Commit Graph

2778 Commits

Author SHA1 Message Date
Paul Forman 52db098292 Add enable_logging to AWS CloudTrail
The AWS CloudTrail resource is capable of creating CloudTrail resources,
but AWS defaults the actual logging of the trails to `false`, and
Terraform has no method to enable or monitor the status of logging.

CloudTrail trails that are inactive aren't very useful, and it's a
surprise to discover they aren't logging on creation.

Added an `enable_logging` parameter to resource_aws_cloudtrail to enable
logging.  This requires some extra API calls, which are wrapped in new
internal functions.

For compatibility with AWS, the default of `enable_logging` is set to
`false`.
2015-11-21 00:18:38 -07:00
clint shryock 233aab6e0a provider/aws: Fix issue deleting users who are attached to a group
If you want to delete an IAM user, that user must not belong to any groups
2015-11-20 16:54:26 -06:00
Clint cc70d25dc5 Merge pull request #3898 from hashicorp/b-aws-elb-iam-cert-delete
providers/aws: Retry deleting IAM Server Cert on dependency violation
2015-11-20 14:50:18 -06:00
Clint 9edbf6a7fc Merge pull request #3908 from hashicorp/b-elb-cookie-fix
provider/aws: Fix issue with LB Cookie Stickiness and empty expiration period
2015-11-20 14:49:00 -06:00
Clint ed3399593a Merge pull request #3996 from hashicorp/b-aws-test-fixes
Adjustments for AWS Acceptance tests
2015-11-20 13:28:25 -06:00
clint shryock 9eb46c28b2 use a log group resourcE 2015-11-20 13:15:20 -06:00
clint shryock cf5b32617b fix vpn gateway refresh/reattach issue 2015-11-20 11:47:10 -06:00
stack72 74c93d3a46 Reording the code for the creation of a Floating IP for a droplet. The call to the DO api takes a few seconds to propagate so I had to sacriface some kittens and added a short 10 second sleep 2015-11-20 19:12:31 +02:00
stack72 7bda855590 Adding the work to assign a Floating IP to a Droplet 2015-11-20 19:12:31 +02:00
stack72 9cf1c2943c Adding the first pass of the work to get a floatingip assigned to a region 2015-11-20 19:12:30 +02:00
Paul Hinze 24d15820c1 provider/heroku: fix acc test
depends_on requires a list of strings. the old parser would silently
ignore this field, but the new one returned a syntax error.
2015-11-20 10:51:34 -06:00
Paul Hinze c637ca039c Merge pull request #3987 from hashicorp/b-aws-test-fixes
AWS Test fixtures updates
2015-11-20 10:36:38 -06:00
Paul Hinze 2f25d57e7c Merge pull request #3993 from lwander/b-gcp-test-ssl-cert
provider/google: self-signed ssl certs for testing
2015-11-20 10:36:27 -06:00
Lars Wander 93ff7edb13 provider/google: self-signed ssl certs for testing 2015-11-20 11:32:25 -05:00
Paul Hinze e67551a641 provider/docker: fix image test
there's a new latest in town
2015-11-20 09:58:03 -06:00
Paul Hinze e9a18a8f9f provider/google: fix sql database test
Was missing a required parameter

/cc @lwander @sparkprime
2015-11-20 09:52:23 -06:00
clint shryock 73475edceb update TestAccAWSFlowLog_subnet to use new cloudwatch resource, not needing env var anymore 2015-11-20 09:39:43 -06:00
clint shryock fe204bb291 error test when env var is not supplied 2015-11-20 09:39:17 -06:00
clint shryock 4d0699b9dd mark snapshots as computed for ElastiCache clusters 2015-11-20 09:39:17 -06:00
Takaaki Furukawa cb84b98ce4 provider/vsphere: Rename functions 2015-11-20 21:01:02 +09:00
Takaaki Furukawa 7bf02243a1 rename vcenter_server config parameter to something clearer 2015-11-20 20:37:49 +09:00
Paul Hinze 887839ce23 provider/digitalocean: remove relative CNAME test
Heard back from DO support:

> we require it to be a FQDN for a CNAME record in our DNS system.

