Commit Graph

2838 Commits

Author SHA1 Message Date
James Nugent d7e9a2ecf2 provider/aws: Set aws_alb security_groups computed (#8269)
This commit fixes #8264 by making the security_groups attribute on
aws_alb resources computed, allowing the default security group assigned
by AWS to not generate perpetual plans forcing new resources.
2016-08-18 16:52:29 +01:00
Radek Simko b2a3104118 provider/aws: Explain better why we retry IAM role creation (#8286) 2016-08-18 16:43:40 +01:00
David Tolnay 46c858bcbe provider/aws: Increase timeout for creating IAM role (#7733) 2016-08-18 16:27:17 +01:00
KOJIMA Kazunori 23d2ae3740 provider/aws: Support import of `aws_s3_bucket` (#8262) 2016-08-18 16:01:20 +01:00
Dennis Webb 8c10720a22 adding final-snapshot status to resourceAwsRedshiftClusterDelete (#8270) 2016-08-18 15:23:47 +01:00
James Nugent f5f31542bb Merge pull request #8254 from hashicorp/f-aws-application-lb
provider/aws: Initial support for Application Load Balancers
2016-08-17 16:05:51 +01:00
James Nugent 531a976306 provider/aws: Add aws_alb_target_group resource
This commit adds a resource, acceptance tests and documentation for the
Target Groups for Application Load Balancers.

This is the second in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:16 +01:00
James Nugent 0b421b6998 provider/aws: Add `aws_alb` resource
This commit adds a resource, acceptance tests and documentation for the
new Application Load Balancer (aws_alb). We choose to use the name alb
over the package name, elbv2, in order to avoid confusion.

This is the first in a series of commits to fully support the new
resources necessary for Application Load Balancers.
2016-08-17 15:48:06 +01:00
Radek Simko cba09ae804 provider/aws: Update expected hash of Lambda ZIP files (#8258) 2016-08-17 15:45:35 +01:00
James Nugent ebdfe76530 provider/aws: Add ELBv2 to AWS config 2016-08-17 13:55:18 +01:00
Radek Simko 523627ba24 Merge pull request #8239 from TimeIncOSS/f-aws-r53-zone-force-destroy
provider/aws: Add force_destroy option to aws_route53_zone
2016-08-17 07:10:00 +01:00
Radek Simko 7433be5b4c aws: Make EFS MT creation fail for 2+ targets per AZ (#8205) 2016-08-17 07:07:54 +01:00
Mitchell Hashimoto e6d1e77a9a
Fix vet errors found with Go 1.7 2016-08-16 18:03:22 -07:00
Radek Simko 73791b47b3
aws: Implement naming changes for aws_elb_service_account 2016-08-16 21:05:27 +01:00
Paul Stack 9cb1dffb4d provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be Updatable (#7892)
* provider/aws: Allow `source_ids` in `aws_db_event_subscription` to be
Updatable

Fixes #7809

This commit adds support for `source_ids` to be updated rather than
forcing new each time. Unfortunately, it must range over the difference
in the source_ids and add and remove them 1 at a time. AWS does not
support batch updating source_ids

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBEventSubscription_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBEventSubscription_ -timeout 120m
=== RUN   TestAccAWSDBEventSubscription_basicUpdate
--- PASS: TestAccAWSDBEventSubscription_basicUpdate (1277.87s)
=== RUN   TestAccAWSDBEventSubscription_withSourceIds
--- PASS: TestAccAWSDBEventSubscription_withSourceIds (1012.96s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
2290.844s
```

* Update resource_aws_db_event_subscription.go
2016-08-16 20:51:38 +01:00
Paul Stack 4de4590147 provider/aws: Adds acceptance tests for `aws_gateway_*` manual deletions causing non-empty plans (#7879)
* provider/aws: Adds an acceptance test that makes sure that  manual deletions mean a non-empty plan

* provider/aws: Adds an acceptance test to prove that  manual deletion causes a non-empty plan
2016-08-16 20:42:06 +01:00
Clint 72a81ff3ae provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc (#8207)
* provider/aws: Add failing ETC + notifications test

* tidy up the docs some

* provider/aws: Update ElasticTranscoder to allow empty notifications, removing notifications, etc
2016-08-16 13:41:12 -05:00
Radek Simko 079e0c5b86
provider/aws: Allow force_destroying records in R53 hosted zone 2016-08-16 19:34:58 +01:00
Radek Simko cc239439fc
aws/r53: Refactoring - decouple waiters into functions 2016-08-16 19:34:45 +01:00
Paul Stack 65aa02b6df provider/aws: DataSource for RedShift Account ID (#8224)
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this

http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic'         2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN   TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    19.483s
2016-08-16 17:58:46 +01:00
Paul Stack 6d2e81dfbe provider/aws: `aws_spot_fleet_request` throws panic on missing subnet_id (#8217)
or availability_zone

Fixes #8000

There was a hard coded panic in the code!!!

