There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:
- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}
The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.
This fixes#9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.
This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
* Allow `active` state while waiting for the VPC Peering Connection.
This commit adds `active` as one of the valid states in which the VPC Peering
Connection can be when it being created.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add more valid states.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#9628Fixes#9298
When a route53_record alias is updated in the console, AWS prepends
`dualstack.` to the name. This is there incase IPV6 is wanted. It is
exactly the same without it as it is with it
In order to stop perpetual diffs, I introduced a normalizeFunc that will
that tke alias name and strip known issues:
* dualstack
* trailing dot
This normalize fun will continue to grow I'm sure
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/29 00:28:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (124.64s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (132.07s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (134.07s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (113.36s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (112.62s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (162.84s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (126.18s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (121.10s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (118.14s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (155.07s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (235.41s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
^[[C--- PASS: TestAccAWSRoute53Record_geolocation_basic (125.32s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (122.23s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (231.98s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (116.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 2131.526s
```
Before this fix, I was getting the following by recreating the code in
```
~ aws_route53_record.alias
alias.1563903989.evaluate_target_health: "true" => "false"
alias.1563903989.name: "9828-recreation-106795730.us-west-2.elb.amazonaws.com." => ""
alias.1563903989.zone_id: "Z1H1FL5HABSF5" => ""
alias.318754017.evaluate_target_health: "" => "true"
alias.318754017.name: "" => "9828-recreation-106795730.us-west-2.elb.amazonaws.com"
alias.318754017.zone_id: "" => "Z1H1FL5HABSF5"
Plan: 0 to add, 1 to change, 0 to destroy.
```
After this fix:
```
No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
When creating a CloudWatch Metric for an Application Load Balancer Target Group it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#8679
The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`
When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:
```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```
We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_' 130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 132.568s
```
The update of the test was causing a test failure - it was setting
desired_count to 1 when miz_size was set to 2 - this was causing a
perpetual diff in the test
Was failing due to using IAM user `test-name` as it was being used in
more than 1 place - this has been replaced by a random user and random
policy names now
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUserPolicyAttachment_basic' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 08:39:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUserPolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSUserPolicyAttachment_basic
--- PASS: TestAccAWSUserPolicyAttachment_basic (32.04s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 32.053s
```
Previously this resource (and, by extension, the aws_ami_copy and
aws_ami_from_instance resources that share much of its implementation)
was handling correctly the case where an AMI had been recently
deregistered, and was thus still returned from the API, but not correctly
dealing with the situation where the AMI has been removed altogether.
Now we additionally handle the NotFound error returned by the API when
we request a non-existent AMI, and remove the AMI from the state in the
same way we do for deregistered AMIs.
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#9654
Before the fix, I created an ASG with a schedule on it. Went to the AWS
console and deleted the schedule. A terraform plan looked as follows:
```
% terraform plan
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID:
terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID:
terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
Error refreshing state: 1 error(s) occurred:
* aws_autoscaling_schedule.foobar: Unable to find Autoscaling
* Scheduled Action: []*autoscaling.ScheduledUpdateGroupAction(nil)
```
After the fix:
```
terraform plan 1 ↵
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_autoscaling_schedule.foobar
arn: "<computed>"
autoscaling_group_name: "terraform-test-foobar5"
desired_capacity: "0"
end_time: "2018-01-16T13:00:00Z"
max_size: "0"
min_size: "0"
recurrence: "<computed>"
scheduled_action_name: "foobar"
start_time: "2018-01-16T07:00:00Z"
Plan: 1 to add, 0 to change, 0 to destroy.
```
Tests run as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 17:45:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_ -timeout 120m
=== RUN TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (140.94s)
=== RUN TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.17s)
=== RUN TestAccAWSAutoscalingSchedule_recurrence
--- PASS: TestAccAWSAutoscalingSchedule_recurrence (186.72s)
=== RUN TestAccAWSAutoscalingSchedule_zeroValues
--- PASS: TestAccAWSAutoscalingSchedule_zeroValues (167.73s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 674.530s
```
* provider/aws: data source for AWS Security Group
* provider/aws: add documentation for data source for AWS Security Group
* provider/aws: data source for AWS Security Group (improve if condition and syntax)
* fix fmt
* Add AWS Prefix List data source.
AWS Prefix List data source acceptance test.
AWS Prefix List data source documentation.
* Improve error message when PL not matched.
* Clean-up for Go 1.7+ version.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Validate regular expression passed via the `name_regex` attribute.
This commit adds a simple ValidateFunc to check whether the regular
expression that was passed down via the `name_regex` attribute is valid.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.
Changes:
- Adds new output attribute `configuration_endpoint_address`. Only
used in Redis when in cluster mode.
