Commit Graph

3322 Commits

Author SHA1 Message Date
Martin Atkins 145bf42806 provider/aws: IAM policy document: normalize wildcard principals
There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:

- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}

The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.

This fixes #9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.

This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
2016-11-01 08:46:34 -07:00
Paul Stack aaece37ec9 provider/aws: Adding a datasource for aws_ebs_volume (#9753)
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN   TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN   TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
2016-11-01 14:15:31 +00:00
Krzysztof Wilczynski 6f02a2df55 provider/aws: Allow `active` state while waiting for the VPC Peering Connection. (#9754)
* Allow `active` state while waiting for the VPC Peering Connection.

This commit adds `active` as one of the valid states in which the VPC Peering
Connection can be when it being created.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add more valid states.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-11-01 09:51:46 +00:00
Paul Stack 98c385723c provider/aws: Fix aws_route53_record alias perpetual diff (#9704)
Fixes #9628
Fixes #9298

When a route53_record alias is updated in the console, AWS prepends
`dualstack.` to the name. This is there incase IPV6 is wanted. It is
exactly the same without it as it is with it

In order to stop perpetual diffs, I introduced a normalizeFunc that will
that tke alias name and strip known issues:

* dualstack
* trailing dot

This normalize fun will continue to grow I'm sure

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'                                         ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/29 00:28:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (124.64s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (132.07s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (134.07s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (113.36s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (112.62s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (162.84s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (126.18s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (121.10s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (118.14s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (155.07s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (235.41s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
^[[C--- PASS: TestAccAWSRoute53Record_geolocation_basic (125.32s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (122.23s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (231.98s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (116.48s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	2131.526s
```

Before this fix, I was getting the following by recreating the code in

```
~ aws_route53_record.alias
    alias.1563903989.evaluate_target_health: "true" => "false"
    alias.1563903989.name:                   "9828-recreation-106795730.us-west-2.elb.amazonaws.com." => ""
    alias.1563903989.zone_id:                "Z1H1FL5HABSF5" => ""
    alias.318754017.evaluate_target_health:  "" => "true"
    alias.318754017.name:                    "" => "9828-recreation-106795730.us-west-2.elb.amazonaws.com"
    alias.318754017.zone_id:                 "" => "Z1H1FL5HABSF5"

Plan: 0 to add, 1 to change, 0 to destroy.
```

After this fix:

```

No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
2016-10-31 19:18:00 +00:00
Anshul Sharma 6432bb546c Added AWS Resource WAF SqlInjectionMatchSet (#9709) 2016-10-31 17:51:47 +00:00
Paul Stack fdabf59380 provider/aws: Expose ARN suffix on ALB Target Group (#9734)
When creating a CloudWatch Metric for an Application Load Balancer Target Group  it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
2016-10-31 17:05:06 +00:00
Paul Stack ed49da8bb1 provider/aws: Add support for reference_name to aws_route53_health_check (#9737)
Fixes #8679

The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`

When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:

```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```

We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_'                              130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN   TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN   TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN   TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN   TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN   TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN   TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	132.568s
```
2016-10-31 16:00:40 +00:00
Clint f446f7f2be Merge pull request #9667 from hashicorp/b-aws-lambda-mutex
provider/aws: Limit AWS Lambda source uploads
2016-10-31 08:51:08 -05:00
Paul Stack 92f48ad243 provider/aws: Update aws_appautoscaling_target_test (#9736)
The update of the test was causing a test failure - it was setting
desired_count to 1 when miz_size was set to 2 - this was causing a
perpetual diff in the test
2016-10-31 10:40:35 +00:00
Paul Stack 3accd5485a provider/aws: Make iam_user_policy_attachment_test work as expected: (#9733)
Was failing due to using IAM user `test-name` as it was being used in
more than 1 place - this has been replaced by a random user and random
policy names now

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUserPolicyAttachment_basic'                                                                               2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 08:39:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUserPolicyAttachment_basic -timeout 120m
=== RUN   TestAccAWSUserPolicyAttachment_basic
--- PASS: TestAccAWSUserPolicyAttachment_basic (32.04s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	32.053s
```
2016-10-31 09:52:38 +00:00
Martin Atkins ea0bc04277 provider/aws: aws_ami: handle deletion of AMIs (#9721)
Previously this resource (and, by extension, the aws_ami_copy and
aws_ami_from_instance resources that share much of its implementation)
was handling correctly the case where an AMI had been recently
deregistered, and was thus still returned from the API, but not correctly
dealing with the situation where the AMI has been removed altogether.

Now we additionally handle the NotFound error returned by the API when
we request a non-existent AMI, and remove the AMI from the state in the
same way we do for deregistered AMIs.
2016-10-31 09:51:59 +00:00
Anshul Sharma 625e747359 Added AWS Resource WAF XssMatchSet (#9710) 2016-10-31 08:51:08 +00:00
Masayuki Morita eb1a58d966 Update doc: aws_iam_user with force_destroy deletes IAM User Login Profile (#9716)
refs: https://github.com/hashicorp/terraform/pull/9583
2016-10-29 16:20:18 +01:00
Clint 01e8bd1f70 provider/aws: Fix import of RouteTable with destination prefixes (#9686)
* add test failure

* provider/aws: Skip import of routes that contain destination prefix ids
2016-10-29 01:01:17 +02:00
Anshul Sharma cc8f11138f Added AWS Resource WAF SizeConstraintSet (#9689) 2016-10-29 00:58:37 +02:00
Andras Ferencz-Szabo 46cb7b4710 Allow underscores in IAM user and group names (#9684)
* Allow underscores in IAM user and group names

* Add notes to iam_user and iam_group docs that names are not distinguished by case
2016-10-28 14:40:04 +02:00
Anshul Sharma afc603c0f8 Added AWS Resource WAF ByteMatchSet (#9681) 2016-10-28 14:36:16 +02:00
Liam Bennett 8fee7642a9 New AWS resource `ssm_activation` (#9111)
Adding a new resource to support activation of managed instances for
on-premise virtual-machines.
2016-10-28 11:59:12 +02:00
Krzysztof Wilczynski a078b893d6 Add support for `AutoMinorVersionUpgrade` to aws_elasticache_replication_group resource. (#9657)
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-28 00:08:14 +01:00
clint shryock b33d605cb0 provider/aws: Limit AWS Lambda source uploads 2016-10-27 14:41:20 -05:00
Paul Stack de6b51f8f9 provider/aws: Refresh aws_autoscaling_schedule from state on 404 (#9659)
Fixes #9654

Before the fix, I created an ASG with a schedule on it. Went to the AWS
console and deleted the schedule. A terraform plan looked as follows:

