* provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be
Updatable
Fixes#7809
This commit adds support for `source_ids` to be updated rather than
forcing new each time. Unfortunately, it must range over the difference
in the source_ids and add and remove them 1 at a time. AWS does not
support batch updating source_ids
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBEventSubscription_ -timeout 120m
=== RUN TestAccAWSDBEventSubscription_basicUpdate
--- PASS: TestAccAWSDBEventSubscription_basicUpdate (1277.87s)
=== RUN TestAccAWSDBEventSubscription_withSourceIds
--- PASS: TestAccAWSDBEventSubscription_withSourceIds (1012.96s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
2290.844s
```
* Update resource_aws_db_event_subscription.go
* provider/aws: Adds an acceptance test that makes sure that manual deletions mean a non-empty plan
* provider/aws: Adds an acceptance test to prove that manual deletion causes a non-empty plan
* provider/aws: Add failing ETC + notifications test
* tidy up the docs some
* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this
http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic' 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 19.483s
or availability_zone
Fixes#8000
There was a hard coded panic in the code!!!
```
panic(
fmt.Sprintf(
"Must set one of:\navailability_zone %#v\nsubnet_id: %#v",
m["availability_zone"],
m["subnet_id"])
)
```
This was causing issues when we set neither an availability zone or a subnet id.
This has been removed and is now handled with an error rather than a panic.
This was what happened with the new test before the fix:
```
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
panic: Must set one of:
availability_zone ""
subnet_id: ""
goroutine 129 [running]:
panic(0x11377a0, 0xc8202abfc0)
/opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
github.com/hashicorp/terraform/builtin/providers/aws.hashLaunchSpecification(0x11361a0, 0xc8202e07e0, 0xc800000001)
/Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_spot_fleet_request.go:953 +0x685
github.com/hashicorp/terraform/helper/schema.(*Set).hash(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0x0, 0x0)
/Users/stacko/Code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:180 +0x40
github.com/hashicorp/terraform/helper/schema.(*Set).add(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0xc820276900, 0x0, 0x0)
```
The test then ran fine after the fix:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:03:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (32.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 32.384s
```
Full test run looks as follows:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_' ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:04:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN TestAccAWSSpotFleetRequest_basic
--- PASS: TestAccAWSSpotFleetRequest_basic (33.78s)
=== RUN TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (33.59s)
=== RUN TestAccAWSSpotFleetRequest_launchConfiguration
--- PASS: TestAccAWSSpotFleetRequest_launchConfiguration (35.26s)
=== RUN TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 102.648s
```
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.
This will need revisiting and further testing once the work for
AssumeRole is integrated.
Fixes#7812
All of the options of `aws_db_security_group` ingress rules are
optional. Therefore, when one of them isn't set (and AWS doesn't
calculate the value), Terraform threw a panic
This commit just defensively codes around this fact. It checks to make
sure there is a value returned from the API before adding it to the map
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_ -timeout 120m
=== RUN TestAccAWSDBSecurityGroup_basic
--- PASS: TestAccAWSDBSecurityGroup_basic (38.66s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 38.682s
```
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
in the process
Fixes#7577
7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.
The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Overriding S3 endpoint - Enable specifying your own
S3 api endpoint to override the default one, under
endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
configuration to the provider.
This commit fixes an issue where CORS rules would not be read and thus refreshed
correctly should there be a change introduced externally e.g. CORS configuration
was edited outside of Terraform.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* provider/aws: Re-implement api gateway parameter handling
this PR cleans up some left overs from PR #4295, namely the parameter handling.
now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.
* Add deprecation message and conflictsWith settings
following @radeksimko s advice, keeping the old code around with a deprecation
warning.
this should be cleaned up in a few releases
* provider/aws: fix missing append operation
* provider/aws: mark old parameters clearly as deprecated
* provider/aws work around #8104
following @radeksimko s lead
* provider/aws fix cnp error
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
* Skip IAM/STS validation and metadata check
* Skip IAM/STS identity validation - For environments or other api
implementations where there are no IAM/STS endpoints available, this
option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
time there isn't going to be a metadta api endpoint, this option lets
you opt out from that check to save time.
* Allow iam/sts initialization even if skipping account/cred validation
(#7874)
* Split out skip of IAM validation into credentials and account id
(#7874)
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Various string slices are sorted and truncated to strings if they
only contain one element.
* Sids are now included if they are empty.
This is to ensure what is sent to AWS matches what comes back, to
prevent recurring diffs even when the policy has changed.
Any S3 Bucket owner may wish to share data but not incur charges associated
with others accessing the data. This commit adds an optional "request_payer"
attribute to the aws_s3_bucket resource so that the owner of the S3 bucket can
specify who should bear the cost of Amazon S3 data transfer.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Version 1.3.1 deprecates use of `session.New()` in favour of
`session.NewSession()`, which also returns an error. This commit updates
the various call sites previously making use of `session.New()`.