Commit Graph

3625 Commits

Author SHA1 Message Date
Kit Ewbank fd8d41f6a5 Add note to aws_security_group data source describing the default security group for a VPC. (#10247)
Add a corresponding acceptance test.
2016-11-20 16:28:11 +02:00
Kit Ewbank 3255921b6e aws_prefix_list data source - Add ability to select PL by name. (#10248) 2016-11-20 16:21:55 +02:00
Chris Marchesi 3ac05a539b provider/aws: Add aws_alb_listener data source (#10181)
* provider/aws: Add aws_alb_listener data source

This adds the aws_alb_listener data source to get information on an AWS
Application Load Balancer listener.

The schema is slightly modified (only option-wise, attributes are the
same) and we use the aws_alb_listener resource read function to get the
data.

Note that the HTTPS test here may fail due until
hashicorp/terraform#10180 is merged.

* provider/aws: Add aws_alb_listener data source docs

Now documented.
2016-11-18 13:01:21 +02:00
Chris Marchesi 99528f17cd provider/aws: Add CertificateNotFound retry waiter to aws_alb_listener (#10180)
Looks like sometimes it takes some time for IAM certificates to
propagate, which can cause errors on ALB listener creation.
Possibly same thing as hashicorp/terraform#5178, but for ALB
now instead of ELB.

This was discovered via acceptance tests, specifically the
TestAccAWSALBListener_https test. Updated the creation process to wait
on CertificateNotFound for a max of 5min.
2016-11-17 14:49:41 +02:00
Andrew Garrett 3822c69995 Add name_prefix to aws_iam_policy (#10178)
This is intended to behave the same way as name_prefix does in
aws_iam_role.

Fixes #10176
2016-11-17 14:03:03 +02:00
Clint d004a24659 Merge pull request #10171 from Ninir/vpc_enable_dns_support
provider/aws: Fixed the aws_vpc enable_dns_support handling on creation
2016-11-16 13:41:35 -06:00
Ninir 281eba72ad provider/aws: Fixed the aws_vpc enable_dns_support handling on creation 2016-11-16 20:05:49 +01:00
Ninir 3d56d20d82 Added retry_option for aws_kinesis_firehose_stream redshift_configuration 2016-11-15 10:55:02 -06:00
Clint 665ca05bf6 Merge pull request #10112 from Ninir/aws_kinesis_firehose_stream_buffer_option
provider/aws: kinesis_firehose_delivery_stream: Fixed ES buffering_interval option
2016-11-15 09:55:12 -06:00
Justin Nauman e36f424af3 GH-7311 - Increasing deletion timeout wait
- Per our discussion around the PR to increase this initially, we
weren't sure if 1 minute would be sufficient.  Well, it turns out it
wasn't for me today (we don't delete these often so not sure how
often people run into this).

Picking another somewhat arbitrary value of 5 minutes in the hopes
that it will be sufficient (today it took a little over 2 minutes).
2016-11-15 09:11:28 -06:00
Jeremy Asher ece6f30a21 increase aws_lambda_function timeout
Since the Lambda CreateFunction call may include an up to 50MB payload,
the request can easily take more than a minute.  This increases the
timeout to 10 minutes.
2016-11-14 15:50:39 -08:00
Ninir e077e4b260 provider/aws: fixed buffering_interval option 2016-11-14 22:18:11 +01:00
Paul Stack ecb2b74c37 Merge pull request #9534 from Ninir/aws_apigw_deployment_date
provider/aws: 	Exposed aws_api_gateway_deployment.created_date attribute
2016-11-14 12:11:59 +00:00
Paul Stack 24231333d3 Exposed AWS API GW REST Api created_date attribute (#9532) 2016-11-14 12:09:28 +00:00
Ninir a88b25cfcf Exposed AWS API GW REST Api created_date attribute 2016-11-14 11:56:41 +01:00
Ninir 6fb63f2854 Exposed aws_api_gateway_deployment.created_date attribute 2016-11-14 11:21:36 +01:00
Ninir 932c92e4c6 Exposed aws_api_gateway_api_key created_date & last_updated_date (#9530) 2016-11-14 12:03:56 +02:00
Ninir d8e846c895 Fixed ##10079 exposing aws_iam_role create_date attribute (#10091) 2016-11-14 11:33:53 +02:00
Paul Stack 3472cab7d6 provider/aws: Fix panic in aws_acm_certificate datasource (#10051)
Fixes #10042
Fixes #9989

Another panic was found with this resource. IT essentially was causing a
panic when no certificates were found. This was due to the casting of
status to []string

There are times when there are no statuses passed in. Made the error
message a lot more generic now rather than having something like this

```

No certificate with statuses [] for domain mytestdomain.com found in this region.
```

This now becomes:

```
No certificate for domain mytestdomain.com found in this region.
```

Also, added a test to show that the panic is gone

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAcmCertificateDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/11 15:11:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAwsAcmCertificateDataSource_ -timeout 120m
=== RUN   TestAccAwsAcmCertificateDataSource_noMatchReturnsError
--- PASS: TestAccAwsAcmCertificateDataSource_noMatchReturnsError (6.07s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws6.094s
```
2016-11-11 16:07:50 +02:00
Andreas Skarmutsos Lindh 5e32c144d5
Ignore AWS specific tags
Allows us to adopt resources created with CloudFormation.

Extend AWS specific tag ignoring to all tags*

Ignore AWS specific tags for autoscaling
2016-11-11 15:40:09 +02:00
Anshul Sharma e1919edbb3 Allow underscore in database_name [redshift] (#10019)
* allow underscore in database_name [redshift]

Fixes #10009

* Added Test Cases To Validate Redshift DBName

* Remove Old Test Cases Regarding Redshift DBName Validation

* Added More Test Cases For Redshift DBName
2016-11-11 11:59:00 +02:00
clint shryock 303b07e61f provider/aws: Update AutoScaling Schedule test files to avoid conflicts 2016-11-10 11:36:57 -06:00
stack72 e02960810d
provider/aws: Rename zone_id to hosted_zone_id in aws_db_instance
Also added a test to prove that the computed value gets set

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 06:26:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_basic -timeout 120m
=== RUN   TestAccAWSDBInstance_basic
--- PASS: TestAccAWSDBInstance_basic (634.33s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws634.347s
```
2016-11-10 06:41:43 +00:00
Michel Rasschaert 62ea843ff3 zone_id exported attribute for db_instance resource 2016-11-09 19:54:09 +01:00
Paul Stack 643d42c412 provider/aws: AWS IAM, User and Role allow + in the name (#9991)
Fixes #9985

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestValidateIamUserName'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/09 12:12:42 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestValidateIamUserName
-timeout 120m
=== RUN   TestValidateIamUserName
--- PASS: TestValidateIamUserName (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws0.026s
```
2016-11-09 15:54:15 +00:00
Paul Stack d66359b046 provider/aws: Fix panic when passing statuses to aws_acm_certificate (#9990)
Fixes #9989

When passing a list of statuses to the acm_certificate data source, we
were trying to cast a schema.TypeList directly to []string

We need to do it via an []interface{} and then cast to string when
ranging over the results. Without this, we get a panic
2016-11-09 15:53:36 +00:00
Nick Santamaria 8949419bef provider/aws: Add key_name_prefix argument to aws_key_pair resource (#9993)
* Added key_name_prefix to aws_key_pair resource schema.

* Added logic to prefix the aws_key_pair name on create.

* Added aws_key_pair test config for key_name_prefix case.

* Copied test cases from testAccAWSSecurityGroup namespace.

* Modified copied test case to suit aws_key_pair resource.

* Changed required flag to optional on key_name argument for aws_key_pair resource.

* Added documentation for key_name_prefix argument.

* Code style fix.

* Fixed undefined variable error in test.
2016-11-09 15:35:51 +00:00
ddcprg 27527ef3cb EMR Cluster - core_instance_count doesn't actually refer to core instances 2016-11-09 08:47:23 -06:00
jmasseo 77ca7001a8 removing toLower from flattenElastiCacheParameters - aws_elasticache_parameter_group parameters can be case sensitive (#9820) 2016-11-09 11:34:00 +00:00
Paddy 78f8fea1fa Merge pull request #9950 from optimisticanshul/9928-aws-redshift-enhanced-vpc-routing
Added AWS Redshift Enhanced VPC Routing
2016-11-08 11:02:37 -08:00
Clint 81e599e53f Merge pull request #9600 from HotelsDotCom/master
AWS EMR resource - Support for Service Access Security Group
2016-11-08 11:36:03 -06:00
Anshul Sharma e9821eaced Updated Redshift Documentation and Added Test Cases for Redshift Enchaned VPC routing 2016-11-08 18:13:10 +05:30
Anshul Sharma 1030cc1344 Added AWS Redshift Enhanced VPC Routing 2016-11-08 17:36:29 +05:30
Paul Stack 38cd7947b6 provider/aws: Fix the validateFunc of aws_elasticache_replication_group (#9918)
Fixes #9895

The replication_group_id should allow length to be max of 20 not 16

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestResourceAWSElastiCacheReplicationGroupIdValidation'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 16:17:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestResourceAWSElastiCacheReplicationGroupIdValidation -timeout
120m
=== RUN   TestResourceAWSElastiCacheReplicationGroupIdValidation
--- PASS: TestResourceAWSElastiCacheReplicationGroupIdValidation (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws0.032s
```
2016-11-07 21:02:00 +00:00
Paul Stack c0442ee63f provider/aws: aws_alb_target_group arn_suffix missing the targetgroup (#9911)
The work to add the arn_suffix in #9734 skipped adding the targetgroup/
part of the arn

This PR adds it

//cc @firthh

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 12:19:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.23s)
=== RUN   TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (80.09s)
=== RUN   TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (87.45s)
=== RUN   TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (78.47s)
=== RUN   TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (73.53s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (75.60s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (76.40s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	518.777s
```
2016-11-07 20:17:43 +00:00
Paul Stack 3f032ff611 provider/aws: Setting static_routes_only on import of vpn_connection (#9802)
fixes #9110

An error was found where, static_routes_only was not set on a vpn
connection import. This commit introduces setting the static_routes_only
to false when no Options are found. This follows the AWS convention as follows:

```
- options (structure)

Indicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify true .
Default: false

```

So we take it that `static_options_only` is false by default

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 10:38:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN   TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (178.29s)
=== RUN   TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.81s)
=== RUN   TestAccAWSVpnConnection_withoutStaticRoutes
--- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (195.45s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	710.572s
```
2016-11-07 16:12:41 +00:00
Masayuki Morita f68d5e82f3 provider/aws: Fix bug #9863 destroying aws_iam_user with force_destroy does not work (#9900) 2016-11-07 10:37:32 +00:00
Paddy a15726d069 Merge pull request #9857 from hashicorp/paddy_8822_fix_spot_fleet_ebs
provider/aws: Fix hashing of EBS volumes in spot fleet requests to prevent panics
2016-11-04 09:38:38 -07:00
Mitchell Hashimoto 125b7f4d44 Merge pull request #9806 from hashicorp/f-modify-aws-user-agent
provider/aws: Modify AWS User-Agent to new format
2016-11-04 08:50:15 -07:00
Clint abcc766344 Merge pull request #9871 from hashicorp/b-aws-opsworks-tests
provider/aws: Decouple and randomize OpsWorks test configs
2016-11-04 09:40:48 -05:00
clint shryock 639a088897 provider/aws: Decouple and randomize OpsWorks test configs 2016-11-04 09:33:07 -05:00
James Nugent 3361047e38 provider/aws: Address acm_certificate review items 2016-11-03 20:01:46 -04:00
Paul Hinze ccd745c96f provider/aws: New Data Source: aws_acm_certificate
Use this data source to get the ARN of a certificate in AWS Certificate
Manager (ACM). The process of requesting and verifying a certificate in ACM
requires some manual steps, which means that Terraform cannot automate the
creation of ACM certificates. But using this data source, you can reference
them by domain without having to hard code the ARNs as input.

The acceptance test included requires an ACM certificate be pre-created
in and information about it passed in via environment variables. It's a
bit sad but there's really no other way to do it.
2016-11-03 19:34:19 -04:00
Paddy 7d06ea8449 Fix EBS block device hashing in spot fleet requests.
When computing the set key for an EBS block device, we were using
the wrong function; we had hashEphemeralBlockDevice instead of
hashEbsBlockDevice. This caused a panic by trying to access the
virtual_name attribute that will never be set for EBS block
devices.

To fix this, I switched to the hashEbsBlockDevice function, which
is already being used to compute a Set key in the Schema. But in
the default case, where the snapshot_id attribute isn't specified,
this also caused a panic. I updated the way the string to hash is
generated to check for the existence of the device_name and
snapshot_id attributes before we use them, to avoid panics when
these optional attributes aren't set.
2016-11-03 16:24:19 -07:00
Paddy 24dd4273c7 Add an acceptance test for adding EBS volumes to a spot fleet req
Spot fleet requests can have EBS volumes attached to them, and at
the moment we're getting reports that crashes can be experienced
with them. This adds an acceptance test that exercises creating
a Spot Fleet request that has a non-instance EBS volume attached.
This successfully reproduces the panic.
2016-11-03 16:19:50 -07:00
Justin Nauman 9e11b59814 provider/aws: aws_autoscaling_attachment resource (#9146)
* GH-8755 - Adding in support to attach ASG to ELB as independent action

* GH-8755 - Adding in docs

* GH-8755 - Adjusting attribute name and responding to other PR feedback
2016-11-03 13:08:49 +00:00
James Nugent 549993147f Merge pull request #9822 from hashicorp/paddy_8502_sni
provider/aws: Add the enable_sni attribute for Route53 health checks.
2016-11-02 23:38:01 -04:00
Paddy 42049e984f provider/aws: Add the enable_sni attribute for Route53 health checks.
In #8502 it was requested that we add support for the EnableSNI
parameter of Route53's health checks; this enables customers to
manually specify whether or not the health check will use SNI when
communicating with the endpoint.

