* Add support to import databases. See docs.
* Add support for renaming databases
* Add support for all known PostgreSQL database attributes, including:
* "allow_connections"
* "lc_ctype"
* "lc_collate"
* "connection_limit"
* "encoding"
* "is_template"
* "owner"
* "tablespace_name"
* "template"
Both libpq(3) and github.com/lib/pq both use `sslmode`. Prefer this vs
the non-standard `ssl_mode`. `ssl_mode` is supported for compatibility
but should be removed in the future.
Changelog: yes
Also don't specify the default and rely on github.com/lib/pq (which uses "required"
and is different than what libpq(3) uses, which is "preferred" and unsupported by
github.com/lib/pq).
* Allow import of aws_security_groups with more than one source_security_group_id rule
* Add acceptable test for security group with multiple source rules.
When importing an `aws_vpc_peering_connection`, the code assumes that
the account under Terraform control is the initiator (requester) of the
VPC peering request. This holds true when the peering connection is
between two VPCs in the same account, or when the peering connection has
been initiated from the controlled account to another.
However, when the peering connection has been initiated from a foreign
account towards the account under management, importing the peering
connection into the statefile results in values of `peer_vpc_id` and
`vpc_id` being the opposite way round to what they should be, and in the
`peer_owner_id` being set to the managed account's ID rather than the
foreign account's ID.
This patch checks the Accepter and Requester Owner IDs against the AWS
connection's reported owner ID, and reverses the mapping if it is
determined that the VPC peering connection is owned by the foreign
account.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMVirtualMachine_plan -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_plan
--- PASS: TestAccAzureRMVirtualMachine_plan (798.75s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 798.835s
This adds the new resource aws_snapshot_create_volume_permission which
manages the createVolumePermission attribute of snapshots. This allows
granting an AWS account permissions to create a volume from a particular
snapshot. This is often required to allow another account to copy a
private AMI.
The value is only multiplied by the API for topics in non-premium namespaces
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusTopic_enablePartitioning -timeout 120m
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioningStandard
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioningStandard (378.80s)
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioningPremium
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioningPremium (655.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 1033.874s
AWS allows only the case-sensitive strings `Allow` and `Deny` to appear
in the `Effect` fields of IAM policy documents. Catch deviations from
this, including mis-casing, before hitting the API and generating an
error (the error is a generic 400 and doesn't indicate what part of the
policy doc is invalid).
* provider/datadog 9869: Validate credentials when initialising client.
* provider/datadog Pull in new version of go-datadog-api.
* provider/datadog Update testAccCheckDatadogMonitorConfigNoThresholds test config.
Fixes#8455, #5390
This add a new `no_device` attribute to `ephemeral_block_device` block,
which allows users omit ephemeral devices from AMI's predefined block
device mappings, which is useful for EBS-only instance types.
* provider/datadog #9375: Refactor tags to a list instead of a map.
Tags are allowed to be but not restricted to, key value pairs (ie: foo:bar)
but are esssentially strings. This changes allows using, and mixing of tags with
form "foo" and "foo:bar". It also allows using duplicate keys like "foo:bar" and "foo:baz".
* provider/datadog update import test.
This commit extracts the GPG code used for aws_iam_user_login_profile
into a library that can be reused for other resources, and updates the
call sites appropriately.
* provider/azurerm: Bump sdk version to 7.0.1
* Fixing the build (#10489)
* Fixing the broken tests (#10499)
* Updating the method signatures to match (#10533)
Fixes#10463
I'm really surprised this flew under the radar for years...
By having unique PRNGs, the SSH communicator could and would
generate identical ScriptPaths and two provisioners running in parallel
could overwrite each other and execute the same script. This would
happen because they're both seeded by the current time which could
potentially be identical if done in parallel...
Instead, we share the rand now so that the sequence is guaranteed
unique. As an extra measure of robustness, we also multiple by the PID
so that we're also protected against two processes at the same time.
