* GH-8755 - Adding in support to attach ASG to ELB as independent action
* GH-8755 - Adding in docs
* GH-8755 - Adjusting attribute name and responding to other PR feedback
* provider/aws: Provide the option to skip_destroy on
aws_volume_attachment
When you want to attach and detach pre-existing EBS volumes to an
instance, we would do that as follows:
```
resource "aws_instance" "web" {
ami = "ami-21f78e11"
availability_zone = "us-west-2a"
instance_type = "t1.micro"
tags {
Name = "HelloWorld"
}
}
data "aws_ebs_volume" "ebs_volume" {
filter {
name = "size"
values = ["${aws_ebs_volume.example.size}"]
}
filter {
name = "availability-zone"
values = ["${aws_ebs_volume.example.availability_zone}"]
}
filter {
name = "tag:Name"
values = ["TestVolume"]
}
}
resource "aws_volume_attachment" "ebs_att" {
device_name = "/dev/sdh"
volume_id = "${data.aws_ebs_volume.ebs_volume.id}"
instance_id = "${aws_instance.web.id}"
skip_destroy = true
}
```
The issue here is that when we run a terraform destroy command, the volume tries to get detached from a running instance and goes into a non-responsive state. We would have to force_destroy the volume at that point and risk losing any data on it.
This PR introduces the idea of `skip_destroy` on a volume attachment. tl;dr:
We want the volume to be detached from the instane when the instance itself has been destroyed. This way the normal shut procedures will happen and protect the disk for attachment to another instance
Volume Attachment Tests:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVolumeAttachment_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 00:47:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVolumeAttachment_ -timeout 120m
=== RUN TestAccAWSVolumeAttachment_basic
--- PASS: TestAccAWSVolumeAttachment_basic (133.49s)
=== RUN TestAccAWSVolumeAttachment_skipDestroy
--- PASS: TestAccAWSVolumeAttachment_skipDestroy (119.64s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 253.158s
```
EBS Volume Tests:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 01:00:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (26.38s)
=== RUN TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (26.86s)
=== RUN TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (27.89s)
=== RUN TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (26.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 108.032s
```
* Update volume_attachment.html.markdown
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
Specifically:
- User data is available in all regions, so remove the sentence saying
to check for supported features in each region.
- Clarify domain vs. DNS record resources.
- Explain which DNS record types the `weight`, `port`, and `priority`
arguments are applicable for.
When creating a CloudWatch Metric for an Application Load Balancer Target Group it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#8679
The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`
When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:
```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```
We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_' 130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 132.568s
```
* provider/google Document MySQL versions for second generation instances
Google Cloud SQL has first-gen and second-gen instances with different
supported versions of MySQL.
* provider/google Increase SQL Admin operation timeout to 10 minutes
Creating SQL instances for MySQL 5.7 can take over 7 minutes,
so the timeout needs to be increased to allow the
google_sql_database_instance resource to successfully create.
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Adding private gateway and static route resource to cloudstack provider
Testing the private gateway and static route resource requires a ROOT
account in Cloudstack
* changes requested by reviewer
* provider/aws: data source for AWS Security Group
* provider/aws: add documentation for data source for AWS Security Group
* provider/aws: data source for AWS Security Group (improve if condition and syntax)
* fix fmt
* Add AWS Prefix List data source.
AWS Prefix List data source acceptance test.
AWS Prefix List data source documentation.
* Improve error message when PL not matched.
This test was previously passing but the limit appears to have been reduced
since.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusTopic_enableParti -timeout 120m
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioning
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioning (377.14s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 377.235s
* Updated docker container documentation
Feedback from ticket #9350 indicated that documentation was out of date
renamed `hosts_entry` to `host`
added correct type information to *Extra Hosts* section.
Refs: 9350
* Fixes for docker_container host object
Feedback from ticket #9350 updated codebase so it reflects the requirements from docker in regards to `host` which is `Required` and not optional.
It now accurately reflects the docker requirements and the terraform documentation.
Test results
> Bear in mind the failure it is because my laptop doesnt support memory swap. So this test will always fail.
Changing the Schema from `optional` to `required` made no difference to the tests.
make testacc TEST=./builtin/providers/docker/
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/14 15:04:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/docker/ -v -timeout 120m
=== RUN TestAccDockerRegistryImage_basic
--- PASS: TestAccDockerRegistryImage_basic (4.57s)
=== RUN TestAccDockerRegistryImage_private
--- PASS: TestAccDockerRegistryImage_private (6.22s)
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN TestAccDockerContainer_basic
--- PASS: TestAccDockerContainer_basic (7.16s)
=== RUN TestAccDockerContainer_volume
--- PASS: TestAccDockerContainer_volume (7.37s)
=== RUN TestAccDockerContainer_customized
--- FAIL: TestAccDockerContainer_customized (18.99s)
testing.go:265: Step 0 error: Check failed: Check 2/2 error: Container has wrong memory swap setting: -1
Please check that you machine supports memory swap (you can do that by running 'docker info' command).
