Commit Graph

125 Commits

Author SHA1 Message Date
James Nugent 6a20e8927d core: Fix issues from rebasing dev-0.7 onto master
- Fix sensitive outputs for lists and maps
- Fix test prelude which was missed during conflict resolution
- Fix `terraform output` to match old behaviour and not have outputs
  header and colouring
- Bump timeout on TestAtlasClient_UnresolvableConflict
2016-05-10 15:43:50 -04:00
James Nugent 6aac79e194 state: Add support for outputs of multiple types
This commit adds the groundwork for supporting module outputs of types
other than string. In order to do so, the state version is increased
from 1 to 2 (though the "public-facing" state version is actually as the
first state file was binary).

Tests are added to ensure that V2 (1) state is upgraded to V3 (2) state,
though no separate read path is required since the V2 JSON will
unmarshal correctly into the V3 structure.

Outputs in a ModuleState are now of type map[string]interface{}, and a
test covers round-tripping string, []string and map[string]string, which
should cover all of the types in question.

Type switches have been added where necessary to deal with the
interface{} value, but they currently default to panicking when the input
is not a string.
2016-05-10 14:40:12 -04:00
John Engelman 14f6f90621 Support standard AWS config in the S3 remote backend. (#5270) 2016-05-06 17:52:18 +01:00
Paul Hinze 4ac6dda633
state/remote/atlas: Use go-rootcerts for certificate loading
Allows CA certs to be configured via `ATLAS_CAFILE` and `ATLAS_CAPATH`
env vars, and works around https://github.com/golang/go/issues/14514 on
OS X.
2016-05-03 09:52:36 -05:00
Anubhav Mishra f58290c83f Moving octet-stream to json for remote http backend 2016-03-07 18:39:41 -08:00
Trevor Pounds bac909fdbf Fix `go vet -unreachable` warnings. 2016-02-17 11:59:50 -08:00
Trevor Pounds 79742fc367 Enable `go vet -composites` check and fix warnings. 2016-02-17 11:59:50 -08:00
Paul Hinze 6bafa74011 tests: allow opt-out of remote tests via env var
Adds the `TF_SKIP_REMOTE_TESTS` env var to be used in cases where the
`http.Get()` smoke test passes but the network is not able to service
the needs of the tests.

Fixes #4421
2016-01-21 15:44:18 -06:00
Paul Hinze ba21769083 Merge pull request #2903 from kjmkznr/remote-s3-sse-kms
state/remote/s3: Allows KMS Key Encryption setting when using S3 backend with encrypt
2016-01-19 18:54:03 -06:00
Sander van Harmelen 9b27db6fea Add the option to specify a custom (AWS compatible) S3 endpoint
Same fix/option as I added in Vault not too long ago:
https://github.com/hashicorp/vault/pull/750
2016-01-11 14:28:52 +01:00
James Nugent ff9345287b Merge branch 'artifactory-remote-state' of https://github.com/lusis/terraform into lusis-artifactory-remote-state 2015-12-19 13:36:55 -05:00
Paul Hinze 1100243536 state/remote/atlas: switch to retryablehttp
The retryablehttp package implements basic retries w/ exponential
backoff, which helps the remote state push recover in cases of
connectivity blips or transient errors.
2015-12-18 09:48:54 -06:00
Paul Hinze 1a19f43ee1 core: support HTTP basic auth in consul remote state
Closes #1663
2015-12-04 07:15:18 -06:00
Rafal Jeczalik 9e66e18334 provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452 2015-11-24 09:30:21 +01:00
Paul Hinze cadbbbae08 aws: fix build after upstream breaking change
see
1a69d06935
2015-10-29 18:52:10 -05:00
John E. Vincent c3f863f4c5 add artifactory remote state storage 2015-10-29 09:33:09 -04:00
Paul Hinze 6aa5fdc938 state/remote/atlas: handle conflicts on equivalent states
Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
Serial number but the checksum of the raw content differs. This can
sometimes happen when Terraform changes state representation internally
between versions in a way that's semantically neutral but affects the JSON
output and therefore the checksum.

