This commit increases the timeout, delay and minimum timeout values in
order to resolve a timeout potentially occurring when the VPC gateway
is being attached.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.
In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
* provider/aws: Add errcheck to Makefile, error on unchecked errors
* more exceptions
* updates for errcheck to pass
* reformat and spilt out the ignore statements
* narrow down ignores
* fix typo, only ignore Close and Write, instead of close or write
Fixes#8612
The SSL Policy is optional - if you don't add it and create a HTTPS Alb
Listener, AWS will add the policy for you. Without being computed, we
would get a diff
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListener_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 17:16:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListener_
-timeout 120m
=== RUN TestAccAWSALBListener_basic
--- PASS: TestAccAWSALBListener_basic (70.45s)
=== RUN TestAccAWSALBListener_https
--- PASS: TestAccAWSALBListener_https (63.20s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 133.667s
```
The timeout was increased to 40 minutes when creating a new cluster in https://github.com/hashicorp/terraform/pull/8052. However when creating a cluster from a snapshot the timeout is still 15 minutes. I've increased this to 40 minutes.
The librator provider is sometimes throwing errors when trying to delete
a space that is already deleted. The nightly tests shows this error:
```
Error: Error applying: 1 error(s) occurred:
* librato_space.foobar: Error deleting space: DELETE
* https://metrics-api.librato.com/v1/spaces/236303: 404
* Request errors: Not Found,.
```
The Delete func should be aware if the space cannot be deleted as it is
already deleted and not error on this usecase
```
% make testacc TEST=./builtin/providers/librato TESTARGS='-run=Test'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/01 09:24:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/librato -v -run=Test -timeout 120m
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN TestAccLibratoAlert_Basic
--- PASS: TestAccLibratoAlert_Basic (1.52s)
=== RUN TestAccLibratoAlert_Full
--- PASS: TestAccLibratoAlert_Full (2.89s)
=== RUN TestAccLibratoAlert_Updated
--- PASS: TestAccLibratoAlert_Updated (1.76s)
=== RUN TestAccLibratoService_Basic
--- PASS: TestAccLibratoService_Basic (2.09s)
=== RUN TestAccLibratoService_Updated
--- PASS: TestAccLibratoService_Updated (2.73s)
=== RUN TestAccLibratoSpaceChart_Basic
--- PASS: TestAccLibratoSpaceChart_Basic (5.08s)
=== RUN TestAccLibratoSpaceChart_Full
--- PASS: TestAccLibratoSpaceChart_Full (13.06s)
=== RUN TestAccLibratoSpaceChart_Updated
--- PASS: TestAccLibratoSpaceChart_Updated (5.90s)
=== RUN TestAccLibratoSpace_Basic
--- PASS: TestAccLibratoSpace_Basic (4.29s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/librato 39.321s
```
This commit adds a new callback, DiffSuppressFunc, to the schema.Schema
structure. If set for a given schema, a callback to the user-supplied
function will be made for each attribute for which the default
type-based diff mechanism produces an attribute diff. Returning `true`
from the callback will suppress the diff (i.e. pretend there was no
diff), and returning false will retain it as part of the plan.
There are a number of motivating examples for this - one of which is
included as an example:
1. On SSH public keys, trailing whitespace does not matter in many
cases - and in some cases it is added by provider APIs. For
digitalocean_ssh_key resources we previously had a StateFunc that
trimmed the whitespace - we now have a DiffSuppressFunc which
verifies whether the trimmed strings are equivalent.
2. IAM policy equivalence for AWS. A good proportion of AWS issues
relate to IAM policies which have been "normalized" (used loosely)
by the IAM API endpoints. This can make the JSON strings differ
from those generated by iam_policy_document resources or template
files, even though the semantics are the same (for example,
reordering of `bucket-prefix/` and `bucket-prefix/*` in an S3
bucket policy. DiffSupressFunc can be used to test for semantic
equivalence rather than pure text equivalence, but without having to
deal with the complexity associated with a full "provider-land" diff
implementation without helper/schema.
running
Each nightly build was leaving multiple instances running. The issue is
that the IAM role we were using didn't have access to Terminate the EC2
instances
The role was missing the ec2 principle
Set default values of truly optional settings to empty strings rather
than nil, since a nil value triggers prompts for the missing values.
Also:
* Set default Consul address to `localhost:8500`
* Set default scheme to `http`
* Accept `CONSUL_HTTP_SCHEME` for consistency with other env var names
* Actively read ACL token from env vars (vs leaving it to client lib)
Should fix issue #8499
* Handle missing EFS mount target in aws_efs_mount_target.
This commit resolves issue where the EFS mount target would be already
deleted (e.g. it was deleted outside of Terraform, etc.). Also, correct
how values are begin set in the ReadFunc to avoid nil pointer dereference.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add EFS mount target DNS helper function.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add EFS mount target response helper.
This commit adds a helper which can be used to check whether the response
contains a valid and non-empty list of EFS file system mount targets.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add acceptance test to check for non-empty plan.
