The AWS documentation tells us the following:
```
--replication-group-id (string)
The replication group identifier. This parameter is stored as a
lowercase string.
Constraints:
A name must contain from *1 to 20* alphanumeric characters or hyphens.
The first character must be a letter.
A name cannot end with a hyphen or contain two consecutive hyphens.
```
This is not correct and is causing users errors:
```
* aws_elasticache_replication_group.bar: Error creating Elasticache
* Replication Group: InvalidParameterValue: Replication group id should
* be no more than 16 characters.
status code: 400, request id:
```
Tuning the Validation from 20 to 16 characters to avoid user issues
This commit cleans up the google_compute_firewall resource to the Go
1.5+ style of not requiring map values to declare their type if they can
be inferred.
As part of Terraform 0.7.1 it was observed in issue #8345 that the state
migration for google_compute_firewall did not appear to be running,
causing a panic when an uninitialized member was read. This commit hooks
up the state migration function (which _was_ independently unit tested
but was not actually in place).
There is currently no good test framework for this, I will address this
issue in a future RFC.
In cases where the filters provided by AWS against the name of an AMI are not
sufficient, allow adding a "local_name_filter" which is a regex that is used
to filter the AMIs returned by amazon.
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints, and then use this base path mapping
resource to expose a particular API deployment at a path on such a domain.
The acceptance tests use certificates from the aws_api_gateway_domain_name
tests which expire in 2026; we'll need to generate some more certificates
before we get there.
API Gateway allows users to "claim" a domain name for use as a custom
hostname for deployed API endpoints. The domain name resource just claims
the domain name; a user would then use a "base path mapping" resource
(to be implemented in a later commit) to map a particular API to a
particular path prefix on that domain.
The acceptance tests contain some TLS certificates that expire in 2026;
we'll need to generate some more certificates before we get there.
NotFound
Fixes#8375
When a Lambda or an associated Event Source Mapping has been removed via
the AWS Console, Terraform throws an error similar to the following:
```
Error refreshing state: 1 error(s) occurred:
* aws_lambda_event_source_mapping.dmp_enrichment_event_source_mapping:
* ResourceNotFoundException: The resource you requested does not exist.
status code: 404, request id: a17c641d-6868-11e6-accf-3d0ea71934fa
```
the resource should be refreshed from the state when this happens so
that subsequent plans show it needs to be recreated
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLambdaEventSourceMapping_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 16:15:54 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSLambdaEventSourceMapping_ -timeout 120m
=== RUN TestAccAWSLambdaEventSourceMapping_basic
--- PASS: TestAccAWSLambdaEventSourceMapping_basic (120.81s)
=== RUN TestAccAWSLambdaEventSourceMapping_disappears
--- PASS: TestAccAWSLambdaEventSourceMapping_disappears (104.08s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 224.914s
```
* Add import support
* Add import tests
* Fix tags/thresholds
* The type of the object is a float but the tests were using integers, so the
tests were also adjusted to match.
* Fix Float formatting
* Provide thresholds as map[string]string to deal with formatting issues
* Adjust tests to deal with loss of trailing zeros on floats
This commit adds two optional blocks called "accepter" and "requester" to the
resource allowing for setting desired VPC Peering Connection options for VPCs
that participate in the VPC peering.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit adds an `arn` field to `aws_alb` and `aws_alb_target_group`
resources, in order to present a more coherant user experience to people
using resource variables in fields suffixed "arn".
* provider/archive: grant more permissions for output directories
* provider/archive: place test output in temp dir
we don't want to pollute terraform source folders…
This commit fixes#8264 by making the security_groups attribute on
aws_alb resources computed, allowing the default security group assigned
by AWS to not generate perpetual plans forcing new resources.
* provider/archive: use output_path instead of FileInfo
FileInfo.Name() returns the basename of the output path, which forces you to
never place archives in subdirectories
* provider/archive: add test for subdirectory output_path
* provider/archive: camelCase output_path variable
Setting the idle_timeout_in_minutes value of the azurerm_public_ip
resource always caused a panic.
