We should error check up front on the use of num_cache_nodes and
cluster_mode. This allows us to write a test to make sure all works as
expected
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/09 19:04:56 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError -timeout 120m
=== RUN TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError
--- PASS: TestAccAWSElasticacheReplicationGroup_clusteringAndCacheNodesCausesError (40.58s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 40.603s
```
Added support for provisioning a native redis cluster elasticache replication group.
A new TypeSet attribute `cluster_mode` has been added. It requires the following
fields:
- `replicas_per_node_group` - The number of replica nodes in each node group
- `num_node_groups` - The number of node groups for this Redis replication group
Notes:
- `automatic_failover_enabled` must be set to true.
- `number_cache_clusters` is now a optional and computed field. If `cluster_mode` is set
its value will be computed as:
```num_node_groups + num_node_groups * replicas_per_node_group```
Below is a sample config:
resource "aws_elasticache_replication_group" "bar" {
replication_group_id = "tf-redis-cluser"
replication_group_description = "test description"
node_type = "cache.t2.micro"
port = 6379
parameter_group_name = "default.redis3.2.cluster.on"
automatic_failover_enabled = true
cluster_mode {
replicas_per_node_group = 1
num_node_groups = 2
}
}
We were too greedy with the AWS specific tags ignore function - we
basically were ignoring anything starting with `aws` rather than just
using `aws:`
Fixes: #14308Fixes: #14247
With an EC2 instance that only had a single network interface, the primary interface, the Update function would call `ModifyInstanceAttribute()` on the target instance. This would only work if there was a single network interface attached to the EC2 instance. If, however, a secondary network interface was attached to the instance, the `ModifyInstanceAttribute()` API call would fail with the following error message:
> There are multiple interfaces attached to instance 'i-XXXXX'. Please specify an interface ID for the operation instead.
After this changeset, modifying instance security groups now makes the correct call to `ModifyNetworkInterfaceAttribute()` in order to modify the list of security groups on the primary network interface, as initially configured during the instances creation.
This change is also safe from an instance that has a non-default primary network interface, as the instance attribute `vpc_security_group_ids` conflicts with the new `network_interface` attribute.
Test Output:
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_addSecurityGroupNetworkInterface"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/08 17:52:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_addSecurityGroupNetworkInterface -timeout 120m
=== RUN TestAccAWSInstance_addSecurityGroupNetworkInterface
--- PASS: TestAccAWSInstance_addSecurityGroupNetworkInterface (327.75s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 327.756s
```
The implementation would return an error if the resource was detected as
removed - this would break Terraform instead of making it re-create the
missing service account.
* provider/aws: Refresh ssm document from state on 404
Originally reported in #13976
When an SSM Document was deleted outside of Terraform, a terraform
refresh would return the following:
```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_ssm_document.foo: Refreshing state... (ID: test_document-stack72)
Error refreshing state: 1 error(s) occurred:
* aws_ssm_document.foo: aws_ssm_document.foo: [ERROR] Error describing SSM document: InvalidDocument:
status code: 400, request id: 70c9bed1-33bb-11e7-99aa-697e9b0914e9
```
On applying this patch, it now looks as follows:
```
% terraform plan
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
If you did not expect to see this message you will need to remove the old plugin.
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_ssm_document.foo: Refreshing state... (ID: test_document-stack72)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_ssm_document.foo
arn: "<computed>"
content: " {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Check ip configuration of a Linux instance.\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"ifconfig\"]\n }\n ]\n }\n }\n }\n"
created_date: "<computed>"
default_version: "<computed>"
description: "<computed>"
document_type: "Command"
hash: "<computed>"
hash_type: "<computed>"
latest_version: "<computed>"
name: "test_document-stack72"
owner: "<computed>"
parameter.#: "<computed>"
platform_types.#: "<computed>"
schema_version: "<computed>"
status: "<computed>"
Plan: 1 to add, 0 to change, 0 to destroy.
```
* Update resource_aws_ssm_document.go
Add a data source for listing available versions for Container Engine
clusters or retrieving the latest available version.
This is mostly to support our tests for specifying a version for cluster
creation; the withVersion test has been updated to use the data source,
meaning it will stop failing on us as new versions get released.
Adds support for importing normal and organization apps with the
heroku_app resource.