This commit adds a test to verify the condition where the underlying EFS mount
target would be deleted and/or disappear resulting in a new resource to be
created to replace it.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* [WIP] AWS APIGateway Custom Authorizer
* provider/aws: api_gateway_method - Add missing fields to Read+Update
* provider/aws: Make API Gateway name in test more specific
* provider/aws: APIG - Use minimal configuration in create request
terraform run
Fixes#3550
The simple fix here was to check if the Resource was new (to set the
value the first time) then check it has changed each time
I was able to see from the TF log the following:
```
Config
resource "aws_vpc" "foo" {
cidr_block = "10.10.0.0/16"
}
resource "aws_subnet" "foo" {
cidr_block = "10.10.1.0/24"
vpc_id = "${aws_vpc.foo.id}"
}
resource "aws_instance" "foo" {
ami = "ami-4fccb37f"
instance_type = "m1.small"
subnet_id = "${aws_subnet.foo.id}"
source_dest_check = false
disable_api_termination = true
}
```
No longer caused any Modifying source_dest_check entries in the LOG
* provider/aws: Add docs for Default Route Table
* add new default_route_table_id attribute, test to VPC
* stub
* add warning to docs
* rough implementation
* first test
* update test, add swap test
* fix typo
Fixes#8468
If a user wished to bump the `engine_version` of an RDS instance,
Terraform was not sending `allow_major_version_upgrade` to the API
*unless* that value also changed at the same time. This caused the
following error from RDS API:
```
* aws_db_instance.bar: Error modifying DB Instance
* tf-20160825101420910562798obb: InvalidParameterCombination: The
* AllowMajorVersionUpgrade flag must be present when upgrading to a new
* major version.
status code: 400, request id: 20e36364-6ab0-11e6-b794-51f12f4135f1
```
This change will always send the `allow_major_version_upgrade` flag to
the API when the `engine_version` changes.
This still relies on the user setting the correct value i.e. if they are
upgrading from postgres 0.4.7 -> 9.5.2 then the config will need to set
the `allow_major_version_upgrade` flag to be `true`
* provider/aws: add `aws_ssm_document` resource
* provider/aws: Changes to `aws_ssm_document` post code review
The changes are things like using d.Id rather than d.Get("name").(string)
and errwrap.Wrapf rather than fmt.Errorf
* Fix crash when reading VPC Peering Connection options.
This resolves the issue introduced in #8310.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Do not de-reference values when using Set().
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* provider/aws: Update VPC Peering connect accept/request attributes
* change from type list to type set
* provider/aws: Update VPC Peering accept/requst options, tests
* errwrap some things
This commit is changing the `volumes` block from being computed to non-computed.
This change makes the Terraform configuration the source of truth about volumes
attached to the instance and therefore is able to correctly detect when a user
detaches a volume during an update.
One thing to be aware of is that if a user attached a volume out of band of an
instance controlled by Terraform, that volume will be detached upon the next
apply. The best thing to do is add a `volume` entry in the instance's
configuration of any volumes that were attached out of band.
This commit also explicitly detaches volumes from an instance before the
instance terminates. Most Block Storage volume drivers account for this
scenario internally, but there are a few that don't. This change is to support
those that don't.
In addition, when volumes are read by the instance, volumes configured in the
Terraform configuration are the source of truth. Previously, a call was being
made to OpenStack to provide the list of attached volumes.
It also adds a few new tests and fixes existing tests for various volume
attach-related scenarios.
* provider/aws: Refresh `aws_cloudwatch_event_target` from state on
`ResourceNotFoundException`
Fixes#6928
@radeksimko FYI :)
* Update resource_aws_cloudwatch_event_target.go
* provider/aws: Change Spot Fleet Request to allow a combination of
subnet_id and availability_zone
Also added a complete set of tests that reflect all of the use cases
that Amazon document
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-examples.html
It is important to note there that Terraform will be suggesting that
users create multiple launch configurations rather than AWS's version of
combing values into CSV based parameters. This will ensure that we are
able to enforce the correct state
Also note that `associate_public_ip_address` now defaults to `false` - a migration has been
included in this PR to migration users of this functionality. This needs
to be noted in the changelog. The last part of changing functionality
here is waiting for the state of the request to become `active`. Before
we get to this state, we cannot guarantee that Amazon have accepted the
request or it could have failed validation.
```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSpotFleetRequest_'
% 2 ↵
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 15:44:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_changePriceForcesNewRequest
--- PASS: TestAccAWSSpotFleetRequest_changePriceForcesNewRequest (133.90s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion (76.67s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList (75.22s)
=== RUN TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList (96.95s)
=== RUN TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz (74.44s)
=== RUN TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet (97.82s)
=== RUN TestAccAWSSpotFleetRequest_overriddingSpotPrice
--- PASS: TestAccAWSSpotFleetRequest_overriddingSpotPrice (76.22s)
=== RUN TestAccAWSSpotFleetRequest_diversifiedAllocation
--- PASS: TestAccAWSSpotFleetRequest_diversifiedAllocation (79.81s)
=== RUN TestAccAWSSpotFleetRequest_withWeightedCapacity
--- PASS: TestAccAWSSpotFleetRequest_withWeightedCapacity (77.15s)
=== RUN TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 788.184s
```
* Update resource_aws_spot_fleet_request.go
* provider/aws: Refresh `aws_autoscaling_policy` from state on 404
Fixes#8386
When an Autoscaling Group Or an Autoscaling Group Policy has been
deleted manually, terraform was throwing an error as follows:
```
* aws_autoscaling_policy.increase: Error retrieving scaling policies: ValidationError: Group sandbox-logs-logstash-wxhsckky3ndpzd7b3kmyontngy not found
status code: 400, request id: 56a89814-6884-11e6-b3a8-d364cf04223b
```
We now refresh from state on a ValidationError - this is a common 4xx error according to AWS documentation http://docs.aws.amazon.com/AutoScaling/latest/APIReference/CommonErrors.html
```
%make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingPolicy_disappears'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingPolicy_disappears -timeout 120m
=== RUN TestAccAWSAutoscalingPolicy_disappears
--- PASS: TestAccAWSAutoscalingPolicy_disappears (203.61s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 203.633s
```
* Update resource_aws_autoscaling_policy.go
Replication Groups
In order to be able to restore a named snapshot as ElastiCache Cluster
or a Replication Group, the `snapshot_name` parameter was needed to be
passed. Changing the `snapshot_name` will force a new resource to be
created
```
```
Paul Stack