Commit Graph

3357 Commits

Author SHA1 Message Date
Chris Marchesi c2b44217dd
provider/aws: Require CloudFront S3 origin origin_access_identity
This fixes an issue where an empty s3_origin_config could be supplied to
aws_cloudfront_distribution, "correctly" setting an empty default value.
Unfortunately the rest of the CloudFront structure helper functions are
not equipped to deal with this kind of scenario, and TF produces
spurious diffs upon future runs.

This removes the default and makes origin_access_identity required when
specifying s3_origin_config.

Note that it has always been intended behaviour that if someone does not
want to use an origin access identity, that s3_origin_config should not
be specified at all. This behaviour still works, as should be evident by
the (still) passing tests.

Fixes hashicorp/terraform#7930.
2016-09-23 13:10:50 +01:00
Chris Marchesi ec2b345ed0
provider/aws: Enable aws_cloudfront_distribution HTTP/2
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.

Fixes hashicorp/terraform#8730.
2016-09-23 13:10:33 +01:00
stack72 cea685099e
Merge branch 'elasticache-cluster-import' of https://github.com/AMeng/terraform into AMeng-elasticache-cluster-import 2016-09-23 10:04:57 +01:00
Clint b7ad602993 provider/aws: Fix importing of EIP by IP address (#8970)
* provider/aws: Fix importing of EIP by IP address

EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.

This PR does:

- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id

I chose not to document that looking up by IP is a method of import,
because the AWS  API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.

Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.

* fix issue with swapping IDs on EC2 Classic

* update docs

* update comment
2016-09-22 21:53:21 -05:00
Clint becdfef87b provider/aws: Wait for Spot Fleet to drain before removing from state (#8938)
* provider/aws: Wait for Spot Fleet to drain before removing from state

Ensures the spot fleet is drained before reporting successful destroy
and moving on

* remove unreachable code

* hack to sleep and test regression/leak

* fix broken english in warning
2016-09-22 15:22:27 -05:00
Paul Stack ecabebf5e6 Merge pull request #8989 from hashicorp/b-aws-alb-protocol-change-forcenew
provider/aws: VPC ID, Port, Protocol and Name change on aws_alb_target_group will ForceNew resource
2016-09-22 20:57:36 +01:00
Paul Stack 5cc4f17189 Merge pull request #8992 from kwilczynski/feature/check-error-aws_cloudformation_stack
provider/aws: Handle JSON parsing error in the ReadFunc for various JSON documents.
2016-09-22 17:28:24 +01:00
Krzysztof Wilczynski 828a8f4729
provider/aws: Handle JSON parsing error in the ReadFunc for various JSON documents.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 17:21:27 +01:00
stack72 9fbbc343e9
provider/aws: VPC ID, Port, Protocol and Name change on
aws_alb_target_group will ForceNew resource

Fixes #8741

The modify-target-group doesn't allow changes to name, port, protocol or
vpc_id - therefore, they should all be ForceNew: true

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/22 16:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (50.66s)
=== RUN   TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (84.48s)
=== RUN   TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (95.89s)
=== RUN   TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (85.77s)
=== RUN   TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (85.00s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (88.11s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (82.15s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    572.083s
```
2016-09-22 17:12:39 +01:00
Krzysztof Wilczynski c115d69d88
Allow buildPutRuleInputStruct helper function to return an error.
This commits allows for the helper function to return an error which
would bubble up from e.g. JSON parsing, etc.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 15:37:12 +01:00
Duncan 826ff3f0f0 provider/aws: fix option updates to beanstalk 2016-09-22 11:30:33 +01:00
Paul Stack 27a89ff405 Merge pull request #8671 from hashicorp/f-aws-firehose-cloudwatch
provider/aws: Add support for `cloudwatch_logging_options` to AWS Kinesis Firehose Delivery Streams
2016-09-22 10:01:44 +01:00
Paul Stack b2c7787380 Merge pull request #8907 from kwilczynski/feature/json-validation-data_source_aws_cloudformation_stack
provider/aws: Update aws_cloudformation_stack data source with new helper function.
2016-09-22 09:31:51 +01:00
Paul Stack 076fd93eb8 Merge pull request #8908 from kwilczynski/feature/json-validation-aws_s3_bucket
provider/aws: Add JSON validation to the aws_s3_bucket resource.
2016-09-22 09:30:38 +01:00
Paul Stack 283843241c Merge pull request #8906 from kwilczynski/feature/json-validation-aws_vpc_endpoint
[WIP]  provider/aws: Add JSON validation to the aws_vpc_endpoint resource.
2016-09-22 09:28:12 +01:00
Paul Stack f13e020376 Merge pull request #8898 from kwilczynski/feature/json-validation-aws_elasticsearch_domain
provider/aws: Add JSON validation to the aws_elasticsearch_domain resource.
2016-09-22 09:27:15 +01:00
Paul Stack c5afc1ad03 Merge pull request #8900 from kwilczynski/feature/json-validation-aws_kms_key
provider/aws: Add JSON validation to the aws_kms_key resource.
2016-09-22 09:26:12 +01:00
Krzysztof Wilczynski 8f689812d1
Handle JSON parsing error in the ReadFunc for the policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 09:02:46 +01:00
Krzysztof Wilczynski 6c27f175b5
Add JSON validation to the aws_sns_topic resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

This commit also removes unnecessary code from the StateFunc function,
and reduces it so that it only uses the normalizeJsonString helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 09:01:15 +01:00
Krzysztof Wilczynski 15d33c7fa4
Handle JSON parsing error in the ReadFunc for the policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:56:21 +01:00
Paul Stack a9dce86bf2 Merge pull request #8976 from kwilczynski/feature/check-error-aws_glacier_vault
provider/aws: Handle JSON parsing error in the ReadFunc for the access policy document.
2016-09-22 08:53:57 +01:00
Krzysztof Wilczynski dd1d41ddce
Handle JSON parsing error in the ReadFunc for the access policies document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:51:16 +01:00
Krzysztof Wilczynski d71ff1e122
Add JSON validation to the aws_elasticsearch_domain resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:50:00 +01:00
Paul Stack ab17d02faa Merge pull request #8978 from kwilczynski/feature/check-error-aws_cloudwatch_event_rule
provider/aws: Handle JSON parsing error in the ReadFunc for the event pattern document.
2016-09-22 08:47:40 +01:00
Krzysztof Wilczynski 0d68f6545d
Add JSON validation to the aws_kms_key resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:46:25 +01:00
Krzysztof Wilczynski 125e175186
Handle JSON parsing error in the ReadFunc for the policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:39:55 +01:00
Krzysztof Wilczynski 749e6ba893
Handle JSON parsing error in the ReadFunc for the template body document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:34:41 +01:00
Krzysztof Wilczynski 604de4007a
Handle JSON parsing error in the ReadFunc for the event pattern document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:32:59 +01:00
Krzysztof Wilczynski f1d3b21fd2
Update aws_cloudformation_stack data source with new helper function.
This commit adds support for new helper function which is used to
normalise JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:27:19 +01:00
Krzysztof Wilczynski a35695a804
Add JSON validation to the aws_s3_bucket resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:20:59 +01:00
Krzysztof Wilczynski ff4671030e
Handle JSON parsing error in the ReadFunc for the access policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 00:23:38 +01:00
clint shryock 61d795ed44 tidy up tests 2016-09-21 16:12:56 -05:00
Jay Wallace 45da08c67f
Allow use of protocol numbers for ah and esp 2016-09-21 11:52:23 -07:00
Krzysztof Wilczynski 7596991303
Add JSON validation to the aws_vpc_endpoint resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-21 19:21:12 +01:00
Paul Stack 773cfc8e8e Merge pull request #8903 from kwilczynski/feature/json-validation-aws_sns_topic_policy
provider/aws: Add JSON validation to the aws_sns_topic_policy resource.
2016-09-21 09:31:08 +01:00
Paul Stack 5753cbea64 Merge pull request #8901 from kwilczynski/feature/json-validation-aws_s3_bucket_policy
provider/aws: Add JSON validation to the aws_s3_bucket_policy resource.
2016-09-21 09:26:50 +01:00
Paul Stack 32e5a452c2 Merge pull request #8905 from kwilczynski/feature/json-validation-aws_sqs_queue_policy
provider/aws: Add JSON validation to the aws_sqs_queue_policy resource.
2016-09-21 09:20:58 +01:00
Paul Stack 3ad4056113 Merge pull request #8904 from kwilczynski/feature/json-validation-aws_sqs_queue
provider/aws: Add JSON validation to the aws_sqs_queue resource.
2016-09-21 09:14:41 +01:00
stack72 87f632cb92
provider/aws: `aws_elasticache_cluster` acceptance test for
`cluster_address`
2016-09-20 17:29:57 +01:00
stack72 10cddc8153
Merge branch 'aws_elasticache_cluster_address' of https://github.com/A-Gordon/terraform into A-Gordon-aws_elasticache_cluster_address 2016-09-20 17:09:11 +01:00
Paul Stack e9e1896ad4 Merge pull request #8775 from TimeIncOSS/f-aws-api-gateway-client-cert
provider/aws: Add API Gateway Client Certificate
2016-09-20 16:52:01 +01:00
A-Gordon de8b02e6e5 Added a cluster_address attribute to aws elasticache.
Added the cluster address as a separate attribute to the configuration endpoint. When using the configuration endpoint in conjunction with route 53 it was appending the cluster address with the port and invalidating the route 53 record.
2016-09-20 14:27:53 +01:00
James Nugent c777827cb8 Merge pull request #8915 from TimeIncOSS/b-aws-s3-policy-fix
provider/aws: Make it possible to remove S3 bucket policy
2016-09-20 13:29:58 +02:00
Krzysztof Wilczynski 9ef9956ee2 provider/aws: Add JSON validation to the aws_cloudwatch_event_rule resource. (#8897)
* Add JSON validation to the aws_cloudwatch_event_rule resource.

This commit adds support for new helper function which is used to
normalise and validate JSON string. Also adds new validation function
to wrap around the aforementioned helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Re-factor validation function.

This commit changes the logic of the function so that it would check length of
the normalised JSON string over the given string, plus short-circuit early
should JSON would not be valid.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-19 23:47:17 +01:00
Dennis Webb e6f2f2e39c fixed incorrect param name 2016-09-19 11:24:27 -04:00
Dennis Webb 22b442bed6 better if testing 2016-09-19 10:48:35 -04:00
Radek Simko f17fdc76fa
provider/aws: Import S3 bucket policy as a separate resource 2016-09-19 08:28:45 +01:00
Radek Simko 59a7a5ca27
provider/aws: Only read S3 bucket policy if it's set 2016-09-18 22:35:07 +01:00
Radek Simko 18bd206c38
provider/aws: Make s3_bucket.policy not Computed 2016-09-18 20:58:36 +01:00
Radek Simko 1c3258d629
provider/aws: Fix s3_bucket test for empty policy 2016-09-18 20:57:50 +01:00
Krzysztof Wilczynski 056d53e1fe Add JSON validation to the aws_glacier_vault resource. (#8899)
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-18 14:26:28 +01:00
Krzysztof Wilczynski bad81299c1 Add JSON validation to the aws_cloudformation_stack resource. (#8896)
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-18 13:37:21 +01:00
Krzysztof Wilczynski 80f799f69b
Add JSON validation to the aws_sqs_queue_policy resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:14:02 +01:00
Krzysztof Wilczynski 538327b61f
Add JSON validation to the aws_sqs_queue resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:13:14 +01:00
Krzysztof Wilczynski 3b1b4fb571
Add JSON validation to the aws_sns_topic_policy resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:12:35 +01:00
Krzysztof Wilczynski 6a02bf2983
Add JSON validation to the aws_s3_bucket_policy resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:10:22 +01:00
Krzysztof Wilczynski 5697a52b4f [WIP] provider/aws: Add normalizeJsonString and validateJsonString functions. (#8028)
* Add normalizeJsonString and validateJsonString functions.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the normalizeJsonString helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Fix. Remove incrrect format string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus type assertion.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the validateJsonStringhelper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus whitespaces.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 19:50:38 +01:00
Dennis Webb 925fc116a8 always set scaling_adjustment when policy_type = SimpleScaling 2016-09-16 21:00:57 -05:00
Clint 69f44a04e9 provider/aws: Add reader_endpoint RDS Clusters (supersedes #8878) (#8884)
* provider/aws: Add support for Aurora ReaderEndpoint

* provider/aws: Add reader_endpoint to the schema, document, test
2016-09-16 16:45:04 +01:00
Clint 79bb2e8a87 provider/aws: Add Default Security Group Resource (#8861)
* Docs for default security group
* overrides of default behavior
* add special disclaimer
* update to support classic environments
2016-09-15 13:59:20 -05:00
Clint adea7563e5 provider/aws: Fix issue updating Elastic Beanstalk Environment variables (#8848)
* provider/aws: failing test case for updating env vars

* provider/aws: Fix issue with updating Elastic Beanstalk env vars
2016-09-15 13:30:12 -05:00
James Nugent a65b0cce7c provider/aws: Fix pointer fmt as string
Fixes #8839.
2016-09-14 20:14:41 +01:00
James Nugent 9d51ebd0aa provider/aws: Expose ARN suffix on ALB (#8833)
When creating a CloudWatch Metric for an Application Load Balancer it is
neccessary to use the suffix of the ARN as the reference to the load
balancer. This commit exposes that as an attribute on the `aws_alb`
resource to prevent the need to use regular expression substitution to
make the reference.

Fixes #8808.
2016-09-14 15:50:10 +01:00
Sven Walter 459e618c44 provider/aws: Retry resourceAwsLaunchConfigurationCreate if instance profile hasn't propagated (#8813) 2016-09-13 13:07:43 -05:00
Anshul Sharma 75e358ab85 Vendored WAF (#8785)
* Vendored WAF

* WAF with tag 1.4.7
2016-09-13 07:32:42 +01:00
Anshul Sharma 0e93a964b2 Changing snapshot_identifier on aws_db_instance resource should force a rebuild 2016-09-13 07:39:15 +05:30
Paul Stack 44bc70971d Merge pull request #8673 from hashicorp/f-aws-alb-generated-name
provider/aws: Allow `aws_alb` to have the name auto-generated
2016-09-12 11:04:47 +01:00
stack72 ef9aa6baaf
Merge branch 'optimisticanshul-6973-codecommit-trigger' 2016-09-12 10:55:37 +01:00
stack72 116d70dccb
provider/aws: Removal of test for changes as it forces a new resource 2016-09-12 10:54:15 +01:00
stack72 229f2698ce
Merge branch '6973-codecommit-trigger' of https://github.com/optimisticanshul/terraform into optimisticanshul-6973-codecommit-trigger 2016-09-12 10:44:32 +01:00
stack72 20ad3e0b2f
provider/aws: Allow `aws_alb` to have the name auto-generated
In order to satisify scenarios where a lifecycle is block is used, we
would need the AWS ALB name field to be autogenerated. WE follow the
same work as AWS ELB, we prefix it with `tl-lb-`

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/08 12:43:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (79.81s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (93.81s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (73.48s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (181.32s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (66.03s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (130.82s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    625.285s
```
2016-09-12 10:38:13 +01:00
Radek Simko 46d5d51ad6
provider/aws: Add API Gateway Client Certificate 2016-09-12 10:09:47 +01:00
Paul Stack 6cf1fdf980 Merge pull request #8675 from hashicorp/b-aws-kms-key-policy
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy
2016-09-12 09:50:09 +01:00
Anshul Sharma 2d57e71c01 Remove Unused Log From CodeCommit Trigger Test 2016-09-12 14:15:53 +05:30
stack72 806c000dbb
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy
Fixes #7495

