bugfix.
Fixes: #11134
* provider/aws: Save disabled ELB accesslogs to state
Save any explicitly disabled access_log to state. Do not save disabled
access_logs if they are not in the configuration.
* test that fails on master
Adds validation for the `type` parameter of an `aws_route53_record` resource.
This will allow Terraform to catch any user errors of a `type` parameter during a `terraform plan` instead of during a `terraform apply`.
Fixes: #11114
* provider/aws: New Resource - aws_codedeploy_deployment_config
* provider/aws: Adding acceptance tests for new
aws_codedeploy_deployment_config resource
* provider/aws: Documentation for the aws_codedeploy_deployment_config resource
* Update codedeploy_deployment_config.html.markdown
subnet_group
Fixes#11024
A change was introduced in 0.8.2 that allows db_instances to change
their db_subnet_group. Unfortunately, this caused an issue for
db_instances that were being restored from snapshot. The restore from
snapshot part of create calls the Update func whereas a normal create
calls the Read func
When calling the Update func, the db_instance was trying to go through a
db_subnet_group_name change and was failing for the following reason:
```
InvalidVPCNetworkStateFault: You cannot move DB instance _rds_instance_name_ to subnet group _subnet_group_name_. The specified DB subnet group and DB instance are in the same VPC. Choose a DB subnet group in different VPC than the specified DB instance and try again.
```
Adds region specific S3 bucket name validation. Currently all regions except for us-east-1 force a dns-compliant naming convention. Thus we cannot utilize the standard `SchemaValidateFunc` interface to validate an S3 bucket name.
This change creates a helper function outside of the schema validation interface so we can validate S3 bucket names for both naming conventions. At a later date, when the us-east-1 region is updated to conform to a dns-compliant naming scheme, we can refactor the `validateS3BucketName` function to fit the `SchemaValidateFunc` interface.
aws_api_gateway_integration_response
This continues the work carried out in #10696
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAPIGatewayIntegrationResponse_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/03 14:18:46 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSAPIGatewayIntegrationResponse_ -timeout 120m
=== RUN TestAccAWSAPIGatewayIntegrationResponse_basic
--- PASS: TestAccAWSAPIGatewayIntegrationResponse_basic (57.33s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws57.352s
```
Fixes:#10902
AWS introduced a change to the Mount Target DNS Name to remove the
availability_zone from it -
https://aws.amazon.com/about-aws/whats-new/2016/12/simplified-mounting-of-amazon-efs-file-systems/
This was because there used to be a limit of 1 mount target per AZ -
this has been raised.
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEFSMountTarget_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/04 10:45:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEFSMountTarget_ -timeout 120m
=== RUN TestAccAWSEFSMountTarget_importBasic
--- PASS: TestAccAWSEFSMountTarget_importBasic (236.19s)
=== RUN TestAccAWSEFSMountTarget_basic
--- PASS: TestAccAWSEFSMountTarget_basic (445.52s)
=== RUN TestAccAWSEFSMountTarget_disappears
--- PASS: TestAccAWSEFSMountTarget_disappears (228.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 910.044s
```
bool not string
Fixes: #11010
Adds a test to show cover the use-case that the OP suggested caused the
panic
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDataSourceIAMServerCertificate_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/03 22:39:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDataSourceIAMServerCertificate_ -timeout 120m
=== RUN TestAccAWSDataSourceIAMServerCertificate_basic
--- PASS: TestAccAWSDataSourceIAMServerCertificate_basic (19.48s)
=== RUN TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix
--- PASS: TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix (1.95s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 21.454s
```
* provider:aws: Add support for updating aws_emr_cluster parameters
Fixes#10962
We now support the update of `visibile_to_add_users` and
`termination_protected` parameters
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEMRCluster_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/03 18:45:20 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEMRCluster_ -timeout 120m
=== RUN TestAccAWSEMRCluster_basic
--- PASS: TestAccAWSEMRCluster_basic (551.98s)
=== RUN TestAccAWSEMRCluster_terminationProtected
--- PASS: TestAccAWSEMRCluster_terminationProtected (545.52s)
=== RUN TestAccAWSEMRCluster_visibleToAllUsers
--- PASS: TestAccAWSEMRCluster_visibleToAllUsers (552.09s)
=== RUN TestAccAWSEMRCluster_tags
--- PASS: TestAccAWSEMRCluster_tags (598.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 2248.537s
```
* Update resource_aws_emr_cluster_test.go
Fixes: #10958
This wasn't implemented the first time around for some reason
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEMRCluster_' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/03 15:40:09 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEMRCluster_ -timeout 120m
=== RUN TestAccAWSEMRCluster_basic
--- PASS: TestAccAWSEMRCluster_basic (529.36s)
=== RUN TestAccAWSEMRCluster_tags
--- PASS: TestAccAWSEMRCluster_tags (556.81s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 1086.197s
```
There is 1 breaking change. The OpsWorks Update API no longer supports
`tenancy` as an update. So that has to be marked as ForceNew: true
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSOpsworksInstance'
% 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/02 17:11:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSOpsworksInstance -timeout 120m
=== RUN TestAccAWSOpsworksInstance
--- PASS: TestAccAWSOpsworksInstance (99.89s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws99.911s
```
Ensure that the `key_name` attribute is available to `aws_key_pair`
resource dependents, even when the attribute is not specifically
set (i.e., when `key_name_prefix` or automatic naming is performed).