```
% terraform plan
    See https://www.terraform.io/docs/internals/internal-plugins.html
    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but
    will not be persisted to local or remote state storage.

    aws_launch_configuration.foobar: Refreshing state... (ID:
    terraform-test-foobar5)
    aws_autoscaling_group.foobar: Refreshing state... (ID:
    terraform-test-foobar5)
    aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
    Error refreshing state: 1 error(s) occurred:

    * aws_autoscaling_schedule.foobar: Unable to find Autoscaling
    * Scheduled Action: []*autoscaling.ScheduledUpdateGroupAction(nil)
```

After the fix:

```
terraform plan                                                                                                                           1 ↵
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_launch_configuration.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_autoscaling_schedule.foobar
    arn:                    "<computed>"
    autoscaling_group_name: "terraform-test-foobar5"
    desired_capacity:       "0"
    end_time:               "2018-01-16T13:00:00Z"
    max_size:               "0"
    min_size:               "0"
    recurrence:             "<computed>"
    scheduled_action_name:  "foobar"
    start_time:             "2018-01-16T07:00:00Z"

Plan: 1 to add, 0 to change, 0 to destroy.
```

Tests run as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_'                                               2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 17:45:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_ -timeout 120m
=== RUN   TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (140.94s)
=== RUN   TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.17s)
=== RUN   TestAccAWSAutoscalingSchedule_recurrence
--- PASS: TestAccAWSAutoscalingSchedule_recurrence (186.72s)
=== RUN   TestAccAWSAutoscalingSchedule_zeroValues
--- PASS: TestAccAWSAutoscalingSchedule_zeroValues (167.73s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	674.530s
```
2016-10-27 18:39:15 +01:00
Mathieu Herbert 7f9baf7009 provider/aws: data source for AWS Security Group (#9604)
* provider/aws: data source for AWS Security Group

* provider/aws: add documentation  for data source for AWS Security Group

* provider/aws: data source for AWS Security Group (improve if condition and syntax)

* fix fmt
2016-10-27 18:17:58 +01:00
Kit Ewbank 3818720fd4 provider/aws: Data source to provides details about a specific AWS prefix list (#9566)
* Add AWS Prefix List data source.

AWS Prefix List data source acceptance test.

AWS Prefix List data source documentation.

* Improve error message when PL not matched.
2016-10-27 14:58:24 +01:00
Anshul Sharma bc42229b3d Added WAF ACL Resource (#8852) 2016-10-27 12:54:36 +01:00
stack72 b3a0145d8c
provider/aws: Fixing the acceptance test for ALB AccessLogs Enabling
toggle

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSALB_'
% ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 12:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (61.86s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (63.51s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (61.93s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (95.84s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (60.01s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (156.99s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws500.162s
```
2016-10-27 12:12:00 +01:00
stack72 54cca9b4fb
Merge branch 'master' of https://github.com/jvasallo/terraform into jvasallo-master 2016-10-27 11:00:48 +01:00
James Nugent 54e4deb3e3 provider/aws: Suceed deleting bucket policy on err (#9641)
If there is no bucket, a bucket policy can be counted as successfully
deleted.
2016-10-26 23:16:54 +01:00
Krzysztof Wilczynski 44614c6765 provider/aws: Validate regular expression passed via the `name_regex` attribute. (#9622)
* Clean-up for Go 1.7+ version.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Validate regular expression passed via the `name_regex` attribute.

This commit adds a simple ValidateFunc to check whether the regular
expression that was passed down via the `name_regex` attribute is valid.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-26 12:09:14 +01:00
James Nugent eb17741d26 Merge pull request #9605 from hashicorp/keybase-aws-login-profile
provider/aws: aws_iam_user_login_profile resource
2016-10-25 20:09:42 -05:00
dario-simonetti dbdaf20a19 provider/aws: fix aws_elasticache_replication_group for Redis in cluster mode (#9601)
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.

Changes:
 - Adds new output attribute `configuration_endpoint_address`. Only
   used in Redis when in cluster mode.
 - Read the `snapshot_window` and `snapshot_retention_limit` from
   the
   replication group description instead of the cache cluster
   description.
 - Adds acceptance test and modifies an existing acceptance test to
   make sure that everything is still good in non-cluster mode
 - Updates docs to describe new output attribute
2016-10-25 23:59:54 +01:00
James Nugent e5bda11a2d provider/aws: Add tests with bad keys
Add a test with a bad explicitly specified GPG key and a keybase user
(that we own) with no public keys.
2016-10-25 16:27:34 -05:00
James Nugent 2e046232a0 provider/aws: Add Login Profile acceptance tests 2016-10-25 16:16:57 -05:00
James Nugent e5fb6c9b23 provider/aws: Don't fail if login profile exists
If an IAM user already has a login profile, we bring it under management
- we will NOT modify it - but we cannot set the password.
2016-10-25 13:22:14 -05:00
James Nugent dba3ec2f5d provider/aws: Adhere to policy for login profiles
This commit modifies password generation such that it is highly likely
to match any AWS password policy.
2016-10-25 12:57:35 -05:00
James Nugent 513c2f9720 provider/aws: aws_iam_user_login_profile resource
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.

For example:

