From 87cde8834ec176e5b1a86bec65853a345bd56890 Mon Sep 17 00:00:00 2001
From: Jean Mertz <jean@mertz.fm>
Date: Sun, 3 May 2015 16:00:00 +0200
Subject: [PATCH 001/335] OpenStack: add functionality to attach FloatingIP to
 Port

---
 ...urce_openstack_networking_floatingip_v2.go | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/builtin/providers/openstack/resource_openstack_networking_floatingip_v2.go b/builtin/providers/openstack/resource_openstack_networking_floatingip_v2.go
index 1b81c6a96e..37f1ca7cfe 100644
--- a/builtin/providers/openstack/resource_openstack_networking_floatingip_v2.go
+++ b/builtin/providers/openstack/resource_openstack_networking_floatingip_v2.go
@@ -14,6 +14,7 @@ func resourceNetworkingFloatingIPV2() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceNetworkFloatingIPV2Create,
 		Read:   resourceNetworkFloatingIPV2Read,
+		Update: resourceNetworkFloatingIPV2Update,
 		Delete: resourceNetworkFloatingIPV2Delete,
 
 		Schema: map[string]*schema.Schema{
@@ -33,6 +34,11 @@ func resourceNetworkingFloatingIPV2() *schema.Resource {
 				ForceNew:    true,
 				DefaultFunc: envDefaultFunc("OS_POOL_NAME"),
 			},
+			"port_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "",
+			},
 		},
 	}
 }
@@ -53,6 +59,7 @@ func resourceNetworkFloatingIPV2Create(d *schema.ResourceData, meta interface{})
 	}
 	createOpts := floatingips.CreateOpts{
 		FloatingNetworkID: poolID,
+		PortID:            d.Get("port_id").(string),
 	}
 	log.Printf("[DEBUG] Create Options: %#v", createOpts)
 	floatingIP, err := floatingips.Create(networkClient, createOpts).Extract()
@@ -78,6 +85,7 @@ func resourceNetworkFloatingIPV2Read(d *schema.ResourceData, meta interface{}) e
 	}
 
 	d.Set("address", floatingIP.FloatingIP)
+	d.Set("port_id", floatingIP.PortID)
 	poolName, err := getNetworkName(d, meta, floatingIP.FloatingNetworkID)
 	if err != nil {
 		return fmt.Errorf("Error retrieving floating IP pool name: %s", err)
@@ -87,6 +95,29 @@ func resourceNetworkFloatingIPV2Read(d *schema.ResourceData, meta interface{}) e
 	return nil
 }
 
+func resourceNetworkFloatingIPV2Update(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	networkClient, err := config.networkingV2Client(d.Get("region").(string))
+	if err != nil {
+		return fmt.Errorf("Error creating OpenStack network client: %s", err)
+	}
+
+	var updateOpts floatingips.UpdateOpts
+
+	if d.HasChange("port_id") {
+		updateOpts.PortID = d.Get("port_id").(string)
+	}
+
+	log.Printf("[DEBUG] Update Options: %#v", updateOpts)
+
+	_, err = floatingips.Update(networkClient, d.Id(), updateOpts).Extract()
+	if err != nil {
+		return fmt.Errorf("Error updating floating IP: %s", err)
+	}
+
+	return resourceNetworkFloatingIPV2Read(d, meta)
+}
+
 func resourceNetworkFloatingIPV2Delete(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 	networkClient, err := config.networkingV2Client(d.Get("region").(string))

From 739a411b4d867bf7036a38f3fd4feeca867cd939 Mon Sep 17 00:00:00 2001
From: Alexander Dupuy <alex.dupuy@mac.com>
Date: Mon, 18 May 2015 21:45:50 +0200
Subject: [PATCH 002/335] debug security group ids

---
 .../resource_openstack_compute_instance_v2.go     | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/builtin/providers/openstack/resource_openstack_compute_instance_v2.go b/builtin/providers/openstack/resource_openstack_compute_instance_v2.go
index 44fca923f6..066fa637ff 100644
--- a/builtin/providers/openstack/resource_openstack_compute_instance_v2.go
+++ b/builtin/providers/openstack/resource_openstack_compute_instance_v2.go
@@ -557,13 +557,6 @@ func resourceComputeInstanceV2Update(d *schema.ResourceData, meta interface{}) e
 
 		log.Printf("[DEBUG] Security groups to remove: %v", secgroupsToRemove)
 
-		for _, g := range secgroupsToAdd.List() {
-			err := secgroups.AddServerToGroup(computeClient, d.Id(), g.(string)).ExtractErr()
-			if err != nil {
-				return fmt.Errorf("Error adding security group to OpenStack server (%s): %s", d.Id(), err)
-			}
-			log.Printf("[DEBUG] Added security group (%s) to instance (%s)", g.(string), d.Id())
-		}
 
 		for _, g := range secgroupsToRemove.List() {
 			err := secgroups.RemoveServerFromGroup(computeClient, d.Id(), g.(string)).ExtractErr()
@@ -581,6 +574,14 @@ func resourceComputeInstanceV2Update(d *schema.ResourceData, meta interface{}) e
 				log.Printf("[DEBUG] Removed security group (%s) from instance (%s)", g.(string), d.Id())
 			}
 		}
+		for _, g := range secgroupsToAdd.List() {
+			err := secgroups.AddServerToGroup(computeClient, d.Id(), g.(string)).ExtractErr()
+			if err != nil {
+				return fmt.Errorf("Error adding security group to OpenStack server (%s): %s", d.Id(), err)
+			}
+			log.Printf("[DEBUG] Added security group (%s) to instance (%s)", g.(string), d.Id())
+		}
+
 	}
 
 	if d.HasChange("admin_pass") {

From 07ad320960e3fd61e80f00b919dc1a5217d0d321 Mon Sep 17 00:00:00 2001
From: Aaron Welch <welch@packet.net>
Date: Sun, 31 May 2015 15:58:14 +0100
Subject: [PATCH 003/335] Packet bare metal cloud hosting platform provider

---
 builtin/bins/provider-packet/main.go          |  12 +
 builtin/providers/packet/config.go            |  18 ++
 builtin/providers/packet/provider.go          |  36 +++
 builtin/providers/packet/provider_test.go     |  35 ++
 .../packet/resource_packet_device.go          | 302 ++++++++++++++++++
 .../packet/resource_packet_project.go         | 123 +++++++
 .../packet/resource_packet_project_test.go    |  95 ++++++
 .../packet/resource_packet_ssh_key.go         | 128 ++++++++
 .../packet/resource_packet_ssh_key_test.go    | 104 ++++++
 .../docs/providers/packet/index.html.markdown |  47 +++
 .../providers/packet/r/device.html.markdown   |  55 ++++
 .../providers/packet/r/project.html.markdown  |  40 +++
 .../providers/packet/r/ssh_key.html.markdown  |  43 +++
 13 files changed, 1038 insertions(+)
 create mode 100644 builtin/bins/provider-packet/main.go
 create mode 100644 builtin/providers/packet/config.go
 create mode 100644 builtin/providers/packet/provider.go
 create mode 100644 builtin/providers/packet/provider_test.go
 create mode 100644 builtin/providers/packet/resource_packet_device.go
 create mode 100644 builtin/providers/packet/resource_packet_project.go
 create mode 100644 builtin/providers/packet/resource_packet_project_test.go
 create mode 100644 builtin/providers/packet/resource_packet_ssh_key.go
 create mode 100644 builtin/providers/packet/resource_packet_ssh_key_test.go
 create mode 100644 website/source/docs/providers/packet/index.html.markdown
 create mode 100644 website/source/docs/providers/packet/r/device.html.markdown
 create mode 100644 website/source/docs/providers/packet/r/project.html.markdown
 create mode 100644 website/source/docs/providers/packet/r/ssh_key.html.markdown