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/06 10:44:20 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy
-timeout 120m
=== RUN   TestAccAWSKmsKey_importBasic
--- PASS: TestAccAWSKmsKey_importBasic (166.19s)
=== RUN   TestAccAWSKmsKey_basic
--- PASS: TestAccAWSKmsKey_basic (215.33s)
=== RUN   TestAccAWSKmsKey_policy
--- PASS: TestAccAWSKmsKey_policy (116.81s)
=== RUN   TestAccAWSKmsKey_isEnabled
--- PASS: TestAccAWSKmsKey_isEnabled (1008.31s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1689.957s
```
2016-09-12 09:44:07 +01:00
Paul Stack 578e0eb04d Merge pull request #8780 from TimeIncOSS/f-aws-misspell
provider/aws: Fix misspelled words
2016-09-12 09:41:13 +01:00
Anshul Sharma 7150bafb84 Remove Region Condition From CodeCommit Repo Resource (#8778) 2016-09-12 07:30:46 +01:00
Radek Simko 2ad84a51df
provider/aws: Fix misspelled words 2016-09-12 07:23:34 +01:00
Anshul Sharma 497063af3e Added Codecommit Trigger 2016-09-12 10:17:04 +05:30
Paul Stack f993b726b0 provider/aws: `aws_db_instance` unexpected state when configurating (#8707)
enhanced monitoring

Fixes #8699

When configuring enhanced monitoring, a user got the following error:

```
* aws_db_instance.db: unexpected state 'configuring-enhanced-monitoring',
wanted target '[available]'``

We have added this to the list of pending states we have when creating
and updating an RDS instance
2016-09-11 19:29:23 +01:00
Steve Hoeksema 1d04cdb9bc Export AWS ELB service account ARN (#8700) 2016-09-11 19:13:58 +01:00
Steve Hoeksema 0cf330000e Don't import fmt 2016-09-09 09:00:48 +12:00
Radek Simko 3e3043adf4
provider/aws: Prevent crash on account ID validation 2016-09-08 11:46:18 +01:00
Steve Hoeksema e65be3d256 Format with tabs, add missing comma 2016-09-08 15:51:31 +12:00
Steve Hoeksema 55ac68e0a2 Fix formatting 2016-09-08 10:58:13 +12:00
stack72 d81cbdb4fb
provider/aws: Add support for `cloudwatch_logging_options` to AWS
Kinesis Firehose Delivery Streams

Fixes #7152

Adding support for CloudWatch Logging to Firehose as per the
instructions here -
http://docs.aws.amazon.com/firehose/latest/dev/monitoring-with-cloudwatch-logs.html

```

```
2016-09-07 23:29:08 +01:00
Paul Stack 91ade752a0 Merge pull request #8689 from erutherford/master
adding missing failed states for the NAT Gateways
2016-09-07 10:04:07 +01:00
Paul Stack de53db01b9 Merge pull request #8653 from TimeIncOSS/f-aws-lambda-publish
provider/aws: Support 'publish' attribute in lambda_function
2016-09-07 09:32:01 +01:00
Steve Hoeksema 74587baa4a Add AWS Billing & Cost Management service account
This adds a very simple data source for the AWS Billing account ID magic number.

Used to allow AWS to dump detailed billing reports into an S3 bucket you control.

http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-getting-started.html#step-2
2016-09-07 17:43:45 +12:00
Eric Rutherford 2cca48a829
switch to go way of checking for key existence so that go doesn't crash when the value doesn't exist 2016-09-06 20:57:10 -05:00
Eric Rutherford 04c2d40e57
commit after running make fmt 2016-09-06 14:56:56 -05:00
Eric Rutherford 91f6f2a143
moving to using a map to clean up the error check 2016-09-06 14:54:17 -05:00
Eric Rutherford 7a6b04dfa2
adding missing failed states for the NAT Gateways 2016-09-06 12:25:42 -05:00
stack72 ad4e580a03
provider/aws: Bump `aws_elasticsearch_domain` timeout values
Fixes #8541

The Update timeout and delete timeouts were a little short. Bumped them
to 60 mins and 90 mins respectively. I have been on the receiving of the
timeout for the Delete function
2016-09-06 08:52:07 +01:00
stack72 5504185770
provider/aws: Add DiffSupressionFunc to `aws_elasticsearch_domain`,
`aws_sqs_queue` and `aws_sns_topic`

```
SQS Queue Tests:
%make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSQSQueue'
2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/05 09:46:04 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSQSQueue
-timeout 120m
=== RUN   TestAccAWSSQSQueue_importBasic
--- PASS: TestAccAWSSQSQueue_importBasic (18.99s)
=== RUN   TestAccAWSSQSQueue_basic
--- PASS: TestAccAWSSQSQueue_basic (44.31s)
=== RUN   TestAccAWSSQSQueue_policy
--- PASS: TestAccAWSSQSQueue_policy (32.76s)
=== RUN   TestAccAWSSQSQueue_redrivePolicy
--- PASS: TestAccAWSSQSQueue_redrivePolicy (66.42s)
=== RUN   TestAccAWSSQSQueue_Policybasic
--- PASS: TestAccAWSSQSQueue_Policybasic (32.40s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    194.895s
```
SNS Topic Tests:

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSNSTopic_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/04 22:56:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSNSTopic_
-timeout 120m
=== RUN   TestAccAWSSNSTopic_importBasic
--- PASS: TestAccAWSSNSTopic_importBasic (17.67s)
=== RUN   TestAccAWSSNSTopic_basic
--- PASS: TestAccAWSSNSTopic_basic (17.92s)
=== RUN   TestAccAWSSNSTopic_policy
--- PASS: TestAccAWSSNSTopic_policy (20.99s)
=== RUN   TestAccAWSSNSTopic_withIAMRole
--- PASS: TestAccAWSSNSTopic_withIAMRole (26.51s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    83.112s
```
2016-09-05 11:46:23 +01:00
Radek Simko 5820ce6c5c
provider/aws: Add aws_sqs_queue_policy 2016-09-05 08:17:48 +01:00
Paul Stack 04c16b8ff1 Merge pull request #8654 from TimeIncOSS/f-aws-sns-policy
provider/aws: Add aws_sns_topic_policy
2016-09-04 21:47:15 +03:00
Paul Stack c36b05c740 Merge pull request #8652 from TimeIncOSS/b-aws-lambda-tests-fix
provider/aws: Fix Lambda acceptance tests
2016-09-04 21:43:00 +03:00
Radek Simko c1178967b0
provider/aws: Add aws_sns_topic_policy 2016-09-04 18:34:24 +01:00
Radek Simko 03df8360cb
provider/aws: Support 'publish' attribute in lambda_function 2016-09-04 17:15:35 +01:00
Radek Simko a834c26037
provider/aws: Fix Lambda acceptance tests 2016-09-04 13:10:13 +01:00
stack72 fbbcd6be74
provider/aws: Randomize the `aws_db_instance` enhanced monitoring test
names

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSDBInstance_enhancedMonitoring'
% ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/04 12:23:49 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_enhancedMonitoring -timeout 120m
=== RUN   TestAccAWSDBInstance_enhancedMonitoring
--- PASS: TestAccAWSDBInstance_enhancedMonitoring (1535.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1535.018s
```
2016-09-04 12:50:50 +03:00
Paul Stack b82903288d Merge pull request #5606 from TimeIncOSS/b-cloudformation-fixes
provider/aws: Handle all kinds of CloudFormation stack failures
2016-09-04 02:17:08 +03:00
stack72 e3e4b6c2ac
Merge branch 'master' of github.com:hashicorp/terraform 2016-09-04 02:08:42 +03:00
stack72 7dd7078b82
Merge branch 'pcarrier/aws_autoscaling_group_can_have_initial_lifecycle_hooks' of https://github.com/pcarrier/terraform into pcarrier-pcarrier/aws_autoscaling_group_can_have_initial_lifecycle_hooks 2016-09-04 02:08:04 +03:00
James Nugent 6c23181686 Merge pull request #8383 from kjmkznr/import-aws-s3-b-notification
provider/aws: Support import `aws_s3_bucket_notification`
2016-09-03 15:50:25 -07:00
Paul Stack 2b0de3ca5c Merge pull request #8454 from Originate/mb-fix-internet-gateway-deletion
provider/aws: Skip detaching when aws_internet_gateway not found
2016-09-04 00:55:37 +03:00
stack72 49b8568bec
provider/aws: `aws_cloudwatch_log_stream` resource
This is a requirement for enabling CloudWatch Logging on Kinesis
Firehost

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchLogStream_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:19:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudWatchLogStream_ -timeout 120m
=== RUN   TestAccAWSCloudWatchLogStream_basic
--- PASS: TestAccAWSCloudWatchLogStream_basic (22.31s)
=== RUN   TestAccAWSCloudWatchLogStream_disappears
--- PASS: TestAccAWSCloudWatchLogStream_disappears (21.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    43.538s
2016-09-04 00:26:02 +03:00
Paul Stack 9ad4e8453b Merge pull request #8578 from kwilczynski/feature/health-check-target-validation-aws_elb
provider/aws: Add validation of Health Check target to aws_elb.
2016-09-04 00:18:19 +03:00
James Nugent 54784864fc Merge pull request #8640 from TimeIncOSS/f-aws-cloudformation-data-source
provider/aws: Add cloudformation_stack data source
2016-09-03 14:16:46 -07:00
Paul Stack 0370f41df5 Merge pull request #8440 from hashicorp/aws-spotfeed-sub
provider/aws: New resource `aws_spot_datafeed_subscription`
2016-09-04 00:16:14 +03:00
Paul Stack 4a8158c1c0 Merge pull request #8646 from hashicorp/b-aws-r53-delete
provider/aws: Wait for `aws_route_53_record` to be in-sync after a delete
2016-09-03 23:13:20 +03:00
stack72 7e89c1d3a2
Merge branch 'paybyphone-paybyphone_GH_6396' 2016-09-03 23:10:27 +03:00
James Nugent 94ca84e772 Merge pull request #8638 from hashicorp/f-aws-assume-role
provider/aws: Add support for AssumeRole prior to operations
2016-09-03 13:04:03 -07:00
Chris Marchesi 38d2a2e717
provider/aws: VPC Peering: allow default peer VPC ID
Update the aws_vpc_peering_connection resource to allow peer_owner_id
to be omitted, defaulting to the connected AWS account ID (ie: for
VPC-to-VPC peers in the same account).

