Commit Graph

2817 Commits

Author SHA1 Message Date
Radek Simko e356f27db6
aws: Add elb_account_id data source 2016-08-16 11:36:58 +01:00
James Nugent 90bdaef197 Merge pull request #8206 from hashicorp/f-aws-account-id
provider/aws: Add aws_account_id data source
2016-08-16 05:33:32 -05:00
James Nugent 3e14f56a96 provider/aws: Add aws_caller_identity data source
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.

This will need revisiting and further testing once the work for
AssumeRole is integrated.
2016-08-16 11:24:26 +01:00
stack72 f9e86a52cf
provider/aws: Change paginated test to use the correct configuration block 2016-08-16 08:40:14 +01:00
stack72 2e454181fc
Merge branch 'paginate_roles' of https://github.com/stripe/terraform into stripe-paginate_roles 2016-08-16 07:51:44 +01:00
raylu f1fdffc552
provider/aws: Test for policy attachment pagination 2016-08-15 13:48:42 -07:00
Paul Stack 2c68808309 provider/aws: Defensively code around `db_security_group` ingress rules (#7893)
Fixes #7812

All of the options of `aws_db_security_group` ingress rules are
optional. Therefore, when one of them isn't set (and AWS doesn't
calculate the value), Terraform threw a panic

This commit just defensively codes around this fact. It checks to make
sure there is a value returned from the API before adding it to the map

