* provider/aws: Fixed DynamoDB GSI update when using multiple indexes
* provider/aws: Fixed DynamoDB GSI set hash function
* Added DynamoDB table state migration
Redshift was changed to not skip snapshots by default, so our configs
were out of date and causing errors in destroy (thus leaking redshifts)
This changes the configs to skip snapshots, which should at least fix:
- TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates
- TestAccAWSRedshiftCluster_loggingEnabled
* provider/aws: Fix KMS Key reading with Exists method
Fixes#13322 by checking if the key Exists and offering to recreate if
not found, or pending delete
* remove redundant code
Add getters for the AWSClient s3.S3 and dynamodb.DynamoDB clients so the
s3 remote-state backend can use all the same initialization code as the
aws provider.
* provider/aws: Add support for treat_missing_data to cloudwatch_metric_alarm
Fixes: #13263
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchMetricAlarm'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/05 08:51:06 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudWatchMetricAlarm -timeout 120m
=== RUN TestAccAWSCloudWatchMetricAlarm_importBasic
--- PASS: TestAccAWSCloudWatchMetricAlarm_importBasic (23.93s)
=== RUN TestAccAWSCloudWatchMetricAlarm_basic
--- PASS: TestAccAWSCloudWatchMetricAlarm_basic (27.81s)
=== RUN TestAccAWSCloudWatchMetricAlarm_treatMissingData
--- PASS: TestAccAWSCloudWatchMetricAlarm_treatMissingData (43.39s)
=== RUN TestAccAWSCloudWatchMetricAlarm_extendedStatistic
--- PASS: TestAccAWSCloudWatchMetricAlarm_extendedStatistic (26.80s)
=== RUN TestAccAWSCloudWatchMetricAlarm_missingStatistic
--- PASS: TestAccAWSCloudWatchMetricAlarm_missingStatistic (5.95s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 127.899s
```
* provider/aws: Set cloudwatch_metric_alarm treamt_missing_data to missing
This follows what the AWS API does. We had to add a state migration for
this to make sure that the user doesn't see any unexpected activity on
their Terraform plans
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSCloudWatchMetricAlarmMigrateState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/05 14:51:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSCloudWatchMetricAlarmMigrateState -timeout 120m
=== RUN TestAWSCloudWatchMetricAlarmMigrateState
2017/04/05 14:52:13 [INFO] Found AWS CloudWatch Metric Alarm State v0; migrating to v1
2017/04/05 14:52:13 [DEBUG] Attributes before migration: map[string]string{}
2017/04/05 14:52:13 [DEBUG] Attributes after migration: map[string]string{"treat_missing_data":"missing"}
--- PASS: TestAWSCloudWatchMetricAlarmMigrateState (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.018s
```
The AWS waiter package has changed location in the 1.8.0 version of the
SDK. DMS will need to mitigate a breaking change because of this
Between @radeksimko and myself, we think that we should migrate the DMS
resources to using the Terraform state refresh func pattern that is used
across the entire of the AWS provider. DMS is the *only* resource that
currently uses the AWS waiters, so the LOE to migrate is pretty low
For our ECS service definition we have this snippet at the
`load_balancer`.
The `target_group_arn` is being pupulated by an external service that
returns the arn based on a simple string from our microservices list.
If the arn changed, this would not cause a recreation of the service and
leaving a dangling pointer to an arn that does not exist anymore.
```
load_balancer {
target_group_arn = "${lookup(var.target_group_mapping, element(values(var.microservices), count.index))}"
container_name = "${element(values(var.microservices), count.index)}"
container_port = "${var.container_port}"
}
```
The fix is adding another field to the set that's creating the ELB/ALB
definition. From looking into the git history seems this code was
created prior to ALB thus not having this field available at the time.
Service is being recreated as expected, no other services are affected
(expected behavior)
The Default values set by AWS were breaking the AWS ALB Listener Rule
tests. The stickiness parameter needed to be set to be Computed: true to
remove this discrepancy
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListenerRule_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/03 01:23:47 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListenerRule_basic -timeout 120m
=== RUN TestAccAWSALBListenerRule_basic
--- PASS: TestAccAWSALBListenerRule_basic (235.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 235.397s
```
It appears that #13232 doesn't work properly if you actually try to set any `parameter`s. Specifically, I was getting the following error:
```
* aws_db_parameter_group.test: 1 error(s) occurred:
* aws_db_parameter_group.test: Error modifying DB Parameter Group: InvalidParameterValue: The parameter DBParameterGroupName must be provided and must not be blank.
status code: 400, request id: 5783e396-17ff-11e7-87d5-e3fd4c7025ce
```
* provider/aws: New resource: aws_ses_domain_identity
Provide a resource to manage domain identities in SES. Exports the
verification_code attribute which can be used to add the TXT record to
the domain to complete the domain verification.
* provider/aws: Acceptance tests for aws_ses_domain_identity
* Resource aws_ses_domain_identity: Documentation update
Provide documentation for the new resource type.