Fixes#10983.
* Add 'aws_vpc_peering_connection' data source.
* Changes after code review.
* Add 'accepter' and 'requester' blocks to aws_vpc_peering_connection data source output attributes.
Computed
Fixes: #10887
In the Terraform documentation, we say the following:
```
metric_aggregation_type - (Optional) The aggregation type for the policy's metrics. Valid values are "Minimum", "Maximum", and "Average". Without a value, AWS will treat the aggregation type as "Average".
```
Therefore, because the parameter wasn't set as computed, we got a diff as follows:
```
~ aws_autoscaling_policy.scale
metric_aggregation_type: "Average" => ""
```
With the change in place, we get the correct behaviour
```
% terraform plan
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.launch: Refreshing state... (ID: config)
aws_autoscaling_group.asg: Refreshing state... (ID: asg)
aws_autoscaling_policy.scale: Refreshing state... (ID: scale)
No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
* Drop alias from state file if missing from lambda.
This commit fixes an issue where if you remove a AWS Lambda, the corresponding alias for that Lambda is also deleted.
* Added missing imports.
* Removed non-local reference to constant.
* provider/aws: Support eu-west-2
This is the new London region - we don't have access yet but several
enquiries have come from customers who do.
* provider/aws: Support eu-west-2 region
* Update hosted_zones.go
* provider/aws: data source for AWS Hosted Zone
* add caller_reference, resource_record_set_count fields, manage private zone and trailing dot
* fix fmt
* update documentation, use string function in hostedZoneNamewq
* add vpc_id support
* add tags support
* add documentation for hosted zone data source tags support
* provider/aws: Add the aws_eip data source
* Document the aws_eip data source on the website
* provider/aws: support query by public_ip for aws_eip data source
* Allow import of aws_security_groups with more than one source_security_group_id rule
* Add acceptable test for security group with multiple source rules.
When importing an `aws_vpc_peering_connection`, the code assumes that
the account under Terraform control is the initiator (requester) of the
VPC peering request. This holds true when the peering connection is
between two VPCs in the same account, or when the peering connection has
been initiated from the controlled account to another.
However, when the peering connection has been initiated from a foreign
account towards the account under management, importing the peering
connection into the statefile results in values of `peer_vpc_id` and
`vpc_id` being the opposite way round to what they should be, and in the
`peer_owner_id` being set to the managed account's ID rather than the
foreign account's ID.
This patch checks the Accepter and Requester Owner IDs against the AWS
connection's reported owner ID, and reverses the mapping if it is
determined that the VPC peering connection is owned by the foreign
account.
This adds the new resource aws_snapshot_create_volume_permission which
manages the createVolumePermission attribute of snapshots. This allows
granting an AWS account permissions to create a volume from a particular
snapshot. This is often required to allow another account to copy a
private AMI.
AWS allows only the case-sensitive strings `Allow` and `Deny` to appear
in the `Effect` fields of IAM policy documents. Catch deviations from
this, including mis-casing, before hitting the API and generating an
error (the error is a generic 400 and doesn't indicate what part of the
policy doc is invalid).
