* added server_side_encryption to s3_bucket_object resource including associated acceptance test and documentation.
* got acceptance tests passing.
* made server_side_encryption a computed attribute and only set kms_key_id attribute if an S3 non-default master key is in use.
* ensured kms api is only interrogated if required.
Fixes `aws_rds_cluster_parameter_group` acceptance tests, which have been broken since aa8c2ac587
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroupOnly'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:20:38 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroupOnly -timeout 120m
=== RUN TestAccAWSDBClusterParameterGroupOnly
--- PASS: TestAccAWSDBClusterParameterGroupOnly (15.26s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 15.282s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:22:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBClusterParameterGroup_basic -timeout 120m
=== RUN TestAccAWSDBClusterParameterGroup_basic
--- PASS: TestAccAWSDBClusterParameterGroup_basic (29.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 29.510s
```
Fixes `aws_cloudwatch_log_subscription_filter` acceptance tests that had been failing since mid December
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudwatchLogSubscriptionFilter_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/30 16:00:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSCloudwatchLogSubscriptionFilter_basic -timeout 120m
=== RUN TestAccAWSCloudwatchLogSubscriptionFilter_basic
--- PASS: TestAccAWSCloudwatchLogSubscriptionFilter_basic (26.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 26.364s
```
* Creates papertrail logging resource for fastly
* Adds modification support for fastly papertrail
* Flattens and lists papertrail resources
* Adds testing for fastly papertrail
* Adds papertrail documentation for fastly to the website
* Fixes schema assignment name mistake
* Changes testing hostnames to pass fastly API validation
Fixes#11504
The local backend should error if `terraform plan` is called in a
directory with no Terraform config files (same behavior as 0.8.x).
**New behavior:** We now allow `terraform plan -destroy` with no
configuration files since that seems reasonable.
* Add a new data provider to decrypt AWS KMS secrets
* Address feedback
* Rename aws_kms_secrets to aws_kms_secret
* Add more examples to the documentation
Fixes: #11461
This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
Fixes#10788
This checks `IsComputed` prior to attempting to use the JSON
configurations. Due to a change in 0.8, the prior check for simply map
existence would always succeed even with a computed value (as designed),
but we forgot to update provisioners to not do that.
There are other provisioners that also do this but to no ill effect
currently. I've only changed Chef since we know that is an issue.
This issue doesn't affect 0.9 due to helper/schema doing this
automatically for provisioners.
According to https://github.com/hashicorp/errwrap
'{{err}}' has to be used instead of '%s'
Without this patch, error output from terraform is missing important information:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: %s
With this patch, I get the important information. E.g.:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: AccessDeniedException: User: arn:aws:sts::XYZ:assumed-role/AAA-BBB-CCC/terraform-assuming-role-assume-role-ReadOnly is not authorized to perform: logs:ListTagsLogGroup on resource: arn:aws:logs:us-east-1:XYZ:log-group:logs:log-stream:
The support for "use_client_subnet" was half finished.
- Field was defined in schema.
- ResourceData-to-struct code was present but incorrect.
- struct-to-ResourceData code was missing.
Made the change and verified with manual testing:
1. In NS1 UI, switched "Use Client Subnet" between checked and
unchecked.
2. In Terraform config file, switched "use_client_subnet" field between
"true", "false", and omitted.
3. The output of "terraform plan" was as expected in all six cases.
This commit removes the default security group rules that are automatically
created when a security group is created. These rules are usually
permissive egress rules which makes it difficult to add more strict egress
security group rules.