In #7170 we found two scenarios where the type checking done during the
`context.Validate()` graph walk was circumvented, and the subsequent
assumption of type safety in the provider's `Diff()` implementation
caused panics.
Both scenarios have to do with interpolations that reference Computed
values. The sentinel we use to indicate that a value is Computed does
not carry any type information with it yet.
That means that an incorrect reference to a list or a map in a string
attribute can "sneak through" validation only to crop up...
1. ...during Plan for Data Source References
2. ...during Apply for Resource references
In order to address this, we:
* add high-level tests for each of these two scenarios in `provider/test`
* add context-level tests for the same two scenarios in `terraform`
(these tests proved _really_ tricky to write!)
* place an `EvalValidateResource` just before `EvalDiff` and `EvalApply` to
catch these errors
* add some plumbing to `Plan()` and `Apply()` to return validation
errors, which were previously only generated during `Validate()`
* wrap unit-tests around `EvalValidateResource`
* add an `IgnoreWarnings` option to `EvalValidateResource` to prevent
active warnings from halting execution on the second-pass validation
Eventually, we might be able to attach type information to Computed
values, which would allow for these errors to be caught earlier. For
now, this solution keeps us safe from panics and raises the proper
errors to the user.
Fixes#7170
I noticed we had two mechanisms for unit test override. One that dropped
a sentinel into the env var, and another with a struct member on
TestCase. This consolidates the two, using the cleaner struct member
internal mechanism and the nicer `resource.UnitTest()` entry point.
* small doc update
* provider/atlas: Add docs for Artifact Data Source
* provider/atlas: Remove a test method that isn't used
* provider/atlas: Add Data Source for Atlas Artifact
* provider/atlas: Show deprecation error on atlas_artifact resource
Fixes#7374
The introduction of the AzureRM SDK 3.0.0-beta means that the
`name_servers` for the DNS Zone are returned from the API
This PR has a dependency on #7420 being merged first
```
make testacc TEST=./builtin/providers/azurerm TESTARGS='-run=TestAccAzureRMDnsZone_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /vendor/)
2016/06/30 15:20:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMDnsZone_ -timeout 120m
=== RUN TestAccAzureRMDnsZone_basic
--- PASS: TestAccAzureRMDnsZone_basic (92.42s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm
92.444s
```
This test function tests both VPC and Classic EC2 modes, but not
all accounts have support for both. Splitting them makes it
easier to understand why a test fails when an account only
supports the VPC mode.
* Added support for redshift destination to firehose delivery streams
* Small documentation fix
* go fmt after rebase
* small fixes after rebase
* provider/aws: Firehose test cleanups
* provider/aws: Update docs
* Convert Redshift and S3 blocks to TypeList
* provider/aws: Add migration for S3 Configuration in Kinesis firehose
* providers/aws: Safety first when building Redshift config options
* restore commented out log statements in the migration
* provider/aws: use MaxItems in schema
This commit marks the "member" attribute of the
openstack_lb_pool_v1 resource as being deprecated. Users should begin
migrating to the openstack_lb_member_v1 resource.
```
make testacc TEST=./builtin/providers/digitalocean
TESTARGS='-run=TestAccDigitalOceanDomain_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/digitalocean -v -run=TestAccDigitalOceanDomain_ -timeout 120m
=== RUN TestAccDigitalOceanDomain_importBasic
--- PASS: TestAccDigitalOceanDomain_importBasic (3.07s)
=== RUN TestAccDigitalOceanDomain_Basic
--- PASS: TestAccDigitalOceanDomain_Basic (1.99s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/digitalocean
5.072s
```
```
make testacc TEST=./builtin/providers/digitalocean
TESTARGS='-run=TestAccDigitalOceanSSHKey_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/digitalocean -v -run=TestAccDigitalOceanSSHKey_ -timeout 120m
=== RUN TestAccDigitalOceanSSHKey_importBasic
--- PASS: TestAccDigitalOceanSSHKey_importBasic (2.13s)
=== RUN TestAccDigitalOceanSSHKey_Basic
--- PASS: TestAccDigitalOceanSSHKey_Basic (1.52s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/digitalocean
3.665s
```
Fixes#6673
When a floating IP is changed in the DO console, this PR will allow it
to be reassociated to the machine that Terraform attached it to and
change it back
* added additional error info for when memory swap assert fails.
related to https://github.com/hashicorp/terraform/pull/7392
* updated docker_container documentation
reflect recent changes to docker provider around tests, dns options and
dns search support.
