Commit Graph

12659 Commits

Author SHA1 Message Date
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Paul Stack 03afd4ef72 Update CHANGELOG.md 2016-09-03 20:50:56 +03:00
Paul Stack 3ad4cfe117 Merge pull request #8645 from hashicorp/aws-vpn-gateway-za
provider/aws: Do not set empty string to state for `aws_vpn_gateway` availability zone
2016-09-03 20:50:31 +03:00
stack72 900e14e168
provider/aws: New resource `aws_spot_datafeed_subscription`
Fixes: #4922

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotDatafeedSubscription_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/24 10:46:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotDatafeedSubscription_ -timeout 120m
=== RUN   TestAccAWSSpotDatafeedSubscription_importBasic
--- PASS: TestAccAWSSpotDatafeedSubscription_importBasic (56.31s)
=== RUN   TestAccAWSSpotDatafeedSubscription_basic
--- PASS: TestAccAWSSpotDatafeedSubscription_basic (56.77s)
=== RUN   TestAccAWSSpotDatafeedSubscription_disappears
--- PASS: TestAccAWSSpotDatafeedSubscription_disappears (56.79s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    169.893s
```
2016-09-03 20:06:40 +03:00
stack72 0c80b4d172
provider/aws: Wait for `aws_route_53_record` to be in-sync after a
delete

Fixes #6679

When we change the type of a record, it forces a new resource. We never
waited for the recordset to be in-sync after a deletion.

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRoute53Record_'
% ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:55:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (85.54s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (101.75s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (84.01s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (85.08s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (97.12s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (141.08s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (91.25s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (89.01s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (88.91s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (103.10s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (174.71s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (89.50s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (89.12s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (138.09s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (88.51s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1684.774s
```
2016-09-03 19:17:05 +03:00
stack72 feaabb6ca1
provider/aws: Do not set empty string to state for `aws_vpn_gateway`
availability zone

Fixes #4752

According to the AWS Documentation, when `describing-vpn-gateways`

```
AvailabilityZone -> (string)
The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
```

Therefore, if we pass an availability zone as part of vpn gateway, then it may come back as an empty string. If we set this empty string back to state, then the next plan will look as follows:

```
-/+ aws_vpn_gateway.vpn_gateway
    availability_zone: "" => "us-west-2a" (forces new resource)
    tags.%:            "1" => "1"
    tags.Name:         "vpn-us-west-2" => "vpn-us-west-2"
    vpc_id:            "vpc-1e9da47a" => "vpc-1e9da47a"

Plan: 1 to add, 0 to change, 1 to destroy.
```

If the availability_zone comes back from AWS as an empty string, then we should not set it to state to avoid forcing a new resource for the user

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:10:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- FAIL: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (36.11s)
       	testing.go:265: Step 0 error: Check failed: Check 2/2 error: aws_vpn_gateway.foo: Attribute 'availability_zone' expected "us-west-2a", got ""
FAIL
exit status 1
FAIL   	github.com/hashicorp/terraform/builtin/providers/aws   	36.130s
make: *** [testacc] Error 1
[stacko@Pauls-MacBook-Pro:~/Code/go/src/github.com/hashicorp/terraform on master]
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'                                                                                       2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:12:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- PASS: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (46.50s)
PASS
ok     	github.com/hashicorp/terraform/builtin/providers/aws   	46.517s
```
2016-09-03 17:14:42 +03:00
Radek Simko e6993a324e Update CHANGELOG.md 2016-09-03 14:57:34 +01:00
Paul Stack eaa48681d4 provider/aws: Refresh `aws_elasticsearch_domain` from state when ResourceNotFoundException (#8643)
* provider/aws: Refresh `aws_elasticsearch_domain` from state when
RecordNotFoundException

Fixes #3967

When an ElasticSearch domain has been deleted outside of Terraform, the
next Terraform operation would return the following:

