Commit Graph

3414 Commits

Author SHA1 Message Date
Mitchell Hashimoto e014cf3d83 providers/aws: cloudfront distribution 404 should mark as gone (#10281) 2016-12-05 13:31:05 +00:00
Kit Ewbank 26d0525e82 Add new aws_vpc_endpoint_route_table_association resource (#10137)
* Add new aws_vpc_endpoint_route_table_association resource.

This commit adds a new resource which allows to a list of route tables to be
either added and/or removed from an existing VPC Endpoint. This resource would
also be complimentary to the existing `aws_vpc_endpoint` resource where the
route tables might not be specified (not a requirement for a VPC Endpoint to
be created successfully) during creation, especially where the workflow is
such where the route tables are not immediately known.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

Additions by Kit Ewbank <Kit_Ewbank@hotmail.com>:

* Add functionality
* Add documentation
* Add acceptance tests
* Set VPC endpoint route_table_ids attribute to "Computed"

* Changes after review - Set resource ID in create function.

* Changes after code review by @kwilczynski:
* Removed error types and simplified the error handling in 'resourceAwsVPCEndpointRouteTableAssociationRead'
* Simplified logging in 'resourceAwsVPCEndpointRouteTableAssociationDelete'
2016-12-05 12:55:37 +00:00
Ninir c250c10d4e Force the master username & password to be defined when not in a restore mode 2016-12-04 19:04:26 +01:00
clint shryock 44ffe71695 provider/aws: Add Lightsail Instance
Adds initial support for AWS Lightsail Instances
2016-12-02 16:35:57 -06:00
Ninir 615da28b6e provider/aws: Fixed Lambda environment removal 2016-12-02 14:36:55 +01:00
Ninir 1d090eb1ab provider/aws: Added s3 bucket region attribute management (#10482) 2016-12-02 14:22:47 +02:00
Jan Schumann 2e83eb1cfe fix #9104 (#10394) 2016-12-02 13:53:06 +02:00
Jan Schumann b8caddda21 provider/aws resource_aws_opsworks_application does not accept document_root parameter (#10477)
* switched to stack in vpc

* validate also on update

* validate attributes based on app type
2016-12-02 13:45:10 +02:00
Paul Stack ac257b8048 provider/aws: Fix aws_iam_role_test config (#10464)
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRole_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/12/01 17:17:31 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRole_
-timeout 120m
=== RUN   TestAccAWSRole_basic

--- PASS: TestAccAWSRole_basic (15.38s)
=== RUN   TestAccAWSRole_namePrefix
--- PASS: TestAccAWSRole_namePrefix (14.89s)
=== RUN   TestAccAWSRole_testNameChange
--- PASS: TestAccAWSRole_testNameChange (34.43s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws64.729s
```
2016-12-01 18:22:05 +02:00
stack72 4e0ebfde3f
provider/aws: removal of the duplicate import aws_iam_instance_profile test 2016-12-01 16:55:53 +02:00
stack72 a4dba89553
provider/aws: Fixing the broken build of the aws_iam_policy resource 2016-12-01 16:50:28 +02:00
stack72 7497a295b8
provider/aws: Fixing the broken build of the aws_iam_role resource 2016-12-01 16:46:01 +02:00
stack72 8369ab44ec
provider/aws: Fixing the broken build of the aws_iam_policy resource 2016-12-01 16:44:40 +02:00
Tom Wilkie 71e8cffeea
Allow importing of aws_iam_role, aws_iam_role_policy, aws_iam_policy and aws_iam_instance_profile 2016-12-01 16:41:23 +02:00
Raymond Fallon 7b672d4656 Automatic Rollback of CodeDeploy deployments and CloudWatch Alarms for a Deployment Group (#9039)
* provider/aws: Add DeploymentRollback as a valid TriggerEvent type

* provider/aws: Add auto_rollback_configuration to aws_codedeploy_deployment_group

* provider/aws: Document auto_rollback_configuration

  - part of aws_codedeploy_deployment_group

* provider/aws: Support removing and disabling auto_rollback_configuration

  - part of aws_codedeploy_deployment_group resource
  - when removing configuration, ensure events are removed
  - when disabling configuration, preserve events in case configuration is re-enabled

* provider/aws: Add alarm_configuration to aws_codedeploy_deployment_group

* provider/aws: Document alarm_configuration

  - part of aws_codedeploy_deployment_group

* provider/aws: Support removing alarm_configuration

  - part of aws_codedeploy_deployment_group resource
  - disabling configuration doesn't appear to work...

* provider/aws: Refactor auto_rollback_configuration tests

  - Add create test
  - SKIP failing test for now
  - Add tests for build & map functions

* provider/aws: Refactor new aws_code_deploy_deployment_group tests

  - alarm_configuration and auto_rollback_configuration only
  - add assertions to deployment_group basic test
  - rename config funcs to be more easy to read
  - group public tests together

* provider/aws: A max of 10 alarms can be added to a deployment group.

  - aws_code_deploy_deployment_group.alarm_configuration.alarms
  - verified this causes test failure with expected exception

* provider/aws: Test disabling alarm_configuration and auto_rollback_configuration

  - the tests now pass after rebasing the latest master branch
2016-12-01 16:12:14 +02:00
Tom Wilkie 8029931086 Do not return a root device for instance store backed AMIs. (#9483)
* Do not return a root device for instance store backed AMIs.

* Add root EC2 instance store acceptance test.
2016-12-01 15:53:14 +02:00
Colin Woodbury a5f8352e11 Increase `aws_emr_cluster` timeout to 75 minutes (#10444) 2016-12-01 12:05:40 +02:00
Paul Stack 83abf5b16a provider/aws: Support import of aws_iam_instance_profile (#10436)
Fixes #10341

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMInstanceProfile_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/30 14:32:59 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSIAMInstanceProfile_ -timeout 120m
=== RUN   TestAccAWSIAMInstanceProfile_importBasic
--- PASS: TestAccAWSIAMInstanceProfile_importBasic (20.22s)
=== RUN   TestAccAWSIAMInstanceProfile_basic
--- PASS: TestAccAWSIAMInstanceProfile_basic (18.71s)
=== RUN   TestAccAWSIAMInstanceProfile_namePrefix
--- PASS: TestAccAWSIAMInstanceProfile_namePrefix (18.58s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws57.535s
```
2016-12-01 09:01:15 +02:00
Anshul Sharma a886b630a0 IPv6 Support To Cloudfront (#10332)
* Added IPv6 Support To Cloudfront

