Fix an issue when upgrading from Terraform < 0.9 to 0.9+, when we added
support for the regional endpoints in OpsWorks Stacks. OpsWorks Stacks
can only be managed via the endpoint with which they were created, not
where the stack resides.
* Adding import to resource_aws_iam_server_certificate.
* provider/aws: Update tests for import of aws_iam_server_certificate
Builds upon the work of @mrcopper in #12940
Resource:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMServerCertificate_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/25 00:08:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMServerCertificate_ -timeout 120m
=== RUN TestAccAWSIAMServerCertificate_importBasic
--- PASS: TestAccAWSIAMServerCertificate_importBasic (22.81s)
=== RUN TestAccAWSIAMServerCertificate_basic
--- PASS: TestAccAWSIAMServerCertificate_basic (19.68s)
=== RUN TestAccAWSIAMServerCertificate_name_prefix
--- PASS: TestAccAWSIAMServerCertificate_name_prefix (19.88s)
=== RUN TestAccAWSIAMServerCertificate_disappears
--- PASS: TestAccAWSIAMServerCertificate_disappears (13.94s)
=== RUN TestAccAWSIAMServerCertificate_file
--- PASS: TestAccAWSIAMServerCertificate_file (32.67s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 109.062s
```
Data Source:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDataSourceIAMServerCertificate_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/25 13:07:10 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDataSourceIAMServerCertificate_ -timeout 120m
=== RUN TestAccAWSDataSourceIAMServerCertificate_basic
--- PASS: TestAccAWSDataSourceIAMServerCertificate_basic (43.86s)
=== RUN TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix
--- PASS: TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix (2.68s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 46.569s
```
In function `resourceAwsSesReceiptRuleRead` the position of the receipt
rules in the rule set was taken directly from the index of the rule's
position in the slice returned by the AWS API call. As the slice is
zero-based and the ruleset is one-based, this results in an incorrect
representation.
This manifests as `aws_ses_receipt_rule` resources always showing a
diff during plan or apply.
same
Fixes: #13012
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSNetworkAclRule_allProtocol'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/24 18:42:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkAclRule_allProtocol -timeout 120m
=== RUN TestAccAWSNetworkAclRule_allProtocol
--- PASS: TestAccAWSNetworkAclRule_allProtocol (53.95s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 53.974s
```
Fixes: #13035
It was pointed out in the issue that the addition of a new parameter
with a default value AND a ForceNew: true is causing Terraform to try
and recreate the VPC
This PR migrates the state to add the default value of false for `assign_generated_ipv6_cidr_block`
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAWSVpcMigrateState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/24 12:51:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAWSVpcMigrateState -timeout 120m
=== RUN TestAWSVpcMigrateState
2017/03/24 12:52:26 [INFO] Found AWS VPC State v0; migrating to v1
2017/03/24 12:52:26 [DEBUG] Attributes before migration: map[string]string{"assign_generated_ipv6_cidr_block":"true"}
2017/03/24 12:52:26 [DEBUG] Attributes after migration: map[string]string{"assign_generated_ipv6_cidr_block":"false"}
2017/03/24 12:52:26 [INFO] Found AWS VPC State v0; migrating to v1
2017/03/24 12:52:26 [DEBUG] Attributes before migration: map[string]string{}
2017/03/24 12:52:26 [DEBUG] Attributes after migration: map[string]string{"assign_generated_ipv6_cidr_block":"false"}
--- PASS: TestAWSVpcMigrateState (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.024s
```
AWS API requires ECS placement strategies "field" attribute to be
"memory" or "cpu" (lowercase) when type=bin, but these read back as
"MEMORY" and "CPU" (uppercase) respectively.
PR #11565 (which fixed separately reported #11644) deals with this by
always lowering the case of the resource received from the API, but this
breaks for other "field" values (e.g. "instanceId" -> "instanceid").
This PR only lowers the case of the returned resource when field
"MEMORY" or "CPU". Haven't checked if any other fields need this
treatment.