diff --git a/builtin/bins/provider-packet/main.go b/builtin/bins/provider-packet/main.go
new file mode 100644
index 0000000000..6d8198ef2b
--- /dev/null
+++ b/builtin/bins/provider-packet/main.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"github.com/hashicorp/terraform/builtin/providers/packet"
+	"github.com/hashicorp/terraform/plugin"
+)
+
+func main() {
+	plugin.Serve(&plugin.ServeOpts{
+		ProviderFunc: packet.Provider,
+	})
+}
diff --git a/builtin/providers/packet/config.go b/builtin/providers/packet/config.go
new file mode 100644
index 0000000000..659ee9ebc8
--- /dev/null
+++ b/builtin/providers/packet/config.go
@@ -0,0 +1,18 @@
+package packet
+
+import (
+	"github.com/packethost/packngo"
+)
+
+const (
+	consumerToken = "aZ9GmqHTPtxevvFq9SK3Pi2yr9YCbRzduCSXF2SNem5sjB91mDq7Th3ZwTtRqMWZ"
+)
+
+type Config struct {
+	AuthToken string
+}
+
+// Client() returns a new client for accessing packet.
+func (c *Config) Client() *packngo.Client {
+	return packngo.NewClient(consumerToken, c.AuthToken)
+}
diff --git a/builtin/providers/packet/provider.go b/builtin/providers/packet/provider.go
new file mode 100644
index 0000000000..c1efd6e838
--- /dev/null
+++ b/builtin/providers/packet/provider.go
@@ -0,0 +1,36 @@
+package packet
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// Provider returns a schema.Provider for Packet.
+func Provider() terraform.ResourceProvider {
+	return &schema.Provider{
+		Schema: map[string]*schema.Schema{
+			"auth_token": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("PACKET_AUTH_TOKEN", nil),
+				Description: "The API auth key for API operations.",
+			},
+		},
+
+		ResourcesMap: map[string]*schema.Resource{
+			"packet_device":  resourcePacketDevice(),
+			"packet_ssh_key": resourcePacketSSHKey(),
+			"packet_project": resourcePacketProject(),
+		},
+
+		ConfigureFunc: providerConfigure,
+	}
+}
+
+func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	config := Config{
+		AuthToken: d.Get("auth_token").(string),
+	}
+
+	return config.Client(), nil
+}
diff --git a/builtin/providers/packet/provider_test.go b/builtin/providers/packet/provider_test.go
new file mode 100644
index 0000000000..5483c4fb08
--- /dev/null
+++ b/builtin/providers/packet/provider_test.go
@@ -0,0 +1,35 @@
+package packet
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+var testAccProviders map[string]terraform.ResourceProvider
+var testAccProvider *schema.Provider
+
+func init() {
+	testAccProvider = Provider().(*schema.Provider)
+	testAccProviders = map[string]terraform.ResourceProvider{
+		"packet": testAccProvider,
+	}
+}
+
+func TestProvider(t *testing.T) {
+	if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
+func TestProvider_impl(t *testing.T) {
+	var _ terraform.ResourceProvider = Provider()
+}
+
+func testAccPreCheck(t *testing.T) {
+	if v := os.Getenv("PACKET_AUTH_TOKEN"); v == "" {
+		t.Fatal("PACKET_AUTH_TOKEN must be set for acceptance tests")
+	}
+}
diff --git a/builtin/providers/packet/resource_packet_device.go b/builtin/providers/packet/resource_packet_device.go
new file mode 100644
index 0000000000..56fc7afe55
--- /dev/null
+++ b/builtin/providers/packet/resource_packet_device.go
@@ -0,0 +1,302 @@
+package packet
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/packethost/packngo"
+)
+
+func resourcePacketDevice() *schema.Resource {
+	return &schema.Resource{
+		Create: resourcePacketDeviceCreate,
+		Read:   resourcePacketDeviceRead,
+		Update: resourcePacketDeviceUpdate,
+		Delete: resourcePacketDeviceDelete,
+
+		Schema: map[string]*schema.Schema{
+			"project_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"hostname": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"operating_system": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"facility": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"plan": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"billing_cycle": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"state": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"locked": &schema.Schema{
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+
+			"network": &schema.Schema{
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"address": &schema.Schema{
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"gateway": &schema.Schema{
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+
+						"family": &schema.Schema{
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+
+						"cidr": &schema.Schema{
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+
+						"public": &schema.Schema{
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+					},
+				},
+			},
+
+			"created": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"updated": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"user_data": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"tags": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func resourcePacketDeviceCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	createRequest := &packngo.DeviceCreateRequest{
+		HostName:     d.Get("hostname").(string),
+		Plan:         d.Get("plan").(string),
+		Facility:     d.Get("facility").(string),
+		OS:           d.Get("operating_system").(string),
+		BillingCycle: d.Get("billing_cycle").(string),
+		ProjectID:    d.Get("project_id").(string),
+	}
+
+	if attr, ok := d.GetOk("user_data"); ok {
+		createRequest.UserData = attr.(string)
+	}
+
+	tags := d.Get("tags.#").(int)
+	if tags > 0 {
+		createRequest.Tags = make([]string, 0, tags)
+		for i := 0; i < tags; i++ {
+			key := fmt.Sprintf("tags.%d", i)
+			createRequest.Tags = append(createRequest.Tags, d.Get(key).(string))
+		}
+	}
+
+	log.Printf("[DEBUG] Device create configuration: %#v", createRequest)
+
+	newDevice, _, err := client.Devices.Create(createRequest)
+	if err != nil {
+		return fmt.Errorf("Error creating device: %s", err)
+	}
+
+	// Assign the device id
+	d.SetId(newDevice.ID)
+
+	log.Printf("[INFO] Device ID: %s", d.Id())
+
+	_, err = WaitForDeviceAttribute(d, "active", []string{"provisioning"}, "state", meta)
+	if err != nil {
+		return fmt.Errorf(
+			"Error waiting for device (%s) to become ready: %s", d.Id(), err)
+	}
+
+	return resourcePacketDeviceRead(d, meta)
+}
+
+func resourcePacketDeviceRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	// Retrieve the device properties for updating the state
+	device, _, err := client.Devices.Get(d.Id())
+	if err != nil {
+		return fmt.Errorf("Error retrieving device: %s", err)
+	}
+
+	d.Set("name", device.Hostname)
+	d.Set("plan", device.Plan.Slug)
+	d.Set("facility", device.Facility.Code)
+	d.Set("operating_system", device.OS.Slug)
+	d.Set("state", device.State)
+	d.Set("billing_cycle", device.BillingCycle)
+	d.Set("locked", device.Locked)
+	d.Set("created", device.Created)
+	d.Set("udpated", device.Updated)
+
+	tags := make([]string, 0)
+	for _, tag := range device.Tags {
+		tags = append(tags, tag)
+	}
+	d.Set("tags", tags)
+
+	networks := make([]map[string]interface{}, 0, 1)
+	for _, ip := range device.Network {
+		network := make(map[string]interface{})
+		network["address"] = ip.Address
+		network["gateway"] = ip.Gateway
+		network["family"] = ip.Family
+		network["cidr"] = ip.Cidr
+		network["public"] = ip.Public
+		networks = append(networks, network)
+	}
+	d.Set("network", networks)
+
+	return nil
+}
+
+func resourcePacketDeviceUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	if d.HasChange("locked") && d.Get("locked").(bool) {
+		_, err := client.Devices.Lock(d.Id())
+
+		if err != nil {
+			return fmt.Errorf(
+				"Error locking device (%s): %s", d.Id(), err)
+		}
+	} else if d.HasChange("locked") {
+		_, err := client.Devices.Unlock(d.Id())
+
+		if err != nil {
+			return fmt.Errorf(
+				"Error unlocking device (%s): %s", d.Id(), err)
+		}
+	}
+
+	return resourcePacketDeviceRead(d, meta)
+}
+
+func resourcePacketDeviceDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	log.Printf("[INFO] Deleting device: %s", d.Id())
+	if _, err := client.Devices.Delete(d.Id()); err != nil {
+		return fmt.Errorf("Error deleting device: %s", err)
+	}
+
+	return nil
+}
+
+func WaitForDeviceAttribute(
+	d *schema.ResourceData, target string, pending []string, attribute string, meta interface{}) (interface{}, error) {
+	// Wait for the device so we can get the networking attributes
+	// that show up after a while
+	log.Printf(
+		"[INFO] Waiting for device (%s) to have %s of %s",
+		d.Id(), attribute, target)
+
+	stateConf := &resource.StateChangeConf{
+		Pending:    pending,
+		Target:     target,
+		Refresh:    newDeviceStateRefreshFunc(d, attribute, meta),
+		Timeout:    60 * time.Minute,
+		Delay:      10 * time.Second,
+		MinTimeout: 3 * time.Second,
+	}
+
+	return stateConf.WaitForState()
+}
+
+func newDeviceStateRefreshFunc(
+	d *schema.ResourceData, attribute string, meta interface{}) resource.StateRefreshFunc {
+	client := meta.(*packngo.Client)
+	return func() (interface{}, string, error) {
+		err := resourcePacketDeviceRead(d, meta)
+		if err != nil {
+			return nil, "", err
+		}
+
+		// See if we can access our attribute
+		if attr, ok := d.GetOk(attribute); ok {
+			// Retrieve the device properties
+			device, _, err := client.Devices.Get(d.Id())
+			if err != nil {
+				return nil, "", fmt.Errorf("Error retrieving device: %s", err)
+			}
+
+			return &device, attr.(string), nil
+		}
+
+		return nil, "", nil
+	}
+}
+
+// Powers on the device and waits for it to be active
+func powerOnAndWait(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+	_, err := client.Devices.PowerOn(d.Id())
+	if err != nil {
+		return err
+	}
+
+	// Wait for power on
+	_, err = WaitForDeviceAttribute(d, "active", []string{"off"}, "state", client)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/builtin/providers/packet/resource_packet_project.go b/builtin/providers/packet/resource_packet_project.go
new file mode 100644
index 0000000000..e41ef1381a
--- /dev/null
+++ b/builtin/providers/packet/resource_packet_project.go
@@ -0,0 +1,123 @@
+package packet
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/packethost/packngo"
+)
+
+func resourcePacketProject() *schema.Resource {
+	return &schema.Resource{
+		Create: resourcePacketProjectCreate,
+		Read:   resourcePacketProjectRead,
+		Update: resourcePacketProjectUpdate,
+		Delete: resourcePacketProjectDelete,
+
+		Schema: map[string]*schema.Schema{
+			"id": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"payment_method": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"created": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"updated": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourcePacketProjectCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	createRequest := &packngo.ProjectCreateRequest{
+		Name:          d.Get("name").(string),
+		PaymentMethod: d.Get("payment_method").(string),
+	}
+
+	log.Printf("[DEBUG] Project create configuration: %#v", createRequest)
+	project, _, err := client.Projects.Create(createRequest)
+	if err != nil {
+		return fmt.Errorf("Error creating Project: %s", err)
+	}
+
+	d.SetId(project.ID)
+	log.Printf("[INFO] Project created: %s", project.ID)
+
+	return resourcePacketProjectRead(d, meta)
+}
+
+func resourcePacketProjectRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	key, _, err := client.Projects.Get(d.Id())
+	if err != nil {
+		// If the project somehow already destroyed, mark as
+		// succesfully gone
+		if strings.Contains(err.Error(), "404") {
+			d.SetId("")
+			return nil
+		}
+
+		return fmt.Errorf("Error retrieving Project: %s", err)
+	}
+
+	d.Set("id", key.ID)
+	d.Set("name", key.Name)
+	d.Set("created", key.Created)
+	d.Set("updated", key.Updated)
+
+	return nil
+}
+
+func resourcePacketProjectUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	updateRequest := &packngo.ProjectUpdateRequest{
+		ID:   d.Get("id").(string),
+		Name: d.Get("name").(string),
+	}
+
+	if attr, ok := d.GetOk("payment_method"); ok {
+		updateRequest.PaymentMethod = attr.(string)
+	}
+
+	log.Printf("[DEBUG] Project update: %#v", d.Get("id"))
+	_, _, err := client.Projects.Update(updateRequest)
+	if err != nil {
+		return fmt.Errorf("Failed to update Project: %s", err)
+	}
+
+	return resourcePacketProjectRead(d, meta)
+}
+
+func resourcePacketProjectDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	log.Printf("[INFO] Deleting Project: %s", d.Id())
+	_, err := client.Projects.Delete(d.Id())
+	if err != nil {
+		return fmt.Errorf("Error deleting SSH key: %s", err)
+	}
+
+	d.SetId("")
+	return nil
+}
diff --git a/builtin/providers/packet/resource_packet_project_test.go b/builtin/providers/packet/resource_packet_project_test.go
new file mode 100644
index 0000000000..b0179cfbec
--- /dev/null
+++ b/builtin/providers/packet/resource_packet_project_test.go
@@ -0,0 +1,95 @@
+package packet
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/packethost/packngo"
+)
+
+func TestAccPacketProject_Basic(t *testing.T) {
+	var project packngo.Project
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckPacketProjectDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckPacketProjectConfig_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPacketProjectExists("packet_project.foobar", &project),
+					testAccCheckPacketProjectAttributes(&project),
+					resource.TestCheckResourceAttr(
+						"packet_project.foobar", "name", "foobar"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckPacketProjectDestroy(s *terraform.State) error {
+	client := testAccProvider.Meta().(*packngo.Client)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "packet_project" {
+			continue
+		}
+
+		_, _, err := client.Projects.Get(rs.Primary.ID)
+
+		if err == nil {
+			fmt.Errorf("Project cstill exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckPacketProjectAttributes(project *packngo.Project) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+
+		if project.Name != "foobar" {
+			return fmt.Errorf("Bad name: %s", project.Name)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckPacketProjectExists(n string, project *packngo.Project) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Record ID is set")
+		}
+
+		client := testAccProvider.Meta().(*packngo.Client)
+
+		foundProject, _, err := client.Projects.Get(rs.Primary.ID)
+
+		if err != nil {
+			return err
+		}
+
+		if foundProject.ID != rs.Primary.ID {
+			return fmt.Errorf("Record not found: %v - %v", rs.Primary.ID, foundProject)
+		}
+
+		*project = *foundProject
+
+		return nil
+	}
+}
+
+var testAccCheckPacketProjectConfig_basic = fmt.Sprintf(`
+resource "packet_project" "foobar" {
+    name = "foobar"
+}`)
diff --git a/builtin/providers/packet/resource_packet_ssh_key.go b/builtin/providers/packet/resource_packet_ssh_key.go
new file mode 100644
index 0000000000..95e04bd8ca
--- /dev/null
+++ b/builtin/providers/packet/resource_packet_ssh_key.go
@@ -0,0 +1,128 @@
+package packet
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/packethost/packngo"
+)
+
+func resourcePacketSSHKey() *schema.Resource {
+	return &schema.Resource{
+		Create: resourcePacketSSHKeyCreate,
+		Read:   resourcePacketSSHKeyRead,
+		Update: resourcePacketSSHKeyUpdate,
+		Delete: resourcePacketSSHKeyDelete,
+
+		Schema: map[string]*schema.Schema{
+			"id": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"public_key": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"fingerprint": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"created": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"updated": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourcePacketSSHKeyCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	createRequest := &packngo.SSHKeyCreateRequest{
+		Label: d.Get("name").(string),
+		Key:   d.Get("public_key").(string),
+	}
+
+	log.Printf("[DEBUG] SSH Key create configuration: %#v", createRequest)
+	key, _, err := client.SSHKeys.Create(createRequest)
+	if err != nil {
+		return fmt.Errorf("Error creating SSH Key: %s", err)
+	}
+
+	d.SetId(key.ID)
+	log.Printf("[INFO] SSH Key: %s", key.ID)
+
+	return resourcePacketSSHKeyRead(d, meta)
+}
+
+func resourcePacketSSHKeyRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	key, _, err := client.SSHKeys.Get(d.Id())
+	if err != nil {
+		// If the key is somehow already destroyed, mark as
+		// succesfully gone
+		if strings.Contains(err.Error(), "404") {
+			d.SetId("")
+			return nil
+		}
+
+		return fmt.Errorf("Error retrieving SSH key: %s", err)
+	}
+
+	d.Set("id", key.ID)
+	d.Set("name", key.Label)
+	d.Set("public_key", key.Key)
+	d.Set("fingerprint", key.FingerPrint)
+	d.Set("created", key.Created)
+	d.Set("updated", key.Updated)
+
+	return nil
+}
+
+func resourcePacketSSHKeyUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	updateRequest := &packngo.SSHKeyUpdateRequest{
+		ID:    d.Get("id").(string),
+		Label: d.Get("name").(string),
+		Key:   d.Get("public_key").(string),
+	}
+
+	log.Printf("[DEBUG] SSH key update: %#v", d.Get("id"))
+	_, _, err := client.SSHKeys.Update(updateRequest)
+	if err != nil {
+		return fmt.Errorf("Failed to update SSH key: %s", err)
+	}
+
+	return resourcePacketSSHKeyRead(d, meta)
+}
+
+func resourcePacketSSHKeyDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*packngo.Client)
+
+	log.Printf("[INFO] Deleting SSH key: %s", d.Id())
+	_, err := client.SSHKeys.Delete(d.Id())
+	if err != nil {
+		return fmt.Errorf("Error deleting SSH key: %s", err)
+	}
+
+	d.SetId("")
+	return nil
+}
diff --git a/builtin/providers/packet/resource_packet_ssh_key_test.go b/builtin/providers/packet/resource_packet_ssh_key_test.go
new file mode 100644
index 0000000000..765086d4fa
--- /dev/null
+++ b/builtin/providers/packet/resource_packet_ssh_key_test.go
@@ -0,0 +1,104 @@
+package packet
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/packethost/packngo"
+)
+
+func TestAccPacketSSHKey_Basic(t *testing.T) {
+	var key packngo.SSHKey
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckPacketSSHKeyDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckPacketSSHKeyConfig_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPacketSSHKeyExists("packet_ssh_key.foobar", &key),
+					testAccCheckPacketSSHKeyAttributes(&key),
+					resource.TestCheckResourceAttr(
+						"packet_ssh_key.foobar", "name", "foobar"),
+					resource.TestCheckResourceAttr(
+						"packet_ssh_key.foobar", "public_key", testAccValidPublicKey),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckPacketSSHKeyDestroy(s *terraform.State) error {
+	client := testAccProvider.Meta().(*packngo.Client)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "packet_ssh_key" {
+			continue
+		}
+
+		_, _, err := client.SSHKeys.Get(rs.Primary.ID)
+
+		if err == nil {
+			fmt.Errorf("SSH key still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckPacketSSHKeyAttributes(key *packngo.SSHKey) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+
+		if key.Label != "foobar" {
+			return fmt.Errorf("Bad name: %s", key.Label)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckPacketSSHKeyExists(n string, key *packngo.SSHKey) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Record ID is set")
+		}
+
+		client := testAccProvider.Meta().(*packngo.Client)
+
+		foundKey, _, err := client.SSHKeys.Get(rs.Primary.ID)
+
+		if err != nil {
+			return err
+		}
+
+		if foundKey.ID != rs.Primary.ID {
+			return fmt.Errorf("SSh Key not found: %v - %v", rs.Primary.ID, foundKey)
+		}
+
+		*key = *foundKey
+
+		fmt.Printf("key: %v", key)
+		return nil
+	}
+}
+
+var testAccCheckPacketSSHKeyConfig_basic = fmt.Sprintf(`
+resource "packet_ssh_key" "foobar" {
+    name = "foobar"
+    public_key = "%s"
+}`, testAccValidPublicKey)
+
+var testAccValidPublicKey = strings.TrimSpace(`
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCKVmnMOlHKcZK8tpt3MP1lqOLAcqcJzhsvJcjscgVERRN7/9484SOBJ3HSKxxNG5JN8owAjy5f9yYwcUg+JaUVuytn5Pv3aeYROHGGg+5G346xaq3DAwX6Y5ykr2fvjObgncQBnuU5KHWCECO/4h8uWuwh/kfniXPVjFToc+gnkqA+3RKpAecZhFXwfalQ9mMuYGFxn+fwn8cYEApsJbsEmb0iJwPiZ5hjFC8wREuiTlhPHDgkBLOiycd20op2nXzDbHfCHInquEe/gYxEitALONxm0swBOwJZwlTDOB7C6y2dzlrtxr1L59m7pCkWI4EtTRLvleehBoj3u7jB4usR
+`)
diff --git a/website/source/docs/providers/packet/index.html.markdown b/website/source/docs/providers/packet/index.html.markdown
new file mode 100644
index 0000000000..bbe9f5d1ea
--- /dev/null
+++ b/website/source/docs/providers/packet/index.html.markdown
@@ -0,0 +1,47 @@
+---
+layout: "packet"
+page_title: "Provider: Packet"
+sidebar_current: "docs-packet-index"
+description: |-
+  The Packet provider is used to interact with the resources supported by Packet. The provider needs to be configured with the proper credentials before it can be used.
+---
+
+# Packet Provider
+
+The Packet provider is used to interact with the resources supported by Packet.
+The provider needs to be configured with the proper credentials before it can be used.
+
+Use the navigation to the left to read about the available resources.
+
+## Example Usage
+
+```
+# Configure the Packet Provider
+provider "packet" {
+		auth_token = "${var.auth_token}"
+}
+
+# Create a project
+resource "packet_project" "tf_project_1" {
+		name = "My First Terraform Project"
+		payment_method = "PAYMENT_METHOD_ID"
+}
+
+# Create a device and add it to tf_project_1
+resource "packet_device" "web1" {
+		hostname = "tf.coreos2"
+		plan = "baremetal_1"
+		facility = "ewr1"
+		operating_system = "coreos_stable"
+		billing_cycle = "hourly"
+		project_id = "${packet_project.tf_project_1.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `auth_token` - (Required) This is your Packet API Auth token. This can also be specified
+  with the `PACKET_AUTH_TOKEN` shell environment variable.
+
diff --git a/website/source/docs/providers/packet/r/device.html.markdown b/website/source/docs/providers/packet/r/device.html.markdown
new file mode 100644
index 0000000000..6d57dcbb51
--- /dev/null
+++ b/website/source/docs/providers/packet/r/device.html.markdown
@@ -0,0 +1,55 @@
+---
+layout: "packet"
+page_title: "Packet: packet_device"
+sidebar_current: "docs-packet-resource-device"
+description: |-
+  Provides a Packet device resource. This can be used to create, modify, and delete devices.
+---
+
+# packet\_device
+
+Provides a Packet device resource. This can be used to create,
+modify, and delete devices.
+
+## Example Usage
+
+```
+# Create a device and add it to tf_project_1
+resource "packet_device" "web1" {
+		hostname = "tf.coreos2"
+		plan = "baremetal_1"
+		facility = "ewr1"
+		operating_system = "coreos_stable"
+		billing_cycle = "hourly"
+		project_id = "${packet_project.tf_project_1.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `hostname` - (Required) The device name
+* `project_id` - (Required) The id of the project in which to create the device
+* `operating_system` - (Required) The operating system slug
+* `facility` - (Required) The facility in which to create the device
+* `plan` - (Required) The config type slug
+* `billing_cycle` - (Required) monthly or hourly
+* `user_data` (Optional) - A string of the desired User Data for the device.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the device
+* `hostname`- The hostname of the device
+* `project_id`- The Id of the project the device belonds to
+* `facility` - The facility the device is in 
+* `plan` - The config type of the device
+* `network` - The private and public v4 and v6 IPs assigned to the device
+* `locked` - Is the device locked
+* `billing_cycle` - The billing cycle of the device (monthly or hourly)
+* `operating_system` - The operating system running on the device
+* `status` - The status of the device
+* `created` - The timestamp for when the device was created
+* `updated` - The timestamp for the last time the device was udpated
diff --git a/website/source/docs/providers/packet/r/project.html.markdown b/website/source/docs/providers/packet/r/project.html.markdown
new file mode 100644
index 0000000000..d17190eec5
--- /dev/null
+++ b/website/source/docs/providers/packet/r/project.html.markdown
@@ -0,0 +1,40 @@
+---
+layout: "packet"
+page_title: "Packet: packet_ssh_key"
+sidebar_current: "docs-packet-resource-project"
+description: |-
+  Provides a Packet Project resource.
+---
+
+# packet\_project
+
+Provides a Packet Project resource to allow you manage devices
+in your projects.
+
+## Example Usage
+
+```
+# Create a new Project
+resource "packet_project" "tf_project_1" {
+    name = "Terraform Fun"
+    payment_method = "payment-method-id"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the SSH key for identification
+* `payment_method` - (Required) The id of the payment method on file to use for services created
+on this project.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The unique ID of the key
+* `payment_method` - The id of the payment method on file to use for services created
+on this project.
+* `created` - The timestamp for when the SSH key was created
+* `updated` - The timestamp for the last time the SSH key was udpated
diff --git a/website/source/docs/providers/packet/r/ssh_key.html.markdown b/website/source/docs/providers/packet/r/ssh_key.html.markdown
new file mode 100644
index 0000000000..cb27aaa774
--- /dev/null
+++ b/website/source/docs/providers/packet/r/ssh_key.html.markdown
@@ -0,0 +1,43 @@
+---
+layout: "packet"
+page_title: "Packet: packet_ssh_key"
+sidebar_current: "docs-packet-resource-ssh-key"
+description: |-
+  Provides a Packet SSH key resource.
+---
+
+# packet\_ssh_key
+
+Provides a Packet SSH key resource to allow you manage SSH
+keys on your account. All ssh keys on your account are loaded on
+all new devices, they do not have to be explicitly declared on
+device creation.
+
+## Example Usage
+
+```
+# Create a new SSH key
+resource "packet_ssh_key" "key1" {
+    name = "terraform-1"
+    public_key = "${file("/home/terraform/.ssh/id_rsa.pub")}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the SSH key for identification
+* `public_key` - (Required) The public key. If this is a file, it
+can be read using the file interpolation function
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The unique ID of the key
+* `name` - The name of the SSH key
+* `public_key` - The text of the public key
+* `fingerprint` - The fingerprint of the SSH key
+* `created` - The timestamp for when the SSH key was created
+* `updated` - The timestamp for the last time the SSH key was udpated

From 09e336a80a6afac5a8c998a704c59db54d87259f Mon Sep 17 00:00:00 2001
From: Matti Savolainen <matti@applifier.com>
Date: Fri, 3 Jul 2015 12:58:05 +0300
Subject: [PATCH 004/335] Fix Repository attribute in docker client PullOptions
 for private registries.

---
 .../docker/resource_docker_image_funcs.go     |  4 +--
 .../docker/resource_docker_image_test.go      | 28 +++++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/docker/resource_docker_image_funcs.go b/builtin/providers/docker/resource_docker_image_funcs.go
index f45dd22264..454113c5fd 100644
--- a/builtin/providers/docker/resource_docker_image_funcs.go
+++ b/builtin/providers/docker/resource_docker_image_funcs.go
@@ -83,7 +83,7 @@ func pullImage(data *Data, client *dc.Client, image string) error {
 		splitPortRepo := strings.Split(splitImageName[1], "/")
 		pullOpts.Registry = splitImageName[0] + ":" + splitPortRepo[0]
 		pullOpts.Tag = splitImageName[2]
-		pullOpts.Repository = strings.Join(splitPortRepo[1:], "/")
+		pullOpts.Repository = pullOpts.Registry + "/" + strings.Join(splitPortRepo[1:], "/")
 
 	// It's either registry:port/username/repo, registry:port/repo,
 	// or repo:tag with default registry
@@ -98,7 +98,7 @@ func pullImage(data *Data, client *dc.Client, image string) error {
 		// registry:port/username/repo or registry:port/repo
 		default:
 			pullOpts.Registry = splitImageName[0] + ":" + splitPortRepo[0]
-			pullOpts.Repository = strings.Join(splitPortRepo[1:], "/")
+			pullOpts.Repository = pullOpts.Registry + "/" + strings.Join(splitPortRepo[1:], "/")
 			pullOpts.Tag = "latest"
 		}
 
diff --git a/builtin/providers/docker/resource_docker_image_test.go b/builtin/providers/docker/resource_docker_image_test.go
index 14dfb29b7c..844b56329e 100644
--- a/builtin/providers/docker/resource_docker_image_test.go
+++ b/builtin/providers/docker/resource_docker_image_test.go
@@ -1,9 +1,8 @@
 package docker
 
 import (
-	"testing"
-
 	"github.com/hashicorp/terraform/helper/resource"
+	"testing"
 )
 
 func TestAccDockerImage_basic(t *testing.T) {
@@ -24,9 +23,34 @@ func TestAccDockerImage_basic(t *testing.T) {
 	})
 }
 
+func TestAddDockerImage_private(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAddDockerPrivateImageConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"docker_image.foobar",
+						"latest",
+						"2c40b0526b6358710fd09e7b8c022429268cc61703b4777e528ac9d469a07ca1"),
+				),
+			},
+		},
+	})
+}
+
 const testAccDockerImageConfig = `
 resource "docker_image" "foo" {
 	name = "ubuntu:trusty-20150320"
 	keep_updated = true
 }
 `
+
+const testAddDockerPrivateImageConfig = `
+resource "docker_image" "foobar" {
+	name = "gcr.io:443/google_containers/pause:0.8.0"
+	keep_updated = true
+}
+`

From c617445fec616bbc9e92013869d33d4b43294642 Mon Sep 17 00:00:00 2001
From: Paul Forman <paul.forman@bodybuilding.com>
Date: Wed, 29 Jul 2015 15:44:02 -0600
Subject: [PATCH 005/335] Update AWS ASG termination policy code and tests

The initial commit of AWS autoscaling group termination policy was
unfinished.  It only worked on "create", and so had a needless ForceNew
that would rebuild autoscaling groups on any change.  It also used a
HashString set, so it didn't preserve ordering of multiple policies
correctly.

