Commit Graph

21107 Commits

Author SHA1 Message Date
James Bardin 75f2f61774 update ssh package
The agent_identity feature requires some bug fixes in the ssh package to
send the publick keys in the correct order.
2017-12-26 16:27:18 -05:00
James Bardin 35ce444851 add validation for the new connection field 2017-12-26 16:27:18 -05:00
James Bardin daf05e65e0 test identity file parsing 2017-12-26 16:27:18 -05:00
James Bardin 8c8847e1cf sort ssh agent signers by requested id
It's becoming more common for users to have many ssh keys loaded into an
agent, and with the default max auth attempts of an openssh server at 6,
one often needs to specify which id to use in order to avoid a `too many
authentication failures` error.

Add a connection field called `agent_identity` which will function
similarly to the ssh_config IdentityFile when used in conjunction with
an ssh agent. This uses `agent_identity` rather than `identity_file` to
specify that the file is not used directly for authentication, rather
it's used to choose which identity returned from the agent to
authenticate with first.

This feature tries a number of different methods to match the agent
identity. First the provisioner attempts to read the id file and extract
the public key. If that isn't available, we look for a .pub authorized
key file. Either of these will result in a public key that can be
matched directly against the agent keys. Finally we fall back to
matching the comment string exactly, and the id as a suffix. The only
result of using the agent_identity is the reordering of the public keys
used for authentication, and if there is no exact match the client
will still attempt remaining keys until there is an error.
2017-12-26 16:27:18 -05:00
James Bardin d91dc1a13e unused variable
vet can now catch these in closures
2017-12-26 14:32:57 -05:00
James Bardin 4b49a323c3 go fmt
slight change to go fmt coming in 0.10
2017-12-26 13:26:38 -05:00
James Bardin 9816d5034e vet requires a non-test file in a package 2017-12-26 13:26:04 -05:00
Mitchell Hashimoto 4700a86ee6
Merge pull request #16975 from yaron/master
Small typo fix in provider documentation
2017-12-23 16:49:35 -08:00
Yaron Tal a40eac1cca
Small typo fix in provider documentation 2017-12-22 12:23:13 +01:00
James Bardin 79e985366f allow init to reset -plugin-dir
Remove the recorded -plugin-dir during init if the flag is not provided.
2017-12-21 11:21:07 -05:00
Clint f43d66e143
Revert "Restructure terraform.io to include provider categories (#16934)" (#16966)
This reverts commit 7481c113ee.
2017-12-20 17:25:43 -06:00
Chris Griggs 7481c113ee Restructure terraform.io to include provider categories (#16934)
* add catagory files

* try new source path

* cleaning up formatting

* fixin

* add all providers to providers index page

* add descriptions

* add link to form and first two providers

* small edits

* small edits

* small changes

* add community providers and decription edit from marketing

* add some lines to improve design

* fix typos
2017-12-20 16:26:41 -06:00
James Bardin d76482cd89 don't try to interrupt diff in shutdown test
Rather than relying on interrupting Diff, just make sure Stop was called
on the provider. The DiffFn is protected by a mutex in the mock
provider, which means that the tests can't rely on concurent calls to
diff working.
2017-12-20 16:23:55 -05:00
James Bardin 119056b324
Merge pull request #16954 from henrybell/typo-fix
Fix typo ('depracted' -> 'deprecated')
2017-12-20 15:54:38 -05:00
James Bardin e63a3474d5 kill the flag error writer after 2 seconds
There's no point in trying to track these, they're lost after each test.
Kill them after a short delay so we don't have goroutines from every single
command test to wade through if we have a stack dump.
2017-12-20 15:52:43 -05:00
James Bardin a262a0e046
Merge pull request #16957 from hashicorp/jbardin/computed-diff
Restore ability for an empty string to be considered unset in a computed value
2017-12-20 09:20:43 -05:00
James Bardin cba592d54f minor race issue in mockResourceProvider
The interrupt tests for providers no longer check for the condition
during the diff operation. defer the lock so other test's DiffFns don't
need to be as carefull locking themselves.
2017-12-20 09:18:38 -05:00
James Bardin 0df8da59f7 add FIXMEs
This new codepath with the getDiff "customzed" return value, along with
the associated test need to be removed as soon as we can support unset
fields from the config, so we don't continue to carry this broken
behavior forward any longer than needed.
2017-12-20 08:51:00 -05:00
Chris Marchesi cb5ce1d35e
helper/schema: Extend diffChange and bubble up customized values
This extends the internal diffChange method so that ResourceDiff's
implementation of it can report back whether or not the value came from
a customized diff.

