This fixes an issue where an empty s3_origin_config could be supplied to
aws_cloudfront_distribution, "correctly" setting an empty default value.
Unfortunately the rest of the CloudFront structure helper functions are
not equipped to deal with this kind of scenario, and TF produces
spurious diffs upon future runs.
This removes the default and makes origin_access_identity required when
specifying s3_origin_config.
Note that it has always been intended behaviour that if someone does not
want to use an origin access identity, that s3_origin_config should not
be specified at all. This behaviour still works, as should be evident by
the (still) passing tests.
Fixeshashicorp/terraform#7930.
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.
Fixeshashicorp/terraform#8730.
* provider/aws: Fix importing of EIP by IP address
EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.
This PR does:
- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id
I chose not to document that looking up by IP is a method of import,
because the AWS API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.
Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.
* fix issue with swapping IDs on EC2 Classic
* update docs
* update comment
* provider/aws: Wait for Spot Fleet to drain before removing from state
Ensures the spot fleet is drained before reporting successful destroy
and moving on
* remove unreachable code
* hack to sleep and test regression/leak
* fix broken english in warning
aws_alb_target_group will ForceNew resource
Fixes#8741
The modify-target-group doesn't allow changes to name, port, protocol or
vpc_id - therefore, they should all be ForceNew: true
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/22 16:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (50.66s)
=== RUN TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (84.48s)
=== RUN TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (95.89s)
=== RUN TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (85.77s)
=== RUN TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (85.00s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (88.11s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (82.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 572.083s
```
This commits allows for the helper function to return an error which
would bubble up from e.g. JSON parsing, etc.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
This commit also removes unnecessary code from the StateFunc function,
and reduces it so that it only uses the normalizeJsonString helper.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Added the cluster address as a separate attribute to the configuration endpoint. When using the configuration endpoint in conjunction with route 53 it was appending the cluster address with the port and invalidating the route 53 record.
* Add JSON validation to the aws_cloudwatch_event_rule resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string. Also adds new validation function
to wrap around the aforementioned helper.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Re-factor validation function.
This commit changes the logic of the function so that it would check length of
the normalised JSON string over the given string, plus short-circuit early
should JSON would not be valid.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds support for new helper function which is used to
normalise and validate JSON string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add normalizeJsonString and validateJsonString functions.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add unit test for the normalizeJsonString helper function.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Fix. Remove incrrect format string.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Remove surplus type assertion.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add unit test for the validateJsonStringhelper function.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Remove surplus whitespaces.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
When creating a CloudWatch Metric for an Application Load Balancer it is
neccessary to use the suffix of the ARN as the reference to the load
balancer. This commit exposes that as an attribute on the `aws_alb`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#8808.
In order to satisify scenarios where a lifecycle is block is used, we
would need the AWS ALB name field to be autogenerated. WE follow the
same work as AWS ELB, we prefix it with `tl-lb-`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/08 12:43:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (79.81s)
=== RUN TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (93.81s)
=== RUN TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (73.48s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (181.32s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (66.03s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (130.82s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 625.285s
```
enhanced monitoring
Fixes#8699
When configuring enhanced monitoring, a user got the following error:
```
* aws_db_instance.db: unexpected state 'configuring-enhanced-monitoring',
wanted target '[available]'``
We have added this to the list of pending states we have when creating
and updating an RDS instance
Fixes#8541
The Update timeout and delete timeouts were a little short. Bumped them
to 60 mins and 90 mins respectively. I have been on the receiving of the
timeout for the Delete function
This is a requirement for enabling CloudWatch Logging on Kinesis
Firehost
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchLogStream_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:19:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudWatchLogStream_ -timeout 120m
=== RUN TestAccAWSCloudWatchLogStream_basic
--- PASS: TestAccAWSCloudWatchLogStream_basic (22.31s)
=== RUN TestAccAWSCloudWatchLogStream_disappears
--- PASS: TestAccAWSCloudWatchLogStream_disappears (21.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 43.538s
Update the aws_vpc_peering_connection resource to allow peer_owner_id
to be omitted, defaulting to the connected AWS account ID (ie: for
VPC-to-VPC peers in the same account).
Also included is a doc cleanup and updates to the peer test in
resource_aws_route_table_test.go.
This fixeshashicorp/terraform#6396.
This replaces the previous `role_arn` with a block which looks like
this:
```
provider "aws" {
// secret key, access key etc
assume_role {
role_arn = "<Role ARN>"
session_name = "<Session Name>"
external_id = "<External ID>"
}
}
```
We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.
Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
delete
Fixes#6679
When we change the type of a record, it forces a new resource. We never
waited for the recordset to be in-sync after a deletion.