Fixes#8455, #5390
This add a new `no_device` attribute to `ephemeral_block_device` block,
which allows users omit ephemeral devices from AMI's predefined block
device mappings, which is useful for EBS-only instance types.
This commit extracts the GPG code used for aws_iam_user_login_profile
into a library that can be reused for other resources, and updates the
call sites appropriately.
* add rds db for opsworks
* switched to stack in vpc
* implement update method
* add docs
* implement and document force new resource behavior
* implement retry for update and delete
* add test that forces new resource
* Add new aws_vpc_endpoint_route_table_association resource.
This commit adds a new resource which allows to a list of route tables to be
either added and/or removed from an existing VPC Endpoint. This resource would
also be complimentary to the existing `aws_vpc_endpoint` resource where the
route tables might not be specified (not a requirement for a VPC Endpoint to
be created successfully) during creation, especially where the workflow is
such where the route tables are not immediately known.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Additions by Kit Ewbank <Kit_Ewbank@hotmail.com>:
* Add functionality
* Add documentation
* Add acceptance tests
* Set VPC endpoint route_table_ids attribute to "Computed"
* Changes after review - Set resource ID in create function.
* Changes after code review by @kwilczynski:
* Removed error types and simplified the error handling in 'resourceAwsVPCEndpointRouteTableAssociationRead'
* Simplified logging in 'resourceAwsVPCEndpointRouteTableAssociationDelete'
* provider/aws: Add DeploymentRollback as a valid TriggerEvent type
* provider/aws: Add auto_rollback_configuration to aws_codedeploy_deployment_group
* provider/aws: Document auto_rollback_configuration
- part of aws_codedeploy_deployment_group
* provider/aws: Support removing and disabling auto_rollback_configuration
- part of aws_codedeploy_deployment_group resource
- when removing configuration, ensure events are removed
- when disabling configuration, preserve events in case configuration is re-enabled
* provider/aws: Add alarm_configuration to aws_codedeploy_deployment_group
* provider/aws: Document alarm_configuration
- part of aws_codedeploy_deployment_group
* provider/aws: Support removing alarm_configuration
- part of aws_codedeploy_deployment_group resource
- disabling configuration doesn't appear to work...
* provider/aws: Refactor auto_rollback_configuration tests
- Add create test
- SKIP failing test for now
- Add tests for build & map functions
* provider/aws: Refactor new aws_code_deploy_deployment_group tests
- alarm_configuration and auto_rollback_configuration only
- add assertions to deployment_group basic test
- rename config funcs to be more easy to read
- group public tests together
* provider/aws: A max of 10 alarms can be added to a deployment group.
- aws_code_deploy_deployment_group.alarm_configuration.alarms
- verified this causes test failure with expected exception
* provider/aws: Test disabling alarm_configuration and auto_rollback_configuration
- the tests now pass after rebasing the latest master branch
* provider/aws: Generate name for TestAccElasticBeanstalkApplicationImport
This allows tests to run concurrently.
* provider/aws: Generate names for TestAWSElasticBeanstalkEnvironment_importBasic
This allows tests to run concurrently.
Although the aws_iam_policy has a problem of normalization (refs #8350),
I think it would be useful simply to add JSON syntax validation.
I wasted a lot of time with JSON syntax errors.
Validate the aws_iam_policy using the validateJsonString helper.
* provider/aws: Add ability to create aws_ebs_snapshot
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSSnapshot_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:18:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSSnapshot_
-timeout 120m
=== RUN TestAccAWSEBSSnapshot_basic
--- PASS: TestAccAWSEBSSnapshot_basic (31.56s)
=== RUN TestAccAWSEBSSnapshot_withDescription
--- PASS: TestAccAWSEBSSnapshot_withDescription (189.35s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws220.928s
```
* docs/aws: Addition of the docs for aws_ebs_snapshot resource
* provider/aws: Creation of shared schema funcs for common AWS data source
patterns
* provider/aws: Create aws_ebs_snapshot datasource
Fixes#8828
This data source will use a number of filters, owner_ids, snapshot_ids
and restorable_by_user_ids in order to find the correct snapshot. The
data source has no real use case for most_recent and will error on no
snapshots found or greater than 1 snapshot found
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsSnapshotDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:34:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsSnapshotDataSource_ -timeout 120m
=== RUN TestAccAWSEbsSnapshotDataSource_basic
--- PASS: TestAccAWSEbsSnapshotDataSource_basic (192.66s)
=== RUN TestAccAWSEbsSnapshotDataSource_multipleFilters
--- PASS: TestAccAWSEbsSnapshotDataSource_multipleFilters (33.84s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws226.522s
```
* docs/aws: Addition of docs for the aws_ebs_snapshot data source
Adds the new resource `aws_ebs_snapshot`
This update adds ALB support to the
wait_for_elb_capacity/min_elb_capacity options. Target groups are
handled in nearly the same way as Classic ELBs, so the change should be
transparent. This supports both ALB target groups and classic ELBs being
attached to the ASG at the same time.