This is an effort to work to preserve the pre-ResourceDiff behaviour
that ignores the diff for computed keys when the old value was populated
but the new value wasn't - this behaviour is actually being depended on
by users that are using it to exploit using zero values in modules. This
should allow both scenarios to co-exist by shifting the NewComputed
exemption over to exempting values that come from diff customization.
2017-12-19 16:06:57 -08:00
James Bardin 643ef4334f revert the change that broke the test case
This reverts one of the changes from 6a4f7b0, which broke empty strings
being seen as unset for computed values.

This breaks a number of other tests, and is only an intermediate change
for evaluating other solutions.
2017-12-19 16:14:07 -05:00
James Bardin 7a8a443994 add failing test case
This case should be expected to fail with the current diff algorithm,
but the existing behavior was widely relied upon so we need to roll this
back until there is a representable nil value.
2017-12-19 15:14:58 -05:00
Chris Marchesi c2c9e4f418
Merge pull request #16583 from hashicorp/azurerm-website
Renaming the Azure Provider
2017-12-19 11:00:33 -08:00
rv-jmaggio b313ce80c4 Changing prefix for empty workspace prefix 2017-12-19 13:14:31 -05:00
Henry Bell 56357c0ab7 Fix typo ('depracted' -> 'deprecated') 2017-12-19 16:43:06 +00:00
Clint a8f08faab5
copy doc note from terraform-providers/terraform-provider-aws/2162 (#16940) 2017-12-19 10:29:55 -06:00
rv-jmaggio bef64cfe91 Fixing implementation for empty string and making acceptance test work 2017-12-19 09:31:53 -05:00
Sander van Harmelen 80e3511c9d
Merge pull request #16951 from costastf/master
vendor: update posener complete install
2017-12-19 13:34:54 +01:00
Costas Tyfoxylos 470eaa5c78 vendor: update posener complete install 2017-12-19 13:02:16 +01:00
James Bardin 885e4cde81 don't loop indefinitely in confirm method
Only check for input twice in the meta.confirm method. This prevents an
errant newline from aborting the run while allowing Terraform to exit if
there is no input available. We don't just check for a tty, since we
still rely on being able to pipe input in for testing.

Remove the redundant confirmation loops in the migration code, and only
use the confirm method.
2017-12-18 18:39:21 -05:00
James Bardin 7d2da9865e inputFalse test should attempt migration and check error
Make sure the init inputFalse test actually errors from missing input,
since skipping input will still fail later during provider
initialization. We need to make sure there are two different states that
aren't a noop for migration, and reset the command struct for each run.

Also verify that we don't go into an infinite loop if there is no input.
2017-12-18 18:39:21 -05:00
rv-jmaggio b02a1c8a46 clarifying tests and using SplitN in implementation 2017-12-18 16:24:34 -05:00
Martin Atkins c647b22d97 helper/customdiff: Helper functions for CustomizeDiff
The CustomizeDiff functionality in helper/schema is powerful, but directly
writing single CustomizeDiff functions can obscure the intent when a
number of different, orthogonal diff-customization behaviors are required.

This new library provides some building blocks that aim to allow a more
declarative form of CustomizeDiff implementation, by composing a number of
smaller operations. For example:

     &schema.Resource{
         // ...
         CustomizeDiff: customdiff.All(
             customdiff.ValidateChange("size", func (old, new, meta interface{}) error {
                 // If we are increasing "size" then the new value must be
                 // a multiple of the old value.
                 if new.(int) <= old.(int) {
                     return nil
                 }
                 if (new.(int) % old.(int)) != 0 {
                     return fmt.Errorf("new size value must be an integer multiple of old value %d", old.(int))
                 }
                 return nil
             }),
             customdiff.ForceNewIfChange("size", func (old, new, meta interface{}) bool {
                 // "size" can only increase in-place, so we must create a new resource
                 // if it is decreased.
                 return new.(int) < old.(int)
             }),
             customdiff.ComputedIf("version_id", func (d *schema.ResourceDiff, meta interface{}) bool {
                 // Any change to "content" causes a new "version_id" to be allocated.
                 return d.HasChange("content")
             }),
         ),
     }

The goal is to allow the various separate operations to be quickly seen
and to ensure that each of them runs independently of the others. These
functions all create closures on the call parameters, so the result is
still just a normal CustomizeDiffFunc and so the helpers in this package
can be combined with hand-written functions as needed.