=== RUN TestAccDockerImage_basic
--- PASS: TestAccDockerImage_basic (2.58s)
=== RUN TestAccDockerImage_private
--- PASS: TestAccDockerImage_private (2.70s)
=== RUN TestAccDockerImage_destroy
--- PASS: TestAccDockerImage_destroy (30.00s)
=== RUN TestAccDockerImage_data
--- PASS: TestAccDockerImage_data (5.93s)
=== RUN TestAccDockerNetwork_basic
--- PASS: TestAccDockerNetwork_basic (0.24s)
=== RUN TestAccDockerVolume_basic
--- PASS: TestAccDockerVolume_basic (0.05s)
FAIL
exit status 1
FAIL github.com/hashicorp/terraform/builtin/providers/docker 85.816s
Makefile:47: recipe for target 'testacc' failed
make: *** [testacc] Error 1
Refs: 9350
* govendor: update go-cloudstack dependency
* Separate security groups and rules
This commit separates the creation and management of security groups and security group rules.
It extends the `icmp` options so you can supply `icmp_type` and `icmp_code` to enbale more specific configs.
And it adds lifecycle management of security group rules, so that security groups do not have to be recreated when rules are added or removed.
This is particulary helpful since the `cloudstack_instance` cannot update a security group without having to recreate the instance.
In CloudStack >= 4.9.0 it is possible to update security groups of existing instances, but as that is just added to the latest version it seems a bit too soon to start using this (causing backwards incompatibility issues for people or service providers running older versions).
* Add and update documentation
* Add acceptance tests
Added `service_id` in place of `id` for resource.
modified created, read, update to use `service_id`
modified tests to include `service_id`.
modified documentation for consul_service to include new value.
Tests results
CONSUL_HTTP_ADDR=localhost:8500 make testacc TEST=./builtin/providers/consul/
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/14 14:43:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/consul/ -v -timeout 120m
=== RUN TestAccDataConsulKeys_basic
--- PASS: TestAccDataConsulKeys_basic (0.05s)
=== RUN TestAccConsulAgentService_basic
--- PASS: TestAccConsulAgentService_basic (0.05s)
=== RUN TestAccConsulCatalogEntry_basic
--- PASS: TestAccConsulCatalogEntry_basic (0.06s)
=== RUN TestAccConsulKeyPrefix_basic
--- PASS: TestAccConsulKeyPrefix_basic (0.19s)
=== RUN TestConsulKeysMigrateState
--- PASS: TestConsulKeysMigrateState (0.00s)
=== RUN TestConsulKeysMigrateState_empty
--- PASS: TestConsulKeysMigrateState_empty (0.00s)
=== RUN TestAccConsulKeys_basic
--- PASS: TestAccConsulKeys_basic (0.13s)
=== RUN TestAccConsulNode_basic
--- PASS: TestAccConsulNode_basic (0.05s)
=== RUN TestAccConsulPreparedQuery_basic
--- PASS: TestAccConsulPreparedQuery_basic (0.12s)
=== RUN TestAccConsulService_basic
--- PASS: TestAccConsulService_basic (0.05s)
=== RUN TestResourceProvider
--- PASS: TestResourceProvider (0.00s)
=== RUN TestResourceProvider_impl
--- PASS: TestResourceProvider_impl (0.00s)
=== RUN TestResourceProvider_Configure
--- PASS: TestResourceProvider_Configure (0.00s)
=== RUN TestResourceProvider_ConfigureTLS
--- PASS: TestResourceProvider_ConfigureTLS (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/consul 0.708s
Refs: #9352
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.
Changes:
- Adds new output attribute `configuration_endpoint_address`. Only
used in Redis when in cluster mode.
- Read the `snapshot_window` and `snapshot_retention_limit` from
the
replication group description instead of the cache cluster
description.