Also included is a doc cleanup and updates to the peer test in
resource_aws_route_table_test.go.

This fixes hashicorp/terraform#6396.
2016-09-03 23:03:31 +03:00
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Paul Stack 3ad4cfe117 Merge pull request #8645 from hashicorp/aws-vpn-gateway-za
provider/aws: Do not set empty string to state for `aws_vpn_gateway` availability zone
2016-09-03 20:50:31 +03:00
stack72 900e14e168
provider/aws: New resource `aws_spot_datafeed_subscription`
Fixes: #4922

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotDatafeedSubscription_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/24 10:46:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotDatafeedSubscription_ -timeout 120m
=== RUN   TestAccAWSSpotDatafeedSubscription_importBasic
--- PASS: TestAccAWSSpotDatafeedSubscription_importBasic (56.31s)
=== RUN   TestAccAWSSpotDatafeedSubscription_basic
--- PASS: TestAccAWSSpotDatafeedSubscription_basic (56.77s)
=== RUN   TestAccAWSSpotDatafeedSubscription_disappears
--- PASS: TestAccAWSSpotDatafeedSubscription_disappears (56.79s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    169.893s
```
2016-09-03 20:06:40 +03:00
stack72 0c80b4d172
provider/aws: Wait for `aws_route_53_record` to be in-sync after a
delete

Fixes #6679

When we change the type of a record, it forces a new resource. We never
waited for the recordset to be in-sync after a deletion.

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRoute53Record_'
% ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:55:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (85.54s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (101.75s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (84.01s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (85.08s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (97.12s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (141.08s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (91.25s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (89.01s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (88.91s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (103.10s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (174.71s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (89.50s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (89.12s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (138.09s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (88.51s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1684.774s
```
2016-09-03 19:17:05 +03:00
stack72 feaabb6ca1
provider/aws: Do not set empty string to state for `aws_vpn_gateway`
availability zone

Fixes #4752

According to the AWS Documentation, when `describing-vpn-gateways`

```
AvailabilityZone -> (string)
The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
```

Therefore, if we pass an availability zone as part of vpn gateway, then it may come back as an empty string. If we set this empty string back to state, then the next plan will look as follows:

```
-/+ aws_vpn_gateway.vpn_gateway
    availability_zone: "" => "us-west-2a" (forces new resource)
    tags.%:            "1" => "1"
    tags.Name:         "vpn-us-west-2" => "vpn-us-west-2"
    vpc_id:            "vpc-1e9da47a" => "vpc-1e9da47a"

Plan: 1 to add, 0 to change, 1 to destroy.
```

If the availability_zone comes back from AWS as an empty string, then we should not set it to state to avoid forcing a new resource for the user

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:10:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- FAIL: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (36.11s)
       	testing.go:265: Step 0 error: Check failed: Check 2/2 error: aws_vpn_gateway.foo: Attribute 'availability_zone' expected "us-west-2a", got ""
FAIL
exit status 1
FAIL   	github.com/hashicorp/terraform/builtin/providers/aws   	36.130s
make: *** [testacc] Error 1
[stacko@Pauls-MacBook-Pro:~/Code/go/src/github.com/hashicorp/terraform on master]
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'                                                                                       2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:12:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- PASS: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (46.50s)
PASS
ok     	github.com/hashicorp/terraform/builtin/providers/aws   	46.517s
```
2016-09-03 17:14:42 +03:00
Paul Stack eaa48681d4 provider/aws: Refresh `aws_elasticsearch_domain` from state when ResourceNotFoundException (#8643)
* provider/aws: Refresh `aws_elasticsearch_domain` from state when
RecordNotFoundException

Fixes #3967

When an ElasticSearch domain has been deleted outside of Terraform, the
next Terraform operation would return the following:

```
* aws_elasticsearch_domain.curvelogic_es: ResourceNotFoundException:
* Domain not found: curvelogic-es
    status code: 409, request id: 6e4b2371-8e1a-11e5-bd07-7741b705d65c
```

We now refresh the resource from state when it is no longer found

* Update resource_aws_elasticsearch_domain.go
2016-09-03 14:55:29 +01:00
Paul Stack ef85146722 Merge pull request #8642 from kwilczynski/feature/add-unit-test-aws_network_acl_rule
provider/aws: Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
2016-09-03 16:51:34 +03:00
Paul Stack 401d976cbb Merge pull request #8644 from kwilczynski/feature/add-unit-test-data_source_availability_zones
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
2016-09-03 16:50:59 +03:00
Krzysztof Wilczynski 814b1d7489
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 14:04:35 +01:00
Krzysztof Wilczynski 18b5de26d8
Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:49:39 +01:00
Krzysztof Wilczynski bcaac02edb
Add validation of Health Check target to aws_elb.
This commit adds a simple validation of the target in the Health Check block in
order to reduce the number of issues related to the type, port and path values,
especially when the TCP and SSL type was used.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:48:28 +01:00
Paul Stack 10bf48a35a Merge pull request #8641 from kwilczynski/feature/update-aws_efs_file_system
provider/aws: Maintenance and clean-up for aws_efs_file_system.
2016-09-03 15:35:45 +03:00
Krzysztof Wilczynski fceb3ac381
Maintenance and clean-up for aws_efs_file_system.
This commit is purely a maintenance and clean-up of the resource.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 11:40:24 +01:00
Radek Simko a3c21d6c3b
provider/aws: Add cloudformation_stack data source 2016-09-03 11:33:59 +01:00
Paul Stack 42711dbc1f Merge pull request #8636 from kwilczynski/fix/increase-wait-time-aws_vpn_gateway_attachment
provider/aws: Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
2016-09-03 00:23:37 +03:00
Paul Stack 18ea8ef264 Merge pull request #8603 from hashicorp/aws-db-parameter-apply_method
provider/aws: Set `apply_method` to state in `aws_db_parameter_group`
2016-09-02 23:34:45 +03:00
Krzysztof Wilczynski a6de64a445
Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
This commit increases the timeout, delay and minimum timeout values in
order to resolve a timeout potentially occurring when the VPC gateway
is being attached.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-02 21:28:55 +01:00
James Nugent d444d122bf provider/aws: Clean up AWS provider schema defns
Remove unnecessary &schema.Schema from the AWS provider schema
definition.
2016-09-02 10:36:52 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
James Nugent 93f31fce17 provider/aws: Add aws_s3_bucket_policy resource
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.

In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
2016-09-02 09:07:54 -07:00
Paul Stack d5b869732b Merge pull request #8628 from hashicorp/b-aws-alb-computed
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
2016-09-02 17:33:02 +03:00
Clint 740b8bb9cb provider/aws: Run errcheck in tests (#8579)
* provider/aws: Add errcheck to Makefile, error on unchecked errors

* more exceptions

* updates for errcheck to pass

* reformat and spilt out the ignore statements

* narrow down ignores

* fix typo, only ignore Close and Write, instead of close or write
2016-09-02 09:24:17 -05:00
stack72 d236a305ea
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
Fixes #8612

The SSL Policy is optional - if you don't add it and create a HTTPS Alb
Listener, AWS will add the policy for you. Without being computed, we
would get a diff

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListener_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 17:16:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListener_
-timeout 120m
=== RUN   TestAccAWSALBListener_basic
--- PASS: TestAccAWSALBListener_basic (70.45s)
=== RUN   TestAccAWSALBListener_https
--- PASS: TestAccAWSALBListener_https (63.20s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    133.667s
```
2016-09-02 17:21:02 +03:00
stack72 f9183da2e3
provider/aws: Changing the tests for `aws_ssm_association` to align with
us-west-2

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:56:09 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSSMAssociation_ -timeout 120m
=== RUN   TestAccAWSSSMAssociation_basic
--- PASS: TestAccAWSSSMAssociation_basic (136.23s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    136.246s
```
2016-09-02 17:04:43 +03:00
liamjbennett e98e5fb017
provider/aws: add aws_ssm_association resource 2016-09-02 16:46:05 +03:00
qivers 4b694a4fec Increase aws_rds_cluster timeout to 40 minutes
The timeout was increased to 40 minutes when creating a new cluster in https://github.com/hashicorp/terraform/pull/8052. However when creating a cluster from a snapshot the timeout is still 15 minutes. I've increased this to 40 minutes.
2016-09-02 08:55:43 +01:00
stack72 3c71783d07
provider/aws: Set `apply_method` to state in `aws_db_parameter_group`
Fixes #8593

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBParameterGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/01 13:04:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBParameterGroup_ -timeout 120m
=== RUN   TestAccAWSDBParameterGroup_importBasic
--- PASS: TestAccAWSDBParameterGroup_importBasic (27.03s)
=== RUN   TestAccAWSDBParameterGroup_limit
--- PASS: TestAccAWSDBParameterGroup_limit (48.54s)
=== RUN   TestAccAWSDBParameterGroup_basic
--- PASS: TestAccAWSDBParameterGroup_basic (46.29s)
=== RUN   TestAccAWSDBParameterGroup_Only
--- PASS: TestAccAWSDBParameterGroup_Only (23.57s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    145.445s
```
2016-09-02 08:26:46 +01:00
Pierre Carrier 2410294a9d providers/aws: support for lifecycle hooks at ASG creation
Closes hashicorp/terraform#5619.
2016-09-01 10:21:37 -07:00
David Glasser b06fe6ee2b provider/aws: remove unused test argument 2016-09-01 10:20:56 -07:00
clint shryock 3580ae03be provider/aws: Randomize some IAM user names to avoid conflicts in tests 2016-08-31 09:33:56 -05:00
stack72 4d2b9cb167
provider/aws: `aws_spot_fleet_request` was leaving orphaned instances
running

Each nightly build was leaving multiple instances running. The issue is
that the IAM role we were using didn't have access to Terminate the EC2
instances

The role was missing the ec2 principle
2016-08-31 11:25:08 +01:00
Krzysztof Wilczynski 6a94f920e1 provider/aws: Handle missing EFS mount target in aws_efs_mount_target. (#8529)
* Handle missing EFS mount target in aws_efs_mount_target.

This commit resolves issue where the EFS mount target would be already
deleted (e.g. it was deleted outside of Terraform, etc.). Also, correct
how values are begin set in the ReadFunc to avoid nil pointer dereference.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add EFS mount target DNS helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add EFS mount target response helper.

This commit adds a helper which can be used to check whether the response
contains a valid and non-empty list of EFS file system mount targets.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add acceptance test to check for non-empty plan.

This commit adds a test to verify the condition where the underlying EFS mount
target would be deleted and/or disappear resulting in a new resource to be
created to replace it.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-30 10:42:54 +01:00
Richard Bowden b673f4d972 adds resource retry to SpotInstanceRequestCreate (#8516)
so that the create process waits for IAM Instance profiles and roles to propagate before continuing, this has been taken from `resource_aws_instance`
2016-08-29 21:53:40 +01:00
stack72 7fe49999fb
Merge branch '7721-enable-disable-access-logs' of https://github.com/optimisticanshul/terraform into optimisticanshul-7721-enable-disable-access-logs 2016-08-29 21:00:46 +01:00
Radek Simko cc38378870 provider/aws: API Gateway Custom Authorizer (#8535)
* [WIP] AWS APIGateway Custom Authorizer

* provider/aws: api_gateway_method - Add missing fields to Read+Update

* provider/aws: Make API Gateway name in test more specific

* provider/aws: APIG - Use minimal configuration in create request
2016-08-29 20:51:59 +01:00
Radek Simko 8317fe73d4 provider/aws: Add AWS error message to retry APIGateway acc update on (#8533) 2016-08-29 20:02:15 +01:00
Radek Simko 58d5b88170
provider/aws: Cover more failure cases of CF creation/update/deletion
- Use ID instead of stack name per AWS' advice
 - Query failures/errors *after* the stack has reached target state
2016-08-29 11:53:09 +01:00
Radek Simko 302982c335 provider/aws: Remove unsafe ptr dereferencing [A-C]* (#8519) 2016-08-28 19:25:30 +01:00
Radek Simko 2223964ff1 provider/aws: Remove unsafe ptr dereferencing from ECS/ECR (#8514) 2016-08-28 17:15:45 +01:00
Radek Simko fe0e8da3dd
provider/aws: Handle deleted CloudFormation stack gracefully 2016-08-28 16:12:35 +01:00
Radek Simko ed39b8634f provider/aws: Remove unsafe ptr dereferencing from ami data source (#8513) 2016-08-28 15:39:40 +01:00
Carlos Sanchez bb5c83ca49 provider/aws: Increase route_table timeouts (#8465) 2016-08-27 21:32:55 +01:00
Martin Atkins 4f906dba7a Merge #8403: name_regex attribute on aws_ami data source 2016-08-27 13:11:45 -07:00
Alex Eftimie 3a97971e41 Refactor for code simplicity. 2016-08-27 12:54:42 -07:00
Alex Eftimie d44ae5028f S3Bucket and S3Key are always required 2016-08-27 12:54:41 -07:00
Alex Eftimie c9bd7d680f Add a test to check the unversioned lambda function update - copy and adapt genAWSLambdaFunctionConfig_s3 2016-08-27 12:54:41 -07:00
Alex Eftimie c5f788ec58 Attempt to fix #6794 - update only non empty fields on aws_lambda_function s3 2016-08-27 12:54:41 -07:00
Clint daac877c82 provider/aws: Get and export ASG ARN value (#8503) 2016-08-27 15:20:11 +01:00
Paul Stack 6ea53e5e3c provider/aws: Refresh `aws_route` from state if `aws_route_table` not (#8443)
found

