If Terraform creates an ENI and it's attached out of band, Terraform
should not attempt to remove the attachment on subsequent runs.
fixes#2436fixes#2881
This commit exports the `arn` as well as the `id`, since IAM
roles require the full resource name rather than just the table
name. I'd even be in favor or having `arn` as the `id` since the
<region, tablename> pair is the uniqueness constraint, but this
will keep backwards compatibility:
http://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html
* master: (720 commits)
Update CHANGELOG.md
Update CHANGELOG.md
dynamodb-local Update AWS config https://github.com/hashicorp/terraform/pull/2825#issuecomment-126353610
Make target_pools optional
Update CHANGELOG.md
code formatting
Update CHANGELOG.md
providers/google: Fix reading account_file path
providers/google: Fix error appending
providers/google: Return if we could parse JSON
providers/google: Change account_file to JSON
providers/google: Default account_file* to empty
providers/google: Add account_file/account_file_contents ConflictsWith
providers/google: Document account_file_contents
providers/google: Use account_file_contents if provided
providers/google: Add account_file_contents to provider
Update CHANGELOG.md
Update CHANGELOG.md
dynamodb-local Use ` instead of : to refer region to keep the consistency with the provider docs
dynamodb-local Update aws provider docs to include the `dynamodb_endpoint` argument
...
The initial commit of AWS autoscaling group termination policy was
unfinished. It only worked on "create", and so had a needless ForceNew
that would rebuild autoscaling groups on any change. It also used a
HashString set, so it didn't preserve ordering of multiple policies
correctly.
Added the "update" operation, and converted to a TypeList to preserve
ordering. In addition, removing the policy or setting it to a null list
will reset the policy to "Default", the standard AWS policy.
Updated the acceptance tests to verify the update, but the null case is
difficult to test.
* master: (86 commits)
providers/google: Fix reading account_file path
providers/google: Fix error appending
providers/google: Return if we could parse JSON
providers/google: Change account_file to JSON
providers/google: Default account_file* to empty
providers/google: Add account_file/account_file_contents ConflictsWith
providers/google: Document account_file_contents
providers/google: Use account_file_contents if provided
providers/google: Add account_file_contents to provider
Update CHANGELOG.md
Update CHANGELOG.md
use d.Id()
Update CHANGELOG.md
Update CHANGELOG.md
scripts: change website_push to push from HEAD
update analytics
core: fix crash on provider warning
provider/aws: Update source to comply with upstream breaking change
Update CHANGELOG.
provider/aws: Fix issue with IAM Server Certificates and Chains
...
* master: (33 commits)
Update CHANGELOG.md
Update CHANGELOG.md
scripts: change website_push to push from HEAD
update analytics
provider/aws: Update source to comply with upstream breaking change
Update CHANGELOG.
provider/aws: Fix issue with IAM Server Certificates and Chains
Increase timeout, IGM delete can be slow
Make failure of "basic" test not interfere with success of "update" test
Update CHANGELOG.md
Use new autoscaler / instance group manager APIs.
Compute private ip addresses of ENIs if they are not specified
Update CHANGELOG.md
Update CHANGELOG.md
provider/aws: Error when unable to find a Root Block Device name
Update CHANGELOG.md
aws_db_instance: Add mixed-case engine test to ensure StateFunc works.
aws_db_instance: Only write lowercase engines to the state file.
Update CHANGELOG.md
Split AWS provider topics by service.
...
Amazon accepts mixed-case engines, but only returns lowercase. Without
the proper StateFunc, every apply of a mixed-case engine will result in
a new db instance. Standardize on lowercase.
An attempt to converge the tests into a standard naming scheme
- TestAccAWS for aws tests
- a `_basic` test for each suite, save a few that are quick (Network ACLs, for
example)
The v0.beta is removed, so I also removed it from here. Strangely
enough I cannot find any code that actually used it other then in being
instantiated in the provider config func.
The RDS API reference doesn't say dots are allowed, but they are. For
the sake of people who have preexisting resources with dots in the
names, we should allow them also. Fixes#2664.
These two provider options are optional though if they are not set,
the user will be prompted to enter values.
By changing them to use the envDefaultFuncAllowMissing, the values
are still passed in the environment if they are set and safely
discarded if they are not.