Added the "update" operation, and converted to a TypeList to preserve
ordering.  In addition, removing the policy or setting it to a null list
will reset the policy to "Default", the standard AWS policy.

Updated the acceptance tests to verify the update, but the null case is
difficult to test.
---
 .../aws/resource_aws_autoscaling_group.go     | 28 ++++++++++++++-----
 .../resource_aws_autoscaling_group_test.go    |  9 ++++--
 2 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_autoscaling_group.go b/builtin/providers/aws/resource_aws_autoscaling_group.go
index 88fa2561de..52aab5acd4 100644
--- a/builtin/providers/aws/resource_aws_autoscaling_group.go
+++ b/builtin/providers/aws/resource_aws_autoscaling_group.go
@@ -112,12 +112,9 @@ func resourceAwsAutoscalingGroup() *schema.Resource {
 			},
 
 			"termination_policies": &schema.Schema{
-				Type:     schema.TypeSet,
+				Type:     schema.TypeList,
 				Optional: true,
-				Computed: true,
-				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set:      schema.HashString,
 			},
 
 			"tag": autoscalingTagsSchema(),
@@ -169,9 +166,8 @@ func resourceAwsAutoscalingGroupCreate(d *schema.ResourceData, meta interface{})
 		autoScalingGroupOpts.VPCZoneIdentifier = expandVpcZoneIdentifiers(v.(*schema.Set).List())
 	}
 
-	if v, ok := d.GetOk("termination_policies"); ok && v.(*schema.Set).Len() > 0 {
-		autoScalingGroupOpts.TerminationPolicies = expandStringList(
-			v.(*schema.Set).List())
+	if v, ok := d.GetOk("termination_policies"); ok && len(v.([]interface{})) > 0 {
+		autoScalingGroupOpts.TerminationPolicies = expandStringList(v.([]interface{}))
 	}
 
 	log.Printf("[DEBUG] AutoScaling Group create configuration: %#v", autoScalingGroupOpts)
@@ -262,6 +258,24 @@ func resourceAwsAutoscalingGroupUpdate(d *schema.ResourceData, meta interface{})
 		}
 	}
 
+	if d.HasChange("termination_policies") {
+		// If the termination policy is set to null, we need to explicitly set
+		// it back to "Default", or the API won't reset it for us.
+		// This means GetOk() will fail us on the zero check.
+		v := d.Get("termination_policies")
+		if len(v.([]interface{})) > 0 {
+			opts.TerminationPolicies = expandStringList(v.([]interface{}))
+		} else {
+			// Policies is a slice of string pointers, so build one.
+			// Maybe there's a better idiom for this?
+			log.Printf("[DEBUG] Explictly setting null termination policy to 'Default'")
+			pol := "Default"
+			s := make([]*string, 1, 1)
+			s[0] = &pol
+			opts.TerminationPolicies = s
+		}
+	}
+
 	if err := setAutoscalingTags(conn, d); err != nil {
 		return err
 	} else {
diff --git a/builtin/providers/aws/resource_aws_autoscaling_group_test.go b/builtin/providers/aws/resource_aws_autoscaling_group_test.go
index 814a51bc72..1bc1cea883 100644
--- a/builtin/providers/aws/resource_aws_autoscaling_group_test.go
+++ b/builtin/providers/aws/resource_aws_autoscaling_group_test.go
@@ -45,7 +45,9 @@ func TestAccAWSAutoScalingGroup_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"aws_autoscaling_group.bar", "force_delete", "true"),
 					resource.TestCheckResourceAttr(
-						"aws_autoscaling_group.bar", "termination_policies.912102603", "OldestInstance"),
+						"aws_autoscaling_group.bar", "termination_policies.0", "OldestInstance"),
+					resource.TestCheckResourceAttr(
+						"aws_autoscaling_group.bar", "termination_policies.1", "ClosestToNextInstanceHour"),
 				),
 			},
 
@@ -56,6 +58,8 @@ func TestAccAWSAutoScalingGroup_basic(t *testing.T) {
 					testAccCheckAWSLaunchConfigurationExists("aws_launch_configuration.new", &lc),
 					resource.TestCheckResourceAttr(
 						"aws_autoscaling_group.bar", "desired_capacity", "5"),
+					resource.TestCheckResourceAttr(
+						"aws_autoscaling_group.bar", "termination_policies.0", "ClosestToNextInstanceHour"),
 					testLaunchConfigurationName("aws_autoscaling_group.bar", &lc),
 					testAccCheckAutoscalingTags(&group.Tags, "Bar", map[string]interface{}{
 						"value":               "bar-foo",
@@ -359,7 +363,7 @@ resource "aws_autoscaling_group" "bar" {
   health_check_type = "ELB"
   desired_capacity = 4
   force_delete = true
-  termination_policies = ["OldestInstance"]
+  termination_policies = ["OldestInstance","ClosestToNextInstanceHour"]
 
   launch_configuration = "${aws_launch_configuration.foobar.name}"
 
@@ -391,6 +395,7 @@ resource "aws_autoscaling_group" "bar" {
   health_check_type = "ELB"
   desired_capacity = 5
   force_delete = true
+  termination_policies = ["ClosestToNextInstanceHour"]
 
   launch_configuration = "${aws_launch_configuration.new.name}"
 

From b928777cace13e4e1cc322e5688708f3a26d4e5b Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 11 Aug 2015 11:36:56 -0500
Subject: [PATCH 006/335] core: don't error on computed value during input walk

fixes #2987
---
 terraform/context_input_test.go               | 59 +++++++++++++++++++
 terraform/interpolate.go                      | 16 ++++-
 .../child/main.tf                             |  5 ++
 .../input-var-partially-computed/main.tf      |  7 +++
 4 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 terraform/test-fixtures/input-var-partially-computed/child/main.tf
 create mode 100644 terraform/test-fixtures/input-var-partially-computed/main.tf

diff --git a/terraform/context_input_test.go b/terraform/context_input_test.go
index 155f4c72fa..404ef0ffc4 100644
--- a/terraform/context_input_test.go
+++ b/terraform/context_input_test.go
@@ -510,3 +510,62 @@ aws_instance.foo:
 		t.Fatalf("expected: \n%s\ngot: \n%s\n", expectedStr, actualStr)
 	}
 }
+
+func TestContext2Input_varPartiallyComputed(t *testing.T) {
+	input := new(MockUIInput)
+	m := testModule(t, "input-var-partially-computed")
+	p := testProvider("aws")
+	p.ApplyFn = testApplyFn
+	p.DiffFn = testDiffFn
+	ctx := testContext2(t, &ContextOpts{
+		Module: m,
+		Providers: map[string]ResourceProviderFactory{
+			"aws": testProviderFuncFixed(p),
+		},
+		Variables: map[string]string{
+			"foo": "foovalue",
+		},
+		UIInput: input,
+		State: &State{
+			Modules: []*ModuleState{
+				&ModuleState{
+					Path: rootModulePath,
+					Resources: map[string]*ResourceState{
+						"aws_instance.foo": &ResourceState{
+							Type: "aws_instance",
+							Primary: &InstanceState{
+								ID: "i-abc123",
+								Attributes: map[string]string{
+									"id": "i-abc123",
+								},
+							},
+						},
+					},
+				},
+				&ModuleState{
+					Path: append(rootModulePath, "child"),
+					Resources: map[string]*ResourceState{
+						"aws_instance.mod": &ResourceState{
+							Type: "aws_instance",
+							Primary: &InstanceState{
+								ID: "i-bcd345",
+								Attributes: map[string]string{
+									"id":    "i-bcd345",
+									"value": "one,i-abc123",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	})
+
+	if err := ctx.Input(InputModeStd); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if _, err := ctx.Plan(); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
diff --git a/terraform/interpolate.go b/terraform/interpolate.go
index 6d103cd802..0197c0e422 100644
--- a/terraform/interpolate.go
+++ b/terraform/interpolate.go
@@ -370,7 +370,13 @@ MISSING:
 	// be unknown. Instead, we return that the value is computed so
 	// that the graph can continue to refresh other nodes. It doesn't
 	// matter because the config isn't interpolated anyways.
-	if i.Operation == walkRefresh || i.Operation == walkPlanDestroy {
+	//
+	// For a Destroy, we're also fine with computed values, since our goal is
+	// only to get destroy nodes for existing resources.
+	//
+	// For an input walk, computed values are okay to return because we're only
+	// looking for missing variables to prompt the user for.
+	if i.Operation == walkRefresh || i.Operation == walkPlanDestroy || i.Operation == walkInput {
 		return config.UnknownVariableValue, nil
 	}
 
@@ -446,7 +452,13 @@ func (i *Interpolater) computeResourceMultiVariable(
 		// be unknown. Instead, we return that the value is computed so
 		// that the graph can continue to refresh other nodes. It doesn't
 		// matter because the config isn't interpolated anyways.
-		if i.Operation == walkRefresh || i.Operation == walkPlanDestroy {
+		//
+		// For a Destroy, we're also fine with computed values, since our goal is
+		// only to get destroy nodes for existing resources.
+		//
+		// For an input walk, computed values are okay to return because we're only
+		// looking for missing variables to prompt the user for.
+		if i.Operation == walkRefresh || i.Operation == walkPlanDestroy || i.Operation == walkInput {
 			return config.UnknownVariableValue, nil
 		}
 
diff --git a/terraform/test-fixtures/input-var-partially-computed/child/main.tf b/terraform/test-fixtures/input-var-partially-computed/child/main.tf
new file mode 100644
index 0000000000..a11cc5e835
--- /dev/null
+++ b/terraform/test-fixtures/input-var-partially-computed/child/main.tf
@@ -0,0 +1,5 @@
+variable "in" {}
+
+resource "aws_instance" "mod" {
+  value = "${var.in}"
+}
diff --git a/terraform/test-fixtures/input-var-partially-computed/main.tf b/terraform/test-fixtures/input-var-partially-computed/main.tf
new file mode 100644
index 0000000000..ada6f0cead
--- /dev/null
+++ b/terraform/test-fixtures/input-var-partially-computed/main.tf
@@ -0,0 +1,7 @@
+resource "aws_instance" "foo" { }
+resource "aws_instance" "bar" { }
+
+module "child" {
+  source = "./child"
+  in = "one,${aws_instance.foo.id},${aws_instance.bar.id}"
+}

From a29ee391eeeba31d8607928ab419ce914f664633 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@b1-systems.de>
Date: Fri, 21 Aug 2015 18:34:22 +0200
Subject: [PATCH 007/335] [Vagrantfile] upgrade all packages while provisioning

---
 Vagrantfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Vagrantfile b/Vagrantfile
index 5b2d70bcce..061c6316ae 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -13,6 +13,7 @@ ARCH=`uname -m | sed 's|i686|386|' | sed 's|x86_64|amd64|'`
 
 # Install Prereq Packages
 sudo apt-get update
+sudo apt-get upgrade -y
 sudo apt-get install -y build-essential curl git-core libpcre3-dev mercurial pkg-config zip
 
 # Install Go

From 8411e5e5bd16b1247541d52d9781b1302cddf3c3 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@b1-systems.de>
Date: Fri, 21 Aug 2015 19:54:16 +0200
Subject: [PATCH 008/335] [Vagrantfile] set resources for the provider
 'virtualbox'

The default resources (384 MByte memory and 1 VCPU)  of the used
box are not sufficient to create binaries for testing Terraform
locally.
---
 Vagrantfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Vagrantfile b/Vagrantfile
index 5b2d70bcce..be5eefddf9 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -53,4 +53,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       v.vmx["numvcpus"] = "2"
     end
   end
+
+  config.vm.provider "virtualbox" do |v|
+    v.memory = 4096
+    v.cpus = 2
+  end
 end

From f6d69164e84a0e1efd396025f79e3743d28a0034 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@b1-systems.de>
Date: Thu, 27 Aug 2015 17:13:59 +0200
Subject: [PATCH 009/335] examples: add OpenStack configuration with networking

---
 examples/openstack-with-networking/README.md  | 63 +++++++++++++++
 examples/openstack-with-networking/main.tf    | 79 +++++++++++++++++++
 .../openstack-with-networking/openrc.sample   |  7 ++
 examples/openstack-with-networking/outputs.tf |  3 +
 .../openstack-with-networking/variables.tf    | 22 ++++++
 5 files changed, 174 insertions(+)
 create mode 100644 examples/openstack-with-networking/README.md
 create mode 100644 examples/openstack-with-networking/main.tf
 create mode 100644 examples/openstack-with-networking/openrc.sample
 create mode 100644 examples/openstack-with-networking/outputs.tf
 create mode 100644 examples/openstack-with-networking/variables.tf

diff --git a/examples/openstack-with-networking/README.md b/examples/openstack-with-networking/README.md
new file mode 100644
index 0000000000..2f9d381ca3
--- /dev/null
+++ b/examples/openstack-with-networking/README.md
@@ -0,0 +1,63 @@
+# Basic OpenStack architecture with networking
+
+This provides a template for running a simple architecture on an OpenStack
+cloud.
+
+To simplify the example, this intentionally ignores deploying and
+getting your application onto the servers. However, you could do so either via
+[provisioners](https://www.terraform.io/docs/provisioners/) and a configuration
+management tool, or by pre-baking configured images with
+[Packer](http://www.packer.io).
+
+After you run `terraform apply` on this configuration, it will output the
+floating IP address assigned to the instance. After your instance started,
+this should respond with the default nginx web page.
+
+First set the required environment variables for the OpenStack provider by
+sourcing the [credentials file](http://docs.openstack.org/cli-reference/content/cli_openrc.html).
+
+```
+source openrc
+```
+
+Afterwards run with a command like this:
+
+```
+terraform apply \
+  -var 'external_gateway=c1901f39-f76e-498a-9547-c29ba45f64df' \
+  -var 'pool=public'
+```
+
+To get a list of usable floating IP pools run this command:
+
+```
+$ nova floating-ip-pool-list
++--------+
+| name   |
++--------+
+| public |
++--------+
+```
+
+To get the UUID of the external gateway run this command:
+
+```
+$ neutron net-show FLOATING_IP_POOL
++---------------------------+--------------------------------------+
+| Field                     | Value                                |
++---------------------------+--------------------------------------+
+| admin_state_up            | True                                 |
+| id                        | c1901f39-f76e-498a-9547-c29ba45f64df |
+| mtu                       | 0                                    |
+| name                      | public                               |
+| port_security_enabled     | True                                 |
+| provider:network_type     | vxlan                                |
+| provider:physical_network |                                      |
+| provider:segmentation_id  | 1092                                 |
+| router:external           | True                                 |
+| shared                    | False                                |
+| status                    | ACTIVE                               |
+| subnets                   | 42b672ae-8d51-4a18-a028-ddae7859ec4c |
+| tenant_id                 | 1bde0a49d2ff44ffb44e6339a8cefe3a     |
++---------------------------+--------------------------------------+
+```
diff --git a/examples/openstack-with-networking/main.tf b/examples/openstack-with-networking/main.tf
new file mode 100644
index 0000000000..d579252632
--- /dev/null
+++ b/examples/openstack-with-networking/main.tf
@@ -0,0 +1,79 @@
+resource "openstack_compute_keypair_v2" "terraform" {
+  name = "terraform"
+  public_key = "${file("${var.ssh_key_file}.pub")}"
+}
+
+resource "openstack_networking_network_v2" "terraform" {
+  name = "terraform"
+  admin_state_up = "true"
+}
+
+resource "openstack_networking_subnet_v2" "terraform" {
+  name = "terraform"
+  network_id = "${openstack_networking_network_v2.terraform.id}"
+  cidr = "10.0.0.0/24"
+  ip_version = 4
+  dns_nameservers = ["8.8.8.8","8.8.4.4"]
+}
+
+resource "openstack_networking_router_v2" "terraform" {
+  name = "terraform"
+  admin_state_up = "true"
+  external_gateway = "${var.external_gateway}"
+}
+
+resource "openstack_networking_router_interface_v2" "terraform" {
+  router_id = "${openstack_networking_router_v2.terraform.id}"
+  subnet_id = "${openstack_networking_subnet_v2.terraform.id}"
+}
+
+resource "openstack_compute_secgroup_v2" "terraform" {
+  name = "terraform"
+  description = "Security group for the Terraform example instances"
+  rule {
+    from_port = 22
+    to_port = 22
+    ip_protocol = "tcp"
+    cidr = "0.0.0.0/0"
+  }
+  rule {
+    from_port = 80
+    to_port = 80
+    ip_protocol = "tcp"
+    cidr = "0.0.0.0/0"
+  }
+  rule {
+    from_port = -1
+    to_port = -1
+    ip_protocol = "icmp"
+    cidr = "0.0.0.0/0"
+  }
+}
+
+resource "openstack_compute_floatingip_v2" "terraform" {
+  pool = "${var.pool}"
+  depends_on = ["openstack_networking_router_interface_v2.terraform"]
+}
+
+resource "openstack_compute_instance_v2" "terraform" {
+  name = "terraform"
+  image_name = "${var.image}"
+  flavor_name = "${var.flavor}"
+  key_pair = "${openstack_compute_keypair_v2.terraform.name}"
+  security_groups = [ "${openstack_compute_secgroup_v2.terraform.name}" ]
+  floating_ip = "${openstack_compute_floatingip_v2.terraform.address}"
+  network {
+    uuid = "${openstack_networking_network_v2.terraform.id}"
+  }
+  provisioner "remote-exec" {
+    connection {
+      user = "${var.ssh_user_name}"
+      key_file = "${var.ssh_key_file}"
+    }
+    inline = [
+        "sudo apt-get -y update",
+        "sudo apt-get -y install nginx",
+        "sudo service nginx start"
+    ]
+  }
+}
diff --git a/examples/openstack-with-networking/openrc.sample b/examples/openstack-with-networking/openrc.sample
new file mode 100644
index 0000000000..c9a38e0a13
--- /dev/null
+++ b/examples/openstack-with-networking/openrc.sample
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+export OS_AUTH_URL=http://KEYSTONE.ENDPOINT.URL:5000/v2.0
+export OS_TENANT_NAME=YOUR_TENANT_NAME
+export OS_USERNAME=YOUR_USERNAME
+export OS_PASSWORD=YOUR_PASSWORD
+export OS_REGION_NAME=YOUR_REGION_NAME
diff --git a/examples/openstack-with-networking/outputs.tf b/examples/openstack-with-networking/outputs.tf
new file mode 100644
index 0000000000..42f923fe28
--- /dev/null
+++ b/examples/openstack-with-networking/outputs.tf
@@ -0,0 +1,3 @@
+output "address" {
+    value = "${openstack_compute_floatingip_v2.terraform.address}"
+}
diff --git a/examples/openstack-with-networking/variables.tf b/examples/openstack-with-networking/variables.tf
new file mode 100644
index 0000000000..3477cf67e9
--- /dev/null
+++ b/examples/openstack-with-networking/variables.tf
@@ -0,0 +1,22 @@
+variable "image" {
+    default = "Ubuntu 14.04"
+}
+
+variable "flavor" {
+    default = "m1.small"
+}
+
+variable "ssh_key_file" {
+    default = "~/.ssh/id_rsa.terraform"
+}
+
+variable "ssh_user_name" {
+    default = "ubuntu"
+}
+
+variable "external_gateway" {
+}
+
+variable "pool" {
+    default = "public"
+}

From 2e51915431c74d59e6cdb3fd8eccd156bdc38353 Mon Sep 17 00:00:00 2001
From: Sharif Nassar <snassar@bottlenose.com>
Date: Mon, 31 Aug 2015 15:37:09 -0700
Subject: [PATCH 010/335] Colorize the 'forces new resource' message.