Here we detect and handle this situation by ticking the serial and retrying
iff for the previous state and the proposed state:

  * the serials match
  * the parsed states are Equal (semantically equivalent)

In other words, in this situation Terraform can override Atlas's detected
conflict by asserting that the state it is pushing is indeed correct.
2015-10-22 15:40:45 -05:00
Jeff Mitchell 1373a6086b Use cleanhttp for new http clients 2015-10-22 14:23:59 -04:00
Paul Hinze 15a36d06cf Merge pull request #3532 from hashicorp/remove-default-client
Remove usage of http.DefaultClient
2015-10-20 10:42:31 -05:00
Jeff Mitchell b0ceffc322 Remove usage from dependencies as well. Other dependencies need upstream merging to completely solve this. 2015-10-19 12:06:34 -04:00
Jeff Mitchell 3c0ed11922 Remove usage of http.DefaultClient 2015-10-19 12:06:33 -04:00
Nathan Zadoks bb51882f33 Etcd remote state backend 2015-10-18 23:24:55 +02:00
Kazunori Kojima 9186c29dd8 Fix typo 2015-10-07 23:39:08 +09:00
Kazunori Kojima 576b2d1109 Change KMS Key ID configuration name to used in other 2015-10-07 23:09:03 +09:00
Kazunori Kojima ba8f1fa1f0 Add support S3 server side encryption with KMS.
* Example

```
terraform remote config \
  -backend=s3
  -backend-config="bucket=bucket-tfstate"
  -backend-config="key=terraform.tfstate"
  -backend-config="region=ap-northeast-1"
  -backend-config="encrypt=1"
  -backend-config="kmsKeyID=arn:aws:kms:ap-northeast-1:123456789:key/ac54dbd2-f301-42c1-bab9-88e6a84292a9"
```
2015-10-07 23:03:55 +09:00
Martin Atkins ccc8f0d0fb S3 remote state use application/json Content-Type.
The state is always JSON, in spite of the fact that this interface
presents it as an opaque byte array. It's more helpful to those interacting
with the state object outside of Terraform for it to have a more specific
content-type.
2015-10-03 18:02:36 -07:00
Martin Atkins 859c6c5e68 Merge #3233: Allow canned ACLs on S3 remote state. 2015-10-03 17:40:17 -07:00
Radek Simko 3d77d158f7 remote/s3: Add support for ACL 2015-09-14 10:40:46 +01:00
Jack Pearkes eba638d044 remote/atlas: if `ATLAS_RUN_ID` is set, send it with remote state save
This detects the presence of ATLAS_RUN_ID in the environment and sends
it if exists with remote state PUT requests with query params.
2015-08-20 13:54:26 -07:00
Jack Pearkes d19ec9d57a remote/atlas: remove old force param commented out
It appears this was left in through development, but as force
is not a parameter likely doesn't have any relevance anymore.
2015-08-20 13:21:47 -07:00
Paul Hinze 1a44b427a7 state/remote/s3: match with upstream changes 2015-08-10 15:46:22 -05:00
Clint Shryock 579ccbefea provider/aws: Update source to comply with upstream breaking change 2015-07-28 15:29:46 -05:00
Mitchell Hashimoto e135ff546a state/remote: clean up the encryption flag stuff
/cc @hobbeswalsh
2015-06-25 09:23:12 -07:00
Mitchell Hashimoto a5af429457 Merge pull request #2405 from hobbeswalsh/master
remote: allowing at-rest encryption when using S3
2015-06-25 09:20:13 -07:00
Mitchell Hashimoto cddd54c3de fmt 2015-06-23 22:31:24 -07:00
Robin Walsh ad17cf55a0 Allowing at-rest encryption when using S3
This change allows the user to specify `-backend-config="encrypt=1"`
to tell S3 to encrypt the data that's in the bucket when using S3
for remote config storage.

The encryption uses "Amazon S3-managed encryption keys" so it should
not require any further user intervention.

A line was added to the unit test just for coverage.
The acceptance test was modified to:
  a) Use encryption
  b) Push some test data up to the bucket created to ensure
     that Amazon accepts the header.
2015-06-19 11:33:03 -07:00
Mitchell Hashimoto 76d920f504 state/remote: more canonical Go for skip TLS verify
/cc @LeftyBC - Hope this helps! Some basic point:

* Idiomatic Go is to use thisCasingStyle and not this_casing_style
* Less repetitive to just create an http.Client once and re-use, also
  more flexible for later.
* The empty `if ok {}` was kind of awkward, replace with proper check
2015-06-07 22:24:31 -07:00
Mitchell Hashimoto 6649658d62 Merge pull request #2220 from LeftyBC/master
state/remote: Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs)
2015-06-07 22:19:31 -07:00
George Hartzell 4fc6dd0141 Only run Swift tests when Swift is available
Only run the Swift remote tests when OpenStack seems
to have been set up and when the autho host is reachable.
2015-06-06 10:19:25 -07:00
George Hartzell 258b1a4263 Implement OpenStack/Swift remote
Rework devcamcar's OpenStack Swift remote [pull
request](https://github.com/hashicorp/terraform/pull/942) to work with
Terraform's new `state/remote` and Gophercloud's current implementation.

