Commit Graph

97 Commits

Author SHA1 Message Date
Jake Champlin 647a3940ea Merge pull request #13702 from bryanburgers/aws-instance-ipv6
provider/aws: Allow IPv6/IPv4 addresses to coexist
2017-05-31 10:11:39 -04:00
Clint 2a36e75b9e provider/aws: Tag VPCs created in our tests to help track down leaks (#14596) 2017-05-17 16:26:40 -05:00
Bryan Burgers 7fac1ab1f6 provider/aws: Allow IPv6/IPv4 addresses to coexist
Fix an issue when trying to get a public IPv4 address and a public IPv6
address that results in the following error:

    Error launching source instance: InvalidParameterCombination:
    Network interfaces and an instance-level IPv6 address count may not
    be specified on the same request

To fix, in situations where we want a IPv6 addresses AND we need to
manually specify network interfaces on the instance, create the IPv6
addresses on the network interface that we're creating rather than on
the instance itself.

Fixes #13250
2017-05-12 07:00:55 -05:00
Radek Simko 145fa084f9 provider/aws: Randomize key pair name for EC2 instance test (#14389) 2017-05-11 14:06:06 +02:00
Jake Champlin 570651bb06 Merge pull request #14299 from hashicorp/f-sg-add-issue-3205
provider/aws: Fix SG update on instance with multiple network interfaces
2017-05-10 20:14:06 -04:00
stack72 db432ad765 provider/aws: Adding IPv6 address to instance causes perpetual diff
Fixes: #14032

When you are using an IPv6 address directly to an instance, it was
causing the ipv6_address_count to try and ForceNew resource. It wasn't
marked as computed

I was able to see this here:

```
-/+ aws_instance.test
    ami:                          "ami-c5eabbf5" => "ami-c5eabbf5"
    associate_public_ip_address:  "false" => "<computed>"
    availability_zone:            "us-west-2a" => "<computed>"
    ebs_block_device.#:           "0" => "<computed>"
    ephemeral_block_device.#:     "0" => "<computed>"
    instance_state:               "running" => "<computed>"
    instance_type:                "t2.micro" => "t2.micro"
    ipv6_address_count:           "1" => "0" (forces new resource)
    ipv6_addresses.#:             "1" => "1"
    ipv6_addresses.0:             "2600:1f14:bb2:e501::10" => "2600:1f14:bb2:e501::10"
    key_name:                     "" => "<computed>"
    network_interface.#:          "0" => "<computed>"
    network_interface_id:         "eni-d19115ec" => "<computed>"
    placement_group:              "" => "<computed>"
    primary_network_interface_id: "eni-d19115ec" => "<computed>"
    private_dns:                  "ip-10-20-1-252.us-west-2.compute.internal" => "<computed>"
    private_ip:                   "10.20.1.252" => "<computed>"
    public_dns:                   "" => "<computed>"
    public_ip:                    "" => "<computed>"
    root_block_device.#:          "1" => "<computed>"
    security_groups.#:            "0" => "<computed>"
    source_dest_check:            "true" => "true"
    subnet_id:                    "subnet-3fdfb476" => "subnet-3fdfb476"
    tags.%:                       "1" => "1"
    tags.Name:                    "stack72" => "stack72"
    tenancy:                      "default" => "<computed>"
    volume_tags.%:                "0" => "<computed>"
    vpc_security_group_ids.#:     "1" => "<computed>"
```

It now works as expected:

```
% terraform plan                                                                                 ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_vpc.foo: Refreshing state... (ID: vpc-fa61669d)
aws_subnet.foo: Refreshing state... (ID: subnet-3fdfb476)
aws_internet_gateway.foo: Refreshing state... (ID: igw-70629a17)
aws_route_table.test: Refreshing state... (ID: rtb-0a52e16c)
aws_instance.test: Refreshing state... (ID: i-0971755345296aca5)
aws_route_table_association.a: Refreshing state... (ID: rtbassoc-b12493c8)
No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
2017-05-10 18:39:20 +03:00
Jake Champlin 0d6891d505
provider/aws: Fix attach of SG to instance with multiple network interfaces
With an EC2 instance that only had a single network interface, the primary interface, the Update function would call `ModifyInstanceAttribute()` on the target instance. This would only work if there was a single network interface attached to the EC2 instance. If, however, a secondary network interface was attached to the instance, the `ModifyInstanceAttribute()` API call would fail with the following error message:

 > There are multiple interfaces attached to instance 'i-XXXXX'. Please specify an interface ID for the operation instead.

 After this changeset, modifying instance security groups now makes the correct call to `ModifyNetworkInterfaceAttribute()` in order to modify the list of security groups on the primary network interface, as initially configured during the instances creation.

 This change is also safe from an instance that has a non-default primary network interface, as the instance attribute `vpc_security_group_ids` conflicts with the new `network_interface` attribute.

 Test Output:

 ```
 $ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_addSecurityGroupNetworkInterface"
 ==> Checking that code complies with gofmt requirements...
 go generate $(go list ./... | grep -v /terraform/vendor/)
 2017/05/08 17:52:42 Generated command/internal_plugin_list.go
 TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_addSecurityGroupNetworkInterface -timeout 120m
 === RUN   TestAccAWSInstance_addSecurityGroupNetworkInterface
 --- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (327.75s)
 PASS
 ok      github.com/hashicorp/terraform/builtin/providers/aws    327.756s
```
2017-05-08 18:30:22 -04:00
Jake Champlin d3c1f4b48d
provider/aws: Fix source_dest_check with network_interface
The default value for `source_dest_check` needs to remain the same, so as not to break any backwards compatibility, however, adding a new `network_interface` parameter with a pre-configured network_interface that has `source_dest_check` set to false throws a diff after initial apply. Since we don't want to change `source_dest_check` to computed in order to not break sane defaults, ignore the diff thrown if `network_interface` attributes are configured on an instance.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/28 16:26:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck -timeout 120m
=== RUN   TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck
--- PASS: TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck (134.20s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    134.211s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_sourceDestCheck"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/28 16:15:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_sourceDestCheck -timeout 120m
=== RUN   TestAccAWSInstance_sourceDestCheck
--- PASS: TestAccAWSInstance_sourceDestCheck (179.81s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws   179.815s
```

Fixes: #14068
2017-04-28 16:35:54 -04:00
Paul Stack c953a2fc41 provider/aws: Set aws_instance volume_tags to be Computed (#14007)
Fixes: #14003

When an EBS volume was created and tags were specified on that resource
and NOT the aws_instance it was attached to, the tags would be removed
on subsequent Terraform runs.

We need to set volume_tags to be Computed to allow for changes to EBS
volumes not created as part of the instance but that are attached to the
instance

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTagsComputed'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/27 07:33:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTagsComputed -timeout 120m
=== RUN   TestAccAWSInstance_volumeTagsComputed
--- PASS: TestAccAWSInstance_volumeTagsComputed (151.37s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	151.411s
```
2017-04-27 07:50:06 +12:00
Jake Champlin 64134418a5 Merge pull request #12933 from hashicorp/f-network-interfaces
provider/aws: Add network_interface to aws_instance
2017-04-26 08:05:21 -04:00
Paul Stack f4015b43c5 provider/aws: Support aws_instance and volume tagging on creation (#13945)
Fixes: #13173

We now tag at instance creation and introduced `volume_tags` that can be
set so that all devices created on instance creation will receive those
tags

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTags'                      2 ↵ ✚ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/26 06:30:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTags -timeout 120m
=== RUN   TestAccAWSInstance_volumeTags
--- PASS: TestAccAWSInstance_volumeTags (214.31s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	214.332s
```
2017-04-26 10:12:38 +12:00
Jake Champlin 10ddf607e3
provider/aws: Add `network_interface` to instance 2017-04-24 18:06:28 -04:00
Jake Champlin fe8029e65e
initial attempt 2017-04-19 17:30:58 -04:00
Paul Stack 2a7ab027f4 provider/aws: Only call replace Iam Instance Profile on existing (#12922)
machines

Fixes: #12898

The way aws_instance works is that we call the Create func then the
Update func then the Read func. The way the work to implement the change
to iam_instance_profile was added meant that when a machine was created
with an iam_instance_profile, it would then try and update that
iam_instance_profile because the state hadn't been updated at that point

We have changed the Update func to only check for the change to
iam_instance_profile when it *is an existing machine* - this will solve
the problem of those bringing up new machines and getting hit with the
permissions error