The customer originally requested we default to `false`. While
implementing the issue, I discovered that when creating health
checks with a Type set to HTTP, Amazon's default value for EnableSNI
is `false`. However, when creating health checks with a Type set to
HTTPS, Amazon's default value is `true`. So rather than setting a
default value, I made the attribute computed.
2016-11-02 16:23:35 -07:00
clint shryock d120e1a38a provider/aws: Fix TestAccAWSAPIGatewayDomainName_basic test 2016-11-02 16:23:39 -05:00
Paul Stack c5bd727f03 provider/aws: Allows aws_alb security_groups to be updated (#9804)
Fixes #9658
Fixes #8728

Originally, this would ForceNew as follows:

```
-/+ aws_alb.alb_test
    arn:                        "arn:aws:elasticloadbalancing:us-west-2:187416307283:loadbalancer/app/test-alb-9658/3459cd2446b76901" => "<computed>"
    arn_suffix:                 "app/test-alb-9658/3459cd2446b76901" => "<computed>"
    dns_name:                   "test-alb-9658-1463108301.us-west-2.elb.amazonaws.com" => "<computed>"
    enable_deletion_protection: "false" => "false"
    idle_timeout:               "30" => "30"
    internal:                   "false" => "false"
    name:                       "test-alb-9658" => "test-alb-9658"
    security_groups.#:          "2" => "1" (forces new resource)
    security_groups.1631253634: "sg-3256274b" => "" (forces new resource)
    security_groups.3505955000: "sg-1e572667" => "sg-1e572667" (forces new resource)
    subnets.#:                  "2" => "2"
    subnets.2407170741:         "subnet-ee536498" => "subnet-ee536498"
    subnets.2414619308:         "subnet-f1a7b595" => "subnet-f1a7b595"
    tags.%:                     "1" => "1"
    tags.TestName:              "TestAccAWSALB_basic" => "TestAccAWSALB_basic"
    vpc_id:                     "vpc-dd0ff9ba" => "<computed>"
    zone_id:                    "Z1H1FL5HABSF5" => "<computed>"

Plan: 1 to add, 0 to change, 1 to destroy.
```

When the ALB was ForceNew, the ARN changed. The test has been updated to include a check to make sure that the ARNs are the same after the update

After this change, it looks as follows:

```
~ aws_alb.alb_test
    security_groups.#:          "1" => "2"
    security_groups.1631253634: "" => "sg-3256274b"
    security_groups.3505955000: "sg-1e572667" => "sg-1e572667"

Plan: 0 to add, 1 to change, 0 to destroy.
```

Test Results:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'                                                                                                                                ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 12:20:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (64.25s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (65.04s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (67.02s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (96.06s)
=== RUN   TestAccAWSALB_updatedSecurityGroups
--- PASS: TestAccAWSALB_updatedSecurityGroups (101.61s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (59.83s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (162.65s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	616.489s
```
2016-11-02 16:11:12 +00:00
clint shryock 5cd40bce30 provider/aws: Modify AWS User-Agent to new format 2016-11-02 10:43:35 -05:00
Paul Stack 6649b938da provider/aws: Provide the option to skip_destroy on aws_volume_attachment (#9792)
* provider/aws: Provide the option to skip_destroy on
aws_volume_attachment

When you want to attach and detach pre-existing EBS volumes to an
instance, we would do that as follows:

```
resource "aws_instance" "web" {
	ami = "ami-21f78e11"
  availability_zone = "us-west-2a"
	instance_type = "t1.micro"
	tags {
		Name = "HelloWorld"
	}
}

data "aws_ebs_volume" "ebs_volume" {
  filter {
  	name = "size"
  	values = ["${aws_ebs_volume.example.size}"]
  }
  filter {
  	name = "availability-zone"
  	values = ["${aws_ebs_volume.example.availability_zone}"]
  }
  filter {
  	name = "tag:Name"
  	values = ["TestVolume"]
  }
}

resource "aws_volume_attachment" "ebs_att" {
  device_name = "/dev/sdh"
	volume_id = "${data.aws_ebs_volume.ebs_volume.id}"
	instance_id = "${aws_instance.web.id}"
	skip_destroy = true
}
```

The issue here is that when we run a terraform destroy command, the volume tries to get detached from a running instance and goes into a non-responsive state. We would have to force_destroy the volume at that point and risk losing any data on it.

This PR introduces the idea of `skip_destroy` on a volume attachment. tl;dr:

We want the volume to be detached from the instane when the instance itself has been destroyed. This way the normal shut procedures will happen and protect the disk for attachment to another instance

Volume Attachment Tests:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVolumeAttachment_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 00:47:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVolumeAttachment_ -timeout 120m
=== RUN   TestAccAWSVolumeAttachment_basic
--- PASS: TestAccAWSVolumeAttachment_basic (133.49s)
=== RUN   TestAccAWSVolumeAttachment_skipDestroy
--- PASS: TestAccAWSVolumeAttachment_skipDestroy (119.64s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	253.158s
```

EBS Volume Tests:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 01:00:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN   TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (26.38s)
=== RUN   TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (26.86s)
=== RUN   TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (27.89s)
=== RUN   TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (26.88s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	108.032s
```

* Update volume_attachment.html.markdown
2016-11-02 15:29:37 +00:00
Martin Atkins 145bf42806 provider/aws: IAM policy document: normalize wildcard principals
There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:

- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}

The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.

This fixes #9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.

This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
2016-11-01 08:46:34 -07:00
Paul Stack aaece37ec9 provider/aws: Adding a datasource for aws_ebs_volume (#9753)
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN   TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN   TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
2016-11-01 14:15:31 +00:00
Krzysztof Wilczynski 6f02a2df55 provider/aws: Allow `active` state while waiting for the VPC Peering Connection. (#9754)
* Allow `active` state while waiting for the VPC Peering Connection.

This commit adds `active` as one of the valid states in which the VPC Peering
Connection can be when it being created.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add more valid states.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-11-01 09:51:46 +00:00
Paul Stack 98c385723c provider/aws: Fix aws_route53_record alias perpetual diff (#9704)
Fixes #9628
Fixes #9298

When a route53_record alias is updated in the console, AWS prepends
`dualstack.` to the name. This is there incase IPV6 is wanted. It is
exactly the same without it as it is with it

In order to stop perpetual diffs, I introduced a normalizeFunc that will
that tke alias name and strip known issues:

* dualstack
* trailing dot

This normalize fun will continue to grow I'm sure

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'                                         ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/29 00:28:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (124.64s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (132.07s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (134.07s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (113.36s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (112.62s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (162.84s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (126.18s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (121.10s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (118.14s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (155.07s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (235.41s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
^[[C--- PASS: TestAccAWSRoute53Record_geolocation_basic (125.32s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (122.23s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (231.98s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (116.48s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	2131.526s
```

Before this fix, I was getting the following by recreating the code in

```
~ aws_route53_record.alias
    alias.1563903989.evaluate_target_health: "true" => "false"
    alias.1563903989.name:                   "9828-recreation-106795730.us-west-2.elb.amazonaws.com." => ""
    alias.1563903989.zone_id:                "Z1H1FL5HABSF5" => ""
    alias.318754017.evaluate_target_health:  "" => "true"
    alias.318754017.name:                    "" => "9828-recreation-106795730.us-west-2.elb.amazonaws.com"
    alias.318754017.zone_id:                 "" => "Z1H1FL5HABSF5"

Plan: 0 to add, 1 to change, 0 to destroy.
```

After this fix:

```

No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
2016-10-31 19:18:00 +00:00
Anshul Sharma 6432bb546c Added AWS Resource WAF SqlInjectionMatchSet (#9709) 2016-10-31 17:51:47 +00:00
Paul Stack fdabf59380 provider/aws: Expose ARN suffix on ALB Target Group (#9734)
When creating a CloudWatch Metric for an Application Load Balancer Target Group  it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
2016-10-31 17:05:06 +00:00
Paul Stack ed49da8bb1 provider/aws: Add support for reference_name to aws_route53_health_check (#9737)
Fixes #8679

The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`

When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:

```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```

We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request

```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_'                              130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN   TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN   TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN   TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN   TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN   TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN   TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	132.568s
```
2016-10-31 16:00:40 +00:00
Clint f446f7f2be Merge pull request #9667 from hashicorp/b-aws-lambda-mutex
provider/aws: Limit AWS Lambda source uploads
2016-10-31 08:51:08 -05:00
Paul Stack 92f48ad243 provider/aws: Update aws_appautoscaling_target_test (#9736)
The update of the test was causing a test failure - it was setting
desired_count to 1 when miz_size was set to 2 - this was causing a
perpetual diff in the test
2016-10-31 10:40:35 +00:00
Paul Stack 3accd5485a provider/aws: Make iam_user_policy_attachment_test work as expected: (#9733)
Was failing due to using IAM user `test-name` as it was being used in
more than 1 place - this has been replaced by a random user and random
policy names now

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUserPolicyAttachment_basic'                                                                               2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 08:39:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUserPolicyAttachment_basic -timeout 120m
=== RUN   TestAccAWSUserPolicyAttachment_basic
--- PASS: TestAccAWSUserPolicyAttachment_basic (32.04s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	32.053s
```
2016-10-31 09:52:38 +00:00
Martin Atkins ea0bc04277 provider/aws: aws_ami: handle deletion of AMIs (#9721)
Previously this resource (and, by extension, the aws_ami_copy and
aws_ami_from_instance resources that share much of its implementation)
was handling correctly the case where an AMI had been recently
deregistered, and was thus still returned from the API, but not correctly
dealing with the situation where the AMI has been removed altogether.

Now we additionally handle the NotFound error returned by the API when
we request a non-existent AMI, and remove the AMI from the state in the
same way we do for deregistered AMIs.
2016-10-31 09:51:59 +00:00
Anshul Sharma 625e747359 Added AWS Resource WAF XssMatchSet (#9710) 2016-10-31 08:51:08 +00:00
Masayuki Morita eb1a58d966 Update doc: aws_iam_user with force_destroy deletes IAM User Login Profile (#9716)
refs: https://github.com/hashicorp/terraform/pull/9583
2016-10-29 16:20:18 +01:00
Clint 01e8bd1f70 provider/aws: Fix import of RouteTable with destination prefixes (#9686)
* add test failure

* provider/aws: Skip import of routes that contain destination prefix ids
2016-10-29 01:01:17 +02:00
Anshul Sharma cc8f11138f Added AWS Resource WAF SizeConstraintSet (#9689) 2016-10-29 00:58:37 +02:00
Andras Ferencz-Szabo 46cb7b4710 Allow underscores in IAM user and group names (#9684)
* Allow underscores in IAM user and group names

* Add notes to iam_user and iam_group docs that names are not distinguished by case
2016-10-28 14:40:04 +02:00
Anshul Sharma afc603c0f8 Added AWS Resource WAF ByteMatchSet (#9681) 2016-10-28 14:36:16 +02:00
Liam Bennett 8fee7642a9 New AWS resource `ssm_activation` (#9111)
Adding a new resource to support activation of managed instances for
on-premise virtual-machines.
2016-10-28 11:59:12 +02:00
Krzysztof Wilczynski a078b893d6 Add support for `AutoMinorVersionUpgrade` to aws_elasticache_replication_group resource. (#9657)
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-28 00:08:14 +01:00
clint shryock b33d605cb0 provider/aws: Limit AWS Lambda source uploads 2016-10-27 14:41:20 -05:00
Paul Stack de6b51f8f9 provider/aws: Refresh aws_autoscaling_schedule from state on 404 (#9659)
Fixes #9654

Before the fix, I created an ASG with a schedule on it. Went to the AWS
console and deleted the schedule. A terraform plan looked as follows:

```
% terraform plan
    See https://www.terraform.io/docs/internals/internal-plugins.html
    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but
    will not be persisted to local or remote state storage.

    aws_launch_configuration.foobar: Refreshing state... (ID:
    terraform-test-foobar5)
    aws_autoscaling_group.foobar: Refreshing state... (ID:
    terraform-test-foobar5)
    aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
    Error refreshing state: 1 error(s) occurred:

    * aws_autoscaling_schedule.foobar: Unable to find Autoscaling
    * Scheduled Action: []*autoscaling.ScheduledUpdateGroupAction(nil)
```

After the fix:

```
terraform plan                                                                                                                           1 ↵
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_launch_configuration.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

+ aws_autoscaling_schedule.foobar
    arn:                    "<computed>"
    autoscaling_group_name: "terraform-test-foobar5"
    desired_capacity:       "0"
    end_time:               "2018-01-16T13:00:00Z"
    max_size:               "0"
    min_size:               "0"
    recurrence:             "<computed>"
    scheduled_action_name:  "foobar"
    start_time:             "2018-01-16T07:00:00Z"

Plan: 1 to add, 0 to change, 0 to destroy.
```

Tests run as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_'                                               2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 17:45:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_ -timeout 120m
=== RUN   TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (140.94s)
=== RUN   TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.17s)
=== RUN   TestAccAWSAutoscalingSchedule_recurrence
--- PASS: TestAccAWSAutoscalingSchedule_recurrence (186.72s)
=== RUN   TestAccAWSAutoscalingSchedule_zeroValues
--- PASS: TestAccAWSAutoscalingSchedule_zeroValues (167.73s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	674.530s
```
2016-10-27 18:39:15 +01:00
Mathieu Herbert 7f9baf7009 provider/aws: data source for AWS Security Group (#9604)
* provider/aws: data source for AWS Security Group

* provider/aws: add documentation  for data source for AWS Security Group

* provider/aws: data source for AWS Security Group (improve if condition and syntax)

* fix fmt
2016-10-27 18:17:58 +01:00
Kit Ewbank 3818720fd4 provider/aws: Data source to provides details about a specific AWS prefix list (#9566)
* Add AWS Prefix List data source.

AWS Prefix List data source acceptance test.

AWS Prefix List data source documentation.

