From dfb34c85b923b27e4b6ee9dad5a8778971e37ee3 Mon Sep 17 00:00:00 2001 From: = Date: Mon, 27 Mar 2017 14:02:20 -0600 Subject: [PATCH 001/101] Add randomness to aws ses tests --- .../aws/resource_aws_ses_configuration_set_test.go | 12 +++++++----- .../aws/resource_aws_ses_event_destination_test.go | 12 +++++++----- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/builtin/providers/aws/resource_aws_ses_configuration_set_test.go b/builtin/providers/aws/resource_aws_ses_configuration_set_test.go index 7cbbe4232e..5a5bd1ec8a 100644 --- a/builtin/providers/aws/resource_aws_ses_configuration_set_test.go +++ b/builtin/providers/aws/resource_aws_ses_configuration_set_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/aws/aws-sdk-go/service/ses" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) @@ -42,7 +43,7 @@ func testAccCheckSESConfigurationSetDestroy(s *terraform.State) error { found := false for _, element := range response.ConfigurationSets { - if *element.Name == "some-configuration-set" { + if *element.Name == fmt.Sprintf("some-configuration-set-%d", escRandomInteger) { found = true } } @@ -77,7 +78,7 @@ func testAccCheckAwsSESConfigurationSetExists(n string) resource.TestCheckFunc { found := false for _, element := range response.ConfigurationSets { - if *element.Name == "some-configuration-set" { + if *element.Name == fmt.Sprintf("some-configuration-set-%d", escRandomInteger) { found = true } } @@ -90,8 +91,9 @@ func testAccCheckAwsSESConfigurationSetExists(n string) resource.TestCheckFunc { } } -const testAccAWSSESConfigurationSetConfig = ` +var escRandomInteger = acctest.RandInt() +var testAccAWSSESConfigurationSetConfig = fmt.Sprintf(` resource "aws_ses_configuration_set" "test" { - name = "some-configuration-set" + name = "some-configuration-set-%d" } -` +`, escRandomInteger) diff --git a/builtin/providers/aws/resource_aws_ses_event_destination_test.go b/builtin/providers/aws/resource_aws_ses_event_destination_test.go index 378e2042c8..624ce0c832 100644 --- a/builtin/providers/aws/resource_aws_ses_event_destination_test.go +++ b/builtin/providers/aws/resource_aws_ses_event_destination_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/aws/aws-sdk-go/service/ses" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) @@ -46,7 +47,7 @@ func testAccCheckSESEventDestinationDestroy(s *terraform.State) error { found := false for _, element := range response.ConfigurationSets { - if *element.Name == "some-configuration-set" { + if *element.Name == fmt.Sprintf("some-configuration-set-%d", edRandomInteger) { found = true } } @@ -81,7 +82,7 @@ func testAccCheckAwsSESEventDestinationExists(n string) resource.TestCheckFunc { found := false for _, element := range response.ConfigurationSets { - if *element.Name == "some-configuration-set" { + if *element.Name == fmt.Sprintf("some-configuration-set-%d", edRandomInteger) { found = true } } @@ -94,7 +95,8 @@ func testAccCheckAwsSESEventDestinationExists(n string) resource.TestCheckFunc { } } -const testAccAWSSESEventDestinationConfig = ` +var edRandomInteger = acctest.RandInt() +var testAccAWSSESEventDestinationConfig = fmt.Sprintf(` resource "aws_s3_bucket" "bucket" { bucket = "tf-test-bucket-format" acl = "private" @@ -155,7 +157,7 @@ data "aws_iam_policy_document" "fh_felivery_document" { } resource "aws_ses_configuration_set" "test" { - name = "some-configuration-set" + name = "some-configuration-set-%d" } resource "aws_ses_event_destination" "kinesis" { @@ -182,4 +184,4 @@ resource "aws_ses_event_destination" "cloudwatch" { value_source = "emailHeader" } } -` +`, edRandomInteger) From 63cd65d138bd8371c01b30c51110cdc51bea33ac Mon Sep 17 00:00:00 2001 From: = Date: Mon, 27 Mar 2017 14:26:30 -0600 Subject: [PATCH 002/101] Add randomness to ses receipt rule --- .../aws/resource_aws_ses_receipt_rule_test.go | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go b/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go index f5770fcc4d..d39c4c03f9 100644 --- a/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go +++ b/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ses" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) @@ -111,7 +112,7 @@ func testAccCheckAwsSESReceiptRuleExists(n string) resource.TestCheckFunc { params := &ses.DescribeReceiptRuleInput{ RuleName: aws.String("basic"), - RuleSetName: aws.String("test-me"), + RuleSetName: aws.String(fmt.Sprintf("test-me-%d", srrsRandomInt)), } response, err := conn.DescribeReceiptRule(params) @@ -153,7 +154,7 @@ func testAccCheckAwsSESReceiptRuleOrder(n string) resource.TestCheckFunc { conn := testAccProvider.Meta().(*AWSClient).sesConn params := &ses.DescribeReceiptRuleSetInput{ - RuleSetName: aws.String("test-me"), + RuleSetName: aws.String(fmt.Sprintf("test-me-%d", srrsRandomInt)), } response, err := conn.DescribeReceiptRuleSet(params) @@ -186,7 +187,7 @@ func testAccCheckAwsSESReceiptRuleActions(n string) resource.TestCheckFunc { params := &ses.DescribeReceiptRuleInput{ RuleName: aws.String("actions"), - RuleSetName: aws.String("test-me"), + RuleSetName: aws.String(fmt.Sprintf("test-me")), } response, err := conn.DescribeReceiptRule(params) @@ -227,9 +228,10 @@ func testAccCheckAwsSESReceiptRuleActions(n string) resource.TestCheckFunc { } } -const testAccAWSSESReceiptRuleBasicConfig = ` +var srrsRandomInt = acctest.RandInt() +var testAccAWSSESReceiptRuleBasicConfig = fmt.Sprintf(` resource "aws_ses_receipt_rule_set" "test" { - rule_set_name = "test-me" + rule_set_name = "test-me-%d" } resource "aws_ses_receipt_rule" "basic" { @@ -240,11 +242,11 @@ resource "aws_ses_receipt_rule" "basic" { scan_enabled = true tls_policy = "Require" } -` +`, srrsRandomInt) -const testAccAWSSESReceiptRuleOrderConfig = ` +var testAccAWSSESReceiptRuleOrderConfig = fmt.Sprintf(` resource "aws_ses_receipt_rule_set" "test" { - rule_set_name = "test-me" + rule_set_name = "test-me-%d" } resource "aws_ses_receipt_rule" "second" { @@ -257,9 +259,9 @@ resource "aws_ses_receipt_rule" "first" { name = "first" rule_set_name = "${aws_ses_receipt_rule_set.test.rule_set_name}" } -` +`, srrsRandomInt) -const testAccAWSSESReceiptRuleActionsConfig = ` +var testAccAWSSESReceiptRuleActionsConfig = fmt.Sprintf(` resource "aws_s3_bucket" "emails" { bucket = "ses-terraform-emails" } @@ -289,4 +291,4 @@ resource "aws_ses_receipt_rule" "actions" { position = 2 } } -` +`) From 1c40518e8035f2e73f1eae041e3ae1a1c058f014 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Serta=C3=A7=20=C3=96zercan?= Date: Mon, 27 Mar 2017 14:00:29 -0700 Subject: [PATCH 003/101] provider/azurerm: Update vault_certificates instructions for clarity --- .../azurerm/r/virtual_machine.html.markdown | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/website/source/docs/providers/azurerm/r/virtual_machine.html.markdown b/website/source/docs/providers/azurerm/r/virtual_machine.html.markdown index e6cc76524c..9bfbff12ea 100644 --- a/website/source/docs/providers/azurerm/r/virtual_machine.html.markdown +++ b/website/source/docs/providers/azurerm/r/virtual_machine.html.markdown @@ -304,11 +304,20 @@ For more information on the different example configurations, please check out t `os_profile_secrets` supports the following: * `source_vault_id` - (Required) Specifies the key vault to use. -* `vault_certificates` - (Required, on windows machines) A collection of Vault Certificates as documented below +* `vault_certificates` - (Required) A collection of Vault Certificates as documented below `vault_certificates` support the following: -* `certificate_url` - (Required) It is the Base64 encoding of a JSON Object that which is encoded in UTF-8 of which the contents need to be `data`, `dataType` and `password`. +* `certificate_url` - (Required) Specifies the URI of the key vault secrets in the format of `https:///secrets//`. Stored secret is the Base64 encoding of a JSON Object that which is encoded in UTF-8 of which the contents need to be + +``` +{ + "data":"", + "dataType":"pfx", + "password":"" +} +``` + * `certificate_store` - (Required, on windows machines) Specifies the certificate store on the Virtual Machine where the certificate should be added to. ## Attributes Reference From 5ea834d27fe58ea549a4f985a68413fd31d1b336 Mon Sep 17 00:00:00 2001 From: = Date: Mon, 27 Mar 2017 15:22:58 -0600 Subject: [PATCH 004/101] Randomize test name --- .../aws/resource_aws_ses_receipt_rule_test.go | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go b/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go index d39c4c03f9..64d04f923b 100644 --- a/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go +++ b/builtin/providers/aws/resource_aws_ses_receipt_rule_test.go @@ -186,8 +186,8 @@ func testAccCheckAwsSESReceiptRuleActions(n string) resource.TestCheckFunc { conn := testAccProvider.Meta().(*AWSClient).sesConn params := &ses.DescribeReceiptRuleInput{ - RuleName: aws.String("actions"), - RuleSetName: aws.String(fmt.Sprintf("test-me")), + RuleName: aws.String("actions4"), + RuleSetName: aws.String(fmt.Sprintf("test-me-%d", srrsRandomInt)), } response, err := conn.DescribeReceiptRule(params) @@ -267,28 +267,28 @@ resource "aws_s3_bucket" "emails" { } resource "aws_ses_receipt_rule_set" "test" { - rule_set_name = "test-me" + rule_set_name = "test-me-%d" } resource "aws_ses_receipt_rule" "actions" { - name = "actions" + name = "actions4" rule_set_name = "${aws_ses_receipt_rule_set.test.rule_set_name}" add_header_action { - header_name = "Added-By" - header_value = "Terraform" - position = 1 + header_name = "Added-By" + header_value = "Terraform" + position = 1 } add_header_action { - header_name = "Another-Header" - header_value = "First" - position = 0 + header_name = "Another-Header" + header_value = "First" + position = 0 } stop_action { - scope = "RuleSet" - position = 2 + scope = "RuleSet" + position = 2 } } -`) +`, srrsRandomInt) From 24d9458feb4b947fd6fa76913620f77c9dd02be1 Mon Sep 17 00:00:00 2001 From: tombuildsstuff Date: Tue, 28 Mar 2017 15:43:15 +0100 Subject: [PATCH 005/101] Removing the deprecated `location` parameter from the LB Docs --- .../azurerm/r/loadbalancer_backend_address_pool.html.markdown | 1 - .../providers/azurerm/r/loadbalancer_nat_rule.html.markdown | 2 -- 2 files changed, 3 deletions(-) diff --git a/website/source/docs/providers/azurerm/r/loadbalancer_backend_address_pool.html.markdown b/website/source/docs/providers/azurerm/r/loadbalancer_backend_address_pool.html.markdown index 385e2843c3..f63b782d92 100644 --- a/website/source/docs/providers/azurerm/r/loadbalancer_backend_address_pool.html.markdown +++ b/website/source/docs/providers/azurerm/r/loadbalancer_backend_address_pool.html.markdown @@ -51,7 +51,6 @@ The following arguments are supported: * `name` - (Required) Specifies the name of the Backend Address Pool. * `resource_group_name` - (Required) The name of the resource group in which to create the resource. -* `location` - (Required) Specifies the supported Azure location where the resource exists. * `loadbalancer_id` - (Required) The ID of the LoadBalancer in which to create the Backend Address Pool. ## Attributes Reference diff --git a/website/source/docs/providers/azurerm/r/loadbalancer_nat_rule.html.markdown b/website/source/docs/providers/azurerm/r/loadbalancer_nat_rule.html.markdown index 527f4de741..4eaaef7247 100644 --- a/website/source/docs/providers/azurerm/r/loadbalancer_nat_rule.html.markdown +++ b/website/source/docs/providers/azurerm/r/loadbalancer_nat_rule.html.markdown @@ -39,7 +39,6 @@ resource "azurerm_lb" "test" { } resource "azurerm_lb_nat_rule" "test" { - location = "West US" resource_group_name = "${azurerm_resource_group.test.name}" loadbalancer_id = "${azurerm_lb.test.id}" name = "RDP Access" @@ -56,7 +55,6 @@ The following arguments are supported: * `name` - (Required) Specifies the name of the NAT Rule. * `resource_group_name` - (Required) The name of the resource group in which to create the resource. -* `location` - (Required) Specifies the supported Azure location where the resource exists. * `loadbalancer_id` - (Required) The ID of the LoadBalancer in which to create the NAT Rule. * `frontend_ip_configuration_name` - (Required) The name of the frontend IP configuration exposing this rule. * `protocol` - (Required) The transport protocol for the external endpoint. Possible values are `Udp` or `Tcp`. From 52390473e260b6058d07fac3ae270089a5ebb11a Mon Sep 17 00:00:00 2001 From: = Date: Tue, 28 Mar 2017 09:46:22 -0600 Subject: [PATCH 006/101] Add randomness to roles for dms replication --- .../providers/aws/resource_aws_dms_replication_instance_test.go | 2 +- .../aws/resource_aws_dms_replication_subnet_group_test.go | 2 +- builtin/providers/aws/resource_aws_dms_replication_task_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_dms_replication_instance_test.go b/builtin/providers/aws/resource_aws_dms_replication_instance_test.go index 17e7f85c8d..3b6bb0d0ef 100644 --- a/builtin/providers/aws/resource_aws_dms_replication_instance_test.go +++ b/builtin/providers/aws/resource_aws_dms_replication_instance_test.go @@ -169,7 +169,7 @@ resource "aws_dms_replication_instance" "dms_replication_instance" { func dmsReplicationInstanceConfigUpdate(randId string) string { return fmt.Sprintf(` resource "aws_iam_role" "dms_iam_role" { - name = "dms-vpc-role" + name = "dms-vpc-role-%[1]s" assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"dms.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" } diff --git a/builtin/providers/aws/resource_aws_dms_replication_subnet_group_test.go b/builtin/providers/aws/resource_aws_dms_replication_subnet_group_test.go index 574745f9e2..a6da50c9cc 100644 --- a/builtin/providers/aws/resource_aws_dms_replication_subnet_group_test.go +++ b/builtin/providers/aws/resource_aws_dms_replication_subnet_group_test.go @@ -102,7 +102,7 @@ func dmsReplicationSubnetGroupDestroy(s *terraform.State) error { func dmsReplicationSubnetGroupConfig(randId string) string { return fmt.Sprintf(` resource "aws_iam_role" "dms_iam_role" { - name = "dms-vpc-role" + name = "dms-vpc-role-%[1]s" assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"dms.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" } diff --git a/builtin/providers/aws/resource_aws_dms_replication_task_test.go b/builtin/providers/aws/resource_aws_dms_replication_task_test.go index 07ac7f58f3..8b20abf863 100644 --- a/builtin/providers/aws/resource_aws_dms_replication_task_test.go +++ b/builtin/providers/aws/resource_aws_dms_replication_task_test.go @@ -102,7 +102,7 @@ func dmsReplicationTaskDestroy(s *terraform.State) error { func dmsReplicationTaskConfig(randId string) string { return fmt.Sprintf(` resource "aws_iam_role" "dms_iam_role" { - name = "dms-vpc-role" + name = "dms-vpc-role-%[1]s" assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"dms.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" } From da7ef1bb76f99c24639e0cba1fb814b93208d921 Mon Sep 17 00:00:00 2001 From: = Date: Tue, 28 Mar 2017 12:00:56 -0600 Subject: [PATCH 007/101] added randomness to elastic beanstalk environment tests --- ..._aws_elastic_beanstalk_environment_test.go | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go b/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go index 305ab9c4a6..2a3b1e7629 100644 --- a/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go +++ b/builtin/providers/aws/resource_aws_elastic_beanstalk_environment_test.go @@ -661,7 +661,7 @@ resource "aws_elastic_beanstalk_environment" "tfenvtest" { func testAccBeanstalkWorkerEnvConfig(rInt int) string { return fmt.Sprintf(` resource "aws_iam_instance_profile" "tftest" { - name = "tftest_profile" + name = "tftest_profile-%d" roles = ["${aws_iam_role.tftest.name}"] } @@ -693,7 +693,7 @@ func testAccBeanstalkWorkerEnvConfig(rInt int) string { name = "IamInstanceProfile" value = "${aws_iam_instance_profile.tftest.name}" } - }`, rInt, rInt) + }`, rInt, rInt, rInt) } func testAccBeanstalkEnvCnamePrefixConfig(randString string, rInt int) string { @@ -937,24 +937,24 @@ resource "aws_s3_bucket_object" "default" { } resource "aws_elastic_beanstalk_application" "default" { - name = "tf-test-name" + name = "tf-test-name-%d" description = "tf-test-desc" } resource "aws_elastic_beanstalk_application_version" "default" { - application = "tf-test-name" + application = "tf-test-name-%d" name = "tf-test-version-label" bucket = "${aws_s3_bucket.default.id}" key = "${aws_s3_bucket_object.default.id}" } resource "aws_elastic_beanstalk_environment" "default" { - name = "tf-test-name" + name = "tf-test-name-%d" application = "${aws_elastic_beanstalk_application.default.name}" version_label = "${aws_elastic_beanstalk_application_version.default.name}" solution_stack_name = "64bit Amazon Linux running Python" } -`, randInt) +`, randInt, randInt, randInt, randInt) } func testAccBeanstalkEnvApplicationVersionConfigUpdate(randInt int) string { @@ -970,22 +970,22 @@ resource "aws_s3_bucket_object" "default" { } resource "aws_elastic_beanstalk_application" "default" { - name = "tf-test-name" + name = "tf-test-name-%d" description = "tf-test-desc" } resource "aws_elastic_beanstalk_application_version" "default" { - application = "tf-test-name" + application = "tf-test-name-%d" name = "tf-test-version-label-v2" bucket = "${aws_s3_bucket.default.id}" key = "${aws_s3_bucket_object.default.id}" } resource "aws_elastic_beanstalk_environment" "default" { - name = "tf-test-name" + name = "tf-test-name-%d" application = "${aws_elastic_beanstalk_application.default.name}" version_label = "${aws_elastic_beanstalk_application_version.default.name}" solution_stack_name = "64bit Amazon Linux running Python" } -`, randInt) +`, randInt, randInt, randInt, randInt) } From 5662b7e60fe363a69ef6890decf2e5474f34e97d Mon Sep 17 00:00:00 2001 From: = Date: Tue, 28 Mar 2017 14:56:57 -0600 Subject: [PATCH 008/101] add randomness to gateway and efs file system tests --- .../aws/import_aws_customer_gateway_test.go | 5 +- .../aws/import_aws_efs_file_system_test.go | 4 +- .../aws/resource_aws_customer_gateway_test.go | 114 ++++++++++-------- .../aws/resource_aws_efs_file_system_test.go | 58 +++++---- 4 files changed, 101 insertions(+), 80 deletions(-) diff --git a/builtin/providers/aws/import_aws_customer_gateway_test.go b/builtin/providers/aws/import_aws_customer_gateway_test.go index 37662760db..0c066a33f0 100644 --- a/builtin/providers/aws/import_aws_customer_gateway_test.go +++ b/builtin/providers/aws/import_aws_customer_gateway_test.go @@ -3,19 +3,20 @@ package aws import ( "testing" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" ) func TestAccAWSCustomerGateway_importBasic(t *testing.T) { resourceName := "aws_customer_gateway.foo" - + randInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckCustomerGatewayDestroy, Steps: []resource.TestStep{ resource.TestStep{ - Config: testAccCustomerGatewayConfig, + Config: testAccCustomerGatewayConfig(randInt), }, resource.TestStep{ diff --git a/builtin/providers/aws/import_aws_efs_file_system_test.go b/builtin/providers/aws/import_aws_efs_file_system_test.go index 46e0de4595..885ee9ddda 100644 --- a/builtin/providers/aws/import_aws_efs_file_system_test.go +++ b/builtin/providers/aws/import_aws_efs_file_system_test.go @@ -3,11 +3,13 @@ package aws import ( "testing" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" ) func TestAccAWSEFSFileSystem_importBasic(t *testing.T) { resourceName := "aws_efs_file_system.foo-with-tags" + rInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -15,7 +17,7 @@ func TestAccAWSEFSFileSystem_importBasic(t *testing.T) { CheckDestroy: testAccCheckEfsFileSystemDestroy, Steps: []resource.TestStep{ resource.TestStep{ - Config: testAccAWSEFSFileSystemConfigWithTags, + Config: testAccAWSEFSFileSystemConfigWithTags(rInt), }, resource.TestStep{ diff --git a/builtin/providers/aws/resource_aws_customer_gateway_test.go b/builtin/providers/aws/resource_aws_customer_gateway_test.go index 1938ce0bdd..118c2d71e2 100644 --- a/builtin/providers/aws/resource_aws_customer_gateway_test.go +++ b/builtin/providers/aws/resource_aws_customer_gateway_test.go @@ -10,12 +10,14 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) func TestAccAWSCustomerGateway_basic(t *testing.T) { var gateway ec2.CustomerGateway + randInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, IDRefreshName: "aws_customer_gateway.foo", @@ -23,19 +25,19 @@ func TestAccAWSCustomerGateway_basic(t *testing.T) { CheckDestroy: testAccCheckCustomerGatewayDestroy, Steps: []resource.TestStep{ { - Config: testAccCustomerGatewayConfig, + Config: testAccCustomerGatewayConfig(randInt), Check: resource.ComposeTestCheckFunc( testAccCheckCustomerGateway("aws_customer_gateway.foo", &gateway), ), }, { - Config: testAccCustomerGatewayConfigUpdateTags, + Config: testAccCustomerGatewayConfigUpdateTags(randInt), Check: resource.ComposeTestCheckFunc( testAccCheckCustomerGateway("aws_customer_gateway.foo", &gateway), ), }, { - Config: testAccCustomerGatewayConfigForceReplace, + Config: testAccCustomerGatewayConfigForceReplace(randInt), Check: resource.ComposeTestCheckFunc( testAccCheckCustomerGateway("aws_customer_gateway.foo", &gateway), ), @@ -46,6 +48,7 @@ func TestAccAWSCustomerGateway_basic(t *testing.T) { func TestAccAWSCustomerGateway_similarAlreadyExists(t *testing.T) { var gateway ec2.CustomerGateway + randInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, IDRefreshName: "aws_customer_gateway.foo", @@ -53,13 +56,13 @@ func TestAccAWSCustomerGateway_similarAlreadyExists(t *testing.T) { CheckDestroy: testAccCheckCustomerGatewayDestroy, Steps: []resource.TestStep{ { - Config: testAccCustomerGatewayConfig, + Config: testAccCustomerGatewayConfig(randInt), Check: resource.ComposeTestCheckFunc( testAccCheckCustomerGateway("aws_customer_gateway.foo", &gateway), ), }, { - Config: testAccCustomerGatewayConfigIdentical, + Config: testAccCustomerGatewayConfigIdentical(randInt), ExpectError: regexp.MustCompile("An existing customer gateway"), }, }, @@ -68,13 +71,14 @@ func TestAccAWSCustomerGateway_similarAlreadyExists(t *testing.T) { func TestAccAWSCustomerGateway_disappears(t *testing.T) { var gateway ec2.CustomerGateway + randInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckCustomerGatewayDestroy, Steps: []resource.TestStep{ { - Config: testAccCustomerGatewayConfig, + Config: testAccCustomerGatewayConfig(randInt), Check: resource.ComposeTestCheckFunc( testAccCheckCustomerGateway("aws_customer_gateway.foo", &gateway), testAccAWSCustomerGatewayDisappears(&gateway), @@ -190,59 +194,67 @@ func testAccCheckCustomerGateway(gatewayResource string, cgw *ec2.CustomerGatewa } } -const testAccCustomerGatewayConfig = ` -resource "aws_customer_gateway" "foo" { - bgp_asn = 65000 - ip_address = "172.0.0.1" - type = "ipsec.1" - tags { - Name = "foo-gateway" - } -} -` - -const testAccCustomerGatewayConfigIdentical = ` -resource "aws_customer_gateway" "foo" { - bgp_asn = 65000 - ip_address = "172.0.0.1" - type = "ipsec.1" - tags { - Name = "foo-gateway" +func testAccCustomerGatewayConfig(randInt int) string { + return fmt.Sprintf(` + resource "aws_customer_gateway" "foo" { + bgp_asn = 65000 + ip_address = "172.0.0.1" + type = "ipsec.1" + tags { + Name = "foo-gateway-%d" + } } + `, randInt) } -resource "aws_customer_gateway" "identical" { - bgp_asn = 65000 - ip_address = "172.0.0.1" - type = "ipsec.1" - tags { - Name = "foo-gateway-identical" - } +func testAccCustomerGatewayConfigIdentical(randInt int) string { + return fmt.Sprintf(` + resource "aws_customer_gateway" "foo" { + bgp_asn = 65000 + ip_address = "172.0.0.1" + type = "ipsec.1" + tags { + Name = "foo-gateway-%d" + } + } + + resource "aws_customer_gateway" "identical" { + bgp_asn = 65000 + ip_address = "172.0.0.1" + type = "ipsec.1" + tags { + Name = "foo-gateway-identical-%d" + } + } + `, randInt, randInt) } -` // Add the Another: "tag" tag. -const testAccCustomerGatewayConfigUpdateTags = ` -resource "aws_customer_gateway" "foo" { - bgp_asn = 65000 - ip_address = "172.0.0.1" - type = "ipsec.1" - tags { - Name = "foo-gateway" - Another = "tag" - } +func testAccCustomerGatewayConfigUpdateTags(randInt int) string { + return fmt.Sprintf(` + resource "aws_customer_gateway" "foo" { + bgp_asn = 65000 + ip_address = "172.0.0.1" + type = "ipsec.1" + tags { + Name = "foo-gateway-%d" + Another = "tag-%d" + } + } + `, randInt, randInt) } -` // Change the ip_address. -const testAccCustomerGatewayConfigForceReplace = ` -resource "aws_customer_gateway" "foo" { - bgp_asn = 65000 - ip_address = "172.10.10.1" - type = "ipsec.1" - tags { - Name = "foo-gateway" - Another = "tag" +func testAccCustomerGatewayConfigForceReplace(randInt int) string { + return fmt.Sprintf(` + resource "aws_customer_gateway" "foo" { + bgp_asn = 65000 + ip_address = "172.10.10.1" + type = "ipsec.1" + tags { + Name = "foo-gateway-%d" + Another = "tag-%d" + } } + `, randInt, randInt) } -` diff --git a/builtin/providers/aws/resource_aws_efs_file_system_test.go b/builtin/providers/aws/resource_aws_efs_file_system_test.go index c404679c2b..b242fbf163 100644 --- a/builtin/providers/aws/resource_aws_efs_file_system_test.go +++ b/builtin/providers/aws/resource_aws_efs_file_system_test.go @@ -82,6 +82,7 @@ func TestResourceAWSEFSFileSystem_hasEmptyFileSystems(t *testing.T) { } func TestAccAWSEFSFileSystem_basic(t *testing.T) { + rInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, @@ -104,7 +105,7 @@ func TestAccAWSEFSFileSystem_basic(t *testing.T) { ), }, { - Config: testAccAWSEFSFileSystemConfigWithTags, + Config: testAccAWSEFSFileSystemConfigWithTags(rInt), Check: resource.ComposeTestCheckFunc( testAccCheckEfsFileSystem( "aws_efs_file_system.foo-with-tags", @@ -116,7 +117,7 @@ func TestAccAWSEFSFileSystem_basic(t *testing.T) { testAccCheckEfsFileSystemTags( "aws_efs_file_system.foo-with-tags", map[string]string{ - "Name": "foo-efs", + "Name": fmt.Sprintf("foo-efs-%d", rInt), "Another": "tag", }, ), @@ -143,13 +144,14 @@ func TestAccAWSEFSFileSystem_basic(t *testing.T) { } func TestAccAWSEFSFileSystem_pagedTags(t *testing.T) { + rInt := acctest.RandInt() resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckEfsFileSystemDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSEFSFileSystemConfigPagedTags, + Config: testAccAWSEFSFileSystemConfigPagedTags(rInt), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "aws_efs_file_system.foo", @@ -312,34 +314,38 @@ resource "aws_efs_file_system" "foo" { } ` -const testAccAWSEFSFileSystemConfigPagedTags = ` -resource "aws_efs_file_system" "foo" { - creation_token = "radeksimko" - tags { - Name = "foo-efs" - Another = "tag" - Test = "yes" - User = "root" - Page = "1" - Environment = "prod" - CostCenter = "terraform" - AcceptanceTest = "PagedTags" - CreationToken = "radek" - PerfMode = "max" - Region = "us-west-2" +func testAccAWSEFSFileSystemConfigPagedTags(rInt int) string { + return fmt.Sprintf(` + resource "aws_efs_file_system" "foo" { + creation_token = "radeksimko" + tags { + Name = "foo-efs-%d" + Another = "tag" + Test = "yes" + User = "root" + Page = "1" + Environment = "prod" + CostCenter = "terraform" + AcceptanceTest = "PagedTags" + CreationToken = "radek" + PerfMode = "max" + Region = "us-west-2" + } } + `, rInt) } -` -const testAccAWSEFSFileSystemConfigWithTags = ` -resource "aws_efs_file_system" "foo-with-tags" { - creation_token = "yada_yada" - tags { - Name = "foo-efs" - Another = "tag" +func testAccAWSEFSFileSystemConfigWithTags(rInt int) string { + return fmt.Sprintf(` + resource "aws_efs_file_system" "foo-with-tags" { + creation_token = "yada_yada" + tags { + Name = "foo-efs-%d" + Another = "tag" + } } + `, rInt) } -` const testAccAWSEFSFileSystemConfigWithPerformanceMode = ` resource "aws_efs_file_system" "foo-with-performance-mode" { From 4619897f920d80acc72802b26bc28ea61c195857 Mon Sep 17 00:00:00 2001 From: Paul Hinze Date: Tue, 28 Mar 2017 17:10:34 -0500 Subject: [PATCH 009/101] provider/aws: Don't set DBName on `aws_db_instance` from snapshot It turns out if you're trying to write a config to conditionally restore an instance from a snapshot, you end up painted into a corner with the combination of `snapshot_identifier` and `name`. You need `name` to be specified for DBs you're creating, but when `snapshot_identifier` is populated you need it to be blank or else the AWS API throws an error. The logical next step is to drop a ternary in: ```tf resource "aws_db_instance" "foo" { # ... snapshot_identifier = "${var.snap}" name = "${var.snap != "" ? "" : var.dbname}" } ``` **BUT** the above config will _replace_ the DB on subsequent runs as the config basically has `name = ""` which will trigger a ForceNew diff once the `name` is populated from the snapshot restore. **SO** we can get a workable solution by actively avoiding populating DBName when we're using one of the engines the docs explicitly mention. It does not look like there are any tests covering `snapshot_identifer`, so I'll subject this to some manual tests and follow up with some results. --- builtin/providers/aws/resource_aws_db_instance.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_db_instance.go b/builtin/providers/aws/resource_aws_db_instance.go index e944489ab9..192ccab97d 100644 --- a/builtin/providers/aws/resource_aws_db_instance.go +++ b/builtin/providers/aws/resource_aws_db_instance.go @@ -407,7 +407,14 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error } if attr, ok := d.GetOk("name"); ok { - opts.DBName = aws.String(attr.(string)) + // "Note: This parameter [DBName] doesn't apply to the MySQL, PostgreSQL, or MariaDB engines." + // https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_RestoreDBInstanceFromDBSnapshot.html + switch strings.ToLower(d.Get("engine").(string)) { + case "mysql", "postgres", "mariadb": + // skip + default: + opts.DBName = aws.String(attr.(string)) + } } if attr, ok := d.GetOk("availability_zone"); ok { From 1a6f766376605f072a2a998b1bd9526495a79bb2 Mon Sep 17 00:00:00 2001 From: Daisuke Fujita Date: Wed, 29 Mar 2017 11:56:44 +0900 Subject: [PATCH 010/101] Remove alb_listener ssl_policy restriction --- website/source/docs/providers/aws/r/alb_listener.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/providers/aws/r/alb_listener.html.markdown b/website/source/docs/providers/aws/r/alb_listener.html.markdown index 7ca8672c15..96a827cbc9 100644 --- a/website/source/docs/providers/aws/r/alb_listener.html.markdown +++ b/website/source/docs/providers/aws/r/alb_listener.html.markdown @@ -43,7 +43,7 @@ The following arguments are supported: * `load_balancer_arn` - (Required, Forces New Resource) The ARN of the load balancer. * `port` - (Required) The port on which the load balancer is listening. * `protocol` - (Optional) The protocol for connections from clients to the load balancer. Valid values are `HTTP` and `HTTPS`. Defaults to `HTTP`. -* `ssl_policy` - (Optional) The name of the SSL Policy for the listener. Required if `protocol` is `HTTPS`. The only valid value is currently `ELBSecurityPolicy-2015-05`. +* `ssl_policy` - (Optional) The name of the SSL Policy for the listener. Required if `protocol` is `HTTPS`. * `certificate_arn` - (Optional) The ARN of the SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. * `default_action` - (Required) An Action block. Action blocks are documented below. From 10f53e3471283b2fe2c91370181087852b6974fe Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 10:37:36 +0100 Subject: [PATCH 011/101] Add links to details about sensitive data in state (#13145) --- .../docs/providers/aws/r/api_gateway_domain_name.html.markdown | 3 +++ website/source/docs/providers/aws/r/db_instance.html.markdown | 2 ++ .../providers/aws/r/directory_service_directory.html.markdown | 3 +++ .../source/docs/providers/aws/r/dms_certificate.html.markdown | 3 +++ website/source/docs/providers/aws/r/dms_endpoint.html.markdown | 3 +++ .../docs/providers/aws/r/iam_server_certificate.html.markdown | 3 +++ .../docs/providers/aws/r/opsworks_mysql_layer.html.markdown | 3 +++ .../providers/aws/r/opsworks_rds_db_instance.html.markdown | 3 +++ website/source/docs/providers/aws/r/rds_cluster.html.markdown | 3 +++ .../source/docs/providers/aws/r/redshift_cluster.html.markdown | 3 +++ .../docs/providers/azurerm/r/container_registry.html.markdown | 3 +++ .../docs/providers/azurerm/r/container_service.html.markdown | 3 +++ .../source/docs/providers/azurerm/r/sql_server.html.markdown | 3 +++ .../azurerm/r/virtual_machine_scale_sets.html.markdown | 3 +++ .../source/docs/providers/google/r/compute_disk.html.markdown | 3 +++ .../docs/providers/google/r/container_cluster.html.markdown | 3 +++ website/source/docs/providers/google/r/sql_user.html.markdown | 3 +++ website/source/docs/providers/mysql/r/user.html.markdown | 3 +++ .../docs/providers/postgresql/r/postgresql_role.html.markdown | 3 +++ website/source/docs/providers/rabbitmq/r/user.html.markdown | 3 +++ 20 files changed, 59 insertions(+) diff --git a/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown b/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown index b58f4e6882..a83862b4c7 100644 --- a/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown +++ b/website/source/docs/providers/aws/r/api_gateway_domain_name.html.markdown @@ -22,6 +22,9 @@ given domain name which is an alias (either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfront_domain_name` attribute. +~> **Note:** All arguments including the private key will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/db_instance.html.markdown b/website/source/docs/providers/aws/r/db_instance.html.markdown index cc957a9ea5..e491e37842 100644 --- a/website/source/docs/providers/aws/r/db_instance.html.markdown +++ b/website/source/docs/providers/aws/r/db_instance.html.markdown @@ -25,6 +25,8 @@ When upgrading the major version of an engine, `allow_major_version_upgrade` mus brief downtime as the server reboots. See the AWS Docs on [RDS Maintenance][2] for more information. +~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). ## Example Usage diff --git a/website/source/docs/providers/aws/r/directory_service_directory.html.markdown b/website/source/docs/providers/aws/r/directory_service_directory.html.markdown index 63fa6090f7..23b1767bbf 100644 --- a/website/source/docs/providers/aws/r/directory_service_directory.html.markdown +++ b/website/source/docs/providers/aws/r/directory_service_directory.html.markdown @@ -10,6 +10,9 @@ description: |- Provides a Simple or Managed Microsoft directory in AWS Directory Service. +~> **Note:** All arguments including the password and customer username will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/dms_certificate.html.markdown b/website/source/docs/providers/aws/r/dms_certificate.html.markdown index 9bb3d7ff93..0e2e50eb6c 100644 --- a/website/source/docs/providers/aws/r/dms_certificate.html.markdown +++ b/website/source/docs/providers/aws/r/dms_certificate.html.markdown @@ -10,6 +10,9 @@ description: |- Provides a DMS (Data Migration Service) certificate resource. DMS certificates can be created, deleted, and imported. +~> **Note:** All arguments including the PEM encoded certificate will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/dms_endpoint.html.markdown b/website/source/docs/providers/aws/r/dms_endpoint.html.markdown index 669f1f2442..2ef626fad2 100644 --- a/website/source/docs/providers/aws/r/dms_endpoint.html.markdown +++ b/website/source/docs/providers/aws/r/dms_endpoint.html.markdown @@ -10,6 +10,9 @@ description: |- Provides a DMS (Data Migration Service) endpoint resource. DMS endpoints can be created, updated, deleted, and imported. +~> **Note:** All arguments including the password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/iam_server_certificate.html.markdown b/website/source/docs/providers/aws/r/iam_server_certificate.html.markdown index 4c6c4a673f..6430d1fb84 100644 --- a/website/source/docs/providers/aws/r/iam_server_certificate.html.markdown +++ b/website/source/docs/providers/aws/r/iam_server_certificate.html.markdown @@ -19,6 +19,9 @@ Certs uploaded to IAM can easily work with other AWS services such as: For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation. +~> **Note:** All arguments including the private key will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage **Using certs on file:** diff --git a/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown index a79d7502d8..6032083eff 100644 --- a/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown +++ b/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown @@ -10,6 +10,9 @@ description: |- Provides an OpsWorks MySQL layer resource. +~> **Note:** All arguments including the root password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/opsworks_rds_db_instance.html.markdown b/website/source/docs/providers/aws/r/opsworks_rds_db_instance.html.markdown index c39d79e9a0..542dd956f4 100644 --- a/website/source/docs/providers/aws/r/opsworks_rds_db_instance.html.markdown +++ b/website/source/docs/providers/aws/r/opsworks_rds_db_instance.html.markdown @@ -10,6 +10,9 @@ description: |- Provides an OpsWorks RDS DB Instance resource. +~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/rds_cluster.html.markdown b/website/source/docs/providers/aws/r/rds_cluster.html.markdown index c1f29e0f1c..b40cbab402 100644 --- a/website/source/docs/providers/aws/r/rds_cluster.html.markdown +++ b/website/source/docs/providers/aws/r/rds_cluster.html.markdown @@ -26,6 +26,9 @@ phase because a modification has not yet taken place. You can use the brief downtime as the server reboots. See the AWS Docs on [RDS Maintenance][4] for more information. +~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/aws/r/redshift_cluster.html.markdown b/website/source/docs/providers/aws/r/redshift_cluster.html.markdown index d4801b676a..99d6ac66ec 100644 --- a/website/source/docs/providers/aws/r/redshift_cluster.html.markdown +++ b/website/source/docs/providers/aws/r/redshift_cluster.html.markdown @@ -8,6 +8,9 @@ sidebar_current: "docs-aws-resource-redshift-cluster" Provides a Redshift Cluster Resource. +~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/azurerm/r/container_registry.html.markdown b/website/source/docs/providers/azurerm/r/container_registry.html.markdown index f9b25d4f58..df79b72550 100644 --- a/website/source/docs/providers/azurerm/r/container_registry.html.markdown +++ b/website/source/docs/providers/azurerm/r/container_registry.html.markdown @@ -10,6 +10,9 @@ description: |- Create as an Azure Container Registry instance. +~> **Note:** All arguments including the access key will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/azurerm/r/container_service.html.markdown b/website/source/docs/providers/azurerm/r/container_service.html.markdown index 082d610fe4..5319ce1438 100644 --- a/website/source/docs/providers/azurerm/r/container_service.html.markdown +++ b/website/source/docs/providers/azurerm/r/container_service.html.markdown @@ -10,6 +10,9 @@ description: |- Creates an Azure Container Service Instance +~> **Note:** All arguments including the client secret will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage (DCOS) ``` resource "azurerm_resource_group" "test" { diff --git a/website/source/docs/providers/azurerm/r/sql_server.html.markdown b/website/source/docs/providers/azurerm/r/sql_server.html.markdown index d61d1efa51..58b4a5fbb5 100644 --- a/website/source/docs/providers/azurerm/r/sql_server.html.markdown +++ b/website/source/docs/providers/azurerm/r/sql_server.html.markdown @@ -10,6 +10,9 @@ description: |- Allows you to manage an Azure SQL Database Server +~> **Note:** All arguments including the administrator login and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/azurerm/r/virtual_machine_scale_sets.html.markdown b/website/source/docs/providers/azurerm/r/virtual_machine_scale_sets.html.markdown index adfe9dd769..fb17859f6f 100644 --- a/website/source/docs/providers/azurerm/r/virtual_machine_scale_sets.html.markdown +++ b/website/source/docs/providers/azurerm/r/virtual_machine_scale_sets.html.markdown @@ -10,6 +10,9 @@ description: |- Create a virtual machine scale set. +~> **Note:** All arguments including the administrator login and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/google/r/compute_disk.html.markdown b/website/source/docs/providers/google/r/compute_disk.html.markdown index 6544707dd0..08e73c23ff 100644 --- a/website/source/docs/providers/google/r/compute_disk.html.markdown +++ b/website/source/docs/providers/google/r/compute_disk.html.markdown @@ -10,6 +10,9 @@ description: |- Creates a new persistent disk within GCE, based on another disk. +~> **Note:** All arguments including the disk encryption key will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ```js diff --git a/website/source/docs/providers/google/r/container_cluster.html.markdown b/website/source/docs/providers/google/r/container_cluster.html.markdown index 1962ac2440..025603eb15 100644 --- a/website/source/docs/providers/google/r/container_cluster.html.markdown +++ b/website/source/docs/providers/google/r/container_cluster.html.markdown @@ -12,6 +12,9 @@ description: |- `node_version` are non-updateable. Changing any will cause recreation of the whole cluster! +~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example usage ```js diff --git a/website/source/docs/providers/google/r/sql_user.html.markdown b/website/source/docs/providers/google/r/sql_user.html.markdown index a34a154aa5..7e4937d8ee 100644 --- a/website/source/docs/providers/google/r/sql_user.html.markdown +++ b/website/source/docs/providers/google/r/sql_user.html.markdown @@ -10,6 +10,9 @@ description: |- Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users). +~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage Example creating a SQL User. diff --git a/website/source/docs/providers/mysql/r/user.html.markdown b/website/source/docs/providers/mysql/r/user.html.markdown index 17500f03ae..ebf1011740 100644 --- a/website/source/docs/providers/mysql/r/user.html.markdown +++ b/website/source/docs/providers/mysql/r/user.html.markdown @@ -11,6 +11,9 @@ description: |- The ``mysql_user`` resource creates and manages a user on a MySQL server. +~> **Note:** All arguments including username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` diff --git a/website/source/docs/providers/postgresql/r/postgresql_role.html.markdown b/website/source/docs/providers/postgresql/r/postgresql_role.html.markdown index cd79cfc4cf..c14f181f0c 100644 --- a/website/source/docs/providers/postgresql/r/postgresql_role.html.markdown +++ b/website/source/docs/providers/postgresql/r/postgresql_role.html.markdown @@ -21,6 +21,9 @@ specified PostgreSQL ROLE owns objects in multiple PostgreSQL databases in the same PostgreSQL Cluster, one PostgreSQL provider per database must be created and all but the final ``postgresql_role`` must specify a `skip_drop_role`. +~> **Note:** All arguments including role name and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Usage ``` diff --git a/website/source/docs/providers/rabbitmq/r/user.html.markdown b/website/source/docs/providers/rabbitmq/r/user.html.markdown index b023cba802..2c3f9893d8 100644 --- a/website/source/docs/providers/rabbitmq/r/user.html.markdown +++ b/website/source/docs/providers/rabbitmq/r/user.html.markdown @@ -10,6 +10,9 @@ description: |- The ``rabbitmq_user`` resource creates and manages a user. +~> **Note:** All arguments including username and password will be stored in the raw state as plain-text. +[Read more about sensitive data in state](/docs/state/sensitive-data.html). + ## Example Usage ``` From bee2791286a07b8a5622c8104f64c596ecfbd276 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Wed, 29 Mar 2017 12:43:23 +0300 Subject: [PATCH 012/101] provider/aws: Make alb_target_group_attachment port optional (#13139) Fixes: #9460 ``` % TF_LOG=1 make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroupAttachment_' 2>~/tf.log ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroupAttachment_ -timeout 120m === RUN TestAccAWSALBTargetGroupAttachment_basic --- PASS: TestAccAWSALBTargetGroupAttachment_basic (267.66s) === RUN TestAccAWSALBTargetGroupAttachment_withoutPort --- PASS: TestAccAWSALBTargetGroupAttachment_withoutPort (147.89s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 415.589s ``` --- ...esource_aws_alb_target_group_attachment.go | 56 +++++---- ...ce_aws_alb_target_group_attachment_test.go | 115 +++++++++++++++--- .../alb_target_group_attachment.html.markdown | 2 +- 3 files changed, 131 insertions(+), 42 deletions(-) diff --git a/builtin/providers/aws/resource_aws_alb_target_group_attachment.go b/builtin/providers/aws/resource_aws_alb_target_group_attachment.go index e6ba35b94c..55a3b73923 100644 --- a/builtin/providers/aws/resource_aws_alb_target_group_attachment.go +++ b/builtin/providers/aws/resource_aws_alb_target_group_attachment.go @@ -34,7 +34,7 @@ func resourceAwsAlbTargetGroupAttachment() *schema.Resource { "port": { Type: schema.TypeInt, ForceNew: true, - Required: true, + Optional: true, }, }, } @@ -43,18 +43,21 @@ func resourceAwsAlbTargetGroupAttachment() *schema.Resource { func resourceAwsAlbAttachmentCreate(d *schema.ResourceData, meta interface{}) error { elbconn := meta.(*AWSClient).elbv2conn - params := &elbv2.RegisterTargetsInput{ - TargetGroupArn: aws.String(d.Get("target_group_arn").(string)), - Targets: []*elbv2.TargetDescription{ - { - Id: aws.String(d.Get("target_id").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - }, - }, + target := &elbv2.TargetDescription{ + Id: aws.String(d.Get("target_id").(string)), } - log.Printf("[INFO] Registering Target %s (%d) with Target Group %s", d.Get("target_id").(string), - d.Get("port").(int), d.Get("target_group_arn").(string)) + if v, ok := d.GetOk("port"); ok { + target.Port = aws.Int64(int64(v.(int))) + } + + params := &elbv2.RegisterTargetsInput{ + TargetGroupArn: aws.String(d.Get("target_group_arn").(string)), + Targets: []*elbv2.TargetDescription{target}, + } + + log.Printf("[INFO] Registering Target %s with Target Group %s", d.Get("target_id").(string), + d.Get("target_group_arn").(string)) _, err := elbconn.RegisterTargets(params) if err != nil { @@ -69,14 +72,17 @@ func resourceAwsAlbAttachmentCreate(d *schema.ResourceData, meta interface{}) er func resourceAwsAlbAttachmentDelete(d *schema.ResourceData, meta interface{}) error { elbconn := meta.(*AWSClient).elbv2conn + target := &elbv2.TargetDescription{ + Id: aws.String(d.Get("target_id").(string)), + } + + if v, ok := d.GetOk("port"); ok { + target.Port = aws.Int64(int64(v.(int))) + } + params := &elbv2.DeregisterTargetsInput{ TargetGroupArn: aws.String(d.Get("target_group_arn").(string)), - Targets: []*elbv2.TargetDescription{ - { - Id: aws.String(d.Get("target_id").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - }, - }, + Targets: []*elbv2.TargetDescription{target}, } _, err := elbconn.DeregisterTargets(params) @@ -93,14 +99,18 @@ func resourceAwsAlbAttachmentDelete(d *schema.ResourceData, meta interface{}) er // target, so there is no work to do beyond ensuring that the target and group still exist. func resourceAwsAlbAttachmentRead(d *schema.ResourceData, meta interface{}) error { elbconn := meta.(*AWSClient).elbv2conn + + target := &elbv2.TargetDescription{ + Id: aws.String(d.Get("target_id").(string)), + } + + if v, ok := d.GetOk("port"); ok { + target.Port = aws.Int64(int64(v.(int))) + } + resp, err := elbconn.DescribeTargetHealth(&elbv2.DescribeTargetHealthInput{ TargetGroupArn: aws.String(d.Get("target_group_arn").(string)), - Targets: []*elbv2.TargetDescription{ - { - Id: aws.String(d.Get("target_id").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - }, - }, + Targets: []*elbv2.TargetDescription{target}, }) if err != nil { if isTargetGroupNotFound(err) { diff --git a/builtin/providers/aws/resource_aws_alb_target_group_attachment_test.go b/builtin/providers/aws/resource_aws_alb_target_group_attachment_test.go index bd063516db..32369d5d52 100644 --- a/builtin/providers/aws/resource_aws_alb_target_group_attachment_test.go +++ b/builtin/providers/aws/resource_aws_alb_target_group_attachment_test.go @@ -3,14 +3,15 @@ package aws import ( "errors" "fmt" + "strconv" + "testing" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/elbv2" "github.com/hashicorp/errwrap" "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "strconv" - "testing" ) func TestAccAWSALBTargetGroupAttachment_basic(t *testing.T) { @@ -32,6 +33,25 @@ func TestAccAWSALBTargetGroupAttachment_basic(t *testing.T) { }) } +func TestAccAWSALBTargetGroupAttachment_withoutPort(t *testing.T) { + targetGroupName := fmt.Sprintf("test-target-group-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + IDRefreshName: "aws_alb_target_group.test", + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSALBTargetGroupAttachmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSALBTargetGroupAttachmentConfigWithoutPort(targetGroupName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSALBTargetGroupAttachmentExists("aws_alb_target_group_attachment.test"), + ), + }, + }, + }) +} + func testAccCheckAWSALBTargetGroupAttachmentExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -45,15 +65,20 @@ func testAccCheckAWSALBTargetGroupAttachmentExists(n string) resource.TestCheckF conn := testAccProvider.Meta().(*AWSClient).elbv2conn - port, _ := strconv.Atoi(rs.Primary.Attributes["port"]) + _, hasPort := rs.Primary.Attributes["port"] + targetGroupArn, _ := rs.Primary.Attributes["target_group_arn"] + + target := &elbv2.TargetDescription{ + Id: aws.String(rs.Primary.Attributes["target_id"]), + } + if hasPort == true { + port, _ := strconv.Atoi(rs.Primary.Attributes["port"]) + target.Port = aws.Int64(int64(port)) + } + describe, err := conn.DescribeTargetHealth(&elbv2.DescribeTargetHealthInput{ - TargetGroupArn: aws.String(rs.Primary.Attributes["target_group_arn"]), - Targets: []*elbv2.TargetDescription{ - { - Id: aws.String(rs.Primary.Attributes["target_id"]), - Port: aws.Int64(int64(port)), - }, - }, + TargetGroupArn: aws.String(targetGroupArn), + Targets: []*elbv2.TargetDescription{target}, }) if err != nil { @@ -76,15 +101,20 @@ func testAccCheckAWSALBTargetGroupAttachmentDestroy(s *terraform.State) error { continue } - port, _ := strconv.Atoi(rs.Primary.Attributes["port"]) + _, hasPort := rs.Primary.Attributes["port"] + targetGroupArn, _ := rs.Primary.Attributes["target_group_arn"] + + target := &elbv2.TargetDescription{ + Id: aws.String(rs.Primary.Attributes["target_id"]), + } + if hasPort == true { + port, _ := strconv.Atoi(rs.Primary.Attributes["port"]) + target.Port = aws.Int64(int64(port)) + } + describe, err := conn.DescribeTargetHealth(&elbv2.DescribeTargetHealthInput{ - TargetGroupArn: aws.String(rs.Primary.Attributes["target_group_arn"]), - Targets: []*elbv2.TargetDescription{ - { - Id: aws.String(rs.Primary.Attributes["target_id"]), - Port: aws.Int64(int64(port)), - }, - }, + TargetGroupArn: aws.String(targetGroupArn), + Targets: []*elbv2.TargetDescription{target}, }) if err == nil { if len(describe.TargetHealthDescriptions) != 0 { @@ -103,6 +133,55 @@ func testAccCheckAWSALBTargetGroupAttachmentDestroy(s *terraform.State) error { return nil } +func testAccAWSALBTargetGroupAttachmentConfigWithoutPort(targetGroupName string) string { + return fmt.Sprintf(` +resource "aws_alb_target_group_attachment" "test" { + target_group_arn = "${aws_alb_target_group.test.arn}" + target_id = "${aws_instance.test.id}" +} + +resource "aws_instance" "test" { + ami = "ami-f701cb97" + instance_type = "t2.micro" + subnet_id = "${aws_subnet.subnet.id}" +} + +resource "aws_alb_target_group" "test" { + name = "%s" + port = 443 + protocol = "HTTPS" + vpc_id = "${aws_vpc.test.id}" + + deregistration_delay = 200 + + stickiness { + type = "lb_cookie" + cookie_duration = 10000 + } + + health_check { + path = "/health" + interval = 60 + port = 8081 + protocol = "HTTP" + timeout = 3 + healthy_threshold = 3 + unhealthy_threshold = 3 + matcher = "200-299" + } +} + +resource "aws_subnet" "subnet" { + cidr_block = "10.0.1.0/24" + vpc_id = "${aws_vpc.test.id}" + +} + +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" +}`, targetGroupName) +} + func testAccAWSALBTargetGroupAttachmentConfig_basic(targetGroupName string) string { return fmt.Sprintf(` resource "aws_alb_target_group_attachment" "test" { diff --git a/website/source/docs/providers/aws/r/alb_target_group_attachment.html.markdown b/website/source/docs/providers/aws/r/alb_target_group_attachment.html.markdown index e440f9eb9f..547f4c9911 100644 --- a/website/source/docs/providers/aws/r/alb_target_group_attachment.html.markdown +++ b/website/source/docs/providers/aws/r/alb_target_group_attachment.html.markdown @@ -36,7 +36,7 @@ The following arguments are supported: * `target_group_arn` - (Required) The ARN of the target group with which to register targets * `target_id` (Required) The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. -* `port` - (Required) The port on which targets receive traffic. +* `port` - (Optional) The port on which targets receive traffic. ## Attributes Reference From 6c967d95b98d392490394969bfe1e10f3ce6a8e6 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Wed, 29 Mar 2017 12:43:56 +0300 Subject: [PATCH 013/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50a440d97d..806a4fbc01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ IMPROVEMENTS: * provider/aws: Support priority and listener_arn update of alb_listener_rule [GH-13125] * provider/aws: Support priority and listener_arn update of alb_listener_rule [GH-13125] * provider/aws: Deprecate roles in favour of role in iam_instance_profile [GH-13130] + * provider/aws: Make alb_target_group_attachment port optional [GH-13139] ## 0.9.2 (March 28, 2017) From f44f0d8c867a9763d4835d272f0b7319c338f0cd Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Wed, 29 Mar 2017 12:44:44 +0300 Subject: [PATCH 014/101] provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance (#13134) * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance Fixes: #9489 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRDSClusterInstance_basic' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/28 23:08:45 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRDSClusterInstance_basic -timeout 120m === RUN TestAccAWSRDSClusterInstance_basic --- PASS: TestAccAWSRDSClusterInstance_basic (1433.41s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1433.438s ``` * Update rds_cluster_instance.html.markdown * Update rds_cluster_instance.html.markdown --- .../aws/resource_aws_rds_cluster_instance.go | 44 +++++++++++++++++++ .../resource_aws_rds_cluster_instance_test.go | 2 + .../aws/r/rds_cluster_instance.html.markdown | 6 ++- 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance.go b/builtin/providers/aws/resource_aws_rds_cluster_instance.go index 6dedec175a..36f1116286 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_instance.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_instance.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "log" + "strings" "time" "github.com/aws/aws-sdk-go/aws" @@ -105,6 +106,27 @@ func resourceAwsRDSClusterInstance() *schema.Resource { Computed: true, }, + "preferred_maintenance_window": { + Type: schema.TypeString, + Optional: true, + Computed: true, + StateFunc: func(v interface{}) string { + if v != nil { + value := v.(string) + return strings.ToLower(value) + } + return "" + }, + ValidateFunc: validateOnceAWeekWindowFormat, + }, + + "preferred_backup_window": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validateOnceADayWindowFormat, + }, + "monitoring_interval": { Type: schema.TypeInt, Optional: true, @@ -154,6 +176,14 @@ func resourceAwsRDSClusterInstanceCreate(d *schema.ResourceData, meta interface{ createOpts.MonitoringRoleArn = aws.String(attr.(string)) } + if attr, ok := d.GetOk("preferred_backup_window"); ok { + createOpts.PreferredBackupWindow = aws.String(attr.(string)) + } + + if attr, ok := d.GetOk("preferred_maintenance_window"); ok { + createOpts.PreferredMaintenanceWindow = aws.String(attr.(string)) + } + if attr, ok := d.GetOk("monitoring_interval"); ok { createOpts.MonitoringInterval = aws.Int64(int64(attr.(int))) } @@ -239,6 +269,8 @@ func resourceAwsRDSClusterInstanceRead(d *schema.ResourceData, meta interface{}) d.Set("kms_key_id", db.KmsKeyId) d.Set("auto_minor_version_upgrade", db.AutoMinorVersionUpgrade) d.Set("promotion_tier", db.PromotionTier) + d.Set("preferred_backup_window", db.PreferredBackupWindow) + d.Set("preferred_maintenance_window", db.PreferredMaintenanceWindow) if db.MonitoringInterval != nil { d.Set("monitoring_interval", db.MonitoringInterval) @@ -290,6 +322,18 @@ func resourceAwsRDSClusterInstanceUpdate(d *schema.ResourceData, meta interface{ requestUpdate = true } + if d.HasChange("preferred_backup_window") { + d.SetPartial("preferred_backup_window") + req.PreferredBackupWindow = aws.String(d.Get("preferred_backup_window").(string)) + requestUpdate = true + } + + if d.HasChange("preferred_maintenance_window") { + d.SetPartial("preferred_maintenance_window") + req.PreferredMaintenanceWindow = aws.String(d.Get("preferred_maintenance_window").(string)) + requestUpdate = true + } + if d.HasChange("monitoring_interval") { d.SetPartial("monitoring_interval") req.MonitoringInterval = aws.Int64(int64(d.Get("monitoring_interval").(int))) diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go index ab37a5bab9..b1e66ea7e2 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go @@ -30,6 +30,8 @@ func TestAccAWSRDSClusterInstance_basic(t *testing.T) { testAccCheckAWSClusterInstanceExists("aws_rds_cluster_instance.cluster_instances", &v), testAccCheckAWSDBClusterInstanceAttributes(&v), resource.TestCheckResourceAttr("aws_rds_cluster_instance.cluster_instances", "auto_minor_version_upgrade", "true"), + resource.TestCheckResourceAttrSet("aws_rds_cluster_instance.cluster_instances", "preferred_maintenance_window"), + resource.TestCheckResourceAttrSet("aws_rds_cluster_instance.cluster_instances", "preferred_backup_window"), ), }, { diff --git a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown index 095c36beac..d5196d7338 100644 --- a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown +++ b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown @@ -70,7 +70,11 @@ details on controlling this property. enhanced monitoring metrics to CloudWatch Logs. You can find more information on the [AWS Documentation](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html) what IAM permissions are needed to allow Enhanced Monitoring for RDS Instances. * `monitoring_interval` - (Optional) The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60. -* `promotion_tier` - (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer +* `promotion_tier` - (Optional) Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer. +* `preferred_backup_window` - (Optional) The daily time range during which automated backups are created if automated backups are enabled. + Eg: "04:00-09:00" +* `preferred_maintenance_window` - (Optional) The window to perform maintenance in. + Syntax: "ddd:hh24:mi-ddd:hh24:mi". Eg: "Mon:00:00-Mon:03:00". * `tags` - (Optional) A mapping of tags to assign to the instance. ## Attributes Reference From 55230c03df153ded05b64dda5534840ea8fcbc05 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Wed, 29 Mar 2017 12:45:13 +0300 Subject: [PATCH 015/101] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 806a4fbc01..1753371039 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,10 @@ IMPROVEMENTS: * provider/aws: Deprecate roles in favour of role in iam_instance_profile [GH-13130] * provider/aws: Make alb_target_group_attachment port optional [GH-13139] +BUG FIXES: + + * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] + ## 0.9.2 (March 28, 2017) From 5db819d852f0b0ca99b2e2e984b40b827d0a96cf Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 11:15:22 +0100 Subject: [PATCH 016/101] provider/aws: Mark password fields as sensitive (#13147) --- .../aws/resource_aws_api_gateway_domain_name.go | 1 + .../aws/resource_aws_directory_service_directory.go | 7 ++++--- .../resource_aws_kinesis_firehose_delivery_stream.go | 5 +++-- .../providers/aws/resource_aws_opsworks_application.go | 10 ++++++---- builtin/providers/aws/resource_aws_opsworks_stack.go | 5 +++-- 5 files changed, 17 insertions(+), 11 deletions(-) diff --git a/builtin/providers/aws/resource_aws_api_gateway_domain_name.go b/builtin/providers/aws/resource_aws_api_gateway_domain_name.go index 103f7bed4e..be90c40ec5 100644 --- a/builtin/providers/aws/resource_aws_api_gateway_domain_name.go +++ b/builtin/providers/aws/resource_aws_api_gateway_domain_name.go @@ -48,6 +48,7 @@ func resourceAwsApiGatewayDomainName() *schema.Resource { Type: schema.TypeString, ForceNew: true, Optional: true, + Sensitive: true, ConflictsWith: []string{"certificate_arn"}, }, diff --git a/builtin/providers/aws/resource_aws_directory_service_directory.go b/builtin/providers/aws/resource_aws_directory_service_directory.go index 773a5afd88..a9bd952dd2 100644 --- a/builtin/providers/aws/resource_aws_directory_service_directory.go +++ b/builtin/providers/aws/resource_aws_directory_service_directory.go @@ -33,9 +33,10 @@ func resourceAwsDirectoryServiceDirectory() *schema.Resource { ForceNew: true, }, "password": &schema.Schema{ - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + Sensitive: true, }, "size": &schema.Schema{ Type: schema.TypeString, diff --git a/builtin/providers/aws/resource_aws_kinesis_firehose_delivery_stream.go b/builtin/providers/aws/resource_aws_kinesis_firehose_delivery_stream.go index b82ec56bb3..3cd476be9b 100644 --- a/builtin/providers/aws/resource_aws_kinesis_firehose_delivery_stream.go +++ b/builtin/providers/aws/resource_aws_kinesis_firehose_delivery_stream.go @@ -150,8 +150,9 @@ func resourceAwsKinesisFirehoseDeliveryStream() *schema.Resource { }, "password": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + Sensitive: true, }, "role_arn": { diff --git a/builtin/providers/aws/resource_aws_opsworks_application.go b/builtin/providers/aws/resource_aws_opsworks_application.go index 3ffdb9ae4d..7333018e5f 100644 --- a/builtin/providers/aws/resource_aws_opsworks_application.go +++ b/builtin/providers/aws/resource_aws_opsworks_application.go @@ -102,8 +102,9 @@ func resourceAwsOpsworksApplication() *schema.Resource { }, "password": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Sensitive: true, }, "revision": { @@ -187,8 +188,9 @@ func resourceAwsOpsworksApplication() *schema.Resource { }, }, "private_key": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + Sensitive: true, StateFunc: func(v interface{}) string { switch v.(type) { case string: diff --git a/builtin/providers/aws/resource_aws_opsworks_stack.go b/builtin/providers/aws/resource_aws_opsworks_stack.go index aae83c2679..ad6388ed8e 100644 --- a/builtin/providers/aws/resource_aws_opsworks_stack.go +++ b/builtin/providers/aws/resource_aws_opsworks_stack.go @@ -111,8 +111,9 @@ func resourceAwsOpsworksStack() *schema.Resource { }, "password": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Sensitive: true, }, "revision": { From 23f0475872b51af2e3325c57d4dbffd243fc8ed2 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 11:19:58 +0100 Subject: [PATCH 017/101] Update CHANGELOG.md --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1753371039..c280d0a947 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,11 @@ IMPROVEMENTS: * provider/aws: Support priority and listener_arn update of alb_listener_rule [GH-13125] * provider/aws: Deprecate roles in favour of role in iam_instance_profile [GH-13130] * provider/aws: Make alb_target_group_attachment port optional [GH-13139] + * provider/aws: `aws_api_gateway_domain_name` `certificate_private_key` field marked as sensitive [GH-13147] + * provider/aws: `aws_directory_service_directory` `password` field marked as sensitive [GH-13147] + * provider/aws: `aws_kinesis_firehose_delivery_stream` `password` field marked as sensitive [GH-13147] + * provider/aws: `aws_opsworks_application` `app_source.0.password` & `ssl_configuration.0.private_key` fields marked as sensitive [GH-13147] + * provider/aws: `aws_opsworks_stack` `custom_cookbooks_source.0.password` field marked as sensitive [GH-13147] BUG FIXES: From 9e7839b0ed361807ba7bec1d128511a45a9c11fc Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 11:22:33 +0100 Subject: [PATCH 018/101] provider/google: Mark GKE pass as sensitive (#13148) --- .../providers/google/resource_container_cluster.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/builtin/providers/google/resource_container_cluster.go b/builtin/providers/google/resource_container_cluster.go index 203a990b85..084456f2af 100644 --- a/builtin/providers/google/resource_container_cluster.go +++ b/builtin/providers/google/resource_container_cluster.go @@ -40,17 +40,19 @@ func resourceContainerCluster() *schema.Resource { Computed: true, }, "client_key": &schema.Schema{ - Type: schema.TypeString, - Computed: true, + Type: schema.TypeString, + Computed: true, + Sensitive: true, }, "cluster_ca_certificate": &schema.Schema{ Type: schema.TypeString, Computed: true, }, "password": &schema.Schema{ - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + Sensitive: true, }, "username": &schema.Schema{ Type: schema.TypeString, From ed2338ed86b8faf4a831f4af3aa02fda88f1630c Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 11:24:58 +0100 Subject: [PATCH 019/101] Update CHANGELOG.md --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c280d0a947..55d81b6440 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,6 @@ IMPROVEMENTS: * helper/resource: Allow unknown "pending" states [GH-13099] * provider/aws: Add support to set iam_role_arn on cloudformation Stack [GH-12547] * provider/aws: Support priority and listener_arn update of alb_listener_rule [GH-13125] - * provider/aws: Support priority and listener_arn update of alb_listener_rule [GH-13125] * provider/aws: Deprecate roles in favour of role in iam_instance_profile [GH-13130] * provider/aws: Make alb_target_group_attachment port optional [GH-13139] * provider/aws: `aws_api_gateway_domain_name` `certificate_private_key` field marked as sensitive [GH-13147] @@ -14,7 +13,8 @@ IMPROVEMENTS: * provider/aws: `aws_kinesis_firehose_delivery_stream` `password` field marked as sensitive [GH-13147] * provider/aws: `aws_opsworks_application` `app_source.0.password` & `ssl_configuration.0.private_key` fields marked as sensitive [GH-13147] * provider/aws: `aws_opsworks_stack` `custom_cookbooks_source.0.password` field marked as sensitive [GH-13147] - + * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] + BUG FIXES: * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] From 0de008e07d41ad4635e7be7727b88109623f2828 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Wed, 29 Mar 2017 13:32:17 +0300 Subject: [PATCH 020/101] docs/community: Removing @jen20 from the community page (#13150) --- website/source/community.html.erb | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/website/source/community.html.erb b/website/source/community.html.erb index 92d9fff370..3db2397a3c 100644 --- a/website/source/community.html.erb +++ b/website/source/community.html.erb @@ -80,18 +80,6 @@ disappear from this list as contributors come and go. -
- -
-

James Nugent (@jen20)

-

- James Nugent is a HashiCorp Engineer working on Terraform. He is one of the - principal developers working in Terraform's core, though he can also be - found working on providers from time to time as well. -

-
-
-
From e899ab82892bcace3e3548f605213ee1db327fc2 Mon Sep 17 00:00:00 2001 From: tombuildsstuff Date: Wed, 29 Mar 2017 12:39:03 +0200 Subject: [PATCH 021/101] Adding myself to the community page --- website/source/community.html.erb | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/website/source/community.html.erb b/website/source/community.html.erb index 3db2397a3c..556eed0d0f 100644 --- a/website/source/community.html.erb +++ b/website/source/community.html.erb @@ -102,7 +102,7 @@ disappear from this list as contributors come and go.