```
* aws_elasticsearch_domain.curvelogic_es: ResourceNotFoundException:
* Domain not found: curvelogic-es
    status code: 409, request id: 6e4b2371-8e1a-11e5-bd07-7741b705d65c
```

We now refresh the resource from state when it is no longer found

* Update resource_aws_elasticsearch_domain.go
2016-09-03 14:55:29 +01:00
Paul Stack ef85146722 Merge pull request #8642 from kwilczynski/feature/add-unit-test-aws_network_acl_rule
provider/aws: Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
2016-09-03 16:51:34 +03:00
Paul Stack 401d976cbb Merge pull request #8644 from kwilczynski/feature/add-unit-test-data_source_availability_zones
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
2016-09-03 16:50:59 +03:00
Krzysztof Wilczynski 814b1d7489
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 14:04:35 +01:00
Krzysztof Wilczynski 18b5de26d8
Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:49:39 +01:00
Krzysztof Wilczynski bcaac02edb
Add validation of Health Check target to aws_elb.
This commit adds a simple validation of the target in the Health Check block in
order to reduce the number of issues related to the type, port and path values,
especially when the TCP and SSL type was used.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:48:28 +01:00
Paul Stack 10bf48a35a Merge pull request #8641 from kwilczynski/feature/update-aws_efs_file_system
provider/aws: Maintenance and clean-up for aws_efs_file_system.
2016-09-03 15:35:45 +03:00
Krzysztof Wilczynski fceb3ac381
Maintenance and clean-up for aws_efs_file_system.
This commit is purely a maintenance and clean-up of the resource.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 11:40:24 +01:00
Radek Simko a3c21d6c3b
provider/aws: Add cloudformation_stack data source 2016-09-03 11:33:59 +01:00
Jeremy Young b295192ed3 Adding reference in ELB docs for supported ECDSA curves. 2016-09-02 16:25:20 -05:00
Paul Stack 251a0e73ab Update CHANGELOG.md 2016-09-03 00:24:24 +03:00
Paul Stack 42711dbc1f Merge pull request #8636 from kwilczynski/fix/increase-wait-time-aws_vpn_gateway_attachment
provider/aws: Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
2016-09-03 00:23:37 +03:00
Paul Stack 74c83751e4 Update CHANGELOG.md 2016-09-02 23:35:20 +03:00
Paul Stack 18ea8ef264 Merge pull request #8603 from hashicorp/aws-db-parameter-apply_method
provider/aws: Set `apply_method` to state in `aws_db_parameter_group`
2016-09-02 23:34:45 +03:00
Krzysztof Wilczynski a6de64a445
Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
This commit increases the timeout, delay and minimum timeout values in
order to resolve a timeout potentially occurring when the VPC gateway
is being attached.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-02 21:28:55 +01:00
Paul Hinze e991ea5741 Merge pull request #8634 from hashicorp/revert-8590-b-template-floats
Revert "providers/template: template_file supports floating point math"
2016-09-02 15:28:32 -05:00
Paul Hinze c5647dc046 Revert "providers/template: template_file supports floating point math" 2016-09-02 15:20:03 -05:00
James Nugent afd17e166d Merge pull request #8630 from supergibbs/patch-1
Update ami.html.markdown
2016-09-02 10:50:16 -07:00
James Nugent d444d122bf provider/aws: Clean up AWS provider schema defns
Remove unnecessary &schema.Schema from the AWS provider schema
definition.
2016-09-02 10:36:52 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
Jesse Mandel f168c90afa Update ami.html.markdown
typo `i368` to `i386`
2016-09-02 10:22:18 -07:00
Mitchell Hashimoto f4a7740beb Merge pull request #8629 from ProcessOut/scaleway-security_group_rule-port-documentation
provider/scaleway: Document ports in security group rules properly
2016-09-02 10:06:45 -07:00
Mitchell Hashimoto 652b141755 Update CHANGELOG.md 2016-09-02 10:03:51 -07:00
Mitchell Hashimoto fad1ce9915 Merge pull request #8620 from hashicorp/b-var-input
command: more resilient HCL check for inputs
2016-09-02 10:02:23 -07:00
Mitchell Hashimoto c84f699158
update HCL vendor 2016-09-02 09:58:05 -07:00
James Nugent 0cf43411f9 Update CHANGELOG.md 2016-09-02 09:55:42 -07:00
James Nugent bb3a896cee Merge pull request #8615 from hashicorp/f-aws-s3-bucket-policy
provider/aws: Add aws_s3_bucket_policy resource
2016-09-02 11:54:19 -05:00
Louis-Paul Dareau 7adcac2d6c
provider/scaleway: Fix a documentation typo 2016-09-02 12:16:42 -04:00
Louis-Paul Dareau ab36c4299f
provider/scaleway: Document ports in security group rules properly 2016-09-02 12:10:52 -04:00
James Nugent 93f31fce17 provider/aws: Add aws_s3_bucket_policy resource
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.

In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
2016-09-02 09:07:54 -07:00
James Nugent 1f04942292 deps: Vendor github.com/jen20/awspolicyequivalence 2016-09-02 09:07:54 -07:00
Paul Stack 4e7edb5431 Update CHANGELOG.md 2016-09-02 17:51:23 +03:00
Joe Topjian 20b25043b6 Merge pull request #8625 from Fodoj/provider-openstack-lb2-better-docs
provider/openstack: Fix documentation of openstack LBaaS resources
2016-09-02 08:39:45 -06:00
Paul Stack d5b869732b Merge pull request #8628 from hashicorp/b-aws-alb-computed
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
2016-09-02 17:33:02 +03:00
Clint 740b8bb9cb provider/aws: Run errcheck in tests (#8579)
* provider/aws: Add errcheck to Makefile, error on unchecked errors

* more exceptions

* updates for errcheck to pass

* reformat and spilt out the ignore statements

* narrow down ignores

* fix typo, only ignore Close and Write, instead of close or write
2016-09-02 09:24:17 -05:00
stack72 d236a305ea
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
Fixes #8612

The SSL Policy is optional - if you don't add it and create a HTTPS Alb
Listener, AWS will add the policy for you. Without being computed, we
would get a diff

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListener_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 17:16:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListener_
-timeout 120m
=== RUN   TestAccAWSALBListener_basic
--- PASS: TestAccAWSALBListener_basic (70.45s)
=== RUN   TestAccAWSALBListener_https
--- PASS: TestAccAWSALBListener_https (63.20s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    133.667s
```
2016-09-02 17:21:02 +03:00
stack72 04a77b343b
Merge branch 'master' of github.com:hashicorp/terraform 2016-09-02 17:09:08 +03:00
stack72 651eba7d97
Merge branch 'liamjbennett-aws_ssm_association' 2016-09-02 17:08:33 +03:00
stack72 f9183da2e3
provider/aws: Changing the tests for `aws_ssm_association` to align with
us-west-2

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:56:09 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSSMAssociation_ -timeout 120m
=== RUN   TestAccAWSSSMAssociation_basic
--- PASS: TestAccAWSSSMAssociation_basic (136.23s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    136.246s
```
2016-09-02 17:04:43 +03:00
liamjbennett e98e5fb017
provider/aws: add aws_ssm_association resource 2016-09-02 16:46:05 +03:00
Sander van Harmelen 0ea4777257 Update CHANGELOG.md 2016-09-02 15:45:44 +02:00
Sander van Harmelen 5163554a9e Update CHANGELOG.md 2016-09-02 15:45:27 +02:00
Sander van Harmelen 47dd1ad153 Add wildcard (match all) support to ignore_changes (#8599) 2016-09-02 15:44:35 +02:00