* Improve error message when PL not matched.
2016-10-27 14:58:24 +01:00
Anshul Sharma bc42229b3d Added WAF ACL Resource (#8852) 2016-10-27 12:54:36 +01:00
stack72 b3a0145d8c
provider/aws: Fixing the acceptance test for ALB AccessLogs Enabling
toggle

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSALB_'
% ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 12:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (61.86s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (63.51s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (61.93s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (95.84s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (60.01s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (156.99s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws500.162s
```
2016-10-27 12:12:00 +01:00
stack72 54cca9b4fb
Merge branch 'master' of https://github.com/jvasallo/terraform into jvasallo-master 2016-10-27 11:00:48 +01:00
James Nugent 54e4deb3e3 provider/aws: Suceed deleting bucket policy on err (#9641)
If there is no bucket, a bucket policy can be counted as successfully
deleted.
2016-10-26 23:16:54 +01:00
Krzysztof Wilczynski 44614c6765 provider/aws: Validate regular expression passed via the `name_regex` attribute. (#9622)
* Clean-up for Go 1.7+ version.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Validate regular expression passed via the `name_regex` attribute.

This commit adds a simple ValidateFunc to check whether the regular
expression that was passed down via the `name_regex` attribute is valid.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-26 12:09:14 +01:00
James Nugent eb17741d26 Merge pull request #9605 from hashicorp/keybase-aws-login-profile
provider/aws: aws_iam_user_login_profile resource
2016-10-25 20:09:42 -05:00
dario-simonetti dbdaf20a19 provider/aws: fix aws_elasticache_replication_group for Redis in cluster mode (#9601)
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.

Changes:
 - Adds new output attribute `configuration_endpoint_address`. Only
   used in Redis when in cluster mode.
 - Read the `snapshot_window` and `snapshot_retention_limit` from
   the
   replication group description instead of the cache cluster
   description.
 - Adds acceptance test and modifies an existing acceptance test to
   make sure that everything is still good in non-cluster mode
 - Updates docs to describe new output attribute
2016-10-25 23:59:54 +01:00
James Nugent e5bda11a2d provider/aws: Add tests with bad keys
Add a test with a bad explicitly specified GPG key and a keybase user
(that we own) with no public keys.
2016-10-25 16:27:34 -05:00
James Nugent 2e046232a0 provider/aws: Add Login Profile acceptance tests 2016-10-25 16:16:57 -05:00
James Nugent e5fb6c9b23 provider/aws: Don't fail if login profile exists
If an IAM user already has a login profile, we bring it under management
- we will NOT modify it - but we cannot set the password.
2016-10-25 13:22:14 -05:00
James Nugent dba3ec2f5d provider/aws: Adhere to policy for login profiles
This commit modifies password generation such that it is highly likely
to match any AWS password policy.
2016-10-25 12:57:35 -05:00
James Nugent 513c2f9720 provider/aws: aws_iam_user_login_profile resource
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.

For example:

```
resource "aws_iam_user" "u" {
        name = "auser"
        path = "/"
        force_destroy = true
}

resource "aws_iam_user_login_profile" "u" {
        user = "${aws_iam_user.u.name}"
        pgp_key = "keybase:some_person_that_exists"
}

output "password" {
	value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```

The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:

```
terraform output password | base64 --decode | keybase pgp decrypt
```

Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
2016-10-25 12:08:50 -05:00
ddcprg 47e079b77b Support for Service Access Security Group 2016-10-25 16:55:09 +01:00
Ninir ef5ceb9681 Exposed aws_api_gw_domain_name.certificate_upload_date attribute (#9533) 2016-10-25 16:07:08 +01:00
Paul Stack c7935a0fd2 Merge pull request #9584 from hashicorp/aws-iam-group-name-validation
provider/aws: Add validation to IAM User and Group Name
2016-10-25 14:23:17 +01:00
Paul Stack df18307662 Merge pull request #9583 from hashicorp/aws-iam-delete-force_destroy
provider/aws: Delete Loging Profile from IAM User on force_destroy
2016-10-25 14:14:49 +01:00
stack72 79557bca80
provider/aws: Add validation to IAM User and Group Name
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...

Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html

Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN   TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN   TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws37.121s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'                                                                 ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	39.710s
```
2016-10-25 13:18:41 +01:00
stack72 2dcc6b8ef0
provider/aws: Delete Loging Profile from IAM User on force_destroy
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:

```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
    status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```

We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
2016-10-25 12:56:30 +01:00
Paul Stack a65dc539ac Merge pull request #9504 from hashicorp/aws-redshift-sng-tags
provider/aws: Add tagging support to aws_redshift_subnet_group
2016-10-25 11:48:16 +01:00
Clint 0c4526fbad Merge pull request #9561 from hashicorp/b-aws-vpc-endpoint-refresh
provider/aws: Remove VPC Endpoint from state if it's not found
2016-10-24 14:25:21 -05:00
clint shryock 85dd379974 provider/aws: Remove VPC Endpoint from state if it's not found 2016-10-24 14:17:58 -05:00
clint shryock c014dac279 provider/aws: Make associate_public_ip_address computed 2016-10-24 11:24:54 -05:00
stack72 52f2717bfb
provider/aws: Add tagging support to aws_redshift_subnet_group
Fixes #9492

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRedshiftSubnetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/21 17:16:02 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRedshiftSubnetGroup_ -timeout 120m
=== RUN   TestAccAWSRedshiftSubnetGroup_importBasic
--- PASS: TestAccAWSRedshiftSubnetGroup_importBasic (86.54s)
=== RUN   TestAccAWSRedshiftSubnetGroup_basic
--- PASS: TestAccAWSRedshiftSubnetGroup_basic (85.50s)
=== RUN   TestAccAWSRedshiftSubnetGroup_updateSubnetIds
--- PASS: TestAccAWSRedshiftSubnetGroup_updateSubnetIds (140.01s)
=== RUN   TestAccAWSRedshiftSubnetGroup_tags
--- PASS: TestAccAWSRedshiftSubnetGroup_tags (136.02s)
PASS
ok	github.com/hashicorp/terraform/builtin/providers/aws	448.075
```
2016-10-24 13:44:46 +01:00
Radek Simko eda1298e21 provider/aws: Increase ECS service drain timeout (#9521) 2016-10-22 14:16:59 +01:00
Clint dcbcde4b82 Merge pull request #8893 from dennis-bsi/fix-asg-policy-to-0
provider/aws: aws_autoscaling_policy fails when setting scaling_adjustment to 0 for SimpleScaling
2016-10-21 16:17:16 -05:00
Clint 6f7e9ac4dd Merge pull request #9511 from dennis-bsi/aws-redshift-sng-name-validation
provider/aws: limiting aws_redshift_subnet_group name to alphanumeric and hyphens
2016-10-21 14:35:53 -05:00
Clint 88925eb939 Merge pull request #9515 from dennis-bsi/aws-redshift-sng-description-update
provider/aws: aws_redshift_subnet_group allows description to be modified
2016-10-21 14:32:34 -05:00
Dennis Webb dac69b7919 fixing issue where changing only the description only didn't actually update on AWS 2016-10-21 12:14:41 -05:00
Clint 34b21083ee Merge pull request #8983 from 987poiuytrewq/b-aws-beanstalk-option-updates
provider/aws: fix option updates to beanstalk
2016-10-21 11:43:43 -05:00
clint shryock 3fbf01ea1b provider/aws: Bump AWS Route retry to 2 minutes, up from 15 seconds 2016-10-21 11:36:51 -05:00
Dennis Webb 05783ca044 limiting subnetgroup name to alphanumeric and hyphens 2016-10-21 11:28:48 -05:00
Paul Stack 7d7da4b6b6 Merge pull request #9456 from kwilczynski/feature/rename-file-aws_availability_zones
provider/aws: Rename the file to match the naming scheme.
2016-10-21 14:38:03 +04:00
clint shryock aa9c420586 slight rename and sorting of test 2016-10-20 16:16:01 -05:00
Clint e6c2b7f19c Merge pull request #9357 from mrwacky42/f/vpce-empty-rtb
Allow empty route_table_ids list in aws_vpc_endpoint resources
2016-10-20 16:13:06 -05:00
Krzysztof Wilczynski 219efaa64f
Rename the file to match the naming scheme.
This commit is a maintenance change aimed at aligning file names so that they
fall in line with the established naming convention.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-19 16:34:35 +01:00
Clint 7b9e58423c Merge pull request #9453 from tomwilkie/8187-import-associate_public_ip_address
Infer aws_instance.associate_public_ip_address from the presence of a network interface association.
2016-10-19 10:24:34 -05:00
Tom Wilkie e79ebfc113 Infer aws_instance.associate_public_ip_address from the presence of a network interface association. 2016-10-19 16:16:04 +01:00
clint shryock bdb60893d5 provider/aws: Update ElastiCache tests to redis 3.2 2016-10-19 09:48:15 -05:00
clint shryock 70eb45d1e9 provider/aws: Update ElasticCache cluster redis params for new default 2016-10-19 09:43:27 -05:00
clint shryock e90fa6abd4 provider/aws: Tidy up IAM user acc tests 2016-10-19 09:22:27 -05:00
James Nugent 0c4b4a1970 Merge pull request #9429 from hashicorp/f-aws-new-region
aws: Add missing metadata for us-east-2
2016-10-18 07:44:01 -05:00
Krzysztof Wilczynski b74de12bd6
Handle the case where Route Table is already gone.
This commit changes the behaviour of the `ExistsFunc`, where by default
lack of a route table (e.g. already removed, etc.) would cause an error
to be thrown. This makes is hard to carry out any action e.g. plan,
refresh, or destroy, that rely on the route table existance check.

Also, make error messages a little better in terms of wording, etc.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-18 11:56:47 +01:00
Radek Simko 4b36bc3210
aws: Add missing metadata for us-east-2 2016-10-18 09:31:57 +01:00
Matt Moyer 2b9f5f5f6f Add support for AWS US East (Ohio) region. 2016-10-17 15:48:18 -05:00
James Bardin 7478b7a914 Merge pull request #9369 from hashicorp/jbardin/TestBuildEC2AttributeFilterList
Make buildEC2AttributeFilterList output sorted
2016-10-17 12:34:34 -04:00
Tom Wilkie 08c5d2a939 Read back aws_launch_configuration's associate_public_ip_address field, to enable importing. 2016-10-17 09:12:25 -05:00
@tmshn 8ec06e82b6 Added "arn" attribute to AWS Lambda alias 2016-10-16 21:43:44 +09:00
James Bardin 7d0ed45ec9 Make buildEC2AttributeFilterList output sorted
Makes the output deterministic
2016-10-14 12:22:45 -04:00
Clint 46ee2ef51a Merge pull request #6819 from hashicorp/f-aws-vpc-data-sources
provider/aws: data sources for AWS network planning
2016-10-13 14:17:55 -05:00
Sharif Nassar 84d943fc82 Allow empty route_table_ids in aws_vpc_endpoint 2016-10-13 10:41:38 -07:00
clint shryock b2b886db43 provider/aws: Poll to confirm delete of resource_aws_customer_gateway 2016-10-12 17:41:03 -05:00
Modestas Vainius 7385fa9eac provider/aws: Support refresh of EC2 instance user_data.
Make sure to hash base64 decoded value since user_data might be given
either raw bytes or base64 value.

This helps https://github.com/hashicorp/terraform/issues/1887 somewhat
as now you can:

1) Update user_data in AWS console.
2) Respectively update user_data in terraform code.
3) Just refresh terraform state and it should not report any changes.
2016-10-12 15:19:25 -05:00
clint shryock 77d76a69ba provider/aws: Bump Directory Service creation timeout to 45m 2016-10-12 09:47:39 -05:00
Carlos Sanchez ed37eae52b [AWS] Retry setTags operation 2016-10-11 15:38:25 -05:00
Justin Nauman be523d3792 Fixes #6076 - Adjusts check to allow for instance-id reset on aws_route 2016-10-11 15:35:03 -05:00
Herkermer Sherwood e81d06d505 Remove If-Match check and update ETag in state based on HeadObject
Fixes #4805
2016-10-11 11:43:33 -05:00
James Nugent ad57b445e9 Merge pull request #9273 from jmcarp/issue-5307
Parse AWS partition from ARN.
2016-10-11 11:31:04 -05:00
Kazunori Kojima dd2e9a5caa provider/aws: Fix cause error when re-apply specified together `etag` and `kms_key_id` 2016-10-11 11:11:30 -05:00
Krzysztof Wilczynski 6393ad743f Add missing unit test and re-factor for clarity.
This commit adds a missing unit test for the API Gateway integration type
attribute validation helper, plus changes the way how value is inspected
to a simple lookup table. Additionally, changes the wording of the error
message, and adds invalid test cases to the HTTP method validation helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-11 08:17:05 -05:00
James Nugent 52f4e23ac3 provider/aws: Add extra logging on AuthFailure
This pull request is intended to add a temporary control to Terraform to
output more verbose logging in the case of an AuthFailure error being
returned by the AWS API.
2016-10-10 17:26:30 -04:00
Joel Vasallo 7dd376216b Added documentation around access_logs enabled and reverted default
value to true
2016-10-10 10:05:13 -05:00
Joel Vasallo f290a3a955 ALB: Enabled s3.enabled and changed default value of s3.enabled
- Disabled access logs by default
- Enabled case to set value of s3.enabled
2016-10-10 09:46:28 -05:00
Joel Vasallo 16c1366e63 Reverted alb false logic to be a string instead of converted bool to
string
2016-10-09 22:09:41 -05:00
Krzysztof Wilczynski 70a90cc1f4 Handle EC2 tags related errors in CloudFront Distribution resource. (#9298)
This commits changes the behaviour in a case there was an error while
interacting with EC2 tags related to the CloudFormation Distribution
resource, fixing the issue with nil pointer dereference when despite
an error being present code path to handle tags was executed.

Also, a small re-factor of the `validateHTTP` helper method,
and a unit test added for it.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-09 20:51:16 +02:00
Joshua Carp a8e68ab25e Add partition to remaining ARN builders. 2016-10-08 00:52:50 -04:00
Joel Vasallo e00b2448d8 Fixed alb access_log enabled type to match that of aws-sdk-go 2016-10-07 19:32:19 -05:00
Joel Vasallo a4743eac33 Enable/Disable option for ALB Access Logs 2016-10-07 18:41:54 -05:00
Paul Stack 181fd25ee4 Merge pull request #9009 from hashicorp/tests-aws-import-eip
provider/aws: Add some tests for the Import for aws_eip
2016-10-07 16:25:41 +01:00
stack72 5479e178b9
provider/aws: Add some tests for the Import for aws_eip
The Read func of the EIP has changed to set the `vpc` boolean value on
the response object having an Address. This is required as an EIP that
was specified, without a domain and then imported, would cause a
perpetual plan.

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIP_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 09:28:32 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEIP_ -timeout
120m
=== RUN   TestAccAWSEIP_importEc2Classic
--- PASS: TestAccAWSEIP_importEc2Classic (116.16s)
=== RUN   TestAccAWSEIP_importVpc
--- PASS: TestAccAWSEIP_importVpc (61.89s)
=== RUN   TestAccAWSEIP_basic
--- PASS: TestAccAWSEIP_basic (18.86s)
=== RUN   TestAccAWSEIP_instance
--- PASS: TestAccAWSEIP_instance (185.95s)
=== RUN   TestAccAWSEIP_network_interface
--- PASS: TestAccAWSEIP_network_interface (63.20s)
=== RUN   TestAccAWSEIP_twoEIPsOneNetworkInterface
--- PASS: TestAccAWSEIP_twoEIPsOneNetworkInterface (65.64s)
=== RUN   TestAccAWSEIP_associated_user_private_ip
--- PASS: TestAccAWSEIP_associated_user_private_ip (201.34s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    713.072s
```
2016-10-07 16:21:11 +01:00
Paul Stack dd66af0fa0 Merge pull request #8701 from steveh/feature/aws-billing-service-account
provider/aws: Add AWS Billing & Cost Management service account
2016-10-07 13:34:51 +01:00
Paul Stack 1b2f553d52 Merge pull request #9277 from kwilczynski/fix/return-correct-image-data_source_aws_ami
provider/aws: Fix. Return correct AMI image when `most_recent` is set to `true`.
2016-10-07 12:26:29 +01:00
Krzysztof Wilczynski 664c788b26
Fix. Return correct AMI image when `most_recent` is set to `true`.
This commit resolves a regression introduced in #9033 that caused an
unfiltered image to be returned despite a search criteria being set
accordingly.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-07 12:05:54 +01:00
DJ Home 56f35dd67d
Add ability to import AWS OpsWorks Custom Layers 2016-10-07 11:57:11 +01:00
Joshua Carp 1f8c2e4c69 Parse AWS partition from ARN.
[Resolves #5307]
2016-10-07 00:08:30 -04:00
Krzysztof Wilczynski 1260b3a9b5
Add new "ANY" as valid HTTP method to API Gateway validator.
This commit adds a new HTTP method to a list of valid HTTP methods which
is now accepted by API Gateway.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-10-06 16:11:45 +01:00
clint shryock dad6face2b re-go-fmt after rebase
use us-west-2 region in tests

