Commit Graph

13249 Commits

Author SHA1 Message Date
Krzysztof Wilczynski a58650c980
Make sure that VPC Peering Connection in a failed state returns an error.
This commit adds simple logic which allows for a VPC Peering Connection
that is in a failed state (e.g. due to an overlapping IP address ranges,
etc.), to report such failed state as an error, rather then waiting for
the time out to occur.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-25 15:50:08 +01:00
Evan Brown 0edb68ef5a Merge pull request #8977 from sl1pm4t/b-gcs-storage-class
provider/google: Add support for GCS StorageClass
2016-09-24 21:13:17 -07:00
Martin Atkins 0e3256b6f4 examples: creating VPCs and subnets across two regions
This example demonstrates both creating a network architecture *and* the
use of data resources to minimize the number of variables needed for a
child module by discovering additional data automatically.
2016-09-24 15:19:34 -07:00
Martin Atkins 94c45c67cd provider/aws: aws_region data source
The primary purpose of this data source is to ask the question "what is
my current region?", but it can also be used to retrieve the endpoint
hostname for a particular (possibly non-current) region, should that be
useful for some esoteric case.
2016-09-24 15:19:33 -07:00
Martin Atkins fca9216f53 provider/aws: availability zone data source
This adds a singular data source in addition to the existing plural one.
This allows retrieving data about a specific AZ.

As a helper for writing reusable modules, the AZ letter (without its
usual region name prefix) is exposed so that it can be used in
region-agnostic mappings where a different value is used per AZ, such as
for subnet numbering schemes.
2016-09-24 15:19:33 -07:00
Martin Atkins aa0b6019f8 provider/aws: aws_vpc data source 2016-09-24 15:19:33 -07:00
Martin Atkins 82f958cc17 provider/aws: aws_subnet data source 2016-09-24 15:19:33 -07:00
Martin Atkins de51398b39 provider/aws: utilities for building EC2 filter sets
These functions can be used within various EC2 data sources to support
querying by filter. The following cases are supported:

- Filtering by exact equality with single attribute values
- Filtering by EC2 tag key/value pairs
- Explicitly specifying raw EC2 filters in config

This should cover most of the filter use-cases for Terraform data
sources that are built on EC2's 'Describe...' family of functions.
2016-09-24 15:17:09 -07:00
Martin Atkins ab29eca045 core: don't force data resource id diff to be empty
In an attempt to always show "id" as computed we were producing a
synthetic diff for it, but this causes problems when the id attribute for
a particular data source is actually settable in configuration, since it
masks the setting from the config and forces it to always be empty.

Instead, we'll set it conditionally so that a value provided in the config
can shine through when available.
2016-09-24 12:48:58 -07:00
Martin Atkins 804d714ff6 Restore tls_cert_request to being a managed resource
In c244e5a6 this resource was converted to a data source, but that was
a mistake since data sources are expected to produce stable results on
each run, and yet certificate requests contain a random nonce as part of
the signature.

Additionally, using the data source as a managed resource through the
provided compatibility shim was not actually working, since "Read" was
trying to parse the private key out of a SHA1 hash of the key, which is
what we place in state due to the StateFunc on that attribute.

By restoring this we restore Terraform's ability to produce all of the
parts of a basic PKI/CA, which is useful for creating dev environments
and bootstrapping PKI for production environments.
2016-09-24 12:22:07 -07:00
Martin Atkins 7d2b51e6c5 Merge #9033: Fix crash in aws_ami data source with name_regex 2016-09-24 08:27:57 -07:00
Krzysztof Wilczynski 5af8c8080a
Fix. Handle missing AMI name when matching against image name.
This commit fixes the issues where in a very rare cases the Amazon Machine
Image (AMI) would not have an image name set causing regular expression match
to fail with a nil pointer dereference. Also, the logic of if-else statements
was simplified (reduced branching since return is used a lot).

