Commit Graph

94 Commits

Author SHA1 Message Date
stevehorsfield 03c2c4408f Add support for 'prefix_list_ids' to AWS VPC security group rules
Prefix list IDs are used when allowing egress to an AWS VPC Endpoint.

See http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html#vpc-endpoints-routing
2016-06-30 15:48:27 -07:00
Mitchell Hashimoto 84fa3e5c9e
providers/aws: security group import 2016-05-11 13:02:36 -07:00
clint shryock e98d7d706f provider/aws: Convert protocols to standard format for Security Groups
Convert network protocols to their names for keys/state, fixing issue(s) when
using them interchangeably.
2016-03-28 10:32:39 -05:00
Clint 99ddea503d Merge pull request #5495 from nicolai86/bugfix/aws_security_group-protocol-case-sensitivity
provider/aws Always transform aws_security_group protocol to lower case
2016-03-10 09:34:55 -06:00
Clint 239b3e4f5f Merge pull request #5533 from hashicorp/pr-5184
provider/aws: Fix EC2 Classic SG Rule issue
2016-03-10 08:56:29 -06:00
Paul Hinze 108ccf0007 builtin: Refactor resource.Retry to clarify return
Change the `RetryFunc` from a plain `error` return type to a
specialized `RetryError` which must decide whether it is
retryable or not.

Add `RetryableError` / `NonRetryableError` factory functions that
callers are meant to use to build up these errors.

This makes it eminently clear whether or not a given error is
retryable from inside the client code.

Goal here is to _not_ change any behavior, simply reflect the
existing behavior with the new, clearer, API.
2016-03-09 17:37:56 -06:00
ephemeralsnow 54cb5ffe00 provider/aws: Fix EC2 Classic SG Rule issue
Fixes an issue where security groups would fail to update after applying an
initial security_group, because we were improperly saving the id of the group
and not the name (EC2 Classic only).

This is a PR combining https://github.com/hashicorp/terraform/pull/4983 and
https://github.com/hashicorp/terraform/pull/5184 . It's majority
@ephemeralsnow's work.
2016-03-09 09:51:41 -06:00
Raphael Randschau 2c698d2cb0 Always transform aws_security_group protocol to lower case
fixes #5489
2016-03-07 22:40:29 +01:00
clint shryock 280054a387 provider/aws: Security Rules drift and sorting changes
This commit adds failing tests to demonstrate the problem presented with AWS
aggregating the security group rules
2016-02-19 16:51:08 -06:00
Trevor Pounds 0cd0ff0f8e Use built-in schema.HashString. 2016-02-07 16:29:34 -08:00
Clint 0f2f9da2fd Merge pull request #4779 from hashicorp/aws-sg-drift-fix
provider/aws: Fix issue with detecting drift in AWS Security Groups rules
2016-01-25 16:35:43 -06:00
clint shryock 7462eb1742 provider/aws: Fix issue with detecting drift in AWS Security Groups in-line rules 2016-01-21 11:21:25 -06:00
Ian Duffy 47ac10d66b Change resource.StateChangeConf to use an array for target states
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-01-21 01:20:41 +00:00
James Nugent 8e538b68ec Fix errors with gofmt compliance 2015-12-17 12:35:19 -05:00
stack72 6817e0d144 Adding the ability to generate a securitygroup name-prefix 2015-12-04 09:21:08 -05:00
Clint Shryock 0c2f189d08 provider/aws: Update to aws-sdk 0.9.0 rc1 2015-08-17 13:27:16 -05:00
Clint Shryock 579ccbefea provider/aws: Update source to comply with upstream breaking change 2015-07-28 15:29:46 -05:00
Radek Simko 4525119a57 provider/aws: Add validation for aws_security_group (name+description) 2015-06-26 15:10:04 +01:00
Paul Hinze b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Paul Hinze 31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Clint Shryock f7b6b6b2b5 Strip 'sdk' suffix from methods; it's a remnant 2015-05-12 14:58:10 -05:00
Radek Simko 754bcd8307 Increase subnet & security group deletion timeout (2 -> 5 mins)
- this should prevent DependencyViolation errors while waiting for larger ASGs to shut down
2015-05-09 22:18:04 +01:00
Paul Hinze a28267b886 provider/aws: SG description should be ForceNew
Description cannot be handled in Update (there is no ModifySecurityGroup
API call), so we have to recreate to change the description.