- Read the `snapshot_window` and `snapshot_retention_limit` from
the
replication group description instead of the cache cluster
description.
- Adds acceptance test and modifies an existing acceptance test to
make sure that everything is still good in non-cluster mode
- Updates docs to describe new output attribute
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.
For example:
```
resource "aws_iam_user" "u" {
name = "auser"
path = "/"
force_destroy = true
}
resource "aws_iam_user_login_profile" "u" {
user = "${aws_iam_user.u.name}"
pgp_key = "keybase:some_person_that_exists"
}
output "password" {
value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```
The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:
```
terraform output password | base64 --decode | keybase pgp decrypt
```
Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...
Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html
Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws37.121s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s
```
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:
```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```
We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
This commit is a maintenance change aimed at aligning file names so that they
fall in line with the established naming convention.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit changes the behaviour of the `ExistsFunc`, where by default
lack of a route table (e.g. already removed, etc.) would cause an error
to be thrown. This makes is hard to carry out any action e.g. plan,
refresh, or destroy, that rely on the route table existance check.
Also, make error messages a little better in terms of wording, etc.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Make sure to hash base64 decoded value since user_data might be given
either raw bytes or base64 value.
This helps https://github.com/hashicorp/terraform/issues/1887 somewhat
as now you can:
1) Update user_data in AWS console.
2) Respectively update user_data in terraform code.
3) Just refresh terraform state and it should not report any changes.
This commit adds a missing unit test for the API Gateway integration type
attribute validation helper, plus changes the way how value is inspected
to a simple lookup table. Additionally, changes the wording of the error
message, and adds invalid test cases to the HTTP method validation helper.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This pull request is intended to add a temporary control to Terraform to
output more verbose logging in the case of an AuthFailure error being
returned by the AWS API.
This commits changes the behaviour in a case there was an error while
interacting with EC2 tags related to the CloudFormation Distribution
resource, fixing the issue with nil pointer dereference when despite
an error being present code path to handle tags was executed.
Also, a small re-factor of the `validateHTTP` helper method,
and a unit test added for it.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
The Read func of the EIP has changed to set the `vpc` boolean value on
the response object having an Address. This is required as an EIP that
was specified, without a domain and then imported, would cause a
perpetual plan.
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIP_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 09:28:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEIP_ -timeout
120m
=== RUN TestAccAWSEIP_importEc2Classic
--- PASS: TestAccAWSEIP_importEc2Classic (116.16s)
=== RUN TestAccAWSEIP_importVpc
--- PASS: TestAccAWSEIP_importVpc (61.89s)
=== RUN TestAccAWSEIP_basic
--- PASS: TestAccAWSEIP_basic (18.86s)
=== RUN TestAccAWSEIP_instance
--- PASS: TestAccAWSEIP_instance (185.95s)
=== RUN TestAccAWSEIP_network_interface
--- PASS: TestAccAWSEIP_network_interface (63.20s)
=== RUN TestAccAWSEIP_twoEIPsOneNetworkInterface
--- PASS: TestAccAWSEIP_twoEIPsOneNetworkInterface (65.64s)
=== RUN TestAccAWSEIP_associated_user_private_ip
--- PASS: TestAccAWSEIP_associated_user_private_ip (201.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 713.072s
```
This commit resolves a regression introduced in #9033 that caused an
unfiltered image to be returned despite a search criteria being set
accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
use us-west-2 region in tests
update test with working config
provider/aws: Update EMR contribution with passing test, polling for instance in DELETE method
remove defaulted role
document emr_cluster
rename aws_emr -> aws_emr_cluster
update docs for name change
update delete timeout/polling
rename emr taskgroup to emr instance group
default instance group count to 0, down from 60
update to ref emr_cluster, emr_instance_group
more cleanups for instance groups; need to read and update
add read, delete method for instance groups
refactor the read method to seperate out the fetching of the specific group
more refactoring for finding instance groups
update emr instance group docs
err check on reading HTTP. Dont' return the error, just log it
refactor the create method to catch optionals
additional cleanups, added a read method
update test to be non-master-only
wrap up the READ method for clusters
poll for instance group to be running after a modification
patch up a possible deref
provider/aws: EMR cleanups
fix test naming
remove outdated docs
randomize emr_profile names
quick emr resize implementation
ass task group
not force new
add task group
check empty slices
clean up
rename to initial_instance_count
add task instance group as resource