Sometimes in all the output from ```terraform plan```, it is difficult
to see the ```(forces new resource)``` message.
This patch adds a little bit of color.
---
 command/format_plan.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/command/format_plan.go b/command/format_plan.go
index 66df5f8c28..daf3f60aa0 100644
--- a/command/format_plan.go
+++ b/command/format_plan.go
@@ -131,7 +131,7 @@ func formatPlanModuleExpand(
 
 			newResource := ""
 			if attrDiff.RequiresNew && rdiff.Destroy {
-				newResource = " (forces new resource)"
+				newResource = opts.Color.Color(" [red](forces new resource)")
 			}
 
 			buf.WriteString(fmt.Sprintf(

From 72e421942e3bda361362b6f349e816566d0c8ef7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcello=20Lagan=C3=A0?= <marcello.lagana@klarna.com>
Date: Tue, 1 Sep 2015 17:21:49 +0200
Subject: [PATCH 011/335] Support tags for aws_db_subnet_group

---
 .../aws/resource_aws_db_subnet_group.go       | 26 +++++++++++++++++++
 .../aws/resource_aws_db_subnet_group_test.go  |  3 +++
 .../aws/r/db_subnet_group.html.markdown       |  4 +++
 3 files changed, 33 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_db_subnet_group.go b/builtin/providers/aws/resource_aws_db_subnet_group.go
index 9c09b72d79..709809c4a3 100644
--- a/builtin/providers/aws/resource_aws_db_subnet_group.go
+++ b/builtin/providers/aws/resource_aws_db_subnet_group.go
@@ -56,12 +56,15 @@ func resourceAwsDbSubnetGroup() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Set:      schema.HashString,
 			},
+
+			"tags": tagsSchema(),
 		},
 	}
 }
 
 func resourceAwsDbSubnetGroupCreate(d *schema.ResourceData, meta interface{}) error {
 	rdsconn := meta.(*AWSClient).rdsconn
+	tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
 
 	subnetIdsSet := d.Get("subnet_ids").(*schema.Set)
 	subnetIds := make([]*string, subnetIdsSet.Len())
@@ -73,6 +76,7 @@ func resourceAwsDbSubnetGroupCreate(d *schema.ResourceData, meta interface{}) er
 		DBSubnetGroupName:        aws.String(d.Get("name").(string)),
 		DBSubnetGroupDescription: aws.String(d.Get("description").(string)),
 		SubnetIds:                subnetIds,
+		Tags:                     tags,
 	}
 
 	log.Printf("[DEBUG] Create DB Subnet Group: %#v", createOpts)
@@ -130,6 +134,28 @@ func resourceAwsDbSubnetGroupRead(d *schema.ResourceData, meta interface{}) erro
 	}
 	d.Set("subnet_ids", subnets)
 
+	// list tags for resource
+	// set tags
+	conn := meta.(*AWSClient).rdsconn
+	arn, err := buildRDSARN(d, meta)
+	if err != nil {
+		log.Printf("[DEBUG] Error building ARN for DB Subnet Group, not setting Tags for group %s", subnetGroup.DBSubnetGroupName)
+	} else {
+		resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
+			ResourceName: aws.String(arn),
+		})
+
+		if err != nil {
+			log.Printf("[DEBUG] Error retreiving tags for ARN: %s", arn)
+		}
+
+		var dt []*rds.Tag
+		if len(resp.TagList) > 0 {
+			dt = resp.TagList
+		}
+		d.Set("tags", tagsToMapRDS(dt))
+	}
+
 	return nil
 }
 
diff --git a/builtin/providers/aws/resource_aws_db_subnet_group_test.go b/builtin/providers/aws/resource_aws_db_subnet_group_test.go
index cbf1f84978..e189b1e217 100644
--- a/builtin/providers/aws/resource_aws_db_subnet_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_subnet_group_test.go
@@ -150,6 +150,9 @@ resource "aws_db_subnet_group" "foo" {
 	name = "FOO"
 	description = "foo description"
 	subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
+	tags {
+		Name = "tf-dbsubnet-group-test"
+	}
 }
 `
 
diff --git a/website/source/docs/providers/aws/r/db_subnet_group.html.markdown b/website/source/docs/providers/aws/r/db_subnet_group.html.markdown
index 2937b54e72..e3dcd18ed9 100644
--- a/website/source/docs/providers/aws/r/db_subnet_group.html.markdown
+++ b/website/source/docs/providers/aws/r/db_subnet_group.html.markdown
@@ -17,6 +17,9 @@ resource "aws_db_subnet_group" "default" {
     name = "main"
     description = "Our main group of subnets"
     subnet_ids = ["${aws_subnet.frontend.id}", "${aws_subnet.backend.id}"]
+    tags {
+        Name = "My DB subnet group"
+    }
 }
 ```
 
@@ -27,6 +30,7 @@ The following arguments are supported:
 * `name` - (Required) The name of the DB subnet group.
 * `description` - (Required) The description of the DB subnet group.
 * `subnet_ids` - (Required) A list of VPC subnet IDs.
+* `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference
 

From d9c4afce216cad4e9c1a89a11c8ae01deab597b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcello=20Lagan=C3=A0?= <marcello.lagana@klarna.com>
Date: Tue, 1 Sep 2015 17:38:51 +0200
Subject: [PATCH 012/335] Modify tags on update and fix tests

---
 builtin/providers/aws/resource_aws_db_subnet_group.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_db_subnet_group.go b/builtin/providers/aws/resource_aws_db_subnet_group.go
index 709809c4a3..3de717e66c 100644
--- a/builtin/providers/aws/resource_aws_db_subnet_group.go
+++ b/builtin/providers/aws/resource_aws_db_subnet_group.go
@@ -139,7 +139,7 @@ func resourceAwsDbSubnetGroupRead(d *schema.ResourceData, meta interface{}) erro
 	conn := meta.(*AWSClient).rdsconn
 	arn, err := buildRDSARN(d, meta)
 	if err != nil {
-		log.Printf("[DEBUG] Error building ARN for DB Subnet Group, not setting Tags for group %s", subnetGroup.DBSubnetGroupName)
+		log.Printf("[DEBUG] Error building ARN for DB Subnet Group, not setting Tags for group %s", *subnetGroup.DBSubnetGroupName)
 	} else {
 		resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
 			ResourceName: aws.String(arn),
@@ -182,6 +182,15 @@ func resourceAwsDbSubnetGroupUpdate(d *schema.ResourceData, meta interface{}) er
 			return err
 		}
 	}
+
+	if arn, err := buildRDSARN(d, meta); err == nil {
+		if err := setTagsRDS(conn, d, arn); err != nil {
+			return err
+		} else {
+			d.SetPartial("tags")
+		}
+	}
+
 	return resourceAwsDbSubnetGroupRead(d, meta)
 }
 

From 98808cb9b8f7f1126aebe9d1e1da715ec3ef1224 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcello=20Lagan=C3=A0?= <marcello.lagana@klarna.com>
Date: Wed, 2 Sep 2015 09:24:34 +0200
Subject: [PATCH 013/335] Build RDS subgrp ARN

---
 .../aws/resource_aws_db_subnet_group.go       | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_db_subnet_group.go b/builtin/providers/aws/resource_aws_db_subnet_group.go
index 3de717e66c..e6b17ea1fe 100644
--- a/builtin/providers/aws/resource_aws_db_subnet_group.go
+++ b/builtin/providers/aws/resource_aws_db_subnet_group.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/aws/aws-sdk-go/service/rds"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -137,7 +138,7 @@ func resourceAwsDbSubnetGroupRead(d *schema.ResourceData, meta interface{}) erro
 	// list tags for resource
 	// set tags
 	conn := meta.(*AWSClient).rdsconn
-	arn, err := buildRDSARN(d, meta)
+	arn, err := buildRDSsubgrpARN(d, meta)
 	if err != nil {
 		log.Printf("[DEBUG] Error building ARN for DB Subnet Group, not setting Tags for group %s", *subnetGroup.DBSubnetGroupName)
 	} else {
@@ -183,7 +184,7 @@ func resourceAwsDbSubnetGroupUpdate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
-	if arn, err := buildRDSARN(d, meta); err == nil {
+	if arn, err := buildRDSsubgrpARN(d, meta); err == nil {
 		if err := setTagsRDS(conn, d, arn); err != nil {
 			return err
 		} else {
@@ -231,3 +232,17 @@ func resourceAwsDbSubnetGroupDeleteRefreshFunc(
 		return d, "destroyed", nil
 	}
 }
+
+func buildRDSsubgrpARN(d *schema.ResourceData, meta interface{}) (string, error) {
+	iamconn := meta.(*AWSClient).iamconn
+	region := meta.(*AWSClient).region
+	// An zero value GetUserInput{} defers to the currently logged in user
+	resp, err := iamconn.GetUser(&iam.GetUserInput{})
+	if err != nil {
+		return "", err
+	}
+	userARN := *resp.User.Arn
+	accountID := strings.Split(userARN, ":")[4]
+	arn := fmt.Sprintf("arn:aws:rds:%s:%s:subgrp:%s", region, accountID, d.Id())
+	return arn, nil
+}

From 5001bb078e06566d2f9e7dd438aaafa103a6c8d7 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 2 Sep 2015 14:44:12 +0100
Subject: [PATCH 014/335] provider/aws: Add new resource -
 aws_iam_saml_provider

---
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_iam_saml_provider.go     | 101 ++++++++++++++++++
 2 files changed, 102 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_iam_saml_provider.go

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index a5029b400a..9a00edffc3 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -187,6 +187,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_iam_policy_attachment":        resourceAwsIamPolicyAttachment(),
 			"aws_iam_role_policy":              resourceAwsIamRolePolicy(),
 			"aws_iam_role":                     resourceAwsIamRole(),
+			"aws_iam_saml_provider":            resourceAwsIamSamlProvider(),
 			"aws_iam_server_certificate":       resourceAwsIAMServerCertificate(),
 			"aws_iam_user_policy":              resourceAwsIamUserPolicy(),
 			"aws_iam_user":                     resourceAwsIamUser(),
diff --git a/builtin/providers/aws/resource_aws_iam_saml_provider.go b/builtin/providers/aws/resource_aws_iam_saml_provider.go
new file mode 100644
index 0000000000..6a166d711e
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_iam_saml_provider.go
@@ -0,0 +1,101 @@
+package aws
+
+import (
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsIamSamlProvider() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsIamSamlProviderCreate,
+		Read:   resourceAwsIamSamlProviderRead,
+		Update: resourceAwsIamSamlProviderUpdate,
+		Delete: resourceAwsIamSamlProviderDelete,
+
+		Schema: map[string]*schema.Schema{
+			"arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"valid_until": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"saml_metadata_document": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func resourceAwsIamSamlProviderCreate(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	input := &iam.CreateSAMLProviderInput{
+		Name:                 aws.String(d.Get("name").(string)),
+		SAMLMetadataDocument: aws.String(d.Get("saml_metadata_document").(string)),
+	}
+
+	out, err := iamconn.CreateSAMLProvider(input)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(*out.SAMLProviderArn)
+
+	return resourceAwsIamSamlProviderRead(d, meta)
+}
+
+func resourceAwsIamSamlProviderRead(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	input := &iam.GetSAMLProviderInput{
+		SAMLProviderArn: aws.String(d.Id()),
+	}
+	out, err := iamconn.GetSAMLProvider(input)
+	if err != nil {
+		return err
+	}
+
+	validUntil := out.ValidUntil.Format(time.RFC1123)
+	d.Set("valid_until", validUntil)
+	d.Set("saml_metadata_document", *out.SAMLMetadataDocument)
+
+	return nil
+}
+
+func resourceAwsIamSamlProviderUpdate(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	input := &iam.UpdateSAMLProviderInput{
+		SAMLProviderArn:      aws.String(d.Id()),
+		SAMLMetadataDocument: aws.String(d.Get("saml_metadata_document").(string)),
+	}
+	_, err := iamconn.UpdateSAMLProvider(input)
+	if err != nil {
+		return err
+	}
+
+	return resourceAwsIamSamlProviderRead(d, meta)
+}
+
+func resourceAwsIamSamlProviderDelete(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	input := &iam.DeleteSAMLProviderInput{
+		SAMLProviderArn: aws.String(d.Id()),
+	}
+	_, err := iamconn.DeleteSAMLProvider(input)
+
+	return err
+}

From ac762e5503b1c0661329efec543614a3a0fe34a3 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 2 Sep 2015 20:01:36 +0100
Subject: [PATCH 015/335] provider/aws: Add docs for aws_iam_saml_provider

---
 .../aws/r/iam_saml_provider.html.markdown     | 34 +++++++++++++++++++
 website/source/layouts/aws.erb                |  4 +++
 2 files changed, 38 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/iam_saml_provider.html.markdown

diff --git a/website/source/docs/providers/aws/r/iam_saml_provider.html.markdown b/website/source/docs/providers/aws/r/iam_saml_provider.html.markdown
new file mode 100644
index 0000000000..adba6d350d
--- /dev/null
+++ b/website/source/docs/providers/aws/r/iam_saml_provider.html.markdown
@@ -0,0 +1,34 @@
+---
+layout: "aws"
+page_title: "AWS: aws_saml_provider"
+sidebar_current: "docs-aws-resource-iam-saml-provider"
+description: |-
+  Provides an IAM SAML provider.
+---
+
+# aws\_iam\_saml\_provider
+
+Provides an IAM SAML provider.
+
+## Example Usage
+
+```
+resource "aws_saml_provider" "default" {
+    name = "myprovider"
+    saml_metadata_document = "${file("saml-metadata.xml")}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the provider to create.
+* `saml_metadata_document` - (Required) An XML document generated by an identity provider that supports SAML 2.0.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `arn` - The ARN assigned by AWS for this provider.
+* `valid_until` - The expiration date and time for the SAML provider in RFC1123 format, e.g. `Mon, 02 Jan 2006 15:04:05 MST`.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 2bbff22f4b..e07992b842 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -179,6 +179,10 @@
                             <a href="/docs/providers/aws/r/iam_role_policy.html">aws_iam_role_policy</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-iam-saml-provider") %>>
+                            <a href="/docs/providers/aws/r/iam_saml_provider.html">aws_iam_saml_provider</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-iam-server-certificate") %>>
                             <a href="/docs/providers/aws/r/iam_server_certificate.html">aws_iam_server_certificate</a>
                         </li>

From 5d215c42db6aef7b7cf86bc3dee37c41fa8327a1 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 2 Sep 2015 20:02:00 +0100
Subject: [PATCH 016/335] provider/aws: Add acceptance test for
 aws_iam_saml_provider

---
 .../resource_aws_iam_saml_provider_test.go    | 79 +++++++++++++++++++
 .../test-fixtures/saml-metadata-modified.xml  | 14 ++++
 .../aws/test-fixtures/saml-metadata.xml       | 14 ++++
 3 files changed, 107 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_iam_saml_provider_test.go
 create mode 100644 builtin/providers/aws/test-fixtures/saml-metadata-modified.xml
 create mode 100644 builtin/providers/aws/test-fixtures/saml-metadata.xml

diff --git a/builtin/providers/aws/resource_aws_iam_saml_provider_test.go b/builtin/providers/aws/resource_aws_iam_saml_provider_test.go
new file mode 100644
index 0000000000..63ed395883
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_iam_saml_provider_test.go
@@ -0,0 +1,79 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSIAMSamlProvider_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMSamlProviderDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccIAMSamlProviderConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIAMSamlProvider("aws_iam_saml_provider.salesforce"),
+				),
+			},
+			resource.TestStep{
+				Config: testAccIAMSamlProviderConfigUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIAMSamlProvider("aws_iam_saml_provider.salesforce"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIAMSamlProviderDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+func testAccCheckIAMSamlProvider(id string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[id]
+		if !ok {
+			return fmt.Errorf("Not Found: %s", id)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
+		_, err := iamconn.GetSAMLProvider(&iam.GetSAMLProviderInput{
+			SAMLProviderArn: aws.String(rs.Primary.ID),
+		})
+
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
+const testAccIAMSamlProviderConfig = `
+resource "aws_iam_saml_provider" "salesforce" {
+    name = "tf-salesforce-test"
+    saml_metadata_document = "${file("./test-fixtures/saml-metadata.xml")}"
+}
+`
+
+const testAccIAMSamlProviderConfigUpdate = `
+resource "aws_iam_saml_provider" "salesforce" {
+    name = "tf-salesforce-test"
+    saml_metadata_document = "${file("./test-fixtures/saml-metadata-modified.xml")}"
+}
+`
diff --git a/builtin/providers/aws/test-fixtures/saml-metadata-modified.xml b/builtin/providers/aws/test-fixtures/saml-metadata-modified.xml
new file mode 100644
index 0000000000..aaca7afc0b
--- /dev/null
+++ b/builtin/providers/aws/test-fixtures/saml-metadata-modified.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://terraform2-dev-ed.my.salesforce.com" validUntil="2025-09-02T18:27:19.710Z">
+   <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+      <md:KeyDescriptor use="signing">
+         <ds:KeyInfo>
+            <ds:X509Data>
+               <ds:X509Certificate>MIIErDCCA5SgAwIBAgIOAU+PT8RBAAAAAHxJXEcwDQYJKoZIhvcNAQELBQAwgZAxKDAmBgNVBAMMH1NlbGZTaWduZWRDZXJ0XzAyU2VwMjAxNV8xODI2NTMxGDAWBgNVBAsMDzAwRDI0MDAwMDAwcEFvQTEXMBUGA1UECgwOU2FsZXNmb3JjZS5jb20xFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xCzAJBgNVBAgMAkNBMQwwCgYDVQQGEwNVU0EwHhcNMTUwOTAyMTgyNjUzWhcNMTcwOTAyMTIwMDAwWjCBkDEoMCYGA1UEAwwfU2VsZlNpZ25lZENlcnRfMDJTZXAyMDE1XzE4MjY1MzEYMBYGA1UECwwPMDBEMjQwMDAwMDBwQW9BMRcwFQYDVQQKDA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzELMAkGA1UECAwCQ0ExDDAKBgNVBAYTA1VTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJp/wTRr9n1IWJpkRTjNpep47OKJrD2E6rGbJ18TG2RxtIz+zCn2JwH2aP3TULh0r0hhcg/pecv51RRcG7O19DBBaTQ5+KuoICQyKZy07/yDXSiZontTwkEYs06ssTwTHUcRXbcwTKv16L7omt0MjIhTTGfvtLOYiPwyvKvzAHg4eNuAcli0duVM78UIBORtdmy9C9ZcMh8yRJo5aPBq85wsE3JXU58ytyZzCHTBLH+2xFQrjYnUSEW+FOEEpI7o33MVdFBvWWg1R17HkWzcve4C30lqOHqvxBzyESZ/N1mMlmSt8gPFyB+mUXY99StJDJpnytbY8DwSzMQUo/sOVB0CAwEAAaOCAQAwgf0wHQYDVR0OBBYEFByu1EQqRQS0bYQBKS9K5qwKi+6IMA8GA1UdEwEB/wQFMAMBAf8wgcoGA1UdIwSBwjCBv4AUHK7URCpFBLRthAEpL0rmrAqL7oihgZakgZMwgZAxKDAmBgNVBAMMH1NlbGZTaWduZWRDZXJ0XzAyU2VwMjAxNV8xODI2NTMxGDAWBgNVBAsMDzAwRDI0MDAwMDAwcEFvQTEXMBUGA1UECgwOU2FsZXNmb3JjZS5jb20xFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xCzAJBgNVBAgMAkNBMQwwCgYDVQQGEwNVU0GCDgFPj0/EQQAAAAB8SVxHMA0GCSqGSIb3DQEBCwUAA4IBAQA9O5o1tC71qJnkq+ABPo4A1aFKZVT/07GcBX4/wetcbYySL4Q2nR9pMgfPYYS1j+P2E3viPsQwPIWDUBwFkNsjjX5DSGEkLAioVGKRwJshRSCSynMcsVZbQkfBUiZXqhM0wzvoa/ALvGD+aSSb1m+x7lEpDYNwQKWaUW2VYcHWv9wjujMyy7dlj8E/jqM71mw7ThNl6k4+3RQ802dMa14txm8pkF0vZgfpV3tkqhBqtjBAicVCaveqr3r3iGqjvyilBgdY+0NR8szqzm7CD/Bkb22+/IgM/mXQuL9KHD/WADlSGmYKmG3SSahmcZxznYCnzcRNN9LVuXlz5cbljmBj</ds:X509Certificate>
+            </ds:X509Data>
+         </ds:KeyInfo>
+      </md:KeyDescriptor>
+      <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://terraform2-dev-ed.my.salesforce.com/idp/endpoint/HttpPost"/>
+      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://terraform2-dev-ed.my.salesforce.com/idp/endpoint/HttpRedirect"/>
+   </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/builtin/providers/aws/test-fixtures/saml-metadata.xml b/builtin/providers/aws/test-fixtures/saml-metadata.xml
new file mode 100644
index 0000000000..69e353b770
--- /dev/null
+++ b/builtin/providers/aws/test-fixtures/saml-metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://terraform-dev-ed.my.salesforce.com" validUntil="2025-09-02T18:27:19.710Z">
+   <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+      <md:KeyDescriptor use="signing">
+         <ds:KeyInfo>
+            <ds:X509Data>
+               <ds:X509Certificate>MIIErDCCA5SgAwIBAgIOAU+PT8RBAAAAAHxJXEcwDQYJKoZIhvcNAQELBQAwgZAxKDAmBgNVBAMMH1NlbGZTaWduZWRDZXJ0XzAyU2VwMjAxNV8xODI2NTMxGDAWBgNVBAsMDzAwRDI0MDAwMDAwcEFvQTEXMBUGA1UECgwOU2FsZXNmb3JjZS5jb20xFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xCzAJBgNVBAgMAkNBMQwwCgYDVQQGEwNVU0EwHhcNMTUwOTAyMTgyNjUzWhcNMTcwOTAyMTIwMDAwWjCBkDEoMCYGA1UEAwwfU2VsZlNpZ25lZENlcnRfMDJTZXAyMDE1XzE4MjY1MzEYMBYGA1UECwwPMDBEMjQwMDAwMDBwQW9BMRcwFQYDVQQKDA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzELMAkGA1UECAwCQ0ExDDAKBgNVBAYTA1VTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJp/wTRr9n1IWJpkRTjNpep47OKJrD2E6rGbJ18TG2RxtIz+zCn2JwH2aP3TULh0r0hhcg/pecv51RRcG7O19DBBaTQ5+KuoICQyKZy07/yDXSiZontTwkEYs06ssTwTHUcRXbcwTKv16L7omt0MjIhTTGfvtLOYiPwyvKvzAHg4eNuAcli0duVM78UIBORtdmy9C9ZcMh8yRJo5aPBq85wsE3JXU58ytyZzCHTBLH+2xFQrjYnUSEW+FOEEpI7o33MVdFBvWWg1R17HkWzcve4C30lqOHqvxBzyESZ/N1mMlmSt8gPFyB+mUXY99StJDJpnytbY8DwSzMQUo/sOVB0CAwEAAaOCAQAwgf0wHQYDVR0OBBYEFByu1EQqRQS0bYQBKS9K5qwKi+6IMA8GA1UdEwEB/wQFMAMBAf8wgcoGA1UdIwSBwjCBv4AUHK7URCpFBLRthAEpL0rmrAqL7oihgZakgZMwgZAxKDAmBgNVBAMMH1NlbGZTaWduZWRDZXJ0XzAyU2VwMjAxNV8xODI2NTMxGDAWBgNVBAsMDzAwRDI0MDAwMDAwcEFvQTEXMBUGA1UECgwOU2FsZXNmb3JjZS5jb20xFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xCzAJBgNVBAgMAkNBMQwwCgYDVQQGEwNVU0GCDgFPj0/EQQAAAAB8SVxHMA0GCSqGSIb3DQEBCwUAA4IBAQA9O5o1tC71qJnkq+ABPo4A1aFKZVT/07GcBX4/wetcbYySL4Q2nR9pMgfPYYS1j+P2E3viPsQwPIWDUBwFkNsjjX5DSGEkLAioVGKRwJshRSCSynMcsVZbQkfBUiZXqhM0wzvoa/ALvGD+aSSb1m+x7lEpDYNwQKWaUW2VYcHWv9wjujMyy7dlj8E/jqM71mw7ThNl6k4+3RQ802dMa14txm8pkF0vZgfpV3tkqhBqtjBAicVCaveqr3r3iGqjvyilBgdY+0NR8szqzm7CD/Bkb22+/IgM/mXQuL9KHD/WADlSGmYKmG3SSahmcZxznYCnzcRNN9LVuXlz5cbljmBj</ds:X509Certificate>
+            </ds:X509Data>
+         </ds:KeyInfo>
+      </md:KeyDescriptor>
+      <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://terraform-dev-ed.my.salesforce.com/idp/endpoint/HttpPost"/>
+      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://terraform-dev-ed.my.salesforce.com/idp/endpoint/HttpRedirect"/>
+   </md:IDPSSODescriptor>
+</md:EntityDescriptor>

From b06f0bbf4aa4d2e09b5715adf4fb6a455735a807 Mon Sep 17 00:00:00 2001
From: Joshua Semar <jsemar@underarmour.com>
Date: Thu, 3 Sep 2015 10:33:59 -0500
Subject: [PATCH 017/335] fix documentation

---
 .../aws/r/launch_configuration.html.markdown      | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/website/source/docs/providers/aws/r/launch_configuration.html.markdown b/website/source/docs/providers/aws/r/launch_configuration.html.markdown
index ea96503dc0..85d45bcb03 100644
--- a/website/source/docs/providers/aws/r/launch_configuration.html.markdown
+++ b/website/source/docs/providers/aws/r/launch_configuration.html.markdown
@@ -23,10 +23,10 @@ resource "aws_launch_configuration" "as_conf" {
 ## Using with AutoScaling Groups
 
 Launch Configurations cannot be updated after creation with the Amazon
-Web Service API. In order to update a Launch Configuration, Terraform will 
-destroy the existing resource and create a replacement. If order to effectively 
-use a Launch Configuration resource with an[AutoScaling Group resource][1], 
-it's recommend to omit the Launch Configuration `name` attribute, and 
+Web Service API. In order to update a Launch Configuration, Terraform will
+destroy the existing resource and create a replacement. If order to effectively
+use a Launch Configuration resource with an[AutoScaling Group resource][1],
+it's recommend to omit the Launch Configuration `name` attribute, and
 specify `create_before_destroy` in a [lifecycle][2] block, as shown:
 
