Commit Graph

3275 Commits

Author SHA1 Message Date
Richard Henning 2a5e1d400d provider/aws: Remove IAM user's MFA devices with `force_destroy` #5908 (#10262)
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:

```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
    status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```

This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok  	github.com/rhenning/terraform/builtin/providers/aws	20.840s
```
2016-11-21 10:17:27 +02:00
Kit Ewbank fd8d41f6a5 Add note to aws_security_group data source describing the default security group for a VPC. (#10247)
Add a corresponding acceptance test.
2016-11-20 16:28:11 +02:00
Kit Ewbank 3255921b6e aws_prefix_list data source - Add ability to select PL by name. (#10248) 2016-11-20 16:21:55 +02:00
Chris Marchesi 3ac05a539b provider/aws: Add aws_alb_listener data source (#10181)
* provider/aws: Add aws_alb_listener data source

This adds the aws_alb_listener data source to get information on an AWS
Application Load Balancer listener.

The schema is slightly modified (only option-wise, attributes are the
same) and we use the aws_alb_listener resource read function to get the
data.

Note that the HTTPS test here may fail due until
hashicorp/terraform#10180 is merged.

* provider/aws: Add aws_alb_listener data source docs

Now documented.
2016-11-18 13:01:21 +02:00
Chris Marchesi 99528f17cd provider/aws: Add CertificateNotFound retry waiter to aws_alb_listener (#10180)
Looks like sometimes it takes some time for IAM certificates to
propagate, which can cause errors on ALB listener creation.
Possibly same thing as hashicorp/terraform#5178, but for ALB
now instead of ELB.

This was discovered via acceptance tests, specifically the
TestAccAWSALBListener_https test. Updated the creation process to wait
on CertificateNotFound for a max of 5min.
2016-11-17 14:49:41 +02:00
Andrew Garrett 3822c69995 Add name_prefix to aws_iam_policy (#10178)
This is intended to behave the same way as name_prefix does in
aws_iam_role.

Fixes #10176
2016-11-17 14:03:03 +02:00
Clint d004a24659 Merge pull request #10171 from Ninir/vpc_enable_dns_support
provider/aws: Fixed the aws_vpc enable_dns_support handling on creation
2016-11-16 13:41:35 -06:00
Ninir 281eba72ad provider/aws: Fixed the aws_vpc enable_dns_support handling on creation 2016-11-16 20:05:49 +01:00
Ninir 3d56d20d82 Added retry_option for aws_kinesis_firehose_stream redshift_configuration 2016-11-15 10:55:02 -06:00
Clint 665ca05bf6 Merge pull request #10112 from Ninir/aws_kinesis_firehose_stream_buffer_option
provider/aws: kinesis_firehose_delivery_stream: Fixed ES buffering_interval option
2016-11-15 09:55:12 -06:00
Justin Nauman e36f424af3 GH-7311 - Increasing deletion timeout wait
- Per our discussion around the PR to increase this initially, we
weren't sure if 1 minute would be sufficient.  Well, it turns out it
wasn't for me today (we don't delete these often so not sure how
often people run into this).

Picking another somewhat arbitrary value of 5 minutes in the hopes
that it will be sufficient (today it took a little over 2 minutes).
2016-11-15 09:11:28 -06:00
Jeremy Asher ece6f30a21 increase aws_lambda_function timeout
Since the Lambda CreateFunction call may include an up to 50MB payload,
the request can easily take more than a minute.  This increases the
timeout to 10 minutes.
2016-11-14 15:50:39 -08:00
Ninir e077e4b260 provider/aws: fixed buffering_interval option 2016-11-14 22:18:11 +01:00
Paul Stack ecb2b74c37 Merge pull request #9534 from Ninir/aws_apigw_deployment_date
provider/aws: 	Exposed aws_api_gateway_deployment.created_date attribute
2016-11-14 12:11:59 +00:00
Paul Stack 24231333d3 Exposed AWS API GW REST Api created_date attribute (#9532) 2016-11-14 12:09:28 +00:00
Ninir a88b25cfcf Exposed AWS API GW REST Api created_date attribute 2016-11-14 11:56:41 +01:00
Ninir 6fb63f2854 Exposed aws_api_gateway_deployment.created_date attribute 2016-11-14 11:21:36 +01:00
Ninir 932c92e4c6 Exposed aws_api_gateway_api_key created_date & last_updated_date (#9530) 2016-11-14 12:03:56 +02:00
Ninir d8e846c895 Fixed ##10079 exposing aws_iam_role create_date attribute (#10091) 2016-11-14 11:33:53 +02:00
Paul Stack 3472cab7d6 provider/aws: Fix panic in aws_acm_certificate datasource (#10051)
Fixes #10042
Fixes #9989

Another panic was found with this resource. IT essentially was causing a
panic when no certificates were found. This was due to the casting of
status to []string

There are times when there are no statuses passed in. Made the error
message a lot more generic now rather than having something like this

```

No certificate with statuses [] for domain mytestdomain.com found in this region.
```