This fixes it and adds a test to actually test that particular
attribute.
* provider/consul: first stab at adding prepared query support
* provider/consul: flatten pq resource
* provider/consul: implement updates for PQ's
* provider/consul: implement PQ delete
* provider/consul: add acceptance tests for prepared queries
* provider/consul: add template support to PQ's
* provider/consul: use substructures to express optional related components for PQs
* website: first pass at consul prepared query docs
* provider/consul: PQ's support datacenter option and store_token option
* provider/consul: remove store_token on PQ's for now
* provider/consul: allow specifying a separate stored_token
* website: update consul PQ docs
* website: add link to consul_prepared_query resource
* vendor: update github.com/hashicorp/consul/api
* provider/consul: handle 404's when reading prepared queries
* provider/consul: prepared query failover dcs is a list
* website: update consul PQ example usage
* website: re-order arguments for consul prepared queries
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.
This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.
This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
* provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be
Updatable
Fixes#7809
This commit adds support for `source_ids` to be updated rather than
forcing new each time. Unfortunately, it must range over the difference
in the source_ids and add and remove them 1 at a time. AWS does not
support batch updating source_ids
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBEventSubscription_ -timeout 120m
=== RUN TestAccAWSDBEventSubscription_basicUpdate
--- PASS: TestAccAWSDBEventSubscription_basicUpdate (1277.87s)
=== RUN TestAccAWSDBEventSubscription_withSourceIds
--- PASS: TestAccAWSDBEventSubscription_withSourceIds (1012.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
2290.844s
```
* Update resource_aws_db_event_subscription.go
* provider/aws: Adds an acceptance test that makes sure that manual deletions mean a non-empty plan
* provider/aws: Adds an acceptance test to prove that manual deletion causes a non-empty plan
* provider/aws: Add failing ETC + notifications test
* tidy up the docs some
* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this
http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 19.483s
or availability_zone
Fixes#8000
There was a hard coded panic in the code!!!
```
panic(
fmt.Sprintf(
"Must set one of:\navailability_zone %#v\nsubnet_id: %#v",
m["availability_zone"],
m["subnet_id"])
)
```
This was causing issues when we set neither an availability zone or a subnet id.
This has been removed and is now handled with an error rather than a panic.
This was what happened with the new test before the fix:
```
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
panic: Must set one of:
availability_zone ""
subnet_id: ""
goroutine 129 [running]:
panic(0x11377a0, 0xc8202abfc0)
/opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
github.com/hashicorp/terraform/builtin/providers/aws.hashLaunchSpecification(0x11361a0, 0xc8202e07e0, 0xc800000001)
/Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_spot_fleet_request.go:953 +0x685
github.com/hashicorp/terraform/helper/schema.(*Set).hash(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0x0, 0x0)
/Users/stacko/Code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:180 +0x40
github.com/hashicorp/terraform/helper/schema.(*Set).add(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0xc820276900, 0x0, 0x0)
```
The test then ran fine after the fix:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:03:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (32.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 32.384s
```
Full test run looks as follows:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_' ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:04:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_basic
--- PASS: TestAccAWSSpotFleetRequest_basic (33.78s)
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (33.59s)
=== RUN TestAccAWSSpotFleetRequest_launchConfiguration
--- PASS: TestAccAWSSpotFleetRequest_launchConfiguration (35.26s)
=== RUN TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 102.648s
```
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.
This will need revisiting and further testing once the work for
AssumeRole is integrated.