- +
@@ -114,5 +114,16 @@ disappear from this list as contributors come and go.
+
+ +
+

Tom Harvey (@tombuildsstuff)

+

+ Tom Harvey is a HashiCorp Engineer working on Terraform with an emphasis on + the Terraform Provider Ecosystem. +

+
+
+
From 21cd5595e2f3a2793b26df72c98b58236104aebd Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Tue, 28 Mar 2017 14:32:30 -0700 Subject: [PATCH 022/101] Update stringer-generated files to new boilerplate golang/tools commit 23ca8a263 changed the format of the leading comment to comply with some new standards discussed here: https://golang.org/issue/13560 This is the result of running generate with the latest version of stringer. Everyone working on Terraform will need to update stringer after this is merged, to avoid reverting this: go get -u golang.org/x/tools/cmd/stringer --- backend/local/counthookaction_string.go | 2 +- backend/operationtype_string.go | 2 +- command/counthookaction_string.go | 2 +- config/resource_mode_string.go | 2 +- helper/schema/getsource_string.go | 2 +- helper/schema/valuetype_string.go | 2 +- terraform/graphtype_string.go | 2 +- terraform/instancetype_string.go | 2 +- terraform/walkoperation_string.go | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/backend/local/counthookaction_string.go b/backend/local/counthookaction_string.go index 574a8c6cb2..92b2624a53 100644 --- a/backend/local/counthookaction_string.go +++ b/backend/local/counthookaction_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=countHookAction hook_count_action.go"; DO NOT EDIT +// Code generated by "stringer -type=countHookAction hook_count_action.go"; DO NOT EDIT. package local diff --git a/backend/operationtype_string.go b/backend/operationtype_string.go index 6edadb919c..15fbba6ecc 100644 --- a/backend/operationtype_string.go +++ b/backend/operationtype_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=OperationType operation_type.go"; DO NOT EDIT +// Code generated by "stringer -type=OperationType operation_type.go"; DO NOT EDIT. package backend diff --git a/command/counthookaction_string.go b/command/counthookaction_string.go index c0c40d0de6..423cae07ee 100644 --- a/command/counthookaction_string.go +++ b/command/counthookaction_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=countHookAction hook_count_action.go"; DO NOT EDIT +// Code generated by "stringer -type=countHookAction hook_count_action.go"; DO NOT EDIT. package command diff --git a/config/resource_mode_string.go b/config/resource_mode_string.go index 930645fa87..ea68b4fcdb 100644 --- a/config/resource_mode_string.go +++ b/config/resource_mode_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=ResourceMode -output=resource_mode_string.go resource_mode.go"; DO NOT EDIT +// Code generated by "stringer -type=ResourceMode -output=resource_mode_string.go resource_mode.go"; DO NOT EDIT. package config diff --git a/helper/schema/getsource_string.go b/helper/schema/getsource_string.go index 790dbff919..3a97629394 100644 --- a/helper/schema/getsource_string.go +++ b/helper/schema/getsource_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=getSource resource_data_get_source.go"; DO NOT EDIT +// Code generated by "stringer -type=getSource resource_data_get_source.go"; DO NOT EDIT. package schema diff --git a/helper/schema/valuetype_string.go b/helper/schema/valuetype_string.go index 08f008450f..1610cec2d3 100644 --- a/helper/schema/valuetype_string.go +++ b/helper/schema/valuetype_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=ValueType valuetype.go"; DO NOT EDIT +// Code generated by "stringer -type=ValueType valuetype.go"; DO NOT EDIT. package schema diff --git a/terraform/graphtype_string.go b/terraform/graphtype_string.go index 88ecad4f6b..e97b4855a9 100644 --- a/terraform/graphtype_string.go +++ b/terraform/graphtype_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=GraphType context_graph_type.go"; DO NOT EDIT +// Code generated by "stringer -type=GraphType context_graph_type.go"; DO NOT EDIT. package terraform diff --git a/terraform/instancetype_string.go b/terraform/instancetype_string.go index f65414b347..f69267cd52 100644 --- a/terraform/instancetype_string.go +++ b/terraform/instancetype_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=InstanceType instancetype.go"; DO NOT EDIT +// Code generated by "stringer -type=InstanceType instancetype.go"; DO NOT EDIT. package terraform diff --git a/terraform/walkoperation_string.go b/terraform/walkoperation_string.go index 8fb33d7b5a..cbd78dd93f 100644 --- a/terraform/walkoperation_string.go +++ b/terraform/walkoperation_string.go @@ -1,4 +1,4 @@ -// Code generated by "stringer -type=walkOperation graph_walk_operation.go"; DO NOT EDIT +// Code generated by "stringer -type=walkOperation graph_walk_operation.go"; DO NOT EDIT. package terraform From f1fba64926862e3c8074edf18a8aff66c1e50b1a Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 16:47:42 +0100 Subject: [PATCH 023/101] docs/aws: Improve ElasticSearch Domain docs (#13157) --- .../providers/aws/r/elasticsearch_domain.html.markdown | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown b/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown index c422e6ccb4..cf18732e76 100644 --- a/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown +++ b/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown @@ -15,6 +15,9 @@ description: |- resource "aws_elasticsearch_domain" "es" { domain_name = "tf-test" elasticsearch_version = "1.5" + cluster_config { + instance_type = "r3.large.elasticsearch" + } advanced_options { "rest.action.multi.allow_explicit_index" = true @@ -53,7 +56,7 @@ The following arguments are supported: * `domain_name` - (Required) Name of the domain. * `access_policies` - (Optional) IAM policy document specifying the access policies for the domain * `advanced_options` - (Optional) Key-value string pairs to specify advanced configuration options. -* `ebs_options` - (Optional) EBS related options, see below. +* `ebs_options` - (Optional) EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). See below. * `cluster_config` - (Optional) Cluster configuration of the domain, see below. * `snapshot_options` - (Optional) Snapshot related options, see below. * `elasticsearch_version` - (Optional) The version of ElasticSearch to deploy. Defaults to `1.5` @@ -63,7 +66,7 @@ The following arguments are supported: * `ebs_enabled` - (Required) Whether EBS volumes are attached to data nodes in the domain * `volume_type` - (Optional) The type of EBS volumes attached to data nodes. -* `volume_size` - The size of EBS volumes attached to data nodes. +* `volume_size` - The size of EBS volumes attached to data nodes (in GB). **Required** if `ebs_enabled` is set to `true`. * `iops` - (Optional) The baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type. From 25da34054315c95a80ac2369409fd3bb90eaf1d1 Mon Sep 17 00:00:00 2001 From: Tom Harvey Date: Wed, 29 Mar 2017 17:55:20 +0200 Subject: [PATCH 024/101] Ignoring the case for NSG Protocol's in the state (#13153) --- .../providers/azurerm/resource_arm_network_security_group.go | 1 + .../azurerm/resource_arm_network_security_group_test.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/builtin/providers/azurerm/resource_arm_network_security_group.go b/builtin/providers/azurerm/resource_arm_network_security_group.go index 7ba17e8a7a..c538e6103e 100644 --- a/builtin/providers/azurerm/resource_arm_network_security_group.go +++ b/builtin/providers/azurerm/resource_arm_network_security_group.go @@ -66,6 +66,7 @@ func resourceArmNetworkSecurityGroup() *schema.Resource { Type: schema.TypeString, Required: true, ValidateFunc: validateNetworkSecurityRuleProtocol, + StateFunc: ignoreCaseStateFunc, }, "source_port_range": { diff --git a/builtin/providers/azurerm/resource_arm_network_security_group_test.go b/builtin/providers/azurerm/resource_arm_network_security_group_test.go index 39fa092e05..3e7685ae31 100644 --- a/builtin/providers/azurerm/resource_arm_network_security_group_test.go +++ b/builtin/providers/azurerm/resource_arm_network_security_group_test.go @@ -204,7 +204,7 @@ resource "azurerm_network_security_group" "test" { priority = 100 direction = "Inbound" access = "Allow" - protocol = "Tcp" + protocol = "TCP" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" From 3c296dc5d005f064876bf2db2284ccd4eb373d1e Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Wed, 29 Mar 2017 18:55:47 +0300 Subject: [PATCH 025/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 55d81b6440..4aed6fcf26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ IMPROVEMENTS: BUG FIXES: * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] + * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From 76dca009e0f048ea35e86f3737e7f63503378789 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Wed, 29 Mar 2017 08:34:45 -0700 Subject: [PATCH 026/101] Allow escaped interpolation-like sequences in variable defaults The variable validator assumes that any AST node it gets from an interpolation walk is an indicator of an interpolation. Unfortunately, back in f223be15 we changed the interpolation walker to emit a LiteralNode as a way to signal that the result is a literal but not identical to the input due to escapes. The existence of this issue suggests a bit of a design smell in that the interpolation walker interface at first glance appears to skip over all literals, but it actually emits them in this one situation. In the long run we should perhaps think about whether the abstraction is right here, but this is a shallow, tactical change that fixes #13001. --- command/test-fixtures/validate-valid/main.tf | 5 +++++ config/config.go | 11 +++++++++-- config/config_test.go | 7 +++++++ .../validate-var-default-interpolate-escaped/main.tf | 5 +++++ 4 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 config/test-fixtures/validate-var-default-interpolate-escaped/main.tf diff --git a/command/test-fixtures/validate-valid/main.tf b/command/test-fixtures/validate-valid/main.tf index fd9da13e00..2dcb1eccd0 100644 --- a/command/test-fixtures/validate-valid/main.tf +++ b/command/test-fixtures/validate-valid/main.tf @@ -1,3 +1,8 @@ +variable "var_with_escaped_interp" { + # This is here because in the past it failed. See Github #13001 + default = "foo-$${bar.baz}" +} + resource "test_instance" "foo" { ami = "bar" diff --git a/config/config.go b/config/config.go index bf064e57a8..f944cadd32 100644 --- a/config/config.go +++ b/config/config.go @@ -285,8 +285,15 @@ func (c *Config) Validate() error { } interp := false - fn := func(ast.Node) (interface{}, error) { - interp = true + fn := func(n ast.Node) (interface{}, error) { + // LiteralNode is a literal string (outside of a ${ ... } sequence). + // interpolationWalker skips most of these. but in particular it + // visits those that have escaped sequences (like $${foo}) as a + // signal that *some* processing is required on this string. For + // our purposes here though, this is fine and not an interpolation. + if _, ok := n.(*ast.LiteralNode); !ok { + interp = true + } return "", nil } diff --git a/config/config_test.go b/config/config_test.go index b391295c86..68a93d9b63 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -572,6 +572,13 @@ func TestConfigValidate_varDefaultInterpolate(t *testing.T) { } } +func TestConfigValidate_varDefaultInterpolateEscaped(t *testing.T) { + c := testConfig(t, "validate-var-default-interpolate-escaped") + if err := c.Validate(); err != nil { + t.Fatalf("should be valid, but got err: %s", err) + } +} + func TestConfigValidate_varDup(t *testing.T) { c := testConfig(t, "validate-var-dup") if err := c.Validate(); err == nil { diff --git a/config/test-fixtures/validate-var-default-interpolate-escaped/main.tf b/config/test-fixtures/validate-var-default-interpolate-escaped/main.tf new file mode 100644 index 0000000000..da2758f6ab --- /dev/null +++ b/config/test-fixtures/validate-var-default-interpolate-escaped/main.tf @@ -0,0 +1,5 @@ +variable "foo" { + # This should be considered valid since the sequence is escaped and is + # thus not actually an interpolation. + default = "foo bar $${aws_instance.foo.bar}" +} From 4ed0f769222b70c6b8458fe0800aa98d9ed4629b Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Wed, 29 Mar 2017 09:28:12 -0700 Subject: [PATCH 027/101] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4aed6fcf26..6dfc29f036 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ BUG FIXES: * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] - + * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults [GH-13137] ## 0.9.2 (March 28, 2017) From 51081678a45fdb4276f0a914c848d6a661879ab8 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Wed, 29 Mar 2017 09:35:09 -0700 Subject: [PATCH 028/101] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6dfc29f036..3a7f57a38c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,9 +17,9 @@ IMPROVEMENTS: BUG FIXES: + * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults [GH-13137] * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] - * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults [GH-13137] ## 0.9.2 (March 28, 2017) From 261f5f8a76ac6b912b44cc943f966c2ae2534ba6 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 18:06:17 +0100 Subject: [PATCH 029/101] provider/aws: Increase timeout for AMI registration (#13159) --- builtin/providers/aws/resource_aws_ami.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_ami.go b/builtin/providers/aws/resource_aws_ami.go index 6e4ee15220..95b29678ca 100644 --- a/builtin/providers/aws/resource_aws_ami.go +++ b/builtin/providers/aws/resource_aws_ami.go @@ -18,7 +18,7 @@ import ( ) const ( - AWSAMIRetryTimeout = 10 * time.Minute + AWSAMIRetryTimeout = 20 * time.Minute AWSAMIDeleteRetryTimeout = 20 * time.Minute AWSAMIRetryDelay = 5 * time.Second AWSAMIRetryMinTimeout = 3 * time.Second From 4b8e235510eecc9ba6f143252b99aa2412d888fb Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 18:06:51 +0100 Subject: [PATCH 030/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a7f57a38c..c3c1358cdc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ BUG FIXES: * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults [GH-13137] * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] + * provider/aws: Increase timeout for AMI registration [GH-13159] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From 75979afcb729ec5d42e906f62930f352f7f1170c Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 18:07:11 +0100 Subject: [PATCH 031/101] provider/aws: Fix ES Domain acceptance tests (#13160) --- .../aws/resource_aws_elasticsearch_domain.go | 1 + ...rce_aws_elasticsearch_domain_policy_test.go | 7 +++++++ .../resource_aws_elasticsearch_domain_test.go | 18 +++++++++++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_elasticsearch_domain.go b/builtin/providers/aws/resource_aws_elasticsearch_domain.go index 7a8753efd0..c931b119ec 100644 --- a/builtin/providers/aws/resource_aws_elasticsearch_domain.go +++ b/builtin/providers/aws/resource_aws_elasticsearch_domain.go @@ -83,6 +83,7 @@ func resourceAwsElasticSearchDomain() *schema.Resource { "volume_type": { Type: schema.TypeString, Optional: true, + Computed: true, }, }, }, diff --git a/builtin/providers/aws/resource_aws_elasticsearch_domain_policy_test.go b/builtin/providers/aws/resource_aws_elasticsearch_domain_policy_test.go index 76f650f6c2..5efd3eb994 100644 --- a/builtin/providers/aws/resource_aws_elasticsearch_domain_policy_test.go +++ b/builtin/providers/aws/resource_aws_elasticsearch_domain_policy_test.go @@ -85,6 +85,13 @@ func testAccESDomainPolicyConfig(randInt int, policy string) string { resource "aws_elasticsearch_domain" "example" { domain_name = "tf-test-%d" elasticsearch_version = "2.3" + cluster_config { + instance_type = "t2.micro.elasticsearch" + } + ebs_options { + ebs_enabled = true + volume_size = 10 + } } resource "aws_elasticsearch_domain_policy" "main" { diff --git a/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go b/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go index ed96dcd0db..e5bf282dee 100644 --- a/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go +++ b/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go @@ -96,7 +96,7 @@ func TestAccAWSElasticSearchDomain_complex(t *testing.T) { }) } -func TestAccAWSElasticSearch_tags(t *testing.T) { +func TestAccAWSElasticSearchDomain_tags(t *testing.T) { var domain elasticsearch.ElasticsearchDomainStatus var td elasticsearch.ListTagsOutput ri := acctest.RandInt() @@ -198,6 +198,10 @@ func testAccESDomainConfig(randInt int) string { return fmt.Sprintf(` resource "aws_elasticsearch_domain" "example" { domain_name = "tf-test-%d" + ebs_options { + ebs_enabled = true + volume_size = 10 + } } `, randInt) } @@ -206,6 +210,10 @@ func testAccESDomainConfig_TagUpdate(randInt int) string { return fmt.Sprintf(` resource "aws_elasticsearch_domain" "example" { domain_name = "tf-test-%d" + ebs_options { + ebs_enabled = true + volume_size = 10 + } tags { foo = "bar" @@ -220,6 +228,10 @@ func testAccESDomainConfig_complex(randInt int) string { resource "aws_elasticsearch_domain" "example" { domain_name = "tf-test-%d" + cluster_config { + instance_type = "r3.large.elasticsearch" + } + advanced_options { "indices.fielddata.cache.size" = 80 } @@ -248,6 +260,10 @@ func testAccESDomainConfigV23(randInt int) string { return fmt.Sprintf(` resource "aws_elasticsearch_domain" "example" { domain_name = "tf-test-%d" + ebs_options { + ebs_enabled = true + volume_size = 10 + } elasticsearch_version = "2.3" } `, randInt) From 0c561535e9a4f4db354c99634e3e1680c46b212f Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 18:09:37 +0100 Subject: [PATCH 032/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3c1358cdc..12f5d25733 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ BUG FIXES: * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults [GH-13137] * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] * provider/aws: Increase timeout for AMI registration [GH-13159] + * provider/aws: `volume_type` of `aws_elasticsearch_domain.0.ebs_options` marked as `Computed` which prevents spurious diffs [GH-13160] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From dc5b1d936ba09152b5dfe237f0c258bdb10fa2f0 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 18:10:38 +0100 Subject: [PATCH 033/101] provider/aws: Increase timeouts for ELB (#13161) --- builtin/providers/aws/resource_aws_elb.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_elb.go b/builtin/providers/aws/resource_aws_elb.go index 2379ea49a1..3878c9611f 100644 --- a/builtin/providers/aws/resource_aws_elb.go +++ b/builtin/providers/aws/resource_aws_elb.go @@ -287,7 +287,7 @@ func resourceAwsElbCreate(d *schema.ResourceData, meta interface{}) error { } log.Printf("[DEBUG] ELB create configuration: %#v", elbOpts) - err = resource.Retry(1*time.Minute, func() *resource.RetryError { + err = resource.Retry(5*time.Minute, func() *resource.RetryError { _, err := elbconn.CreateLoadBalancer(elbOpts) if err != nil { @@ -488,7 +488,7 @@ func resourceAwsElbUpdate(d *schema.ResourceData, meta interface{}) error { // Occasionally AWS will error with a 'duplicate listener', without any // other listeners on the ELB. Retry here to eliminate that. - err := resource.Retry(1*time.Minute, func() *resource.RetryError { + err := resource.Retry(5*time.Minute, func() *resource.RetryError { log.Printf("[DEBUG] ELB Create Listeners opts: %s", createListenersOpts) if _, err := elbconn.CreateLoadBalancerListeners(createListenersOpts); err != nil { if awsErr, ok := err.(awserr.Error); ok { @@ -746,7 +746,7 @@ func resourceAwsElbUpdate(d *schema.ResourceData, meta interface{}) error { } log.Printf("[DEBUG] ELB attach subnets opts: %s", attachOpts) - err := resource.Retry(1*time.Minute, func() *resource.RetryError { + err := resource.Retry(5*time.Minute, func() *resource.RetryError { _, err := elbconn.AttachLoadBalancerToSubnets(attachOpts) if err != nil { if awsErr, ok := err.(awserr.Error); ok { From 6cae2a5eb1264534ef7843c05d6101838721e328 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Wed, 29 Mar 2017 18:11:06 +0100 Subject: [PATCH 034/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12f5d25733..1273e04236 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ BUG FIXES: * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults [GH-13137] * provider/aws: Add Support for maintenance_window and back_window to rds_cluster_instance [GH-13134] * provider/aws: Increase timeout for AMI registration [GH-13159] + * provider/aws: Increase timeouts for ELB [GH-13161] * provider/aws: `volume_type` of `aws_elasticsearch_domain.0.ebs_options` marked as `Computed` which prevents spurious diffs [GH-13160] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] From 0d6d2f1cb489255080072af320e38041a3b21f8b Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Wed, 29 Mar 2017 09:48:58 -0700 Subject: [PATCH 035/101] website: community people pics consistently spaced Most of the bios have five lines of text, so that's the driver for the layout except for @grubernaut's and @mbfrahry's where there's only three lines. This makes the pictures following the short bios look misaligned. This quick fix just always leaves enough room for five lines of bio text, ensuring that the photos appear at a consistent vertical rhythm. It's annoying to hard-code a particular value here, since this value won't survive e.g. a change to the typesetting, but a more involved fix here (using flexbox layout, or something else complicated) doesn't seem warranted. --- website/source/assets/stylesheets/_community.scss | 1 + 1 file changed, 1 insertion(+) diff --git a/website/source/assets/stylesheets/_community.scss b/website/source/assets/stylesheets/_community.scss index de945fa388..ff8c3412ea 100644 --- a/website/source/assets/stylesheets/_community.scss +++ b/website/source/assets/stylesheets/_community.scss @@ -3,6 +3,7 @@ .person { margin-bottom: 40px; + min-height: 165px; // enough space for five lines of bio text h3 { text-transform: none; From 80a1539bca01293740d5760ce2cb4dd56c43ca62 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Wed, 29 Mar 2017 09:57:21 -0700 Subject: [PATCH 036/101] Add apparentlymart to the community page. --- website/source/community.html.erb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/website/source/community.html.erb b/website/source/community.html.erb index 556eed0d0f..ca475cdd78 100644 --- a/website/source/community.html.erb +++ b/website/source/community.html.erb @@ -125,5 +125,16 @@ disappear from this list as contributors come and go. +
+ +
+

Martin Atkins (@apparentlymart)

+

+ Martin Atkins is a community contributor turned HashiCorp Engineer working + on Terraform with a focus on the core. +

+
+
+
From 3456f12f6a2b68216377fd276256b611a8b2923a Mon Sep 17 00:00:00 2001 From: joelcollin Date: Wed, 29 Mar 2017 15:06:26 -0400 Subject: [PATCH 037/101] Fixed typo in subscription (was subscripion) (#13172) --- .../docs/providers/google/r/pubsub_subscription.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/providers/google/r/pubsub_subscription.html.markdown b/website/source/docs/providers/google/r/pubsub_subscription.html.markdown index 66715dab73..d5b7aed183 100644 --- a/website/source/docs/providers/google/r/pubsub_subscription.html.markdown +++ b/website/source/docs/providers/google/r/pubsub_subscription.html.markdown @@ -6,7 +6,7 @@ description: |- Creates a subscription in Google's pubsub queueing system --- -# google\_pubsub\_subscripion +# google\_pubsub\_subscription Creates a subscription in Google's pubsub queueing system. For more information see [the official documentation](https://cloud.google.com/pubsub/docs) and From b49e4035733121eaff6ef5cd44a374fc41358559 Mon Sep 17 00:00:00 2001 From: Paul Hinze Date: Wed, 29 Mar 2017 14:18:12 -0500 Subject: [PATCH 038/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1273e04236..5fda0ede40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ BUG FIXES: * provider/aws: Increase timeout for AMI registration [GH-13159] * provider/aws: Increase timeouts for ELB [GH-13161] * provider/aws: `volume_type` of `aws_elasticsearch_domain.0.ebs_options` marked as `Computed` which prevents spurious diffs [GH-13160] + * provider/aws: Don't set DBName on `aws_db_instance` from snapshot [GH-13140] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From ff2d753062b9a9d40dafbdb02839c2aff0701dfc Mon Sep 17 00:00:00 2001 From: James Bardin Date: Wed, 29 Mar 2017 12:50:20 -0400 Subject: [PATCH 039/101] add Rehash to terraform.BackendState This method mirrors that of config.Backend, so we can compare the configration of a backend read from a config vs that of a backend read from a state. This will prevent init from reinitializing when using `-backend-config` options that match the existing state. --- command/init_test.go | 58 +++++++++++++++++++ command/meta_backend.go | 18 +++++- .../test-fixtures/init-backend-empty/main.tf | 4 ++ config/config_terraform.go | 2 +- terraform/state.go | 27 +++++++++ 5 files changed, 105 insertions(+), 4 deletions(-) create mode 100644 command/test-fixtures/init-backend-empty/main.tf diff --git a/command/init_test.go b/command/init_test.go index dee54495d1..ede29cfc32 100644 --- a/command/init_test.go +++ b/command/init_test.go @@ -406,6 +406,64 @@ func TestInit_copyBackendDst(t *testing.T) { } } +func TestInit_backendReinitWithExtra(t *testing.T) { + td := tempDir(t) + copy.CopyDir(testFixturePath("init-backend-empty"), td) + defer os.RemoveAll(td) + defer testChdir(t, td)() + + m := testMetaBackend(t, nil) + opts := &BackendOpts{ + ConfigExtra: map[string]interface{}{"path": "hello"}, + Init: true, + } + + b, err := m.backendConfig(opts) + if err != nil { + t.Fatal(err) + } + + ui := new(cli.MockUi) + c := &InitCommand{ + Meta: Meta{ + ContextOpts: testCtxConfig(testProvider()), + Ui: ui, + }, + } + + args := []string{"-backend-config", "path=hello"} + if code := c.Run(args); code != 0 { + t.Fatalf("bad: \n%s", ui.ErrorWriter.String()) + } + + // Read our saved backend config and verify we have our settings + state := testStateRead(t, filepath.Join(DefaultDataDir, DefaultStateFilename)) + if v := state.Backend.Config["path"]; v != "hello" { + t.Fatalf("bad: %#v", v) + } + + if state.Backend.Hash != b.Hash { + t.Fatal("mismatched state and config backend hashes") + } + + if state.Backend.Rehash() != b.Rehash() { + t.Fatal("mismatched state and config re-hashes") + } + + // init again and make sure nothing changes + if code := c.Run(args); code != 0 { + t.Fatalf("bad: \n%s", ui.ErrorWriter.String()) + } + state = testStateRead(t, filepath.Join(DefaultDataDir, DefaultStateFilename)) + if v := state.Backend.Config["path"]; v != "hello" { + t.Fatalf("bad: %#v", v) + } + + if state.Backend.Hash != b.Hash { + t.Fatal("mismatched state and config backend hashes") + } +} + /* func TestInit_remoteState(t *testing.T) { tmp, cwd := testCwd(t) diff --git a/command/meta_backend.go b/command/meta_backend.go index b30659dc0e..8cf6390446 100644 --- a/command/meta_backend.go +++ b/command/meta_backend.go @@ -415,8 +415,16 @@ func (m *Meta) backendFromConfig(opts *BackendOpts) (backend.Backend, error) { case c != nil && s.Remote.Empty() && !s.Backend.Empty(): // If our configuration is the same, then we're just initializing // a previously configured remote backend. - if !s.Backend.Empty() && s.Backend.Hash == cHash { - return m.backend_C_r_S_unchanged(c, sMgr) + if !s.Backend.Empty() { + hash := s.Backend.Hash + // on init we need an updated hash containing any extra options + // that were added after merging. + if opts.Init { + hash = s.Backend.Rehash() + } + if hash == cHash { + return m.backend_C_r_S_unchanged(c, sMgr) + } } if !opts.Init { @@ -451,7 +459,11 @@ func (m *Meta) backendFromConfig(opts *BackendOpts) (backend.Backend, error) { case c != nil && !s.Remote.Empty() && !s.Backend.Empty(): // If the hashes are the same, we have a legacy remote state with // an unchanged stored backend state. - if s.Backend.Hash == cHash { + hash := s.Backend.Hash + if opts.Init { + hash = s.Backend.Rehash() + } + if hash == cHash { if !opts.Init { initReason := fmt.Sprintf( "Legacy remote state found with configured backend %q", diff --git a/command/test-fixtures/init-backend-empty/main.tf b/command/test-fixtures/init-backend-empty/main.tf new file mode 100644 index 0000000000..7f62e0e197 --- /dev/null +++ b/command/test-fixtures/init-backend-empty/main.tf @@ -0,0 +1,4 @@ +terraform { + backend "local" { + } +} diff --git a/config/config_terraform.go b/config/config_terraform.go index a547cc798d..8535c96485 100644 --- a/config/config_terraform.go +++ b/config/config_terraform.go @@ -72,7 +72,7 @@ type Backend struct { Hash uint64 } -// Hash returns a unique content hash for this backend's configuration +// Rehash returns a unique content hash for this backend's configuration // as a uint64 value. func (b *Backend) Rehash() uint64 { // If we have no backend, the value is zero diff --git a/terraform/state.go b/terraform/state.go index 4e5aa713f9..d5adefca10 100644 --- a/terraform/state.go +++ b/terraform/state.go @@ -20,6 +20,7 @@ import ( "github.com/hashicorp/go-version" "github.com/hashicorp/terraform/config" "github.com/mitchellh/copystructure" + "github.com/mitchellh/hashstructure" "github.com/satori/go.uuid" ) @@ -801,6 +802,32 @@ func (s *BackendState) Empty() bool { return s == nil || s.Type == "" } +// Rehash returns a unique content hash for this backend's configuration +// as a uint64 value. +// The Hash stored in the backend state needs to match the config itself, but +// we need to compare the backend config after it has been combined with all +// options. +// This function must match the implementation used by config.Backend. +func (s *BackendState) Rehash() uint64 { + if s == nil { + return 0 + } + + // Use hashstructure to hash only our type with the config. + code, err := hashstructure.Hash(map[string]interface{}{ + "type": s.Type, + "config": s.Config, + }, nil) + + // This should never happen since we have just some basic primitives + // so panic if there is an error. + if err != nil { + panic(err) + } + + return code +} + // RemoteState is used to track the information about a remote // state store that we push/pull state to. type RemoteState struct { From c891ab50b7bd1c2f282a97d324a6ef4ea63a0cd3 Mon Sep 17 00:00:00 2001 From: James Bardin Date: Wed, 29 Mar 2017 15:51:24 -0400 Subject: [PATCH 040/101] detect when backend.Hash needs update It's possible to not change the backend config, but require updating the stored backend state by moving init options from the config file to the `-backend-config` flag. If the config is the same, but the hash doesn't match, update the stored state. --- command/init_test.go | 44 +++++++++++++++++++++++++++++++++++++++++ command/meta_backend.go | 10 ++++++++++ 2 files changed, 54 insertions(+) diff --git a/command/init_test.go b/command/init_test.go index ede29cfc32..a0a8c32a03 100644 --- a/command/init_test.go +++ b/command/init_test.go @@ -464,6 +464,50 @@ func TestInit_backendReinitWithExtra(t *testing.T) { } } +// move option from config to -backend-config args +func TestInit_backendReinitConfigToExtra(t *testing.T) { + td := tempDir(t) + copy.CopyDir(testFixturePath("init-backend"), td) + defer os.RemoveAll(td) + defer testChdir(t, td)() + + ui := new(cli.MockUi) + c := &InitCommand{ + Meta: Meta{ + ContextOpts: testCtxConfig(testProvider()), + Ui: ui, + }, + } + + if code := c.Run([]string{"-input=false"}); code != 0 { + t.Fatalf("bad: \n%s", ui.ErrorWriter.String()) + } + + // Read our saved backend config and verify we have our settings + state := testStateRead(t, filepath.Join(DefaultDataDir, DefaultStateFilename)) + if v := state.Backend.Config["path"]; v != "foo" { + t.Fatalf("bad: %#v", v) + } + + backendHash := state.Backend.Hash + + // init again but remove the path option from the config + cfg := "terraform {\n backend \"local\" {}\n}\n" + if err := ioutil.WriteFile("main.tf", []byte(cfg), 0644); err != nil { + t.Fatal(err) + } + + args := []string{"-input=false", "-backend-config=path=foo"} + if code := c.Run(args); code != 0 { + t.Fatalf("bad: \n%s", ui.ErrorWriter.String()) + } + state = testStateRead(t, filepath.Join(DefaultDataDir, DefaultStateFilename)) + + if state.Backend.Hash == backendHash { + t.Fatal("state.Backend.Hash was not updated") + } +} + /* func TestInit_remoteState(t *testing.T) { tmp, cwd := testCwd(t) diff --git a/command/meta_backend.go b/command/meta_backend.go index 8cf6390446..c50214116b 100644 --- a/command/meta_backend.go +++ b/command/meta_backend.go @@ -1158,6 +1158,16 @@ func (m *Meta) backend_C_r_S_unchanged( c *config.Backend, sMgr state.State) (backend.Backend, error) { s := sMgr.State() + // it's possible for a backend to be unchanged, and the config itself to + // have changed by moving a paramter from the config to `-backend-config` + // In this case we only need to update the Hash. + if c != nil && s.Backend.Hash != c.Hash { + s.Backend.Hash = c.Hash + if err := sMgr.WriteState(s); err != nil { + return nil, fmt.Errorf(errBackendWriteSaved, err) + } + } + // Create the config. We do this from the backend state since this // has the complete configuration data whereas the config itself // may require input. From da1905d5e1a2c197f9ceceb47e69438709573362 Mon Sep 17 00:00:00 2001 From: Martin Atkins Date: Wed, 29 Mar 2017 13:51:01 -0700 Subject: [PATCH 041/101] Remove .gitattributes, treating all files as binary This was added earlier in an attempt to tolerate CRLF and convert CRLF line endings on Windows, but it causes issues where vendored files (which could be using either LF or CRLF depending on the original author's preference) get permanent diffs when inconsistent with the platform's preference. The goal of this change, therefore, is to treat all of the files as binary, with the standard that all of Terraform's own files will use Unix-style LF endings and the vendor stuff will just be verbatim, byte-for-byte copies of what's upstream. This will apparently cause some difficulty for people hacking on Terraform on Windows machines, because gofmt on Windows reportedly wants to convert all files to CRLF endings. Unfortunately we're forced to compromise here and treat development on Windows as an edge case in order to avoid the weirdness with inconsistent endings in the vendor tree. --- .gitattributes | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 6eb3a078e0..0000000000 --- a/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Set the default behavior, in case people don't have core.autocrlf set. -* text=auto - -*.go eol=lf From 7d23e1ef2090d1190ff514fdb0515111eded9cb5 Mon Sep 17 00:00:00 2001 From: James Bardin Date: Wed, 29 Mar 2017 17:50:55 -0400 Subject: [PATCH 042/101] add equivalent tests to meta_backend_test --- command/meta_backend_test.go | 104 +++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/command/meta_backend_test.go b/command/meta_backend_test.go index 8c1fe2d668..143759f985 100644 --- a/command/meta_backend_test.go +++ b/command/meta_backend_test.go @@ -3217,6 +3217,110 @@ func TestMetaBackend_planLegacy(t *testing.T) { } } +// init a backend using -backend-config options multiple times +func TestMetaBackend_configureWithExtra(t *testing.T) { + // Create a temporary working directory that is empty + td := tempDir(t) + copy.CopyDir(testFixturePath("init-backend-empty"), td) + defer os.RemoveAll(td) + defer testChdir(t, td)() + + extras := map[string]interface{}{"path": "hello"} + m := testMetaBackend(t, nil) + opts := &BackendOpts{ + ConfigExtra: extras, + Init: true, + } + + backendCfg, err := m.backendConfig(opts) + if err != nil { + t.Fatal(err) + } + + // init the backend + _, err = m.Backend(&BackendOpts{ + ConfigExtra: extras, + Init: true, + }) + if err != nil { + t.Fatalf("bad: %s", err) + } + + // Check the state + s := testStateRead(t, filepath.Join(DefaultDataDir, backendlocal.DefaultStateFilename)) + if s.Backend.Hash != backendCfg.Hash { + t.Fatal("mismatched state and config backend hashes") + } + if s.Backend.Rehash() == s.Backend.Hash { + t.Fatal("saved hash should not match actual hash") + } + if s.Backend.Rehash() != backendCfg.Rehash() { + t.Fatal("mismatched state and config re-hashes") + } + + // init the backend again with the same options + m = testMetaBackend(t, nil) + _, err = m.Backend(&BackendOpts{ + ConfigExtra: extras, + Init: true, + }) + if err != nil { + t.Fatalf("bad: %s", err) + } + + // Check the state + s = testStateRead(t, filepath.Join(DefaultDataDir, backendlocal.DefaultStateFilename)) + if s.Backend.Hash != backendCfg.Hash { + t.Fatal("mismatched state and config backend hashes") + } +} + +// move options from config to -backend-config +func TestMetaBackend_configToExtra(t *testing.T) { + // Create a temporary working directory that is empty + td := tempDir(t) + copy.CopyDir(testFixturePath("init-backend"), td) + defer os.RemoveAll(td) + defer testChdir(t, td)() + + // init the backend + m := testMetaBackend(t, nil) + _, err := m.Backend(&BackendOpts{ + Init: true, + }) + if err != nil { + t.Fatalf("bad: %s", err) + } + + // Check the state + s := testStateRead(t, filepath.Join(DefaultDataDir, backendlocal.DefaultStateFilename)) + backendHash := s.Backend.Hash + + // init again but remove the path option from the config + cfg := "terraform {\n backend \"local\" {}\n}\n" + if err := ioutil.WriteFile("main.tf", []byte(cfg), 0644); err != nil { + t.Fatal(err) + } + + // init the backend again with the options + extras := map[string]interface{}{"path": "hello"} + m = testMetaBackend(t, nil) + m.forceInitCopy = true + _, err = m.Backend(&BackendOpts{ + ConfigExtra: extras, + Init: true, + }) + if err != nil { + t.Fatalf("bad: %s", err) + } + + s = testStateRead(t, filepath.Join(DefaultDataDir, backendlocal.DefaultStateFilename)) + + if s.Backend.Hash == backendHash { + t.Fatal("state.Backend.Hash was not updated") + } +} + func testMetaBackend(t *testing.T, args []string) *Meta { var m Meta m.Ui = new(cli.MockUi) From c55a5082f5117709d7fddf090fdd80ebc4e9f185 Mon Sep 17 00:00:00 2001 From: James Bardin Date: Wed, 29 Mar 2017 18:01:03 -0400 Subject: [PATCH 043/101] delegate BackendState.Rehash to config.Backend --- terraform/state.go | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/terraform/state.go b/terraform/state.go index d5adefca10..905ec3dcbd 100644 --- a/terraform/state.go +++ b/terraform/state.go @@ -20,7 +20,6 @@ import ( "github.com/hashicorp/go-version" "github.com/hashicorp/terraform/config" "github.com/mitchellh/copystructure" - "github.com/mitchellh/hashstructure" "github.com/satori/go.uuid" ) @@ -813,19 +812,14 @@ func (s *BackendState) Rehash() uint64 { return 0 } - // Use hashstructure to hash only our type with the config. - code, err := hashstructure.Hash(map[string]interface{}{ - "type": s.Type, - "config": s.Config, - }, nil) - - // This should never happen since we have just some basic primitives - // so panic if there is an error. - if err != nil { - panic(err) + cfg := config.Backend{ + Type: s.Type, + RawConfig: &config.RawConfig{ + Raw: s.Config, + }, } - return code + return cfg.Rehash() } // RemoteState is used to track the information about a remote From 50023e9a60aac7324f9e28fc1aa79a2415a4ca78 Mon Sep 17 00:00:00 2001 From: James Bardin Date: Wed, 29 Mar 2017 16:45:25 -0400 Subject: [PATCH 044/101] honor `input=false` in state migration return an error when confirming a copy if -input=false --- command/init_test.go | 26 ++++++++++++++++++++++++++ command/meta.go | 4 ++++ 2 files changed, 30 insertions(+) diff --git a/command/init_test.go b/command/init_test.go index a0a8c32a03..eea5797c16 100644 --- a/command/init_test.go +++ b/command/init_test.go @@ -508,6 +508,32 @@ func TestInit_backendReinitConfigToExtra(t *testing.T) { } } +// make sure inputFalse stops execution on migrate +func TestInit_inputFalse(t *testing.T) { + td := tempDir(t) + copy.CopyDir(testFixturePath("init-backend"), td) + defer os.RemoveAll(td) + defer testChdir(t, td)() + + ui := new(cli.MockUi) + c := &InitCommand{ + Meta: Meta{ + ContextOpts: testCtxConfig(testProvider()), + Ui: ui, + }, + } + + args := []string{"-input=false", "-backend-config=path=foo"} + if code := c.Run([]string{"-input=false"}); code != 0 { + t.Fatalf("bad: \n%s", ui.ErrorWriter) + } + + args = []string{"-input=false", "-backend-config=path=bar"} + if code := c.Run(args); code == 0 { + t.Fatal("init should have failed", ui.OutputWriter) + } +} + /* func TestInit_remoteState(t *testing.T) { tmp, cwd := testCwd(t) diff --git a/command/meta.go b/command/meta.go index 0dd4c78843..daf949a295 100644 --- a/command/meta.go +++ b/command/meta.go @@ -3,6 +3,7 @@ package command import ( "bufio" "bytes" + "errors" "flag" "fmt" "io" @@ -341,6 +342,9 @@ func (m *Meta) uiHook() *UiHook { // confirm asks a yes/no confirmation. func (m *Meta) confirm(opts *terraform.InputOpts) (bool, error) { + if !m.input { + return false, errors.New("input disabled") + } for { v, err := m.UIInput().Input(opts) if err != nil { From 11fa03cfb664e9b8667bd61aa80bfc40af96f3d6 Mon Sep 17 00:00:00 2001 From: Brian Hahn Date: Wed, 29 Mar 2017 23:03:08 -0700 Subject: [PATCH 045/101] fix docs typo (#13183) --- website/source/docs/backends/legacy-0-8.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/backends/legacy-0-8.html.md b/website/source/docs/backends/legacy-0-8.html.md index c3197d23c8..a5feee4055 100644 --- a/website/source/docs/backends/legacy-0-8.html.md +++ b/website/source/docs/backends/legacy-0-8.html.md @@ -124,7 +124,7 @@ You should be able to very easily migrate `terraform remote config` scripting to the new `terraform init` command. The new `terraform init` command takes a `-backend-config` flag which is -eitheran HCL file or a string in the format of `key=value`. This configuration +either an HCL file or a string in the format of `key=value`. This configuration is merged with the backend configuration in your Terraform files. This lets you keep secrets out of your actual configuration. We call this "partial configuration" and you can learn more in the From 1dca12201ab744259b49c78aa9caa02c0e898822 Mon Sep 17 00:00:00 2001 From: Ian Morgan Date: Thu, 30 Mar 2017 01:12:15 -0700 Subject: [PATCH 046/101] fix error message in route53 data source (#13174) --- builtin/providers/aws/data_source_aws_route53_zone.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/providers/aws/data_source_aws_route53_zone.go b/builtin/providers/aws/data_source_aws_route53_zone.go index a4df2c7547..b3de4eed49 100644 --- a/builtin/providers/aws/data_source_aws_route53_zone.go +++ b/builtin/providers/aws/data_source_aws_route53_zone.go @@ -136,7 +136,7 @@ func dataSourceAwsRoute53ZoneRead(d *schema.ResourceData, meta interface{}) erro if matchingTags && matchingVPC { if hostedZoneFound != nil { - return fmt.Errorf("multplie Route53Zone found please use vpc_id option to filter") + return fmt.Errorf("multiple Route53Zone found please use vpc_id option to filter") } else { hostedZoneFound = hostedZone } From c2b657a03977287018aad1ccfe8b2b4b6ee6f9a8 Mon Sep 17 00:00:00 2001 From: Marc Rooding Date: Thu, 30 Mar 2017 10:24:40 +0200 Subject: [PATCH 047/101] kubernetes: Add secret resource (#12960) --- builtin/providers/kubernetes/provider.go | 1 + .../kubernetes/resource_kubernetes_secret.go | 159 +++++++++ .../resource_kubernetes_secret_test.go | 320 ++++++++++++++++++ builtin/providers/kubernetes/structures.go | 18 + .../kubernetes/r/secret.html.markdown | 69 ++++ website/source/layouts/kubernetes.erb | 3 + 6 files changed, 570 insertions(+) create mode 100644 builtin/providers/kubernetes/resource_kubernetes_secret.go create mode 100644 builtin/providers/kubernetes/resource_kubernetes_secret_test.go create mode 100644 website/source/docs/providers/kubernetes/r/secret.html.markdown diff --git a/builtin/providers/kubernetes/provider.go b/builtin/providers/kubernetes/provider.go index 9d0d23cc30..861519c6a6 100644 --- a/builtin/providers/kubernetes/provider.go +++ b/builtin/providers/kubernetes/provider.go @@ -83,6 +83,7 @@ func Provider() terraform.ResourceProvider { ResourcesMap: map[string]*schema.Resource{ "kubernetes_config_map": resourceKubernetesConfigMap(), "kubernetes_namespace": resourceKubernetesNamespace(), + "kubernetes_secret": resourceKubernetesSecret(), }, ConfigureFunc: providerConfigure, } diff --git a/builtin/providers/kubernetes/resource_kubernetes_secret.go b/builtin/providers/kubernetes/resource_kubernetes_secret.go new file mode 100644 index 0000000000..0fe9a71ba2 --- /dev/null +++ b/builtin/providers/kubernetes/resource_kubernetes_secret.go @@ -0,0 +1,159 @@ +package kubernetes + +import ( + "log" + + "fmt" + "github.com/hashicorp/terraform/helper/schema" + pkgApi "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/api/errors" + api "k8s.io/kubernetes/pkg/api/v1" + kubernetes "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5" +) + +func resourceKubernetesSecret() *schema.Resource { + return &schema.Resource{ + Create: resourceKubernetesSecretCreate, + Read: resourceKubernetesSecretRead, + Exists: resourceKubernetesSecretExists, + Update: resourceKubernetesSecretUpdate, + Delete: resourceKubernetesSecretDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "metadata": namespacedMetadataSchema("secret", true), + "data": { + Type: schema.TypeMap, + Description: "A map of the secret data.", + Optional: true, + Sensitive: true, + }, + "type": { + Type: schema.TypeString, + Description: "Type of secret", + Default: "Opaque", + Optional: true, + ForceNew: true, + }, + }, + } +} + +func resourceKubernetesSecretCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*kubernetes.Clientset) + + metadata := expandMetadata(d.Get("metadata").([]interface{})) + secret := api.Secret{ + ObjectMeta: metadata, + StringData: expandStringMap(d.Get("data").(map[string]interface{})), + } + + if v, ok := d.GetOk("type"); ok { + secret.Type = api.SecretType(v.(string)) + } + + log.Printf("[INFO] Creating new secret: %#v", secret) + out, err := conn.CoreV1().Secrets(metadata.Namespace).Create(&secret) + if err != nil { + return err + } + + log.Printf("[INFO] Submitting new secret: %#v", out) + d.SetId(buildId(out.ObjectMeta)) + + return resourceKubernetesSecretRead(d, meta) +} + +func resourceKubernetesSecretRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*kubernetes.Clientset) + + namespace, name := idParts(d.Id()) + + log.Printf("[INFO] Reading secret %s", name) + secret, err := conn.CoreV1().Secrets(namespace).Get(name) + if err != nil { + return err + } + + log.Printf("[INFO] Received secret: %#v", secret) + err = d.Set("metadata", flattenMetadata(secret.ObjectMeta)) + if err != nil { + return err + } + + d.Set("data", byteMapToStringMap(secret.Data)) + d.Set("type", secret.Type) + + return nil +} + +func resourceKubernetesSecretUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*kubernetes.Clientset) + + namespace, name := idParts(d.Id()) + + ops := patchMetadata("metadata.0.", "/metadata/", d) + if d.HasChange("data") { + oldV, newV := d.GetChange("data") + + oldV = base64EncodeStringMap(oldV.(map[string]interface{})) + newV = base64EncodeStringMap(newV.(map[string]interface{})) + + diffOps := diffStringMap("/data/", oldV.(map[string]interface{}), newV.(map[string]interface{})) + + ops = append(ops, diffOps...) + } + + data, err := ops.MarshalJSON() + if err != nil { + return fmt.Errorf("Failed to marshal update operations: %s", err) + } + + log.Printf("[INFO] Updating secret %q: %v", name, data) + out, err := conn.CoreV1().Secrets(namespace).Patch(name, pkgApi.JSONPatchType, data) + if err != nil { + return fmt.Errorf("Failed to update secret: %s", err) + } + + log.Printf("[INFO] Submitting updated secret: %#v", out) + d.SetId(buildId(out.ObjectMeta)) + + return resourceKubernetesSecretRead(d, meta) +} + +func resourceKubernetesSecretDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*kubernetes.Clientset) + + namespace, name := idParts(d.Id()) + + log.Printf("[INFO] Deleting secret: %q", name) + err := conn.CoreV1().Secrets(namespace).Delete(name, &api.DeleteOptions{}) + if err != nil { + return err + } + + log.Printf("[INFO] Secret %s deleted", name) + + d.SetId("") + + return nil +} + +func resourceKubernetesSecretExists(d *schema.ResourceData, meta interface{}) (bool, error) { + conn := meta.(*kubernetes.Clientset) + + namespace, name := idParts(d.Id()) + + log.Printf("[INFO] Checking secret %s", name) + _, err := conn.CoreV1().Secrets(namespace).Get(name) + if err != nil { + if statusErr, ok := err.(*errors.StatusError); ok && statusErr.ErrStatus.Code == 404 { + return false, nil + } + log.Printf("[DEBUG] Received error: %#v", err) + } + + return true, err +} diff --git a/builtin/providers/kubernetes/resource_kubernetes_secret_test.go b/builtin/providers/kubernetes/resource_kubernetes_secret_test.go new file mode 100644 index 0000000000..0e9ef31234 --- /dev/null +++ b/builtin/providers/kubernetes/resource_kubernetes_secret_test.go @@ -0,0 +1,320 @@ +package kubernetes + +import ( + "fmt" + "reflect" + "regexp" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + api "k8s.io/kubernetes/pkg/api/v1" + kubernetes "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5" +) + +func TestAccKubernetesSecret_basic(t *testing.T) { + var conf api.Secret + name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + IDRefreshName: "kubernetes_secret.test", + Providers: testAccProviders, + CheckDestroy: testAccCheckKubernetesSecretDestroy, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesSecretConfig_basic(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.%", "2"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.TestAnnotationOne", "one"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.TestAnnotationTwo", "two"), + testAccCheckMetaAnnotations(&conf.ObjectMeta, map[string]string{"TestAnnotationOne": "one", "TestAnnotationTwo": "two"}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.%", "3"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.TestLabelOne", "one"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.TestLabelTwo", "two"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.TestLabelThree", "three"), + testAccCheckMetaLabels(&conf.ObjectMeta, map[string]string{"TestLabelOne": "one", "TestLabelTwo": "two", "TestLabelThree": "three"}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.name", name), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.generation"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.self_link"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.uid"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.%", "2"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.one", "first"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.two", "second"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "type", "Opaque"), + testAccCheckSecretData(&conf, map[string]string{"one": "first", "two": "second"}), + ), + }, + { + Config: testAccKubernetesSecretConfig_modified(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.%", "2"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.TestAnnotationOne", "one"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.Different", "1234"), + testAccCheckMetaAnnotations(&conf.ObjectMeta, map[string]string{"TestAnnotationOne": "one", "Different": "1234"}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.%", "2"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.TestLabelOne", "one"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.TestLabelThree", "three"), + testAccCheckMetaLabels(&conf.ObjectMeta, map[string]string{"TestLabelOne": "one", "TestLabelThree": "three"}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.name", name), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.generation"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.self_link"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.uid"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.%", "3"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.one", "first"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.two", "second"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.nine", "ninth"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "type", "Opaque"), + testAccCheckSecretData(&conf, map[string]string{"one": "first", "two": "second", "nine": "ninth"}), + ), + }, + { + Config: testAccKubernetesSecretConfig_noData(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.%", "0"), + testAccCheckMetaAnnotations(&conf.ObjectMeta, map[string]string{}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.%", "0"), + testAccCheckMetaLabels(&conf.ObjectMeta, map[string]string{}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.name", name), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.generation"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.self_link"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.uid"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.%", "0"), + testAccCheckSecretData(&conf, map[string]string{}), + ), + }, + { + Config: testAccKubernetesSecretConfig_typeSpecified(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.%", "0"), + testAccCheckMetaAnnotations(&conf.ObjectMeta, map[string]string{}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.%", "0"), + testAccCheckMetaLabels(&conf.ObjectMeta, map[string]string{}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.name", name), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.generation"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.self_link"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.uid"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.%", "2"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.username", "admin"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "data.password", "password"), + resource.TestCheckResourceAttr("kubernetes_secret.test", "type", "kubernetes.io/basic-auth"), + testAccCheckSecretData(&conf, map[string]string{"username": "admin", "password": "password"}), + ), + }, + }, + }) +} + +func TestAccKubernetesSecret_importBasic(t *testing.T) { + resourceName := "kubernetes_secret.test" + name := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckKubernetesSecretDestroy, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesSecretConfig_basic(name), + }, + + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccKubernetesSecret_generatedName(t *testing.T) { + var conf api.Secret + prefix := "tf-acc-test-gen-" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + IDRefreshName: "kubernetes_secret.test", + Providers: testAccProviders, + CheckDestroy: testAccCheckKubernetesSecretDestroy, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesSecretConfig_generatedName(prefix), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesSecretExists("kubernetes_secret.test", &conf), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.annotations.%", "0"), + testAccCheckMetaAnnotations(&conf.ObjectMeta, map[string]string{}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.labels.%", "0"), + testAccCheckMetaLabels(&conf.ObjectMeta, map[string]string{}), + resource.TestCheckResourceAttr("kubernetes_secret.test", "metadata.0.generate_name", prefix), + resource.TestMatchResourceAttr("kubernetes_secret.test", "metadata.0.name", regexp.MustCompile("^"+prefix)), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.generation"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.self_link"), + resource.TestCheckResourceAttrSet("kubernetes_secret.test", "metadata.0.uid"), + ), + }, + }, + }) +} + +func TestAccKubernetesSecret_importGeneratedName(t *testing.T) { + resourceName := "kubernetes_secret.test" + prefix := "tf-acc-test-gen-import-" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckKubernetesSecretDestroy, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesSecretConfig_generatedName(prefix), + }, + + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccCheckSecretData(m *api.Secret, expected map[string]string) resource.TestCheckFunc { + return func(s *terraform.State) error { + if len(expected) == 0 && len(m.Data) == 0 { + return nil + } + if !reflect.DeepEqual(byteMapToStringMap(m.Data), expected) { + return fmt.Errorf("%s data don't match.\nExpected: %q\nGiven: %q", + m.Name, expected, m.Data) + } + return nil + } +} + +func testAccCheckKubernetesSecretDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*kubernetes.Clientset) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "kubernetes_secret" { + continue + } + namespace, name := idParts(rs.Primary.ID) + resp, err := conn.CoreV1().Secrets(namespace).Get(name) + if err == nil { + if resp.Name == rs.Primary.ID { + return fmt.Errorf("Secret still exists: %s", rs.Primary.ID) + } + } + } + + return nil +} + +func testAccCheckKubernetesSecretExists(n string, obj *api.Secret) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + conn := testAccProvider.Meta().(*kubernetes.Clientset) + namespace, name := idParts(rs.Primary.ID) + out, err := conn.CoreV1().Secrets(namespace).Get(name) + if err != nil { + return err + } + + *obj = *out + return nil + } +} + +func testAccKubernetesSecretConfig_basic(name string) string { + return fmt.Sprintf(` +resource "kubernetes_secret" "test" { + metadata { + annotations { + TestAnnotationOne = "one" + TestAnnotationTwo = "two" + } + labels { + TestLabelOne = "one" + TestLabelTwo = "two" + TestLabelThree = "three" + } + name = "%s" + } + data { + one = "first" + two = "second" + } +}`, name) +} + +func testAccKubernetesSecretConfig_modified(name string) string { + return fmt.Sprintf(` +resource "kubernetes_secret" "test" { + metadata { + annotations { + TestAnnotationOne = "one" + Different = "1234" + } + labels { + TestLabelOne = "one" + TestLabelThree = "three" + } + name = "%s" + } + data { + one = "first" + two = "second" + nine = "ninth" + } +}`, name) +} + +func testAccKubernetesSecretConfig_noData(name string) string { + return fmt.Sprintf(` +resource "kubernetes_secret" "test" { + metadata { + name = "%s" + } +}`, name) +} + +func testAccKubernetesSecretConfig_typeSpecified(name string) string { + return fmt.Sprintf(` +resource "kubernetes_secret" "test" { + metadata { + name = "%s" + } + data { + username = "admin" + password = "password" + } + type = "kubernetes.io/basic-auth" +}`, name) +} + +func testAccKubernetesSecretConfig_generatedName(prefix string) string { + return fmt.Sprintf(` +resource "kubernetes_secret" "test" { + metadata { + generate_name = "%s" + } + data { + one = "first" + two = "second" + } +}`, prefix) +} diff --git a/builtin/providers/kubernetes/structures.go b/builtin/providers/kubernetes/structures.go index 58bc49030c..878890d565 100644 --- a/builtin/providers/kubernetes/structures.go +++ b/builtin/providers/kubernetes/structures.go @@ -5,6 +5,7 @@ import ( "net/url" "strings" + "encoding/base64" "github.com/hashicorp/terraform/helper/schema" api "k8s.io/kubernetes/pkg/api/v1" ) @@ -99,3 +100,20 @@ func isInternalAnnotationKey(annotationKey string) bool { return false } + +func byteMapToStringMap(m map[string][]byte) map[string]string { + result := make(map[string]string) + for k, v := range m { + result[k] = string(v) + } + return result +} + +func base64EncodeStringMap(m map[string]interface{}) map[string]interface{} { + result := make(map[string]interface{}) + for k, v := range m { + value := v.(string) + result[k] = (base64.StdEncoding.EncodeToString([]byte(value))) + } + return result +} diff --git a/website/source/docs/providers/kubernetes/r/secret.html.markdown b/website/source/docs/providers/kubernetes/r/secret.html.markdown new file mode 100644 index 0000000000..856b04d897 --- /dev/null +++ b/website/source/docs/providers/kubernetes/r/secret.html.markdown @@ -0,0 +1,69 @@ +--- +layout: "kubernetes" +page_title: "Kubernetes: kubernetes_secret" +sidebar_current: "docs-kubernetes-resource-secret" +description: |- + The resource provides mechanisms to inject containers with sensitive information while keeping containers agnostic of Kubernetes. +--- + +# kubernetes_secret + +The resource provides mechanisms to inject containers with sensitive information, such as passwords, while keeping containers agnostic of Kubernetes. +Secrets can be used to store sensitive information either as individual properties or coarse-grained entries like entire files or JSON blobs. +The resource will by default create a secret which is available to any pod in the specified (or default) namespace. + +~> Read more about security properties and risks involved with using Kubernetes secrets: https://kubernetes.io/docs/user-guide/secrets/#security-properties + +~> **Note:** All arguments including the secret data will be stored in the raw state as plain-text. [Read more about sensitive data in state](/docs/state/sensitive-data.html). + +## Example Usage + +``` +resource "kubernetes_secret" "example" { + metadata { + name = "basic-auth" + } + + data { + username = "admin" + password = "P4ssw0rd" + } + + type = "kubernetes.io/basic-auth" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `data` - (Optional) A map of the secret data. +* `metadata` - (Required) Standard secret's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata +* `type` - (Optional) The secret type. Defaults to `Opaque`. More info: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/secrets.md#proposed-design + +## Nested Blocks + +### `metadata` + +#### Arguments + +* `annotations` - (Optional) An unstructured key value map stored with the secret that may be used to store arbitrary metadata. More info: http://kubernetes.io/docs/user-guide/annotations +* `generate_name` - (Optional) Prefix, used by the server, to generate a unique name ONLY IF the `name` field has not been provided. This value will also be combined with a unique suffix. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#idempotency +* `labels` - (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the secret. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels +* `name` - (Optional) Name of the secret, must be unique. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names +* `namespace` - (Optional) Namespace defines the space within which name of the secret must be unique. + +#### Attributes + +* `generation` - A sequence number representing a specific generation of the desired state. +* `resource_version` - An opaque value that represents the internal version of this secret that can be used by clients to determine when secret has changed. Read more: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#concurrency-control-and-consistency +* `self_link` - A URL representing this secret. +* `uid` - The unique in time and space value for this secret. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + +## Import + +Secret can be imported using its name, e.g. + +``` +$ terraform import kubernetes_secret.example my-secret +``` diff --git a/website/source/layouts/kubernetes.erb b/website/source/layouts/kubernetes.erb index 147bccbf4d..4f80efec79 100644 --- a/website/source/layouts/kubernetes.erb +++ b/website/source/layouts/kubernetes.erb @@ -19,6 +19,9 @@ > kubernetes_namespace + > + kubernetes_secret + From b12e7782c98453cc6c2fbdac369a83521bc952b1 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Thu, 30 Mar 2017 09:26:50 +0100 Subject: [PATCH 048/101] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5fda0ede40..2260e704b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## 0.9.3 (unreleased) +FEATURES: + + * **New Resource:** `kubernetes_secret` [GH-12960] + IMPROVEMENTS: * config: New interpolation functions `basename` and `dirname`, for file path manipulation [GH-13080] From 204789f07c129026009a59d6ad32413175b3b441 Mon Sep 17 00:00:00 2001 From: Axel FAUVEL Date: Thu, 30 Mar 2017 10:34:55 +0200 Subject: [PATCH 049/101] fix cloudstack_disk documentation --- .../docs/providers/cloudstack/r/disk.html.markdown | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/website/source/docs/providers/cloudstack/r/disk.html.markdown b/website/source/docs/providers/cloudstack/r/disk.html.markdown index f9d5af30f4..5232394ddc 100644 --- a/website/source/docs/providers/cloudstack/r/disk.html.markdown +++ b/website/source/docs/providers/cloudstack/r/disk.html.markdown @@ -15,12 +15,12 @@ a virtual machine if the optional parameters are configured. ``` resource "cloudstack_disk" "default" { - name = "test-disk" - attach = "true" - disk_offering = "custom" - size = 50 - virtual_machine = "server-1" - zone = "zone-1" + name = "test-disk" + attach = "true" + disk_offering = "custom" + size = 50 + virtual_machine_id = "server-1" + zone = "zone-1" } ``` From d24dc532e54f7a2198623ac3f1ef9eae152815fb Mon Sep 17 00:00:00 2001 From: stack72 Date: Thu, 30 Mar 2017 15:54:01 +0300 Subject: [PATCH 050/101] provider/aws: Documentation changes on ALB to remove ELB refs Fixes: #13179 --- website/source/docs/providers/aws/r/alb.