* provider/aws: Fix hashing on CloudFront certificate parameters
Adding necessary type assertion to values on the viewer_certificate hash
function to ensure that certain fields are indeed not zero string
values, versus simply zero interface{} values (aka nil, as is such for a
map[string]interface{}).
* provider/aws: CloudFront complex structure error handling
Handle errors better on calls to d.Set() in the
aws_cloudfront_distribution, namely in flattenDistributionConfig(). Also
caught a bug in the setting of the origin attribute, was incorrectly
attempting to set origins.
* provider/aws: Pass pointers to set CloudFront primitives
Change a few d.Set() for primitives in aws_cloudfront_distribution and
aws_cloudfront_origin_access_identity to use the pointer versus a
dereference.
* docs: Fix CloudFront examples formatting
Ran each example thru terraform fmt to fix indentation.
* provider/aws: Remove delete retention on CloudFront tests
To play better with Travis and not bloat the test account with disabled
distributions.
Disable-only functionality has been retained - one can enable it with
the TF_TEST_CLOUDFRONT_RETAIN environment variable.
* provider/aws: CloudFront delete waiter error handling
The call to resourceAwsCloudFrontDistributionWaitUntilDeployed() on
deletion of CloudFront distributions was not trapping error messages,
causing issues with waiter failure.
* provider/aws: Default Network ACL resource
Provides a resource to manage the default AWS Network ACL. VPC Only.
* Remove subnet_id update, mark as computed value. Remove extra tag update
* refactor default rule number to be a constant
* refactor revokeRulesForType to be revokeAllNetworkACLEntries
Refactor method to delete all network ACL entries, regardless of type. The
previous implementation was under the assumption that we may only eliminate some
rule types and possibly not others, so the split was necessary.
We're now removing them all, so the logic isn't necessary
Several doc and test cleanups are here as well
* smite subnet_id, improve docs
As with several other sensitive values in Opsworks, the API returns a
placeholder value rather than a nil. To avoid writing the placeholder
value into the state we just skip updating the password on read, letting
whatever value was in the state persist.
This means that Terraform can't detect configuration drift where someone
has changed the password via some other means, but Terraform will still
be able to recognize changes to the password made within Terraform itself
due to the "last-written" value in the state.
This fixes#6192.
Other separate changes to testAccOpsworksStackConfigNoVpcCreate caused
this to begin failing because it was attempting to create a stack with
an empty name.
Previously in Update we would only set req.CustomJson if a non-empty
value was provided in the config. It seems that the Opsworks API considers
a null CustomJson to mean "do not change" rather than "set to empty",
so we need to explicitly set the empty string in the request body in
order to successfully remove an already-configured custom JSON.
* CloudFront implementation v3
* Update tests
* Refactor - new resource: aws_cloudfront_distribution
* Includes a complete re-write of the old aws_cloudfront_web_distribution
resource to bring it to feature parity with API and CloudFormation.
* Also includes the aws_cloudfront_origin_access_identity resource to generate
origin access identities for use with S3.
* Improve testing of CodeDeploy DeploymentGroup Trigger Configs
- ensure updates to trigger_events are applied
- assert changes to trigger_target_arn
* Retry CodeDeploy DeploymentGroup when Trigger Config SNS Topic is not available
- increase retries from 2 => 5
* Don't Base64-encode EC2 userdata if it is already Base64 encoded
The user data may be Base64 encoded already - for example, if it has been
generated by a template_cloudinit_config resource.
* Add encoded user_data to aws_instance acceptance test
* Issue #2174 Check that InternetGateway exists before returning from creation
Fix some random InvalidInternetGatewayID.NotFound errors
* Issue #2174 Reuse IGStateRefreshFunc
* Issue #2174 Need to wait for creation before setting tags
* provider/aws: CodeDeploy Deployment Group Triggers
- Create a Trigger to Send Notifications for AWS CodeDeploy Events
- Update aws_codedeploy_deployment_group docs
* Refactor validateTriggerEvent function and test
- also rename TestAccAWSCodeDeployDeploymentGroup_triggerConfiguration test
* Enhance existing Deployment Group integration tests
- by using built in resource attribute helpers
- these can get quite verbose and repetitive, so passing the resource to a function might be better
- can't use these (yet) to assert trigger configuration state
* Unit tests for conversions between aws TriggerConfig and terraform resource schema
- buildTriggerConfigs
- triggerConfigsToMap
* provider/aws: Add more Randomization to DB Parameter Group Tests, to avoid collisions
* provider/aws: Add more randomization to Autoscaling group tests
* provider/aws: test empty plan with sns_topic policy with random order
If we setup a sns_topic policy with a policy with a different order
to the one set by the AWS API, terraform plan will be not empty between
runs.
* provider/aws: normalize json policy for sns topic
For the policy attribute of the resource aws_sns_topic, AWS returns the policy
in JSON format with the fields in a different order.