```
panic(
				fmt.Sprintf(
					"Must set one of:\navailability_zone %#v\nsubnet_id: %#v",
					m["availability_zone"],
					m["subnet_id"])
			)
```

This was causing issues when we set neither an availability zone or a subnet id.
This has been removed and is now handled with an error rather than a panic.

This was what happened with the new test before the fix:

```
=== RUN   TestAccAWSSpotFleetRequest_brokenLaunchSpecification
panic: Must set one of:
availability_zone ""
subnet_id: ""
goroutine 129 [running]:
panic(0x11377a0, 0xc8202abfc0)
	/opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
github.com/hashicorp/terraform/builtin/providers/aws.hashLaunchSpecification(0x11361a0, 0xc8202e07e0, 0xc800000001)
	/Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_spot_fleet_request.go:953 +0x685
github.com/hashicorp/terraform/helper/schema.(*Set).hash(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0x0, 0x0)
	/Users/stacko/Code/go/src/github.com/hashicorp/terraform/helper/schema/set.go:180 +0x40
github.com/hashicorp/terraform/helper/schema.(*Set).add(0xc82005ae00, 0x11361a0, 0xc8202e07e0, 0xc820276900, 0x0, 0x0)
```

The test then ran fine after the fix:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:03:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_brokenLaunchSpecification -timeout 120m
=== RUN   TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (32.37s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	32.384s
```

Full test run looks as follows:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotFleetRequest_'                     ✹
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 08:04:34 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN   TestAccAWSSpotFleetRequest_basic
--- PASS: TestAccAWSSpotFleetRequest_basic (33.78s)
=== RUN   TestAccAWSSpotFleetRequest_brokenLaunchSpecification
--- PASS: TestAccAWSSpotFleetRequest_brokenLaunchSpecification (33.59s)
=== RUN   TestAccAWSSpotFleetRequest_launchConfiguration
--- PASS: TestAccAWSSpotFleetRequest_launchConfiguration (35.26s)
=== RUN   TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	102.648s
```
2016-08-16 17:55:06 +01:00
Radek Simko e356f27db6
aws: Add elb_account_id data source 2016-08-16 11:36:58 +01:00
James Nugent 90bdaef197 Merge pull request #8206 from hashicorp/f-aws-account-id
provider/aws: Add aws_account_id data source
2016-08-16 05:33:32 -05:00
James Nugent 3e14f56a96 provider/aws: Add aws_caller_identity data source
This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.

This will need revisiting and further testing once the work for
AssumeRole is integrated.
2016-08-16 11:24:26 +01:00
stack72 f9e86a52cf
provider/aws: Change paginated test to use the correct configuration block 2016-08-16 08:40:14 +01:00
stack72 2e454181fc
Merge branch 'paginate_roles' of https://github.com/stripe/terraform into stripe-paginate_roles 2016-08-16 07:51:44 +01:00
raylu f1fdffc552
provider/aws: Test for policy attachment pagination 2016-08-15 13:48:42 -07:00
Paul Stack 2c68808309 provider/aws: Defensively code around `db_security_group` ingress rules (#7893)
Fixes #7812

All of the options of `aws_db_security_group` ingress rules are
optional. Therefore, when one of them isn't set (and AWS doesn't
calculate the value), Terraform threw a panic

This commit just defensively codes around this fact. It checks to make
sure there is a value returned from the API before adding it to the map

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSDBSecurityGroup_basic
--- PASS: TestAccAWSDBSecurityGroup_basic (38.66s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    38.682s
```
2016-08-15 21:45:23 +01:00
raylu a99aaa5e85
provider/aws: Query all pages of policy attachment
This does not fix groups and users with more than 100 policies attached
2016-08-15 12:49:09 -07:00
Srikalyan Swayampakula 2aa28c34ca Not Error out on AWS Lambda VPC config if both subnet_ids and security_group_ids are empty. (#6191)
AWS Lambda VPC config is an optional configuration and which needs to both subnet_ids and
security_group_ids to tie the lambda function to a VPC. We should make it optional if
both subnet_ids and security_group_ids are not net which would add better flexiblity in
creation of more useful modules as there are "if else" checks. Without this we are creating
duplicate modules one with VPC and one without VPC resulting in various anomalies.
2016-08-15 17:52:42 +01:00
Paul Stack 73b10c8186 provider/aws: `aws_security_group` now creates tags as early as possible (#7849)
in the process