```
resource "aws_iam_user" "u" {
        name = "auser"
        path = "/"
        force_destroy = true
}

resource "aws_iam_user_login_profile" "u" {
        user = "${aws_iam_user.u.name}"
        pgp_key = "keybase:some_person_that_exists"
}

output "password" {
	value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```

The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:

```
terraform output password | base64 --decode | keybase pgp decrypt
```

Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
2016-10-25 12:08:50 -05:00
ddcprg 47e079b77b Support for Service Access Security Group 2016-10-25 16:55:09 +01:00
Ninir ef5ceb9681 Exposed aws_api_gw_domain_name.certificate_upload_date attribute (#9533) 2016-10-25 16:07:08 +01:00
Paul Stack c7935a0fd2 Merge pull request #9584 from hashicorp/aws-iam-group-name-validation
provider/aws: Add validation to IAM User and Group Name
2016-10-25 14:23:17 +01:00
Paul Stack df18307662 Merge pull request #9583 from hashicorp/aws-iam-delete-force_destroy
provider/aws: Delete Loging Profile from IAM User on force_destroy
2016-10-25 14:14:49 +01:00
stack72 79557bca80
provider/aws: Add validation to IAM User and Group Name
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...

Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html

Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN   TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN   TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws37.121s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'                                                                 ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	39.710s
```
2016-10-25 13:18:41 +01:00
stack72 2dcc6b8ef0
provider/aws: Delete Loging Profile from IAM User on force_destroy
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:

```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
    status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```

We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
2016-10-25 12:56:30 +01:00
Paul Stack a65dc539ac Merge pull request #9504 from hashicorp/aws-redshift-sng-tags
provider/aws: Add tagging support to aws_redshift_subnet_group
2016-10-25 11:48:16 +01:00
Clint 0c4526fbad Merge pull request #9561 from hashicorp/b-aws-vpc-endpoint-refresh
provider/aws: Remove VPC Endpoint from state if it's not found
2016-10-24 14:25:21 -05:00
clint shryock 85dd379974 provider/aws: Remove VPC Endpoint from state if it's not found 2016-10-24 14:17:58 -05:00
clint shryock c014dac279 provider/aws: Make associate_public_ip_address computed 2016-10-24 11:24:54 -05:00
stack72 52f2717bfb
provider/aws: Add tagging support to aws_redshift_subnet_group
Fixes #9492

