Commit Graph

1717 Commits

Author SHA1 Message Date
clint shryock be07e4c0c9 cleanup spot instance attribute setting 2015-12-01 15:25:53 -06:00
clint shryock c5f0c8ced6 provider/aws: Check for nil on some spot instance attributes 2015-12-01 14:58:59 -06:00
James Nugent 9987f36d86 Merge pull request #4093 from paybyphone/master
provider/aws: New resource `aws_lambda_event_source_mapping`
2015-12-01 08:36:45 -05:00
Chris Marchesi 85627630bd New resource (AWS provider) - aws_lambda_event_source_mapping 2015-11-30 07:45:38 -08:00
James Nugent 85c8595c89 Merge pull request #4108 from stack72/f-aws-route53-spf-record
provider/aws: Normalization of SPF records to prevent reporting changes
2015-11-30 13:15:32 +00:00
stack72 fece57f83b Changing the IAM Role resource to allow update of Assume Policy Document 2015-11-30 12:52:07 +00:00
stack72 a556c98cde Adding support for the escapaing of Route53 SPF records 2015-11-30 12:14:39 +00:00
stack72 0cca74fe76 Changing the S3 Bucket resource to allow the update of ACL by using PutBucketAcl 2015-11-26 21:45:48 +00:00
stack72 632a9147cc Adding support for Block_Durations to AWS Spot instance 2015-11-26 11:56:04 +00:00
James Nugent b7a12e3a58 Merge pull request #4009 from apparentlymart/aws-opsworks-acctest-iam
provider/aws: AWS Opsworks tests bring their own IAM objects
2015-11-25 21:26:40 +02:00
James Nugent c262bc72ea Merge pull request #3895 from br0ch0n/rds_pub_access_param
Issue #3894 RDS publicly_accessible param shouldn't force new resource
2015-11-25 21:09:23 +02:00
clint shryock e9cb722471 providers/aws: Fix issue recreating security group rule if it has been destroyed 2015-11-24 13:50:30 -06:00
James Nugent 288e568272 Merge pull request #4024 from rjeczalik/nil-deref-fix
provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452
2015-11-24 11:52:33 +02:00
Rafal Jeczalik 9e66e18334 provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452 2015-11-24 09:30:21 +01:00
James Nugent 99e3d62cd8 provider/aws: Make VPC ID required on subnets 2015-11-23 16:53:49 +02:00
Clint 82050ff832 Merge pull request #4005 from hashicorp/b-aws-iam-user-delete
provider/aws: Fix issue deleting users who are attached to a group
2015-11-23 08:22:48 -06:00
Clint 7772a66b2f Merge pull request #3940 from hashicorp/b-aws-spot-instance-updates
providers/aws: Update Spot Instance request to provide connection information
2015-11-23 08:22:07 -06:00
stack72 150e997a96 Changing the AWS ElastiCache cluster maintenance_window to enforce lowercase 2015-11-23 12:54:56 +00:00
Paul Forman 52aad04930 Mistake in type refactor in cloudTrailGetLoggingStatus
When adjusting the types to prevent casting, I didn't change the error
message to handle the pointer change.  "go tool vet" caught this.
2015-11-22 13:23:08 -07:00
Paul Forman 9cec40ea3c Add missing error-checks from code review
Some error-checking was omitted.

Specifically, the cloudTrailSetLogging call in the Create function was
ignoring the return and cloudTrailGetLoggingStatus could crash on a
nil-dereference during the return.  Fixed both.

Fixed some needless casting in cloudTrailGetLoggingStatus.
Clarified error message in acceptance tests.
Removed needless option from example in docs.
2015-11-22 12:54:11 -07:00
Paul Forman 484887c0c5 Change default for logging in CloudTrail to true
The default for `enable_logging`, which defines whether CloudTrail
actually logs events was originally written as defaulting to `false`,
since that's how AWS creates trails.

`true` is likely a better default for Terraform users.

Changed the default and updated the docs.
Changed the acceptance tests to verify new default behavior.
2015-11-22 10:47:23 -07:00
Paul Forman c9eeb161e0 Add a comment in tests
The purpose of the first test of enable_logging wasn't quite clear.

It's future-proofing against the assumptions made about AWS behavior.
2015-11-21 14:55:08 -07:00
Martin Atkins 11190144f0 AWS Opsworks tests bring their own IAM objects.
Previously we assumed the existence of some default objects that most
Opsworks users have because the Opsworks console creates them by default
when a new stack is created.

However, that meant that these tests wouldn't work correctly for anyone
who either had never used Opsworks via the UI or who had never accepted
the default of having the console create some predefined IAM objects to
use. It may also have led to some weird failures if a particular user had
customized the settings for these default objects.

Now the tests create suitable IAM roles, a policy and an instance profile
and use these when creating Opsworks stacks, avoiding any dependency
on any pre-existing objects.

This fixes #3998.
2015-11-21 11:13:25 -08:00
Paul Forman f98dbbb580 Tests and docs for AWS CloudTrail "enable_logging"
Add acceptance tests for creation, enable, and disable logging.

Add option to docs and example.
2015-11-21 00:18:38 -07:00
Paul Forman 52db098292 Add enable_logging to AWS CloudTrail
The AWS CloudTrail resource is capable of creating CloudTrail resources,
but AWS defaults the actual logging of the trails to `false`, and
Terraform has no method to enable or monitor the status of logging.