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRoute53Record_'
% ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:55:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (85.54s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (101.75s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (84.01s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (85.08s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (97.12s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (141.08s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (91.25s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (89.01s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (88.91s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (103.10s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (174.71s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (89.50s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (89.12s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (138.09s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (88.51s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
1684.774s
```
availability zone
Fixes#4752
According to the AWS Documentation, when `describing-vpn-gateways`
```
AvailabilityZone -> (string)
The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
```
Therefore, if we pass an availability zone as part of vpn gateway, then it may come back as an empty string. If we set this empty string back to state, then the next plan will look as follows:
```
-/+ aws_vpn_gateway.vpn_gateway
availability_zone: "" => "us-west-2a" (forces new resource)
tags.%: "1" => "1"
tags.Name: "vpn-us-west-2" => "vpn-us-west-2"
vpc_id: "vpc-1e9da47a" => "vpc-1e9da47a"
Plan: 1 to add, 0 to change, 1 to destroy.
```
If the availability_zone comes back from AWS as an empty string, then we should not set it to state to avoid forcing a new resource for the user
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:10:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- FAIL: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (36.11s)
testing.go:265: Step 0 error: Check failed: Check 2/2 error: aws_vpn_gateway.foo: Attribute 'availability_zone' expected "us-west-2a", got ""
FAIL
exit status 1
FAIL github.com/hashicorp/terraform/builtin/providers/aws 36.130s
make: *** [testacc] Error 1
[stacko@Pauls-MacBook-Pro:~/Code/go/src/github.com/hashicorp/terraform on master]
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:12:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- PASS: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (46.50s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 46.517s
```
* provider/aws: Refresh `aws_elasticsearch_domain` from state when
RecordNotFoundException
Fixes#3967
When an ElasticSearch domain has been deleted outside of Terraform, the
next Terraform operation would return the following:
```
* aws_elasticsearch_domain.curvelogic_es: ResourceNotFoundException:
* Domain not found: curvelogic-es
status code: 409, request id: 6e4b2371-8e1a-11e5-bd07-7741b705d65c
```
We now refresh the resource from state when it is no longer found
* Update resource_aws_elasticsearch_domain.go
This commit adds a simple validation of the target in the Health Check block in
order to reduce the number of issues related to the type, port and path values,
especially when the TCP and SSL type was used.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit increases the timeout, delay and minimum timeout values in
order to resolve a timeout potentially occurring when the VPC gateway
is being attached.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.
In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
* provider/aws: Add errcheck to Makefile, error on unchecked errors
* more exceptions
* updates for errcheck to pass
* reformat and spilt out the ignore statements
* narrow down ignores
* fix typo, only ignore Close and Write, instead of close or write
Fixes#8612
The SSL Policy is optional - if you don't add it and create a HTTPS Alb
Listener, AWS will add the policy for you. Without being computed, we
would get a diff
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListener_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 17:16:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListener_
-timeout 120m
=== RUN TestAccAWSALBListener_basic
--- PASS: TestAccAWSALBListener_basic (70.45s)
=== RUN TestAccAWSALBListener_https
--- PASS: TestAccAWSALBListener_https (63.20s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 133.667s
```
The timeout was increased to 40 minutes when creating a new cluster in https://github.com/hashicorp/terraform/pull/8052. However when creating a cluster from a snapshot the timeout is still 15 minutes. I've increased this to 40 minutes.
running
Each nightly build was leaving multiple instances running. The issue is
that the IAM role we were using didn't have access to Terminate the EC2
instances
The role was missing the ec2 principle
* Handle missing EFS mount target in aws_efs_mount_target.
This commit resolves issue where the EFS mount target would be already
deleted (e.g. it was deleted outside of Terraform, etc.). Also, correct
how values are begin set in the ReadFunc to avoid nil pointer dereference.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add EFS mount target DNS helper function.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add EFS mount target response helper.
This commit adds a helper which can be used to check whether the response
contains a valid and non-empty list of EFS file system mount targets.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add acceptance test to check for non-empty plan.
This commit adds a test to verify the condition where the underlying EFS mount
target would be deleted and/or disappear resulting in a new resource to be
created to replace it.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* [WIP] AWS APIGateway Custom Authorizer
* provider/aws: api_gateway_method - Add missing fields to Read+Update
* provider/aws: Make API Gateway name in test more specific
* provider/aws: APIG - Use minimal configuration in create request
terraform run
Fixes#3550
The simple fix here was to check if the Resource was new (to set the
value the first time) then check it has changed each time
I was able to see from the TF log the following:
```
Config
resource "aws_vpc" "foo" {
cidr_block = "10.10.0.0/16"
}
resource "aws_subnet" "foo" {
cidr_block = "10.10.1.0/24"
vpc_id = "${aws_vpc.foo.id}"
}
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${aws_subnet.foo.id}"
source_dest_check = false
disable_api_termination = true
}
```
No longer caused any Modifying source_dest_check entries in the LOG
* provider/aws: Add docs for Default Route Table
* add new default_route_table_id attribute, test to VPC
* stub
* add warning to docs
* rough implementation
* first test
* update test, add swap test
* fix typo
Fixes#8468
If a user wished to bump the `engine_version` of an RDS instance,
Terraform was not sending `allow_major_version_upgrade` to the API
*unless* that value also changed at the same time. This caused the
following error from RDS API:
```
* aws_db_instance.bar: Error modifying DB Instance
* tf-20160825101420910562798obb: InvalidParameterCombination: The
* AllowMajorVersionUpgrade flag must be present when upgrading to a new
* major version.