* Grammar and punctuation changes
Docker container documentation.
* Spell checking, grammar and punctuation.
Docker container documentation.
* Markdown change sto docker container documentation
* fixed go vet issues on aws provider in master
* added support for dns, dns options and dns search for docker container.
On docker container resource you can specify dns_opts nad dns_search
which maps directly to docker --dns_opt and --dns_search parameters.
Allowing users to setup the embedded dns settings for their containers.
* fixed the asserts for the new features in tests.
fixed tests around DNS, DNS_OPTS and DNS_SEARCH
Fixes an issue where terraform plan or apply will always have a diff.
The Elastic Beanstalk API returns data for the `resource` attribute for
some settings that are not documented. This limits the `resource`
attribute to settings in the `aws:autoscaling:scheduledaction`
namespace.
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVPCPeeringConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVPCPeeringConnection_ -timeout 120m
=== RUN TestAccAWSVPCPeeringConnection_importBasic
--- PASS: TestAccAWSVPCPeeringConnection_importBasic (42.58s)
=== RUN TestAccAWSVPCPeeringConnection_basic
--- PASS: TestAccAWSVPCPeeringConnection_basic (45.00s)
=== RUN TestAccAWSVPCPeeringConnection_plan
--- PASS: TestAccAWSVPCPeeringConnection_plan (40.92s)
=== RUN TestAccAWSVPCPeeringConnection_tags
--- SKIP: TestAccAWSVPCPeeringConnection_tags (0.00s)
resource_aws_vpc_peering_connection_test.go:85: Error: TestAccAWSVPCPeeringConnection_tags requires a peer id to be set
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 128.517s
```
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSAPIGatewayAccount_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAPIGatewayAccount_importBasic -timeout 120m
=== RUN TestAccAWSAPIGatewayAccount_importBasic
--- PASS: TestAccAWSAPIGatewayAccount_importBasic (16.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 16.450s
```
FYI @catsby
The acceptance test was throwing the error:
```
* aws_elb.main: DuplicateLoadBalancerName: Load Balancer named
* foobar-terraform-elb already exists and it is configured with
* different parameters.
```
So randomized the name and the test still passes as expected:
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSRoute53Record_alias'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_alias -timeout 120m
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (97.70s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 97.722s
```
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (201.02s)
=== RUN TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.38s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 537.426s
```
Had to change the way that the tests were working to include a random sqs-queue name due to this error:
```
`aws_sqs_queue.test_queue: Error creating SQS queue: AWS.SimpleQueueService.QueueDeletedRecently: You must wait 60 seconds after deleting a queue before you can create another with the same name.
status code: 400, request id: b58e800a-ae27-556e-b6de-cfe1bbf9dc09``
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSNSTopicSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSNSTopicSubscription_ -timeout 120m
=== RUN TestAccAWSSNSTopicSubscription_importBasic
--- PASS: TestAccAWSSNSTopicSubscription_importBasic (24.44s)
=== RUN TestAccAWSSNSTopicSubscription_basic
--- PASS: TestAccAWSSNSTopicSubscription_basic (25.26s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 49.722s
```
* Add SES resource
* Detect ReceiptRule deletion outside of Terraform
* Handle order of rule actions
* Add position field to docs
* Fix hashes, add log messages, and other small cleanup
* Fix rebase issue
* Fix formatting
In CloudStack you can dynamically start using an ACL and once you use
an ACL you can dynamically swap ACL’s. But once your using an ACL, you
can no longer stop using an ACL without rebuilding the network.
