Previously the check for if we are setting `CidrBlock` or `IPv6CidrBlock` during an `Update` of the `aws_network_acl` resource would populate the input struct with a nil string value `""`. This caused our acceptance tests to fail, and broke the resource's functionality if a user only set `CidrBlock` or `IPv6CidrBlock` for either an `ingress` or `egress` rule as the API would error out with an `Invalid CidrBlock` error.
Previously:
```
aws_network_acl.bond: Error creating egress entry: InvalidParameterValue: CIDR block is malformed
status code: 400, request id: 0620e0b7-4e30-4c14-9a7a-5d373cc9f33b
```
Currently:
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSNetworkAcl'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/15 15:41:17 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkAcl -timeout 120m
=== RUN TestAccAWSNetworkAcl_importBasic
--- PASS: TestAccAWSNetworkAcl_importBasic (26.96s)
=== RUN TestAccAWSNetworkAclRule_basic
--- PASS: TestAccAWSNetworkAclRule_basic (23.08s)
=== RUN TestAccAWSNetworkAclRule_ipv6
--- PASS: TestAccAWSNetworkAclRule_ipv6 (26.24s)
=== RUN TestAccAWSNetworkAcl_EgressAndIngressRules
--- PASS: TestAccAWSNetworkAcl_EgressAndIngressRules (25.11s)
=== RUN TestAccAWSNetworkAcl_OnlyIngressRules_basic
--- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_basic (31.82s)
=== RUN TestAccAWSNetworkAcl_OnlyIngressRules_update
--- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_update (48.59s)
=== RUN TestAccAWSNetworkAcl_OnlyEgressRules
--- PASS: TestAccAWSNetworkAcl_OnlyEgressRules (25.48s)
=== RUN TestAccAWSNetworkAcl_SubnetChange
--- PASS: TestAccAWSNetworkAcl_SubnetChange (57.12s)
=== RUN TestAccAWSNetworkAcl_Subnets
--- PASS: TestAccAWSNetworkAcl_Subnets (67.55s)
=== RUN TestAccAWSNetworkAcl_ipv6Rules
--- PASS: TestAccAWSNetworkAcl_ipv6Rules (31.52s)
=== RUN TestAccAWSNetworkAcl_espProtocol
acc--- PASS: TestAccAWSNetworkAcl_espProtocol (24.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 387.855s
```
Fixes: #11824
A full set of acceptance tests for *all* OpsWorks tests are below. There is a single issue, opsworks_instance isn't ordering the layer_ids so it's non-deterministic which can come back. This introduces a false positive.
The opsworks tests are running both against us-east-1 for some and us-west-2 for others. This must be marked as a backwards incompatibility in 0.9 just incase people are using the opsworks region parameter to try and override the provider region
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksApplication' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:11:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksApplication -timeout 120m
=== RUN TestAccAWSOpsworksApplication
--- PASS: TestAccAWSOpsworksApplication (164.29s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 164.319s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksCustomLayer' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:16:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksCustomLayer -timeout 120m
=== RUN TestAccAWSOpsworksCustomLayerImportBasic
--- PASS: TestAccAWSOpsworksCustomLayerImportBasic (105.98s)
=== RUN TestAccAWSOpsworksCustomLayer
--- PASS: TestAccAWSOpsworksCustomLayer (92.68s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 198.684s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksPermission' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:23:28 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksPermission -timeout 120m
=== RUN TestAccAWSOpsworksPermission
--- PASS: TestAccAWSOpsworksPermission (226.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 226.386s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksRailsAppLayer' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:28:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksRailsAppLayer -timeout 120m
=== RUN TestAccAWSOpsworksRailsAppLayer
--- PASS: TestAccAWSOpsworksRailsAppLayer (129.39s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 129.426s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksUserProfile' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:37:46 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksUserProfile -timeout 120m
=== RUN TestAccAWSOpsworksUserProfile
--- PASS: TestAccAWSOpsworksUserProfile (42.60s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 42.624s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksStack' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 18:00:50 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksStack -timeout 120m
=== RUN TestAccAWSOpsworksStackImportBasic
--- PASS: TestAccAWSOpsworksStackImportBasic (50.28s)
=== RUN TestAccAWSOpsworksStackNoVpc
--- PASS: TestAccAWSOpsworksStackNoVpc (25.92s)
=== RUN TestAccAWSOpsworksStackVpc
--- PASS: TestAccAWSOpsworksStackVpc (76.80s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 153.025s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksRdsDbInstance' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:38:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksRdsDbInstance -timeout 120m
=== RUN TestAccAWSOpsworksRdsDbInstance
--- PASS: TestAccAWSOpsworksRdsDbInstance (916.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 916.177s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksInstance' 2 ↵
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 17:26:45 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksInstance -timeout 120m
=== RUN TestAccAWSOpsworksInstance_importBasic
--- PASS: TestAccAWSOpsworksInstance_importBasic (85.52s)
=== RUN TestAccAWSOpsworksInstance
--- FAIL: TestAccAWSOpsworksInstance (114.09s)
testing.go:268: Step 1 error: After applying this step, the plan was not empty:
DIFF:
UPDATE: aws_opsworks_instance.tf-acc
layer_ids.0: "4c29b76f-df72-409e-a5c4-9459b7d9b4a4" => "a4a859cf-2a07-447e-a151-a97a6d827db7"
layer_ids.1: "a4a859cf-2a07-447e-a151-a97a6d827db7" => "4c29b76f-df72-409e-a5c4-9459b7d9b4a4"
FAIL
exit status 1
FAIL github.com/hashicorp/terraform/builtin/providers/aws 199.643s
make: *** [testacc] Error 1
```
Fixes the two failing aws_ami acceptance tests, by polling until the AMI is deleted before exiting.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 16:03:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_basic -timeout 120m
=== RUN TestAccAWSAMI_basic
--- PASS: TestAccAWSAMI_basic (43.98s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 43.989s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_snapshotSize'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/14 16:07:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_snapshotSize -timeout 120m
=== RUN TestAccAWSAMI_snapshotSize
--- PASS: TestAccAWSAMI_snapshotSize (28.64s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.654s
```
If the user_arn changes on the user_profile resource we should delete it and recreate it
instead of attempting to modify it incorrectly and causing the terraform apply to fail.