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-24 14:34:00 +01:00
Paul Stack 3a3a424479 Update CHANGELOG.md 2016-09-24 10:27:06 +01:00
Paul Stack 979af97b52 Merge pull request #9031 from kjmkznr/b-aws-s3-lifecycle
provider/aws: Fix failed remove S3 lifecycle_rule
2016-09-24 10:26:18 +01:00
Paul Stack 07edf65337 Update CHANGELOG.md 2016-09-24 09:56:43 +01:00
Paul Stack 464ea2d12a Merge pull request #9032 from AlexanderEkdahl/master
Corrected Seoul S3 Website Endpoint
2016-09-24 09:55:29 +01:00
Alexander Ekdahl d2861be48e Corrected Seoul S3 Website Endpoint 2016-09-24 17:43:58 +09:00
Alexander Ekdahl ec1ee7f2be Corrected Seoul S3 Website Endpoint Test 2016-09-24 17:42:52 +09:00
Kazunori Kojima 71f721cd3e
provider/aws: Fix failed remove S3 lifecycle_rule 2016-09-24 16:56:25 +09:00
Paul Hinze d642e6fbc0 Update CHANGELOG.md 2016-09-23 18:31:48 -05:00
Paul Hinze 12e76c0110 Merge pull request #9021 from kyhavlov/destroy_target_fix
core: Fixed variables not being in scope for destroy -target on modules
2016-09-23 18:31:24 -05:00
Paul Hinze 2449b45087
provider/aws: Fix reading dimensions on cloudwatch alarms
They're structs that need to be unrolled and d.Set was silently failing
on them before. This enhances the basic test to cover the change.
2016-09-23 18:26:04 -05:00
Kyle Havlovitz 3a2819de25 core: Fixed variables not being in scope for destroy -target on modules 2016-09-23 19:05:40 -04:00
Paul Stack bba511e9e7 Merge pull request #9027 from hashicorp/b-s3-life-doc
AWS S3 bucket life_cycle rule IDs must be unique.
2016-09-23 23:33:06 +01:00
Sean Chittenden 31f20a1f31
AWS S3 bucket life_cycle rule IDs must be unique. 2016-09-23 15:09:25 -07:00
Sean Chittenden 74eb2e74c1
Whitespace nit. 2016-09-23 10:59:27 -07:00
Paul Stack 00d88853bf Merge pull request #9017 from AMeng/patch-1
provider/aws: Update docs for aws_flow_log
2016-09-23 18:22:40 +01:00
Alex Meng 79e1c55680 aws_flow_docs
Update aws_flow_log docs with aws_cloudwatch_log_group resource example.
2016-09-23 11:18:17 -06:00
Paul Stack 582ba66e6c Update CHANGELOG.md 2016-09-23 13:48:58 +01:00
Chris Marchesi 5af63c233e
provider/aws: Add query_string_cache_keys to aws_cloudfront_distribution
Looks like AWS updated their API and now our tests are failing
because QueryStringCacheKeys was not included in the distribution
configuration.

This adds support for specifying query string cache keys in the
CloudFront distribution configuration, which ensures that only a subset
of query string keys are actually cached when forwarding query strings,
possibly improving performance.
2016-09-23 13:11:05 +01:00
Chris Marchesi c2b44217dd
provider/aws: Require CloudFront S3 origin origin_access_identity
This fixes an issue where an empty s3_origin_config could be supplied to
aws_cloudfront_distribution, "correctly" setting an empty default value.
Unfortunately the rest of the CloudFront structure helper functions are
not equipped to deal with this kind of scenario, and TF produces
spurious diffs upon future runs.

This removes the default and makes origin_access_identity required when
specifying s3_origin_config.

Note that it has always been intended behaviour that if someone does not
want to use an origin access identity, that s3_origin_config should not
be specified at all. This behaviour still works, as should be evident by
the (still) passing tests.

Fixes hashicorp/terraform#7930.
2016-09-23 13:10:50 +01:00
Chris Marchesi ec2b345ed0
provider/aws: Enable aws_cloudfront_distribution HTTP/2
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.

Fixes hashicorp/terraform#8730.
2016-09-23 13:10:33 +01:00
stack72 cea685099e
Merge branch 'elasticache-cluster-import' of https://github.com/AMeng/terraform into AMeng-elasticache-cluster-import 2016-09-23 10:04:57 +01:00
Paul Stack a8a1f6d166 Merge pull request #9007 from steve-jansen/patch-2
Update aws_lambda_permission doc for CloudWatch Events
2016-09-23 09:00:52 +01:00
tomgoren 208dc514df Fixed typo - no such thing as `aws_target_group` (#9005)
It seems like there was a typo and a reference was made to
`aws_target_group`, when the actual resource name is
`aws_alb_target_group`.
2016-09-22 22:21:03 -05:00
Clint 18e05a52e2 Update CHANGELOG.md 2016-09-22 21:54:31 -05:00
Clint b7ad602993 provider/aws: Fix importing of EIP by IP address (#8970)
* provider/aws: Fix importing of EIP by IP address

EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.