/cc @paystee, the original author here
2015-11-19 18:36:58 -06:00
Paul Hinze 3d089143c6 provider/azure: fix hosted service acctest
Just some basic bitrot stuff.
2015-11-19 16:28:24 -06:00
clint shryock 325fd751eb update TestAccAWSFlowLog_subnet to use new cloudwatch resource, not needing env var anymore 2015-11-19 16:27:56 -06:00
clint shryock e91381c4e2 error test when env var is not supplied 2015-11-19 16:24:17 -06:00
clint shryock 0aedb7eae6 mark snapshots as computed for ElastiCache clusters 2015-11-19 16:19:53 -06:00
Paul Hinze 75d056c878 provider/digitalocean: comment out test for relative DNS records
Until we hear back from DigitalOcean on whether this behavior is
supposed to be supported or not.
2015-11-19 16:11:42 -06:00
clint shryock 01b9af40d1 fix resource name in test 2015-11-19 15:44:40 -06:00
clint shryock 0874347478 update ami id for test 2015-11-19 15:37:05 -06:00
chrislovecnm 98167cea79 merging upstream master 2015-11-18 16:09:05 -07:00
clint shryock fd251e8b45 rename TestAccAWSRoute53Record_weighted to TestAccAWSRoute53Record_weighted_basic to test in isolation 2015-11-18 16:08:23 -06:00
Clint 5024d66f3c Merge pull request #3970 from hashicorp/b-aws-iam-policy-attachfix
providers/aws: Fix typo in error checking for IAM Policy Attachments
2015-11-18 13:57:03 -06:00
clint shryock 5482e98927 Fix typo in error checking for IAM Policy Attachments 2015-11-18 13:48:46 -06:00
Paul Hinze a211fc3469 Merge pull request #3965 from hashicorp/b-aws-sg-rules-v2-race
provider/aws: serialize SG rule access to fix race condition
2015-11-18 12:47:55 -06:00
Paul Hinze 6b6b5a43c3 provider/aws: serialize SG rule access to fix race condition
Because `aws_security_group_rule` resources are an abstraction on top of
Security Groups, they must interact with the AWS Security Group APIs in
a pattern that often results in lots of parallel requests interacting
with the same security group.

We've found that this pattern can trigger race conditions resulting in
inconsistent behavior, including:

 * Rules that report as created but don't actually exist on AWS's side
 * Rules that show up in AWS but don't register as being created
   locally, resulting in follow up attempts to authorize the rule
   failing w/ Duplicate errors

Here, we introduce a per-SG mutex that must be held by any security
group before it is allowed to interact with AWS APIs. This protects the
space between `DescribeSecurityGroup` and `Authorize*` / `Revoke*`
calls, ensuring that no other rules interact with the SG during that
span.

The included test exposes the race by applying a security group with
lots of rules, which based on the dependency graph can all be handled in
parallel. This fails most of the time without the new locking behavior.

