Fixes: #11461
This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
Fixes#10788
This checks `IsComputed` prior to attempting to use the JSON
configurations. Due to a change in 0.8, the prior check for simply map
existence would always succeed even with a computed value (as designed),
but we forgot to update provisioners to not do that.
There are other provisioners that also do this but to no ill effect
currently. I've only changed Chef since we know that is an issue.
This issue doesn't affect 0.9 due to helper/schema doing this
automatically for provisioners.
According to https://github.com/hashicorp/errwrap
'{{err}}' has to be used instead of '%s'
Without this patch, error output from terraform is missing important information:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: %s
With this patch, I get the important information. E.g.:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: AccessDeniedException: User: arn:aws:sts::XYZ:assumed-role/AAA-BBB-CCC/terraform-assuming-role-assume-role-ReadOnly is not authorized to perform: logs:ListTagsLogGroup on resource: arn:aws:logs:us-east-1:XYZ:log-group:logs:log-stream:
The support for "use_client_subnet" was half finished.
- Field was defined in schema.
- ResourceData-to-struct code was present but incorrect.
- struct-to-ResourceData code was missing.
Made the change and verified with manual testing:
1. In NS1 UI, switched "Use Client Subnet" between checked and
unchecked.
2. In Terraform config file, switched "use_client_subnet" field between
"true", "false", and omitted.
3. The output of "terraform plan" was as expected in all six cases.
This commit removes the default security group rules that are automatically
created when a security group is created. These rules are usually
permissive egress rules which makes it difficult to add more strict egress
security group rules.
Previously an attempt to destroy a LB stickiness policy would
result in an error like this:
```
* aws_lb_cookie_stickiness_policy.foo: Error removing LBCookieStickinessPolicy: LoadBalancerNotFound: There is no ACTIVE Load Balancer named 'tf-test-lb-tqatd'
status code: 400, request id: 28af1167-e4a4-11e6-8ddd-57ba410cbbb6
```
This checks for a missing load balancer on the policy read and allows
the destroy.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLBCookieStickinessPolicy_missingLB'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/27 07:21:11 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLBCookieStickinessPolicy_missingLB -timeout 120m
=== RUN TestAccAWSLBCookieStickinessPolicy_missingLB
--- PASS: TestAccAWSLBCookieStickinessPolicy_missingLB (28.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.929s
```