This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.
For example:
```
resource "aws_iam_user" "u" {
name = "auser"
path = "/"
force_destroy = true
}
resource "aws_iam_user_login_profile" "u" {
user = "${aws_iam_user.u.name}"
pgp_key = "keybase:some_person_that_exists"
}
output "password" {
value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```
The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:
```
terraform output password | base64 --decode | keybase pgp decrypt
```
Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run=TestAccAzureRMVirtualMachine_basicLinuxMachine -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_basicLinuxMachine
--- PASS: TestAccAzureRMVirtualMachine_basicLinuxMachine (540.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 540.841s
TF_ACC=1 go test ./builtin/providers/azurerm -v -run=TestAccAzureRMVirtualMachine_withDataDisk -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_withDataDisk
--- PASS: TestAccAzureRMVirtualMachine_withDataDisk (431.19s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 431.203s
enable_partitioning set to ForceNew
requires_duplicate_detection set to ForceNew
max_size_in_megabytes would cause a loop if enable_partitioning was true as this
causes the value to be multiplied by 16 for it's effective value, this computed
value is then returned by the ARM API in the same field which caused Terraform
to always detect a change
```
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusTopic -timeout 120m
=== RUN TestAccAzureRMServiceBusTopic_importBasic
--- PASS: TestAccAzureRMServiceBusTopic_importBasic (345.08s)
=== RUN TestAccAzureRMServiceBusTopic_basic
--- PASS: TestAccAzureRMServiceBusTopic_basic (342.23s)
=== RUN TestAccAzureRMServiceBusTopic_update
--- PASS: TestAccAzureRMServiceBusTopic_update (359.56s)
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioning
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioning (362.80s)
=== RUN TestAccAzureRMServiceBusTopic_enableDuplicateDetection
--- PASS: TestAccAzureRMServiceBusTopic_enableDuplicateDetection (364.97s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 1774.657s
```
* Converting archive_file to datasource.
* Ratcheting back new dir perms.
* Ratcheting back new dir perms.
* goimports
* Adding output_base64sha256 attribute to archive_file.
Updating docs.
* Dropping CheckDestroy since this is a data source.
* Correcting data source attribute checks.
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...
Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html
Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws37.121s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s
```
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:
```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```
We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
The tests were referencing an old bootscript - this just bumps the value
to the latest. The list of bootscripts can be found at
http://devhub.scaleway.com/#/bootscripts
gophercloud/gophercloud no longer supports the APIKey authentication
attribute. Removal of this attribute may impact users who were using
the Terraform OpenStack provider in with vendor-modified clouds.
- The name cannot be empty
- The name cannot be more than 80 characters
- The name must begin with a letter or number
- The name must end with a letter, number, or underscore
- The name must only contain letters, numbers, underscores, periods, or hyphens
This commit is a maintenance change aimed at aligning file names so that they
fall in line with the established naming convention.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This commit changes the behaviour of the `ExistsFunc`, where by default
lack of a route table (e.g. already removed, etc.) would cause an error
to be thrown. This makes is hard to carry out any action e.g. plan,
refresh, or destroy, that rely on the route table existance check.
Also, make error messages a little better in terms of wording, etc.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
The check for ARM_SUBSCRIPTION_ID breaks the PR testing. The PR
testing isn't trying to check acceptance tests anyway.
There will still be a correct failure for missing ARM_SUBSCRIPTION_ID
when running the acceptance test due to the later testAccPreCheck().
bootscripts allow you to start Scaleway servers with a specific kernel version.
The `scaleway_server` has always had a bootscript parameter, and the
`scaleway_bootscript` datasource allows you to lookup bootscripts to be used in
conjunction with the `scaleway_server` resource.
This commit tests whether an interface is nil before type asserting it
to string - this should fix the panic reported in #8609.
We also clean up the schema definition to the newer style without
redundant type declarations.
Make sure to hash base64 decoded value since user_data might be given
either raw bytes or base64 value.
This helps https://github.com/hashicorp/terraform/issues/1887 somewhat
as now you can:
1) Update user_data in AWS console.
2) Respectively update user_data in terraform code.