* Added IPv6 docs to cloudfront
2016-11-30 14:13:30 +02:00
Ninir 5481e9ecb3 provider/aws: Enforced kms_key_* attributes to be ARNs (#10356)
* Added kms_key_* validation to force ARNs

* Added Redshift Cluster KMS key test

* Added cloudtrail kms key test

* Added EBS volume kms key

* Added Elastic Transcoder Pipeline kms key arn test
2016-11-30 13:50:26 +02:00
cagriy 8cdafe0508 typo corrected in structure.go (#10415) 2016-11-29 15:49:34 +00:00
Mathieu Herbert aec4e56f68
provider/aws: data source for AWS Route Table 2016-11-28 18:07:38 +00:00
James Nugent aa8c2ac587 provider/aws: Randomize names for Parameter Group tests
This should allow tests to run concurrently.
2016-11-25 21:48:54 +00:00
James Nugent 08b860290a provider/aws: Generate random names for Beanstalk tests resources (#10367)
* provider/aws: Generate name for TestAccElasticBeanstalkApplicationImport

This allows tests to run concurrently.

* provider/aws: Generate names for TestAWSElasticBeanstalkEnvironment_importBasic

This allows tests to run concurrently.
2016-11-25 15:44:41 +00:00
Paul Stack b77dac5ab8 provider/aws: Randomize redshift subnet group test names (#10366) 2016-11-25 15:37:19 +00:00
Paul Stack 3d3609c271 provider/aws: Fixing up acceptance tests after seeing concurrent (#10362)
failures

* codecommit
* cloudwatch_logs
2016-11-25 12:50:19 +00:00
Dan Everton 3be29ab5d0 Handle empty Lambda environment. (#10306)
The Lambda environment will be nil if the function has never had an
environment applied. Fixes #10302
2016-11-23 18:36:16 +02:00
Kit Ewbank 7319968f5f Skip VPC endpoint routes when removing default route table's routes. (#10303) 2016-11-23 18:12:59 +02:00
clint shryock 2eb132c55a provider/aws: Patch issue with enable dns support 2016-11-22 13:44:44 -06:00
Masayuki Morita f85e0b7249 Add JSON validation to the aws_iam_policy resource (#10239)
Although the aws_iam_policy has a problem of normalization (refs #8350),
I think it would be useful simply to add JSON syntax validation.
I wasted a lot of time with JSON syntax errors.

Validate the aws_iam_policy using the validateJsonString helper.
2016-11-22 13:35:15 +02:00
Ninir b52813b639 provider/aws: added auto_minor_version_upgrade on aws_rds_cluster_instance (#10284) 2016-11-22 13:33:01 +02:00
clint shryock dede6f7302 provider/aws: Reformat and detect drift for Lambda VPC, environment 2016-11-21 17:10:32 -06:00
Ninir ab9059564c provider/aws: Added Lambda Environment configuration 2016-11-21 22:23:39 +01:00
Paul Stack b3fad6a68c provider/aws: Addition of suspended_processes to aws_autoscaling_group (#10096)
Fixes #8954

Addition of the support of autoScaling group suspended_processes
2016-11-21 17:02:20 +02:00
Paul Stack 7fde952d02 provider/aws: New Resource aws_ebs_snapshot (#10017)
* provider/aws: Add ability to create aws_ebs_snapshot

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSSnapshot_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:18:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSSnapshot_
-timeout 120m
=== RUN   TestAccAWSEBSSnapshot_basic
--- PASS: TestAccAWSEBSSnapshot_basic (31.56s)
=== RUN   TestAccAWSEBSSnapshot_withDescription
--- PASS: TestAccAWSEBSSnapshot_withDescription (189.35s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws220.928s
```

* docs/aws: Addition of the docs for aws_ebs_snapshot resource

* provider/aws: Creation of shared schema funcs for common AWS data source
patterns

* provider/aws: Create aws_ebs_snapshot datasource

Fixes #8828

This data source will use a number of filters, owner_ids, snapshot_ids
and restorable_by_user_ids in order to find the correct snapshot. The
data source has no real use case for most_recent and will error on no
snapshots found or greater than 1 snapshot found

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsSnapshotDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:34:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsSnapshotDataSource_ -timeout 120m
=== RUN   TestAccAWSEbsSnapshotDataSource_basic
--- PASS: TestAccAWSEbsSnapshotDataSource_basic (192.66s)
=== RUN   TestAccAWSEbsSnapshotDataSource_multipleFilters
--- PASS: TestAccAWSEbsSnapshotDataSource_multipleFilters (33.84s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws226.522s
```

* docs/aws: Addition of docs for the aws_ebs_snapshot data source

Adds the new resource `aws_ebs_snapshot`
2016-11-21 12:40:22 +02:00
Chris Marchesi 67d162a126 provider/aws: aws_autoscaling_group ALB target group support (#10243)
This update adds ALB support to the
wait_for_elb_capacity/min_elb_capacity options. Target groups are
handled in nearly the same way as Classic ELBs, so the change should be
transparent. This supports both ALB target groups and classic ELBs being
attached to the ASG at the same time.
2016-11-21 11:50:58 +02:00
Kit Ewbank 7330d65678 provider/aws Return service CIDR blocks from aws_vpc_endpoint resource. (#10254) 2016-11-21 10:43:56 +02:00
Chris Marchesi 4845f8de39 provider/aws: Add aws_alb data source (#10196)
* provider/aws: Add aws_alb data source

This adds the aws_alb data source for getting information on an AWS
Application Load Balancer.

The schema is nearly the same as the resource of the same name, with
most of the resource population logic de-coupled into its own function
so that they can be shared between the resource and data source.

