Commit Graph

126 Commits

Author SHA1 Message Date
Paul Hinze 6b6b5a43c3 provider/aws: serialize SG rule access to fix race condition
Because `aws_security_group_rule` resources are an abstraction on top of
Security Groups, they must interact with the AWS Security Group APIs in
a pattern that often results in lots of parallel requests interacting
with the same security group.

We've found that this pattern can trigger race conditions resulting in
inconsistent behavior, including:

 * Rules that report as created but don't actually exist on AWS's side
 * Rules that show up in AWS but don't register as being created
   locally, resulting in follow up attempts to authorize the rule
   failing w/ Duplicate errors

Here, we introduce a per-SG mutex that must be held by any security
group before it is allowed to interact with AWS APIs. This protects the
space between `DescribeSecurityGroup` and `Authorize*` / `Revoke*`
calls, ensuring that no other rules interact with the SG during that
span.

The included test exposes the race by applying a security group with
lots of rules, which based on the dependency graph can all be handled in
parallel. This fails most of the time without the new locking behavior.

I've omitted the mutex from `Read`, since it is only called during the
Refresh walk when no changes are being made, meaning a bunch of parallel
`DescribeSecurityGroup` API calls should be consistent in that case.
2015-11-18 12:39:59 -06:00
Rafal Jeczalik 4f25b552bb use single import path for aws-sdk-go 2015-11-16 00:42:08 +01:00
stack72 fc983c5505 Initial Create, Read and Delete work for the S3 part of the Kinesis Firehose resource 2015-11-09 22:26:55 +00:00
stack72 89ce6f7c83 Started the work for the AWS CodeCommit Repository resource
Starting to add the skeleton for the creation and update of a repository
2015-10-30 21:39:04 +00:00
Clint 5c3c1e2327 Merge pull request #3548 from MDL/aws_route
provider/aws: add aws_route resource (finish)
2015-10-29 17:06:56 -05:00
Clint cb2ecf5733 Merge pull request #3255 from Runscope/local-kinesis
provider/aws: allow local kinesis
2015-10-29 08:24:07 -05:00
Radek Simko a618b048cf aws: Add support for aws_cloudtrail 2015-10-28 17:13:14 +00:00
Radek Simko 0d8d6fde79 Merge pull request #2636 from TimeIncOSS/f-aws-cloudformation
provider/aws: Add aws_cloudformation_stack
2015-10-28 16:16:14 +00:00
Christopher Tiwald a546a12c2d aws: Add support for aws_codedeploy_deployment_group resources 2015-10-20 18:05:40 -04:00
Christopher Tiwald e59fb4e6ca aws: Add support for "aws_codedeploy_app" resources. 2015-10-20 18:05:39 -04:00
gkze ac0afad6e9 Add aws_route resource 2015-10-19 09:16:26 -04:00
Garrett Heel 9c2725e0a5 provider/aws: allow local kinesis 2015-10-13 14:29:50 -07:00
Radek Simko 4dfbbe3074 provider/aws: Add implementation for aws_cloudformation_stack 2015-10-13 22:55:55 +02:00
stack72 5266db31e2 Adding the ability to manage a glacier vault 2015-10-13 14:58:29 +01:00
Paul Hinze 61721387b3 Merge pull request #3457 from TimeIncOSS/f-aws-ec2-placement-groups
provider/aws: Add support for EC2 Placement Group
2015-10-12 14:24:12 -05:00
Martin Atkins 091d3fe206 Merge #3351: aws_autoscaling_lifecycle_hook resource 2015-10-11 22:52:00 -07:00
Jonathan Leibiusky 57c80a0d46 Add support for aws autoscaling lifecycle hooks. 2015-10-11 20:42:40 -03:00
Radek Simko a66ac7e751 provider/aws: Add aws_directory_service_directory resource 2015-10-08 17:06:39 -07:00
Radek Simko 110be439e2 provider/aws: Add aws_placement_group 2015-10-08 12:44:14 -07:00
Radek Simko 2b9f4f895e provider/aws: Add support for aws_elasticsearch_domain 2015-10-07 16:57:46 -07:00
Radek Simko f9efede852 gofmt files from recently merged PRs 2015-10-07 13:35:06 -07:00
Clint Shryock 5739c4869c provider/aws: Docs for RDS Cluster, Cluster Instance 2015-10-07 11:26:23 -05:00
Martin Atkins 6c71504073 Various AWS OpsWorks layer resource types.
A "Layer" is a particular service that forms part of the infrastructure for
a set of applications. Some layers are application servers and others are
pure infrastructure, like MySQL servers or load balancers.

Although the AWS API only has one type called "Layer", it actually has
a number of different "soft" types that each have slightly different
validation rules and extra properties that are packed into the Attributes
map.

To make the validation rule differences explicit in Terraform, and to make
the Terraform structure more closely resemble the OpsWorks UI than its
API, we use a separate resource type per layer type, with the common code
factored out into a shared struct type.
2015-10-05 22:47:44 -07:00
Martin Atkins 4ce3d089fb aws_opswork_stack resource type.
"Stack" is the root concept in OpsWorks, and acts as a container for a number
of different "layers" that each provide some service for an application.
A stack isn't very interesting on its own, but it needs to be created before
any layers can be created.
2015-10-05 22:47:44 -07:00
Radek Simko 167b44770f provider/aws: Add efs_mount_target 2015-10-03 19:35:06 -07:00
Radek Simko cd96b8a7fc provider/aws: Add efs_file_system 2015-10-03 19:35:06 -07:00
Martin Atkins b8706a24d4 Merge #3156: aws_iam_saml_provider resource 2015-10-03 17:29:25 -07:00
Radek Simko b224abb7a9 provider/aws: Add cloudwatch_log_group 2015-09-16 22:28:01 +01:00
Martin Atkins 7f64327663 Three resources for AWS AMIs.
AWS provides three different ways to create AMIs that each have different
inputs, but once they are complete the same management operations apply.