* "external" provider for gluing in external logic
This provider will become a bit of glue to help people interface external
programs with Terraform without writing a full Terraform provider.
It will be nowhere near as capable as a first-class provider, but is
intended as a light-touch way to integrate some pre-existing or custom
system into Terraform.
* Unit test for the "resourceProvider" utility function
This small function determines the dependable name of a provider for
a given resource name and optional provider alias. It's simple but it's
a key part of how resource nodes get connected to provider nodes so
worth specifying the intended behavior in the form of a test.
* Allow a provider to export a resource with the provider's name
If a provider only implements one resource of each type (managed vs. data)
then it can be reasonable for the resource names to exactly match the
provider name, if the provider name is descriptive enough for the
purpose of the each resource to be obvious.
* provider/external: data source
A data source that executes a child process, expecting it to support a
particular gateway protocol, and exports its result. This can be used as
a straightforward way to retrieve data from sources that Terraform
doesn't natively support..
* website: documentation for the "external" provider
* add rds db for opsworks
* switched to stack in vpc
* implement update method
* add docs
* implement and document force new resource behavior
* implement retry for update and delete
* add test that forces new resource
This commit changes allowed_address_pairs from a TypeList to a TypeSet
allowing for arbitrary ordering. This solves the issue where a user
specifies an address pair one way and OpenStack returns a different
order.
* Update to latest version of go-datadog-api
* Updates to latest go-datadog-api version, which adds more complete
timeboard support.
* Add more complete timeboard support
* Adds in support for missing timeboard fields, so now we can have nice
things like conditional formats and more.
* Document new fields in datadog_timeboard resource
* Add acceptance test for datadog timeboard changes
* Add new aws_vpc_endpoint_route_table_association resource.
This commit adds a new resource which allows to a list of route tables to be
either added and/or removed from an existing VPC Endpoint. This resource would
also be complimentary to the existing `aws_vpc_endpoint` resource where the
route tables might not be specified (not a requirement for a VPC Endpoint to
be created successfully) during creation, especially where the workflow is
such where the route tables are not immediately known.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Additions by Kit Ewbank <Kit_Ewbank@hotmail.com>:
* Add functionality
* Add documentation
* Add acceptance tests
* Set VPC endpoint route_table_ids attribute to "Computed"
* Changes after review - Set resource ID in create function.
* Changes after code review by @kwilczynski:
* Removed error types and simplified the error handling in 'resourceAwsVPCEndpointRouteTableAssociationRead'
* Simplified logging in 'resourceAwsVPCEndpointRouteTableAssociationDelete'
Update our instance template to include metadata_startup_script, to
match our instance resource. Also, we've resolved the diff errors around
metadata.startup-script, and people want to use that to create startup
scripts that don't force a restart when they're changed, so let's stop
disallowing it.
Also, we had a bunch of calls to `schema.ResourceData.Set` that ignored
the errors, so I added error handling for those calls. It's mostly
bundled with this code because I couldn't be sure whether it was the
root of bugs or not, so I took care of it while addressing the startup
script issue.
* provider/openstack: Detect Region for Importing Resources
This commit changes the way the OpenStack region is detected and set.
Any time a region is required, the region attribute will first be
checked. Next, the OS_REGION_NAME environment variable will be checked.
While schema.EnvDefaultFunc handles this same situation, it is not
applicable when importing resources.
* provider/openstack: No longer ignore region in importing tests
* provider/openstack: Network and Subnet Import Fixes
This commit fixes the OpenStack Network and Subnet resources so that
importing of those resources is successful.
This change doesn't make much sense now, as projects are read-only
anyways, so there's not a lot that importing really does for you--you
can already reference pre-existing projects just by defining them in
your config.
But as we discussed #10425, this change made more and more sense. In a
world where projects can be created, we can no longer reference
pre-existing projects just by defining them in config. We get that
ability back by making projects importable.