* provider/aws: Add aws_alb data source
This adds the aws_alb data source for getting information on an AWS
Application Load Balancer.
The schema is nearly the same as the resource of the same name, with
most of the resource population logic de-coupled into its own function
so that they can be shared between the resource and data source.
* provider/aws: aws_alb data source language revisions
* Multiple/zero result error slightly updated to be a bit more
specific.
* Fixed relic of the copy of the resource docs (resource -> data
source)
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:
```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```
This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok github.com/rhenning/terraform/builtin/providers/aws 20.840s
```
* provider/aws: Add aws_alb_listener data source
This adds the aws_alb_listener data source to get information on an AWS
Application Load Balancer listener.
The schema is slightly modified (only option-wise, attributes are the
same) and we use the aws_alb_listener resource read function to get the
data.
Note that the HTTPS test here may fail due until
hashicorp/terraform#10180 is merged.
* provider/aws: Add aws_alb_listener data source docs
Now documented.
Looks like sometimes it takes some time for IAM certificates to
propagate, which can cause errors on ALB listener creation.
Possibly same thing as hashicorp/terraform#5178, but for ALB
now instead of ELB.
This was discovered via acceptance tests, specifically the
TestAccAWSALBListener_https test. Updated the creation process to wait
on CertificateNotFound for a max of 5min.
- Per our discussion around the PR to increase this initially, we
weren't sure if 1 minute would be sufficient. Well, it turns out it
wasn't for me today (we don't delete these often so not sure how
often people run into this).
Picking another somewhat arbitrary value of 5 minutes in the hopes
that it will be sufficient (today it took a little over 2 minutes).
Since the Lambda CreateFunction call may include an up to 50MB payload,
the request can easily take more than a minute. This increases the
timeout to 10 minutes.
Fixes#10042Fixes#9989
Another panic was found with this resource. IT essentially was causing a
panic when no certificates were found. This was due to the casting of
status to []string
There are times when there are no statuses passed in. Made the error
message a lot more generic now rather than having something like this
```
No certificate with statuses [] for domain mytestdomain.com found in this region.
```
This now becomes:
```
No certificate for domain mytestdomain.com found in this region.
```
Also, added a test to show that the panic is gone
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAcmCertificateDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/11 15:11:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAwsAcmCertificateDataSource_ -timeout 120m
=== RUN TestAccAwsAcmCertificateDataSource_noMatchReturnsError
--- PASS: TestAccAwsAcmCertificateDataSource_noMatchReturnsError (6.07s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws6.094s
```
* allow underscore in database_name [redshift]
Fixes#10009
* Added Test Cases To Validate Redshift DBName
* Remove Old Test Cases Regarding Redshift DBName Validation
* Added More Test Cases For Redshift DBName
Also added a test to prove that the computed value gets set
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 06:26:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_basic -timeout 120m
=== RUN TestAccAWSDBInstance_basic
--- PASS: TestAccAWSDBInstance_basic (634.33s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws634.347s
```
Fixes#9989
When passing a list of statuses to the acm_certificate data source, we
were trying to cast a schema.TypeList directly to []string
We need to do it via an []interface{} and then cast to string when
ranging over the results. Without this, we get a panic
* Added key_name_prefix to aws_key_pair resource schema.
* Added logic to prefix the aws_key_pair name on create.
* Added aws_key_pair test config for key_name_prefix case.
* Copied test cases from testAccAWSSecurityGroup namespace.
* Modified copied test case to suit aws_key_pair resource.
* Changed required flag to optional on key_name argument for aws_key_pair resource.