This change makes the `ForceNew` value dynamic so that it only returns
`true` if you are reverting from using an ACL to not using an ACL
anymore, making this functionally inline with the behaviour CloudStack
offers.
succeeded
This fixes#7122 where the SG was not fully configured before a
dependant service was created
```
make testacc TEST=./builtin/providers/azurerm
TESTARGS='-run=TestAccAzureRMNetworkSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMNetworkSecurityGroup_ -timeout 120m
=== RUN TestAccAzureRMNetworkSecurityGroup_basic
--- PASS: TestAccAzureRMNetworkSecurityGroup_basic (128.93s)
=== RUN TestAccAzureRMNetworkSecurityGroup_withTags
--- PASS: TestAccAzureRMNetworkSecurityGroup_withTags (164.52s)
=== RUN TestAccAzureRMNetworkSecurityGroup_addingExtraRules
--- PASS: TestAccAzureRMNetworkSecurityGroup_addingExtraRules (178.20s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm
471.677s
```
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSIAMAccountPasswordPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSIAMAccountPasswordPolicy_ -timeout 120m
=== RUN TestAccAWSIAMAccountPasswordPolicy_importBasic
--- PASS: TestAccAWSIAMAccountPasswordPolicy_importBasic (14.75s)
=== RUN TestAccAWSIAMAccountPasswordPolicy_basic
--- PASS: TestAccAWSIAMAccountPasswordPolicy_basic (26.06s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.831s
```
For both the file and virtual_disk resource, Stat is used during read,
but if Stat returns an error, read() will return that error. In doing
so, if a resource is deleted manually, the TF user would then not be
able to destroy the resource because the read would block the Delete()
call. With this patch, read() will only return an error if that error
is NOT a DatastoreNoSuchFileError.
Small change to the test as it was failing sometimes as it was using the
same identifier. The small change has made it more stable when running
it in quick succession as it isn't an update
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (14.14s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (22.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 37.040s
```
The Id wasn't being set until after the Read func returned from the API.
I needed to move that Id set up until just after the Create response
returned
The same Id's have been set - username
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.24s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.99s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.261s
```
Changes required:
* ECR Read func doesn't need to take ``registry_id` as it uses the
current account Id
* `name` wasn't being set in the ECR Read so the import was failing as
name wasn't found
```
make testacc TEST=./builtin/providers/aws
TESTARGS='-run=TestAccAWSEcrRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (17.37s)
=== RUN TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (16.05s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 33.437s
```
`virtual_machine`
Fixes#7275 - a state migration was missed when `enable_disk_uuid` was
merged
```
make testacc TEST=./builtin/providers/vsphere
TESTARGS='-run=TestVSphereVirtualMachineMigrateState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/vsphere -v
-run=TestVSphereVirtualMachineMigrateState -timeout 120m
=== RUN TestVSphereVirtualMachineMigrateState
--- PASS: TestVSphereVirtualMachineMigrateState (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/vsphere
0.018s
```
this datasource allows terraform to work with externally modified state, e.g.
when you're using an ECS service which is continously updated by your CI via the
AWS CLI.
right now you'd have to wrap terraform into a shell script which looks up the
current image digest, so running terraform won't change the updated service.
using the aws_ecs_container_definition data source you can now leverage
terraform, removing the wrapper entirely.
There are currently no checks on username and endpoint in the provider
schema from being an empty value. This PR adds support to make sure that
endpoint and username are not empty strings as that can cause a panic
Results of the PR:
```
% terraform apply
There are warnings and/or errors related to your configuration. Please
fix these before continuing.
Errors:
* provider.mysql: Endpoint must not be an empty string
```
If an AWS Cookie Stickiness Policy is removed from the listener in
the AWS console the policy isn't deleted. Cross reference the policy
name with those assigned to the listener to determine if the policy
is actually being used.
Since this resource produces a list it feels more intuitive to give its
attribute a plural name, and since the noun "instance" already means
something specific in the AWS provider that doesn't apply here we use
"names" to indicate that these are availability zone names.
Also includes updating the docs to not show a dynamic count example for
now, since we don't support that yet.
When reading an AppCookieStickinessPolicy check for LoadBalancerNotFound
as well as PolicyNotFound. This prevents errors when when destroying a
policy on an ELB that no longer exists.
There were lots of hacky checks in the ARM VM resource to check for a
length of 1 param block
MaxItems was introduced so this PR updates to use MaxItems
- Tests for issue hashicorp/terraform#2143.
- Fixed package names since Triton deprecated the g3-series.
- Must supply SDC_URL when invoking tests.
Test will fail on metadata_3 but not on _2 as discussed with
@jen20 on 11 June 2016.
The work integrated in hashicorp/terraform#6322 silently broke the
ability to use remote state correctly. This commit adds a fix for that,
making use of the work integrated in hashicorp/terraform#7124.