status code: 400, request id: 20e36364-6ab0-11e6-b794-51f12f4135f1
```
This change will always send the `allow_major_version_upgrade` flag to
the API when the `engine_version` changes.
This still relies on the user setting the correct value i.e. if they are
upgrading from postgres 0.4.7 -> 9.5.2 then the config will need to set
the `allow_major_version_upgrade` flag to be `true`
* provider/aws: add `aws_ssm_document` resource
* provider/aws: Changes to `aws_ssm_document` post code review
The changes are things like using d.Id rather than d.Get("name").(string)
and errwrap.Wrapf rather than fmt.Errorf
* Fix crash when reading VPC Peering Connection options.
This resolves the issue introduced in #8310.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Do not de-reference values when using Set().
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* provider/aws: Update VPC Peering connect accept/request attributes
* change from type list to type set
* provider/aws: Update VPC Peering accept/requst options, tests
* errwrap some things
* provider/aws: Refresh `aws_cloudwatch_event_target` from state on
`ResourceNotFoundException`
Fixes#6928
@radeksimko FYI :)
* Update resource_aws_cloudwatch_event_target.go
* provider/aws: Change Spot Fleet Request to allow a combination of
subnet_id and availability_zone
Also added a complete set of tests that reflect all of the use cases
that Amazon document
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-examples.html
It is important to note there that Terraform will be suggesting that
users create multiple launch configurations rather than AWS's version of
combing values into CSV based parameters. This will ensure that we are
able to enforce the correct state
Also note that `associate_public_ip_address` now defaults to `false` - a migration has been
included in this PR to migration users of this functionality. This needs
to be noted in the changelog. The last part of changing functionality
here is waiting for the state of the request to become `active`. Before
we get to this state, we cannot guarantee that Amazon have accepted the
request or it could have failed validation.
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSpotFleetRequest_'
% 2 ↵
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 15:44:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_changePriceForcesNewRequest
--- PASS: TestAccAWSSpotFleetRequest_changePriceForcesNewRequest (133.90s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion (76.67s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList (75.22s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList (96.95s)
=== RUN TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz (74.44s)
=== RUN TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet (97.82s)
=== RUN TestAccAWSSpotFleetRequest_overriddingSpotPrice
--- PASS: TestAccAWSSpotFleetRequest_overriddingSpotPrice (76.22s)
=== RUN TestAccAWSSpotFleetRequest_diversifiedAllocation
--- PASS: TestAccAWSSpotFleetRequest_diversifiedAllocation (79.81s)
=== RUN TestAccAWSSpotFleetRequest_withWeightedCapacity
--- PASS: TestAccAWSSpotFleetRequest_withWeightedCapacity (77.15s)
=== RUN TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 788.184s
```
* Update resource_aws_spot_fleet_request.go
* provider/aws: Refresh `aws_autoscaling_policy` from state on 404
Fixes#8386
When an Autoscaling Group Or an Autoscaling Group Policy has been
deleted manually, terraform was throwing an error as follows:
```
* aws_autoscaling_policy.increase: Error retrieving scaling policies: ValidationError: Group sandbox-logs-logstash-wxhsckky3ndpzd7b3kmyontngy not found
status code: 400, request id: 56a89814-6884-11e6-b3a8-d364cf04223b
```
We now refresh from state on a ValidationError - this is a common 4xx error according to AWS documentation http://docs.aws.amazon.com/AutoScaling/latest/APIReference/CommonErrors.html
```
%make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingPolicy_disappears'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingPolicy_disappears -timeout 120m
=== RUN TestAccAWSAutoscalingPolicy_disappears
--- PASS: TestAccAWSAutoscalingPolicy_disappears (203.61s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 203.633s
```
* Update resource_aws_autoscaling_policy.go
Replication Groups
In order to be able to restore a named snapshot as ElastiCache Cluster
or a Replication Group, the `snapshot_name` parameter was needed to be
passed. Changing the `snapshot_name` will force a new resource to be
created
```
```
resources
Fixes#8420
Adds the ability to update tags on the ALB resource as well as
supporting tags on `aws_alb_target_group`
```
ALB Tests:
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 19:30:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (67.18s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (99.88s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (62.49s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (126.25s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 355.835s
```
```
ALB Target Group Tests:
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 19:37:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.26s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (81.01s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (78.74s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 207.025s
```
Renamed the local_name_filter attribute to name_regex and made it clear in the
docs that this runs locally and could have a performance impact on a large set
of AMIs returned from AWS.