I also added an acceptance test that will trigger this case.
Fixes: #12599
Before this patch:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_saml_provider.salesforce: Refreshing state... (ID: arn:aws:i...rce-test)
Error refreshing state: 1 error(s) occurred:
* aws_iam_saml_provider.salesforce: aws_iam_saml_provider.salesforce: NoSuchEntity: Manifest not found for arn arn:aws:iam::187416307283:saml-provider/tf-salesforce-test
status code: 404, request id: fc32c7f8-0631-11e7-8e1f-29a8c10edf64
```
After this patch:
```
% terraform plan ✚ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_saml_provider.salesforce: Refreshing state... (ID: arn:aws:i...rce-test)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_iam_saml_provider.salesforce
arn: "<computed>"
name: "tf-salesforce-test"
```
helper/schema: Rename Timeout resource block to Timeouts
- Pluralize configuration argument name to better represent that there is
one block for many timeouts
- use a const for the configuration timeouts key
- update docs
Fixes: #12506
When a replication_task cdc_start_time was specified as an int, it was
causing a panic as the conversion to a Unix timestampe was expecting a
string
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsDmsReplicationTaskBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/08 22:55:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsDmsReplicationTaskBasic -timeout 120m
=== RUN TestAccAwsDmsReplicationTaskBasic
--- PASS: TestAccAwsDmsReplicationTaskBasic (1089.77s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 1089.802s
```
Fixes: #7492
When we use the same IP Address, BGP ASN and VPN Type as an existing
aws_customer_gateway, terraform will take control of that gateway (not
import it!) and try and modify it. This could be very bad
There is a warning on the AWS documentation that one gateway of the same
parameters can be created, Terraform is now going to error if a gateway
of the same parameters is attempted to be created
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCustomerGateway_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/07 18:40:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCustomerGateway_ -timeout 120m
=== RUN TestAccAWSCustomerGateway_importBasic
--- PASS: TestAccAWSCustomerGateway_importBasic (31.11s)
=== RUN TestAccAWSCustomerGateway_basic
--- PASS: TestAccAWSCustomerGateway_basic (68.72s)
=== RUN TestAccAWSCustomerGateway_similarAlreadyExists
--- PASS: TestAccAWSCustomerGateway_similarAlreadyExists (35.18s)
=== RUN TestAccAWSCustomerGateway_disappears
--- PASS: TestAccAWSCustomerGateway_disappears (25.13s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 160.172s
```
This covers the scenario of an instance created by a spot request. Using
Terraform we only know the spot request is fulfilled but the instance can
still be pending which causes the attachment to fail.
* Ensures elb exists before negotiation policy check; Fixes#11260
* Adds acceptance test case for missing elb
* Adds back https properties for test elb
In the event that an unexpected state is returned from
`environmentStateRefreshFunc` errors in the Elastic Beanstalk console
will not be returned to the user.
* helper/schema: Add custom Timeout block for resources
* refactor DefaultTimeout to suuport multiple types. Load meta in Refresh from Instance State
* update vpc but it probably wont last anyway
* refactor test into table test for more cases
* rename constant keys
* refactor configdecode
* remove VPC demo
* remove comments
* remove more comments
* refactor some
* rename timeKeys to timeoutKeys
* remove note
* documentation/resources: Document the Timeout block
* document timeouts
* have a test case that covers 'hours'
* restore a System default timeout of 20 minutes, instead of 0
* restore system default timeout of 20 minutes, refactor tests, add test method to handle system default
* rename timeout key constants
* test applying timeout to state
* refactor test
* Add resource Diff test
* clarify docs
* update to use constants
Fixes:#11750
Before this change, adding a log_subscription_filter and then deleting
it manually would yield this error on terraform plan/apply:
```
% terraform plan ✹ ✭
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123)
aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name)
aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy)
aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123)
aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs)
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504)
Error refreshing state: 1 error(s) occurred:
* aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Subscription filter for log group example_lambda_name with name prefix test_lambdafunction_logfilter not found!