* 'master' of github.com:reverbdotcom/terraform: (524 commits)
docs: tweaks to RELEASING
Minor change to docs
Update CHANGELOG.md
Update DynamoDB example docs to remove non-key attributes; update test to remove non-key attribute from attribute set to prevent infinite planning loops
Update CHANGELOG.md
use /usr/bin/env bash
provider/aws: fix go vet
provider/aws: ignore providers with Meta nil
update CHANGELOG
provider/aws: Code cleanups for Spot Requests
provider/aws: fix db_subnet acc test
Fixing the tests
Fixes issue #2568
Update CHANGELOG.md
Update CHANGELOG.md
fixes typo
Fixed void Azure network config bug.
provider/aws: ecs task definition is deregistered correctly
provider/azure: fixup storage service test
provider/docker: [tests] change images
...
We changed the way validation works for providers so that they aren't
always configured if they have computed attributes. The result is that
sometimes the Configure won't be called, hence Meta is nil
AWS accepts uppercase DB Subnet Group names - it just automatically
downcases them. We already had logic to handle that - so we
intentionally had an acctest with uppercase characters that was now
failing.
Loosening the regexp to allow uppercase letters for now - we can discuss
if we want to tighten the validation as a separate question.
/cc @radeksimko @catsby
favor of attempting to detect if the initial container ever enters
running state, and erroring out if not. It will re-check the container
once every 500ms for 15 seconds total; future work could make that
configurable.
Links cause there to be more than one name for a container to be
returned. As a result, only looking at the first element of the
container names could cause a container to not be found, leading
Terraform to remove it from state and attempt to recreate it.
the Docker API get those containers running. Otherwise when
you try to start a container linking to them, the start command
will fail, leading to an error.
Fixes crash in #2431
Decided that `findResourceSecurityGroup` should return an error when
the SG is not found, since the callers cannot happily continue with a
`nil` SG
Also passes through a few error cases that were being swallowed.
/cc @catsby
Some AMIs have a RootDeviceName like "/dev/sda1" that does not appear as a
DeviceName in the BlockDeviceMapping list (which will instead have
something like "/dev/sda")
While this seems like it breaks an invariant of AMIs, it ends up working
on the AWS side, and AMIs like this are common enough that we need to
special case it so Terraform does the right thing.
Our heuristic is: if the RootDeviceName does not appear in the
BlockDeviceMapping, assume that the DeviceName of the first
BlockDeviceMapping entry serves as the root device.
fixes#2224
* master:
Update CHANGELOG.md
Update CHANGELOG.md
Added affinity group resource.
update link to actually work
provider/azure: Fix SQL client name to match upstream
add warning message to explain scenario of conflicting rules
typo
remove debugging
Update CHANGELOG.md
provider/aws: Add docs for autoscaling_policy + cloudwatch_metric_alarm
provider/aws: Add autoscaling_policy
provider/aws: Add cloudwatch_metric_alarm
rename method, update docs
clean up some conflicts with
clean up old, incompatible test
update tests with another example
update test
remove meta usage, stub test
fix existing tests
Consider security groups with source security groups when hashing
* master: (23 commits)
typo
Update CHANGELOG.md
provider/aws: Add docs for autoscaling_policy + cloudwatch_metric_alarm
provider/aws: Add autoscaling_policy
provider/aws: Add cloudwatch_metric_alarm
Update CHANGELOG.md
Update CHANGELOG.md
provider/template: don't error when rendering fails in Exists
Update CHANGELOG.md
Added Azure SQL server and service support.
Update CHANGELOG.md
docs: clarify wording around destroy/apply args
Getting Started: Added a Next Step upon finishing install.
docs: add description of archive format to download page
docs: snapshot plugin dependencies when releasing
add v0.5.3 transitory deps
Fixes support for changing just the read / write capacity of a GSI
Change sleep time for DynamoDB table waits from 3 seconds to 5 seconds
Remove request for attribute changes
Fix AWS SDK imports
...
The Exists function can run in a context where the contents of the
template have changed, but it uses the old set of variables from the
state. This means that when the set of variables changes, rendering will
fail in Exists. This was returning an error, but really it just needs to
be treated as a scenario where the template needs re-rendering.
fixes#2344 and possibly a few other template issues floating around
Previously they would conflict you had multiple security group rules
with the same ingress or egress ports but different source security
groups because only the CIDR blocks were considered (which are empty
when using source security groups).