As requested, added a test that adds an IAM Instance Profile from
creation

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_withIamInstanceProfile'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/21 17:51:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_withIamInstanceProfile -timeout 120m
=== RUN   TestAccAWSInstance_withIamInstanceProfile
--- PASS: TestAccAWSInstance_withIamInstanceProfile (154.29s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	154.325s
```
2017-03-21 20:26:41 +02:00
Clint d2f728e6cd provider/aws: Only send iops when creating io1 devices. Fix docs (#12392) 2017-03-07 14:44:39 +02:00
stack72 0d4f4cac18
provider/aws: Adding a test that covers the new IAM Instance Profile
association to AWS Instance
2017-03-02 10:38:33 +00:00
Paul Stack 177400dbbf provider/aws: Implement IPV6 Support for ec2 / VPC (#10538)
* provider/aws: Add support for IPV6 enabled VPC

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpc'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/12/09 14:07:31 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpc -timeout 120m
=== RUN   TestAccAWSVpc_importBasic
--- PASS: TestAccAWSVpc_importBasic (43.03s)
=== RUN   TestAccAWSVpc_basic
--- PASS: TestAccAWSVpc_basic (36.32s)
=== RUN   TestAccAWSVpc_enableIpv6
--- PASS: TestAccAWSVpc_enableIpv6 (29.37s)
=== RUN   TestAccAWSVpc_dedicatedTenancy
--- PASS: TestAccAWSVpc_dedicatedTenancy (36.63s)
=== RUN   TestAccAWSVpc_tags
--- PASS: TestAccAWSVpc_tags (67.54s)
=== RUN   TestAccAWSVpc_update
--- PASS: TestAccAWSVpc_update (66.16s)
=== RUN   TestAccAWSVpc_bothDnsOptionsSet
--- PASS: TestAccAWSVpc_bothDnsOptionsSet (16.82s)
=== RUN   TestAccAWSVpc_DisabledDnsSupport
--- PASS: TestAccAWSVpc_DisabledDnsSupport (36.52s)
=== RUN   TestAccAWSVpc_classiclinkOptionSet
--- PASS: TestAccAWSVpc_classiclinkOptionSet (38.13s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	739.543s
```

* provider/aws: New Resource: aws_egress_only_internet_gateway

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEgressOnlyInternetGateway_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/12/09 14:22:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEgressOnlyInternetGateway_ -timeout 120m
=== RUN   TestAccAWSEgressOnlyInternetGateway_basic
--- PASS: TestAccAWSEgressOnlyInternetGateway_basic (32.67s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	32.692s
```

* provider/aws: Add IPV6 support to aws_subnet

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSubnet_'
% 1 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/27 19:08:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_
-timeout 120m
=== RUN   TestAccAWSSubnet_importBasic
--- PASS: TestAccAWSSubnet_importBasic (69.88s)
=== RUN   TestAccAWSSubnet_basic
--- PASS: TestAccAWSSubnet_basic (51.28s)
=== RUN   TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (90.39s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws211.574s
```

* provider/aws: Add support for running aws_instances with ipv6 addresses
2017-03-01 16:16:59 +00:00
Paul Stack 546b424d7d provider/aws: Allow aws_instances to be resized rather than forcing a (#11998)
new instance