`aws_elasticache_replication_group`
Fixes#8377
Now we can output the endpoint of the primary
```
resource "aws_elasticache_replication_group" "bar" {
replication_group_id = "tf-11111"
replication_group_description = "test description"
node_type = "cache.m1.small"
number_cache_clusters = 2
port = 6379
parameter_group_name = "default.redis2.8"
apply_immediately = true
}
output "primary_endpoint_address" {
value = "${aws_elasticache_replication_group.bar.primary_endpoint_address}"
}
```
This gives us:
```
% terraform apply
...................
aws_elasticache_replication_group.bar: Creation complete
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
primary_endpoint_address = tf-11111.d5jx4z.ng.0001.use1.cache.amazonaws.com
```
This was the addition of a computed field only so the basic test still works as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_basic' ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 17:11:13 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheReplicationGroup_basic -timeout 120m
=== RUN TestAccAWSElasticacheReplicationGroup_basic
--- PASS: TestAccAWSElasticacheReplicationGroup_basic (741.71s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 741.735s
```
The AWS documentation tells us the following:
```
--replication-group-id (string)
The replication group identifier. This parameter is stored as a
lowercase string.
Constraints:
A name must contain from *1 to 20* alphanumeric characters or hyphens.
The first character must be a letter.
A name cannot end with a hyphen or contain two consecutive hyphens.
```
This is not correct and is causing users errors:
```
* aws_elasticache_replication_group.bar: Error creating Elasticache
* Replication Group: InvalidParameterValue: Replication group id should
* be no more than 16 characters.
status code: 400, request id:
```
Tuning the Validation from 20 to 16 characters to avoid user issues
In cases where the filters provided by AWS against the name of an AMI are not
sufficient, allow adding a "local_name_filter" which is a regex that is used
to filter the AMIs returned by amazon.
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints, and then use this base path mapping
resource to expose a particular API deployment at a path on such a domain.
The acceptance tests use certificates from the aws_api_gateway_domain_name
tests which expire in 2026; we'll need to generate some more certificates
before we get there.
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints. The domain name resource just claims
the domain name; a user would then use a "base path mapping" resource
(to be implemented in a later commit) to map a particular API to a
particular path prefix on that domain.
The acceptance tests contain some TLS certificates that expire in 2026;
we'll need to generate some more certificates before we get there.
NotFound
Fixes#8375
When a Lambda or an associated Event Source Mapping has been removed via
the AWS Console, Terraform throws an error similar to the following:
```
Error refreshing state: 1 error(s) occurred:
* aws_lambda_event_source_mapping.dmp_enrichment_event_source_mapping:
* ResourceNotFoundException: The resource you requested does not exist.
status code: 404, request id: a17c641d-6868-11e6-accf-3d0ea71934fa
```
the resource should be refreshed from the state when this happens so
that subsequent plans show it needs to be recreated
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLambdaEventSourceMapping_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 16:15:54 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSLambdaEventSourceMapping_ -timeout 120m
=== RUN TestAccAWSLambdaEventSourceMapping_basic
--- PASS: TestAccAWSLambdaEventSourceMapping_basic (120.81s)
=== RUN TestAccAWSLambdaEventSourceMapping_disappears
--- PASS: TestAccAWSLambdaEventSourceMapping_disappears (104.08s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 224.914s
```
This commit adds two optional blocks called "accepter" and "requester" to the
resource allowing for setting desired VPC Peering Connection options for VPCs
that participate in the VPC peering.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds an `arn` field to `aws_alb` and `aws_alb_target_group`
resources, in order to present a more coherant user experience to people
using resource variables in fields suffixed "arn".
This commit fixes#8264 by making the security_groups attribute on
aws_alb resources computed, allowing the default security group assigned
by AWS to not generate perpetual plans forcing new resources.
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.
This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.
This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
* provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be
Updatable
Fixes#7809
This commit adds support for `source_ids` to be updated rather than
forcing new each time. Unfortunately, it must range over the difference
in the source_ids and add and remove them 1 at a time. AWS does not
support batch updating source_ids
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBEventSubscription_ -timeout 120m
=== RUN TestAccAWSDBEventSubscription_basicUpdate
--- PASS: TestAccAWSDBEventSubscription_basicUpdate (1277.87s)
=== RUN TestAccAWSDBEventSubscription_withSourceIds
--- PASS: TestAccAWSDBEventSubscription_withSourceIds (1012.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
2290.844s
```
* Update resource_aws_db_event_subscription.go
* provider/aws: Adds an acceptance test that makes sure that manual deletions mean a non-empty plan
* provider/aws: Adds an acceptance test to prove that manual deletion causes a non-empty plan
* provider/aws: Add failing ETC + notifications test
* tidy up the docs some
* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this
http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 19.483s
or availability_zone
Fixes#8000
There was a hard coded panic in the code!!!
