Commit Graph

63 Commits

Author SHA1 Message Date
Puneeth Nanjundaswamy 4d7c0d4924 fix aws cidr validation error (#15158) 2017-06-09 13:38:34 +03:00
Paul Morton e4899de13e provider/aws: New SSM Parameter resource (#15035)
* New SSM Parameter resource

Can be used for creating parameters in AWS' SSM Parameter Store that can then be used by other applications that have access to AWS and necessary IAM permissions.

* Add docs for new SSM Parameter resource

* Code Review and Bug Hunt and KMS Key
- Addressed all issues in #14043
- Added ForceNew directive to type
- Added the ability to specify a KMS key for encryption and decryption

* Add SSM Parameter Data Source

* Fix bad merge

* Fix SSM Parameter Integration Tests

* docs/aws: Fix typo in SSM sidebar link
2017-06-06 09:55:25 +01:00
Nick Johnstone ab7cbb1cf9 Fix typo in validators.go (#14900)
s/conatains/contains
2017-05-29 06:07:44 +01:00
Jake Champlin 96e83817ef
provider/aws: validation: Add validation function for IAM Policies
The previous JSON validator that we were using for IAM policy documents wouldn't catch AWS IAM Policy errors.
The supplied policy document would pass our validator, then fail with the following API error:

```
 * aws_iam_role_policy.foo: Error putting IAM role policy tf_test_policy_ymw7hbil9w: MalformedPolicyDocument: The policy failed legacy parsing
                        status code: 400, request id: e7615d90-3c99-11e7-babc-c14e741605bf
```

This happens if the Policy Document doesn't start with the opening JSON bracket, and often happens in the following case:

```
policy = <<EOF
  {
      "Version": "2012-10-17",
      "Statement": [
          {
            ...
          }
      ]
  }
  EOF
```

Where, when using a HEREDOC, the policy document is indented incorrectly.

The new validation function for the IAM policies verifies that the first character of the supplied policy document is the leading JSON bracket, prior to validating the JSON string.

Test Output:

```
$ make test TEST=./builtin/providers/aws/ TESTARGS="-v -run=TestValidateIAMPolicyJsonString"
==> Checking that code complies with gofmt requirements...
==> Checking AWS provider for unchecked errors...
==> NOTE: at this time we only look for uncheck errors in the AWS package
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:56:32 Generated command/internal_plugin_list.go
go test -i ./builtin/providers/aws/ || exit 1
echo ./builtin/providers/aws/ | \
        xargs -t -n4 go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4
go test -v -run=TestValidateIAMPolicyJsonString -timeout=60s -parallel=4 ./builtin/providers/aws/
=== RUN   TestValidateIAMPolicyJsonString
--- PASS: TestValidateIAMPolicyJsonString (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    0.009s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSPolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 10:38:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSPolicy_ -timeout 120m
=== RUN   TestAWSPolicy_namePrefix
--- PASS: TestAWSPolicy_namePrefix (20.01s)
=== RUN   TestAWSPolicy_invalidJson
--- PASS: TestAWSPolicy_invalidJson (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    20.027s
```