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSubnetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/21 17:16:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftSubnetGroup_ -timeout 120m
=== RUN   TestAccAWSRedshiftSubnetGroup_importBasic
--- PASS: TestAccAWSRedshiftSubnetGroup_importBasic (86.54s)
=== RUN   TestAccAWSRedshiftSubnetGroup_basic
--- PASS: TestAccAWSRedshiftSubnetGroup_basic (85.50s)
=== RUN   TestAccAWSRedshiftSubnetGroup_updateSubnetIds
--- PASS: TestAccAWSRedshiftSubnetGroup_updateSubnetIds (140.01s)
=== RUN   TestAccAWSRedshiftSubnetGroup_tags
--- PASS: TestAccAWSRedshiftSubnetGroup_tags (136.02s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	448.075
```
2016-10-24 13:44:46 +01:00
Radek Simko eda1298e21 provider/aws: Increase ECS service drain timeout (#9521) 2016-10-22 14:16:59 +01:00
Clint dcbcde4b82 Merge pull request #8893 from dennis-bsi/fix-asg-policy-to-0
provider/aws: aws_autoscaling_policy fails when setting scaling_adjustment to 0 for SimpleScaling
2016-10-21 16:17:16 -05:00
Clint 6f7e9ac4dd Merge pull request #9511 from dennis-bsi/aws-redshift-sng-name-validation
provider/aws: limiting aws_redshift_subnet_group name to alphanumeric and hyphens
2016-10-21 14:35:53 -05:00
Clint 88925eb939 Merge pull request #9515 from dennis-bsi/aws-redshift-sng-description-update
provider/aws: aws_redshift_subnet_group allows description to be modified
2016-10-21 14:32:34 -05:00
Dennis Webb dac69b7919 fixing issue where changing only the description only didn't actually update on AWS 2016-10-21 12:14:41 -05:00
Clint 34b21083ee Merge pull request #8983 from 987poiuytrewq/b-aws-beanstalk-option-updates
provider/aws: fix option updates to beanstalk
2016-10-21 11:43:43 -05:00
clint shryock 3fbf01ea1b provider/aws: Bump AWS Route retry to 2 minutes, up from 15 seconds 2016-10-21 11:36:51 -05:00
Dennis Webb 05783ca044 limiting subnetgroup name to alphanumeric and hyphens 2016-10-21 11:28:48 -05:00
Paul Stack 7d7da4b6b6 Merge pull request #9456 from kwilczynski/feature/rename-file-aws_availability_zones
provider/aws: Rename the file to match the naming scheme.
2016-10-21 14:38:03 +04:00
clint shryock aa9c420586 slight rename and sorting of test 2016-10-20 16:16:01 -05:00
Clint e6c2b7f19c Merge pull request #9357 from mrwacky42/f/vpce-empty-rtb
Allow empty route_table_ids list in aws_vpc_endpoint resources
2016-10-20 16:13:06 -05:00
Krzysztof Wilczynski 219efaa64f
Rename the file to match the naming scheme.
This commit is a maintenance change aimed at aligning file names so that they
fall in line with the established naming convention.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-19 16:34:35 +01:00
Clint 7b9e58423c Merge pull request #9453 from tomwilkie/8187-import-associate_public_ip_address
Infer aws_instance.associate_public_ip_address from the presence of a network interface association.
2016-10-19 10:24:34 -05:00
Tom Wilkie e79ebfc113 Infer aws_instance.associate_public_ip_address from the presence of a network interface association. 2016-10-19 16:16:04 +01:00
clint shryock bdb60893d5 provider/aws: Update ElastiCache tests to redis 3.2 2016-10-19 09:48:15 -05:00
clint shryock 70eb45d1e9 provider/aws: Update ElasticCache cluster redis params for new default 2016-10-19 09:43:27 -05:00
clint shryock e90fa6abd4 provider/aws: Tidy up IAM user acc tests 2016-10-19 09:22:27 -05:00
James Nugent 0c4b4a1970 Merge pull request #9429 from hashicorp/f-aws-new-region
aws: Add missing metadata for us-east-2
2016-10-18 07:44:01 -05:00
Krzysztof Wilczynski b74de12bd6
Handle the case where Route Table is already gone.
This commit changes the behaviour of the `ExistsFunc`, where by default
lack of a route table (e.g. already removed, etc.) would cause an error
to be thrown. This makes is hard to carry out any action e.g. plan,
refresh, or destroy, that rely on the route table existance check.

Also, make error messages a little better in terms of wording, etc.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-18 11:56:47 +01:00
Radek Simko 4b36bc3210
aws: Add missing metadata for us-east-2 2016-10-18 09:31:57 +01:00
Matt Moyer 2b9f5f5f6f Add support for AWS US East (Ohio) region. 2016-10-17 15:48:18 -05:00
James Bardin 7478b7a914 Merge pull request #9369 from hashicorp/jbardin/TestBuildEC2AttributeFilterList
Make buildEC2AttributeFilterList output sorted
2016-10-17 12:34:34 -04:00
Tom Wilkie 08c5d2a939 Read back aws_launch_configuration's associate_public_ip_address field, to enable importing. 2016-10-17 09:12:25 -05:00
@tmshn 8ec06e82b6 Added "arn" attribute to AWS Lambda alias 2016-10-16 21:43:44 +09:00
James Bardin 7d0ed45ec9 Make buildEC2AttributeFilterList output sorted
Makes the output deterministic
2016-10-14 12:22:45 -04:00
Clint 46ee2ef51a Merge pull request #6819 from hashicorp/f-aws-vpc-data-sources
provider/aws: data sources for AWS network planning
2016-10-13 14:17:55 -05:00
Sharif Nassar 84d943fc82 Allow empty route_table_ids in aws_vpc_endpoint 2016-10-13 10:41:38 -07:00
clint shryock b2b886db43 provider/aws: Poll to confirm delete of resource_aws_customer_gateway 2016-10-12 17:41:03 -05:00
Modestas Vainius 7385fa9eac provider/aws: Support refresh of EC2 instance user_data.
Make sure to hash base64 decoded value since user_data might be given
either raw bytes or base64 value.

This helps https://github.com/hashicorp/terraform/issues/1887 somewhat
as now you can:

1) Update user_data in AWS console.
2) Respectively update user_data in terraform code.
3) Just refresh terraform state and it should not report any changes.
2016-10-12 15:19:25 -05:00
clint shryock 77d76a69ba provider/aws: Bump Directory Service creation timeout to 45m 2016-10-12 09:47:39 -05:00
Carlos Sanchez ed37eae52b [AWS] Retry setTags operation 2016-10-11 15:38:25 -05:00
Justin Nauman be523d3792 Fixes #6076 - Adjusts check to allow for instance-id reset on aws_route 2016-10-11 15:35:03 -05:00
Herkermer Sherwood e81d06d505 Remove If-Match check and update ETag in state based on HeadObject
Fixes #4805
2016-10-11 11:43:33 -05:00
James Nugent ad57b445e9 Merge pull request #9273 from jmcarp/issue-5307
Parse AWS partition from ARN.
2016-10-11 11:31:04 -05:00
Kazunori Kojima dd2e9a5caa provider/aws: Fix cause error when re-apply specified together `etag` and `kms_key_id` 2016-10-11 11:11:30 -05:00
Krzysztof Wilczynski 6393ad743f Add missing unit test and re-factor for clarity.
This commit adds a missing unit test for the API Gateway integration type
attribute validation helper, plus changes the way how value is inspected
to a simple lookup table. Additionally, changes the wording of the error
message, and adds invalid test cases to the HTTP method validation helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-11 08:17:05 -05:00
James Nugent 52f4e23ac3 provider/aws: Add extra logging on AuthFailure
This pull request is intended to add a temporary control to Terraform to
output more verbose logging in the case of an AuthFailure error being
returned by the AWS API.
2016-10-10 17:26:30 -04:00
Joel Vasallo 7dd376216b Added documentation around access_logs enabled and reverted default
value to true
2016-10-10 10:05:13 -05:00
Joel Vasallo f290a3a955 ALB: Enabled s3.enabled and changed default value of s3.enabled
- Disabled access logs by default
- Enabled case to set value of s3.enabled
2016-10-10 09:46:28 -05:00
Joel Vasallo 16c1366e63 Reverted alb false logic to be a string instead of converted bool to
string
2016-10-09 22:09:41 -05:00
Krzysztof Wilczynski 70a90cc1f4 Handle EC2 tags related errors in CloudFront Distribution resource. (#9298)
This commits changes the behaviour in a case there was an error while
interacting with EC2 tags related to the CloudFormation Distribution
resource, fixing the issue with nil pointer dereference when despite
an error being present code path to handle tags was executed.

Also, a small re-factor of the `validateHTTP` helper method,
and a unit test added for it.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-09 20:51:16 +02:00
Joshua Carp a8e68ab25e Add partition to remaining ARN builders. 2016-10-08 00:52:50 -04:00
Joel Vasallo e00b2448d8 Fixed alb access_log enabled type to match that of aws-sdk-go 2016-10-07 19:32:19 -05:00
Joel Vasallo a4743eac33 Enable/Disable option for ALB Access Logs 2016-10-07 18:41:54 -05:00
Paul Stack 181fd25ee4 Merge pull request #9009 from hashicorp/tests-aws-import-eip
provider/aws: Add some tests for the Import for aws_eip
2016-10-07 16:25:41 +01:00
stack72 5479e178b9
provider/aws: Add some tests for the Import for aws_eip
The Read func of the EIP has changed to set the `vpc` boolean value on
the response object having an Address. This is required as an EIP that
was specified, without a domain and then imported, would cause a
perpetual plan.

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIP_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 09:28:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEIP_ -timeout
120m
=== RUN   TestAccAWSEIP_importEc2Classic
--- PASS: TestAccAWSEIP_importEc2Classic (116.16s)
=== RUN   TestAccAWSEIP_importVpc
--- PASS: TestAccAWSEIP_importVpc (61.89s)
=== RUN   TestAccAWSEIP_basic
--- PASS: TestAccAWSEIP_basic (18.86s)
=== RUN   TestAccAWSEIP_instance
--- PASS: TestAccAWSEIP_instance (185.95s)
=== RUN   TestAccAWSEIP_network_interface
--- PASS: TestAccAWSEIP_network_interface (63.20s)
=== RUN   TestAccAWSEIP_twoEIPsOneNetworkInterface
--- PASS: TestAccAWSEIP_twoEIPsOneNetworkInterface (65.64s)
=== RUN   TestAccAWSEIP_associated_user_private_ip
--- PASS: TestAccAWSEIP_associated_user_private_ip (201.34s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    713.072s
```
2016-10-07 16:21:11 +01:00
Paul Stack dd66af0fa0 Merge pull request #8701 from steveh/feature/aws-billing-service-account
provider/aws: Add AWS Billing & Cost Management service account
2016-10-07 13:34:51 +01:00
Paul Stack 1b2f553d52 Merge pull request #9277 from kwilczynski/fix/return-correct-image-data_source_aws_ami
provider/aws: Fix. Return correct AMI image when `most_recent` is set to `true`.
2016-10-07 12:26:29 +01:00
Krzysztof Wilczynski 664c788b26
Fix. Return correct AMI image when `most_recent` is set to `true`.
This commit resolves a regression introduced in #9033 that caused an
unfiltered image to be returned despite a search criteria being set
accordingly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-07 12:05:54 +01:00
DJ Home 56f35dd67d
Add ability to import AWS OpsWorks Custom Layers 2016-10-07 11:57:11 +01:00
Joshua Carp 1f8c2e4c69 Parse AWS partition from ARN.
[Resolves #5307]
2016-10-07 00:08:30 -04:00
Krzysztof Wilczynski 1260b3a9b5
Add new "ANY" as valid HTTP method to API Gateway validator.
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-06 16:11:45 +01:00
clint shryock dad6face2b re-go-fmt after rebase
use us-west-2 region in tests