cluster resize core group
clean up
add name option
log info
clean up
change log debug format
clean up
add missing security groups for master and slave
add bootstrap actions
add options for bootstrap action
add tags option
clean up
fix for tags array
support delimiters : =
bootstrap actions fix
add configurations item
load local or remote config
rename function
support multiple bootstrap actions
default value 0 for core group
follow aws api able to create a master only
tags use terraform tag schema
option item for log_uri
ec2_attribute as option
add emr task group accTests
add embedded json config
add embedded json config
add service_role and instance_profile
add partial state support for either the "TERMINATED" or "TERMINATED_WITH_ERRORS" state
not allowing to change name or instance_type for task group
"core_instance_type" change into "Optional" and "Computed"
apply MaxItems for ec2Attributes
remove all debug "fmt.Println"
clean up debug info and useless variable
Expose visible_to_all_users as an option, default will be true
remove debug info
logging should happen before setId("")
add hanChange checking first
clean up debug log
add some force new
double check the core group existed
add waiting and polling, until cluster up
testcase add EMR cluster id and status checking
clean up using common way to read ec2_attributes
The casing on the test name was causing it not to run with the entire
test suite
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSOpsworksStack' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/03 16:43:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksStack
-timeout 120m
=== RUN TestAccAWSOpsworksStackImportBasic
--- PASS: TestAccAWSOpsworksStackImportBasic (49.00s)
=== RUN TestAccAWSOpsworksStackNoVpc
--- PASS: TestAccAWSOpsworksStackNoVpc (36.10s)
=== RUN TestAccAWSOpsworksStackVpc
--- PASS: TestAccAWSOpsworksStackVpc (73.27s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws158.385s
```
As noticed in the acceptance tests, we were expecting the document to be
deleted but it was still found
```
=== RUN TestAccAWSSSMDocument_permission
--- FAIL: TestAccAWSSSMDocument_permission (5.60s)
testing.go:329: Error destroying resource! WARNING: Dangling
resources
may exist. The full state and error is shown below.
Error: Check failed: Expected AWS SSM
Document to be gone, but was still found
State: <no state>
```
Fixes#9108
When an aws_route53_record alias is created with terraform and then
modified via cli or console, terraform wasn't picking up the changes. I
had the following config:
```
resource "aws_route53_record" "alias" {
zone_id = "${aws_route53_zone.main.zone_id}"
name = "www"
type = "A"
alias {
zone_id = "${aws_elb.main.zone_id}"
name = "${aws_elb.main.dns_name}"
evaluate_target_health = true
}
}
```
I changed the evaluate_health_target on the AWS console and terraform plan showed me this:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_route53_zone.main: Refreshing state... (ID: Z32Z9B1UPAIP6X)
aws_elb.main: Refreshing state... (ID: foobar-terraform-elb-1111)
aws_route53_record.alias: Refreshing state... (ID: Z32Z9B1UPAIP6X_www_A)
No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
When rebuilding the provider with the changes in the PR, a terraform plan then looks as follows:
```
% terraform plan
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
[WARN] /Users/stacko/Code/go/bin/terraform-provider-azurerm overrides an internal plugin for azurerm-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_route53_zone.main: Refreshing state... (ID: Z32Z9B1UPAIP6X)
aws_elb.main: Refreshing state... (ID: foobar-terraform-elb-1111)
aws_route53_record.alias: Refreshing state... (ID: Z32Z9B1UPAIP6X_www_A)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
~ aws_route53_record.alias
alias.1050468691.evaluate_target_health: "" => "true"
alias.1050468691.name: "" => "foobar-terraform-elb-1111-522021794.us-west-2.elb.amazonaws.com"
alias.1050468691.zone_id: "" => "Z1H1FL5HABSF5"
alias.2906616344.evaluate_target_health: "false" => "false"
alias.2906616344.name: "foobar-terraform-elb-1111-522021794.us-west-2.elb.amazonaws.com." => ""
alias.2906616344.zone_id: "Z1H1FL5HABSF5" => ""
Plan: 0 to add, 1 to change, 0 to destroy.
```
the apply then changed the target back to true
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/29 18:17:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (120.63s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (131.81s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (128.40s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (120.06s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (114.02s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (165.54s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (118.10s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (128.10s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (132.62s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (132.12s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (237.92s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (121.95s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (123.40s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (198.24s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (119.68s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws2092.597s
```
Initial tests were failing as follows:
```
=== RUN TestAccAWSElasticacheCluster_importBasic
--- FAIL: TestAccAWSElasticacheCluster_importBasic (362.66s)
testing.go:265: Step 1 error: ImportStateVerify attributes not
equivalent. Difference is shown below. Top is actual, bottom is
expected.