Fixes #7577

7577 discovered that sometimes setting tags at the end of the creation
model doesn't quite work for everyone. We now move that further up the
tree by calling the setTags func a second time.

The setTags func in the Update is not called immediately after creation
as we check for it not being a NewResource

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSecurityGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSecurityGroup_ -timeout 120m
=== RUN   TestAccAWSSecurityGroup_importBasic
--- PASS: TestAccAWSSecurityGroup_importBasic (60.96s)
=== RUN   TestAccAWSSecurityGroup_importSelf
--- PASS: TestAccAWSSecurityGroup_importSelf (72.72s)
=== RUN   TestAccAWSSecurityGroup_basic
--- PASS: TestAccAWSSecurityGroup_basic (62.33s)
=== RUN   TestAccAWSSecurityGroup_namePrefix
--- PASS: TestAccAWSSecurityGroup_namePrefix (22.12s)
=== RUN   TestAccAWSSecurityGroup_self
--- PASS: TestAccAWSSecurityGroup_self (64.26s)
=== RUN   TestAccAWSSecurityGroup_vpc
--- PASS: TestAccAWSSecurityGroup_vpc (58.35s)
=== RUN   TestAccAWSSecurityGroup_vpcNegOneIngress
--- PASS: TestAccAWSSecurityGroup_vpcNegOneIngress (54.95s)
=== RUN   TestAccAWSSecurityGroup_MultiIngress
--- PASS: TestAccAWSSecurityGroup_MultiIngress (64.81s)
=== RUN   TestAccAWSSecurityGroup_Change
--- PASS: TestAccAWSSecurityGroup_Change (96.86s)
=== RUN   TestAccAWSSecurityGroup_generatedName
--- PASS: TestAccAWSSecurityGroup_generatedName (60.75s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_VPC
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_VPC (57.05s)
=== RUN   TestAccAWSSecurityGroup_DefaultEgress_Classic
--- PASS: TestAccAWSSecurityGroup_DefaultEgress_Classic (20.94s)
=== RUN   TestAccAWSSecurityGroup_drift
--- PASS: TestAccAWSSecurityGroup_drift (27.39s)
=== RUN   TestAccAWSSecurityGroup_drift_complex
--- PASS: TestAccAWSSecurityGroup_drift_complex (64.62s)
=== RUN   TestAccAWSSecurityGroup_tags
--- PASS: TestAccAWSSecurityGroup_tags (87.49s)
=== RUN   TestAccAWSSecurityGroup_CIDRandGroups
--- PASS: TestAccAWSSecurityGroup_CIDRandGroups (71.62s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs (69.60s)
=== RUN   TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic
--- PASS: TestAccAWSSecurityGroup_ingressWithCidrAndSGs_classic (25.47s)
=== RUN   TestAccAWSSecurityGroup_egressWithPrefixList
--- PASS: TestAccAWSSecurityGroup_egressWithPrefixList (64.46s)
=== RUN   TestAccAWSSecurityGroup_failWithDiffMismatch
--- PASS: TestAccAWSSecurityGroup_failWithDiffMismatch (60.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1166.983s
```
2016-08-15 15:11:52 +01:00
Krzysztof Wilczynski e943851429 Add ability to set Storage Class in aws_s3_bucket_object. (#8174)
An S3 Bucket owner may wish to select a different underlying storage class
for an object. This commit adds an optional "storage_class" attribute to the
aws_s3_bucket_object resource so that the owner of the S3 bucket can specify
an appropriate storage class to use when creating an object.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-15 07:30:47 +01:00
Alexander Zhukau bd22a4f65a provider/aws: allow numeric characters in RedshiftClusterDbName (#8178) 2016-08-14 21:57:44 +01:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko e251d5c7bd Merge pull request #8114 from TimeIncOSS/f-aws-skip-options