In order to deal with outputs which are complex structures, we use a
forked version of the flatmap package - the difference in the version
this commit vs the github.com/hashicorp/terraform/flatmap package is
that we add in an additional key for map counts which state requires.
Because we bypass the normal helper/schema mechanism, this is not set
for us.
Because of the HIL type checking of maps, values must be of a homogenous
type. This is unfortunate, as it means we can no longer refer to outputs
as:
${terraform_remote_state.foo.output.outputname}
Instead we had to bring them to the top level namespace:
${terraform_remote_state.foo.outputname}
This actually does lead to better overall usability - and the BC
breakage is made better by the fact that indexing would have broken the
original syntax anyway.
We also add a real-world test and assert against specific values. Tests
which were previously acceptance tests are now run as unit tests, so
regression should be identified at a much earlier stage.
When using winrm config block, we had an address issue. This is no
longer a set but a list (As a list fits it more approp)
```
make testacc TEST=./builtin/providers/azurerm
TESTARGS='-run=TestAccAzureRMVirtualMachine_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMVirtualMachine_ -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_basicLinuxMachine
--- PASS: TestAccAzureRMVirtualMachine_basicLinuxMachine (587.80s)
=== RUN TestAccAzureRMVirtualMachine_tags
--- PASS: TestAccAzureRMVirtualMachine_tags (554.53s)
=== RUN TestAccAzureRMVirtualMachine_updateMachineSize
--- PASS: TestAccAzureRMVirtualMachine_updateMachineSize (612.52s)
=== RUN TestAccAzureRMVirtualMachine_basicWindowsMachine
--- PASS: TestAccAzureRMVirtualMachine_basicWindowsMachine (765.90s)
=== RUN TestAccAzureRMVirtualMachine_windowsUnattendedConfig
--- PASS: TestAccAzureRMVirtualMachine_windowsUnattendedConfig
(770.53s)
=== RUN TestAccAzureRMVirtualMachine_winRMConfig
--- PASS: TestAccAzureRMVirtualMachine_winRMConfig (827.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm
4119.192s
```
This commit cleans up the acceptance test formatting for the lbaas v2
resources. It also modifies the devstack script to enable the lbaas
v2 service for testing. Finally, this commit increases the timeout
for load balancer creation since it takes some time to do within
devstack.
false
Fixes#7035
A known issue in Terraform means that d.GetOk() on a bool which is false
will mean it doesn't get evaulated. Therefore, when people set
publicly_accessible to false, it will never get evaluated on the Create
We are going to make it default to false now
* provider/azurerm: DNS CNAME resource wasn't posting records
Azure changed the API for CNAME at some point and since then we haven't
been creating CNAME records. The API changes from []records to a single
record
This PR changes the schema for dns cnames to have a record parameter and
adds a deprecation warning around records. Talked with @jen20 on this
and we decided that it's currently broken and we should handle this as
part of 0.7 where there are other breaking changes
```
TF_LOG=1 make testacc TEST=./builtin/providers/azurerm
TESTARGS='-run=TestAccAzureRMDnsCNameRecord' 2>~/tf.log
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMDnsCNameRecord -timeout 120m
=== RUN TestAccAzureRMDnsCNameRecord_basic
--- PASS: TestAccAzureRMDnsCNameRecord_basic (97.22s)
=== RUN TestAccAzureRMDnsCNameRecord_subdomain
--- PASS: TestAccAzureRMDnsCNameRecord_subdomain (94.94s)
=== RUN TestAccAzureRMDnsCNameRecord_updateRecords
--- PASS: TestAccAzureRMDnsCNameRecord_updateRecords (116.62s)
```
* Change DNS Records to removed rather than deprecated
Fixes#7053 where, when using `additional_unattend_config` in
`os_profile_windows_config` we got an error as follows:
```
azurerm_virtual_machine.test: [DEBUG] Error setting Virtual Machine
Storage OS Profile Windows Configuration: &errors.errorString{s:"Invalid
address to set: []string{\"os_profile_windows_config\", \"1534614206\",
\"additional_unattend_config\"}"}
```
The region returned by the API is always lowercase therefore when you specify a region uppercase in your config file it forces the droplet to be regenerated on every ```terraform apply``` (even when it is not needed).