```
After this patch, we get the following behaviour:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123)
aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name)
aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123)
aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy)
aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs)
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter
destination_arn: "arn:aws:lambda:us-west-2:187416307283:function:example_lambda_name_example123"
filter_pattern: "logtype test"
log_group_name: "example_lambda_name"
name: "test_lambdafunction_logfilter"
role_arn: "<computed>"
Plan: 1 to add, 0 to change, 0 to destroy.
```
Fixes: #12232
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEFSFileSystem_pagedTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEFSFileSystem_pagedTags -timeout 120m
=== RUN TestAccAWSEFSFileSystem_pagedTags
--- PASS: TestAccAWSEFSFileSystem_pagedTags (39.51s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.537s
```
not found
Fixes: #12279
When manually deleting an autoscaling_group from the console, a
terraform plan would look as follows:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: test-0096cf26c7eebdc9fcb5bd1837)
aws_autoscaling_group.foobar: Refreshing state... (ID: test)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
Error refreshing state: 1 error(s) occurred:
* aws_autoscaling_schedule.foobar: aws_autoscaling_schedule.foobar: Error retrieving Autoscaling Scheduled Actions: ValidationError: Group test not found
status code: 400, request id: 093e9ed5-fe01-11e6-b990-1f64334b3a10
```
After this patch:
```
% terraform plan ✹ ✭
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: test-0096cf26c7eebdc9fcb5bd1837)
aws_autoscaling_group.foobar: Refreshing state... (ID: test)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_autoscaling_group.foobar
arn: "<computed>"
availability_zones.#: "1"
availability_zones.2487133097: "us-west-2a"
default_cooldown: "<computed>"
desired_capacity: "<computed>"
force_delete: "true"
health_check_grace_period: "300"
health_check_type: "ELB"
launch_configuration: "test-0096cf26c7eebdc9fcb5bd1837"
load_balancers.#: "<computed>"
max_size: "1"
metrics_granularity: "1Minute"
min_size: "1"
name: "test"
protect_from_scale_in: "false"
tag.#: "1"
tag.157008572.key: "Foo"
tag.157008572.propagate_at_launch: "true"
tag.157008572.value: "foo-bar"
termination_policies.#: "1"
termination_policies.0: "OldestInstance"
vpc_zone_identifier.#: "<computed>"
wait_for_capacity_timeout: "10m"
+ aws_autoscaling_schedule.foobar
arn: "<computed>"
autoscaling_group_name: "test"
desired_capacity: "0"
end_time: "2017-12-12T06:00:00Z"
max_size: "1"
min_size: "0"
recurrence: "<computed>"
scheduled_action_name: "foobar"
start_time: "2017-12-11T18:00:00Z"
Plan: 2 to add, 0 to change, 0 to destroy.
```
Fixes: #12205
You cannot use an index of an empty slide therefore, we got a panic as follows:
```
aws_ssm_association.foo: Creating...
instance_id: "" => "i-002f3898dc95350e7"
name: "" => "test_document_association-%s"
parameters.%: "" => "2"
parameters.directoryId: "" => "d-926720980b"
parameters.directoryName: "" => "corp.mydomain.com"
Error applying plan:
1 error(s) occurred:
* aws_ssm_association.foo: 1 error(s) occurred:
* aws_ssm_association.foo: unexpected EOF
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
panic: runtime error: index out of range
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws:
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: goroutine 1419 [running]:
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: panic(0x1567480, 0xc42000c110)
2017/02/23 21:41:45 [DEBUG] plugin: terraform-provider-aws: /usr/local/Cellar/go/1.7.4_1/libexec/src/runtime/panic.go:500 +0x1a1
```
This feature allows sending a notification to either an SQS queue or an
SNS topic when an error occurs running an AWS Lambda function.
This fixes#10630.
* provider/aws: New resource codepipeline
* Vendor aws/codepipeline
* Add tests
* Add docs
* Bump codepipeline to v1.6.25
* Adjustments based on feedback
* Force new resource on ID change
* Improve tests
* Switch update to read
Since we don't require a second pass, only do a read.
* Skip tests if GITHUB_TOKEN is not set
* Added new resource aws_elastic_beanstalk_application_version.
* Changing bucket and key to required.
* Update to use d.Id() directly in DescribeApplicationVersions.
* Checking err to make sure that the application version is successfully deleted.
* Update `version_label` to `Computed: true`.
* provider/aws: Updating to python solution stack
* provider/aws: Beanstalk App Version delete source
The Elastic Beanstalk API call to delete `application_version` resource
should not delete the s3 bundle, as this object is managed by another
Terraform resource
* provider/aws: Update application version docs
* Fix application version test
* Add `version_label` update test
Adds test that fails after rebasing branch onto v0.8.x. `version_label`
changes do not update the `aws_elastic_beanstalk_environment` resource.
* `version_label` changes to update environment
* Prevent unintended delete of `application_version`
Prevents an `application_version` used by multiple environments from
being deleted.