update test with working config

provider/aws: Update EMR contribution with passing test, polling for instance in DELETE method

remove defaulted role

document emr_cluster

rename aws_emr -> aws_emr_cluster

update docs for name change

update delete timeout/polling

rename emr taskgroup to emr instance group

default instance group count to 0, down from 60

update to ref emr_cluster, emr_instance_group

more cleanups for instance groups; need to read and update

add read, delete method for instance groups

refactor the read method to seperate out the fetching of the specific group

more refactoring for finding instance groups

update emr instance group docs

err check on reading HTTP. Dont' return the error, just log it

refactor the create method to catch optionals

additional cleanups, added a read method

update test to be non-master-only

wrap up the READ method for clusters

poll for instance group to be running after a modification

patch up a possible deref

provider/aws: EMR cleanups

fix test naming

remove outdated docs

randomize emr_profile names
2016-10-05 14:30:16 -05:00
Brian Chen ad8679e916 basic emr implementation
quick emr resize implementation

ass task group

not force new

add task group

check empty slices

clean up

rename to initial_instance_count

add task instance group as resource

cluster resize core group

clean up

add name option

log info

clean up

change log debug format

clean up

add missing security groups for master and slave

add bootstrap actions

add options for bootstrap action

add tags option

clean up

fix for tags array

support delimiters : =

bootstrap actions fix

add configurations item

load local or remote config

rename function

support multiple bootstrap actions

default value 0 for core group

follow aws api able to create a master only

tags use terraform tag schema

option item for log_uri

ec2_attribute as option

add emr task group accTests

add embedded json config

add embedded json config

add service_role and instance_profile

add partial state support for either the "TERMINATED" or "TERMINATED_WITH_ERRORS" state

not allowing to change name or instance_type for task group

"core_instance_type" change into "Optional" and  "Computed"

apply MaxItems for ec2Attributes

remove all debug "fmt.Println"

clean up debug info and useless variable

Expose visible_to_all_users as an option, default will be true

remove debug info

logging should happen before setId("")

add hanChange checking first

clean up debug log

add some force new

double check the core group existed

add waiting and polling, until cluster up

testcase add EMR cluster id and status checking

clean up using common way to read ec2_attributes
2016-10-05 14:30:16 -05:00
clint shryock 5b87cd49a9 provider/aws: Update EFS resource to read performance mode and creation_token 2016-10-05 13:48:35 -05:00
Clint e2c74fce7f Merge pull request #9230 from lifesum/route53_healthcheck
provider/aws - Add update support for `search_string` in aws_cloudwatch_metric_alarm
2016-10-05 08:52:34 -05:00
Alexander Hellbom f6c66025cc Add update support for `search_string` 2016-10-05 13:25:00 +02:00
Paul Stack aa97ebd0e7 Merge pull request #9220 from AMeng/import-db-event-sub
provider/aws: Import aws_db_event_subscription
2016-10-05 01:03:53 +01:00
AMeng b7fae4028c provider/aws: Import aws_db_event_subscription 2016-10-04 15:24:30 -06:00
Michael Henry ad8bff98bb Extract integration type validator 2016-10-04 12:51:18 -04:00
Michael Henry 71b62d83b2 Allow new aws api-gateway integration types
The added types are 'AWS_PROXY' for integrating with lambdas and
'HTTP_PROXY' for integrating via http.

See http://docs.aws.amazon.com/apigateway/api-reference/resource/integration/
2016-10-04 12:23:04 -04:00
Paul Stack 60f0603f1c Merge pull request #9175 from PayscaleNateW/provider/aws/fix-acceptance-test-log-bucket
Provider/aws/fix acceptance test log bucket
2016-10-04 00:07:52 +01:00
Nathaniel Weinstein ff6469be89 Made import and base s3origin tests more independent, by supplying different random ints to each of their test runs 2016-10-03 15:11:46 -07:00
Paul Stack 2d90f8a91c Merge pull request #9140 from hashicorp/import-aws-elasticache_replication_groups
provider/aws: Support Import of AWS elasticache_replication_groups
2016-10-03 16:59:31 +01:00
stack72 520f96e84b
provider/aws: Support Import of AWS elasticache_replication_groups
Fixes #9094

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/30 00:09:04 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheReplicationGroup_importBasic -timeout 120m
=== RUN   TestAccAWSElasticacheReplicationGroup_importBasic
--- PASS: TestAccAWSElasticacheReplicationGroup_importBasic (756.38s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws756.398s
```
2016-10-03 16:52:29 +01:00
stack72 17cb9a19da
Merge branch 'DJRH-import-opsworks-stacks' 2016-10-03 16:48:23 +01:00
stack72 fa3051a42b
provider/aws: Rename the Import aws_opsworks_stack import test
The casing on the test name was causing it not to run with the entire
test suite

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSOpsworksStack'             2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/03 16:43:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksStack
-timeout 120m
=== RUN   TestAccAWSOpsworksStackImportBasic
--- PASS: TestAccAWSOpsworksStackImportBasic (49.00s)
=== RUN   TestAccAWSOpsworksStackNoVpc
--- PASS: TestAccAWSOpsworksStackNoVpc (36.10s)
=== RUN   TestAccAWSOpsworksStackVpc
--- PASS: TestAccAWSOpsworksStackVpc (73.27s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws158.385s
```
2016-10-03 16:45:02 +01:00
Paul Stack 90f74dae21 Merge pull request #9188 from hashicorp/b-aws-ssm-retry-delete
provider/aws: Add retry to the `aws_ssm_document` delete func
2016-10-03 16:38:52 +01:00
stack72 2f81f47d49
Merge branch 'import-opsworks-stacks' of https://github.com/DJRH/terraform into DJRH-import-opsworks-stacks 2016-10-03 16:23:03 +01:00
stack72 09e9e3a662
provider/aws: Add retry to the `aws_ssm_document` delete func
As noticed in the acceptance tests, we were expecting the document to be
deleted but it was still found

```
=== RUN   TestAccAWSSSMDocument_permission
--- FAIL: TestAccAWSSSMDocument_permission (5.60s)
    testing.go:329: Error destroying resource! WARNING: Dangling
    resources
            may exist. The full state and error is shown below.

                            Error: Check failed: Expected AWS SSM
                            Document to be gone, but was still found

                                            State: <no state>
```
2016-10-03 16:14:15 +01:00
clint shryock 2c934f9686 provider/aws: Insert log when removing volume attachment if not found 2016-10-03 09:57:42 -05:00
Clint f1c5f848e9 Merge pull request #9023 from Jonnymcc/destroying-detached-vol-attch-res
provider/aws: Skip DetachVolume if volume is not attached
2016-10-03 09:56:49 -05:00
Paul Stack 7cba88931a Merge pull request #9125 from hashicorp/b-aws-r53-alias-refresh
provider/aws: aws_route53_record alias refresh manually updated record
2016-10-03 15:55:23 +01:00
DJ Home 967335eae3 Merge branch 'master' into import-opsworks-stacks 2016-10-03 11:28:28 +01:00
Nathaniel Weinstein 69e56beac7 Fixed acceptance test that was failing due to undefined log bucket 2016-10-02 22:28:34 -07:00
Nathaniel Weinstein 822c8f9a32 Fixed acceptance test that was failing due to undefined log bucket 2016-10-02 22:23:03 -07:00
clint shryock de3a7b5d20 give security groups their own sgProtocolIntegers methodw 2016-09-30 15:45:25 -05:00
clint shryock 2cc28f6137 revert netacl protocolIntegers change from 45da08c67f 2016-09-30 15:45:25 -05:00
clint shryock 6282c0fabf provider/aws: Regression test for NetAcl + ESP protocol 2016-09-30 15:45:25 -05:00
Jonathan McCall dc4a7b7d25 Simplify check for already detached volume before destroying 2016-09-30 14:11:50 -04:00
Jonathan McCall f3deaab878 Remove resource if volume to detach is missing 2016-09-30 14:11:50 -04:00
Jonathan McCall a3ceb25dd7 Skip DetachVolume if volume is not attached 2016-09-30 14:11:50 -04:00
DJ Home 73f20ec88d Revert region to us-west-2 (and set us-west-2 as default region in acceptance test class) 2016-09-30 13:33:00 +01:00
Clint 7337a346ec provider/aws: Fix issue with updating ELB subnets for subnets in the same AZ (#9131)
* provider/aws: Regression test for #9120

* provider/aws: Fix issue with updating ELB subnets for subnets in the same AZ
2016-09-29 13:01:09 -05:00
stack72 ae2b8d45db
provider/aws: aws_route53_record alias refresh manually updated record
Fixes #9108

When an aws_route53_record alias is created with terraform and then
modified via cli or console, terraform wasn't picking up the changes. I
had the following config:

```
resource "aws_route53_record" "alias" {
  zone_id = "${aws_route53_zone.main.zone_id}"
  name = "www"
  type = "A"

  alias {
  	zone_id = "${aws_elb.main.zone_id}"
  	name = "${aws_elb.main.dns_name}"
  	evaluate_target_health = true
  }
}
```

I changed the evaluate_health_target on the AWS console and terraform plan showed me this:

```
% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_route53_zone.main: Refreshing state... (ID: Z32Z9B1UPAIP6X)
aws_elb.main: Refreshing state... (ID: foobar-terraform-elb-1111)
aws_route53_record.alias: Refreshing state... (ID: Z32Z9B1UPAIP6X_www_A)

No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
```

When rebuilding the provider with the changes in the PR, a terraform plan then looks as follows:

```
% terraform plan
[WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
[WARN] /Users/stacko/Code/go/bin/terraform-provider-azurerm overrides an internal plugin for azurerm-provider.
  If you did not expect to see this message you will need to remove the old plugin.
  See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.

aws_route53_zone.main: Refreshing state... (ID: Z32Z9B1UPAIP6X)
aws_elb.main: Refreshing state... (ID: foobar-terraform-elb-1111)
aws_route53_record.alias: Refreshing state... (ID: Z32Z9B1UPAIP6X_www_A)

The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.

Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.

~ aws_route53_record.alias
    alias.1050468691.evaluate_target_health: "" => "true"
    alias.1050468691.name:                   "" => "foobar-terraform-elb-1111-522021794.us-west-2.elb.amazonaws.com"
    alias.1050468691.zone_id:                "" => "Z1H1FL5HABSF5"
    alias.2906616344.evaluate_target_health: "false" => "false"
    alias.2906616344.name:                   "foobar-terraform-elb-1111-522021794.us-west-2.elb.amazonaws.com." => ""
    alias.2906616344.zone_id:                "Z1H1FL5HABSF5" => ""

Plan: 0 to add, 1 to change, 0 to destroy.
```

the apply then changed the target back to true

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/29 18:17:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (120.63s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (131.81s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (128.40s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (120.06s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (114.02s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (165.54s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (118.10s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (128.10s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (132.62s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (132.12s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (237.92s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (121.95s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (123.40s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (198.24s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (119.68s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws2092.597s
```
2016-09-29 18:54:32 +01:00
DJ Home 979afcecdc Fix acceptance tests 2016-09-29 13:00:52 +01:00
DJ Home 1bc154535f Add ability to import OpsWorks stacks 2016-09-29 11:44:58 +01:00
Paul Stack 5f8cd8e69f Merge pull request #9101 from hashicorp/b-aws-elasticache-panic-parameter-group
provider/aws: Modifying the parameter_group_name of aws_elasticache_replication_group caused a panic
2016-09-28 20:27:01 +01:00
Paul Stack 10eb572437 Merge pull request #9050 from hashicorp/b-aws-ecr-delete-timeout
provider/aws: Add retry logic to the aws_ecr_repository delete func
2016-09-28 20:10:35 +01:00
Paul Stack 9202bb4751 Merge pull request #9011 from hashicorp/f-aws-cloudfront-tags
provider/aws: Add support for tags to aws_cloudfront_distribution
2016-09-28 19:54:47 +01:00
Paul Stack b6718de299 Merge pull request #9010 from hashicorp/aws-elasticache-cluster-import
Aws elasticache cluster import
2016-09-28 19:49:42 +01:00
stack72 13cf370d07
provider/aws: Add support for tags to aws_cloudfront_distribution
Fixes #8959

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudFrontDistribution_S3OriginWithTags'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 16:30:31 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudFrontDistribution_S3OriginWithTags -timeout 120m
=== RUN   TestAccAWSCloudFrontDistribution_S3OriginWithTags
--- PASS: TestAccAWSCloudFrontDistribution_S3OriginWithTags (1234.66s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1234.680s
```
2016-09-28 13:18:41 +01:00
stack72 b02a5c47ec
provider/aws: Support Import of aws_elasticache_cluster
Initial tests were failing as follows:

```
=== RUN   TestAccAWSElasticacheCluster_importBasic
--- FAIL: TestAccAWSElasticacheCluster_importBasic (362.66s)
        testing.go:265: Step 1 error: ImportStateVerify attributes not
        equivalent. Difference is shown below. Top is actual, bottom is
        expected.

        (map[string]string) {

        }

(map[string]string) (len=2) {
             (string) (len=20) "parameter_group_name": (string) (len=20)
             "default.memcached1.4",
                             (string) (len=22) "security_group_names.#":
                             (string) (len=1) "0"

}

FAIL
exit status 1
```

The import of ElastiCache clusters helped to point out 3 things:

1. Currently, we were trying to set the parameter_group_name as follows:

```
d.Set("parameter_group_name", c.CacheParameterGroup)
```

Unfortunately, c.CacheParameterGroup is a struct not a string. This was
causing the test import failure. So this had to be replaced as follows:

```
if c.CacheParameterGroup != nil {
      d.Set("parameter_group_name", c.CacheParameterGroup.CacheParameterGroupName)
}
```

2. We were trying to set the security_group_names as follows:

```
d.Set("security_group_names", c.CacheSecurityGroups)
```

The CacheSecurityGroups was actually a []* so had to be changed to work
as follows:

```
if len(c.CacheSecurityGroups) > 0 {
            d.Set("security_group_names",
            flattenElastiCacheSecurityGroupNames(c.CacheSecurityGroups))

}
```

3. We were trying to set the security_group_ids as follows:

```
d.Set("security_group_ids", c.SecurityGroups)
```

This is another []* and needs to be changed as follows:

```
if len(c.SecurityGroups) > 0 {
            d.Set("security_group_ids",
            flattenElastiCacheSecurityGroupIds(c.SecurityGroups))

}
```

This then allows the import test to pass as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheCluster_importBasic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 10:59:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheCluster_importBasic -timeout 120m
=== RUN   TestAccAWSElasticacheCluster_importBasic
--- PASS: TestAccAWSElasticacheCluster_importBasic (351.96s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    351.981s
```

As a final test, I ran the basic ElastiCache cluster creation to make
sure all passed as expected:

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheCluster_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/23 11:05:51 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheCluster_basic -timeout 120m
=== RUN   TestAccAWSElasticacheCluster_basic
--- PASS: TestAccAWSElasticacheCluster_basic (809.25s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    809.267s
```
2016-09-28 12:29:20 +01:00
stack72 15c8534538
provider/aws: Add retry logic to the aws_ecr_repository delete func
Fixes #8597

There was sometimes an issue where Terraform was deleting the ECR
repository from the statefile before the reposity was actually deleted.