3) Just refresh terraform state and it should not report any changes.
This commit adds a missing unit test for the API Gateway integration type
attribute validation helper, plus changes the way how value is inspected
to a simple lookup table. Additionally, changes the wording of the error
message, and adds invalid test cases to the HTTP method validation helper.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This pull request is intended to add a temporary control to Terraform to
output more verbose logging in the case of an AuthFailure error being
returned by the AWS API.
The tag schema was changed in #9199, setting the Computed flag, this was causing
the plan to not be empty for resources which support tags but none were set, as
no value would be set by flattenAndSetTags.
Setting an empty map instead fixes the issue, ran original failing test and an
update tags test to ensure nothing else was broken.
Depends on #9305.
```
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMCdnProfile -timeout 120m
=== RUN TestAccAzureRMCdnProfile_importWithTags
--- PASS: TestAccAzureRMCdnProfile_importWithTags (171.64s)
=== RUN TestAccAzureRMCdnProfile_basic
--- PASS: TestAccAzureRMCdnProfile_basic (162.70s)
=== RUN TestAccAzureRMCdnProfile_withTags
--- PASS: TestAccAzureRMCdnProfile_withTags (203.12s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 537.538s
```
cdn_profile resource was using `Profiles` instead of `profiles` to gather the
name in the read and delete methods, added importing capability with test to
confirm read now works as expected.
```
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMCdnProfile -timeout 120m
=== RUN TestAccAzureRMCdnProfile_importWithTags
--- PASS: TestAccAzureRMCdnProfile_importWithTags (170.00s)
=== RUN TestAccAzureRMCdnProfile_basic
--- PASS: TestAccAzureRMCdnProfile_basic (166.33s)
=== RUN TestAccAzureRMCdnProfile_withTags
--- PASS: TestAccAzureRMCdnProfile_withTags (185.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 522.333s
```
This commits changes the behaviour in a case there was an error while
interacting with EC2 tags related to the CloudFormation Distribution
resource, fixing the issue with nil pointer dereference when despite
an error being present code path to handle tags was executed.
Also, a small re-factor of the `validateHTTP` helper method,
and a unit test added for it.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
panic on the Read func
Fixes#8995
The Diagnostics profile was a badly laid out resource. All we needed to
set was whether it was enabled and the storage account to save the logs
to. The old schema parameter was deprecated and replaced with a much
simplier structure
```
% make testacc TEST=./builtin/providers/azurerm TESTARGS='-run=TestAccAzureRMVirtualMachine_diagnosticsProfile'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/29 12:21:04 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMVirtualMachine_diagnosticsProfile -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_diagnosticsProfile
--- PASS: TestAccAzureRMVirtualMachine_diagnosticsProfile (1066.76s)
PASS
ok
github.com/hashicorp/terraform/builtin/providers/azurerm1066.776s
```
The Read func of the EIP has changed to set the `vpc` boolean value on
the response object having an Address. This is required as an EIP that
was specified, without a domain and then imported, would cause a
perpetual plan.
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIP_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 09:28:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEIP_ -timeout
120m
=== RUN TestAccAWSEIP_importEc2Classic
--- PASS: TestAccAWSEIP_importEc2Classic (116.16s)
=== RUN TestAccAWSEIP_importVpc
--- PASS: TestAccAWSEIP_importVpc (61.89s)
=== RUN TestAccAWSEIP_basic
--- PASS: TestAccAWSEIP_basic (18.86s)
=== RUN TestAccAWSEIP_instance
--- PASS: TestAccAWSEIP_instance (185.95s)
=== RUN TestAccAWSEIP_network_interface
--- PASS: TestAccAWSEIP_network_interface (63.20s)
=== RUN TestAccAWSEIP_twoEIPsOneNetworkInterface
--- PASS: TestAccAWSEIP_twoEIPsOneNetworkInterface (65.64s)
=== RUN TestAccAWSEIP_associated_user_private_ip
--- PASS: TestAccAWSEIP_associated_user_private_ip (201.34s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 713.072s
```
This commit resolves a regression introduced in #9033 that caused an
unfiltered image to be returned despite a search criteria being set
accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>