* Add `force_delete` attribute
* Update documentation
Fixes the `TestAccAWSAutoscalingLifecycleHook_omitDefaultResult` acceptance test to run in parallel.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingLifecycleHook_omitDefaultResult'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/15 22:33:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingLifecycleHook_omitDefaultResult -timeout 120m
=== RUN TestAccAWSAutoscalingLifecycleHook_omitDefaultResult
--- PASS: TestAccAWSAutoscalingLifecycleHook_omitDefaultResult (146.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 146.917s
```
This allows for updates to size, type and iops
Fixes: #11931
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_update'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/15 22:35:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_update -timeout 120m
=== RUN TestAccAWSEBSVolume_updateSize
--- PASS: TestAccAWSEBSVolume_updateSize (53.57s)
=== RUN TestAccAWSEBSVolume_updateType
--- PASS: TestAccAWSEBSVolume_updateType (57.53s)
=== RUN TestAccAWSEBSVolume_updateIops
--- PASS: TestAccAWSEBSVolume_updateIops (53.63s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 164.753s
```
This extends the work in #11668 to enable final snapshots by default.
This time it's for redshift
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftCluster_withFinalSnapshot'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/04 13:53:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftCluster_withFinalSnapshot -timeout 120m
=== RUN TestAccAWSRedshiftCluster_withFinalSnapshot
--- PASS: TestAccAWSRedshiftCluster_withFinalSnapshot (859.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 859.986s
```
If we get `InvalidParameterException` with the message "Could not deliver test
message to specified" then retry as this is often down to some sort of internal
delay in Amazons API. Also increase the timeout from 30 seconds to 3 minutes as
it has been observed to take that long sometimes for the creation to succeed.
This applies to both log destinations and subscription filters.
We now enable the final_snapshot of aws_rds_cluster by default. This is
a continuation of the work in #11668
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSCluster_takeFinalSnapshot'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/04 13:19:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSCluster_takeFinalSnapshot -timeout 120m
=== RUN TestAccAWSRDSCluster_takeFinalSnapshot
--- PASS: TestAccAWSRDSCluster_takeFinalSnapshot (141.59s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 141.609s
```
Validate the policy supplied via `assume_role_policy` in an `aws_iam_role`
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRole_badJSON'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 14:13:47 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRole_badJSON -timeout 120m
=== RUN TestAccAWSRole_badJSON
--- PASS: TestAccAWSRole_badJSON (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.019s
```
Introduced in #11369, this fixes an issue with the diff suppress function when creating a new `aws_db_instance` resource, while using the default `engine_version`.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_diffSuppressInitialState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/13 11:52:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBInstance_diffSuppressInitialState -timeout 120m
=== RUN TestAccAWSDBInstance_diffSuppressInitialState
--- PASS: TestAccAWSDBInstance_diffSuppressInitialState (480.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 480.793s
```
A security_group_rule can also be created from a `prefix_list_id`.
Introduced in #11809
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroupRule_PrefixListEgress'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/10 12:41:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroupRule_PrefixListEgress -timeout 120m
=== RUN TestAccAWSSecurityGroupRule_PrefixListEgress
--- PASS: TestAccAWSSecurityGroupRule_PrefixListEgress (33.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 33.970s
```
* provider/aws: output the log group name when create fails
* adjusted formatting to match other error output
* fixup detailed error message for ResourceAlreadyExistsException
* forgot an import
* show the log group name regardless of error type
Previously the AMI creation accepted a static value for the AMI's block device's volume size.
This change allows the user to omit the `volume_size` attribute, in order to mimic the AWS API behavior, which will use the EBS Volume's size.
Also fixes a potential panic case when setting `iops` on the AMI's block device.
The `aws_ami` resource previously didn't have any acceptance tests, adds two acceptance tests and a full testing suite for the `aws_ami` resource, so further tests can be written, as well as expansion upon the other `aws_ami_*` acceptance tests
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMI_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 20:18:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMI_ -timeout 120m
=== RUN TestAccAWSAMI_basic
--- PASS: TestAccAWSAMI_basic (44.21s)
=== RUN TestAccAWSAMI_snapshotSize
--- PASS: TestAccAWSAMI_snapshotSize (45.08s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 89.320s
```
Allows redshift security group tests to better handle being ran in parallel.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:40:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftSecurityGroup_ -timeout 120m
=== RUN TestAccAWSRedshiftSecurityGroup_importBasic
--- PASS: TestAccAWSRedshiftSecurityGroup_importBasic (12.98s)
=== RUN TestAccAWSRedshiftSecurityGroup_ingressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressCidr (11.02s)
=== RUN TestAccAWSRedshiftSecurityGroup_updateIngressCidr
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressCidr (32.81s)
=== RUN TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup (14.82s)
=== RUN TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup
--- PASS: TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup (37.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 109.090s
```
Allows the redshift parameter group acceptance tests handle being ran in parallel better
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftParameterGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:16:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftParameterGroup_ -timeout 120m
=== RUN TestAccAWSRedshiftParameterGroup_importBasic
--- PASS: TestAccAWSRedshiftParameterGroup_importBasic (15.17s)
=== RUN TestAccAWSRedshiftParameterGroup_withParameters
--- PASS: TestAccAWSRedshiftParameterGroup_withParameters (13.16s)
=== RUN TestAccAWSRedshiftParameterGroup_withoutParameters
--- PASS: TestAccAWSRedshiftParameterGroup_withoutParameters (12.58s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.940s
```
Updates the aws_elb acceptance tests to better handle parallel test runs
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLoadBalancerPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 10:04:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLoadBalancerPolicy_ -timeout 120m
=== RUN TestAccAWSLoadBalancerPolicy_basic
--- PASS: TestAccAWSLoadBalancerPolicy_basic (24.50s)
=== RUN TestAccAWSLoadBalancerPolicy_updateWhileAssigned
--- PASS: TestAccAWSLoadBalancerPolicy_updateWhileAssigned (42.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 66.866s
```
When ran in parallel the tests `TestAccAwsEcsTaskDefinition_withNetwork` and `TestAccAwsEcsTaskDefinition_withTask` will overlap with each other due to the shared naming of the `iam_role` resource.