Added retry logic for Terraform to wait for the repository to be deleted
before proceeding with the statefile update

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcrRepository_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 12:46:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEcrRepository_ -timeout 120m
=== RUN   TestAccAWSEcrRepository_importBasic
--- PASS: TestAccAWSEcrRepository_importBasic (17.86s)
=== RUN   TestAccAWSEcrRepository_basic
--- PASS: TestAccAWSEcrRepository_basic (16.40s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    34.288s
```
2016-09-28 12:01:13 +01:00
stack72 2efd93a67e
provider/aws: Modifying the parameter_group_name of
aws_elasticache_replication_group caused a panic

Fixes #9097

The update for `parameter_group_name` was trying to find the incorrect
value to set `cache_parameter_group_name` - this is what was causing the
panic

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSElasticacheReplicationGroup_updateParameterGroup'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/28 11:17:30 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSElasticacheReplicationGroup_updateParameterGroup -timeout
120m
=== RUN   TestAccAWSElasticacheReplicationGroup_updateParameterGroup
--- PASS: TestAccAWSElasticacheReplicationGroup_updateParameterGroup
(903.90s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws903.931s
```
2016-09-28 11:48:17 +01:00
Paul Stack d4dd615b52 Merge pull request #9052 from hashicorp/b-aws-rds-option-group
provider/aws: aws_db_option_group flattenOptions failing due to missing values
2016-09-28 11:18:28 +01:00
stack72 df8ca94093
provider/aws: aws_db_option_group flattenOptions failing due to missing
values

Fixes #8332

Not all option_group parameters have values. For example, when you
enable the MariaDB option_group, some of the settings have empty values
(see screenshot)

This PR adds a safety net on reading those values back to the statefile

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBOptionGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 13:55:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBOptionGroup_ -timeout 120m
=== RUN   TestAccAWSDBOptionGroup_importBasic
--- PASS: TestAccAWSDBOptionGroup_importBasic (20.12s)
=== RUN   TestAccAWSDBOptionGroup_basic
--- PASS: TestAccAWSDBOptionGroup_basic (18.45s)
=== RUN   TestAccAWSDBOptionGroup_basicDestroyWithInstance
--- PASS: TestAccAWSDBOptionGroup_basicDestroyWithInstance (597.90s)
=== RUN   TestAccAWSDBOptionGroup_OptionSettings
--- PASS: TestAccAWSDBOptionGroup_OptionSettings (33.27s)
=== RUN   TestAccAWSDBOptionGroup_sqlServerOptionsUpdate
--- PASS: TestAccAWSDBOptionGroup_sqlServerOptionsUpdate (33.39s)
=== RUN   TestAccAWSDBOptionGroup_multipleOptions
--- PASS: TestAccAWSDBOptionGroup_multipleOptions (19.87s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    723.037s
```
2016-09-28 11:06:40 +01:00
Paul Stack bf5039311b Merge pull request #9049 from hashicorp/b-aws-r53-record-delete
provider/aws: guard against aws_route53_record delete panic
2016-09-28 11:02:03 +01:00
Paul Stack 1cf9f41510 Merge pull request #9038 from kwilczynski/feature/error-reporting-aws_vpc_peering_connection
provider/aws: Make sure that VPC Peering Connection in a failed state returns an error.
2016-09-27 17:56:54 +01:00
Paul Stack bdb915693b Merge pull request #9060 from TimeIncOSS/b-aws-aurora-encryption
provider/aws: Make encryption in Aurora instances computed-only
2016-09-26 19:44:36 +01:00
Radek Simko de03308b73
provider/aws: Make encryption in Aurora instances computed-only 2016-09-26 17:23:16 +01:00
stack72 054f46b1f9
provider/aws: Refresh AWS EIP association from state when not found
Fixes #6758

We used to throw an error when this was the case - we should refresh
from state so the association can be recreated

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEIPAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 16:42:37 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEIPAssociation_ -timeout 120m
=== RUN   TestAccAWSEIPAssociation_basic
--- PASS: TestAccAWSEIPAssociation_basic (272.92s)
=== RUN   TestAccAWSEIPAssociation_disappears
--- PASS: TestAccAWSEIPAssociation_disappears (119.62s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws392.559s
```
2016-09-26 16:50:51 +01:00
Paul Stack a77d55c919 Merge pull request #8806 from optimisticanshul/8793-snapshot-identifier
Changing snapshot_identifier on aws_db_instance resource should force…
2016-09-26 12:01:47 +01:00
stack72 a367f3550f
provider/aws: guard against aws_route53_record delete panic
Fixes #9025

We were assuming there would always be a changeInfo record and then
dereferencing the ID. This wasn't always the case (As noted in #9025)
where it was a delete rather than a delete / create action

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/26 11:26:43 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (114.99s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (126.64s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (113.25s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (112.89s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (113.29s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (163.05s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (121.15s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (117.06s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (116.97s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (138.79s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (241.48s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (132.51s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (121.29s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (189.31s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (127.31s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
2050.012s
```
2016-09-26 11:27:56 +01:00
Paul Stack 01cef1a63c Merge pull request #9029 from hashicorp/b-cloudwatch-dimensions-read
provider/aws: Fix reading dimensions on cloudwatch alarms
2016-09-26 09:29:27 +01:00
Krzysztof Wilczynski a2a2de5db2
Add test to check for failed state of the VPC Peering Connection.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-26 09:17:24 +01:00
Krzysztof Wilczynski a58650c980
Make sure that VPC Peering Connection in a failed state returns an error.
This commit adds simple logic which allows for a VPC Peering Connection
that is in a failed state (e.g. due to an overlapping IP address ranges,
etc.), to report such failed state as an error, rather then waiting for
the time out to occur.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-25 15:50:08 +01:00
Martin Atkins 94c45c67cd provider/aws: aws_region data source
The primary purpose of this data source is to ask the question "what is
my current region?", but it can also be used to retrieve the endpoint
hostname for a particular (possibly non-current) region, should that be
useful for some esoteric case.
2016-09-24 15:19:33 -07:00
Martin Atkins fca9216f53 provider/aws: availability zone data source
This adds a singular data source in addition to the existing plural one.
This allows retrieving data about a specific AZ.

As a helper for writing reusable modules, the AZ letter (without its
usual region name prefix) is exposed so that it can be used in
region-agnostic mappings where a different value is used per AZ, such as
for subnet numbering schemes.
2016-09-24 15:19:33 -07:00
Martin Atkins aa0b6019f8 provider/aws: aws_vpc data source 2016-09-24 15:19:33 -07:00
Martin Atkins 82f958cc17 provider/aws: aws_subnet data source 2016-09-24 15:19:33 -07:00
Martin Atkins de51398b39 provider/aws: utilities for building EC2 filter sets
These functions can be used within various EC2 data sources to support
querying by filter. The following cases are supported:

- Filtering by exact equality with single attribute values
- Filtering by EC2 tag key/value pairs
- Explicitly specifying raw EC2 filters in config

This should cover most of the filter use-cases for Terraform data
sources that are built on EC2's 'Describe...' family of functions.
2016-09-24 15:17:09 -07:00
Krzysztof Wilczynski 5af8c8080a
Fix. Handle missing AMI name when matching against image name.
This commit fixes the issues where in a very rare cases the Amazon Machine
Image (AMI) would not have an image name set causing regular expression match
to fail with a nil pointer dereference. Also, the logic of if-else statements
was simplified (reduced branching since return is used a lot).

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-24 14:34:00 +01:00
Paul Stack 979af97b52 Merge pull request #9031 from kjmkznr/b-aws-s3-lifecycle
provider/aws: Fix failed remove S3 lifecycle_rule
2016-09-24 10:26:18 +01:00
Alexander Ekdahl d2861be48e Corrected Seoul S3 Website Endpoint 2016-09-24 17:43:58 +09:00
Alexander Ekdahl ec1ee7f2be Corrected Seoul S3 Website Endpoint Test 2016-09-24 17:42:52 +09:00
Kazunori Kojima 71f721cd3e
provider/aws: Fix failed remove S3 lifecycle_rule 2016-09-24 16:56:25 +09:00
Paul Hinze 2449b45087
provider/aws: Fix reading dimensions on cloudwatch alarms
They're structs that need to be unrolled and d.Set was silently failing
on them before. This enhances the basic test to cover the change.
2016-09-23 18:26:04 -05:00
Chris Marchesi 5af63c233e
provider/aws: Add query_string_cache_keys to aws_cloudfront_distribution
Looks like AWS updated their API and now our tests are failing
because QueryStringCacheKeys was not included in the distribution
configuration.

This adds support for specifying query string cache keys in the
CloudFront distribution configuration, which ensures that only a subset
of query string keys are actually cached when forwarding query strings,
possibly improving performance.
2016-09-23 13:11:05 +01:00
Chris Marchesi c2b44217dd
provider/aws: Require CloudFront S3 origin origin_access_identity
This fixes an issue where an empty s3_origin_config could be supplied to
aws_cloudfront_distribution, "correctly" setting an empty default value.
Unfortunately the rest of the CloudFront structure helper functions are
not equipped to deal with this kind of scenario, and TF produces
spurious diffs upon future runs.

This removes the default and makes origin_access_identity required when
specifying s3_origin_config.

Note that it has always been intended behaviour that if someone does not
want to use an origin access identity, that s3_origin_config should not
be specified at all. This behaviour still works, as should be evident by
the (still) passing tests.

Fixes hashicorp/terraform#7930.
2016-09-23 13:10:50 +01:00
Chris Marchesi ec2b345ed0
provider/aws: Enable aws_cloudfront_distribution HTTP/2
Added http_version to aws_cloudfront_distribution, which allows
selection of the maximum HTTP version to use in the distribution.
Defaults to http2.

Fixes hashicorp/terraform#8730.
2016-09-23 13:10:33 +01:00
stack72 cea685099e
Merge branch 'elasticache-cluster-import' of https://github.com/AMeng/terraform into AMeng-elasticache-cluster-import 2016-09-23 10:04:57 +01:00
Clint b7ad602993 provider/aws: Fix importing of EIP by IP address (#8970)
* provider/aws: Fix importing of EIP by IP address

EIPs are meant to be imported by their allocation id, however, importing
by their EIP *appears* to work because this API actually accepts IP
lookup, despite the documentation asking for the allocation id.

This PR does:

- update docs on how to import EIPs
- fix case if user imported by IP, to switch to using the alloc id for
the resource id

I chose not to document that looking up by IP is a method of import,
because the AWS  API docs do not explicitly say that looking up by IP is
OK, so I'd rather people not do it if it's not documented to stay that
way.

Alternatively, we could parse the resource ID and reject it (remove from
state with error/warning) if it doesn't match the `eipalloc-*` format,
but I thought this was a bit better UX.

* fix issue with swapping IDs on EC2 Classic

* update docs

* update comment
2016-09-22 21:53:21 -05:00
Clint becdfef87b provider/aws: Wait for Spot Fleet to drain before removing from state (#8938)
* provider/aws: Wait for Spot Fleet to drain before removing from state

Ensures the spot fleet is drained before reporting successful destroy
and moving on

* remove unreachable code

* hack to sleep and test regression/leak

* fix broken english in warning
2016-09-22 15:22:27 -05:00
Paul Stack ecabebf5e6 Merge pull request #8989 from hashicorp/b-aws-alb-protocol-change-forcenew
provider/aws: VPC ID, Port, Protocol and Name change on aws_alb_target_group will ForceNew resource
2016-09-22 20:57:36 +01:00
Paul Stack 5cc4f17189 Merge pull request #8992 from kwilczynski/feature/check-error-aws_cloudformation_stack
provider/aws: Handle JSON parsing error in the ReadFunc for various JSON documents.
2016-09-22 17:28:24 +01:00
Krzysztof Wilczynski 828a8f4729
provider/aws: Handle JSON parsing error in the ReadFunc for various JSON documents.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 17:21:27 +01:00
stack72 9fbbc343e9
provider/aws: VPC ID, Port, Protocol and Name change on
aws_alb_target_group will ForceNew resource

Fixes #8741

The modify-target-group doesn't allow changes to name, port, protocol or
vpc_id - therefore, they should all be ForceNew: true

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/22 16:04:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN   TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (50.66s)
=== RUN   TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (84.48s)
=== RUN   TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (95.89s)
=== RUN   TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (85.77s)
=== RUN   TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (85.00s)
=== RUN   TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (88.11s)
=== RUN   TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (82.15s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    572.083s
```
2016-09-22 17:12:39 +01:00
Krzysztof Wilczynski c115d69d88
Allow buildPutRuleInputStruct helper function to return an error.
This commits allows for the helper function to return an error which
would bubble up from e.g. JSON parsing, etc.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 15:37:12 +01:00
Duncan 826ff3f0f0 provider/aws: fix option updates to beanstalk 2016-09-22 11:30:33 +01:00
Paul Stack 27a89ff405 Merge pull request #8671 from hashicorp/f-aws-firehose-cloudwatch
provider/aws: Add support for `cloudwatch_logging_options` to AWS Kinesis Firehose Delivery Streams
2016-09-22 10:01:44 +01:00
Paul Stack b2c7787380 Merge pull request #8907 from kwilczynski/feature/json-validation-data_source_aws_cloudformation_stack
provider/aws: Update aws_cloudformation_stack data source with new helper function.
2016-09-22 09:31:51 +01:00
Paul Stack 076fd93eb8 Merge pull request #8908 from kwilczynski/feature/json-validation-aws_s3_bucket
provider/aws: Add JSON validation to the aws_s3_bucket resource.
2016-09-22 09:30:38 +01:00
Paul Stack 283843241c Merge pull request #8906 from kwilczynski/feature/json-validation-aws_vpc_endpoint
[WIP]  provider/aws: Add JSON validation to the aws_vpc_endpoint resource.
2016-09-22 09:28:12 +01:00
Paul Stack f13e020376 Merge pull request #8898 from kwilczynski/feature/json-validation-aws_elasticsearch_domain
provider/aws: Add JSON validation to the aws_elasticsearch_domain resource.
2016-09-22 09:27:15 +01:00
Paul Stack c5afc1ad03 Merge pull request #8900 from kwilczynski/feature/json-validation-aws_kms_key
provider/aws: Add JSON validation to the aws_kms_key resource.
2016-09-22 09:26:12 +01:00
Krzysztof Wilczynski 8f689812d1
Handle JSON parsing error in the ReadFunc for the policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 09:02:46 +01:00
Krzysztof Wilczynski 6c27f175b5
Add JSON validation to the aws_sns_topic resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