Fixes: #9959
When we specify that we want an opsworks_instance state of running, we
should wait for that the be the case. This will then allow us to use the
Computed values (e.g. private_ip) etc and allow us to use provisioners
as part of the terraform config
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksInstance'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/30 20:55:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksInstance -timeout 120m
=== RUN TestAccAWSOpsworksInstance_importBasic
--- PASS: TestAccAWSOpsworksInstance_importBasic (72.28s)
=== RUN TestAccAWSOpsworksInstance
--- PASS: TestAccAWSOpsworksInstance (110.17s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 182.479s
```
Fixes: #8847
We actually didn't get the list of tags from the API, therefore, any
manual changes were not actually showing up in subsequent plans
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/30 15:45:53 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_basic -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (62.76s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 62.787s
```
Fixes: #13167
When changes to the target group were made via CLI or AWS Console, they
were not being picked up by terraform. This is because we were not
catching an error setting the `stickiness` parameters:
```
Error refreshing state: 1 error(s) occurred:
* aws_alb_target_group.test: aws_alb_target_group.test: stickiness.0.enabled: '' expected type 'bool', got unconvertible type 'string'
```
This meant that changes were not picked up in the following plan. The changes mean the following now:
```
~ aws_alb_target_group.test
stickiness.0.cookie_duration: "10440" => "10000"
stickiness.0.enabled: "false" => "true"
Plan: 0 to add, 1 to change, 0 to destroy.
```
Fixes: #13216
Prior to Terraform 0.9.2, we always set placement_strategies to
lowercase. Therefore, people using it in Terraform 0.9.2 are getting
continual diffs:
```
-/+ aws_ecs_service.mongo
cluster: "arn:aws:ecs:us-west-2:187416307283:cluster/terraformecstest1" => "arn:aws:ecs:us-west-2:187416307283:cluster/terraformecstest1"
deployment_maximum_percent: "200" => "200"
deployment_minimum_healthy_percent: "100" => "100"
desired_count: "1" => "1"
name: "mongodb" => "mongodb"
placement_strategy.#: "1" => "1"
placement_strategy.1676812570.field: "instanceid" => "" (forces new resource)
placement_strategy.1676812570.type: "spread" => "" (forces new resource)
placement_strategy.3946258308.field: "" => "instanceId" (forces new resource)
placement_strategy.3946258308.type: "" => "spread" (forces new resource)
task_definition: "arn:aws:ecs:us-west-2:187416307283:task-definition/mongodb:1991" => "arn:aws:ecs:us-west-2:187416307283:task-definition/mongodb:1991"
Plan: 1 to add, 0 to change, 1 to destroy.
```
This adds a DiffSuppression func to make sure this doesn't trigger a
ForceNew resource:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_ecs_cluster.default: Refreshing state... (ID: arn:aws:e...ecstest1)
aws_ecs_task_definition.mongo: Refreshing state... (ID: mongodb)
aws_ecs_service.mongo: Refreshing state... (ID: arn:aws:e.../mongodb)
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```
```
```
* provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance
Fixes: #9489
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSClusterInstance_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/28 23:08:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSClusterInstance_basic -timeout 120m
=== RUN TestAccAWSRDSClusterInstance_basic
--- PASS: TestAccAWSRDSClusterInstance_basic (1433.41s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 1433.438s
```
* Update rds_cluster_instance.html.markdown
* Update rds_cluster_instance.html.markdown
It turns out if you're trying to write a config to conditionally restore
an instance from a snapshot, you end up painted into a corner with the
combination of `snapshot_identifier` and `name`.
You need `name` to be specified for DBs you're creating, but when
`snapshot_identifier` is populated you need it to be blank or else the
AWS API throws an error.
The logical next step is to drop a ternary in:
```tf
resource "aws_db_instance" "foo" {
# ...
snapshot_identifier = "${var.snap}"
name = "${var.snap != "" ? "" : var.dbname}"
}
```
**BUT** the above config will _replace_ the DB on subsequent runs as the
config basically has `name = ""` which will trigger a ForceNew diff once
the `name` is populated from the snapshot restore.
**SO** we can get a workable solution by actively avoiding populating
DBName when we're using one of the engines the docs explicitly mention.
It does not look like there are any tests covering `snapshot_identifer`,
so I'll subject this to some manual tests and follow up with some
results.
* provider/aws: Deprecate roles in favour of role in iam_instance_profile
You can only specify a single role to an IAM Instance Profile. So having
a slice of roles in the provider makes no sense. Therefore, we are going
to deprecate this infavour of `role`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMInstanceProfile_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/28 21:24:20 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMInstanceProfile_ -timeout 120m
=== RUN TestAccAWSIAMInstanceProfile_importBasic
--- PASS: TestAccAWSIAMInstanceProfile_importBasic (25.08s)
=== RUN TestAccAWSIAMInstanceProfile_basic
--- PASS: TestAccAWSIAMInstanceProfile_basic (22.40s)
=== RUN TestAccAWSIAMInstanceProfile_withRoleNotRoles
--- PASS: TestAccAWSIAMInstanceProfile_withRoleNotRoles (22.63s)
=== RUN TestAccAWSIAMInstanceProfile_missingRoleThrowsError
--- PASS: TestAccAWSIAMInstanceProfile_missingRoleThrowsError (4.02s)
=== RUN TestAccAWSIAMInstanceProfile_namePrefix
--- PASS: TestAccAWSIAMInstanceProfile_namePrefix (22.18s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 96.349s
```
* Update iam_instance_profile.html.markdown
Fix an issue when upgrading from Terraform < 0.9 to 0.9+, when we added
support for the regional endpoints in OpsWorks Stacks. OpsWorks Stacks
can only be managed via the endpoint with which they were created, not
where the stack resides.
* Adding import to resource_aws_iam_server_certificate.