Updated to include migrations (from clint@ctshryock.com)
Signed-off-by: Clint Shryock <clint@ctshryock.com>
regex solution is extremely complex, which makes it hard to debug and
understand; the original switches and
commenting lay out the various cases in a straightforward fashion. Plus,
implementing namespace/repo support in the original code was a simple
strings.Join call.
This commit converts the openstack compute instances security groups to
a set from a list.
This fixes ordering problems which forces or indicates change to security
groups where none exist, and mimics the functionality in the aws
provider's compute resource.
Includes fixes from dupuy addressing crashes due to an empty state.
I snuck this in with #2263 because thought it was simply a stylistic
clarity thing, but it actually generates a resource-replacement-forcing
diff for existing resources that don't have this set in the config.
Definitely don't want that. :P
/cc @catsby
* master: (91 commits)
update CHANGELOG
update CHANGELOG
state/remote: more canonical Go for skip TLS verify
update CHANGELOG
update CHANGELOG
command/apply: flatten multierrors
provider/aws: improve iam_policy err msgs
acc tests: ensure each resource has a _basic test
aws/provider convert _normal tests to _basic
go fmt
Enpoint type configuration for OpenStack provider
Fix page title for aws_elasticache_cluster
Update CHANGELOG.md
Corrected Frankfurt S3 Website Endpoint fixes#2258
Only run Swift tests when Swift is available
Implement OpenStack/Swift remote
Minor correction to aws_s3_bucket docs
docs: Fix wrong title (aws_autoscaling_notification)
provider/aws: clarify scaling timeout error
Update CHANGELOG.md
...
This is an iteration on the great work done by @dalehamel in PRs #2095
and #2109.
The core team went back and forth on how to best model Spot Instance
Requests, requesting and then rejecting a separate-resource
implementation in #2109.
After more internal discussion, we landed once again on a separate
resource to model Spot Instance Requests. Out of respect for
@dalehamel's already-significant donated time, with this I'm attempting
to pick up the work to take this across the finish line.
Important architectural decisions represented here:
* Spot Instance Requests are always of type "persistent", to properly
match Terraform's declarative model.
* The spot_instance_request resource exports several attributes that
are expected to be constantly changing as the spot market changes:
spot_bid_status, spot_request_state, and instance_id. Creating
additional resource dependencies based on these attributes is not
recommended, as Terraform diffs will be continually generated to keep
up with the live changes.
* When a Spot Instance Request is deleted/canceled, an attempt is made
to terminate the last-known attached spot instance. Race conditions
dictate that this attempt cannot guarantee that the associated spot
instance is terminated immediately.
Implementation notes:
* This version of aws_spot_instance_request borrows a lot of common
code from aws_instance.
* In order to facilitate borrowing, we introduce `awsInstanceOpts`, an
internal representation of instance details that's meant to be shared
between resources. The goal here would be to refactor ASG Launch
Configurations to use the same struct.
* The new aws_spot_instance_request acc. test is passing.
* All aws_instance acc. tests remain passing.
When a user tried to create an `aws_network_interface` resource without specifying the `private_ips` or `security_groups` attributes the API call to AWS would fail with a 500 HTTP error. Length checks have been put in place for both of these attributes before they are added to the `ec2.CreateNetworkInterfaceInput` struct.
Documentation was also added for the `aws_network_interface` resource.
While cidr_block is required for static route creation, there are
apparently cases (involving some combination of VPNs, Customer Gateways,
and automatic route propogation) where the cidr_block can come back nil.
This means we cannot assume it's there in the set hash calculation.
We need to decode both the Raw config and the parsed Config to make
sure all set keys are visible. Otherwise keys that will need to be
interpolated later, will be missing causing the validation to fail.
Set Elasticache Port number to not be set by default, and require
Elasticache Port number to be specified.
Also updated acceptance tests to supply port number upon resource
declaration
Fixes#2084
Next to the remaining docs, I also updated the code so any Virtual
Network related API calls are now synchronised by using a mutex (thanks
@aznashwan for pointing that out!).
* upstream/master: (21 commits)
fix typo
fix typo, use awslabs/aws-sdk-go
Update CHANGELOG.md
More internal links in template documentation.
providers/aws: Requires ttl and records attributes if there isn't an ALIAS block.