* provider/aws: aws_alb data source language revisions

 * Multiple/zero result error slightly updated to be a bit more
   specific.
 * Fixed relic of the copy of the resource docs (resource -> data
   source)
2016-11-21 10:27:44 +02:00
Richard Henning 2a5e1d400d provider/aws: Remove IAM user's MFA devices with `force_destroy` #5908 (#10262)
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:

```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
    status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```

This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok  	github.com/rhenning/terraform/builtin/providers/aws	20.840s
```
2016-11-21 10:17:27 +02:00
Kit Ewbank fd8d41f6a5 Add note to aws_security_group data source describing the default security group for a VPC. (#10247)
Add a corresponding acceptance test.
2016-11-20 16:28:11 +02:00
Kit Ewbank 3255921b6e aws_prefix_list data source - Add ability to select PL by name. (#10248) 2016-11-20 16:21:55 +02:00
Chris Marchesi 3ac05a539b provider/aws: Add aws_alb_listener data source (#10181)
* provider/aws: Add aws_alb_listener data source

This adds the aws_alb_listener data source to get information on an AWS
Application Load Balancer listener.

The schema is slightly modified (only option-wise, attributes are the
same) and we use the aws_alb_listener resource read function to get the
data.

Note that the HTTPS test here may fail due until
hashicorp/terraform#10180 is merged.

* provider/aws: Add aws_alb_listener data source docs

Now documented.
2016-11-18 13:01:21 +02:00
Chris Marchesi 99528f17cd provider/aws: Add CertificateNotFound retry waiter to aws_alb_listener (#10180)
Looks like sometimes it takes some time for IAM certificates to
propagate, which can cause errors on ALB listener creation.
Possibly same thing as hashicorp/terraform#5178, but for ALB
now instead of ELB.

This was discovered via acceptance tests, specifically the
TestAccAWSALBListener_https test. Updated the creation process to wait
on CertificateNotFound for a max of 5min.
2016-11-17 14:49:41 +02:00
Andrew Garrett 3822c69995 Add name_prefix to aws_iam_policy (#10178)
This is intended to behave the same way as name_prefix does in
aws_iam_role.

Fixes #10176
2016-11-17 14:03:03 +02:00
Clint d004a24659 Merge pull request #10171 from Ninir/vpc_enable_dns_support
provider/aws: Fixed the aws_vpc enable_dns_support handling on creation
2016-11-16 13:41:35 -06:00
Ninir 281eba72ad provider/aws: Fixed the aws_vpc enable_dns_support handling on creation 2016-11-16 20:05:49 +01:00
Ninir 3d56d20d82 Added retry_option for aws_kinesis_firehose_stream redshift_configuration 2016-11-15 10:55:02 -06:00
Clint 665ca05bf6 Merge pull request #10112 from Ninir/aws_kinesis_firehose_stream_buffer_option
provider/aws: kinesis_firehose_delivery_stream: Fixed ES buffering_interval option
2016-11-15 09:55:12 -06:00
Justin Nauman e36f424af3 GH-7311 - Increasing deletion timeout wait
- Per our discussion around the PR to increase this initially, we
weren't sure if 1 minute would be sufficient.  Well, it turns out it
wasn't for me today (we don't delete these often so not sure how
often people run into this).

Picking another somewhat arbitrary value of 5 minutes in the hopes
that it will be sufficient (today it took a little over 2 minutes).
2016-11-15 09:11:28 -06:00
Jeremy Asher ece6f30a21 increase aws_lambda_function timeout
Since the Lambda CreateFunction call may include an up to 50MB payload,
the request can easily take more than a minute.  This increases the
timeout to 10 minutes.
2016-11-14 15:50:39 -08:00
Ninir e077e4b260 provider/aws: fixed buffering_interval option 2016-11-14 22:18:11 +01:00
Paul Stack ecb2b74c37 Merge pull request #9534 from Ninir/aws_apigw_deployment_date
provider/aws: 	Exposed aws_api_gateway_deployment.created_date attribute
2016-11-14 12:11:59 +00:00
Paul Stack 24231333d3 Exposed AWS API GW REST Api created_date attribute (#9532) 2016-11-14 12:09:28 +00:00
Ninir a88b25cfcf Exposed AWS API GW REST Api created_date attribute 2016-11-14 11:56:41 +01:00
Ninir 6fb63f2854 Exposed aws_api_gateway_deployment.created_date attribute 2016-11-14 11:21:36 +01:00
Ninir 932c92e4c6 Exposed aws_api_gateway_api_key created_date & last_updated_date (#9530) 2016-11-14 12:03:56 +02:00
Ninir d8e846c895 Fixed ##10079 exposing aws_iam_role create_date attribute (#10091) 2016-11-14 11:33:53 +02:00
Paul Stack 3472cab7d6 provider/aws: Fix panic in aws_acm_certificate datasource (#10051)
Fixes #10042
Fixes #9989

Another panic was found with this resource. IT essentially was causing a
panic when no certificates were found. This was due to the casting of
status to []string

There are times when there are no statuses passed in. Made the error
message a lot more generic now rather than having something like this

```

No certificate with statuses [] for domain mytestdomain.com found in this region.
```

This now becomes:

```
No certificate for domain mytestdomain.com found in this region.
```

Also, added a test to show that the panic is gone

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAcmCertificateDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/11 15:11:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAwsAcmCertificateDataSource_ -timeout 120m
=== RUN   TestAccAwsAcmCertificateDataSource_noMatchReturnsError
--- PASS: TestAccAwsAcmCertificateDataSource_noMatchReturnsError (6.07s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws6.094s
```
2016-11-11 16:07:50 +02:00
Andreas Skarmutsos Lindh 5e32c144d5
Ignore AWS specific tags
Allows us to adopt resources created with CloudFormation.

Extend AWS specific tag ignoring to all tags*

Ignore AWS specific tags for autoscaling
2016-11-11 15:40:09 +02:00
Anshul Sharma e1919edbb3 Allow underscore in database_name [redshift] (#10019)
* allow underscore in database_name [redshift]

Fixes #10009

* Added Test Cases To Validate Redshift DBName

* Remove Old Test Cases Regarding Redshift DBName Validation

* Added More Test Cases For Redshift DBName
2016-11-11 11:59:00 +02:00
clint shryock 303b07e61f provider/aws: Update AutoScaling Schedule test files to avoid conflicts 2016-11-10 11:36:57 -06:00
stack72 e02960810d
provider/aws: Rename zone_id to hosted_zone_id in aws_db_instance
Also added a test to prove that the computed value gets set

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 06:26:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_basic -timeout 120m
=== RUN   TestAccAWSDBInstance_basic
--- PASS: TestAccAWSDBInstance_basic (634.33s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws634.347s
```
2016-11-10 06:41:43 +00:00
Michel Rasschaert 62ea843ff3 zone_id exported attribute for db_instance resource 2016-11-09 19:54:09 +01:00
Paul Stack 643d42c412 provider/aws: AWS IAM, User and Role allow + in the name (#9991)
Fixes #9985