Since the custom_configuration_parameters can't take dots, we cannot
set 'disk.EnableUUID'. This adds a parameter for this options that gets
added to a configSpec. This option causes the vm to mount disks by uuid
on the guest OS.
Fixed the problem where the root_block_device could cause an apply error
by reading back an "encrypted" parameter that was meant for an
ebs_block_device. "encrypted" is not part of the root_block_device
schema, since it can't be set explicitly.
Added a check in Create to fail when the root device is incorrectly
specified as an ebs_block_device, as this causes continual refreshing
due to mismatched state between root_block_device and ebs_block_device.
"encrypted" and "snapshot_id" should be guarded with ConflictsWith, but
that doesn't appear to work on nested resources despite #1926.
Fixes#7062
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheSubnetGroup'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheSubnetGroup -timeout 120m
=== RUN TestAccAWSElasticacheSubnetGroup_basic
--- PASS: TestAccAWSElasticacheSubnetGroup_basic (44.62s)
=== RUN TestAccAWSElasticacheSubnetGroup_update
--- PASS: TestAccAWSElasticacheSubnetGroup_update (73.74s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 118.379s
These tests run each time Travis builds, causing additional noise and a
(negligible) speed decrease. However, since the advent of internal
plugins, these tests are unnecessary, and each file only carries a
package declaration anyway - so there are no tests actually executed!
* pr-6865:
provider/aws: Add db_param group to RDS Cluster Instance test
remove status attribute
support aurora instance's parameter group and modifyinstance
This commit ensures that all monitors have been disassociated from
the load balancing pool before the pool is deleted.
A test has been added to ensure that a full load balancing stack is
capable of handling an update to an instance, causing some components
to be rebuilt.
* Adding debug functionality to log debug api calls
* adding debug and refactoring tests
* more tweaks with tests
* updating documentation
* more refactoring of tests
* working through factor for testing
* removing logging that displays username and password
* more work on getting tests stable
When VPC is detached from VPN gateway, its VpcAttachment stays in place
just with state changed to "detached". Since terraform was not checking
attachment state, it used to think VPC gateway was still attached.
Add the iam_arn attribute to aws_cloudfront_origin_access_identity,
which computes the IAM ARN for a certain CloudFront origin access
identity.
This is necessary because S3 modifies the bucket policy if CanonicalUser
is sent, causing spurious diffs with aws_s3_bucket resources.
This brings over the work done by @apparentlymart and @radeksimko in
PR #3124, and converts it into a data source for the AWS provider:
This commit adds a helper to construct IAM policy documents using
familiar Terraform concepts. It makes Terraform-style interpolations
easier and resolves the syntax conflict between Terraform interpolations
and IAM policy variables by changing the latter to use &{...} for its
interpolations.
Its use is completely optional and users are free to go on using literal
heredocs, file interpolations or whatever else; this just adds another
option that fits more naturally into a Terraform config.
This an effort to address hashicorp/terraform#516.
Adding the Sensitive attribute to the resource schema, opening up the
ability for resource maintainers to mark some fields as sensitive.
Sensitive fields are hidden in the output, and, possibly in the future,
could be encrypted.
Closing off my other AWS availability zone branch, I'm adding tests for
the existing aws_availability_zones data source.
This closeshashicorp/terraform#4848.
This data source allows one to look up the most recent AMI for a specific
set of parameters, much like aws ec2 describe-images in the AWS CLI.
Basically a refresh of hashicorp/terraform#4396, in data source form.
This commit adds the newly required OS_EXT_GW environment variable to
the devstack acceptance environment build suite. It also fixes some
space formatting in a test.
* Add per user, role and group policy attachment
* Add docs for new IAM policy attachment resources.
* Make policy attachment resources manage only 1 entity<->policy attachment
* provider/aws: Tidy up IAM Group/User/Role attachments
When two rules differ only in source security group, EC2 APIs return
them as a single rule, but Terraform requires separate
aws_security_group_rule resources.
6bdab07174 changed Read to set source_security_group_id (and
cidr_blocks) from the rule returned from EC2 and chose the first
source_security_group_id arbitrarily, which is wrong.
Makes TestAccAWSSecurityGroupRule_PartialMatching_Source pass again.
Also adds a comment noting that there is a bug in the new resource
importing feature.
Fixes#6728.
This commit adds a data source with a single list, `instance` for the
schema which gets populated with the availability zones to which an
account has access.