* provider/aws: Update tests for import of aws_iam_server_certificate
Builds upon the work of @mrcopper in #12940
Resource:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMServerCertificate_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/25 00:08:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMServerCertificate_ -timeout 120m
=== RUN TestAccAWSIAMServerCertificate_importBasic
--- PASS: TestAccAWSIAMServerCertificate_importBasic (22.81s)
=== RUN TestAccAWSIAMServerCertificate_basic
--- PASS: TestAccAWSIAMServerCertificate_basic (19.68s)
=== RUN TestAccAWSIAMServerCertificate_name_prefix
--- PASS: TestAccAWSIAMServerCertificate_name_prefix (19.88s)
=== RUN TestAccAWSIAMServerCertificate_disappears
--- PASS: TestAccAWSIAMServerCertificate_disappears (13.94s)
=== RUN TestAccAWSIAMServerCertificate_file
--- PASS: TestAccAWSIAMServerCertificate_file (32.67s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 109.062s
```
Data Source:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDataSourceIAMServerCertificate_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/25 13:07:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDataSourceIAMServerCertificate_ -timeout 120m
=== RUN TestAccAWSDataSourceIAMServerCertificate_basic
--- PASS: TestAccAWSDataSourceIAMServerCertificate_basic (43.86s)
=== RUN TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix
--- PASS: TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix (2.68s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 46.569s
```
Updates `aws_caller_identity` data source to actually include the correct attributes from the `GetCallerIdentity` API function.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCallerIdentity_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/27 09:26:13 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCallerIdentity_basic -timeout 120m
=== RUN TestAccAWSCallerIdentity_basic
--- PASS: TestAccAWSCallerIdentity_basic (12.74s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 12.767s
```
In function `resourceAwsSesReceiptRuleRead` the position of the receipt
rules in the rule set was taken directly from the index of the rule's
position in the slice returned by the AWS API call. As the slice is
zero-based and the ruleset is one-based, this results in an incorrect
representation.
This manifests as `aws_ses_receipt_rule` resources always showing a
diff during plan or apply.
same
Fixes: #13012
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSNetworkAclRule_allProtocol'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/24 18:42:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkAclRule_allProtocol -timeout 120m
=== RUN TestAccAWSNetworkAclRule_allProtocol
--- PASS: TestAccAWSNetworkAclRule_allProtocol (53.95s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 53.974s
```
Fixes: #13035
It was pointed out in the issue that the addition of a new parameter
with a default value AND a ForceNew: true is causing Terraform to try
and recreate the VPC
This PR migrates the state to add the default value of false for `assign_generated_ipv6_cidr_block`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSVpcMigrateState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/24 12:51:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSVpcMigrateState -timeout 120m
=== RUN TestAWSVpcMigrateState
2017/03/24 12:52:26 [INFO] Found AWS VPC State v0; migrating to v1
2017/03/24 12:52:26 [DEBUG] Attributes before migration: map[string]string{"assign_generated_ipv6_cidr_block":"true"}
2017/03/24 12:52:26 [DEBUG] Attributes after migration: map[string]string{"assign_generated_ipv6_cidr_block":"false"}
2017/03/24 12:52:26 [INFO] Found AWS VPC State v0; migrating to v1
2017/03/24 12:52:26 [DEBUG] Attributes before migration: map[string]string{}
2017/03/24 12:52:26 [DEBUG] Attributes after migration: map[string]string{"assign_generated_ipv6_cidr_block":"false"}
--- PASS: TestAWSVpcMigrateState (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.024s
```
AWS API requires ECS placement strategies "field" attribute to be
"memory" or "cpu" (lowercase) when type=bin, but these read back as
"MEMORY" and "CPU" (uppercase) respectively.
PR #11565 (which fixed separately reported #11644) deals with this by
always lowering the case of the resource received from the API, but this
breaks for other "field" values (e.g. "instanceId" -> "instanceid").
This PR only lowers the case of the returned resource when field
"MEMORY" or "CPU". Haven't checked if any other fields need this
treatment.