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestValidateIamUserName'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/09 12:12:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestValidateIamUserName
-timeout 120m
=== RUN   TestValidateIamUserName
--- PASS: TestValidateIamUserName (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws0.026s
```
2016-11-09 15:54:15 +00:00
Paul Stack d66359b046 provider/aws: Fix panic when passing statuses to aws_acm_certificate (#9990)
Fixes #9989

When passing a list of statuses to the acm_certificate data source, we
were trying to cast a schema.TypeList directly to []string

We need to do it via an []interface{} and then cast to string when
ranging over the results. Without this, we get a panic
2016-11-09 15:53:36 +00:00
Nick Santamaria 8949419bef provider/aws: Add key_name_prefix argument to aws_key_pair resource (#9993)
* Added key_name_prefix to aws_key_pair resource schema.

* Added logic to prefix the aws_key_pair name on create.

* Added aws_key_pair test config for key_name_prefix case.

* Copied test cases from testAccAWSSecurityGroup namespace.

* Modified copied test case to suit aws_key_pair resource.

* Changed required flag to optional on key_name argument for aws_key_pair resource.

* Added documentation for key_name_prefix argument.

* Code style fix.

* Fixed undefined variable error in test.
2016-11-09 15:35:51 +00:00
ddcprg 27527ef3cb EMR Cluster - core_instance_count doesn't actually refer to core instances 2016-11-09 08:47:23 -06:00
jmasseo 77ca7001a8 removing toLower from flattenElastiCacheParameters - aws_elasticache_parameter_group parameters can be case sensitive (#9820) 2016-11-09 11:34:00 +00:00
Paddy 78f8fea1fa Merge pull request #9950 from optimisticanshul/9928-aws-redshift-enhanced-vpc-routing
Added AWS Redshift Enhanced VPC Routing
2016-11-08 11:02:37 -08:00
Clint 81e599e53f Merge pull request #9600 from HotelsDotCom/master
AWS EMR resource - Support for Service Access Security Group
2016-11-08 11:36:03 -06:00
Anshul Sharma e9821eaced Updated Redshift Documentation and Added Test Cases for Redshift Enchaned VPC routing 2016-11-08 18:13:10 +05:30
Anshul Sharma 1030cc1344 Added AWS Redshift Enhanced VPC Routing 2016-11-08 17:36:29 +05:30
Paul Stack 38cd7947b6 provider/aws: Fix the validateFunc of aws_elasticache_replication_group (#9918)
Fixes #9895

The replication_group_id should allow length to be max of 20 not 16

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestResourceAWSElastiCacheReplicationGroupIdValidation'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 16:17:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestResourceAWSElastiCacheReplicationGroupIdValidation -timeout
120m
=== RUN   TestResourceAWSElastiCacheReplicationGroupIdValidation
--- PASS: TestResourceAWSElastiCacheReplicationGroupIdValidation (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws0.032s
```
2016-11-07 21:02:00 +00:00
Paul Stack c0442ee63f provider/aws: aws_alb_target_group arn_suffix missing the targetgroup (#9911)
The work to add the arn_suffix in #9734 skipped adding the targetgroup/
part of the arn

This PR adds it

//cc @firthh

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 12:19:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.23s)
=== RUN   TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (80.09s)
=== RUN   TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (87.45s)
=== RUN   TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (78.47s)
=== RUN   TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (73.53s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (75.60s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (76.40s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	518.777s
```
2016-11-07 20:17:43 +00:00
Paul Stack 3f032ff611 provider/aws: Setting static_routes_only on import of vpn_connection (#9802)
fixes #9110

An error was found where, static_routes_only was not set on a vpn
connection import. This commit introduces setting the static_routes_only
to false when no Options are found. This follows the AWS convention as follows:

```
- options (structure)

Indicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify true .
Default: false

```

So we take it that `static_options_only` is false by default

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 10:38:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN   TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (178.29s)
=== RUN   TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.81s)
=== RUN   TestAccAWSVpnConnection_withoutStaticRoutes
--- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (195.45s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	710.572s
```
2016-11-07 16:12:41 +00:00
Masayuki Morita f68d5e82f3 provider/aws: Fix bug #9863 destroying aws_iam_user with force_destroy does not work (#9900) 2016-11-07 10:37:32 +00:00
Paddy a15726d069 Merge pull request #9857 from hashicorp/paddy_8822_fix_spot_fleet_ebs
provider/aws: Fix hashing of EBS volumes in spot fleet requests to prevent panics
2016-11-04 09:38:38 -07:00
Mitchell Hashimoto 125b7f4d44 Merge pull request #9806 from hashicorp/f-modify-aws-user-agent
provider/aws: Modify AWS User-Agent to new format
2016-11-04 08:50:15 -07:00
Clint abcc766344 Merge pull request #9871 from hashicorp/b-aws-opsworks-tests
provider/aws: Decouple and randomize OpsWorks test configs
2016-11-04 09:40:48 -05:00
clint shryock 639a088897 provider/aws: Decouple and randomize OpsWorks test configs 2016-11-04 09:33:07 -05:00
James Nugent 3361047e38 provider/aws: Address acm_certificate review items 2016-11-03 20:01:46 -04:00
Paul Hinze ccd745c96f provider/aws: New Data Source: aws_acm_certificate
Use this data source to get the ARN of a certificate in AWS Certificate
Manager (ACM). The process of requesting and verifying a certificate in ACM
requires some manual steps, which means that Terraform cannot automate the
creation of ACM certificates. But using this data source, you can reference
them by domain without having to hard code the ARNs as input.