Closes #1870
2015-05-08 12:16:54 -05:00
Clint Shryock 70984526a4 Merge remote-tracking branch 'ctiwald/ct/fix-protocol-problem'
* ctiwald/ct/fix-protocol-problem:
  aws: Document the odd protocol = "-1" behavior in security groups.
  aws: Fixup structure_test to handle new expandIPPerms behavior.
  aws: Add security group acceptance tests for protocol -1 fixes.
  aws: error on expndIPPerms(...) if our ports and protocol conflict.
2015-05-07 17:13:21 -05:00
Clint Shryock 8705f0f78f provider/aws: fix issue with reading VPC id in AWS Security Group 2015-05-06 16:54:43 -05:00
Clint Shryock 885efa0837 provider/aws: Add Security Group Rule as a top level resource
- document conflict with sg rules and sg in-line rules
- for this to work, ingress rules need to be computed
2015-05-05 16:56:39 -05:00
Clint Shryock eb7c1bb218 fix go formatting 2015-05-05 16:42:08 -05:00
Clint Shryock e9b08cf31f revert the required part 2015-05-05 16:23:26 -05:00
Clint Shryock 85b1756c27 revise tests and check for vpc_id 2015-05-05 16:23:26 -05:00
Clint Shryock 8ded3c2d1b Move block for deleing default rule into the create method; only invoke once 2015-05-05 16:23:26 -05:00
Clint Shryock b145ce88b7 Document Egress+VPC change, update link 2015-05-05 16:23:26 -05:00
Clint Shryock 1558fd1c3e provider/aws: Remove default egress rule from Security Group on creation 2015-05-05 16:23:25 -05:00
Clint Shryock 3ce3b7c516 provider/aws: Shorting retry timeout for Security Groups to 2 minutes, from 5 2015-05-05 11:07:16 -05:00
Christopher Tiwald 89bacc0b15 aws: error on expndIPPerms(...) if our ports and protocol conflict.
Ingress and egress rules given a "-1" protocol don't have ports when
Read out of AWS. This results in hashing problems, as a local
config file might contain port declarations AWS can't ever return.

Rather than making ports optional fields, which carries with it a huge
headache trying to distinguish between zero-value attributes (e.g.
'to_port = 0') and attributes that are simply omitted, simply force the
user to opt-in when using the "-1" protocol. If they choose to use it,
they must now specify "0" for both to_port and from_port. Any other
configuration will error.
2015-05-04 23:43:31 -04:00
Paul Hinze 079856620a provider/aws: set default SG description
because requiring a SG description is annoying
2015-04-22 13:27:20 -05:00
Paul Hinze 33de319293 provider/aws: allow SG names to be generated 2015-04-22 12:56:06 -05:00
Nevins Bartolomeo 6da242de03 fixing sg refresh 2015-04-20 11:27:58 -04:00
Clint Shryock 3e6822ce08 more cleans ups of SDK reference 2015-04-16 15:28:18 -05:00
Clint Shryock ba43b7c963 mass search-replace of ec2SDKconn 2015-04-16 15:05:55 -05:00
Clint Shryock ffdd20133a providers/aws: Convert AWS Security Group to upstream aws-sdk-go
Moves structure test lib too, to that `make test` actually runs it
2015-04-09 09:10:04 -05:00
Clint eadc44d5f7 Merge pull request #1223 from hashicorp/b-fix-ingress-self-ommission
provider/aws: Fix issue with ignoring the 'self' attribute of a Security Group rule
2015-03-18 16:42:17 -05:00
Mitchell Hashimoto d823a8cf81 providers/aws: fix security group self ingress rules on EC2-classic 2015-03-18 13:47:59 +00:00
Clint Shryock 7034619863 provider/aws: Fix issue where we ignored the 'self' attribute of a security group rule 2015-03-17 15:48:10 -05:00
Clint Shryock 28fbd971fc Retire goamz 2015-03-13 09:42:50 -05:00
Clint Shryock 57556bba75 Replace tags files with tags_sdk, rename, and update 2015-03-12 16:43:08 -05:00
Clint Shryock 902ca25f36 Code cleanup 2015-03-11 08:30:43 -05:00
Clint Shryock 3977256c17 Cleansup: Restore expandIPPerms, remove flattenIPPerms 2015-03-10 16:35:49 -05:00
Clint Shryock a22c23ad42 clean up debug output to make go vet happy 2015-03-10 15:55:49 -05:00
Clint Shryock 20b02cacd4 provider/aws: Convert AWS Security Group to aws-sdk-go
Convert security group test too
2015-03-09 11:45:58 -05:00
Mitchell Hashimoto c7e536680d Merge pull request #999 from TimeInc/clean-code
Clean code (get rid of go vet errors)
2015-02-18 12:28:12 -08:00