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMRolePolicy_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/19 11:02:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMRolePolicy_ -timeout 120m
=== RUN   TestAccAWSIAMRolePolicy_importBasic
--- PASS: TestAccAWSIAMRolePolicy_importBasic (18.45s)
=== RUN   TestAccAWSIAMRolePolicy_basic
--- PASS: TestAccAWSIAMRolePolicy_basic (35.92s)
=== RUN   TestAccAWSIAMRolePolicy_namePrefix
--- PASS: TestAccAWSIAMRolePolicy_namePrefix (14.78s)
=== RUN   TestAccAWSIAMRolePolicy_generatedName
--- PASS: TestAccAWSIAMRolePolicy_generatedName (20.20s)
=== RUN   TestAccAWSIAMRolePolicy_invalidJSON
--- PASS: TestAccAWSIAMRolePolicy_invalidJSON (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    89.363s
```
2017-05-19 11:11:44 -04:00
Clint 24e00af217 provider/aws: Force lowercasing for DB Option group name or name_prefix (#14366) 2017-05-10 15:42:10 -05:00
Graham Davison 7ad0cdd8b0 Allows zero-value ELB and ALB names 2017-05-08 23:06:59 -07:00
Jake Champlin 00de514749 Merge pull request #14256 from alexwlchan/fix-error-message
Improve the wording of an error message
2017-05-05 17:15:09 -04:00
Alex Chan 8b22a85736
Improve the wording of an error message 2017-05-05 22:00:42 +01:00
Gauthier Wallet c8ce9883bb provider/aws: Improved IAM Role description tests (#14220) 2017-05-05 17:03:59 +03:00
Tom Elliff 18c6c3b47b Validate WAF metric names
WAF metric names must be alphanumeric only.
See http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-rules.html#web-acl-rules-creating and
http://docs.aws.amazon.com/waf/latest/developerguide/web-acl-working-with.html#web-acl-creating
2017-04-23 21:46:39 +01:00
Gauthier Wallet 80d940d154 provider/aws: Added Cognito Identity Pool (#13783) 2017-04-21 12:53:48 +03:00
KOJIMA Kazunori 47d255f943 provider/aws: Add aws_kms_alias datasource (#13669) 2017-04-18 15:29:14 +03:00
Paul Hinze 193c0d80ad
provider/aws: Validate GovCloud KMS ARNs
Fixes validation errors in GovCloud when passing a KMS ARN for
`kms_key_id` in `s3_bucket_object` and `db_instance`.

The region is `us-gov-west-1` which breaks the regexp. Just added the
optional `gov-` in the right place.
2017-04-16 22:35:09 -07:00
Joshua Spence 8d5fdeae57 Add `name_prefix` support to `aws_cloudwatch_log_group` (#13273) 2017-04-17 01:50:52 +03:00
Paul Stack 3574052c8a provider/aws: Add support for EMR clusters to aws_appautoscaling_target (#13368)
```

```
2017-04-10 21:46:51 +03:00
Radek Simko 668a09aa00
provider/aws: Add diff suppression & validation for OpenID URL 2017-04-07 22:15:35 +01:00
Joshua Spence 488711afef Add `name_prefix` to `aws_alb_target_group` (#13442)
Adds the `name_prefix` parameter to the `aws_alb_target_group` resource.
2017-04-07 18:09:51 +03:00
Joshua Spence d25c310468 Add `name_prefix` to RDS resources (#13232)
Adds `name_prefix` (or, in some cases, `identifier_prefix`) support to all AWS RDS resources.
2017-03-31 20:22:57 +03:00
Gauthier Wallet 23ebd0b972 Allow get/set of aws_api_gateway_api_key value attribute (#9462) 2017-03-20 14:08:37 +00:00
Joshua Spence f40997988e Add `name_prefix` to `aws_autoscaling_group` and `aws_elb` resources (#12629)
Adds support for `name_prefix` to the `aws_autoscaling_group` and `aws_elb` resources. Unfortunately when using `name_prefix` with `aws_elb`, this means that the specified prefix can only be a maximum of 6 characters in length. This is because the maximum length for an ELB name is 32 characters, and `resource.PrefixedUniqueId` generates a 26-character unique identifier. I was considering truncating the unique identifier to allow for a longer `name_prefix`, but I worried that doing so would increase the risk of collisions.
2017-03-20 13:06:45 +00:00
Gauthier Wallet 323f646b42 provider/aws: Added API Gateway Usage Plan (#12542)
* Added api_gateway_usage_plan

* Updated documentation

* Fixed AWS usage plan review points
2017-03-18 14:18:19 +00:00
Joshua Spence b823033514 Allow `name_prefix` to be used with various IAM resources (#12658)
Adds the `name_prefix` to `aws_iam_group_policy`, `aws_iam_role_policy` and `aws_iam_user_policy`.