Fixes #5288
Fixes #8388

```
TESTS TBC
```
2016-08-26 07:50:14 +01:00
Radek Simko 0dd17c646b provider/aws: Cleanup the Lambda ENI deletion process a bit (#8486) 2016-08-26 07:30:47 +01:00
Mitchell Hashimoto 6b124a4760 Merge pull request #8479 from dtolnay/detach
provider/aws: Propagate errors from DetachVolume
2016-08-25 22:21:46 -07:00
Glenn Poston 19426109da Lambda ENI cleanup added to security group delete (#8033) 2016-08-25 23:08:19 +01:00
Paul Stack 338aab9169 provider/aws: Stop `aws_instance` `source_dest_check` triggering an API call on each (#8450)
terraform run

Fixes #3550

The simple fix here was to check if the Resource was new (to set the
value the first time) then check it has changed each time

I was able to see from the TF log the following:

```
Config

resource "aws_vpc" "foo" {
	cidr_block = "10.10.0.0/16"
}

resource "aws_subnet" "foo" {
	cidr_block = "10.10.1.0/24"
	vpc_id = "${aws_vpc.foo.id}"
}

resource "aws_instance" "foo" {
	ami = "ami-4fccb37f"
	instance_type = "m1.small"
	subnet_id = "${aws_subnet.foo.id}"
	source_dest_check = false
        disable_api_termination = true
}
```

No longer caused any Modifying source_dest_check entries in the LOG
2016-08-25 22:11:01 +01:00
Clint 49ecfe8921 provider/aws: Add aws_default_route_table resource (#8323)
* provider/aws: Add docs for Default Route Table

* add new default_route_table_id attribute, test to VPC

* stub

* add warning to docs

* rough implementation

* first test

* update test, add swap test

* fix typo
2016-08-25 16:02:44 -05:00
David Tolnay b09e042bf5 provider/aws: Propagate errors from DetachVolume 2016-08-25 14:46:46 -04:00
stack72 0087068a0e
provider/aws: `aws_ecs_container_definition` datasource parameter
changes to memory_reservation
2016-08-25 18:10:08 +01:00
stack72 7a852dacf2
Merge branch 'aws_ecs_container_definition_memory_reservation' of https://github.com/optimisticanshul/terraform into optimisticanshul-aws_ecs_container_definition_memory_reservation 2016-08-25 17:51:38 +01:00
Paul Stack 7949a30a07 provider/aws: Randomize the key_pair used in the (#8472)
`aws_spot_fleet_request` acceptance tests
2016-08-25 14:40:57 +01:00
Paul Stack 0adc1fc4b2 provider/aws: Allow `aws_rds_instance` to upgrade the major version (#8471)
Fixes #8468

If a user wished to bump the `engine_version` of an RDS instance,
Terraform was not sending `allow_major_version_upgrade` to the API
*unless* that value also changed at the same time. This caused the
following error from RDS API:

```
* aws_db_instance.bar: Error modifying DB Instance
* tf-20160825101420910562798obb: InvalidParameterCombination: The
* AllowMajorVersionUpgrade flag must be present when upgrading to a new
* major version.
    status code: 400, request id: 20e36364-6ab0-11e6-b794-51f12f4135f1
```

This change will always send the `allow_major_version_upgrade` flag to
the API when the `engine_version` changes.

This still relies on the user setting the correct value i.e. if they are
upgrading from postgres 0.4.7 -> 9.5.2 then the config will need to set
the `allow_major_version_upgrade` flag to be `true`
2016-08-25 13:54:40 +01:00
Richard Clamp 9be1ff5d53 Fix segmentation fault in "aws_api_gateway_base_path_mapping" resource (#8466)
It is possible for the `mapping.BasePath`, `mapping.RestApiId`, and
`mapping.Stage` to be nil when they have not been set for the
mapping.[1]  When this occurs a nil pointer is dereferenced and terraform
segmentation faults.

Here we remove the blind derefrences and trust in the behaviour of
(*ResourceData).Set() to handle the nil pointer safely.

[1] https://github.com/hashicorp/terraform/blob/master/vendor/github.com/aws/aws-sdk-go/service/apigateway/api.go#L4892-L4904
2016-08-25 11:03:42 +01:00
Paul Stack 64510d9cfb provider/aws: Adding `aws_ssm_document` resource (#8460)
* provider/aws: add `aws_ssm_document` resource

* provider/aws: Changes to `aws_ssm_document` post code review

The changes are things like using d.Id rather than d.Get("name").(string)

and errwrap.Wrapf rather than fmt.Errorf
2016-08-25 09:47:24 +01:00
Paul Stack 3901827b40 provider/aws: Validate `aws_iam_policy_attachment` Name parameter to stop being empty (#8441)
* provider/aws: Validate `aws_iam_policy_attachment` Name parameter to
stop being empty

Fixes #8368

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSPolicyAttachment_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/24 11:46:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSPolicyAttachment_ -timeout 120m
=== RUN   TestAccAWSPolicyAttachment_basic
--- PASS: TestAccAWSPolicyAttachment_basic (44.67s)
=== RUN   TestAccAWSPolicyAttachment_paginatedEntities
--- PASS: TestAccAWSPolicyAttachment_paginatedEntities (161.68s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    206.379s
```

* Update resource_aws_iam_policy_attachment.go
2016-08-24 21:28:41 +01:00
stack72 01fca172cb
provider/aws: Removing the merge conflict from the redshift_cluster resource 2016-08-24 20:50:06 +01:00
Clint 341c7bf766 provider/aws: Update VPC Peering connect accept/request attributes (supersedes #8338) (#8432)
* Fix crash when reading VPC Peering Connection options.

This resolves the issue introduced in #8310.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Do not de-reference values when using Set().

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* provider/aws: Update VPC Peering connect accept/request attributes

* change from type list to type set

* provider/aws: Update VPC Peering accept/requst options, tests

* errwrap some things
2016-08-24 13:24:42 -05:00
Maxime Bury 39bc60c3dc Retry on gateway not found 2016-08-24 13:17:45 -04:00
Paul Stack 50556c58b8 provider/aws: Refresh `aws_cloudwatch_event_target` from state on `ResourceNotFoundException` (#8442)
* provider/aws: Refresh `aws_cloudwatch_event_target` from state on
`ResourceNotFoundException`

Fixes #6928

@radeksimko FYI :)

* Update resource_aws_cloudwatch_event_target.go
2016-08-24 13:02:48 +01:00
Paul Stack e524603d3f provider/aws: AWS SpotFleet Requests now works with Subnets and AZs (#8320)
* provider/aws: Change Spot Fleet Request to allow a combination of
subnet_id and availability_zone

Also added a complete set of tests that reflect all of the use cases
that Amazon document
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-examples.html

It is important to note there that Terraform will be suggesting that
users create multiple launch configurations rather than AWS's version of
combing values into CSV based parameters. This will ensure that we are
able to enforce the correct state

Also note that `associate_public_ip_address` now defaults to `false` - a migration has been
included in this PR to migration users of this functionality. This needs
to be noted in the changelog. The last part of changing functionality
here is waiting for the state of the request to become `active`. Before
we get to this state, we cannot guarantee that Amazon have accepted the
request or it could have failed validation.

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSpotFleetRequest_'
% 2 ↵
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 15:44:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN   TestAccAWSSpotFleetRequest_changePriceForcesNewRequest
--- PASS: TestAccAWSSpotFleetRequest_changePriceForcesNewRequest (133.90s)
=== RUN   TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion (76.67s)
=== RUN   TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList (75.22s)
=== RUN   TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList (96.95s)
=== RUN   TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz (74.44s)
=== RUN   TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet (97.82s)
=== RUN   TestAccAWSSpotFleetRequest_overriddingSpotPrice
--- PASS: TestAccAWSSpotFleetRequest_overriddingSpotPrice (76.22s)
=== RUN   TestAccAWSSpotFleetRequest_diversifiedAllocation
--- PASS: TestAccAWSSpotFleetRequest_diversifiedAllocation (79.81s)
=== RUN   TestAccAWSSpotFleetRequest_withWeightedCapacity
--- PASS: TestAccAWSSpotFleetRequest_withWeightedCapacity (77.15s)
=== RUN   TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    788.184s
```

* Update resource_aws_spot_fleet_request.go
2016-08-24 11:08:46 +01:00
Paul Stack 272f8ddee1 provider/aws: Refresh `aws_autoscaling_policy` from state on 404 (#8430)
* provider/aws: Refresh `aws_autoscaling_policy` from state on 404

Fixes #8386

When an Autoscaling Group Or an Autoscaling Group Policy has been
deleted manually, terraform was throwing an error as follows:

```
* aws_autoscaling_policy.increase: Error retrieving scaling policies: ValidationError: Group sandbox-logs-logstash-wxhsckky3ndpzd7b3kmyontngy not found
        status code: 400, request id: 56a89814-6884-11e6-b3a8-d364cf04223b
```

We now refresh from state on a ValidationError - this is a common 4xx error according to AWS documentation http://docs.aws.amazon.com/AutoScaling/latest/APIReference/CommonErrors.html

```
%make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingPolicy_disappears'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingPolicy_disappears -timeout 120m
=== RUN   TestAccAWSAutoscalingPolicy_disappears
--- PASS: TestAccAWSAutoscalingPolicy_disappears (203.61s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	203.633s
```

* Update resource_aws_autoscaling_policy.go
2016-08-24 11:06:01 +01:00
Paul Stack 3a2d73a2b1 provider/aws: Add support to `aws_redshift_cluster` for restoring from (#8414)
snapshot

Fixes #6406

Adds 2 new parameters:

* `snapshot_identifier`
* `snapshot_cluster_identifier`

These will be used to allow the Redshift cluster to be restored from a
pre-existing snapshot. Also makes the redshift username and password
fields optional as these are not required for the snapshot

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 12:04:53 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftCluster_ -timeout 120m
=== RUN   TestAccAWSRedshiftCluster_importBasic
--- PASS: TestAccAWSRedshiftCluster_importBasic (741.03s)
=== RUN   TestAccAWSRedshiftCluster_basic
--- PASS: TestAccAWSRedshiftCluster_basic (656.33s)
=== RUN   TestAccAWSRedshiftCluster_loggingEnabled
--- PASS: TestAccAWSRedshiftCluster_loggingEnabled (718.65s)
=== RUN   TestAccAWSRedshiftCluster_iamRoles
--- PASS: TestAccAWSRedshiftCluster_iamRoles (818.10s)
=== RUN   TestAccAWSRedshiftCluster_publiclyAccessible
--- PASS: TestAccAWSRedshiftCluster_publiclyAccessible (853.30s)
=== RUN   TestAccAWSRedshiftCluster_updateNodeCount
--- PASS: TestAccAWSRedshiftCluster_updateNodeCount (2083.37s)
=== RUN   TestAccAWSRedshiftCluster_tags
--- PASS: TestAccAWSRedshiftCluster_tags (621.15s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
6491.963s
```

When deploying this, I was able to use config as follows:

```
resource "aws_redshift_cluster" "restore" {
  cluster_identifier = "my-test-restored-cluster"
  snapshot_identifier = "sample-snapshot-for-restore"
  node_type = "dc1.large"
}
```

And it resulted in:

```
terraform apply
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
aws_redshift_cluster.restore: Creating...
  allow_version_upgrade:               "" => "true"
  automated_snapshot_retention_period: "" => "1"
  availability_zone:                   "" => "<computed>"
  bucket_name:                         "" => "<computed>"
  cluster_identifier:                  "" => "my-test-restored-cluster"
  cluster_parameter_group_name:        "" => "<computed>"
  cluster_public_key:                  "" => "<computed>"
  cluster_revision_number:             "" => "<computed>"
  cluster_security_groups.#:           "" => "<computed>"
  cluster_subnet_group_name:           "" => "<computed>"
  cluster_type:                        "" => "<computed>"
  cluster_version:                     "" => "1.0"
  database_name:                       "" => "<computed>"
  enable_logging:                      "" => "false"
  encrypted:                           "" => "<computed>"
  endpoint:                            "" => "<computed>"
  iam_roles.#:                         "" => "<computed>"
  kms_key_id:                          "" => "<computed>"
  node_type:                           "" => "dc1.large"
  number_of_nodes:                     "" => "1"
  port:                                "" => "5439"
  preferred_maintenance_window:        "" => "<computed>"
  publicly_accessible:                 "" => "true"
  s3_key_prefix:                       "" => "<computed>"
  skip_final_snapshot:                 "" => "true"
  snapshot_identifier:                 "" => "sample-snapshot-for-restore"
  vpc_security_group_ids.#:            "" => "<computed>"
..........
aws_redshift_cluster.restore: Still creating... (5m20s elapsed)
aws_redshift_cluster.restore: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
```
2016-08-24 10:58:05 +01:00
Paul Stack eec7b342c8 provider/aws: Support `snapshot_name` for ElastiCache Cluster and (#8419)
Replication Groups

In order to be able to restore a named snapshot as ElastiCache Cluster
or a Replication Group, the `snapshot_name` parameter was needed to be
passed. Changing the `snapshot_name` will force a new resource to be
created