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/source/docs/providers/aws/r/alb.html.markdown b/website/source/docs/providers/aws/r/alb.html.markdown index 18513be1cc..d91706ecaa 100644 --- a/website/source/docs/providers/aws/r/alb.html.markdown +++ b/website/source/docs/providers/aws/r/alb.html.markdown @@ -46,9 +46,9 @@ must contain only alphanumeric characters or hyphens, and must not begin or end Terraform will autogenerate a name beginning with `tf-lb`. * `name_prefix` - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with `name`. * `internal` - (Optional) If true, the ALB will be internal. -* `security_groups` - (Optional) A list of security group IDs to assign to the ELB. +* `security_groups` - (Optional) A list of security group IDs to assign to the ALB. * `access_logs` - (Optional) An Access Logs block. Access Logs documented below. -* `subnets` - (Required) A list of subnet IDs to attach to the ELB. +* `subnets` - (Required) A list of subnet IDs to attach to the ALB. * `idle_timeout` - (Optional) The time in seconds that the connection is allowed to be idle. Default: 60. * `enable_deletion_protection` - (Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults to `false`. From 9ed8bb2498186008101933af5ecab0627f0046d1 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Thu, 30 Mar 2017 16:20:42 +0300 Subject: [PATCH 051/101] provider/aws: Support the ability to enable / disable ipv6 support in (#12527) VPC ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpc_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/28 15:49:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpc_ -timeout 120m === RUN TestAccAWSVpc_importBasic --- PASS: TestAccAWSVpc_importBasic (102.01s) === RUN TestAccAWSVpc_basic --- PASS: TestAccAWSVpc_basic (63.75s) === RUN TestAccAWSVpc_enableIpv6 --- PASS: TestAccAWSVpc_enableIpv6 (231.41s) === RUN TestAccAWSVpc_dedicatedTenancy --- PASS: TestAccAWSVpc_dedicatedTenancy (66.65s) === RUN TestAccAWSVpc_tags --- PASS: TestAccAWSVpc_tags (130.26s) === RUN TestAccAWSVpc_update --- PASS: TestAccAWSVpc_update (120.21s) === RUN TestAccAWSVpc_bothDnsOptionsSet --- PASS: TestAccAWSVpc_bothDnsOptionsSet (50.10s) === RUN TestAccAWSVpc_DisabledDnsSupport --- PASS: TestAccAWSVpc_DisabledDnsSupport (67.47s) === RUN TestAccAWSVpc_classiclinkOptionSet --- PASS: TestAccAWSVpc_classiclinkOptionSet (64.57s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 896.464s ``` --- builtin/providers/aws/resource_aws_vpc.go | 100 +++++++++++++++++- .../providers/aws/resource_aws_vpc_test.go | 36 ++++++- 2 files changed, 133 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_vpc.go b/builtin/providers/aws/resource_aws_vpc.go index 6807706b6c..6a8edca4b8 100644 --- a/builtin/providers/aws/resource_aws_vpc.go +++ b/builtin/providers/aws/resource_aws_vpc.go @@ -60,7 +60,6 @@ func resourceAwsVpc() *schema.Resource { "assign_generated_ipv6_cidr_block": { Type: schema.TypeBool, - ForceNew: true, Optional: true, Default: false, }, @@ -178,7 +177,7 @@ func resourceAwsVpcRead(d *schema.ResourceData, meta interface{}) error { d.Set("tags", tagsToMap(vpc.Tags)) for _, a := range vpc.Ipv6CidrBlockAssociationSet { - if *a.Ipv6CidrBlockState.State == "associated" { + if *a.Ipv6CidrBlockState.State == "associated" { //we can only ever have 1 IPv6 block associated at once d.Set("assign_generated_ipv6_cidr_block", true) d.Set("ipv6_association_id", a.AssociationId) d.Set("ipv6_cidr_block", a.Ipv6CidrBlock) @@ -344,6 +343,68 @@ func resourceAwsVpcUpdate(d *schema.ResourceData, meta interface{}) error { d.SetPartial("enable_classiclink") } + if d.HasChange("assign_generated_ipv6_cidr_block") && !d.IsNewResource() { + toAssign := d.Get("assign_generated_ipv6_cidr_block").(bool) + + log.Printf("[INFO] Modifying assign_generated_ipv6_cidr_block to %#v", toAssign) + + if toAssign { + modifyOpts := &ec2.AssociateVpcCidrBlockInput{ + VpcId: &vpcid, + AmazonProvidedIpv6CidrBlock: aws.Bool(toAssign), + } + log.Printf("[INFO] Enabling assign_generated_ipv6_cidr_block vpc attribute for %s: %#v", + d.Id(), modifyOpts) + resp, err := conn.AssociateVpcCidrBlock(modifyOpts) + if err != nil { + return err + } + + // Wait for the CIDR to become available + log.Printf( + "[DEBUG] Waiting for IPv6 CIDR (%s) to become associated", + d.Id()) + stateConf := &resource.StateChangeConf{ + Pending: []string{"associating", "disassociated"}, + Target: []string{"associated"}, + Refresh: Ipv6CidrStateRefreshFunc(conn, d.Id(), *resp.Ipv6CidrBlockAssociation.AssociationId), + Timeout: 1 * time.Minute, + } + if _, err := stateConf.WaitForState(); err != nil { + return fmt.Errorf( + "Error waiting for IPv6 CIDR (%s) to become associated: %s", + d.Id(), err) + } + } else { + modifyOpts := &ec2.DisassociateVpcCidrBlockInput{ + AssociationId: aws.String(d.Get("ipv6_association_id").(string)), + } + log.Printf("[INFO] Disabling assign_generated_ipv6_cidr_block vpc attribute for %s: %#v", + d.Id(), modifyOpts) + if _, err := conn.DisassociateVpcCidrBlock(modifyOpts); err != nil { + return err + } + + // Wait for the CIDR to become available + log.Printf( + "[DEBUG] Waiting for IPv6 CIDR (%s) to become disassociated", + d.Id()) + stateConf := &resource.StateChangeConf{ + Pending: []string{"disassociating", "associated"}, + Target: []string{"disassociated"}, + Refresh: Ipv6CidrStateRefreshFunc(conn, d.Id(), d.Get("ipv6_association_id").(string)), + Timeout: 1 * time.Minute, + } + if _, err := stateConf.WaitForState(); err != nil { + return fmt.Errorf( + "Error waiting for IPv6 CIDR (%s) to become disassociated: %s", + d.Id(), err) + } + } + + d.SetPartial("assign_generated_ipv6_cidr_block") + } + if err := setTags(conn, d); err != nil { return err } else { @@ -412,6 +473,41 @@ func VPCStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc { } } +func Ipv6CidrStateRefreshFunc(conn *ec2.EC2, id string, associationId string) resource.StateRefreshFunc { + return func() (interface{}, string, error) { + describeVpcOpts := &ec2.DescribeVpcsInput{ + VpcIds: []*string{aws.String(id)}, + } + resp, err := conn.DescribeVpcs(describeVpcOpts) + if err != nil { + if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpcID.NotFound" { + resp = nil + } else { + log.Printf("Error on VPCStateRefresh: %s", err) + return nil, "", err + } + } + + if resp == nil { + // Sometimes AWS just has consistency issues and doesn't see + // our instance yet. Return an empty state. + return nil, "", nil + } + + if resp.Vpcs[0].Ipv6CidrBlockAssociationSet == nil { + return nil, "", nil + } + + for _, association := range resp.Vpcs[0].Ipv6CidrBlockAssociationSet { + if *association.AssociationId == associationId { + return association, *association.Ipv6CidrBlockState.State, nil + } + } + + return nil, "", nil + } +} + func resourceAwsVpcSetDefaultNetworkAcl(conn *ec2.EC2, d *schema.ResourceData) error { filter1 := &ec2.Filter{ Name: aws.String("default"), diff --git a/builtin/providers/aws/resource_aws_vpc_test.go b/builtin/providers/aws/resource_aws_vpc_test.go index 44f672268f..ca68bdfe8c 100644 --- a/builtin/providers/aws/resource_aws_vpc_test.go +++ b/builtin/providers/aws/resource_aws_vpc_test.go @@ -46,7 +46,7 @@ func TestAccAWSVpc_enableIpv6(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccVpcConfigIpv6Enabled, - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( testAccCheckVpcExists("aws_vpc.foo", &vpc), testAccCheckVpcCidr(&vpc, "10.1.0.0/16"), resource.TestCheckResourceAttr( @@ -55,6 +55,34 @@ func TestAccAWSVpc_enableIpv6(t *testing.T) { "aws_vpc.foo", "ipv6_association_id"), resource.TestCheckResourceAttrSet( "aws_vpc.foo", "ipv6_cidr_block"), + resource.TestCheckResourceAttr( + "aws_vpc.foo", "assign_generated_ipv6_cidr_block", "true"), + ), + }, + { + Config: testAccVpcConfigIpv6Disabled, + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckVpcExists("aws_vpc.foo", &vpc), + testAccCheckVpcCidr(&vpc, "10.1.0.0/16"), + resource.TestCheckResourceAttr( + "aws_vpc.foo", "cidr_block", "10.1.0.0/16"), + resource.TestCheckResourceAttr( + "aws_vpc.foo", "assign_generated_ipv6_cidr_block", "false"), + ), + }, + { + Config: testAccVpcConfigIpv6Enabled, + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckVpcExists("aws_vpc.foo", &vpc), + testAccCheckVpcCidr(&vpc, "10.1.0.0/16"), + resource.TestCheckResourceAttr( + "aws_vpc.foo", "cidr_block", "10.1.0.0/16"), + resource.TestCheckResourceAttrSet( + "aws_vpc.foo", "ipv6_association_id"), + resource.TestCheckResourceAttrSet( + "aws_vpc.foo", "ipv6_cidr_block"), + resource.TestCheckResourceAttr( + "aws_vpc.foo", "assign_generated_ipv6_cidr_block", "true"), ), }, }, @@ -283,6 +311,12 @@ resource "aws_vpc" "foo" { } ` +const testAccVpcConfigIpv6Disabled = ` +resource "aws_vpc" "foo" { + cidr_block = "10.1.0.0/16" +} +` + const testAccVpcConfigUpdate = ` resource "aws_vpc" "foo" { cidr_block = "10.1.0.0/16" From 5ba7aa82966efeba6d3a768f6086a3e448668594 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Thu, 30 Mar 2017 16:22:30 +0300 Subject: [PATCH 052/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2260e704b6..e151c9aa63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ IMPROVEMENTS: * provider/aws: `aws_kinesis_firehose_delivery_stream` `password` field marked as sensitive [GH-13147] * provider/aws: `aws_opsworks_application` `app_source.0.password` & `ssl_configuration.0.private_key` fields marked as sensitive [GH-13147] * provider/aws: `aws_opsworks_stack` `custom_cookbooks_source.0.password` field marked as sensitive [GH-13147] + * provider/aws: Support the ability to enable / disable ipv6 support in VPC [GH-12527] * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] BUG FIXES: From 7d8a6f853311bcdf33fd164239aa291fd2554913 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Thu, 30 Mar 2017 14:59:28 +0100 Subject: [PATCH 053/101] provider/aws: Add support for aws_lightsail_static_ip (#13175) --- builtin/providers/aws/provider.go | 1 + .../aws/resource_aws_lightsail_static_ip.go | 98 +++++++++++++ .../resource_aws_lightsail_static_ip_test.go | 138 ++++++++++++++++++ .../aws/r/lightsail_static_ip.html.markdown | 35 +++++ website/source/layouts/aws.erb | 4 + 5 files changed, 276 insertions(+) create mode 100644 builtin/providers/aws/resource_aws_lightsail_static_ip.go create mode 100644 builtin/providers/aws/resource_aws_lightsail_static_ip_test.go create mode 100644 website/source/docs/providers/aws/r/lightsail_static_ip.html.markdown diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 744eb21ad9..0a9de8accf 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -337,6 +337,7 @@ func Provider() terraform.ResourceProvider { "aws_lightsail_domain": resourceAwsLightsailDomain(), "aws_lightsail_instance": resourceAwsLightsailInstance(), "aws_lightsail_key_pair": resourceAwsLightsailKeyPair(), + "aws_lightsail_static_ip": resourceAwsLightsailStaticIp(), "aws_lb_cookie_stickiness_policy": resourceAwsLBCookieStickinessPolicy(), "aws_load_balancer_policy": resourceAwsLoadBalancerPolicy(), "aws_load_balancer_backend_server_policy": resourceAwsLoadBalancerBackendServerPolicies(), diff --git a/builtin/providers/aws/resource_aws_lightsail_static_ip.go b/builtin/providers/aws/resource_aws_lightsail_static_ip.go new file mode 100644 index 0000000000..1f593ad40e --- /dev/null +++ b/builtin/providers/aws/resource_aws_lightsail_static_ip.go @@ -0,0 +1,98 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/lightsail" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsLightsailStaticIp() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsLightsailStaticIpCreate, + Read: resourceAwsLightsailStaticIpRead, + Delete: resourceAwsLightsailStaticIpDelete, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "ip_address": { + Type: schema.TypeString, + Computed: true, + }, + "arn": { + Type: schema.TypeString, + Computed: true, + }, + "support_code": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func resourceAwsLightsailStaticIpCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lightsailconn + + name := d.Get("name").(string) + log.Printf("[INFO] Allocating Lightsail Static IP: %q", name) + out, err := conn.AllocateStaticIp(&lightsail.AllocateStaticIpInput{ + StaticIpName: aws.String(name), + }) + if err != nil { + return err + } + log.Printf("[INFO] Lightsail Static IP allocated: %s", *out) + + d.SetId(name) + + return resourceAwsLightsailStaticIpRead(d, meta) +} + +func resourceAwsLightsailStaticIpRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lightsailconn + + name := d.Get("name").(string) + log.Printf("[INFO] Reading Lightsail Static IP: %q", name) + out, err := conn.GetStaticIp(&lightsail.GetStaticIpInput{ + StaticIpName: aws.String(name), + }) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "NotFoundException" { + log.Printf("[WARN] Lightsail Static IP (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + } + return err + } + log.Printf("[INFO] Received Lightsail Static IP: %s", *out) + + d.Set("arn", out.StaticIp.Arn) + d.Set("ip_address", out.StaticIp.IpAddress) + d.Set("support_code", out.StaticIp.SupportCode) + + return nil +} + +func resourceAwsLightsailStaticIpDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lightsailconn + + name := d.Get("name").(string) + log.Printf("[INFO] Deleting Lightsail Static IP: %q", name) + out, err := conn.ReleaseStaticIp(&lightsail.ReleaseStaticIpInput{ + StaticIpName: aws.String(name), + }) + if err != nil { + return err + } + log.Printf("[INFO] Deleted Lightsail Static IP: %s", *out) + return nil +} diff --git a/builtin/providers/aws/resource_aws_lightsail_static_ip_test.go b/builtin/providers/aws/resource_aws_lightsail_static_ip_test.go new file mode 100644 index 0000000000..275a29f202 --- /dev/null +++ b/builtin/providers/aws/resource_aws_lightsail_static_ip_test.go @@ -0,0 +1,138 @@ +package aws + +import ( + "errors" + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/lightsail" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSLightsailStaticIp_basic(t *testing.T) { + var staticIp lightsail.StaticIp + staticIpName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLightsailStaticIpDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLightsailStaticIpConfig_basic(staticIpName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSLightsailStaticIpExists("aws_lightsail_static_ip.test", &staticIp), + ), + }, + }, + }) +} + +func TestAccAWSLightsailStaticIp_disappears(t *testing.T) { + var staticIp lightsail.StaticIp + staticIpName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + + staticIpDestroy := func(*terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).lightsailconn + _, err := conn.ReleaseStaticIp(&lightsail.ReleaseStaticIpInput{ + StaticIpName: aws.String(staticIpName), + }) + + if err != nil { + return fmt.Errorf("Error deleting Lightsail Static IP in disapear test") + } + + return nil + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLightsailStaticIpDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLightsailStaticIpConfig_basic(staticIpName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSLightsailStaticIpExists("aws_lightsail_static_ip.test", &staticIp), + staticIpDestroy, + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSLightsailStaticIpExists(n string, staticIp *lightsail.StaticIp) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return errors.New("No Lightsail Static IP ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).lightsailconn + + resp, err := conn.GetStaticIp(&lightsail.GetStaticIpInput{ + StaticIpName: aws.String(rs.Primary.ID), + }) + + if err != nil { + return err + } + + if resp == nil || resp.StaticIp == nil { + return fmt.Errorf("Static IP (%s) not found", rs.Primary.ID) + } + *staticIp = *resp.StaticIp + return nil + } +} + +func testAccCheckAWSLightsailStaticIpDestroy(s *terraform.State) error { + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_lightsail_static_ip" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).lightsailconn + + resp, err := conn.GetStaticIp(&lightsail.GetStaticIpInput{ + StaticIpName: aws.String(rs.Primary.ID), + }) + + if err == nil { + if resp.StaticIp != nil { + return fmt.Errorf("Lightsail Static IP %q still exists", rs.Primary.ID) + } + } + + // Verify the error + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "NotFoundException" { + return nil + } + } + return err + } + + return nil +} + +func testAccAWSLightsailStaticIpConfig_basic(staticIpName string) string { + return fmt.Sprintf(` +provider "aws" { + region = "us-east-1" +} +resource "aws_lightsail_static_ip" "test" { + name = "%s" +} +`, staticIpName) +} diff --git a/website/source/docs/providers/aws/r/lightsail_static_ip.html.markdown b/website/source/docs/providers/aws/r/lightsail_static_ip.html.markdown new file mode 100644 index 0000000000..b3617a432a --- /dev/null +++ b/website/source/docs/providers/aws/r/lightsail_static_ip.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "aws" +page_title: "AWS: aws_lightsail_static_ip" +sidebar_current: "docs-aws-resource-lightsail-static-ip" +description: |- + Provides an Lightsail Static IP +--- + +# aws\_lightsail\_static\_ip + +Allocates a static IP address. + +~> **Note:** Lightsail is currently only supported in `us-east-1` region. + +## Example Usage + +``` +resource "aws_lightsail_static_ip" "test" { + name = "example" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The name for the allocated static IP + +## Attributes Reference + +The following attributes are exported in addition to the arguments listed above: + +* `arn` - The ARN of the Lightsail static IP +* `ip_address` - The allocated static IP address +* `support_code` - The support code. diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index 73656110a0..312a3535d5 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -881,6 +881,10 @@ aws_lightsail_key_pair + > + aws_lightsail_static_ip + + From 7bf9534b2ac961a2cc7b2f06922cb32c8432af86 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Thu, 30 Mar 2017 15:01:51 +0100 Subject: [PATCH 054/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e151c9aa63..bcc42c4f49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ FEATURES: + * **New Resource:** `aws_lightsail_static_ip` [GH-13175] * **New Resource:** `kubernetes_secret` [GH-12960] IMPROVEMENTS: From 18513bcb8d1b011ef58e3c4ca144b448dd4b7257 Mon Sep 17 00:00:00 2001 From: lmorfitt Date: Thu, 30 Mar 2017 16:35:56 +0100 Subject: [PATCH 055/101] docs bug syntax change rev vs ref in docs. the default branch on hg is default, not master. --- website/source/docs/modules/sources.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/modules/sources.html.markdown b/website/source/docs/modules/sources.html.markdown index 0ab2978bc6..67162347f2 100644 --- a/website/source/docs/modules/sources.html.markdown +++ b/website/source/docs/modules/sources.html.markdown @@ -157,7 +157,7 @@ URLs for Mercurial repositories support the following query parameters: ``` module "consul" { - source = "hg::http://hashicorp.com/consul.hg?ref=master" + source = "hg::http://hashicorp.com/consul.hg?rev=default" } ``` From fc4cec3c40ac532c358526d8c6400ab1d0c5759f Mon Sep 17 00:00:00 2001 From: mathematician Date: Thu, 30 Mar 2017 11:09:11 -0500 Subject: [PATCH 056/101] Create AWS IAM Role data source, acceptance tests, documentation, and website link --- .../providers/aws/data_source_aws_iam_role.go | 67 +++++++++++++++++++ .../aws/data_source_aws_iam_role_test.go | 59 ++++++++++++++++ builtin/providers/aws/provider.go | 1 + .../providers/aws/d/iam_role.html.markdown | 35 ++++++++++ website/source/layouts/aws.erb | 3 + 5 files changed, 165 insertions(+) create mode 100644 builtin/providers/aws/data_source_aws_iam_role.go create mode 100644 builtin/providers/aws/data_source_aws_iam_role_test.go create mode 100644 website/source/docs/providers/aws/d/iam_role.html.markdown diff --git a/builtin/providers/aws/data_source_aws_iam_role.go b/builtin/providers/aws/data_source_aws_iam_role.go new file mode 100644 index 0000000000..f681268b96 --- /dev/null +++ b/builtin/providers/aws/data_source_aws_iam_role.go @@ -0,0 +1,67 @@ +package aws + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceAwsIAMRole() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsIAMRoleRead, + + Schema: map[string]*schema.Schema{ + "arn": { + Type: schema.TypeString, + Computed: true, + }, + "assume_role_policy_document": { + Type: schema.TypeString, + Computed: true, + }, + "path": { + Type: schema.TypeString, + Computed: true, + }, + "role_id": { + Type: schema.TypeString, + Computed: true, + }, + "role_name": { + Type: schema.TypeString, + Required: true, + }, + }, + } +} + +func dataSourceAwsIAMRoleRead(d *schema.ResourceData, meta interface{}) error { + iamconn := meta.(*AWSClient).iamconn + + roleName := d.Get("role_name").(string) + + req := &iam.GetRoleInput{ + RoleName: aws.String(roleName), + } + + resp, err := iamconn.GetRole(req) + if err != nil { + return errwrap.Wrapf("Error getting roles: {{err}}", err) + } + if resp == nil { + return fmt.Errorf("no IAM role found") + } + + role := resp.Role + + d.SetId(*role.RoleId) + d.Set("arn", role.Arn) + d.Set("assume_role_policy_document", role.AssumeRolePolicyDocument) + d.Set("path", role.Path) + d.Set("role_id", role.RoleId) + + return nil +} diff --git a/builtin/providers/aws/data_source_aws_iam_role_test.go b/builtin/providers/aws/data_source_aws_iam_role_test.go new file mode 100644 index 0000000000..160e5d49be --- /dev/null +++ b/builtin/providers/aws/data_source_aws_iam_role_test.go @@ -0,0 +1,59 @@ +package aws + +import ( + "regexp" + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAWSDataSourceIAMRole_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccAwsIAMRoleConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.aws_iam_role.test", "role_id"), + resource.TestCheckResourceAttr("data.aws_iam_role.test", "assume_role_policy_document", "%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D"), + resource.TestCheckResourceAttr("data.aws_iam_role.test", "path", "/testpath/"), + resource.TestCheckResourceAttr("data.aws_iam_role.test", "role_name", "TestRole"), + resource.TestMatchResourceAttr("data.aws_iam_role.test", "arn", regexp.MustCompile("^arn:aws:iam::[0-9]{12}:role/testpath/TestRole$")), + ), + }, + }, + }) +} + +const testAccAwsIAMRoleConfig = ` +provider "aws" { + region = "us-east-1" +} + +resource "aws_iam_role" "test_role" { + name = "TestRole" + + assume_role_policy = <> aws_iam_policy_document + > + aws_iam_role + > aws_iam_server_certificate From d17623891b2097d4e5a08bcd5737fc1434b66c11 Mon Sep 17 00:00:00 2001 From: Jake Champlin Date: Thu, 30 Mar 2017 12:37:15 -0400 Subject: [PATCH 057/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bcc42c4f49..66d5782976 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ FEATURES: * **New Resource:** `aws_lightsail_static_ip` [GH-13175] * **New Resource:** `kubernetes_secret` [GH-12960] + * **New Data Source:** `aws_iam_role` [GH-13213] IMPROVEMENTS: From 99c8c5302b5fd49f20e906ce26c5d50f88e600a6 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Thu, 30 Mar 2017 20:21:21 +0300 Subject: [PATCH 058/101] provider/aws: Document the AWS_IAM authorizer type for api_gateway_method (#13214) Fixes: #10497 --- .../docs/providers/aws/r/api_gateway_method.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/providers/aws/r/api_gateway_method.html.markdown b/website/source/docs/providers/aws/r/api_gateway_method.html.markdown index a5aa1fad20..3445f5ca03 100644 --- a/website/source/docs/providers/aws/r/api_gateway_method.html.markdown +++ b/website/source/docs/providers/aws/r/api_gateway_method.html.markdown @@ -39,7 +39,7 @@ The following arguments are supported: * `rest_api_id` - (Required) The ID of the associated REST API * `resource_id` - (Required) The API resource ID * `http_method` - (Required) The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTION`, `ANY`) -* `authorization` - (Required) The type of authorization used for the method (`NONE`, `CUSTOM`) +* `authorization` - (Required) The type of authorization used for the method (`NONE`, `CUSTOM`, `AWS_IAM`) * `authorizer_id` - (Optional) The authorizer id to be used when the authorization is `CUSTOM` * `api_key_required` - (Optional) Specify if the method requires an API key * `request_models` - (Optional) A map of the API models used for the request's content type From 912bd2f9777e7b16fbb594beaeca72af0a04bcaf Mon Sep 17 00:00:00 2001 From: Phillip Shipley Date: Thu, 30 Mar 2017 14:01:13 -0400 Subject: [PATCH 059/101] Possible correction regarding remote state files Documentation has "... people have to remove state files..." when I believe it should say "...people have to use remote state files...". --- website/source/docs/state/purpose.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/state/purpose.html.md b/website/source/docs/state/purpose.html.md index d6e9beb58f..7c2893abfd 100644 --- a/website/source/docs/state/purpose.html.md +++ b/website/source/docs/state/purpose.html.md @@ -88,7 +88,7 @@ state is treated as the record of truth. ## Syncing -The primary motivation people have to remove state files is in an attempt +The primary motivation people have to remote state files is in an attempt to improve using Terraform with teams. State files can easily result in conflicts when two people modify infrastructure at the same time. From a21b599a791d6ca6849076e50fd0f1657949ed94 Mon Sep 17 00:00:00 2001 From: Devon Hubner Date: Thu, 30 Mar 2017 16:23:31 -0400 Subject: [PATCH 060/101] Expanded Joyent Triton documentation (#13205) * Added triton_vlan and triton_fabric documentation. Added Data Center information to the Triton provider documentation. Added an Ubuntu example to triton_machine. Cleaned up a copy-and-paste error in the sidebar_current of the Front Matter. * fixed the active resource sidebar highlight * expanded triton firewall ssh example to include authorization for multiple source IPs --- .../source/docs/import/importability.html.md | 5 +- .../docs/providers/triton/index.html.markdown | 4 +- .../triton/r/triton_fabric.html.markdown | 88 +++++++++++++++++++ .../r/triton_firewall_rule.html.markdown | 21 ++++- .../triton/r/triton_key.html.markdown | 2 +- .../triton/r/triton_machine.html.markdown | 27 +++++- .../triton/r/triton_vlan.html.markdown | 37 ++++++++ website/source/layouts/triton.erb | 10 ++- 8 files changed, 180 insertions(+), 14 deletions(-) create mode 100644 website/source/docs/providers/triton/r/triton_fabric.html.markdown create mode 100644 website/source/docs/providers/triton/r/triton_vlan.html.markdown diff --git a/website/source/docs/import/importability.html.md b/website/source/docs/import/importability.html.md index e4c50e2edb..a9bac81e6d 100644 --- a/website/source/docs/import/importability.html.md +++ b/website/source/docs/import/importability.html.md @@ -177,7 +177,8 @@ To make a resource importable, please see the ### Triton -* triton_firewall_rule * triton_key -* triton_machine +* triton_firewall_rule * triton_vlan +* triton_fabric +* triton_machine diff --git a/website/source/docs/providers/triton/index.html.markdown b/website/source/docs/providers/triton/index.html.markdown index 01ab521dbd..4954f1291e 100644 --- a/website/source/docs/providers/triton/index.html.markdown +++ b/website/source/docs/providers/triton/index.html.markdown @@ -20,7 +20,7 @@ provider "triton" { key_material = "${file("~/.ssh/id_rsa")}" key_id = "25:d4:a9:fe:ef:e6:c0:bf:b4:4b:4b:d4:a8:8f:01:0f" - # If using a private installation of Triton, specify the URL + # Set the URL to specify the specific Triton Data Center: url = "https://us-west-1.api.joyentcloud.com" } ``` @@ -32,4 +32,4 @@ The following arguments are supported in the `provider` block: * `account` - (Required) This is the name of the Triton account. It can also be provided via the `SDC_ACCOUNT` environment variable. * `key_material` - (Required) This is the private key of an SSH key associated with the Triton account to be used. * `key_id` - (Required) This is the fingerprint of the public key matching the key specified in `key_path`. It can be obtained via the command `ssh-keygen -l -E md5 -f /path/to/key` -* `url` - (Optional) This is the URL to the Triton API endpoint. It is required if using a private installation of Triton. The default is to use the Joyent public cloud. +* `url` - (Optional) This is the URL to the Triton API endpoint. It is required if using a private installation of Triton. The default is to use the Joyent public cloud us-west-1 endpoint. Valid public cloud endpoints include: `us-east-1`, `us-east-2`, `us-east-3`, `us-sw-1`, `us-west-1`, `eu-ams-1` diff --git a/website/source/docs/providers/triton/r/triton_fabric.html.markdown b/website/source/docs/providers/triton/r/triton_fabric.html.markdown new file mode 100644 index 0000000000..609690cd77 --- /dev/null +++ b/website/source/docs/providers/triton/r/triton_fabric.html.markdown @@ -0,0 +1,88 @@ +--- +layout: "triton" +page_title: "Triton: triton_fabric" +sidebar_current: "docs-triton-resource-fabric" +description: |- + The `triton_fabric` resource represents an SSH fabric for a Triton account. +--- + +# triton\_fabric + +The `triton_fabric` resource represents an fabric for a Triton account. The fabric is a logical set of interconnected switches. + +## Example Usages + +### Create a fabric + + +``` +resource "triton_fabric" "dmz" { + vlan_id = 100 + name = "dmz" + description = "DMZ Network" + subnet = "10.60.1.0/24" + provision_start_ip = "10.60.1.10" + provision_end_ip = "10.60.1.240" + gateway = "10.60.1.1" + resolvers = ["8.8.8.8", "8.8.4.4"] +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `name` - (String, Required, Change forces new resource) + Network name. + +* `description` - (String, Optional, Change forces new resource) + Optional description of network. + +* `subnet` - (String, Required, Change forces new resource) + CIDR formatted string describing network. + +* `provision_start_ip` - (String, Required, Change forces new resource) + First IP on the network that can be assigned. + +* `provision_end_ip` - (String, Required, Change forces new resource) + Last assignable IP on the network. + +* `gateway` - (String, Optional, Change forces new resource) + Optional gateway IP. + +* `resolvers` - (List, Optional) + Array of IP addresses for resolvers. + +* `routes` - (Map, Optional, Change forces new resource) + Map of CIDR block to Gateway IP address. + +* `internet_nat` - (Bool, Optional, Change forces new resource) + If a NAT zone is provisioned at Gateway IP address. + +* `vlan_id` - (Int, Required, Change forces new resource) + VLAN id the network is on. Number between 0-4095 indicating VLAN ID. + + + + +## Attribute Reference + +The following attributes are exported: + +* `name` - (String) - Network name. +* `public` - (Bool) - Whether or not this is an RFC1918 network. +* `fabric` - (Bool) - Whether or not this network is on a fabric. +* `description` - (String) - Optional description of network. +* `subnet` - (String) - CIDR formatted string describing network. +* `provision_start_ip` - (String) - First IP on the network that can be assigned. +* `provision_end_ip` - (String) - Last assignable IP on the network. +* `gateway` - (String) - Optional gateway IP. +* `resolvers` - (List) - Array of IP addresses for resolvers. +* `routes` - (Map) - Map of CIDR block to Gateway IP address. +* `internet_nat` - (Bool) - If a NAT zone is provisioned at Gateway IP address. +* `vlan_id` - (Int) - VLAN id the network is on. Number between 0-4095 indicating VLAN ID. + + + + diff --git a/website/source/docs/providers/triton/r/triton_firewall_rule.html.markdown b/website/source/docs/providers/triton/r/triton_firewall_rule.html.markdown index ef31fd004b..1bb815f335 100644 --- a/website/source/docs/providers/triton/r/triton_firewall_rule.html.markdown +++ b/website/source/docs/providers/triton/r/triton_firewall_rule.html.markdown @@ -1,7 +1,7 @@ --- layout: "triton" page_title: "Triton: triton_firewall_rule" -sidebar_current: "docs-triton-firewall" +sidebar_current: "docs-triton-resource-firewall-rule" description: |- The `triton_firewall_rule` resource represents a rule for the Triton cloud firewall. --- @@ -12,7 +12,7 @@ The `triton_firewall_rule` resource represents a rule for the Triton cloud firew ## Example Usages -Allow traffic on ports tcp/80 and tcp/443 to machines with the 'www' tag from any source +### Allow web traffic on ports tcp/80 and tcp/443 to machines with the 'www' tag from any source ``` @@ -21,9 +21,22 @@ resource "triton_firewall_rule" "www" { enabled = true } ``` -Block traffic on port tcp/143 to all machines +### Allow ssh traffic on port tcp/22 to all machines from known remote IPs + + +``` +resource "triton_firewall_rule" "22" { + rule = "FROM IP (IP w.x.y.z OR IP w.x.y.z) TO all vms ALLOW tcp port 22" + enabled = true +} +``` + + + +### Block IMAP traffic on port tcp/143 to all machines + ``` resource "triton_firewall_rule" "imap" { rule = "FROM any TO all vms BLOCK tcp port 143" @@ -31,6 +44,8 @@ resource "triton_firewall_rule" "imap" { } ``` + + ## Argument Reference The following arguments are supported: diff --git a/website/source/docs/providers/triton/r/triton_key.html.markdown b/website/source/docs/providers/triton/r/triton_key.html.markdown index e87ce3cade..4d18fdc64b 100644 --- a/website/source/docs/providers/triton/r/triton_key.html.markdown +++ b/website/source/docs/providers/triton/r/triton_key.html.markdown @@ -1,7 +1,7 @@ --- layout: "triton" page_title: "Triton: triton_key" -sidebar_current: "docs-triton-firewall" +sidebar_current: "docs-triton-resource-key" description: |- The `triton_key` resource represents an SSH key for a Triton account. --- diff --git a/website/source/docs/providers/triton/r/triton_machine.html.markdown b/website/source/docs/providers/triton/r/triton_machine.html.markdown index f7a10f2856..c5f4d851d3 100644 --- a/website/source/docs/providers/triton/r/triton_machine.html.markdown +++ b/website/source/docs/providers/triton/r/triton_machine.html.markdown @@ -1,7 +1,7 @@ --- layout: "triton" page_title: "Triton: triton_machine" -sidebar_current: "docs-triton-firewall" +sidebar_current: "docs-triton-resource-machine" description: |- The `triton_machine` resource represents a virtual machine or infrastructure container running in Triton. --- @@ -12,12 +12,12 @@ The `triton_machine` resource represents a virtual machine or infrastructure con ## Example Usages -Run a SmartOS base-64 machine. +### Run a SmartOS base-64 machine. ``` -resource "triton_machine" "test" { - name = "example-machine" +resource "triton_machine" "test-smartos" { + name = "test-smartos" package = "g3-standard-0.25-smartos" image = "842e6fa6-6e9b-11e5-8402-1b490459e334" @@ -27,6 +27,25 @@ resource "triton_machine" "test" { } ``` +### Run an Ubuntu 14.04 LTS machine. + +``` +resource "triton_machine" "test-ubuntu" { + name = "test-ubuntu" + package = "g4-general-4G" + image = "1996a1d6-c0d9-11e6-8b80-4772e39dc920" + firewall_enabled = true + root_authorized_keys = "Example Key" + user_script = "#!/bin/bash\necho 'testing user-script' >> /tmp/test.out\nhostname $IMAGENAME" + + tags = { + purpose = "testing ubuntu" + } ## tags +} ## resource +``` + + + ## Argument Reference The following arguments are supported: diff --git a/website/source/docs/providers/triton/r/triton_vlan.html.markdown b/website/source/docs/providers/triton/r/triton_vlan.html.markdown new file mode 100644 index 0000000000..838cc43932 --- /dev/null +++ b/website/source/docs/providers/triton/r/triton_vlan.html.markdown @@ -0,0 +1,37 @@ +--- +layout: "triton" +page_title: "Triton: triton_vlan" +sidebar_current: "docs-triton-resource-vlan" +description: |- + The `triton_vlan` resource represents an VLAN for a Triton account. +--- + +# triton\_vlan + +The `triton_vlan` resource represents an Triton VLAN. A VLAN provides a low level way to segregate and subdivide the network. Traffic on one VLAN cannot, _on its own_, reach another VLAN. + +## Example Usages + +### Create a VLAN + + +``` +resource "triton_vlan" "dmz" { + vlan_id = 100 + name = "dmz" + description = "DMZ VLAN" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `vlan_id` - (int, Required, Change forces new resource) + Number between 0-4095 indicating VLAN ID + +* `name` - (string, Required) + Unique name to identify VLAN + +* `description` - (string, Optional) + Description of the VLAN diff --git a/website/source/layouts/triton.erb b/website/source/layouts/triton.erb index 1482a8b529..3e048b3ea6 100644 --- a/website/source/layouts/triton.erb +++ b/website/source/layouts/triton.erb @@ -14,11 +14,17 @@ Resources
    + > + triton_key + > triton_firewall_rule - > - triton_key + > + triton_vlan + + > + triton_fabric > triton_machine From 7fce65d427db8e6ad47c2d3f1f623bdc6d652b14 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Thu, 30 Mar 2017 23:42:16 +0300 Subject: [PATCH 061/101] provider/aws: Add DiffSuppression to aws_ecs_service placement_strategies (#13220) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: #13216 Prior to Terraform 0.9.2, we always set placement_strategies to lowercase. Therefore, people using it in Terraform 0.9.2 are getting continual diffs: ``` -/+ aws_ecs_service.mongo cluster: "arn:aws:ecs:us-west-2:187416307283:cluster/terraformecstest1" => "arn:aws:ecs:us-west-2:187416307283:cluster/terraformecstest1" deployment_maximum_percent: "200" => "200" deployment_minimum_healthy_percent: "100" => "100" desired_count: "1" => "1" name: "mongodb" => "mongodb" placement_strategy.#: "1" => "1" placement_strategy.1676812570.field: "instanceid" => "" (forces new resource) placement_strategy.1676812570.type: "spread" => "" (forces new resource) placement_strategy.3946258308.field: "" => "instanceId" (forces new resource) placement_strategy.3946258308.type: "" => "spread" (forces new resource) task_definition: "arn:aws:ecs:us-west-2:187416307283:task-definition/mongodb:1991" => "arn:aws:ecs:us-west-2:187416307283:task-definition/mongodb:1991" Plan: 1 to add, 0 to change, 1 to destroy. ``` This adds a DiffSuppression func to make sure this doesn't trigger a ForceNew resource: ``` % terraform plan ✹ ✭ [WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider. If you did not expect to see this message you will need to remove the old plugin. See https://www.terraform.io/docs/internals/internal-plugins.html Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_ecs_cluster.default: Refreshing state... (ID: arn:aws:e...ecstest1) aws_ecs_task_definition.mongo: Refreshing state... (ID: mongodb) aws_ecs_service.mongo: Refreshing state... (ID: arn:aws:e.../mongodb) No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, Terraform doesn't need to do anything. ``` ``` ``` --- builtin/providers/aws/resource_aws_ecs_service.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/builtin/providers/aws/resource_aws_ecs_service.go b/builtin/providers/aws/resource_aws_ecs_service.go index f763b08a90..80d2d44a1d 100644 --- a/builtin/providers/aws/resource_aws_ecs_service.go +++ b/builtin/providers/aws/resource_aws_ecs_service.go @@ -118,6 +118,12 @@ func resourceAwsEcsService() *schema.Resource { Type: schema.TypeString, ForceNew: true, Optional: true, + DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + if strings.ToLower(old) == strings.ToLower(new) { + return true + } + return false + }, }, }, }, From 90b73d421afe2104f6c27ee39cbad6dd8d1895d2 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Thu, 30 Mar 2017 23:43:11 +0300 Subject: [PATCH 062/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66d5782976..f9ac649e13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ BUG FIXES: * provider/aws: Increase timeouts for ELB [GH-13161] * provider/aws: `volume_type` of `aws_elasticsearch_domain.0.ebs_options` marked as `Computed` which prevents spurious diffs [GH-13160] * provider/aws: Don't set DBName on `aws_db_instance` from snapshot [GH-13140] + * provider/aws: Add DiffSuppression to aws_ecs_service placement_strategies [GH-13220] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From a0568e544f9abb073b2350d9d058e637cc6bc2f7 Mon Sep 17 00:00:00 2001 From: James Nugent Date: Thu, 30 Mar 2017 15:25:27 -0700 Subject: [PATCH 063/101] provider/triton: Move to joyent/triton-go (#13225) * provider/triton: Move to joyent/triton-go This commit moves the Triton provider to the new joyent/triton-go library from gosdc. This has a number of advantages - not least that requests can be signed using an SSH agent without having to keep unencrypted key material in memory. Schema has been maintained for all resources, and several tests have been added and acceptance tests repaired - in some cases by fixing bugs in the underlying resources. After applying this patch, all acceptance tests pass: ``` go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/30 13:48:33 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/triton -v -timeout 120m === RUN TestProvider --- PASS: TestProvider (0.00s) === RUN TestProvider_impl --- PASS: TestProvider_impl (0.00s) === RUN TestAccTritonFabric_basic --- PASS: TestAccTritonFabric_basic (15.11s) === RUN TestAccTritonFirewallRule_basic --- PASS: TestAccTritonFirewallRule_basic (1.48s) === RUN TestAccTritonFirewallRule_update --- PASS: TestAccTritonFirewallRule_update (1.55s) === RUN TestAccTritonFirewallRule_enable --- PASS: TestAccTritonFirewallRule_enable (1.52s) === RUN TestAccTritonKey_basic --- PASS: TestAccTritonKey_basic (11.76s) === RUN TestAccTritonKey_noKeyName --- PASS: TestAccTritonKey_noKeyName (11.20s) === RUN TestAccTritonMachine_basic --- PASS: TestAccTritonMachine_basic (82.19s) === RUN TestAccTritonMachine_dns --- PASS: TestAccTritonMachine_dns (173.36s) === RUN TestAccTritonMachine_nic --- PASS: TestAccTritonMachine_nic (167.82s) === RUN TestAccTritonMachine_addNIC --- PASS: TestAccTritonMachine_addNIC (192.11s) === RUN TestAccTritonMachine_firewall --- PASS: TestAccTritonMachine_firewall (188.53s) === RUN TestAccTritonMachine_metadata --- PASS: TestAccTritonMachine_metadata (614.57s) === RUN TestAccTritonVLAN_basic --- PASS: TestAccTritonVLAN_basic (0.93s) === RUN TestAccTritonVLAN_update --- PASS: TestAccTritonVLAN_update (1.50s) PASS ok github.com/hashicorp/terraform/builtin/providers/triton 1463.621s ``` * provider/triton: Update docs for provider config * deps: Vendor github.com/joyent/triton-go/... * deps: Remove github.com/joyent/gosdc --- builtin/providers/triton/provider.go | 127 +++-- builtin/providers/triton/provider_test.go | 6 +- builtin/providers/triton/resource_fabric.go | 92 ++-- .../providers/triton/resource_fabric_test.go | 47 +- .../triton/resource_firewall_rule.go | 83 ++- .../triton/resource_firewall_rule_test.go | 54 +- builtin/providers/triton/resource_key.go | 76 ++- builtin/providers/triton/resource_key_test.go | 75 ++- builtin/providers/triton/resource_machine.go | 386 ++++++++------ .../providers/triton/resource_machine_test.go | 218 ++++---- builtin/providers/triton/resource_vlan.go | 85 ++-- .../providers/triton/resource_vlan_test.go | 69 +-- builtin/providers/triton/utils.go | 30 -- .../joyent/gosdc/cloudapi/cloudapi.go | 127 ----- .../joyent/gosdc/cloudapi/datacenters.go | 41 -- .../joyent/gosdc/cloudapi/fabrics.go | 182 ------- .../joyent/gosdc/cloudapi/firewalls.go | 144 ------ .../joyent/gosdc/cloudapi/images.go | 133 ----- .../joyent/gosdc/cloudapi/instrumentations.go | 216 -------- .../github.com/joyent/gosdc/cloudapi/keys.go | 90 ---- .../joyent/gosdc/cloudapi/machine_firewall.go | 52 -- .../joyent/gosdc/cloudapi/machine_metadata.go | 70 --- .../joyent/gosdc/cloudapi/machine_nics.go | 95 ---- .../gosdc/cloudapi/machine_snapshots.go | 96 ---- .../joyent/gosdc/cloudapi/machine_tags.go | 103 ---- .../joyent/gosdc/cloudapi/machines.go | 307 ------------ .../joyent/gosdc/cloudapi/networks.go | 44 -- .../joyent/gosdc/cloudapi/packages.go | 53 -- .../joyent/gosdc/cloudapi/services.go | 20 - .../joyent/{gosdc => triton-go}/LICENSE | 0 vendor/github.com/joyent/triton-go/README.md | 216 ++++++++ .../github.com/joyent/triton-go/accounts.go | 92 ++++ .../authentication/ecdsa_signature.go | 66 +++ .../authentication/private_key_signer.go | 73 +++ .../triton-go/authentication/rsa_signature.go | 25 + .../triton-go/authentication/signature.go | 27 + .../joyent/triton-go/authentication/signer.go | 7 + .../authentication/ssh_agent_signer.go | 104 ++++ .../joyent/triton-go/authentication/util.go | 29 ++ vendor/github.com/joyent/triton-go/client.go | 179 +++++++ vendor/github.com/joyent/triton-go/config.go | 71 +++ .../joyent/triton-go/datacenters.go | 90 ++++ vendor/github.com/joyent/triton-go/errors.go | 126 +++++ vendor/github.com/joyent/triton-go/fabrics.go | 232 +++++++++ .../github.com/joyent/triton-go/firewall.go | 212 ++++++++ vendor/github.com/joyent/triton-go/images.go | 204 ++++++++ vendor/github.com/joyent/triton-go/keys.go | 122 +++++ .../github.com/joyent/triton-go/machines.go | 472 ++++++++++++++++++ .../github.com/joyent/triton-go/networks.go | 77 +++ .../github.com/joyent/triton-go/packages.go | 85 ++++ vendor/github.com/joyent/triton-go/roles.go | 159 ++++++ .../github.com/joyent/triton-go/services.go | 63 +++ vendor/vendor.json | 18 +- .../docs/providers/triton/index.html.markdown | 14 +- website/source/layouts/triton.erb | 2 +- 55 files changed, 3499 insertions(+), 2387 deletions(-) delete mode 100644 builtin/providers/triton/utils.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/cloudapi.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/datacenters.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/fabrics.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/firewalls.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/images.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/instrumentations.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/keys.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/machine_firewall.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/machine_metadata.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/machine_nics.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/machine_snapshots.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/machine_tags.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/machines.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/networks.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/packages.go delete mode 100644 vendor/github.com/joyent/gosdc/cloudapi/services.go rename vendor/github.com/joyent/{gosdc => triton-go}/LICENSE (100%) create mode 100644 vendor/github.com/joyent/triton-go/README.md create mode 100644 vendor/github.com/joyent/triton-go/accounts.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/private_key_signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/rsa_signature.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/signature.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go create mode 100644 vendor/github.com/joyent/triton-go/authentication/util.go create mode 100644 vendor/github.com/joyent/triton-go/client.go create mode 100644 vendor/github.com/joyent/triton-go/config.go create mode 100644 vendor/github.com/joyent/triton-go/datacenters.go create mode 100644 vendor/github.com/joyent/triton-go/errors.go create mode 100644 vendor/github.com/joyent/triton-go/fabrics.go create mode 100644 vendor/github.com/joyent/triton-go/firewall.go create mode 100644 vendor/github.com/joyent/triton-go/images.go create mode 100644 vendor/github.com/joyent/triton-go/keys.go create mode 100644 vendor/github.com/joyent/triton-go/machines.go create mode 100644 vendor/github.com/joyent/triton-go/networks.go create mode 100644 vendor/github.com/joyent/triton-go/packages.go create mode 100644 vendor/github.com/joyent/triton-go/roles.go create mode 100644 vendor/github.com/joyent/triton-go/services.go diff --git a/builtin/providers/triton/provider.go b/builtin/providers/triton/provider.go index 216ed1c08e..31e3659e9c 100644 --- a/builtin/providers/triton/provider.go +++ b/builtin/providers/triton/provider.go @@ -1,41 +1,43 @@ package triton import ( - "fmt" - "log" - "os" + "crypto/md5" + "encoding/base64" + "errors" + "sort" + "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-multierror" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/terraform" - "github.com/joyent/gocommon/client" - "github.com/joyent/gosdc/cloudapi" - "github.com/joyent/gosign/auth" + "github.com/joyent/triton-go" + "github.com/joyent/triton-go/authentication" ) // Provider returns a terraform.ResourceProvider. func Provider() terraform.ResourceProvider { return &schema.Provider{ Schema: map[string]*schema.Schema{ - "account": &schema.Schema{ + "account": { Type: schema.TypeString, Required: true, DefaultFunc: schema.EnvDefaultFunc("SDC_ACCOUNT", ""), }, - "url": &schema.Schema{ + "url": { Type: schema.TypeString, Required: true, DefaultFunc: schema.EnvDefaultFunc("SDC_URL", "https://us-west-1.api.joyentcloud.com"), }, - "key_material": &schema.Schema{ + "key_material": { Type: schema.TypeString, - Required: true, + Optional: true, DefaultFunc: schema.EnvDefaultFunc("SDC_KEY_MATERIAL", ""), }, - "key_id": &schema.Schema{ + "key_id": { Type: schema.TypeString, Required: true, DefaultFunc: schema.EnvDefaultFunc("SDC_KEY_ID", ""), @@ -53,70 +55,113 @@ func Provider() terraform.ResourceProvider { } } -type SDCConfig struct { +type Config struct { Account string KeyMaterial string KeyID string URL string } -func (c SDCConfig) validate() error { +func (c Config) validate() error { var err *multierror.Error if c.URL == "" { - err = multierror.Append(err, fmt.Errorf("URL must be configured for the Triton provider")) - } - if c.KeyMaterial == "" { - err = multierror.Append(err, fmt.Errorf("Key Material must be configured for the Triton provider")) + err = multierror.Append(err, errors.New("URL must be configured for the Triton provider")) } if c.KeyID == "" { - err = multierror.Append(err, fmt.Errorf("Key ID must be configured for the Triton provider")) + err = multierror.Append(err, errors.New("Key ID must be configured for the Triton provider")) } if c.Account == "" { - err = multierror.Append(err, fmt.Errorf("Account must be configured for the Triton provider")) + err = multierror.Append(err, errors.New("Account must be configured for the Triton provider")) } return err.ErrorOrNil() } -func (c SDCConfig) getSDCClient() (*cloudapi.Client, error) { - userauth, err := auth.NewAuth(c.Account, c.KeyMaterial, "rsa-sha256") +func (c Config) getTritonClient() (*triton.Client, error) { + var signer authentication.Signer + var err error + if c.KeyMaterial == "" { + signer, err = authentication.NewSSHAgentSigner(c.KeyID, c.Account) + if err != nil { + return nil, errwrap.Wrapf("Error Creating SSH Agent Signer: {{err}}", err) + } + } else { + signer, err = authentication.NewPrivateKeySigner(c.KeyID, []byte(c.KeyMaterial), c.Account) + if err != nil { + return nil, errwrap.Wrapf("Error Creating SSH Private Key Signer: {{err}}", err) + } + } + + client, err := triton.NewClient(c.URL, c.Account, signer) if err != nil { - return nil, err + return nil, errwrap.Wrapf("Error Creating Triton Client: {{err}}", err) } - creds := &auth.Credentials{ - UserAuthentication: userauth, - SdcKeyId: c.KeyID, - SdcEndpoint: auth.Endpoint{URL: c.URL}, - } - - client := cloudapi.New(client.NewClient( - c.URL, - cloudapi.DefaultAPIVersion, - creds, - log.New(os.Stderr, "", log.LstdFlags), - )) - return client, nil } func providerConfigure(d *schema.ResourceData) (interface{}, error) { - config := SDCConfig{ - Account: d.Get("account").(string), - URL: d.Get("url").(string), - KeyMaterial: d.Get("key_material").(string), - KeyID: d.Get("key_id").(string), + config := Config{ + Account: d.Get("account").(string), + URL: d.Get("url").(string), + KeyID: d.Get("key_id").(string), + } + + if keyMaterial, ok := d.GetOk("key_material"); ok { + config.KeyMaterial = keyMaterial.(string) } if err := config.validate(); err != nil { return nil, err } - client, err := config.getSDCClient() + client, err := config.getTritonClient() if err != nil { return nil, err } return client, nil } + +func resourceExists(resource interface{}, err error) (bool, error) { + if err != nil { + if triton.IsResourceNotFound(err) { + return false, nil + } + + return false, err + } + + return resource != nil, nil +} + +func stableMapHash(input map[string]string) string { + keys := make([]string, 0, len(input)) + for k := range input { + keys = append(keys, k) + } + sort.Strings(keys) + + hash := md5.New() + for _, key := range keys { + hash.Write([]byte(key)) + hash.Write([]byte(input[key])) + } + + return base64.StdEncoding.EncodeToString(hash.Sum([]byte{})) +} + +var fastResourceTimeout = &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(1 * time.Minute), + Read: schema.DefaultTimeout(30 * time.Second), + Update: schema.DefaultTimeout(1 * time.Minute), + Delete: schema.DefaultTimeout(1 * time.Minute), +} + +var slowResourceTimeout = &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(10 * time.Minute), + Read: schema.DefaultTimeout(30 * time.Second), + Update: schema.DefaultTimeout(10 * time.Minute), + Delete: schema.DefaultTimeout(10 * time.Minute), +} diff --git a/builtin/providers/triton/provider_test.go b/builtin/providers/triton/provider_test.go index 2aa283ec33..11b962aca2 100644 --- a/builtin/providers/triton/provider_test.go +++ b/builtin/providers/triton/provider_test.go @@ -32,13 +32,13 @@ func testAccPreCheck(t *testing.T) { sdcURL := os.Getenv("SDC_URL") account := os.Getenv("SDC_ACCOUNT") keyID := os.Getenv("SDC_KEY_ID") - keyMaterial := os.Getenv("SDC_KEY_MATERIAL") if sdcURL == "" { sdcURL = "https://us-west-1.api.joyentcloud.com" } - if sdcURL == "" || account == "" || keyID == "" || keyMaterial == "" { - t.Fatal("SDC_ACCOUNT, SDC_KEY_ID and SDC_KEY_MATERIAL must be set for acceptance tests") + if sdcURL == "" || account == "" || keyID == "" { + t.Fatal("SDC_ACCOUNT and SDC_KEY_ID must be set for acceptance tests. To test with the SSH" + + " private key signer, SDC_KEY_MATERIAL must also be set.") } } diff --git a/builtin/providers/triton/resource_fabric.go b/builtin/providers/triton/resource_fabric.go index be85a4381a..5e672b3e56 100644 --- a/builtin/providers/triton/resource_fabric.go +++ b/builtin/providers/triton/resource_fabric.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/hashicorp/terraform/helper/schema" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func resourceFabric() *schema.Resource { @@ -16,74 +16,74 @@ func resourceFabric() *schema.Resource { Schema: map[string]*schema.Schema{ "name": { - Description: "network name", + Description: "Network name", Required: true, ForceNew: true, Type: schema.TypeString, }, "public": { - Description: "whether or not this is an RFC1918 network", + Description: "Whether or not this is an RFC1918 network", Computed: true, Type: schema.TypeBool, }, "fabric": { - Description: "whether or not this network is on a fabric", + Description: "Whether or not this network is on a fabric", Computed: true, Type: schema.TypeBool, }, "description": { - Description: "optional description of network", + Description: "Description of network", Optional: true, ForceNew: true, Type: schema.TypeString, }, "subnet": { - Description: "CIDR formatted string describing network", + Description: "CIDR formatted string describing network address space", Required: true, ForceNew: true, Type: schema.TypeString, }, "provision_start_ip": { - Description: "first IP on the network that can be assigned", + Description: "First IP on the network that can be assigned", Required: true, ForceNew: true, Type: schema.TypeString, }, "provision_end_ip": { - Description: "last assignable IP on the network", + Description: "Last assignable IP on the network", Required: true, ForceNew: true, Type: schema.TypeString, }, "gateway": { - Description: "optional gateway IP", + Description: "Gateway IP", Optional: true, ForceNew: true, Type: schema.TypeString, }, "resolvers": { - Description: "array of IP addresses for resolvers", + Description: "List of IP addresses for DNS resolvers", Optional: true, Computed: true, Type: schema.TypeList, Elem: &schema.Schema{Type: schema.TypeString}, }, "routes": { - Description: "map of CIDR block to Gateway IP address", + Description: "Map of CIDR block to Gateway IP address", Computed: true, Optional: true, ForceNew: true, Type: schema.TypeMap, }, "internet_nat": { - Description: "if a NAT zone is provisioned at Gateway IP address", + Description: "Whether or not a NAT zone is provisioned at the Gateway IP address", Computed: true, Optional: true, ForceNew: true, Type: schema.TypeBool, }, "vlan_id": { - Description: "VLAN network is on", + Description: "VLAN on which the network exists", Required: true, ForceNew: true, Type: schema.TypeInt, @@ -93,7 +93,7 @@ func resourceFabric() *schema.Resource { } func resourceFabricCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) var resolvers []string for _, resolver := range d.Get("resolvers").([]interface{}) { @@ -104,24 +104,23 @@ func resourceFabricCreate(d *schema.ResourceData, meta interface{}) error { for cidr, v := range d.Get("routes").(map[string]interface{}) { ip, ok := v.(string) if !ok { - return fmt.Errorf(`cannot use "%v" as an IP address`, v) + return fmt.Errorf(`Cannot use "%v" as an IP address`, v) } routes[cidr] = ip } - fabric, err := client.CreateFabricNetwork( - int16(d.Get("vlan_id").(int)), - cloudapi.CreateFabricNetworkOpts{ - Name: d.Get("name").(string), - Description: d.Get("description").(string), - Subnet: d.Get("subnet").(string), - ProvisionStartIp: d.Get("provision_start_ip").(string), - ProvisionEndIp: d.Get("provision_end_ip").(string), - Gateway: d.Get("gateway").(string), - Resolvers: resolvers, - Routes: routes, - InternetNAT: d.Get("internet_nat").(bool), - }, + fabric, err := client.Fabrics().CreateFabricNetwork(&triton.CreateFabricNetworkInput{ + FabricVLANID: d.Get("vlan_id").(int), + Name: d.Get("name").(string), + Description: d.Get("description").(string), + Subnet: d.Get("subnet").(string), + ProvisionStartIP: d.Get("provision_start_ip").(string), + ProvisionEndIP: d.Get("provision_end_ip").(string), + Gateway: d.Get("gateway").(string), + Resolvers: resolvers, + Routes: routes, + InternetNAT: d.Get("internet_nat").(bool), + }, ) if err != nil { return err @@ -129,26 +128,25 @@ func resourceFabricCreate(d *schema.ResourceData, meta interface{}) error { d.SetId(fabric.Id) - err = resourceFabricRead(d, meta) - if err != nil { - return err - } - - return nil + return resourceFabricRead(d, meta) } func resourceFabricExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - fabric, err := client.GetFabricNetwork(int16(d.Get("vlan_id").(int)), d.Id()) - - return fabric != nil && err == nil, err + return resourceExists(client.Fabrics().GetFabricNetwork(&triton.GetFabricNetworkInput{ + FabricVLANID: d.Get("vlan_id").(int), + NetworkID: d.Id(), + })) } func resourceFabricRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - fabric, err := client.GetFabricNetwork(int16(d.Get("vlan_id").(int)), d.Id()) + fabric, err := client.Fabrics().GetFabricNetwork(&triton.GetFabricNetworkInput{ + FabricVLANID: d.Get("vlan_id").(int), + NetworkID: d.Id(), + }) if err != nil { return err } @@ -156,23 +154,25 @@ func resourceFabricRead(d *schema.ResourceData, meta interface{}) error { d.SetId(fabric.Id) d.Set("name", fabric.Name) d.Set("public", fabric.Public) - d.Set("public", fabric.Public) d.Set("fabric", fabric.Fabric) d.Set("description", fabric.Description) d.Set("subnet", fabric.Subnet) - d.Set("provision_start_ip", fabric.ProvisionStartIp) - d.Set("provision_end_ip", fabric.ProvisionEndIp) + d.Set("provision_start_ip", fabric.ProvisioningStartIP) + d.Set("provision_end_ip", fabric.ProvisioningEndIP) d.Set("gateway", fabric.Gateway) d.Set("resolvers", fabric.Resolvers) d.Set("routes", fabric.Routes) d.Set("internet_nat", fabric.InternetNAT) - d.Set("vlan_id", fabric.VLANId) + d.Set("vlan_id", d.Get("vlan_id").(int)) return nil } func resourceFabricDelete(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - return client.DeleteFabricNetwork(int16(d.Get("vlan_id").(int)), d.Id()) + return client.Fabrics().DeleteFabricNetwork(&triton.DeleteFabricNetworkInput{ + FabricVLANID: d.Get("vlan_id").(int), + NetworkID: d.Id(), + }) } diff --git a/builtin/providers/triton/resource_fabric_test.go b/builtin/providers/triton/resource_fabric_test.go index a6b1d88473..ec91eac009 100644 --- a/builtin/providers/triton/resource_fabric_test.go +++ b/builtin/providers/triton/resource_fabric_test.go @@ -9,19 +9,19 @@ import ( "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func TestAccTritonFabric_basic(t *testing.T) { fabricName := fmt.Sprintf("acctest-%d", acctest.RandInt()) - config := fmt.Sprintf(testAccTritonFabric_basic, fabricName) + config := fmt.Sprintf(testAccTritonFabric_basic, acctest.RandIntRange(3, 2049), fabricName, fabricName) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testCheckTritonFabricDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: config, Check: resource.ComposeTestCheckFunc( testCheckTritonFabricExists("triton_fabric.test"), @@ -37,62 +37,75 @@ func TestAccTritonFabric_basic(t *testing.T) { func testCheckTritonFabricExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { - // Ensure we have enough information in state to look up in API rs, ok := s.RootModule().Resources[name] if !ok { return fmt.Errorf("Not found: %s", name) } - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) - id, err := strconv.ParseInt(rs.Primary.Attributes["vlan_id"], 10, 16) + vlanID, err := strconv.Atoi(rs.Primary.Attributes["vlan_id"]) if err != nil { return err } - fabric, err := conn.GetFabricNetwork(int16(id), rs.Primary.ID) + exists, err := resourceExists(conn.Fabrics().GetFabricNetwork(&triton.GetFabricNetworkInput{ + FabricVLANID: vlanID, + NetworkID: rs.Primary.ID, + })) if err != nil { - return fmt.Errorf("Bad: Check Fabric Exists: %s", err) + return fmt.Errorf("Error: Check Fabric Exists: %s", err) } - if fabric == nil { - return fmt.Errorf("Bad: Fabric %q does not exist", rs.Primary.ID) + if exists { + return nil } - return nil + return fmt.Errorf("Error: Fabric %q (VLAN %d) Does Not Exist", rs.Primary.ID, vlanID) } } func testCheckTritonFabricDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) for _, rs := range s.RootModule().Resources { if rs.Type != "triton_fabric" { continue } - id, err := strconv.ParseInt(rs.Primary.Attributes["vlan_id"], 10, 16) + vlanID, err := strconv.Atoi(rs.Primary.Attributes["vlan_id"]) if err != nil { return err } - fabric, err := conn.GetFabricNetwork(int16(id), rs.Primary.ID) + exists, err := resourceExists(conn.Fabrics().GetFabricNetwork(&triton.GetFabricNetworkInput{ + FabricVLANID: vlanID, + NetworkID: rs.Primary.ID, + })) if err != nil { return nil } - if fabric != nil { - return fmt.Errorf("Bad: Fabric %q still exists", rs.Primary.ID) + if exists { + return fmt.Errorf("Error: Fabric %q (VLAN %d) Still Exists", rs.Primary.ID, vlanID) } + + return nil } return nil } var testAccTritonFabric_basic = ` +resource "triton_vlan" "test" { + vlan_id = "%d" + name = "%s" + description = "testAccTritonFabric_basic" +} + resource "triton_fabric" "test" { name = "%s" description = "test network" - vlan_id = 2 # every DC seems to have a vlan 2 available + vlan_id = "${triton_vlan.test.id}" subnet = "10.0.0.0/22" gateway = "10.0.0.1" diff --git a/builtin/providers/triton/resource_firewall_rule.go b/builtin/providers/triton/resource_firewall_rule.go index af43dbaff1..afa3f012ca 100644 --- a/builtin/providers/triton/resource_firewall_rule.go +++ b/builtin/providers/triton/resource_firewall_rule.go @@ -2,8 +2,7 @@ package triton import ( "github.com/hashicorp/terraform/helper/schema" - "github.com/joyent/gocommon/errors" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func resourceFirewallRule() *schema.Resource { @@ -14,7 +13,7 @@ func resourceFirewallRule() *schema.Resource { Update: resourceFirewallRuleUpdate, Delete: resourceFirewallRuleDelete, Importer: &schema.ResourceImporter{ - State: resourceFirewallRuleImporter, + State: schema.ImportStatePassthrough, }, Schema: map[string]*schema.Schema{ @@ -29,67 +28,73 @@ func resourceFirewallRule() *schema.Resource { Optional: true, Default: false, }, + "description": { + Description: "Human-readable description of the rule", + Type: schema.TypeString, + Optional: true, + }, + "global": { + Description: "Indicates whether or not the rule is global", + Type: schema.TypeBool, + Computed: true, + }, }, } } func resourceFirewallRuleCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - rule, err := client.CreateFirewallRule(cloudapi.CreateFwRuleOpts{ - Rule: d.Get("rule").(string), - Enabled: d.Get("enabled").(bool), + rule, err := client.Firewall().CreateFirewallRule(&triton.CreateFirewallRuleInput{ + Rule: d.Get("rule").(string), + Enabled: d.Get("enabled").(bool), + Description: d.Get("description").(string), }) if err != nil { return err } - d.SetId(rule.Id) + d.SetId(rule.ID) - err = resourceFirewallRuleRead(d, meta) - if err != nil { - return err - } - - return nil + return resourceFirewallRuleRead(d, meta) } func resourceFirewallRuleExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - rule, err := client.GetFirewallRule(d.Id()) - if errors.IsResourceNotFound(err) { - return false, nil - } - - return rule != nil && err == nil, err + return resourceExists(client.Firewall().GetFirewallRule(&triton.GetFirewallRuleInput{ + ID: d.Id(), + })) } func resourceFirewallRuleRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - rule, err := client.GetFirewallRule(d.Id()) + rule, err := client.Firewall().GetFirewallRule(&triton.GetFirewallRuleInput{ + ID: d.Id(), + }) if err != nil { return err } - d.SetId(rule.Id) + d.SetId(rule.ID) d.Set("rule", rule.Rule) d.Set("enabled", rule.Enabled) + d.Set("global", rule.Global) + d.Set("description", rule.Description) return nil } func resourceFirewallRuleUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - _, err := client.UpdateFirewallRule( - d.Id(), - cloudapi.CreateFwRuleOpts{ - Rule: d.Get("rule").(string), - Enabled: d.Get("enabled").(bool), - }, - ) + _, err := client.Firewall().UpdateFirewallRule(&triton.UpdateFirewallRuleInput{ + ID: d.Id(), + Rule: d.Get("rule").(string), + Enabled: d.Get("enabled").(bool), + Description: d.Get("description").