CloudTrail trails that are inactive aren't very useful, and it's a
surprise to discover they aren't logging on creation.

Added an `enable_logging` parameter to resource_aws_cloudtrail to enable
logging.  This requires some extra API calls, which are wrapped in new
internal functions.

For compatibility with AWS, the default of `enable_logging` is set to
`false`.
2015-11-21 00:18:38 -07:00
clint shryock 233aab6e0a provider/aws: Fix issue deleting users who are attached to a group
If you want to delete an IAM user, that user must not belong to any groups
2015-11-20 16:54:26 -06:00
Clint cc70d25dc5 Merge pull request #3898 from hashicorp/b-aws-elb-iam-cert-delete
providers/aws: Retry deleting IAM Server Cert on dependency violation
2015-11-20 14:50:18 -06:00
Clint 9edbf6a7fc Merge pull request #3908 from hashicorp/b-elb-cookie-fix
provider/aws: Fix issue with LB Cookie Stickiness and empty expiration period
2015-11-20 14:49:00 -06:00
clint shryock 9eb46c28b2 use a log group resourcE 2015-11-20 13:15:20 -06:00
clint shryock cf5b32617b fix vpn gateway refresh/reattach issue 2015-11-20 11:47:10 -06:00
clint shryock 73475edceb update TestAccAWSFlowLog_subnet to use new cloudwatch resource, not needing env var anymore 2015-11-20 09:39:43 -06:00
clint shryock fe204bb291 error test when env var is not supplied 2015-11-20 09:39:17 -06:00
clint shryock 4d0699b9dd mark snapshots as computed for ElastiCache clusters 2015-11-20 09:39:17 -06:00
clint shryock 01b9af40d1 fix resource name in test 2015-11-19 15:44:40 -06:00
clint shryock 0874347478 update ami id for test 2015-11-19 15:37:05 -06:00
clint shryock fd251e8b45 rename TestAccAWSRoute53Record_weighted to TestAccAWSRoute53Record_weighted_basic to test in isolation 2015-11-18 16:08:23 -06:00
Clint 5024d66f3c Merge pull request #3970 from hashicorp/b-aws-iam-policy-attachfix
providers/aws: Fix typo in error checking for IAM Policy Attachments
2015-11-18 13:57:03 -06:00
clint shryock 5482e98927 Fix typo in error checking for IAM Policy Attachments 2015-11-18 13:48:46 -06:00
Paul Hinze a211fc3469 Merge pull request #3965 from hashicorp/b-aws-sg-rules-v2-race
provider/aws: serialize SG rule access to fix race condition
2015-11-18 12:47:55 -06:00
Paul Hinze 6b6b5a43c3 provider/aws: serialize SG rule access to fix race condition
Because `aws_security_group_rule` resources are an abstraction on top of
Security Groups, they must interact with the AWS Security Group APIs in
a pattern that often results in lots of parallel requests interacting
with the same security group.

We've found that this pattern can trigger race conditions resulting in
inconsistent behavior, including:

 * Rules that report as created but don't actually exist on AWS's side
 * Rules that show up in AWS but don't register as being created
   locally, resulting in follow up attempts to authorize the rule
   failing w/ Duplicate errors

Here, we introduce a per-SG mutex that must be held by any security
group before it is allowed to interact with AWS APIs. This protects the
space between `DescribeSecurityGroup` and `Authorize*` / `Revoke*`
calls, ensuring that no other rules interact with the SG during that
span.

The included test exposes the race by applying a security group with
lots of rules, which based on the dependency graph can all be handled in
parallel. This fails most of the time without the new locking behavior.

I've omitted the mutex from `Read`, since it is only called during the
Refresh walk when no changes are being made, meaning a bunch of parallel
`DescribeSecurityGroup` API calls should be consistent in that case.
2015-11-18 12:39:59 -06:00
Nashwan Azhari da8314ce8a provider/aws: removed build-blocking unused variable. 2015-11-18 15:08:45 +02:00
Radek Simko 306046b82b Merge pull request #3955 from cbusbey/db_subnet_spaces
allow spaces in db subnet name
2015-11-17 22:38:36 +00:00
Clint 0bd8b32637 Merge pull request #3237 from GrayCoder/group-work
provider/aws: add support for group name and path changes with group update function
2015-11-17 16:37:40 -06:00
Chris Busbey 12d51edeb6 allow spaces in db subnet name 2015-11-17 12:48:56 -08:00
Clint 2ed867b5ab Merge pull request #3945 from hashicorp/b-aws-r53-record-zone-fix
provider/aws: Fix crash in Route53 Record if Zone not found
2015-11-17 09:10:50 -06:00
Brandon Rochon 6875e9aaec Issue #3894 RDS publicly_accessible param shouldn't force new resource
Change-Id: I0a10e050ca1c4f2dde5e04f237de6115723522d8
2015-11-16 17:47:35 -08:00
Radek Simko 00d0551933 aws: Add missing dereference operator 2015-11-16 23:19:45 +00:00
clint shryock 1413d032ee provider/aws: Fix crash in Route53 Record if Zone not found 2015-11-16 17:15:17 -06:00
clint shryock 901e5fbf9f fix log reference 2015-11-16 17:14:02 -06:00
clint shryock 8085e55eda fix issue with undefined var 2015-11-16 16:29:52 -06:00