 ```
@@ -69,7 +69,12 @@ The following arguments are supported:
 * `user_data` - (Optional) The user data to provide when launching the instance.
 * `enable_monitoring` - (Optional) Enables/disables detailed monitoring. This is enabled by default.
 * `ebs_optimized` - (Optional) If true, the launched EC2 instance will be EBS-optimized.
-* `block_device_mapping` - (Optional) A list of block devices to add. Their keys are documented below.
+* `root_block_device` - (Optional) Customize details about the root block
+  device of the instance. See [Block Devices](#block-devices) below for details.
+* `ebs_block_device` - (Optional) Additional EBS block devices to attach to the
+  instance.  See [Block Devices](#block-devices) below for details.
+* `ephemeral_block_device` - (Optional) Customize Ephemeral (also known as
+  "Instance Store") volumes on the instance. See [Block Devices](#block-devices) below for details.
 
 <a id="block-devices"></a>
 ## Block devices

From 10c96afa9b3daade66d1911b1c8575f35c8aa786 Mon Sep 17 00:00:00 2001
From: Mike Fiedler <miketheman@gmail.com>
Date: Tue, 8 Sep 2015 09:10:54 -0400
Subject: [PATCH 018/335] Update aws_db_instance `db_subnet_group_name`

When launching a new RDS instance in a VPC-default AWS account, trying to control which VPC the new RDS instance lands in is not apparent from the parameters available.
The following works:
```
resource "aws_db_subnet_group" "foo" {
  name = "foo"
  description = "DB Subnet for foo"
  subnet_ids = ["${aws_subnet.foo_1a.id}", "${aws_subnet.foo_1b.id}"]
}

resource "aws_db_instance" "bar" {
...
  db_subnet_group_name   = "${aws_db_subnet_group.foo.name}"
...
}
```

Hopefully this doc update will help others
---
 website/source/docs/providers/aws/r/db_instance.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/db_instance.html.markdown b/website/source/docs/providers/aws/r/db_instance.html.markdown
index c2f0063f4c..adf2dafe6b 100644
--- a/website/source/docs/providers/aws/r/db_instance.html.markdown
+++ b/website/source/docs/providers/aws/r/db_instance.html.markdown
@@ -65,7 +65,7 @@ The following arguments are supported:
 * `vpc_security_group_ids` - (Optional) List of VPC security groups to associate.
 * `security_group_names` - (Optional/Deprecated) List of DB Security Groups to associate.
     Only used for [DB Instances on the _EC2-Classic_ Platform](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html#USER_VPC.FindDefaultVPC).
-* `db_subnet_group_name` - (Optional) Name of DB subnet group
+* `db_subnet_group_name` - (Optional) Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the `default` VPC, or in EC2 Classic, if available.
 * `parameter_group_name` - (Optional) Name of the DB parameter group to associate.
 * `storage_encrypted` - (Optional) Specifies whether the DB instance is encrypted. The default is `false` if not specified.
 * `apply_immediately` - (Optional) Specifies whether any database modifications

From 506aae2f285ea216ec6f93a5b7b441b8b091981b Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 8 Sep 2015 13:15:30 -0500
Subject: [PATCH 019/335] provider/aws: configurable capacity waiting duration

move wait for capacity timeout from a constant to a configurable
---
 .../aws/resource_aws_autoscaling_group.go     | 36 ++++++++++++++++---
 .../aws/r/autoscaling_group.html.markdown     | 23 ++++++++----
 2 files changed, 48 insertions(+), 11 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_autoscaling_group.go b/builtin/providers/aws/resource_aws_autoscaling_group.go
index 771bda2e3a..b96d6885a7 100644
--- a/builtin/providers/aws/resource_aws_autoscaling_group.go
+++ b/builtin/providers/aws/resource_aws_autoscaling_group.go
@@ -120,6 +120,25 @@ func resourceAwsAutoscalingGroup() *schema.Resource {
 				Set:      schema.HashString,
 			},
 
+			"wait_for_capacity_timeout": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "10m",
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					duration, err := time.ParseDuration(value)
+					if err != nil {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be parsed as a duration: %s", k, err))
+					}
+					if duration < 0 {
+						errors = append(errors, fmt.Errorf(
+							"%q must be greater than zero", k))
+					}
+					return
+				},
+			},
+
 			"tag": autoscalingTagsSchema(),
 		},
 	}
@@ -445,8 +464,6 @@ func resourceAwsAutoscalingGroupDrain(d *schema.ResourceData, meta interface{})
 	})
 }
 
-var waitForASGCapacityTimeout = 10 * time.Minute
-
 // Waits for a minimum number of healthy instances to show up as healthy in the
 // ASG before continuing. Waits up to `waitForASGCapacityTimeout` for
 // "desired_capacity", or "min_size" if desired capacity is not specified.
@@ -461,9 +478,20 @@ func waitForASGCapacity(d *schema.ResourceData, meta interface{}) error {
 	}
 	wantELB := d.Get("min_elb_capacity").(int)
 
-	log.Printf("[DEBUG] Waiting for capacity: %d ASG, %d ELB", wantASG, wantELB)
+	wait, err := time.ParseDuration(d.Get("wait_for_capacity_timeout").(string))
+	if err != nil {
+		return err
+	}
 
-	return resource.Retry(waitForASGCapacityTimeout, func() error {
+	if wait == 0 {
+		log.Printf("[DEBUG] Capacity timeout set to 0, skipping capacity waiting.")
+		return nil
+	}
+
+	log.Printf("[DEBUG] Waiting %s for capacity: %d ASG, %d ELB",
+		wait, wantASG, wantELB)
+
+	return resource.Retry(wait, func() error {
 		g, err := getAwsAutoscalingGroup(d, meta)
 		if err != nil {
 			return resource.RetryError{Err: err}
diff --git a/website/source/docs/providers/aws/r/autoscaling_group.html.markdown b/website/source/docs/providers/aws/r/autoscaling_group.html.markdown
index 022b1cf715..caf272c946 100644
--- a/website/source/docs/providers/aws/r/autoscaling_group.html.markdown
+++ b/website/source/docs/providers/aws/r/autoscaling_group.html.markdown
@@ -63,6 +63,11 @@ The following arguments are supported:
 * `vpc_zone_identifier` (Optional) A list of subnet IDs to launch resources in.
 * `termination_policies` (Optional) A list of policies to decide how the instances in the auto scale group should be terminated.
 * `tag` (Optional) A list of tag blocks. Tags documented below.
+* `wait_for_capacity_timeout` (Default: "10m") A maximum
+  [duration](https://golang.org/pkg/time/#ParseDuration) that Terraform should
+  wait for ASG instances to be healthy before timing out.  (See also [Waiting
+  for Capacity](#waiting-for-capacity) below.) Setting this to "0" causes
+  Terraform to skip all Capacity Waiting behavior.
 
 Tags support the following:
 
@@ -110,9 +115,12 @@ Terraform considers an instance "healthy" when the ASG reports `HealthStatus:
 Docs](https://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AutoScalingGroupLifecycle.html)
 for more information on an ASG's lifecycle.
 
-Terraform will wait for healthy instances for up to 10 minutes. If ASG creation
-is taking more than a few minutes, it's worth investigating for scaling activity
-errors, which can be caused by problems with the selected Launch Configuration.
+Terraform will wait for healthy instances for up to
+`wait_for_capacity_timeout`. If ASG creation is taking more than a few minutes,
+it's worth investigating for scaling activity errors, which can be caused by
+problems with the selected Launch Configuration.
+
+Setting `wait_for_capacity_timeout` to `"0"` disables ASG Capacity waiting.
 
 #### Waiting for ELB Capacity
 
@@ -121,8 +129,9 @@ Balancers. If `min_elb_capacity` is set, Terraform will wait for that number of
 Instances to be `"InService"` in all attached `load_balancers`. This can be
 used to ensure that service is being provided before Terraform moves on.
 
-As with ASG Capacity, Terraform will wait for up to 10 minutes for
-`"InService"` instances. If ASG creation takes more than a few minutes, this
-could indicate one of a number of configuration problems. See the [AWS Docs on
-Load Balancer Troubleshooting](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-troubleshooting.html)
+As with ASG Capacity, Terraform will wait for up to `wait_for_capacity_timeout`
+(for `"InService"` instances. If ASG creation takes more than a few minutes,
+this could indicate one of a number of configuration problems. See the [AWS
+Docs on Load Balancer
+Troubleshooting](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-troubleshooting.html)
 for more information.