The resource itself depends on an `organization` value in the
configuration to switch behavior for the different kinds of apps, so
`schema.ImportStatePassthrough` is not sufficient.
Adds computed `arn` to security group data source
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccDataSourceAwsSecurityGroup"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/05 10:17:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccDataSourceAwsSecurityGroup -timeout 120m
=== RUN TestAccDataSourceAwsSecurityGroup
--- PASS: TestAccDataSourceAwsSecurityGroup (56.72s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 56.725s
```
* aws_route53_record: More consistent unquoting of TXT/SPF records.
Before, 'flatten' would remove the first two quotes. This results in
confusing behavior if the value contained two quoted strings.
Now, 'flatten' we only remove the surrounding qutoes, which is more
consistent with 'expand'.
Should improve hashicorp/terraform#8423, but more could still be done.
* aws/route53: Cover new bugfix with an acceptance test
Nomad server could have already purged the test job `foo` by the time the test checks to make sure the `foo` job has been deleted, resulting in a `404` response from the Nomad server.
```
$ make testacc TEST=./builtin/providers/nomad
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/04 15:51:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/nomad -v -timeout 120m
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestResourceJob_basic
--- PASS: TestResourceJob_basic (1.78s)
=== RUN TestResourceJob_refresh
--- PASS: TestResourceJob_refresh (3.30s)
=== RUN TestResourceJob_disableDestroyDeregister
--- PASS: TestResourceJob_disableDestroyDeregister (3.63s)
=== RUN TestResourceJob_idChange
--- PASS: TestResourceJob_idChange (3.44s)
=== RUN TestResourceJob_parameterizedJob
--- PASS: TestResourceJob_parameterizedJob (1.76s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/nomad 13.924s
```
Fixes: #14217
We now check to make sure that we have the correct number of parts when
we have split the resource ID. It isn't an elegant fix but it works as
expected. Also added some more documentation about what is required to
actually construct the Id needed for import
* provider/aws: Add support for aws_ssm_maintenance_window
Fixes: #14027
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMMaintenanceWindow_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/29 13:38:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSSMMaintenanceWindow_basic -timeout 120m
=== RUN TestAccAWSSSMMaintenanceWindow_basic
--- PASS: TestAccAWSSSMMaintenanceWindow_basic (51.69s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 51.711s
```
* provider/aws: Add documentation for aws_ssm_maintenance_window
* provider/aws: Add support for aws_ssm_maintenance_window_target
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMMaintenanceWindowTarget'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/29 16:38:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSSMMaintenanceWindowTarget -timeout 120m
=== RUN TestAccAWSSSMMaintenanceWindowTarget_basic
--- PASS: TestAccAWSSSMMaintenanceWindowTarget_basic (34.68s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 34.701s
```
* provider/aws: Adding the documentation for aws_ssm_maintenance_window_target
* provider/aws: Add support for aws_ssm_maintenance_window_task
* provider/aws: Documentation for aws_ssm_maintenance_window_task
This is a fix for PR #11040. The code here lowercases the name and/or prefix before sending it to the AWS API and the terraform state. This means the state will match the actual resource name and be able to converge the diff.
Previously Nomad acceptance tests would look for a `404` response from the Nomad API when querying a nomad job after it had been stopped. Nomad has, for a while now, cached jobs such that they are still returnable from the API but have `"dead"` as their status.
```
$ make testacc TEST=./builtin/providers/nomad
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/05/03 16:27:31 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/nomad -v -timeout 120m
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestResourceJob_basic
--- PASS: TestResourceJob_basic (0.03s)
=== RUN TestResourceJob_refresh
--- PASS: TestResourceJob_refresh (0.04s)
=== RUN TestResourceJob_disableDestroyDeregister
--- PASS: TestResourceJob_disableDestroyDeregister (0.05s)
=== RUN TestResourceJob_idChange
--- PASS: TestResourceJob_idChange (0.06s)
=== RUN TestResourceJob_parameterizedJob
--- PASS: TestResourceJob_parameterizedJob (0.02s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/nomad 0.222s
```
* Allowing for volumes to be created with private ProfitBricks images without image password or ssh keys
* Acceptance test fix
* Errorf formatting fix
* Dependencies update
Here we add a new resource type `gitlab_project_hook`. It allows for
management of custom hooks for a gitlab project.
