Commit Graph

3976 Commits

Author SHA1 Message Date
Brian Antonelli 2dd7e72674 Fix for getting partition for federated users (#13992)
Federated users calling `iam:GetUser` will get the error code `InvalidClientTokenId` so this shouldn't bail out but instead continue on to try `sts:GetCallerIdentity`.
2017-04-27 10:24:53 -05:00
Radek Simko 086af4bd62 provider/aws: Retry setting KMS key rotation on DisabledException (#14029) 2017-04-27 12:42:36 +01:00
Paul Stack c953a2fc41 provider/aws: Set aws_instance volume_tags to be Computed (#14007)
Fixes: #14003

When an EBS volume was created and tags were specified on that resource
and NOT the aws_instance it was attached to, the tags would be removed
on subsequent Terraform runs.

We need to set volume_tags to be Computed to allow for changes to EBS
volumes not created as part of the instance but that are attached to the
instance

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTagsComputed'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/27 07:33:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTagsComputed -timeout 120m
=== RUN   TestAccAWSInstance_volumeTagsComputed
--- PASS: TestAccAWSInstance_volumeTagsComputed (151.37s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	151.411s
```
2017-04-27 07:50:06 +12:00
Paul Stack f9ba882f73 provider/aws: Update aws_ebs_volume when attached (#14005)
Fixes: #12496

When an EBS volume was attached to an instance and the user tried to
resize, they would get an error as follows:

```
* aws_ebs_volume.ebs_data_volume: Error waiting for Volume (vol-027e83f7) to become available: unexpected state 'in-use', wanted target 'available'. last error: %!s(<nil>)
```

`available` is a state *only* when creating an EBS volume that is not attached. When an instance is attached, it will go into the state `in-use`. Therefore `in-use` is a valid state when modifying an EBS volume that is attached:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_'                                   ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/27 07:08:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN   TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (41.10s)
=== RUN   TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (38.22s)
=== RUN   TestAccAWSEBSVolume_updateAttachedEbsVolume
--- PASS: TestAccAWSEBSVolume_updateAttachedEbsVolume (199.11s)
=== RUN   TestAccAWSEBSVolume_updateSize
--- PASS: TestAccAWSEBSVolume_updateSize (70.53s)
=== RUN   TestAccAWSEBSVolume_updateType
--- PASS: TestAccAWSEBSVolume_updateType (69.75s)
=== RUN   TestAccAWSEBSVolume_updateIops
--- PASS: TestAccAWSEBSVolume_updateIops (70.38s)
=== RUN   TestAccAWSEBSVolume_kmsKey
--- PASS: TestAccAWSEBSVolume_kmsKey (76.64s)
=== RUN   TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (39.80s)
=== RUN   TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (38.04s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	643.609s
```
2017-04-27 07:30:23 +12:00
Paul Stack 39d7400813 provider/aws: Change running of CloudTrail tests to not be parallel (#13982)
We can only ever have 5 cloudtrails in an AWS account so we want to make
sure we run these tests serially to make sure we don't exhaust limits
and get non-deterministic failures
2017-04-27 02:41:47 +12:00
Paul Stack 011cab5917 provider/aws: Add support for CustomOrigin timeouts to aws_cloudfront_distribution (#13367)
```

```
2017-04-27 02:13:59 +12:00
Jake Champlin 64134418a5 Merge pull request #12933 from hashicorp/f-network-interfaces
provider/aws: Add network_interface to aws_instance
2017-04-26 08:05:21 -04:00
Joshua Spence 76b0eefacc Fix validation of the `name_prefix` parameter of the `aws_alb` resource (#13441)
This parameter is being validated using the wrong validation function, which means that we are incorrectly disallowing a `name_prefix` value ending with a dash.
2017-04-26 11:48:02 +12:00
Paul Stack f4015b43c5 provider/aws: Support aws_instance and volume tagging on creation (#13945)
Fixes: #13173

We now tag at instance creation and introduced `volume_tags` that can be
set so that all devices created on instance creation will receive those
tags