From 03f94d66aef7fde266ad8e2f831c373ea37b99ad Mon Sep 17 00:00:00 2001
From: zpatrick <zack.patrick@us.imshealth.com>
Date: Wed, 9 Sep 2015 21:13:36 +0000
Subject: [PATCH 020/335] adding content field to s3_bucket_object

---
 .../aws/resource_aws_s3_bucket_object.go      | 31 ++++++++++++---
 .../aws/resource_aws_s3_bucket_object_test.go | 39 +++++++++++++++++--
 2 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 9d46952d07..8a2e8370b0 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"io"
+        "bytes"
 
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -34,10 +36,18 @@ func resourceAwsS3BucketObject() *schema.Resource {
 
 			"source": &schema.Schema{
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
+				ConflictsWith: []string{"content"},
 			},
 
+                        "content": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                ForceNew: true,
+				ConflictsWith: []string{"source"},
+                        },
+
 			"etag": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
@@ -51,19 +61,28 @@ func resourceAwsS3BucketObjectPut(d *schema.ResourceData, meta interface{}) erro
 
 	bucket := d.Get("bucket").(string)
 	key := d.Get("key").(string)
-	source := d.Get("source").(string)
+	var body io.ReadSeeker
 
-	file, err := os.Open(source)
+	if v, ok := d.GetOk("source"); ok {
+		source := v.(string)
+		file, err := os.Open(source)
+		if err != nil {
+			return fmt.Errorf("Error opening S3 bucket object source (%s): %s", source, err)
+		}
 
-	if err != nil {
-		return fmt.Errorf("Error opening S3 bucket object source (%s): %s", source, err)
+		body = file
+	} else if v, ok := d.GetOk("content"); ok {
+		content := v.(string)
+		body = bytes.NewReader([]byte(content))
+	} else {
+		return fmt.Errorf("Must specify \"source\" or \"content\" field")
 	}
 
 	resp, err := s3conn.PutObject(
 		&s3.PutObjectInput{
 			Bucket: aws.String(bucket),
 			Key:    aws.String(key),
-			Body:   file,
+			Body:   body,
 		})
 
 	if err != nil {
diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object_test.go b/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
index 4f947736ae..6311dd7c32 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
@@ -15,7 +15,7 @@ import (
 
 var tf, err = ioutil.TempFile("", "tf")
 
-func TestAccAWSS3BucketObject_basic(t *testing.T) {
+func TestAccAWSS3BucketObject_source(t *testing.T) {
 	// first write some data to the tempfile just so it's not 0 bytes.
 	ioutil.WriteFile(tf.Name(), []byte("{anything will do }"), 0644)
 	resource.Test(t, resource.TestCase{
@@ -29,7 +29,26 @@ func TestAccAWSS3BucketObject_basic(t *testing.T) {
 		CheckDestroy: testAccCheckAWSS3BucketObjectDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccAWSS3BucketObjectConfig,
+				Config: testAccAWSS3BucketObjectConfigSource,
+				Check:  testAccCheckAWSS3BucketObjectExists("aws_s3_bucket_object.object"),
+			},
+		},
+	})
+}
+
+func TestAccAWSS3BucketObject_content(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if err != nil {
+				panic(err)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSS3BucketObjectDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSS3BucketObjectConfigContent,
 				Check:  testAccCheckAWSS3BucketObjectExists("aws_s3_bucket_object.object"),
 			},
 		},
@@ -86,7 +105,7 @@ func testAccCheckAWSS3BucketObjectExists(n string) resource.TestCheckFunc {
 }
 
 var randomBucket = randInt
-var testAccAWSS3BucketObjectConfig = fmt.Sprintf(`
+var testAccAWSS3BucketObjectConfigSource = fmt.Sprintf(`
 resource "aws_s3_bucket" "object_bucket" {
 	bucket = "tf-object-test-bucket-%d"
 }
@@ -97,3 +116,17 @@ resource "aws_s3_bucket_object" "object" {
 	source = "%s"
 }
 `, randomBucket, tf.Name())
+
+
+var testAccAWSS3BucketObjectConfigContent = fmt.Sprintf(`
+resource "aws_s3_bucket" "object_bucket" {
+        bucket = "tf-object-test-bucket-%d"
+}
+
+resource "aws_s3_bucket_object" "object" {
+        bucket = "${aws_s3_bucket.object_bucket.bucket}"
+        key = "test-key"
+        content = "some_bucket_content"
+}
+`, randomBucket)
+

From 141c419cc70827ecc97211889913f6cdd1b59cb3 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 9 Sep 2015 23:17:57 -0700
Subject: [PATCH 021/335] Docs for aws_s3_bucket content argument.

---
 .../docs/providers/aws/r/s3_bucket_object.html.markdown     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown b/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
index 63d201b826..14286a603f 100644
--- a/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
+++ b/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
@@ -28,7 +28,11 @@ The following arguments are supported:
 
 * `bucket` - (Required) The name of the bucket to put the file in.
 * `key` - (Required) The name of the object once it is in the bucket.
-* `source` - (Required) The path to the source file being uploaded to the bucket.
+* `source` - (Required unless `content` given) The path to the source file being uploaded to the bucket.
+* `content` - (Required unless `source` given) The literal content being uploaded to the bucket.
+
+Either `source` or `content` must be provided to specify the bucket content.
+These two arguments are mutually-exclusive.
 
 ## Attributes Reference
 

From 5256a6df6b7677d26b63efe1c5a932e2cce884b3 Mon Sep 17 00:00:00 2001
From: zpatrick <zack.patrick@us.imshealth.com>
Date: Thu, 10 Sep 2015 18:37:17 +0000
Subject: [PATCH 022/335] fix formatting

---
 .../aws/resource_aws_s3_bucket_object.go      | 21 ++++++++++---------
 .../aws/resource_aws_s3_bucket_object_test.go | 11 ++++------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 8a2e8370b0..3a4cc4df25 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -1,11 +1,11 @@
 package aws
 
 import (
+	"bytes"
 	"fmt"
+	"io"
 	"log"
 	"os"
-	"io"
-        "bytes"
 
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -35,18 +35,18 @@ func resourceAwsS3BucketObject() *schema.Resource {
 			},
 
 			"source": &schema.Schema{
-				Type:     schema.TypeString,
-				Optional: true,
-				ForceNew: true,
+				Type:          schema.TypeString,
+				Optional:      true,
+				ForceNew:      true,
 				ConflictsWith: []string{"content"},
 			},
 
-                        "content": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                ForceNew: true,
+			"content": &schema.Schema{
+				Type:          schema.TypeString,
+				Optional:      true,
+				ForceNew:      true,
 				ConflictsWith: []string{"source"},
-                        },
+			},
 
 			"etag": &schema.Schema{
 				Type:     schema.TypeString,
@@ -138,3 +138,4 @@ func resourceAwsS3BucketObjectDelete(d *schema.ResourceData, meta interface{}) e
 	}
 	return nil
 }
+
diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object_test.go b/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
index 6311dd7c32..0e0651ad00 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
@@ -107,22 +107,19 @@ func testAccCheckAWSS3BucketObjectExists(n string) resource.TestCheckFunc {
 var randomBucket = randInt
 var testAccAWSS3BucketObjectConfigSource = fmt.Sprintf(`
 resource "aws_s3_bucket" "object_bucket" {
-	bucket = "tf-object-test-bucket-%d"
+    bucket = "tf-object-test-bucket-%d"
 }
-
 resource "aws_s3_bucket_object" "object" {
-	bucket = "${aws_s3_bucket.object_bucket.bucket}"
-	key = "test-key"
-	source = "%s"
+    bucket = "${aws_s3_bucket.object_bucket.bucket}"
+    key = "test-key"
+    source = "%s"
 }
 `, randomBucket, tf.Name())
 
-
 var testAccAWSS3BucketObjectConfigContent = fmt.Sprintf(`
 resource "aws_s3_bucket" "object_bucket" {
         bucket = "tf-object-test-bucket-%d"
 }
-
 resource "aws_s3_bucket_object" "object" {
         bucket = "${aws_s3_bucket.object_bucket.bucket}"
         key = "test-key"

From 863a7383aa5b50ab23d497d7d895d1da392539e8 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Thu, 10 Sep 2015 16:08:48 -0500
Subject: [PATCH 023/335] doc: module sources from private github repos

---
 .../source/docs/modules/sources.html.markdown | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/website/source/docs/modules/sources.html.markdown b/website/source/docs/modules/sources.html.markdown
index b0a2b4d0cc..d9e6a13169 100644
--- a/website/source/docs/modules/sources.html.markdown
+++ b/website/source/docs/modules/sources.html.markdown
@@ -81,6 +81,30 @@ You can use the same parameters to GitHub repositories as you can generic
 Git repositories (such as tags or branches). See the documentation for generic
 Git repositories for more information.
 
+#### Private GitHub Repos<a id="private-github-repos"></a>
+
+If you need Terraform to be able to fetch modules from private GitHub repos on
+a remote machine (like a Atlas or a CI server), you'll need to provide
+Terraform with credentials that can be used to authenticate as a user with read
+access to the private repo.
+
+First, create a [machine
+user](https://developer.github.com/guides/managing-deploy-keys/#machine-users)
+with access to read from the private repo in question, then embed this user's
+credentials into the source field:
+
+```
+module "private-infra" {
+  source = "git::https://MACHINE-USER:MACHINE-PASS@github.com/org/privatemodules//modules/foo"
+}
+```
+
+Note that Terraform does not yet support interpolations in the `source` field,
+so the machine username and password will have to be embedded directly into the
+source string. You can track
+[GH-1439](https://github.com/hashicorp/terraform/issues/1439) to learn when this
+limitation is lifted.
+
 ## BitBucket
 
 Terraform will automatically recognize BitBucket URLs and turn them into

From 3d77d158f7270472446b9e1fe461487c9763c91c Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Mon, 14 Sep 2015 10:38:29 +0100
Subject: [PATCH 024/335] remote/s3: Add support for ACL

---
 state/remote/s3.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/state/remote/s3.go b/state/remote/s3.go
index c2d897dd00..26330d1126 100644
--- a/state/remote/s3.go
+++ b/state/remote/s3.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"log"
 	"os"
 	"strconv"
 
@@ -45,6 +46,11 @@ func s3Factory(conf map[string]string) (Client, error) {
 		serverSideEncryption = v
 	}
 
+	acl := ""
+	if raw, ok := conf["acl"]; ok {
+		acl = raw
+	}
+
 	accessKeyId := conf["access_key"]
 	secretAccessKey := conf["secret_key"]
 
@@ -77,6 +83,7 @@ func s3Factory(conf map[string]string) (Client, error) {
 		bucketName:           bucketName,
 		keyName:              keyName,
 		serverSideEncryption: serverSideEncryption,
+		acl:                  acl,
 	}, nil
 }
 
@@ -85,6 +92,7 @@ type S3Client struct {
 	bucketName           string
 	keyName              string
 	serverSideEncryption bool
+	acl                  string
 }
 
 func (c *S3Client) Get() (*Payload, error) {
@@ -140,6 +148,12 @@ func (c *S3Client) Put(data []byte) error {
 		i.ServerSideEncryption = aws.String("AES256")
 	}
 
+	if c.acl != "" {
+		i.ACL = aws.String(c.acl)
+	}
+
+	log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)
+
 	if _, err := c.nativeClient.PutObject(i); err == nil {
 		return nil
 	} else {

From 4f7f20ba23b3b46680005a0efd4f06c80ad9a2b5 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Mon, 14 Sep 2015 10:36:55 +0100
Subject: [PATCH 025/335] remote/s3: Add some docs for supported parameters

---
 website/source/docs/commands/remote-config.html.markdown | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/source/docs/commands/remote-config.html.markdown b/website/source/docs/commands/remote-config.html.markdown
index c7586ac0e4..73a06f8211 100644
--- a/website/source/docs/commands/remote-config.html.markdown
+++ b/website/source/docs/commands/remote-config.html.markdown
@@ -57,6 +57,13 @@ The following backends are supported:
   in the `access_key`, `secret_key` and `region` variables
   respectively, but passing credentials this way is not recommended since they
   will be included in cleartext inside the persisted state.
+  Other supported parameters include:
+  * `bucket` - the name of the S3 bucket
+  * `key` - path where to place/look for state file inside the bucket
+  * `encrypt` - whether to enable [server side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+    of the state file
+  * `acl` - [Canned ACL](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
+    to be applied to the state file.
 
 * HTTP - Stores the state using a simple REST client. State will be fetched
   via GET, updated via POST, and purged with DELETE. Requires the `address` variable.

From 55f3c8c76498cf181a1f3605b0e796e5cac6be07 Mon Sep 17 00:00:00 2001
From: thrashr888 <thrashr888@gmail.com>
Date: Mon, 14 Sep 2015 16:50:53 -0700
Subject: [PATCH 026/335] provider/aws: aws_elasticache_cluster normalizes name
 to lowercase

---
 .../aws/resource_aws_elasticache_cluster.go          | 12 +++++++++++-
 .../aws/resource_aws_elasticache_cluster_test.go     |  5 ++++-
 .../aws/r/elasticache_cluster.html.markdown          |  4 ++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_elasticache_cluster.go b/builtin/providers/aws/resource_aws_elasticache_cluster.go
index 080c56ac9c..520ea13427 100644
--- a/builtin/providers/aws/resource_aws_elasticache_cluster.go
+++ b/builtin/providers/aws/resource_aws_elasticache_cluster.go
@@ -28,6 +28,12 @@ func resourceAwsElasticacheCluster() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
+				StateFunc: func(val interface{}) string {
+					// Elasticache normalizes cluster ids to lowercase,
+					// so we have to do this too or else we can end up
+					// with non-converging diffs.
+					return strings.ToLower(val.(string))
+				},
 			},
 			"engine": &schema.Schema{
 				Type:     schema.TypeString,
@@ -190,7 +196,11 @@ func resourceAwsElasticacheClusterCreate(d *schema.ResourceData, meta interface{
 		return fmt.Errorf("Error creating Elasticache: %s", err)
 	}
 
-	d.SetId(*resp.CacheCluster.CacheClusterId)
+	// Assign the cluster id as the resource ID
+	// Elasticache always retains the id in lower case, so we have to
+	// mimic that or else we won't be able to refresh a resource whose
+	// name contained uppercase characters.
+	d.SetId(strings.ToLower(*resp.CacheCluster.CacheClusterId))
 
 	pending := []string{"creating"}
 	stateConf := &resource.StateChangeConf{
diff --git a/builtin/providers/aws/resource_aws_elasticache_cluster_test.go b/builtin/providers/aws/resource_aws_elasticache_cluster_test.go
index caa14a8df7..173ca21ea7 100644
--- a/builtin/providers/aws/resource_aws_elasticache_cluster_test.go
+++ b/builtin/providers/aws/resource_aws_elasticache_cluster_test.go
@@ -163,7 +163,10 @@ resource "aws_security_group" "bar" {
 }
 
 resource "aws_elasticache_cluster" "bar" {
-    cluster_id = "tf-test-%03d"
+    // Including uppercase letters in this name to ensure
+    // that we correctly handle the fact that the API
+    // normalizes names to lowercase.
+    cluster_id = "tf-TEST-%03d"
     node_type = "cache.m1.small"
     num_cache_nodes = 1
     engine = "redis"
diff --git a/website/source/docs/providers/aws/r/elasticache_cluster.html.markdown b/website/source/docs/providers/aws/r/elasticache_cluster.html.markdown
index 953b78a9c0..dc4df4c2a0 100644
--- a/website/source/docs/providers/aws/r/elasticache_cluster.html.markdown
+++ b/website/source/docs/providers/aws/r/elasticache_cluster.html.markdown
@@ -27,8 +27,8 @@ resource "aws_elasticache_cluster" "bar" {
 
 The following arguments are supported:
 
-* `cluster_id` – (Required) Group identifier. This parameter is stored as a
-lowercase string
+* `cluster_id` – (Required) Group identifier. Elasticache converts
+  this name to lowercase
 
 * `engine` – (Required) Name of the cache engine to be used for this cache cluster.
  Valid values for this parameter are `memcached` or `redis`

From 4fd5c7254046bd7ef3d1b6872dcefe45f15fcbc2 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Tue, 15 Sep 2015 15:52:43 -0400
Subject: [PATCH 027/335] Fix "malformed url" bug in instance template when
 using network name

---
 .../providers/google/resource_compute_instance_template.go  | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/google/resource_compute_instance_template.go b/builtin/providers/google/resource_compute_instance_template.go
index 060f4bb393..ce2c727349 100644
--- a/builtin/providers/google/resource_compute_instance_template.go
+++ b/builtin/providers/google/resource_compute_instance_template.go
@@ -305,11 +305,9 @@ func buildNetworks(d *schema.ResourceData, meta interface{}) (error, []*compute.
 	for i := 0; i < networksCount; i++ {
 		prefix := fmt.Sprintf("network_interface.%d", i)
 
-		source := "global/networks/default"
+		source := "global/networks/"
 		if v, ok := d.GetOk(prefix + ".network"); ok {
-			if v.(string) != "default" {
-				source = v.(string)
-			}
+			source += v.(string)
 		}
 
 		// Build the networkInterface

From 32832ba030c1d2b53274c134b6125ab7cd37d653 Mon Sep 17 00:00:00 2001
From: Kevin Nuckolls <kevin.nuckolls@gmail.com>
Date: Tue, 15 Sep 2015 16:00:12 -0500
Subject: [PATCH 028/335] adds triggers to the null resource

---
 builtin/providers/null/resource.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/null/resource.go b/builtin/providers/null/resource.go
index 0badf346cd..bd1e6f89c7 100644
--- a/builtin/providers/null/resource.go
+++ b/builtin/providers/null/resource.go
@@ -19,7 +19,13 @@ func resource() *schema.Resource {
 		Update: resourceUpdate,
 		Delete: resourceDelete,
 
-		Schema: map[string]*schema.Schema{},
+		Schema: map[string]*schema.Schema{
+			"triggers": &schema.Schema{
+				Type:     schema.TypeMap,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
 	}
 }
 

From b224abb7a9b09247c3913c28d68870a6471efe86 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 16 Sep 2015 22:02:28 +0100
Subject: [PATCH 029/335] provider/aws: Add cloudwatch_log_group

---
 builtin/providers/aws/config.go               |  37 +++--
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_cloudwatch_log_group.go  | 146 ++++++++++++++++++
 3 files changed, 168 insertions(+), 16 deletions(-)
 create mode 100644 builtin/providers/aws/resource_aws_cloudwatch_log_group.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index a57c65c1b2..c1fc7ca92f 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -12,6 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/service/autoscaling"
 	"github.com/aws/aws-sdk-go/service/cloudwatch"
+	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
 	"github.com/aws/aws-sdk-go/service/dynamodb"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ecs"
@@ -41,22 +42,23 @@ type Config struct {
 }
 
 type AWSClient struct {
-	cloudwatchconn  *cloudwatch.CloudWatch
-	dynamodbconn    *dynamodb.DynamoDB
-	ec2conn         *ec2.EC2
-	ecsconn         *ecs.ECS
-	elbconn         *elb.ELB
-	autoscalingconn *autoscaling.AutoScaling
-	s3conn          *s3.S3
-	sqsconn         *sqs.SQS
-	snsconn         *sns.SNS
-	r53conn         *route53.Route53
-	region          string
-	rdsconn         *rds.RDS
-	iamconn         *iam.IAM
-	kinesisconn     *kinesis.Kinesis
-	elasticacheconn *elasticache.ElastiCache
-	lambdaconn      *lambda.Lambda
+	cloudwatchconn     *cloudwatch.CloudWatch
+	cloudwatchlogsconn *cloudwatchlogs.CloudWatchLogs
+	dynamodbconn       *dynamodb.DynamoDB
+	ec2conn            *ec2.EC2
+	ecsconn            *ecs.ECS
+	elbconn            *elb.ELB
+	autoscalingconn    *autoscaling.AutoScaling
+	s3conn             *s3.S3
+	sqsconn            *sqs.SQS
+	snsconn            *sns.SNS
+	r53conn            *route53.Route53
+	region             string
+	rdsconn            *rds.RDS
+	iamconn            *iam.IAM
+	kinesisconn        *kinesis.Kinesis
+	elasticacheconn    *elasticache.ElastiCache
+	lambdaconn         *lambda.Lambda
 }
 