This commit also removes unnecessary code from the StateFunc function,
and reduces it so that it only uses the normalizeJsonString helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 09:01:15 +01:00
Krzysztof Wilczynski 15d33c7fa4
Handle JSON parsing error in the ReadFunc for the policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:56:21 +01:00
Paul Stack a9dce86bf2 Merge pull request #8976 from kwilczynski/feature/check-error-aws_glacier_vault
provider/aws: Handle JSON parsing error in the ReadFunc for the access policy document.
2016-09-22 08:53:57 +01:00
Krzysztof Wilczynski dd1d41ddce
Handle JSON parsing error in the ReadFunc for the access policies document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:51:16 +01:00
Krzysztof Wilczynski d71ff1e122
Add JSON validation to the aws_elasticsearch_domain resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:50:00 +01:00
Paul Stack ab17d02faa Merge pull request #8978 from kwilczynski/feature/check-error-aws_cloudwatch_event_rule
provider/aws: Handle JSON parsing error in the ReadFunc for the event pattern document.
2016-09-22 08:47:40 +01:00
Krzysztof Wilczynski 0d68f6545d
Add JSON validation to the aws_kms_key resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:46:25 +01:00
Krzysztof Wilczynski 125e175186
Handle JSON parsing error in the ReadFunc for the policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:39:55 +01:00
Krzysztof Wilczynski 749e6ba893
Handle JSON parsing error in the ReadFunc for the template body document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:34:41 +01:00
Krzysztof Wilczynski 604de4007a
Handle JSON parsing error in the ReadFunc for the event pattern document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:32:59 +01:00
Krzysztof Wilczynski f1d3b21fd2
Update aws_cloudformation_stack data source with new helper function.
This commit adds support for new helper function which is used to
normalise JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:27:19 +01:00
Krzysztof Wilczynski a35695a804
Add JSON validation to the aws_s3_bucket resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 08:20:59 +01:00
Krzysztof Wilczynski ff4671030e
Handle JSON parsing error in the ReadFunc for the access policy document.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-22 00:23:38 +01:00
clint shryock 61d795ed44 tidy up tests 2016-09-21 16:12:56 -05:00
Jay Wallace 45da08c67f
Allow use of protocol numbers for ah and esp 2016-09-21 11:52:23 -07:00
Krzysztof Wilczynski 7596991303
Add JSON validation to the aws_vpc_endpoint resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-21 19:21:12 +01:00
Paul Stack 773cfc8e8e Merge pull request #8903 from kwilczynski/feature/json-validation-aws_sns_topic_policy
provider/aws: Add JSON validation to the aws_sns_topic_policy resource.
2016-09-21 09:31:08 +01:00
Paul Stack 5753cbea64 Merge pull request #8901 from kwilczynski/feature/json-validation-aws_s3_bucket_policy
provider/aws: Add JSON validation to the aws_s3_bucket_policy resource.
2016-09-21 09:26:50 +01:00
Paul Stack 32e5a452c2 Merge pull request #8905 from kwilczynski/feature/json-validation-aws_sqs_queue_policy
provider/aws: Add JSON validation to the aws_sqs_queue_policy resource.
2016-09-21 09:20:58 +01:00
Paul Stack 3ad4056113 Merge pull request #8904 from kwilczynski/feature/json-validation-aws_sqs_queue
provider/aws: Add JSON validation to the aws_sqs_queue resource.
2016-09-21 09:14:41 +01:00
stack72 87f632cb92
provider/aws: `aws_elasticache_cluster` acceptance test for
`cluster_address`
2016-09-20 17:29:57 +01:00
stack72 10cddc8153
Merge branch 'aws_elasticache_cluster_address' of https://github.com/A-Gordon/terraform into A-Gordon-aws_elasticache_cluster_address 2016-09-20 17:09:11 +01:00
Paul Stack e9e1896ad4 Merge pull request #8775 from TimeIncOSS/f-aws-api-gateway-client-cert
provider/aws: Add API Gateway Client Certificate
2016-09-20 16:52:01 +01:00
A-Gordon de8b02e6e5 Added a cluster_address attribute to aws elasticache.
Added the cluster address as a separate attribute to the configuration endpoint. When using the configuration endpoint in conjunction with route 53 it was appending the cluster address with the port and invalidating the route 53 record.
2016-09-20 14:27:53 +01:00
James Nugent c777827cb8 Merge pull request #8915 from TimeIncOSS/b-aws-s3-policy-fix
provider/aws: Make it possible to remove S3 bucket policy
2016-09-20 13:29:58 +02:00
Krzysztof Wilczynski 9ef9956ee2 provider/aws: Add JSON validation to the aws_cloudwatch_event_rule resource. (#8897)
* Add JSON validation to the aws_cloudwatch_event_rule resource.

This commit adds support for new helper function which is used to
normalise and validate JSON string. Also adds new validation function
to wrap around the aforementioned helper.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Re-factor validation function.

This commit changes the logic of the function so that it would check length of
the normalised JSON string over the given string, plus short-circuit early
should JSON would not be valid.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-19 23:47:17 +01:00
Dennis Webb e6f2f2e39c fixed incorrect param name 2016-09-19 11:24:27 -04:00
Dennis Webb 22b442bed6 better if testing 2016-09-19 10:48:35 -04:00
Radek Simko f17fdc76fa
provider/aws: Import S3 bucket policy as a separate resource 2016-09-19 08:28:45 +01:00
Radek Simko 59a7a5ca27
provider/aws: Only read S3 bucket policy if it's set 2016-09-18 22:35:07 +01:00
Radek Simko 18bd206c38
provider/aws: Make s3_bucket.policy not Computed 2016-09-18 20:58:36 +01:00
Radek Simko 1c3258d629
provider/aws: Fix s3_bucket test for empty policy 2016-09-18 20:57:50 +01:00
Krzysztof Wilczynski 056d53e1fe Add JSON validation to the aws_glacier_vault resource. (#8899)
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-18 14:26:28 +01:00
Krzysztof Wilczynski bad81299c1 Add JSON validation to the aws_cloudformation_stack resource. (#8896)
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-18 13:37:21 +01:00
Krzysztof Wilczynski 80f799f69b
Add JSON validation to the aws_sqs_queue_policy resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:14:02 +01:00
Krzysztof Wilczynski 538327b61f
Add JSON validation to the aws_sqs_queue resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:13:14 +01:00
Krzysztof Wilczynski 3b1b4fb571
Add JSON validation to the aws_sns_topic_policy resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:12:35 +01:00
Krzysztof Wilczynski 6a02bf2983
Add JSON validation to the aws_s3_bucket_policy resource.
This commit adds support for new helper function which is used to
normalise and validate JSON string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 23:10:22 +01:00
Krzysztof Wilczynski 5697a52b4f [WIP] provider/aws: Add normalizeJsonString and validateJsonString functions. (#8028)
* Add normalizeJsonString and validateJsonString functions.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the normalizeJsonString helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Fix. Remove incrrect format string.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus type assertion.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add unit test for the validateJsonStringhelper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Remove surplus whitespaces.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-17 19:50:38 +01:00
Dennis Webb 925fc116a8 always set scaling_adjustment when policy_type = SimpleScaling 2016-09-16 21:00:57 -05:00
Clint 69f44a04e9 provider/aws: Add reader_endpoint RDS Clusters (supersedes #8878) (#8884)
* provider/aws: Add support for Aurora ReaderEndpoint

* provider/aws: Add reader_endpoint to the schema, document, test
2016-09-16 16:45:04 +01:00
Clint 79bb2e8a87 provider/aws: Add Default Security Group Resource (#8861)
* Docs for default security group
* overrides of default behavior
* add special disclaimer
* update to support classic environments
2016-09-15 13:59:20 -05:00
Clint adea7563e5 provider/aws: Fix issue updating Elastic Beanstalk Environment variables (#8848)
* provider/aws: failing test case for updating env vars

* provider/aws: Fix issue with updating Elastic Beanstalk env vars
2016-09-15 13:30:12 -05:00
James Nugent a65b0cce7c provider/aws: Fix pointer fmt as string
Fixes #8839.
2016-09-14 20:14:41 +01:00
James Nugent 9d51ebd0aa provider/aws: Expose ARN suffix on ALB (#8833)
When creating a CloudWatch Metric for an Application Load Balancer it is
neccessary to use the suffix of the ARN as the reference to the load
balancer. This commit exposes that as an attribute on the `aws_alb`
resource to prevent the need to use regular expression substitution to
make the reference.

Fixes #8808.
2016-09-14 15:50:10 +01:00
Sven Walter 459e618c44 provider/aws: Retry resourceAwsLaunchConfigurationCreate if instance profile hasn't propagated (#8813) 2016-09-13 13:07:43 -05:00
Anshul Sharma 75e358ab85 Vendored WAF (#8785)
* Vendored WAF

* WAF with tag 1.4.7
2016-09-13 07:32:42 +01:00
Anshul Sharma 0e93a964b2 Changing snapshot_identifier on aws_db_instance resource should force a rebuild 2016-09-13 07:39:15 +05:30
Paul Stack 44bc70971d Merge pull request #8673 from hashicorp/f-aws-alb-generated-name
provider/aws: Allow `aws_alb` to have the name auto-generated
2016-09-12 11:04:47 +01:00
stack72 ef9aa6baaf
Merge branch 'optimisticanshul-6973-codecommit-trigger' 2016-09-12 10:55:37 +01:00
stack72 116d70dccb
provider/aws: Removal of test for changes as it forces a new resource 2016-09-12 10:54:15 +01:00
stack72 229f2698ce
Merge branch '6973-codecommit-trigger' of https://github.com/optimisticanshul/terraform into optimisticanshul-6973-codecommit-trigger 2016-09-12 10:44:32 +01:00
stack72 20ad3e0b2f
provider/aws: Allow `aws_alb` to have the name auto-generated
In order to satisify scenarios where a lifecycle is block is used, we
would need the AWS ALB name field to be autogenerated. WE follow the
same work as AWS ELB, we prefix it with `tl-lb-`

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/08 12:43:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout
120m
=== RUN   TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (79.81s)
=== RUN   TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (93.81s)
=== RUN   TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (73.48s)
=== RUN   TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (181.32s)
=== RUN   TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (66.03s)
=== RUN   TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (130.82s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    625.285s
```
2016-09-12 10:38:13 +01:00
Radek Simko 46d5d51ad6
provider/aws: Add API Gateway Client Certificate 2016-09-12 10:09:47 +01:00
Paul Stack 6cf1fdf980 Merge pull request #8675 from hashicorp/b-aws-kms-key-policy
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy
2016-09-12 09:50:09 +01:00
Anshul Sharma 2d57e71c01 Remove Unused Log From CodeCommit Trigger Test 2016-09-12 14:15:53 +05:30
stack72 806c000dbb
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy
Fixes #7495

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/06 10:44:20 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy
-timeout 120m
=== RUN   TestAccAWSKmsKey_importBasic
--- PASS: TestAccAWSKmsKey_importBasic (166.19s)
=== RUN   TestAccAWSKmsKey_basic
--- PASS: TestAccAWSKmsKey_basic (215.33s)
=== RUN   TestAccAWSKmsKey_policy
--- PASS: TestAccAWSKmsKey_policy (116.81s)
=== RUN   TestAccAWSKmsKey_isEnabled
--- PASS: TestAccAWSKmsKey_isEnabled (1008.31s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1689.957s
```
2016-09-12 09:44:07 +01:00
Paul Stack 578e0eb04d Merge pull request #8780 from TimeIncOSS/f-aws-misspell
provider/aws: Fix misspelled words
2016-09-12 09:41:13 +01:00
Anshul Sharma 7150bafb84 Remove Region Condition From CodeCommit Repo Resource (#8778) 2016-09-12 07:30:46 +01:00
Radek Simko 2ad84a51df
provider/aws: Fix misspelled words 2016-09-12 07:23:34 +01:00
Anshul Sharma 497063af3e Added Codecommit Trigger 2016-09-12 10:17:04 +05:30
Paul Stack f993b726b0 provider/aws: `aws_db_instance` unexpected state when configurating (#8707)
enhanced monitoring

Fixes #8699

When configuring enhanced monitoring, a user got the following error:

```
* aws_db_instance.db: unexpected state 'configuring-enhanced-monitoring',
wanted target '[available]'``

We have added this to the list of pending states we have when creating
and updating an RDS instance
2016-09-11 19:29:23 +01:00
Steve Hoeksema 1d04cdb9bc Export AWS ELB service account ARN (#8700) 2016-09-11 19:13:58 +01:00
Steve Hoeksema 0cf330000e Don't import fmt 2016-09-09 09:00:48 +12:00
Radek Simko 3e3043adf4
provider/aws: Prevent crash on account ID validation 2016-09-08 11:46:18 +01:00
Steve Hoeksema e65be3d256 Format with tabs, add missing comma 2016-09-08 15:51:31 +12:00
Steve Hoeksema 55ac68e0a2 Fix formatting 2016-09-08 10:58:13 +12:00
stack72 d81cbdb4fb
provider/aws: Add support for `cloudwatch_logging_options` to AWS
Kinesis Firehose Delivery Streams

Fixes #7152

Adding support for CloudWatch Logging to Firehose as per the
instructions here -
http://docs.aws.amazon.com/firehose/latest/dev/monitoring-with-cloudwatch-logs.html