The acceptance test included requires an ACM certificate be pre-created
in and information about it passed in via environment variables. It's a
bit sad but there's really no other way to do it.
2016-11-03 19:34:19 -04:00
Paddy 7d06ea8449 Fix EBS block device hashing in spot fleet requests.
When computing the set key for an EBS block device, we were using
the wrong function; we had hashEphemeralBlockDevice instead of
hashEbsBlockDevice. This caused a panic by trying to access the
virtual_name attribute that will never be set for EBS block
devices.

To fix this, I switched to the hashEbsBlockDevice function, which
is already being used to compute a Set key in the Schema. But in
the default case, where the snapshot_id attribute isn't specified,
this also caused a panic. I updated the way the string to hash is
generated to check for the existence of the device_name and
snapshot_id attributes before we use them, to avoid panics when
these optional attributes aren't set.
2016-11-03 16:24:19 -07:00
Paddy 24dd4273c7 Add an acceptance test for adding EBS volumes to a spot fleet req
Spot fleet requests can have EBS volumes attached to them, and at
the moment we're getting reports that crashes can be experienced
with them. This adds an acceptance test that exercises creating
a Spot Fleet request that has a non-instance EBS volume attached.
This successfully reproduces the panic.
2016-11-03 16:19:50 -07:00
Justin Nauman 9e11b59814 provider/aws: aws_autoscaling_attachment resource (#9146)
* GH-8755 - Adding in support to attach ASG to ELB as independent action

* GH-8755 - Adding in docs

* GH-8755 - Adjusting attribute name and responding to other PR feedback
2016-11-03 13:08:49 +00:00
James Nugent 549993147f Merge pull request #9822 from hashicorp/paddy_8502_sni
provider/aws: Add the enable_sni attribute for Route53 health checks.
2016-11-02 23:38:01 -04:00
Paddy 42049e984f provider/aws: Add the enable_sni attribute for Route53 health checks.
In #8502 it was requested that we add support for the EnableSNI
parameter of Route53's health checks; this enables customers to
manually specify whether or not the health check will use SNI when
communicating with the endpoint.

The customer originally requested we default to `false`. While
implementing the issue, I discovered that when creating health
checks with a Type set to HTTP, Amazon's default value for EnableSNI
is `false`. However, when creating health checks with a Type set to
HTTPS, Amazon's default value is `true`. So rather than setting a
default value, I made the attribute computed.
2016-11-02 16:23:35 -07:00
clint shryock d120e1a38a provider/aws: Fix TestAccAWSAPIGatewayDomainName_basic test 2016-11-02 16:23:39 -05:00
Paul Stack c5bd727f03 provider/aws: Allows aws_alb security_groups to be updated (#9804)
Fixes #9658
Fixes #8728

Originally, this would ForceNew as follows:

```
-/+ aws_alb.alb_test
    arn:                        "arn:aws:elasticloadbalancing:us-west-2:187416307283:loadbalancer/app/test-alb-9658/3459cd2446b76901" => "<computed>"
    arn_suffix:                 "app/test-alb-9658/3459cd2446b76901" => "<computed>"
    dns_name:                   "test-alb-9658-1463108301.us-west-2.elb.amazonaws.com" => "<computed>"
    enable_deletion_protection: "false" => "false"
    idle_timeout:               "30" => "30"
    internal:                   "false" => "false"
    name:                       "test-alb-9658" => "test-alb-9658"
    security_groups.#:          "2" => "1" (forces new resource)
    security_groups.1631253634: "sg-3256274b" => "" (forces new resource)
    security_groups.3505955000: "sg-1e572667" => "sg-1e572667" (forces new resource)
    subnets.#:                  "2" => "2"
    subnets.2407170741:         "subnet-ee536498" => "subnet-ee536498"
    subnets.2414619308:         "subnet-f1a7b595" => "subnet-f1a7b595"
    tags.%:                     "1" => "1"
    tags.TestName:              "TestAccAWSALB_basic" => "TestAccAWSALB_basic"
    vpc_id:                     "vpc-dd0ff9ba" => "<computed>"
    zone_id:                    "Z1H1FL5HABSF5" => "<computed>"

Plan: 1 to add, 0 to change, 1 to destroy.
```

When the ALB was ForceNew, the ARN changed. The test has been updated to include a check to make sure that the ARNs are the same after the update

After this change, it looks as follows:

```
~ aws_alb.alb_test
    security_groups.#:          "1" => "2"
    security_groups.1631253634: "" => "sg-3256274b"
    security_groups.3505955000: "sg-1e572667" => "sg-1e572667"

Plan: 0 to add, 1 to change, 0 to destroy.
```

Test Results:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'                                                                                                                                ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 12:20:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (64.25s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (65.04s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (67.02s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (96.06s)
=== RUN   TestAccAWSALB_updatedSecurityGroups
--- PASS: TestAccAWSALB_updatedSecurityGroups (101.61s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (59.83s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (162.65s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	616.489s
```
2016-11-02 16:11:12 +00:00
clint shryock 5cd40bce30 provider/aws: Modify AWS User-Agent to new format 2016-11-02 10:43:35 -05:00
Paul Stack 6649b938da provider/aws: Provide the option to skip_destroy on aws_volume_attachment (#9792)
* provider/aws: Provide the option to skip_destroy on
aws_volume_attachment

When you want to attach and detach pre-existing EBS volumes to an
instance, we would do that as follows:

```
resource "aws_instance" "web" {
	ami = "ami-21f78e11"
  availability_zone = "us-west-2a"
	instance_type = "t1.micro"
	tags {
		Name = "HelloWorld"
	}
}

data "aws_ebs_volume" "ebs_volume" {
  filter {
  	name = "size"
  	values = ["${aws_ebs_volume.example.size}"]
  }
  filter {
  	name = "availability-zone"
  	values = ["${aws_ebs_volume.example.availability_zone}"]
  }
  filter {
  	name = "tag:Name"
  	values = ["TestVolume"]
  }
}

resource "aws_volume_attachment" "ebs_att" {
  device_name = "/dev/sdh"
	volume_id = "${data.aws_ebs_volume.ebs_volume.id}"
	instance_id = "${aws_instance.web.id}"
	skip_destroy = true
}
```

The issue here is that when we run a terraform destroy command, the volume tries to get detached from a running instance and goes into a non-responsive state. We would have to force_destroy the volume at that point and risk losing any data on it.

This PR introduces the idea of `skip_destroy` on a volume attachment. tl;dr:

We want the volume to be detached from the instane when the instance itself has been destroyed. This way the normal shut procedures will happen and protect the disk for attachment to another instance

Volume Attachment Tests:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVolumeAttachment_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 00:47:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVolumeAttachment_ -timeout 120m
=== RUN   TestAccAWSVolumeAttachment_basic
--- PASS: TestAccAWSVolumeAttachment_basic (133.49s)
=== RUN   TestAccAWSVolumeAttachment_skipDestroy
--- PASS: TestAccAWSVolumeAttachment_skipDestroy (119.64s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	253.158s
```

EBS Volume Tests:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 01:00:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN   TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (26.38s)
=== RUN   TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (26.86s)
=== RUN   TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (27.89s)
=== RUN   TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (26.88s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	108.032s
```

* Update volume_attachment.html.markdown
2016-11-02 15:29:37 +00:00
Martin Atkins 145bf42806 provider/aws: IAM policy document: normalize wildcard principals
There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:

- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}

The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.

This fixes #9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.

This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
2016-11-01 08:46:34 -07:00
Paul Stack aaece37ec9 provider/aws: Adding a datasource for aws_ebs_volume (#9753)
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN   TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN   TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
2016-11-01 14:15:31 +00:00
Krzysztof Wilczynski 6f02a2df55 provider/aws: Allow `active` state while waiting for the VPC Peering Connection. (#9754)
* Allow `active` state while waiting for the VPC Peering Connection.

This commit adds `active` as one of the valid states in which the VPC Peering
Connection can be when it being created.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add more valid states.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-11-01 09:51:46 +00:00
Paul Stack 98c385723c provider/aws: Fix aws_route53_record alias perpetual diff (#9704)
Fixes #9628
Fixes #9298

When a route53_record alias is updated in the console, AWS prepends
`dualstack.` to the name. This is there incase IPV6 is wanted. It is
exactly the same without it as it is with it

In order to stop perpetual diffs, I introduced a normalizeFunc that will
that tke alias name and strip known issues:

* dualstack
* trailing dot

This normalize fun will continue to grow I'm sure

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'                                         ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/29 00:28:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (124.64s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (132.07s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (134.07s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (113.36s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (112.62s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (162.84s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (126.18s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (121.10s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (118.14s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (155.07s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (235.41s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
^[[C--- PASS: TestAccAWSRoute53Record_geolocation_basic (125.32s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (122.23s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (231.98s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (116.48s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	2131.526s
```

Before this fix, I was getting the following by recreating the code in

```
~ aws_route53_record.alias
    alias.1563903989.evaluate_target_health: "true" => "false"
    alias.1563903989.name:                   "9828-recreation-106795730.us-west-2.elb.amazonaws.com." => ""
    alias.1563903989.zone_id:                "Z1H1FL5HABSF5" => ""
    alias.318754017.evaluate_target_health:  "" => "true"
    alias.318754017.name:                    "" => "9828-recreation-106795730.us-west-2.elb.amazonaws.com"
    alias.318754017.zone_id:                 "" => "Z1H1FL5HABSF5"

Plan: 0 to add, 1 to change, 0 to destroy.
```

After this fix:

```

No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
2016-10-31 19:18:00 +00:00
Anshul Sharma 6432bb546c Added AWS Resource WAF SqlInjectionMatchSet (#9709) 2016-10-31 17:51:47 +00:00
Paul Stack fdabf59380 provider/aws: Expose ARN suffix on ALB Target Group (#9734)
When creating a CloudWatch Metric for an Application Load Balancer Target Group  it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
2016-10-31 17:05:06 +00:00
Paul Stack ed49da8bb1 provider/aws: Add support for reference_name to aws_route53_health_check (#9737)
Fixes #8679

The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`

When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:

```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```

We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_'                              130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN   TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN   TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN   TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN   TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN   TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN   TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	132.568s
```
2016-10-31 16:00:40 +00:00
Clint f446f7f2be Merge pull request #9667 from hashicorp/b-aws-lambda-mutex
provider/aws: Limit AWS Lambda source uploads
2016-10-31 08:51:08 -05:00
Paul Stack 92f48ad243 provider/aws: Update aws_appautoscaling_target_test (#9736)
The update of the test was causing a test failure - it was setting
desired_count to 1 when miz_size was set to 2 - this was causing a
perpetual diff in the test
2016-10-31 10:40:35 +00:00
Paul Stack 3accd5485a provider/aws: Make iam_user_policy_attachment_test work as expected: (#9733)
Was failing due to using IAM user `test-name` as it was being used in
more than 1 place - this has been replaced by a random user and random
policy names now

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUserPolicyAttachment_basic'                                                                               2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 08:39:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUserPolicyAttachment_basic -timeout 120m
=== RUN   TestAccAWSUserPolicyAttachment_basic
--- PASS: TestAccAWSUserPolicyAttachment_basic (32.04s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	32.053s
```
2016-10-31 09:52:38 +00:00
Martin Atkins ea0bc04277 provider/aws: aws_ami: handle deletion of AMIs (#9721)
Previously this resource (and, by extension, the aws_ami_copy and
aws_ami_from_instance resources that share much of its implementation)
was handling correctly the case where an AMI had been recently
deregistered, and was thus still returned from the API, but not correctly
dealing with the situation where the AMI has been removed altogether.

