Commit Graph

4924 Commits

Author SHA1 Message Date
Christopher Tiwald 5b0d61727e aws: Only store protocol numbers for ingress/egress rules on ACLs.
Users can input a limited number of protocol names (e.g. "tcp") as
inputs to network ACL rules, but the API only supports valid protocol
number:

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Preserve the convenience of protocol names and simultaneously support
numbers by only writing numbers to the state file. Also use numbers
when hashing the rules, to keep everything consistent.
2015-05-06 23:54:12 -04:00
Christopher Tiwald 8056b5f8f7 aws: Force users to use valid network masks on ACL ingress/egress
AWS will accept any overly-specific IP/mask combination, such as
10.1.2.2/24, but will store it by its implied network: 10.1.2.0/24.
This results in hashing errors, because the remote API will return
hashing results out of sync with the local configuration file.

Enforce a stricter API rule than AWS. Force users to use valid masks,
and run a quick calculation on their input to discover their intent.
2015-05-06 23:53:34 -04:00
Christopher Tiwald b888b31e08 aws: Force users to use from_port, to_port = 0 on network ACLs with -1 protocol
AWS doesn't store ports for -1 protocol rules, thus the read from the
API will always come up with a different hash. Force the user to make a
deliberate port choice when enabling -1 protocol rules. All from_port
and to_port's on these rules must be 0.
2015-05-06 23:51:23 -04:00
Mitchell Hashimoto 19b33326be terraform: don't include variables in destroy node requirements 2015-05-06 20:13:19 -07:00
Christopher Tiwald d14049c8ad aws: Don't try to modify or delete the untouchable network_acl rules.
AWS includes default rules with all network ACL resources which cannot
be modified by the user. Don't attempt to store them locally or change
them remotely if they are already stored -- it'll consistently result
in hashing problems.
2015-05-06 23:03:25 -04:00
Christopher Tiwald 03ee059da3 aws: Write ingress/egress rules into a map so they can be set.
resourceAwsNetworkAclRead swallowed these errors resulting in rules
that never properly updated. Implement an entry-to-maplist function
that'll allow us to write something that Set knows how to read.
2015-05-06 23:03:24 -04:00
Paul Hinze febf27a48e Update CHANGELOG.md 2015-05-06 19:41:18 -05:00
Paul Hinze a9678bd252 Merge pull request #1840 from hashicorp/f-aws-asg-handle-scaling-activity-in-progress-errors
provider/aws: handle in progress errs from ASG deletes
2015-05-06 19:39:23 -05:00
Paul Hinze 7f93879ff7 Update CHANGELOG.md 2015-05-06 19:38:44 -05:00
Paul Hinze 90907c8be5 Merge pull request #1738 from justincampbell/s3-website
providers/aws: S3 bucket website support
2015-05-06 19:37:29 -05:00
Paul Hinze 4d4d24d84d Update CHANGELOG.md 2015-05-06 19:10:25 -05:00
Paul Hinze 9a286402c3 Merge pull request #1838 from josharian/consul-scheme
providers/consul: add scheme argument
2015-05-06 19:09:11 -05:00
Paul Hinze 03530d1285 provider/aws: handle in progress errs from ASG deletes
If an AutoScalingGroup is in the middle of performing a Scaling
Activity, it cannot be deleted, and yields a ScalingActivityInProgress
error.

Retry the delete for up to 5m so we don't choke on this error. It's
telling us something's in progress, so we'll keep trying until the
scaling activity completed.
2015-05-06 18:54:59 -05:00
Paul Hinze 761523e8f9 Merge pull request #1839 from hashicorp/f-aws-asg-wait-for-capacity
provider/aws: wait for ASG capacity on creation
2015-05-06 18:40:13 -05:00
Paul Hinze 063454e9b8 provider/aws: wait for ASG capacity on creation
On ASG creation, waits for up to 10m for desired_capacity or min_size
healthy nodes to show up in the group before continuing.

With CBD and proper HealthCheck tuning, this allows us guarantee safe
ASG replacement.
2015-05-06 18:34:20 -05:00
Josh Bleecher Snyder 30d34908b7 providers/consul: add scheme argument
This enables connecting to consul over https
without having to set the envvar CONSUL_HTTP_SSL.
2015-05-06 16:12:32 -07:00
Clint c44ba73a2a Merge pull request #1837 from hashicorp/b-fix-aws-sg-vpcid
provider/aws: fix issue with reading VPC id in AWS Security Group
2015-05-06 17:01:20 -05:00
Mitchell Hashimoto 0377f9cbfa Merge pull request #1836 from ajlanghorn/this-is-the-day
website: Rename "The The" so that they can play songs again
2015-05-06 14:56:13 -07:00
Clint Shryock 8705f0f78f provider/aws: fix issue with reading VPC id in AWS Security Group 2015-05-06 16:54:43 -05:00
Andrew Langhorn bb4f7415ca Rename "The The" so that they can play songs again
Other than the fact that "The the" doesn't really make any sense anywhere
that it's used in Terraform, they're a post-punk band from the UK.