* provider/aws: Add DeploymentRollback as a valid TriggerEvent type
* provider/aws: Add auto_rollback_configuration to aws_codedeploy_deployment_group
* provider/aws: Document auto_rollback_configuration
- part of aws_codedeploy_deployment_group
* provider/aws: Support removing and disabling auto_rollback_configuration
- part of aws_codedeploy_deployment_group resource
- when removing configuration, ensure events are removed
- when disabling configuration, preserve events in case configuration is re-enabled
* provider/aws: Add alarm_configuration to aws_codedeploy_deployment_group
* provider/aws: Document alarm_configuration
- part of aws_codedeploy_deployment_group
* provider/aws: Support removing alarm_configuration
- part of aws_codedeploy_deployment_group resource
- disabling configuration doesn't appear to work...
* provider/aws: Refactor auto_rollback_configuration tests
- Add create test
- SKIP failing test for now
- Add tests for build & map functions
* provider/aws: Refactor new aws_code_deploy_deployment_group tests
- alarm_configuration and auto_rollback_configuration only
- add assertions to deployment_group basic test
- rename config funcs to be more easy to read
- group public tests together
* provider/aws: A max of 10 alarms can be added to a deployment group.
- aws_code_deploy_deployment_group.alarm_configuration.alarms
- verified this causes test failure with expected exception
* provider/aws: Test disabling alarm_configuration and auto_rollback_configuration
- the tests now pass after rebasing the latest master branch
Google's Backend Services gives users control over the session affinity modes.
Let's allow Terraform users to leverage this option.
We don't change the default value ("NONE", as provided by Google).
* provider/azurerm: support import of route
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMRoute_import -timeout 120m
=== RUN TestAccAzureRMRoute_importBasic
--- PASS: TestAccAzureRMRoute_importBasic (166.99s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 167.066s
* provider/azurerm: fix route_table not setting routes
The resource wasn't actually setting the routes in the create/update method,
this went unnoticed as it also didn't read the routes array back to state.
Fixes#10316
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMRouteTable -timeout 120m
=== RUN TestAccAzureRMRouteTable_basic
--- PASS: TestAccAzureRMRouteTable_basic (122.96s)
=== RUN TestAccAzureRMRouteTable_disappears
--- PASS: TestAccAzureRMRouteTable_disappears (121.12s)
=== RUN TestAccAzureRMRouteTable_withTags
--- PASS: TestAccAzureRMRouteTable_withTags (136.01s)
=== RUN TestAccAzureRMRouteTable_multipleRoutes
--- PASS: TestAccAzureRMRouteTable_multipleRoutes (155.44s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 535.612s
* provider/azurerm: support import of route_table
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMRouteTable_import -timeout 120m
=== RUN TestAccAzureRMRouteTable_importBasic
--- PASS: TestAccAzureRMRouteTable_importBasic (121.90s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 121.978s
* provider/aws: Generate name for TestAccElasticBeanstalkApplicationImport
This allows tests to run concurrently.
* provider/aws: Generate names for TestAWSElasticBeanstalkEnvironment_importBasic
This allows tests to run concurrently.