```

```
2016-08-24 10:55:20 +01:00
Paul Stack 0d8709bdf3 provider/aws: Support Tags for `aws_alb` and `aws_alb_target_group` (#8422)
resources

Fixes #8420

Adds the ability to update tags on the ALB resource as well as
supporting tags on `aws_alb_target_group`

```
ALB Tests:

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'                                                                                                                         2 ↵ ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 19:30:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (67.18s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (99.88s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (62.49s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (126.25s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	355.835s
```

```
ALB Target Group Tests:

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/23 19:37:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.26s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (81.01s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (78.74s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	207.025s
```
2016-08-24 10:54:43 +01:00
Anshul Sharma f034638026 Enable/Disbale Option For ELB Access logs 2016-08-24 14:37:47 +05:30
Anshul Sharma c94cfd941d Add MemoryReservation To ECS Container Definition 2016-08-24 13:01:12 +05:30
Mike Brannigan 1871363e58 Remove debug statements 2016-08-23 18:19:59 -05:00
Mike Brannigan e281ad6481 Fix error message for master password being too short 2016-08-23 17:40:05 -05:00
Mike Brannigan aad01a665c Add password validation rules for redshift passwords 2016-08-23 17:30:57 -05:00
Clint a86f0a8425 providers/aws: Check error from resourceAwsRoute53RecordBuildSet and return err if set (#8399)
* providers/aws: Check error from resourceAwsRoute53RecordBuildSet and return if set

* explain the error and wrap in errwrap
2016-08-23 12:25:09 -05:00
Radek Simko 070942df0f provider/aws: Add support for ECS svc - LB target group (#8190) 2016-08-23 11:19:43 -05:00
Shawn Silva bf68590f02 provider/aws: rename local_name_filter attribute to name_regex
Renamed the local_name_filter attribute to name_regex and made it clear in the
docs that this runs locally and could have a performance impact on a large set
of AMIs returned from AWS.
2016-08-23 08:44:07 -04:00
Paul Stack 2f936eaad4 provider/aws: Add support for `network_mode` to `aws_ecs_task_definition` (#8391)
* provider/aws: Add support for `network_mode` to
`aws_ecs_task_definition`

Fixes #8281

```

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcsTaskDefinition_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 18:12:20 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEcsTaskDefinition_ -timeout 120m
=== RUN   TestAccAWSEcsTaskDefinition_basic
--- PASS: TestAccAWSEcsTaskDefinition_basic (29.02s)
=== RUN   TestAccAWSEcsTaskDefinition_withScratchVolume
--- PASS: TestAccAWSEcsTaskDefinition_withScratchVolume (16.75s)
=== RUN   TestAccAWSEcsTaskDefinition_withEcsService
--- PASS: TestAccAWSEcsTaskDefinition_withEcsService (147.77s)
=== RUN   TestAccAWSEcsTaskDefinition_withTaskRoleArn
--- PASS: TestAccAWSEcsTaskDefinition_withTaskRoleArn (19.49s)
=== RUN   TestAccAWSEcsTaskDefinition_withNetworkMode
--- PASS: TestAccAWSEcsTaskDefinition_withNetworkMode (19.52s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	232.588

* Update resource_aws_ecs_task_definition.go

* Update ecs_task_definition.html.markdown
2016-08-23 11:27:45 +01:00
Paul Stack 83dc4d0535 provider/aws: Add Primary Endpoint Address output for (#8385)
`aws_elasticache_replication_group`

Fixes #8377

Now we can output the endpoint of the primary

```
resource "aws_elasticache_replication_group" "bar" {
    replication_group_id = "tf-11111"
    replication_group_description = "test description"
    node_type = "cache.m1.small"
    number_cache_clusters = 2
    port = 6379
    parameter_group_name = "default.redis2.8"
    apply_immediately = true
}

output "primary_endpoint_address" {
  value = "${aws_elasticache_replication_group.bar.primary_endpoint_address}"
}
```

This gives us:

```
% terraform apply
...................
aws_elasticache_replication_group.bar: Creation complete

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

primary_endpoint_address = tf-11111.d5jx4z.ng.0001.use1.cache.amazonaws.com
```

This was the addition of a computed field only so the basic test still works as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_basic'                        ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 17:11:13 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheReplicationGroup_basic -timeout 120m
=== RUN   TestAccAWSElasticacheReplicationGroup_basic
--- PASS: TestAccAWSElasticacheReplicationGroup_basic (741.71s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	741.735s
```
2016-08-23 11:13:26 +01:00
Paul Stack 780ef8b27e provider/aws: `aws_elasticache_replication_group_id` validation change (#8381)
The AWS documentation tells us the following:

```
--replication-group-id (string)

The replication group identifier. This parameter is stored as a
lowercase string.
Constraints:
A name must contain from *1 to 20* alphanumeric characters or hyphens.
The first character must be a letter.
A name cannot end with a hyphen or contain two consecutive hyphens.
```

This is not correct and is causing users errors:

```
* aws_elasticache_replication_group.bar: Error creating Elasticache
* Replication Group: InvalidParameterValue: Replication group id should
* be no more than 16 characters.
    status code: 400, request id:
```

Tuning the Validation from 20 to 16 characters to avoid user issues
2016-08-23 11:05:54 +01:00
Shawn Silva 6977fff406 provider/aws: add local name filter to aws_ami datasource
In cases where the filters provided by AWS against the name of an AMI are not
sufficient, allow adding a "local_name_filter" which is a regex that is used
to filter the AMIs returned by amazon.
2016-08-22 19:32:32 -04:00
Kazunori Kojima ed05161fd0
provider/aws: Support import `aws_s3_bucket_notification` 2016-08-23 08:19:06 +09:00
Martin Atkins 38289ddbd5 Merge #8353: New resources for custom domains on AWS API Gateway 2016-08-22 15:44:52 -07:00
Ryan Roberts 848f612169 provider/aws: aws_api_gateway_base_path_mapping resource implementation
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints, and then use this base path mapping
resource to expose a particular API deployment at a path on such a domain.

The acceptance tests use certificates from the aws_api_gateway_domain_name
tests which expire in 2026; we'll need to generate some more certificates
before we get there.
2016-08-22 15:36:20 -07:00
clint shryock 03bdf1375e provider/aws: Clear up test failure for TestAccAWSVpnGateway_disappears 2016-08-22 14:56:07 -05:00
Jarrod Jackson 7010973c5a provider/aws: aws_api_gateway_domain_name resource implementation
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints. The domain name resource just claims
the domain name; a user would then use a "base path mapping" resource
(to be implemented in a later commit) to map a particular API to a
particular path prefix on that domain.

The acceptance tests contain some TLS certificates that expire in 2026;
we'll need to generate some more certificates before we get there.
2016-08-22 11:40:33 -07:00
Paul Stack 9d1ef78fc1 provider/aws: Refresh `aws_lambda_event_source_mapping` from state when (#8378)
NotFound

Fixes #8375

When a Lambda or an associated Event Source Mapping has been removed via
the AWS Console, Terraform throws an error similar to the following:

```
Error refreshing state: 1 error(s) occurred:

* aws_lambda_event_source_mapping.dmp_enrichment_event_source_mapping:
* ResourceNotFoundException: The resource you requested does not exist.
    status code: 404, request id: a17c641d-6868-11e6-accf-3d0ea71934fa

```

the resource should be refreshed from the state when this happens so
that subsequent plans show it needs to be recreated

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLambdaEventSourceMapping_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 16:15:54 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSLambdaEventSourceMapping_ -timeout 120m
=== RUN   TestAccAWSLambdaEventSourceMapping_basic
--- PASS: TestAccAWSLambdaEventSourceMapping_basic (120.81s)
=== RUN   TestAccAWSLambdaEventSourceMapping_disappears
--- PASS: TestAccAWSLambdaEventSourceMapping_disappears (104.08s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    224.914s
```
2016-08-22 17:05:48 +01:00
Clint 771155cea5 provider/aws: Add support for TargetGroups to AutoScaling Groups (#8327)
* start of ALB support. Waiting for ALB top level to move forward

* initial test

* cleanup

* small docs

* beef up test
2016-08-19 14:07:53 -05:00
AMeng 01cfeb8062 provider/aws: Set AWS region in elasticache cluster import test 2016-08-19 12:32:38 -06:00
AMeng eff11efff3 provider/aws: Support Import aws_elasticache_cluster 2016-08-19 11:10:57 -06:00
James Nugent e4ce708bf9 provider/aws: Add aws_alb_target_group_attachment 2016-08-19 16:12:19 +01:00
James Nugent b5e0f2e347 Merge pull request #8318 from hashicorp/f-aws-application-lb-rules
provider/aws: Add aws_alb_listener_rule resource
2016-08-19 13:24:02 +01:00
James Nugent e2445497ab Merge pull request #8319 from hashicorp/aws-route53-cloudwatch-metric
provider/aws: Implement support for CloudWatch Metric in `aws_route53_health_check`
2016-08-19 13:09:33 +01:00
James Nugent 417b98bafb provider/aws: Add aws_alb_listener_rule resource
This commit adds the aws_alb_listener_rule resource along with
acceptance tests and documentation.
2016-08-19 13:07:20 +01:00
stack72 da5abccfd9
provider/aws: Implement support for CloudWatch Metric in
`aws_route53_health_check`

fixes #7830

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRoute53HealthCheck_'           ✚
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/19 12:58:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN   TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (20.03s)
=== RUN   TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (31.42s)
=== RUN   TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (26.88s)
=== RUN   TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (30.27s)
=== RUN   TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (26.08s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    134.692s

```
2016-08-19 13:00:45 +01:00
Krzysztof Wilczynski 5df0b08e86 Add ability to set peering options in aws_vpc_peering_connection. (#8310)
This commit adds two optional blocks called "accepter" and "requester" to the
resource allowing for setting desired VPC Peering Connection options for VPCs
that participate in the VPC peering.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-19 11:19:49 +01:00
Mitchell Hashimoto 13cf04b2b7
providers/aws: fix error on bad session 2016-08-18 22:35:48 -04:00
James Nugent 56907d9931 Merge pull request #8268 from hashicorp/f-aws-application-lb-listener
provider/aws: Add aws_alb_listener resource
2016-08-18 21:18:35 +01:00
Paul Stack 09de4f82ce provider/aws: `aws_elasticache_replication_groups` only support Redis (#8297)
* provider/aws: `aws_elasticache_replication_groups` only support Redis

therefore, making our users add `engine = redis` to the configuration
felt wasted

* Update resource_aws_elasticache_replication_group.go

* Update resource_aws_elasticache_replication_group.go

* Update resource_aws_elasticache_replication_group.go

* Update resource_aws_elasticache_replication_group_test.go

* Update resource_aws_elasticache_replication_group_test.go

* Update resource_aws_elasticache_replication_group.go
2016-08-18 20:30:12 +01:00
Paul Stack 51f216306f provider/aws: Implement the `aws_elasticache_replication_group` resource (#8275) 2016-08-18 19:42:29 +01:00
James Nugent e38d41b7a7 provider/aws: Add `arn` fields to ALB resources
This commit adds an `arn` field to `aws_alb` and `aws_alb_target_group`
resources, in order to present a more coherant user experience to people
using resource variables in fields suffixed "arn".
2016-08-18 18:54:39 +01:00
James Nugent 59f66eca02 provider/aws: Add aws_alb_listener resource
This commit adds the `aws_alb_listener` resource and associated
acceptance tests and documentation.
2016-08-18 18:49:44 +01:00
James Nugent d7e9a2ecf2 provider/aws: Set aws_alb security_groups computed (#8269)
This commit fixes #8264 by making the security_groups attribute on
aws_alb resources computed, allowing the default security group assigned
by AWS to not generate perpetual plans forcing new resources.
2016-08-18 16:52:29 +01:00
Radek Simko b2a3104118 provider/aws: Explain better why we retry IAM role creation (#8286) 2016-08-18 16:43:40 +01:00
David Tolnay 46c858bcbe provider/aws: Increase timeout for creating IAM role (#7733) 2016-08-18 16:27:17 +01:00
KOJIMA Kazunori 23d2ae3740 provider/aws: Support import of `aws_s3_bucket` (#8262) 2016-08-18 16:01:20 +01:00
Dennis Webb 8c10720a22 adding final-snapshot status to resourceAwsRedshiftClusterDelete (#8270) 2016-08-18 15:23:47 +01:00
James Nugent f5f31542bb Merge pull request #8254 from hashicorp/f-aws-application-lb
provider/aws: Initial support for Application Load Balancers
2016-08-17 16:05:51 +01:00
James Nugent 531a976306 provider/aws: Add aws_alb_target_group resource
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.

This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:16 +01:00
James Nugent 0b421b6998 provider/aws: Add `aws_alb` resource
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.

This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:06 +01:00
Radek Simko cba09ae804 provider/aws: Update expected hash of Lambda ZIP files (#8258) 2016-08-17 15:45:35 +01:00
James Nugent ebdfe76530 provider/aws: Add ELBv2 to AWS config 2016-08-17 13:55:18 +01:00
Radek Simko 523627ba24 Merge pull request #8239 from TimeIncOSS/f-aws-r53-zone-force-destroy
provider/aws: Add force_destroy option to aws_route53_zone
2016-08-17 07:10:00 +01:00
Radek Simko 7433be5b4c aws: Make EFS MT creation fail for 2+ targets per AZ (#8205) 2016-08-17 07:07:54 +01:00
Mitchell Hashimoto e6d1e77a9a
Fix vet errors found with Go 1.7 2016-08-16 18:03:22 -07:00
Radek Simko 73791b47b3
aws: Implement naming changes for aws_elb_service_account 2016-08-16 21:05:27 +01:00
Paul Stack 9cb1dffb4d provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be Updatable (#7892)
* provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be
Updatable

Fixes #7809

This commit adds support for `source_ids` to be updated rather than
forcing new each time. Unfortunately, it must range over the difference
in the source_ids and add and remove them 1 at a time. AWS does not
support batch updating source_ids

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBEventSubscription_ -timeout 120m
=== RUN   TestAccAWSDBEventSubscription_basicUpdate
--- PASS: TestAccAWSDBEventSubscription_basicUpdate (1277.87s)
=== RUN   TestAccAWSDBEventSubscription_withSourceIds
--- PASS: TestAccAWSDBEventSubscription_withSourceIds (1012.96s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
2290.844s
```