This now becomes:

```
No certificate for domain mytestdomain.com found in this region.
```

Also, added a test to show that the panic is gone

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAcmCertificateDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/11 15:11:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAwsAcmCertificateDataSource_ -timeout 120m
=== RUN   TestAccAwsAcmCertificateDataSource_noMatchReturnsError
--- PASS: TestAccAwsAcmCertificateDataSource_noMatchReturnsError (6.07s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws6.094s
```
2016-11-11 16:07:50 +02:00
Andreas Skarmutsos Lindh 5e32c144d5
Ignore AWS specific tags
Allows us to adopt resources created with CloudFormation.

Extend AWS specific tag ignoring to all tags*

Ignore AWS specific tags for autoscaling
2016-11-11 15:40:09 +02:00
Anshul Sharma e1919edbb3 Allow underscore in database_name [redshift] (#10019)
* allow underscore in database_name [redshift]

Fixes #10009

* Added Test Cases To Validate Redshift DBName

* Remove Old Test Cases Regarding Redshift DBName Validation

* Added More Test Cases For Redshift DBName
2016-11-11 11:59:00 +02:00
clint shryock 303b07e61f provider/aws: Update AutoScaling Schedule test files to avoid conflicts 2016-11-10 11:36:57 -06:00
stack72 e02960810d
provider/aws: Rename zone_id to hosted_zone_id in aws_db_instance
Also added a test to prove that the computed value gets set

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 06:26:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_basic -timeout 120m
=== RUN   TestAccAWSDBInstance_basic
--- PASS: TestAccAWSDBInstance_basic (634.33s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws634.347s
```
2016-11-10 06:41:43 +00:00
Michel Rasschaert 62ea843ff3 zone_id exported attribute for db_instance resource 2016-11-09 19:54:09 +01:00
Paul Stack 643d42c412 provider/aws: AWS IAM, User and Role allow + in the name (#9991)
Fixes #9985

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestValidateIamUserName'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/09 12:12:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestValidateIamUserName
-timeout 120m
=== RUN   TestValidateIamUserName
--- PASS: TestValidateIamUserName (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws0.026s
```
2016-11-09 15:54:15 +00:00
Paul Stack d66359b046 provider/aws: Fix panic when passing statuses to aws_acm_certificate (#9990)
Fixes #9989

When passing a list of statuses to the acm_certificate data source, we
were trying to cast a schema.TypeList directly to []string

We need to do it via an []interface{} and then cast to string when
ranging over the results. Without this, we get a panic
2016-11-09 15:53:36 +00:00
Nick Santamaria 8949419bef provider/aws: Add key_name_prefix argument to aws_key_pair resource (#9993)
* Added key_name_prefix to aws_key_pair resource schema.

* Added logic to prefix the aws_key_pair name on create.

* Added aws_key_pair test config for key_name_prefix case.

* Copied test cases from testAccAWSSecurityGroup namespace.

* Modified copied test case to suit aws_key_pair resource.

* Changed required flag to optional on key_name argument for aws_key_pair resource.

* Added documentation for key_name_prefix argument.

* Code style fix.

* Fixed undefined variable error in test.
2016-11-09 15:35:51 +00:00
ddcprg 27527ef3cb EMR Cluster - core_instance_count doesn't actually refer to core instances 2016-11-09 08:47:23 -06:00
jmasseo 77ca7001a8 removing toLower from flattenElastiCacheParameters - aws_elasticache_parameter_group parameters can be case sensitive (#9820) 2016-11-09 11:34:00 +00:00
Paddy 78f8fea1fa Merge pull request #9950 from optimisticanshul/9928-aws-redshift-enhanced-vpc-routing
Added AWS Redshift Enhanced VPC Routing
2016-11-08 11:02:37 -08:00
Clint 81e599e53f Merge pull request #9600 from HotelsDotCom/master
AWS EMR resource - Support for Service Access Security Group
2016-11-08 11:36:03 -06:00
Anshul Sharma e9821eaced Updated Redshift Documentation and Added Test Cases for Redshift Enchaned VPC routing 2016-11-08 18:13:10 +05:30
Anshul Sharma 1030cc1344 Added AWS Redshift Enhanced VPC Routing 2016-11-08 17:36:29 +05:30
Paul Stack 38cd7947b6 provider/aws: Fix the validateFunc of aws_elasticache_replication_group (#9918)
Fixes #9895

The replication_group_id should allow length to be max of 20 not 16

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestResourceAWSElastiCacheReplicationGroupIdValidation'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 16:17:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestResourceAWSElastiCacheReplicationGroupIdValidation -timeout
120m
=== RUN   TestResourceAWSElastiCacheReplicationGroupIdValidation
--- PASS: TestResourceAWSElastiCacheReplicationGroupIdValidation (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws0.032s
```
2016-11-07 21:02:00 +00:00
Paul Stack c0442ee63f provider/aws: aws_alb_target_group arn_suffix missing the targetgroup (#9911)
The work to add the arn_suffix in #9734 skipped adding the targetgroup/
part of the arn