```

```
2016-09-07 23:29:08 +01:00
Paul Stack 91ade752a0 Merge pull request #8689 from erutherford/master
adding missing failed states for the NAT Gateways
2016-09-07 10:04:07 +01:00
Paul Stack de53db01b9 Merge pull request #8653 from TimeIncOSS/f-aws-lambda-publish
provider/aws: Support 'publish' attribute in lambda_function
2016-09-07 09:32:01 +01:00
Steve Hoeksema 74587baa4a Add AWS Billing & Cost Management service account
This adds a very simple data source for the AWS Billing account ID magic number.

Used to allow AWS to dump detailed billing reports into an S3 bucket you control.

http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-getting-started.html#step-2
2016-09-07 17:43:45 +12:00
Eric Rutherford 2cca48a829
switch to go way of checking for key existence so that go doesn't crash when the value doesn't exist 2016-09-06 20:57:10 -05:00
Eric Rutherford 04c2d40e57
commit after running make fmt 2016-09-06 14:56:56 -05:00
Eric Rutherford 91f6f2a143
moving to using a map to clean up the error check 2016-09-06 14:54:17 -05:00
Eric Rutherford 7a6b04dfa2
adding missing failed states for the NAT Gateways 2016-09-06 12:25:42 -05:00
stack72 ad4e580a03
provider/aws: Bump `aws_elasticsearch_domain` timeout values
Fixes #8541

The Update timeout and delete timeouts were a little short. Bumped them
to 60 mins and 90 mins respectively. I have been on the receiving of the
timeout for the Delete function
2016-09-06 08:52:07 +01:00
stack72 5504185770
provider/aws: Add DiffSupressionFunc to `aws_elasticsearch_domain`,
`aws_sqs_queue` and `aws_sns_topic`

```
SQS Queue Tests:
%make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSQSQueue'
2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/05 09:46:04 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSQSQueue
-timeout 120m
=== RUN   TestAccAWSSQSQueue_importBasic
--- PASS: TestAccAWSSQSQueue_importBasic (18.99s)
=== RUN   TestAccAWSSQSQueue_basic
--- PASS: TestAccAWSSQSQueue_basic (44.31s)
=== RUN   TestAccAWSSQSQueue_policy
--- PASS: TestAccAWSSQSQueue_policy (32.76s)
=== RUN   TestAccAWSSQSQueue_redrivePolicy
--- PASS: TestAccAWSSQSQueue_redrivePolicy (66.42s)
=== RUN   TestAccAWSSQSQueue_Policybasic
--- PASS: TestAccAWSSQSQueue_Policybasic (32.40s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    194.895s
```
SNS Topic Tests:

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSNSTopic_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/04 22:56:26 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSSNSTopic_
-timeout 120m
=== RUN   TestAccAWSSNSTopic_importBasic
--- PASS: TestAccAWSSNSTopic_importBasic (17.67s)
=== RUN   TestAccAWSSNSTopic_basic
--- PASS: TestAccAWSSNSTopic_basic (17.92s)
=== RUN   TestAccAWSSNSTopic_policy
--- PASS: TestAccAWSSNSTopic_policy (20.99s)
=== RUN   TestAccAWSSNSTopic_withIAMRole
--- PASS: TestAccAWSSNSTopic_withIAMRole (26.51s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    83.112s
```
2016-09-05 11:46:23 +01:00
Radek Simko 5820ce6c5c
provider/aws: Add aws_sqs_queue_policy 2016-09-05 08:17:48 +01:00
Paul Stack 04c16b8ff1 Merge pull request #8654 from TimeIncOSS/f-aws-sns-policy
provider/aws: Add aws_sns_topic_policy
2016-09-04 21:47:15 +03:00
Paul Stack c36b05c740 Merge pull request #8652 from TimeIncOSS/b-aws-lambda-tests-fix
provider/aws: Fix Lambda acceptance tests
2016-09-04 21:43:00 +03:00
Radek Simko c1178967b0
provider/aws: Add aws_sns_topic_policy 2016-09-04 18:34:24 +01:00
Radek Simko 03df8360cb
provider/aws: Support 'publish' attribute in lambda_function 2016-09-04 17:15:35 +01:00
Radek Simko a834c26037
provider/aws: Fix Lambda acceptance tests 2016-09-04 13:10:13 +01:00
stack72 fbbcd6be74
provider/aws: Randomize the `aws_db_instance` enhanced monitoring test
names

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSDBInstance_enhancedMonitoring'
% ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/04 12:23:49 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_enhancedMonitoring -timeout 120m
=== RUN   TestAccAWSDBInstance_enhancedMonitoring
--- PASS: TestAccAWSDBInstance_enhancedMonitoring (1535.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1535.018s
```
2016-09-04 12:50:50 +03:00
Paul Stack b82903288d Merge pull request #5606 from TimeIncOSS/b-cloudformation-fixes
provider/aws: Handle all kinds of CloudFormation stack failures
2016-09-04 02:17:08 +03:00
stack72 e3e4b6c2ac
Merge branch 'master' of github.com:hashicorp/terraform 2016-09-04 02:08:42 +03:00
stack72 7dd7078b82
Merge branch 'pcarrier/aws_autoscaling_group_can_have_initial_lifecycle_hooks' of https://github.com/pcarrier/terraform into pcarrier-pcarrier/aws_autoscaling_group_can_have_initial_lifecycle_hooks 2016-09-04 02:08:04 +03:00
James Nugent 6c23181686 Merge pull request #8383 from kjmkznr/import-aws-s3-b-notification
provider/aws: Support import `aws_s3_bucket_notification`
2016-09-03 15:50:25 -07:00
Paul Stack 2b0de3ca5c Merge pull request #8454 from Originate/mb-fix-internet-gateway-deletion
provider/aws: Skip detaching when aws_internet_gateway not found
2016-09-04 00:55:37 +03:00
stack72 49b8568bec
provider/aws: `aws_cloudwatch_log_stream` resource
This is a requirement for enabling CloudWatch Logging on Kinesis
Firehost

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSCloudWatchLogStream_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:19:14 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSCloudWatchLogStream_ -timeout 120m
=== RUN   TestAccAWSCloudWatchLogStream_basic
--- PASS: TestAccAWSCloudWatchLogStream_basic (22.31s)
=== RUN   TestAccAWSCloudWatchLogStream_disappears
--- PASS: TestAccAWSCloudWatchLogStream_disappears (21.21s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    43.538s
2016-09-04 00:26:02 +03:00
Paul Stack 9ad4e8453b Merge pull request #8578 from kwilczynski/feature/health-check-target-validation-aws_elb
provider/aws: Add validation of Health Check target to aws_elb.
2016-09-04 00:18:19 +03:00
James Nugent 54784864fc Merge pull request #8640 from TimeIncOSS/f-aws-cloudformation-data-source
provider/aws: Add cloudformation_stack data source
2016-09-03 14:16:46 -07:00
Paul Stack 0370f41df5 Merge pull request #8440 from hashicorp/aws-spotfeed-sub
provider/aws: New resource `aws_spot_datafeed_subscription`
2016-09-04 00:16:14 +03:00
Paul Stack 4a8158c1c0 Merge pull request #8646 from hashicorp/b-aws-r53-delete
provider/aws: Wait for `aws_route_53_record` to be in-sync after a delete
2016-09-03 23:13:20 +03:00
stack72 7e89c1d3a2
Merge branch 'paybyphone-paybyphone_GH_6396' 2016-09-03 23:10:27 +03:00
James Nugent 94ca84e772 Merge pull request #8638 from hashicorp/f-aws-assume-role
provider/aws: Add support for AssumeRole prior to operations
2016-09-03 13:04:03 -07:00
Chris Marchesi 38d2a2e717
provider/aws: VPC Peering: allow default peer VPC ID
Update the aws_vpc_peering_connection resource to allow peer_owner_id
to be omitted, defaulting to the connected AWS account ID (ie: for
VPC-to-VPC peers in the same account).

Also included is a doc cleanup and updates to the peer test in
resource_aws_route_table_test.go.

This fixes hashicorp/terraform#6396.
2016-09-03 23:03:31 +03:00
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Paul Stack 3ad4cfe117 Merge pull request #8645 from hashicorp/aws-vpn-gateway-za
provider/aws: Do not set empty string to state for `aws_vpn_gateway` availability zone
2016-09-03 20:50:31 +03:00
stack72 900e14e168
provider/aws: New resource `aws_spot_datafeed_subscription`
Fixes: #4922

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSpotDatafeedSubscription_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/24 10:46:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotDatafeedSubscription_ -timeout 120m
=== RUN   TestAccAWSSpotDatafeedSubscription_importBasic
--- PASS: TestAccAWSSpotDatafeedSubscription_importBasic (56.31s)
=== RUN   TestAccAWSSpotDatafeedSubscription_basic
--- PASS: TestAccAWSSpotDatafeedSubscription_basic (56.77s)
=== RUN   TestAccAWSSpotDatafeedSubscription_disappears
--- PASS: TestAccAWSSpotDatafeedSubscription_disappears (56.79s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    169.893s
```
2016-09-03 20:06:40 +03:00
stack72 0c80b4d172
provider/aws: Wait for `aws_route_53_record` to be in-sync after a
delete

Fixes #6679

When we change the type of a record, it forces a new resource. We never
waited for the recordset to be in-sync after a deletion.

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRoute53Record_'
% ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:55:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN   TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (85.54s)
=== RUN   TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (101.75s)
=== RUN   TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (84.01s)
=== RUN   TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (85.08s)
=== RUN   TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (97.12s)
=== RUN   TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (141.08s)
=== RUN   TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (91.25s)
=== RUN   TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (89.01s)
=== RUN   TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (88.91s)
=== RUN   TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (103.10s)
=== RUN   TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (174.71s)
=== RUN   TestAccAWSRoute53Record_geolocation_basic
--- PASS: TestAccAWSRoute53Record_geolocation_basic (89.50s)
=== RUN   TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (89.12s)
=== RUN   TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (138.09s)
=== RUN   TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (88.51s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws
1684.774s
```
2016-09-03 19:17:05 +03:00
stack72 feaabb6ca1
provider/aws: Do not set empty string to state for `aws_vpn_gateway`
availability zone

Fixes #4752

According to the AWS Documentation, when `describing-vpn-gateways`

```
AvailabilityZone -> (string)
The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
```

Therefore, if we pass an availability zone as part of vpn gateway, then it may come back as an empty string. If we set this empty string back to state, then the next plan will look as follows:

```
-/+ aws_vpn_gateway.vpn_gateway
    availability_zone: "" => "us-west-2a" (forces new resource)
    tags.%:            "1" => "1"
    tags.Name:         "vpn-us-west-2" => "vpn-us-west-2"
    vpc_id:            "vpc-1e9da47a" => "vpc-1e9da47a"

Plan: 1 to add, 0 to change, 1 to destroy.
```

If the availability_zone comes back from AWS as an empty string, then we should not set it to state to avoid forcing a new resource for the user

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:10:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- FAIL: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (36.11s)
       	testing.go:265: Step 0 error: Check failed: Check 2/2 error: aws_vpn_gateway.foo: Attribute 'availability_zone' expected "us-west-2a", got ""
FAIL
exit status 1
FAIL   	github.com/hashicorp/terraform/builtin/providers/aws   	36.130s
make: *** [testacc] Error 1
[stacko@Pauls-MacBook-Pro:~/Code/go/src/github.com/hashicorp/terraform on master]
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'                                                                                       2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:12:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- PASS: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (46.50s)
PASS
ok     	github.com/hashicorp/terraform/builtin/providers/aws   	46.517s
```
2016-09-03 17:14:42 +03:00
Paul Stack eaa48681d4 provider/aws: Refresh `aws_elasticsearch_domain` from state when ResourceNotFoundException (#8643)
* provider/aws: Refresh `aws_elasticsearch_domain` from state when
RecordNotFoundException

Fixes #3967

When an ElasticSearch domain has been deleted outside of Terraform, the
next Terraform operation would return the following:

```
* aws_elasticsearch_domain.curvelogic_es: ResourceNotFoundException:
* Domain not found: curvelogic-es
    status code: 409, request id: 6e4b2371-8e1a-11e5-bd07-7741b705d65c
```

We now refresh the resource from state when it is no longer found

* Update resource_aws_elasticsearch_domain.go
2016-09-03 14:55:29 +01:00
Paul Stack ef85146722 Merge pull request #8642 from kwilczynski/feature/add-unit-test-aws_network_acl_rule
provider/aws: Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
2016-09-03 16:51:34 +03:00
Paul Stack 401d976cbb Merge pull request #8644 from kwilczynski/feature/add-unit-test-data_source_availability_zones
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
2016-09-03 16:50:59 +03:00
Krzysztof Wilczynski 814b1d7489
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 14:04:35 +01:00
Krzysztof Wilczynski 18b5de26d8
Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:49:39 +01:00
Krzysztof Wilczynski bcaac02edb
Add validation of Health Check target to aws_elb.
This commit adds a simple validation of the target in the Health Check block in
order to reduce the number of issues related to the type, port and path values,
especially when the TCP and SSL type was used.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:48:28 +01:00
Paul Stack 10bf48a35a Merge pull request #8641 from kwilczynski/feature/update-aws_efs_file_system
provider/aws: Maintenance and clean-up for aws_efs_file_system.
2016-09-03 15:35:45 +03:00
Krzysztof Wilczynski fceb3ac381
Maintenance and clean-up for aws_efs_file_system.
This commit is purely a maintenance and clean-up of the resource.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 11:40:24 +01:00
Radek Simko a3c21d6c3b
provider/aws: Add cloudformation_stack data source 2016-09-03 11:33:59 +01:00
Paul Stack 42711dbc1f Merge pull request #8636 from kwilczynski/fix/increase-wait-time-aws_vpn_gateway_attachment
provider/aws: Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
2016-09-03 00:23:37 +03:00
Paul Stack 18ea8ef264 Merge pull request #8603 from hashicorp/aws-db-parameter-apply_method
provider/aws: Set `apply_method` to state in `aws_db_parameter_group`
2016-09-02 23:34:45 +03:00
Krzysztof Wilczynski a6de64a445
Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
This commit increases the timeout, delay and minimum timeout values in
order to resolve a timeout potentially occurring when the VPC gateway
is being attached.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-02 21:28:55 +01:00
James Nugent d444d122bf provider/aws: Clean up AWS provider schema defns
Remove unnecessary &schema.Schema from the AWS provider schema
definition.
2016-09-02 10:36:52 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
James Nugent 93f31fce17 provider/aws: Add aws_s3_bucket_policy resource
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.

