* fixed go vet issues on aws provider in master
* added support for dns, dns options and dns search for docker container.
On docker container resource you can specify dns_opts nad dns_search
which maps directly to docker --dns_opt and --dns_search parameters.
Allowing users to setup the embedded dns settings for their containers.
* fixed the asserts for the new features in tests.
fixed tests around DNS, DNS_OPTS and DNS_SEARCH
Fixes an issue where terraform plan or apply will always have a diff.
The Elastic Beanstalk API returns data for the `resource` attribute for
some settings that are not documented. This limits the `resource`
attribute to settings in the `aws:autoscaling:scheduledaction`
namespace.
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVPCPeeringConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVPCPeeringConnection_ -timeout 120m
=== RUN TestAccAWSVPCPeeringConnection_importBasic
--- PASS: TestAccAWSVPCPeeringConnection_importBasic (42.58s)
=== RUN TestAccAWSVPCPeeringConnection_basic
--- PASS: TestAccAWSVPCPeeringConnection_basic (45.00s)
=== RUN TestAccAWSVPCPeeringConnection_plan
--- PASS: TestAccAWSVPCPeeringConnection_plan (40.92s)
=== RUN TestAccAWSVPCPeeringConnection_tags
--- SKIP: TestAccAWSVPCPeeringConnection_tags (0.00s)
resource_aws_vpc_peering_connection_test.go:85: Error: TestAccAWSVPCPeeringConnection_tags requires a peer id to be set
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 128.517s
```
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSAPIGatewayAccount_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAPIGatewayAccount_importBasic -timeout 120m
=== RUN TestAccAWSAPIGatewayAccount_importBasic
--- PASS: TestAccAWSAPIGatewayAccount_importBasic (16.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 16.450s
```
FYI @catsby
The acceptance test was throwing the error:
```
* aws_elb.main: DuplicateLoadBalancerName: Load Balancer named
* foobar-terraform-elb already exists and it is configured with
* different parameters.
```
So randomized the name and the test still passes as expected:
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSRoute53Record_alias'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_alias -timeout 120m
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (97.70s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 97.722s
```
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (201.02s)
=== RUN TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.38s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 537.426s
```
Had to change the way that the tests were working to include a random sqs-queue name due to this error:
```
`aws_sqs_queue.test_queue: Error creating SQS queue: AWS.SimpleQueueService.QueueDeletedRecently: You must wait 60 seconds after deleting a queue before you can create another with the same name.
status code: 400, request id: b58e800a-ae27-556e-b6de-cfe1bbf9dc09``
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSNSTopicSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSNSTopicSubscription_ -timeout 120m
=== RUN TestAccAWSSNSTopicSubscription_importBasic
--- PASS: TestAccAWSSNSTopicSubscription_importBasic (24.44s)
=== RUN TestAccAWSSNSTopicSubscription_basic
--- PASS: TestAccAWSSNSTopicSubscription_basic (25.26s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 49.722s
```
* Add SES resource
* Detect ReceiptRule deletion outside of Terraform
* Handle order of rule actions
* Add position field to docs
* Fix hashes, add log messages, and other small cleanup
* Fix rebase issue
* Fix formatting
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSIAMAccountPasswordPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSIAMAccountPasswordPolicy_ -timeout 120m
=== RUN TestAccAWSIAMAccountPasswordPolicy_importBasic
--- PASS: TestAccAWSIAMAccountPasswordPolicy_importBasic (14.75s)
=== RUN TestAccAWSIAMAccountPasswordPolicy_basic
--- PASS: TestAccAWSIAMAccountPasswordPolicy_basic (26.06s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.831s
```
Small change to the test as it was failing sometimes as it was using the
same identifier. The small change has made it more stable when running
it in quick succession as it isn't an update
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (14.14s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (22.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 37.040s
```
The Id wasn't being set until after the Read func returned from the API.
I needed to move that Id set up until just after the Create response
returned
The same Id's have been set - username
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.24s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.99s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.261s
```
Changes required:
* ECR Read func doesn't need to take ``registry_id` as it uses the
current account Id
* `name` wasn't being set in the ECR Read so the import was failing as
name wasn't found
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSEcrRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (17.37s)
=== RUN TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (16.05s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 33.437s
```
this datasource allows terraform to work with externally modified state, e.g.
when you're using an ECS service which is continously updated by your CI via the
AWS CLI.
right now you'd have to wrap terraform into a shell script which looks up the
current image digest, so running terraform won't change the updated service.
using the aws_ecs_container_definition data source you can now leverage
terraform, removing the wrapper entirely.
If an AWS Cookie Stickiness Policy is removed from the listener in
the AWS console the policy isn't deleted. Cross reference the policy
name with those assigned to the listener to determine if the policy
is actually being used.