(string), + }) if err != nil { return err } @@ -98,15 +103,9 @@ func resourceFirewallRuleUpdate(d *schema.ResourceData, meta interface{}) error } func resourceFirewallRuleDelete(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - if err := client.DeleteFirewallRule(d.Id()); err != nil { - return err - } - - return nil -} - -func resourceFirewallRuleImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - return []*schema.ResourceData{d}, nil + return client.Firewall().DeleteFirewallRule(&triton.DeleteFirewallRuleInput{ + ID: d.Id(), + }) } diff --git a/builtin/providers/triton/resource_firewall_rule_test.go b/builtin/providers/triton/resource_firewall_rule_test.go index 2c3c8cdde2..199c463305 100644 --- a/builtin/providers/triton/resource_firewall_rule_test.go +++ b/builtin/providers/triton/resource_firewall_rule_test.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func TestAccTritonFirewallRule_basic(t *testing.T) { @@ -17,7 +17,7 @@ func TestAccTritonFirewallRule_basic(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonFirewallRuleDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: config, Check: resource.ComposeTestCheckFunc( testCheckTritonFirewallRuleExists("triton_firewall_rule.test"), @@ -36,20 +36,20 @@ func TestAccTritonFirewallRule_update(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonFirewallRuleDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: preConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonFirewallRuleExists("triton_firewall_rule.test"), - resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag www ALLOW tcp PORT 80"), + resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag \"www\" ALLOW tcp PORT 80"), resource.TestCheckResourceAttr("triton_firewall_rule.test", "enabled", "false"), ), }, - resource.TestStep{ + { Config: postConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonFirewallRuleExists("triton_firewall_rule.test"), - resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag www BLOCK tcp PORT 80"), + resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag \"www\" BLOCK tcp PORT 80"), resource.TestCheckResourceAttr("triton_firewall_rule.test", "enabled", "true"), ), }, @@ -66,20 +66,20 @@ func TestAccTritonFirewallRule_enable(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonFirewallRuleDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: preConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonFirewallRuleExists("triton_firewall_rule.test"), - resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag www ALLOW tcp PORT 80"), + resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag \"www\" ALLOW tcp PORT 80"), resource.TestCheckResourceAttr("triton_firewall_rule.test", "enabled", "false"), ), }, - resource.TestStep{ + { Config: postConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonFirewallRuleExists("triton_firewall_rule.test"), - resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag www ALLOW tcp PORT 80"), + resource.TestCheckResourceAttr("triton_firewall_rule.test", "rule", "FROM any TO tag \"www\" ALLOW tcp PORT 80"), resource.TestCheckResourceAttr("triton_firewall_rule.test", "enabled", "true"), ), }, @@ -94,15 +94,19 @@ func testCheckTritonFirewallRuleExists(name string) resource.TestCheckFunc { if !ok { return fmt.Errorf("Not found: %s", name) } - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) - rule, err := conn.GetFirewallRule(rs.Primary.ID) - if err != nil { + resp, err := conn.Firewall().GetFirewallRule(&triton.GetFirewallRuleInput{ + ID: rs.Primary.ID, + }) + if err != nil && triton.IsResourceNotFound(err) { return fmt.Errorf("Bad: Check Firewall Rule Exists: %s", err) + } else if err != nil { + return err } - if rule == nil { - return fmt.Errorf("Bad: Firewall rule %q does not exist", rs.Primary.ID) + if resp == nil { + return fmt.Errorf("Bad: Firewall Rule %q does not exist", rs.Primary.ID) } return nil @@ -110,20 +114,24 @@ func testCheckTritonFirewallRuleExists(name string) resource.TestCheckFunc { } func testCheckTritonFirewallRuleDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) for _, rs := range s.RootModule().Resources { if rs.Type != "triton_firewall_rule" { continue } - resp, err := conn.GetFirewallRule(rs.Primary.ID) - if err != nil { + resp, err := conn.Firewall().GetFirewallRule(&triton.GetFirewallRuleInput{ + ID: rs.Primary.ID, + }) + if triton.IsResourceNotFound(err) { return nil + } else if err != nil { + return err } if resp != nil { - return fmt.Errorf("Bad: Firewall rule %q still exists", rs.Primary.ID) + return fmt.Errorf("Bad: Firewall Rule %q still exists", rs.Primary.ID) } } @@ -132,21 +140,21 @@ func testCheckTritonFirewallRuleDestroy(s *terraform.State) error { var testAccTritonFirewallRule_basic = ` resource "triton_firewall_rule" "test" { - rule = "FROM any TO tag www ALLOW tcp PORT 80" - enabled = false + rule = "FROM any TO tag \"www\" ALLOW tcp PORT 80" + enabled = false } ` var testAccTritonFirewallRule_update = ` resource "triton_firewall_rule" "test" { - rule = "FROM any TO tag www BLOCK tcp PORT 80" + rule = "FROM any TO tag \"www\" BLOCK tcp PORT 80" enabled = true } ` var testAccTritonFirewallRule_enable = ` resource "triton_firewall_rule" "test" { - rule = "FROM any TO tag www ALLOW tcp PORT 80" + rule = "FROM any TO tag \"www\" ALLOW tcp PORT 80" enabled = true } ` diff --git a/builtin/providers/triton/resource_key.go b/builtin/providers/triton/resource_key.go index aa730a48d7..31b03de1c5 100644 --- a/builtin/providers/triton/resource_key.go +++ b/builtin/providers/triton/resource_key.go @@ -5,35 +5,30 @@ import ( "strings" "github.com/hashicorp/terraform/helper/schema" - "github.com/joyent/gosdc/cloudapi" -) - -var ( - // ErrNoKeyComment will be returned when the key name cannot be generated from - // the key comment and is not otherwise specified. - ErrNoKeyComment = errors.New("no key comment found to use as a name (and none specified)") + "github.com/joyent/triton-go" ) func resourceKey() *schema.Resource { return &schema.Resource{ - Create: resourceKeyCreate, - Exists: resourceKeyExists, - Read: resourceKeyRead, - Delete: resourceKeyDelete, + Create: resourceKeyCreate, + Exists: resourceKeyExists, + Read: resourceKeyRead, + Delete: resourceKeyDelete, + Timeouts: fastResourceTimeout, Importer: &schema.ResourceImporter{ - State: resourceKeyImporter, + State: schema.ImportStatePassthrough, }, Schema: map[string]*schema.Schema{ - "name": &schema.Schema{ - Description: "name of this key (will be generated from the key comment, if not set and comment present)", + "name": { + Description: "Name of the key (generated from the key comment if not set)", Type: schema.TypeString, Optional: true, Computed: true, ForceNew: true, }, - "key": &schema.Schema{ - Description: "content of public key from disk", + "key": { + Description: "Content of public key from disk in OpenSSH format", Type: schema.TypeString, Required: true, ForceNew: true, @@ -43,18 +38,18 @@ func resourceKey() *schema.Resource { } func resourceKeyCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - if d.Get("name").(string) == "" { + if keyName := d.Get("name").(string); keyName == "" { parts := strings.SplitN(d.Get("key").(string), " ", 3) if len(parts) == 3 { d.Set("name", parts[2]) } else { - return ErrNoKeyComment + return errors.New("No key name specified, and key material has no comment") } } - _, err := client.CreateKey(cloudapi.CreateKeyOpts{ + _, err := client.Keys().CreateKey(&triton.CreateKeyInput{ Name: d.Get("name").(string), Key: d.Get("key").(string), }) @@ -64,35 +59,28 @@ func resourceKeyCreate(d *schema.ResourceData, meta interface{}) error { d.SetId(d.Get("name").(string)) - err = resourceKeyRead(d, meta) - if err != nil { - return err - } - - return nil + return resourceKeyRead(d, meta) } func resourceKeyExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - keys, err := client.ListKeys() + _, err := client.Keys().GetKey(&triton.GetKeyInput{ + KeyName: d.Id(), + }) if err != nil { return false, err } - for _, key := range keys { - if key.Name == d.Id() { - return true, nil - } - } - - return false, nil + return true, nil } func resourceKeyRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - key, err := client.GetKey(d.Id()) + key, err := client.Keys().GetKey(&triton.GetKeyInput{ + KeyName: d.Id(), + }) if err != nil { return err } @@ -104,15 +92,9 @@ func resourceKeyRead(d *schema.ResourceData, meta interface{}) error { } func resourceKeyDelete(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - if err := client.DeleteKey(d.Get("name").(string)); err != nil { - return err - } - - return nil -} - -func resourceKeyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - return []*schema.ResourceData{d}, nil + return client.Keys().DeleteKey(&triton.DeleteKeyInput{ + KeyName: d.Id(), + }) } diff --git a/builtin/providers/triton/resource_key_test.go b/builtin/providers/triton/resource_key_test.go index 1d1bf79a25..2249990168 100644 --- a/builtin/providers/triton/resource_key_test.go +++ b/builtin/providers/triton/resource_key_test.go @@ -8,22 +8,57 @@ import ( "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func TestAccTritonKey_basic(t *testing.T) { keyName := fmt.Sprintf("acctest-%d", acctest.RandInt()) - config := fmt.Sprintf(testAccTritonKey_basic, keyName, testAccTritonKey_basicMaterial) + publicKeyMaterial, _, err := acctest.RandSSHKeyPair("TestAccTritonKey_basic@terraform") + if err != nil { + t.Fatalf("Cannot generate test SSH key pair: %s", err) + } + config := testAccTritonKey_basic(keyName, publicKeyMaterial) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testCheckTritonKeyDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: config, Check: resource.ComposeTestCheckFunc( testCheckTritonKeyExists("triton_key.test"), + resource.TestCheckResourceAttr("triton_key.test", "name", keyName), + resource.TestCheckResourceAttr("triton_key.test", "key", publicKeyMaterial), + func(*terraform.State) error { + time.Sleep(10 * time.Second) + return nil + }, + ), + }, + }, + }) +} + +func TestAccTritonKey_noKeyName(t *testing.T) { + keyComment := fmt.Sprintf("acctest_%d@terraform", acctest.RandInt()) + keyMaterial, _, err := acctest.RandSSHKeyPair(keyComment) + if err != nil { + t.Fatalf("Cannot generate test SSH key pair: %s", err) + } + config := testAccTritonKey_noKeyName(keyMaterial) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckTritonKeyDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckTritonKeyExists("triton_key.test"), + resource.TestCheckResourceAttr("triton_key.test", "name", keyComment), + resource.TestCheckResourceAttr("triton_key.test", "key", keyMaterial), func(*terraform.State) error { time.Sleep(10 * time.Second) return nil @@ -41,14 +76,16 @@ func testCheckTritonKeyExists(name string) resource.TestCheckFunc { if !ok { return fmt.Errorf("Not found: %s", name) } - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) - rule, err := conn.GetKey(rs.Primary.ID) + key, err := conn.Keys().GetKey(&triton.GetKeyInput{ + KeyName: rs.Primary.ID, + }) if err != nil { return fmt.Errorf("Bad: Check Key Exists: %s", err) } - if rule == nil { + if key == nil { return fmt.Errorf("Bad: Key %q does not exist", rs.Primary.ID) } @@ -57,7 +94,7 @@ func testCheckTritonKeyExists(name string) resource.TestCheckFunc { } func testCheckTritonKeyDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) return resource.Retry(1*time.Minute, func() *resource.RetryError { for _, rs := range s.RootModule().Resources { @@ -65,12 +102,14 @@ func testCheckTritonKeyDestroy(s *terraform.State) error { continue } - resp, err := conn.GetKey(rs.Primary.ID) + key, err := conn.Keys().GetKey(&triton.GetKeyInput{ + KeyName: rs.Primary.ID, + }) if err != nil { return nil } - if resp != nil { + if key != nil { return resource.RetryableError(fmt.Errorf("Bad: Key %q still exists", rs.Primary.ID)) } } @@ -79,11 +118,17 @@ func testCheckTritonKeyDestroy(s *terraform.State) error { }) } -var testAccTritonKey_basic = ` -resource "triton_key" "test" { - name = "%s" - key = "%s" +var testAccTritonKey_basic = func(keyName string, keyMaterial string) string { + return fmt.Sprintf(`resource "triton_key" "test" { + name = "%s" + key = "%s" + } + `, keyName, keyMaterial) } -` -const testAccTritonKey_basicMaterial = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL18KJIe8N7FxcgOMtabo10qZEDyYUSlOpsh/EYrugQCQHMKuNytog1lhFNZNk4LGNAz5L8/btG9+/axY/PfundbjR3SXt0hupAGQIVHuygWTr7foj5iGhckrEM+r3eMCXqoCnIFLhDZLDcq/zN2MxNbqDKcWSYmc8ul9dZWuiQpKOL+0nNXjhYA8Ewu+07kVAtsZD0WfvnAUjxmYb3rB15eBWk7gLxHrOPfZpeDSvOOX2bmzikpLn+L5NKrJsLrzO6hU/rpxD4OTHLULcsnIts3lYH8hShU8uY5ry94PBzdix++se3pUGvNSe967fKlHw3Ymh9nE/LJDQnzTNyFMj James@jn-mpb13` +var testAccTritonKey_noKeyName = func(keyMaterial string) string { + return fmt.Sprintf(`resource "triton_key" "test" { + key = "%s" + } + `, keyMaterial) +} diff --git a/builtin/providers/triton/resource_machine.go b/builtin/providers/triton/resource_machine.go index 2523dd5d0f..7eb66591c5 100644 --- a/builtin/providers/triton/resource_machine.go +++ b/builtin/providers/triton/resource_machine.go @@ -2,22 +2,20 @@ package triton import ( "fmt" - "reflect" "regexp" "time" "github.com/hashicorp/terraform/helper/hashcode" + "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) var ( machineStateRunning = "running" - machineStateStopped = "stopped" machineStateDeleted = "deleted" - machineStateChangeTimeout = 10 * time.Minute - machineStateChangeCheckInterval = 10 * time.Second + machineStateChangeTimeout = 10 * time.Minute resourceMachineMetadataKeys = map[string]string{ // semantics: "schema_name": "metadata_name" @@ -30,50 +28,46 @@ var ( func resourceMachine() *schema.Resource { return &schema.Resource{ - Create: resourceMachineCreate, - Exists: resourceMachineExists, - Read: resourceMachineRead, - Update: resourceMachineUpdate, - Delete: resourceMachineDelete, + Create: resourceMachineCreate, + Exists: resourceMachineExists, + Read: resourceMachineRead, + Update: resourceMachineUpdate, + Delete: resourceMachineDelete, + Timeouts: slowResourceTimeout, Importer: &schema.ResourceImporter{ - State: resourceMachineImporter, + State: schema.ImportStatePassthrough, }, Schema: map[string]*schema.Schema{ "name": { - Description: "friendly name", + Description: "Friendly name for machine", Type: schema.TypeString, Optional: true, Computed: true, ValidateFunc: resourceMachineValidateName, }, "type": { - Description: "machine type (smartmachine or virtualmachine)", - Type: schema.TypeString, - Computed: true, - }, - "state": { - Description: "current state of the machine", + Description: "Machine type (smartmachine or virtualmachine)", Type: schema.TypeString, Computed: true, }, "dataset": { - Description: "dataset URN the machine was provisioned with", + Description: "Dataset URN with which the machine was provisioned", Type: schema.TypeString, Computed: true, }, "memory": { - Description: "amount of memory the machine has (in Mb)", + Description: "Amount of memory allocated to the machine (in Mb)", Type: schema.TypeInt, Computed: true, }, "disk": { - Description: "amount of disk the machine has (in Gb)", + Description: "Amount of disk allocated to the machine (in Gb)", Type: schema.TypeInt, Computed: true, }, "ips": { - Description: "IP addresses the machine has", + Description: "IP addresses assigned to the machine", Type: schema.TypeList, Computed: true, Elem: &schema.Schema{ @@ -81,39 +75,38 @@ func resourceMachine() *schema.Resource { }, }, "tags": { - Description: "machine tags", + Description: "Machine tags", Type: schema.TypeMap, Optional: true, }, "created": { - Description: "when the machine was created", + Description: "When the machine was created", Type: schema.TypeString, Computed: true, }, "updated": { - Description: "when the machine was update", + Description: "When the machine was updated", Type: schema.TypeString, Computed: true, }, "package": { - Description: "name of the package to use on provisioning", + Description: "The package for use for provisioning", Type: schema.TypeString, Required: true, }, "image": { - Description: "image UUID", + Description: "UUID of the image", Type: schema.TypeString, Required: true, ForceNew: true, - // TODO: validate that the UUID is valid }, "primaryip": { - Description: "the primary (public) IP address for the machine", + Description: "Primary (public) IP address for the machine", Type: schema.TypeString, Computed: true, }, "nic": { - Description: "network interface", + Description: "Network interface", Type: schema.TypeSet, Computed: true, Optional: true, @@ -148,27 +141,27 @@ func resourceMachine() *schema.Resource { Computed: true, Type: schema.TypeString, }, - "state": { - Description: "describes the state of the NIC (e.g. provisioning, running, or stopped)", - Computed: true, + "network": { + Description: "ID of the network to which the NIC is attached", + Required: true, Type: schema.TypeString, }, - "network": { - Description: "Network ID this NIC is attached to", - Required: true, + "state": { + Description: "Provisioning state of the NIC", + Computed: true, Type: schema.TypeString, }, }, }, }, "firewall_enabled": { - Description: "enable firewall for this machine", + Description: "Whether to enable the firewall for this machine", Type: schema.TypeBool, Optional: true, Default: false, }, "domain_names": { - Description: "list of domain names from Triton's CNS", + Description: "List of domain names from Triton CNS", Type: schema.TypeList, Computed: true, Elem: &schema.Schema{ @@ -178,25 +171,25 @@ func resourceMachine() *schema.Resource { // computed resources from metadata "root_authorized_keys": { - Description: "authorized keys for the root user on this machine", + Description: "Authorized keys for the root user on this machine", Type: schema.TypeString, Optional: true, Computed: true, }, "user_script": { - Description: "user script to run on boot (every boot on SmartMachines)", + Description: "User script to run on boot (every boot on SmartMachines)", Type: schema.TypeString, Optional: true, Computed: true, }, "user_data": { - Description: "copied to machine on boot", + Description: "Data copied to machine on boot", Type: schema.TypeString, Optional: true, Computed: true, }, "administrator_pw": { - Description: "administrator's initial password (Windows only)", + Description: "Administrator's initial password (Windows only)", Type: schema.TypeString, Optional: true, Computed: true, @@ -204,7 +197,7 @@ func resourceMachine() *schema.Resource { // deprecated fields "networks": { - Description: "desired network IDs", + Description: "Desired network IDs", Type: schema.TypeList, Optional: true, Computed: true, @@ -218,7 +211,7 @@ func resourceMachine() *schema.Resource { } func resourceMachineCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) var networks []string for _, network := range d.Get("networks").([]interface{}) { @@ -242,7 +235,7 @@ func resourceMachineCreate(d *schema.ResourceData, meta interface{}) error { tags[k] = v.(string) } - machine, err := client.CreateMachine(cloudapi.CreateMachineOpts{ + machine, err := client.Machines().CreateMachine(&triton.CreateMachineInput{ Name: d.Get("name").(string), Package: d.Get("package").(string), Image: d.Get("image").(string), @@ -255,47 +248,64 @@ func resourceMachineCreate(d *schema.ResourceData, meta interface{}) error { return err } - err = waitForMachineState(client, machine.Id, machineStateRunning, machineStateChangeTimeout) + d.SetId(machine.ID) + stateConf := &resource.StateChangeConf{ + Target: []string{fmt.Sprintf(machineStateRunning)}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + return nil, "", err + } + + return getResp, getResp.State, nil + }, + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err = stateConf.WaitForState() + if err != nil { + return err + } if err != nil { return err } // refresh state after it provisions - d.SetId(machine.Id) - err = resourceMachineRead(d, meta) - if err != nil { - return err - } - - return nil + return resourceMachineRead(d, meta) } func resourceMachineExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - machine, err := client.GetMachine(d.Id()) - - return machine != nil && err == nil, err + return resourceExists(client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + })) } func resourceMachineRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - machine, err := client.GetMachine(d.Id()) + machine, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) if err != nil { return err } - nics, err := client.ListNICs(d.Id()) + nics, err := client.Machines().ListNICs(&triton.ListNICsInput{ + MachineID: d.Id(), + }) if err != nil { return err } - d.SetId(machine.Id) d.Set("name", machine.Name) d.Set("type", machine.Type) d.Set("state", machine.State) - d.Set("dataset", machine.Dataset) + d.Set("dataset", machine.Image) + d.Set("image", machine.Image) d.Set("memory", machine.Memory) d.Set("disk", machine.Disk) d.Set("ips", machine.IPs) @@ -340,23 +350,40 @@ func resourceMachineRead(d *schema.ResourceData, meta interface{}) error { } func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) d.Partial(true) if d.HasChange("name") { - if err := client.RenameMachine(d.Id(), d.Get("name").(string)); err != nil { + oldNameInterface, newNameInterface := d.GetChange("name") + oldName := oldNameInterface.(string) + newName := newNameInterface.(string) + + err := client.Machines().RenameMachine(&triton.RenameMachineInput{ + ID: d.Id(), + Name: newName, + }) + if err != nil { return err } - err := waitFor( - func() (bool, error) { - machine, err := client.GetMachine(d.Id()) - return machine.Name == d.Get("name").(string), err + stateConf := &resource.StateChangeConf{ + Pending: []string{oldName}, + Target: []string{newName}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + return nil, "", err + } + + return getResp, getResp.Name, nil }, - machineStateChangeCheckInterval, - 1*time.Minute, - ) + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err = stateConf.WaitForState() if err != nil { return err } @@ -372,22 +399,36 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { var err error if len(tags) == 0 { - err = client.DeleteMachineTags(d.Id()) + err = client.Machines().DeleteMachineTags(&triton.DeleteMachineTagsInput{ + ID: d.Id(), + }) } else { - _, err = client.ReplaceMachineTags(d.Id(), tags) + err = client.Machines().ReplaceMachineTags(&triton.ReplaceMachineTagsInput{ + ID: d.Id(), + Tags: tags, + }) } if err != nil { return err } - err = waitFor( - func() (bool, error) { - machine, err := client.GetMachine(d.Id()) - return reflect.DeepEqual(machine.Tags, tags), err + expectedTagsMD5 := stableMapHash(tags) + stateConf := &resource.StateChangeConf{ + Target: []string{expectedTagsMD5}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + return nil, "", err + } + + return getResp, stableMapHash(getResp.Tags), nil }, - machineStateChangeCheckInterval, - 1*time.Minute, - ) + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err = stateConf.WaitForState() if err != nil { return err } @@ -396,18 +437,32 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { } if d.HasChange("package") { - if err := client.ResizeMachine(d.Id(), d.Get("package").(string)); err != nil { + newPackage := d.Get("package").(string) + + err := client.Machines().ResizeMachine(&triton.ResizeMachineInput{ + ID: d.Id(), + Package: newPackage, + }) + if err != nil { return err } - err := waitFor( - func() (bool, error) { - machine, err := client.GetMachine(d.Id()) - return machine.Package == d.Get("package").(string) && machine.State == machineStateRunning, err + stateConf := &resource.StateChangeConf{ + Target: []string{fmt.Sprintf("%s@%s", newPackage, "running")}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + return nil, "", err + } + + return getResp, fmt.Sprintf("%s@%s", getResp.Package, getResp.State), nil }, - machineStateChangeCheckInterval, - machineStateChangeTimeout, - ) + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err = stateConf.WaitForState() if err != nil { return err } @@ -416,25 +471,38 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { } if d.HasChange("firewall_enabled") { + enable := d.Get("firewall_enabled").(bool) + var err error - if d.Get("firewall_enabled").(bool) { - err = client.EnableFirewallMachine(d.Id()) + if enable { + err = client.Machines().EnableMachineFirewall(&triton.EnableMachineFirewallInput{ + ID: d.Id(), + }) } else { - err = client.DisableFirewallMachine(d.Id()) + err = client.Machines().DisableMachineFirewall(&triton.DisableMachineFirewallInput{ + ID: d.Id(), + }) } if err != nil { return err } - err = waitFor( - func() (bool, error) { - machine, err := client.GetMachine(d.Id()) - return machine.FirewallEnabled == d.Get("firewall_enabled").(bool), err - }, - machineStateChangeCheckInterval, - machineStateChangeTimeout, - ) + stateConf := &resource.StateChangeConf{ + Target: []string{fmt.Sprintf("%t", enable)}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + return nil, "", err + } + return getResp, fmt.Sprintf("%t", getResp.FirewallEnabled), nil + }, + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err = stateConf.WaitForState() if err != nil { return err } @@ -452,24 +520,24 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { } oldNICs := o.(*schema.Set) - newNICs := o.(*schema.Set) + newNICs := n.(*schema.Set) - // add new NICs that are not in old NICs for _, nicI := range newNICs.Difference(oldNICs).List() { nic := nicI.(map[string]interface{}) - fmt.Printf("adding %+v\n", nic) - _, err := client.AddNIC(d.Id(), nic["network"].(string)) - if err != nil { + if _, err := client.Machines().AddNIC(&triton.AddNICInput{ + MachineID: d.Id(), + Network: nic["network"].(string), + }); err != nil { return err } } - // remove old NICs that are not in new NICs for _, nicI := range oldNICs.Difference(newNICs).List() { nic := nicI.(map[string]interface{}) - fmt.Printf("removing %+v\n", nic) - err := client.RemoveNIC(d.Id(), nic["mac"].(string)) - if err != nil { + if err := client.Machines().RemoveNIC(&triton.RemoveNICInput{ + MachineID: d.Id(), + MAC: nic["mac"].(string), + }); err != nil { return err } } @@ -477,7 +545,6 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { d.SetPartial("nic") } - // metadata stuff metadata := map[string]string{} for schemaName, metadataKey := range resourceMachineMetadataKeys { if d.HasChange(schemaName) { @@ -485,24 +552,35 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { } } if len(metadata) > 0 { - _, err := client.UpdateMachineMetadata(d.Id(), metadata) - if err != nil { + if _, err := client.Machines().UpdateMachineMetadata(&triton.UpdateMachineMetadataInput{ + ID: d.Id(), + Metadata: metadata, + }); err != nil { return err } - err = waitFor( - func() (bool, error) { - machine, err := client.GetMachine(d.Id()) + stateConf := &resource.StateChangeConf{ + Target: []string{"converged"}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + return nil, "", err + } + for k, v := range metadata { - if provider_v, ok := machine.Metadata[k]; !ok || v != provider_v { - return false, err + if upstream, ok := getResp.Metadata[k]; !ok || v != upstream { + return getResp, "converging", nil } } - return true, err + + return getResp, "converged", nil }, - machineStateChangeCheckInterval, - 1*time.Minute, - ) + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err := stateConf.WaitForState() if err != nil { return err } @@ -516,57 +594,43 @@ func resourceMachineUpdate(d *schema.ResourceData, meta interface{}) error { d.Partial(false) - err := resourceMachineRead(d, meta) - if err != nil { - return err - } - - return nil + return resourceMachineRead(d, meta) } func resourceMachineDelete(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - state, err := readMachineState(client, d.Id()) - if state != machineStateStopped { - err = client.StopMachine(d.Id()) - if err != nil { - return err - } - - waitForMachineState(client, d.Id(), machineStateStopped, machineStateChangeTimeout) - } - - err = client.DeleteMachine(d.Id()) + err := client.Machines().DeleteMachine(&triton.DeleteMachineInput{ + ID: d.Id(), + }) if err != nil { return err } - waitForMachineState(client, d.Id(), machineStateDeleted, machineStateChangeTimeout) - return nil -} + stateConf := &resource.StateChangeConf{ + Target: []string{machineStateDeleted}, + Refresh: func() (interface{}, string, error) { + getResp, err := client.Machines().GetMachine(&triton.GetMachineInput{ + ID: d.Id(), + }) + if err != nil { + if triton.IsResourceNotFound(err) { + return nil, "deleted", nil + } + return nil, "", err + } -func readMachineState(api *cloudapi.Client, id string) (string, error) { - machine, err := api.GetMachine(id) + return getResp, getResp.State, nil + }, + Timeout: machineStateChangeTimeout, + MinTimeout: 3 * time.Second, + } + _, err = stateConf.WaitForState() if err != nil { - return "", err + return err } - return machine.State, nil -} - -// waitForMachineState waits for a machine to be in the desired state (waiting -// some seconds between each poll). If it doesn't reach the state within the -// duration specified in `timeout`, it returns ErrMachineStateTimeout. -func waitForMachineState(api *cloudapi.Client, id, state string, timeout time.Duration) error { - return waitFor( - func() (bool, error) { - currentState, err := readMachineState(api, id) - return currentState == state, err - }, - machineStateChangeCheckInterval, - machineStateChangeTimeout, - ) + return nil } func resourceMachineValidateName(value interface{}, name string) (warnings []string, errors []error) { @@ -580,7 +644,3 @@ func resourceMachineValidateName(value interface{}, name string) (warnings []str return warnings, errors } - -func resourceMachineImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - return []*schema.ResourceData{d}, nil -} diff --git a/builtin/providers/triton/resource_machine_test.go b/builtin/providers/triton/resource_machine_test.go index f6f43bb777..92152fcdc6 100644 --- a/builtin/providers/triton/resource_machine_test.go +++ b/builtin/providers/triton/resource_machine_test.go @@ -2,14 +2,16 @@ package triton import ( "fmt" + "log" "regexp" "testing" "time" + "github.com/davecgh/go-spew/spew" "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func TestAccTritonMachine_basic(t *testing.T) { @@ -21,7 +23,7 @@ func TestAccTritonMachine_basic(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonMachineDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: config, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -44,20 +46,16 @@ func TestAccTritonMachine_dns(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonMachineDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: dns_output, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), - func(*terraform.State) error { + func(state *terraform.State) error { time.Sleep(10 * time.Second) + log.Printf("[DEBUG] %s", spew.Sdump(state)) return nil }, - ), - }, - resource.TestStep{ - Config: dns_output, - Check: resource.TestMatchOutput( - "domain_names", regexp.MustCompile(".*acctest-.*"), + resource.TestMatchOutput("domain_names", regexp.MustCompile(".*acctest-.*")), ), }, }, @@ -66,14 +64,14 @@ func TestAccTritonMachine_dns(t *testing.T) { func TestAccTritonMachine_nic(t *testing.T) { machineName := fmt.Sprintf("acctest-%d", acctest.RandInt()) - config := fmt.Sprintf(testAccTritonMachine_withnic, machineName, machineName) + config := testAccTritonMachine_singleNIC(machineName, acctest.RandIntRange(1024, 2048)) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testCheckTritonMachineDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: config, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -88,32 +86,33 @@ func TestAccTritonMachine_nic(t *testing.T) { }) } -func TestAccTritonMachine_addnic(t *testing.T) { +func TestAccTritonMachine_addNIC(t *testing.T) { machineName := fmt.Sprintf("acctest-%d", acctest.RandInt()) - without := fmt.Sprintf(testAccTritonMachine_withoutnic, machineName, machineName) - with := fmt.Sprintf(testAccTritonMachine_withnic, machineName, machineName) + vlanNumber := acctest.RandIntRange(1024, 2048) + + singleNICConfig := testAccTritonMachine_singleNIC(machineName, vlanNumber) + dualNICConfig := testAccTritonMachine_dualNIC(machineName, vlanNumber) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testCheckTritonMachineDestroy, Steps: []resource.TestStep{ - resource.TestStep{ - Config: without, + { + Config: singleNICConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), func(*terraform.State) error { time.Sleep(10 * time.Second) return nil }, - testCheckTritonMachineHasNoFabric("triton_machine.test", "triton_fabric.test"), ), }, - resource.TestStep{ - Config: with, + { + Config: dualNICConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), - testCheckTritonMachineHasFabric("triton_machine.test", "triton_fabric.test"), + testCheckTritonMachineHasFabric("triton_machine.test", "triton_fabric.test_add"), ), }, }, @@ -127,14 +126,16 @@ func testCheckTritonMachineExists(name string) resource.TestCheckFunc { if !ok { return fmt.Errorf("Not found: %s", name) } - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) - rule, err := conn.GetMachine(rs.Primary.ID) + machine, err := conn.Machines().GetMachine(&triton.GetMachineInput{ + ID: rs.Primary.ID, + }) if err != nil { return fmt.Errorf("Bad: Check Machine Exists: %s", err) } - if rule == nil { + if machine == nil { return fmt.Errorf("Bad: Machine %q does not exist", rs.Primary.ID) } @@ -154,9 +155,11 @@ func testCheckTritonMachineHasFabric(name, fabricName string) resource.TestCheck if !ok { return fmt.Errorf("Not found: %s", fabricName) } - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) - nics, err := conn.ListNICs(machine.Primary.ID) + nics, err := conn.Machines().ListNICs(&triton.ListNICsInput{ + MachineID: machine.Primary.ID, + }) if err != nil { return fmt.Errorf("Bad: Check NICs Exist: %s", err) } @@ -171,49 +174,25 @@ func testCheckTritonMachineHasFabric(name, fabricName string) resource.TestCheck } } -func testCheckTritonMachineHasNoFabric(name, fabricName string) resource.TestCheckFunc { - return func(s *terraform.State) error { - // Ensure we have enough information in state to look up in API - machine, ok := s.RootModule().Resources[name] - if !ok { - return fmt.Errorf("Not found: %s", name) - } - - network, ok := s.RootModule().Resources[fabricName] - if !ok { - return fmt.Errorf("Not found: %s", fabricName) - } - conn := testAccProvider.Meta().(*cloudapi.Client) - - nics, err := conn.ListNICs(machine.Primary.ID) - if err != nil { - return fmt.Errorf("Bad: Check NICs Exist: %s", err) - } - - for _, nic := range nics { - if nic.Network == network.Primary.ID { - return fmt.Errorf("Bad: Machine %q has Fabric %q", machine.Primary.ID, network.Primary.ID) - } - } - - return nil - } -} - func testCheckTritonMachineDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) for _, rs := range s.RootModule().Resources { if rs.Type != "triton_machine" { continue } - resp, err := conn.GetMachine(rs.Primary.ID) + resp, err := conn.Machines().GetMachine(&triton.GetMachineInput{ + ID: rs.Primary.ID, + }) if err != nil { - return nil + if triton.IsResourceNotFound(err) { + return nil + } + return err } - if resp != nil { + if resp != nil && resp.State != machineStateDeleted { return fmt.Errorf("Bad: Machine %q still exists", rs.Primary.ID) } } @@ -231,7 +210,7 @@ func TestAccTritonMachine_firewall(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonMachineDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: enabled_config, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -239,7 +218,7 @@ func TestAccTritonMachine_firewall(t *testing.T) { "triton_machine.test", "firewall_enabled", "true"), ), }, - resource.TestStep{ + { Config: disabled_config, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -247,7 +226,7 @@ func TestAccTritonMachine_firewall(t *testing.T) { "triton_machine.test", "firewall_enabled", "false"), ), }, - resource.TestStep{ + { Config: enabled_config, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -271,13 +250,13 @@ func TestAccTritonMachine_metadata(t *testing.T) { Providers: testAccProviders, CheckDestroy: testCheckTritonMachineDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: basic, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), ), }, - resource.TestStep{ + { Config: add_metadata, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -285,7 +264,7 @@ func TestAccTritonMachine_metadata(t *testing.T) { "triton_machine.test", "user_data", "hello"), ), }, - resource.TestStep{ + { Config: add_metadata_2, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -294,7 +273,7 @@ func TestAccTritonMachine_metadata(t *testing.T) { "tags.triton.cns.services", "test-cns-service"), ), }, - resource.TestStep{ + { Config: add_metadata_3, Check: resource.ComposeTestCheckFunc( testCheckTritonMachineExists("triton_machine.test"), @@ -311,7 +290,7 @@ var testAccTritonMachine_basic = ` resource "triton_machine" "test" { name = "%s" package = "g4-general-4G" - image = "c20b4b7c-e1a6-11e5-9a4d-ef590901732e" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" tags = { test = "hello!" @@ -332,7 +311,7 @@ var testAccTritonMachine_firewall_1 = ` resource "triton_machine" "test" { name = "%s" package = "g4-general-4G" - image = "c20b4b7c-e1a6-11e5-9a4d-ef590901732e" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" firewall_enabled = 1 } @@ -361,7 +340,7 @@ variable "tags" { resource "triton_machine" "test" { name = "%s" package = "g4-highcpu-128M" - image = "c20b4b7c-e1a6-11e5-9a4d-ef590901732e" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" user_data = "hello" @@ -372,7 +351,7 @@ var testAccTritonMachine_metadata_3 = ` resource "triton_machine" "test" { name = "%s" package = "g4-highcpu-128M" - image = "c20b4b7c-e1a6-11e5-9a4d-ef590901732e" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" user_data = "hello" @@ -382,57 +361,91 @@ resource "triton_machine" "test" { } } ` -var testAccTritonMachine_withnic = ` +var testAccTritonMachine_singleNIC = func(name string, vlanNumber int) string { + return fmt.Sprintf(`resource "triton_vlan" "test" { + vlan_id = %d + name = "%s-vlan" + description = "test vlan" +} + resource "triton_fabric" "test" { - name = "%s-network" - description = "test network" - vlan_id = 2 # every DC seems to have a vlan 2 available + name = "%s-network" + description = "test network" + vlan_id = "${triton_vlan.test.vlan_id}" - subnet = "10.0.0.0/22" - gateway = "10.0.0.1" - provision_start_ip = "10.0.0.5" - provision_end_ip = "10.0.3.250" + subnet = "10.10.0.0/24" + gateway = "10.10.0.1" + provision_start_ip = "10.10.0.10" + provision_end_ip = "10.10.0.250" - resolvers = ["8.8.8.8", "8.8.4.4"] + resolvers = ["8.8.8.8", "8.8.4.4"] } resource "triton_machine" "test" { - name = "%s" - package = "g4-general-4G" - image = "842e6fa6-6e9b-11e5-8402-1b490459e334" + name = "%s-instance" + package = "g4-highcpu-128M" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" - tags = { - test = "hello!" + tags = { + test = "Test" } - nic { network = "${triton_fabric.test.id}" } + nic { + network = "${triton_fabric.test.id}" + } +}`, vlanNumber, name, name, name) +} + +var testAccTritonMachine_dualNIC = func(name string, vlanNumber int) string { + return fmt.Sprintf(`resource "triton_vlan" "test" { + vlan_id = %d + name = "%s-vlan" + description = "test vlan" } -` -var testAccTritonMachine_withoutnic = ` resource "triton_fabric" "test" { - name = "%s-network" - description = "test network" - vlan_id = 2 # every DC seems to have a vlan 2 available + name = "%s-network" + description = "test network" + vlan_id = "${triton_vlan.test.vlan_id}" - subnet = "10.0.0.0/22" - gateway = "10.0.0.1" - provision_start_ip = "10.0.0.5" - provision_end_ip = "10.0.3.250" + subnet = "10.10.0.0/24" + gateway = "10.10.0.1" + provision_start_ip = "10.10.0.10" + provision_end_ip = "10.10.0.250" - resolvers = ["8.8.8.8", "8.8.4.4"] + resolvers = ["8.8.8.8", "8.8.4.4"] +} + +resource "triton_fabric" "test_add" { + name = "%s-network-2" + description = "test network 2" + vlan_id = "${triton_vlan.test.vlan_id}" + + subnet = "172.23.0.0/24" + gateway = "172.23.0.1" + provision_start_ip = "172.23.0.10" + provision_end_ip = "172.23.0.250" + + resolvers = ["8.8.8.8", "8.8.4.4"] } resource "triton_machine" "test" { - name = "%s" - package = "g4-general-4G" - image = "842e6fa6-6e9b-11e5-8402-1b490459e334" + name = "%s-instance" + package = "g4-highcpu-128M" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" - tags = { - test = "hello!" + tags = { + test = "Test" } + + nic { + network = "${triton_fabric.test.id}" + } + nic { + network = "${triton_fabric.test_add.id}" + } +}`, vlanNumber, name, name, name, name) } -` var testAccTritonMachine_dns = ` provider "triton" { @@ -441,8 +454,9 @@ provider "triton" { resource "triton_machine" "test" { name = "%s" package = "g4-highcpu-128M" - image = "e1faace4-e19b-11e5-928b-83849e2fd94a" + image = "fb5fe970-e6e4-11e6-9820-4b51be190db9" } + output "domain_names" { value = "${join(", ", triton_machine.test.domain_names)}" } diff --git a/builtin/providers/triton/resource_vlan.go b/builtin/providers/triton/resource_vlan.go index 34eb5d67c2..6858d34152 100644 --- a/builtin/providers/triton/resource_vlan.go +++ b/builtin/providers/triton/resource_vlan.go @@ -5,23 +5,24 @@ import ( "strconv" "github.com/hashicorp/terraform/helper/schema" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func resourceVLAN() *schema.Resource { return &schema.Resource{ - Create: resourceVLANCreate, - Exists: resourceVLANExists, - Read: resourceVLANRead, - Update: resourceVLANUpdate, - Delete: resourceVLANDelete, + Create: resourceVLANCreate, + Exists: resourceVLANExists, + Read: resourceVLANRead, + Update: resourceVLANUpdate, + Delete: resourceVLANDelete, + Timeouts: fastResourceTimeout, Importer: &schema.ResourceImporter{ - State: resourceVLANImporter, + State: schema.ImportStatePassthrough, }, Schema: map[string]*schema.Schema{ "vlan_id": { - Description: "number between 0-4095 indicating VLAN ID", + Description: "Number between 0-4095 indicating VLAN ID", Required: true, ForceNew: true, Type: schema.TypeInt, @@ -39,7 +40,7 @@ func resourceVLAN() *schema.Resource { Type: schema.TypeString, }, "description": { - Description: "Optional description of the VLAN", + Description: "Description of the VLAN", Optional: true, Type: schema.TypeString, }, @@ -48,10 +49,10 @@ func resourceVLAN() *schema.Resource { } func resourceVLANCreate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - vlan, err := client.CreateFabricVLAN(cloudapi.FabricVLAN{ - Id: int16(d.Get("vlan_id").(int)), + vlan, err := client.Fabrics().CreateFabricVLAN(&triton.CreateFabricVLANInput{ + ID: d.Get("vlan_id").(int), Name: d.Get("name").(string), Description: d.Get("description").(string), }) @@ -59,33 +60,39 @@ func resourceVLANCreate(d *schema.ResourceData, meta interface{}) error { return err } - d.SetId(resourceVLANIDString(vlan.Id)) + d.SetId(strconv.Itoa(vlan.ID)) return resourceVLANRead(d, meta) } func resourceVLANExists(d *schema.ResourceData, meta interface{}) (bool, error) { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - id, err := resourceVLANIDInt16(d.Id()) + id, err := resourceVLANIDInt(d.Id()) if err != nil { return false, err } - vlan, err := client.GetFabricVLAN(id) - - return vlan != nil && err == nil, err + return resourceExists(client.Fabrics().GetFabricVLAN(&triton.GetFabricVLANInput{ + ID: id, + })) } func resourceVLANRead(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - vlan, err := client.GetFabricVLAN(int16(d.Get("vlan_id").(int))) + id, err := resourceVLANIDInt(d.Id()) if err != nil { return err } - d.SetId(resourceVLANIDString(vlan.Id)) - d.Set("vlan_id", vlan.Id) + vlan, err := client.Fabrics().GetFabricVLAN(&triton.GetFabricVLANInput{ + ID: id, + }) + if err != nil { + return err + } + + d.Set("vlan_id", vlan.ID) d.Set("name", vlan.Name) d.Set("description", vlan.Description) @@ -93,10 +100,10 @@ func resourceVLANRead(d *schema.ResourceData, meta interface{}) error { } func resourceVLANUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - vlan, err := client.UpdateFabricVLAN(cloudapi.FabricVLAN{ - Id: int16(d.Get("vlan_id").(int)), + vlan, err := client.Fabrics().UpdateFabricVLAN(&triton.UpdateFabricVLANInput{ + ID: d.Get("vlan_id").(int), Name: d.Get("name").(string), Description: d.Get("description").(string), }) @@ -104,36 +111,28 @@ func resourceVLANUpdate(d *schema.ResourceData, meta interface{}) error { return err } - d.SetId(resourceVLANIDString(vlan.Id)) + d.SetId(strconv.Itoa(vlan.ID)) return resourceVLANRead(d, meta) } func resourceVLANDelete(d *schema.ResourceData, meta interface{}) error { - client := meta.(*cloudapi.Client) + client := meta.(*triton.Client) - id, err := resourceVLANIDInt16(d.Id()) + id, err := resourceVLANIDInt(d.Id()) if err != nil { return err } - return client.DeleteFabricVLAN(id) + return client.Fabrics().DeleteFabricVLAN(&triton.DeleteFabricVLANInput{ + ID: id, + }) } -// convenience conversion functions - -func resourceVLANIDString(id int16) string { - return strconv.Itoa(int(id)) -} - -func resourceVLANIDInt16(id string) (int16, error) { - result, err := strconv.ParseInt(id, 10, 16) +func resourceVLANIDInt(id string) (int, error) { + result, err := strconv.ParseInt(id, 10, 32) if err != nil { - return 0, err + return -1, err } - return int16(result), nil -} - -func resourceVLANImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - return []*schema.ResourceData{d}, nil + return int(result), nil } diff --git a/builtin/providers/triton/resource_vlan_test.go b/builtin/providers/triton/resource_vlan_test.go index 91333aed68..4b734d0d6d 100644 --- a/builtin/providers/triton/resource_vlan_test.go +++ b/builtin/providers/triton/resource_vlan_test.go @@ -2,22 +2,24 @@ package triton import ( "fmt" + "strconv" "testing" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "github.com/joyent/gosdc/cloudapi" + "github.com/joyent/triton-go" ) func TestAccTritonVLAN_basic(t *testing.T) { - config := testAccTritonVLAN_basic + config := testAccTritonVLAN_basic(acctest.RandIntRange(3, 2048)) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testCheckTritonVLANDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: config, Check: resource.ComposeTestCheckFunc( testCheckTritonVLANExists("triton_vlan.test"), @@ -28,27 +30,30 @@ func TestAccTritonVLAN_basic(t *testing.T) { } func TestAccTritonVLAN_update(t *testing.T) { - preConfig := testAccTritonVLAN_basic - postConfig := testAccTritonVLAN_update + vlanNumber := acctest.RandIntRange(3, 2048) + preConfig := testAccTritonVLAN_basic(vlanNumber) + postConfig := testAccTritonVLAN_update(vlanNumber) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testCheckTritonVLANDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: preConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonVLANExists("triton_vlan.test"), + resource.TestCheckResourceAttr("triton_vlan.test", "vlan_id", strconv.Itoa(vlanNumber)), resource.TestCheckResourceAttr("triton_vlan.test", "name", "test-vlan"), resource.TestCheckResourceAttr("triton_vlan.test", "description", "test vlan"), ), }, - resource.TestStep{ + { Config: postConfig, Check: resource.ComposeTestCheckFunc( testCheckTritonVLANExists("triton_vlan.test"), + resource.TestCheckResourceAttr("triton_vlan.test", "vlan_id", strconv.Itoa(vlanNumber)), resource.TestCheckResourceAttr("triton_vlan.test", "name", "test-vlan-2"), resource.TestCheckResourceAttr("triton_vlan.test", "description", "test vlan 2"), ), @@ -64,19 +69,23 @@ func testCheckTritonVLANExists(name string) resource.TestCheckFunc { if !ok { return fmt.Errorf("Not found: %s", name) } - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) - id, err := resourceVLANIDInt16(rs.Primary.ID) + id, err := resourceVLANIDInt(rs.Primary.ID) if err != nil { return err } - rule, err := conn.GetFabricVLAN(id) - if err != nil { + resp, err := conn.Fabrics().GetFabricVLAN(&triton.GetFabricVLANInput{ + ID: id, + }) + if err != nil && triton.IsResourceNotFound(err) { return fmt.Errorf("Bad: Check VLAN Exists: %s", err) + } else if err != nil { + return err } - if rule == nil { + if resp == nil { return fmt.Errorf("Bad: VLAN %q does not exist", rs.Primary.ID) } @@ -85,21 +94,25 @@ func testCheckTritonVLANExists(name string) resource.TestCheckFunc { } func testCheckTritonVLANDestroy(s *terraform.State) error { - conn := testAccProvider.Meta().(*cloudapi.Client) + conn := testAccProvider.Meta().(*triton.Client) for _, rs := range s.RootModule().Resources { if rs.Type != "triton_vlan" { continue } - id, err := resourceVLANIDInt16(rs.Primary.ID) + id, err := resourceVLANIDInt(rs.Primary.ID) if err != nil { return err } - resp, err := conn.GetFabricVLAN(id) - if err != nil { + resp, err := conn.Fabrics().GetFabricVLAN(&triton.GetFabricVLANInput{ + ID: id, + }) + if triton.IsResourceNotFound(err) { return nil + } else if err != nil { + return err } if resp != nil { @@ -110,18 +123,18 @@ func testCheckTritonVLANDestroy(s *terraform.State) error { return nil } -var testAccTritonVLAN_basic = ` -resource "triton_vlan" "test" { - vlan_id = 1024 - name = "test-vlan" - description = "test vlan" +var testAccTritonVLAN_basic = func(vlanID int) string { + return fmt.Sprintf(`resource "triton_vlan" "test" { + vlan_id = %d + name = "test-vlan" + description = "test vlan" + }`, vlanID) } -` -var testAccTritonVLAN_update = ` -resource "triton_vlan" "test" { - vlan_id = 1024 - name = "test-vlan-2" - description = "test vlan 2" +var testAccTritonVLAN_update = func(vlanID int) string { + return fmt.Sprintf(`resource "triton_vlan" "test" { + vlan_id = %d + name = "test-vlan-2" + description = "test vlan 2" + }`, vlanID) } -` diff --git a/builtin/providers/triton/utils.go b/builtin/providers/triton/utils.go deleted file mode 100644 index ef8ae23cbe..0000000000 --- a/builtin/providers/triton/utils.go +++ /dev/null @@ -1,30 +0,0 @@ -package triton - -import ( - "errors" - "time" -) - -var ( - // ErrTimeout is returned when waiting for state change - ErrTimeout = errors.New("timed out while waiting for resource change") -) - -func waitFor(f func() (bool, error), every, timeout time.Duration) error { - start := time.Now() - - for time.Since(start) <= timeout { - stop, err := f() - if err != nil { - return err - } - - if stop { - return nil - } - - time.Sleep(every) - } - - return ErrTimeout -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/cloudapi.go b/vendor/github.com/joyent/gosdc/cloudapi/cloudapi.go deleted file mode 100644 index 2f7c406ac5..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/cloudapi.go +++ /dev/null @@ -1,127 +0,0 @@ -/* -Package cloudapi interacts with the Cloud API (http://apidocs.joyent.com/cloudapi/). - -Licensed under the Mozilla Public License version 2.0 - -Copyright (c) Joyent Inc. -*/ -package cloudapi - -import ( - "net/http" - "net/url" - "path" - - "github.com/joyent/gocommon/client" - jh "github.com/joyent/gocommon/http" -) - -const ( - // DefaultAPIVersion defines the default version of the Cloud API to use - DefaultAPIVersion = "~7.3" - - // CloudAPI URL parts - apiKeys = "keys" - apiPackages = "packages" - apiImages = "images" - apiDatacenters = "datacenters" - apiMachines = "machines" - apiMetadata = "metadata" - apiSnapshots = "snapshots" - apiTags = "tags" - apiAnalytics = "analytics" - apiInstrumentations = "instrumentations" - apiInstrumentationsValue = "value" - apiInstrumentationsRaw = "raw" - apiInstrumentationsHeatmap = "heatmap" - apiInstrumentationsImage = "image" - apiInstrumentationsDetails = "details" - apiUsage = "usage" - apiAudit = "audit" - apiFirewallRules = "fwrules" - apiFirewallRulesEnable = "enable" - apiFirewallRulesDisable = "disable" - apiNetworks = "networks" - apiFabricVLANs = "fabrics/default/vlans" - apiFabricNetworks = "networks" - apiNICs = "nics" - apiServices = "services" - - // CloudAPI actions - actionExport = "export" - actionStop = "stop" - actionStart = "start" - actionReboot = "reboot" - actionResize = "resize" - actionRename = "rename" - actionEnableFw = "enable_firewall" - actionDisableFw = "disable_firewall" -) - -// Client provides a means to access the Joyent CloudAPI -type Client struct { - client client.Client -} - -// New creates a new Client. -func New(client client.Client) *Client { - return &Client{client} -} - -// Filter represents a filter that can be applied to an API request. -type Filter struct { - v url.Values -} - -// NewFilter creates a new Filter. -func NewFilter() *Filter { - return &Filter{make(url.Values)} -} - -// Set a value for the specified filter. -func (f *Filter) Set(filter, value string) { - f.v.Set(filter, value) -} - -// Add a value for the specified filter. -func (f *Filter) Add(filter, value string) { - f.v.Add(filter, value) -} - -// request represents an API request -type request struct { - method string - url string - filter *Filter - reqValue interface{} - reqHeader http.Header - resp interface{} - respHeader *http.Header - expectedStatus int -} - -// Helper method to send an API request -func (c *Client) sendRequest(req request) (*jh.ResponseData, error) { - request := jh.RequestData{ - ReqValue: req.reqValue, - ReqHeaders: req.reqHeader, - } - if req.filter != nil { - request.Params = &req.filter.v - } - if req.expectedStatus == 0 { - req.expectedStatus = http.StatusOK - } - respData := jh.ResponseData{ - RespValue: req.resp, - RespHeaders: req.respHeader, - ExpectedStatus: []int{req.expectedStatus}, - } - err := c.client.SendRequest(req.method, req.url, "", &request, &respData) - return &respData, err -} - -// Helper method to create the API URL -func makeURL(parts ...string) string { - return path.Join(parts...) -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/datacenters.go b/vendor/github.com/joyent/gosdc/cloudapi/datacenters.go deleted file mode 100644 index e2bddf9549..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/datacenters.go +++ /dev/null @@ -1,41 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// ListDatacenters provides a list of all datacenters this cloud is aware of. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListDatacenters -func (c *Client) ListDatacenters() (map[string]interface{}, error) { - var resp map[string]interface{} - req := request{ - method: client.GET, - url: apiDatacenters, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of datcenters") - } - return resp, nil -} - -// GetDatacenter gets an individual datacenter by name. Returns an HTTP redirect -// to your client, the datacenter URL is in the Location header. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetDatacenter -func (c *Client) GetDatacenter(datacenterName string) (string, error) { - var respHeader http.Header - req := request{ - method: client.GET, - url: makeURL(apiDatacenters, datacenterName), - respHeader: &respHeader, - expectedStatus: http.StatusFound, - } - respData, err := c.sendRequest(req) - if err != nil { - return "", errors.Newf(err, "failed to get datacenter with name: %s", datacenterName) - } - return respData.RespHeaders.Get("Location"), nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/fabrics.go b/vendor/github.com/joyent/gosdc/cloudapi/fabrics.go deleted file mode 100644 index cc36a7b3d7..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/fabrics.go +++ /dev/null @@ -1,182 +0,0 @@ -package cloudapi - -import ( - "net/http" - "strconv" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -type FabricVLAN struct { - Id int16 `json:"vlan_id"` // Number between 0-4095 indicating VLAN Id - Name string `json:"name"` // Unique name to identify VLAN - Description string `json:"description,omitempty"` // Optional description of the VLAN -} - -type FabricNetwork struct { - Id string `json:"id"` // Unique identifier for network - Name string `json:"name"` // Network name - Public bool `json:"public"` // Whether or not this is an RFC1918 network - Fabric bool `json:"fabric"` // Whether this network is on a fabric - Description string `json:"description"` // Optional description of network - Subnet string `json:"subnet"` // CIDR formatted string describing network - ProvisionStartIp string `json:"provision_start_ip"` // First IP on the network that can be assigned - ProvisionEndIp string `json:"provision_end_ip"` // Last assignable IP on the network - Gateway string `json:"gateway"` // Optional Gateway IP - Resolvers []string `json:"resolvers,omitempty"` // Array of IP addresses for resolvers - Routes map[string]string `json:"routes,omitempty"` // Map of CIDR block to Gateway IP Address - InternetNAT bool `json:"internet_nat"` // If a NAT zone is provisioned at Gateway IP Address - VLANId int16 `json:"vlan_id"` // VLAN network is on -} - -type CreateFabricNetworkOpts struct { - Name string `json:"name"` // Network name - Description string `json:"description,omitempty"` // Optional description of network - Subnet string `json:"subnet"` // CIDR formatted string describing network - ProvisionStartIp string `json:"provision_start_ip"` // First IP on the network that can be assigned - ProvisionEndIp string `json:"provision_end_ip"` // Last assignable IP on the network - Gateway string `json:"gateway,omitempty"` // Optional Gateway IP - Resolvers []string `json:"resolvers,omitempty"` // Array of IP addresses for resolvers - Routes map[string]string `json:"routes,omitempty"` // Map of CIDR block to Gateway IP Address - InternetNAT bool `json:"internet_nat"` // If a NAT zone is provisioned at Gateway IP Address -} - -// ListFabricVLANs lists VLANs -// See API docs: https://apidocs.joyent.com/cloudapi/#ListFabricVLANs -func (c *Client) ListFabricVLANs() ([]FabricVLAN, error) { - var resp []FabricVLAN - req := request{ - method: client.GET, - url: apiFabricVLANs, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of fabric VLANs") - } - return resp, nil -} - -// GetFabricLAN retrieves a single VLAN by ID -// See API docs: https://apidocs.joyent.com/cloudapi/#GetFabricVLAN -func (c *Client) GetFabricVLAN(vlanID int16) (*FabricVLAN, error) { - var resp FabricVLAN - req := request{ - method: client.GET, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlanID))), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get fabric VLAN with id %d", vlanID) - } - return &resp, nil -} - -// CreateFabricVLAN creates a new VLAN with the specified options -// See API docs: https://apidocs.joyent.com/cloudapi/#CreateFabricVLAN -func (c *Client) CreateFabricVLAN(vlan FabricVLAN) (*FabricVLAN, error) { - var resp FabricVLAN - req := request{ - method: client.POST, - url: apiFabricVLANs, - reqValue: vlan, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create fabric VLAN: %d - %s", vlan.Id, vlan.Name) - } - return &resp, nil -} - -// UpdateFabricVLAN updates a given VLAN with new fields -// See API docs: https://apidocs.joyent.com/cloudapi/#UpdateFabricVLAN -func (c *Client) UpdateFabricVLAN(vlan FabricVLAN) (*FabricVLAN, error) { - var resp FabricVLAN - req := request{ - method: client.PUT, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlan.Id))), - reqValue: vlan, - resp: &resp, - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to update fabric VLAN with id %d to %s - %s", vlan.Id, vlan.Name, vlan.Description) - } - return &resp, nil -} - -// DeleteFabricVLAN delets a given VLAN as specified by ID -// See API docs: https://apidocs.joyent.com/cloudapi/#DeleteFabricVLAN -func (c *Client) DeleteFabricVLAN(vlanID int16) error { - req := request{ - method: client.DELETE, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlanID))), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete fabric VLAN with id %d", vlanID) - } - return nil -} - -// ListFabricNetworks lists the networks inside the given VLAN -// See API docs: https://apidocs.joyent.com/cloudapi/#ListFabricNetworks -func (c *Client) ListFabricNetworks(vlanID int16) ([]FabricNetwork, error) { - var resp []FabricNetwork - req := request{ - method: client.GET, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlanID)), apiFabricNetworks), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of networks on fabric %d", vlanID) - } - return resp, nil -} - -// GetFabricNetwork gets a single network by VLAN and Network IDs -// See API docs: https://apidocs.joyent.com/cloudapi/#GetFabricNetwork -func (c *Client) GetFabricNetwork(vlanID int16, networkID string) (*FabricNetwork, error) { - var resp FabricNetwork - req := request{ - method: client.GET, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlanID)), apiFabricNetworks, networkID), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get fabric network %s on vlan %d", networkID, vlanID) - } - return &resp, nil -} - -// CreateFabricNetwork creates a new fabric network -// See API docs: https://apidocs.joyent.com/cloudapi/#CreateFabricNetwork -func (c *Client) CreateFabricNetwork(vlanID int16, opts CreateFabricNetworkOpts) (*FabricNetwork, error) { - var resp FabricNetwork - req := request{ - method: client.POST, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlanID)), apiFabricNetworks), - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create fabric network %s on vlan %d", opts.Name, vlanID) - } - return &resp, nil -} - -// DeleteFabricNetwork deletes an existing fabric network -// See API docs: https://apidocs.joyent.com/cloudapi/#DeleteFabricNetwork -func (c *Client) DeleteFabricNetwork(vlanID int16, networkID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiFabricVLANs, strconv.Itoa(int(vlanID)), apiFabricNetworks, networkID), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete fabric network %s on vlan %d", networkID, vlanID) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/firewalls.go b/vendor/github.com/joyent/gosdc/cloudapi/firewalls.go deleted file mode 100644 index a7763a6685..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/firewalls.go +++ /dev/null @@ -1,144 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// FirewallRule represent a firewall rule that can be specifed for a machine. -type FirewallRule struct { - Id string // Unique identifier for the rule - Enabled bool // Whether the rule is enabled or not - Rule string // Firewall rule in the form 'FROM TO ' -} - -// CreateFwRuleOpts represent the option that can be specified -// when creating a new firewall rule. -type CreateFwRuleOpts struct { - Enabled bool `json:"enabled"` // Whether to enable the rule or not - Rule string `json:"rule"` // Firewall rule in the form 'FROM TO ' -} - -// ListFirewallRules lists all the firewall rules on record for a specified account. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListFirewallRules -func (c *Client) ListFirewallRules() ([]FirewallRule, error) { - var resp []FirewallRule - req := request{ - method: client.GET, - url: apiFirewallRules, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of firewall rules") - } - return resp, nil -} - -// GetFirewallRule returns the specified firewall rule. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetFirewallRule -func (c *Client) GetFirewallRule(fwRuleID string) (*FirewallRule, error) { - var resp FirewallRule - req := request{ - method: client.GET, - url: makeURL(apiFirewallRules, fwRuleID), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get firewall rule with id %s", fwRuleID) - } - return &resp, nil -} - -// CreateFirewallRule creates the firewall rule with the specified options. -// See API docs: http://apidocs.joyent.com/cloudapi/#CreateFirewallRule -func (c *Client) CreateFirewallRule(opts CreateFwRuleOpts) (*FirewallRule, error) { - var resp FirewallRule - req := request{ - method: client.POST, - url: apiFirewallRules, - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create firewall rule: %s", opts.Rule) - } - return &resp, nil -} - -// UpdateFirewallRule updates the specified firewall rule. -// See API docs: http://apidocs.joyent.com/cloudapi/#UpdateFirewallRule -func (c *Client) UpdateFirewallRule(fwRuleID string, opts CreateFwRuleOpts) (*FirewallRule, error) { - var resp FirewallRule - req := request{ - method: client.POST, - url: makeURL(apiFirewallRules, fwRuleID), - reqValue: opts, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to update firewall rule with id %s to %s", fwRuleID, opts.Rule) - } - return &resp, nil -} - -// EnableFirewallRule enables the given firewall rule record if it is disabled. -// See API docs: http://apidocs.joyent.com/cloudapi/#EnableFirewallRule -func (c *Client) EnableFirewallRule(fwRuleID string) (*FirewallRule, error) { - var resp FirewallRule - req := request{ - method: client.POST, - url: makeURL(apiFirewallRules, fwRuleID, apiFirewallRulesEnable), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to enable firewall rule with id %s", fwRuleID) - } - return &resp, nil -} - -// DisableFirewallRule disables the given firewall rule record if it is enabled. -// See API docs: http://apidocs.joyent.com/cloudapi/#DisableFirewallRule -func (c *Client) DisableFirewallRule(fwRuleID string) (*FirewallRule, error) { - var resp FirewallRule - req := request{ - method: client.POST, - url: makeURL(apiFirewallRules, fwRuleID, apiFirewallRulesDisable), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to disable firewall rule with id %s", fwRuleID) - } - return &resp, nil -} - -// DeleteFirewallRule removes the given firewall rule record from all the required account machines. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteFirewallRule -func (c *Client) DeleteFirewallRule(fwRuleID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiFirewallRules, fwRuleID), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete firewall rule with id %s", fwRuleID) - } - return nil -} - -// ListFirewallRuleMachines return the list of machines affected by the given firewall rule. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListFirewallRuleMachines -func (c *Client) ListFirewallRuleMachines(fwRuleID string) ([]Machine, error) { - var resp []Machine - req := request{ - method: client.GET, - url: makeURL(apiFirewallRules, fwRuleID, apiMachines), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of machines affected by firewall rule wit id %s", fwRuleID) - } - return resp, nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/images.go b/vendor/github.com/joyent/gosdc/cloudapi/images.go deleted file mode 100644 index c7f9a2fe37..