Updates the `data_source_route53_zone` acceptance test to better handle parallel runs. Also better handles tests that potentially leak resources by adding a random integer suffix to domain names.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRolePolicyAttachment_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 20:18:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRolePolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSRolePolicyAttachment_basic
--- PASS: TestAccAWSRolePolicyAttachment_basic (31.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 31.949s
```
Fixes: #12764
AWS ALB Allows the Subnets to be changed using the SetSubnets func -
previously we set ForceNew: true on this change
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_' ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/18 16:55:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (342.95s)
=== RUN TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (362.05s)
=== RUN TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (311.21s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (344.05s)
=== RUN TestAccAWSALB_updatedSecurityGroups
--- PASS: TestAccAWSALB_updatedSecurityGroups (515.61s)
=== RUN TestAccAWSALB_updatedSubnets
--- PASS: TestAccAWSALB_updatedSubnets (313.94s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (293.54s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (492.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 2975.402s
```
Fixes: #12895
The AWS API returns both dissociated and associated IPv6 CIDRs. The UI
only returns the associated. Therefore, the assumption was made that we
would always take the 1st association in the set to use for state
We now loop over the set and look for the associated IPv6 CIDR before
using that in state
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpc_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/20 21:21:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpc_ -timeout 120m
=== RUN TestAccAWSVpc_importBasic
--- PASS: TestAccAWSVpc_importBasic (65.91s)
=== RUN TestAccAWSVpc_basic
--- PASS: TestAccAWSVpc_basic (50.88s)
=== RUN TestAccAWSVpc_enableIpv6
--- PASS: TestAccAWSVpc_enableIpv6 (49.89s)
=== RUN TestAccAWSVpc_dedicatedTenancy
--- PASS: TestAccAWSVpc_dedicatedTenancy (50.59s)
=== RUN TestAccAWSVpc_tags
--- PASS: TestAccAWSVpc_tags (98.89s)
=== RUN TestAccAWSVpc_update
--- PASS: TestAccAWSVpc_update (93.46s)
=== RUN TestAccAWSVpc_bothDnsOptionsSet
--- PASS: TestAccAWSVpc_bothDnsOptionsSet (20.71s)
=== RUN TestAccAWSVpc_DisabledDnsSupport
--- PASS: TestAccAWSVpc_DisabledDnsSupport (49.55s)
=== RUN TestAccAWSVpc_classiclinkOptionSet
--- PASS: TestAccAWSVpc_classiclinkOptionSet (54.92s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 534.829s
```
Leaked resources may prevent this resource from correctly passing acceptance tests. Seeding the policy names with random integer suffixes allows tests to pass regardless of resource leaks.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRolePolicyAttachment_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 19:58:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRolePolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSRolePolicyAttachment_basic
--- PASS: TestAccAWSRolePolicyAttachment_basic (31.98s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 31.989s
```
* provider/aws: Increase AMI destroy timeout
Acceptance tests were timing out on AMI destroy, should alleviate the problem.
* Further increase timeout, cleanup test
* use function instead of printf
Updates the IAM Group Policy and IAM User Policy acceptance tests with random integer seeds.
Currently acceptance tests for these two resources are failing from leaked resources, adding distint naming should allow tests to pass regardless of parallel tests being ran or any resource leaks.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMUserPolicy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 00:19:13 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMUserPolicy -timeout 120m
=== RUN TestAccAWSIAMUserPolicy_basic
--- PASS: TestAccAWSIAMUserPolicy_basic (22.54s)
=== RUN TestAccAWSIAMUserPolicy_namePrefix
--- PASS: TestAccAWSIAMUserPolicy_namePrefix (12.49s)
=== RUN TestAccAWSIAMUserPolicy_generatedName
--- PASS: TestAccAWSIAMUserPolicy_generatedName (13.13s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 48.191s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroupPolicy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 00:24:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroupPolicy -timeout 120m
=== RUN TestAccAWSIAMGroupPolicy_basic
--- PASS: TestAccAWSIAMGroupPolicy_basic (23.89s)
=== RUN TestAccAWSIAMGroupPolicy_namePrefix
--- PASS: TestAccAWSIAMGroupPolicy_namePrefix (12.07s)
=== RUN TestAccAWSIAMGroupPolicy_generatedName
--- PASS: TestAccAWSIAMGroupPolicy_generatedName (13.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 49.140s
```
machines
Fixes: #12898
The way aws_instance works is that we call the Create func then the
Update func then the Read func. The way the work to implement the change
to iam_instance_profile was added meant that when a machine was created
with an iam_instance_profile, it would then try and update that
iam_instance_profile because the state hadn't been updated at that point
We have changed the Update func to only check for the change to
iam_instance_profile when it *is an existing machine* - this will solve
the problem of those bringing up new machines and getting hit with the
permissions error
As requested, added a test that adds an IAM Instance Profile from
creation
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_withIamInstanceProfile'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/21 17:51:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_withIamInstanceProfile -timeout 120m
=== RUN TestAccAWSInstance_withIamInstanceProfile
--- PASS: TestAccAWSInstance_withIamInstanceProfile (154.29s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 154.325s
```
Adds support for `name_prefix` to the `aws_autoscaling_group` and `aws_elb` resources. Unfortunately when using `name_prefix` with `aws_elb`, this means that the specified prefix can only be a maximum of 6 characters in length. This is because the maximum length for an ELB name is 32 characters, and `resource.PrefixedUniqueId` generates a 26-character unique identifier. I was considering truncating the unique identifier to allow for a longer `name_prefix`, but I worried that doing so would increase the risk of collisions.
This will make it possible/easier to make decisions based on supported EC2 platforms (VPC and/or EC2 Classic)
in the context of any AWS resource which needs make such decisions.
Fixes: #12752
Weight was replaced with weighted_routing_policy in June 2016. But for
some reason we were still doing the following in the Read func:
```
d.Set("weight", -1)
```
As this field was removed, we shouldn't be setting it to state
Adds plan-level validation for both IPv4 and IPv6 CIDR Blocks in an AWS SecurityGroup resource, as well as the AWS Security Group Rule resource.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_invalidCIDRBlock'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/16 11:32:54 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroup_invalidCIDRBlock -timeout 120m
=== RUN TestAccAWSSecurityGroup_invalidCIDRBlock
--- PASS: TestAccAWSSecurityGroup_invalidCIDRBlock (0.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.017s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroupRule_ExpectInvalidCIDR'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/16 11:46:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroupRule_ExpectInvalidCIDR -timeout 120m
=== RUN TestAccAWSSecurityGroupRule_ExpectInvalidCIDR
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidCIDR (0.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.016s
```
Previously the check for if we are setting `CidrBlock` or `IPv6CidrBlock` during an `Update` of the `aws_network_acl` resource would populate the input struct with a nil string value `""`. This caused our acceptance tests to fail, and broke the resource's functionality if a user only set `CidrBlock` or `IPv6CidrBlock` for either an `ingress` or `egress` rule as the API would error out with an `Invalid CidrBlock` error.