2017-03-17 16:48:42 +00:00
Matt Dainty c5ea37c0ee Add `aws_iam_account_alias` resource (#12648) 2017-03-14 15:35:38 +02:00
Ben Lau ae2d7f7065 what was the value of the cluster id which caused the problem 2017-02-22 17:26:53 -08:00
Radek Simko c6b21d853a Merge pull request #5850 from TimeIncOSS/f-aws-config
provider/aws: Add support for AWSConfig service
2017-02-13 15:07:15 +00:00
Radek Simko 1fdd52ea20
provider/aws: Add aws_config_config_rule 2017-02-13 14:01:30 +00:00
Xavier Sellier dbe647dd56 Add epsilon to the regex date validation 2017-02-03 13:52:22 -05:00
stack72 c8a2d40c82
provider/aws: Fixing a merge conflict issue in validators.go 2017-02-02 10:30:41 +00:00
Jack Bruno be56c7d2f6 provider/aws: Add AWS DMS (data migration service) resources (#11122)
* Add aws dms vendoring

* Add aws dms endpoint resource

* Add aws dms replication instance resource

* Add aws dms replication subnet group resource

* Add aws dms replication task resource

* Fix aws dms resource go vet errors

* Review fixes: Add id validators for all resources. Add validator for endpoint engine_name.

* Add aws dms resources to importability list

* Review fixes: Add aws dms iam role dependencies to test cases

* Review fixes: Adjustments for handling input values

* Add aws dms replication subnet group tagging

* Fix aws dms subnet group doesn't use standard error for resource not found

* Missed update of aws dms vendored version

* Add aws dms certificate resource

* Update aws dms resources to force new for immutable attributes

* Fix tests failing on subnet deletion by adding explicit dependencies. Combine import tests with basic tests to cut down runtime.
2017-02-02 10:30:05 +00:00
Raymond Fallon b30ef0f58d Update Application Auto Scaling to support scaling an Amazon EC2 Spot fleet. (#8697)
* provider/aws: Update Application Auto Scaling service model

  - Add support for automatically scaling an Amazon EC2 Spot fleet.

* Remove duplicate policy_type check.

* Test creating a scalable target for a splot fleet request.

* Test creating a scaling policy for a splot fleet request.

* Update resource docs to support scaling an Amazon EC2 Spot fleet.

  - aws_appautoscaling_policy
  - aws_appautoscaling_target

* Remove arn attribute from aws_appautoscaling_target

  - No arn is generated or returned for this resource.

* Remove optional name attribute from aws_appautoscaling_target

  - ScalableTargets do not have a name
  - I think this was copied from aws_appautoscaling_policy

* AWS Application Autoscaling resource documentation tweaks

  - include a target resource in the policy example
  - sort attributes by alpha
  - fixup markdown
  - add spaces to test config
2017-02-02 09:39:22 +00:00
Gauthier Wallet 4da1451971 Added Step Function resources (State Machine & Activity) (#11420)
* Added Step Function Activity & Step Function State Machine

* Added SFN State Machine documentation

* Added aws_sfn_activity & documentation

* Allowed import of sfn resources

* Added more checks on tests, fixed documentation

* Handled the update case of a SFN function (might be already deleting)

* Removed the State Machine import test file

* Fixed the eventual consistency of the read after delete for SFN functions
2017-01-31 20:17:38 +00:00
Jake Champlin 0cd69d2101 Merge pull request #11411 from hashicorp/f-emr-instance-ebs-volumes
provider/aws: Add EBS Volume support for EMR Instance Groups
2017-01-27 09:57:28 -05:00
Jake Champlin a60f35e694
provider/aws: Add EBS Volume support for EMR Instance Groups
Adds EBS Volume support and tests for EMR Instnace Groups

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEMRInstanceGroup_ebsBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/25 10:14:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEMRInstanceGroup_ebsBasic -timeout 120m
=== RUN   TestAccAWSEMRInstanceGroup_ebsBasic
--- PASS: TestAccAWSEMRInstanceGroup_ebsBasic (675.14s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    675.171s
```
2017-01-25 10:29:41 -05:00
Brad Larson c5c2d27e25 Fix: Incorrect AWS Lambda Qualifier Regexp
Type of change:
===============
- Bug fix

