Official OpenStack clients support specifing custom CA certificate file
that should be used when communicating with OpenStack server. This patch
adds similar behavior to Terraform OpenStack provider, by:
- Using OS_CACERT environmental variable, if available
- Using cacert_file provider parameter, if configured
Fixes issue #4985 by correcting copy/paste error that caused the
max_utilization attribute to be read from the max_rate_per_instance
attribute.
N.B. There is still no test coverage for this issue.
The AWS free tier allows up to 750 hours on t2.micro
instance types. It's better to use cheaper instances
in case the resources are not cleaned up if a tests
is canceled or crashes.
There can only be a single health_check configuration per load balancer
so choosing to use a list over a set is only relevant when comparing
changes during a plan. A list makes it much easier to compare updates
since the index is stable (0 vs. computed hash).
Removes overspecified config that is unrelated to testing the auto scaling
group's autogenerated name. The test is only concerned with checking that
the auto scaling group was created successfully with an autogenerated name
matching a specific pattern.
Removes overspecified config that is unrelated to the auto scaling
group's availability zone and VPC identifier acceptance tests. The
created auto scaling groups do not need to spin up any hosts since
the acceptance tests are only concerned with checking the existence
of the associated availability zones and VPC identifiers.
Fixes a diff calculation error when only a VPC zone
identifiers is provided. In this case the associated
availability zones are computed from the subnets per
the AWS documentation.
* Randomize app name in test
* Return error and don't panic when there is a problem
It's possible there may still be an underlying problem that caused the
error that made the cert leak in the first place - this should help us
diagnose it.
This should address the failures seen in Travis Build Run #8774. It is
likely there are others which also need addressing - they will be
addressed on a case-by-case basis as they come up.
This is a follow up on #4892 with tests that demonstrate creating a record and a zone, then destroying said record, and confirming that a new plan is generated, using the ExpectNonEmptyPlan flag
This simulates the bug reported in #4641 by mimicking the state file that one would have if they created a record with Terraform v0.6.6, which is to say a weight = 0 for a default value.
When upgrading, there would be an expected plan change to get that to -1. To mimic the statefile we apply the record and then in a follow up step change the attributes directly. We then try to delete the record.
I tested this by grabbing the source of aws_resource_route53.go from Terraform v0.6.9 and running the included test, which fails. The test will pass with #4892 , because we no longer reconstruct what the record should be based on the state (instead finding via the API and elimination/matching)
This resource is the first which makes use of the new Riviera library
(at https://github.com/jen20/riviera), so there is some additional set
up work to add the provider to the client which gets passed among
resources.
This commit adds the ability to associate a Floating IP to a specific
network. Previously, there only existed a top-level floating IP
attribute which was automatically associated with either the first
defined network or the default network (when no network block was
used).
Now floating IPs can be associated with networks beyond the first
defined network as well as each network being able to have their own
floating IP.
Specifying the floating IP by using the top-level floating_ip
attribute and the per-network floating IP attribute is not possible.
Additionally, an `access_network` attribute has been added in order
to easily specify which network should be used for provisioning.
See the updated docs for more details and examples, but in short this
enables the `attributes` param from the Chef provisioner to accept a
raw JSON string.
Fixes#3074Fixes#3572
Using EnvDefaultFunc with a default of empty string causes the
validation which would ordinarily be performed by `Required: true` in
the schema to not have any effect. Instead validate the configuration
used to produce the ARM client before attempting to use it during
provider configuration.
throw an error:
* aws_sns_topic_subscription.checker: NotFound: Subscription does not
* exist
status code: 404, request id: b8ca0c27-1a62-57b3-8b96-43038a0ead86
Terraform wasn't refreshing the state when the topic gave a 404
This fix prevents tests incorrectly reporting dangling resources. It is
not sufficient to check just whether or not an error occurred when
iterating over the listed resources - checking the bool returned is also
required.
Remove the mime type validation since the part handler type allows for
custom types.
http://cloudinit.readthedocs.org/en/latest/topics/format.html#part-handler
The docs specify that if a part handler type is specified, one could use
custom mime types
Signed-off-by: Simon Thulbourn <simon+github@thulbourn.com>
It was a mistake to switched fully to `==` when activating waiting for
capacity on updates in #3947. Users that didn't set `min_elb_capacity ==
desired_capacity` and instead treated it as an actual "minimum" would
see timeouts for every create, since their target numbers would never be
reached exactly.
Here, we fix that regression by restoring the minimum waiting behavior
during creates.
In order to preserve all the stated behavior, I had to split out
different criteria for create and update, criteria which are now
exhaustively unit tested.
