* Creates papertrail logging resource for fastly
* Adds modification support for fastly papertrail
* Flattens and lists papertrail resources
* Adds testing for fastly papertrail
* Adds papertrail documentation for fastly to the website
* Fixes schema assignment name mistake
* Changes testing hostnames to pass fastly API validation
* Add a new data provider to decrypt AWS KMS secrets
* Address feedback
* Rename aws_kms_secrets to aws_kms_secret
* Add more examples to the documentation
Fixes: #11461
This will allow the user to pass a policy to further restrict the use
of AssumeRole. It is important to note that it will NOT allow an
expansion of access rights
Fixes#10788
This checks `IsComputed` prior to attempting to use the JSON
configurations. Due to a change in 0.8, the prior check for simply map
existence would always succeed even with a computed value (as designed),
but we forgot to update provisioners to not do that.
There are other provisioners that also do this but to no ill effect
currently. I've only changed Chef since we know that is an issue.
This issue doesn't affect 0.9 due to helper/schema doing this
automatically for provisioners.
According to https://github.com/hashicorp/errwrap
'{{err}}' has to be used instead of '%s'
Without this patch, error output from terraform is missing important information:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: %s
With this patch, I get the important information. E.g.:
* aws_cloudwatch_log_group.logs: Error Getting CloudWatch Logs Tag List: AccessDeniedException: User: arn:aws:sts::XYZ:assumed-role/AAA-BBB-CCC/terraform-assuming-role-assume-role-ReadOnly is not authorized to perform: logs:ListTagsLogGroup on resource: arn:aws:logs:us-east-1:XYZ:log-group:logs:log-stream:
The support for "use_client_subnet" was half finished.
- Field was defined in schema.
- ResourceData-to-struct code was present but incorrect.
- struct-to-ResourceData code was missing.
Made the change and verified with manual testing:
1. In NS1 UI, switched "Use Client Subnet" between checked and
unchecked.
2. In Terraform config file, switched "use_client_subnet" field between
"true", "false", and omitted.
3. The output of "terraform plan" was as expected in all six cases.
This commit removes the default security group rules that are automatically
created when a security group is created. These rules are usually
permissive egress rules which makes it difficult to add more strict egress
security group rules.
Allows the user to import a default aws_alb_listener_rule. When creating the resource with TF, the AWS API requires that `priority` be an integer.
However, the `DescribeRules` API call returns a string for `priority`. This would work in every case except for the `default` listener rule, which sets the `priority` value to the string "default".
This fixes the previous error:
```
Error importing: 1 error(s) occurred:
* aws_alb_listener_rule.test: Cannot convert rule priority %q to int: strconv.ParseInt: parsing "default": invalid syntax
```
Fixes: #11464
Previously an attempt to destroy a LB stickiness policy would
result in an error like this:
```
* aws_lb_cookie_stickiness_policy.foo: Error removing LBCookieStickinessPolicy: LoadBalancerNotFound: There is no ACTIVE Load Balancer named 'tf-test-lb-tqatd'
status code: 400, request id: 28af1167-e4a4-11e6-8ddd-57ba410cbbb6
```
This checks for a missing load balancer on the policy read and allows
the destroy.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSLBCookieStickinessPolicy_missingLB'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/27 07:21:11 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSLBCookieStickinessPolicy_missingLB -timeout 120m
=== RUN TestAccAWSLBCookieStickinessPolicy_missingLB
--- PASS: TestAccAWSLBCookieStickinessPolicy_missingLB (28.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 28.929s
```
Add support for creating, updating, and deleting projects, as well as
their enabled services and their IAM policies.
Various concessions were made for backwards compatibility, and will be
removed in 0.9 or 0.10.
Adds EBS Volume support and tests for EMR Instnace Groups
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEMRInstanceGroup_ebsBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/25 10:14:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEMRInstanceGroup_ebsBasic -timeout 120m
=== RUN TestAccAWSEMRInstanceGroup_ebsBasic
--- PASS: TestAccAWSEMRInstanceGroup_ebsBasic (675.14s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 675.171s
```
Type of change:
===============
- Bug fix
What changed? ... and Why:
==========================
The regexp is currently set to:
`pattern := `^[a-zA-Z0-9$_]+$`
The AWS docs state that qualifer names must conform to the following
regexp:
`Pattern: (|[a-zA-Z0-9$_-]+)`
As you can see, the current regexp in Terraform is missing the `-` at
the end.
This addresses that.
How has it been tested?
=======================
Added a few test cases to the existing spec for `AwsLambdaQualifier`
validation.
Adds a diff suppress function for the `engine_version` attribute of the `db_instance` AWS resource.
The function only supresses the state diff, if the attribute key `auto_minor_version_upgrade` is set, and if the returned `engine_version` from the running RDS instance shares the same prefix as the configured `engine_version`.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_MinorVersion'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/23 17:59:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBInstance_MinorVersion -timeout 120m
=== RUN TestAccAWSDBInstance_MinorVersion
--- PASS: TestAccAWSDBInstance_MinorVersion (503.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 503.518s
```
This commit adds a StateRefresh func for volume attachments. Mostly
this is to add a buffer of time between the request and the return
of the attachment to give time for the volume to become attached,
however, in some cases the refresh function could work as specified.