This fixes these tests to allow running in parallel on TeamCity.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsEcsTaskDefinition_withTask'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:20:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsEcsTaskDefinition_withTask -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.022s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsEcsTaskDefinition_withNetwork'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:21:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsEcsTaskDefinition_withNetwork -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.026s
```
Fixes the `TestAccAwsAPIGatewayMethod_customauthorizer` acceptance test which would previously fail if the iam_role resources would leak
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAPIGatewayMethod_customauthorizer'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/09 09:10:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAwsAPIGatewayMethod_customauthorizer -timeout 120m
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.022s
```
An AWS Security Group Rule requires at least one of `cidr_blocks`, `self`, or `source_security_group_id` in order to be successfully created.
If the `aws_security_group_rule` doesn't contain one of these attributes, the AWS API will still return a `200` response, and not report any error in the response.
Example response from the API on a malformed submission:
```
2017/02/08 16:04:33 [DEBUG] plugin: terraform: -----------------------------------------------------
2017/02/08 16:04:33 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/08 16:04:33 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/AuthorizeSecurityGroupIngress Details:
2017/02/08 16:04:33 [DEBUG] plugin: terraform: ---[ RESPONSE ]--------------------------------------
2017/02/08 16:04:33 [DEBUG] plugin: terraform: HTTP/1.1 200 OK
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Connection: close
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Transfer-Encoding: chunked
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Content-Type: text/xml;charset=UTF-8
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Date: Wed, 08 Feb 2017 21:04:33 GMT
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Server: AmazonEC2
2017/02/08 16:04:33 [DEBUG] plugin: terraform: Vary: Accept-Encoding
2017/02/08 16:04:33 [DEBUG] plugin: terraform:
2017/02/08 16:04:33 [DEBUG] plugin: terraform: 102
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <?xml version="1.0" encoding="UTF-8"?>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <requestId>ac08c33f-8043-46d4-b637-4c4b2fc7a094</requestId>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: <return>true</return>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: </AuthorizeSecurityGroupIngressResponse>
2017/02/08 16:04:33 [DEBUG] plugin: terraform: 0
2017/02/08 16:04:33 [DEBUG] plugin: terraform:
2017/02/08 16:04:33 [DEBUG] plugin: terraform:
2017/02/08 16:04:33 [DEBUG] plugin: terraform: -----------------------------------------------------
```
This previously caused Terraform to wait until the security_group_rule propagated, which never happened due to the silent failure.
The changeset ensures that one of the required attributes are set prior to creating the aws_security_group_rule.
Also catches the error returned from the retry function. Previously the error was ignored, and only logged at the `DEBUG` level.
Previously, an `aws_rds_cluster` that contains active instance groups would timeout on a destroy, if the destroy was able to only target the rds_cluster and not include the instance groups.
This would result in a `400` response from AWS, and Terraform would sit in a wait-loop until a 15-minute timeout while waiting for the cluster to be destroyed.
This catches the error returned from the `DeleteDBCluster` function call such that the proper error case can be returned to the user.
`400` from the AWS API:
```
2017/02/08 13:40:47 [DEBUG] plugin: terraform: ---[ RESPONSE ]--------------------------------------
2017/02/08 13:40:47 [DEBUG] plugin: terraform: HTTP/1.1 400 Bad Request
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Connection: close
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Content-Length: 337
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Content-Type: text/xml
2017/02/08 13:40:47 [DEBUG] plugin: terraform: Date: Wed, 08 Feb 2017 18:40:46 GMT
2017/02/08 13:40:47 [DEBUG] plugin: terraform: X-Amzn-Requestid: 1b4a76cc-ee2e-11e6-867d-2311ebaffd3e
2017/02/08 13:40:47 [DEBUG] plugin: terraform:
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <ErrorResponse xmlns="http://rds.amazonaws.com/doc/2014-10-31/">
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Error>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Type>Sender</Type>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Code>InvalidDBClusterStateFault</Code>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <Message>Cluster cannot be deleted, it still contains DB instances in non-deleting state.</Message>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: </Error>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: <RequestId>1b4a76cc-ee2e-11e6-867d-2311ebaffd3e</RequestId>
2017/02/08 13:40:47 [DEBUG] plugin: terraform: </ErrorResponse>
2017/02/08 13:40:47 [DEBUG] plugin: terraform:
2017/02/08 13:40:47 [DEBUG] plugin: terraform: -----------------------------------------------------
```
Error returns now, as expected:
```
Error applying plan:
2017/02/08 13:40:47 [DEBUG] plugin: waiting for all plugin processes to complete...