This PR adds it

//cc @firthh

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 12:19:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.23s)
=== RUN   TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (80.09s)
=== RUN   TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (87.45s)
=== RUN   TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (78.47s)
=== RUN   TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (73.53s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (75.60s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (76.40s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	518.777s
```
2016-11-07 20:17:43 +00:00
Paul Stack 3f032ff611 provider/aws: Setting static_routes_only on import of vpn_connection (#9802)
fixes #9110

An error was found where, static_routes_only was not set on a vpn
connection import. This commit introduces setting the static_routes_only
to false when no Options are found. This follows the AWS convention as follows:

```
- options (structure)

Indicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify true .
Default: false

```

So we take it that `static_options_only` is false by default

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 10:38:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN   TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (178.29s)
=== RUN   TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.81s)
=== RUN   TestAccAWSVpnConnection_withoutStaticRoutes
--- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (195.45s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	710.572s
```
2016-11-07 16:12:41 +00:00
Masayuki Morita f68d5e82f3 provider/aws: Fix bug #9863 destroying aws_iam_user with force_destroy does not work (#9900) 2016-11-07 10:37:32 +00:00
Paddy a15726d069 Merge pull request #9857 from hashicorp/paddy_8822_fix_spot_fleet_ebs
provider/aws: Fix hashing of EBS volumes in spot fleet requests to prevent panics
2016-11-04 09:38:38 -07:00
Mitchell Hashimoto 125b7f4d44 Merge pull request #9806 from hashicorp/f-modify-aws-user-agent
provider/aws: Modify AWS User-Agent to new format
2016-11-04 08:50:15 -07:00
Clint abcc766344 Merge pull request #9871 from hashicorp/b-aws-opsworks-tests
provider/aws: Decouple and randomize OpsWorks test configs
2016-11-04 09:40:48 -05:00
clint shryock 639a088897 provider/aws: Decouple and randomize OpsWorks test configs 2016-11-04 09:33:07 -05:00
James Nugent 3361047e38 provider/aws: Address acm_certificate review items 2016-11-03 20:01:46 -04:00
Paul Hinze ccd745c96f provider/aws: New Data Source: aws_acm_certificate
Use this data source to get the ARN of a certificate in AWS Certificate
Manager (ACM). The process of requesting and verifying a certificate in ACM
requires some manual steps, which means that Terraform cannot automate the
creation of ACM certificates. But using this data source, you can reference
them by domain without having to hard code the ARNs as input.

The acceptance test included requires an ACM certificate be pre-created
in and information about it passed in via environment variables. It's a
bit sad but there's really no other way to do it.
2016-11-03 19:34:19 -04:00
Paddy 7d06ea8449 Fix EBS block device hashing in spot fleet requests.
When computing the set key for an EBS block device, we were using
the wrong function; we had hashEphemeralBlockDevice instead of
hashEbsBlockDevice. This caused a panic by trying to access the
virtual_name attribute that will never be set for EBS block
devices.

To fix this, I switched to the hashEbsBlockDevice function, which
is already being used to compute a Set key in the Schema. But in
the default case, where the snapshot_id attribute isn't specified,
this also caused a panic. I updated the way the string to hash is
generated to check for the existence of the device_name and
snapshot_id attributes before we use them, to avoid panics when
these optional attributes aren't set.
2016-11-03 16:24:19 -07:00
Paddy 24dd4273c7 Add an acceptance test for adding EBS volumes to a spot fleet req
Spot fleet requests can have EBS volumes attached to them, and at
the moment we're getting reports that crashes can be experienced
with them. This adds an acceptance test that exercises creating
a Spot Fleet request that has a non-instance EBS volume attached.
This successfully reproduces the panic.
2016-11-03 16:19:50 -07:00
Justin Nauman 9e11b59814 provider/aws: aws_autoscaling_attachment resource (#9146)
* GH-8755 - Adding in support to attach ASG to ELB as independent action

* GH-8755 - Adding in docs

* GH-8755 - Adjusting attribute name and responding to other PR feedback
2016-11-03 13:08:49 +00:00
James Nugent 549993147f Merge pull request #9822 from hashicorp/paddy_8502_sni
provider/aws: Add the enable_sni attribute for Route53 health checks.
2016-11-02 23:38:01 -04:00
Paddy 42049e984f provider/aws: Add the enable_sni attribute for Route53 health checks.
In #8502 it was requested that we add support for the EnableSNI
parameter of Route53's health checks; this enables customers to
manually specify whether or not the health check will use SNI when
communicating with the endpoint.

The customer originally requested we default to `false`. While
implementing the issue, I discovered that when creating health
checks with a Type set to HTTP, Amazon's default value for EnableSNI
is `false`. However, when creating health checks with a Type set to
HTTPS, Amazon's default value is `true`. So rather than setting a
default value, I made the attribute computed.
2016-11-02 16:23:35 -07:00
clint shryock d120e1a38a provider/aws: Fix TestAccAWSAPIGatewayDomainName_basic test 2016-11-02 16:23:39 -05:00