The Triton CLI tools have been using TRITON_* as their configuration
environment variables for some time now. This commit makes Terraform use
them in preference to any SDC_* variables set, and allows Terraform to
work with the credentials set by the `triton env` in the CLI.
We can only ever have 5 cloudtrails in an AWS account so we want to make
sure we run these tests serially to make sure we don't exhaust limits
and get non-deterministic failures
* Make dnsimple_records importable
terraform 0.7 supports importing a resource into the local state, and
this adds that feature to the dnsimple_record resource.
Unfortunately, the DNSimple v1 API requires a domain name and record ID
to fetch a record, so the import command accepts both pieces of data as
a slash-delimted string like so:
terraform import dnsimple_record.test example.com/1234
* add an acceptance test for importing a dnsimple_record
This parameter is being validated using the wrong validation function, which means that we are incorrectly disallowing a `name_prefix` value ending with a dash.
Fixes: #13173
We now tag at instance creation and introduced `volume_tags` that can be
set so that all devices created on instance creation will receive those
tags
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTags' 2 ↵ ✚ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/26 06:30:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTags -timeout 120m
=== RUN TestAccAWSInstance_volumeTags
--- PASS: TestAccAWSInstance_volumeTags (214.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 214.332s
```
As a follow up to #13844, this pull request sorts the AMIs and snapshots returned from the aws_ami_ids and aws_ebs_snapshot_ids data sources, respectively.
Previously we were letting it get implicitly created as part of making
the structure for copying in each file, but that isn't sufficient if the
source directory is empty.
By explicitly creating the directory first we ensure that it will complete
successfully even in the case of an empty directory.
When an error is passed, the FileInfo can be nil, which was previously
causing a crash on trying to evaluate f.IsDir(). By checking for an error
first we avoid this crash.
When TerraForm is used to configure and deploy infrastructure
applications that require dozens templated files, such as Kubernetes, it
becomes extremely burdensome to template them individually: each of them
requires a data source block as well as an upload/export (file
provisioner, AWS S3, ...).
Instead, this commit introduces a mean to template an entire folder of
files (recursively), that can then be treated as a whole by any provider
or provisioner that support directory inputs (such as the
file provisioner, the archive provider, ...).
This does not intend to make TerraForm a full-fledged templating system
as the templating grammar and capabilities are left unchanged. This only
aims at improving the user-experience of the existing templating
provider by significantly reducing the overhead when several files are
to be generated - without forcing the users to rely on external tools
when these templates stay simple and that their generation in TerraForm
is justified.
This is the minimal amount of work needed to be able to create a list of a subset of subnet IDs in a VPC, allowing people to loop through them easily when creating EC2 instances or provide a list straight to an ELB.
Fixes: #13588
It was pointed out in #13588 that we don't need to ForceNew on a change
of IPv6 CIDR block. The logic I decided to implement here was to
disassociate then associate. We should only be able to be associated to
1 IPv6 CIDR block at once. This feels like a risky move. We can
disassociate and then error on the associate. This would leave us in a
situation where we have no IPv6 CIDR block associated
The alternative here would be that the failure of association, triggers
a reassociation with the old IPv6 CIDR block
I added a test to make sure that the subnet Ids don't change as the ipv6
block changes. Before removing the ForceNew from the ipv6_cidr_block,
the test results in the following:
```
=== RUN TestAccAWSSubnet_ipv6
--- FAIL: TestAccAWSSubnet_ipv6 (92.09s)
resource_aws_subnet_test.go:105: Expected SubnetIDs not to change, but both got before: subnet-0d2b6a6a and after: subnet-742c6d13
```
After the removal of ForceNew, the test result looks as follows:
```
=== RUN TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (188.34s)
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSubnet_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/24 21:26:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSubnet_ -timeout 120m
=== RUN TestAccAWSSubnet_importBasic
--- PASS: TestAccAWSSubnet_importBasic (85.63s)
=== RUN TestAccAWSSubnet_basic
--- PASS: TestAccAWSSubnet_basic (80.28s)
=== RUN TestAccAWSSubnet_ipv6
--- PASS: TestAccAWSSubnet_ipv6 (188.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 354.283s
```
Many apps deployed to Heroku require that multiple buildpacks be
configured in a particular order to operate correctly.
This updates the builtin Heroku provider's app resource to support
configuring buildpacks and the related documentation in the website.
Similar to config vars, externally set buildpacks will not be altered if
the config is not set.