1 error(s) occurred:
* aws_rds_cluster.jake (destroy): 1 error(s) occurred:
2017/02/08 13:40:47 [DEBUG] plugin: terraform: aws-provider (internal) 2017/02/08 13:40:47 [DEBUG] plugin: waiting for all plugin processes to complete...
* aws_rds_cluster.jake: RDS Cluster cannot be deleted: Cluster cannot be deleted, it still contains DB instances in non-deleting state.
```
Found in testing that a timeout of 30 seconds didn't allow for the error
message that codebuild wasn't supported in eu-west-2
Discussed this with @radeksimko and he suggested a timeout raise
Previously the db_event_subscription import would only work if there was a single db_event_subscription resource. This fixes the import, allowing it to work as expected.
Also fixes the acceptance test for the resource to reflect this.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/07 10:38:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBEventSubscription_importBasic -timeout 120m
=== RUN TestAccAWSDBEventSubscription_importBasic
--- PASS: TestAccAWSDBEventSubscription_importBasic (633.33s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 633.353s
```
Fixes the `TestAccAWSDBEventSubscription_basicUpdate` acceptance test
`TestAccAWSDBEventSubscription_importBasic` is still failing, but has been failing since November.
Discovered after #11619 was fixed, and while fixing acceptance tests for the `aws_spot_instance_request` resource.
Previously the `aws_spot_instance_request` resource wouldn't populate any of the block device attributes from the resulting instance's metadata. This fixes that issue, and also fixes the `aws_spot_instance_request` acceptance tests to be more equipped for running in parallel.
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotInstanceRequest_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/02 18:02:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotInstanceRequest_ -timeout 120m
=== RUN TestAccAWSSpotInstanceRequest_basic
--- PASS: TestAccAWSSpotInstanceRequest_basic (111.96s)
=== RUN TestAccAWSSpotInstanceRequest_withBlockDuration
--- PASS: TestAccAWSSpotInstanceRequest_withBlockDuration (105.12s)
=== RUN TestAccAWSSpotInstanceRequest_vpc
--- PASS: TestAccAWSSpotInstanceRequest_vpc (115.81s)
=== RUN TestAccAWSSpotInstanceRequest_SubnetAndSG
--- PASS: TestAccAWSSpotInstanceRequest_SubnetAndSG (130.46s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 463.377s
```
Better handle parallel testing of the `aws_spot_fleet_request` resource. Previously we were catching a lot of errors due to naming the policy_attachment resource the same between tests.
* Add aws dms vendoring
* Add aws dms endpoint resource
* Add aws dms replication instance resource
* Add aws dms replication subnet group resource
* Add aws dms replication task resource
* Fix aws dms resource go vet errors
* Review fixes: Add id validators for all resources. Add validator for endpoint engine_name.
* Add aws dms resources to importability list
* Review fixes: Add aws dms iam role dependencies to test cases
* Review fixes: Adjustments for handling input values
* Add aws dms replication subnet group tagging
* Fix aws dms subnet group doesn't use standard error for resource not found
* Missed update of aws dms vendored version
* Add aws dms certificate resource
* Update aws dms resources to force new for immutable attributes
* Fix tests failing on subnet deletion by adding explicit dependencies. Combine import tests with basic tests to cut down runtime.
* provider/aws: Update Application Auto Scaling service model
- Add support for automatically scaling an Amazon EC2 Spot fleet.
* Remove duplicate policy_type check.
* Test creating a scalable target for a splot fleet request.
* Test creating a scaling policy for a splot fleet request.
* Update resource docs to support scaling an Amazon EC2 Spot fleet.
- aws_appautoscaling_policy
- aws_appautoscaling_target
* Remove arn attribute from aws_appautoscaling_target
- No arn is generated or returned for this resource.
* Remove optional name attribute from aws_appautoscaling_target
- ScalableTargets do not have a name
- I think this was copied from aws_appautoscaling_policy
* AWS Application Autoscaling resource documentation tweaks
- include a target resource in the policy example
- sort attributes by alpha
- fixup markdown
- add spaces to test config
Previously the `root_block_device` config map was a `schema.TypeSet` with an empty `Set` function, and a hard-limit of 1 on the attribute block.
This prevented a user from making any real changes inside the attribute block, thus leaving the user with a `Apply complete!` message, and nothing changed.