Condense switch fallthroughs into expr lists
Fix docs for aws_route53_record params
Update CHANGELOG.md
provider/aws: Add IAM Server Certificate resource
aws_db_instance docs updated per #2070
providers/aws: Adds link to AWS docs about RDS parameters.
Downgrade middleman to 3.3.12 as 3.3.13 does not exist
providers/aws: Clarifies db_security_group usage.
"More more" no more!
Indentation issue
Export ARN in SQS queue and SNS topic / subscription; updated tests for new AWS SDK errors; updated documentation.
Changed Required: false to Optional: true in the SNS topic schema
Initial SNS support
correct resource name in example
added attributes reference section for AWS_EBS_VOLUME
...
Only the azure_instance is fully working (for both Linux and Windows
instances) now, but needs some tests. network and disk and pretty much
empty, but the idea is clear so will not take too much time…
commit a92fe29b909af033c4c57257ddcb6793bfb694aa
Author: Michael Austin <m_austin@me.com>
Date: Wed May 20 16:35:38 2015 -0400
updated to new style of awserr
commit 428271c9b9ca01ed2add1ffa608ab354f520bfa0
Merge: b3bae0e 883e284
Author: Michael Austin <m_austin@me.com>
Date: Wed May 20 16:29:00 2015 -0400
Merge branch 'master' into 2544-terraform-s3-forceDelete
commit b3bae0efdac81adf8bb448d11cc1ca62eae75d94
Author: Michael Austin <m_austin@me.com>
Date: Wed May 20 12:06:36 2015 -0400
removed extra line
commit 85eb40fc7ce24f5eb01af10eadde35ebac3c8223
Author: Michael Austin <m_austin@me.com>
Date: Tue May 19 14:27:19 2015 -0400
stray [
commit d8a405f7d6880c350ab9fccb70b833d2239d9915
Author: Michael Austin <m_austin@me.com>
Date: Tue May 19 14:24:01 2015 -0400
addressed feedback concerning parsing of aws error in a more standard way
commit 5b9a5ee613af78e466d89ba772959bb38566f50e
Author: Michael Austin <m_austin@me.com>
Date: Tue May 19 10:55:22 2015 -0400
clarify comment to highlight recursion
commit 91043781f4ba08b075673cd4c7c01792975c2402
Author: Michael Austin <m_austin@me.com>
Date: Tue May 19 10:51:13 2015 -0400
addressed feedback about reusing err variable and unneeded parens
commit 95e9c3afbd34d4d09a6355b0aaeb52606917b6dc
Merge: 2637edf db095e2
Author: Michael Austin <m_austin@me.com>
Date: Mon May 18 19:15:36 2015 -0400
Merge branch 'master' into 2544-terraform-s3-forceDelete
commit 2637edfc48a23b2951032b1e974d7097602c4715
Author: Michael Austin <m_austin@me.com>
Date: Fri May 15 15:12:41 2015 -0400
optimize delete to delete up to 1000 at once instead of one at a time
commit 1441eb2ccf13fa34f4d8c43257c2e471108738e4
Author: Michael Austin <m_austin@me.com>
Date: Fri May 15 12:34:53 2015 -0400
Revert "hook new resource provider into configuration"
This reverts commit e14a1ade5315e3276e039b745a40ce69a64518b5.
commit b532fa22022e34e4a8ea09024874bb0e8265f3ac
Author: Michael Austin <m_austin@me.com>
Date: Fri May 15 12:34:49 2015 -0400
this file should not be in this branch
commit 645c0b66c6f000a6da50ebeca1d867a63e5fd9f1
Author: Michael Austin <m_austin@me.com>
Date: Thu May 14 21:15:29 2015 -0400
buckets tagged force_destroy will delete all files and then delete buckets
commit ac50cae214ce88e22bb1184386c56b8ba8c057f7
Author: Michael Austin <m_austin@me.com>
Date: Thu May 14 12:41:40 2015 -0400
added code to delete policy from s3 bucket
commit cd45e45d6d04a3956fe35c178d5e816ba18d1051
Author: Michael Austin <m_austin@me.com>
Date: Thu May 14 12:27:13 2015 -0400
added code to read bucket policy from bucket, however, it's not working as expected currently
commit 0d3d51abfddec9c39c60d8f7b81e8fcd88e117b9
Merge: 31ffdea 8a3b75d
Author: Michael Austin <m_austin@me.com>
Date: Thu May 14 08:38:06 2015 -0400
Merge remote-tracking branch 'hashi_origin/master' into 2544-terraform-s3-policy
commit 31ffdea96ba3d5ddf5d42f862e68c1c133e49925
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 16:01:52 2015 -0400
add name for use with resouce id
commit b41c7375dbd9ae43ee0d421cf2432c1eb174b5b0
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 14:48:24 2015 -0400
Revert "working policy assignment"
This reverts commit 0975a70c37eaa310d2bdfe6f77009253c5e450c7.