Previously:
```
aws_network_acl.bond: Error creating egress entry: InvalidParameterValue: CIDR block is malformed
status code: 400, request id: 0620e0b7-4e30-4c14-9a7a-5d373cc9f33b
```
Currently:
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSNetworkAcl'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/15 15:41:17 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkAcl -timeout 120m
=== RUN TestAccAWSNetworkAcl_importBasic
--- PASS: TestAccAWSNetworkAcl_importBasic (26.96s)
=== RUN TestAccAWSNetworkAclRule_basic
--- PASS: TestAccAWSNetworkAclRule_basic (23.08s)
=== RUN TestAccAWSNetworkAclRule_ipv6
--- PASS: TestAccAWSNetworkAclRule_ipv6 (26.24s)
=== RUN TestAccAWSNetworkAcl_EgressAndIngressRules
--- PASS: TestAccAWSNetworkAcl_EgressAndIngressRules (25.11s)
=== RUN TestAccAWSNetworkAcl_OnlyIngressRules_basic
--- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_basic (31.82s)
=== RUN TestAccAWSNetworkAcl_OnlyIngressRules_update
--- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_update (48.59s)
=== RUN TestAccAWSNetworkAcl_OnlyEgressRules
--- PASS: TestAccAWSNetworkAcl_OnlyEgressRules (25.48s)
=== RUN TestAccAWSNetworkAcl_SubnetChange
--- PASS: TestAccAWSNetworkAcl_SubnetChange (57.12s)
=== RUN TestAccAWSNetworkAcl_Subnets
--- PASS: TestAccAWSNetworkAcl_Subnets (67.55s)
=== RUN TestAccAWSNetworkAcl_ipv6Rules
--- PASS: TestAccAWSNetworkAcl_ipv6Rules (31.52s)
=== RUN TestAccAWSNetworkAcl_espProtocol
acc--- PASS: TestAccAWSNetworkAcl_espProtocol (24.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 387.855s
```
Fixes: #11824
A full set of acceptance tests for *all* OpsWorks tests are below. There is a single issue, opsworks_instance isn't ordering the layer_ids so it's non-deterministic which can come back. This introduces a false positive.
The opsworks tests are running both against us-east-1 for some and us-west-2 for others. This must be marked as a backwards incompatibility in 0.9 just incase people are using the opsworks region parameter to try and override the provider region
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksApplication' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:11:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksApplication -timeout 120m
=== RUN TestAccAWSOpsworksApplication
--- PASS: TestAccAWSOpsworksApplication (164.29s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 164.319s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksCustomLayer' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:16:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksCustomLayer -timeout 120m
=== RUN TestAccAWSOpsworksCustomLayerImportBasic
--- PASS: TestAccAWSOpsworksCustomLayerImportBasic (105.98s)
=== RUN TestAccAWSOpsworksCustomLayer
--- PASS: TestAccAWSOpsworksCustomLayer (92.68s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 198.684s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksPermission' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:23:28 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksPermission -timeout 120m
=== RUN TestAccAWSOpsworksPermission
--- PASS: TestAccAWSOpsworksPermission (226.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 226.386s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksRailsAppLayer' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:28:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksRailsAppLayer -timeout 120m
=== RUN TestAccAWSOpsworksRailsAppLayer
--- PASS: TestAccAWSOpsworksRailsAppLayer (129.39s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 129.426s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksUserProfile' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:37:46 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksUserProfile -timeout 120m
=== RUN TestAccAWSOpsworksUserProfile
--- PASS: TestAccAWSOpsworksUserProfile (42.60s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 42.624s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksStack' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 18:00:50 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksStack -timeout 120m
=== RUN TestAccAWSOpsworksStackImportBasic
--- PASS: TestAccAWSOpsworksStackImportBasic (50.28s)
=== RUN TestAccAWSOpsworksStackNoVpc
--- PASS: TestAccAWSOpsworksStackNoVpc (25.92s)
=== RUN TestAccAWSOpsworksStackVpc
--- PASS: TestAccAWSOpsworksStackVpc (76.80s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 153.025s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksRdsDbInstance' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:38:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksRdsDbInstance -timeout 120m
=== RUN TestAccAWSOpsworksRdsDbInstance
--- PASS: TestAccAWSOpsworksRdsDbInstance (916.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 916.177s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksInstance' 2 ↵
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:26:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksInstance -timeout 120m
=== RUN TestAccAWSOpsworksInstance_importBasic
--- PASS: TestAccAWSOpsworksInstance_importBasic (85.52s)
=== RUN TestAccAWSOpsworksInstance
--- FAIL: TestAccAWSOpsworksInstance (114.09s)
testing.go:268: Step 1 error: After applying this step, the plan was not empty:
DIFF:
UPDATE: aws_opsworks_instance.tf-acc
layer_ids.0: "4c29b76f-df72-409e-a5c4-9459b7d9b4a4" => "a4a859cf-2a07-447e-a151-a97a6d827db7"
layer_ids.1: "a4a859cf-2a07-447e-a151-a97a6d827db7" => "4c29b76f-df72-409e-a5c4-9459b7d9b4a4"
FAIL
exit status 1
FAIL github.com/hashicorp/terraform/builtin/providers/aws 199.643s
make: *** [testacc] Error 1
```
Fixes the two failing aws_ami acceptance tests, by polling until the AMI is deleted before exiting.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 16:03:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_basic -timeout 120m
=== RUN TestAccAWSAMI_basic
--- PASS: TestAccAWSAMI_basic (43.98s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 43.989s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_snapshotSize'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 16:07:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_snapshotSize -timeout 120m
=== RUN TestAccAWSAMI_snapshotSize
--- PASS: TestAccAWSAMI_snapshotSize (28.64s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.654s
```
If the user_arn changes on the user_profile resource we should delete it and recreate it
instead of attempting to modify it incorrectly and causing the terraform apply to fail.