In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
2016-09-02 09:07:54 -07:00
Paul Stack d5b869732b Merge pull request #8628 from hashicorp/b-aws-alb-computed
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
2016-09-02 17:33:02 +03:00
Clint 740b8bb9cb provider/aws: Run errcheck in tests (#8579)
* provider/aws: Add errcheck to Makefile, error on unchecked errors

* more exceptions

* updates for errcheck to pass

* reformat and spilt out the ignore statements

* narrow down ignores

* fix typo, only ignore Close and Write, instead of close or write
2016-09-02 09:24:17 -05:00
stack72 d236a305ea
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
Fixes #8612

The SSL Policy is optional - if you don't add it and create a HTTPS Alb
Listener, AWS will add the policy for you. Without being computed, we
would get a diff

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListener_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 17:16:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListener_
-timeout 120m
=== RUN   TestAccAWSALBListener_basic
--- PASS: TestAccAWSALBListener_basic (70.45s)
=== RUN   TestAccAWSALBListener_https
--- PASS: TestAccAWSALBListener_https (63.20s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    133.667s
```
2016-09-02 17:21:02 +03:00
stack72 f9183da2e3
provider/aws: Changing the tests for `aws_ssm_association` to align with
us-west-2

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:56:09 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSSMAssociation_ -timeout 120m
=== RUN   TestAccAWSSSMAssociation_basic
--- PASS: TestAccAWSSSMAssociation_basic (136.23s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    136.246s
```
2016-09-02 17:04:43 +03:00
liamjbennett e98e5fb017
provider/aws: add aws_ssm_association resource 2016-09-02 16:46:05 +03:00
qivers 4b694a4fec Increase aws_rds_cluster timeout to 40 minutes
The timeout was increased to 40 minutes when creating a new cluster in https://github.com/hashicorp/terraform/pull/8052. However when creating a cluster from a snapshot the timeout is still 15 minutes. I've increased this to 40 minutes.
2016-09-02 08:55:43 +01:00
stack72 3c71783d07
provider/aws: Set `apply_method` to state in `aws_db_parameter_group`
Fixes #8593

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBParameterGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/01 13:04:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBParameterGroup_ -timeout 120m
=== RUN   TestAccAWSDBParameterGroup_importBasic
--- PASS: TestAccAWSDBParameterGroup_importBasic (27.03s)
=== RUN   TestAccAWSDBParameterGroup_limit
--- PASS: TestAccAWSDBParameterGroup_limit (48.54s)
=== RUN   TestAccAWSDBParameterGroup_basic
--- PASS: TestAccAWSDBParameterGroup_basic (46.29s)
=== RUN   TestAccAWSDBParameterGroup_Only
--- PASS: TestAccAWSDBParameterGroup_Only (23.57s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    145.445s
```
2016-09-02 08:26:46 +01:00
Anshul Sharma 96f1aff693 Update rds password if provided while creating from snapshot 2016-09-02 09:51:37 +05:30
Pierre Carrier 2410294a9d providers/aws: support for lifecycle hooks at ASG creation
Closes hashicorp/terraform#5619.
2016-09-01 10:21:37 -07:00
David Glasser b06fe6ee2b provider/aws: remove unused test argument 2016-09-01 10:20:56 -07:00
clint shryock 3580ae03be provider/aws: Randomize some IAM user names to avoid conflicts in tests 2016-08-31 09:33:56 -05:00
stack72 4d2b9cb167
provider/aws: `aws_spot_fleet_request` was leaving orphaned instances
running

Each nightly build was leaving multiple instances running. The issue is
that the IAM role we were using didn't have access to Terminate the EC2
instances

The role was missing the ec2 principle
2016-08-31 11:25:08 +01:00
Krzysztof Wilczynski 6a94f920e1 provider/aws: Handle missing EFS mount target in aws_efs_mount_target. (#8529)
* Handle missing EFS mount target in aws_efs_mount_target.

This commit resolves issue where the EFS mount target would be already
deleted (e.g. it was deleted outside of Terraform, etc.). Also, correct
how values are begin set in the ReadFunc to avoid nil pointer dereference.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add EFS mount target DNS helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add EFS mount target response helper.

This commit adds a helper which can be used to check whether the response
contains a valid and non-empty list of EFS file system mount targets.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Add acceptance test to check for non-empty plan.

This commit adds a test to verify the condition where the underlying EFS mount
target would be deleted and/or disappear resulting in a new resource to be
created to replace it.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-08-30 10:42:54 +01:00
Richard Bowden b673f4d972 adds resource retry to SpotInstanceRequestCreate (#8516)
so that the create process waits for IAM Instance profiles and roles to propagate before continuing, this has been taken from `resource_aws_instance`
2016-08-29 21:53:40 +01:00
stack72 7fe49999fb
Merge branch '7721-enable-disable-access-logs' of https://github.com/optimisticanshul/terraform into optimisticanshul-7721-enable-disable-access-logs 2016-08-29 21:00:46 +01:00
Radek Simko cc38378870 provider/aws: API Gateway Custom Authorizer (#8535)
* [WIP] AWS APIGateway Custom Authorizer

* provider/aws: api_gateway_method - Add missing fields to Read+Update

* provider/aws: Make API Gateway name in test more specific

* provider/aws: APIG - Use minimal configuration in create request
2016-08-29 20:51:59 +01:00
Radek Simko 8317fe73d4 provider/aws: Add AWS error message to retry APIGateway acc update on (#8533) 2016-08-29 20:02:15 +01:00
Radek Simko 58d5b88170
provider/aws: Cover more failure cases of CF creation/update/deletion
- Use ID instead of stack name per AWS' advice
 - Query failures/errors *after* the stack has reached target state
2016-08-29 11:53:09 +01:00
Radek Simko 302982c335 provider/aws: Remove unsafe ptr dereferencing [A-C]* (#8519) 2016-08-28 19:25:30 +01:00
Radek Simko 2223964ff1 provider/aws: Remove unsafe ptr dereferencing from ECS/ECR (#8514) 2016-08-28 17:15:45 +01:00
Radek Simko fe0e8da3dd
provider/aws: Handle deleted CloudFormation stack gracefully 2016-08-28 16:12:35 +01:00
Radek Simko ed39b8634f provider/aws: Remove unsafe ptr dereferencing from ami data source (#8513) 2016-08-28 15:39:40 +01:00
Carlos Sanchez bb5c83ca49 provider/aws: Increase route_table timeouts (#8465) 2016-08-27 21:32:55 +01:00
Martin Atkins 4f906dba7a Merge #8403: name_regex attribute on aws_ami data source 2016-08-27 13:11:45 -07:00
Alex Eftimie 3a97971e41 Refactor for code simplicity. 2016-08-27 12:54:42 -07:00
Alex Eftimie d44ae5028f S3Bucket and S3Key are always required 2016-08-27 12:54:41 -07:00
Alex Eftimie c9bd7d680f Add a test to check the unversioned lambda function update - copy and adapt genAWSLambdaFunctionConfig_s3 2016-08-27 12:54:41 -07:00
Alex Eftimie c5f788ec58 Attempt to fix #6794 - update only non empty fields on aws_lambda_function s3 2016-08-27 12:54:41 -07:00
Clint daac877c82 provider/aws: Get and export ASG ARN value (#8503) 2016-08-27 15:20:11 +01:00
Paul Stack 6ea53e5e3c provider/aws: Refresh `aws_route` from state if `aws_route_table` not (#8443)
found

Fixes #5288
Fixes #8388

```
TESTS TBC
```
2016-08-26 07:50:14 +01:00
Radek Simko 0dd17c646b provider/aws: Cleanup the Lambda ENI deletion process a bit (#8486) 2016-08-26 07:30:47 +01:00
Mitchell Hashimoto 6b124a4760 Merge pull request #8479 from dtolnay/detach
provider/aws: Propagate errors from DetachVolume
2016-08-25 22:21:46 -07:00
Glenn Poston 19426109da Lambda ENI cleanup added to security group delete (#8033) 2016-08-25 23:08:19 +01:00
Paul Stack 338aab9169 provider/aws: Stop `aws_instance` `source_dest_check` triggering an API call on each (#8450)
terraform run

Fixes #3550

The simple fix here was to check if the Resource was new (to set the
value the first time) then check it has changed each time

I was able to see from the TF log the following:

```
Config

resource "aws_vpc" "foo" {
	cidr_block = "10.10.0.0/16"
}

resource "aws_subnet" "foo" {
	cidr_block = "10.10.1.0/24"
	vpc_id = "${aws_vpc.foo.id}"
}

resource "aws_instance" "foo" {
	ami = "ami-4fccb37f"
	instance_type = "m1.small"
	subnet_id = "${aws_subnet.foo.id}"
	source_dest_check = false
        disable_api_termination = true
}
```

No longer caused any Modifying source_dest_check entries in the LOG
2016-08-25 22:11:01 +01:00
Clint 49ecfe8921 provider/aws: Add aws_default_route_table resource (#8323)
* provider/aws: Add docs for Default Route Table

* add new default_route_table_id attribute, test to VPC

* stub

* add warning to docs

* rough implementation

* first test

* update test, add swap test

* fix typo
2016-08-25 16:02:44 -05:00
David Tolnay b09e042bf5 provider/aws: Propagate errors from DetachVolume 2016-08-25 14:46:46 -04:00
stack72 0087068a0e
provider/aws: `aws_ecs_container_definition` datasource parameter
changes to memory_reservation
2016-08-25 18:10:08 +01:00
stack72 7a852dacf2
Merge branch 'aws_ecs_container_definition_memory_reservation' of https://github.com/optimisticanshul/terraform into optimisticanshul-aws_ecs_container_definition_memory_reservation 2016-08-25 17:51:38 +01:00
Paul Stack 7949a30a07 provider/aws: Randomize the key_pair used in the (#8472)
`aws_spot_fleet_request` acceptance tests
2016-08-25 14:40:57 +01:00
Paul Stack 0adc1fc4b2 provider/aws: Allow `aws_rds_instance` to upgrade the major version (#8471)
Fixes #8468

If a user wished to bump the `engine_version` of an RDS instance,
Terraform was not sending `allow_major_version_upgrade` to the API
*unless* that value also changed at the same time. This caused the
following error from RDS API:

```
* aws_db_instance.bar: Error modifying DB Instance
* tf-20160825101420910562798obb: InvalidParameterCombination: The
* AllowMajorVersionUpgrade flag must be present when upgrading to a new
* major version.
    status code: 400, request id: 20e36364-6ab0-11e6-b794-51f12f4135f1
```

This change will always send the `allow_major_version_upgrade` flag to
the API when the `engine_version` changes.

This still relies on the user setting the correct value i.e. if they are
upgrading from postgres 0.4.7 -> 9.5.2 then the config will need to set
the `allow_major_version_upgrade` flag to be `true`
2016-08-25 13:54:40 +01:00
Richard Clamp 9be1ff5d53 Fix segmentation fault in "aws_api_gateway_base_path_mapping" resource (#8466)
It is possible for the `mapping.BasePath`, `mapping.RestApiId`, and
`mapping.Stage` to be nil when they have not been set for the
mapping.[1]  When this occurs a nil pointer is dereferenced and terraform
segmentation faults.

Here we remove the blind derefrences and trust in the behaviour of
(*ResourceData).Set() to handle the nil pointer safely.

[1] https://github.com/hashicorp/terraform/blob/master/vendor/github.com/aws/aws-sdk-go/service/apigateway/api.go#L4892-L4904
2016-08-25 11:03:42 +01:00
Paul Stack 64510d9cfb provider/aws: Adding `aws_ssm_document` resource (#8460)
* provider/aws: add `aws_ssm_document` resource

* provider/aws: Changes to `aws_ssm_document` post code review

The changes are things like using d.Id rather than d.Get("name").(string)

and errwrap.Wrapf rather than fmt.Errorf
2016-08-25 09:47:24 +01:00
Paul Stack 3901827b40 provider/aws: Validate `aws_iam_policy_attachment` Name parameter to stop being empty (#8441)
* provider/aws: Validate `aws_iam_policy_attachment` Name parameter to
stop being empty

Fixes #8368

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSPolicyAttachment_'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/24 11:46:01 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSPolicyAttachment_ -timeout 120m
=== RUN   TestAccAWSPolicyAttachment_basic
--- PASS: TestAccAWSPolicyAttachment_basic (44.67s)
=== RUN   TestAccAWSPolicyAttachment_paginatedEntities
--- PASS: TestAccAWSPolicyAttachment_paginatedEntities (161.68s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    206.379s
```

* Update resource_aws_iam_policy_attachment.go
2016-08-24 21:28:41 +01:00
stack72 01fca172cb
provider/aws: Removing the merge conflict from the redshift_cluster resource 2016-08-24 20:50:06 +01:00
Clint 341c7bf766 provider/aws: Update VPC Peering connect accept/request attributes (supersedes #8338) (#8432)
* Fix crash when reading VPC Peering Connection options.

This resolves the issue introduced in #8310.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* Do not de-reference values when using Set().

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>

* provider/aws: Update VPC Peering connect accept/request attributes

* change from type list to type set

* provider/aws: Update VPC Peering accept/requst options, tests

* errwrap some things
2016-08-24 13:24:42 -05:00
Maxime Bury 39bc60c3dc Retry on gateway not found 2016-08-24 13:17:45 -04:00
Paul Stack 50556c58b8 provider/aws: Refresh `aws_cloudwatch_event_target` from state on `ResourceNotFoundException` (#8442)
* provider/aws: Refresh `aws_cloudwatch_event_target` from state on
`ResourceNotFoundException`

Fixes #6928

@radeksimko FYI :)

* Update resource_aws_cloudwatch_event_target.go
2016-08-24 13:02:48 +01:00
Paul Stack e524603d3f provider/aws: AWS SpotFleet Requests now works with Subnets and AZs (#8320)
* provider/aws: Change Spot Fleet Request to allow a combination of
subnet_id and availability_zone

Also added a complete set of tests that reflect all of the use cases
that Amazon document
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-examples.html

It is important to note there that Terraform will be suggesting that
users create multiple launch configurations rather than AWS's version of
combing values into CSV based parameters. This will ensure that we are
able to enforce the correct state

Also note that `associate_public_ip_address` now defaults to `false` - a migration has been
included in this PR to migration users of this functionality. This needs
to be noted in the changelog. The last part of changing functionality
here is waiting for the state of the request to become `active`. Before
we get to this state, we cannot guarantee that Amazon have accepted the
request or it could have failed validation.

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSSpotFleetRequest_'
% 2 ↵
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/22 15:44:21 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSpotFleetRequest_ -timeout 120m
=== RUN   TestAccAWSSpotFleetRequest_changePriceForcesNewRequest
--- PASS: TestAccAWSSpotFleetRequest_changePriceForcesNewRequest (133.90s)
=== RUN   TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion (76.67s)
=== RUN   TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList (75.22s)
=== RUN   TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList (96.95s)
=== RUN   TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz (74.44s)
=== RUN   TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet (97.82s)
=== RUN   TestAccAWSSpotFleetRequest_overriddingSpotPrice
--- PASS: TestAccAWSSpotFleetRequest_overriddingSpotPrice (76.22s)
=== RUN   TestAccAWSSpotFleetRequest_diversifiedAllocation
--- PASS: TestAccAWSSpotFleetRequest_diversifiedAllocation (79.81s)
=== RUN   TestAccAWSSpotFleetRequest_withWeightedCapacity
--- PASS: TestAccAWSSpotFleetRequest_withWeightedCapacity (77.15s)
=== RUN   TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName
--- PASS: TestAccAWSSpotFleetRequest_CannotUseEmptyKeyName (0.00s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    788.184s
```

* Update resource_aws_spot_fleet_request.go
2016-08-24 11:08:46 +01:00