As we get more experience writing CustomizeDiff functions we may wish to
expand the repertoire of functions here in future; this initial set
attempts to cover some common cases we've seen so far. We may also
investigate some helper functions that are entirely declarative and so
don't take callback functions at all, but want to learn what the relevant
use-cases are before going in too deep here.
2017-12-18 10:38:20 -08:00
James Bardin 909dff36a8 remove extra "yes" confirmation in tests
There were two tests that had the duplicate confirmations hard-coded in
the input stream.
2017-12-18 11:42:33 -05:00
James Bardin 7c93b2e5e6 remove duplicate backend migration prompts
The duplicate prompts can be confusing when the user confirms that a
migration should happen and we immediately prompt a second time for the
same thing with slightly different wording. The extra hand-holding that
this provides for legacy remote states is less critical now, since it's
been 2 major release cycles since those were removed.
2017-12-18 11:42:33 -05:00
Stuart Auld 1d1984771b helper/resource: test check helpers for resources in non-root modules 2017-12-18 05:58:10 -08:00
Nic Cope 011841124b Support 'customer supplied encryption keys' in the GCS backend
https://cloud.google.com/storage/docs/encryption#customer-supplied

GCS state created using customer supplied encryption keys can only be read or
modified using the same key.
2017-12-17 19:27:52 -08:00
rv-jmaggio 7f8d686074 refactor and add a test 2017-12-15 21:04:15 -05:00
Kevin Fishner b13945f53c
Merge pull request #16931 from nfagerlund/dec2017_private_git_modules
docs: Clarify the use of private github repos with TFE
2017-12-15 16:04:46 -08:00
rv-jmaggio 0889c118a8 Fixing issues with workspace_key_prefix 2017-12-15 17:50:36 -05:00
James Bardin ea4cb6a20e check state version during init
The init command needs to parse the state to resolve providers, but
changes to the state format can cause that to fail with difficult to
understand errors. Check the terraform version during init and provide
the same error that would be returned by plan or apply.
2017-12-15 11:17:59 -05:00
Nick Fagerlund 40fefbd5e8 docs: Clarify the use of private github repos with TFE
The machine user/password approach is wrong for TFE; use SSH keys instead.
2017-12-14 17:35:50 -08:00
James Bardin ccb90d5b6b add gcs to the backends that support workspaces
Also add the term "workspaces" to the `prefix` documentation.
2017-12-14 10:25:03 -05:00
James Bardin 03ddb9134a
Merge pull request #16903 from rwcee/build-service-auth-token
Adds "build_auth_token" option to Habitat Provisioner
2017-12-14 09:18:50 -05:00
James Bardin f00dc45e8f
Merge pull request #16780 from nevans-sofi/processIgnoreChangesPatch
Ignore redundant IgnoreChanges attributes
2017-12-13 16:07:35 -05:00
Rob Campbell 29f70bc112 Adds build_auth_token to Habitat Provisioner
First successful run with private origin and HAB_AUTH_TOKEN set

Update struct, schema, and decodeConfig names to more sensible versions

Cleaned up formatting

Update habitat provisioner docs

Remove unused unitstring
2017-12-12 19:46:42 -05:00
Martin Atkins 681b2e7587
Update CHANGELOG.md 2017-12-12 15:30:02 -08:00
Gauthier Wallet 474c592569 backend/s3: allow named credentials profiles to be used
Here we upgrade the AWS Go SDK to 1.12.27 and AWS provider to include terraform-providers/terraform-provider-aws#1608. 

This includes the capability to use named credentials profiles from the `~/.aws/credentials` file to authenticate to the backend.
2017-12-12 15:27:05 -08:00
Maciej Skierkowski 0186db7962
Merge pull request #16901 from skierkowski/tfe-ga-updates
Updating links to TFE docs
2017-12-12 09:46:30 -08:00
Florian Forster 6680b1f16b core: check for negative indices in ResourceConfig.get
The bounds checking in ResourceConfig.get() was insufficient: it detected when the index was greater than or equal to cv.Len() but not when the index was less than zero. If the user provided an (invalid) configuration that referenced "foo.-1.bar", the provider would panic.

Now it behaves the same way as if the index were too high.
2017-12-12 09:18:38 -08:00
Maciej Skierkowski c1469aa39e Rename links for TFE classic and beta 2017-12-11 19:05:11 -08:00