If we store and compare the values without normalizing, terraform
will unnecesary trigger and update of the resource.
To avoid that, we must add a normalization function in the StateFunc of
the policy attribute and also when we read the attribute from AWS.
When calling AssociateAddress, the PrivateIpAddress parameter must be
used to select which private IP the EIP should associate with, otherwise
the EIP always associates with the _first_ private IP.
Without this parameter, multiple EIPs couldn't be assigned to a single
ENI. Includes covering test and docs update.
Fixes#2997
Previously the format string was using %#v, which prints the whole data structure given.
Instead we want to use %s to get the string representation of the error.
This fixes#6038.
Normalise the event_pattern of the aws_cloudwatch_event_rule resource
before uploading it to AWS.
AWS seems to accept a event_pattern with a JSON with new lines, but then
the rule does not seem to work. Creating the rule in the AWS console works,
but will setup the pattern as a json without newlines or spaces, and
display a formatted JSON.
Fix retry after removing associations by correctly checking and returning an
error. This should patch the VPC/Resource leak in our nightly acceptance tests.
The provider should, when working on a new repository without branches:
* Able to create a new repository even with default_branch defined.
* Able to create a new repository without default_branch, and do not fail
if default_branch is defined.
In AWS codecommit the default branch must have a value unless there are
no branches created, in which case it is not possible to set it to any value.
We query the existing branches and do not update the default branch
if there are none defined remotely.
This solves the issue of the initial creation of the repository with a
resource with `default_branch` defined.
AWS changed their error message, which was being used for detection of
the specific error that indicates we need to wait for IAM propagation.
Behavior is covered by a test now.
Fixes#5862
Unlike SimpleScaling policies, StepScaling policies require one or more
"steps", which are interval ranges in which a tracked metric can lie.
Policies can then execute scaling adjustments wedded to these steps.
This commit also adds a slew of additional policy attributes which are
only applicable to step policies.
Needed to truncate the identifier for SQL Server engines to keep it at
max 15 chars per the docs. Not a full UUID going into it, but should be
"unique enough" to not matter in practice.
Modified the basic test to use the generated value. Other tests are
still working w/ explicitly specified identifiers.
`publicly_accessible` to be changed
Also updated the AWS Go SDK from 1.1.9 -> 1.1.12 as this was required to
allow the new behavior for the Redshift API
Usage of a helper function was assuming that an error would be returned
in a not found condition, when in fact a nil pointer was
returned.
Attached test crashes w/o fix, passes with it.
Fixes#5350
Refs #5418
This should be quite helpful in debugging aws-sdk-go operations.
Required some tweaking around the `helper/logging` functions to expose an
`IsDebugOrHigher()` helper for us to use.
Change the `RetryFunc` from a plain `error` return type to a
specialized `RetryError` which must decide whether it is
retryable or not.
Add `RetryableError` / `NonRetryableError` factory functions that
callers are meant to use to build up these errors.
This makes it eminently clear whether or not a given error is
retryable from inside the client code.
Goal here is to _not_ change any behavior, simply reflect the
existing behavior with the new, clearer, API.
All of these RetryErrors were meant to fail right away, but instead
caused retry looping because the typecheck in the implementation of
`resource.Retry()` only catches the value type, and not the pointer
type.
Refs #5537
- ASG placement tests
- Randomize DynamoDB names in tests
- tag the sg created in this test to help identify in the console
- randomize policy and role names
This adds support for Elastic Beanstalk Applications, Configuration Templates,
and Environments.
This is a combined work of @catsby, @dharrisio, @Bowbaq, and @jen20
This commit uses Group Name in preference to Group ID where appropriate
in the aws_security_group_rule resource. This fixes the crash reported
in #5310.
Fixes#5310.
```
go tool vet -all .
builtin/providers/aws/resource_aws_elasticache_security_group.go:130: arg apierr.Code in printf call is a function value, not a function call
builtin/providers/aws/resource_aws_elasticache_subnet_group.go:155: arg apierr.Code in printf call is a function value, not a function call
```
Pull CIDR block validation into a shared func ready to be used elsewhere
Example of new err message:
```
Errors:
* aws_vpc.foo: "cidr_block" must contain a valid network CIDR,
expected "10.0.0.0/16", got "10.0.1.0/16"
```
There can only be a single access_log configuration per load balancer
so choosing to use a list over a set is only relevant when comparing
changes during a plan. A list makes it much easier to compare updates
since the index is stable (0 vs. computed hash).
This test presents itself in an awkward manner as part of the AWS test
suite rather than the core test suite - this is because you cannot use
real providers in context tests because of circular references, and
simplistic test providers in that package do not demonstrate the issue.
In the interests of getting this fix in quickly and still having
regression coverage for it, it was agreed to include the change here
instead.
Running the test TestAccAWSVPC_coreMismatchedDiffs without the changes
in d95ab75 applied leads to the following output:
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run TestAccAWSVPC_coreMismatchedDiffs"
==> Checking that code complies with gofmt requirements...