aws: Change names of new skip_* fields + document those
2016-08-12 07:00:14 +01:00
Krzysztof Wilczynski 168d212e77 Fix. Correct how CORS rules are handled. (#8096)
This commit fixes an issue where CORS rules would not be read and thus refreshed
correctly should there be a change introduced externally e.g. CORS configuration
was edited outside of Terraform.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-12 13:14:48 +10:00
Linda Xu 45c5675c8e add Aurora instance failover priority feature (#8087)
* add Aurora instance failover priority feature

* promotion_tier move to input directly

* fix format issue
2016-08-12 07:51:25 +10:00
James Nugent 21d1ac41fa Merge branch 'd-update-aws-sdk' 2016-08-11 12:52:35 -04:00
Raphael Randschau 66a14cb3b7 provider/aws: Re-implement api gateway parameter handling (#7794)
* provider/aws: Re-implement api gateway parameter handling

this PR cleans up some left overs from PR #4295, namely the parameter handling.

now that GH-2143 is finally closed this PR does away with the ugly
`request_parameters_in_json` and `response_parameters_in_json` hack.

* Add deprecation message and conflictsWith settings

following @radeksimko s advice, keeping the old code around with a deprecation
warning.

this should be cleaned up in a few releases

* provider/aws: fix missing append operation

* provider/aws: mark old parameters clearly as deprecated

* provider/aws work around #8104

following @radeksimko s lead

* provider/aws fix cnp error
2016-08-11 11:49:58 +01:00
stack72 313ec1252c
Merge branch 'master' of github.com:hashicorp/terraform 2016-08-11 15:15:51 +12:00
stack72 ec3e442f26
provider/aws: change the test to be us-west-2a 2016-08-11 15:15:23 +12:00
stack72 cdda4d76d4
Merge branch '5637-conflict-resolution' of https://github.com/Ticketmaster/terraform into Ticketmaster-5637-conflict-resolution 2016-08-11 11:23:04 +12:00
Clint c9de6a4173 provider/aws: Change a few policy test docs to use heredoc format, to prevent regressions (#8118) 2016-08-10 15:34:38 -05:00
Kraig Amador 742089f10c Fixing the certs, test now passes 2016-08-10 13:31:36 -07:00
Radek Simko 0e1bccafed
aws: Let acc ID validation fail when we have no ID
- we could've had ConflictsWith between affected fields, but that would make it fail even if skip_requesting_account_id=false and ConflictsWhen is not a thing (yet)
2016-08-10 17:30:49 +01:00
Clint 3fc119923e Revert "provider/aws: Added the ability to import aws_iam_role's" (#8112) 2016-08-10 11:18:03 -05:00
Radek Simko 0ab3bc4105
aws: Change field names + desc according to reality
- skip_iam_creds_validation => skip_credentials_validation
 - skip_iam_account_id => skip_requesting_account_id
2016-08-10 16:46:05 +01:00
Radek Simko 2073e80c66
aws/config: Shortened conditions [cleanup] 2016-08-10 15:25:16 +01:00
Renier Morales c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
Krzysztof Wilczynski f5b46b80e7 Add ability to set canned ACL in aws_s3_bucket_object. (#8091)
An S3 Bucket owner may wish to set a canned ACL (as opposite to explicitly set
grantees, etc.) for an object. This commit adds an optional "acl" attribute to
the aws_s3_bucket_object resource so that the owner of the S3 bucket can
specify an appropriate pre-defined ACL to use when creating an object.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-10 16:05:39 +12:00