I also added an acceptance test that will trigger this case.
Fixes: #12599
Before this patch:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_saml_provider.salesforce: Refreshing state... (ID: arn:aws:i...rce-test)
Error refreshing state: 1 error(s) occurred:
* aws_iam_saml_provider.salesforce: aws_iam_saml_provider.salesforce: NoSuchEntity: Manifest not found for arn arn:aws:iam::187416307283:saml-provider/tf-salesforce-test
status code: 404, request id: fc32c7f8-0631-11e7-8e1f-29a8c10edf64
```
After this patch:
```
% terraform plan ✚ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_saml_provider.salesforce: Refreshing state... (ID: arn:aws:i...rce-test)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_iam_saml_provider.salesforce
arn: "<computed>"
name: "tf-salesforce-test"
```
helper/schema: Rename Timeout resource block to Timeouts
- Pluralize configuration argument name to better represent that there is
one block for many timeouts
- use a const for the configuration timeouts key
- update docs
Fixes: #12506
When a replication_task cdc_start_time was specified as an int, it was
causing a panic as the conversion to a Unix timestampe was expecting a
string
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsDmsReplicationTaskBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/08 22:55:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsDmsReplicationTaskBasic -timeout 120m
=== RUN TestAccAwsDmsReplicationTaskBasic
--- PASS: TestAccAwsDmsReplicationTaskBasic (1089.77s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 1089.802s
```
Fixes: #7492
When we use the same IP Address, BGP ASN and VPN Type as an existing
aws_customer_gateway, terraform will take control of that gateway (not
import it!) and try and modify it. This could be very bad
There is a warning on the AWS documentation that one gateway of the same
parameters can be created, Terraform is now going to error if a gateway
of the same parameters is attempted to be created
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCustomerGateway_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/07 18:40:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCustomerGateway_ -timeout 120m
=== RUN TestAccAWSCustomerGateway_importBasic
--- PASS: TestAccAWSCustomerGateway_importBasic (31.11s)
=== RUN TestAccAWSCustomerGateway_basic
--- PASS: TestAccAWSCustomerGateway_basic (68.72s)
=== RUN TestAccAWSCustomerGateway_similarAlreadyExists
--- PASS: TestAccAWSCustomerGateway_similarAlreadyExists (35.18s)
=== RUN TestAccAWSCustomerGateway_disappears
--- PASS: TestAccAWSCustomerGateway_disappears (25.13s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 160.172s
```
This covers the scenario of an instance created by a spot request. Using
Terraform we only know the spot request is fulfilled but the instance can
still be pending which causes the attachment to fail.
* Ensures elb exists before negotiation policy check; Fixes#11260
* Adds acceptance test case for missing elb
* Adds back https properties for test elb
In the event that an unexpected state is returned from
`environmentStateRefreshFunc` errors in the Elastic Beanstalk console
will not be returned to the user.
* helper/schema: Add custom Timeout block for resources
* refactor DefaultTimeout to suuport multiple types. Load meta in Refresh from Instance State
* update vpc but it probably wont last anyway
* refactor test into table test for more cases
* rename constant keys
* refactor configdecode
* remove VPC demo
* remove comments
* remove more comments
* refactor some
* rename timeKeys to timeoutKeys
* remove note
* documentation/resources: Document the Timeout block
* document timeouts
* have a test case that covers 'hours'
* restore a System default timeout of 20 minutes, instead of 0
* restore system default timeout of 20 minutes, refactor tests, add test method to handle system default
* rename timeout key constants
* test applying timeout to state
* refactor test
* Add resource Diff test
* clarify docs
* update to use constants
Fixes:#11750
Before this change, adding a log_subscription_filter and then deleting
it manually would yield this error on terraform plan/apply:
```
% terraform plan ✹ ✭
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123)
aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name)
aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy)
aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123)
aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs)
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504)
Error refreshing state: 1 error(s) occurred:
* aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Subscription filter for log group example_lambda_name with name prefix test_lambdafunction_logfilter not found!
```
After this patch, we get the following behaviour:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123)
aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name)
aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123)
aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy)
aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs)
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter
destination_arn: "arn:aws:lambda:us-west-2:187416307283:function:example_lambda_name_example123"
filter_pattern: "logtype test"
log_group_name: "example_lambda_name"
name: "test_lambdafunction_logfilter"
role_arn: "<computed>"
Plan: 1 to add, 0 to change, 0 to destroy.