commit b926b11521878f1527bdcaba3c1b7c0b973e89e5
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 14:35:02 2015 -0400
moved policy to it's own provider
commit 233a5f443c13d71f3ddc06cf034d07cb8231b4dd
Merge: e14a1ad c003e96
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 12:39:14 2015 -0400
merged origin/master
commit e14a1ade5315e3276e039b745a40ce69a64518b5
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 12:26:51 2015 -0400
hook new resource provider into configuration
commit 455b409cb853faae3e45a0a3d4e2859ffc4ed865
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 12:26:15 2015 -0400
dummy resource provider
commit 0975a70c37eaa310d2bdfe6f77009253c5e450c7
Author: Michael Austin <m_austin@me.com>
Date: Wed May 13 09:42:31 2015 -0400
working policy assignment
commit 3ab901d6b3ab605adc0a8cb703aa047a513b68d4
Author: Michael Austin <m_austin@me.com>
Date: Tue May 12 10:39:56 2015 -0400
added policy string to schema
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:
3c259c9586
Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
Additionally:
Update CHANGELOG
Make cooldown period optional for autoscaler
Refactor autoscaler and add more error checking
Instance template now supports image aliases
Replace instance group manager 'size' -- use target_size (now writeable)
Add documentation for autoscaler
Add beta warnings to docs
- rename test to have _basic suffix, so we can run it individually
- use us-east-1 for basic test, since that's probably the only region that has
Classic
- update the indexing of nodes; cache nodes are 4 digits
Needs to wait for len(cluster.CacheNodes) == cluster.NumCacheNodes, since
apparently that takes a bit of time and the initial response always has
an empty collection of nodes
This commit follows suit of #1897 by fixing volume-related
parameters which allow the volume attach acceptance test
to work. It also re-enables the volume attach test.
This commit adds a server group resource. Users can create server
groups with different policies. If a server is launched in a certain
group, the server will adhere to that policy. For example, servers
can be made to all launch on the same compute node or different compute
nodes.
This reworks the template lifecycle a bit such that we get nicer diff
behavior.
First, we tick ForceNew on for both filename and vars, so that the diff
indicates that the template will be "replaced" on change. This is mostly
cosmetic, but it also tracks conceptually with the fact that the
identifier we use is a hash of the contents, so any change essentially
makes a "new resource".
Second, we change the Exists implementation to only return `false` when
there has been a change in the rendered template. This lets descendent
resources see the computed value changing so that they'll properly
trigger in the plan.
Fixes#1898
Refs #1866 (but does not fix, there's another deeper issue there)
In order to fix the failing test in the preceding commit when optional
params are changed from their default "computed" values.
These weren't working well with `HttpHealthCheck.Patch()` because it was
attempting to set all unspecified params to Go's type defaults (eg. 0 for
int64) which the API rejected.
Changing the call to `HttpHealthCheck.Update()` seemed to fix this but it
still didn't allow you to reset a param back to it's default by no longer
specifying it.
Settings defaults like this, which match the Terraform docs, seems like the
best all round solution. Includes two additional tests for the acceptance
tests which verify the params are really getting set correctly.
By first creating a very simple resource that mostly uses the default
values and then changing the two thresholds from their computed defaults.