* Update resource_aws_db_event_subscription.go
2016-08-16 20:51:38 +01:00
Paul Stack 4de4590147 provider/aws: Adds acceptance tests for `aws_gateway_*` manual deletions causing non-empty plans (#7879)
* provider/aws: Adds an acceptance test that makes sure that  manual deletions mean a non-empty plan

* provider/aws: Adds an acceptance test to prove that  manual deletion causes a non-empty plan
2016-08-16 20:42:06 +01:00
Clint 72a81ff3ae provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc (#8207)
* provider/aws: Add failing ETC + notifications test

* tidy up the docs some

* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc
2016-08-16 13:41:12 -05:00
Radek Simko 079e0c5b86
provider/aws: Allow force_destroying records in R53 hosted zone 2016-08-16 19:34:58 +01:00
Radek Simko cc239439fc
aws/r53: Refactoring - decouple waiters into functions 2016-08-16 19:34:45 +01:00
Paul Stack 65aa02b6df provider/aws: DataSource for RedShift Account ID (#8224)
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this

http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic'         2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN   TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    19.483s
2016-08-16 17:58:46 +01:00
Paul Stack 6d2e81dfbe provider/aws: `aws_spot_fleet_request` throws panic on missing subnet_id (#8217)
or availability_zone

Fixes #8000

There was a hard coded panic in the code!!!

```
panic(
				fmt.Sprintf(
					"Must set one of:\navailability_zone %#v\nsubnet_id: %#v",
					m["availability_zone"],
					m["subnet_id"])
			)
```

This was causing issues when we set neither an availability zone or a subnet id.
This has been removed and is now handled with an error rather than a panic.

This was what happened with the new test before the fix:

```
=== RUN   TestAccAWSSpotFleetRequest_brokenLaunchSpecification
panic: Must set one of:
availability_zone ""
subnet_id: ""
goroutine 129 [running]:
panic(0x11377a0, 0xc8202abfc0)
	/opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
github.com/hashicorp/terraform/builtin/providers/aws.hashLaunchSpecification(0x11361a0, 0xc8202e07e0, 0xc800000001)
	/Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_spot_fleet_request.go:953 +0x685
github.com/hashicorp/terraform/helper/schema.(*Set).hash(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0x0, 0x0)
	/Users/stacko/Code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:180 +0x40
github.com/hashicorp/terraform/helper/schema.(*Set).add(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0xc820276900, 0x0, 0x0)
```

The test then ran fine after the fix:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:03:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification -timeout 120m
=== RUN   TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (32.37s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	32.384s
```

Full test run looks as follows:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_'                     ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:04:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN   TestAccAWSSpotFleetRequest_basic
--- PASS: TestAccAWSSpotFleetRequest_basic (33.78s)
=== RUN   TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (33.59s)
=== RUN   TestAccAWSSpotFleetRequest_launchConfiguration
--- PASS: TestAccAWSSpotFleetRequest_launchConfiguration (35.26s)
=== RUN   TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	102.648s
```
2016-08-16 17:55:06 +01:00
Radek Simko e356f27db6
aws: Add elb_account_id data source 2016-08-16 11:36:58 +01:00
James Nugent 90bdaef197 Merge pull request #8206 from hashicorp/f-aws-account-id
provider/aws: Add aws_account_id data source
2016-08-16 05:33:32 -05:00
James Nugent 3e14f56a96 provider/aws: Add aws_caller_identity data source
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.

This will need revisiting and further testing once the work for
AssumeRole is integrated.
2016-08-16 11:24:26 +01:00
stack72 f9e86a52cf
provider/aws: Change paginated test to use the correct configuration block 2016-08-16 08:40:14 +01:00
stack72 2e454181fc
Merge branch 'paginate_roles' of https://github.com/stripe/terraform into stripe-paginate_roles 2016-08-16 07:51:44 +01:00
raylu f1fdffc552
provider/aws: Test for policy attachment pagination 2016-08-15 13:48:42 -07:00
Paul Stack 2c68808309 provider/aws: Defensively code around `db_security_group` ingress rules (#7893)
Fixes #7812

All of the options of `aws_db_security_group` ingress rules are
optional. Therefore, when one of them isn't set (and AWS doesn't
calculate the value), Terraform threw a panic

This commit just defensively codes around this fact. It checks to make
sure there is a value returned from the API before adding it to the map

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSDBSecurityGroup_basic
--- PASS: TestAccAWSDBSecurityGroup_basic (38.66s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    38.682s
```
2016-08-15 21:45:23 +01:00
raylu a99aaa5e85
provider/aws: Query all pages of policy attachment
This does not fix groups and users with more than 100 policies attached
2016-08-15 12:49:09 -07:00
Srikalyan Swayampakula 2aa28c34ca Not Error out on AWS Lambda VPC config if both subnet_ids and security_group_ids are empty. (#6191)
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
2016-08-15 17:52:42 +01:00
Paul Stack 73b10c8186 provider/aws: `aws_security_group` now creates tags as early as possible (#7849)
in the process

Fixes #7577

7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.

The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN   TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN   TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN   TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN   TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN   TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN   TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN   TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN   TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN   TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN   TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN   TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN   TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN   TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN   TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN   TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
2016-08-15 15:11:52 +01:00
Krzysztof Wilczynski e943851429 Add ability to set Storage Class in aws_s3_bucket_object. (#8174)
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-15 07:30:47 +01:00
Alexander Zhukau bd22a4f65a provider/aws: allow numeric characters in RedshiftClusterDbName (#8178) 2016-08-14 21:57:44 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
Krzysztof Wilczynski 168d212e77 Fix. Correct how CORS rules are handled. (#8096)
This commit fixes an issue where CORS rules would not be read and thus refreshed
correctly should there be a change introduced externally e.g. CORS configuration
was edited outside of Terraform.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-12 13:14:48 +10:00
Linda Xu 45c5675c8e add Aurora instance failover priority feature (#8087)
* add Aurora instance failover priority feature

* promotion_tier move to input directly

* fix format issue
2016-08-12 07:51:25 +10:00
James Nugent 21d1ac41fa Merge branch 'd-update-aws-sdk' 2016-08-11 12:52:35 -04:00
Raphael Randschau 66a14cb3b7 provider/aws: Re-implement api gateway parameter handling (#7794)
* provider/aws: Re-implement api gateway parameter handling

this PR cleans up some left overs from PR #4295, namely the parameter handling.

now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.

* Add deprecation message and conflictsWith settings

following @radeksimko s advice, keeping the old code around with a deprecation
warning.

this should be cleaned up in a few releases

* provider/aws: fix missing append operation

* provider/aws: mark old parameters clearly as deprecated

* provider/aws work around #8104

following @radeksimko s lead

* provider/aws fix cnp error
2016-08-11 11:49:58 +01:00
stack72 313ec1252c
Merge branch 'master' of github.com:hashicorp/terraform 2016-08-11 15:15:51 +12:00
stack72 ec3e442f26
provider/aws: change the test to be us-west-2a 2016-08-11 15:15:23 +12:00
stack72 cdda4d76d4
Merge branch '5637-conflict-resolution' of https://github.com/Ticketmaster/terraform into Ticketmaster-5637-conflict-resolution 2016-08-11 11:23:04 +12:00
Clint c9de6a4173 provider/aws: Change a few policy test docs to use heredoc format, to prevent regressions (#8118) 2016-08-10 15:34:38 -05:00
Kraig Amador 742089f10c Fixing the certs, test now passes 2016-08-10 13:31:36 -07:00
Radek Simko 0e1bccafed
aws: Let acc ID validation fail when we have no ID
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
2016-08-10 17:30:49 +01:00
Clint 3fc119923e Revert "provider/aws: Added the ability to import aws_iam_role's" (#8112) 2016-08-10 11:18:03 -05:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Radek Simko 2073e80c66
aws/config: Shortened conditions [cleanup] 2016-08-10 15:25:16 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
Krzysztof Wilczynski f5b46b80e7 Add ability to set canned ACL in aws_s3_bucket_object. (#8091)
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-10 16:05:39 +12:00
Kraig Amador 6c2949fdac Added aws_iam_role import. Now that we read the assume_role_policy it highlights all of the tests that change this, so I've fixed a bunch of those while i'm in here. (#7617) 2016-08-10 12:16:59 +12:00
Chris Marchesi 41c23b2f04 provider/aws: Various IAM policy normalizations for IAM data source (#6956)
* Various string slices are sorted and truncated to strings if they
   only contain one element.
 * Sids are now included if they are empty.

This is to ensure what is sent to AWS matches what comes back, to
prevent recurring diffs even when the policy has changed.
2016-08-10 12:06:38 +12:00
Krzysztof Wilczynski 92d75b263c Add ability to set Requests Payer in aws_s3_bucket. (#8065)
Any S3 Bucket owner may wish to share data but not incur charges associated
with others accessing the data. This commit adds an optional "request_payer"
attribute to the aws_s3_bucket resource so that the owner of the S3 bucket can
specify who should bear the cost of Amazon S3 data transfer.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-10 11:01:17 +12:00
Mosley, Franklin 4d55b8e9ea Corrected printf verb of wrong type
Corrected printf verb by changing it from a string type to an int type.
2016-08-09 15:29:50 -07:00
Mosley, Franklin 6d7933b41a Added tests for expandPolicyAttributes/flattenPolicyAttributes 2016-08-09 15:29:50 -07:00
Mosley, Franklin eb0cd14f41 Changed `attribute` argument to be optional.
Changed the `attribute` argument of the resource to be optional vs.
required.
2016-08-09 15:29:50 -07:00
Mosley, Franklin a6de088375 Add new resource aws_lb_ssl_negotiation_policy
Added new resource to create an AWS ELB SSL negotiation policy, and an
acceptance test.
2016-08-09 15:29:13 -07:00
Clint 22684200b5 provider/aws: Fix line ending errors/diffs with IAM Server Certs (#8074)
* provider/aws: Failing IAM Server Cert test with windows line endings

* provider/aws: Fix IAM Server Cert issue with line encodings
2016-08-09 14:19:12 -05:00
Martin Atkins c6e8662838 Merge #7984: Data sources for AWS and Fastly IP address ranges 2016-08-09 09:53:05 -07:00
Joern Barthel 8ea400b442 Added tests. 2016-08-09 14:42:19 +02:00
Joern Barthel d0278ecf0f Normalize sets, don’t check for missing services. 2016-08-09 14:42:09 +02:00
stack72 ec310754cd
provider/aws: Add the documentation for the new * resources to the ERB layout 2016-08-09 15:43:02 +12:00
stack72 f5714ab5a9
Merge branch 'ewdurbin-elb_backend_auth' 2016-08-09 15:13:08 +12:00
stack72 c39bad01a1
provider/aws: Changing the region that * tests run against 2016-08-09 15:11:49 +12:00
stack72 1a0b2971dd
Merge branch 'elb_backend_auth' of https://github.com/ewdurbin/terraform into ewdurbin-elb_backend_auth 2016-08-09 14:08:28 +12:00
James Nugent 6ddb8f5975 provider/aws: session.New -> session.NewSession()
Version 1.3.1 deprecates use of `session.New()` in favour of
`session.NewSession()`, which also returns an error. This commit updates
the various call sites previously making use of `session.New()`.
2016-08-08 17:57:35 -05:00
Kevin Crawley 58a01f2fd5 #8051 :: bumped aws_rds_cluster timeout to 40 minutes (#8052) 2016-08-08 21:23:21 +01:00
stack72 fae6fcd399
Merge branch 'aurora_enhanced_rule' of https://github.com/Ticketmaster/terraform 2016-08-09 08:14:35 +12:00
Linda Xu a6d7980280 fix testAccAWSClusterInstanceEnhancedMonitor function 2016-08-08 01:15:22 -07:00
Paul Stack 2c5112ee2e provider/aws: `aws_s3_bucket` acceleration_status not available in china (#7999)
or us-gov

Fixes #7969

`acceleration_status` is not available in China or US-Gov data centers.
Even querying for this will give the following:

```
Error refreshing state: 1 error(s) occurred:

2016/08/04 13:58:52 [DEBUG] plugin: waiting for all plugin processes to
complete...
* aws_s3_bucket.registry_cn: UnsupportedArgument: The request contained
* an unsupported argument.
        status code: 400, request id: F74BA6AA0985B103
```

We are going to stop any Read calls for acceleration status from these
data centers

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSS3Bucket_'                                  ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSS3Bucket_
-timeout 120m
=== RUN   TestAccAWSS3Bucket_Notification
--- PASS: TestAccAWSS3Bucket_Notification (409.46s)
=== RUN   TestAccAWSS3Bucket_NotificationWithoutFilter
--- PASS: TestAccAWSS3Bucket_NotificationWithoutFilter (166.84s)
=== RUN   TestAccAWSS3Bucket_basic
--- PASS: TestAccAWSS3Bucket_basic (133.48s)
=== RUN   TestAccAWSS3Bucket_acceleration
--- PASS: TestAccAWSS3Bucket_acceleration (282.06s)
=== RUN   TestAccAWSS3Bucket_Policy
--- PASS: TestAccAWSS3Bucket_Policy (332.14s)
=== RUN   TestAccAWSS3Bucket_UpdateAcl
--- PASS: TestAccAWSS3Bucket_UpdateAcl (225.96s)
=== RUN   TestAccAWSS3Bucket_Website_Simple
--- PASS: TestAccAWSS3Bucket_Website_Simple (358.15s)
=== RUN   TestAccAWSS3Bucket_WebsiteRedirect
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (380.38s)
=== RUN   TestAccAWSS3Bucket_WebsiteRoutingRules
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (258.29s)
=== RUN   TestAccAWSS3Bucket_shouldFailNotFound
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (92.24s)
=== RUN   TestAccAWSS3Bucket_Versioning
--- PASS: TestAccAWSS3Bucket_Versioning (654.19s)
=== RUN   TestAccAWSS3Bucket_Cors
--- PASS: TestAccAWSS3Bucket_Cors (143.58s)
=== RUN   TestAccAWSS3Bucket_Logging
--- PASS: TestAccAWSS3Bucket_Logging (249.79s)
=== RUN   TestAccAWSS3Bucket_Lifecycle
--- PASS: TestAccAWSS3Bucket_Lifecycle (259.87s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
3946.464s
```

thanks to @kwilczynski and @radeksimko for the research on how to handle the generic
errors here

Running these over a 4G tethering connection has been painful :)
2016-08-08 08:05:54 +01:00
Linda Xu a5f3deb7ec Aurora Enhanced monitoring support 2016-08-07 23:43:47 -07:00
Ernest W. Durbin III 7036d9e1c4 d.SetId before return, may be up too late.
pass `go tool vet` (great resource by the way)
2016-08-07 23:20:26 -04:00
Ernest W. Durbin III 4f07b92447 address feedback from @stack72 on PR #7458
as of Mon Aug  8 03:08:21 UTC 2016
2016-08-07 23:09:00 -04:00
Ernest W. Durbin III 57d3c722e2 rename aws load balancer policy resources
team redundancy team had a good run, but is over now
2016-08-07 23:08:49 -04:00
Carlos Sanchez e3b7760af4 [AWS] Retry AttachInternetGateway and increase timeout (#7891) 2016-08-08 13:30:14 +12:00
Andy Chan 5ac8ae1338 Adding firehose to elastic search support (#7839)
Add firehose elasticsearch configuration documentation

Adding CRUD for elastic search as firehose destination

Updated the firehose stream documentation to add elastic search as destination example.

Adding testing for es as firehose destination

Update the test case for es
2016-08-08 12:21:18 +12:00
Paul Stack 5c0662f0eb provider/aws: Change the way ARNs are built (#7151)
ARNs used to be build using the iamconn.GetUser func call. This wouldn't
work on some scenarios and was changed so that we can expose the
AccountId and Region via meta

This commit just changes the build ARN funcs to use this new way of
doing things
2016-08-07 17:36:00 +10:00
Clint 6edf1b4972 provider/aws: Fix issue updating ElasticBeanstalk Environment Settings (#7777)
* provider/aws: Fix issue updating ElasticBeanstalk Environment Settings

Fixes the logic that updated settings for Elastic Beanstalk Environments.
Because the update is done in the same API call, we need to split removals /
additions.

Fixes #6890

* add acc test that fails on master
2016-08-07 17:34:58 +10:00
stack72 a5d4ec65b5
Merge branch 'master' of github.com:hashicorp/terraform 2016-08-07 19:29:20 +12:00
stack72 68991a5310
provider/aws: Add an acceptance test that covers the new behaviour in
the `aws_iam_group_membership` resource

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSGroupMembership_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSGroupMembership_ -timeout 120m
=== RUN   TestAccAWSGroupMembership_basic
--- PASS: TestAccAWSGroupMembership_basic (74.14s)
=== RUN   TestAccAWSGroupMembership_paginatedUserList
--- PASS: TestAccAWSGroupMembership_paginatedUserList (273.29s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    347.447s
```
2016-08-07 19:28:14 +12:00
Jared Biel 09f7fb0c34 Fix S3 provider redirect_all_requests_to behavior. #5142 (#7883)
The S3 API has two parameters that can be passed to it (HostName
and Protocol) for the RedirectAllRequestsTo functionality.
HostName is somewhat poorly named because it need not be only a
hostname (it can contain a path too.)

The terraform code for this was treating the API as the parameter
name suggests and was truncating out any paths that were passed.
2016-08-07 17:16:31 +10:00
stack72 118906ed07
Merge branch 'group-membership-pagination' of https://github.com/miquella/terraform 2016-08-07 19:03:42 +12:00
Krzysztof Wilczynski 9c54e9c955 Add aws_vpn_gateway_attachment resource. (#7870)
This commit adds VPN Gateway attachment resource, and also an initial tests and
documentation stubs.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-07 09:29:51 +10:00
Joern Barthel 9f565285d1 Renamed blocks to cidr_blocks. 2016-08-05 21:29:43 +02:00
Joern Barthel 2caae49a3b Fail if filter yields no results. 2016-08-05 21:29:43 +02:00
Joern Barthel e21203a369 Changed sync token to int and use it as id. 2016-08-05 21:29:32 +02:00
Paul Stack 6899246b98 provider/aws: Updates `aws_cloudformation_stack` Update timeout (#7997)
Fixes #7996

The Create func was using the timeout that we were passing to the
resource. Update func was not.

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSCloudFormation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudFormation_ -timeout 120m
=== RUN   TestAccAWSCloudFormation_basic
--- PASS: TestAccAWSCloudFormation_basic (120.61s)
=== RUN   TestAccAWSCloudFormation_defaultParams
--- PASS: TestAccAWSCloudFormation_defaultParams (121.40s)
=== RUN   TestAccAWSCloudFormation_allAttributes
--- PASS: TestAccAWSCloudFormation_allAttributes (263.29s)
=== RUN   TestAccAWSCloudFormation_withParams
--- PASS: TestAccAWSCloudFormation_withParams (205.52s)
=== RUN   TestAccAWSCloudFormation_withUrl_withParams
--- PASS: TestAccAWSCloudFormation_withUrl_withParams (402.71s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1113.552s
```
2016-08-05 09:44:10 +01:00
Paul Stack 744b266995 provider/aws: Support `aws_elasticsearch_domain` upgrades to (#7860)
`elasticsearch_version` 2.3

Fixes #7836
This will allow ElasticSearch domains to be deployed with version 2.3 of
ElasticSearch

The other slight modifications are to stop dereferencing values before
passing to d.Set in the Read func. It is safer to pass the pointer to
d.Set and allow that to dereference if there is a value

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticSearchDomain_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticSearchDomain_ -timeout 120m
=== RUN   TestAccAWSElasticSearchDomain_basic
--- PASS: TestAccAWSElasticSearchDomain_basic (1611.74s)
=== RUN   TestAccAWSElasticSearchDomain_v23
--- PASS: TestAccAWSElasticSearchDomain_v23 (1898.80s)
=== RUN   TestAccAWSElasticSearchDomain_complex
--- PASS: TestAccAWSElasticSearchDomain_complex (1802.44s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	5313.006s
```

Update resource_aws_elasticsearch_domain.go
2016-08-05 08:59:15 +01:00
Radek Simko ebf6e51b32 provider/aws: Retry association of IAM Role & instance profile (#7938) 2016-08-05 16:12:27 +10:00
Krzysztof Wilczynski 99d8c2a3b3 Fix. Handle lack of snapshot ID for a volume. (#7995)
This commit resolves the issue where lack of snapshot ID in the device mapping
section of the API response to DescribeImagesResponse would cause Terraform to
crash due to a nil pointer dereference. Usually, the snapshot ID is included,
but in some unique cases (e.g. ECS-enabled AMI from Amazon available on the
Market Place) a volume that is attached might not have it.

The API documentation does not clearly define whether the snapshot ID either
should be or must be included for any volume in the response.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-05 13:04:57 +10:00
Krzysztof Wilczynski 19800b8e26 Add state filter to aws_availability_zones data source. (#7965)
* Add state filter to aws_availability_zones data source.

This commit adds an ability to filter Availability Zones based on state, where
by default it would only list available zones.

Be advised that this does not always works reliably for an older accounts which
have been created in the pre-VPC era of EC2. These accounts tends to retrieve
availability zones that are not VPC-enabled, thus creation of a custom subnet
within such Availability Zone would result in a failure.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Update documentation for aws_availability_zones data source.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Do not filter on state by default.

This commit makes the state filter applicable only when set.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-05 10:14:05 +10:00
Raphael Randschau 582e3bd883 provider/aws: guard against missing digestSha 7956 (#7966) 2016-08-05 05:26:43 +10:00
Joern Barthel 8accef2c27 Added IP ranges from AWS 2016-08-04 19:20:14 +02:00
grayaii cb5062d237 Increase timeout yet again for aws elasticsearch resource
We create hundreds of AWS Elasticsearch resources over the last few months and we get occasional timeout failures from AWS.  This will PR is to increase the timeout once again. I did it before:
https://github.com/hashicorp/terraform/pull/5910/files
But we've seen enough timeouts from AWS on this resource that increasing the timeout seems like the only solution.
2016-08-03 16:39:28 +02:00
James Nugent 6bd3712f03 Merge pull request #7895 from hashicorp/import-aws-dbsg
provider/aws: Support Import of `aws_db_security_group`
2016-08-01 19:44:15 -05:00
James Nugent acb6fb5422 Merge pull request #7896 from hashicorp/import-aws-redshiftsg
provider/aws: Support Import of `aws_redshift_security_group`
2016-08-01 19:43:27 -05:00
James Nugent f76c1ec921 provider/aws: Fix aws_route53_record 0-2 migration (#7907)
When migrating the state of an `aws_route53_record`, a v0 state was
never upgraded to v2, and a typo in a unit test masked this. This commit
fixes the migration by chaining the invocation of the migration
function, and corrects the test.
2016-08-02 09:54:17 +10:00
stack72 8bb7e619b5
provider/aws: Support Import of `aws_redshift_security_group`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSRedshiftSecurityGroup_importBasic
--- PASS: TestAccAWSRedshiftSecurityGroup_importBasic (30.87s)
=== RUN   TestAccAWSRedshiftSecurityGroup_ingressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressCidr (30.45s)
=== RUN   TestAccAWSRedshiftSecurityGroup_updateIngressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressCidr (72.78s)
=== RUN   TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup (49.73s)
=== RUN   TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup
(92.44s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    276.291s
```
2016-08-02 02:03:43 +10:00
stack72 91596b4a71
provider/aws: Support Import of `aws_db_security_group`
This test overrides the AWS_DEFAULT_REGION parameter as the security
groups are created in us-east-1 (due to classic VPC requirements)