```
Fixes: #12232
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEFSFileSystem_pagedTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEFSFileSystem_pagedTags -timeout 120m
=== RUN TestAccAWSEFSFileSystem_pagedTags
--- PASS: TestAccAWSEFSFileSystem_pagedTags (39.51s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.537s
```
not found
Fixes: #12279
When manually deleting an autoscaling_group from the console, a
terraform plan would look as follows:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: test-0096cf26c7eebdc9fcb5bd1837)
aws_autoscaling_group.foobar: Refreshing state... (ID: test)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
Error refreshing state: 1 error(s) occurred:
* aws_autoscaling_schedule.foobar: aws_autoscaling_schedule.foobar: Error retrieving Autoscaling Scheduled Actions: ValidationError: Group test not found
status code: 400, request id: 093e9ed5-fe01-11e6-b990-1f64334b3a10
```
After this patch:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: test-0096cf26c7eebdc9fcb5bd1837)
aws_autoscaling_group.foobar: Refreshing state... (ID: test)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_autoscaling_group.foobar
arn: "<computed>"
availability_zones.#: "1"
availability_zones.2487133097: "us-west-2a"
default_cooldown: "<computed>"
desired_capacity: "<computed>"
force_delete: "true"
health_check_grace_period: "300"
health_check_type: "ELB"
launch_configuration: "test-0096cf26c7eebdc9fcb5bd1837"
load_balancers.#: "<computed>"
max_size: "1"
metrics_granularity: "1Minute"
min_size: "1"
name: "test"
protect_from_scale_in: "false"
tag.#: "1"
tag.157008572.key: "Foo"
tag.157008572.propagate_at_launch: "true"
tag.157008572.value: "foo-bar"
termination_policies.#: "1"
termination_policies.0: "OldestInstance"
vpc_zone_identifier.#: "<computed>"
wait_for_capacity_timeout: "10m"
+ aws_autoscaling_schedule.foobar
arn: "<computed>"
autoscaling_group_name: "test"
desired_capacity: "0"
end_time: "2017-12-12T06:00:00Z"
max_size: "1"
min_size: "0"
recurrence: "<computed>"
scheduled_action_name: "foobar"
start_time: "2017-12-11T18:00:00Z"
Plan: 2 to add, 0 to change, 0 to destroy.
```
Fixes: #12205
You cannot use an index of an empty slide therefore, we got a panic as follows:
```
aws_ssm_association.foo: Creating...
instance_id: "" => "i-002f3898dc95350e7"
name: "" => "test_document_association-%s"
parameters.%: "" => "2"
parameters.directoryId: "" => "d-926720980b"
parameters.directoryName: "" => "corp.mydomain.com"
Error applying plan:
1 error(s) occurred:
* aws_ssm_association.foo: 1 error(s) occurred:
* aws_ssm_association.foo: unexpected EOF
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
panic: runtime error: index out of range
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws:
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: goroutine 1419 [running]:
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: panic(0x1567480, 0xc42000c110)
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: /usr/local/Cellar/go/1.7.4_1/libexec/src/runtime/panic.go:500 +0x1a1
```
This feature allows sending a notification to either an SQS queue or an
SNS topic when an error occurs running an AWS Lambda function.
This fixes#10630.
* provider/aws: New resource codepipeline
* Vendor aws/codepipeline
* Add tests
* Add docs
* Bump codepipeline to v1.6.25
* Adjustments based on feedback
* Force new resource on ID change
* Improve tests
* Switch update to read
Since we don't require a second pass, only do a read.
* Skip tests if GITHUB_TOKEN is not set
* Added new resource aws_elastic_beanstalk_application_version.
* Changing bucket and key to required.
* Update to use d.Id() directly in DescribeApplicationVersions.
* Checking err to make sure that the application version is successfully deleted.
* Update `version_label` to `Computed: true`.
* provider/aws: Updating to python solution stack
* provider/aws: Beanstalk App Version delete source
The Elastic Beanstalk API call to delete `application_version` resource
should not delete the s3 bundle, as this object is managed by another
Terraform resource
* provider/aws: Update application version docs
* Fix application version test
* Add `version_label` update test
Adds test that fails after rebasing branch onto v0.8.x. `version_label`
changes do not update the `aws_elastic_beanstalk_environment` resource.
* `version_label` changes to update environment
* Prevent unintended delete of `application_version`
Prevents an `application_version` used by multiple environments from
being deleted.
* Add `force_delete` attribute
* Update documentation
Fixes the `TestAccAWSAutoscalingLifecycleHook_omitDefaultResult` acceptance test to run in parallel.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingLifecycleHook_omitDefaultResult'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/15 22:33:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingLifecycleHook_omitDefaultResult -timeout 120m
=== RUN TestAccAWSAutoscalingLifecycleHook_omitDefaultResult
--- PASS: TestAccAWSAutoscalingLifecycleHook_omitDefaultResult (146.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 146.917s
```
This allows for updates to size, type and iops
Fixes: #11931
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_update'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/15 22:35:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_update -timeout 120m
=== RUN TestAccAWSEBSVolume_updateSize
--- PASS: TestAccAWSEBSVolume_updateSize (53.57s)
=== RUN TestAccAWSEBSVolume_updateType
--- PASS: TestAccAWSEBSVolume_updateType (57.53s)
=== RUN TestAccAWSEBSVolume_updateIops
--- PASS: TestAccAWSEBSVolume_updateIops (53.63s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 164.753s
```
This extends the work in #11668 to enable final snapshots by default.