* Added documentation for key_name_prefix argument.
* Code style fix.
* Fixed undefined variable error in test.
Fixes#9895
The replication_group_id should allow length to be max of 20 not 16
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestResourceAWSElastiCacheReplicationGroupIdValidation'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 16:17:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestResourceAWSElastiCacheReplicationGroupIdValidation -timeout
120m
=== RUN TestResourceAWSElastiCacheReplicationGroupIdValidation
--- PASS: TestResourceAWSElastiCacheReplicationGroupIdValidation (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws0.032s
```
The work to add the arn_suffix in #9734 skipped adding the targetgroup/
part of the arn
This PR adds it
//cc @firthh
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 12:19:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.23s)
=== RUN TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (80.09s)
=== RUN TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (87.45s)
=== RUN TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (78.47s)
=== RUN TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (73.53s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (75.60s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (76.40s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 518.777s
```
fixes#9110
An error was found where, static_routes_only was not set on a vpn
connection import. This commit introduces setting the static_routes_only
to false when no Options are found. This follows the AWS convention as follows:
```
- options (structure)
Indicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify true .
Default: false
```
So we take it that `static_options_only` is false by default
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 10:38:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (178.29s)
=== RUN TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.81s)
=== RUN TestAccAWSVpnConnection_withoutStaticRoutes
--- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (195.45s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 710.572s
```
Use this data source to get the ARN of a certificate in AWS Certificate
Manager (ACM). The process of requesting and verifying a certificate in ACM
requires some manual steps, which means that Terraform cannot automate the
creation of ACM certificates. But using this data source, you can reference
them by domain without having to hard code the ARNs as input.
The acceptance test included requires an ACM certificate be pre-created
in and information about it passed in via environment variables. It's a
bit sad but there's really no other way to do it.
When computing the set key for an EBS block device, we were using
the wrong function; we had hashEphemeralBlockDevice instead of
hashEbsBlockDevice. This caused a panic by trying to access the
virtual_name attribute that will never be set for EBS block
devices.
To fix this, I switched to the hashEbsBlockDevice function, which
is already being used to compute a Set key in the Schema. But in
the default case, where the snapshot_id attribute isn't specified,
this also caused a panic. I updated the way the string to hash is
generated to check for the existence of the device_name and
snapshot_id attributes before we use them, to avoid panics when
these optional attributes aren't set.
Spot fleet requests can have EBS volumes attached to them, and at
the moment we're getting reports that crashes can be experienced
with them. This adds an acceptance test that exercises creating
a Spot Fleet request that has a non-instance EBS volume attached.
This successfully reproduces the panic.
* GH-8755 - Adding in support to attach ASG to ELB as independent action
* GH-8755 - Adding in docs
* GH-8755 - Adjusting attribute name and responding to other PR feedback
In #8502 it was requested that we add support for the EnableSNI
parameter of Route53's health checks; this enables customers to
manually specify whether or not the health check will use SNI when
communicating with the endpoint.
The customer originally requested we default to `false`. While
implementing the issue, I discovered that when creating health
checks with a Type set to HTTP, Amazon's default value for EnableSNI
is `false`. However, when creating health checks with a Type set to
HTTPS, Amazon's default value is `true`. So rather than setting a
default value, I made the attribute computed.
Fixes#9658Fixes#8728
Originally, this would ForceNew as follows:
```
-/+ aws_alb.alb_test
arn: "arn:aws:elasticloadbalancing:us-west-2:187416307283:loadbalancer/app/test-alb-9658/3459cd2446b76901" => "<computed>"
arn_suffix: "app/test-alb-9658/3459cd2446b76901" => "<computed>"
dns_name: "test-alb-9658-1463108301.us-west-2.elb.amazonaws.com" => "<computed>"
enable_deletion_protection: "false" => "false"
idle_timeout: "30" => "30"
internal: "false" => "false"
name: "test-alb-9658" => "test-alb-9658"
security_groups.#: "2" => "1" (forces new resource)
security_groups.1631253634: "sg-3256274b" => "" (forces new resource)
security_groups.3505955000: "sg-1e572667" => "sg-1e572667" (forces new resource)
subnets.#: "2" => "2"
subnets.2407170741: "subnet-ee536498" => "subnet-ee536498"
subnets.2414619308: "subnet-f1a7b595" => "subnet-f1a7b595"
tags.%: "1" => "1"
tags.TestName: "TestAccAWSALB_basic" => "TestAccAWSALB_basic"
vpc_id: "vpc-dd0ff9ba" => "<computed>"
zone_id: "Z1H1FL5HABSF5" => "<computed>"
Plan: 1 to add, 0 to change, 1 to destroy.