Fixes#7812
All of the options of `aws_db_security_group` ingress rules are
optional. Therefore, when one of them isn't set (and AWS doesn't
calculate the value), Terraform threw a panic
This commit just defensively codes around this fact. It checks to make
sure there is a value returned from the API before adding it to the map
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_ -timeout 120m
=== RUN TestAccAWSDBSecurityGroup_basic
--- PASS: TestAccAWSDBSecurityGroup_basic (38.66s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 38.682s
```
* add dep for servicebus client from azure-sdk-for-node
* add servicebus namespaces support
* add docs for servicebus_namespaces
* add Microsoft.ServiceBus to providers list
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
The code only waited until one or more IPv4 interfaces came online.
If you only had IPv6 interfaces attached to your machine, then the
machine creation process would completely stall.
IPV6 Addresses are generally case insensitive but it is recommented to
store them as lowercase (https://tools.ietf.org/html/rfc5952#section-4.3)
When Terraform didn't store them as LowerCase, we got the following
error when using in DNS records:
```
-/+ digitalocean_record.web6
domain: "mydomain.com" => "mydomain.com"
fqdn: "web02.in.mydomain.com" => "<computed>"
name: "web02.in" => "web02.in"
port: "0" => "<computed>"
priority: "0" => "<computed>"
type: "AAAA" => "AAAA"
value: "2a03:b0c0:0003:00d0:0000:0000:0b66:6001" => "2A03:B0C0:0003:00D0:0000:0000:0B66:6001" (forces new resource)
weight: "0" => "<computed>"
```
There was no need for this to be the case. We now enforce lowercase on both state and also when responses are returned from the API
in the process
Fixes#7577
7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.
The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
- adds "source_uri" field
- "source_uri" expects the URI to an existing blob that you have access
to
- it can be in a different storage account, or in the Azure File service
- the docs have been updated to reflect the change
Signed-off-by: Dan Wendorf <dwendorf@pivotal.io>
* Overriding S3 endpoint - Enable specifying your own
S3 api endpoint to override the default one, under
endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
configuration to the provider.
This commit fixes an issue where CORS rules would not be read and thus refreshed
correctly should there be a change introduced externally e.g. CORS configuration
was edited outside of Terraform.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* providers/google: Add google_compute_image resource
This change introduces the google_compute_image resource, which allows
Terraform users to create a bootable VM image from a raw disk tarball
stored in Google Cloud Storage. The google_compute_image resource
may be referenced as a boot image for a google_compute_instance.
* providers/google: Support family property in google_compute_image
* provider/google: Idiomatic checking for presence of config val
* vendor: Update Google client libraries
* #7013 add tls config support to consul provider
* #7013 add acceptance tests
* #7013 use GFM tables
* #7013 require one of {CONSUL_ADDRESS,CONSUL_HTTP_ADDR} when running consul acc tests
* provider/aws: Re-implement api gateway parameter handling
this PR cleans up some left overs from PR #4295, namely the parameter handling.
now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.
* Add deprecation message and conflictsWith settings
following @radeksimko s advice, keeping the old code around with a deprecation
warning.
this should be cleaned up in a few releases
* provider/aws: fix missing append operation
* provider/aws: mark old parameters clearly as deprecated
* provider/aws work around #8104
following @radeksimko s lead
* provider/aws fix cnp error
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
* Skip IAM/STS validation and metadata check
* Skip IAM/STS identity validation - For environments or other api
implementations where there are no IAM/STS endpoints available, this
option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
time there isn't going to be a metadta api endpoint, this option lets
you opt out from that check to save time.
* Allow iam/sts initialization even if skipping account/cred validation
(#7874)
* Split out skip of IAM validation into credentials and account id
(#7874)
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Various string slices are sorted and truncated to strings if they
only contain one element.
* Sids are now included if they are empty.
This is to ensure what is sent to AWS matches what comes back, to
prevent recurring diffs even when the policy has changed.
Any S3 Bucket owner may wish to share data but not incur charges associated
with others accessing the data. This commit adds an optional "request_payer"
attribute to the aws_s3_bucket resource so that the owner of the S3 bucket can
specify who should bear the cost of Amazon S3 data transfer.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>