(map[string]string) {
}
(map[string]string) (len=2) {
(string) (len=20) "parameter_group_name": (string) (len=20)
"default.memcached1.4",
(string) (len=22) "security_group_names.#":
(string) (len=1) "0"
}
FAIL
exit status 1
```
The import of ElastiCache clusters helped to point out 3 things:
1. Currently, we were trying to set the parameter_group_name as follows:
```
d.Set("parameter_group_name", c.CacheParameterGroup)
```
Unfortunately, c.CacheParameterGroup is a struct not a string. This was
causing the test import failure. So this had to be replaced as follows:
```
if c.CacheParameterGroup != nil {
d.Set("parameter_group_name", c.CacheParameterGroup.CacheParameterGroupName)
}
```
2. We were trying to set the security_group_names as follows:
```
d.Set("security_group_names", c.CacheSecurityGroups)
```
The CacheSecurityGroups was actually a []* so had to be changed to work
as follows:
```
if len(c.CacheSecurityGroups) > 0 {
d.Set("security_group_names",
flattenElastiCacheSecurityGroupNames(c.CacheSecurityGroups))
}
```
3. We were trying to set the security_group_ids as follows:
```
d.Set("security_group_ids", c.SecurityGroups)
```
This is another []* and needs to be changed as follows:
```
if len(c.SecurityGroups) > 0 {
d.Set("security_group_ids",
flattenElastiCacheSecurityGroupIds(c.SecurityGroups))
}
```
This then allows the import test to pass as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheCluster_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 10:59:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheCluster_importBasic -timeout 120m
=== RUN TestAccAWSElasticacheCluster_importBasic
--- PASS: TestAccAWSElasticacheCluster_importBasic (351.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 351.981s
```
As a final test, I ran the basic ElastiCache cluster creation to make
sure all passed as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheCluster_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 11:05:51 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheCluster_basic -timeout 120m
=== RUN TestAccAWSElasticacheCluster_basic
--- PASS: TestAccAWSElasticacheCluster_basic (809.25s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 809.267s
```
Fixes#8597
There was sometimes an issue where Terraform was deleting the ECR
repository from the statefile before the reposity was actually deleted.
Added retry logic for Terraform to wait for the repository to be deleted
before proceeding with the statefile update
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcrRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 12:46:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (17.86s)
=== RUN TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (16.40s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 34.288s
```
aws_elasticache_replication_group caused a panic
Fixes#9097
The update for `parameter_group_name` was trying to find the incorrect
value to set `cache_parameter_group_name` - this is what was causing the
panic
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_updateParameterGroup'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/28 11:17:30 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheReplicationGroup_updateParameterGroup -timeout
120m
=== RUN TestAccAWSElasticacheReplicationGroup_updateParameterGroup
--- PASS: TestAccAWSElasticacheReplicationGroup_updateParameterGroup
(903.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws903.931s
```
values
Fixes#8332
Not all option_group parameters have values. For example, when you
enable the MariaDB option_group, some of the settings have empty values
(see screenshot)
This PR adds a safety net on reading those values back to the statefile
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBOptionGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 13:55:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBOptionGroup_ -timeout 120m
=== RUN TestAccAWSDBOptionGroup_importBasic
--- PASS: TestAccAWSDBOptionGroup_importBasic (20.12s)
=== RUN TestAccAWSDBOptionGroup_basic
--- PASS: TestAccAWSDBOptionGroup_basic (18.45s)
=== RUN TestAccAWSDBOptionGroup_basicDestroyWithInstance
--- PASS: TestAccAWSDBOptionGroup_basicDestroyWithInstance (597.90s)
=== RUN TestAccAWSDBOptionGroup_OptionSettings
--- PASS: TestAccAWSDBOptionGroup_OptionSettings (33.27s)
=== RUN TestAccAWSDBOptionGroup_sqlServerOptionsUpdate
--- PASS: TestAccAWSDBOptionGroup_sqlServerOptionsUpdate (33.39s)
=== RUN TestAccAWSDBOptionGroup_multipleOptions
--- PASS: TestAccAWSDBOptionGroup_multipleOptions (19.87s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 723.037s
```
Fixes#6758
We used to throw an error when this was the case - we should refresh
from state so the association can be recreated
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIPAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 16:42:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEIPAssociation_ -timeout 120m
=== RUN TestAccAWSEIPAssociation_basic
--- PASS: TestAccAWSEIPAssociation_basic (272.92s)
=== RUN TestAccAWSEIPAssociation_disappears
--- PASS: TestAccAWSEIPAssociation_disappears (119.62s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws392.559s
```
Fixes#9025
We were assuming there would always be a changeInfo record and then
dereferencing the ID. This wasn't always the case (As noted in #9025)
where it was a delete rather than a delete / create action
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 11:26:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (114.99s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (126.64s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (113.25s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (112.89s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (113.29s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (163.05s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (121.15s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (117.06s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (116.97s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (138.79s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (241.48s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (132.51s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (121.29s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (189.31s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (127.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
2050.012s
```