This is a relatively simple resource as a project hook is a simple
association between a project, and a url to hit when one of the flagged
events occurs on that project.
Hooks (called Webhooks in some user documentation, but simply Hooks
in the api documentation) are covered here for users
https://docs.gitlab.com/ce/user/project/integrations/webhooks.html and
in the API documentation at
https://docs.gitlab.com/ce/api/projects.html#hooks
Unset id in case the backend service cannot be created. This basically
updates these lines of code to match the more modern style which is
being used e.g. for the google_compute_instance resource.
* added emr security configurations
* gofmt after rebase
* provider/aws: Update EMR Cluster to support Security Configuration
* update test to create key
* update docs
The default value for `source_dest_check` needs to remain the same, so as not to break any backwards compatibility, however, adding a new `network_interface` parameter with a pre-configured network_interface that has `source_dest_check` set to false throws a diff after initial apply. Since we don't want to change `source_dest_check` to computed in order to not break sane defaults, ignore the diff thrown if `network_interface` attributes are configured on an instance.
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/28 16:26:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck -timeout 120m
=== RUN TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck
--- PASS: TestAccAWSInstance_primaryNetworkInterfaceSourceDestCheck (134.20s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 134.211s
```
```
$ make testacc TEST=./builtin/providers/aws TESTARGS="-run=TestAccAWSInstance_sourceDestCheck"
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/28 16:15:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_sourceDestCheck -timeout 120m
=== RUN TestAccAWSInstance_sourceDestCheck
--- PASS: TestAccAWSInstance_sourceDestCheck (179.81s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 179.815s
```
Fixes: #14068
This commit adds an option to skip TLS verification of the Triton
endpoint, which can be useful for private or temporary installations not
using a certificate signed by a trusted root CA.
Fixes#13722.
Fixes: #14049
The China and Gov regions do not support the new way of tagging
instances and volumes on creation. Therefore, we need to hack this to
make sure we don't try and set these on instance creation
The introduction of volume_tags was causing a ForceNew on
spot_instance_requests
This has now been treated the same way as tags
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotInstanceRequest_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/28 05:17:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSpotInstanceRequest_ -timeout 120m
=== RUN TestAccAWSSpotInstanceRequest_basic
--- PASS: TestAccAWSSpotInstanceRequest_basic (213.75s)
=== RUN TestAccAWSSpotInstanceRequest_withBlockDuration
--- PASS: TestAccAWSSpotInstanceRequest_withBlockDuration (212.14s)
=== RUN TestAccAWSSpotInstanceRequest_vpc
--- PASS: TestAccAWSSpotInstanceRequest_vpc (130.44s)
=== RUN TestAccAWSSpotInstanceRequest_SubnetAndSG
--- PASS: TestAccAWSSpotInstanceRequest_SubnetAndSG (234.43s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 790.791s
```
When you specify the ID of an image that has a slug, terraform would
store its slug to the state, hence it would always recreate the image.
This commit fixes it by storing the image as an ID when it is specified
by and ID by the user, ignoring the slug.
Closes#12751.
Fixes#12255.
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
Update our project metadata tests to stand up their own projects, so
they don't trample all over each other anymore.
The fixes for this were more invasive than I had hoped they would be,
but the tests all pass now (when run sequentially) and there's no reason
for them not to pass when run in parallel.
We have tests failing because we hard-coded the network name in our
network data source test. By randomizing it, we don't fix the dangling
resource problem, but do make the tests pass again.
Federated users calling `iam:GetUser` will get the error code `InvalidClientTokenId` so this shouldn't bail out but instead continue on to try `sts:GetCallerIdentity`.
Reverts #13883.
Quoting @radeksimko: "We actually refresh the state
as part of every test step, so this is not necessary"
Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
Fixes: #14003
When an EBS volume was created and tags were specified on that resource
and NOT the aws_instance it was attached to, the tags would be removed
on subsequent Terraform runs.