Fixes: #13829
When IPv6 support was added to subnets, we added a new parameter that
had a default value. This means that users are experiencing unexpected
changes in their configuration
We need a schema migration in place to make sure this isn't the case for
the users who have not upgraded yet
```
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/23 10:36:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSSubnetMigrateState -timeout 120m
=== RUN TestAWSSubnetMigrateState
2017/04/23 10:37:27 [INFO] Found AWS Subnet State v0; migrating to v1
2017/04/23 10:37:27 [DEBUG] Attributes before migration: map[string]string{}
2017/04/23 10:37:27 [DEBUG] Attributes after migration: map[string]string{"assign_ipv6_address_on_creation":"false"}
--- PASS: TestAWSSubnetMigrateState (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.021s
```
Here we add a basic provider with a single resource type.
It's copied heavily from the `github` provider and `github_repository`
resource, as there is some overlap in those types/apis.
~~~
resource "gitlab_project" "test1" {
name = "test1"
visibility_level = "public"
}
~~~
We implement in terms of the
[go-gitlab](https://github.com/xanzy/go-gitlab) library, which provides
a wrapping of the [gitlab api](https://docs.gitlab.com/ee/api/)
We have been a little selective in the properties we surface for the
project resource, as not all properties are very instructive.
Notable is the removal of the `public` bool as the `visibility_level`
will take precedent if both are supplied which leads to confusing
interactions if they disagree.
The conditional to ignore the deletion of NS and SOA records can fail to
match if the hostedZoneName already ends with a ".". When that happens,
terraform tries to delete those records which is not supported by AWS
and results in a 400 bad request. This fixes the conditional so that it
will work whether or not hostedZoneName ends with a ".".
fixes#12407
Fix issue with an instances label causing a ForceNew if omitted.
Also updates mistyped docs for the `opc_compute_security_list` resource.
```
$ make testacc TEST=./builtin/providers/opc TESTARGS="-run=TestAccOPCInstance_emptyLabel"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/21 09:57:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/opc -v -run=TestAccOPCInstance_emptyLabel -timeout 120m
=== RUN TestAccOPCInstance_emptyLabel
--- PASS: TestAccOPCInstance_emptyLabel (574.79s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/opc 574.835s
```
* Fix invalid MIME formatting in multipart cloudinit userdata
Per https://tools.ietf.org/html/rfc822#appendix-B.2, MIME headers and Body need to be separated by two new lines (or CRLFs in this case).
The email parser in python can handle this which is what cloud-init uses but this bug causes problems if you try to parse the multipart message by languages other than python.
* Fix test cases
Included in this fix:
1) No crash
2) Debug log indicates problem, otherwise unsupported outputs are ignored
3) String, bool and int outputs are supported
4) Documentation indicates these limitations
What is not included:
5) Array, object, securestring, secureobject still not supported
Fixes: #13805
Before the fix:
```
Error refreshing state: 1 error(s) occurred:
* logentries_logset.logset: logentries_logset.logset: No such log set with key 278e7344-1201-43ba-9804-77b9a72fe7d6
```
After the fix:
```
% terraform plan ✚ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-logentries overrides an internal plugin for logentries-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
logentries_logset.logset: Refreshing state... (ID: 278e7344-...a72fe7d6)
logentries_log.log: Refreshing state... (ID: 2ae1e8ae-...e932d25c)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ logentries_log.log
logset_id: "${logentries_logset.logset.id}"
name: "test-log"
retention_period: "ACCOUNT_DEFAULT"
source: "token"
token: "<computed>"
+ logentries_logset.logset
location: "nonlocation"
name: "testing-terraform-destroy"
Plan: 2 to add, 0 to change, 0 to destroy.
```
Test Run:
```
% make testacc TEST=./builtin/providers/logentries ✚ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/20 20:36:20 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/logentries -v -timeout 120m
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN TestAccLogentriesLog_Token
--- PASS: TestAccLogentriesLog_Token (39.03s)
=== RUN TestAccLogentriesLog_SourceApi
--- PASS: TestAccLogentriesLog_SourceApi (28.46s)
=== RUN TestAccLogentriesLog_SourceAgent
--- PASS: TestAccLogentriesLog_SourceAgent (6.19s)
=== RUN TestAccLogentriesLog_RetentionPeriod1M
--- PASS: TestAccLogentriesLog_RetentionPeriod1M (3.04s)
=== RUN TestAccLogentriesLog_RetentionPeriodAccountDefault
--- PASS: TestAccLogentriesLog_RetentionPeriodAccountDefault (2.71s)
=== RUN TestAccLogentriesLog_RetentionPeriodAccountUnlimited
--- PASS: TestAccLogentriesLog_RetentionPeriodAccountUnlimited (2.65s)
=== RUN TestAccLogentriesLogSet_Basic
--- PASS: TestAccLogentriesLogSet_Basic (1.54s)
=== RUN TestAccLogentriesLogSet_NoLocation
--- PASS: TestAccLogentriesLogSet_NoLocation (1.54s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/logentries 85.177s
```
Moving the transformer wholesale looks like it broke some tests, with
some actually doing legit work in normalizing singular resources from a
foo.0 notation to just foo.