This currently fails with the following error and will be fixed in a
subsequent commit:
--- FAIL: TestAccComputeHttpHealthCheck_update (5.58s)
testing.go:131: Step 1 error: Error applying: 1 error(s) occurred:
* 1 error(s) occurred:
* 1 error(s) occurred:
* Error patching HttpHealthCheck: googleapi: Error 400: Invalid value for field 'resource.port': '0'. Must be greater than or equal to 1
More details:
Reason: invalid, Message: Invalid value for field 'resource.port': '0'. Must be greater than or equal to 1
Reason: invalid, Message: Invalid value for field 'resource.checkIntervalSec': '0'. Must be greater than or equal to 1
Reason: invalid, Message: Invalid value for field 'resource.timeoutSec': '0'. Must be greater than or equal to 1
Mixture of hard and soft tabs, which isn't picked up by `go fmt` because
it's inside a string. Standardise on hard-tabs since that is what's used
in the rest of the code.
* ctiwald/ct/fix-protocol-problem:
aws: Document the odd protocol = "-1" behavior in security groups.
aws: Fixup structure_test to handle new expandIPPerms behavior.
aws: Add security group acceptance tests for protocol -1 fixes.
aws: error on expndIPPerms(...) if our ports and protocol conflict.
Users can input a limited number of protocol names (e.g. "tcp") as
inputs to network ACL rules, but the API only supports valid protocol
number:
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Preserve the convenience of protocol names and simultaneously support
numbers by only writing numbers to the state file. Also use numbers
when hashing the rules, to keep everything consistent.
AWS will accept any overly-specific IP/mask combination, such as
10.1.2.2/24, but will store it by its implied network: 10.1.2.0/24.
This results in hashing errors, because the remote API will return
hashing results out of sync with the local configuration file.
Enforce a stricter API rule than AWS. Force users to use valid masks,
and run a quick calculation on their input to discover their intent.
AWS doesn't store ports for -1 protocol rules, thus the read from the
API will always come up with a different hash. Force the user to make a
deliberate port choice when enabling -1 protocol rules. All from_port
and to_port's on these rules must be 0.
AWS includes default rules with all network ACL resources which cannot
be modified by the user. Don't attempt to store them locally or change
them remotely if they are already stored -- it'll consistently result
in hashing problems.
resourceAwsNetworkAclRead swallowed these errors resulting in rules
that never properly updated. Implement an entry-to-maplist function
that'll allow us to write something that Set knows how to read.
aws hides its credentials in many places:
multiple env vars, config files,
ec2 metadata.
Terraform currently recognizes only the env vars;
to use the other options, you had to put in a
dummy empty value for access_key and secret_key.
Rather than duplicate all aws checks, ask the
aws sdk to fetch credentials earlier.
If an AutoScalingGroup is in the middle of performing a Scaling
Activity, it cannot be deleted, and yields a ScalingActivityInProgress
error.
Retry the delete for up to 5m so we don't choke on this error. It's
telling us something's in progress, so we'll keep trying until the
scaling activity completed.
On ASG creation, waits for up to 10m for desired_capacity or min_size
healthy nodes to show up in the group before continuing.
With CBD and proper HealthCheck tuning, this allows us guarantee safe
ASG replacement.
* 'master' of github.com:hashicorp/terraform:
provider/aws: detach VPN gateway with proper ID
update CHANGELOG
provider/aws: Update ARN in instanceProfileReadResult
provider/aws: remove placement_group from acctest
core: module targeting
Added support for more complexly images repos such as images on a private registry that are stored as namespace/name
Depends on there being an existing placement group in the account called
"terraform-placement-group" - we'll need to circle back around to cover
this with AccTests after TF gets an `aws_placement_group` resource.
- Users
- Groups
- Roles
- Inline policies for the above three
- Instance profiles
- Managed policies
- Access keys
This is most of the data types provided by IAM. There are a few things
missing, but the functionality here is probably sufficient for 95% of
the cases. Makes a dent in #28.
Ingress and egress rules given a "-1" protocol don't have ports when
Read out of AWS. This results in hashing problems, as a local
config file might contain port declarations AWS can't ever return.
Rather than making ports optional fields, which carries with it a huge
headache trying to distinguish between zero-value attributes (e.g.
'to_port = 0') and attributes that are simply omitted, simply force the
user to opt-in when using the "-1" protocol. If they choose to use it,
they must now specify "0" for both to_port and from_port. Any other
configuration will error.
Do directory expansion on filenames.
Add basic acceptance tests. Code coverage is 72.5%.
Uncovered code is uninteresting and/or impossible error cases.
Note that this required adding a knob to
helper/resource.TestStep to allow transient
resources.