```
When the ALB was ForceNew, the ARN changed. The test has been updated to include a check to make sure that the ARNs are the same after the update
After this change, it looks as follows:
```
~ aws_alb.alb_test
security_groups.#: "1" => "2"
security_groups.1631253634: "" => "sg-3256274b"
security_groups.3505955000: "sg-1e572667" => "sg-1e572667"
Plan: 0 to add, 1 to change, 0 to destroy.
```
Test Results:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 12:20:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (64.25s)
=== RUN TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (65.04s)
=== RUN TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (67.02s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (96.06s)
=== RUN TestAccAWSALB_updatedSecurityGroups
--- PASS: TestAccAWSALB_updatedSecurityGroups (101.61s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (59.83s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (162.65s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 616.489s
```
* provider/aws: Provide the option to skip_destroy on
aws_volume_attachment
When you want to attach and detach pre-existing EBS volumes to an
instance, we would do that as follows:
```
resource "aws_instance" "web" {
ami = "ami-21f78e11"
availability_zone = "us-west-2a"
instance_type = "t1.micro"
tags {
Name = "HelloWorld"
}
}
data "aws_ebs_volume" "ebs_volume" {
filter {
name = "size"
values = ["${aws_ebs_volume.example.size}"]
}
filter {
name = "availability-zone"
values = ["${aws_ebs_volume.example.availability_zone}"]
}
filter {
name = "tag:Name"
values = ["TestVolume"]
}
}
resource "aws_volume_attachment" "ebs_att" {
device_name = "/dev/sdh"
volume_id = "${data.aws_ebs_volume.ebs_volume.id}"
instance_id = "${aws_instance.web.id}"
skip_destroy = true
}
```
The issue here is that when we run a terraform destroy command, the volume tries to get detached from a running instance and goes into a non-responsive state. We would have to force_destroy the volume at that point and risk losing any data on it.
This PR introduces the idea of `skip_destroy` on a volume attachment. tl;dr:
We want the volume to be detached from the instane when the instance itself has been destroyed. This way the normal shut procedures will happen and protect the disk for attachment to another instance
Volume Attachment Tests:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVolumeAttachment_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 00:47:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVolumeAttachment_ -timeout 120m
=== RUN TestAccAWSVolumeAttachment_basic
--- PASS: TestAccAWSVolumeAttachment_basic (133.49s)
=== RUN TestAccAWSVolumeAttachment_skipDestroy
--- PASS: TestAccAWSVolumeAttachment_skipDestroy (119.64s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 253.158s
```
EBS Volume Tests:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 01:00:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (26.38s)
=== RUN TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (26.86s)
=== RUN TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (27.89s)
=== RUN TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (26.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 108.032s
```
* Update volume_attachment.html.markdown
There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:
- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}
The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.
This fixes#9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.
This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
* Allow `active` state while waiting for the VPC Peering Connection.
This commit adds `active` as one of the valid states in which the VPC Peering
Connection can be when it being created.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add more valid states.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#9628Fixes#9298
When a route53_record alias is updated in the console, AWS prepends
`dualstack.` to the name. This is there incase IPV6 is wanted. It is
exactly the same without it as it is with it
In order to stop perpetual diffs, I introduced a normalizeFunc that will
that tke alias name and strip known issues:
* dualstack
* trailing dot
This normalize fun will continue to grow I'm sure
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/29 00:28:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (124.64s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (132.07s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (134.07s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (113.36s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (112.62s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (162.84s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (126.18s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (121.10s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (118.14s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (155.07s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (235.41s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
^[[C--- PASS: TestAccAWSRoute53Record_geolocation_basic (125.32s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (122.23s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (231.98s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (116.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 2131.526s
```
Before this fix, I was getting the following by recreating the code in
```
~ aws_route53_record.alias
alias.1563903989.evaluate_target_health: "true" => "false"
alias.1563903989.name: "9828-recreation-106795730.us-west-2.elb.amazonaws.com." => ""
alias.1563903989.zone_id: "Z1H1FL5HABSF5" => ""
alias.318754017.evaluate_target_health: "" => "true"
alias.318754017.name: "" => "9828-recreation-106795730.us-west-2.elb.amazonaws.com"
alias.318754017.zone_id: "" => "Z1H1FL5HABSF5"
Plan: 0 to add, 1 to change, 0 to destroy.