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/images.go +++ /dev/null @@ -1,133 +0,0 @@ -package cloudapi - -import ( - "fmt" - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Image represent the software packages that will be available on newly provisioned machines -type Image struct { - Id string // Unique identifier for the image - Name string // Image friendly name - OS string // Underlying operating system - Version string // Image version - Type string // Image type, one of 'smartmachine' or 'virtualmachine' - Description string // Image description - Requirements map[string]interface{} // Minimum requirements for provisioning a machine with this image, e.g. 'password' indicates that a password must be provided - Homepage string // URL for a web page including detailed information for this image (new in API version 7.0) - PublishedAt string `json:"published_at"` // Time this image has been made publicly available (new in API version 7.0) - Public bool // Indicates if the image is publicly available (new in API version 7.1) - State string // Current image state. One of 'active', 'unactivated', 'disabled', 'creating', 'failed' (new in API version 7.1) - Tags map[string]string // A map of key/value pairs that allows clients to categorize images by any given criteria (new in API version 7.1) - EULA string // URL of the End User License Agreement (EULA) for the image (new in API version 7.1) - ACL []string // An array of account UUIDs given access to a private image. The field is only relevant to private images (new in API version 7.1) - Owner string // The UUID of the user owning the image -} - -// ExportImageOpts represent the option that can be specified -// when exporting an image. -type ExportImageOpts struct { - MantaPath string `json:"manta_path"` // The Manta path prefix to use when exporting the image -} - -// MantaLocation represent the properties that allow a user -// to retrieve the image file and manifest from Manta -type MantaLocation struct { - MantaURL string `json:"manta_url"` // Manta datacenter URL - ImagePath string `json:"image_path"` // Path to the image - ManifestPath string `json:"manifest_path"` // Path to the image manifest -} - -// CreateImageFromMachineOpts represent the option that can be specified -// when creating a new image from an existing machine. -type CreateImageFromMachineOpts struct { - Machine string `json:"machine"` // The machine UUID from which the image is to be created - Name string `json:"name"` // Image name - Version string `json:"version"` // Image version - Description string `json:"description,omitempty"` // Image description - Homepage string `json:"homepage,omitempty"` // URL for a web page including detailed information for this image - EULA string `json:"eula,omitempty"` // URL of the End User License Agreement (EULA) for the image - ACL []string `json:"acl,omitempty"` // An array of account UUIDs given access to a private image. The field is only relevant to private images - Tags map[string]string `json:"tags,omitempty"` // A map of key/value pairs that allows clients to categorize images by any given criteria -} - -// ListImages provides a list of images available in the datacenter. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListImages -func (c *Client) ListImages(filter *Filter) ([]Image, error) { - var resp []Image - req := request{ - method: client.GET, - url: apiImages, - filter: filter, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of images") - } - return resp, nil -} - -// GetImage returns the image specified by imageId. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetImage -func (c *Client) GetImage(imageID string) (*Image, error) { - var resp Image - req := request{ - method: client.GET, - url: makeURL(apiImages, imageID), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get image with id: %s", imageID) - } - return &resp, nil -} - -// DeleteImage (Beta) Delete the image specified by imageId. Must be image owner to do so. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteImage -func (c *Client) DeleteImage(imageID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiImages, imageID), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete image with id: %s", imageID) - } - return nil -} - -// ExportImage (Beta) Exports an image to the specified Manta path. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListImages -func (c *Client) ExportImage(imageID string, opts ExportImageOpts) (*MantaLocation, error) { - var resp MantaLocation - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s", apiImages, imageID, actionExport), - reqValue: opts, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to export image %s to %s", imageID, opts.MantaPath) - } - return &resp, nil -} - -// CreateImageFromMachine (Beta) Create a new custom image from a machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListImages -func (c *Client) CreateImageFromMachine(opts CreateImageFromMachineOpts) (*Image, error) { - var resp Image - req := request{ - method: client.POST, - url: apiImages, - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create image from machine %s", opts.Machine) - } - return &resp, nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/instrumentations.go b/vendor/github.com/joyent/gosdc/cloudapi/instrumentations.go deleted file mode 100644 index 1dcd327770..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/instrumentations.go +++ /dev/null @@ -1,216 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Analytics represents the available analytics -type Analytics struct { - Modules map[string]interface{} // Namespace to organize metrics - Fields map[string]interface{} // Fields represent metadata by which data points can be filtered or decomposed - Types map[string]interface{} // Types are used with both metrics and fields for two purposes: to hint to clients at how to best label values, and to distinguish between numeric and discrete quantities. - Metrics map[string]interface{} // Metrics describe quantities which can be measured by the system - Transformations map[string]interface{} // Transformations are post-processing functions that can be applied to data when it's retrieved. -} - -// Instrumentation specify which metric to collect, how frequently to aggregate data (e.g., every second, every hour, etc.) -// how much data to keep (e.g., 10 minutes' worth, 6 months' worth, etc.) and other configuration options -type Instrumentation struct { - Module string `json:"module"` - Stat string `json:"stat"` - Predicate string `json:"predicate"` - Decomposition []string `json:"decomposition"` - ValueDimension int `json:"value-dimenstion"` - ValueArity string `json:"value-arity"` - RetentionTime int `json:"retention-time"` - Granularity int `json:"granularitiy"` - IdleMax int `json:"idle-max"` - Transformations []string `json:"transformations"` - PersistData bool `json:"persist-data"` - Crtime int `json:"crtime"` - ValueScope string `json:"value-scope"` - Id string `json:"id"` - Uris []Uri `json:"uris"` -} - -// Uri represents a Universal Resource Identifier -type Uri struct { - Uri string // Resource identifier - Name string // URI name -} - -// InstrumentationValue represents the data associated to an instrumentation for a point in time -type InstrumentationValue struct { - Value interface{} - Transformations map[string]interface{} - StartTime int - Duration int -} - -// HeatmapOpts represent the option that can be specified -// when retrieving an instrumentation.'s heatmap -type HeatmapOpts struct { - Height int `json:"height"` // Height of the image in pixels - Width int `json:"width"` // Width of the image in pixels - Ymin int `json:"ymin"` // Y-Axis value for the bottom of the image (default: 0) - Ymax int `json:"ymax"` // Y-Axis value for the top of the image (default: auto) - Nbuckets int `json:"nbuckets"` // Number of buckets in the vertical dimension - Selected []string `json:"selected"` // Array of field values to highlight, isolate or exclude - Isolate bool `json:"isolate"` // If true, only draw selected values - Exclude bool `json:"exclude"` // If true, don't draw selected values at all - Hues []string `json:"hues"` // Array of colors for highlighting selected field values - DecomposeAll bool `json:"decompose_all"` // Highlight all field values - X int `json:"x"` - Y int `json:"y"` -} - -// Heatmap represents an instrumentation's heatmap -type Heatmap struct { - BucketTime int `json:"bucket_time"` // Time corresponding to the bucket (Unix seconds) - BucketYmin int `json:"bucket_ymin"` // Minimum y-axis value for the bucket - BucketYmax int `json:"bucket_ymax"` // Maximum y-axis value for the bucket - Present map[string]interface{} `json:"present"` // If the instrumentation defines a discrete decomposition, this property's value is an object whose keys are values of that field and whose values are the number of data points in that bucket for that key - Total int `json:"total"` // The total number of data points in the bucket -} - -// CreateInstrumentationOpts represent the option that can be specified -// when creating a new instrumentation. -type CreateInstrumentationOpts struct { - Clone int `json:"clone"` // An existing instrumentation ID to be cloned - Module string `json:"module"` // Analytics module - Stat string `json:"stat"` // Analytics stat - Predicate string `json:"predicate"` // Instrumentation predicate, must be JSON string - Decomposition string `json:"decomposition"` - Granularity int `json:"granularity"` // Number of seconds between data points (default is 1) - RetentionTime int `json:"retention-time"` // How long to keep this instrumentation data for - PersistData bool `json:"persist-data"` // Whether or not to store this for historical analysis - IdleMax int `json:"idle-max"` // Number of seconds after which if the instrumentation or its data has not been accessed via the API the service may delete the instrumentation and its data -} - -// DescribeAnalytics retrieves the "schema" for instrumentations that can be created. -// See API docs: http://apidocs.joyent.com/cloudapi/#DescribeAnalytics -func (c *Client) DescribeAnalytics() (*Analytics, error) { - var resp Analytics - req := request{ - method: client.GET, - url: apiAnalytics, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get analytics") - } - return &resp, nil -} - -// ListInstrumentations retrieves all currently created instrumentations. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListInstrumentations -func (c *Client) ListInstrumentations() ([]Instrumentation, error) { - var resp []Instrumentation - req := request{ - method: client.GET, - url: makeURL(apiAnalytics, apiInstrumentations), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get instrumentations") - } - return resp, nil -} - -// GetInstrumentation retrieves the configuration for the specified instrumentation. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetInstrumentation -func (c *Client) GetInstrumentation(instrumentationID string) (*Instrumentation, error) { - var resp Instrumentation - req := request{ - method: client.GET, - url: makeURL(apiAnalytics, apiInstrumentations, instrumentationID), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get instrumentation with id %s", instrumentationID) - } - return &resp, nil -} - -// GetInstrumentationValue retrieves the data associated to an instrumentation -// for a point in time. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetInstrumentationValue -func (c *Client) GetInstrumentationValue(instrumentationID string) (*InstrumentationValue, error) { - var resp InstrumentationValue - req := request{ - method: client.GET, - url: makeURL(apiAnalytics, apiInstrumentations, instrumentationID, apiInstrumentationsValue, apiInstrumentationsRaw), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get value for instrumentation with id %s", instrumentationID) - } - return &resp, nil -} - -// GetInstrumentationHeatmap retrieves the specified instrumentation's heatmap. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetInstrumentationHeatmap -func (c *Client) GetInstrumentationHeatmap(instrumentationID string) (*Heatmap, error) { - var resp Heatmap - req := request{ - method: client.GET, - url: makeURL(apiAnalytics, apiInstrumentations, instrumentationID, apiInstrumentationsValue, apiInstrumentationsHeatmap, apiInstrumentationsImage), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get heatmap image for instrumentation with id %s", instrumentationID) - } - return &resp, nil -} - -// GetInstrumentationHeatmapDetails allows you to retrieve the bucket details -// for a heatmap. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetInstrumentationHeatmapDetails -func (c *Client) GetInstrumentationHeatmapDetails(instrumentationID string) (*Heatmap, error) { - var resp Heatmap - req := request{ - method: client.GET, - url: makeURL(apiAnalytics, apiInstrumentations, instrumentationID, apiInstrumentationsValue, apiInstrumentationsHeatmap, apiInstrumentationsDetails), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get heatmap details for instrumentation with id %s", instrumentationID) - } - return &resp, nil -} - -// CreateInstrumentation Creates an instrumentation. You can clone an existing -// instrumentation by passing in the parameter clone, which should be a numeric id -// of an existing instrumentation. -// See API docs: http://apidocs.joyent.com/cloudapi/#CreateInstrumentation -func (c *Client) CreateInstrumentation(opts CreateInstrumentationOpts) (*Instrumentation, error) { - var resp Instrumentation - req := request{ - method: client.POST, - url: makeURL(apiAnalytics, apiInstrumentations), - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create instrumentation") - } - return &resp, nil -} - -// DeleteInstrumentation destroys an instrumentation. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteInstrumentation -func (c *Client) DeleteInstrumentation(instrumentationID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiAnalytics, apiInstrumentations, instrumentationID), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete instrumentation with id %s", instrumentationID) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/keys.go b/vendor/github.com/joyent/gosdc/cloudapi/keys.go deleted file mode 100644 index fd9fd91b3d..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/keys.go +++ /dev/null @@ -1,90 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Key represent a public key -type Key struct { - Name string // Name for the key - Fingerprint string // Key Fingerprint - Key string // OpenSSH formatted public key -} - -/*func (k Key) Equals(other Key) bool { - if k.Name == other.Name && k.Fingerprint == other.Fingerprint && k.Key == other.Key { - return true - } - return false -}*/ - -// CreateKeyOpts represent the option that can be specified -// when creating a new key. -type CreateKeyOpts struct { - Name string `json:"name"` // Name for the key, optional - Key string `json:"key"` // OpenSSH formatted public key -} - -// ListKeys returns a list of public keys registered with a specific account. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListKeys -func (c *Client) ListKeys() ([]Key, error) { - var resp []Key - req := request{ - method: client.GET, - url: apiKeys, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of keys") - } - return resp, nil -} - -// GetKey returns the key identified by keyName. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetKey -func (c *Client) GetKey(keyName string) (*Key, error) { - var resp Key - req := request{ - method: client.GET, - url: makeURL(apiKeys, keyName), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get key with name: %s", keyName) - } - return &resp, nil -} - -// CreateKey creates a new key with the specified options. -// See API docs: http://apidocs.joyent.com/cloudapi/#CreateKey -func (c *Client) CreateKey(opts CreateKeyOpts) (*Key, error) { - var resp Key - req := request{ - method: client.POST, - url: apiKeys, - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create key with name: %s", opts.Name) - } - return &resp, nil -} - -// DeleteKey deletes the key identified by keyName. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteKey -func (c *Client) DeleteKey(keyName string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiKeys, keyName), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete key with name: %s", keyName) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/machine_firewall.go b/vendor/github.com/joyent/gosdc/cloudapi/machine_firewall.go deleted file mode 100644 index 60471e72e5..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/machine_firewall.go +++ /dev/null @@ -1,52 +0,0 @@ -package cloudapi - -import ( - "fmt" - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// ListMachineFirewallRules lists all the firewall rules for the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListMachineFirewallRules -func (c *Client) ListMachineFirewallRules(machineID string) ([]FirewallRule, error) { - var resp []FirewallRule - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiFirewallRules), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of firewall rules for machine with id %s", machineID) - } - return resp, nil -} - -// EnableFirewallMachine enables the firewall for the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#EnableMachineFirewall -func (c *Client) EnableFirewallMachine(machineID string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s", apiMachines, machineID, actionEnableFw), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to enable firewall on machine with id: %s", machineID) - } - return nil -} - -// DisableFirewallMachine disables the firewall for the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#DisableMachineFirewall -func (c *Client) DisableFirewallMachine(machineID string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s", apiMachines, machineID, actionDisableFw), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to disable firewall on machine with id: %s", machineID) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/machine_metadata.go b/vendor/github.com/joyent/gosdc/cloudapi/machine_metadata.go deleted file mode 100644 index ca8d83ca96..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/machine_metadata.go +++ /dev/null @@ -1,70 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// UpdateMachineMetadata updates the metadata for a given machine. -// Any metadata keys passed in here are created if they do not exist, and -// overwritten if they do. -// See API docs: http://apidocs.joyent.com/cloudapi/#UpdateMachineMetadata -func (c *Client) UpdateMachineMetadata(machineID string, metadata map[string]string) (map[string]interface{}, error) { - var resp map[string]interface{} - req := request{ - method: client.POST, - url: makeURL(apiMachines, machineID, apiMetadata), - reqValue: metadata, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to update metadata for machine with id %s", machineID) - } - return resp, nil -} - -// GetMachineMetadata returns the complete set of metadata associated with the -// specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetMachineMetadata -func (c *Client) GetMachineMetadata(machineID string) (map[string]interface{}, error) { - var resp map[string]interface{} - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiMetadata), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of metadata for machine with id %s", machineID) - } - return resp, nil -} - -// DeleteMachineMetadata deletes a single metadata key from the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteMachineMetadata -func (c *Client) DeleteMachineMetadata(machineID, metadataKey string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID, apiMetadata, metadataKey), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete metadata with key %s for machine with id %s", metadataKey, machineID) - } - return nil -} - -// DeleteAllMachineMetadata deletes all metadata keys from the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteAllMachineMetadata -func (c *Client) DeleteAllMachineMetadata(machineID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID, apiMetadata), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete metadata for machine with id %s", machineID) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/machine_nics.go b/vendor/github.com/joyent/gosdc/cloudapi/machine_nics.go deleted file mode 100644 index 4a137e4d92..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/machine_nics.go +++ /dev/null @@ -1,95 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// NICState represents the state of a NIC -type NICState string - -var ( - NICStateProvisioning NICState = "provisioning" - NICStateRunning NICState = "running" - NICStateStopped NICState = "stopped" -) - -// NIC represents a NIC on a machine -type NIC struct { - IP string `json:"ip"` // NIC's IPv4 Address - MAC string `json:"mac"` // NIC's MAC address - Primary bool `json:"primary"` // Whether this is the machine's primary NIC - Netmask string `json:"netmask"` // IPv4 netmask - Gateway string `json:"gateway"` // IPv4 gateway - State NICState `json:"state"` // Describes the state of the NIC (e.g. provisioning, running, or stopped) - Network string `json:"network"` // Network ID this NIC is attached to -} - -type addNICOptions struct { - Network string `json:"network"` // UUID of network this NIC should attach to -} - -// ListNICs lists all the NICs on a machine belonging to a given account -// See API docs: https://apidocs.joyent.com/cloudapi/#ListNics -func (c *Client) ListNICs(machineID string) ([]NIC, error) { - var resp []NIC - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiNICs), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to list NICs") - } - return resp, nil -} - -// GetNIC gets a specific NIC on a machine belonging to a given account -// See API docs: https://apidocs.joyent.com/cloudapi/#GetNic -func (c *Client) GetNIC(machineID, MAC string) (*NIC, error) { - resp := new(NIC) - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiNICs, MAC), - resp: resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get NIC with MAC: %s", MAC) - } - return resp, nil -} - -// AddNIC creates a new NIC on a machine belonging to a given account. -// *WARNING*: this causes the machine to reboot while adding the NIC. -// See API docs: https://apidocs.joyent.com/cloudapi/#AddNic -func (c *Client) AddNIC(machineID, networkID string) (*NIC, error) { - resp := new(NIC) - req := request{ - method: client.POST, - url: makeURL(apiMachines, machineID, apiNICs), - reqValue: addNICOptions{networkID}, - resp: resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to add NIC to machine %s on network: %s", machineID, networkID) - } - return resp, nil -} - -// RemoveNIC removes a NIC on a machine belonging to a given account. -// *WARNING*: this causes the machine to reboot while removing the NIC. -// See API docs: https://apidocs.joyent.com/cloudapi/#RemoveNic -func (c *Client) RemoveNIC(machineID, MAC string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID, apiNICs, MAC), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to remove NIC: %s", MAC) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/machine_snapshots.go b/vendor/github.com/joyent/gosdc/cloudapi/machine_snapshots.go deleted file mode 100644 index 0497a0fe54..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/machine_snapshots.go +++ /dev/null @@ -1,96 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Snapshot represent a point in time state of a machine. -type Snapshot struct { - Name string // Snapshot name - State string // Snapshot state -} - -// SnapshotOpts represent the option that can be specified -// when creating a new machine snapshot. -type SnapshotOpts struct { - Name string `json:"name"` // Snapshot name -} - -// CreateMachineSnapshot creates a new snapshot for the machine with the options specified. -// See API docs: http://apidocs.joyent.com/cloudapi/#CreateMachineSnapshot -func (c *Client) CreateMachineSnapshot(machineID string, opts SnapshotOpts) (*Snapshot, error) { - var resp Snapshot - req := request{ - method: client.POST, - url: makeURL(apiMachines, machineID, apiSnapshots), - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create snapshot %s from machine with id %s", opts.Name, machineID) - } - return &resp, nil -} - -// StartMachineFromSnapshot starts the machine from the specified snapshot. -// Machine must be in 'stopped' state. -// See API docs: http://apidocs.joyent.com/cloudapi/#StartMachineFromSnapshot -func (c *Client) StartMachineFromSnapshot(machineID, snapshotName string) error { - req := request{ - method: client.POST, - url: makeURL(apiMachines, machineID, apiSnapshots, snapshotName), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to start machine with id %s from snapshot %s", machineID, snapshotName) - } - return nil -} - -// ListMachineSnapshots lists all snapshots for the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListMachineSnapshots -func (c *Client) ListMachineSnapshots(machineID string) ([]Snapshot, error) { - var resp []Snapshot - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiSnapshots), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of snapshots for machine with id %s", machineID) - } - return resp, nil -} - -// GetMachineSnapshot returns the state of the specified snapshot. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetMachineSnapshot -func (c *Client) GetMachineSnapshot(machineID, snapshotName string) (*Snapshot, error) { - var resp Snapshot - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiSnapshots, snapshotName), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get snapshot %s for machine with id %s", snapshotName, machineID) - } - return &resp, nil -} - -// DeleteMachineSnapshot deletes the specified snapshot. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteMachineSnapshot -func (c *Client) DeleteMachineSnapshot(machineID, snapshotName string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID, apiSnapshots, snapshotName), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete snapshot %s for machine with id %s", snapshotName, machineID) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/machine_tags.go b/vendor/github.com/joyent/gosdc/cloudapi/machine_tags.go deleted file mode 100644 index 9a5242bdb1..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/machine_tags.go +++ /dev/null @@ -1,103 +0,0 @@ -package cloudapi - -import ( - "net/http" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// AddMachineTags adds additional tags to the specified machine. -// This API lets you append new tags, not overwrite existing tags. -// See API docs: http://apidocs.joyent.com/cloudapi/#AddMachineTags -func (c *Client) AddMachineTags(machineID string, tags map[string]string) (map[string]string, error) { - var resp map[string]string - req := request{ - method: client.POST, - url: makeURL(apiMachines, machineID, apiTags), - reqValue: tags, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to add tags for machine with id %s", machineID) - } - return resp, nil -} - -// ReplaceMachineTags replaces existing tags for the specified machine. -// This API lets you overwrite existing tags, not append to existing tags. -// See API docs: http://apidocs.joyent.com/cloudapi/#ReplaceMachineTags -func (c *Client) ReplaceMachineTags(machineID string, tags map[string]string) (map[string]string, error) { - var resp map[string]string - req := request{ - method: client.PUT, - url: makeURL(apiMachines, machineID, apiTags), - reqValue: tags, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to replace tags for machine with id %s", machineID) - } - return resp, nil -} - -// ListMachineTags returns the complete set of tags associated with the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListMachineTags -func (c *Client) ListMachineTags(machineID string) (map[string]string, error) { - var resp map[string]string - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiTags), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of tags for machine with id %s", machineID) - } - return resp, nil -} - -// GetMachineTag returns the value for a single tag on the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetMachineTag -func (c *Client) GetMachineTag(machineID, tagKey string) (string, error) { - var resp []byte - requestHeaders := make(http.Header) - requestHeaders.Set("Accept", "text/plain") - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiTags, tagKey), - resp: &resp, - reqHeader: requestHeaders, - } - if _, err := c.sendRequest(req); err != nil { - return "", errors.Newf(err, "failed to get tag %s for machine with id %s", tagKey, machineID) - } - return string(resp), nil -} - -// DeleteMachineTag deletes a single tag from the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteMachineTag -func (c *Client) DeleteMachineTag(machineID, tagKey string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID, apiTags, tagKey), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete tag with key %s for machine with id %s", tagKey, machineID) - } - return nil -} - -// DeleteMachineTags deletes all tags from the specified machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteMachineTags -func (c *Client) DeleteMachineTags(machineID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID, apiTags), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete tags for machine with id %s", machineID) - } - return nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/machines.go b/vendor/github.com/joyent/gosdc/cloudapi/machines.go deleted file mode 100644 index 32a3ccf658..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/machines.go +++ /dev/null @@ -1,307 +0,0 @@ -package cloudapi - -import ( - "encoding/json" - "fmt" - "net/http" - - "strings" - - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Machine represent a provisioned virtual machines -type Machine struct { - Id string // Unique identifier for the image - Name string // Machine friendly name - Type string // Machine type, one of 'smartmachine' or 'virtualmachine' - State string // Current state of the machine - Dataset string // The dataset URN the machine was provisioned with. For new images/datasets this value will be the dataset id, i.e, same value than the image attribute - Memory int // The amount of memory the machine has (in Mb) - Disk int // The amount of disk the machine has (in Gb) - IPs []string // The IP addresses the machine has - Metadata map[string]string // Map of the machine metadata, e.g. authorized-keys - Tags map[string]string // Map of the machine tags - Created string // When the machine was created - Updated string // When the machine was updated - Package string // The name of the package used to create the machine - Image string // The image id the machine was provisioned with - PrimaryIP string // The primary (public) IP address for the machine - Networks []string // The network IDs for the machine - FirewallEnabled bool `json:"firewall_enabled"` // whether or not the firewall is enabled - DomainNames []string `json:"dns_names"` // The domain names of this machine -} - -// Equals compares two machines. Ignores state and timestamps. -func (m Machine) Equals(other Machine) bool { - if m.Id == other.Id && m.Name == other.Name && m.Type == other.Type && m.Dataset == other.Dataset && - m.Memory == other.Memory && m.Disk == other.Disk && m.Package == other.Package && m.Image == other.Image && - m.compareIPs(other) && m.compareMetadata(other) { - return true - } - return false -} - -// Helper method to compare two machines IPs -func (m Machine) compareIPs(other Machine) bool { - if len(m.IPs) != len(other.IPs) { - return false - } - for i, v := range m.IPs { - if v != other.IPs[i] { - return false - } - } - return true -} - -// Helper method to compare two machines metadata -func (m Machine) compareMetadata(other Machine) bool { - if len(m.Metadata) != len(other.Metadata) { - return false - } - for k, v := range m.Metadata { - if v != other.Metadata[k] { - return false - } - } - return true -} - -// CreateMachineOpts represent the option that can be specified -// when creating a new machine. -type CreateMachineOpts struct { - Name string `json:"name"` // Machine friendly name, default is a randomly generated name - Package string `json:"package"` // Name of the package to use on provisioning - Image string `json:"image"` // The image UUID - Networks []string `json:"networks"` // Desired networks IDs - Metadata map[string]string `json:"-"` // An arbitrary set of metadata key/value pairs can be set at provision time - Tags map[string]string `json:"-"` // An arbitrary set of tags can be set at provision time - FirewallEnabled bool `json:"firewall_enabled"` // Completely enable or disable firewall for this machine (new in API version 7.0) -} - -// AuditAction represents an action/event accomplished by a machine. -type AuditAction struct { - Action string // Action name - Parameters map[string]interface{} // Original set of parameters sent when the action was requested - Time string // When the action finished - Success string // Either 'yes' or 'no', depending on the action successfulness - Caller Caller // Account requesting the action -} - -// Caller represents an account requesting an action. -type Caller struct { - Type string // Authentication type for the action request. One of 'basic', 'operator', 'signature' or 'token' - User string // When the authentication type is 'basic', this member will be present and include user login - IP string // The IP addresses this from which the action was requested. Not present if type is 'operator' - KeyId string // When authentication type is either 'signature' or 'token', SSH key identifier -} - -// appendJSON marshals the given attribute value and appends it as an encoded value to the given json data. -// The newly encode (attr, value) is inserted just before the closing "}" in the json data. -func appendJSON(data []byte, attr string, value interface{}) ([]byte, error) { - newData, err := json.Marshal(&value) - if err != nil { - return nil, err - } - strData := string(data) - result := fmt.Sprintf(`%s, "%s":%s}`, strData[:len(strData)-1], attr, string(newData)) - return []byte(result), nil -} - -type jsonOpts CreateMachineOpts - -// MarshalJSON turns the given CreateMachineOpts into JSON -func (opts CreateMachineOpts) MarshalJSON() ([]byte, error) { - jo := jsonOpts(opts) - data, err := json.Marshal(&jo) - if err != nil { - return nil, err - } - for k, v := range opts.Tags { - if !strings.HasPrefix(k, "tag.") { - k = "tag." + k - } - data, err = appendJSON(data, k, v) - if err != nil { - return nil, err - } - } - for k, v := range opts.Metadata { - if !strings.HasPrefix(k, "metadata.") { - k = "metadata." + k - } - data, err = appendJSON(data, k, v) - if err != nil { - return nil, err - } - } - return data, nil -} - -// ListMachines lists all machines on record for an account. -// You can paginate this API by passing in offset, and limit -// See API docs: http://apidocs.joyent.com/cloudapi/#ListMachines -func (c *Client) ListMachines(filter *Filter) ([]Machine, error) { - var resp []Machine - req := request{ - method: client.GET, - url: apiMachines, - filter: filter, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of machines") - } - return resp, nil -} - -// CountMachines returns the number of machines on record for an account. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListMachines -func (c *Client) CountMachines() (int, error) { - var resp int - req := request{ - method: client.HEAD, - url: apiMachines, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return -1, errors.Newf(err, "failed to get count of machines") - } - return resp, nil -} - -// GetMachine returns the machine specified by machineId. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetMachine -func (c *Client) GetMachine(machineID string) (*Machine, error) { - var resp Machine - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get machine with id: %s", machineID) - } - return &resp, nil -} - -// CreateMachine creates a new machine with the options specified. -// See API docs: http://apidocs.joyent.com/cloudapi/#CreateMachine -func (c *Client) CreateMachine(opts CreateMachineOpts) (*Machine, error) { - var resp Machine - req := request{ - method: client.POST, - url: apiMachines, - reqValue: opts, - resp: &resp, - expectedStatus: http.StatusCreated, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to create machine with name: %s", opts.Name) - } - return &resp, nil -} - -// StopMachine stops a running machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#StopMachine -func (c *Client) StopMachine(machineID string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s", apiMachines, machineID, actionStop), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to stop machine with id: %s", machineID) - } - return nil -} - -// StartMachine starts a stopped machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#StartMachine -func (c *Client) StartMachine(machineID string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s", apiMachines, machineID, actionStart), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to start machine with id: %s", machineID) - } - return nil -} - -// RebootMachine reboots (stop followed by a start) a machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#RebootMachine -func (c *Client) RebootMachine(machineID string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s", apiMachines, machineID, actionReboot), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to reboot machine with id: %s", machineID) - } - return nil -} - -// ResizeMachine allows you to resize a SmartMachine. Virtual machines can also -// be resized, but only resizing virtual machines to a higher capacity package -// is supported. -// See API docs: http://apidocs.joyent.com/cloudapi/#ResizeMachine -func (c *Client) ResizeMachine(machineID, packageName string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s&package=%s", apiMachines, machineID, actionResize, packageName), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to resize machine with id: %s", machineID) - } - return nil -} - -// RenameMachine renames an existing machine. -// See API docs: http://apidocs.joyent.com/cloudapi/#RenameMachine -func (c *Client) RenameMachine(machineID, machineName string) error { - req := request{ - method: client.POST, - url: fmt.Sprintf("%s/%s?action=%s&name=%s", apiMachines, machineID, actionRename, machineName), - expectedStatus: http.StatusAccepted, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to rename machine with id: %s", machineID) - } - return nil -} - -// DeleteMachine allows you to completely destroy a machine. Machine must be in the 'stopped' state. -// See API docs: http://apidocs.joyent.com/cloudapi/#DeleteMachine -func (c *Client) DeleteMachine(machineID string) error { - req := request{ - method: client.DELETE, - url: makeURL(apiMachines, machineID), - expectedStatus: http.StatusNoContent, - } - if _, err := c.sendRequest(req); err != nil { - return errors.Newf(err, "failed to delete machine with id %s", machineID) - } - return nil -} - -// MachineAudit provides a list of machine's accomplished actions, (sorted from -// latest to older one). -// See API docs: http://apidocs.joyent.com/cloudapi/#MachineAudit -func (c *Client) MachineAudit(machineID string) ([]AuditAction, error) { - var resp []AuditAction - req := request{ - method: client.GET, - url: makeURL(apiMachines, machineID, apiAudit), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get actions for machine with id %s", machineID) - } - return resp, nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/networks.go b/vendor/github.com/joyent/gosdc/cloudapi/networks.go deleted file mode 100644 index 18d828999c..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/networks.go +++ /dev/null @@ -1,44 +0,0 @@ -package cloudapi - -import ( - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Network represents a network available to a given account -type Network struct { - Id string // Unique identifier for the network - Name string // Network name - Public bool // Whether this a public or private (rfc1918) network - Description string // Optional description for this network, when name is not enough -} - -// ListNetworks lists all the networks which can be used by the given account. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListNetworks -func (c *Client) ListNetworks() ([]Network, error) { - var resp []Network - req := request{ - method: client.GET, - url: apiNetworks, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of networks") - } - return resp, nil -} - -// GetNetwork retrieves an individual network record. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetNetwork -func (c *Client) GetNetwork(networkID string) (*Network, error) { - var resp Network - req := request{ - method: client.GET, - url: makeURL(apiNetworks, networkID), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get network with id %s", networkID) - } - return &resp, nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/packages.go b/vendor/github.com/joyent/gosdc/cloudapi/packages.go deleted file mode 100644 index 9b33999169..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/packages.go +++ /dev/null @@ -1,53 +0,0 @@ -package cloudapi - -import ( - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// Package represents a named collections of resources that are used to describe the 'sizes' -// of either a smart machine or a virtual machine. -type Package struct { - Name string // Name for the package - Memory int // Memory available (in Mb) - Disk int // Disk space available (in Gb) - Swap int // Swap memory available (in Mb) - VCPUs int // Number of VCPUs for the package - Default bool // Indicates whether this is the default package in the datacenter - Id string // Unique identifier for the package - Version string // Version for the package - Group string // Group this package belongs to - Description string // Human friendly description for the package -} - -// ListPackages provides a list of packages available in the datacenter. -// See API docs: http://apidocs.joyent.com/cloudapi/#ListPackages -func (c *Client) ListPackages(filter *Filter) ([]Package, error) { - var resp []Package - req := request{ - method: client.GET, - url: apiPackages, - filter: filter, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of packages") - } - return resp, nil -} - -// GetPackage returns the package specified by packageName. NOTE: packageName can -// specify either the package name or package ID. -// See API docs: http://apidocs.joyent.com/cloudapi/#GetPackage -func (c *Client) GetPackage(packageName string) (*Package, error) { - var resp Package - req := request{ - method: client.GET, - url: makeURL(apiPackages, packageName), - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get package with name: %s", packageName) - } - return &resp, nil -} diff --git a/vendor/github.com/joyent/gosdc/cloudapi/services.go b/vendor/github.com/joyent/gosdc/cloudapi/services.go deleted file mode 100644 index 634b69ff3f..0000000000 --- a/vendor/github.com/joyent/gosdc/cloudapi/services.go +++ /dev/null @@ -1,20 +0,0 @@ -package cloudapi - -import ( - "github.com/joyent/gocommon/client" - "github.com/joyent/gocommon/errors" -) - -// list available services -func (c *Client) ListServices() (map[string]string, error) { - var resp map[string]string - req := request{ - method: client.GET, - url: apiServices, - resp: &resp, - } - if _, err := c.sendRequest(req); err != nil { - return nil, errors.Newf(err, "failed to get list of services") - } - return resp, nil -} diff --git a/vendor/github.com/joyent/gosdc/LICENSE b/vendor/github.com/joyent/triton-go/LICENSE similarity index 100% rename from vendor/github.com/joyent/gosdc/LICENSE rename to vendor/github.com/joyent/triton-go/LICENSE diff --git a/vendor/github.com/joyent/triton-go/README.md b/vendor/github.com/joyent/triton-go/README.md new file mode 100644 index 0000000000..6546ba3736 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/README.md @@ -0,0 +1,216 @@ +# triton-go + +`go-triton` is an idiomatic library exposing a client SDK for Go applications using the Joyent Triton API. + +## Usage + +Triton uses [HTTP Signature][4] to sign the Date header in each HTTP request made to the Triton API. Currently, requests can be signed using either a private key file loaded from disk (using an [`authentication.PrivateKeySigner`][5]), or using a key stored with the local SSH Agent (using an [`SSHAgentSigner`][6]. + +To construct a Signer, use the `New*` range of methods in the `authentication` package. In the case of `authentication.NewSSHAgentSigner`, the parameters are the fingerprint of the key with which to sign, and the account name (normally stored in the `SDC_ACCOUNT` environment variable). For example: + +``` +const fingerprint := "a4:c6:f3:75:80:27:e0:03:a9:98:79:ef:c5:0a:06:11" +sshKeySigner, err := authentication.NewSSHAgentSigner(fingerprint, "AccountName") +if err != nil { + log.Fatalf("NewSSHAgentSigner: %s", err) +} +``` + +An appropriate key fingerprint can be generated using `ssh-keygen`: + +``` +ssh-keygen -Emd5 -lf ~/.ssh/id_rsa.pub | cut -d " " -f 2 | sed 's/MD5://' +``` + +To construct a Client, use the `NewClient` function, passing in the endpoint, account name and constructed signer: + +```go +client, err := triton.NewClient("https://us-sw-1.api.joyent.com/", "AccountName", sshKeySigner) +if err != nil { + log.Fatalf("NewClient: %s", err) +} +``` + +Having constructed a `triton.Client`, use the methods available to access functionality by functional grouping. For example, for access to operations on SSH keys, use the `Keys()` method to obtain a client which has access to the `CreateKey`, `ListKeys` and `DeleteKey` operations. For access to operations on Machines, use the `Machines()` method to obtain a client which has access to the `RenameMachine`, `GetMachineMetadata`, `GetMachineTag`, and other operations. + +Operation methods take their formal parameters via a struct named `OperationInput` - for example when creating an SSH key, the `CreateKeyInput` struct is used with the `func CreateKey(*CreateKeyInput) (*Key, error)` method. This allows specification of named parameters: + +``` +client := state.Client().Keys() + +key, err := client.CreateKey(&CreateKeyInput{ + Name: "tempKey", + Key: "ssh-rsa .....", +}) +if err != nil { + panic(err) +} + +// Key contains the return value. +``` + +## Error Handling + +If an error is returned by the HTTP API, the `error` returned from the function will contain an instance of `triton.TritonError` in the chain. Error wrapping is performed using the [errwrap][7] library from HashiCorp. + +## Completeness + +The following list is updated as new functionality is added. The complete list of operations is taken from the [CloudAPI documentation](https://apidocs.joyent.com/cloudapi). + +- Accounts + - [x] GetAccount + - [x] UpdateAccount +- Keys + - [x] ListKeys + - [x] GetKey + - [x] CreateKey + - [x] DeleteKey +- Users + - [ ] ListUsers + - [ ] GetUser + - [ ] CreateUser + - [ ] UpdateUser + - [ ] ChangeUserPassword + - [ ] DeleteUser +- Roles + - [x] ListRoles + - [x] GetRole + - [x] CreateRole + - [x] UpdateRole + - [x] DeleteRole +- Role Tags + - [ ] SetRoleTags +- Policies + - [ ] ListPolicies + - [ ] GetPolicy + - [ ] CreatePolicy + - [ ] UpdatePolicy + - [ ] DeletePolicy +- User SSH Keys + - [x] ListUserKeys + - [x] GetUserKey + - [x] CreateUserKey + - [x] DeleteUserKey +- Config + - [x] GetConfig + - [x] UpdateConfig +- Datacenters + - [x] ListDatacenters + - [x] GetDatacenter +- Services + - [x] ListServices +- Images + - [x] ListImages + - [x] GetImage + - [x] DeleteImage + - [x] ExportImage + - [x] CreateImageFromMachine + - [x] UpdateImage +- Packages + - [x] ListPackages + - [x] GetPackage +- Instances + - [ ] ListMachines + - [x] GetMachine + - [x] CreateMachine + - [ ] StopMachine + - [ ] StartMachine + - [ ] RebootMachine + - [x] ResizeMachine + - [x] RenameMachine + - [x] EnableMachineFirewall + - [x] DisableMachineFirewall + - [ ] CreateMachineSnapshot + - [ ] StartMachineFromSnapshot + - [ ] ListMachineSnapshots + - [ ] GetMachineSnapshot + - [ ] DeleteMachineSnapshot + - [x] UpdateMachineMetadata + - [ ] ListMachineMetadata + - [ ] GetMachineMetadata + - [ ] DeleteMachineMetadata + - [ ] DeleteAllMachineMetadata + - [x] AddMachineTags + - [x] ReplaceMachineTags + - [x] ListMachineTags + - [x] GetMachineTag + - [x] DeleteMachineTag + - [x] DeleteMachineTags + - [x] DeleteMachine + - [ ] MachineAudit +- Analytics + - [ ] DescribeAnalytics + - [ ] ListInstrumentations + - [ ] GetInstrumentation + - [ ] GetInstrumentationValue + - [ ] GetInstrumentationHeatmap + - [ ] GetInstrumentationHeatmapDetails + - [ ] CreateInstrumentation + - [ ] DeleteInstrumentation +- Firewall Rules + - [x] ListFirewallRules + - [x] GetFirewallRule + - [x] CreateFirewallRule + - [x] UpdateFirewallRule + - [x] EnableFirewallRule + - [x] DisableFirewallRule + - [x] DeleteFirewallRule + - [ ] ListMachineFirewallRules + - [x] ListFirewallRuleMachines +- Fabrics + - [x] ListFabricVLANs + - [x] CreateFabricVLAN + - [x] GetFabricVLAN + - [x] UpdateFabricVLAN + - [x] DeleteFabricVLAN + - [x] ListFabricNetworks + - [x] CreateFabricNetwork + - [x] GetFabricNetwork + - [x] DeleteFabricNetwork +- Networks + - [x] ListNetworks + - [x] GetNetwork +- Nics + - [ ] ListNics + - [ ] GetNic + - [x] AddNic + - [x] RemoveNic + +## Running Acceptance Tests + +Acceptance Tests run directly against the Triton API, so you will need either a local installation or Triton or an account with Joyent in order to run them. The tests create real resources (and thus cost real money!) + +In order to run acceptance tests, the following environment variables must be set: + +- `TRITON_TEST` - must be set to any value in order to indicate desire to create resources +- `SDC_URL` - the base endpoint for the Triton API +- `SDC_ACCOUNT` - the account name for the Triton API +- `SDC_KEY_ID` - the fingerprint of the SSH key identifying the key + +Additionally, you may set `SDC_KEY_MATERIAL` to the contents of an unencrypted private key. If this is set, the PrivateKeySigner (see above) will be used - if not the SSHAgentSigner will be used. + +### Example Run + +The verbose output has been removed for brevity here. + +``` +$ HTTP_PROXY=http://localhost:8888 \ + TRITON_TEST=1 \ + SDC_URL=https://us-sw-1.api.joyent.com \ + SDC_ACCOUNT=AccountName \ + SDC_KEY_ID=a4:c6:f3:75:80:27:e0:03:a9:98:79:ef:c5:0a:06:11 \ + go test -v -run "TestAccKey" +=== RUN TestAccKey_Create +--- PASS: TestAccKey_Create (12.46s) +=== RUN TestAccKey_Get +--- PASS: TestAccKey_Get (4.30s) +=== RUN TestAccKey_Delete +--- PASS: TestAccKey_Delete (15.08s) +PASS +ok github.com/jen20/triton-go 31.861s +``` + +[4]: https://github.com/joyent/node-http-signature/blob/master/http_signing.md +[5]: https://godoc.org/github.com/joyent/go-triton/authentication +[6]: https://godoc.org/github.com/joyent/go-triton/authentication +[7]: https://github.com/hashicorp/go-errwrap diff --git a/vendor/github.com/joyent/triton-go/accounts.go b/vendor/github.com/joyent/triton-go/accounts.go new file mode 100644 index 0000000000..8049d4e7e4 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/accounts.go @@ -0,0 +1,92 @@ +package triton + +import ( + "encoding/json" + "net/http" + "time" + + "github.com/hashicorp/errwrap" + "fmt" +) + +type AccountsClient struct { + *Client +} + +// Accounts returns a c used for accessing functions pertaining +// to Account functionality in the Triton API. +func (c *Client) Accounts() *AccountsClient { + return &AccountsClient{c} +} + +type Account struct { + ID string `json:"id"` + Login string `json:"login"` + Email string `json:"email"` + CompanyName string `json:"companyName"` + FirstName string `json:"firstName"` + LastName string `json:"lastName"` + Address string `json:"address"` + PostalCode string `json:"postalCode"` + City string `json:"city"` + State string `json:"state"` + Country string `json:"country"` + Phone string `json:"phone"` + Created time.Time `json:"created"` + Updated time.Time `json:"updated"` + TritonCNSEnabled bool `json:"triton_cns_enabled"` +} + +type GetAccountInput struct{} + +func (client *AccountsClient) GetAccount(input *GetAccountInput) (*Account, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetAccount request: {{err}}", err) + } + + var result *Account + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetAccount response: {{err}}", err) + } + + return result, nil +} + +type UpdateAccountInput struct { + Email string `json:"email,omitempty"` + CompanyName string `json:"companyName,omitempty"` + FirstName string `json:"firstName,omitempty"` + LastName string `json:"lastName,omitempty"` + Address string `json:"address,omitempty"` + PostalCode string `json:"postalCode,omitempty"` + City string `json:"city,omitempty"` + State string `json:"state,omitempty"` + Country string `json:"country,omitempty"` + Phone string `json:"phone,omitempty"` + TritonCNSEnabled bool `json:"triton_cns_enabled,omitempty"` +} + +// UpdateAccount updates your account details with the given parameters. +// TODO(jen20) Work out a safe way to test this +func (client *AccountsClient) UpdateAccount(input *UpdateAccountInput) (*Account, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s", client.accountName), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateAccount request: {{err}}", err) + } + + var result *Account + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateAccount response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go b/vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go new file mode 100644 index 0000000000..8aaba97a54 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/ecdsa_signature.go @@ -0,0 +1,66 @@ +package authentication + +import ( + "encoding/asn1" + "encoding/base64" + "fmt" + "math/big" + + "github.com/hashicorp/errwrap" + "golang.org/x/crypto/ssh" +) + +type ecdsaSignature struct { + hashAlgorithm string + R *big.Int + S *big.Int +} + +func (s *ecdsaSignature) SignatureType() string { + return fmt.Sprintf("ecdsa-%s", s.hashAlgorithm) +} + +func (s *ecdsaSignature) String() string { + toEncode := struct { + R *big.Int + S *big.Int + }{ + R: s.R, + S: s.S, + } + + signatureBytes, err := asn1.Marshal(toEncode) + if err != nil { + panic(fmt.Sprintf("Error marshaling signature: %s", err)) + } + + return base64.StdEncoding.EncodeToString(signatureBytes) +} + +func newECDSASignature(signatureBlob []byte) (*ecdsaSignature, error) { + var ecSig struct { + R *big.Int + S *big.Int + } + + if err := ssh.Unmarshal(signatureBlob, &ecSig); err != nil { + return nil, errwrap.Wrapf("Error unmarshaling signature: {{err}}", err) + } + + rValue := ecSig.R.Bytes() + var hashAlgorithm string + switch len(rValue) { + case 31, 32: + hashAlgorithm = "sha256" + case 65, 66: + hashAlgorithm = "sha512" + default: + return nil, fmt.Errorf("Unsupported key length: %d", len(rValue)) + } + + return &ecdsaSignature{ + hashAlgorithm: hashAlgorithm, + R: ecSig.R, + S: ecSig.S, + }, nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go b/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go new file mode 100644 index 0000000000..aadb6ee5f4 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go @@ -0,0 +1,73 @@ +package authentication + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/base64" + "encoding/pem" + "fmt" + "github.com/hashicorp/errwrap" + "golang.org/x/crypto/ssh" + "strings" +) + +type PrivateKeySigner struct { + formattedKeyFingerprint string + keyFingerprint string + accountName string + hashFunc crypto.Hash + + privateKey *rsa.PrivateKey +} + +func NewPrivateKeySigner(keyFingerprint string, privateKeyMaterial []byte, accountName string) (*PrivateKeySigner, error) { + keyFingerprintMD5 := strings.Replace(keyFingerprint, ":", "", -1) + + block, _ := pem.Decode(privateKeyMaterial) + if block == nil { + return nil, fmt.Errorf("Error PEM-decoding private key material: nil block received") + } + + rsakey, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, errwrap.Wrapf("Error parsing private key: %s", err) + } + + sshPublicKey, err := ssh.NewPublicKey(rsakey.Public()) + if err != nil { + return nil, errwrap.Wrapf("Error parsing SSH key from private key: %s", err) + } + + matchKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, false) + displayKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, true) + if matchKeyFingerprint != keyFingerprintMD5 { + return nil, fmt.Errorf("Private key file does not match public key fingerprint") + } + + return &PrivateKeySigner{ + formattedKeyFingerprint: displayKeyFingerprint, + keyFingerprint: keyFingerprint, + accountName: accountName, + + hashFunc: crypto.SHA1, + privateKey: rsakey, + }, nil +} + +func (s *PrivateKeySigner) Sign(dateHeader string) (string, error) { + const headerName = "date" + + hash := s.hashFunc.New() + hash.Write([]byte(fmt.Sprintf("%s: %s", headerName, dateHeader))) + digest := hash.Sum(nil) + + signed, err := rsa.SignPKCS1v15(rand.Reader, s.privateKey, s.hashFunc, digest) + if err != nil { + return "", errwrap.Wrapf("Error signing date header: {{err}}", err) + } + signedBase64 := base64.StdEncoding.EncodeToString(signed) + + return fmt.Sprintf(authorizationHeaderFormat, s.formattedKeyFingerprint, "rsa-sha1", headerName, signedBase64), nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/rsa_signature.go b/vendor/github.com/joyent/triton-go/authentication/rsa_signature.go new file mode 100644 index 0000000000..8d513f6c45 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/rsa_signature.go @@ -0,0 +1,25 @@ +package authentication + +import ( + "encoding/base64" +) + +type rsaSignature struct { + hashAlgorithm string + signature []byte +} + +func (s *rsaSignature) SignatureType() string { + return s.hashAlgorithm +} + +func (s *rsaSignature) String() string { + return base64.StdEncoding.EncodeToString(s.signature) +} + +func newRSASignature(signatureBlob []byte) (*rsaSignature, error) { + return &rsaSignature{ + hashAlgorithm: "rsa-sha1", + signature: signatureBlob, + }, nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/signature.go b/vendor/github.com/joyent/triton-go/authentication/signature.go new file mode 100644 index 0000000000..e6a52df301 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/signature.go @@ -0,0 +1,27 @@ +package authentication + +import ( + "regexp" + "fmt" +) + +type httpAuthSignature interface { + SignatureType() string + String() string +} + +func keyFormatToKeyType(keyFormat string) (string, error) { + if keyFormat == "ssh-rsa" { + return "rsa", nil + } + + if keyFormat == "ssh-ed25519" { + return "ed25519", nil + } + + if regexp.MustCompile("^ecdsa-sha2-*").Match([]byte(keyFormat)) { + return "ecdsa", nil + } + + return "", fmt.Errorf("Unknown key format: %s", keyFormat) +} diff --git a/vendor/github.com/joyent/triton-go/authentication/signer.go b/vendor/github.com/joyent/triton-go/authentication/signer.go new file mode 100644 index 0000000000..dfc89ad444 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/signer.go @@ -0,0 +1,7 @@ +package authentication + +const authorizationHeaderFormat = `Signature keyId="%s",algorithm="%s",headers="%s",signature="%s"` + +type Signer interface { + Sign(dateHeader string) (string, error) +} diff --git a/vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go b/vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go new file mode 100644 index 0000000000..0287431598 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go @@ -0,0 +1,104 @@ +package authentication + +import ( + "crypto/md5" + "errors" + "fmt" + "net" + "os" + "strings" + + "github.com/hashicorp/errwrap" + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/agent" +) + +type SSHAgentSigner struct { + formattedKeyFingerprint string + keyFingerprint string + accountName string + keyIdentifier string + + agent agent.Agent + key ssh.PublicKey +} + +func NewSSHAgentSigner(keyFingerprint, accountName string) (*SSHAgentSigner, error) { + sshAgentAddress := os.Getenv("SSH_AUTH_SOCK") + if sshAgentAddress == "" { + return nil, errors.New("SSH_AUTH_SOCK is not set") + } + + conn, err := net.Dial("unix", sshAgentAddress) + if err != nil { + return nil, errwrap.Wrapf("Error dialing SSH agent: {{err}}", err) + } + + ag := agent.NewClient(conn) + + keys, err := ag.List() + if err != nil { + return nil, errwrap.Wrapf("Error listing keys in SSH Agent: %s", err) + } + + keyFingerprintMD5 := strings.Replace(keyFingerprint, ":", "", -1) + + var matchingKey ssh.PublicKey + for _, key := range keys { + h := md5.New() + h.Write(key.Marshal()) + fp := fmt.Sprintf("%x", h.Sum(nil)) + + if fp == keyFingerprintMD5 { + matchingKey = key + } + } + + if matchingKey == nil { + return nil, fmt.Errorf("No key in the SSH Agent matches fingerprint: %s", keyFingerprint) + } + + formattedKeyFingerprint := formatPublicKeyFingerprint(matchingKey, true) + + return &SSHAgentSigner{ + formattedKeyFingerprint: formattedKeyFingerprint, + keyFingerprint: keyFingerprint, + accountName: accountName, + agent: ag, + key: matchingKey, + keyIdentifier: fmt.Sprintf("/%s/keys/%s", accountName, formattedKeyFingerprint), + }, nil +} + +func (s *SSHAgentSigner) Sign(dateHeader string) (string, error) { + const headerName = "date" + + signature, err := s.agent.Sign(s.key, []byte(fmt.Sprintf("%s: %s", headerName, dateHeader))) + if err != nil { + return "", errwrap.Wrapf("Error signing date header: {{err}}", err) + } + + keyFormat, err := keyFormatToKeyType(signature.Format) + if err != nil { + return "", errwrap.Wrapf("Error reading signature: {{err}}", err) + } + + var authSignature httpAuthSignature + switch keyFormat { + case "rsa": + authSignature, err = newRSASignature(signature.Blob) + if err != nil { + return "", errwrap.Wrapf("Error reading signature: {{err}}", err) + } + case "ecdsa": + authSignature, err = newECDSASignature(signature.Blob) + if err != nil { + return "", errwrap.Wrapf("Error reading signature: {{err}}", err) + } + default: + return "", fmt.Errorf("Unsupported algorithm from SSH agent: %s", signature.Format) + } + + return fmt.Sprintf(authorizationHeaderFormat, s.keyIdentifier, + authSignature.SignatureType(), headerName, authSignature.String()), nil +} diff --git a/vendor/github.com/joyent/triton-go/authentication/util.go b/vendor/github.com/joyent/triton-go/authentication/util.go new file mode 100644 index 0000000000..7c298b68c1 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/authentication/util.go @@ -0,0 +1,29 @@ +package authentication + +import ( + "crypto/md5" + "fmt" + "strings" + + "golang.org/x/crypto/ssh" +) + +// formatPublicKeyFingerprint produces the MD5 fingerprint of the given SSH +// public key. If display is true, the fingerprint is formatted with colons +// between each byte, as per the output of OpenSSL. +func formatPublicKeyFingerprint(key ssh.PublicKey, display bool) string { + publicKeyFingerprint := md5.New() + publicKeyFingerprint.Write(key.Marshal()) + publicKeyFingerprintString := fmt.Sprintf("%x", publicKeyFingerprint.Sum(nil)) + + if !display { + return publicKeyFingerprintString + } + + formatted := "" + for i := 0; i < len(publicKeyFingerprintString); i = i + 2 { + formatted = fmt.Sprintf("%s%s:", formatted, publicKeyFingerprintString[i:i+2]) + } + + return strings.TrimSuffix(formatted, ":") +} diff --git a/vendor/github.com/joyent/triton-go/client.go b/vendor/github.com/joyent/triton-go/client.go new file mode 100644 index 0000000000..2b840bba58 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/client.go @@ -0,0 +1,179 @@ +package triton + +import ( + "bytes" + "encoding/json" + "fmt" + "io" + "log" + "net" + "net/http" + "net/url" + "os" + "strings" + "time" + + "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-retryablehttp" + "github.com/joyent/triton-go/authentication" +) + +// Client represents a connection to the Triton API. +type Client struct { + client *retryablehttp.Client + authorizer []authentication.Signer + endpoint string + accountName string +} + +// NewClient is used to construct a Client in order to make API +// requests to the Triton API. +// +// At least one signer must be provided - example signers include +// authentication.PrivateKeySigner and authentication.SSHAgentSigner. +func NewClient(endpoint string, accountName string, signers ...authentication.Signer) (*Client, error) { + defaultRetryWaitMin := 1 * time.Second + defaultRetryWaitMax := 5 * time.Minute + defaultRetryMax := 32 + + httpClient := &http.Client{ + Transport: &http.Transport{ + Proxy: http.ProxyFromEnvironment, + Dial: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).Dial, + TLSHandshakeTimeout: 10 * time.Second, + DisableKeepAlives: true, + MaxIdleConnsPerHost: -1, + }, + CheckRedirect: doNotFollowRedirects, + } + + retryableClient := &retryablehttp.Client{ + HTTPClient: httpClient, + Logger: log.New(os.Stderr, "", log.LstdFlags), + RetryWaitMin: defaultRetryWaitMin, + RetryWaitMax: defaultRetryWaitMax, + RetryMax: defaultRetryMax, + CheckRetry: retryablehttp.DefaultRetryPolicy, + } + + return &Client{ + client: retryableClient, + authorizer: signers, + endpoint: strings.TrimSuffix(endpoint, "/"), + accountName: accountName, + }, nil +} + +func doNotFollowRedirects(*http.Request, []*http.Request) error { + return http.ErrUseLastResponse +} + +func (c *Client) formatURL(path string) string { + return fmt.Sprintf("%s%s", c.endpoint, path) +} + +func (c *Client) executeRequestURIParams(method, path string, body interface{}, query *url.Values) (io.ReadCloser, error) { + var requestBody io.ReadSeeker + if body != nil { + marshaled, err := json.MarshalIndent(body, "", " ") + if err != nil { + return nil, err + } + requestBody = bytes.NewReader(marshaled) + } + + req, err := retryablehttp.NewRequest(method, c.formatURL(path), requestBody) + if err != nil { + return nil, errwrap.Wrapf("Error constructing HTTP request: {{err}}", err) + } + + dateHeader := time.Now().UTC().Format(time.RFC1123) + req.Header.Set("date", dateHeader) + + authHeader, err := c.authorizer[0].Sign(dateHeader) + if err != nil { + return nil, errwrap.Wrapf("Error signing HTTP request: {{err}}", err) + } + req.Header.Set("Authorization", authHeader) + req.Header.Set("Accept", "application/json") + req.Header.Set("Accept-Version", "8") + req.Header.Set("User-Agent", "triton-go Client API") + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + if query != nil { + req.URL.RawQuery = query.Encode() + } + + resp, err := c.client.Do(req) + if err != nil { + return nil, errwrap.Wrapf("Error executing HTTP request: {{err}}", err) + } + + if resp.StatusCode >= http.StatusOK && resp.StatusCode < http.StatusMultipleChoices { + return resp.Body, nil + } + + return nil, c.decodeError(resp.StatusCode, resp.Body) +} + +func (c *Client) decodeError(statusCode int, body io.Reader) error { + tritonError := &TritonError{ + StatusCode: statusCode, + } + + errorDecoder := json.NewDecoder(body) + if err := errorDecoder.Decode(tritonError); err != nil { + return errwrap.Wrapf("Error decoding error response: {{err}}", err) + } + + return tritonError +} + +func (c *Client) executeRequest(method, path string, body interface{}) (io.ReadCloser, error) { + return c.executeRequestURIParams(method, path, body, nil) +} + +func (c *Client) executeRequestRaw(method, path string, body interface{}) (*http.Response, error) { + var requestBody io.ReadSeeker + if body != nil { + marshaled, err := json.MarshalIndent(body, "", " ") + if err != nil { + return nil, err + } + requestBody = bytes.NewReader(marshaled) + } + + req, err := retryablehttp.NewRequest(method, c.formatURL(path), requestBody) + if err != nil { + return nil, errwrap.Wrapf("Error constructing HTTP request: {{err}}", err) + } + + dateHeader := time.Now().UTC().Format(time.RFC1123) + req.Header.Set("date", dateHeader) + + authHeader, err := c.authorizer[0].Sign(dateHeader) + if err != nil { + return nil, errwrap.Wrapf("Error signing HTTP request: {{err}}", err) + } + req.Header.Set("Authorization", authHeader) + req.Header.Set("Accept", "application/json") + req.Header.Set("Accept-Version", "8") + req.Header.Set("User-Agent", "triton-go c API") + + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + resp, err := c.client.Do(req) + if err != nil { + return nil, errwrap.Wrapf("Error executing HTTP request: {{err}}", err) + } + + return resp, nil +} diff --git a/vendor/github.com/joyent/triton-go/config.go b/vendor/github.com/joyent/triton-go/config.go new file mode 100644 index 0000000000..83d27790a4 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/config.go @@ -0,0 +1,71 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/errwrap" +) + +type ConfigClient struct { + *Client +} + +// Config returns a c used for accessing functions pertaining +// to Config functionality in the Triton API. +func (c *Client) Config() *ConfigClient { + return &ConfigClient{c} +} + +// Config represents configuration for your account. +type Config struct { + // DefaultNetwork is the network that docker containers are provisioned on. + DefaultNetwork string `json:"default_network"` +} + +type GetConfigInput struct{} + +// GetConfig outputs configuration for your account. +func (client *ConfigClient) GetConfig(input *GetConfigInput) (*Config, error) { + respReader, err := client.executeRequest(http.MethodGet, fmt.Sprintf("/%s/config", client.accountName), nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetConfig request: {{err}}", err) + } + + var result *Config + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetConfig response: {{err}}", err) + } + + return result, nil +} + +type UpdateConfigInput struct { + // DefaultNetwork is the network that docker containers are provisioned on. + DefaultNetwork string `json:"default_network"` +} + +// UpdateConfig updates configuration values for your account. +// TODO(jen20) Work out a safe way to test this (after networks c implemented) +func (client *ConfigClient) UpdateConfig(input *UpdateConfigInput) (*Config, error) { + respReader, err := client.executeRequest(http.MethodPut, fmt.Sprintf("/%s/config", client.accountName), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateConfig request: {{err}}", err) + } + + var result *Config + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateConfig response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/datacenters.go b/vendor/github.com/joyent/triton-go/datacenters.go new file mode 100644 index 0000000000..c90cc954ab --- /dev/null +++ b/vendor/github.com/joyent/triton-go/datacenters.go @@ -0,0 +1,90 @@ +package triton + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "sort" + + "github.com/hashicorp/errwrap" +) + +type DataCentersClient struct { + *Client +} + +// DataCenters returns a c used for accessing functions pertaining +// to Datacenter functionality in the Triton API. +func (c *Client) Datacenters() *DataCentersClient { + return &DataCentersClient{c} +} + +type DataCenter struct { + Name string `json:"name"` + URL string `json:"url"` +} + +type ListDataCentersInput struct{} + +func (client *DataCentersClient) ListDataCenters(*ListDataCentersInput) ([]*DataCenter, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my/datacenters", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListDatacenters request: {{err}}", err) + } + + var intermediate map[string]string + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&intermediate); err != nil { + return nil, errwrap.Wrapf("Error decoding ListDatacenters response: {{err}}", err) + } + + keys := make([]string, len(intermediate)) + i := 0 + for k := range intermediate { + keys[i] = k + i++ + } + sort.Strings(keys) + + result := make([]*DataCenter, len(intermediate)) + i = 0 + for _, key := range keys { + result[i] = &DataCenter{ + Name: key, + URL: intermediate[key], + } + i++ + } + + return result, nil +} + +type GetDataCenterInput struct { + Name string +} + +func (client *DataCentersClient) GetDataCenter(input *GetDataCenterInput) (*DataCenter, error) { + resp, err := client.executeRequestRaw(http.MethodGet, fmt.Sprintf("/my/datacenters/%s", input.Name), nil) + if err != nil { + return nil, errwrap.Wrapf("Error executing GetDatacenter request: {{err}}", err) + } + + if resp.StatusCode != http.StatusFound { + return nil, fmt.Errorf("Error executing GetDatacenter request: expected status code 302, got %s", + resp.StatusCode) + } + + location := resp.Header.Get("Location") + if location == "" { + return nil, errors.New("Error decoding GetDatacenter response: no Location header") + } + + return &DataCenter{ + Name: input.Name, + URL: location, + }, nil +} diff --git a/vendor/github.com/joyent/triton-go/errors.go b/vendor/github.com/joyent/triton-go/errors.go new file mode 100644 index 0000000000..76d4a62541 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/errors.go @@ -0,0 +1,126 @@ +package triton + +import ( + "fmt" + + "github.com/hashicorp/errwrap" +) + +// TritonError represents an error code and message along with +// the status code of the HTTP request which resulted in the error +// message. Error codes used by the Triton API are listed at +// https://apidocs.joyent.com/cloudapi/#cloudapi-http-responses +type TritonError struct { + StatusCode int + Code string `json:"code"` + Message string `json:"message"` +} + +// Error implements interface Error on the TritonError type. +func (e TritonError) Error() string { + return fmt.Sprintf("%s: %s", e.Code, e.Message) +} + +// IsBadRequest tests whether err wraps a TritonError with +// code BadRequest +func IsBadRequest(err error) bool { + return isSpecificError(err, "BadRequest") +} + +// IsInternalError tests whether err wraps a TritonError with +// code InternalError +func IsInternalError(err error) bool { + return isSpecificError(err, "InternalError") +} + +// IsInUseError tests whether err wraps a TritonError with +// code InUseError +func IsInUseError(err error) bool { + return isSpecificError(err, "InUseError") +} + +// IsInvalidArgument tests whether err wraps a TritonError with +// code InvalidArgument +func IsInvalidArgument(err error) bool { + return isSpecificError(err, "InvalidArgument") +} + +// IsInvalidCredentials tests whether err wraps a TritonError with +// code InvalidCredentials +func IsInvalidCredentials(err error) bool { + return isSpecificError(err, "InvalidCredentials") +} + +// IsInvalidHeader tests whether err wraps a TritonError with +// code InvalidHeader +func IsInvalidHeader(err error) bool { + return isSpecificError(err, "InvalidHeader") +} + +// IsInvalidVersion tests whether err wraps a TritonError with +// code InvalidVersion +func IsInvalidVersion(err error) bool { + return isSpecificError(err, "InvalidVersion") +} + +// IsMissingParameter tests whether err wraps a TritonError with +// code MissingParameter +func IsMissingParameter(err error) bool { + return isSpecificError(err, "MissingParameter") +} + +// IsNotAuthorized tests whether err wraps a TritonError with +// code NotAuthorized +func IsNotAuthorized(err error) bool { + return isSpecificError(err, "NotAuthorized") +} + +// IsRequestThrottled tests whether err wraps a TritonError with +// code RequestThrottled +func IsRequestThrottled(err error) bool { + return isSpecificError(err, "RequestThrottled") +} + +// IsRequestTooLarge tests whether err wraps a TritonError with +// code RequestTooLarge +func IsRequestTooLarge(err error) bool { + return isSpecificError(err, "RequestTooLarge") +} + +// IsRequestMoved tests whether err wraps a TritonError with +// code RequestMoved +func IsRequestMoved(err error) bool { + return isSpecificError(err, "RequestMoved") +} + +// IsResourceNotFound tests whether err wraps a TritonError with +// code ResourceNotFound +func IsResourceNotFound(err error) bool { + return isSpecificError(err, "ResourceNotFound") +} + +// IsUnknownError tests whether err wraps a TritonError with +// code UnknownError +func IsUnknownError(err error) bool { + return isSpecificError(err, "UnknownError") +} + +// isSpecificError checks whether the error represented by err wraps +// an underlying TritonError with code errorCode. +func isSpecificError(err error, errorCode string) bool { + if err == nil { + return false + } + + tritonErrorInterface := errwrap.GetType(err.(error), &TritonError{}) + if tritonErrorInterface == nil { + return false + } + + tritonErr := tritonErrorInterface.(*TritonError) + if tritonErr.Code == errorCode { + return true + } + + return false +} diff --git a/vendor/github.com/joyent/triton-go/fabrics.go b/vendor/github.com/joyent/triton-go/fabrics.go new file mode 100644 index 0000000000..5404d10bba --- /dev/null +++ b/vendor/github.com/joyent/triton-go/fabrics.go @@ -0,0 +1,232 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/errwrap" +) + +type FabricsClient struct { + *Client +} + +// Fabrics returns a client used for accessing functions pertaining to +// Fabric functionality in the Triton API. +func (c *Client) Fabrics() *FabricsClient { + return &FabricsClient{c} +} + +type FabricVLAN struct { + Name string `json:"name"` + ID int `json:"vlan_id"` + Description string `json:"description"` +} + +type ListFabricVLANsInput struct{} + +func (client *FabricsClient) ListFabricVLANs(*ListFabricVLANsInput) ([]*FabricVLAN, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my/fabrics/default/vlans", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListFabricVLANs request: {{err}}", err) + } + + var result []*FabricVLAN + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListFabricVLANs response: {{err}}", err) + } + + return result, nil +} + +type CreateFabricVLANInput struct { + Name string `json:"name"` + ID int `json:"vlan_id"` + Description string `json:"description"` +} + +func (client *FabricsClient) CreateFabricVLAN(input *CreateFabricVLANInput) (*FabricVLAN, error) { + path := fmt.Sprintf("/%s/fabrics/default/vlans", client.accountName) + respReader, err := client.executeRequest(http.MethodPost, path, input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateFabricVLAN request: {{err}}", err) + } + + var result *FabricVLAN + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateFabricVLAN response: {{err}}", err) + } + + return result, nil +} + +type UpdateFabricVLANInput struct { + ID int `json:"-"` + Name string `json:"name"` + Description string `json:"description"` +} + +func (client *FabricsClient) UpdateFabricVLAN(input *UpdateFabricVLANInput) (*FabricVLAN, error) { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodPut, path, input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateFabricVLAN request: {{err}}", err) + } + + var result *FabricVLAN + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateFabricVLAN response: {{err}}", err) + } + + return result, nil +} + +type GetFabricVLANInput struct { + ID int `json:"-"` +} + +func (client *FabricsClient) GetFabricVLAN(input *GetFabricVLANInput) (*FabricVLAN, error) { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetFabricVLAN request: {{err}}", err) + } + + var result *FabricVLAN + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetFabricVLAN response: {{err}}", err) + } + + return result, nil +} + +type DeleteFabricVLANInput struct { + ID int `json:"-"` +} + +func (client *FabricsClient) DeleteFabricVLAN(input *DeleteFabricVLANInput) error { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteFabricVLAN request: {{err}}", err) + } + + return nil +} + +type ListFabricNetworksInput struct { + FabricVLANID int `json:"-"` +} + +func (client *FabricsClient) ListFabricNetworks(input *ListFabricNetworksInput) ([]*Network, error) { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d/networks", client.accountName, input.FabricVLANID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListFabricNetworks request: {{err}}", err) + } + + var result []*Network + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListFabricNetworks response: {{err}}", err) + } + + return result, nil +} + +type CreateFabricNetworkInput struct { + FabricVLANID int `json:"-"` + Name string `json:"name"` + Description string `json:"description"` + Subnet string `json:"subnet"` + ProvisionStartIP string `json:"provision_start_ip"` + ProvisionEndIP string `json:"provision_end_ip"` + Gateway string `json:"gateway"` + Resolvers []string `json:"resolvers"` + Routes map[string]string `json:"routes"` + InternetNAT bool `json:"internet_nat"` +} + +func (client *FabricsClient) CreateFabricNetwork(input *CreateFabricNetworkInput) (*Network, error) { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d/networks", client.accountName, input.FabricVLANID) + respReader, err := client.executeRequest(http.MethodPost, path, input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateFabricNetwork request: {{err}}", err) + } + + var result *Network + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateFabricNetwork response: {{err}}", err) + } + + return result, nil +} + +type GetFabricNetworkInput struct { + FabricVLANID int `json:"-"` + NetworkID string `json:"-"` +} + +func (client *FabricsClient) GetFabricNetwork(input *GetFabricNetworkInput) (*Network, error) { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d/networks/%s", client.accountName, input.FabricVLANID, input.NetworkID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetFabricNetwork request: {{err}}", err) + } + + var result *Network + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetFabricNetwork response: {{err}}", err) + } + + return result, nil +} + +type DeleteFabricNetworkInput struct { + FabricVLANID int `json:"-"` + NetworkID string `json:"-"` +} + +func (client *FabricsClient) DeleteFabricNetwork(input *DeleteFabricNetworkInput) error { + path := fmt.Sprintf("/%s/fabrics/default/vlans/%d/networks/%s", client.accountName, input.FabricVLANID, input.NetworkID) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteFabricNetwork request: {{err}}", err) + } + + return nil +} diff --git a/vendor/github.com/joyent/triton-go/firewall.go b/vendor/github.com/joyent/triton-go/firewall.go new file mode 100644 index 0000000000..c91d012d9a --- /dev/null +++ b/vendor/github.com/joyent/triton-go/firewall.go @@ -0,0 +1,212 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/errwrap" +) + +type FirewallClient struct { + *Client +} + +// Firewall returns a client used for accessing functions pertaining to +// firewall functionality in the Triton API. +func (c *Client) Firewall() *FirewallClient { + return &FirewallClient{c} +} + +// FirewallRule represents a firewall rule +type FirewallRule struct { + // ID is a unique identifier for this rule + ID string `json:"id"` + + // Enabled indicates if the rule is enabled + Enabled bool `json:"enabled"` + + // Rule is the firewall rule text + Rule string `json:"rule"` + + // Global indicates if the rule is global. Optional. + Global bool `json:"global"` + + // Description is a human-readable description for the rule. Optional + Description string `json:"description"` +} + +type ListFirewallRulesInput struct{} + +func (client *FirewallClient) ListFirewallRules(*ListFirewallRulesInput) ([]*FirewallRule, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my/fwrules", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListFirewallRules request: {{err}}", err) + } + + var result []*FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListFirewallRules response: {{err}}", err) + } + + return result, nil +} + +type GetFirewallRuleInput struct { + ID string +} + +func (client *FirewallClient) GetFirewallRule(input *GetFirewallRuleInput) (*FirewallRule, error) { + path := fmt.Sprintf("/%s/fwrules/%s", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetFirewallRule request: {{err}}", err) + } + + var result *FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetFirewallRule response: {{err}}", err) + } + + return result, nil +} + +type CreateFirewallRuleInput struct { + Enabled bool `json:"enabled"` + Rule string `json:"rule"` + Description string `json:"description"` +} + +func (client *FirewallClient) CreateFirewallRule(input *CreateFirewallRuleInput) (*FirewallRule, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/fwrules", client.accountName), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateFirewallRule request: {{err}}", err) + } + + var result *FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateFirewallRule response: {{err}}", err) + } + + return result, nil +} + +type UpdateFirewallRuleInput struct { + ID string `json:"-"` + Enabled bool `json:"enabled"` + Rule string `json:"rule"` + Description string `json:"description"` +} + +func (client *FirewallClient) UpdateFirewallRule(input *UpdateFirewallRuleInput) (*FirewallRule, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/fwrules/%s", client.accountName, input.ID), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateFirewallRule request: {{err}}", err) + } + + var result *FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateFirewallRule response: {{err}}", err) + } + + return result, nil +} + +type EnableFirewallRuleInput struct { + ID string `json:"-"` +} + +func (client *FirewallClient) EnableFirewallRule(input *EnableFirewallRuleInput) (*FirewallRule, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/fwrules/%s/enable", client.accountName, input.ID), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing EnableFirewallRule request: {{err}}", err) + } + + var result *FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding EnableFirewallRule response: {{err}}", err) + } + + return result, nil +} + +type DisableFirewallRuleInput struct { + ID string `json:"-"` +} + +func (client *FirewallClient) DisableFirewallRule(input *DisableFirewallRuleInput) (*FirewallRule, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/fwrules/%s/disable", client.accountName, input.ID), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing DisableFirewallRule request: {{err}}", err) + } + + var result *FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding DisableFirewallRule response: {{err}}", err) + } + + return result, nil +} + +type DeleteFirewallRuleInput struct { + ID string +} + +func (client *FirewallClient) DeleteFirewallRule(input *DeleteFirewallRuleInput) error { + path := fmt.Sprintf("/%s/fwrules/%s", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteFirewallRule request: {{err}}", err) + } + + return nil +} + +type ListMachineFirewallRulesInput struct { + MachineID string +} + +func (client *FirewallClient) ListMachineFirewallRules(input *ListMachineFirewallRulesInput) ([]*FirewallRule, error) { + respReader, err := client.executeRequest(http.MethodGet, fmt.Sprintf("/my/machines/%s/firewallrules", input.MachineID), nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListMachineFirewallRules request: {{err}}", err) + } + + var result []*FirewallRule + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListFirewallRules response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/images.go b/vendor/github.com/joyent/triton-go/images.go new file mode 100644 index 0000000000..3e0aa8a75d --- /dev/null +++ b/vendor/github.com/joyent/triton-go/images.go @@ -0,0 +1,204 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + "net/url" + "time" + + "github.com/hashicorp/errwrap" +) + +type ImagesClient struct { + *Client +} + +// Images returns a c used for accessing functions pertaining to +// Images functionality in the Triton API. +func (c *Client) Images() *ImagesClient { + return &ImagesClient{c} +} + +type ImageFile struct { + Compression string `json:"compression"` + SHA1 string `json:"sha1"` + Size int64 `json:"size"` +} + +type Image struct { + ID string `json:"id"` + Name string `json:"name"` + OS string `json:"os"` + Description string `json:"description"` + Version string `json:"version"` + Type string `json:"type"` + Requirements map[string]interface{} `json:"requirements"` + Homepage string `json:"homepage"` + Files []*ImageFile `json:"files"` + PublishedAt time.Time `json:"published_at"` + Owner string `json:"owner"` + Public bool `json:"public"` + State string `json:"state"` + Tags map[string]string `json:"tags"` + EULA string `json:"eula"` + ACL []string `json:"acl"` + Error TritonError `json:"error"` +} + +type ListImagesInput struct{} + +func (client *ImagesClient) ListImages(*ListImagesInput) ([]*Image, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my/images", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListImages request: {{err}}", err) + } + + var result []*Image + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListImages response: {{err}}", err) + } + + return result, nil +} + +type GetImageInput struct { + ImageID string +} + +func (client *ImagesClient) GetImage(input *GetImageInput) (*Image, error) { + path := fmt.Sprintf("/%s/images/%s", client.accountName, input.ImageID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetImage request: {{err}}", err) + } + + var result *Image + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetImage response: {{err}}", err) + } + + return result, nil +} + +type DeleteImageInput struct { + ImageID string +} + +func (client *ImagesClient) DeleteImage(input *DeleteImageInput) error { + path := fmt.Sprintf("/%s/images/%s", client.accountName, input.ImageID) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteKey request: {{err}}", err) + } + + return nil +} + +type ExportImageInput struct { + ImageID string + MantaPath string +} + +type MantaLocation struct { + MantaURL string `json:"manta_url"` + ImagePath string `json:"image_path"` + ManifestPath string `json:"manifest_path"` +} + +func (client *ImagesClient) ExportImage(input *ExportImageInput) (*MantaLocation, error) { + path := fmt.Sprintf("/%s/images/%s", client.accountName, input.ImageID) + query := &url.Values{} + query.Set("action", "export") + query.Set("manta_path", input.MantaPath) + + respReader, err := client.executeRequestURIParams(http.MethodGet, path, nil, query) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetImage request: {{err}}", err) + } + + var result *MantaLocation + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetImage response: {{err}}", err) + } + + return result, nil +} + +type CreateImageFromMachineInput struct { + MachineID string `json:"machine"` + Name string `json:"name"` + Version string `json:"version,omitempty"` + Description string `json:"description,omitempty"` + HomePage string `json:"homepage,omitempty"` + EULA string `json:"eula,omitempty"` + ACL []string `json:"acl,omitempty"` + tags map[string]string `json:"tags,omitempty"` +} + +func (client *ImagesClient) CreateImageFromMachine(input *CreateImageFromMachineInput) (*Image, error) { + path := fmt.Sprintf("/%s/images", client.accountName) + respReader, err := client.executeRequest(http.MethodPost, path, input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateImageFromMachine request: {{err}}", err) + } + + var result *Image + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateImageFromMachine response: {{err}}", err) + } + + return result, nil +} + +type UpdateImageInput struct { + ImageID string `json:"-"` + Name string `json:"name"` + Version string `json:"version,omitempty"` + Description string `json:"description,omitempty"` + HomePage string `json:"homepage,omitempty"` + EULA string `json:"eula,omitempty"` + ACL []string `json:"acl,omitempty"` + tags map[string]string `json:"tags,omitempty"` +} + +func (client *ImagesClient) UpdateImage(input *UpdateImageInput) (*Image, error) { + path := fmt.Sprintf("/%s/images/%s", client.accountName, input.ImageID) + query := &url.Values{} + query.Set("action", "update") + + respReader, err := client.executeRequestURIParams(http.MethodPost, path, input, query) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateImage request: {{err}}", err) + } + + var result *Image + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateImage response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/keys.go b/vendor/github.com/joyent/triton-go/keys.go new file mode 100644 index 0000000000..a4f394a21b --- /dev/null +++ b/vendor/github.com/joyent/triton-go/keys.go @@ -0,0 +1,122 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/errwrap" +) + +type KeysClient struct { + *Client +} + +// Keys returns a c used for accessing functions pertaining to +// SSH key functionality in the Triton API. +func (c *Client) Keys() *KeysClient { + return &KeysClient{c} +} + +// Key represents a public key +type Key struct { + // Name of the key + Name string `json:"name"` + + // Key fingerprint + Fingerprint string `json:"fingerprint"` + + // OpenSSH-formatted public key + Key string `json:"key"` +} + +type ListKeysInput struct{} + +// ListKeys lists all public keys we have on record for the specified +// account. +func (client *KeysClient) ListKeys(*ListKeysInput) ([]*Key, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my/keys", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListKeys request: {{err}}", err) + } + + var result []*Key + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListKeys response: {{err}}", err) + } + + return result, nil +} + +type GetKeyInput struct { + KeyName string +} + +func (client *KeysClient) GetKey(input *GetKeyInput) (*Key, error) { + path := fmt.Sprintf("/%s/keys/%s", client.accountName, input.KeyName) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetKey request: {{err}}", err) + } + + var result *Key + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetKey response: {{err}}", err) + } + + return result, nil +} + +type DeleteKeyInput struct { + KeyName string +} + +func (client *KeysClient) DeleteKey(input *DeleteKeyInput) error { + path := fmt.Sprintf("/%s/keys/%s", client.accountName, input.KeyName) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteKey request: {{err}}", err) + } + + return nil +} + +// CreateKeyInput represents the option that can be specified +// when creating a new key. +type CreateKeyInput struct { + // Name of the key. Optional. + Name string `json:"name,omitempty"` + + // OpenSSH-formatted public key. + Key string `json:"key"` +} + +// CreateKey uploads a new OpenSSH key to Triton for use in HTTP signing and SSH. +func (client *KeysClient) CreateKey(input *CreateKeyInput) (*Key, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/keys", client.accountName), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateKey request: {{err}}", err) + } + + var result *Key + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateKey response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/machines.go b/vendor/github.com/joyent/triton-go/machines.go new file mode 100644 index 0000000000..8f2de97360 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/machines.go @@ -0,0 +1,472 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + "time" + + "github.com/hashicorp/errwrap" + "net/url" +) + +type MachinesClient struct { + *Client +} + +// Machines returns a client used for accessing functions pertaining to +// machine functionality in the Triton API. +func (c *Client) Machines() *MachinesClient { + return &MachinesClient{c} +} + +type Machine struct { + ID string `json:"id"` + Name string `json:"name"` + Type string `json:"type"` + Brand string `json:"brand"` + State string `json:"state"` + Image string `json:"image"` + Memory int `json:"memory"` + Disk int `json:"disk"` + Metadata map[string]string `json:"metadata"` + Tags map[string]string `json:"tags"` + Created time.Time `json:"created"` + Updated time.Time `json:"updated"` + Docker bool `json:"docker"` + IPs []string `json:"ips"` + Networks []string `json:"networks"` + PrimaryIP string `json:"primaryIp"` + FirewallEnabled bool `json:"firewall_enabled"` + ComputeNode string `json:"compute_node"` + Package string `json:"package"` + DomainNames []string `json:"dns_names"` +} + +type NIC struct { + IP string `json:"ip"` + MAC string `json:"mac"` + Primary bool `json:"primary"` + Netmask string `json:"netmask"` + Gateway string `json:"gateway"` + State string `json:"state"` + Network string `json:"network"` +} + +type GetMachineInput struct { + ID string +} + +func (client *MachinesClient) GetMachine(input *GetMachineInput) (*Machine, error) { + path := fmt.Sprintf("/%s/machines/%s", client.accountName, input.ID) + response, err := client.executeRequestRaw(http.MethodGet, path, nil) + if response != nil { + defer response.Body.Close() + } + if response.StatusCode == http.StatusNotFound { + return nil, &TritonError{ + Code: "ResourceNotFound", + } + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetMachine request: {{err}}", + client.decodeError(response.StatusCode, response.Body)) + } + + var result *Machine + decoder := json.NewDecoder(response.Body) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetMachine response: {{err}}", err) + } + + return result, nil +} + +type CreateMachineInput struct { + Name string + Package string + Image string + Networks []string + LocalityStrict bool + LocalityNear []string + LocalityFar []string + Metadata map[string]string + Tags map[string]string + FirewallEnabled bool +} + +func transformCreateMachineInput(input *CreateMachineInput) map[string]interface{} { + result := make(map[string]interface{}, 8+len(input.Metadata)+len(input.Tags)) + result["firewall_enabled"] = input.FirewallEnabled + if input.Name != "" { + result["name"] = input.Name + } + if input.Package != "" { + result["package"] = input.Package + } + if input.Image != "" { + result["image"] = input.Image + } + if len(input.Networks) > 0 { + result["networks"] = input.Networks + } + locality := struct { + Strict bool `json:"strict"` + Near []string `json:"near,omitempty"` + Far []string `json:"far,omitempty"` + }{ + Strict: input.LocalityStrict, + Near: input.LocalityNear, + Far: input.LocalityFar, + } + result["locality"] = locality + for key, value := range input.Tags { + result[fmt.Sprintf("tag.%s", key)] = value + } + for key, value := range input.Metadata { + result[fmt.Sprintf("metadata.%s", key)] = value + } + + return result +} + +func (client *MachinesClient) CreateMachine(input *CreateMachineInput) (*Machine, error) { + respReader, err := client.executeRequest(http.MethodPost, "/my/machines", transformCreateMachineInput(input)) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateMachine request: {{err}}", err) + } + + var result *Machine + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateMachine response: {{err}}", err) + } + + return result, nil +} + +type DeleteMachineInput struct { + ID string +} + +func (client *MachinesClient) DeleteMachine(input *DeleteMachineInput) error { + path := fmt.Sprintf("/%s/machines/%s", client.accountName, input.ID) + response, err := client.executeRequestRaw(http.MethodDelete, path, nil) + if response.Body != nil { + defer response.Body.Close() + } + if response.StatusCode == http.StatusNotFound { + return nil + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteMachine request: {{err}}", + client.decodeError(response.StatusCode, response.Body)) + } + + return nil +} + +type DeleteMachineTagsInput struct { + ID string +} + +func (client *MachinesClient) DeleteMachineTags(input *DeleteMachineTagsInput) error { + path := fmt.Sprintf("/%s/machines/%s/tags", client.accountName, input.ID) + response, err := client.executeRequestRaw(http.MethodDelete, path, nil) + if response.Body != nil { + defer response.Body.Close() + } + if response.StatusCode == http.StatusNotFound { + return nil + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteMachineTags request: {{err}}", + client.decodeError(response.StatusCode, response.Body)) + } + + return nil +} + +type DeleteMachineTagInput struct { + ID string + Key string +} + +func (client *MachinesClient) DeleteMachineTag(input *DeleteMachineTagInput) error { + path := fmt.Sprintf("/%s/machines/%s/tags/%s", client.accountName, input.ID, input.Key) + response, err := client.executeRequestRaw(http.MethodDelete, path, nil) + if response.Body != nil { + defer response.Body.Close() + } + if response.StatusCode == http.StatusNotFound { + return nil + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteMachineTag request: {{err}}", + client.decodeError(response.StatusCode, response.Body)) + } + + return nil +} + +type RenameMachineInput struct { + ID string + Name string +} + +func (client *MachinesClient) RenameMachine(input *RenameMachineInput) error { + path := fmt.Sprintf("/%s/machines/%s", client.accountName, input.ID) + + params := &url.Values{} + params.Set("action", "rename") + params.Set("name", input.Name) + + respReader, err := client.executeRequestURIParams(http.MethodPost, path, nil, params) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing RenameMachine request: {{err}}", err) + } + + return nil +} + +type ReplaceMachineTagsInput struct { + ID string + Tags map[string]string +} + +func (client *MachinesClient) ReplaceMachineTags(input *ReplaceMachineTagsInput) error { + path := fmt.Sprintf("/%s/machines/%s/tags", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodPut, path, input.Tags) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing ReplaceMachineTags request: {{err}}", err) + } + + return nil +} + +type AddMachineTagsInput struct { + ID string + Tags map[string]string +} + +func (client *MachinesClient) AddMachineTags(input *AddMachineTagsInput) error { + path := fmt.Sprintf("/%s/machines/%s/tags", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodPost, path, input.Tags) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing AddMachineTags request: {{err}}", err) + } + + return nil +} + +type GetMachineTagInput struct { + ID string + Key string +} + +func (client *MachinesClient) GetMachineTag(input *GetMachineTagInput) (string, error) { + path := fmt.Sprintf("/%s/machines/%s/tags/%s", client.accountName, input.ID, input.Key) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return "", errwrap.Wrapf("Error executing GetMachineTag request: {{err}}", err) + } + + var result string + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return "", errwrap.Wrapf("Error decoding GetMachineTag response: {{err}}", err) + } + + return result, nil +} + +type ListMachineTagsInput struct { + ID string +} + +func (client *MachinesClient) ListMachineTags(input *ListMachineTagsInput) (map[string]string, error) { + path := fmt.Sprintf("/%s/machines/%s/tags", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListMachineTags request: {{err}}", err) + } + + var result map[string]string + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListMachineTags response: {{err}}", err) + } + + return result, nil +} + +type UpdateMachineMetadataInput struct { + ID string + Metadata map[string]string +} + +func (client *MachinesClient) UpdateMachineMetadata(input *UpdateMachineMetadataInput) (map[string]string, error) { + path := fmt.Sprintf("/%s/machines/%s/tags", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodPost, path, input.Metadata) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateMachineMetadata request: {{err}}", err) + } + + var result map[string]string + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateMachineMetadata response: {{err}}", err) + } + + return result, nil +} + +type ResizeMachineInput struct { + ID string + Package string +} + +func (client *MachinesClient) ResizeMachine(input *ResizeMachineInput) error { + path := fmt.Sprintf("/%s/machines/%s", client.accountName, input.ID) + + params := &url.Values{} + params.Set("action", "resize") + params.Set("package", input.Package) + + respReader, err := client.executeRequestURIParams(http.MethodPost, path, nil, params) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing ResizeMachine request: {{err}}", err) + } + + return nil +} + +type EnableMachineFirewallInput struct { + ID string +} + +func (client *MachinesClient) EnableMachineFirewall(input *EnableMachineFirewallInput) error { + path := fmt.Sprintf("/%s/machines/%s", client.accountName, input.ID) + + params := &url.Values{} + params.Set("action", "enable_firewall") + + respReader, err := client.executeRequestURIParams(http.MethodPost, path, nil, params) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing EnableMachineFirewall request: {{err}}", err) + } + + return nil +} + +type DisableMachineFirewallInput struct { + ID string +} + +func (client *MachinesClient) DisableMachineFirewall(input *DisableMachineFirewallInput) error { + path := fmt.Sprintf("/%s/machines/%s", client.accountName, input.ID) + + params := &url.Values{} + params.Set("action", "disable_firewall") + + respReader, err := client.executeRequestURIParams(http.MethodPost, path, nil, params) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DisableMachineFirewall request: {{err}}", err) + } + + return nil +} + +type ListNICsInput struct { + MachineID string +} + +func (client *MachinesClient) ListNICs(input *ListNICsInput) ([]*NIC, error) { + respReader, err := client.executeRequest(http.MethodGet, fmt.Sprintf("/my/machines/%s/nics", input.MachineID), nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListNICs request: {{err}}", err) + } + + var result []*NIC + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListNICs response: {{err}}", err) + } + + return result, nil +} + +type AddNICInput struct { + MachineID string `json:"-"` + Network string `json:"network"` +} + +func (client *MachinesClient) AddNIC(input *AddNICInput) (*NIC, error) { + path := fmt.Sprintf("/%s/machines/%s/nics", client.accountName, input.MachineID) + respReader, err := client.executeRequest(http.MethodPost, path, input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing AddNIC request: {{err}}", err) + } + + var result *NIC + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding AddNIC response: {{err}}", err) + } + + return result, nil +} + +type RemoveNICInput struct { + MachineID string + MAC string +} + +func (client *MachinesClient) RemoveNIC(input *RemoveNICInput) error { + path := fmt.Sprintf("/%s/machines/%s/nics/%s", client.accountName, input.MachineID, input.MAC) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing RemoveNIC request: {{err}}", err) + } + + return nil +} diff --git a/vendor/github.com/joyent/triton-go/networks.go b/vendor/github.com/joyent/triton-go/networks.go new file mode 100644 index 0000000000..cb1ec17005 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/networks.go @@ -0,0 +1,77 @@ +package triton + +import ( + "encoding/json" + "net/http" + + "fmt" + "github.com/hashicorp/errwrap" +) + +type NetworksClient struct { + *Client +} + +// Networks returns a c used for accessing functions pertaining to +// Network functionality in the Triton API. +func (c *Client) Networks() *NetworksClient { + return &NetworksClient{c} +} + +type Network struct { + Id string `json:"id"` + Name string `json:"name"` + Public bool `json:"public"` + Fabric bool `json:"fabric"` + Description string `json:"description"` + Subnet string `json:"subnet"` + ProvisioningStartIP string `json:"provision_start_ip"` + ProvisioningEndIP string `json:"provision_end_ip"` + Gateway string `json:"gateway"` + Resolvers []string `json:"resolvers"` + Routes map[string]string `json:"routes"` + InternetNAT bool `json:"internet_nat"` +} + +type ListNetworksInput struct{} + +func (client *NetworksClient) ListNetworks(*ListNetworksInput) ([]*Network, error) { + respReader, err := client.executeRequest(http.MethodGet, "/my/networks", nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListNetworks request: {{err}}", err) + } + + var result []*Network + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListNetworks response: {{err}}", err) + } + + return result, nil +} + +type GetNetworkInput struct { + ID string +} + +func (client *NetworksClient) GetNetwork(input *GetNetworkInput) (*Network, error) { + path := fmt.Sprintf("/%s/networks/%s", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetNetwork request: {{err}}", err) + } + + var result *Network + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetNetwork response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/packages.go b/vendor/github.com/joyent/triton-go/packages.go new file mode 100644 index 0000000000..2e525acfe5 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/packages.go @@ -0,0 +1,85 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + + "github.com/hashicorp/errwrap" +) + +type PackagesClient struct { + *Client +} + +// Packages returns a c used for accessing functions pertaining +// to Packages functionality in the Triton API. +func (c *Client) Packages() *PackagesClient { + return &PackagesClient{c} +} + +type Package struct { + ID string `json:"id"` + Name string `json:"name"` + Memory int64 `json:"memory"` + Disk int64 `json:"disk"` + Swap int64 `json:"swap"` + LWPs int64 `json:"lwps"` + VCPUs int64 `json:"vcpus"` + Version string `json:"version"` + Group string `json:"group"` + Description string `json:"description"` + Default bool `json:"default"` +} + +type ListPackagesInput struct { + Name string `json:"name"` + Memory int64 `json:"memory"` + Disk int64 `json:"disk"` + Swap int64 `json:"swap"` + LWPs int64 `json:"lwps"` + VCPUs int64 `json:"vcpus"` + Version string `json:"version"` + Group string `json:"group"` +} + +func (client *PackagesClient) ListPackages(input *ListPackagesInput) ([]*Package, error) { + respReader, err := client.executeRequest(http.MethodGet, fmt.Sprintf("/%s/packages", client.accountName), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListPackages request: {{err}}", err) + } + + var result []*Package + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListPackages response: {{err}}", err) + } + + return result, nil +} + +type GetPackageInput struct { + ID string +} + +func (client *PackagesClient) GetPackage(input *GetPackageInput) (*Package, error) { + path := fmt.Sprintf("/%s/packages/%s", client.accountName, input.ID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetPackage request: {{err}}", err) + } + + var result *Package + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetPackage response: {{err}}", err) + } + + return result, nil +} diff --git a/vendor/github.com/joyent/triton-go/roles.go b/vendor/github.com/joyent/triton-go/roles.go new file mode 100644 index 0000000000..81bbc44e71 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/roles.go @@ -0,0 +1,159 @@ +package triton + +import ( + "fmt" + "github.com/hashicorp/errwrap" + "net/http" + "encoding/json" +) + +type RolesClient struct { + *Client +} + +// Roles returns a c used for accessing functions pertaining +// to Role functionality in the Triton API. +func (c *Client) Roles() *RolesClient { + return &RolesClient{c} +} + +type Role struct { + ID string `json:"id"` + Name string `json:"name"` + Policies []string `json:"policies"` + Members []string `json:"policies"` + DefaultMembers []string `json:"default_members"` +} + +type ListRolesInput struct{} + +func (client *RolesClient) ListRoles(*ListRolesInput) ([]*Role, error) { + respReader, err := client.executeRequest(http.MethodGet, fmt.Sprintf("/%s/roles", client.accountName), nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListRoles request: {{err}}", err) + } + + var result []*Role + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding ListRoles response: {{err}}", err) + } + + return result, nil +} + +type GetRoleInput struct{ + RoleID string +} + +func (client *RolesClient) GetRole(input *GetRoleInput) (*Role, error) { + path := fmt.Sprintf("/%s/roles/%s", client.accountName, input.RoleID) + respReader, err := client.executeRequest(http.MethodGet, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing GetRole request: {{err}}", err) + } + + var result *Role + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding GetRole response: {{err}}", err) + } + + return result, nil +} + +// CreateRoleInput represents the options that can be specified +// when creating a new role. +type CreateRoleInput struct { + // Name of the role. Required. + Name string `json:"name"` + + // This account's policies to be given to this role. Optional. + Policies []string `json:"policies,omitempty"` + + // This account's user logins to be added to this role. Optional. + Members []string `json:"members,omitempty"` + + // This account's user logins to be added to this role and have + // it enabled by default. Optional. + DefaultMembers []string `json:"default_members,omitempty"` +} + +func (client *RolesClient) CreateRole(input *CreateRoleInput) (*Role, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/roles", client.accountName), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing CreateRole request: {{err}}", err) + } + + var result *Role + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding CreateRole response: {{err}}", err) + } + + return result, nil +} + +// UpdateRoleInput represents the options that can be specified +// when updating a role. Anything but ID can be modified. +type UpdateRoleInput struct { + // ID of the role to modify. Required. + RoleID string `json:"id"` + + // Name of the role. Required. + Name string `json:"name"` + + // This account's policies to be given to this role. Optional. + Policies []string `json:"policies,omitempty"` + + // This account's user logins to be added to this role. Optional. + Members []string `json:"members,omitempty"` + + // This account's user logins to be added to this role and have + // it enabled by default. Optional. + DefaultMembers []string `json:"default_members,omitempty"` +} + +func (client *RolesClient) UpdateRole(input *UpdateRoleInput) (*Role, error) { + respReader, err := client.executeRequest(http.MethodPost, fmt.Sprintf("/%s/roles/%s", client.accountName, input.RoleID), input) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing UpdateRole request: {{err}}", err) + } + + var result *Role + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&result); err != nil { + return nil, errwrap.Wrapf("Error decoding UpdateRole response: {{err}}", err) + } + + return result, nil +} + +type DeleteRoleInput struct { + RoleID string +} + +func (client *RolesClient) DeleteRoles(input *DeleteRoleInput) error { + path := fmt.Sprintf("/%s/roles/%s", client.accountName, input.RoleID) + respReader, err := client.executeRequest(http.MethodDelete, path, nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return errwrap.Wrapf("Error executing DeleteRole request: {{err}}", err) + } + + return nil +} diff --git a/vendor/github.com/joyent/triton-go/services.go b/vendor/github.com/joyent/triton-go/services.go new file mode 100644 index 0000000000..8b2d531914 --- /dev/null +++ b/vendor/github.com/joyent/triton-go/services.go @@ -0,0 +1,63 @@ +package triton + +import ( + "encoding/json" + "fmt" + "net/http" + "sort" + + "github.com/hashicorp/errwrap" +) + +type ServicesClient struct { + *Client +} + +// Services returns a c used for accessing functions pertaining +// to Services functionality in the Triton API. +func (c *Client) Services() *ServicesClient { + return &ServicesClient{c} +} + +type Service struct { + Name string + Endpoint string +} + +type ListServicesInput struct{} + +func (client *ServicesClient) ListServices(*ListServicesInput) ([]*Service, error) { + respReader, err := client.executeRequest(http.MethodGet, fmt.Sprintf("/%s/services", client.accountName), nil) + if respReader != nil { + defer respReader.Close() + } + if err != nil { + return nil, errwrap.Wrapf("Error executing ListServices request: {{err}}", err) + } + + var intermediate map[string]string + decoder := json.NewDecoder(respReader) + if err = decoder.Decode(&intermediate); err != nil { + return nil, errwrap.Wrapf("Error decoding ListServices response: {{err}}", err) + } + + keys := make([]string, len(intermediate)) + i := 0 + for k := range intermediate { + keys[i] = k + i++ + } + sort.Strings(keys) + + result := make([]*Service, len(intermediate)) + i = 0 + for _, key := range keys { + result[i] = &Service{ + Name: key, + Endpoint: intermediate[key], + } + i++ + } + + return result, nil +} diff --git a/vendor/vendor.json b/vendor/vendor.json index ee9f48dda2..e8993495c6 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -2287,18 +2287,24 @@ "revision": "ece4f0cbe61f600794bbcff71d8f9ee86909b2dc", "revisionTime": "2016-09-13T20:25:01Z" }, - { - "checksumSHA1": "PDzjpRNeytdYU39/PByzwCMvKQ8=", - "path": "github.com/joyent/gosdc/cloudapi", - "revision": "042c6e9de2b48a646d310e70cc0050c83fe18200", - "revisionTime": "2016-04-26T05:09:12Z" - }, { "checksumSHA1": "N0NRIcJF7aj1wd56DA1N9GpYq/4=", "path": "github.com/joyent/gosign/auth", "revision": "8978c75ffefb3f63a977ad9cbfce40caeb40177e", "revisionTime": "2016-06-16T18:50:15Z" }, + { + "checksumSHA1": "fue8Al8kqw/Q6VFPsNzoky7NIgo=", + "path": "github.com/joyent/triton-go", + "revision": "ed036af6d128e3c1ef76e92218810d3b298d1407", + "revisionTime": "2017-03-30T22:02:44Z" + }, + { + "checksumSHA1": "7sIV9LK625xVO9WsV1gaLQgfBeY=", + "path": "github.com/joyent/triton-go/authentication", + "revision": "ed036af6d128e3c1ef76e92218810d3b298d1407", + "revisionTime": "2017-03-30T22:02:44Z" + }, { "checksumSHA1": "YhQcOsGx8r2S/jkJ0Qt4cZ5BLCU=", "comment": "v0.3.0-33-g53d1c0a", diff --git a/website/source/docs/providers/triton/index.html.markdown b/website/source/docs/providers/triton/index.html.markdown index 4954f1291e..1660ad718a 100644 --- a/website/source/docs/providers/triton/index.html.markdown +++ b/website/source/docs/providers/triton/index.html.markdown @@ -1,12 +1,12 @@ --- layout: "triton" -page_title: "Provider: Triton" +page_title: "Provider: Joyent Triton" sidebar_current: "docs-triton-index" description: |- Used to provision infrastructure in Joyent's Triton public or on-premise clouds. --- -# Triton Provider +# Joyent Triton Provider The Triton provider is used to interact with resources in Joyent's Triton cloud. It is compatible with both public- and on-premise installations of Triton. The provider needs to be configured with the proper credentials before it can be used. @@ -16,11 +16,11 @@ Use the navigation to the left to read about the available resources. ``` provider "triton" { - account = "AccountName" - key_material = "${file("~/.ssh/id_rsa")}" - key_id = "25:d4:a9:fe:ef:e6:c0:bf:b4:4b:4b:d4:a8:8f:01:0f" + account = "AccountName" + key_id = "25:d4:a9:fe:ef:e6:c0:bf:b4:4b:4b:d4:a8:8f:01:0f" - # Set the URL to specify the specific Triton Data Center: + # If using a private installation of Triton, specify the URL, otherwise + # set the URL according to the region you wish to provision. url = "https://us-west-1.api.joyentcloud.com" } ``` @@ -30,6 +30,6 @@ provider "triton" { The following arguments are supported in the `provider` block: * `account` - (Required) This is the name of the Triton account. It can also be provided via the `SDC_ACCOUNT` environment variable. -* `key_material` - (Required) This is the private key of an SSH key associated with the Triton account to be used. +* `key_material` - (Optional) This is the private key of an SSH key associated with the Triton account to be used. If this is not set, the private key corresponding to the fingerprint in `key_id` must be available via an SSH Agent. * `key_id` - (Required) This is the fingerprint of the public key matching the key specified in `key_path`. It can be obtained via the command `ssh-keygen -l -E md5 -f /path/to/key` * `url` - (Optional) This is the URL to the Triton API endpoint. It is required if using a private installation of Triton. The default is to use the Joyent public cloud us-west-1 endpoint. Valid public cloud endpoints include: `us-east-1`, `us-east-2`, `us-east-3`, `us-sw-1`, `us-west-1`, `eu-ams-1` diff --git a/website/source/layouts/triton.erb b/website/source/layouts/triton.erb index 3e048b3ea6..75e2568697 100644 --- a/website/source/layouts/triton.erb +++ b/website/source/layouts/triton.erb @@ -7,7 +7,7 @@ > - Triton Provider + Joyent Triton Provider > From 9f23779933474ac1e83679f47057b85c9071bee7 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 01:26:34 +0300 Subject: [PATCH 064/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9ac649e13..748f22299e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ IMPROVEMENTS: * provider/aws: `aws_opsworks_stack` `custom_cookbooks_source.0.password` field marked as sensitive [GH-13147] * provider/aws: Support the ability to enable / disable ipv6 support in VPC [GH-12527] * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] + * provider/triton: Move to joyent/triton-go [GH-13225] BUG FIXES: From 829649f44cb70cb38aea425e8039b1ca5e758cf7 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Fri, 31 Mar 2017 07:30:25 +0100 Subject: [PATCH 065/101] provider/aws: Add support for Lightsail Static IP Attachment (#13207) --- builtin/providers/aws/provider.go | 1 + ...urce_aws_lightsail_static_ip_attachment.go | 96 +++++++++++ ...aws_lightsail_static_ip_attachment_test.go | 163 ++++++++++++++++++ ...ghtsail_static_ip_attachment.html.markdown | 49 ++++++ website/source/layouts/aws.erb | 4 + 5 files changed, 313 insertions(+) create mode 100644 builtin/providers/aws/resource_aws_lightsail_static_ip_attachment.go create mode 100644 builtin/providers/aws/resource_aws_lightsail_static_ip_attachment_test.go create mode 100644 website/source/docs/providers/aws/r/lightsail_static_ip_attachment.html.markdown diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 7410efb7fc..0ad5817858 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -339,6 +339,7 @@ func Provider() terraform.ResourceProvider { "aws_lightsail_instance": resourceAwsLightsailInstance(), "aws_lightsail_key_pair": resourceAwsLightsailKeyPair(), "aws_lightsail_static_ip": resourceAwsLightsailStaticIp(), + "aws_lightsail_static_ip_attachment": resourceAwsLightsailStaticIpAttachment(), "aws_lb_cookie_stickiness_policy": resourceAwsLBCookieStickinessPolicy(), "aws_load_balancer_policy": resourceAwsLoadBalancerPolicy(), "aws_load_balancer_backend_server_policy": resourceAwsLoadBalancerBackendServerPolicies(), diff --git a/builtin/providers/aws/resource_aws_lightsail_static_ip_attachment.go b/builtin/providers/aws/resource_aws_lightsail_static_ip_attachment.go new file mode 100644 index 0000000000..766ccff55d --- /dev/null +++ b/builtin/providers/aws/resource_aws_lightsail_static_ip_attachment.go @@ -0,0 +1,96 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/lightsail" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsLightsailStaticIpAttachment() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsLightsailStaticIpAttachmentCreate, + Read: resourceAwsLightsailStaticIpAttachmentRead, + Delete: resourceAwsLightsailStaticIpAttachmentDelete, + + Schema: map[string]*schema.Schema{ + "static_ip_name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "instance_name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceAwsLightsailStaticIpAttachmentCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lightsailconn + + staticIpName := d.Get("static_ip_name").(string) + log.Printf("[INFO] Attaching Lightsail Static IP: %q", staticIpName) + out, err := conn.AttachStaticIp(&lightsail.AttachStaticIpInput{ + StaticIpName: aws.String(staticIpName), + InstanceName: aws.String(d.Get("instance_name").(string)), + }) + if err != nil { + return err + } + log.Printf("[INFO] Lightsail Static IP attached: %s", *out) + + d.SetId(staticIpName) + + return resourceAwsLightsailStaticIpAttachmentRead(d, meta) +} + +func resourceAwsLightsailStaticIpAttachmentRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lightsailconn + + staticIpName := d.Get("static_ip_name").(string) + log.Printf("[INFO] Reading Lightsail Static IP: %q", staticIpName) + out, err := conn.GetStaticIp(&lightsail.GetStaticIpInput{ + StaticIpName: aws.String(staticIpName), + }) + if err != nil { + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "NotFoundException" { + log.Printf("[WARN] Lightsail Static IP (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + } + return err + } + if !*out.StaticIp.IsAttached { + log.Printf("[WARN] Lightsail Static IP (%s) is not attached, removing from state", d.Id()) + d.SetId("") + return nil + } + + log.Printf("[INFO] Received Lightsail Static IP: %s", *out) + + d.Set("instance_name", out.StaticIp.AttachedTo) + + return nil +} + +func resourceAwsLightsailStaticIpAttachmentDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lightsailconn + + name := d.Get("static_ip_name").(string) + log.Printf("[INFO] Detaching Lightsail Static IP: %q", name) + out, err := conn.DetachStaticIp(&lightsail.DetachStaticIpInput{ + StaticIpName: aws.String(name), + }) + if err != nil { + return err + } + log.Printf("[INFO] Detached Lightsail Static IP: %s", *out) + return nil +} diff --git a/builtin/providers/aws/resource_aws_lightsail_static_ip_attachment_test.go b/builtin/providers/aws/resource_aws_lightsail_static_ip_attachment_test.go new file mode 100644 index 0000000000..bf0aa0898f --- /dev/null +++ b/builtin/providers/aws/resource_aws_lightsail_static_ip_attachment_test.go @@ -0,0 +1,163 @@ +package aws + +import ( + "errors" + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/service/lightsail" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSLightsailStaticIpAttachment_basic(t *testing.T) { + var staticIp lightsail.StaticIp + staticIpName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + instanceName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + keypairName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLightsailStaticIpAttachmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLightsailStaticIpAttachmentConfig_basic(staticIpName, instanceName, keypairName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSLightsailStaticIpAttachmentExists("aws_lightsail_static_ip_attachment.test", &staticIp), + ), + }, + }, + }) +} + +func TestAccAWSLightsailStaticIpAttachment_disappears(t *testing.T) { + var staticIp lightsail.StaticIp + staticIpName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + instanceName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + keypairName := fmt.Sprintf("tf-test-lightsail-%s", acctest.RandString(5)) + + staticIpDestroy := func(*terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).lightsailconn + _, err := conn.DetachStaticIp(&lightsail.DetachStaticIpInput{ + StaticIpName: aws.String(staticIpName), + }) + + if err != nil { + return fmt.Errorf("Error deleting Lightsail Static IP in disappear test") + } + + return nil + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLightsailStaticIpAttachmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLightsailStaticIpAttachmentConfig_basic(staticIpName, instanceName, keypairName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSLightsailStaticIpAttachmentExists("aws_lightsail_static_ip_attachment.test", &staticIp), + staticIpDestroy, + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSLightsailStaticIpAttachmentExists(n string, staticIp *lightsail.StaticIp) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return errors.New("No Lightsail Static IP Attachment ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).lightsailconn + + resp, err := conn.GetStaticIp(&lightsail.GetStaticIpInput{ + StaticIpName: aws.String(rs.Primary.ID), + }) + if err != nil { + return err + } + + if resp == nil || resp.StaticIp == nil { + return fmt.Errorf("Static IP (%s) not found", rs.Primary.ID) + } + + if !*resp.StaticIp.IsAttached { + return fmt.Errorf("Static IP (%s) not attached", rs.Primary.ID) + } + + *staticIp = *resp.StaticIp + return nil + } +} + +func testAccCheckAWSLightsailStaticIpAttachmentDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_lightsail_static_ip_attachment" { + continue + } + + conn := testAccProvider.Meta().(*AWSClient).lightsailconn + + resp, err := conn.GetStaticIp(&lightsail.GetStaticIpInput{ + StaticIpName: aws.String(rs.Primary.ID), + }) + + if err == nil { + if *resp.StaticIp.IsAttached { + return fmt.Errorf("Lightsail Static IP %q is still attached (to %q)", rs.Primary.ID, *resp.StaticIp.AttachedTo) + } + } + + // Verify the error + if awsErr, ok := err.(awserr.Error); ok { + if awsErr.Code() == "NotFoundException" { + return nil + } + } + return err + } + + return nil +} + +func testAccAWSLightsailStaticIpAttachmentConfig_basic(staticIpName, instanceName, keypairName string) string { + return fmt.Sprintf(` +provider "aws" { + region = "us-east-1" +} + +resource "aws_lightsail_static_ip_attachment" "test" { + static_ip_name = "${aws_lightsail_static_ip.test.name}" + instance_name = "${aws_lightsail_instance.test.name}" +} + +resource "aws_lightsail_static_ip" "test" { + name = "%s" +} + +resource "aws_lightsail_instance" "test" { + name = "%s" + availability_zone = "us-east-1b" + blueprint_id = "wordpress_4_6_1" + bundle_id = "micro_1_0" + key_pair_name = "${aws_lightsail_key_pair.test.name}" +} + +resource "aws_lightsail_key_pair" "test" { + name = "%s" +} +`, staticIpName, instanceName, keypairName) +} diff --git a/website/source/docs/providers/aws/r/lightsail_static_ip_attachment.html.markdown b/website/source/docs/providers/aws/r/lightsail_static_ip_attachment.html.markdown new file mode 100644 index 0000000000..063a3cc83e --- /dev/null +++ b/website/source/docs/providers/aws/r/lightsail_static_ip_attachment.html.markdown @@ -0,0 +1,49 @@ +--- +layout: "aws" +page_title: "AWS: aws_lightsail_static_ip_attachment" +sidebar_current: "docs-aws-resource-lightsail-static-ip-attachment" +description: |- + Provides an Lightsail Static IP Attachment +--- + +# aws\_lightsail\_static\_ip\_attachment + +Provides a static IP address attachment - relationship between a Lightsail static IP & Lightsail instance. + +~> **Note:** Lightsail is currently only supported in `us-east-1` region. + +## Example Usage + +``` +resource "aws_lightsail_static_ip_attachment" "test" { + static_ip_name = "${aws_lightsail_static_ip.test.name}" + instance_name = "${aws_lightsail_instance.test.name}" +} + +resource "aws_lightsail_static_ip" "test" { + name = "example" +} + +resource "aws_lightsail_instance" "test" { + name = "example" + availability_zone = "us-east-1b" + blueprint_id = "string" + bundle_id = "string" + key_pair_name = "some_key_name" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `static_ip_name` - (Required) The name of the allocated static IP +* `instance_name` - (Required) The name of the Lightsail instance to attach the IP to + +## Attributes Reference + +The following attributes are exported in addition to the arguments listed above: + +* `arn` - The ARN of the Lightsail static IP +* `ip_address` - The allocated static IP address +* `support_code` - The support code. diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index ac5f9638a0..d3e39f97d5 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -888,6 +888,10 @@ aws_lightsail_static_ip + > + aws_lightsail_static_ip_attachment + +