`Get()` changed up a bit from devcamcar's version (using different
Gopercloud functionality resulted in less fussing around to figure out
the error case).

Otherwise this is a transliteration/remix of his ideas.
2015-06-06 10:04:31 -07:00
Colin Moller 67e56671ec Merge remote branch 'upstream/master' 2015-06-03 17:47:32 -07:00
Colin Moller e7130e9c85 go fmt 2015-06-03 17:23:45 -07:00
Colin Moller fc2f97ca89 Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs) 2015-06-03 17:09:02 -07:00
Paul Hinze b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Clint Shryock 883e2848c6 update remote state s3 file to fix error 2015-05-20 15:20:30 -05:00
Paul Hinze 31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Sander van Harmelen 897bf5e53d Added `SharedCredentialsProvider` and `EC2RoleProvider` as well... 2015-05-05 20:38:35 +02:00
Sander van Harmelen 5435815524 Fixing PR #1804 2015-05-05 20:30:35 +02:00
Sander van Harmelen 7274de3c1d Small fix needed to be inline with the updated AWS SDK again...
Executed a couple of AWS ACC test as well to make sure everything works
properly again after this fix…
2015-05-05 12:26:26 +02:00
Martin Atkins 53e93d6f63 S3 remote stage storage backend, against the new remote state API.
Stores state in a particular key in a given S3 bucket.
2015-04-30 09:21:49 -07:00
Mitchell Hashimoto c58e09abaa state/remote: make malformed name message clearer [GH-1332] 2015-04-22 08:59:30 +02:00
Mitchell Hashimoto 1fac7b6488 state: cache should use State.Equal to check equality
reflect.DeepEqual was returning false, sometimes.
2015-04-07 15:03:04 -07:00
Paul Hinze 0a24e72c3b state/remote: allow https consul addresses
Sending state over a cleartext protocol is bad in untrusted networks.
Expose `-backend-config="scheme=https"` and wire it through to the
Consul client.
2015-03-17 17:11:35 -04:00
Mitchell Hashimoto aee27314eb state/remote: add undocumented file backend for remote state 2015-03-05 13:15:14 -08:00
Mitchell Hashimoto cc8e6b6331 state: deep copies are required 2015-02-23 21:36:58 -08:00
Mitchell Hashimoto ed6128aa6e state/remote: increment serial properly 2015-02-23 21:30:59 -08:00
Mitchell Hashimoto c2bf600603 state: only change serial if changed 2015-02-23 21:26:33 -08:00
Mitchell Hashimoto bfe0edef51 state/remote: passing Atlas state test 2015-02-23 17:56:29 -08:00
Mitchell Hashimoto aaf182a4a7 state/remote: nitpick some style 2015-02-23 15:34:09 -08:00
Mitchell Hashimoto 4d126998b5 state/remote: atlas 2015-02-23 15:13:56 -08:00
Mitchell Hashimoto 3bf59183b8 state: InmemState 2015-02-23 15:13:55 -08:00
Mitchell Hashimoto 5555059540 state/remote: real HTTP client tests 2015-02-23 15:13:55 -08:00
Mitchell Hashimoto f2c6c12535 command/pull: remove remote package 2015-02-23 15:13:55 -08:00
Mitchell Hashimoto b3aaf6feac state/remote: add HTTP client 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto 4ec63bc2ef command: deal with plan states 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto 89d3a10adf state: backup state 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto 5c356f35b9 state: LocalState supports alternate output path 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto 34864a64a5 state: LocalState allows file to not exist 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto 579f102f37 command: start migrating to new state package 2015-02-23 15:13:54 -08:00
Mitchell Hashimoto 1eec77378b state/remote: can handle nil payloads 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto 399319d31f state/remote: comment 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto b8836ff279 state/remote: consul client 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto 66bace35e5 state: add strings for cache refresh result 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto 6ec1b2b455 state: cache state test 2015-02-23 15:13:53 -08:00
Mitchell Hashimoto 1f7ddc30fe state: a bunch of state stuff 2015-02-23 15:13:53 -08:00