Fixes#6758
We used to throw an error when this was the case - we should refresh
from state so the association can be recreated
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIPAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 16:42:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEIPAssociation_ -timeout 120m
=== RUN TestAccAWSEIPAssociation_basic
--- PASS: TestAccAWSEIPAssociation_basic (272.92s)
=== RUN TestAccAWSEIPAssociation_disappears
--- PASS: TestAccAWSEIPAssociation_disappears (119.62s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws392.559s
```
Fixes#9025
We were assuming there would always be a changeInfo record and then
dereferencing the ID. This wasn't always the case (As noted in #9025)
where it was a delete rather than a delete / create action
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 11:26:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (114.99s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (126.64s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (113.25s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (112.89s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (113.29s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (163.05s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (121.15s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (117.06s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (116.97s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (138.79s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (241.48s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (132.51s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (121.29s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (189.31s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (127.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
2050.012s
```
This commit adds simple logic which allows for a VPC Peering Connection
that is in a failed state (e.g. due to an overlapping IP address ranges,
etc.), to report such failed state as an error, rather then waiting for
the time out to occur.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This example demonstrates both creating a network architecture *and* the
use of data resources to minimize the number of variables needed for a
child module by discovering additional data automatically.
The primary purpose of this data source is to ask the question "what is
my current region?", but it can also be used to retrieve the endpoint
hostname for a particular (possibly non-current) region, should that be
useful for some esoteric case.
This adds a singular data source in addition to the existing plural one.
This allows retrieving data about a specific AZ.
As a helper for writing reusable modules, the AZ letter (without its
usual region name prefix) is exposed so that it can be used in
region-agnostic mappings where a different value is used per AZ, such as
for subnet numbering schemes.
These functions can be used within various EC2 data sources to support
querying by filter. The following cases are supported:
- Filtering by exact equality with single attribute values
- Filtering by EC2 tag key/value pairs
- Explicitly specifying raw EC2 filters in config
This should cover most of the filter use-cases for Terraform data
sources that are built on EC2's 'Describe...' family of functions.
In an attempt to always show "id" as computed we were producing a
synthetic diff for it, but this causes problems when the id attribute for
a particular data source is actually settable in configuration, since it
masks the setting from the config and forces it to always be empty.
Instead, we'll set it conditionally so that a value provided in the config
can shine through when available.
In c244e5a6 this resource was converted to a data source, but that was
a mistake since data sources are expected to produce stable results on
each run, and yet certificate requests contain a random nonce as part of
the signature.
Additionally, using the data source as a managed resource through the
provided compatibility shim was not actually working, since "Read" was
trying to parse the private key out of a SHA1 hash of the key, which is
what we place in state due to the StateFunc on that attribute.
By restoring this we restore Terraform's ability to produce all of the
parts of a basic PKI/CA, which is useful for creating dev environments
and bootstrapping PKI for production environments.
This commit fixes the issues where in a very rare cases the Amazon Machine
Image (AMI) would not have an image name set causing regular expression match
to fail with a nil pointer dereference. Also, the logic of if-else statements
was simplified (reduced branching since return is used a lot).
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Looks like AWS updated their API and now our tests are failing
because QueryStringCacheKeys was not included in the distribution
configuration.
This adds support for specifying query string cache keys in the
CloudFront distribution configuration, which ensures that only a subset
of query string keys are actually cached when forwarding query strings,
possibly improving performance.
This fixes an issue where an empty s3_origin_config could be supplied to
aws_cloudfront_distribution, "correctly" setting an empty default value.
Unfortunately the rest of the CloudFront structure helper functions are
not equipped to deal with this kind of scenario, and TF produces
spurious diffs upon future runs.
This removes the default and makes origin_access_identity required when
specifying s3_origin_config.
Note that it has always been intended behaviour that if someone does not
want to use an origin access identity, that s3_origin_config should not
be specified at all. This behaviour still works, as should be evident by
the (still) passing tests.
Fixeshashicorp/terraform#7930.
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.
Fixeshashicorp/terraform#8730.
* provider/aws: Fix importing of EIP by IP address
EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.
This PR does:
- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id
I chose not to document that looking up by IP is a method of import,
because the AWS API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.
Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.
* fix issue with swapping IDs on EC2 Classic
* update docs
* update comment
Based on support case with AWS, CloudWatch Events invoking Lambda should also specify the `source_arn`
Example, the resulting policy needs to be like:
```
{
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-1:0123456789:rule/my-cloudwatch-events-rule"
}
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:0123456789:function:my-lambda-function",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Sid": "AllowMyCloudWatchEventRuleToCallMyLambda"
}
```