What changed? ... and Why:
==========================
The regexp is currently set to:
`pattern := `^[a-zA-Z0-9$_]+$`

The AWS docs state that qualifer names must conform to the following
regexp:
`Pattern: (|[a-zA-Z0-9$_-]+)`

As you can see, the current regexp in Terraform is missing the `-` at
the end.

This addresses that.

How has it been tested?
=======================
Added a few test cases to the existing spec for `AwsLambdaQualifier`
validation.
2017-01-24 15:57:57 +00:00
Jake Champlin 8159731c91
provider/aws: Allow ARN identifier to be set
Allows users from govcloud and other regions (aws-cn) to now use the following resources correctly:

```
- data "aws_billing_service_account"
- data "aws_elb_service_account"
- resource "aws_cloudfront_origin_access_identity"
- resource "aws_ecs_service"
- resource "aws_iam_saml_provider"
- resource "aws_lambda_permission"
- resource "aws_sns_topic_policy"
```
2017-01-23 11:30:28 -05:00
Jake Champlin b9ade93a48 Merge pull request #11298 from hashicorp/f-update-ecs-definitions-constraints
provider/aws: Update ECS task_definition and service
2017-01-20 17:34:10 -05:00
Dylan Vaughn 2aca4a4d99 provider/aws: CloudFormation YAML template support (#11121) 2017-01-20 14:00:32 +00:00
Jake Champlin 5276496e6d
provider/aws: Update ECS task_definition and service
Updates ECS task_definition documentation, and schema validation functions to match the AWS API documentation.

Updates ECS service documentation, and schema validation functions match the AWS API documentation.
2017-01-19 17:54:52 -05:00
Jake Champlin 1955ac38bc
provider/aws: Route53 Record: Add Type validation
Adds validation for the `type` parameter of an `aws_route53_record` resource.

This will allow Terraform to catch any user errors of a `type` parameter during a `terraform plan` instead of during a `terraform apply`.

Fixes: #11114
2017-01-09 15:45:26 -05:00
Kazuma Watanabe c560c72e58 provider/aws: Validate window time format (#11089)
* create window format validate function

* apply ValidateFunc for window time format
2017-01-09 13:12:07 +00:00
Ninir d126570712 provider/aws: Added a validation for security group rule types (#10864) 2016-12-30 00:26:01 +00:00
Ninir 5dbc66012e provider/aws: Reworked validateArn function to handle empty values (#10833) 2016-12-27 20:52:22 +00:00
Jonathan Mettes 0e6b2a4f9f Add support for binary media type to AWS API Gateway 2016-12-16 02:14:29 +00:00
Ninir 99be2d3280 provider/aws: Improved the SNS topic subscription protocols validation 2016-12-13 17:54:52 +01:00
Ninir fc5b05ebc1 provider/aws: Added SQS FIFO queues (#10614) 2016-12-12 17:40:59 +00:00
Ninir 29f8af16a1 provider/aws: Added S3 Bucket replication (#10552) 2016-12-08 11:59:13 +01:00
Krzysztof Wilczynski 6393ad743f Add missing unit test and re-factor for clarity.
This commit adds a missing unit test for the API Gateway integration type
attribute validation helper, plus changes the way how value is inspected
to a simple lookup table. Additionally, changes the wording of the error
message, and adds invalid test cases to the HTTP method validation helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-11 08:17:05 -05:00
Krzysztof Wilczynski 1260b3a9b5
Add new "ANY" as valid HTTP method to API Gateway validator.
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-06 16:11:45 +01:00
Michael Henry ad8bff98bb Extract integration type validator 2016-10-04 12:51:18 -04:00
Krzysztof Wilczynski 5697a52b4f [WIP] provider/aws: Add normalizeJsonString and validateJsonString functions. (#8028)
* Add normalizeJsonString and validateJsonString functions.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the normalizeJsonString helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Fix. Remove incrrect format string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus type assertion.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the validateJsonStringhelper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus whitespaces.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 19:50:38 +01:00