Updates the `data_source_route53_zone` acceptance test to better handle parallel runs. Also better handles tests that potentially leak resources by adding a random integer suffix to domain names.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRolePolicyAttachment_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 20:18:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRolePolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSRolePolicyAttachment_basic
--- PASS: TestAccAWSRolePolicyAttachment_basic (31.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 31.949s
```
Fixes: #12764
AWS ALB Allows the Subnets to be changed using the SetSubnets func -
previously we set ForceNew: true on this change
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_' ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/18 16:55:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (342.95s)
=== RUN TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (362.05s)
=== RUN TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (311.21s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (344.05s)
=== RUN TestAccAWSALB_updatedSecurityGroups
--- PASS: TestAccAWSALB_updatedSecurityGroups (515.61s)
=== RUN TestAccAWSALB_updatedSubnets
--- PASS: TestAccAWSALB_updatedSubnets (313.94s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (293.54s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (492.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 2975.402s
```
Fixes: #12895
The AWS API returns both dissociated and associated IPv6 CIDRs. The UI
only returns the associated. Therefore, the assumption was made that we
would always take the 1st association in the set to use for state
We now loop over the set and look for the associated IPv6 CIDR before
using that in state
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpc_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/20 21:21:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpc_ -timeout 120m
=== RUN TestAccAWSVpc_importBasic
--- PASS: TestAccAWSVpc_importBasic (65.91s)
=== RUN TestAccAWSVpc_basic
--- PASS: TestAccAWSVpc_basic (50.88s)
=== RUN TestAccAWSVpc_enableIpv6
--- PASS: TestAccAWSVpc_enableIpv6 (49.89s)
=== RUN TestAccAWSVpc_dedicatedTenancy
--- PASS: TestAccAWSVpc_dedicatedTenancy (50.59s)
=== RUN TestAccAWSVpc_tags
--- PASS: TestAccAWSVpc_tags (98.89s)
=== RUN TestAccAWSVpc_update
--- PASS: TestAccAWSVpc_update (93.46s)
=== RUN TestAccAWSVpc_bothDnsOptionsSet
--- PASS: TestAccAWSVpc_bothDnsOptionsSet (20.71s)
=== RUN TestAccAWSVpc_DisabledDnsSupport
--- PASS: TestAccAWSVpc_DisabledDnsSupport (49.55s)
=== RUN TestAccAWSVpc_classiclinkOptionSet
--- PASS: TestAccAWSVpc_classiclinkOptionSet (54.92s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 534.829s
```
Leaked resources may prevent this resource from correctly passing acceptance tests. Seeding the policy names with random integer suffixes allows tests to pass regardless of resource leaks.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRolePolicyAttachment_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 19:58:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRolePolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSRolePolicyAttachment_basic
--- PASS: TestAccAWSRolePolicyAttachment_basic (31.98s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 31.989s
```
* provider/aws: Increase AMI destroy timeout
Acceptance tests were timing out on AMI destroy, should alleviate the problem.
* Further increase timeout, cleanup test
* use function instead of printf
Updates the IAM Group Policy and IAM User Policy acceptance tests with random integer seeds.
Currently acceptance tests for these two resources are failing from leaked resources, adding distint naming should allow tests to pass regardless of parallel tests being ran or any resource leaks.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMUserPolicy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 00:19:13 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMUserPolicy -timeout 120m
=== RUN TestAccAWSIAMUserPolicy_basic
--- PASS: TestAccAWSIAMUserPolicy_basic (22.54s)
=== RUN TestAccAWSIAMUserPolicy_namePrefix
--- PASS: TestAccAWSIAMUserPolicy_namePrefix (12.49s)
=== RUN TestAccAWSIAMUserPolicy_generatedName
--- PASS: TestAccAWSIAMUserPolicy_generatedName (13.13s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 48.191s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroupPolicy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/22 00:24:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroupPolicy -timeout 120m
=== RUN TestAccAWSIAMGroupPolicy_basic
--- PASS: TestAccAWSIAMGroupPolicy_basic (23.89s)
=== RUN TestAccAWSIAMGroupPolicy_namePrefix
--- PASS: TestAccAWSIAMGroupPolicy_namePrefix (12.07s)
=== RUN TestAccAWSIAMGroupPolicy_generatedName
--- PASS: TestAccAWSIAMGroupPolicy_generatedName (13.15s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 49.140s
```
machines
Fixes: #12898
The way aws_instance works is that we call the Create func then the
Update func then the Read func. The way the work to implement the change
to iam_instance_profile was added meant that when a machine was created
with an iam_instance_profile, it would then try and update that
iam_instance_profile because the state hadn't been updated at that point
We have changed the Update func to only check for the change to
iam_instance_profile when it *is an existing machine* - this will solve
the problem of those bringing up new machines and getting hit with the
permissions error
As requested, added a test that adds an IAM Instance Profile from
creation
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_withIamInstanceProfile'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/21 17:51:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_withIamInstanceProfile -timeout 120m
=== RUN TestAccAWSInstance_withIamInstanceProfile
--- PASS: TestAccAWSInstance_withIamInstanceProfile (154.29s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 154.325s
```
Adds support for `name_prefix` to the `aws_autoscaling_group` and `aws_elb` resources. Unfortunately when using `name_prefix` with `aws_elb`, this means that the specified prefix can only be a maximum of 6 characters in length. This is because the maximum length for an ELB name is 32 characters, and `resource.PrefixedUniqueId` generates a 26-character unique identifier. I was considering truncating the unique identifier to allow for a longer `name_prefix`, but I worried that doing so would increase the risk of collisions.
This will make it possible/easier to make decisions based on supported EC2 platforms (VPC and/or EC2 Classic)
in the context of any AWS resource which needs make such decisions.
Fixes: #12752
Weight was replaced with weighted_routing_policy in June 2016. But for
some reason we were still doing the following in the Read func:
```
d.Set("weight", -1)
```
As this field was removed, we shouldn't be setting it to state
Adds plan-level validation for both IPv4 and IPv6 CIDR Blocks in an AWS SecurityGroup resource, as well as the AWS Security Group Rule resource.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_invalidCIDRBlock'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/16 11:32:54 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroup_invalidCIDRBlock -timeout 120m
=== RUN TestAccAWSSecurityGroup_invalidCIDRBlock
--- PASS: TestAccAWSSecurityGroup_invalidCIDRBlock (0.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.017s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroupRule_ExpectInvalidCIDR'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/03/16 11:46:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSecurityGroupRule_ExpectInvalidCIDR -timeout 120m
=== RUN TestAccAWSSecurityGroupRule_ExpectInvalidCIDR
--- PASS: TestAccAWSSecurityGroupRule_ExpectInvalidCIDR (0.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 0.016s
```