Now we additionally handle the NotFound error returned by the API when
we request a non-existent AMI, and remove the AMI from the state in the
same way we do for deregistered AMIs.
2016-10-31 09:51:59 +00:00
Anshul Sharma 625e747359 Added AWS Resource WAF XssMatchSet (#9710) 2016-10-31 08:51:08 +00:00
Masayuki Morita eb1a58d966 Update doc: aws_iam_user with force_destroy deletes IAM User Login Profile (#9716)
refs: https://github.com/hashicorp/terraform/pull/9583
2016-10-29 16:20:18 +01:00
Clint 01e8bd1f70 provider/aws: Fix import of RouteTable with destination prefixes (#9686)
* add test failure

* provider/aws: Skip import of routes that contain destination prefix ids
2016-10-29 01:01:17 +02:00
Anshul Sharma cc8f11138f Added AWS Resource WAF SizeConstraintSet (#9689) 2016-10-29 00:58:37 +02:00
Andras Ferencz-Szabo 46cb7b4710 Allow underscores in IAM user and group names (#9684)
* Allow underscores in IAM user and group names

* Add notes to iam_user and iam_group docs that names are not distinguished by case
2016-10-28 14:40:04 +02:00
Anshul Sharma afc603c0f8 Added AWS Resource WAF ByteMatchSet (#9681) 2016-10-28 14:36:16 +02:00
Liam Bennett 8fee7642a9 New AWS resource `ssm_activation` (#9111)
Adding a new resource to support activation of managed instances for
on-premise virtual-machines.
2016-10-28 11:59:12 +02:00
Krzysztof Wilczynski a078b893d6 Add support for `AutoMinorVersionUpgrade` to aws_elasticache_replication_group resource. (#9657)
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-28 00:08:14 +01:00
clint shryock b33d605cb0 provider/aws: Limit AWS Lambda source uploads 2016-10-27 14:41:20 -05:00
Paul Stack de6b51f8f9 provider/aws: Refresh aws_autoscaling_schedule from state on 404 (#9659)
Fixes #9654

Before the fix, I created an ASG with a schedule on it. Went to the AWS
console and deleted the schedule. A terraform plan looked as follows:

```
% terraform plan
    See https://www.terraform.io/docs/internals/internal-plugins.html
    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but
    will not be persisted to local or remote state storage.

    aws_launch_configuration.foobar: Refreshing state... (ID:
    terraform-test-foobar5)
    aws_autoscaling_group.foobar: Refreshing state... (ID:
    terraform-test-foobar5)
    aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
    Error refreshing state: 1 error(s) occurred:

    * aws_autoscaling_schedule.foobar: Unable to find Autoscaling
    * Scheduled Action: []*autoscaling.ScheduledUpdateGroupAction(nil)
```

After the fix:

```
terraform plan                                                                                                                           1 ↵
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_launch_configuration.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_autoscaling_schedule.foobar
    arn:                    "<computed>"
    autoscaling_group_name: "terraform-test-foobar5"
    desired_capacity:       "0"
    end_time:               "2018-01-16T13:00:00Z"
    max_size:               "0"
    min_size:               "0"
    recurrence:             "<computed>"
    scheduled_action_name:  "foobar"
    start_time:             "2018-01-16T07:00:00Z"

Plan: 1 to add, 0 to change, 0 to destroy.
```

Tests run as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_'                                               2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 17:45:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_ -timeout 120m
=== RUN   TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (140.94s)
=== RUN   TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.17s)
=== RUN   TestAccAWSAutoscalingSchedule_recurrence
--- PASS: TestAccAWSAutoscalingSchedule_recurrence (186.72s)
=== RUN   TestAccAWSAutoscalingSchedule_zeroValues
--- PASS: TestAccAWSAutoscalingSchedule_zeroValues (167.73s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	674.530s
```
2016-10-27 18:39:15 +01:00
Mathieu Herbert 7f9baf7009 provider/aws: data source for AWS Security Group (#9604)
* provider/aws: data source for AWS Security Group

* provider/aws: add documentation  for data source for AWS Security Group

* provider/aws: data source for AWS Security Group (improve if condition and syntax)

* fix fmt
2016-10-27 18:17:58 +01:00
Kit Ewbank 3818720fd4 provider/aws: Data source to provides details about a specific AWS prefix list (#9566)
* Add AWS Prefix List data source.

AWS Prefix List data source acceptance test.

AWS Prefix List data source documentation.

* Improve error message when PL not matched.
2016-10-27 14:58:24 +01:00
Anshul Sharma bc42229b3d Added WAF ACL Resource (#8852) 2016-10-27 12:54:36 +01:00
stack72 b3a0145d8c
provider/aws: Fixing the acceptance test for ALB AccessLogs Enabling
toggle

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSALB_'
% ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 12:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (61.86s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (63.51s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (61.93s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (95.84s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (60.01s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (156.99s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws500.162s
```
2016-10-27 12:12:00 +01:00
stack72 54cca9b4fb
Merge branch 'master' of https://github.com/jvasallo/terraform into jvasallo-master 2016-10-27 11:00:48 +01:00
James Nugent 54e4deb3e3 provider/aws: Suceed deleting bucket policy on err (#9641)
If there is no bucket, a bucket policy can be counted as successfully
deleted.
2016-10-26 23:16:54 +01:00
Krzysztof Wilczynski 44614c6765 provider/aws: Validate regular expression passed via the `name_regex` attribute. (#9622)
* Clean-up for Go 1.7+ version.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Validate regular expression passed via the `name_regex` attribute.

This commit adds a simple ValidateFunc to check whether the regular
expression that was passed down via the `name_regex` attribute is valid.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-26 12:09:14 +01:00
James Nugent eb17741d26 Merge pull request #9605 from hashicorp/keybase-aws-login-profile
provider/aws: aws_iam_user_login_profile resource
2016-10-25 20:09:42 -05:00
dario-simonetti dbdaf20a19 provider/aws: fix aws_elasticache_replication_group for Redis in cluster mode (#9601)
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.

Changes:
 - Adds new output attribute `configuration_endpoint_address`. Only
   used in Redis when in cluster mode.
 - Read the `snapshot_window` and `snapshot_retention_limit` from
   the
   replication group description instead of the cache cluster
   description.
 - Adds acceptance test and modifies an existing acceptance test to
   make sure that everything is still good in non-cluster mode
 - Updates docs to describe new output attribute
2016-10-25 23:59:54 +01:00
James Nugent e5bda11a2d provider/aws: Add tests with bad keys
Add a test with a bad explicitly specified GPG key and a keybase user
(that we own) with no public keys.
2016-10-25 16:27:34 -05:00
James Nugent 2e046232a0 provider/aws: Add Login Profile acceptance tests 2016-10-25 16:16:57 -05:00
James Nugent e5fb6c9b23 provider/aws: Don't fail if login profile exists
If an IAM user already has a login profile, we bring it under management
- we will NOT modify it - but we cannot set the password.
2016-10-25 13:22:14 -05:00
James Nugent dba3ec2f5d provider/aws: Adhere to policy for login profiles
This commit modifies password generation such that it is highly likely
to match any AWS password policy.
2016-10-25 12:57:35 -05:00
James Nugent 513c2f9720 provider/aws: aws_iam_user_login_profile resource
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.