This time it's for redshift
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_withFinalSnapshot'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/04 13:53:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftCluster_withFinalSnapshot -timeout 120m
=== RUN TestAccAWSRedshiftCluster_withFinalSnapshot
--- PASS: TestAccAWSRedshiftCluster_withFinalSnapshot (859.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 859.986s
```
If we get `InvalidParameterException` with the message "Could not deliver test
message to specified" then retry as this is often down to some sort of internal
delay in Amazons API. Also increase the timeout from 30 seconds to 3 minutes as
it has been observed to take that long sometimes for the creation to succeed.
This applies to both log destinations and subscription filters.
We now enable the final_snapshot of aws_rds_cluster by default. This is
a continuation of the work in #11668
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSCluster_takeFinalSnapshot'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/04 13:19:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSCluster_takeFinalSnapshot -timeout 120m
=== RUN TestAccAWSRDSCluster_takeFinalSnapshot
--- PASS: TestAccAWSRDSCluster_takeFinalSnapshot (141.59s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 141.609s
```
Validate the policy supplied via `assume_role_policy` in an `aws_iam_role`
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRole_badJSON'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 14:13:47 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRole_badJSON -timeout 120m
=== RUN TestAccAWSRole_badJSON
--- PASS: TestAccAWSRole_badJSON (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.019s
```
Introduced in #11369, this fixes an issue with the diff suppress function when creating a new `aws_db_instance` resource, while using the default `engine_version`.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_diffSuppressInitialState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 11:52:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBInstance_diffSuppressInitialState -timeout 120m
=== RUN TestAccAWSDBInstance_diffSuppressInitialState
--- PASS: TestAccAWSDBInstance_diffSuppressInitialState (480.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 480.793s
```
A security_group_rule can also be created from a `prefix_list_id`.
Introduced in #11809
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroupRule_PrefixListEgress'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/10 12:41:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroupRule_PrefixListEgress -timeout 120m
=== RUN TestAccAWSSecurityGroupRule_PrefixListEgress
--- PASS: TestAccAWSSecurityGroupRule_PrefixListEgress (33.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 33.970s
```
* provider/aws: output the log group name when create fails
* adjusted formatting to match other error output
* fixup detailed error message for ResourceAlreadyExistsException
* forgot an import
* show the log group name regardless of error type
Previously the AMI creation accepted a static value for the AMI's block device's volume size.
This change allows the user to omit the `volume_size` attribute, in order to mimic the AWS API behavior, which will use the EBS Volume's size.
Also fixes a potential panic case when setting `iops` on the AMI's block device.
The `aws_ami` resource previously didn't have any acceptance tests, adds two acceptance tests and a full testing suite for the `aws_ami` resource, so further tests can be written, as well as expansion upon the other `aws_ami_*` acceptance tests
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 20:18:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_ -timeout 120m
=== RUN TestAccAWSAMI_basic
--- PASS: TestAccAWSAMI_basic (44.21s)
=== RUN TestAccAWSAMI_snapshotSize
--- PASS: TestAccAWSAMI_snapshotSize (45.08s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 89.320s
```
Allows redshift security group tests to better handle being ran in parallel.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:40:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftSecurityGroup_ -timeout 120m
=== RUN TestAccAWSRedshiftSecurityGroup_importBasic
--- PASS: TestAccAWSRedshiftSecurityGroup_importBasic (12.98s)
=== RUN TestAccAWSRedshiftSecurityGroup_ingressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressCidr (11.02s)
=== RUN TestAccAWSRedshiftSecurityGroup_updateIngressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressCidr (32.81s)
=== RUN TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup (14.82s)
=== RUN TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup (37.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 109.090s
```
Allows the redshift parameter group acceptance tests handle being ran in parallel better
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftParameterGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:16:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftParameterGroup_ -timeout 120m
=== RUN TestAccAWSRedshiftParameterGroup_importBasic
--- PASS: TestAccAWSRedshiftParameterGroup_importBasic (15.17s)
=== RUN TestAccAWSRedshiftParameterGroup_withParameters
--- PASS: TestAccAWSRedshiftParameterGroup_withParameters (13.16s)
=== RUN TestAccAWSRedshiftParameterGroup_withoutParameters
--- PASS: TestAccAWSRedshiftParameterGroup_withoutParameters (12.58s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.940s
```
Updates the aws_elb acceptance tests to better handle parallel test runs
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLoadBalancerPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:04:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLoadBalancerPolicy_ -timeout 120m
=== RUN TestAccAWSLoadBalancerPolicy_basic
--- PASS: TestAccAWSLoadBalancerPolicy_basic (24.50s)
=== RUN TestAccAWSLoadBalancerPolicy_updateWhileAssigned
--- PASS: TestAccAWSLoadBalancerPolicy_updateWhileAssigned (42.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 66.866s
```
When ran in parallel the tests `TestAccAwsEcsTaskDefinition_withNetwork` and `TestAccAwsEcsTaskDefinition_withTask` will overlap with each other due to the shared naming of the `iam_role` resource.
This fixes these tests to allow running in parallel on TeamCity.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsEcsTaskDefinition_withTask'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:20:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsEcsTaskDefinition_withTask -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.022s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsEcsTaskDefinition_withNetwork'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:21:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsEcsTaskDefinition_withNetwork -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.026s
```
Fixes the `TestAccAwsAPIGatewayMethod_customauthorizer` acceptance test which would previously fail if the iam_role resources would leak
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAPIGatewayMethod_customauthorizer'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:10:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsAPIGatewayMethod_customauthorizer -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.022s
```