```
panic(
fmt.Sprintf(
"Must set one of:\navailability_zone %#v\nsubnet_id: %#v",
m["availability_zone"],
m["subnet_id"])
)
```
This was causing issues when we set neither an availability zone or a subnet id.
This has been removed and is now handled with an error rather than a panic.
This was what happened with the new test before the fix:
```
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
panic: Must set one of:
availability_zone ""
subnet_id: ""
goroutine 129 [running]:
panic(0x11377a0, 0xc8202abfc0)
/opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
github.com/hashicorp/terraform/builtin/providers/aws.hashLaunchSpecification(0x11361a0, 0xc8202e07e0, 0xc800000001)
/Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_spot_fleet_request.go:953 +0x685
github.com/hashicorp/terraform/helper/schema.(*Set).hash(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0x0, 0x0)
/Users/stacko/Code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:180 +0x40
github.com/hashicorp/terraform/helper/schema.(*Set).add(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0xc820276900, 0x0, 0x0)
```
The test then ran fine after the fix:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:03:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (32.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 32.384s
```
Full test run looks as follows:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_' ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:04:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_basic
--- PASS: TestAccAWSSpotFleetRequest_basic (33.78s)
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (33.59s)
=== RUN TestAccAWSSpotFleetRequest_launchConfiguration
--- PASS: TestAccAWSSpotFleetRequest_launchConfiguration (35.26s)
=== RUN TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 102.648s
```
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.
This will need revisiting and further testing once the work for
AssumeRole is integrated.
Fixes#7812
All of the options of `aws_db_security_group` ingress rules are
optional. Therefore, when one of them isn't set (and AWS doesn't
calculate the value), Terraform threw a panic
This commit just defensively codes around this fact. It checks to make
sure there is a value returned from the API before adding it to the map
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_ -timeout 120m
=== RUN TestAccAWSDBSecurityGroup_basic
--- PASS: TestAccAWSDBSecurityGroup_basic (38.66s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 38.682s
```
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
in the process
Fixes#7577
7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.
The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Overriding S3 endpoint - Enable specifying your own
S3 api endpoint to override the default one, under
endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
configuration to the provider.
This commit fixes an issue where CORS rules would not be read and thus refreshed
correctly should there be a change introduced externally e.g. CORS configuration
was edited outside of Terraform.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* provider/aws: Re-implement api gateway parameter handling
this PR cleans up some left overs from PR #4295, namely the parameter handling.
now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.
* Add deprecation message and conflictsWith settings
following @radeksimko s advice, keeping the old code around with a deprecation
warning.
this should be cleaned up in a few releases
* provider/aws: fix missing append operation
* provider/aws: mark old parameters clearly as deprecated
* provider/aws work around #8104
following @radeksimko s lead
* provider/aws fix cnp error
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
* Skip IAM/STS validation and metadata check
* Skip IAM/STS identity validation - For environments or other api
implementations where there are no IAM/STS endpoints available, this
option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
time there isn't going to be a metadta api endpoint, this option lets
you opt out from that check to save time.
* Allow iam/sts initialization even if skipping account/cred validation
(#7874)
* Split out skip of IAM validation into credentials and account id
(#7874)
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Various string slices are sorted and truncated to strings if they
only contain one element.
* Sids are now included if they are empty.
This is to ensure what is sent to AWS matches what comes back, to
prevent recurring diffs even when the policy has changed.
Any S3 Bucket owner may wish to share data but not incur charges associated
with others accessing the data. This commit adds an optional "request_payer"
attribute to the aws_s3_bucket resource so that the owner of the S3 bucket can
specify who should bear the cost of Amazon S3 data transfer.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Version 1.3.1 deprecates use of `session.New()` in favour of
`session.NewSession()`, which also returns an error. This commit updates
the various call sites previously making use of `session.New()`.
or us-gov
Fixes#7969
`acceleration_status` is not available in China or US-Gov data centers.
Even querying for this will give the following:
```
Error refreshing state: 1 error(s) occurred:
2016/08/04 13:58:52 [DEBUG] plugin: waiting for all plugin processes to
complete...