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSDBSecurityGroup_basic
--- PASS: TestAccAWSDBSecurityGroup_basic (38.66s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    38.682s
```
2016-08-15 21:45:23 +01:00
raylu a99aaa5e85
provider/aws: Query all pages of policy attachment
This does not fix groups and users with more than 100 policies attached
2016-08-15 12:49:09 -07:00
Srikalyan Swayampakula 2aa28c34ca Not Error out on AWS Lambda VPC config if both subnet_ids and security_group_ids are empty. (#6191)
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
2016-08-15 17:52:42 +01:00
Paul Stack 73b10c8186 provider/aws: `aws_security_group` now creates tags as early as possible (#7849)
in the process

Fixes #7577

7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.

The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN   TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN   TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN   TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN   TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN   TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN   TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN   TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN   TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN   TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN   TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN   TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN   TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN   TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN   TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN   TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
2016-08-15 15:11:52 +01:00
Krzysztof Wilczynski e943851429 Add ability to set Storage Class in aws_s3_bucket_object. (#8174)
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-15 07:30:47 +01:00
Alexander Zhukau bd22a4f65a provider/aws: allow numeric characters in RedshiftClusterDbName (#8178) 2016-08-14 21:57:44 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
Krzysztof Wilczynski 168d212e77 Fix. Correct how CORS rules are handled. (#8096)
This commit fixes an issue where CORS rules would not be read and thus refreshed
correctly should there be a change introduced externally e.g. CORS configuration
was edited outside of Terraform.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-12 13:14:48 +10:00
Linda Xu 45c5675c8e add Aurora instance failover priority feature (#8087)
* add Aurora instance failover priority feature

* promotion_tier move to input directly

* fix format issue
2016-08-12 07:51:25 +10:00
James Nugent 21d1ac41fa Merge branch 'd-update-aws-sdk' 2016-08-11 12:52:35 -04:00
Raphael Randschau 66a14cb3b7 provider/aws: Re-implement api gateway parameter handling (#7794)
* provider/aws: Re-implement api gateway parameter handling

this PR cleans up some left overs from PR #4295, namely the parameter handling.

now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.

* Add deprecation message and conflictsWith settings

following @radeksimko s advice, keeping the old code around with a deprecation
warning.

this should be cleaned up in a few releases

* provider/aws: fix missing append operation

* provider/aws: mark old parameters clearly as deprecated

* provider/aws work around #8104

following @radeksimko s lead

* provider/aws fix cnp error
2016-08-11 11:49:58 +01:00
stack72 313ec1252c
Merge branch 'master' of github.com:hashicorp/terraform 2016-08-11 15:15:51 +12:00
stack72 ec3e442f26
provider/aws: change the test to be us-west-2a 2016-08-11 15:15:23 +12:00
stack72 cdda4d76d4
Merge branch '5637-conflict-resolution' of https://github.com/Ticketmaster/terraform into Ticketmaster-5637-conflict-resolution 2016-08-11 11:23:04 +12:00
Clint c9de6a4173 provider/aws: Change a few policy test docs to use heredoc format, to prevent regressions (#8118) 2016-08-10 15:34:38 -05:00
Kraig Amador 742089f10c Fixing the certs, test now passes 2016-08-10 13:31:36 -07:00
Radek Simko 0e1bccafed
aws: Let acc ID validation fail when we have no ID
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
2016-08-10 17:30:49 +01:00
Clint 3fc119923e Revert "provider/aws: Added the ability to import aws_iam_role's" (#8112) 2016-08-10 11:18:03 -05:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Radek Simko 2073e80c66
aws/config: Shortened conditions [cleanup] 2016-08-10 15:25:16 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
Krzysztof Wilczynski f5b46b80e7 Add ability to set canned ACL in aws_s3_bucket_object. (#8091)
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-10 16:05:39 +12:00
Kraig Amador 6c2949fdac Added aws_iam_role import. Now that we read the assume_role_policy it highlights all of the tests that change this, so I've fixed a bunch of those while i'm in here. (#7617) 2016-08-10 12:16:59 +12:00
Chris Marchesi 41c23b2f04 provider/aws: Various IAM policy normalizations for IAM data source (#6956)
* Various string slices are sorted and truncated to strings if they
   only contain one element.
 * Sids are now included if they are empty.

This is to ensure what is sent to AWS matches what comes back, to
prevent recurring diffs even when the policy has changed.
2016-08-10 12:06:38 +12:00
Krzysztof Wilczynski 92d75b263c Add ability to set Requests Payer in aws_s3_bucket. (#8065)
Any S3 Bucket owner may wish to share data but not incur charges associated
with others accessing the data. This commit adds an optional "request_payer"
attribute to the aws_s3_bucket resource so that the owner of the S3 bucket can
specify who should bear the cost of Amazon S3 data transfer.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-10 11:01:17 +12:00
Mosley, Franklin 4d55b8e9ea Corrected printf verb of wrong type
Corrected printf verb by changing it from a string type to an int type.
2016-08-09 15:29:50 -07:00
Mosley, Franklin 6d7933b41a Added tests for expandPolicyAttributes/flattenPolicyAttributes 2016-08-09 15:29:50 -07:00
Mosley, Franklin eb0cd14f41 Changed `attribute` argument to be optional.
Changed the `attribute` argument of the resource to be optional vs.
required.
2016-08-09 15:29:50 -07:00
Mosley, Franklin a6de088375 Add new resource aws_lb_ssl_negotiation_policy
Added new resource to create an AWS ELB SSL negotiation policy, and an
acceptance test.
2016-08-09 15:29:13 -07:00
Clint 22684200b5 provider/aws: Fix line ending errors/diffs with IAM Server Certs (#8074)
* provider/aws: Failing IAM Server Cert test with windows line endings

* provider/aws: Fix IAM Server Cert issue with line encodings
2016-08-09 14:19:12 -05:00
Martin Atkins c6e8662838 Merge #7984: Data sources for AWS and Fastly IP address ranges 2016-08-09 09:53:05 -07:00
Joern Barthel 8ea400b442 Added tests. 2016-08-09 14:42:19 +02:00
Joern Barthel d0278ecf0f Normalize sets, don’t check for missing services. 2016-08-09 14:42:09 +02:00
stack72 ec310754cd
provider/aws: Add the documentation for the new * resources to the ERB layout 2016-08-09 15:43:02 +12:00
stack72 f5714ab5a9
Merge branch 'ewdurbin-elb_backend_auth' 2016-08-09 15:13:08 +12:00
stack72 c39bad01a1
provider/aws: Changing the region that * tests run against 2016-08-09 15:11:49 +12:00
stack72 1a0b2971dd
Merge branch 'elb_backend_auth' of https://github.com/ewdurbin/terraform into ewdurbin-elb_backend_auth 2016-08-09 14:08:28 +12:00
James Nugent 6ddb8f5975 provider/aws: session.New -> session.NewSession()
Version 1.3.1 deprecates use of `session.New()` in favour of
`session.NewSession()`, which also returns an error. This commit updates
the various call sites previously making use of `session.New()`.
2016-08-08 17:57:35 -05:00
Kevin Crawley 58a01f2fd5 #8051 :: bumped aws_rds_cluster timeout to 40 minutes (#8052) 2016-08-08 21:23:21 +01:00
stack72 fae6fcd399
Merge branch 'aurora_enhanced_rule' of https://github.com/Ticketmaster/terraform 2016-08-09 08:14:35 +12:00
Linda Xu a6d7980280 fix testAccAWSClusterInstanceEnhancedMonitor function 2016-08-08 01:15:22 -07:00
Paul Stack 2c5112ee2e provider/aws: `aws_s3_bucket` acceleration_status not available in china (#7999)
or us-gov

Fixes #7969

`acceleration_status` is not available in China or US-Gov data centers.
Even querying for this will give the following:

```
Error refreshing state: 1 error(s) occurred:

2016/08/04 13:58:52 [DEBUG] plugin: waiting for all plugin processes to
complete...
* aws_s3_bucket.registry_cn: UnsupportedArgument: The request contained
* an unsupported argument.
        status code: 400, request id: F74BA6AA0985B103
```

We are going to stop any Read calls for acceleration status from these
data centers

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSS3Bucket_'                                  ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSS3Bucket_
-timeout 120m
=== RUN   TestAccAWSS3Bucket_Notification
--- PASS: TestAccAWSS3Bucket_Notification (409.46s)
=== RUN   TestAccAWSS3Bucket_NotificationWithoutFilter
--- PASS: TestAccAWSS3Bucket_NotificationWithoutFilter (166.84s)
=== RUN   TestAccAWSS3Bucket_basic
--- PASS: TestAccAWSS3Bucket_basic (133.48s)
=== RUN   TestAccAWSS3Bucket_acceleration
--- PASS: TestAccAWSS3Bucket_acceleration (282.06s)
=== RUN   TestAccAWSS3Bucket_Policy
--- PASS: TestAccAWSS3Bucket_Policy (332.14s)
=== RUN   TestAccAWSS3Bucket_UpdateAcl
--- PASS: TestAccAWSS3Bucket_UpdateAcl (225.96s)
=== RUN   TestAccAWSS3Bucket_Website_Simple
--- PASS: TestAccAWSS3Bucket_Website_Simple (358.15s)
=== RUN   TestAccAWSS3Bucket_WebsiteRedirect
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (380.38s)
=== RUN   TestAccAWSS3Bucket_WebsiteRoutingRules
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (258.29s)
=== RUN   TestAccAWSS3Bucket_shouldFailNotFound
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (92.24s)
=== RUN   TestAccAWSS3Bucket_Versioning
--- PASS: TestAccAWSS3Bucket_Versioning (654.19s)
=== RUN   TestAccAWSS3Bucket_Cors
--- PASS: TestAccAWSS3Bucket_Cors (143.58s)
=== RUN   TestAccAWSS3Bucket_Logging
--- PASS: TestAccAWSS3Bucket_Logging (249.79s)
=== RUN   TestAccAWSS3Bucket_Lifecycle
--- PASS: TestAccAWSS3Bucket_Lifecycle (259.87s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
3946.464s
```

thanks to @kwilczynski and @radeksimko for the research on how to handle the generic
errors here

Running these over a 4G tethering connection has been painful :)
2016-08-08 08:05:54 +01:00
Linda Xu a5f3deb7ec Aurora Enhanced monitoring support 2016-08-07 23:43:47 -07:00