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTags'                      2 ↵ ✚ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/26 06:30:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTags -timeout 120m
=== RUN   TestAccAWSInstance_volumeTags
--- PASS: TestAccAWSInstance_volumeTags (214.31s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	214.332s
```
2017-04-26 10:12:38 +12:00
Joshua Spence d721ff6d66 provider/aws: Sort AMI and snapshot IDs (#13866)
As a follow up to #13844, this pull request sorts the AMIs and snapshots returned from the aws_ami_ids and aws_ebs_snapshot_ids data sources, respectively.
2017-04-25 15:11:21 -07:00
Jake Champlin 4ad3cc3647 Merge pull request #13937 from tomelliff/filter-subnet-ids
provider/aws: Allow filtering of aws_subnet_ids by tags
2017-04-25 17:35:25 -04:00
Radek Simko eb374b795b provider/aws: Add test for SNS subscription w/ autoconfirming endpoint (#13912) 2017-04-25 21:25:36 +01:00
Matthew Frahry 9c42866887 Merge pull request #13942 from hashicorp/p-aws-glacier-vault-test
Randomizes glacier vault name
2017-04-25 13:44:52 -06:00
= 7130755d8b Randomizes basic test name 2017-04-25 11:44:42 -06:00
= 1e0f4d5e5e Randomizes glaciar vault name 2017-04-25 11:30:42 -06:00
Matthew Frahry f0272f5b14 Merge pull request #13918 from hashicorp/p-aws-ecs-service-test
Randomize mongodb names
2017-04-25 08:40:48 -06:00
Jake Champlin af3ba9a02c
cleanup conditional logic 2017-04-25 10:06:28 -04:00
Tom Elliff bc46b1cbf9 Allow filtering of aws_subnet_ids by tags
This is the minimal amount of work needed to be able to create a list of a subset of subnet IDs in a VPC, allowing people to loop through them easily when creating EC2 instances or provide a list straight to an ELB.
2017-04-25 14:46:51 +01:00
Jake Champlin 10ddf607e3
provider/aws: Add `network_interface` to instance 2017-04-24 18:06:28 -04:00
= 15aabe93c3 Randomize mongodb names 2017-04-24 15:23:52 -06:00
Paul Stack 1eeb3c41e3 provider/aws: Allow AWS Subnet to change IPv6 CIDR Block without ForceNew (#13909)
Fixes: #13588

It was pointed out in #13588 that we don't need to ForceNew on a change
of IPv6 CIDR block. The logic I decided to implement here was to
disassociate then associate. We should only be able to be associated to
1 IPv6 CIDR block at once. This feels like a risky move. We can
disassociate and then error on the associate. This would leave us in a
situation where we have no IPv6 CIDR block associated

The alternative here would be that the failure of association, triggers
a reassociation with the old IPv6 CIDR block

I added a test to make sure that the subnet Ids don't change as the ipv6
block changes. Before removing the ForceNew from the ipv6_cidr_block,
the test results in the following:

```
=== RUN   TestAccAWSSubnet_ipv6
--- FAIL: TestAccAWSSubnet_ipv6 (92.09s)
	resource_aws_subnet_test.go:105: Expected SubnetIDs not to change, but both got before: subnet-0d2b6a6a and after: subnet-742c6d13
```

After the removal of ForceNew, the test result looks as follows:

```
=== RUN   TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (188.34s)
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSubnet_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/24 21:26:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m
=== RUN   TestAccAWSSubnet_importBasic
--- PASS: TestAccAWSSubnet_importBasic (85.63s)
=== RUN   TestAccAWSSubnet_basic
--- PASS: TestAccAWSSubnet_basic (80.28s)
=== RUN   TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (188.34s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	354.283s
```
2017-04-24 23:39:28 +03:00
Radek Simko f33afb7e4e
provider/aws: Support IPSets with 0 descriptors 2017-04-24 21:53:25 +02:00
Radek Simko 01aa3fd76a
provider/aws: Fix WAF IPSet descriptors removal on update 2017-04-24 21:53:25 +02:00
Radek Simko cda84b1674 provider/aws: Expose invoke ARN from Lambda function (for APIG) (#13890) 2017-04-24 20:47:11 +02:00
Radek Simko 3c2a40a192 provider/aws: Expose execution ARN + invoke URL for APIG deployment (#13889) 2017-04-24 20:43:56 +02:00
Paul Stack 1d350ed5ef provider/aws: Adding support for ipv6 to aws_subnets needs migration (#13876)
Fixes: #13829

When IPv6 support was added to subnets, we added a new parameter that
had a default value. This means that users are experiencing unexpected
changes in their configuration

We need a schema migration in place to make sure this isn't the case for
the users who have not upgraded yet