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_importBasic -timeout 120m
=== RUN   TestAccAWSDBSecurityGroup_importBasic
--- PASS: TestAccAWSDBSecurityGroup_importBasic (49.46s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    49.487s
```
2016-08-02 01:42:54 +10:00
Paul Stack 1bdc2f1c5f provider/aws: `aws_vpn_gateway` should be removed from state when in (#7861)
deleted state

Fixes #7859

When a VPN Gateway has been manually deleted, we should expect it to be
added back to the plan

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_
-timeout 120m
=== RUN   TestAccAWSVpnGateway_importBasic
--- PASS: TestAccAWSVpnGateway_importBasic (247.94s)
=== RUN   TestAccAWSVpnGateway_basic
--- PASS: TestAccAWSVpnGateway_basic (409.50s)
=== RUN   TestAccAWSVpnGateway_reattach
--- PASS: TestAccAWSVpnGateway_reattach (211.33s)
=== RUN   TestAccAWSVpnGateway_delete
--- PASS: TestAccAWSVpnGateway_delete (121.10s)
=== RUN   TestAccAWSVpnGateway_tags
--- PASS: TestAccAWSVpnGateway_tags (125.38s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1115.274s
```
2016-07-29 21:12:51 +01:00
Clint a9aaf44a87 fix make issues (supersedes #7868) (#7876)
* Fixing the make error or invalid data type for errorf and printf

* fix make errors
2016-07-29 21:05:57 +01:00
Paul Stack 37557f9452 provider/aws: Fix up `aws_api_gateway_api_key` import test (#7873)
This changes the behaviour of `aws_api_gateway_integration` to set the
`passthrough_behaviour` to be computed as this was breaking the import
test

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAPIGatewayApiKey_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSAPIGatewayApiKey_importBasic -timeout 120m
=== RUN   TestAccAWSAPIGatewayApiKey_importBasic
--- PASS: TestAccAWSAPIGatewayApiKey_importBasic (50.19s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    50.210s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAPIGatewayIntegration_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSAPIGatewayIntegration_ -timeout 120m
=== RUN   TestAccAWSAPIGatewayIntegration_basic
--- PASS: TestAccAWSAPIGatewayIntegration_basic (67.43s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    67.449s
```
2016-07-29 20:20:50 +01:00
Clint 0024358b08 Update resource_aws_db_instance_test.go 2016-07-28 14:30:50 -05:00
Krzysztof Wilczynski 63a14be8da Add ability to set Performance Mode in aws_efs_file_system. (#7791)
* Add ability to set Performance Mode in aws_efs_file_system.

The Elastic File System (EFS) allows for setting a Performance Mode during
creation, thus enabling anyone to chose performance of the file system according
to their particular needs. This commit adds an optional "performance_mode"
attribte to the aws_efs_file_system resource so that an appropriate mode can be
set as needed.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add test coverage for the ValidateFunc used.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add "creation_token" and deprecate "reference_name".

Add the "creation_token" attribute so that the resource follows the API more
closely (as per the convention), thus deprecate the "reference_name" attribute.

Update tests and documentation accordingly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-07-28 11:19:39 +01:00
Paul Stack 3f83f0b9f9 provider/aws: Enable Redshift Cluster Logging (#7813)
Fixes #7423

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_loggingEnabled'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftCluster_loggingEnabled -timeout 120m
=== RUN   TestAccAWSRedshiftCluster_loggingEnabled
--- PASS: TestAccAWSRedshiftCluster_loggingEnabled (675.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    675.233s
```
2016-07-27 22:16:32 +01:00
clint shryock f0021e1f03 provider/aws: Seperate out TestAccAWSDBInstance_iops_update into it's own run
This will seperate the TestAccAWSDBInstance_iops_update test into it's own
namespace for testing by itself in Travis
2016-07-27 11:07:37 -05:00
James Bardin 735e425daa Merge pull request #7831 from hashicorp/jbardin/unused-vars
Remove unused variables
2016-07-27 11:55:57 -04:00
Paul Stack 8ed549c3b5 provider/aws: Don't delete Lambda function from state on initial call of (#7829)
the Read func

Fixes #7782

Lambda functions are eventually consistent :( Therefore, when we move
from the Create func to the Read func, there is a chance that the Lambda
hasn't replicated yet and we could therefore find that it doesn't exist
and delete it as follows:

```
params := &lambda.GetFunctionInput{
        FunctionName: aws.String(d.Get("function_name").(string)),

}

    getFunctionOutput, err := conn.GetFunction(params)
    if err != nil {
            if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
                        d.SetId("")
                                    return nil

            }
                    return err

    }
```

This PR uses `d.IsNewResource()` to check if the Read is being called
after a Create and therefore, won't delete the lambda if not found. This
should allow the lambda to replicate

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLambdaFunction_'
=> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSLambdaFunction_ -timeout 120m
=== RUN   TestAccAWSLambdaFunction_importLocalFile
--- PASS: TestAccAWSLambdaFunction_importLocalFile (36.64s)
=== RUN   TestAccAWSLambdaFunction_importLocalFile_VPC
--- PASS: TestAccAWSLambdaFunction_importLocalFile_VPC (45.17s)
=== RUN   TestAccAWSLambdaFunction_importS3
--- PASS: TestAccAWSLambdaFunction_importS3 (40.88s)
=== RUN   TestAccAWSLambdaFunction_basic
--- PASS: TestAccAWSLambdaFunction_basic (44.77s)
=== RUN   TestAccAWSLambdaFunction_VPC
--- PASS: TestAccAWSLambdaFunction_VPC (44.13s)
=== RUN   TestAccAWSLambdaFunction_s3
--- PASS: TestAccAWSLambdaFunction_s3 (43.62s)
=== RUN   TestAccAWSLambdaFunction_localUpdate
--- PASS: TestAccAWSLambdaFunction_localUpdate (33.49s)
=== RUN   TestAccAWSLambdaFunction_localUpdate_nameOnly
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (51.83s)
=== RUN   TestAccAWSLambdaFunction_s3Update
--- PASS: TestAccAWSLambdaFunction_s3Update (106.49s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    447.055s
```

Thanks to @radeksimko for pointing out `d.IsNewResource()`
2016-07-27 16:47:25 +01:00
James Bardin 142f689f96 Remove unused variables
These variables weren't used, but the compiler misses them since they
are captured in a closure.
2016-07-27 11:42:21 -04:00
stack72 4e1d54ad51
provider/aws: Change the resource name expected as part of sqs queue import test 2016-07-26 21:59:21 +01:00
stack72 3a1f2e6fe9
Merge branch 'master' into b-aws-sqs-defaults 2016-07-26 21:51:48 +01:00
Clint ff9ad3cc40 provider/aws: Fix issue updating ElasticBeanstalk Environment templates (#7811)
* provider/aws: Fix issue removing templates from ElasticBeanstalk

* regression test
2016-07-26 15:04:03 -05:00
clint shryock 348f6bad50 provider/aws: Apply defaults to SQS Queues 2016-07-26 14:53:45 -05:00
clint shryock 6a42717f55 update sqs test to fail on reverting to defaults 2016-07-26 14:41:54 -05:00
clint shryock 0e6ff77433 provider/aws: Restore Defaults to SQS Queues 2016-07-26 10:30:52 -05:00
clint shryock 5050d4555c provider/aws: ignore force_destroy on AWSUser Import test 2016-07-26 09:56:50 -05:00
stack72 63db19f564
Merge branch 'master' of github.com:hashicorp/terraform 2016-07-26 10:43:42 +01:00
stack72 76aea014cc
provider/aws: Making some slight changes to the tests in resources 2016-07-26 10:43:14 +01:00
Andreas Skarmutsos Lindh 1f400671c8
added applicationautoscaling from aws-sdk-go
using: `govendor add
github.com/aws/aws-sdk-go/service/applicationautoscaling@v1.2.5`

introduce a retry for scalable target creation

Due to possible inconsistencies in IAM, let's retry creation of the scalable target before we fail.

Added IAM role as part of acceptance test
2016-07-26 10:43:09 +01:00
Andreas Skarmutsos Lindh cc912c39e5
AWS Application AutoScaling
Initial work on two new resource types:
* `aws_appautoscaling_target`
* `aws_appautoscaling_policy`

Fix acc tests
2016-07-26 10:43:06 +01:00
Andy Chan ba10720e5d Adding passthrough behavior for API Gateway integration (#7801) 2016-07-26 09:38:51 +01:00
Zachary Salzbank afb06f907f providers/aws: expose network interface id (#6751)
Expose the network interface ID that is created with a new instance.

This can be useful when associating an existing elastic IP to the
default interface on an instance that has multiple network interfaces.
2016-07-25 19:52:40 +01:00
Jonathan McCall 3c702f2d75 Ignore missing ENI attachment when trying to detach (#7185) 2016-07-25 18:48:33 +01:00
Paul Stack 31b8cde45c provider/aws: Support Import `aws_dynamodb_table` (#7352)
There were some changes required to the Read func to get this working.
The initial set of tests showed the following:

```
testing.go:255: Step 1 error: ImportStateVerify attributes not equivalent. Difference is shown below. Top is actual, bottom is expected.

        (map[string]string) {
        }

        (map[string]string) (len=8) {
         (string) (len=8) "hash_key": (string) (len=16) "TestTableHashKey",
         (string) (len=23) "local_secondary_index.#": (string) (len=1) "1",
         (string) (len=36) "local_secondary_index.884610231.name": (string) (len=12) "TestTableLSI",
         (string) (len=52) "local_secondary_index.884610231.non_key_attributes.#": (string) (len=1) "0",
         (string) (len=47) "local_secondary_index.884610231.projection_type": (string) (len=3) "ALL",
         (string) (len=41) "local_secondary_index.884610231.range_key": (string) (len=15) "TestLSIRangeKey",
         (string) (len=4) "name": (string) (len=38) "TerraformTestTable-2710929679033484576",
         (string) (len=9) "range_key": (string) (len=17) "TestTableRangeKey"
        }
```

On investigation, this was telling me that `hash_key`, `range_key`, `name` and `local_secondary_index` were not being set on the Read func

When they were being set, all looks as expected:

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDynamoDbTable_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDynamoDbTable_ -timeout 120m
=== RUN   TestAccAWSDynamoDbTable_importBasic
--- PASS: TestAccAWSDynamoDbTable_importBasic (20.39s)
=== RUN   TestAccAWSDynamoDbTable_basic
--- PASS: TestAccAWSDynamoDbTable_basic (39.99s)
=== RUN   TestAccAWSDynamoDbTable_streamSpecification
--- PASS: TestAccAWSDynamoDbTable_streamSpecification (50.44s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	110.841s
```
2016-07-25 15:31:00 +01:00
Partha Dutta 7de54533f9 Support greater than twenty db parameters (#7364)
* aws_db_parameter_group: Support more than 20 parameters in a single update

* create test to prove greater than 20 database parameters can be processed

* update test to prove updating greater than 20 database parameters can be processed

* Issues with certain key value database parameters

Cannot create a passing test for database parameters "innodb_file_per_table" and "binlog_format"
It seems that these parameters can be created and tested successfully
BUT after the "parameter group" has been destroyed, it then makes a "DescribeDBParameterGroups" call
This fails with a 404 error...makes sense since the group does not exist

Have very little understanding of how the test framework works, so am struggling to debug

Currently commented out to have a passing test

* reorder create database parameter group dataset

* reorder update database parameter group dataset

* typo: excede => exceed

* add one extra database parameter; now it is 41 in total

* added test for additonal database parameter added in previous commit

* remove commented out database parameters from test
2016-07-25 13:25:36 +01:00
Brian Menges 17b16f543e Ignore IOPS on non io1 AWS devices (#7783)
- Already ignoring IOPS on ebs attached non-io1 devices; extended to root_block_device
- Added warning captured from #4146 / [../blob/master/builtin/providers/aws/resource_aws_ebs_volume.go#L104](resource_aws_ebs_volume.go#L104)
- Added test when setting IOPS to 330 (11GiB * 30 = 330) on GP2 root device results in AWS reported 100 IOPS (successfully ignored input)
2016-07-25 12:32:24 +01:00
David Tolnay ad62f09061 provider/aws: Delete access keys before deleting IAM user (#7766)
* provider/aws: Delete access keys before deleting IAM user

* provider/aws: Put IAM key removal behind force_destroy option

* provider/aws: Move all access key deletion under force_destroy

* Add iam_user force_destroy to website

* provider/aws: Improve clarity of looping over pages in delete IAM user
2016-07-25 08:15:03 +01:00
Paul Stack 8c88038647 provider/aws: `aws_redshift_cluster` `number_of_nodes` was having the (#7771)
wrong value set to state

we used `len(ClusterNodes)` rather than NumberOfNodes :)

This was picked up by the nightly tests! <3
2016-07-22 18:14:30 +01:00
clint shryock c4e6c14fec provider/aws: Restore lost client.simpledbconn initialization
It once was lost but now is found!
2016-07-22 10:33:30 -05:00
James Bardin 2712328d5a Merge pull request #7756 from hashicorp/jbardin/tf-atlas-version
core: send version info to atlas
2016-07-22 10:56:43 -04:00
stack72 2340d576b1
provider/aws: Rename the ECS Container Data Source test 2016-07-22 13:49:06 +01:00