From 39b9e77d8a73a38d54f9b349665f33d46e751775 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Fri, 31 Mar 2017 07:31:30 +0100 Subject: [PATCH 066/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 748f22299e..4807a6cc94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ FEATURES: * **New Resource:** `aws_lightsail_static_ip` [GH-13175] + * **New Resource:** `aws_lightsail_static_ip_attachment` [GH-13207] * **New Resource:** `kubernetes_secret` [GH-12960] * **New Data Source:** `aws_iam_role` [GH-13213] From ee0a4c43fc307f61a8c9f8b9a32c0e3f50f247e5 Mon Sep 17 00:00:00 2001 From: Seigo Uchida Date: Fri, 31 Mar 2017 16:32:54 +0900 Subject: [PATCH 067/101] [docs] Fix wrong attributes in lambda_permission doc (#13191) * Fix wrong attributes in lambda_permission doc * Add a missing attribute in lambda_permission doc --- .../docs/providers/aws/r/lambda_permission.html.markdown | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/website/source/docs/providers/aws/r/lambda_permission.html.markdown b/website/source/docs/providers/aws/r/lambda_permission.html.markdown index 671108cd95..3360aef2de 100644 --- a/website/source/docs/providers/aws/r/lambda_permission.html.markdown +++ b/website/source/docs/providers/aws/r/lambda_permission.html.markdown @@ -27,7 +27,7 @@ resource "aws_lambda_permission" "allow_cloudwatch" { resource "aws_lambda_alias" "test_alias" { name = "testalias" description = "a sample description" - function_name = "${aws_lambda_function.test_lambda.arn}" + function_name = "${aws_lambda_function.test_lambda.function_name}" function_version = "$LATEST" } @@ -36,6 +36,7 @@ resource "aws_lambda_function" "test_lambda" { function_name = "lambda_function_name" role = "${aws_iam_role.iam_for_lambda.arn}" handler = "exports.handler" + runtime = "nodejs6.10" } resource "aws_iam_role" "iam_for_lambda" { @@ -65,7 +66,7 @@ EOF resource "aws_lambda_permission" "with_sns" { statement_id = "AllowExecutionFromSNS" action = "lambda:InvokeFunction" - function_name = "${aws_lambda_function.my-func.arn}" + function_name = "${aws_lambda_function.my-func.function_name}" principal = "sns.amazonaws.com" source_arn = "${aws_sns_topic.default.arn}" } @@ -85,6 +86,7 @@ resource "aws_lambda_function" "func" { function_name = "lambda_called_from_sns" role = "${aws_iam_role.default.arn}" handler = "exports.handler" + runtime = "python2.7" } resource "aws_iam_role" "default" { From 293922e5aef6ebc32f26c302ca06fe27021133e8 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:28:56 +0300 Subject: [PATCH 068/101] provider/aws: Refresh aws_alb_target_group stickiness on manual updates (#13199) Fixes: #13167 When changes to the target group were made via CLI or AWS Console, they were not being picked up by terraform. This is because we were not catching an error setting the `stickiness` parameters: ``` Error refreshing state: 1 error(s) occurred: * aws_alb_target_group.test: aws_alb_target_group.test: stickiness.0.enabled: '' expected type 'bool', got unconvertible type 'string' ``` This meant that changes were not picked up in the following plan. The changes mean the following now: ``` ~ aws_alb_target_group.test stickiness.0.cookie_duration: "10440" => "10000" stickiness.0.enabled: "false" => "true" Plan: 0 to add, 1 to change, 0 to destroy. ``` --- .../aws/resource_aws_alb_target_group.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_alb_target_group.go b/builtin/providers/aws/resource_aws_alb_target_group.go index 96ecd0d429..01f96b3274 100644 --- a/builtin/providers/aws/resource_aws_alb_target_group.go +++ b/builtin/providers/aws/resource_aws_alb_target_group.go @@ -258,11 +258,19 @@ func resourceAwsAlbTargetGroupRead(d *schema.ResourceData, meta interface{}) err for _, attr := range attrResp.Attributes { switch *attr.Key { case "stickiness.enabled": - stickinessMap["enabled"] = *attr.Value + enabled, err := strconv.ParseBool(*attr.Value) + if err != nil { + return fmt.Errorf("Error converting stickiness.enabled to bool: %s", *attr.Value) + } + stickinessMap["enabled"] = enabled case "stickiness.type": stickinessMap["type"] = *attr.Value case "stickiness.lb_cookie.duration_seconds": - stickinessMap["cookie_duration"] = *attr.Value + duration, err := strconv.Atoi(*attr.Value) + if err != nil { + return fmt.Errorf("Error converting stickiness.lb_cookie.duration_seconds to int: %s", *attr.Value) + } + stickinessMap["cookie_duration"] = duration case "deregistration_delay.timeout_seconds": timeout, err := strconv.Atoi(*attr.Value) if err != nil { @@ -271,7 +279,10 @@ func resourceAwsAlbTargetGroupRead(d *schema.ResourceData, meta interface{}) err d.Set("deregistration_delay", timeout) } } - d.Set("stickiness", []interface{}{stickinessMap}) + + if err := d.Set("stickiness", []interface{}{stickinessMap}); err != nil { + return err + } return nil } From 5a37434bf198a2d53b18bc0556e505594fb1a12a Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:30:21 +0300 Subject: [PATCH 069/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4807a6cc94..5d29e34097 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ BUG FIXES: * provider/aws: `volume_type` of `aws_elasticsearch_domain.0.ebs_options` marked as `Computed` which prevents spurious diffs [GH-13160] * provider/aws: Don't set DBName on `aws_db_instance` from snapshot [GH-13140] * provider/aws: Add DiffSuppression to aws_ecs_service placement_strategies [GH-13220] + * provider/aws: Refresh aws_alb_target_group stickiness on manual updates [GH-13199] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From e4e9d1e0730cb8031a58719579cc39985eda14eb Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:34:51 +0300 Subject: [PATCH 070/101] provider/aws: Preserve default retain_on_delete in cloudfront import (#13209) Fixes: #10969 --- .../providers/aws/import_aws_cloudfront_distribution.go | 4 ++++ .../aws/import_aws_cloudfront_distribution_test.go | 7 ++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/builtin/providers/aws/import_aws_cloudfront_distribution.go b/builtin/providers/aws/import_aws_cloudfront_distribution.go index dcb8792a3e..acfc836dc5 100644 --- a/builtin/providers/aws/import_aws_cloudfront_distribution.go +++ b/builtin/providers/aws/import_aws_cloudfront_distribution.go @@ -7,6 +7,10 @@ import ( ) func resourceAwsCloudFrontDistributionImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + // This is a non API attribute + // We are merely setting this to the same value as the Default setting in the schema + d.Set("retain_on_delete", false) + conn := meta.(*AWSClient).cloudfrontconn id := d.Id() resp, err := conn.GetDistributionConfig(&cloudfront.GetDistributionConfigInput{ diff --git a/builtin/providers/aws/import_aws_cloudfront_distribution_test.go b/builtin/providers/aws/import_aws_cloudfront_distribution_test.go index 9fc1958198..787d913a59 100644 --- a/builtin/providers/aws/import_aws_cloudfront_distribution_test.go +++ b/builtin/providers/aws/import_aws_cloudfront_distribution_test.go @@ -19,16 +19,13 @@ func TestAccAWSCloudFrontDistribution_importBasic(t *testing.T) { Providers: testAccProviders, CheckDestroy: testAccCheckCloudFrontDistributionDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testConfig, }, - resource.TestStep{ + { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - // Ignore retain_on_delete since it doesn't come from the AWS - // API. - ImportStateVerifyIgnore: []string{"retain_on_delete"}, }, }, }) From 453325f3246cf3d41042145b68a04b3ed84cf45c Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:35:39 +0300 Subject: [PATCH 071/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d29e34097..f57fcd3b4a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ BUG FIXES: * provider/aws: Don't set DBName on `aws_db_instance` from snapshot [GH-13140] * provider/aws: Add DiffSuppression to aws_ecs_service placement_strategies [GH-13220] * provider/aws: Refresh aws_alb_target_group stickiness on manual updates [GH-13199] + * provider/aws: Preserve default retain_on_delete in cloudfront import [GH-13209] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From 46a5cd543c539a37f4770c2dc7040a112f992512 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:36:15 +0300 Subject: [PATCH 072/101] provider/aws: Refresh aws_alb_target_group tags (#13200) Fixes: #8847 We actually didn't get the list of tags from the API, therefore, any manual changes were not actually showing up in subsequent plans ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_basic' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/30 15:45:53 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_basic -timeout 120m === RUN TestAccAWSALBTargetGroup_basic --- PASS: TestAccAWSALBTargetGroup_basic (62.76s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 62.787s ``` --- .../providers/aws/resource_aws_alb_target_group.go | 14 ++++++++++++++ .../aws/resource_aws_alb_target_group_test.go | 2 ++ 2 files changed, 16 insertions(+) diff --git a/builtin/providers/aws/resource_aws_alb_target_group.go b/builtin/providers/aws/resource_aws_alb_target_group.go index 01f96b3274..df1a662be1 100644 --- a/builtin/providers/aws/resource_aws_alb_target_group.go +++ b/builtin/providers/aws/resource_aws_alb_target_group.go @@ -284,6 +284,20 @@ func resourceAwsAlbTargetGroupRead(d *schema.ResourceData, meta interface{}) err return err } + tagsResp, err := elbconn.DescribeTags(&elbv2.DescribeTagsInput{ + ResourceArns: []*string{aws.String(d.Id())}, + }) + if err != nil { + return errwrap.Wrapf("Error retrieving Target Group Tags: {{err}}", err) + } + for _, t := range tagsResp.TagDescriptions { + if *t.ResourceArn == d.Id() { + if err := d.Set("tags", tagsToMapELBv2(t.Tags)); err != nil { + return err + } + } + } + return nil } diff --git a/builtin/providers/aws/resource_aws_alb_target_group_test.go b/builtin/providers/aws/resource_aws_alb_target_group_test.go index 67d453e6cb..7a67978a8a 100644 --- a/builtin/providers/aws/resource_aws_alb_target_group_test.go +++ b/builtin/providers/aws/resource_aws_alb_target_group_test.go @@ -77,6 +77,8 @@ func TestAccAWSALBTargetGroup_basic(t *testing.T) { resource.TestCheckResourceAttr("aws_alb_target_group.test", "health_check.0.healthy_threshold", "3"), resource.TestCheckResourceAttr("aws_alb_target_group.test", "health_check.0.unhealthy_threshold", "3"), resource.TestCheckResourceAttr("aws_alb_target_group.test", "health_check.0.matcher", "200-299"), + resource.TestCheckResourceAttr("aws_alb_target_group.test", "tags.%", "1"), + resource.TestCheckResourceAttr("aws_alb_target_group.test", "tags.TestName", "TestAccAWSALBTargetGroup_basic"), ), }, }, From d139db87397260d29e791e64e568c0f95f406632 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:36:39 +0300 Subject: [PATCH 073/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f57fcd3b4a..ed00095b57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ BUG FIXES: * provider/aws: Add DiffSuppression to aws_ecs_service placement_strategies [GH-13220] * provider/aws: Refresh aws_alb_target_group stickiness on manual updates [GH-13199] * provider/aws: Preserve default retain_on_delete in cloudfront import [GH-13209] + * provider/aws: Refresh aws_alb_target_group tags [GH-13200] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From d06db231971de673efc76ec8c82d711443c77655 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:40:37 +0300 Subject: [PATCH 074/101] provider/aws: Set aws_vpn_connection to recreate when in deleted state (#13204) Fixes: #12440 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/30 16:16:13 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m === RUN TestAccAWSVpnConnection_importBasic --- PASS: TestAccAWSVpnConnection_importBasic (208.68s) === RUN TestAccAWSVpnConnection_basic --- PASS: TestAccAWSVpnConnection_basic (391.02s) === RUN TestAccAWSVpnConnection_withoutStaticRoutes --- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (316.99s) === RUN TestAccAWSVpnConnection_disappears --- PASS: TestAccAWSVpnConnection_disappears (202.84s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1119.563s ``` --- .../aws/resource_aws_vpn_connection.go | 5 ++ .../aws/resource_aws_vpn_connection_test.go | 82 ++++++++++++++++++- 2 files changed, 85 insertions(+), 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_vpn_connection.go b/builtin/providers/aws/resource_aws_vpn_connection.go index b38d903cf8..1cdd83efd1 100644 --- a/builtin/providers/aws/resource_aws_vpn_connection.go +++ b/builtin/providers/aws/resource_aws_vpn_connection.go @@ -294,6 +294,11 @@ func resourceAwsVpnConnectionRead(d *schema.ResourceData, meta interface{}) erro } vpnConnection := resp.VpnConnections[0] + if vpnConnection == nil || *vpnConnection.State == "deleted" { + // Seems we have lost our VPN Connection + d.SetId("") + return nil + } // Set attributes under the user's control. d.Set("vpn_gateway_id", vpnConnection.VpnGatewayId) diff --git a/builtin/providers/aws/resource_aws_vpn_connection_test.go b/builtin/providers/aws/resource_aws_vpn_connection_test.go index a07bdd10ba..e5328ca9a1 100644 --- a/builtin/providers/aws/resource_aws_vpn_connection_test.go +++ b/builtin/providers/aws/resource_aws_vpn_connection_test.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "testing" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" @@ -13,6 +14,8 @@ import ( ) func TestAccAWSVpnConnection_basic(t *testing.T) { + var vpn ec2.VpnConnection + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, IDRefreshName: "aws_vpn_connection.foo", @@ -27,6 +30,7 @@ func TestAccAWSVpnConnection_basic(t *testing.T) { "aws_vpn_gateway.vpn_gateway", "aws_customer_gateway.customer_gateway", "aws_vpn_connection.foo", + &vpn, ), ), }, @@ -38,6 +42,7 @@ func TestAccAWSVpnConnection_basic(t *testing.T) { "aws_vpn_gateway.vpn_gateway", "aws_customer_gateway.customer_gateway", "aws_vpn_connection.foo", + &vpn, ), ), }, @@ -46,6 +51,7 @@ func TestAccAWSVpnConnection_basic(t *testing.T) { } func TestAccAWSVpnConnection_withoutStaticRoutes(t *testing.T) { + var vpn ec2.VpnConnection resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, IDRefreshName: "aws_vpn_connection.foo", @@ -60,6 +66,7 @@ func TestAccAWSVpnConnection_withoutStaticRoutes(t *testing.T) { "aws_vpn_gateway.vpn_gateway", "aws_customer_gateway.customer_gateway", "aws_vpn_connection.foo", + &vpn, ), resource.TestCheckResourceAttr("aws_vpn_connection.foo", "static_routes_only", "false"), ), @@ -68,6 +75,74 @@ func TestAccAWSVpnConnection_withoutStaticRoutes(t *testing.T) { }) } +func TestAccAWSVpnConnection_disappears(t *testing.T) { + var vpn ec2.VpnConnection + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccAwsVpnConnectionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAwsVpnConnectionConfig, + Check: resource.ComposeTestCheckFunc( + testAccAwsVpnConnection( + "aws_vpc.vpc", + "aws_vpn_gateway.vpn_gateway", + "aws_customer_gateway.customer_gateway", + "aws_vpn_connection.foo", + &vpn, + ), + testAccAWSVpnConnectionDisappears(&vpn), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccAWSVpnConnectionDisappears(connection *ec2.VpnConnection) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).ec2conn + + _, err := conn.DeleteVpnConnection(&ec2.DeleteVpnConnectionInput{ + VpnConnectionId: connection.VpnConnectionId, + }) + if err != nil { + if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnConnectionID.NotFound" { + return nil + } + if err != nil { + return err + } + } + + return resource.Retry(40*time.Minute, func() *resource.RetryError { + opts := &ec2.DescribeVpnConnectionsInput{ + VpnConnectionIds: []*string{connection.VpnConnectionId}, + } + resp, err := conn.DescribeVpnConnections(opts) + if err != nil { + cgw, ok := err.(awserr.Error) + if ok && cgw.Code() == "InvalidVpnConnectionID.NotFound" { + return nil + } + if ok && cgw.Code() == "IncorrectState" { + return resource.RetryableError(fmt.Errorf( + "Waiting for VPN Connection to be in the correct state: %v", connection.VpnConnectionId)) + } + return resource.NonRetryableError( + fmt.Errorf("Error retrieving VPN Connection: %s", err)) + } + if *resp.VpnConnections[0].State == "deleted" { + return nil + } + return resource.RetryableError(fmt.Errorf( + "Waiting for VPN Connection: %v", connection.VpnConnectionId)) + }) + } +} + func testAccAwsVpnConnectionDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).ec2conn for _, rs := range s.RootModule().Resources { @@ -112,7 +187,8 @@ func testAccAwsVpnConnection( vpcResource string, vpnGatewayResource string, customerGatewayResource string, - vpnConnectionResource string) resource.TestCheckFunc { + vpnConnectionResource string, + vpnConnection *ec2.VpnConnection) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[vpnConnectionResource] if !ok { @@ -129,7 +205,7 @@ func testAccAwsVpnConnection( ec2conn := testAccProvider.Meta().(*AWSClient).ec2conn - _, err := ec2conn.DescribeVpnConnections(&ec2.DescribeVpnConnectionsInput{ + resp, err := ec2conn.DescribeVpnConnections(&ec2.DescribeVpnConnectionsInput{ VpnConnectionIds: []*string{aws.String(connection.Primary.ID)}, }) @@ -137,6 +213,8 @@ func testAccAwsVpnConnection( return err } + *vpnConnection = *resp.VpnConnections[0] + return nil } } From b449b80af3333d5ac8b0976156d9ef5401d8fa5c Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:41:08 +0300 Subject: [PATCH 075/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed00095b57..93823fa3d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ BUG FIXES: * provider/aws: Refresh aws_alb_target_group stickiness on manual updates [GH-13199] * provider/aws: Preserve default retain_on_delete in cloudfront import [GH-13209] * provider/aws: Refresh aws_alb_target_group tags [GH-13200] + * provider/aws: Set aws_vpn_connection to recreate when in deleted state [GH-13204] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From 74c0353231d8f31921d28f90b146a838a58359c8 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:45:45 +0300 Subject: [PATCH 076/101] provider/aws: Wait for aws_opsworks_instance to be running when it's specified (#13218) Fixes: #9959 When we specify that we want an opsworks_instance state of running, we should wait for that the be the case. This will then allow us to use the Computed values (e.g. private_ip) etc and allow us to use provisioners as part of the terraform config ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSOpsworksInstance' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/30 20:55:21 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSOpsworksInstance -timeout 120m === RUN TestAccAWSOpsworksInstance_importBasic --- PASS: TestAccAWSOpsworksInstance_importBasic (72.28s) === RUN TestAccAWSOpsworksInstance --- PASS: TestAccAWSOpsworksInstance (110.17s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 182.479s ``` --- builtin/providers/aws/resource_aws_opsworks_instance.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_opsworks_instance.go b/builtin/providers/aws/resource_aws_opsworks_instance.go index 2b2b51c492..b195ac9027 100644 --- a/builtin/providers/aws/resource_aws_opsworks_instance.go +++ b/builtin/providers/aws/resource_aws_opsworks_instance.go @@ -781,7 +781,7 @@ func resourceAwsOpsworksInstanceCreate(d *schema.ResourceData, meta interface{}) d.Set("id", instanceId) if v, ok := d.GetOk("state"); ok && v.(string) == "running" { - err := startOpsworksInstance(d, meta, false) + err := startOpsworksInstance(d, meta, true) if err != nil { return err } @@ -860,7 +860,7 @@ func resourceAwsOpsworksInstanceUpdate(d *schema.ResourceData, meta interface{}) } } else { if status != "stopped" && status != "stopping" && status != "shutting_down" { - err := stopOpsworksInstance(d, meta, false) + err := stopOpsworksInstance(d, meta, true) if err != nil { return err } From 835792018a119284573eb787df5c4ff14fc7c9b8 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 14:47:27 +0300 Subject: [PATCH 077/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93823fa3d4..c453749ca6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,7 @@ BUG FIXES: * provider/aws: Preserve default retain_on_delete in cloudfront import [GH-13209] * provider/aws: Refresh aws_alb_target_group tags [GH-13200] * provider/aws: Set aws_vpn_connection to recreate when in deleted state [GH-13204] + * provider/aws: Wait for aws_opsworks_instance to be running when it's specified [GH-13218] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From 0f2331cf81d9430d92dc11c3a2937d918c594f05 Mon Sep 17 00:00:00 2001 From: Phillip Shipley Date: Fri, 31 Mar 2017 08:29:04 -0400 Subject: [PATCH 078/101] Improved sentence based on feedback --- website/source/docs/state/purpose.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/state/purpose.html.md b/website/source/docs/state/purpose.html.md index 7c2893abfd..a8647006ec 100644 --- a/website/source/docs/state/purpose.html.md +++ b/website/source/docs/state/purpose.html.md @@ -88,7 +88,7 @@ state is treated as the record of truth. ## Syncing -The primary motivation people have to remote state files is in an attempt +The primary motivation people have for using remote state files is in an attempt to improve using Terraform with teams. State files can easily result in conflicts when two people modify infrastructure at the same time. From 6ed873b72d85aaa896356d1c742c72bf3605b45e Mon Sep 17 00:00:00 2001 From: zimbatm Date: Fri, 31 Mar 2017 11:46:48 +0100 Subject: [PATCH 079/101] Make the external test work on more environments GOPATH is actually a list of path and doesn't necessarily have to be set. If unset it will default to $GOPATH/go in go 1.9+. Assume that go install will install to the first path in the list. --- builtin/providers/external/data_source_test.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/builtin/providers/external/data_source_test.go b/builtin/providers/external/data_source_test.go index dbdf003864..b1ceabddfb 100644 --- a/builtin/providers/external/data_source_test.go +++ b/builtin/providers/external/data_source_test.go @@ -5,6 +5,7 @@ import ( "os" "os/exec" "path" + "path/filepath" "regexp" "testing" @@ -117,8 +118,13 @@ func buildDataSourceTestProgram() (string, error) { return "", fmt.Errorf("failed to build test stub program: %s", err) } + gopath := os.Getenv("GOPATH") + if gopath == "" { + gopath = filepath.Join(os.Getenv("HOME") + "/go") + } + programPath := path.Join( - os.Getenv("GOPATH"), "bin", "tf-acc-external-data-source", + filepath.SplitList(gopath)[0], "bin", "tf-acc-external-data-source", ) return programPath, nil } From c44487caee20051124d69d7e00ba4f08f3605f0c Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Wed, 29 Mar 2017 18:26:54 -0400 Subject: [PATCH 080/101] Handle the case when issue labels already exist This fixes GH-13163 --- .../github/resource_github_issue_label.go | 73 +++++++++++-------- .../github/r/issue_label.html.markdown | 16 +++- 2 files changed, 57 insertions(+), 32 deletions(-) diff --git a/builtin/providers/github/resource_github_issue_label.go b/builtin/providers/github/resource_github_issue_label.go index 0d89c0343b..5a1f6eea4f 100644 --- a/builtin/providers/github/resource_github_issue_label.go +++ b/builtin/providers/github/resource_github_issue_label.go @@ -10,9 +10,9 @@ import ( func resourceGithubIssueLabel() *schema.Resource { return &schema.Resource{ - Create: resourceGithubIssueLabelCreate, + Create: resourceGithubIssueLabelCreateOrUpdate, Read: resourceGithubIssueLabelRead, - Update: resourceGithubIssueLabelUpdate, + Update: resourceGithubIssueLabelCreateOrUpdate, Delete: resourceGithubIssueLabelDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, @@ -40,21 +40,54 @@ func resourceGithubIssueLabel() *schema.Resource { } } -func resourceGithubIssueLabelCreate(d *schema.ResourceData, meta interface{}) error { +// resourceGithubIssueLabelCreateOrUpdate idempotently creates or updates an +// issue label. Issue labels are keyed off of their "name", so pre-existing +// issue labels result in a 422 HTTP error if they exist outside of Terraform. +// Normally this would not be an issue, except new repositories are created with +// a "default" set of labels, and those labels easily conflict with custom ones. +// +// This function will first check if the label exists, and then issue an update, +// otherwise it will create. This is also advantageous in that we get to use the +// same function for two schema funcs. + +func resourceGithubIssueLabelCreateOrUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*Organization).client + o := meta.(*Organization).name r := d.Get("repository").(string) n := d.Get("name").(string) c := d.Get("color").(string) - label := github.Label{ + + label := &github.Label{ Name: &n, Color: &c, } - log.Printf("[DEBUG] Creating label: %#v", label) - _, resp, err := client.Issues.CreateLabel(context.TODO(), meta.(*Organization).name, r, &label) - log.Printf("[DEBUG] Response from creating label: %s", *resp) - if err != nil { - return err + log.Printf("[DEBUG] Querying label existence %s/%s (%s)", o, r, n) + existing, _, _ := client.Issues.GetLabel(context.TODO(), o, r, n) + + if existing != nil { + log.Printf("[DEBUG] Updating label: %s/%s (%s: %s)", o, r, n, c) + + // Pull out the original name. If we already have a resource, this is the + // parsed ID. If not, it's the value given to the resource. + var oname string + if d.Id() == "" { + oname = n + } else { + _, oname = parseTwoPartID(d.Id()) + } + + _, _, err := client.Issues.EditLabel(context.TODO(), o, r, oname, label) + if err != nil { + return err + } + } else { + log.Printf("[DEBUG] Creating label: %s/%s (%s: %s)", o, r, n, c) + _, resp, err := client.Issues.CreateLabel(context.TODO(), o, r, label) + log.Printf("[DEBUG] Response from creating label: %s", *resp) + if err != nil { + return err + } } d.SetId(buildTwoPartID(&r, &n)) @@ -66,6 +99,7 @@ func resourceGithubIssueLabelRead(d *schema.ResourceData, meta interface{}) erro client := meta.(*Organization).client r, n := parseTwoPartID(d.Id()) + log.Printf("[DEBUG] Reading label: %s/%s", r, n) githubLabel, _, err := client.Issues.GetLabel(context.TODO(), meta.(*Organization).name, r, n) if err != nil { d.SetId("") @@ -80,31 +114,12 @@ func resourceGithubIssueLabelRead(d *schema.ResourceData, meta interface{}) erro return nil } -func resourceGithubIssueLabelUpdate(d *schema.ResourceData, meta interface{}) error { - client := meta.(*Organization).client - r := d.Get("repository").(string) - n := d.Get("name").(string) - c := d.Get("color").(string) - - _, originalName := parseTwoPartID(d.Id()) - _, _, err := client.Issues.EditLabel(context.TODO(), meta.(*Organization).name, r, originalName, &github.Label{ - Name: &n, - Color: &c, - }) - if err != nil { - return err - } - - d.SetId(buildTwoPartID(&r, &n)) - - return resourceGithubIssueLabelRead(d, meta) -} - func resourceGithubIssueLabelDelete(d *schema.ResourceData, meta interface{}) error { client := meta.(*Organization).client r := d.Get("repository").(string) n := d.Get("name").(string) + log.Printf("[DEBUG] Deleting label: %s/%s", r, n) _, err := client.Issues.DeleteLabel(context.TODO(), meta.(*Organization).name, r, n) return err } diff --git a/website/source/docs/providers/github/r/issue_label.html.markdown b/website/source/docs/providers/github/r/issue_label.html.markdown index bb2a9aa046..216ed2bfe9 100644 --- a/website/source/docs/providers/github/r/issue_label.html.markdown +++ b/website/source/docs/providers/github/r/issue_label.html.markdown @@ -6,16 +6,24 @@ description: |- Provides a GitHub issue label resource. --- -# github\_issue_label +# github_issue_label Provides a GitHub issue label resource. This resource allows you to create and manage issue labels within your Github organization. +Issue labels are keyed off of their "name", so pre-existing issue labels result +in a 422 HTTP error if they exist outside of Terraform. Normally this would not +be an issue, except new repositories are created with a "default" set of labels, +and those labels easily conflict with custom ones. + +This resource will first check if the label exists, and then issue an update, +otherwise it will create. + ## Example Usage -``` +```hcl # Create a new, red colored label resource "github_issue_label" "test_repo" { repository = "test-repo" @@ -29,5 +37,7 @@ resource "github_issue_label" "test_repo" { The following arguments are supported: * `repository` - (Required) The GitHub repository + * `name` - (Required) The name of the label. -* `color` - (Required) A 6 character hex code, without the leading #, identifying the color of the label. + +* `color` - (Required) A 6 character hex code, **without the leading #**, identifying the color of the label. From 33dd50459362a087c88c12eaa2e7b2f4715f7269 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Fri, 31 Mar 2017 11:44:00 -0400 Subject: [PATCH 081/101] Add test --- .../resource_github_issue_label_test.go | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/builtin/providers/github/resource_github_issue_label_test.go b/builtin/providers/github/resource_github_issue_label_test.go index d3b3a0597f..66461302de 100644 --- a/builtin/providers/github/resource_github_issue_label_test.go +++ b/builtin/providers/github/resource_github_issue_label_test.go @@ -32,6 +32,13 @@ func TestAccGithubIssueLabel_basic(t *testing.T) { testAccCheckGithubIssueLabelAttributes(&label, "bar", "FFFFFF"), ), }, + { + Config: testAccGitHubIssueLabelExistsConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckGithubIssueLabelExists("github_issue_label.test", &label), + testAccCheckGithubIssueLabelAttributes(&label, "enhancement", "FF00FF"), + ), + }, }, }) } @@ -134,3 +141,16 @@ resource "github_issue_label" "test" { color = "FFFFFF" } `, testRepo) + +var testAccGitHubIssueLabelExistsConfig string = fmt.Sprintf(` +// Create a repository which has the default labels +resource "github_repository" "test" { + name = "tf-acc-repo-label-abc1234" +} + +resource "github_issue_label" "test" { + repository = "${github_repository.test.name}" + name = "enhancement" // Important! This is a pre-created label + color = "FF00FF" +} +`) From 42557dae122e69cd69a6d7ab719946881f9059f5 Mon Sep 17 00:00:00 2001 From: Gauthier Wallet Date: Fri, 31 Mar 2017 18:45:06 +0200 Subject: [PATCH 082/101] provider/aws: Added API Gateway integration update (#13249) --- .../resource_aws_api_gateway_integration.go | 154 +++++++++++++-- ...source_aws_api_gateway_integration_test.go | 182 +++++++++++------- .../r/api_gateway_integration.html.markdown | 8 +- 3 files changed, 251 insertions(+), 93 deletions(-) diff --git a/builtin/providers/aws/resource_aws_api_gateway_integration.go b/builtin/providers/aws/resource_aws_api_gateway_integration.go index b069828809..f782e11ea6 100644 --- a/builtin/providers/aws/resource_aws_api_gateway_integration.go +++ b/builtin/providers/aws/resource_aws_api_gateway_integration.go @@ -11,87 +11,94 @@ import ( "github.com/aws/aws-sdk-go/service/apigateway" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" + "strings" ) func resourceAwsApiGatewayIntegration() *schema.Resource { return &schema.Resource{ Create: resourceAwsApiGatewayIntegrationCreate, Read: resourceAwsApiGatewayIntegrationRead, - Update: resourceAwsApiGatewayIntegrationCreate, + Update: resourceAwsApiGatewayIntegrationUpdate, Delete: resourceAwsApiGatewayIntegrationDelete, Schema: map[string]*schema.Schema{ - "rest_api_id": &schema.Schema{ + "rest_api_id": { Type: schema.TypeString, Required: true, ForceNew: true, }, - "resource_id": &schema.Schema{ + "resource_id": { Type: schema.TypeString, Required: true, ForceNew: true, }, - "http_method": &schema.Schema{ + "http_method": { Type: schema.TypeString, Required: true, ForceNew: true, ValidateFunc: validateHTTPMethod, }, - "type": &schema.Schema{ + "type": { Type: schema.TypeString, Required: true, + ForceNew: true, ValidateFunc: validateApiGatewayIntegrationType, }, - "uri": &schema.Schema{ + "uri": { Type: schema.TypeString, Optional: true, + ForceNew: true, }, - "credentials": &schema.Schema{ + "credentials": { Type: schema.TypeString, Optional: true, + ForceNew: true, }, - "integration_http_method": &schema.Schema{ + "integration_http_method": { Type: schema.TypeString, Optional: true, + ForceNew: true, ValidateFunc: validateHTTPMethod, }, - "request_templates": &schema.Schema{ + "request_templates": { Type: schema.TypeMap, Optional: true, Elem: schema.TypeString, }, - "request_parameters": &schema.Schema{ + "request_parameters": { Type: schema.TypeMap, Elem: schema.TypeString, Optional: true, ConflictsWith: []string{"request_parameters_in_json"}, }, - "request_parameters_in_json": &schema.Schema{ + "request_parameters_in_json": { Type: schema.TypeString, Optional: true, ConflictsWith: []string{"request_parameters"}, Deprecated: "Use field request_parameters instead", }, - "content_handling": &schema.Schema{ + "content_handling": { Type: schema.TypeString, Optional: true, + ForceNew: true, ValidateFunc: validateApiGatewayIntegrationContentHandling, }, - "passthrough_behavior": &schema.Schema{ + "passthrough_behavior": { Type: schema.TypeString, Optional: true, Computed: true, + ForceNew: true, ValidateFunc: validateApiGatewayIntegrationPassthroughBehavior, }, }, @@ -101,6 +108,7 @@ func resourceAwsApiGatewayIntegration() *schema.Resource { func resourceAwsApiGatewayIntegrationCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).apigateway + log.Print("[DEBUG] Creating API Gateway Integration") var integrationHttpMethod *string if v, ok := d.GetOk("integration_http_method"); ok { integrationHttpMethod = aws.String(v.(string)) @@ -163,13 +171,13 @@ func resourceAwsApiGatewayIntegrationCreate(d *schema.ResourceData, meta interfa d.SetId(fmt.Sprintf("agi-%s-%s-%s", d.Get("rest_api_id").(string), d.Get("resource_id").(string), d.Get("http_method").(string))) - return nil + return resourceAwsApiGatewayIntegrationRead(d, meta) } func resourceAwsApiGatewayIntegrationRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).apigateway - log.Printf("[DEBUG] Reading API Gateway Integration %s", d.Id()) + log.Printf("[DEBUG] Reading API Gateway Integration: %s", d.Id()) integration, err := conn.GetIntegration(&apigateway.GetIntegrationInput{ HttpMethod: aws.String(d.Get("http_method").(string)), ResourceId: aws.String(d.Get("resource_id").(string)), @@ -191,17 +199,127 @@ func resourceAwsApiGatewayIntegrationRead(d *schema.ResourceData, meta interface } d.Set("request_templates", aws.StringValueMap(integration.RequestTemplates)) - d.Set("credentials", integration.Credentials) d.Set("type", integration.Type) - d.Set("uri", integration.Uri) d.Set("request_parameters", aws.StringValueMap(integration.RequestParameters)) d.Set("request_parameters_in_json", aws.StringValueMap(integration.RequestParameters)) d.Set("passthrough_behavior", integration.PassthroughBehavior) - d.Set("content_handling", integration.ContentHandling) + + if integration.Uri != nil { + d.Set("uri", integration.Uri) + } + + if integration.Credentials != nil { + d.Set("credentials", integration.Credentials) + } + + if integration.ContentHandling != nil { + d.Set("content_handling", integration.ContentHandling) + } return nil } +func resourceAwsApiGatewayIntegrationUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).apigateway + + log.Printf("[DEBUG] Updating API Gateway Integration: %s", d.Id()) + operations := make([]*apigateway.PatchOperation, 0) + + // https://docs.aws.amazon.com/apigateway/api-reference/link-relation/integration-update/#remarks + // According to the above documentation, only a few parts are addable / removable. + if d.HasChange("request_templates") { + o, n := d.GetChange("request_templates") + prefix := "requestTemplates" + + os := o.(map[string]interface{}) + ns := n.(map[string]interface{}) + + // Handle Removal + for k := range os { + if _, ok := ns[k]; !ok { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("remove"), + Path: aws.String(fmt.Sprintf("/%s/%s", prefix, strings.Replace(k, "/", "~1", -1))), + }) + } + } + + for k, v := range ns { + // Handle replaces + if _, ok := os[k]; ok { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("replace"), + Path: aws.String(fmt.Sprintf("/%s/%s", prefix, strings.Replace(k, "/", "~1", -1))), + Value: aws.String(v.(string)), + }) + } + + // Handle additions + if _, ok := os[k]; !ok { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("add"), + Path: aws.String(fmt.Sprintf("/%s/%s", prefix, strings.Replace(k, "/", "~1", -1))), + Value: aws.String(v.(string)), + }) + } + } + } + + if d.HasChange("request_parameters") { + o, n := d.GetChange("request_parameters") + prefix := "requestParameters" + + os := o.(map[string]interface{}) + ns := n.(map[string]interface{}) + + // Handle Removal + for k := range os { + if _, ok := ns[k]; !ok { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("remove"), + Path: aws.String(fmt.Sprintf("/%s/%s", prefix, strings.Replace(k, "/", "~1", -1))), + }) + } + } + + for k, v := range ns { + // Handle replaces + if _, ok := os[k]; ok { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("replace"), + Path: aws.String(fmt.Sprintf("/%s/%s", prefix, strings.Replace(k, "/", "~1", -1))), + Value: aws.String(v.(string)), + }) + } + + // Handle additions + if _, ok := os[k]; !ok { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("add"), + Path: aws.String(fmt.Sprintf("/%s/%s", prefix, strings.Replace(k, "/", "~1", -1))), + Value: aws.String(v.(string)), + }) + } + } + } + + params := &apigateway.UpdateIntegrationInput{ + HttpMethod: aws.String(d.Get("http_method").(string)), + ResourceId: aws.String(d.Get("resource_id").(string)), + RestApiId: aws.String(d.Get("rest_api_id").(string)), + PatchOperations: operations, + } + + _, err := conn.UpdateIntegration(params) + if err != nil { + return fmt.Errorf("Error updating API Gateway Integration: %s", err) + } + + d.SetId(fmt.Sprintf("agi-%s-%s-%s", d.Get("rest_api_id").(string), d.Get("resource_id").(string), d.Get("http_method").(string))) + + return resourceAwsApiGatewayIntegrationRead(d, meta) +} + func resourceAwsApiGatewayIntegrationDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).apigateway log.Printf("[DEBUG] Deleting API Gateway Integration: %s", d.Id()) diff --git a/builtin/providers/aws/resource_aws_api_gateway_integration_test.go b/builtin/providers/aws/resource_aws_api_gateway_integration_test.go index 153ed13b41..ff9c233871 100644 --- a/builtin/providers/aws/resource_aws_api_gateway_integration_test.go +++ b/builtin/providers/aws/resource_aws_api_gateway_integration_test.go @@ -19,88 +19,80 @@ func TestAccAWSAPIGatewayIntegration_basic(t *testing.T) { Providers: testAccProviders, CheckDestroy: testAccCheckAWSAPIGatewayIntegrationDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testAccAWSAPIGatewayIntegrationConfig, Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayIntegrationExists("aws_api_gateway_integration.test", &conf), - testAccCheckAWSAPIGatewayIntegrationAttributes(&conf), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "type", "HTTP"), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "integration_http_method", "GET"), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "uri", "https://www.google.de"), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "request_templates.application/json", ""), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "request_templates.application/xml", "#set($inputRoot = $input.path('$'))\n{ }"), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "passthrough_behavior", "WHEN_NO_MATCH"), - resource.TestCheckNoResourceAttr( - "aws_api_gateway_integration.test", "content_handling"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "type", "HTTP"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "integration_http_method", "GET"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "uri", "https://www.google.de"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "passthrough_behavior", "WHEN_NO_MATCH"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "content_handling", "CONVERT_TO_TEXT"), + resource.TestCheckNoResourceAttr("aws_api_gateway_integration.test", "credentials"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.%", "2"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.integration.request.header.X-Authorization", "'static'"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.integration.request.header.X-Foo", "'Bar'"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.%", "2"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.application/json", ""), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.application/xml", "#set($inputRoot = $input.path('$'))\n{ }"), ), }, - resource.TestStep{ + { Config: testAccAWSAPIGatewayIntegrationConfigUpdate, Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayIntegrationExists("aws_api_gateway_integration.test", &conf), - testAccCheckAWSAPIGatewayMockIntegrationAttributes(&conf), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "type", "MOCK"), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "integration_http_method", ""), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "uri", ""), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "passthrough_behavior", "NEVER"), - resource.TestCheckResourceAttr( - "aws_api_gateway_integration.test", "content_handling", "CONVERT_TO_BINARY"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "type", "HTTP"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "integration_http_method", "GET"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "uri", "https://www.google.de"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "passthrough_behavior", "WHEN_NO_MATCH"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "content_handling", "CONVERT_TO_TEXT"), + resource.TestCheckNoResourceAttr("aws_api_gateway_integration.test", "credentials"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.%", "2"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.integration.request.header.X-Authorization", "'updated'"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.integration.request.header.X-FooBar", "'Baz'"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.%", "2"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.application/json", "{'foobar': 'bar}"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.text/html", "Foo"), + ), + }, + + { + Config: testAccAWSAPIGatewayIntegrationConfigUpdateNoTemplates, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSAPIGatewayIntegrationExists("aws_api_gateway_integration.test", &conf), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "type", "HTTP"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "integration_http_method", "GET"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "uri", "https://www.google.de"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "passthrough_behavior", "WHEN_NO_MATCH"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "content_handling", "CONVERT_TO_TEXT"), + resource.TestCheckNoResourceAttr("aws_api_gateway_integration.test", "credentials"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.%", "0"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.%", "0"), + ), + }, + + { + Config: testAccAWSAPIGatewayIntegrationConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSAPIGatewayIntegrationExists("aws_api_gateway_integration.test", &conf), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "type", "HTTP"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "integration_http_method", "GET"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "uri", "https://www.google.de"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "passthrough_behavior", "WHEN_NO_MATCH"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "content_handling", "CONVERT_TO_TEXT"), + resource.TestCheckNoResourceAttr("aws_api_gateway_integration.test", "credentials"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.%", "2"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_parameters.integration.request.header.X-Authorization", "'static'"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.%", "2"), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.application/json", ""), + resource.TestCheckResourceAttr("aws_api_gateway_integration.test", "request_templates.application/xml", "#set($inputRoot = $input.path('$'))\n{ }"), ), }, }, }) } -func testAccCheckAWSAPIGatewayMockIntegrationAttributes(conf *apigateway.Integration) resource.TestCheckFunc { - return func(s *terraform.State) error { - if *conf.Type != "MOCK" { - return fmt.Errorf("Wrong Type: %q", *conf.Type) - } - if *conf.RequestParameters["integration.request.header.X-Authorization"] != "'updated'" { - return fmt.Errorf("wrong updated RequestParameters for header.X-Authorization") - } - if *conf.ContentHandling != "CONVERT_TO_BINARY" { - return fmt.Errorf("wrong ContentHandling: %q", *conf.ContentHandling) - } - return nil - } -} - -func testAccCheckAWSAPIGatewayIntegrationAttributes(conf *apigateway.Integration) resource.TestCheckFunc { - return func(s *terraform.State) error { - if *conf.HttpMethod == "" { - return fmt.Errorf("empty HttpMethod") - } - if *conf.Uri != "https://www.google.de" { - return fmt.Errorf("wrong Uri") - } - if *conf.Type != "HTTP" { - return fmt.Errorf("wrong Type") - } - if conf.RequestTemplates["application/json"] != nil { - return fmt.Errorf("wrong RequestTemplate for application/json") - } - if *conf.RequestTemplates["application/xml"] != "#set($inputRoot = $input.path('$'))\n{ }" { - return fmt.Errorf("wrong RequestTemplate for application/xml") - } - if *conf.RequestParameters["integration.request.header.X-Authorization"] != "'static'" { - return fmt.Errorf("wrong RequestParameters for header.X-Authorization") - } - return nil - } -} - func testAccCheckAWSAPIGatewayIntegrationExists(n string, res *apigateway.Integration) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -196,13 +188,15 @@ resource "aws_api_gateway_integration" "test" { } request_parameters = { - "integration.request.header.X-Authorization" = "'static'" + "integration.request.header.X-Authorization" = "'static'" + "integration.request.header.X-Foo" = "'Bar'" } type = "HTTP" uri = "https://www.google.de" integration_http_method = "GET" passthrough_behavior = "WHEN_NO_MATCH" + content_handling = "CONVERT_TO_TEXT" } ` @@ -233,13 +227,55 @@ resource "aws_api_gateway_integration" "test" { resource_id = "${aws_api_gateway_resource.test.id}" http_method = "${aws_api_gateway_method.test.http_method}" - request_parameters = { - "integration.request.header.X-Authorization" = "'updated'" + request_templates = { + "application/json" = "{'foobar': 'bar}" + "text/html" = "Foo" } - type = "MOCK" - passthrough_behavior = "NEVER" - content_handling = "CONVERT_TO_BINARY" + request_parameters = { + "integration.request.header.X-Authorization" = "'updated'" + "integration.request.header.X-FooBar" = "'Baz'" + } + type = "HTTP" + uri = "https://www.google.de" + integration_http_method = "GET" + passthrough_behavior = "WHEN_NO_MATCH" + content_handling = "CONVERT_TO_TEXT" +} +` + +const testAccAWSAPIGatewayIntegrationConfigUpdateNoTemplates = ` +resource "aws_api_gateway_rest_api" "test" { + name = "test" +} + +resource "aws_api_gateway_resource" "test" { + rest_api_id = "${aws_api_gateway_rest_api.test.id}" + parent_id = "${aws_api_gateway_rest_api.test.root_resource_id}" + path_part = "test" +} + +resource "aws_api_gateway_method" "test" { + rest_api_id = "${aws_api_gateway_rest_api.test.id}" + resource_id = "${aws_api_gateway_resource.test.id}" + http_method = "GET" + authorization = "NONE" + + request_models = { + "application/json" = "Error" + } +} + +resource "aws_api_gateway_integration" "test" { + rest_api_id = "${aws_api_gateway_rest_api.test.id}" + resource_id = "${aws_api_gateway_resource.test.id}" + http_method = "${aws_api_gateway_method.test.http_method}" + + type = "HTTP" + uri = "https://www.google.de" + integration_http_method = "GET" + passthrough_behavior = "WHEN_NO_MATCH" + content_handling = "CONVERT_TO_TEXT" } ` diff --git a/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown b/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown index 4281260ad3..cbb2102bb4 100644 --- a/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown +++ b/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown @@ -3,12 +3,12 @@ layout: "aws" page_title: "AWS: aws_api_gateway_integration" sidebar_current: "docs-aws-resource-api-gateway-integration" description: |- - Provides an HTTP Method Integration for an API Gateway Resource. + Provides an HTTP Method Integration for an API Gateway Integration. --- # aws\_api\_gateway\_integration -Provides an HTTP Method Integration for an API Gateway Resource. +Provides an HTTP Method Integration for an API Gateway Integration. ## Example Usage @@ -37,6 +37,10 @@ resource "aws_api_gateway_integration" "MyDemoIntegration" { http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}" type = "MOCK" + request_parameters = { + "integration.request.header.X-Authorization" = "'static'" + } + # Transforms the incoming XML request to JSON request_templates { "application/xml" = < Date: Fri, 31 Mar 2017 19:45:32 +0300 Subject: [PATCH 083/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c453749ca6..4a4a87171d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ IMPROVEMENTS: * provider/aws: `aws_opsworks_application` `app_source.0.password` & `ssl_configuration.0.private_key` fields marked as sensitive [GH-13147] * provider/aws: `aws_opsworks_stack` `custom_cookbooks_source.0.password` field marked as sensitive [GH-13147] * provider/aws: Support the ability to enable / disable ipv6 support in VPC [GH-12527] + * provider/aws: Added API Gateway integration update [GH-13249] * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] * provider/triton: Move to joyent/triton-go [GH-13225] From 4501be7e5c3d7f3c3b8af6297511072c243f188e Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 19:59:29 +0300 Subject: [PATCH 084/101] backend/remote-state: Add support for assume role extensions to s3 backend (#13236) Fixes: #13234 This now matches the AWS provider for the Assume Role support --- backend/remote-state/s3/backend.go | 64 ++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 20 deletions(-) diff --git a/backend/remote-state/s3/backend.go b/backend/remote-state/s3/backend.go index 8265d7f255..a1d9c1f9ae 100644 --- a/backend/remote-state/s3/backend.go +++ b/backend/remote-state/s3/backend.go @@ -21,101 +21,122 @@ import ( func New() backend.Backend { s := &schema.Backend{ Schema: map[string]*schema.Schema{ - "bucket": &schema.Schema{ + "bucket": { Type: schema.TypeString, Required: true, Description: "The name of the S3 bucket", }, - "key": &schema.Schema{ + "key": { Type: schema.TypeString, Required: true, Description: "The path to the state file inside the bucket", }, - "region": &schema.Schema{ + "region": { Type: schema.TypeString, Required: true, Description: "The region of the S3 bucket.", DefaultFunc: schema.EnvDefaultFunc("AWS_DEFAULT_REGION", nil), }, - "endpoint": &schema.Schema{ + "endpoint": { Type: schema.TypeString, Optional: true, Description: "A custom endpoint for the S3 API", DefaultFunc: schema.EnvDefaultFunc("AWS_S3_ENDPOINT", ""), }, - "encrypt": &schema.Schema{ + "encrypt": { Type: schema.TypeBool, Optional: true, Description: "Whether to enable server side encryption of the state file", Default: false, }, - "acl": &schema.Schema{ + "acl": { Type: schema.TypeString, Optional: true, Description: "Canned ACL to be applied to the state file", Default: "", }, - "access_key": &schema.Schema{ + "access_key": { Type: schema.TypeString, Optional: true, Description: "AWS access key", Default: "", }, - "secret_key": &schema.Schema{ + "secret_key": { Type: schema.TypeString, Optional: true, Description: "AWS secret key", Default: "", }, - "kms_key_id": &schema.Schema{ + "kms_key_id": { Type: schema.TypeString, Optional: true, Description: "The ARN of a KMS Key to use for encrypting the state", Default: "", }, - "lock_table": &schema.Schema{ + "lock_table": { Type: schema.TypeString, Optional: true, Description: "DynamoDB table for state locking", Default: "", }, - "profile": &schema.Schema{ + "profile": { Type: schema.TypeString, Optional: true, Description: "AWS profile name", Default: "", }, - "shared_credentials_file": &schema.Schema{ + "shared_credentials_file": { Type: schema.TypeString, Optional: true, Description: "Path to a shared credentials file", Default: "", }, - "token": &schema.Schema{ + "token": { Type: schema.TypeString, Optional: true, Description: "MFA token", Default: "", }, - "role_arn": &schema.Schema{ + "role_arn": { Type: schema.TypeString, Optional: true, Description: "The role to be assumed", Default: "", }, + + "session_name": { + Type: schema.TypeString, + Optional: true, + Description: "The session name to use when assuming the role.", + Default: "", + }, + + "external_id": { + Type: schema.TypeString, + Optional: true, + Description: "The external ID to use when assuming the role", + Default: "", + }, + + "assume_role_policy": { + Type: schema.TypeString, + Optional: true, + Description: "The permissions applied when assuming a role.", + Default: "", + }, }, } @@ -156,12 +177,15 @@ func (b *Backend) configure(ctx context.Context) error { var errs []error creds, err := terraformAWS.GetCredentials(&terraformAWS.Config{ - AccessKey: data.Get("access_key").(string), - SecretKey: data.Get("secret_key").(string), - Token: data.Get("token").(string), - Profile: data.Get("profile").(string), - CredsFilename: data.Get("shared_credentials_file").(string), - AssumeRoleARN: data.Get("role_arn").(string), + AccessKey: data.Get("access_key").(string), + SecretKey: data.Get("secret_key").(string), + Token: data.Get("token").(string), + Profile: data.Get("profile").(string), + CredsFilename: data.Get("shared_credentials_file").(string), + AssumeRoleARN: data.Get("role_arn").(string), + AssumeRoleSessionName: data.Get("session_name").(string), + AssumeRoleExternalID: data.Get("external_id").(string), + AssumeRolePolicy: data.Get("assume_role_policy").(string), }) if err != nil { return err From 2f0cbda43559eef9395c28045d758503fdd84dd0 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 19:59:59 +0300 Subject: [PATCH 085/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a4a87171d..295ecb0b97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ FEATURES: IMPROVEMENTS: + * backend/remote-state: Add support for assume role extensions to s3 backend [GH-13236] * config: New interpolation functions `basename` and `dirname`, for file path manipulation [GH-13080] * helper/resource: Allow unknown "pending" states [GH-13099] * provider/aws: Add support to set iam_role_arn on cloudformation Stack [GH-12547] From e7c3e8df68b9e3c724d3e4ccd851c6c3f66a821e Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 20:00:47 +0300 Subject: [PATCH 086/101] provider/aws: change kinesis_firehose_delivery_stream to point to correct destination (#13251) Fixes: #13244 --- .../aws/r/kinesis_firehose_delivery_stream.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/providers/aws/r/kinesis_firehose_delivery_stream.html.markdown b/website/source/docs/providers/aws/r/kinesis_firehose_delivery_stream.html.markdown index 1c2cde2d4f..57dca62e13 100644 --- a/website/source/docs/providers/aws/r/kinesis_firehose_delivery_stream.html.markdown +++ b/website/source/docs/providers/aws/r/kinesis_firehose_delivery_stream.html.markdown @@ -97,7 +97,7 @@ resource "aws_elasticsearch_domain" "test_cluster" { resource "aws_kinesis_firehose_delivery_stream" "test_stream" { name = "terraform-kinesis-firehose-test-stream" - destination = "redshift" + destination = "elasticsearch" s3_configuration { role_arn = "${aws_iam_role.firehose_role.arn}" From d25c3104681c18044895b47ed44a87dc71d1e34e Mon Sep 17 00:00:00 2001 From: Joshua Spence Date: Sat, 1 Apr 2017 04:22:57 +1100 Subject: [PATCH 087/101] Add `name_prefix` to RDS resources (#13232) Adds `name_prefix` (or, in some cases, `identifier_prefix`) support to all AWS RDS resources. --- .../providers/aws/resource_aws_db_instance.go | 24 +++- .../aws/resource_aws_db_instance_test.go | 79 ++++++++++- .../aws/resource_aws_db_option_group.go | 55 ++++---- .../aws/resource_aws_db_option_group_test.go | 124 ++++++++++++----- .../aws/resource_aws_db_parameter_group.go | 24 +++- .../resource_aws_db_parameter_group_test.go | 52 +++++++ .../aws/resource_aws_db_subnet_group.go | 42 +++--- .../aws/resource_aws_db_subnet_group_test.go | 116 +++++++++++----- .../providers/aws/resource_aws_rds_cluster.go | 26 +++- .../aws/resource_aws_rds_cluster_instance.go | 21 ++- .../resource_aws_rds_cluster_instance_test.go | 119 ++++++++++++++++ ...esource_aws_rds_cluster_parameter_group.go | 24 +++- ...ce_aws_rds_cluster_parameter_group_test.go | 51 +++++++ .../aws/resource_aws_rds_cluster_test.go | 105 ++++++++++++++ builtin/providers/aws/validators.go | 115 +++++++++++++++- builtin/providers/aws/validators_test.go | 128 ++++++++++++++++++ .../providers/aws/r/db_instance.html.markdown | 5 +- .../aws/r/db_option_group.html.markdown | 7 +- .../aws/r/db_parameter_group.html.markdown | 5 +- .../aws/r/db_subnet_group.html.markdown | 5 +- .../providers/aws/r/rds_cluster.html.markdown | 4 +- .../aws/r/rds_cluster_instance.html.markdown | 4 +- .../r/rds_cluster_parameter_group.markdown | 7 +- 23 files changed, 985 insertions(+), 157 deletions(-) diff --git a/builtin/providers/aws/resource_aws_db_instance.go b/builtin/providers/aws/resource_aws_db_instance.go index 192ccab97d..00409230db 100644 --- a/builtin/providers/aws/resource_aws_db_instance.go +++ b/builtin/providers/aws/resource_aws_db_instance.go @@ -101,11 +101,19 @@ func resourceAwsDbInstance() *schema.Resource { }, "identifier": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"identifier_prefix"}, + ValidateFunc: validateRdsIdentifier, + }, + "identifier_prefix": { Type: schema.TypeString, Optional: true, Computed: true, ForceNew: true, - ValidateFunc: validateRdsId, + ValidateFunc: validateRdsIdentifierPrefix, }, "instance_class": { @@ -336,10 +344,16 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error conn := meta.(*AWSClient).rdsconn tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{})) - identifier := d.Get("identifier").(string) - // Generate a unique ID for the user - if identifier == "" { - identifier = resource.PrefixedUniqueId("tf-") + var identifier string + if v, ok := d.GetOk("identifier"); ok { + identifier = v.(string) + } else { + if v, ok := d.GetOk("identifier_prefix"); ok { + identifier = resource.PrefixedUniqueId(v.(string)) + } else { + identifier = resource.UniqueId() + } + // SQL Server identifier size is max 15 chars, so truncate if engine := d.Get("engine").(string); engine != "" { if strings.Contains(strings.ToLower(engine), "sqlserver") { diff --git a/builtin/providers/aws/resource_aws_db_instance_test.go b/builtin/providers/aws/resource_aws_db_instance_test.go index 56f8905327..6c8d451ca0 100644 --- a/builtin/providers/aws/resource_aws_db_instance_test.go +++ b/builtin/providers/aws/resource_aws_db_instance_test.go @@ -53,6 +53,46 @@ func TestAccAWSDBInstance_basic(t *testing.T) { }) } +func TestAccAWSDBInstance_namePrefix(t *testing.T) { + var v rds.DBInstance + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBInstanceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBInstanceConfig_namePrefix, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBInstanceExists("aws_db_instance.test", &v), + testAccCheckAWSDBInstanceAttributes(&v), + resource.TestMatchResourceAttr( + "aws_db_instance.test", "identifier", regexp.MustCompile("^tf-test-")), + ), + }, + }, + }) +} + +func TestAccAWSDBInstance_generatedName(t *testing.T) { + var v rds.DBInstance + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBInstanceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBInstanceConfig_generatedName, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBInstanceExists("aws_db_instance.test", &v), + testAccCheckAWSDBInstanceAttributes(&v), + ), + }, + }, + }) +} + func TestAccAWSDBInstance_kmsKey(t *testing.T) { var v rds.DBInstance keyRegex := regexp.MustCompile("^arn:aws:kms:") @@ -613,8 +653,8 @@ resource "aws_db_instance" "bar" { username = "foo" - # Maintenance Window is stored in lower case in the API, though not strictly - # documented. Terraform will downcase this to match (as opposed to throw a + # Maintenance Window is stored in lower case in the API, though not strictly + # documented. Terraform will downcase this to match (as opposed to throw a # validation error). maintenance_window = "Fri:09:00-Fri:09:30" skip_final_snapshot = true @@ -628,6 +668,39 @@ resource "aws_db_instance" "bar" { } }` +const testAccAWSDBInstanceConfig_namePrefix = ` +resource "aws_db_instance" "test" { + allocated_storage = 10 + engine = "MySQL" + identifier_prefix = "tf-test-" + instance_class = "db.t1.micro" + password = "password" + username = "root" + security_group_names = ["default"] + publicly_accessible = true + skip_final_snapshot = true + + timeouts { + create = "30m" + } +}` + +const testAccAWSDBInstanceConfig_generatedName = ` +resource "aws_db_instance" "test" { + allocated_storage = 10 + engine = "MySQL" + instance_class = "db.t1.micro" + password = "password" + username = "root" + security_group_names = ["default"] + publicly_accessible = true + skip_final_snapshot = true + + timeouts { + create = "30m" + } +}` + var testAccAWSDBInstanceConfigKmsKeyId = ` resource "aws_kms_key" "foo" { description = "Terraform acc test %s" @@ -720,7 +793,7 @@ func testAccReplicaInstanceConfig(val int) string { parameter_group_name = "default.mysql5.6" } - + resource "aws_db_instance" "replica" { identifier = "tf-replica-db-%d" backup_retention_period = 0 diff --git a/builtin/providers/aws/resource_aws_db_option_group.go b/builtin/providers/aws/resource_aws_db_option_group.go index 5c68e7bd38..e8ad1ac99f 100644 --- a/builtin/providers/aws/resource_aws_db_option_group.go +++ b/builtin/providers/aws/resource_aws_db_option_group.go @@ -4,7 +4,6 @@ import ( "bytes" "fmt" "log" - "regexp" "time" "github.com/aws/aws-sdk-go/aws" @@ -31,10 +30,19 @@ func resourceAwsDbOptionGroup() *schema.Resource { Computed: true, }, "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"name_prefix"}, + ValidateFunc: validateDbOptionGroupName, + }, + "name_prefix": &schema.Schema{ Type: schema.TypeString, + Optional: true, + Computed: true, ForceNew: true, - Required: true, - ValidateFunc: validateDbOptionGroupName, + ValidateFunc: validateDbOptionGroupNamePrefix, }, "engine_name": &schema.Schema{ Type: schema.TypeString, @@ -48,8 +56,9 @@ func resourceAwsDbOptionGroup() *schema.Resource { }, "option_group_description": &schema.Schema{ Type: schema.TypeString, - Required: true, + Optional: true, ForceNew: true, + Default: "Managed by Terraform", }, "option": &schema.Schema{ @@ -107,11 +116,20 @@ func resourceAwsDbOptionGroupCreate(d *schema.ResourceData, meta interface{}) er rdsconn := meta.(*AWSClient).rdsconn tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{})) + var groupName string + if v, ok := d.GetOk("name"); ok { + groupName = v.(string) + } else if v, ok := d.GetOk("name_prefix"); ok { + groupName = resource.PrefixedUniqueId(v.(string)) + } else { + groupName = resource.UniqueId() + } + createOpts := &rds.CreateOptionGroupInput{ EngineName: aws.String(d.Get("engine_name").(string)), MajorEngineVersion: aws.String(d.Get("major_engine_version").(string)), OptionGroupDescription: aws.String(d.Get("option_group_description").(string)), - OptionGroupName: aws.String(d.Get("name").(string)), + OptionGroupName: aws.String(groupName), Tags: tags, } @@ -121,7 +139,7 @@ func resourceAwsDbOptionGroupCreate(d *schema.ResourceData, meta interface{}) er return fmt.Errorf("Error creating DB Option Group: %s", err) } - d.SetId(d.Get("name").(string)) + d.SetId(groupName) log.Printf("[INFO] DB Option Group ID: %s", d.Id()) return resourceAwsDbOptionGroupUpdate(d, meta) @@ -343,28 +361,3 @@ func buildRDSOptionGroupARN(identifier, partition, accountid, region string) (st arn := fmt.Sprintf("arn:%s:rds:%s:%s:og:%s", partition, region, accountid, identifier) return arn, nil } - -func validateDbOptionGroupName(v interface{}, k string) (ws []string, errors []error) { - value := v.