- Adds acceptance test and modifies an existing acceptance test to
make sure that everything is still good in non-cluster mode
- Updates docs to describe new output attribute
TF_ACC=1 go test ./builtin/providers/azurerm -v -run=TestAccAzureRMVirtualMachine_basicLinuxMachine -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_basicLinuxMachine
--- PASS: TestAccAzureRMVirtualMachine_basicLinuxMachine (540.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 540.841s
TF_ACC=1 go test ./builtin/providers/azurerm -v -run=TestAccAzureRMVirtualMachine_withDataDisk -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_withDataDisk
--- PASS: TestAccAzureRMVirtualMachine_withDataDisk (431.19s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 431.203s
enable_partitioning set to ForceNew
requires_duplicate_detection set to ForceNew
max_size_in_megabytes would cause a loop if enable_partitioning was true as this
causes the value to be multiplied by 16 for it's effective value, this computed
value is then returned by the ARM API in the same field which caused Terraform
to always detect a change
```
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusTopic -timeout 120m
=== RUN TestAccAzureRMServiceBusTopic_importBasic
--- PASS: TestAccAzureRMServiceBusTopic_importBasic (345.08s)
=== RUN TestAccAzureRMServiceBusTopic_basic
--- PASS: TestAccAzureRMServiceBusTopic_basic (342.23s)
=== RUN TestAccAzureRMServiceBusTopic_update
--- PASS: TestAccAzureRMServiceBusTopic_update (359.56s)
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioning
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioning (362.80s)
=== RUN TestAccAzureRMServiceBusTopic_enableDuplicateDetection
--- PASS: TestAccAzureRMServiceBusTopic_enableDuplicateDetection (364.97s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 1774.657s
```
* Converting archive_file to datasource.
* Ratcheting back new dir perms.
* Ratcheting back new dir perms.
* goimports
* Adding output_base64sha256 attribute to archive_file.
Updating docs.
* Dropping CheckDestroy since this is a data source.
* Correcting data source attribute checks.
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...
Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html
Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws37.121s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s
```
gophercloud/gophercloud no longer supports the APIKey authentication
attribute. Removal of this attribute may impact users who were using
the Terraform OpenStack provider in with vendor-modified clouds.
This commits changes the documentation of the aws_ecs_task_definition
resource to ensure that the `container_definitions` attribute consumes
a valid JSON document containing a list of valid container definitions,
rather than that the attribute itself is a list, etc.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Added updated instructions for creating app registration in the new ARM portal. Updated instructions for granting permissions to the app registration as well.
Hi there!
Started playing with the Bitbucket provider (great job @cwood!) and wanted to import a few dozen repositories. The documentation currently does not list it, but importing repositories is possible, using the following (for a repository identified as `my-repo`:
```
$ terraform import bitbucket_repository.my-repo my-repo
```
Hope this helps!
bootscripts allow you to start Scaleway servers with a specific kernel version.
The `scaleway_server` has always had a bootscript parameter, and the
`scaleway_bootscript` datasource allows you to lookup bootscripts to be used in
conjunction with the `scaleway_server` resource.
Specified that the security group needs to be addressed by it's id and not by its name. This will assist when debugging the error with message "{name} is invalid. Expect fully qualified resource Id that start with azure .properties.networkSecurityGroup.id"
With the addition of github_repository it may be confusing that
github_team_repository only creates relationships, rather than creating
actual repositories. To reduce the chance of confusion, we'll make this
explicit in the docs for github_team_repository.
Also taking this opportunity to make the examples consistent with what
would be produced by hclfmt.
Example addons_config was supposed to show how to disable addons (http_load_balancing and horizontal_pod_autoscaling), but it was enabling them instead.
panic on the Read func
Fixes#8995
The Diagnostics profile was a badly laid out resource. All we needed to
set was whether it was enabled and the storage account to save the logs
to. The old schema parameter was deprecated and replaced with a much
simplier structure
```
% make testacc TEST=./builtin/providers/azurerm TESTARGS='-run=TestAccAzureRMVirtualMachine_diagnosticsProfile'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/29 12:21:04 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMVirtualMachine_diagnosticsProfile -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_diagnosticsProfile
--- PASS: TestAccAzureRMVirtualMachine_diagnosticsProfile (1066.76s)
PASS
ok
github.com/hashicorp/terraform/builtin/providers/azurerm1066.776s
```
This adds a note in the `aws_iam_policy_document` documentation that
`resources` is required by AWS if used on an IAM policy. Also added a
note on `aws_iam_policy` that `aws_iam_policy_document` is a good thing
to use when configuring.