* aws_s3_bucket.registry_cn: UnsupportedArgument: The request contained
* an unsupported argument.
status code: 400, request id: F74BA6AA0985B103
```
We are going to stop any Read calls for acceleration status from these
data centers
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSS3Bucket_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSS3Bucket_
-timeout 120m
=== RUN TestAccAWSS3Bucket_Notification
--- PASS: TestAccAWSS3Bucket_Notification (409.46s)
=== RUN TestAccAWSS3Bucket_NotificationWithoutFilter
--- PASS: TestAccAWSS3Bucket_NotificationWithoutFilter (166.84s)
=== RUN TestAccAWSS3Bucket_basic
--- PASS: TestAccAWSS3Bucket_basic (133.48s)
=== RUN TestAccAWSS3Bucket_acceleration
--- PASS: TestAccAWSS3Bucket_acceleration (282.06s)
=== RUN TestAccAWSS3Bucket_Policy
--- PASS: TestAccAWSS3Bucket_Policy (332.14s)
=== RUN TestAccAWSS3Bucket_UpdateAcl
--- PASS: TestAccAWSS3Bucket_UpdateAcl (225.96s)
=== RUN TestAccAWSS3Bucket_Website_Simple
--- PASS: TestAccAWSS3Bucket_Website_Simple (358.15s)
=== RUN TestAccAWSS3Bucket_WebsiteRedirect
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (380.38s)
=== RUN TestAccAWSS3Bucket_WebsiteRoutingRules
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (258.29s)
=== RUN TestAccAWSS3Bucket_shouldFailNotFound
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (92.24s)
=== RUN TestAccAWSS3Bucket_Versioning
--- PASS: TestAccAWSS3Bucket_Versioning (654.19s)
=== RUN TestAccAWSS3Bucket_Cors
--- PASS: TestAccAWSS3Bucket_Cors (143.58s)
=== RUN TestAccAWSS3Bucket_Logging
--- PASS: TestAccAWSS3Bucket_Logging (249.79s)
=== RUN TestAccAWSS3Bucket_Lifecycle
--- PASS: TestAccAWSS3Bucket_Lifecycle (259.87s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
3946.464s
```
thanks to @kwilczynski and @radeksimko for the research on how to handle the generic
errors here
Running these over a 4G tethering connection has been painful :)
Add firehose elasticsearch configuration documentation
Adding CRUD for elastic search as firehose destination
Updated the firehose stream documentation to add elastic search as destination example.
Adding testing for es as firehose destination
Update the test case for es
ARNs used to be build using the iamconn.GetUser func call. This wouldn't
work on some scenarios and was changed so that we can expose the
AccountId and Region via meta
This commit just changes the build ARN funcs to use this new way of
doing things
* provider/aws: Fix issue updating ElasticBeanstalk Environment Settings
Fixes the logic that updated settings for Elastic Beanstalk Environments.
Because the update is done in the same API call, we need to split removals /
additions.
Fixes#6890
* add acc test that fails on master
the `aws_iam_group_membership` resource
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSGroupMembership_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSGroupMembership_ -timeout 120m
=== RUN TestAccAWSGroupMembership_basic
--- PASS: TestAccAWSGroupMembership_basic (74.14s)
=== RUN TestAccAWSGroupMembership_paginatedUserList
--- PASS: TestAccAWSGroupMembership_paginatedUserList (273.29s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 347.447s
```
The S3 API has two parameters that can be passed to it (HostName
and Protocol) for the RedirectAllRequestsTo functionality.
HostName is somewhat poorly named because it need not be only a
hostname (it can contain a path too.)
The terraform code for this was treating the API as the parameter
name suggests and was truncating out any paths that were passed.
This commit adds VPN Gateway attachment resource, and also an initial tests and
documentation stubs.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#7996
The Create func was using the timeout that we were passing to the
resource. Update func was not.
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSCloudFormation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudFormation_ -timeout 120m
=== RUN TestAccAWSCloudFormation_basic
--- PASS: TestAccAWSCloudFormation_basic (120.61s)
=== RUN TestAccAWSCloudFormation_defaultParams
--- PASS: TestAccAWSCloudFormation_defaultParams (121.40s)
=== RUN TestAccAWSCloudFormation_allAttributes
--- PASS: TestAccAWSCloudFormation_allAttributes (263.29s)
=== RUN TestAccAWSCloudFormation_withParams
--- PASS: TestAccAWSCloudFormation_withParams (205.52s)
=== RUN TestAccAWSCloudFormation_withUrl_withParams
--- PASS: TestAccAWSCloudFormation_withUrl_withParams (402.71s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
1113.552s
```
`elasticsearch_version` 2.3
Fixes#7836
This will allow ElasticSearch domains to be deployed with version 2.3 of
ElasticSearch
The other slight modifications are to stop dereferencing values before
passing to d.Set in the Read func. It is safer to pass the pointer to
d.Set and allow that to dereference if there is a value
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticSearchDomain_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticSearchDomain_ -timeout 120m
=== RUN TestAccAWSElasticSearchDomain_basic
--- PASS: TestAccAWSElasticSearchDomain_basic (1611.74s)
=== RUN TestAccAWSElasticSearchDomain_v23
--- PASS: TestAccAWSElasticSearchDomain_v23 (1898.80s)
=== RUN TestAccAWSElasticSearchDomain_complex
--- PASS: TestAccAWSElasticSearchDomain_complex (1802.44s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 5313.006s
```
Update resource_aws_elasticsearch_domain.go
This commit resolves the issue where lack of snapshot ID in the device mapping
section of the API response to DescribeImagesResponse would cause Terraform to
crash due to a nil pointer dereference. Usually, the snapshot ID is included,
but in some unique cases (e.g. ECS-enabled AMI from Amazon available on the
Market Place) a volume that is attached might not have it.