This PR does:

- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id

I chose not to document that looking up by IP is a method of import,
because the AWS  API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.

Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.

* fix issue with swapping IDs on EC2 Classic

* update docs

* update comment
2016-09-22 21:53:21 -05:00
Steve Jansen 2e7e284bc9 Update aws_lambda_permission for CloudWatch Events
Based on support case with AWS, CloudWatch Events invoking Lambda should also specify the `source_arn`

Example, the resulting policy needs to be like:
```
{
    "Condition": {
        "ArnLike": {
            "AWS:SourceArn": "arn:aws:events:us-east-1:0123456789:rule/my-cloudwatch-events-rule"
        }
    },
    "Action": "lambda:InvokeFunction",
    "Resource": "arn:aws:lambda:us-east-1:0123456789:function:my-lambda-function",
    "Effect": "Allow",
    "Principal": {
        "Service": "events.amazonaws.com"
    },
    "Sid": "AllowMyCloudWatchEventRuleToCallMyLambda"
}
```
2016-09-22 20:14:42 -04:00
Jarrod Jackson 50eb2338f0 Correct a typo in the description of the master_password argument. (#9004) 2016-09-22 15:58:02 -05:00
Clint 5a17f4a448 Update CHANGELOG.md 2016-09-22 15:23:05 -05:00
Clint becdfef87b provider/aws: Wait for Spot Fleet to drain before removing from state (#8938)
* provider/aws: Wait for Spot Fleet to drain before removing from state

Ensures the spot fleet is drained before reporting successful destroy
and moving on

* remove unreachable code

* hack to sleep and test regression/leak

* fix broken english in warning
2016-09-22 15:22:27 -05:00
Paul Stack b0e751129a Update CHANGELOG.md 2016-09-22 20:58:17 +01:00
Paul Stack ecabebf5e6 Merge pull request #8989 from hashicorp/b-aws-alb-protocol-change-forcenew
provider/aws: VPC ID, Port, Protocol and Name change on aws_alb_target_group will ForceNew resource
2016-09-22 20:57:36 +01:00
Paul Stack 5cc4f17189 Merge pull request #8992 from kwilczynski/feature/check-error-aws_cloudformation_stack
provider/aws: Handle JSON parsing error in the ReadFunc for various JSON documents.
2016-09-22 17:28:24 +01:00
Krzysztof Wilczynski 828a8f4729
provider/aws: Handle JSON parsing error in the ReadFunc for various JSON documents.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 17:21:27 +01:00
stack72 9fbbc343e9
provider/aws: VPC ID, Port, Protocol and Name change on
aws_alb_target_group will ForceNew resource

Fixes #8741

The modify-target-group doesn't allow changes to name, port, protocol or
vpc_id - therefore, they should all be ForceNew: true

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/22 16:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (50.66s)
=== RUN   TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (84.48s)
=== RUN   TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (95.89s)
=== RUN   TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (85.77s)
=== RUN   TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (85.00s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (88.11s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (82.15s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    572.083s
```
2016-09-22 17:12:39 +01:00
Paul Stack 2b966cf2cc Merge pull request #8988 from kwilczynski/feature/refactor-function-aws_cloudwatch_event_rule
provider/aws: Allow buildPutRuleInputStruct helper function to return an error.
2016-09-22 16:29:09 +01:00
Krzysztof Wilczynski c115d69d88
Allow buildPutRuleInputStruct helper function to return an error.
This commits allows for the helper function to return an error which
would bubble up from e.g. JSON parsing, etc.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 15:37:12 +01:00
Clint b93bcbbbed Update CHANGELOG.md 2016-09-22 08:22:17 -05:00
Paul Stack 0ed7140c88 Merge pull request #8985 from w3st3ry/fmt
Fmt all the config files
2016-09-22 12:57:41 +01:00