Adjusted the TestPlanGraphBuilder to account for the extra
meta.count-boundary nodes in the graph output now, as well as added
another context test that tests this case. It appears the issue happens
during validate, as this is where the state can be altered to a broken
state if things are not properly transformed in the plan graph.
This fixes interpolation issues on grandchild data sources that have
multiple instances (ie: counts). For example, baz depends on bar, which
depends on foo.
In this instance, after an initial TF run is done and state is saved,
the next refresh/plan is not properly transformed, and instead of the
graph/state coming through as data.x.bar.0, it comes through as
data.x.bar. This breaks interpolations that rely on splat operators -
ie: data.x.bar.*.out.
Fixes validation errors in GovCloud when passing a KMS ARN for
`kms_key_id` in `s3_bucket_object` and `db_instance`.
The region is `us-gov-west-1` which breaks the regexp. Just added the
optional `gov-` in the right place.
Wait for instance to be in STOPPED or RUNNING state before invoking
AllocatePublicIP API.
* provider/alicloud: Wait for instance state before allocate public ip
* provider/alicloud: Fix test `TestAccAlicloudInstance_associatePublicIP`
* provider/alicloud: Update alicloud_instance document
Fixes: #13267
* Ensuring we base64 decode the custom data if it's base64 encoded
* Import support for VM Scale Sets
* Updating the docs to mention Import support
* Fixes#13009, where the SSH Keys would be set at the incorrect index
(leaving a null entry at the start, causing a crash on the second apply)
* Adding tests to cover the updating use-case
* Adding an import linux test
* Storing the base64 encoded value
Making custom_data a force new, since it an't be updated
* Updating the docs
* provider/openstack: Expose LogRoundTripper fields externally
* state/remote/swift: Add support for debugging Openstack calls using
OS_DEBUG env variable.
* provider/openstack: Update LogRoundTripper to log headers aswell as body.
* Add `RedactHeaders` function in order to redact sensitive http Headers.
Refactor `logRequest` and `logResponse` to use `RedactHeaders` func.
* Add an option to skip getting the EC2 platforms
Even through this call fails silently in case of an error (usually lack of rights), it’s still a pretty extensive call.
In our region (eu-west-1) this can take up to 3 seconds. And since we have a system that involves doing much planning with the option `-refresh=false` these additional 3 seconds are really very annoying and totally not needed.
So being able to choose to skip them would make our lives a little better 😉
* Update the docs accordingly
This commit adds the ability to provision files locally.
This is useful for cases where TerraForm generates assets
such as TLS certificates or templated documents that need
to be saved locally.
- While output variables can be used to return values to
the user, it is not extremly suitable for large content or
when many of these are generated, nor is it practical for
operators to manually save them on disk.
- While `local-exec` could be used with an `echo`, this
provider works across platforms and do not require any
convoluted escaping.
* first version of this datasource
* add network and subnetwork datasource and documentation
* modify sidebar reference in documentation
* fix elements after review on network and subnetwork datasources
* fix fmt on Google provider.go
* modify code with the review
* modify documentation layout order
* fix alphabetic order in provider.go
* fix rebase issue and documentation datasource => data
* add check destroy to subnet data source tests
* provider/aws: Fix TestAccAWSElasticacheCluster_snapshotsWithUpdates by waiting for snapshots
* provider/aws: Fix TestAccAWSRDSCluster_takeFinalSnapshot
* provider/aws: Fix TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates by specifying instance type
* provider/openstack: Handle 409 Errors Upon Security Group Deletion
If a security group is currently in use, it will throw a 409 error.
This commit catches the 409, allowing other resources to finish
deleting.
* Update openstack_networking_port_v2 resource to pass empty arrays for AllowedAddressPairs and SecurityGroups if not specified. Fixes#13531
* provider/openstack: Port Update comment
The version we were using has been deprecated and is no longer
available, making the withVersion test no longer pass. I've bumped it to
the latest available version.