I've omitted the mutex from `Read`, since it is only called during the
Refresh walk when no changes are being made, meaning a bunch of parallel
`DescribeSecurityGroup` API calls should be consistent in that case.
2015-11-18 12:39:59 -06:00
Nashwan Azhari da8314ce8a provider/aws: removed build-blocking unused variable. 2015-11-18 15:08:45 +02:00
Joe Topjian 51a2fbd6ae Merge pull request #3927 from jtopjian/jtopjian-openstack-lbvip-attr-cleanup
provider/openstack: Clean up some attributes in LBaaS VIP resource
2015-11-17 20:19:25 -07:00
Radek Simko 306046b82b Merge pull request #3955 from cbusbey/db_subnet_spaces
allow spaces in db subnet name
2015-11-17 22:38:36 +00:00
Clint 0bd8b32637 Merge pull request #3237 from GrayCoder/group-work
provider/aws: add support for group name and path changes with group update function
2015-11-17 16:37:40 -06:00
Chris Love a5690b7510 removing debug print statements 2015-11-17 22:00:46 +00:00
Chris Busbey 12d51edeb6 allow spaces in db subnet name 2015-11-17 12:48:56 -08:00
Clint 2ed867b5ab Merge pull request #3945 from hashicorp/b-aws-r53-record-zone-fix
provider/aws: Fix crash in Route53 Record if Zone not found
2015-11-17 09:10:50 -06:00
James Nugent edaaab9f62 Merge pull request #3948 from pshima/f-packet-net-provisioner-ip
Populate the provisioner connection info for packet.net devices
2015-11-17 13:26:10 +00:00
Pete Shima e2ef92f50f Populate the provisioner connection info for packet.net devices with the ipv4 public address 2015-11-16 21:02:57 -08:00
Brandon Rochon 6875e9aaec Issue #3894 RDS publicly_accessible param shouldn't force new resource
Change-Id: I0a10e050ca1c4f2dde5e04f237de6115723522d8
2015-11-16 17:47:35 -08:00
Paul Hinze 7e59d7f67c Merge pull request #3901 from hashicorp/phinze/google-credentials
provider/google: read credentials as contents instead of path
2015-11-16 17:57:54 -06:00
Paul Hinze 010293992a Merge pull request #3899 from hashicorp/phinze/azure-publish-settings
provider/azure: read publish_settings as contents instead of path
2015-11-16 17:54:43 -06:00
Paul Hinze fb0dc4951d provider/azure: read publish_settings as contents instead of path
Building on the work in #3846, shifting the Azure provider's
configuration option from `settings_file` to `publish_settings`.
2015-11-16 17:47:56 -06:00
Radek Simko 00d0551933 aws: Add missing dereference operator 2015-11-16 23:19:45 +00:00
clint shryock 1413d032ee provider/aws: Fix crash in Route53 Record if Zone not found 2015-11-16 17:15:17 -06:00
clint shryock 901e5fbf9f fix log reference 2015-11-16 17:14:02 -06:00
clint shryock 8085e55eda fix issue with undefined var 2015-11-16 16:29:52 -06:00
Radek Simko a8ceda1b15 Merge pull request #3914 from TimeIncOSS/b-aws-ecs-service-gone
provider/aws: Prevent crashing when deleting ecs_service which is gone
2015-11-16 21:46:06 +00:00
clint shryock 70f1c9c1e6 remove duplicate readInstance call 2015-11-16 15:16:41 -06:00
Paul Hinze eb9a93862b provider/google: read credentials as contents instead of path
Building on the work in #3846, shifting the Google provider's
configuration option from `account_file` to `credentials`.
2015-11-16 15:14:32 -06:00
clint shryock 66ad974193 add acceptance test for spot instanace updates 2015-11-16 15:11:44 -06:00
clint shryock f31b30d4a5 minor tweaks to connection info setup 2015-11-16 14:51:14 -06:00
Paul Hinze 993ec0a320 Merge pull request #3909 from hashicorp/phinze/template-file-contents
template_file: source contents instead of path
2015-11-16 14:50:45 -06:00
Sander van Harmelen 0cdc81f390 Merge pull request #3896 from hashicorp/phinze/chef-keys-as-contents
chef: read key contents instead of paths
2015-11-16 21:44:09 +01:00
clint shryock d998e883fb providers/aws: Update Spot Instance request to provide connection information 2015-11-16 14:43:24 -06:00
Paul Hinze afb416fba4 Merge pull request #2807 from dwradcliffe/f-dyn-provider
add Dyn provider
2015-11-16 13:53:44 -06:00
Radek Simko 5c59bd95cb Merge pull request #3924 from TimeIncOSS/b-aws-ecs-td-computed
provider/aws: Make all fields in ecs_task_definition ForceNew
2015-11-16 15:31:17 +00:00
Rafal Jeczalik 4f25b552bb use single import path for aws-sdk-go 2015-11-16 00:42:08 +01:00
Joe Topjian b4242e6f35 provider/openstack: Clean up some attributes in LBaaS VIP resource
This commit makes a few attributes computed so the generated information
is accessible after creation.

It also fixes the "persistence" attribute, which previously had a typo.

Finally, it converts "admin_state_up" to a Boolean to match the majority
of other attributes of the same name.
2015-11-14 21:16:23 +00:00
Radek Simko 33ca2a796f Fix typo (Modifier -> Modified) 2015-11-14 12:19:29 +00:00
Radek Simko 308edd6dd7 provider/aws: Make all fields in ecs_task_definition ForceNew
- fixes https://github.com/hashicorp/terraform/issues/2694
2015-11-14 10:36:01 +00:00
Radek Simko aae8fc8494 provider/aws: Add acceptance test for bugfix for #2694 2015-11-14 10:34:17 +00:00
Radek Simko d5ae5ba062 Merge pull request #3910 from hashicorp/phinze/s3-object-homedir-expand
provider/aws: homedir expand in s3 object source
2015-11-14 09:35:09 +00:00
Radek Simko e7c88eab35 openstack: fix go vet error (bool modifier is %t) 2015-11-14 08:19:22 +00:00
Joe Topjian 19fc2193f4 Merge pull request #3904 from jtopjian/jtopjian-openstack-port-attr-cleanup
provider/openstack: Make Networking Port attributes more intuitive
2015-11-13 20:15:29 -07:00
Joe Topjian f2a5064538 Merge pull request #3857 from jtopjian/jtopjian-openstack-secgroup-rule-fix2
provider/openstack: Security Group Rule fixes
2015-11-13 20:13:46 -07:00
Radek Simko 0822776de0 provider/aws: If ecs_service isn't found during Read, delete it 2015-11-13 21:45:21 +00:00
Radek Simko d9a5de7f7d provider/aws: Prevent crashing when deleting ecs_service which is gone
- fixes https://github.com/hashicorp/terraform/issues/3868
2015-11-13 21:42:29 +00:00
clint shryock 7d94c86958 go fmt structure files 2015-11-13 13:53:52 -06:00
Chris Love 50d36f108b merging 2015-11-13 12:52:07 -07:00
Chris Love ce6f0ae5e4 testing finished 2015-11-13 12:49:40 -07:00
Chris Love 6615285d63 working on read and more testing 2015-11-13 12:49:40 -07:00
Chris Love 8c47441a8b adding new functional test 2015-11-13 12:49:06 -07:00
Chris Love cae7fd8e4a fixing if and AnyTypes 2015-11-13 12:47:17 -07:00
Chris Love b47d1cda7c adding capability to set custom configuration value in virtual machines 2015-11-13 12:47:17 -07:00
Chris Love 0f46b3a6c5 working on read and more testing 2015-11-13 12:43:06 -07:00
Chris Love 728b2bed63 adding new functional test 2015-11-13 12:43:06 -07:00
Chris Love bc36ba7f3c fixing if and AnyTypes 2015-11-13 12:43:06 -07:00
Chris Love e899a2949f adding capability to set custom configuration value in virtual machines 2015-11-13 12:43:06 -07:00
Paul Hinze 928f534cfc template_file: source contents instead of path
Building on the work of #3846, deprecate `filename` in favor of a
`template` attribute that accepts file contents instead of a path.