The schema API has since been updated, and we can now specify the `root_block_device` as a `schema.TypeList` with `MaxItems` set to `1`. This fixes the issue, and allows the user to update the `aws_instance`'s `root_block_device` attribute, and see changes actually propagate.
Adds tag support to the `aws_dynamodb_table` resource. Also adds a test for the resource, and a test to ensure that the tags are populated correctly from a resource import.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDynamoDBTable_tags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 15:35:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDynamoDBTable_tags -timeout 120m
=== RUN TestAccAWSDynamoDBTable_tags
--- PASS: TestAccAWSDynamoDBTable_tags (28.69s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.713s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDynamoDbTable_importTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 15:39:49 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDynamoDbTable_importTags -timeout 120m
=== RUN TestAccAWSDynamoDbTable_importTags
--- PASS: TestAccAWSDynamoDbTable_importTags (30.62s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 30.645s
```
I believe that if no VPC Endpoints were returned from the AWS API, we
were not guarding against a panic. We were strill trying to inspect the
RouteTableIds. This commit will ensure that no errors are thrown before
trying to use the RouteTableIds
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpcEndpointRouteTableAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 18:06:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpcEndpointRouteTableAssociation_ -timeout 120m
=== RUN TestAccAWSVpcEndpointRouteTableAssociation_basic
--- PASS: TestAccAWSVpcEndpointRouteTableAssociation_basic (42.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 42.859s
```
Fixes the beanstalk env tests such that they can run in parallel better. Previously, only the beanstalk application was randomized, now the beanstalk environment is also randomized to help better facilitate running our tests in parallel.
```
=== RUN TestAccAWSBeanstalkEnv_outputs
--- PASS: TestAccAWSBeanstalkEnv_outputs (388.74s)
=== RUN TestAccAWSBeanstalkEnv_cname_prefix
--- PASS: TestAccAWSBeanstalkEnv_cname_prefix (386.78s)
=== RUN TestAccAWSBeanstalkEnv_config
--- PASS: TestAccAWSBeanstalkEnv_config (532.56s)
=== RUN TestAccAWSBeanstalkEnv_resource
--- PASS: TestAccAWSBeanstalkEnv_resource (420.47s)
=== RUN TestAccAWSBeanstalkEnv_vpc
--- PASS: TestAccAWSBeanstalkEnv_vpc (516.02s)
=== RUN TestAccAWSBeanstalkEnv_template_change
--- PASS: TestAccAWSBeanstalkEnv_template_change (623.38s)
=== RUN TestAccAWSBeanstalkEnv_basic_settings_update
--- PASS: TestAccAWSBeanstalkEnv_basic_settings_update (705.32s)
```
If an `aws_volume_attachment` is identical to one that already exists in
the API, don't attempt to re-create it (which fails), simply act as
though the creation command had already been run and continue.
This allows Terraform to cleanly recover from a situation where a volume
attachment action hangs indefinitely, possibly due to a bad instance
state, requiring manual intervention such as an instance reboot. In such
a situation, Terraform believes the attachment has failed, when in fact
it succeeded after the timeout had expired. On the subsequent retry run,
attempting to re-create the attachment will fail outright, due to the
AttachVolume API call being non-idempotent. This patch implements the
idempotency client-side by matching the (name, vID, iID) tuple.
Note that volume attachments are not assigned an ID by the API.
message
Fixes: #11568
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSCluster_missingUserNameCausesError'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/02/01 12:11:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSCluster_missingUserNameCausesError -timeout 120m
=== RUN TestAccAWSRDSCluster_missingUserNameCausesError
--- PASS: TestAccAWSRDSCluster_missingUserNameCausesError (3.22s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 3.243s
```
The error message for a required parameter being missing has a wrong parameter baked into it. Therefore, when the error message tried to fire, it was throwing a panic. Added a test to make sure that we know the condition still fires and with a correct message
Fixes: #11549
When a user passes the wrong argument to a route53_record import, they
got a crash. This was because we expected the ID to parse correctly. The
crash looked like this:
```
% terraform import aws_route53_record.import1 mike.westredd.com
aws_route53_record.import1: Importing from ID "mike.westredd.com"...
aws_route53_record.import1: Import complete!
Imported aws_route53_record (ID: mike.westredd.com)
aws_route53_record.import1: Refreshing state... (ID: mike.westredd.com)
Error importing: 1 error(s) occurred:
* aws_route53_record.import1: unexpected EOF
panic: runtime error: index out of range
```
Rather than throwing a panic to the user, we should present them with a more useful message that tells them what the error is:
```
% terraform import aws_route53_record.import mike.westredd.com
aws_route53_record.import: Importing from ID "mike.westredd.com"...
aws_route53_record.import: Import complete!