update test with working config

provider/aws: Update EMR contribution with passing test, polling for instance in DELETE method

remove defaulted role

document emr_cluster

rename aws_emr -> aws_emr_cluster

update docs for name change

update delete timeout/polling

rename emr taskgroup to emr instance group

default instance group count to 0, down from 60

update to ref emr_cluster, emr_instance_group

more cleanups for instance groups; need to read and update

add read, delete method for instance groups

refactor the read method to seperate out the fetching of the specific group

more refactoring for finding instance groups

update emr instance group docs

err check on reading HTTP. Dont' return the error, just log it

refactor the create method to catch optionals

additional cleanups, added a read method

update test to be non-master-only

wrap up the READ method for clusters

poll for instance group to be running after a modification

patch up a possible deref

provider/aws: EMR cleanups

fix test naming

remove outdated docs

randomize emr_profile names
2016-10-05 14:30:16 -05:00
Brian Chen ad8679e916 basic emr implementation
quick emr resize implementation

ass task group

not force new

add task group

check empty slices

clean up

rename to initial_instance_count

add task instance group as resource

cluster resize core group

clean up

add name option

log info

clean up

change log debug format

clean up

add missing security groups for master and slave

add bootstrap actions

add options for bootstrap action

add tags option

clean up

fix for tags array

support delimiters : =

bootstrap actions fix

add configurations item

load local or remote config

rename function

support multiple bootstrap actions

default value 0 for core group

follow aws api able to create a master only

tags use terraform tag schema

option item for log_uri

ec2_attribute as option

add emr task group accTests

add embedded json config

add embedded json config

add service_role and instance_profile

add partial state support for either the "TERMINATED" or "TERMINATED_WITH_ERRORS" state

not allowing to change name or instance_type for task group

"core_instance_type" change into "Optional" and  "Computed"

apply MaxItems for ec2Attributes

remove all debug "fmt.Println"

clean up debug info and useless variable

Expose visible_to_all_users as an option, default will be true

remove debug info

logging should happen before setId("")

add hanChange checking first

clean up debug log

add some force new

double check the core group existed

add waiting and polling, until cluster up

testcase add EMR cluster id and status checking

clean up using common way to read ec2_attributes
2016-10-05 14:30:16 -05:00
clint shryock 5b87cd49a9 provider/aws: Update EFS resource to read performance mode and creation_token 2016-10-05 13:48:35 -05:00
Clint e2c74fce7f Merge pull request #9230 from lifesum/route53_healthcheck
provider/aws - Add update support for `search_string` in aws_cloudwatch_metric_alarm
2016-10-05 08:52:34 -05:00
Alexander Hellbom f6c66025cc Add update support for `search_string` 2016-10-05 13:25:00 +02:00
Paul Stack aa97ebd0e7 Merge pull request #9220 from AMeng/import-db-event-sub
provider/aws: Import aws_db_event_subscription
2016-10-05 01:03:53 +01:00
AMeng b7fae4028c provider/aws: Import aws_db_event_subscription 2016-10-04 15:24:30 -06:00
Michael Henry ad8bff98bb Extract integration type validator 2016-10-04 12:51:18 -04:00
Michael Henry 71b62d83b2 Allow new aws api-gateway integration types
The added types are 'AWS_PROXY' for integrating with lambdas and
'HTTP_PROXY' for integrating via http.