The API documentation does not clearly define whether the snapshot ID either
should be or must be included for any volume in the response.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add state filter to aws_availability_zones data source.
This commit adds an ability to filter Availability Zones based on state, where
by default it would only list available zones.
Be advised that this does not always works reliably for an older accounts which
have been created in the pre-VPC era of EC2. These accounts tends to retrieve
availability zones that are not VPC-enabled, thus creation of a custom subnet
within such Availability Zone would result in a failure.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Update documentation for aws_availability_zones data source.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Do not filter on state by default.
This commit makes the state filter applicable only when set.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
We create hundreds of AWS Elasticsearch resources over the last few months and we get occasional timeout failures from AWS. This will PR is to increase the timeout once again. I did it before:
https://github.com/hashicorp/terraform/pull/5910/files
But we've seen enough timeouts from AWS on this resource that increasing the timeout seems like the only solution.
When migrating the state of an `aws_route53_record`, a v0 state was
never upgraded to v2, and a typo in a unit test masked this. This commit
fixes the migration by chaining the invocation of the migration
function, and corrects the test.
This test overrides the AWS_DEFAULT_REGION parameter as the security
groups are created in us-east-1 (due to classic VPC requirements)
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_importBasic -timeout 120m
=== RUN TestAccAWSDBSecurityGroup_importBasic
--- PASS: TestAccAWSDBSecurityGroup_importBasic (49.46s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 49.487s
```
deleted state
Fixes#7859
When a VPN Gateway has been manually deleted, we should expect it to be
added back to the plan
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_
-timeout 120m
=== RUN TestAccAWSVpnGateway_importBasic
--- PASS: TestAccAWSVpnGateway_importBasic (247.94s)
=== RUN TestAccAWSVpnGateway_basic
--- PASS: TestAccAWSVpnGateway_basic (409.50s)
=== RUN TestAccAWSVpnGateway_reattach
--- PASS: TestAccAWSVpnGateway_reattach (211.33s)
=== RUN TestAccAWSVpnGateway_delete
--- PASS: TestAccAWSVpnGateway_delete (121.10s)
=== RUN TestAccAWSVpnGateway_tags
--- PASS: TestAccAWSVpnGateway_tags (125.38s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
1115.274s
```
This changes the behaviour of `aws_api_gateway_integration` to set the
`passthrough_behaviour` to be computed as this was breaking the import
test
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAPIGatewayApiKey_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSAPIGatewayApiKey_importBasic -timeout 120m
=== RUN TestAccAWSAPIGatewayApiKey_importBasic
--- PASS: TestAccAWSAPIGatewayApiKey_importBasic (50.19s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 50.210s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAPIGatewayIntegration_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSAPIGatewayIntegration_ -timeout 120m
=== RUN TestAccAWSAPIGatewayIntegration_basic
--- PASS: TestAccAWSAPIGatewayIntegration_basic (67.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 67.449s
```
* Add ability to set Performance Mode in aws_efs_file_system.
The Elastic File System (EFS) allows for setting a Performance Mode during
creation, thus enabling anyone to chose performance of the file system according
to their particular needs. This commit adds an optional "performance_mode"
attribte to the aws_efs_file_system resource so that an appropriate mode can be
set as needed.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add test coverage for the ValidateFunc used.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add "creation_token" and deprecate "reference_name".
Add the "creation_token" attribute so that the resource follows the API more
closely (as per the convention), thus deprecate the "reference_name" attribute.