Imported aws_route53_record (ID: mike.westredd.com)
aws_route53_record.import: Refreshing state... (ID: mike.westredd.com)
Error importing: 1 error(s) occurred:
* aws_route53_record.import: Error Importing aws_route_53 record. Please make sure the record ID is in the form ZONEID_RECORDNAME_TYPE (i.e. Z4KAPRWWNC7JR_dev_A
```
At least they can work out what the problem is in this case
The `aws_availability_zones` data source test was panicking. This fixes both tests
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAvailabilityZones'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/31 15:47:39 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAvailabilityZones -timeout 120m
=== RUN TestAccAWSAvailabilityZones_basic
--- PASS: TestAccAWSAvailabilityZones_basic (12.56s)
=== RUN TestAccAWSAvailabilityZones_stateFilter
--- PASS: TestAccAWSAvailabilityZones_stateFilter (13.59s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 26.187s
```
* Added Step Function Activity & Step Function State Machine
* Added SFN State Machine documentation
* Added aws_sfn_activity & documentation
* Allowed import of sfn resources
* Added more checks on tests, fixed documentation
* Handled the update case of a SFN function (might be already deleting)
* Removed the State Machine import test file
* Fixed the eventual consistency of the read after delete for SFN functions
The API asks you to send lower case values, but returns uppercase ones.
Here we lowercase the returned API values.
There is no migration here because the field in question is nested in a
set, so the hash will change regardless. Anyone using this feature now
has it broken anyway.
Fixes 2 acceptance tests for the `aws_instance` data source
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstanceDataSource_SecurityGroups'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/31 12:12:15 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstanceDataSource_SecurityGroups -timeout 120m
=== RUN TestAccAWSInstanceDataSource_SecurityGroups
--- PASS: TestAccAWSInstanceDataSource_SecurityGroups (119.14s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 119.172s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstanceDataSource_tags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/31 12:15:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstanceDataSource_tags -timeout 120m
=== RUN TestAccAWSInstanceDataSource_tags
--- PASS: TestAccAWSInstanceDataSource_tags (118.87s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 118.900s
```
* added server_side_encryption to s3_bucket_object resource including associated acceptance test and documentation.
* got acceptance tests passing.
* made server_side_encryption a computed attribute and only set kms_key_id attribute if an S3 non-default master key is in use.
* ensured kms api is only interrogated if required.
Fixes `aws_rds_cluster_parameter_group` acceptance tests, which have been broken since aa8c2ac587
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroupOnly'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:20:38 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroupOnly -timeout 120m
=== RUN TestAccAWSDBClusterParameterGroupOnly
--- PASS: TestAccAWSDBClusterParameterGroupOnly (15.26s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 15.282s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:22:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroup_basic -timeout 120m
=== RUN TestAccAWSDBClusterParameterGroup_basic
--- PASS: TestAccAWSDBClusterParameterGroup_basic (29.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 29.510s
```
Fixes `aws_cloudwatch_log_subscription_filter` acceptance tests that had been failing since mid December
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudwatchLogSubscriptionFilter_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:00:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudwatchLogSubscriptionFilter_basic -timeout 120m
=== RUN TestAccAWSCloudwatchLogSubscriptionFilter_basic
--- PASS: TestAccAWSCloudwatchLogSubscriptionFilter_basic (26.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 26.364s
```
Implementing vpc_peering_connection_accept.
Additions from @ewbankkit:
Rename 'aws_vpc_peering_connection_accept' to 'aws_vpc_peering_connection_accepter'.
Get it working reusing functionality from 'aws_vpc_peering_connection' resource.
* Add a new data provider to decrypt AWS KMS secrets
* Address feedback
* Rename aws_kms_secrets to aws_kms_secret
* Add more examples to the documentation
Fixes: #11461
This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
According to https://github.com/hashicorp/errwrap
'{{err}}' has to be used instead of '%s'
Without this patch, error output from terraform is missing important information:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: %s
With this patch, I get the important information. E.g.:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: AccessDeniedException: User: arn:aws:sts::XYZ:assumed-role/AAA-BBB-CCC/terraform-assuming-role-assume-role-ReadOnly is not authorized to perform: logs:ListTagsLogGroup on resource: arn:aws:logs:us-east-1:XYZ:log-group:logs:log-stream:
Allows the user to import a default aws_alb_listener_rule. When creating the resource with TF, the AWS API requires that `priority` be an integer.
However, the `DescribeRules` API call returns a string for `priority`. This would work in every case except for the `default` listener rule, which sets the `priority` value to the string "default".
This fixes the previous error:
```
Error importing: 1 error(s) occurred:
* aws_alb_listener_rule.test: Cannot convert rule priority %q to int: strconv.ParseInt: parsing "default": invalid syntax
```
Fixes: #11464
Previously an attempt to destroy a LB stickiness policy would
result in an error like this:
```
* aws_lb_cookie_stickiness_policy.foo: Error removing LBCookieStickinessPolicy: LoadBalancerNotFound: There is no ACTIVE Load Balancer named 'tf-test-lb-tqatd'
status code: 400, request id: 28af1167-e4a4-11e6-8ddd-57ba410cbbb6
```
This checks for a missing load balancer on the policy read and allows
the destroy.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLBCookieStickinessPolicy_missingLB'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/27 07:21:11 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLBCookieStickinessPolicy_missingLB -timeout 120m
=== RUN TestAccAWSLBCookieStickinessPolicy_missingLB
--- PASS: TestAccAWSLBCookieStickinessPolicy_missingLB (28.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.929s
```