Fixes "The The" so that they can get back to playing songs.
2015-05-06 22:53:11 +01:00
Paul Hinze e7ca6cbe9e CHANGELOG: add elasticache, sort new resources 2015-05-06 15:11:44 -05:00
Mitchell Hashimoto 4a61d0abc9 provider/aws: do connection draining stuff totally separate 2015-05-06 11:47:06 -07:00
Clint Shryock acbca8101c provider/aws: Update Elasticache Subnet test 2015-05-06 13:44:24 -05:00
Mitchell Hashimoto 5378d904a2 provider/aws: remove debug 2015-05-06 11:43:36 -07:00
Mitchell Hashimoto 74665f27c8 provider/aws: must set connection draining timeout separate frrom
enabled
2015-05-06 11:43:18 -07:00
Paul Hinze fa04dfa731 Merge pull request #1833 from hashicorp/b-resource-test-warnings-are-ok
helper/resource: don't fail test on config warnings
2015-05-06 13:22:07 -05:00
Paul Hinze 300bc129a1 Merge pull request #1832 from hashicorp/b-google-instance-template-metadata
provider/google: compute template metadata to map
2015-05-06 13:18:38 -05:00
Paul Hinze fbce3a3caa helper/resource: don't fail test on config warnings
AccTests like TestAccComputeInstance_basic_deprecated_network were
failing early on "invalid config" when we are explictly testing behavior
that we know generates warnings.
2015-05-06 13:17:56 -05:00
Mitchell Hashimoto 5d12c79d90 provider/aws: retry VGW connection a bit due to eventual consistency 2015-05-06 11:09:51 -07:00
Paul Hinze 75c8396f7a provider/google: compute template metadata to map
Needs to match instance, since shared processing helper functions are
used.

Closes #1665
2015-05-06 12:33:35 -05:00
Mitchell Hashimoto f2ddb53c8f provider/aws: only include network in hash if instance is not set 2015-05-06 10:32:17 -07:00
Mitchell Hashimoto 7311019efe provider/aws: fix incorrect test 2015-05-06 10:20:19 -07:00
Mitchell Hashimoto cc955e449f Merge pull request #1831 from josharian/doc-sg
website: update aws security description docs
2015-05-06 10:19:50 -07:00
Josh Bleecher Snyder fa2e89a381 website: update aws security description docs 2015-05-06 10:08:30 -07:00
Mitchell Hashimoto 4db68cee89 providers/aws: eip network interface is computed 2015-05-06 10:04:38 -07:00
Mitchell Hashimoto 37c56d0084 provider/aws: fix alias test 2015-05-06 09:55:14 -07:00
Clint Shryock 4e717829f8 Merge branch 'master' of github.com:hashicorp/terraform
* 'master' of github.com:hashicorp/terraform:
  provider/aws: detach VPN gateway with proper ID
  update CHANGELOG
  provider/aws: Update ARN in instanceProfileReadResult
  provider/aws: remove placement_group from acctest
  core: module targeting
  Added support for more complexly images repos such as images on a private registry that are stored as namespace/name
2015-05-06 11:45:35 -05:00
Mitchell Hashimoto b184e283b9 provider/aws: detach VPN gateway with proper ID 2015-05-06 09:45:08 -07:00
Clint Shryock cd90648d4e provider/aws: Fix acceptance issue with Network Acls 2015-05-06 11:44:09 -05:00
Paul Hinze 47a45a68a6 Merge pull request #1820 from hashicorp/f-module-targeting
core: module targeting
2015-05-06 11:16:02 -05:00
Mitchell Hashimoto 1244d137e9 update CHANGELOG 2015-05-06 09:03:38 -07:00
Mitchell Hashimoto d8485ef506 Merge pull request #1818 from jwthomp/feature/image_name_parse
providers/docker: Support for more complexly named image repos
2015-05-06 09:02:41 -07:00
Mitchell Hashimoto f5ae13c0b4 Merge pull request #1826 from nabeken/iam-instance-profile-arn
provider/aws: Update ARN in instanceProfileReadResult
2015-05-06 09:01:42 -07:00
TANABE Ken-ichi 5be4ecdcdb provider/aws: Update ARN in instanceProfileReadResult 2015-05-07 00:26:57 +09:00
Paul Hinze f2368428d3 helper/schema: write "attr.#": "0" for empty maps
This fixes some perpetual diffs I saw in Atlas AccTests where an empty
map (`map[string]interface{}{}`) was being `d.Set` for "metadata_full".

Because the MapFieldWriter was not distinguishing between empty and nil,
this trigger the "map delete" logic and no count was written to the
state. This caused subsequent plans to improperly report a diff.

Here we redefine the map delete functionality to explicitly trigger only
on `nil`, so we catch the `.#` field for empty maps.
2015-05-06 10:21:22 -05:00
Paul Hinze 010a39a58e provider/aws: remove placement_group from acctest
Depends on there being an existing placement group in the account called
"terraform-placement-group" - we'll need to circle back around to cover
this with AccTests after TF gets an `aws_placement_group` resource.
2015-05-06 10:13:24 -05:00
Clint Shryock 34609c6c22 provider/aws: Change Route 53 record test name, so it can be ran individually 2015-05-06 09:48:15 -05:00
Paul Hinze 66fa633b80 provider/aws: move EBS test into us-west-2 2015-05-06 09:22:34 -05:00
Paul Hinze bcb4067cb3 provider/aws: update test name 2015-05-06 09:20:40 -05:00
Paul Hinze 7303568469 providers/aws: update test name 2015-05-06 09:18:41 -05:00