* provider/azurerm: support import of virtual_machine
TF_ACC=1 go test ./builtin/providers/azurerm -v -run "TestAccAzureRMVirtualMachine_(basic|import)" -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_importBasic
--- PASS: TestAccAzureRMVirtualMachine_importBasic (561.08s)
=== RUN TestAccAzureRMVirtualMachine_basicLinuxMachine
--- PASS: TestAccAzureRMVirtualMachine_basicLinuxMachine (677.49s)
=== RUN TestAccAzureRMVirtualMachine_basicLinuxMachine_disappears
--- PASS: TestAccAzureRMVirtualMachine_basicLinuxMachine_disappears (674.21s)
=== RUN TestAccAzureRMVirtualMachine_basicWindowsMachine
--- PASS: TestAccAzureRMVirtualMachine_basicWindowsMachine (1105.18s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 3017.970s
* provider/azurerm: support import of servicebus_namespace
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusNamespace_import -timeout 120m
=== RUN TestAccAzureRMServiceBusNamespace_importBasic
--- PASS: TestAccAzureRMServiceBusNamespace_importBasic (345.80s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 345.879s
* provider/azurerm: document import of servicebus_topic and servicebus_subscription
* provider/azurerm: support import of dns record resources
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMDns[A-z]+Record_importBasic -timeout 120m
=== RUN TestAccAzureRMDnsARecord_importBasic
--- PASS: TestAccAzureRMDnsARecord_importBasic (102.84s)
=== RUN TestAccAzureRMDnsAAAARecord_importBasic
--- PASS: TestAccAzureRMDnsAAAARecord_importBasic (100.59s)
=== RUN TestAccAzureRMDnsCNameRecord_importBasic
--- PASS: TestAccAzureRMDnsCNameRecord_importBasic (98.94s)
=== RUN TestAccAzureRMDnsMxRecord_importBasic
--- PASS: TestAccAzureRMDnsMxRecord_importBasic (107.30s)
=== RUN TestAccAzureRMDnsNsRecord_importBasic
--- PASS: TestAccAzureRMDnsNsRecord_importBasic (98.55s)
=== RUN TestAccAzureRMDnsSrvRecord_importBasic
--- PASS: TestAccAzureRMDnsSrvRecord_importBasic (100.19s)
=== RUN TestAccAzureRMDnsTxtRecord_importBasic
--- PASS: TestAccAzureRMDnsTxtRecord_importBasic (97.49s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 706.000s
* provider/azurerm: support import of cdn_endpoint, document profile import
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMCdnEndpoint_import -timeout 120m
=== RUN TestAccAzureRMCdnEndpoint_importWithTags
--- PASS: TestAccAzureRMCdnEndpoint_importWithTags (207.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 207.907s
* provider/azurerm: support import of sql_server, fix sql_firewall import
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMSql[A-z]+_importBasic -timeout 120m
=== RUN TestAccAzureRMSqlFirewallRule_importBasic
--- PASS: TestAccAzureRMSqlFirewallRule_importBasic (153.72s)
=== RUN TestAccAzureRMSqlServer_importBasic
--- PASS: TestAccAzureRMSqlServer_importBasic (119.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 273.630s
Although the aws_iam_policy has a problem of normalization (refs #8350),
I think it would be useful simply to add JSON syntax validation.
I wasted a lot of time with JSON syntax errors.
Validate the aws_iam_policy using the validateJsonString helper.
This commit adds the ability to authenticate with Swauth/Swift. This can
be used in Swift-only environments that do not have a Keystone service
for authentication.
* provider/aws: Add ability to create aws_ebs_snapshot
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSSnapshot_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:18:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSSnapshot_
-timeout 120m
=== RUN TestAccAWSEBSSnapshot_basic
--- PASS: TestAccAWSEBSSnapshot_basic (31.56s)
=== RUN TestAccAWSEBSSnapshot_withDescription
--- PASS: TestAccAWSEBSSnapshot_withDescription (189.35s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws220.928s
```
* docs/aws: Addition of the docs for aws_ebs_snapshot resource
* provider/aws: Creation of shared schema funcs for common AWS data source
patterns
* provider/aws: Create aws_ebs_snapshot datasource
Fixes#8828
This data source will use a number of filters, owner_ids, snapshot_ids
and restorable_by_user_ids in order to find the correct snapshot. The
data source has no real use case for most_recent and will error on no
snapshots found or greater than 1 snapshot found
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsSnapshotDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 14:34:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsSnapshotDataSource_ -timeout 120m
=== RUN TestAccAWSEbsSnapshotDataSource_basic
--- PASS: TestAccAWSEbsSnapshotDataSource_basic (192.66s)
=== RUN TestAccAWSEbsSnapshotDataSource_multipleFilters
--- PASS: TestAccAWSEbsSnapshotDataSource_multipleFilters (33.84s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws226.522s
```
* docs/aws: Addition of docs for the aws_ebs_snapshot data source
Adds the new resource `aws_ebs_snapshot`
This update adds ALB support to the
wait_for_elb_capacity/min_elb_capacity options. Target groups are
handled in nearly the same way as Classic ELBs, so the change should be
transparent. This supports both ALB target groups and classic ELBs being
attached to the ASG at the same time.