Fixes: #9157

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_changeInstanceType'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/16 15:13:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_changeInstanceType -timeout 120m
=== RUN   TestAccAWSInstance_changeInstanceType
--- PASS: TestAccAWSInstance_changeInstanceType (303.85s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	303.876s
```
2017-02-16 16:43:09 +02:00
Timon Wong 80afc6759b provider/aws: Add "no_device" support to ephemeral block devices (#10547)
Fixes #8455, #5390

This add a new `no_device` attribute to `ephemeral_block_device` block,
which allows users omit ephemeral devices from AMI's predefined block
device mappings, which is useful for EBS-only instance types.
2016-12-08 11:03:51 +01:00
Tom Wilkie 8029931086 Do not return a root device for instance store backed AMIs. (#9483)
* Do not return a root device for instance store backed AMIs.

* Add root EC2 instance store acceptance test.
2016-12-01 15:53:14 +02:00
Modestas Vainius 7385fa9eac provider/aws: Support refresh of EC2 instance user_data.
Make sure to hash base64 decoded value since user_data might be given
either raw bytes or base64 value.

This helps https://github.com/hashicorp/terraform/issues/1887 somewhat
as now you can:

1) Update user_data in AWS console.
2) Respectively update user_data in terraform code.
3) Just refresh terraform state and it should not report any changes.
2016-10-12 15:19:25 -05:00
Brian Menges 17b16f543e Ignore IOPS on non io1 AWS devices (#7783)
- Already ignoring IOPS on ebs attached non-io1 devices; extended to root_block_device
- Added warning captured from #4146 / [../blob/master/builtin/providers/aws/resource_aws_ebs_volume.go#L104](resource_aws_ebs_volume.go#L104)
- Added test when setting IOPS to 330 (11GiB * 30 = 330) on GP2 root device results in AWS reported 100 IOPS (successfully ignored input)
2016-07-25 12:32:24 +01:00
clint shryock 5add35d654 provider/aws: Add Tags to Test AMIs to help debug leaks 2016-06-01 09:09:41 -05:00
Mitchell Hashimoto d85df63526
providers/aws: aws_instance id-only 2016-04-22 09:37:41 -07:00
clint shryock 2830558bc9 check resource data for base64 encoded string 2016-04-13 10:44:26 -05:00
Doug Neal 1c662c2bc4 [#4794] Don't Base64-encode EC2 userdata if it is already Base64 encoded (#6140)
* Don't Base64-encode EC2 userdata if it is already Base64 encoded

The user data may be Base64 encoded already - for example, if it has been
generated by a template_cloudinit_config resource.

* Add encoded user_data to aws_instance acceptance test
2016-04-13 10:20:20 -05:00
clint shryock 02ba1bf2d4 provider/aws: More Acc test updates
Working on the green

- randomize some Autoscaling lifecycle hook test names
- use vpc_security_group_ids for this test
2016-03-10 14:33:54 -06:00
Paul Hinze 4af2c5f5dd core: fix diff mismatch when RequiresNew field and list both change
fixes #1752

Includes AccTest reproducing example from the issue as well as a bunch
of explanatory comments in the tests and impls.
2016-01-19 15:38:04 -06:00
Paul Hinze c8319d3b72 provider/aws: fix CheckDestroy on aws_instance tests 2015-12-22 08:49:50 -06:00
clint shryock 4a5847f9ea providers/aws: Vet aws 2015-12-01 10:00:35 -06:00
Clint Shryock efa26ed2a7 provider/aws: Fix issue with disabling source dest check on first run 2015-10-01 17:00:30 -05:00
Clint Shryock 0c2f189d08 provider/aws: Update to aws-sdk 0.9.0 rc1 2015-08-17 13:27:16 -05:00
Clint Shryock 579ccbefea provider/aws: Update source to comply with upstream breaking change 2015-07-28 15:29:46 -05:00
Mitchell Hashimoto 0b3d249727 provider/aws: ignore providers with Meta nil
We changed the way validation works for providers so that they aren't
always configured if they have computed attributes. The result is that
sometimes the Configure won't be called, hence Meta is nil
2015-06-30 10:24:53 -07:00
Paul Hinze 020dc03234 provider/aws: fix root_block_device for odd AMIs
Some AMIs have a RootDeviceName like "/dev/sda1" that does not appear as a
DeviceName in the BlockDeviceMapping list (which will instead have
    something like "/dev/sda")

While this seems like it breaks an invariant of AMIs, it ends up working
on the AWS side, and AMIs like this are common enough that we need to
special case it so Terraform does the right thing.

Our heuristic is: if the RootDeviceName does not appear in the
BlockDeviceMapping, assume that the DeviceName of the first
BlockDeviceMapping entry serves as the root device.

fixes #2224
2015-06-23 09:01:41 -05:00
Clint Shryock 9885ac8689 provider/aws: Fix issue with associating KeyPairs with Instances 2015-06-10 14:02:26 -05:00
Paul Hinze 66c51d44f6 aws/provider convert _normal tests to _basic
For consistency!
2015-06-07 18:04:38 -05:00
Clint Shryock fcd89828f9 provider/aws: Correctly default Instance source_dest_check to true 2015-06-03 15:54:01 -05:00
Paul Hinze b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Paul Hinze 31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Paul Hinze e1ea427649 provider/aws: support ec2 termination protection
closes #1233
2015-05-15 15:20:58 -04:00
Clint Shryock f7b6b6b2b5 Strip 'sdk' suffix from methods; it's a remnant 2015-05-12 14:58:10 -05:00
Paul Hinze 010a39a58e provider/aws: remove placement_group from acctest
Depends on there being an existing placement group in the account called
"terraform-placement-group" - we'll need to circle back around to cover
this with AccTests after TF gets an `aws_placement_group` resource.
2015-05-06 10:13:24 -05:00
Clint Shryock 036d199dd6 provider/aws: Fix issue with updating VPC Security Group IDs for an Instance
Currently, we weren't correctly setting the ids, and are setting both
`security_groups` and `vpc_security_group_ids`. As a result, we really only use
the former.

We also don't actually update the latter in the `update` method.

This PR fixes both issues, correctly reading `security_groups` vs.
`vpc_security_group_ids` and allows users to update the latter without
destroying the Instance when in a VPC.
2015-04-29 10:03:57 -05:00
Mitchell Hashimoto 57af67b314 Merge pull request #1718 from ravenac95/encrypted-ebs-volume-fix
provider/aws: Fix connecting encrypted ebs volumes to aws_instances
2015-04-28 20:21:12 -07:00
Reuven V. Gonzales e8e42decc9 Added docs about m3.medium to tests 2015-04-28 15:19:31 -07:00
Reuven V. Gonzales 25ab54b4e3 Added tests to check for encrypted flag 2015-04-28 15:07:23 -07:00
Mitchell Hashimoto b755459ee3 Merge pull request #1358 from rzh/placement_group
provider/aws: support for AWS Placement Group
2015-04-22 08:20:43 +02:00
Matt Good 21b0a03d70 Support for multiple providers of the same type
Adds an "alias" field to the provider which allows creating multiple instances
of a provider under different names. This provides support for configurations
such as multiple AWS providers for different regions. In each resource, the
provider can be set with the "provider" field.

(thanks to Cisco Cloud for their support)
2015-04-20 14:14:34 -07:00
Clint Shryock ba43b7c963 mass search-replace of ec2SDKconn 2015-04-16 15:05:55 -05:00