(string) - if !regexp.MustCompile(`^[a-z]`).MatchString(value) { - errors = append(errors, fmt.Errorf( - "first character of %q must be a letter", k)) - } - if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) { - errors = append(errors, fmt.Errorf( - "only alphanumeric characters and hyphens allowed in %q", k)) - } - if regexp.MustCompile(`--`).MatchString(value) { - errors = append(errors, fmt.Errorf( - "%q cannot contain two consecutive hyphens", k)) - } - if regexp.MustCompile(`-$`).MatchString(value) { - errors = append(errors, fmt.Errorf( - "%q cannot end with a hyphen", k)) - } - if len(value) > 255 { - errors = append(errors, fmt.Errorf( - "%q cannot be greater than 255 characters", k)) - } - return -} diff --git a/builtin/providers/aws/resource_aws_db_option_group_test.go b/builtin/providers/aws/resource_aws_db_option_group_test.go index 5a3215b042..3ee5f8197f 100644 --- a/builtin/providers/aws/resource_aws_db_option_group_test.go +++ b/builtin/providers/aws/resource_aws_db_option_group_test.go @@ -2,6 +2,7 @@ package aws import ( "fmt" + "regexp" "testing" "github.com/aws/aws-sdk-go/aws" @@ -34,6 +35,66 @@ func TestAccAWSDBOptionGroup_basic(t *testing.T) { }) } +func TestAccAWSDBOptionGroup_namePrefix(t *testing.T) { + var v rds.OptionGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBOptionGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSDBOptionGroup_namePrefix, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBOptionGroupExists("aws_db_option_group.test", &v), + testAccCheckAWSDBOptionGroupAttributes(&v), + resource.TestMatchResourceAttr( + "aws_db_option_group.test", "name", regexp.MustCompile("^tf-test-")), + ), + }, + }, + }) +} + +func TestAccAWSDBOptionGroup_generatedName(t *testing.T) { + var v rds.OptionGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBOptionGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSDBOptionGroup_generatedName, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBOptionGroupExists("aws_db_option_group.test", &v), + testAccCheckAWSDBOptionGroupAttributes(&v), + ), + }, + }, + }) +} + +func TestAccAWSDBOptionGroup_defaultDescription(t *testing.T) { + var v rds.OptionGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBOptionGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSDBOptionGroup_defaultDescription(acctest.RandInt()), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBOptionGroupExists("aws_db_option_group.test", &v), + resource.TestCheckResourceAttr( + "aws_db_option_group.test", "option_group_description", "Managed by Terraform"), + ), + }, + }, + }) +} + func TestAccAWSDBOptionGroup_basicDestroyWithInstance(t *testing.T) { rName := fmt.Sprintf("option-group-test-terraform-%s", acctest.RandString(5)) @@ -160,42 +221,6 @@ func testAccCheckAWSDBOptionGroupAttributes(v *rds.OptionGroup) resource.TestChe } } -func TestResourceAWSDBOptionGroupName_validation(t *testing.T) { - cases := []struct { - Value string - ErrCount int - }{ - { - Value: "testing123!", - ErrCount: 1, - }, - { - Value: "1testing123", - ErrCount: 1, - }, - { - Value: "testing--123", - ErrCount: 1, - }, - { - Value: "testing123-", - ErrCount: 1, - }, - { - Value: randomString(256), - ErrCount: 1, - }, - } - - for _, tc := range cases { - _, errors := validateDbOptionGroupName(tc.Value, "aws_db_option_group_name") - - if len(errors) != tc.ErrCount { - t.Fatalf("Expected the DB Option Group Name to trigger a validation error") - } - } -} - func testAccCheckAWSDBOptionGroupExists(n string, v *rds.OptionGroup) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -387,3 +412,30 @@ resource "aws_db_option_group" "bar" { } `, r) } + +const testAccAWSDBOptionGroup_namePrefix = ` +resource "aws_db_option_group" "test" { + name_prefix = "tf-test-" + option_group_description = "Test option group for terraform" + engine_name = "mysql" + major_engine_version = "5.6" +} +` + +const testAccAWSDBOptionGroup_generatedName = ` +resource "aws_db_option_group" "test" { + option_group_description = "Test option group for terraform" + engine_name = "mysql" + major_engine_version = "5.6" +} +` + +func testAccAWSDBOptionGroup_defaultDescription(n int) string { + return fmt.Sprintf(` +resource "aws_db_option_group" "test" { + name = "tf-test-%d" + engine_name = "mysql" + major_engine_version = "5.6" +} +`, n) +} diff --git a/builtin/providers/aws/resource_aws_db_parameter_group.go b/builtin/providers/aws/resource_aws_db_parameter_group.go index b182827128..d5e943fd6f 100644 --- a/builtin/providers/aws/resource_aws_db_parameter_group.go +++ b/builtin/providers/aws/resource_aws_db_parameter_group.go @@ -32,10 +32,19 @@ func resourceAwsDbParameterGroup() *schema.Resource { Computed: true, }, "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"name_prefix"}, + ValidateFunc: validateDbParamGroupName, + }, + "name_prefix": &schema.Schema{ Type: schema.TypeString, + Optional: true, + Computed: true, ForceNew: true, - Required: true, - ValidateFunc: validateDbParamGroupName, + ValidateFunc: validateDbParamGroupNamePrefix, }, "family": &schema.Schema{ Type: schema.TypeString, @@ -81,8 +90,17 @@ func resourceAwsDbParameterGroupCreate(d *schema.ResourceData, meta interface{}) rdsconn := meta.(*AWSClient).rdsconn tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{})) + var groupName string + if v, ok := d.GetOk("name"); ok { + groupName = v.(string) + } else if v, ok := d.GetOk("name_prefix"); ok { + groupName = resource.PrefixedUniqueId(v.(string)) + } else { + groupName = resource.UniqueId() + } + createOpts := rds.CreateDBParameterGroupInput{ - DBParameterGroupName: aws.String(d.Get("name").(string)), + DBParameterGroupName: aws.String(groupName), DBParameterGroupFamily: aws.String(d.Get("family").(string)), Description: aws.String(d.Get("description").(string)), Tags: tags, diff --git a/builtin/providers/aws/resource_aws_db_parameter_group_test.go b/builtin/providers/aws/resource_aws_db_parameter_group_test.go index 75db4f77da..b8e4e56c42 100644 --- a/builtin/providers/aws/resource_aws_db_parameter_group_test.go +++ b/builtin/providers/aws/resource_aws_db_parameter_group_test.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "math/rand" + "regexp" "testing" "time" @@ -290,6 +291,44 @@ func TestAccAWSDBParameterGroup_basic(t *testing.T) { }) } +func TestAccAWSDBParameterGroup_namePrefix(t *testing.T) { + var v rds.DBParameterGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBParameterGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBParameterGroupConfig_namePrefix, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBParameterGroupExists("aws_db_parameter_group.test", &v), + resource.TestMatchResourceAttr( + "aws_db_parameter_group.test", "name", regexp.MustCompile("^tf-test-")), + ), + }, + }, + }) +} + +func TestAccAWSDBParameterGroup_generatedName(t *testing.T) { + var v rds.DBParameterGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBParameterGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBParameterGroupConfig_generatedName, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBParameterGroupExists("aws_db_parameter_group.test", &v), + ), + }, + }, + }) +} + func TestAccAWSDBParameterGroup_withApplyMethod(t *testing.T) { var v rds.DBParameterGroup @@ -671,3 +710,16 @@ resource "aws_db_parameter_group" "large" { parameter { name = "tx_isolation" value = "REPEATABLE-READ" } }`, n) } + +const testAccDBParameterGroupConfig_namePrefix = ` +resource "aws_db_parameter_group" "test" { + name_prefix = "tf-test-" + family = "mysql5.6" +} +` + +const testAccDBParameterGroupConfig_generatedName = ` +resource "aws_db_parameter_group" "test" { + family = "mysql5.6" +} +` diff --git a/builtin/providers/aws/resource_aws_db_subnet_group.go b/builtin/providers/aws/resource_aws_db_subnet_group.go index 9c1c56199f..c4e437beeb 100644 --- a/builtin/providers/aws/resource_aws_db_subnet_group.go +++ b/builtin/providers/aws/resource_aws_db_subnet_group.go @@ -3,7 +3,6 @@ package aws import ( "fmt" "log" - "regexp" "strings" "time" @@ -31,10 +30,19 @@ func resourceAwsDbSubnetGroup() *schema.Resource { }, "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"name_prefix"}, + ValidateFunc: validateDbSubnetGroupName, + }, + "name_prefix": &schema.Schema{ Type: schema.TypeString, + Optional: true, + Computed: true, ForceNew: true, - Required: true, - ValidateFunc: validateSubnetGroupName, + ValidateFunc: validateDbSubnetGroupNamePrefix, }, "description": &schema.Schema{ @@ -65,8 +73,17 @@ func resourceAwsDbSubnetGroupCreate(d *schema.ResourceData, meta interface{}) er subnetIds[i] = aws.String(subnetId.(string)) } + var groupName string + if v, ok := d.GetOk("name"); ok { + groupName = v.(string) + } else if v, ok := d.GetOk("name_prefix"); ok { + groupName = resource.PrefixedUniqueId(v.(string)) + } else { + groupName = resource.UniqueId() + } + createOpts := rds.CreateDBSubnetGroupInput{ - DBSubnetGroupName: aws.String(d.Get("name").(string)), + DBSubnetGroupName: aws.String(groupName), DBSubnetGroupDescription: aws.String(d.Get("description").(string)), SubnetIds: subnetIds, Tags: tags, @@ -238,20 +255,3 @@ func buildRDSsubgrpARN(identifier, partition, accountid, region string) (string, return arn, nil } - -func validateSubnetGroupName(v interface{}, k string) (ws []string, errors []error) { - value := v.(string) - if !regexp.MustCompile(`^[ .0-9a-z-_]+$`).MatchString(value) { - errors = append(errors, fmt.Errorf( - "only lowercase alphanumeric characters, hyphens, underscores, periods, and spaces allowed in %q", k)) - } - if len(value) > 255 { - errors = append(errors, fmt.Errorf( - "%q cannot be longer than 255 characters", k)) - } - if regexp.MustCompile(`(?i)^default$`).MatchString(value) { - errors = append(errors, fmt.Errorf( - "%q is not allowed as %q", "Default", k)) - } - return -} diff --git a/builtin/providers/aws/resource_aws_db_subnet_group_test.go b/builtin/providers/aws/resource_aws_db_subnet_group_test.go index 434ae1728e..70d27c5dbb 100644 --- a/builtin/providers/aws/resource_aws_db_subnet_group_test.go +++ b/builtin/providers/aws/resource_aws_db_subnet_group_test.go @@ -2,6 +2,7 @@ package aws import ( "fmt" + "regexp" "testing" "github.com/hashicorp/terraform/helper/acctest" @@ -43,6 +44,46 @@ func TestAccAWSDBSubnetGroup_basic(t *testing.T) { }) } +func TestAccAWSDBSubnetGroup_namePrefix(t *testing.T) { + var v rds.DBSubnetGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDBSubnetGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBSubnetGroupConfig_namePrefix, + Check: resource.ComposeTestCheckFunc( + testAccCheckDBSubnetGroupExists( + "aws_db_subnet_group.test", &v), + resource.TestMatchResourceAttr( + "aws_db_subnet_group.test", "name", regexp.MustCompile("^tf_test-")), + ), + }, + }, + }) +} + +func TestAccAWSDBSubnetGroup_generatedName(t *testing.T) { + var v rds.DBSubnetGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDBSubnetGroupDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBSubnetGroupConfig_generatedName, + Check: resource.ComposeTestCheckFunc( + testAccCheckDBSubnetGroupExists( + "aws_db_subnet_group.test", &v), + ), + }, + }, + }) +} + // Regression test for https://github.com/hashicorp/terraform/issues/2603 and // https://github.com/hashicorp/terraform/issues/2664 func TestAccAWSDBSubnetGroup_withUndocumentedCharacters(t *testing.T) { @@ -105,38 +146,6 @@ func TestAccAWSDBSubnetGroup_updateDescription(t *testing.T) { }) } -func TestResourceAWSDBSubnetGroupNameValidation(t *testing.T) { - cases := []struct { - Value string - ErrCount int - }{ - { - Value: "tEsting", - ErrCount: 1, - }, - { - Value: "testing?", - ErrCount: 1, - }, - { - Value: "default", - ErrCount: 1, - }, - { - Value: randomString(300), - ErrCount: 1, - }, - } - - for _, tc := range cases { - _, errors := validateSubnetGroupName(tc.Value, "aws_db_subnet_group") - - if len(errors) != tc.ErrCount { - t.Fatalf("Expected the DB Subnet Group name to trigger a validation error") - } - } -} - func testAccCheckDBSubnetGroupDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).rdsconn @@ -263,6 +272,49 @@ resource "aws_db_subnet_group" "foo" { }`, rName) } +const testAccDBSubnetGroupConfig_namePrefix = ` +resource "aws_vpc" "test" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_subnet" "a" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.1.1.0/24" + availability_zone = "us-west-2a" +} + +resource "aws_subnet" "b" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.1.2.0/24" + availability_zone = "us-west-2b" +} + +resource "aws_db_subnet_group" "test" { + name_prefix = "tf_test-" + subnet_ids = ["${aws_subnet.a.id}", "${aws_subnet.b.id}"] +}` + +const testAccDBSubnetGroupConfig_generatedName = ` +resource "aws_vpc" "test" { + cidr_block = "10.1.0.0/16" +} + +resource "aws_subnet" "a" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.1.1.0/24" + availability_zone = "us-west-2a" +} + +resource "aws_subnet" "b" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.1.2.0/24" + availability_zone = "us-west-2b" +} + +resource "aws_db_subnet_group" "test" { + subnet_ids = ["${aws_subnet.a.id}", "${aws_subnet.b.id}"] +}` + const testAccDBSubnetGroupConfig_withUnderscoresAndPeriodsAndSpaces = ` resource "aws_vpc" "main" { cidr_block = "192.168.0.0/16" diff --git a/builtin/providers/aws/resource_aws_rds_cluster.go b/builtin/providers/aws/resource_aws_rds_cluster.go index 7461b880c9..c331296549 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster.go +++ b/builtin/providers/aws/resource_aws_rds_cluster.go @@ -36,10 +36,19 @@ func resourceAwsRDSCluster() *schema.Resource { }, "cluster_identifier": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"cluster_identifier_prefix"}, + ValidateFunc: validateRdsIdentifier, + }, + "cluster_identifier_prefix": { Type: schema.TypeString, - Required: true, + Optional: true, + Computed: true, ForceNew: true, - ValidateFunc: validateRdsId, + ValidateFunc: validateRdsIdentifierPrefix, }, "cluster_members": { @@ -225,6 +234,19 @@ func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error conn := meta.(*AWSClient).rdsconn tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{})) + var identifier string + if v, ok := d.GetOk("cluster_identifier"); ok { + identifier = v.(string) + } else { + if v, ok := d.GetOk("cluster_identifier_prefix"); ok { + identifier = resource.PrefixedUniqueId(v.(string)) + } else { + identifier = resource.PrefixedUniqueId("tf-") + } + + d.Set("cluster_identifier", identifier) + } + if _, ok := d.GetOk("snapshot_identifier"); ok { opts := rds.RestoreDBClusterFromSnapshotInput{ DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)), diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance.go b/builtin/providers/aws/resource_aws_rds_cluster_instance.go index 36f1116286..2caca45732 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_instance.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_instance.go @@ -24,10 +24,19 @@ func resourceAwsRDSClusterInstance() *schema.Resource { Schema: map[string]*schema.Schema{ "identifier": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"identifier_prefix"}, + ValidateFunc: validateRdsIdentifier, + }, + "identifier_prefix": { Type: schema.TypeString, Optional: true, + Computed: true, ForceNew: true, - ValidateFunc: validateRdsId, + ValidateFunc: validateRdsIdentifierPrefix, }, "db_subnet_group_name": { @@ -162,10 +171,14 @@ func resourceAwsRDSClusterInstanceCreate(d *schema.ResourceData, meta interface{ createOpts.DBParameterGroupName = aws.String(attr.(string)) } - if v := d.Get("identifier").(string); v != "" { - createOpts.DBInstanceIdentifier = aws.String(v) + if v, ok := d.GetOk("identifier"); ok { + createOpts.DBInstanceIdentifier = aws.String(v.(string)) } else { - createOpts.DBInstanceIdentifier = aws.String(resource.UniqueId()) + if v, ok := d.GetOk("identifier_prefix"); ok { + createOpts.DBInstanceIdentifier = aws.String(resource.PrefixedUniqueId(v.(string))) + } else { + createOpts.DBInstanceIdentifier = aws.String(resource.PrefixedUniqueId("tf-")) + } } if attr, ok := d.GetOk("db_subnet_group_name"); ok { diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go index b1e66ea7e2..df1a5d644a 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go @@ -46,6 +46,48 @@ func TestAccAWSRDSClusterInstance_basic(t *testing.T) { }) } +func TestAccAWSRDSClusterInstance_namePrefix(t *testing.T) { + var v rds.DBInstance + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSClusterInstanceConfig_namePrefix(acctest.RandInt()), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSClusterInstanceExists("aws_rds_cluster_instance.test", &v), + testAccCheckAWSDBClusterInstanceAttributes(&v), + resource.TestMatchResourceAttr( + "aws_rds_cluster_instance.test", "identifier", regexp.MustCompile("^tf-cluster-instance-")), + ), + }, + }, + }) +} + +func TestAccAWSRDSClusterInstance_generatedName(t *testing.T) { + var v rds.DBInstance + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSClusterInstanceConfig_generatedName(acctest.RandInt()), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSClusterInstanceExists("aws_rds_cluster_instance.test", &v), + testAccCheckAWSDBClusterInstanceAttributes(&v), + resource.TestMatchResourceAttr( + "aws_rds_cluster_instance.test", "identifier", regexp.MustCompile("^tf-")), + ), + }, + }, + }) +} + func TestAccAWSRDSClusterInstance_kmsKey(t *testing.T) { var v rds.DBInstance keyRegex := regexp.MustCompile("^arn:aws:kms:") @@ -256,6 +298,83 @@ resource "aws_db_parameter_group" "bar" { `, n, n, n) } +func testAccAWSClusterInstanceConfig_namePrefix(n int) string { + return fmt.Sprintf(` +resource "aws_rds_cluster_instance" "test" { + identifier_prefix = "tf-cluster-instance-" + cluster_identifier = "${aws_rds_cluster.test.id}" + instance_class = "db.r3.large" +} + +resource "aws_rds_cluster" "test" { + cluster_identifier = "tf-aurora-cluster-%d" + master_username = "root" + master_password = "password" + db_subnet_group_name = "${aws_db_subnet_group.test.name}" + skip_final_snapshot = true +} + +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "a" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.0.0/24" + availability_zone = "us-west-2a" +} + +resource "aws_subnet" "b" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.1.0/24" + availability_zone = "us-west-2b" +} + +resource "aws_db_subnet_group" "test" { + name = "tf-test-%d" + subnet_ids = ["${aws_subnet.a.id}", "${aws_subnet.b.id}"] +} +`, n, n) +} + +func testAccAWSClusterInstanceConfig_generatedName(n int) string { + return fmt.Sprintf(` +resource "aws_rds_cluster_instance" "test" { + cluster_identifier = "${aws_rds_cluster.test.id}" + instance_class = "db.r3.large" +} + +resource "aws_rds_cluster" "test" { + cluster_identifier = "tf-aurora-cluster-%d" + master_username = "root" + master_password = "password" + db_subnet_group_name = "${aws_db_subnet_group.test.name}" + skip_final_snapshot = true +} + +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "a" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.0.0/24" + availability_zone = "us-west-2a" +} + +resource "aws_subnet" "b" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.1.0/24" + availability_zone = "us-west-2b" +} + +resource "aws_db_subnet_group" "test" { + name = "tf-test-%d" + subnet_ids = ["${aws_subnet.a.id}", "${aws_subnet.b.id}"] +} +`, n, n) +} + func testAccAWSClusterInstanceConfigKmsKey(n int) string { return fmt.Sprintf(` diff --git a/builtin/providers/aws/resource_aws_rds_cluster_parameter_group.go b/builtin/providers/aws/resource_aws_rds_cluster_parameter_group.go index 62b0d497bf..61cb20f01d 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_parameter_group.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_parameter_group.go @@ -29,10 +29,19 @@ func resourceAwsRDSClusterParameterGroup() *schema.Resource { Computed: true, }, "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: []string{"name_prefix"}, + ValidateFunc: validateDbParamGroupName, + }, + "name_prefix": &schema.Schema{ Type: schema.TypeString, + Optional: true, + Computed: true, ForceNew: true, - Required: true, - ValidateFunc: validateDbParamGroupName, + ValidateFunc: validateDbParamGroupNamePrefix, }, "family": &schema.Schema{ Type: schema.TypeString, @@ -86,8 +95,17 @@ func resourceAwsRDSClusterParameterGroupCreate(d *schema.ResourceData, meta inte rdsconn := meta.(*AWSClient).rdsconn tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{})) + var groupName string + if v, ok := d.GetOk("name"); ok { + groupName = v.(string) + } else if v, ok := d.GetOk("name_prefix"); ok { + groupName = resource.PrefixedUniqueId(v.(string)) + } else { + groupName = resource.UniqueId() + } + createOpts := rds.CreateDBClusterParameterGroupInput{ - DBClusterParameterGroupName: aws.String(d.Get("name").(string)), + DBClusterParameterGroupName: aws.String(groupName), DBParameterGroupFamily: aws.String(d.Get("family").(string)), Description: aws.String(d.Get("description").(string)), Tags: tags, diff --git a/builtin/providers/aws/resource_aws_rds_cluster_parameter_group_test.go b/builtin/providers/aws/resource_aws_rds_cluster_parameter_group_test.go index f2a526d2e0..231fdf44c2 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_parameter_group_test.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_parameter_group_test.go @@ -3,6 +3,7 @@ package aws import ( "errors" "fmt" + "regexp" "testing" "time" @@ -90,6 +91,44 @@ func TestAccAWSDBClusterParameterGroup_basic(t *testing.T) { }) } +func TestAccAWSDBClusterParameterGroup_namePrefix(t *testing.T) { + var v rds.DBClusterParameterGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBClusterParameterGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBClusterParameterGroupConfig_namePrefix, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBClusterParameterGroupExists("aws_rds_cluster_parameter_group.test", &v), + resource.TestMatchResourceAttr( + "aws_rds_cluster_parameter_group.test", "name", regexp.MustCompile("^tf-test-")), + ), + }, + }, + }) +} + +func TestAccAWSDBClusterParameterGroup_generatedName(t *testing.T) { + var v rds.DBClusterParameterGroup + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBClusterParameterGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDBClusterParameterGroupConfig_generatedName, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSDBClusterParameterGroupExists("aws_rds_cluster_parameter_group.test", &v), + ), + }, + }, + }) +} + func TestAccAWSDBClusterParameterGroup_disappears(t *testing.T) { var v rds.DBClusterParameterGroup @@ -365,3 +404,15 @@ func testAccAWSDBClusterParameterGroupOnlyConfig(name string) string { family = "aurora5.6" }`, name) } + +const testAccAWSDBClusterParameterGroupConfig_namePrefix = ` +resource "aws_rds_cluster_parameter_group" "test" { + name_prefix = "tf-test-" + family = "aurora5.6" +} +` +const testAccAWSDBClusterParameterGroupConfig_generatedName = ` +resource "aws_rds_cluster_parameter_group" "test" { + family = "aurora5.6" +} +` diff --git a/builtin/providers/aws/resource_aws_rds_cluster_test.go b/builtin/providers/aws/resource_aws_rds_cluster_test.go index c18a6431aa..3774385a99 100644 --- a/builtin/providers/aws/resource_aws_rds_cluster_test.go +++ b/builtin/providers/aws/resource_aws_rds_cluster_test.go @@ -40,6 +40,46 @@ func TestAccAWSRDSCluster_basic(t *testing.T) { }) } +func TestAccAWSRDSCluster_namePrefix(t *testing.T) { + var v rds.DBCluster + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSClusterConfig_namePrefix(acctest.RandInt()), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSClusterExists("aws_rds_cluster.test", &v), + resource.TestMatchResourceAttr( + "aws_rds_cluster.test", "cluster_identifier", regexp.MustCompile("^tf-test-")), + ), + }, + }, + }) +} + +func TestAccAWSRDSCluster_generatedName(t *testing.T) { + var v rds.DBCluster + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSClusterConfig_generatedName(acctest.RandInt()), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSClusterExists("aws_rds_cluster.test", &v), + resource.TestMatchResourceAttr( + "aws_rds_cluster.test", "cluster_identifier", regexp.MustCompile("^tf-")), + ), + }, + }, + }) +} + func TestAccAWSRDSCluster_takeFinalSnapshot(t *testing.T) { var v rds.DBCluster rInt := acctest.RandInt() @@ -322,6 +362,71 @@ resource "aws_rds_cluster" "default" { }`, n) } +func testAccAWSClusterConfig_namePrefix(n int) string { + return fmt.Sprintf(` +resource "aws_rds_cluster" "test" { + cluster_identifier_prefix = "tf-test-" + master_username = "root" + master_password = "password" + db_subnet_group_name = "${aws_db_subnet_group.test.name}" + skip_final_snapshot = true +} + +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "a" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.0.0/24" + availability_zone = "us-west-2a" +} + +resource "aws_subnet" "b" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.1.0/24" + availability_zone = "us-west-2b" +} + +resource "aws_db_subnet_group" "test" { + name = "tf-test-%d" + subnet_ids = ["${aws_subnet.a.id}", "${aws_subnet.b.id}"] +} +`, n) +} + +func testAccAWSClusterConfig_generatedName(n int) string { + return fmt.Sprintf(` +resource "aws_rds_cluster" "test" { + master_username = "root" + master_password = "password" + db_subnet_group_name = "${aws_db_subnet_group.test.name}" + skip_final_snapshot = true +} + +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_subnet" "a" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.0.0/24" + availability_zone = "us-west-2a" +} + +resource "aws_subnet" "b" { + vpc_id = "${aws_vpc.test.id}" + cidr_block = "10.0.1.0/24" + availability_zone = "us-west-2b" +} + +resource "aws_db_subnet_group" "test" { + name = "tf-test-%d" + subnet_ids = ["${aws_subnet.a.id}", "${aws_subnet.b.id}"] +} +`, n) +} + func testAccAWSClusterConfigWithFinalSnapshot(n int) string { return fmt.Sprintf(` resource "aws_rds_cluster" "default" { diff --git a/builtin/providers/aws/validators.go b/builtin/providers/aws/validators.go index a8f9c66cfc..7ff0e6f389 100644 --- a/builtin/providers/aws/validators.go +++ b/builtin/providers/aws/validators.go @@ -12,7 +12,7 @@ import ( "github.com/hashicorp/terraform/helper/schema" ) -func validateRdsId(v interface{}, k string) (ws []string, errors []error) { +func validateRdsIdentifier(v interface{}, k string) (ws []string, errors []error) { value := v.(string) if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) { errors = append(errors, fmt.Errorf( @@ -33,6 +33,23 @@ func validateRdsId(v interface{}, k string) (ws []string, errors []error) { return } +func validateRdsIdentifierPrefix(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only lowercase alphanumeric characters and hyphens allowed in %q", k)) + } + if !regexp.MustCompile(`^[a-z]`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "first character of %q must be a letter", k)) + } + if regexp.MustCompile(`--`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q cannot contain two consecutive hyphens", k)) + } + return +} + func validateElastiCacheClusterId(v interface{}, k string) (ws []string, errors []error) { value := v.(string) if (len(value) < 1) || (len(value) > 20) { @@ -103,7 +120,27 @@ func validateDbParamGroupName(v interface{}, k string) (ws []string, errors []er "%q cannot be greater than 255 characters", k)) } return +} +func validateDbParamGroupNamePrefix(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only lowercase alphanumeric characters and hyphens allowed in %q", k)) + } + if !regexp.MustCompile(`^[a-z]`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "first character of %q must be a letter", k)) + } + if regexp.MustCompile(`--`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q cannot contain two consecutive hyphens", k)) + } + if len(value) > 255 { + errors = append(errors, fmt.Errorf( + "%q cannot be greater than 226 characters", k)) + } + return } func validateStreamViewType(v interface{}, k string) (ws []string, errors []error) { @@ -1041,3 +1078,79 @@ func validateApiGatewayUsagePlanQuotaSettings(v map[string]interface{}) (errors return } + +func validateDbSubnetGroupName(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[ .0-9a-z-_]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only lowercase alphanumeric characters, hyphens, underscores, periods, and spaces allowed in %q", k)) + } + if len(value) > 255 { + errors = append(errors, fmt.Errorf( + "%q cannot be longer than 255 characters", k)) + } + if regexp.MustCompile(`(?i)^default$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q is not allowed as %q", "Default", k)) + } + return +} + +func validateDbSubnetGroupNamePrefix(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[ .0-9a-z-_]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only lowercase alphanumeric characters, hyphens, underscores, periods, and spaces allowed in %q", k)) + } + if len(value) > 229 { + errors = append(errors, fmt.Errorf( + "%q cannot be longer than 229 characters", k)) + } + return +} + +func validateDbOptionGroupName(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[a-z]`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "first character of %q must be a letter", k)) + } + if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only alphanumeric characters and hyphens allowed in %q", k)) + } + if regexp.MustCompile(`--`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q cannot contain two consecutive hyphens", k)) + } + if regexp.MustCompile(`-$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q cannot end with a hyphen", k)) + } + if len(value) > 255 { + errors = append(errors, fmt.Errorf( + "%q cannot be greater than 255 characters", k)) + } + return +} + +func validateDbOptionGroupNamePrefix(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + if !regexp.MustCompile(`^[a-z]`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "first character of %q must be a letter", k)) + } + if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "only alphanumeric characters and hyphens allowed in %q", k)) + } + if regexp.MustCompile(`--`).MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q cannot contain two consecutive hyphens", k)) + } + if len(value) > 229 { + errors = append(errors, fmt.Errorf( + "%q cannot be greater than 229 characters", k)) + } + return +} diff --git a/builtin/providers/aws/validators_test.go b/builtin/providers/aws/validators_test.go index 0c37308fe3..7fe451a878 100644 --- a/builtin/providers/aws/validators_test.go +++ b/builtin/providers/aws/validators_test.go @@ -1785,3 +1785,131 @@ func TestValidateElbNamePrefix(t *testing.T) { } } } + +func TestValidateDbSubnetGroupName(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "tEsting", + ErrCount: 1, + }, + { + Value: "testing?", + ErrCount: 1, + }, + { + Value: "default", + ErrCount: 1, + }, + { + Value: randomString(300), + ErrCount: 1, + }, + } + + for _, tc := range cases { + _, errors := validateDbSubnetGroupName(tc.Value, "aws_db_subnet_group") + + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the DB Subnet Group name to trigger a validation error") + } + } +} + +func TestValidateDbSubnetGroupNamePrefix(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "tEsting", + ErrCount: 1, + }, + { + Value: "testing?", + ErrCount: 1, + }, + { + Value: randomString(230), + ErrCount: 1, + }, + } + + for _, tc := range cases { + _, errors := validateDbSubnetGroupNamePrefix(tc.Value, "aws_db_subnet_group") + + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the DB Subnet Group name prefix to trigger a validation error") + } + } +} + +func TestValidateDbOptionGroupName(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "testing123!", + ErrCount: 1, + }, + { + Value: "1testing123", + ErrCount: 1, + }, + { + Value: "testing--123", + ErrCount: 1, + }, + { + Value: "testing123-", + ErrCount: 1, + }, + { + Value: randomString(256), + ErrCount: 1, + }, + } + + for _, tc := range cases { + _, errors := validateDbOptionGroupName(tc.Value, "aws_db_option_group_name") + + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the DB Option Group Name to trigger a validation error") + } + } +} + +func TestValidateDbOptionGroupNamePrefix(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "testing123!", + ErrCount: 1, + }, + { + Value: "1testing123", + ErrCount: 1, + }, + { + Value: "testing--123", + ErrCount: 1, + }, + { + Value: randomString(230), + ErrCount: 1, + }, + } + + for _, tc := range cases { + _, errors := validateDbOptionGroupNamePrefix(tc.Value, "aws_db_option_group_name") + + if len(errors) != tc.ErrCount { + t.Fatalf("Expected the DB Option Group name prefix to trigger a validation error") + } + } +} diff --git a/website/source/docs/providers/aws/r/db_instance.html.markdown b/website/source/docs/providers/aws/r/db_instance.html.markdown index e491e37842..7e60444257 100644 --- a/website/source/docs/providers/aws/r/db_instance.html.markdown +++ b/website/source/docs/providers/aws/r/db_instance.html.markdown @@ -55,7 +55,8 @@ The following arguments are supported: * `allocated_storage` - (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) The allocated storage in gigabytes. * `engine` - (Required unless a `snapshot_identifier` or `replicate_source_db` is provided) The database engine to use. * `engine_version` - (Optional) The engine version to use. -* `identifier` - (Optional) The name of the RDS instance, if omitted, Terraform will assign a random, unique name +* `identifier` - (Optional, Forces new resource) The name of the RDS instance, if omitted, Terraform will assign a random, unique identifier. +* `identifier_prefix` - (Optional, Forces new resource) Creates a unique identifier beginning with the specified prefix. Conflicts with `identifer`. * `instance_class` - (Required) The instance type of the RDS instance. * `storage_type` - (Optional) One of "standard" (magnetic), "gp2" (general purpose SSD), or "io1" (provisioned IOPS SSD). The default is "io1" if @@ -156,7 +157,7 @@ On Oracle instances the following is exported additionally: - `create` - (Default `40 minutes`) Used for Creating Instances, Replicas, and restoring from Snapshots -- `update` - (Default `80 minutes`) Used for Database modifications +- `update` - (Default `80 minutes`) Used for Database modifications - `delete` - (Default `40 minutes`) Used for destroying databases. This includes the time required to take snapshots diff --git a/website/source/docs/providers/aws/r/db_option_group.html.markdown b/website/source/docs/providers/aws/r/db_option_group.html.markdown index faf7b351c0..ad4c4d5d4b 100644 --- a/website/source/docs/providers/aws/r/db_option_group.html.markdown +++ b/website/source/docs/providers/aws/r/db_option_group.html.markdown @@ -38,8 +38,9 @@ resource "aws_db_option_group" "bar" { The following arguments are supported: -* `name` - (Required) The name of the Option group to be created. -* `option_group_description` - (Required) The description of the option group. +* `name` - (Optional, Forces new resource) The name of the option group. If omitted, Terraform will assign a random, unique name. +* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`. +* `option_group_description` - (Optional) The description of the option group. Defaults to "Managed by Terraform". * `engine_name` - (Required) Specifies the name of the engine that this option group should be associated with.. * `major_engine_version` - (Required) Specifies the major version of the engine that this option group should be associated with. * `option` - (Optional) A list of Options to apply. @@ -70,4 +71,4 @@ DB Option groups can be imported using the `name`, e.g. ``` $ terraform import aws_db_option_group.bar mysql-option-group -``` \ No newline at end of file +``` diff --git a/website/source/docs/providers/aws/r/db_parameter_group.html.markdown b/website/source/docs/providers/aws/r/db_parameter_group.html.markdown index 271325034c..2e4d362d2d 100644 --- a/website/source/docs/providers/aws/r/db_parameter_group.html.markdown +++ b/website/source/docs/providers/aws/r/db_parameter_group.html.markdown @@ -31,7 +31,8 @@ resource "aws_db_parameter_group" "default" { The following arguments are supported: -* `name` - (Required) The name of the DB parameter group. +* `name` - (Optional, Forces new resource) The name of the DB parameter group. If omitted, Terraform will assign a random, unique name. +* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`. * `family` - (Required) The family of the DB parameter group. * `description` - (Optional) The description of the DB parameter group. Defaults to "Managed by Terraform". * `parameter` - (Optional) A list of DB parameters to apply. @@ -58,4 +59,4 @@ DB Parameter groups can be imported using the `name`, e.g. ``` $ terraform import aws_db_parameter_group.rds_pg rds-pg -``` \ No newline at end of file +``` diff --git a/website/source/docs/providers/aws/r/db_subnet_group.html.markdown b/website/source/docs/providers/aws/r/db_subnet_group.html.markdown index a97f22c051..bee5eee527 100644 --- a/website/source/docs/providers/aws/r/db_subnet_group.html.markdown +++ b/website/source/docs/providers/aws/r/db_subnet_group.html.markdown @@ -27,7 +27,8 @@ resource "aws_db_subnet_group" "default" { The following arguments are supported: -* `name` - (Required) The name of the DB subnet group. +* `name` - (Optional, Forces new resource) The name of the DB subnet group. If omitted, Terraform will assign a random, unique name. +* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`. * `description` - (Optional) The description of the DB subnet group. Defaults to "Managed by Terraform". * `subnet_ids` - (Required) A list of VPC subnet IDs. * `tags` - (Optional) A mapping of tags to assign to the resource. @@ -46,4 +47,4 @@ DB Subnet groups can be imported using the `name`, e.g. ``` $ terraform import aws_db_subnet_group.default production-subnet-group -``` \ No newline at end of file +``` diff --git a/website/source/docs/providers/aws/r/rds_cluster.html.markdown b/website/source/docs/providers/aws/r/rds_cluster.html.markdown index b40cbab402..6139824f19 100644 --- a/website/source/docs/providers/aws/r/rds_cluster.html.markdown +++ b/website/source/docs/providers/aws/r/rds_cluster.html.markdown @@ -53,8 +53,8 @@ the [AWS official documentation](https://docs.aws.amazon.com/AmazonRDS/latest/Co The following arguments are supported: -* `cluster_identifier` - (Required) The Cluster Identifier. Must be a lower case -string. +* `cluster_identifier` - (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier. +* `cluster_identifier_prefix` - (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifer`. * `database_name` - (Optional) The name for your database of up to 8 alpha-numeric characters. If you do not provide a name, Amazon RDS will not create a database in the DB cluster you are creating diff --git a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown index d5196d7338..031972d4b1 100644 --- a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown +++ b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown @@ -47,8 +47,8 @@ the [AWS official documentation](https://docs.aws.amazon.com/AmazonRDS/latest/Co The following arguments are supported: -* `identifier` - (Optional) The Instance Identifier. Must be a lower case -string. If omitted, a unique identifier will be generated. +* `identifier` - (Optional, Forces new resource) The indentifier for the RDS instance, if omitted, Terraform will assign a random, unique identifier. +* `identifier_prefix` - (Optional, Forces new resource) Creates a unique identifier beginning with the specified prefix. Conflicts with `identifer`. * `cluster_identifier` - (Required) The identifier of the [`aws_rds_cluster`](/docs/providers/aws/r/rds_cluster.html) in which to launch this instance. * `instance_class` - (Required) The instance class to use. For details on CPU and memory, see [Scaling Aurora DB Instances][4]. Aurora currently diff --git a/website/source/docs/providers/aws/r/rds_cluster_parameter_group.markdown b/website/source/docs/providers/aws/r/rds_cluster_parameter_group.markdown index 8b465efad5..c2fa63d78c 100644 --- a/website/source/docs/providers/aws/r/rds_cluster_parameter_group.markdown +++ b/website/source/docs/providers/aws/r/rds_cluster_parameter_group.markdown @@ -32,9 +32,10 @@ resource "aws_rds_cluster_parameter_group" "default" { The following arguments are supported: -* `name` - (Required) The name of the DB cluster parameter group. +* `name` - (Optional, Forces new resource) The name of the DB cluster parameter group. If omitted, Terraform will assign a random, unique name. +* `name_prefix` - (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts with `name`. * `family` - (Required) The family of the DB cluster parameter group. -* `description` - (Required) The description of the DB cluster parameter group. +* `description` - (Optional) The description of the DB cluster parameter group. Defaults to "Managed by Terraform". * `parameter` - (Optional) A list of DB parameters to apply. * `tags` - (Optional) A mapping of tags to assign to the resource. @@ -60,4 +61,4 @@ RDS Cluster Parameter Groups can be imported using the `name`, e.g. ``` $ terraform import aws_rds_cluster_parameter_group.cluster_pg production-pg-1 -``` \ No newline at end of file +``` From d7a339eb4627b9a2f4b82f969bebbf0823a6e3d3 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Fri, 31 Mar 2017 20:23:27 +0300 Subject: [PATCH 088/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 295ecb0b97..3c672c3d35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ IMPROVEMENTS: * provider/aws: `aws_opsworks_stack` `custom_cookbooks_source.0.password` field marked as sensitive [GH-13147] * provider/aws: Support the ability to enable / disable ipv6 support in VPC [GH-12527] * provider/aws: Added API Gateway integration update [GH-13249] + * provider/aws: Add `identifier` | `name_prefix` to RDS resources [GH-13232] * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] * provider/triton: Move to joyent/triton-go [GH-13225] From 50fb9aecbdf9bc637c1b3b2ae9eeb01ca06fe95e Mon Sep 17 00:00:00 2001 From: James Nugent Date: Fri, 31 Mar 2017 11:33:08 -0700 Subject: [PATCH 089/101] deps: Update github.com/joyent/triton-go/authentication (#13255) This commit allows private key material to be used with the Triton provider, which is necessary for running acceptance tests in the HashiCorp CI environment. --- .../authentication/private_key_signer.go | 15 +++++++++------ vendor/vendor.json | 10 +++++----- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go b/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go index aadb6ee5f4..20dc6bfedf 100644 --- a/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go +++ b/vendor/github.com/joyent/triton-go/authentication/private_key_signer.go @@ -7,10 +7,12 @@ import ( "crypto/x509" "encoding/base64" "encoding/pem" + "errors" "fmt" + "strings" + "github.com/hashicorp/errwrap" "golang.org/x/crypto/ssh" - "strings" ) type PrivateKeySigner struct { @@ -27,23 +29,23 @@ func NewPrivateKeySigner(keyFingerprint string, privateKeyMaterial []byte, accou block, _ := pem.Decode(privateKeyMaterial) if block == nil { - return nil, fmt.Errorf("Error PEM-decoding private key material: nil block received") + return nil, errors.New("Error PEM-decoding private key material: nil block received") } rsakey, err := x509.ParsePKCS1PrivateKey(block.Bytes) if err != nil { - return nil, errwrap.Wrapf("Error parsing private key: %s", err) + return nil, errwrap.Wrapf("Error parsing private key: {{err}}", err) } sshPublicKey, err := ssh.NewPublicKey(rsakey.Public()) if err != nil { - return nil, errwrap.Wrapf("Error parsing SSH key from private key: %s", err) + return nil, errwrap.Wrapf("Error parsing SSH key from private key: {{err}}", err) } matchKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, false) displayKeyFingerprint := formatPublicKeyFingerprint(sshPublicKey, true) if matchKeyFingerprint != keyFingerprintMD5 { - return nil, fmt.Errorf("Private key file does not match public key fingerprint") + return nil, errors.New("Private key file does not match public key fingerprint") } return &PrivateKeySigner{ @@ -69,5 +71,6 @@ func (s *PrivateKeySigner) Sign(dateHeader string) (string, error) { } signedBase64 := base64.StdEncoding.EncodeToString(signed) - return fmt.Sprintf(authorizationHeaderFormat, s.formattedKeyFingerprint, "rsa-sha1", headerName, signedBase64), nil + keyID := fmt.Sprintf("/%s/keys/%s", s.accountName, s.formattedKeyFingerprint) + return fmt.Sprintf(authorizationHeaderFormat, keyID, "rsa-sha1", headerName, signedBase64), nil } diff --git a/vendor/vendor.json b/vendor/vendor.json index e8993495c6..1d3e40282f 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -2296,14 +2296,14 @@ { "checksumSHA1": "fue8Al8kqw/Q6VFPsNzoky7NIgo=", "path": "github.com/joyent/triton-go", - "revision": "ed036af6d128e3c1ef76e92218810d3b298d1407", - "revisionTime": "2017-03-30T22:02:44Z" + "revision": "66b31a94af28a65e902423879a2820ea34b773fb", + "revisionTime": "2017-03-31T18:12:29Z" }, { - "checksumSHA1": "7sIV9LK625xVO9WsV1gaLQgfBeY=", + "checksumSHA1": "QzUqkCSn/ZHyIK346xb9V6EBw9U=", "path": "github.com/joyent/triton-go/authentication", - "revision": "ed036af6d128e3c1ef76e92218810d3b298d1407", - "revisionTime": "2017-03-30T22:02:44Z" + "revision": "66b31a94af28a65e902423879a2820ea34b773fb", + "revisionTime": "2017-03-31T18:12:29Z" }, { "checksumSHA1": "YhQcOsGx8r2S/jkJ0Qt4cZ5BLCU=", From 173bf10e7b2afcb64f127fc2033c1e91a60aea53 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Fri, 31 Mar 2017 22:22:12 +0100 Subject: [PATCH 090/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c672c3d35..3717de123e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ IMPROVEMENTS: * provider/aws: Support the ability to enable / disable ipv6 support in VPC [GH-12527] * provider/aws: Added API Gateway integration update [GH-13249] * provider/aws: Add `identifier` | `name_prefix` to RDS resources [GH-13232] + * provider/github: Handle the case when issue labels already exist [GH-13182] * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] * provider/triton: Move to joyent/triton-go [GH-13225] From 0c4c578552d4f4015da8adff6316b0bd13985245 Mon Sep 17 00:00:00 2001 From: Doug Neal Date: Sat, 1 Apr 2017 06:57:34 +0100 Subject: [PATCH 091/101] provider/aws: Implement aws_ses_domain_identity (#13098) * provider/aws: New resource: aws_ses_domain_identity Provide a resource to manage domain identities in SES. Exports the verification_code attribute which can be used to add the TXT record to the domain to complete the domain verification. * provider/aws: Acceptance tests for aws_ses_domain_identity * Resource aws_ses_domain_identity: Documentation update Provide documentation for the new resource type. --- builtin/providers/aws/provider.go | 1 + .../aws/resource_aws_ses_domain_identity.go | 99 +++++++++++++++++ .../resource_aws_ses_domain_identity_test.go | 100 ++++++++++++++++++ .../source/docs/import/importability.html.md | 1 + .../aws/r/ses_domain_identity.html.markdown | 46 ++++++++ website/source/layouts/aws.erb | 4 + 6 files changed, 251 insertions(+) create mode 100644 builtin/providers/aws/resource_aws_ses_domain_identity.go create mode 100644 builtin/providers/aws/resource_aws_ses_domain_identity_test.go create mode 100644 website/source/docs/providers/aws/r/ses_domain_identity.html.markdown diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 0ad5817858..e1c7d24ac4 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -386,6 +386,7 @@ func Provider() terraform.ResourceProvider { "aws_route_table": resourceAwsRouteTable(), "aws_route_table_association": resourceAwsRouteTableAssociation(), "aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(), + "aws_ses_domain_identity": resourceAwsSesDomainIdentity(), "aws_ses_receipt_filter": resourceAwsSesReceiptFilter(), "aws_ses_receipt_rule": resourceAwsSesReceiptRule(), "aws_ses_receipt_rule_set": resourceAwsSesReceiptRuleSet(), diff --git a/builtin/providers/aws/resource_aws_ses_domain_identity.go b/builtin/providers/aws/resource_aws_ses_domain_identity.go new file mode 100644 index 0000000000..7eba7a1873 --- /dev/null +++ b/builtin/providers/aws/resource_aws_ses_domain_identity.go @@ -0,0 +1,99 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ses" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsSesDomainIdentity() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsSesDomainIdentityCreate, + Read: resourceAwsSesDomainIdentityRead, + Delete: resourceAwsSesDomainIdentityDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "domain": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "verification_token": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func resourceAwsSesDomainIdentityCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).sesConn + + domainName := d.Get("domain").(string) + + createOpts := &ses.VerifyDomainIdentityInput{ + Domain: aws.String(domainName), + } + + _, err := conn.VerifyDomainIdentity(createOpts) + if err != nil { + return fmt.Errorf("Error requesting SES domain identity verification: %s", err) + } + + d.SetId(domainName) + + return resourceAwsSesDomainIdentityRead(d, meta) +} + +func resourceAwsSesDomainIdentityRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).sesConn + + domainName := d.Id() + d.Set("domain", domainName) + + readOpts := &ses.GetIdentityVerificationAttributesInput{ + Identities: []*string{ + aws.String(domainName), + }, + } + + response, err := conn.GetIdentityVerificationAttributes(readOpts) + if err != nil { + log.Printf("[WARN] Error fetching identity verification attributes for %s: %s", d.Id(), err) + return err + } + + verificationAttrs, ok := response.VerificationAttributes[domainName] + if !ok { + log.Printf("[WARN] Domain not listed in response when fetching verification attributes for %s", d.Id()) + d.SetId("") + return nil + } + + d.Set("verification_token", verificationAttrs.VerificationToken) + return nil +} + +func resourceAwsSesDomainIdentityDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).sesConn + + domainName := d.Get("domain").(string) + + deleteOpts := &ses.DeleteIdentityInput{ + Identity: aws.String(domainName), + } + + _, err := conn.DeleteIdentity(deleteOpts) + if err != nil { + return fmt.Errorf("Error deleting SES domain identity: %s", err) + } + + return nil +} diff --git a/builtin/providers/aws/resource_aws_ses_domain_identity_test.go b/builtin/providers/aws/resource_aws_ses_domain_identity_test.go new file mode 100644 index 0000000000..6119fa1231 --- /dev/null +++ b/builtin/providers/aws/resource_aws_ses_domain_identity_test.go @@ -0,0 +1,100 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ses" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAwsSESDomainIdentity_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAwsSESDomainIdentityDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: fmt.Sprintf( + testAccAwsSESDomainIdentityConfig, + acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum), + ), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsSESDomainIdentityExists("aws_ses_domain_identity.test"), + ), + }, + }, + }) +} + +func testAccCheckAwsSESDomainIdentityDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).sesConn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_ses_domain_identity" { + continue + } + + domain := rs.Primary.ID + params := &ses.GetIdentityVerificationAttributesInput{ + Identities: []*string{ + aws.String(domain), + }, + } + + response, err := conn.GetIdentityVerificationAttributes(params) + if err != nil { + return err + } + + if response.VerificationAttributes[domain] != nil { + return fmt.Errorf("SES Domain Identity %s still exists. Failing!", domain) + } + } + + return nil +} + +func testAccCheckAwsSESDomainIdentityExists(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("SES Domain Identity not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("SES Domain Identity name not set") + } + + domain := rs.Primary.ID + conn := testAccProvider.Meta().(*AWSClient).sesConn + + params := &ses.GetIdentityVerificationAttributesInput{ + Identities: []*string{ + aws.String(domain), + }, + } + + response, err := conn.GetIdentityVerificationAttributes(params) + if err != nil { + return err + } + + if response.VerificationAttributes[domain] == nil { + return fmt.Errorf("SES Domain Identity %s not found in AWS", domain) + } + + return nil + } +} + +const testAccAwsSESDomainIdentityConfig = ` +resource "aws_ses_domain_identity" "test" { + domain = "%s.terraformtesting.com" +} +` diff --git a/website/source/docs/import/importability.html.md b/website/source/docs/import/importability.html.md index a9bac81e6d..933c47a1dc 100644 --- a/website/source/docs/import/importability.html.md +++ b/website/source/docs/import/importability.html.md @@ -92,6 +92,7 @@ To make a resource importable, please see the * aws_route_table * aws_s3_bucket * aws_security_group +* aws_ses_domain_identity * aws_ses_receipt_filter * aws_ses_receipt_rule_set * aws_simpledb_domain diff --git a/website/source/docs/providers/aws/r/ses_domain_identity.html.markdown b/website/source/docs/providers/aws/r/ses_domain_identity.html.markdown new file mode 100644 index 0000000000..e005160bf1 --- /dev/null +++ b/website/source/docs/providers/aws/r/ses_domain_identity.html.markdown @@ -0,0 +1,46 @@ +--- +layout: "aws" +page_title: "AWS: ses_domain_identity" +sidebar_current: "docs-aws-resource-ses-domain-identity" +description: |- + Provides an SES domain identity resource +--- + +# aws\_ses\_domain_identity + +Provides an SES domain identity resource + +## Argument Reference + +The following arguments are supported: + +* `domain` - (Required) The domain name to assign to SES + +## Attributes Reference + +The following attributes are exported: + +* `verification_token` - A code which when added to the domain as a TXT record + will signal to SES that the owner of the domain has authorised SES to act on + their behalf. The domain identity will be in state "verification pending" + until this is done. See below for an example of how this might be achieved + when the domain is hosted in Route 53 and managed by Terraform. Find out + more about verifying domains in Amazon SES in the [AWS SES + docs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html). + +## Example Usage + +``` +resource "aws_ses_domain_identity" "example" { + domain = "example.com" +} + +resource "aws_route53_record" "example_amazonses_verification_record" { + zone_id = "ABCDEFGHIJ123" + name = "_amazonses.example.com" + type = "TXT" + ttl = "600" + records = ["${aws_ses_domain_identity.example.verification_token}"] +} +``` + diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index d3e39f97d5..75e5d546e9 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -1127,6 +1127,10 @@ aws_ses_active_receipt_rule_set + > + aws_ses_domain_identity + + > aws_ses_receipt_filter From 6667a85cd9d1b764cd3b48a6e1c415fb4a45b02f Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Sat, 1 Apr 2017 06:58:27 +0100 Subject: [PATCH 092/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3717de123e..0c1e81f63e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ FEATURES: * **New Resource:** `aws_lightsail_static_ip` [GH-13175] * **New Resource:** `aws_lightsail_static_ip_attachment` [GH-13207] + * **New Resource:** `aws_ses_domain_identity` [GH-13098] * **New Resource:** `kubernetes_secret` [GH-12960] * **New Data Source:** `aws_iam_role` [GH-13213] From b8f6e2a70ae0e741ddf8a3ef69334121bd62ae93 Mon Sep 17 00:00:00 2001 From: Jonathan Camp Date: Sat, 1 Apr 2017 16:39:46 +0200 Subject: [PATCH 093/101] provider/aws: handle aws_lambda_function missing s3 key error (#10960) * ensure NoSuchKey is not a retryable error * Simplify err handling + lower log msg severity --- .../providers/aws/resource_aws_lambda_function.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/builtin/providers/aws/resource_aws_lambda_function.go b/builtin/providers/aws/resource_aws_lambda_function.go index 211da109d7..4eedd77a35 100644 --- a/builtin/providers/aws/resource_aws_lambda_function.go +++ b/builtin/providers/aws/resource_aws_lambda_function.go @@ -297,14 +297,13 @@ func resourceAwsLambdaFunctionCreate(d *schema.ResourceData, meta interface{}) e err := resource.Retry(10*time.Minute, func() *resource.RetryError { _, err := conn.CreateFunction(params) if err != nil { - log.Printf("[ERROR] Received %q, retrying CreateFunction", err) - if awserr, ok := err.(awserr.Error); ok { - if awserr.Code() == "InvalidParameterValueException" { - log.Printf("[DEBUG] InvalidParameterValueException creating Lambda Function: %s", awserr) - return resource.RetryableError(awserr) - } - } log.Printf("[DEBUG] Error creating Lambda Function: %s", err) + + if isAWSErr(err, "InvalidParameterValueException", "The role defined for the function cannot be assumed by Lambda") { + log.Printf("[DEBUG] Received %s, retrying CreateFunction", err) + return resource.RetryableError(err) + } + return resource.NonRetryableError(err) } return nil From 26c544547710eed3882d53d6d11b7d4c0625c47f Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Sat, 1 Apr 2017 15:42:17 +0100 Subject: [PATCH 094/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c1e81f63e..6e1a57e878 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,6 +43,7 @@ BUG FIXES: * provider/aws: Refresh aws_alb_target_group tags [GH-13200] * provider/aws: Set aws_vpn_connection to recreate when in deleted state [GH-13204] * provider/aws: Wait for aws_opsworks_instance to be running when it's specified [GH-13218] + * provider/aws: Handle `aws_lambda_function` missing s3 key error [GH-10960] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From 4b9ec9c9200d4fe77101a62f94958dea678da3b5 Mon Sep 17 00:00:00 2001 From: Masayuki Morita Date: Sun, 2 Apr 2017 01:31:32 +0900 Subject: [PATCH 095/101] provider/aws: Validate aws_ecs_task_definition.container_definitions (#12161) --- .../aws/resource_aws_ecs_task_definition.go | 10 ++++ .../resource_aws_ecs_task_definition_test.go | 48 +++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/builtin/providers/aws/resource_aws_ecs_task_definition.go b/builtin/providers/aws/resource_aws_ecs_task_definition.go index 2734afba96..fa082472b6 100644 --- a/builtin/providers/aws/resource_aws_ecs_task_definition.go +++ b/builtin/providers/aws/resource_aws_ecs_task_definition.go @@ -45,6 +45,7 @@ func resourceAwsEcsTaskDefinition() *schema.Resource { hash := sha1.Sum([]byte(v.(string))) return hex.EncodeToString(hash[:]) }, + ValidateFunc: validateAwsEcsTaskDefinitionContainerDefinitions, }, "task_role_arn": { @@ -121,6 +122,15 @@ func validateAwsEcsTaskDefinitionNetworkMode(v interface{}, k string) (ws []stri return } +func validateAwsEcsTaskDefinitionContainerDefinitions(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + _, err := expandEcsContainerDefinitions(value) + if err != nil { + errors = append(errors, fmt.Errorf("ECS Task Definition container_definitions is invalid: %s", err)) + } + return +} + func resourceAwsEcsTaskDefinitionCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).ecsconn diff --git a/builtin/providers/aws/resource_aws_ecs_task_definition_test.go b/builtin/providers/aws/resource_aws_ecs_task_definition_test.go index a414130cdf..afbf2955f8 100644 --- a/builtin/providers/aws/resource_aws_ecs_task_definition_test.go +++ b/builtin/providers/aws/resource_aws_ecs_task_definition_test.go @@ -203,6 +203,28 @@ func TestValidateAwsEcsTaskDefinitionNetworkMode(t *testing.T) { } } +func TestValidateAwsEcsTaskDefinitionContainerDefinitions(t *testing.T) { + validDefinitions := []string{ + testValidateAwsEcsTaskDefinitionValidContainerDefinitions, + } + for _, v := range validDefinitions { + _, errors := validateAwsEcsTaskDefinitionContainerDefinitions(v, "container_definitions") + if len(errors) != 0 { + t.Fatalf("%q should be a valid AWS ECS Task Definition Container Definitions: %q", v, errors) + } + } + + invalidDefinitions := []string{ + testValidateAwsEcsTaskDefinitionInvalidCommandContainerDefinitions, + } + for _, v := range invalidDefinitions { + _, errors := validateAwsEcsTaskDefinitionContainerDefinitions(v, "container_definitions") + if len(errors) == 0 { + t.Fatalf("%q should be an invalid AWS ECS Task Definition Container Definitions", v) + } + } +} + func testAccCheckAWSEcsTaskDefinitionDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).ecsconn @@ -666,3 +688,29 @@ TASK_DEFINITION } } ` + +var testValidateAwsEcsTaskDefinitionValidContainerDefinitions = ` +[ + { + "name": "sleep", + "image": "busybox", + "cpu": 10, + "command": ["sleep","360"], + "memory": 10, + "essential": true + } +] +` + +var testValidateAwsEcsTaskDefinitionInvalidCommandContainerDefinitions = ` +[ + { + "name": "sleep", + "image": "busybox", + "cpu": 10, + "command": "sleep 360", + "memory": 10, + "essential": true + } +] +` From 9b55ce5385fe0f7a5c0895c41843bb19432e0886 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Sat, 1 Apr 2017 17:32:18 +0100 Subject: [PATCH 096/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e1a57e878..5261d3ae3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ IMPROVEMENTS: * provider/aws: Support the ability to enable / disable ipv6 support in VPC [GH-12527] * provider/aws: Added API Gateway integration update [GH-13249] * provider/aws: Add `identifier` | `name_prefix` to RDS resources [GH-13232] + * provider/aws: Validate `aws_ecs_task_definition.container_definitions` [GH-12161] * provider/github: Handle the case when issue labels already exist [GH-13182] * provider/google: Mark `google_container_cluster`'s `client_key` & `password` inside `master_auth` as sensitive [GH-13148] * provider/triton: Move to joyent/triton-go [GH-13225] From d209dc1a32bb75cb072601c5d96f1e9080f485e7 Mon Sep 17 00:00:00 2001 From: stack72 Date: Mon, 3 Apr 2017 01:48:45 +0300 Subject: [PATCH 097/101] provider/aws: Fixup AWS db instance acceptance tests with default security group --- builtin/providers/aws/resource_aws_db_instance_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_db_instance_test.go b/builtin/providers/aws/resource_aws_db_instance_test.go index 6c8d451ca0..17d3bf6b88 100644 --- a/builtin/providers/aws/resource_aws_db_instance_test.go +++ b/builtin/providers/aws/resource_aws_db_instance_test.go @@ -676,7 +676,6 @@ resource "aws_db_instance" "test" { instance_class = "db.t1.micro" password = "password" username = "root" - security_group_names = ["default"] publicly_accessible = true skip_final_snapshot = true @@ -692,7 +691,6 @@ resource "aws_db_instance" "test" { instance_class = "db.t1.micro" password = "password" username = "root" - security_group_names = ["default"] publicly_accessible = true skip_final_snapshot = true From 2d8f3f257afbe301a5e5af12c7c1f30fc45f0e06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hern=C3=A1n=20Schmidt?= Date: Mon, 3 Apr 2017 10:38:35 +0200 Subject: [PATCH 098/101] Fix small typo --- website/source/docs/configuration/interpolation.html.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/configuration/interpolation.html.md b/website/source/docs/configuration/interpolation.html.md index b101730a39..7092615850 100644 --- a/website/source/docs/configuration/interpolation.html.md +++ b/website/source/docs/configuration/interpolation.html.md @@ -322,7 +322,7 @@ The supported built-in functions are: `a_resource_param = ["${split(",", var.CSV_STRING)}"]`. Example: `split(",", module.amod.server_ids)` - * `substr(string, offset, length)` - Extracts a substring from the input string. A negative offset is interpreted as being equivalent to a positive offset measured backwards from the end of the string. A length of `-1` is interpretted as meaning "until the end of the string". + * `substr(string, offset, length)` - Extracts a substring from the input string. A negative offset is interpreted as being equivalent to a positive offset measured backwards from the end of the string. A length of `-1` is interpreted as meaning "until the end of the string". * `timestamp()` - Returns a UTC timestamp string in RFC 3339 format. This string will change with every invocation of the function, so in order to prevent diffs on every plan & apply, it must be used with the From b80d3e5701f24e468c004363b7f5d3a9c97a6c82 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Mon, 3 Apr 2017 12:11:45 +0300 Subject: [PATCH 099/101] provider/aws: Set stickiness to computed in alb_target_group (#13278) The Default values set by AWS were breaking the AWS ALB Listener Rule tests. The stickiness parameter needed to be set to be Computed: true to remove this discrepancy ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListenerRule_basic' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/04/03 01:23:47 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListenerRule_basic -timeout 120m === RUN TestAccAWSALBListenerRule_basic --- PASS: TestAccAWSALBListenerRule_basic (235.36s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 235.397s ``` --- builtin/providers/aws/resource_aws_alb_target_group.go | 1 + 1 file changed, 1 insertion(+) diff --git a/builtin/providers/aws/resource_aws_alb_target_group.go b/builtin/providers/aws/resource_aws_alb_target_group.go index df1a662be1..9412198d49 100644 --- a/builtin/providers/aws/resource_aws_alb_target_group.go +++ b/builtin/providers/aws/resource_aws_alb_target_group.go @@ -73,6 +73,7 @@ func resourceAwsAlbTargetGroup() *schema.Resource { "stickiness": { Type: schema.TypeList, Optional: true, + Computed: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ From ef2d2646a8a9e0c8ea02096d51016e64f080c817 Mon Sep 17 00:00:00 2001 From: Paul Stack Date: Mon, 3 Apr 2017 12:13:58 +0300 Subject: [PATCH 100/101] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5261d3ae3c..74e0105820 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ BUG FIXES: * provider/aws: Set aws_vpn_connection to recreate when in deleted state [GH-13204] * provider/aws: Wait for aws_opsworks_instance to be running when it's specified [GH-13218] * provider/aws: Handle `aws_lambda_function` missing s3 key error [GH-10960] + * provider/aws: Set stickiness to computed in alb_target_group [GH-13278] * provider/azurerm: Network Security Group - ignoring protocol casing at Import time [GH-13153] ## 0.9.2 (March 28, 2017) From fbbfe67bb5fb6584cd28338632d71b9e7174033b Mon Sep 17 00:00:00 2001 From: Adam Hoka Date: Mon, 3 Apr 2017 14:11:25 +0200 Subject: [PATCH 101/101] Update documentation to reflect reality From the code: "records": &schema.Schema{ Type: schema.TypeString, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, Removed: "Use `record` instead. This attribute will be removed in a future version", }, "record": &schema.Schema{ Type: schema.TypeString, Required: true, --- .../docs/providers/azurerm/r/dns_cname_record.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/source/docs/providers/azurerm/r/dns_cname_record.html.markdown b/website/source/docs/providers/azurerm/r/dns_cname_record.html.markdown index 38931897a8..10832dff2a 100644 --- a/website/source/docs/providers/azurerm/r/dns_cname_record.html.markdown +++ b/website/source/docs/providers/azurerm/r/dns_cname_record.html.markdown @@ -28,7 +28,7 @@ resource "azurerm_dns_cname_record" "test" { zone_name = "${azurerm_dns_zone.test.name}" resource_group_name = "${azurerm_resource_group.test.name}" ttl = "300" - records = ["contoso.com"] + record = "contoso.com" } ``` ## Argument Reference @@ -43,7 +43,7 @@ The following arguments are supported: * `TTL` - (Required) The Time To Live (TTL) of the DNS record. -* `records` - (Required) The target of the CNAME. Must be a single value. +* `record` - (Required) The target of the CNAME. * `tags` - (Optional) A mapping of tags to assign to the resource.