* provider/aws: Add aws_alb data source
This adds the aws_alb data source for getting information on an AWS
Application Load Balancer.
The schema is nearly the same as the resource of the same name, with
most of the resource population logic de-coupled into its own function
so that they can be shared between the resource and data source.
* provider/aws: aws_alb data source language revisions
* Multiple/zero result error slightly updated to be a bit more
specific.
* Fixed relic of the copy of the resource docs (resource -> data
source)
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:
```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```
This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok github.com/rhenning/terraform/builtin/providers/aws 20.840s
```
This commit adds the openstack_compute_volume_attach_v2 resource. This
resource enables a volume to be attached to an instance by using the
OpenStack Compute (Nova) v2 volumeattach API.
This commit adds the openstack_blockstorage_volume_attach_v2 resource. This
resource enables a volume to be attached to an instance by using the OpenStack
Block Storage (Cinder) v2 API.
Fixes a case where ResourceConfig.get inadvertently returns a nil value.
Add an integration test where assigning a map to a list via
interpolation would panic.
* provider/github: add GitHub labels resource
Provides a GitHub issue label resource.
This resource allows easy management of issue labels for an
organisation's repositories. A name, and a color can be set.
These attributes can be updated without creating a new resource.
* provider/github: add documentation for GitHub issue labels resource
* provider/aws: Add aws_alb_listener data source
This adds the aws_alb_listener data source to get information on an AWS
Application Load Balancer listener.
The schema is slightly modified (only option-wise, attributes are the
same) and we use the aws_alb_listener resource read function to get the
data.
Note that the HTTPS test here may fail due until
hashicorp/terraform#10180 is merged.
* provider/aws: Add aws_alb_listener data source docs
Now documented.
When using the static NAT resource, you no longer have to specify a `network_id`. This can be inferred from the choosen `virtual_machine_id` and/or the `vm_guest_ip`.
* provider/scaleway: increase wait for server time
according to the scaleway community, shutdown/ startup might actually take an
hour. since a regular shutdown transfers data this is bound by the size of the
actual volumes in use.
https://community.online.net/t/solving-the-long-shutdown-boot-when-only-needed-to-attach-detach-a-volume/326
anyhow, 20 minutes seems quite optimistic, and we've seen some timeout errors in
the logs, too
* provider/scaleway: clear cache on volume attachment
the volume attachment errors quite often, and while I have no hard evidence
(yet) I guess it might be related to the cache that the official scaleway SDK
includes.
for now this is just a tiny experiment, clearing the cache when creating/
destroying volume attachments. let's see if this improves anything, really
* provider/scaleway: guard against attaching already attached volumes
* provider/scaleway: use cheaper instance types for tests
Scaleway bills by the hour and C2S costs much more than C1, since in the tests
we just spin up instances, to destroy them later on...
Looks like sometimes it takes some time for IAM certificates to
propagate, which can cause errors on ALB listener creation.
Possibly same thing as hashicorp/terraform#5178, but for ALB
now instead of ELB.
This was discovered via acceptance tests, specifically the
TestAccAWSALBListener_https test. Updated the creation process to wait
on CertificateNotFound for a max of 5min.
- Per our discussion around the PR to increase this initially, we
weren't sure if 1 minute would be sufficient. Well, it turns out it
wasn't for me today (we don't delete these often so not sure how
often people run into this).
Picking another somewhat arbitrary value of 5 minutes in the hopes
that it will be sufficient (today it took a little over 2 minutes).
Since the Lambda CreateFunction call may include an up to 50MB payload,
the request can easily take more than a minute. This increases the
timeout to 10 minutes.