 // Client configures and returns a fully initialized AWSClient
@@ -156,6 +158,9 @@ func (c *Config) Client() (interface{}, error) {
 
 		log.Println("[INFO] Initializing CloudWatch SDK connection")
 		client.cloudwatchconn = cloudwatch.New(awsConfig)
+
+		log.Println("[INFO] Initializing CloudWatch Logs connection")
+		client.cloudwatchlogsconn = cloudwatchlogs.New(awsConfig)
 	}
 
 	if len(errs) > 0 {
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 6b2c16c7ab..16e4f3789d 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -163,6 +163,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_autoscaling_group":            resourceAwsAutoscalingGroup(),
 			"aws_autoscaling_notification":     resourceAwsAutoscalingNotification(),
 			"aws_autoscaling_policy":           resourceAwsAutoscalingPolicy(),
+			"aws_cloudwatch_log_group":         resourceAwsCloudWatchLogGroup(),
 			"aws_cloudwatch_metric_alarm":      resourceAwsCloudWatchMetricAlarm(),
 			"aws_customer_gateway":             resourceAwsCustomerGateway(),
 			"aws_db_instance":                  resourceAwsDbInstance(),
diff --git a/builtin/providers/aws/resource_aws_cloudwatch_log_group.go b/builtin/providers/aws/resource_aws_cloudwatch_log_group.go
new file mode 100644
index 0000000000..e4f7236b2d
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_cloudwatch_log_group.go
@@ -0,0 +1,146 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+)
+
+func resourceAwsCloudWatchLogGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCloudWatchLogGroupCreate,
+		Read:   resourceAwsCloudWatchLogGroupRead,
+		Update: resourceAwsCloudWatchLogGroupUpdate,
+		Delete: resourceAwsCloudWatchLogGroupDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"retention_in_days": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+				Default:  0,
+			},
+
+			"arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsCloudWatchLogGroupCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cloudwatchlogsconn
+
+	log.Printf("[DEBUG] Creating CloudWatch Log Group: %s", d.Get("name").(string))
+	_, err := conn.CreateLogGroup(&cloudwatchlogs.CreateLogGroupInput{
+		LogGroupName: aws.String(d.Get("name").(string)),
+	})
+	if err != nil {
+		return fmt.Errorf("Creating CloudWatch Log Group failed: %s", err)
+	}
+
+	d.SetId(d.Get("name").(string))
+
+	log.Println("[INFO] CloudWatch Log Group created")
+
+	return resourceAwsCloudWatchLogGroupUpdate(d, meta)
+}
+
+func resourceAwsCloudWatchLogGroupRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cloudwatchlogsconn
+	log.Printf("[DEBUG] Reading CloudWatch Log Group: %q", d.Get("name").(string))
+	lg, err := lookupCloudWatchLogGroup(conn, d.Get("name").(string), nil)
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Found Log Group: %#v", *lg)
+
+	d.Set("arn", *lg.Arn)
+	d.Set("name", *lg.LogGroupName)
+
+	if lg.RetentionInDays != nil {
+		d.Set("retention_in_days", *lg.RetentionInDays)
+	}
+
+	return nil
+}
+
+func lookupCloudWatchLogGroup(conn *cloudwatchlogs.CloudWatchLogs,
+	name string, nextToken *string) (*cloudwatchlogs.LogGroup, error) {
+	input := &cloudwatchlogs.DescribeLogGroupsInput{
+		LogGroupNamePrefix: aws.String(name),
+		NextToken:          nextToken,
+	}
+	resp, err := conn.DescribeLogGroups(input)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, lg := range resp.LogGroups {
+		if *lg.LogGroupName == name {
+			return lg, nil
+		}
+	}
+
+	if resp.NextToken != nil {
+		return lookupCloudWatchLogGroup(conn, name, resp.NextToken)
+	}
+
+	return nil, fmt.Errorf("CloudWatch Log Group %q not found", name)
+}
+
+func resourceAwsCloudWatchLogGroupUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cloudwatchlogsconn
+
+	name := d.Get("name").(string)
+	log.Printf("[DEBUG] Updating CloudWatch Log Group: %q", name)
+
+	if d.HasChange("retention_in_days") {
+		var err error
+
+		if v, ok := d.GetOk("retention_in_days"); ok {
+			input := cloudwatchlogs.PutRetentionPolicyInput{
+				LogGroupName:    aws.String(name),
+				RetentionInDays: aws.Int64(int64(v.(int))),
+			}
+			log.Printf("[DEBUG] Setting retention for CloudWatch Log Group: %q: %s", name, input)
+			_, err = conn.PutRetentionPolicy(&input)
+		} else {
+			log.Printf("[DEBUG] Deleting retention for CloudWatch Log Group: %q", name)
+			_, err = conn.DeleteRetentionPolicy(&cloudwatchlogs.DeleteRetentionPolicyInput{
+				LogGroupName: aws.String(name),
+			})
+		}
+
+		return err
+	}
+
+	return resourceAwsCloudWatchLogGroupRead(d, meta)
+}
+
+func resourceAwsCloudWatchLogGroupDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cloudwatchlogsconn
+	log.Printf("[INFO] Deleting CloudWatch Log Group: %s", d.Id())
+	_, err := conn.DeleteLogGroup(&cloudwatchlogs.DeleteLogGroupInput{
+		LogGroupName: aws.String(d.Get("name").(string)),
+	})
+	if err != nil {
+		return fmt.Errorf("Error deleting CloudWatch Log Group: %s", err)
+	}
+	log.Println("[INFO] CloudWatch Log Group deleted")
+
+	d.SetId("")
+
+	return nil
+}

From 7b0626adb6fa59fbefbc648c8456e4a8796fe274 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 16 Sep 2015 22:02:45 +0100
Subject: [PATCH 030/335] provider/aws: Add docs for CloudWatch Log Group

---
 .../aws/r/cloudwatch_log_group.html.markdown  | 33 +++++++++++++++++++
 website/source/layouts/aws.erb                |  4 +++
 2 files changed, 37 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/cloudwatch_log_group.html.markdown

diff --git a/website/source/docs/providers/aws/r/cloudwatch_log_group.html.markdown b/website/source/docs/providers/aws/r/cloudwatch_log_group.html.markdown
new file mode 100644
index 0000000000..e784c63893
--- /dev/null
+++ b/website/source/docs/providers/aws/r/cloudwatch_log_group.html.markdown
@@ -0,0 +1,33 @@
+---
+layout: "aws"
+page_title: "AWS: aws_cloudwatch_log_group"
+sidebar_current: "docs-aws-resource-cloudwatch-log-group"
+description: |-
+  Provides a CloudWatch Log Group resource.
+---
+
+# aws\_cloudwatch\_log\_group
+
+Provides a CloudWatch Log Group resource.
+
+## Example Usage
+
+```
+resource "aws_cloudwatch_log_group" "yada" {
+  name = "Yada"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the log group
+* `retention_in_days` - (Optional) Specifies the number of days
+  you want to retain log events in the specified log group.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `arn` - The Amazon Resource Name (ARN) specifying the log group.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 22801a5075..5c67ad58ef 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -15,6 +15,10 @@
                     <a href="#">CloudWatch Resources</a>
                     <ul class="nav nav-visible">
 
+                        <li<%= sidebar_current("docs-aws-resource-cloudwatch-log-group") %>>
+                            <a href="/docs/providers/aws/r/cloudwatch_log_group.html">aws_cloudwatch_log_group</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-cloudwatch-metric-alarm") %>>
                             <a href="/docs/providers/aws/r/cloudwatch_metric_alarm.html">aws_cloudwatch_metric_alarm</a>
                         </li>

From e3ceda37fb47a9f81c47f7c07d7900230fc7a3ce Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 16 Sep 2015 21:57:12 +0100
Subject: [PATCH 031/335] provider/aws: Add acceptance test for
 cloudwatch_log_group

---
 .../resource_aws_cloudwatch_log_group_test.go | 147 ++++++++++++++++++
 1 file changed, 147 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_cloudwatch_log_group_test.go

diff --git a/builtin/providers/aws/resource_aws_cloudwatch_log_group_test.go b/builtin/providers/aws/resource_aws_cloudwatch_log_group_test.go
new file mode 100644
index 0000000000..da910c1a89
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_cloudwatch_log_group_test.go
@@ -0,0 +1,147 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSCloudWatchLogGroup_basic(t *testing.T) {
+	var lg cloudwatchlogs.LogGroup
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudWatchLogGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudWatchLogGroupConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudWatchLogGroupExists("aws_cloudwatch_log_group.foobar", &lg),
+					resource.TestCheckResourceAttr("aws_cloudwatch_log_group.foobar", "retention_in_days", "0"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCloudWatchLogGroup_retentionPolicy(t *testing.T) {
+	var lg cloudwatchlogs.LogGroup
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudWatchLogGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudWatchLogGroupConfig_withRetention,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudWatchLogGroupExists("aws_cloudwatch_log_group.foobar", &lg),
+					resource.TestCheckResourceAttr("aws_cloudwatch_log_group.foobar", "retention_in_days", "365"),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCloudWatchLogGroupConfigModified_withRetention,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudWatchLogGroupExists("aws_cloudwatch_log_group.foobar", &lg),
+					resource.TestCheckResourceAttr("aws_cloudwatch_log_group.foobar", "retention_in_days", "0"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCloudWatchLogGroup_multiple(t *testing.T) {
+	var lg cloudwatchlogs.LogGroup
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudWatchLogGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudWatchLogGroupConfig_multiple,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudWatchLogGroupExists("aws_cloudwatch_log_group.alpha", &lg),
+					resource.TestCheckResourceAttr("aws_cloudwatch_log_group.alpha", "retention_in_days", "14"),
+					testAccCheckCloudWatchLogGroupExists("aws_cloudwatch_log_group.beta", &lg),
+					resource.TestCheckResourceAttr("aws_cloudwatch_log_group.beta", "retention_in_days", "0"),
+					testAccCheckCloudWatchLogGroupExists("aws_cloudwatch_log_group.charlie", &lg),
+					resource.TestCheckResourceAttr("aws_cloudwatch_log_group.charlie", "retention_in_days", "3653"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudWatchLogGroupExists(n string, lg *cloudwatchlogs.LogGroup) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).cloudwatchlogsconn
+		logGroup, err := lookupCloudWatchLogGroup(conn, rs.Primary.ID, nil)
+		if err != nil {
+			return err
+		}
+
+		*lg = *logGroup
+
+		return nil
+	}
+}
+
+func testAccCheckAWSCloudWatchLogGroupDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).cloudwatchlogsconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_cloudwatch_log_group" {
+			continue
+		}
+
+		_, err := lookupCloudWatchLogGroup(conn, rs.Primary.ID, nil)
+		if err == nil {
+			return fmt.Errorf("LogGroup Still Exists: %s", rs.Primary.ID)
+		}
+	}
+
+	return nil
+}
+
+var testAccAWSCloudWatchLogGroupConfig = `
+resource "aws_cloudwatch_log_group" "foobar" {
+    name = "foo-bar"
+}
+`
+
+var testAccAWSCloudWatchLogGroupConfig_withRetention = `
+resource "aws_cloudwatch_log_group" "foobar" {
+    name = "foo-bang"
+    retention_in_days = 365
+}
+`
+
+var testAccAWSCloudWatchLogGroupConfigModified_withRetention = `
+resource "aws_cloudwatch_log_group" "foobar" {
+    name = "foo-bang"
+}
+`
+
+var testAccAWSCloudWatchLogGroupConfig_multiple = `
+resource "aws_cloudwatch_log_group" "alpha" {
+    name = "foo-bar"
+    retention_in_days = 14
+}
+resource "aws_cloudwatch_log_group" "beta" {
+    name = "foo-bara"
+}
+resource "aws_cloudwatch_log_group" "charlie" {
+    name = "foo-baraa"
+    retention_in_days = 3653
+}
+`

From 2b7a13b6091bb5b8499f9c441ba92b7f23d2b90d Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 17 Sep 2015 20:10:35 +0100
Subject: [PATCH 032/335] Adding some other simple S3 Bucket Object (Optional)
 Inputs

---
 .../aws/resource_aws_s3_bucket_object.go      | 47 +++++++++++++++++--
 .../aws/resource_aws_s3_bucket_object_test.go | 41 ++++++++++++++++
 .../aws/r/s3_bucket_object.html.markdown      |  5 ++
 3 files changed, 90 insertions(+), 3 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 9d46952d07..537ed32974 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -26,6 +26,31 @@ func resourceAwsS3BucketObject() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"cache_control": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"content_disposition": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"content_encoding": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"content_language": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"content_type": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
 			"key": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
@@ -52,6 +77,11 @@ func resourceAwsS3BucketObjectPut(d *schema.ResourceData, meta interface{}) erro
 	bucket := d.Get("bucket").(string)
 	key := d.Get("key").(string)
 	source := d.Get("source").(string)
+	encoding := d.Get("content_encoding").(string)
+	contentType := d.Get("content_type").(string)
+	cacheControl := d.Get("cache_control").(string)
+	contentLanguage := d.Get("content_language").(string)
+	contentDisposition := d.Get("content_disposition").(string)
 
 	file, err := os.Open(source)
 
@@ -61,9 +91,14 @@ func resourceAwsS3BucketObjectPut(d *schema.ResourceData, meta interface{}) erro
 
 	resp, err := s3conn.PutObject(
 		&s3.PutObjectInput{
-			Bucket: aws.String(bucket),
-			Key:    aws.String(key),
-			Body:   file,
+			Bucket:             aws.String(bucket),
+			Key:                aws.String(key),
+			Body:               file,
+			CacheControl:       aws.String(cacheControl),
+			ContentDisposition: aws.String(contentDisposition),
+			ContentEncoding:    aws.String(encoding),
+			ContentLanguage:    aws.String(contentLanguage),
+			ContentType:        aws.String(contentType),
 		})
 
 	if err != nil {
@@ -99,6 +134,12 @@ func resourceAwsS3BucketObjectRead(d *schema.ResourceData, meta interface{}) err
 		return err
 	}
 
+	d.Set("cache_control", resp.CacheControl)
+	d.Set("content_disposition", resp.ContentDisposition)
+	d.Set("content_encoding", resp.ContentEncoding)
+	d.Set("content_language", resp.ContentLanguage)
+	d.Set("content_type", resp.ContentType)
+
 	log.Printf("[DEBUG] Reading S3 Bucket Object meta: %s", resp)
 	return nil
 }
diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object_test.go b/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
index 4f947736ae..5e1480be23 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object_test.go
@@ -36,6 +36,31 @@ func TestAccAWSS3BucketObject_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSS3BucketObject_withContentCharacteristics(t *testing.T) {
+	// first write some data to the tempfile just so it's not 0 bytes.
+	ioutil.WriteFile(tf.Name(), []byte("{anything will do }"), 0644)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if err != nil {
+				panic(err)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSS3BucketObjectDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSS3BucketObjectConfig_withContentCharacteristics,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSS3BucketObjectExists("aws_s3_bucket_object.object"),
+					resource.TestCheckResourceAttr(
+						"aws_s3_bucket_object.object", "content_type", "binary/octet-stream"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSS3BucketObjectDestroy(s *terraform.State) error {
 	s3conn := testAccProvider.Meta().(*AWSClient).s3conn
 
@@ -95,5 +120,21 @@ resource "aws_s3_bucket_object" "object" {
 	bucket = "${aws_s3_bucket.object_bucket.bucket}"
 	key = "test-key"
 	source = "%s"
+	content_type = "binary/octet-stream"
+}
+`, randomBucket, tf.Name())
+
+var testAccAWSS3BucketObjectConfig_withContentCharacteristics = fmt.Sprintf(`
+resource "aws_s3_bucket" "object_bucket_2" {
+	bucket = "tf-object-test-bucket-%d"
+}
+
+resource "aws_s3_bucket_object" "object" {
+	bucket = "${aws_s3_bucket.object_bucket_2.bucket}"
+	key = "test-key"
+	source = "%s"
+	content_language = "en"
+	content_type = "binary/octet-stream"
+
 }
 `, randomBucket, tf.Name())
diff --git a/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown b/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
index 63d201b826..649130f80a 100644
--- a/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
+++ b/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
@@ -29,6 +29,11 @@ The following arguments are supported:
 * `bucket` - (Required) The name of the bucket to put the file in.
 * `key` - (Required) The name of the object once it is in the bucket.
 * `source` - (Required) The path to the source file being uploaded to the bucket.
+* `cache_control` - (Optional) Specifies caching behavior along the request/reply chain.
+* `content_disposition` - (Optional) Specifies presentational information for the object.
+* `content_encoding` - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
+* `content_language` - (Optional) The language the content is in.
+* `content_type` - (Optional) A standard MIME type describing the format of the object data.
 
 ## Attributes Reference
 

From 6337c350f57eaed183a9ea97d6a9732566d708d6 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Fri, 18 Sep 2015 11:13:37 +0100
Subject: [PATCH 033/335] Updating the app_cookie_stickiness_policy docs to
 reflact needing a LoadBalancer name NOT Id

---
 ...app_cookie_stickiness_policy.html.markdown | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/website/source/docs/providers/aws/r/app_cookie_stickiness_policy.html.markdown b/website/source/docs/providers/aws/r/app_cookie_stickiness_policy.html.markdown
index 6d6215f22b..c15f09d66e 100644
--- a/website/source/docs/providers/aws/r/app_cookie_stickiness_policy.html.markdown
+++ b/website/source/docs/providers/aws/r/app_cookie_stickiness_policy.html.markdown
@@ -15,20 +15,20 @@ Provides an application cookie stickiness policy, which allows an ELB to wed its
 ```
 resource "aws_elb" "lb" {
     name = "test-lb"
-	  availability_zones = ["us-east-1a"]
-	  listener {
-	      instance_port = 8000
-		    instance_protocol = "http"
-		    lb_port = 80
-		    lb_protocol = "http"
-	  }
+	availability_zones = ["us-east-1a"]
+	listener {
+	  instance_port = 8000
+	  instance_protocol = "http"
+	  lb_port = 80
+	  lb_protocol = "http"
+    }
 }
 
 resource "aws_app_cookie_stickiness_policy" "foo" {
-	  name = "foo_policy"
-	  load_balancer = "${aws_elb.lb.id}"
-	  lb_port = 80
-	  cookie_name = "MyAppCookie"
+	name = "foo_policy"
+	load_balancer = "${aws_elb.lb.name}"
+	lb_port = 80
+	cookie_name = "MyAppCookie"
 }
 ```
 
@@ -37,7 +37,7 @@ resource "aws_app_cookie_stickiness_policy" "foo" {
 The following arguments are supported:
 
 * `name` - (Required) The name of the stickiness policy.
-* `load_balancer` - (Required) The load balancer to which the policy
+* `load_balancer` - (Required) The name of load balancer to which the policy
   should be attached.
 * `lb_port` - (Required) The load balancer port to which the policy
   should be applied. This must be an active listener on the load
@@ -50,6 +50,6 @@ The following attributes are exported:
 
 * `id` - The ID of the policy.
 * `name` - The name of the stickiness policy.
-* `load_balancer` - The load balancer to which the policy is attached.
+* `load_balancer` - The name of load balancer to which the policy is attached.
 * `lb_port` - The load balancer port to which the policy is applied.
 * `cookie_name` - The application cookie whose lifetime the ELB's cookie should follow.