See http://docs.aws.amazon.com/apigateway/api-reference/resource/integration/
2016-10-04 12:23:04 -04:00
Paul Stack 60f0603f1c Merge pull request #9175 from PayscaleNateW/provider/aws/fix-acceptance-test-log-bucket
Provider/aws/fix acceptance test log bucket
2016-10-04 00:07:52 +01:00
Nathaniel Weinstein ff6469be89 Made import and base s3origin tests more independent, by supplying different random ints to each of their test runs 2016-10-03 15:11:46 -07:00
Paul Stack 2d90f8a91c Merge pull request #9140 from hashicorp/import-aws-elasticache_replication_groups
provider/aws: Support Import of AWS elasticache_replication_groups
2016-10-03 16:59:31 +01:00
stack72 520f96e84b
provider/aws: Support Import of AWS elasticache_replication_groups
Fixes #9094

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/30 00:09:04 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheReplicationGroup_importBasic -timeout 120m
=== RUN   TestAccAWSElasticacheReplicationGroup_importBasic
--- PASS: TestAccAWSElasticacheReplicationGroup_importBasic (756.38s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws756.398s
```
2016-10-03 16:52:29 +01:00
stack72 17cb9a19da
Merge branch 'DJRH-import-opsworks-stacks' 2016-10-03 16:48:23 +01:00
stack72 fa3051a42b
provider/aws: Rename the Import aws_opsworks_stack import test
The casing on the test name was causing it not to run with the entire
test suite

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSOpsworksStack'             2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/03 16:43:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksStack
-timeout 120m
=== RUN   TestAccAWSOpsworksStackImportBasic
--- PASS: TestAccAWSOpsworksStackImportBasic (49.00s)
=== RUN   TestAccAWSOpsworksStackNoVpc
--- PASS: TestAccAWSOpsworksStackNoVpc (36.10s)
=== RUN   TestAccAWSOpsworksStackVpc
--- PASS: TestAccAWSOpsworksStackVpc (73.27s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws158.385s
```
2016-10-03 16:45:02 +01:00
Paul Stack 90f74dae21 Merge pull request #9188 from hashicorp/b-aws-ssm-retry-delete
provider/aws: Add retry to the `aws_ssm_document` delete func
2016-10-03 16:38:52 +01:00
stack72 2f81f47d49
Merge branch 'import-opsworks-stacks' of https://github.com/DJRH/terraform into DJRH-import-opsworks-stacks 2016-10-03 16:23:03 +01:00
stack72 09e9e3a662
provider/aws: Add retry to the `aws_ssm_document` delete func
As noticed in the acceptance tests, we were expecting the document to be
deleted but it was still found

```
=== RUN   TestAccAWSSSMDocument_permission
--- FAIL: TestAccAWSSSMDocument_permission (5.60s)
    testing.go:329: Error destroying resource! WARNING: Dangling
    resources
            may exist. The full state and error is shown below.

                            Error: Check failed: Expected AWS SSM
                            Document to be gone, but was still found

                                            State: <no state>
```
2016-10-03 16:14:15 +01:00
clint shryock 2c934f9686 provider/aws: Insert log when removing volume attachment if not found 2016-10-03 09:57:42 -05:00
Clint f1c5f848e9 Merge pull request #9023 from Jonnymcc/destroying-detached-vol-attch-res
provider/aws: Skip DetachVolume if volume is not attached
2016-10-03 09:56:49 -05:00
Paul Stack 7cba88931a Merge pull request #9125 from hashicorp/b-aws-r53-alias-refresh
provider/aws: aws_route53_record alias refresh manually updated record
2016-10-03 15:55:23 +01:00
DJ Home 967335eae3 Merge branch 'master' into import-opsworks-stacks 2016-10-03 11:28:28 +01:00
Nathaniel Weinstein 69e56beac7 Fixed acceptance test that was failing due to undefined log bucket 2016-10-02 22:28:34 -07:00
Nathaniel Weinstein 822c8f9a32 Fixed acceptance test that was failing due to undefined log bucket 2016-10-02 22:23:03 -07:00
clint shryock de3a7b5d20 give security groups their own sgProtocolIntegers methodw 2016-09-30 15:45:25 -05:00
clint shryock 2cc28f6137 revert netacl protocolIntegers change from 45da08c67f 2016-09-30 15:45:25 -05:00
clint shryock 6282c0fabf provider/aws: Regression test for NetAcl + ESP protocol 2016-09-30 15:45:25 -05:00
Jonathan McCall dc4a7b7d25 Simplify check for already detached volume before destroying 2016-09-30 14:11:50 -04:00
Jonathan McCall f3deaab878 Remove resource if volume to detach is missing 2016-09-30 14:11:50 -04:00
Jonathan McCall a3ceb25dd7 Skip DetachVolume if volume is not attached 2016-09-30 14:11:50 -04:00
DJ Home 73f20ec88d Revert region to us-west-2 (and set us-west-2 as default region in acceptance test class) 2016-09-30 13:33:00 +01:00
Clint 7337a346ec provider/aws: Fix issue with updating ELB subnets for subnets in the same AZ (#9131)
* provider/aws: Regression test for #9120