/Users/James/Code/go/bin/stringer
GO15VENDOREXPERIMENT=1 go generate $(GO15VENDOREXPERIMENT=1 go list ./... | grep -v /vendor/)
TF_ACC=1 GO15VENDOREXPERIMENT=1 go test ./builtin/providers/aws -v -run TestAccAWSVPC_coreMismatchedDiffs -timeout 120m
=== RUN TestAccAWSVPC_coreMismatchedDiffs
--- FAIL: TestAccAWSVPC_coreMismatchedDiffs (2.26s)
testing.go:148: Step 0 error: Error applying: 1 error(s) occurred:
* aws_vpc.test: diffs didn't match during apply. This is a bug with Terraform and should be reported.
FAIL
exit status 1
FAIL github.com/hashicorp/terraform/builtin/providers/aws 2.281s
make: *** [testacc] Error 1
```
Applying the changes in d95ab75 (pull request GH-4965) yields the
following result when running the test:
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run TestAccAWSVPC_coreMismatchedDiffs"
==> Checking that code complies with gofmt requirements...
/Users/James/Code/go/bin/stringer
GO15VENDOREXPERIMENT=1 go generate $(GO15VENDOREXPERIMENT=1 go list ./... | grep -v /vendor/)
TF_ACC=1 GO15VENDOREXPERIMENT=1 go test ./builtin/providers/aws -v -run TestAccAWSVPC_coreMismatchedDiffs -timeout 120m
=== RUN TestAccAWSVPC_coreMismatchedDiffs
--- PASS: TestAccAWSVPC_coreMismatchedDiffs (15.17s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 15.183s
```
The test has a rather misleading name ("AWS") such that it is actually run as
part of the nightly acceptance testing. The VPC resource is quick and free to
create, hence the selection.
The AWS free tier allows up to 750 hours on t2.micro
instance types. It's better to use cheaper instances
in case the resources are not cleaned up if a tests
is canceled or crashes.
There can only be a single health_check configuration per load balancer
so choosing to use a list over a set is only relevant when comparing
changes during a plan. A list makes it much easier to compare updates
since the index is stable (0 vs. computed hash).
Removes overspecified config that is unrelated to testing the auto scaling
group's autogenerated name. The test is only concerned with checking that
the auto scaling group was created successfully with an autogenerated name
matching a specific pattern.
Removes overspecified config that is unrelated to the auto scaling
group's availability zone and VPC identifier acceptance tests. The
created auto scaling groups do not need to spin up any hosts since
the acceptance tests are only concerned with checking the existence
of the associated availability zones and VPC identifiers.
Fixes a diff calculation error when only a VPC zone
identifiers is provided. In this case the associated
availability zones are computed from the subnets per
the AWS documentation.
This is a follow up on #4892 with tests that demonstrate creating a record and a zone, then destroying said record, and confirming that a new plan is generated, using the ExpectNonEmptyPlan flag
This simulates the bug reported in #4641 by mimicking the state file that one would have if they created a record with Terraform v0.6.6, which is to say a weight = 0 for a default value.
When upgrading, there would be an expected plan change to get that to -1. To mimic the statefile we apply the record and then in a follow up step change the attributes directly. We then try to delete the record.
I tested this by grabbing the source of aws_resource_route53.go from Terraform v0.6.9 and running the included test, which fails. The test will pass with #4892 , because we no longer reconstruct what the record should be based on the state (instead finding via the API and elimination/matching)
throw an error:
* aws_sns_topic_subscription.checker: NotFound: Subscription does not
* exist
status code: 404, request id: b8ca0c27-1a62-57b3-8b96-43038a0ead86
Terraform wasn't refreshing the state when the topic gave a 404
It was a mistake to switched fully to `==` when activating waiting for
capacity on updates in #3947. Users that didn't set `min_elb_capacity ==
desired_capacity` and instead treated it as an actual "minimum" would
see timeouts for every create, since their target numbers would never be
reached exactly.
Here, we fix that regression by restoring the minimum waiting behavior
during creates.
In order to preserve all the stated behavior, I had to split out
different criteria for create and update, criteria which are now
exhaustively unit tested.
The set of fields that affect capacity waiting behavior has become a bit
of a mess. Next major release I'd like to rework all of these into a
more consistently named block of config. For now, just getting the
behavior correct and documented.
(Also removes all the fixed names from the ASG tests as I was hitting
collision issues running them over here.)
Fixes#4792
of the database after creation. So we need to be able to
set the CharacterSetName on creation.
This is an option and will automagically default to
AL32UTF8.
The AWS SDK will give you an error message if you try to
apply this setting to other engines. The patch will only
report the character_set_name attribute, if CharacterSetName
is set on the instance.
Signed-off-by: Lars Bahner <lars.bahner@gmail.com>