We need to set volume_tags to be Computed to allow for changes to EBS
volumes not created as part of the instance but that are attached to the
instance
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTagsComputed'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/27 07:33:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTagsComputed -timeout 120m
=== RUN TestAccAWSInstance_volumeTagsComputed
--- PASS: TestAccAWSInstance_volumeTagsComputed (151.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 151.411s
```
Fixes: #12496
When an EBS volume was attached to an instance and the user tried to
resize, they would get an error as follows:
```
* aws_ebs_volume.ebs_data_volume: Error waiting for Volume (vol-027e83f7) to become available: unexpected state 'in-use', wanted target 'available'. last error: %!s(<nil>)
```
`available` is a state *only* when creating an EBS volume that is not attached. When an instance is attached, it will go into the state `in-use`. Therefore `in-use` is a valid state when modifying an EBS volume that is attached:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_' ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/27 07:08:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (41.10s)
=== RUN TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (38.22s)
=== RUN TestAccAWSEBSVolume_updateAttachedEbsVolume
--- PASS: TestAccAWSEBSVolume_updateAttachedEbsVolume (199.11s)
=== RUN TestAccAWSEBSVolume_updateSize
--- PASS: TestAccAWSEBSVolume_updateSize (70.53s)
=== RUN TestAccAWSEBSVolume_updateType
--- PASS: TestAccAWSEBSVolume_updateType (69.75s)
=== RUN TestAccAWSEBSVolume_updateIops
--- PASS: TestAccAWSEBSVolume_updateIops (70.38s)
=== RUN TestAccAWSEBSVolume_kmsKey
--- PASS: TestAccAWSEBSVolume_kmsKey (76.64s)
=== RUN TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (39.80s)
=== RUN TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (38.04s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 643.609s
```
The Triton CLI tools have been using TRITON_* as their configuration
environment variables for some time now. This commit makes Terraform use
them in preference to any SDC_* variables set, and allows Terraform to
work with the credentials set by the `triton env` in the CLI.
We can only ever have 5 cloudtrails in an AWS account so we want to make
sure we run these tests serially to make sure we don't exhaust limits
and get non-deterministic failures
* Make dnsimple_records importable
terraform 0.7 supports importing a resource into the local state, and
this adds that feature to the dnsimple_record resource.
Unfortunately, the DNSimple v1 API requires a domain name and record ID
to fetch a record, so the import command accepts both pieces of data as
a slash-delimted string like so:
terraform import dnsimple_record.test example.com/1234
* add an acceptance test for importing a dnsimple_record
This parameter is being validated using the wrong validation function, which means that we are incorrectly disallowing a `name_prefix` value ending with a dash.
Fixes: #13173
We now tag at instance creation and introduced `volume_tags` that can be
set so that all devices created on instance creation will receive those
tags
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSInstance_volumeTags' 2 ↵ ✚ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/04/26 06:30:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSInstance_volumeTags -timeout 120m
=== RUN TestAccAWSInstance_volumeTags
--- PASS: TestAccAWSInstance_volumeTags (214.31s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 214.332s
```
As a follow up to #13844, this pull request sorts the AMIs and snapshots returned from the aws_ami_ids and aws_ebs_snapshot_ids data sources, respectively.
Previously we were letting it get implicitly created as part of making
the structure for copying in each file, but that isn't sufficient if the
source directory is empty.
By explicitly creating the directory first we ensure that it will complete
successfully even in the case of an empty directory.
When an error is passed, the FileInfo can be nil, which was previously
causing a crash on trying to evaluate f.IsDir(). By checking for an error
first we avoid this crash.
When TerraForm is used to configure and deploy infrastructure
applications that require dozens templated files, such as Kubernetes, it
becomes extremely burdensome to template them individually: each of them
requires a data source block as well as an upload/export (file
provisioner, AWS S3, ...).
Instead, this commit introduces a mean to template an entire folder of
files (recursively), that can then be treated as a whole by any provider
or provisioner that support directory inputs (such as the
file provisioner, the archive provider, ...).
This does not intend to make TerraForm a full-fledged templating system
as the templating grammar and capabilities are left unchanged. This only
aims at improving the user-experience of the existing templating
provider by significantly reducing the overhead when several files are
to be generated - without forcing the users to rely on external tools
when these templates stay simple and that their generation in TerraForm
is justified.
This is the minimal amount of work needed to be able to create a list of a subset of subnet IDs in a VPC, allowing people to loop through them easily when creating EC2 instances or provide a list straight to an ELB.