Thus these three resources each have a different "Create" implementation
but then share the same "Read", "Update" and "Delete" implementations.
2015-09-03 10:05:41 -07:00
Radek Simko 5001bb078e provider/aws: Add new resource - aws_iam_saml_provider 2015-09-02 19:57:29 +01:00
Paul Hinze ca993a5a5e provider/aws: match with upstream changes 2015-08-10 15:39:47 -05:00
Clint Shryock 5c6083e1c4 Merge branch 'master' into f-aws-s3-object-pr-2079
* master: (720 commits)
  Update CHANGELOG.md
  Update CHANGELOG.md
  dynamodb-local Update AWS config https://github.com/hashicorp/terraform/pull/2825#issuecomment-126353610
  Make target_pools optional
  Update CHANGELOG.md
  code formatting
  Update CHANGELOG.md
  providers/google: Fix reading account_file path
  providers/google: Fix error appending
  providers/google: Return if we could parse JSON
  providers/google: Change account_file to JSON
  providers/google: Default account_file* to empty
  providers/google: Add account_file/account_file_contents ConflictsWith
  providers/google: Document account_file_contents
  providers/google: Use account_file_contents if provided
  providers/google: Add account_file_contents to provider
  Update CHANGELOG.md
  Update CHANGELOG.md
  dynamodb-local Use ` instead of : to refer region to keep the consistency with the provider docs
  dynamodb-local Update aws provider docs to include the `dynamodb_endpoint` argument
  ...
2015-07-30 14:30:35 -05:00
Pablo Cantero 75492513ec dynamodb-local Use ` instead of : to refer region to keep the consistency with the
provider docs
2015-07-29 13:36:02 -03:00
Pablo Cantero 35201e730e dynamodb-local Add `dynamodb_endpoint` allowing to change the DynamoDB Endpoint for
example to connect to dynamodb-local
2015-07-22 18:57:29 -03:00
Garrett Johnson f9e825efca provider/aws: Add new resource - aws_vpc_endpoint 2015-07-14 18:48:41 +01:00
Clint 791787047f Merge pull request #2395 from GrayCoder/master
Add resource "aws_iam_policy_attachment" to attach a managed policy to users, roles, or groups
2015-06-29 14:33:34 -05:00
Mitchell Hashimoto da1cac623d providers/aws: implement basic fast-path for not being in EC2 for creds 2015-06-28 23:06:49 -07:00
Mitchell Hashimoto 93cedc7ec1 providers/aws: style nitpick 2015-06-28 22:46:49 -07:00
Mitchell Hashimoto 2a5ed6c847 Merge pull request #1841 from josharian/aws-external-creds
providers/aws: detect credentials more robustly
2015-06-28 22:43:56 -07:00
Clint 079e4505a8 Merge pull request #2276 from SamClinckspoor/resource-aws-elasticache-parameter-group
provider/aws elasticache parameter group
2015-06-26 14:01:19 -05:00
Radek Simko 5cf5451d28 Merge pull request #1999 from TimeIncOSS/r53-delegation-set
provider/aws: Add Route 53 delegation set resource
2015-06-23 22:51:47 +01:00
Clint Shryock cc43ae8c4b Merge branch 'master' into f-aws-flow-logs
* master:
  Update CHANGELOG.md
  Update CHANGELOG.md
  Added affinity group resource.
  update link to actually work
  provider/azure: Fix SQL client name to match upstream
  add warning message to explain scenario of conflicting rules
  typo
  remove debugging
  Update CHANGELOG.md
  provider/aws: Add docs for autoscaling_policy + cloudwatch_metric_alarm
  provider/aws: Add autoscaling_policy
  provider/aws: Add cloudwatch_metric_alarm
  rename method, update docs
  clean up some conflicts with
  clean up old, incompatible test
  update tests with another example
  update test
  remove meta usage, stub test
  fix existing tests
  Consider security groups with source security groups when hashing
2015-06-22 09:33:42 -05:00
Radek Simko bfd8226b89 provider/aws: Add route53_delegation_set 2015-06-17 23:24:41 +01:00
Alex Pilon 05f4b9bfd9 provider/aws: Add autoscaling_policy 2015-06-17 23:10:23 +01:00
Alex Pilon ceeb94e157 provider/aws: Add cloudwatch_metric_alarm 2015-06-17 23:10:23 +01:00
Clint Shryock 1a6aef0ed7 Log Group Name is required/forcenew 2015-06-17 16:33:24 -05:00
Clint Shryock bfdf11c477 provider/aws: Implement AWS Flow Logs 2015-06-17 16:31:21 -05:00
Clint b132dd284e Merge pull request #2121 from johnewart/dynamodb
DynamoDB Support
2015-06-17 09:47:13 -05:00
Patrick Gray 73e8191983 add to provider 2015-06-16 16:10:45 -04:00
Paul Hinze 924278c33f Merge pull request #2226 from Banno/add-aws-route53-health-checks-squashed
provider/aws: add aws_route53_health_check (rebase,squash+docs)
2015-06-15 11:06:03 -05:00