The set of fields that affect capacity waiting behavior has become a bit
of a mess. Next major release I'd like to rework all of these into a
more consistently named block of config. For now, just getting the
behavior correct and documented.
(Also removes all the fixed names from the ASG tests as I was hitting
collision issues running them over here.)
Fixes#4792
Implementation notes:
* The hash implementation was not considering key value, causing "diffs
did not match" errors when a value was updated. Switching to default
HashResource implementation fixes this
* Using HashResource as a default exposed a bug in helper/schema that
needed to be fixed so the Set function is picked up properly during
Read
* Stop writing back values into the `key` attribute; it triggers extra
diffs when `default` is used. Computed values all just go into `var`.
* Includes a state migration to prevent unnecessary diffs based on
"key" attribute hashcodes changing.
In the tests:
* Switch from leaning on the public demo Consul instance to requiring a
CONSUL_HTTP_ADDR variable be set pointing to a `consul agent -dev`
instance to be used only for testing.
* Add a test that exposes the updating issues and covers the fixes
Fixes#774Fixes#1866Fixes#3023
These resources use ARM to get keys for the storage API, but then use
the storage REST API as per the ASM provider. The code is significantly
reworked with better logging and error handling. The key functions can
be reused for queues and file storage resources when they get added.
Just some cosmetics and some cleaning up to make the code fit in a
little better with the existing code. Functionally no changes are made
and the existing tests still pass.
Test failures indicate that this operation doesn't always take effect
immediately:
https://travis-ci.org/hashicorp/terraform/builds/103764466
Add a simple poll to retry a few times until it does.
```
--- PASS: TestAccMailgunDomain_Basic (1.51s)
```
Verified that this does the trick by looping the test and watching the
logs for the retry behavior to kick in.
This is an unusual resource (so far) in that it cannot be created in one
call, and instead must be created and the modified to set some of the
parameters.
We use the pollIndefinitelyWhileNeeded function which will continue to
poll Azure RM operation monitoring endpoints until an error is reported
or the operation meets one of the given status codes. The function was
originally part of this feature but was separated out in order to
unblock other work.
Currently there is no support for the "custom_domain" section of the
storage account API. This was originally present and was later taken out
of the scope of the storage account resource in order that the following
workflow can be used:
1. Create storage account
2. Create DNS CNAME entry once the account name is known
3. Create custom domain mapping
This adds a pollIndefinitelyWhileNeeded function which will continue to
poll Azure RM operation monitoring endpoints until an error is reported
or the operation meets one of the given status codes. This may need
revisiting at some point in the future.
When parsing resource IDs (probably incorrectly since they are URIs and
should therefore be opaque), we need to look for "resourcegroups" in
addition to "resourceGroups" because the Azure CDN resources return that
in their URIs.
Unfortunately the casing semantics of the rest of the string are not
clear, so downcasing the entire URI is probably best avoided. This is a
fix for a single case.
Fixes#4721. It seems there may be some eventual consistency in the API
for network ACLs. This fix doesn't use resource.WaitForState() as there
the NACL is not something that can be looked up by ID and has a
property which determines if it is present.
Instead we reuse the findNetworkAclRule function which the Read function
exhibiting the problem uses, and retry over a 3 minute period, returning
an error message informing the user that running `terraform apply` again
will likely allow them to continue.
http and https SNS topic subscription endpoints require confirmation to set a valid arn otherwise
arn would be set to "pending confirmation". If the endpoints auto confirm then arn is set
asynchronously but if we try to create another subscription with same parameters then api returns
"pending subscription" as arn but does not create another a duplicate subscription. In order to
solve this we should be fetching the subscription list for the topic and identify the subscription
with same parameters i.e., protocol, topic_arn, endpoint and extract the subscription arn.
Following changes were made to support the http/https endpoints that auto confirms
1. Added 3 extra parameters i.e.,
1. endpoint_auto_confirms -> boolean indicates if end points auto confirms
2. max_fetch_retries -> number of times to fetch subscription list for the topic to get the subscription arn
3. fetch_retry_delay -> delay b/w fetch subscription list call as the confirmation is done asynchronously.
With these parameters help added support http and https protocol based endpoints that auto confirm.
2. Update website doc appropriately
In most cases private keys are used to produce certs and cert requests,
but there are some less-common cases where the PEM-formatted keypair is
used alone. The public_key_pem attribute supports such cases.
This also includes a public_key_openssh attribute, which allows this
resource to be used to generate temporary OpenSSH credentials, so that
e.g. a Terraform configuration could generate its own keypair to use
with the aws_key_pair resource. This has the same caveats as all cases
where we generate private keys in Terraform, but could be useful for
temporary/throwaway environments where the state either doesn't live for
long or is stored securely.
This builds on work started by Simarpreet Singh in #4441 .