Update tests and documentation accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#7423
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_loggingEnabled'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftCluster_loggingEnabled -timeout 120m
=== RUN TestAccAWSRedshiftCluster_loggingEnabled
--- PASS: TestAccAWSRedshiftCluster_loggingEnabled (675.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 675.233s
```
the Read func
Fixes#7782
Lambda functions are eventually consistent :( Therefore, when we move
from the Create func to the Read func, there is a chance that the Lambda
hasn't replicated yet and we could therefore find that it doesn't exist
and delete it as follows:
```
params := &lambda.GetFunctionInput{
FunctionName: aws.String(d.Get("function_name").(string)),
}
getFunctionOutput, err := conn.GetFunction(params)
if err != nil {
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
d.SetId("")
return nil
}
return err
}
```
This PR uses `d.IsNewResource()` to check if the Read is being called
after a Create and therefore, won't delete the lambda if not found. This
should allow the lambda to replicate
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLambdaFunction_'
=> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSLambdaFunction_ -timeout 120m
=== RUN TestAccAWSLambdaFunction_importLocalFile
--- PASS: TestAccAWSLambdaFunction_importLocalFile (36.64s)
=== RUN TestAccAWSLambdaFunction_importLocalFile_VPC
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (45.17s)
=== RUN TestAccAWSLambdaFunction_importS3
--- PASS: TestAccAWSLambdaFunction_importS3 (40.88s)
=== RUN TestAccAWSLambdaFunction_basic
--- PASS: TestAccAWSLambdaFunction_basic (44.77s)
=== RUN TestAccAWSLambdaFunction_VPC
--- PASS: TestAccAWSLambdaFunction_VPC (44.13s)
=== RUN TestAccAWSLambdaFunction_s3
--- PASS: TestAccAWSLambdaFunction_s3 (43.62s)
=== RUN TestAccAWSLambdaFunction_localUpdate
--- PASS: TestAccAWSLambdaFunction_localUpdate (33.49s)
=== RUN TestAccAWSLambdaFunction_localUpdate_nameOnly
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (51.83s)
=== RUN TestAccAWSLambdaFunction_s3Update
--- PASS: TestAccAWSLambdaFunction_s3Update (106.49s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 447.055s
```
Thanks to @radeksimko for pointing out `d.IsNewResource()`
using: `govendor add
github.com/aws/aws-sdk-go/service/applicationautoscaling@v1.2.5`
introduce a retry for scalable target creation
Due to possible inconsistencies in IAM, let's retry creation of the scalable target before we fail.
Added IAM role as part of acceptance test
Expose the network interface ID that is created with a new instance.
This can be useful when associating an existing elastic IP to the
default interface on an instance that has multiple network interfaces.
There were some changes required to the Read func to get this working.
The initial set of tests showed the following:
```
testing.go:255: Step 1 error: ImportStateVerify attributes not equivalent. Difference is shown below. Top is actual, bottom is expected.
(map[string]string) {
}
(map[string]string) (len=8) {
(string) (len=8) "hash_key": (string) (len=16) "TestTableHashKey",
(string) (len=23) "local_secondary_index.#": (string) (len=1) "1",
(string) (len=36) "local_secondary_index.884610231.name": (string) (len=12) "TestTableLSI",
(string) (len=52) "local_secondary_index.884610231.non_key_attributes.#": (string) (len=1) "0",
(string) (len=47) "local_secondary_index.884610231.projection_type": (string) (len=3) "ALL",
(string) (len=41) "local_secondary_index.884610231.range_key": (string) (len=15) "TestLSIRangeKey",
(string) (len=4) "name": (string) (len=38) "TerraformTestTable-2710929679033484576",
(string) (len=9) "range_key": (string) (len=17) "TestTableRangeKey"
}
```
On investigation, this was telling me that `hash_key`, `range_key`, `name` and `local_secondary_index` were not being set on the Read func
When they were being set, all looks as expected:
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDynamoDbTable_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDynamoDbTable_ -timeout 120m
=== RUN TestAccAWSDynamoDbTable_importBasic
--- PASS: TestAccAWSDynamoDbTable_importBasic (20.39s)
=== RUN TestAccAWSDynamoDbTable_basic
--- PASS: TestAccAWSDynamoDbTable_basic (39.99s)
=== RUN TestAccAWSDynamoDbTable_streamSpecification
--- PASS: TestAccAWSDynamoDbTable_streamSpecification (50.44s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 110.841s
```
* aws_db_parameter_group: Support more than 20 parameters in a single update
* create test to prove greater than 20 database parameters can be processed
* update test to prove updating greater than 20 database parameters can be processed
* Issues with certain key value database parameters
Cannot create a passing test for database parameters "innodb_file_per_table" and "binlog_format"
It seems that these parameters can be created and tested successfully
BUT after the "parameter group" has been destroyed, it then makes a "DescribeDBParameterGroups" call
This fails with a 404 error...makes sense since the group does not exist
Have very little understanding of how the test framework works, so am struggling to debug
Currently commented out to have a passing test
* reorder create database parameter group dataset
* reorder update database parameter group dataset
* typo: excede => exceed
* add one extra database parameter; now it is 41 in total
* added test for additonal database parameter added in previous commit
* remove commented out database parameters from test
* provider/aws: Delete access keys before deleting IAM user
* provider/aws: Put IAM key removal behind force_destroy option
* provider/aws: Move all access key deletion under force_destroy
* Add iam_user force_destroy to website
* provider/aws: Improve clarity of looping over pages in delete IAM user