Since this resource produces a list it feels more intuitive to give its
attribute a plural name, and since the noun "instance" already means
something specific in the AWS provider that doesn't apply here we use
"names" to indicate that these are availability zone names.
Also includes updating the docs to not show a dynamic count example for
now, since we don't support that yet.
When reading an AppCookieStickinessPolicy check for LoadBalancerNotFound
as well as PolicyNotFound. This prevents errors when when destroying a
policy on an ELB that no longer exists.
false
Fixes#7035
A known issue in Terraform means that d.GetOk() on a bool which is false
will mean it doesn't get evaulated. Therefore, when people set
publicly_accessible to false, it will never get evaluated on the Create
We are going to make it default to false now
Fixed the problem where the root_block_device could cause an apply error
by reading back an "encrypted" parameter that was meant for an
ebs_block_device. "encrypted" is not part of the root_block_device
schema, since it can't be set explicitly.
Added a check in Create to fail when the root device is incorrectly
specified as an ebs_block_device, as this causes continual refreshing
due to mismatched state between root_block_device and ebs_block_device.
"encrypted" and "snapshot_id" should be guarded with ConflictsWith, but
that doesn't appear to work on nested resources despite #1926.
Fixes#7062
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheSubnetGroup'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheSubnetGroup -timeout 120m
=== RUN TestAccAWSElasticacheSubnetGroup_basic
--- PASS: TestAccAWSElasticacheSubnetGroup_basic (44.62s)
=== RUN TestAccAWSElasticacheSubnetGroup_update
--- PASS: TestAccAWSElasticacheSubnetGroup_update (73.74s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 118.379s
* pr-6865:
provider/aws: Add db_param group to RDS Cluster Instance test
remove status attribute
support aurora instance's parameter group and modifyinstance
When VPC is detached from VPN gateway, its VpcAttachment stays in place
just with state changed to "detached". Since terraform was not checking
attachment state, it used to think VPC gateway was still attached.
Add the iam_arn attribute to aws_cloudfront_origin_access_identity,
which computes the IAM ARN for a certain CloudFront origin access
identity.
This is necessary because S3 modifies the bucket policy if CanonicalUser
is sent, causing spurious diffs with aws_s3_bucket resources.
This brings over the work done by @apparentlymart and @radeksimko in
PR #3124, and converts it into a data source for the AWS provider:
This commit adds a helper to construct IAM policy documents using
familiar Terraform concepts. It makes Terraform-style interpolations
easier and resolves the syntax conflict between Terraform interpolations
and IAM policy variables by changing the latter to use &{...} for its
interpolations.
Its use is completely optional and users are free to go on using literal
heredocs, file interpolations or whatever else; this just adds another
option that fits more naturally into a Terraform config.
This an effort to address hashicorp/terraform#516.
Adding the Sensitive attribute to the resource schema, opening up the
ability for resource maintainers to mark some fields as sensitive.
Sensitive fields are hidden in the output, and, possibly in the future,
could be encrypted.
Closing off my other AWS availability zone branch, I'm adding tests for
the existing aws_availability_zones data source.
This closeshashicorp/terraform#4848.
This data source allows one to look up the most recent AMI for a specific
set of parameters, much like aws ec2 describe-images in the AWS CLI.
Basically a refresh of hashicorp/terraform#4396, in data source form.
* Add per user, role and group policy attachment
* Add docs for new IAM policy attachment resources.
* Make policy attachment resources manage only 1 entity<->policy attachment
* provider/aws: Tidy up IAM Group/User/Role attachments
When two rules differ only in source security group, EC2 APIs return
them as a single rule, but Terraform requires separate
aws_security_group_rule resources.
6bdab07174 changed Read to set source_security_group_id (and
cidr_blocks) from the rule returned from EC2 and chose the first
source_security_group_id arbitrarily, which is wrong.
Makes TestAccAWSSecurityGroupRule_PartialMatching_Source pass again.
Also adds a comment noting that there is a bug in the new resource
importing feature.
Fixes#6728.
This commit adds a data source with a single list, `instance` for the
schema which gets populated with the availability zones to which an
account has access.
resource
We had a line on the Update func that said:
```
Hash key can only be specified at creation, you cannot modify it.
```
The resource has now been changed to ForceNew on the hashkey
```
aws_dynamodb_table.demo-user-table: Refreshing state... (ID: Users)
aws_dynamodb_table.demo-user-table: Destroying...
aws_dynamodb_table.demo-user-table: Destruction complete
aws_dynamodb_table.demo-user-table: Creating...
aws_dynamodb_table.demo-user-table: Creation complete
```
When stage_name is not passed to the resource
aws_api_gateway_deployment a terraform apply will fail. This is
because the stage_name is required and not optional.