* provider/aws: Fix issue with updating ELB subnets for subnets in the same AZ
2016-09-29 13:01:09 -05:00
stack72 ae2b8d45db
provider/aws: aws_route53_record alias refresh manually updated record
Fixes #9108

When an aws_route53_record alias is created with terraform and then
modified via cli or console, terraform wasn't picking up the changes. I
had the following config:

```
resource "aws_route53_record" "alias" {
  zone_id = "${aws_route53_zone.main.zone_id}"
  name = "www"
  type = "A"

  alias {
  	zone_id = "${aws_elb.main.zone_id}"
  	name = "${aws_elb.main.dns_name}"
  	evaluate_target_health = true
  }
}
```

I changed the evaluate_health_target on the AWS console and terraform plan showed me this:

```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_route53_zone.main: Refreshing state... (ID: Z32Z9B1UPAIP6X)
aws_elb.main: Refreshing state... (ID: foobar-terraform-elb-1111)
aws_route53_record.alias: Refreshing state... (ID: Z32Z9B1UPAIP6X_www_A)

No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```

When rebuilding the provider with the changes in the PR, a terraform plan then looks as follows:

```
% terraform plan
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
[WARN] /Users/stacko/Code/go/bin/terraform-provider-azurerm overrides an internal plugin for azurerm-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_route53_zone.main: Refreshing state... (ID: Z32Z9B1UPAIP6X)
aws_elb.main: Refreshing state... (ID: foobar-terraform-elb-1111)
aws_route53_record.alias: Refreshing state... (ID: Z32Z9B1UPAIP6X_www_A)

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

~ aws_route53_record.alias
    alias.1050468691.evaluate_target_health: "" => "true"
    alias.1050468691.name:                   "" => "foobar-terraform-elb-1111-522021794.us-west-2.elb.amazonaws.com"
    alias.1050468691.zone_id:                "" => "Z1H1FL5HABSF5"
    alias.2906616344.evaluate_target_health: "false" => "false"
    alias.2906616344.name:                   "foobar-terraform-elb-1111-522021794.us-west-2.elb.amazonaws.com." => ""
    alias.2906616344.zone_id:                "Z1H1FL5HABSF5" => ""

Plan: 0 to add, 1 to change, 0 to destroy.
```

the apply then changed the target back to true

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/29 18:17:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (120.63s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (131.81s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (128.40s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (120.06s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (114.02s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (165.54s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (118.10s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (128.10s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (132.62s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (132.12s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (237.92s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (121.95s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (123.40s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (198.24s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (119.68s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws2092.597s
```
2016-09-29 18:54:32 +01:00
DJ Home 979afcecdc Fix acceptance tests 2016-09-29 13:00:52 +01:00
DJ Home 1bc154535f Add ability to import OpsWorks stacks 2016-09-29 11:44:58 +01:00
Paul Stack 5f8cd8e69f Merge pull request #9101 from hashicorp/b-aws-elasticache-panic-parameter-group
provider/aws: Modifying the parameter_group_name of aws_elasticache_replication_group caused a panic
2016-09-28 20:27:01 +01:00
Paul Stack 10eb572437 Merge pull request #9050 from hashicorp/b-aws-ecr-delete-timeout
provider/aws: Add retry logic to the aws_ecr_repository delete func
2016-09-28 20:10:35 +01:00
Paul Stack 9202bb4751 Merge pull request #9011 from hashicorp/f-aws-cloudfront-tags
provider/aws: Add support for tags to aws_cloudfront_distribution
2016-09-28 19:54:47 +01:00
Paul Stack b6718de299 Merge pull request #9010 from hashicorp/aws-elasticache-cluster-import
Aws elasticache cluster import
2016-09-28 19:49:42 +01:00
stack72 13cf370d07
provider/aws: Add support for tags to aws_cloudfront_distribution
Fixes #8959

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudFrontDistribution_S3OriginWithTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 16:30:31 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudFrontDistribution_S3OriginWithTags -timeout 120m
=== RUN   TestAccAWSCloudFrontDistribution_S3OriginWithTags
--- PASS: TestAccAWSCloudFrontDistribution_S3OriginWithTags (1234.66s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1234.680s
```
2016-09-28 13:18:41 +01:00
stack72 b02a5c47ec
provider/aws: Support Import of aws_elasticache_cluster
Initial tests were failing as follows:

```
=== RUN   TestAccAWSElasticacheCluster_importBasic
--- FAIL: TestAccAWSElasticacheCluster_importBasic (362.66s)
        testing.go:265: Step 1 error: ImportStateVerify attributes not
        equivalent. Difference is shown below. Top is actual, bottom is
        expected.

        (map[string]string) {

        }

(map[string]string) (len=2) {
             (string) (len=20) "parameter_group_name": (string) (len=20)
             "default.memcached1.4",
                             (string) (len=22) "security_group_names.#":
                             (string) (len=1) "0"

}

FAIL
exit status 1
```

The import of ElastiCache clusters helped to point out 3 things:

1. Currently, we were trying to set the parameter_group_name as follows:

```
d.Set("parameter_group_name", c.CacheParameterGroup)
```

Unfortunately, c.CacheParameterGroup is a struct not a string. This was
causing the test import failure. So this had to be replaced as follows:

```
if c.CacheParameterGroup != nil {
      d.Set("parameter_group_name", c.CacheParameterGroup.CacheParameterGroupName)
}
```

2. We were trying to set the security_group_names as follows:

```
d.Set("security_group_names", c.CacheSecurityGroups)
```

The CacheSecurityGroups was actually a []* so had to be changed to work
as follows:

```
if len(c.CacheSecurityGroups) > 0 {
            d.Set("security_group_names",
            flattenElastiCacheSecurityGroupNames(c.CacheSecurityGroups))

}
```

3. We were trying to set the security_group_ids as follows:

```
d.Set("security_group_ids", c.SecurityGroups)
```

This is another []* and needs to be changed as follows:

```
if len(c.SecurityGroups) > 0 {
            d.Set("security_group_ids",
            flattenElastiCacheSecurityGroupIds(c.SecurityGroups))

}
```

This then allows the import test to pass as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheCluster_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 10:59:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheCluster_importBasic -timeout 120m
=== RUN   TestAccAWSElasticacheCluster_importBasic
--- PASS: TestAccAWSElasticacheCluster_importBasic (351.96s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    351.981s
```

As a final test, I ran the basic ElastiCache cluster creation to make
sure all passed as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheCluster_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 11:05:51 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheCluster_basic -timeout 120m
=== RUN   TestAccAWSElasticacheCluster_basic
--- PASS: TestAccAWSElasticacheCluster_basic (809.25s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    809.267s
```
2016-09-28 12:29:20 +01:00
stack72 15c8534538
provider/aws: Add retry logic to the aws_ecr_repository delete func
Fixes #8597

There was sometimes an issue where Terraform was deleting the ECR
repository from the statefile before the reposity was actually deleted.

Added retry logic for Terraform to wait for the repository to be deleted
before proceeding with the statefile update

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcrRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 12:46:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN   TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (17.86s)
=== RUN   TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (16.40s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    34.288s
```
2016-09-28 12:01:13 +01:00
stack72 2efd93a67e
provider/aws: Modifying the parameter_group_name of
aws_elasticache_replication_group caused a panic

Fixes #9097

The update for `parameter_group_name` was trying to find the incorrect
value to set `cache_parameter_group_name` - this is what was causing the
panic

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_updateParameterGroup'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/28 11:17:30 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheReplicationGroup_updateParameterGroup -timeout
120m
=== RUN   TestAccAWSElasticacheReplicationGroup_updateParameterGroup
--- PASS: TestAccAWSElasticacheReplicationGroup_updateParameterGroup
(903.90s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws903.931s
```
2016-09-28 11:48:17 +01:00
Paul Stack d4dd615b52 Merge pull request #9052 from hashicorp/b-aws-rds-option-group
provider/aws: aws_db_option_group flattenOptions failing due to missing values
2016-09-28 11:18:28 +01:00
stack72 df8ca94093
provider/aws: aws_db_option_group flattenOptions failing due to missing
values

Fixes #8332

Not all option_group parameters have values. For example, when you
enable the MariaDB option_group, some of the settings have empty values
(see screenshot)

This PR adds a safety net on reading those values back to the statefile

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBOptionGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 13:55:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBOptionGroup_ -timeout 120m
=== RUN   TestAccAWSDBOptionGroup_importBasic
--- PASS: TestAccAWSDBOptionGroup_importBasic (20.12s)
=== RUN   TestAccAWSDBOptionGroup_basic
--- PASS: TestAccAWSDBOptionGroup_basic (18.45s)
=== RUN   TestAccAWSDBOptionGroup_basicDestroyWithInstance
--- PASS: TestAccAWSDBOptionGroup_basicDestroyWithInstance (597.90s)
=== RUN   TestAccAWSDBOptionGroup_OptionSettings
--- PASS: TestAccAWSDBOptionGroup_OptionSettings (33.27s)
=== RUN   TestAccAWSDBOptionGroup_sqlServerOptionsUpdate
--- PASS: TestAccAWSDBOptionGroup_sqlServerOptionsUpdate (33.39s)
=== RUN   TestAccAWSDBOptionGroup_multipleOptions
--- PASS: TestAccAWSDBOptionGroup_multipleOptions (19.87s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    723.037s
```
2016-09-28 11:06:40 +01:00
Paul Stack bf5039311b Merge pull request #9049 from hashicorp/b-aws-r53-record-delete
provider/aws: guard against aws_route53_record delete panic
2016-09-28 11:02:03 +01:00
Paul Stack 1cf9f41510 Merge pull request #9038 from kwilczynski/feature/error-reporting-aws_vpc_peering_connection
provider/aws: Make sure that VPC Peering Connection in a failed state returns an error.
2016-09-27 17:56:54 +01:00
Paul Stack bdb915693b Merge pull request #9060 from TimeIncOSS/b-aws-aurora-encryption
provider/aws: Make encryption in Aurora instances computed-only
2016-09-26 19:44:36 +01:00
Radek Simko de03308b73
provider/aws: Make encryption in Aurora instances computed-only 2016-09-26 17:23:16 +01:00
stack72 054f46b1f9
provider/aws: Refresh AWS EIP association from state when not found
Fixes #6758

We used to throw an error when this was the case - we should refresh
from state so the association can be recreated

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIPAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 16:42:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEIPAssociation_ -timeout 120m
=== RUN   TestAccAWSEIPAssociation_basic
--- PASS: TestAccAWSEIPAssociation_basic (272.92s)
=== RUN   TestAccAWSEIPAssociation_disappears
--- PASS: TestAccAWSEIPAssociation_disappears (119.62s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws392.559s
```
2016-09-26 16:50:51 +01:00
Paul Stack a77d55c919 Merge pull request #8806 from optimisticanshul/8793-snapshot-identifier
Changing snapshot_identifier on aws_db_instance resource should force…
2016-09-26 12:01:47 +01:00
stack72 a367f3550f
provider/aws: guard against aws_route53_record delete panic
Fixes #9025

We were assuming there would always be a changeInfo record and then
dereferencing the ID. This wasn't always the case (As noted in #9025)
where it was a delete rather than a delete / create action

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 11:26:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (114.99s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (126.64s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (113.25s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (112.89s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (113.29s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (163.05s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (121.15s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (117.06s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (116.97s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (138.79s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (241.48s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (132.51s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (121.29s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (189.31s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (127.31s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
2050.012s
```
2016-09-26 11:27:56 +01:00