* provider/aws: Add failing test for EMR Bootstrap Actions
* aws_emr_cluster: Fix bootstrap action parameter ordering
* provider/aws: Fix EMR Bootstrap arguments
* provider/aws: Args needs to be ForceNew, because we can't update them
When a record was manually deleted from the console, we got an error
saying 404 Record Not Found
//cc @weppos
This PR now handles the usecase:
```
% make testacc TEST=./builtin/providers/dnsimple
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/28 21:48:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/dnsimple -v -timeout 120m
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN TestAccDNSimpleRecord_Basic
--- PASS: TestAccDNSimpleRecord_Basic (1.81s)
=== RUN TestAccDNSimpleRecord_CreateMxWithPriority
--- PASS: TestAccDNSimpleRecord_CreateMxWithPriority (1.32s)
=== RUN TestAccDNSimpleRecord_Updated
--- PASS: TestAccDNSimpleRecord_Updated (4.46s)
=== RUN TestAccDNSimpleRecord_disappears
--- PASS: TestAccDNSimpleRecord_disappears (1.20s)
=== RUN TestAccDNSimpleRecord_UpdatedMx
--- PASS: TestAccDNSimpleRecord_UpdatedMx (2.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/dnsimple 11.723s
```
Fixes an uncaught panic during an interface cast in the `template_cloudinit_config` data source.
Fixes: #13572
```
$ make test TEST=./builtin/providers/template TESTARGS="-v -run=TestRender_handlePanic"
==> Checking that code complies with gofmt requirements...
==> Checking AWS provider for unchecked errors...
==> NOTE: at this time we only look for uncheck errors in the AWS package
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/12 10:46:33 Generated command/internal_plugin_list.go
go test -i ./builtin/providers/template || exit 1
echo ./builtin/providers/template | \
xargs -t -n4 go test -v -run=TestRender_handlePanic -timeout=60s -parallel=4
go test -v -run=TestRender_handlePanic -timeout=60s -parallel=4 ./builtin/providers/template
=== RUN TestRender_handlePanic
--- PASS: TestRender_handlePanic (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/template 0.028s
```
Adds import capability to the `aws_codecommit_repository` resource.
Also fixes an issue in the Read function where both `description` and `resource_name` attributes weren't being updated and set in the Schema.
Fixes: #13559
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSCodeCommitRepository"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/12 10:14:44 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCodeCommitRepository -timeout 120m
=== RUN TestAccAWSCodeCommitRepository_importBasic
--- PASS: TestAccAWSCodeCommitRepository_importBasic (16.11s)
=== RUN TestAccAWSCodeCommitRepository_basic
--- PASS: TestAccAWSCodeCommitRepository_basic (14.97s)
=== RUN TestAccAWSCodeCommitRepository_withChanges
--- PASS: TestAccAWSCodeCommitRepository_withChanges (26.71s)
=== RUN TestAccAWSCodeCommitRepository_create_default_branch
--- PASS: TestAccAWSCodeCommitRepository_create_default_branch (14.34s)
=== RUN TestAccAWSCodeCommitRepository_create_and_update_default_branch
--- PASS: TestAccAWSCodeCommitRepository_create_and_update_default_branch (27.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 100.071s
```
When creating an `aws_route_table`, if a `route` configuration block is left `nil`, Terraform would previously panic. This allows Terraform to catch a faulty interface conversion during the resource create. The resource will still fail to apply, however, since every item in the `route` element is `Optional` we cannot currently catch this error during plan time, via validation.
Fixes: #13545
* Add schema_version as computed ssm document attribute
* Update the SSM document itself if the content has changed and it has a schema >= 2.0
* Add default_version as DocumentVersion in SSM doc update
* Acceptance test for updating an SSM document
* Better error handling in updating SSM documents
* Add SSM document update documentation
* Better names for SSM input params
Launch permissions are implicitly nuked if an AMI is removed for any
reason - Terraform should not error on refresh in this case, but rather
just see the launch permissions as gone and react appropriately.
The acctests depend on getting a particular result back from resolving
www.hashicorp.com, which seems to have changed. In the long run we should
probably *not* be depending on the DNS configuration of the main Hashicorp
website, but this is just a quick fix to get the build back to green so
we can continue work on other things.
* provider/aws: Fixed DynamoDB GSI update when using multiple indexes
* provider/aws: Fixed DynamoDB GSI set hash function
* Added DynamoDB table state migration