Docs have also been updated to reflect that a device could be specified,
but to use with caution.
* vendor: update gopkg.in/ns1/ns1-go.v2
* provider/ns1: Port the ns1 provider to Terraform core
* docs/ns1: Document the ns1 provider
* ns1: rename remaining nsone -> ns1 (#10805)
* Ns1 provider (#11300)
* provider/ns1: Flesh out support for meta structs.
Following the structure outlined by @pashap.
Using reflection to reduce copy/paste.
Putting metas inside single-item lists. This is clunky, but I couldn't
figure out how else to have a nested struct. Maybe the Terraform people
know a better way?
Inside the meta struct, all fields are always written to the state; I
can't figure out how to omit fields that aren't used. This is not just
verbose, it actually causes issues because you can't have both "up" and
"up_feed" set).
Also some minor other changes:
- Add "terraform" import support to records and zones.
- Create helper class StringEnum.
* provider/ns1: Make fmt
* provider/ns1: Remove stubbed out RecordRead (used for testing metadata change).
* provider/ns1: Need to get interface that m contains from Ptr Value with Elem()
* provider/ns1: Use empty string to indicate no feed given.
* provider/ns1: Remove old record.regions fields.
* provider/ns1: Removes redundant testAccCheckRecordState
* provider/ns1: Moves account permissions logic to permissions.go
* provider/ns1: Adds tests for team resource.
* provider/ns1: Move remaining permissions logic to permissions.go
* ns1/provider: Adds datasource.config
* provider/ns1: Small clean up of datafeed resource tests
* provider/ns1: removes testAccCheckZoneState in favor of explicit name check
* provider/ns1: More renaming of nsone -> ns1
* provider/ns1: Comment out metadata for the moment.
* Ns1 provider (#11347)
* Fix the removal of empty containers from a flatmap
Removal of empty nested containers from a flatmap would sometimes fail a
sanity check when removed in the wrong order. This would only fail
sometimes due to map iteration. There was also an off-by-one error in
the prefix check which could match the incorrect keys.
* provider/ns1: Adds ns1 go client through govendor.
* provider/ns1: Removes unused debug line
* docs/ns1: Adds docs around apikey/datasource/datafeed/team/user/record.
* provider/ns1: Gets go vet green
This commit switches out the use of `fmt.Errorf` to `errwrap.Wrapf` in
the `aws_autoscaling_lifecycle_hook` resource, and corrects a typo which
causes the parameter object to be returned to a user rather than the
underlying error.
Allows users from govcloud and other regions (aws-cn) to now use the following resources correctly:
```
- data "aws_billing_service_account"
- data "aws_elb_service_account"
- resource "aws_cloudfront_origin_access_identity"
- resource "aws_ecs_service"
- resource "aws_iam_saml_provider"
- resource "aws_lambda_permission"
- resource "aws_sns_topic_policy"
```
According to the coreos [documentation](https://coreos.com/ignition/docs/latest/configuration.html), systemd units only require the name attribute per each unit. This can also be validated with the CoreOS config validator. This change allows the `ignition_systemd_unit` resource to no longer fail if given an empty `content` and `dropin`.
Also adds a test to cover this use case.
Fixes failing acceptance test:
```
$ make testacc TEST=./builtin/providers/digitalocean TESTARGS='-run=TestAccDigitalOceanVolume_Droplet'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/20 11:38:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/digitalocean -v -run=TestAccDigitalOceanVolume_Droplet -timeout 120m
=== RUN TestAccDigitalOceanVolume_Droplet
--- PASS: TestAccDigitalOceanVolume_Droplet (57.38s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/digitalocean 57.411s
```
Also removes all redundant type declarations in the digitalocean package.
* provider/aws: Remove hardcoded https from the ecr repository
When the ECR resource was created, we hardcoded the repository URL to
start with https://
This was a mistake as all interaction with the repository now must
include a replace function for the https:// to "" for this to be usable
We need to note this change in the backward incompatibilities
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcrRepository_' ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/20 14:37:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (20.46s)
=== RUN TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (18.77s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.251s
```
* Update ecr_repository.html.markdown
Fixes AwsS3BucketPolicy Acceptance Tests to match policy document changes from upstream.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSS3BucketPolicy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/20 11:55:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSS3BucketPolicy -timeout 120m
=== RUN TestAccAWSS3BucketPolicy_basic
--- PASS: TestAccAWSS3BucketPolicy_basic (33.64s)
=== RUN TestAccAWSS3BucketPolicy_policyUpdate
--- PASS: TestAccAWSS3BucketPolicy_policyUpdate (61.91s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 95.591s
```
The provisioner collected all inline commands into a single script which meant
only the exit code of the last command was actually checked for an error.
Updates ECS task_definition documentation, and schema validation functions to match the AWS API documentation.
Updates ECS service documentation, and schema validation functions match the AWS API documentation.
* provisioner/chef: Support named run-lists for Policyfiles
Add an optional argument for overriding the Chef Client's initial
run with a named run-list specified by the Policyfile. This is useful
for bootstrapping a node with a one-time setup recipe that deviates
from a policy's normal run-list.
* Update chef client cmd building per review feedback.
* removes region param from backend_service
- this param was not being used in this service
- you need a regional_backend_service if you want to pass this
* deprecated region instead of outright removing
* put session affinity formatting back