Required a bit of work in the interpolation code to prevent Terraform
from assuming that template interpolations were resource variables that
needed to be resolved. Leaving them as "Unknown Variables" prevents
interpolation from happening early and lets the `template_file` resource
do its thing.
2015-11-13 11:24:20 -06:00
Paul Hinze 44f259bd74 provider/aws: homedir expand in s3 object source
fixes #3856
2015-11-13 11:21:22 -06:00
clint shryock e94fcdb9df add validation for cookie stickiness 2015-11-13 10:46:27 -06:00
clint shryock b81f9a9c52 provider/aws: Fix issue with LB Cookie Stickiness and empty expiration period 2015-11-13 10:34:15 -06:00
Joe Topjian edd8e722bf provider/openstack: Make Networking Port attributes more intuitive
This commit makes some quick updates to the port attributes to make them
more intuitive:

* `security_groups` to `security_group_ids`: since the port is expecting
IDs and not security group names like in other areas of OpenStack.

* `admin_state_up`: change to Boolean to match this same attribute on
other resources.

* `fixed_ips` to `fixed_ip`: while multiple `fixed_ip` blocks can be
specified, only one fixed IP can be specified in each block.
2015-11-13 04:46:12 +00:00
Joe Topjian 4d6e3289bc provider/openstack: adding test for router interface port 2015-11-13 04:04:05 +00:00
Kirill Shirinkin 3a1a242a7a provider/openstack: Allow port_id for router interface 2015-11-13 03:13:12 +00:00
James Nugent 839fc5bfee Merge pull request #3900 from Banno/fix-aws-route53-record-failover-weight
provider/aws: fix for creating failover route53 records
2015-11-12 16:56:59 -06:00
clint shryock 6fa69ede1c add debugging statements to add/remove listeners 2015-11-12 16:20:54 -06:00
Luke Amdor 10ca0559ae provider/aws: no weight for all set_identifier 2015-11-12 16:15:05 -06:00
Paul Hinze 73ce6d184a chef: read key contents instead of paths
Builds on the work of #3846, shifting the Chef provisioner's
configuration options from `secret_key_path` and `validation_key_path`
over to `secret_key` and `validation_key`.
2015-11-12 16:11:44 -06:00
clint shryock c60a963908 providers/aws: Retry deleting IAM Server Cert on dependency violation
This will retry deleting a server cert
if it throws an error about being in use with an ELB (that we've likely just
  deleted)

Includes test for ELB+IAM SSL cert bug dependency violation
2015-11-12 16:07:34 -06:00
Brandon Rochon b6738f13c1 Issue #3894 RDS publicly_accessible param shouldn't force new resource
Change-Id: I833f9e07f3fc1f6ee475673ad978b3982f0b6273
2015-11-12 13:33:27 -08:00
clint shryock 5cafe740ff update wording on ssl cert error 2015-11-12 14:25:50 -06:00
clint shryock 1b2e068b19 add extra test block 2015-11-12 14:25:50 -06:00
clint shryock fddafd2b96 providers/aws: Document and validate ELB ssl_cert and protocol requirements 2015-11-12 14:25:50 -06:00