```
After this fix:
```
No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
When creating a CloudWatch Metric for an Application Load Balancer Target Group it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#8679
The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`
When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:
```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```
We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_' 130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 132.568s
```
The update of the test was causing a test failure - it was setting
desired_count to 1 when miz_size was set to 2 - this was causing a
perpetual diff in the test
Was failing due to using IAM user `test-name` as it was being used in
more than 1 place - this has been replaced by a random user and random
policy names now
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUserPolicyAttachment_basic' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 08:39:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUserPolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSUserPolicyAttachment_basic
--- PASS: TestAccAWSUserPolicyAttachment_basic (32.04s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 32.053s
```
Previously this resource (and, by extension, the aws_ami_copy and
aws_ami_from_instance resources that share much of its implementation)
was handling correctly the case where an AMI had been recently
deregistered, and was thus still returned from the API, but not correctly
dealing with the situation where the AMI has been removed altogether.
Now we additionally handle the NotFound error returned by the API when
we request a non-existent AMI, and remove the AMI from the state in the
same way we do for deregistered AMIs.
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#9654
Before the fix, I created an ASG with a schedule on it. Went to the AWS
console and deleted the schedule. A terraform plan looked as follows:
```
% terraform plan
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID:
terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID:
terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
Error refreshing state: 1 error(s) occurred:
* aws_autoscaling_schedule.foobar: Unable to find Autoscaling
* Scheduled Action: []*autoscaling.ScheduledUpdateGroupAction(nil)
```
After the fix:
```
terraform plan 1 ↵
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_autoscaling_schedule.foobar
arn: "<computed>"
autoscaling_group_name: "terraform-test-foobar5"
desired_capacity: "0"
end_time: "2018-01-16T13:00:00Z"
max_size: "0"
min_size: "0"
recurrence: "<computed>"
scheduled_action_name: "foobar"
start_time: "2018-01-16T07:00:00Z"
Plan: 1 to add, 0 to change, 0 to destroy.
```
Tests run as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 17:45:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_ -timeout 120m
=== RUN TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (140.94s)
=== RUN TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.17s)
=== RUN TestAccAWSAutoscalingSchedule_recurrence
--- PASS: TestAccAWSAutoscalingSchedule_recurrence (186.72s)
=== RUN TestAccAWSAutoscalingSchedule_zeroValues
--- PASS: TestAccAWSAutoscalingSchedule_zeroValues (167.73s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 674.530s
```
* provider/aws: data source for AWS Security Group
* provider/aws: add documentation for data source for AWS Security Group
* provider/aws: data source for AWS Security Group (improve if condition and syntax)
* fix fmt
* Add AWS Prefix List data source.
AWS Prefix List data source acceptance test.
AWS Prefix List data source documentation.
* Improve error message when PL not matched.
* Clean-up for Go 1.7+ version.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Validate regular expression passed via the `name_regex` attribute.
This commit adds a simple ValidateFunc to check whether the regular
expression that was passed down via the `name_regex` attribute is valid.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.
Changes:
- Adds new output attribute `configuration_endpoint_address`. Only
used in Redis when in cluster mode.
- Read the `snapshot_window` and `snapshot_retention_limit` from
the
replication group description instead of the cache cluster
description.
- Adds acceptance test and modifies an existing acceptance test to
make sure that everything is still good in non-cluster mode
- Updates docs to describe new output attribute
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.
For example:
```
resource "aws_iam_user" "u" {
name = "auser"
path = "/"
force_destroy = true
}
resource "aws_iam_user_login_profile" "u" {
user = "${aws_iam_user.u.name}"
pgp_key = "keybase:some_person_that_exists"
}
output "password" {
value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```
The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:
```
terraform output password | base64 --decode | keybase pgp decrypt
```
Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...
Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html
Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws37.121s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s
```
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:
```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```
We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
Clint