```
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/23 10:36:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSSubnetMigrateState -timeout 120m
=== RUN   TestAWSSubnetMigrateState
2017/04/23 10:37:27 [INFO] Found AWS Subnet State v0; migrating to v1
2017/04/23 10:37:27 [DEBUG] Attributes before migration: map[string]string{}
2017/04/23 10:37:27 [DEBUG] Attributes after migration: map[string]string{"assign_ipv6_address_on_creation":"false"}
--- PASS: TestAWSSubnetMigrateState (0.00s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	0.021s
```
2017-04-24 18:20:32 +01:00
clint shryock fe15c68aa9 provider/aws: Fix-up TestAccAWSIAMInstanceProfile_missingRoleThrowsError
A change in the error produced by the resource was causing the regex to
fail
2017-04-24 10:24:34 -05:00
Jake Champlin 78bc9ed09d Merge pull request #13861 from hashicorp/pr-10594
provider/aws: Adds aws_network_interface_attachment resource
2017-04-24 09:12:38 -04:00
Tom Elliff 18c6c3b47b Validate WAF metric names
WAF metric names must be alphanumeric only.
See http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-rules.html#web-acl-rules-creating and
http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-working-with.html#web-acl-creating
2017-04-23 21:46:39 +01:00
Brandon Clodius 399cf72414 Fixes issue for cross account iam role with aws_lambda_permission (#13865) 2017-04-23 11:44:07 +02:00
Radek Simko 00c6958704
aws: Separate acc test for R53 zone w/ trailing dot 2017-04-23 11:25:52 +02:00
Ryan Eschinger e2ee211b7b provider/aws: fix aws_route53_zone force_destroy behavior (#12421)
The conditional to ignore the deletion of NS and SOA records can fail to
match if the hostedZoneName already ends with a ".". When that happens,
terraform tries to delete those records which is not supported by AWS
and results in a 400 bad request. This fixes the conditional so that it
will work whether or not hostedZoneName ends with a ".".

fixes #12407
2017-04-23 11:24:37 +02:00
Kit Ewbank ff9af4c90b Add tagging support to the 'aws_lambda_function' resource. (#13873) 2017-04-23 04:51:20 +03:00
Jake Champlin 5f8b6091de
provider/aws: Adds aws_network_interface_attachment resource
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSNetworkInterfaceAttachment_basic"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/21 15:24:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkInterfaceAttachment_basic -timeout 120m
=== RUN   TestAccAWSNetworkInterfaceAttachment_basic
--- PASS: TestAccAWSNetworkInterfaceAttachment_basic (273.14s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    273.145s
```
2017-04-21 15:42:18 -04:00
Jake Champlin 9ef947b0c3
Merge remote-tracking branch 'origin' into pr-10594 2017-04-21 15:37:39 -04:00
Alex Meng 7cc4018577 provider/aws: Fix security group rule import (#13630) 2017-04-21 11:38:41 -05:00
Jake Champlin 022d0cd14f Merge pull request #10590 from pielu/aws/feature/r-net-iface-ips-count
provider/aws: Exercise SecondaryPrivateIpAddressCount for network interface
2017-04-21 10:25:44 -04:00
Paul Stack 72a14ef2bb provider/aws: Add IPv6 outputs to aws_subnet datasource (#13841)
Fixes: #13595

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccDataSourceAwsSubnet'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/21 13:52:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccDataSourceAwsSubnet -timeout 120m
=== RUN   TestAccDataSourceAwsSubnetIDs
--- PASS: TestAccDataSourceAwsSubnetIDs (81.05s)
=== RUN   TestAccDataSourceAwsSubnet
--- PASS: TestAccDataSourceAwsSubnet (57.48s)
=== RUN   TestAccDataSourceAwsSubnetIpv6ByIpv6Filter
--- PASS: TestAccDataSourceAwsSubnetIpv6ByIpv6Filter (82.63s)
=== RUN   TestAccDataSourceAwsSubnetIpv6ByIpv6CidrBlock
--- PASS: TestAccDataSourceAwsSubnetIpv6ByIpv6CidrBlock (82.43s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	303.625s
```
2017-04-21 16:54:55 +03:00
Joshua Spence 2aac8fb8fc Add `aws_ami_ids` and `aws_ebs_snapshot_ids` resources (#13844)
Fixes #12081. Adds new `aws_ami_ids` and `aws_ebs_snapshot_ids` resources.
2017-04-21 16:37:26 +03:00
Paul Stack 0aad5f2c43 provider/aws: Add replica_source_db to the aws_db_instance datasource (#13842)
Fixes: #13471
2017-04-21 14:23:48 +03:00
terraformbot 352a5c753f provider/aws: Changing aws_opsworks_instance should ForceNew (#13839)
Fixes: #13838

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksInstance_UpdateHostNameForceNew'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/21 13:11:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksInstance_UpdateHostNameForceNew -timeout 120m
=== RUN   TestAccAWSOpsworksInstance_UpdateHostNameForceNew
--- PASS: TestAccAWSOpsworksInstance_UpdateHostNameForceNew (114.27s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	114.294s
```
2017-04-21 13:21:09 +03:00
Gauthier Wallet 80d940d154 provider/aws: Added Cognito Identity Pool (#13783) 2017-04-21 12:53:48 +03:00
Joshua Spence f3b5a883b7 Add `bucket_prefix` to `aws_s3_bucket` (#13274)
Adds a `bucket_prefix` parameter to the `aws_s3_bucket` resource.
2017-04-20 23:28:40 +03:00
Dominik-K 565f0a4e0f `roles` deprecated in docs & code error message (#13622) 2017-04-20 23:02:48 +03:00
Chris Broglie 3f0934bd4e provider/aws: Add aws_kinesis_stream data source (#13562)
This fixes #13521
2017-04-20 22:13:39 +03:00
Daniel Kats 8a70108612 fix a word in aws_iam_role_policy error msg (#13794) 2017-04-20 06:48:58 +01:00
clint shryock 7f3c8e4765 move this test to new region 2017-04-19 17:20:44 -05:00
Jake Champlin fe8029e65e
initial attempt 2017-04-19 17:30:58 -04:00
Radek Simko 1b841e77de provider/aws: Run all AWSConfig acc tests sequentially (#13658) 2017-04-18 17:59:44 +03:00
Jake Champlin 5b0ea5abff Merge pull request #13715 from hashicorp/b-update-spot-datafeed-test
provider/aws: Run AWS Spot Datafeed Subscription tests in serial
2017-04-18 10:46:26 -04:00