Closes#9002
This allows Storage Service Encryption to be enabled.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMStorageAccount -timeout 120m
=== RUN TestAccAzureRMStorageAccount_importBasic
--- PASS: TestAccAzureRMStorageAccount_importBasic (139.00s)
=== RUN TestAccAzureRMStorageAccount_basic
--- PASS: TestAccAzureRMStorageAccount_basic (151.03s)
=== RUN TestAccAzureRMStorageAccount_blobEncryption
--- PASS: TestAccAzureRMStorageAccount_blobEncryption (149.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 440.051s
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
A default authorization rule is created by Azure which, if present is exported by
the resource.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusNamespace -timeout 120m
=== RUN TestAccAzureRMServiceBusNamespaceCapacity_validation
--- PASS: TestAccAzureRMServiceBusNamespaceCapacity_validation (0.00s)
=== RUN TestAccAzureRMServiceBusNamespaceSku_validation
--- PASS: TestAccAzureRMServiceBusNamespaceSku_validation (0.00s)
=== RUN TestAccAzureRMServiceBusNamespace_basic
--- PASS: TestAccAzureRMServiceBusNamespace_basic (352.03s)
=== RUN TestAccAzureRMServiceBusNamespace_readDefaultKeys
--- PASS: TestAccAzureRMServiceBusNamespace_readDefaultKeys (349.17s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 701.278s
use us-west-2 region in tests
update test with working config
provider/aws: Update EMR contribution with passing test, polling for instance in DELETE method
remove defaulted role
document emr_cluster
rename aws_emr -> aws_emr_cluster
update docs for name change
update delete timeout/polling
rename emr taskgroup to emr instance group
default instance group count to 0, down from 60
update to ref emr_cluster, emr_instance_group
more cleanups for instance groups; need to read and update
add read, delete method for instance groups
refactor the read method to seperate out the fetching of the specific group
more refactoring for finding instance groups
update emr instance group docs
err check on reading HTTP. Dont' return the error, just log it
refactor the create method to catch optionals
additional cleanups, added a read method
update test to be non-master-only
wrap up the READ method for clusters
poll for instance group to be running after a modification
patch up a possible deref
provider/aws: EMR cleanups
fix test naming
remove outdated docs
randomize emr_profile names
Fixes#9194
Removes the validation for the types and adds an acceptance test to make
sure we get a successful Sql Database created
```
% make testacc TEST=./builtin/providers/azurerm TESTARGS='-run=TestAccAzureRMSqlDatabase_datawarehouse'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/03 21:57:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMSqlDatabase_datawarehouse -timeout 120m
=== RUN TestAccAzureRMSqlDatabase_datawarehouse
--- PASS: TestAccAzureRMSqlDatabase_datawarehouse (307.95s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm307.963s
```
* Parameter is Objective, not Object
* Clarify what resource group needs to be used
* Name paramter is the database name
* Link to Azure docs for SQL Database Tiers/Editions/Size limits
The primary purpose of this data source is to ask the question "what is
my current region?", but it can also be used to retrieve the endpoint
hostname for a particular (possibly non-current) region, should that be
useful for some esoteric case.
This adds a singular data source in addition to the existing plural one.
This allows retrieving data about a specific AZ.
As a helper for writing reusable modules, the AZ letter (without its
usual region name prefix) is exposed so that it can be used in
region-agnostic mappings where a different value is used per AZ, such as
for subnet numbering schemes.
In c244e5a6 this resource was converted to a data source, but that was
a mistake since data sources are expected to produce stable results on
each run, and yet certificate requests contain a random nonce as part of
the signature.
Additionally, using the data source as a managed resource through the
provided compatibility shim was not actually working, since "Read" was
trying to parse the private key out of a SHA1 hash of the key, which is
what we place in state due to the StateFunc on that attribute.
By restoring this we restore Terraform's ability to produce all of the
parts of a basic PKI/CA, which is useful for creating dev environments
and bootstrapping PKI for production environments.
Looks like AWS updated their API and now our tests are failing
because QueryStringCacheKeys was not included in the distribution
configuration.
This adds support for specifying query string cache keys in the
CloudFront distribution configuration, which ensures that only a subset
of query string keys are actually cached when forwarding query strings,
possibly improving performance.
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.
Fixeshashicorp/terraform#8730.
* provider/aws: Fix importing of EIP by IP address
EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.
This PR does:
- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id
I chose not to document that looking up by IP is a method of import,
because the AWS API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.
Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.
* fix issue with swapping IDs on EC2 Classic
* update docs
* update comment
Based on support case with AWS, CloudWatch Events invoking Lambda should also specify the `source_arn`
Example, the resulting policy needs to be like:
```
{
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:events:us-east-1:0123456789:rule/my-cloudwatch-events-rule"
}
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:0123456789:function:my-lambda-function",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Sid": "AllowMyCloudWatchEventRuleToCallMyLambda"
}
```