For example:

```
resource "aws_iam_user" "u" {
        name = "auser"
        path = "/"
        force_destroy = true
}

resource "aws_iam_user_login_profile" "u" {
        user = "${aws_iam_user.u.name}"
        pgp_key = "keybase:some_person_that_exists"
}

output "password" {
	value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```

The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:

```
terraform output password | base64 --decode | keybase pgp decrypt
```

Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
2016-10-25 12:08:50 -05:00
ddcprg 47e079b77b Support for Service Access Security Group 2016-10-25 16:55:09 +01:00
Ninir ef5ceb9681 Exposed aws_api_gw_domain_name.certificate_upload_date attribute (#9533) 2016-10-25 16:07:08 +01:00
Paul Stack c7935a0fd2 Merge pull request #9584 from hashicorp/aws-iam-group-name-validation
provider/aws: Add validation to IAM User and Group Name
2016-10-25 14:23:17 +01:00
Paul Stack df18307662 Merge pull request #9583 from hashicorp/aws-iam-delete-force_destroy
provider/aws: Delete Loging Profile from IAM User on force_destroy
2016-10-25 14:14:49 +01:00
stack72 79557bca80
provider/aws: Add validation to IAM User and Group Name
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...

Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html

Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN   TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN   TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws37.121s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'                                                                 ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	39.710s
```
2016-10-25 13:18:41 +01:00
stack72 2dcc6b8ef0
provider/aws: Delete Loging Profile from IAM User on force_destroy
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:

```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
    status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```

We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
2016-10-25 12:56:30 +01:00
Paul Stack a65dc539ac Merge pull request #9504 from hashicorp/aws-redshift-sng-tags
provider/aws: Add tagging support to aws_redshift_subnet_group
2016-10-25 11:48:16 +01:00
Clint 0c4526fbad Merge pull request #9561 from hashicorp/b-aws-vpc-endpoint-refresh
provider/aws: Remove VPC Endpoint from state if it's not found
2016-10-24 14:25:21 -05:00
clint shryock 85dd379974 provider/aws: Remove VPC Endpoint from state if it's not found 2016-10-24 14:17:58 -05:00
clint shryock c014dac279 provider/aws: Make associate_public_ip_address computed 2016-10-24 11:24:54 -05:00
stack72 52f2717bfb
provider/aws: Add tagging support to aws_redshift_subnet_group
Fixes #9492

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSubnetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/21 17:16:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftSubnetGroup_ -timeout 120m
=== RUN   TestAccAWSRedshiftSubnetGroup_importBasic
--- PASS: TestAccAWSRedshiftSubnetGroup_importBasic (86.54s)
=== RUN   TestAccAWSRedshiftSubnetGroup_basic
--- PASS: TestAccAWSRedshiftSubnetGroup_basic (85.50s)
=== RUN   TestAccAWSRedshiftSubnetGroup_updateSubnetIds
--- PASS: TestAccAWSRedshiftSubnetGroup_updateSubnetIds (140.01s)
=== RUN   TestAccAWSRedshiftSubnetGroup_tags
--- PASS: TestAccAWSRedshiftSubnetGroup_tags (136.02s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	448.075
```
2016-10-24 13:44:46 +01:00
Radek Simko eda1298e21 provider/aws: Increase ECS service drain timeout (#9521) 2016-10-22 14:16:59 +01:00
Clint dcbcde4b82 Merge pull request #8893 from dennis-bsi/fix-asg-policy-to-0
provider/aws: aws_autoscaling_policy fails when setting scaling_adjustment to 0 for SimpleScaling
2016-10-21 16:17:16 -05:00
Clint 6f7e9ac4dd Merge pull request #9511 from dennis-bsi/aws-redshift-sng-name-validation
provider/aws: limiting aws_redshift_subnet_group name to alphanumeric and hyphens
2016-10-21 14:35:53 -05:00
Clint 88925eb939 Merge pull request #9515 from dennis-bsi/aws-redshift-sng-description-update
provider/aws: aws_redshift_subnet_group allows description to be modified
2016-10-21 14:32:34 -05:00
Dennis Webb dac69b7919 fixing issue where changing only the description only didn't actually update on AWS 2016-10-21 12:14:41 -05:00
Clint 34b21083ee Merge pull request #8983 from 987poiuytrewq/b-aws-beanstalk-option-updates
provider/aws: fix option updates to beanstalk
2016-10-21 11:43:43 -05:00
clint shryock 3fbf01ea1b provider/aws: Bump AWS Route retry to 2 minutes, up from 15 seconds 2016-10-21 11:36:51 -05:00
Dennis Webb 05783ca044 limiting subnetgroup name to alphanumeric and hyphens 2016-10-21 11:28:48 -05:00
Paul Stack 7d7da4b6b6 Merge pull request #9456 from kwilczynski/feature/rename-file-aws_availability_zones
provider/aws: Rename the file to match the naming scheme.
2016-10-21 14:38:03 +04:00
clint shryock aa9c420586 slight rename and sorting of test 2016-10-20 16:16:01 -05:00
Clint e6c2b7f19c Merge pull request #9357 from mrwacky42/f/vpce-empty-rtb
Allow empty route_table_ids list in aws_vpc_endpoint resources
2016-10-20 16:13:06 -05:00
Krzysztof Wilczynski 219efaa64f
Rename the file to match the naming scheme.
This commit is a maintenance change aimed at aligning file names so that they
fall in line with the established naming convention.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-19 16:34:35 +01:00
Clint 7b9e58423c Merge pull request #9453 from tomwilkie/8187-import-associate_public_ip_address
Infer aws_instance.associate_public_ip_address from the presence of a network interface association.
2016-10-19 10:24:34 -05:00