From c753c1e91dd9aa3af5ea33a37bd7a6a825c92603 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Fri, 18 Sep 2015 13:04:33 +0100
Subject: [PATCH 034/335] Changing the PR for the db_param_group to ensure
 validation rather than documentation

---
 .../aws/resource_aws_db_parameter_group.go    | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_db_parameter_group.go b/builtin/providers/aws/resource_aws_db_parameter_group.go
index b274605a77..72101ac908 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"log"
+	"regexp"
 	"strings"
 	"time"
 
@@ -27,6 +28,30 @@ func resourceAwsDbParameterGroup() *schema.Resource {
 				Type:     schema.TypeString,
 				ForceNew: true,
 				Required: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"only lowercase alphanumeric characters and hyphens allowed in %q", k))
+					}
+					if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"first character of %q must be a letter", k))
+					}
+					if regexp.MustCompile(`--`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot contain two consecutive hyphens", k))
+					}
+					if regexp.MustCompile(`-$`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot end with a hyphen", k))
+					}
+					if len(value) > 255 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be greater than 255 characters", k))
+					}
+					return
+				},
 			},
 			"family": &schema.Schema{
 				Type:     schema.TypeString,

From 9ac39a3edf15863be941635ee756f008b1ece51e Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Fri, 18 Sep 2015 19:42:37 +0100
Subject: [PATCH 035/335] Enforcing lowercase on the DO Size. This is used for
 the sizeslug property of API calls - according to their
 [docs](https://developers.digitalocean.com/documentation/v1/sizes/) this
 always looks to be lowercase on the slug. I cannot find any definite answer
 to this question though

---
 .../providers/digitalocean/resource_digitalocean_droplet.go   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/builtin/providers/digitalocean/resource_digitalocean_droplet.go b/builtin/providers/digitalocean/resource_digitalocean_droplet.go
index 88c0c6d07a..c14b248c64 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_droplet.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_droplet.go
@@ -39,6 +39,10 @@ func resourceDigitalOceanDroplet() *schema.Resource {
 			"size": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
+				StateFunc: func(val interface{}) string {
+					// DO API V2 size slug is always lowercase
+					return strings.ToLower(val.(string))
+				},
 			},
 
 			"status": &schema.Schema{

From 679563951c6634f04107d4a8e75dda6479591c23 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Sat, 19 Sep 2015 20:01:49 +0100
Subject: [PATCH 036/335] Added the validation for the
 app-cookie-stickiness-policy after the AWS API returned an error

---
 .../aws/resource_aws_app_cookie_stickiness_policy.go     | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go b/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go
index 3f7e1bf7ff..b97acf2a9b 100644
--- a/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go
+++ b/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -25,6 +26,14 @@ func resourceAwsAppCookieStickinessPolicy() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
+					value := v.(string)
+					if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) {
+						es = append(es, fmt.Errorf(
+							"only alphanumeric characters and hyphens allowed in %q", k))
+					}
+					return
+				},
 			},
 
 			"load_balancer": &schema.Schema{

From ac4243269071b7f15dcea43b233a72fc5ceb6d6c Mon Sep 17 00:00:00 2001
From: Chavez <matthew@el-chavez.me>
Date: Wed, 16 Sep 2015 11:50:19 -0700
Subject: [PATCH 037/335] docs: AWS launch configuration

* Spot instance documentation
---
 .../aws/r/launch_configuration.html.markdown  | 39 +++++++++++++++++--
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/website/source/docs/providers/aws/r/launch_configuration.html.markdown b/website/source/docs/providers/aws/r/launch_configuration.html.markdown
index b40294e73a..5fbf729ac9 100644
--- a/website/source/docs/providers/aws/r/launch_configuration.html.markdown
+++ b/website/source/docs/providers/aws/r/launch_configuration.html.markdown
@@ -23,10 +23,10 @@ resource "aws_launch_configuration" "as_conf" {
 ## Using with AutoScaling Groups
 
 Launch Configurations cannot be updated after creation with the Amazon
-Web Service API. In order to update a Launch Configuration, Terraform will 
-destroy the existing resource and create a replacement. In order to effectively 
-use a Launch Configuration resource with an [AutoScaling Group resource][1], 
-it's recommend to omit the Launch Configuration `name` attribute, and 
+Web Service API. In order to update a Launch Configuration, Terraform will
+destroy the existing resource and create a replacement. In order to effectively
+use a Launch Configuration resource with an [AutoScaling Group resource][1],
+it's recommend to omit the Launch Configuration `name` attribute, and
 specify `create_before_destroy` in a [lifecycle][2] block, as shown:
 
 ```
@@ -53,6 +53,35 @@ With this setup Terraform generates a unique name for your Launch
 Configuration and can then update the AutoScaling Group without conflict before
 destroying the previous Launch Configuration.
 
+## Using with Spot Instances
+
+Launch configurations can set the spot instance pricing to be used for the
+Auto Scaling Group to reserve instances. Simply specifying the `spot_price`
+parameter will set the price on the Launch Configuration which will attempt to
+reserve your instances at this price.  See the [AWS Spot Instance
+documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)
+for more information or how to launch [Spot Instances][3] with Terraform.
+
+```
+resource "aws_launch_configuration" "as_conf" {
+    image_id = "ami-1234"
+    instance_type = "m1.small"
+    spot_price = "0.001"
+    lifecycle {
+      create_before_destroy = true
+    }
+}
+
+resource "aws_autoscaling_group" "bar" {
+    name = "terraform-asg-example"
+    launch_configuration = "${aws_launch_configuration.as_conf.name}"
+
+    lifecycle {
+      create_before_destroy = true
+    }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -70,6 +99,7 @@ The following arguments are supported:
 * `enable_monitoring` - (Optional) Enables/disables detailed monitoring. This is enabled by default.
 * `ebs_optimized` - (Optional) If true, the launched EC2 instance will be EBS-optimized.
 * `block_device_mapping` - (Optional) A list of block devices to add. Their keys are documented below.
+* `spot_price` - (Optional) The price to use for reserving spot instances.
 
 <a id="block-devices"></a>
 ## Block devices
@@ -134,3 +164,4 @@ The following attributes are exported:
 
 [1]: /docs/providers/aws/r/autoscaling_group.html
 [2]: /docs/configuration/resources.html#lifecycle
+[3]: /docs/providers/aws/r/spot_instance_request.html

From 91274c9a90b50e32bc29a564e4178fe8b075cf6c Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Mon, 21 Sep 2015 22:00:51 +0100
Subject: [PATCH 038/335] Test spike to extract the function that does the
 validation for ELB Name. This will allow me to test this in isolation to make
 sure that the validation rules work as expected

---
 builtin/providers/aws/resource_aws_elb.go     | 53 ++++++++++---------
 .../providers/aws/resource_aws_elb_test.go    | 36 +++++++++++++
 2 files changed, 64 insertions(+), 25 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_elb.go b/builtin/providers/aws/resource_aws_elb.go
index a57fc840aa..9955c7cf0a 100644
--- a/builtin/providers/aws/resource_aws_elb.go
+++ b/builtin/providers/aws/resource_aws_elb.go
@@ -24,31 +24,11 @@ func resourceAwsElb() *schema.Resource {
 
 		Schema: map[string]*schema.Schema{
 			"name": &schema.Schema{
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
-				ForceNew: true,
-				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
-					value := v.(string)
-					if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"only alphanumeric characters and hyphens allowed in %q: %q",
-							k, value))
-					}
-					if len(value) > 32 {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot be longer than 32 characters: %q", k, value))
-					}
-					if regexp.MustCompile(`^-`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot begin with a hyphen: %q", k, value))
-					}
-					if regexp.MustCompile(`-$`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot end with a hyphen: %q", k, value))
-					}
-					return
-				},
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ForceNew:     true,
+				ValidateFunc: validateElbName,
 			},
 
 			"internal": &schema.Schema{
@@ -591,3 +571,26 @@ func isLoadBalancerNotFound(err error) bool {
 	elberr, ok := err.(awserr.Error)
 	return ok && elberr.Code() == "LoadBalancerNotFound"
 }
+
+func validateElbName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"only alphanumeric characters and hyphens allowed in %q: %q",
+			k, value))
+	}
+	if len(value) > 32 {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot be longer than 32 characters: %q", k, value))
+	}
+	if regexp.MustCompile(`^-`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot begin with a hyphen: %q", k, value))
+	}
+	if regexp.MustCompile(`-$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot end with a hyphen: %q", k, value))
+	}
+	return
+
+}
diff --git a/builtin/providers/aws/resource_aws_elb_test.go b/builtin/providers/aws/resource_aws_elb_test.go
index 941b2fdef8..e3ace05857 100644
--- a/builtin/providers/aws/resource_aws_elb_test.go
+++ b/builtin/providers/aws/resource_aws_elb_test.go
@@ -437,6 +437,42 @@ func TestResourceAwsElbListenerHash(t *testing.T) {
 	}
 }
 
+func TestAccAWSELB_validateElbNameCannotBeginWithHyphen(t *testing.T) {
+	var elbName = "-Testing123"
+	_, errors := validateElbName(elbName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the ELB Name to trigger a validation error")
+	}
+}
+
+func TestAccAWSELB_validateElbNameCannotBeLongerThen32Characters(t *testing.T) {
+	var elbName = "Testing123dddddddddddddddddddvvvv"
+	_, errors := validateElbName(elbName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the ELB Name to trigger a validation error")
+	}
+}
+
+func TestAccAWSELB_validateElbNameCannotHaveSpecialCharacters(t *testing.T) {
+	var elbName = "Testing123%%"
+	_, errors := validateElbName(elbName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the ELB Name to trigger a validation error")
+	}
+}
+
+func TestAccAWSELB_validateElbNameCannotEndWithHyphen(t *testing.T) {
+	var elbName = "Testing123-"
+	_, errors := validateElbName(elbName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the ELB Name to trigger a validation error")
+	}
+}
+
 func testAccCheckAWSELBDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).elbconn
 

From 04722c88c56e6964e257042c85a50f20c31b4b59 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Mon, 21 Sep 2015 22:08:33 +0100
Subject: [PATCH 039/335] Renaming the unit tests for the ELB Name validation
 to be TestResource to keep inline with existing conventions

---
 builtin/providers/aws/resource_aws_elb_test.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_elb_test.go b/builtin/providers/aws/resource_aws_elb_test.go
index e3ace05857..5b85f54ce8 100644
--- a/builtin/providers/aws/resource_aws_elb_test.go
+++ b/builtin/providers/aws/resource_aws_elb_test.go
@@ -437,7 +437,7 @@ func TestResourceAwsElbListenerHash(t *testing.T) {
 	}
 }
 
-func TestAccAWSELB_validateElbNameCannotBeginWithHyphen(t *testing.T) {
+func TestResourceAWSELB_validateElbNameCannotBeginWithHyphen(t *testing.T) {
 	var elbName = "-Testing123"
 	_, errors := validateElbName(elbName, "SampleKey")
 
@@ -446,7 +446,7 @@ func TestAccAWSELB_validateElbNameCannotBeginWithHyphen(t *testing.T) {
 	}
 }
 
-func TestAccAWSELB_validateElbNameCannotBeLongerThen32Characters(t *testing.T) {
+func TestResourceAWSELB_validateElbNameCannotBeLongerThen32Characters(t *testing.T) {
 	var elbName = "Testing123dddddddddddddddddddvvvv"
 	_, errors := validateElbName(elbName, "SampleKey")
 
@@ -455,7 +455,7 @@ func TestAccAWSELB_validateElbNameCannotBeLongerThen32Characters(t *testing.T) {
 	}
 }
 
-func TestAccAWSELB_validateElbNameCannotHaveSpecialCharacters(t *testing.T) {
+func TestResourceAWSELB_validateElbNameCannotHaveSpecialCharacters(t *testing.T) {
 	var elbName = "Testing123%%"
 	_, errors := validateElbName(elbName, "SampleKey")
 
@@ -464,7 +464,7 @@ func TestAccAWSELB_validateElbNameCannotHaveSpecialCharacters(t *testing.T) {
 	}
 }
 
-func TestAccAWSELB_validateElbNameCannotEndWithHyphen(t *testing.T) {
+func TestResourceAWSELB_validateElbNameCannotEndWithHyphen(t *testing.T) {
 	var elbName = "Testing123-"
 	_, errors := validateElbName(elbName, "SampleKey")
 

From a3111b41e53fe1b2775cab00a19eb05c2b01adef Mon Sep 17 00:00:00 2001
From: Carlos A Becker <caarlos0@gmail.com>
Date: Wed, 23 Sep 2015 15:30:44 -0300
Subject: [PATCH 040/335] Allow non-persistent spot requests

---
 .../aws/resource_aws_spot_instance_request.go          | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_spot_instance_request.go b/builtin/providers/aws/resource_aws_spot_instance_request.go
index 56de8992cd..89384246c3 100644
--- a/builtin/providers/aws/resource_aws_spot_instance_request.go
+++ b/builtin/providers/aws/resource_aws_spot_instance_request.go
@@ -36,6 +36,11 @@ func resourceAwsSpotInstanceRequest() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			}
+			s["spot_type"] = &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "persistent",
+			}
 			s["wait_for_fulfillment"] = &schema.Schema{
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -69,10 +74,7 @@ func resourceAwsSpotInstanceRequestCreate(d *schema.ResourceData, meta interface
 
 	spotOpts := &ec2.RequestSpotInstancesInput{
 		SpotPrice: aws.String(d.Get("spot_price").(string)),
-
-		// We always set the type to "persistent", since the imperative-like
-		// behavior of "one-time" does not map well to TF's declarative domain.
-		Type: aws.String("persistent"),
+		Type:      aws.String(d.Get("spot_type").(string)),
 
 		// Though the AWS API supports creating spot instance requests for multiple
 		// instances, for TF purposes we fix this to one instance per request.

From 362024056ff0a9add8e87621dedc07b2ec31e677 Mon Sep 17 00:00:00 2001
From: Carlos A Becker <caarlos0@gmail.com>
Date: Wed, 23 Sep 2015 15:35:47 -0300
Subject: [PATCH 041/335] docs

---
 .../docs/providers/aws/r/spot_instance_request.html.markdown   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/source/docs/providers/aws/r/spot_instance_request.html.markdown b/website/source/docs/providers/aws/r/spot_instance_request.html.markdown
index abb1f4705e..5ca6daf9f8 100644
--- a/website/source/docs/providers/aws/r/spot_instance_request.html.markdown
+++ b/website/source/docs/providers/aws/r/spot_instance_request.html.markdown
@@ -51,6 +51,9 @@ Spot Instance Requests support all the same arguments as
 * `wait_for_fulfillment` - (Optional; Default: false) If set, Terraform will
   wait for the Spot Request to be fulfilled, and will throw an error if the
   timeout of 10m is reached.
+* `spot_type` - (Optional; Default: "persistent") If set to "one-time", after
+  the instance is terminated, the spot request will be closed. Also, Terraform
+  can't manage one-time spot requests, just launch them.
 
 ## Attributes Reference
 

From 803b33bcae319238a3144b81afcd247f69f27f49 Mon Sep 17 00:00:00 2001
From: Sargurunathan Mohan <sargurum@yelp.com>
Date: Wed, 23 Sep 2015 16:40:46 -0700
Subject: [PATCH 042/335] return nil and exit out of the function for IAM
 instance profiles

---
 builtin/providers/aws/config.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index a57c65c1b2..be38e120c5 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -221,6 +221,7 @@ func (c *Config) ValidateAccountId(iamconn *iam.IAM) error {
 			// User may be an IAM instance profile, so fail silently.
 			// If it is an IAM instance profile
 			// validating account might be superfluous
+      return nil
 		} else {
 			return fmt.Errorf("Failed getting account ID from IAM: %s", err)
 			// return error if the account id is explicitly not authorised

From 6b2d6f5ae4da15947afb1b44c13cee5790929972 Mon Sep 17 00:00:00 2001
From: Sargurunathan Mohan <sargurum@yelp.com>
Date: Wed, 23 Sep 2015 16:41:48 -0700
Subject: [PATCH 043/335] go fmt code

---
 builtin/providers/aws/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index be38e120c5..883663eacf 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -221,7 +221,7 @@ func (c *Config) ValidateAccountId(iamconn *iam.IAM) error {
 			// User may be an IAM instance profile, so fail silently.
 			// If it is an IAM instance profile
 			// validating account might be superfluous
-      return nil
+			return nil
 		} else {
 			return fmt.Errorf("Failed getting account ID from IAM: %s", err)
 			// return error if the account id is explicitly not authorised

From 7884fb805e9e2991c299bff6045445dadac10209 Mon Sep 17 00:00:00 2001
From: Martin Atkins <matkins@saymedia.com>
Date: Wed, 23 Sep 2015 17:31:38 -0700
Subject: [PATCH 044/335] Corrected example on rundeck provider index page.

An earlier version of the provider implementation accepted
key_material_file instead of key_material. This was updated in the
resource-specific docs but not in this provider-wide example.
---
 website/source/docs/providers/rundeck/index.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/rundeck/index.html.markdown b/website/source/docs/providers/rundeck/index.html.markdown
index e948ca4e30..529f4f44bf 100644
--- a/website/source/docs/providers/rundeck/index.html.markdown
+++ b/website/source/docs/providers/rundeck/index.html.markdown
@@ -70,6 +70,6 @@ resource "rundeck_public_key" "anvils" {
 
 resource "rundeck_private_key" "anvils" {
     path = "anvils/id_rsa"
-    key_material_file = "${path.module}/id_rsa.pub"
+    key_material = "${file(\"id_rsa.pub\")}"
 }
 ```

From f85fc866fe9a29de5eafc785c85f24450d247d53 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Wed, 23 Sep 2015 18:51:34 -0700
Subject: [PATCH 045/335] Put "Edit this page" link in footer

---
 website/source/layouts/_footer.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/source/layouts/_footer.erb b/website/source/layouts/_footer.erb
index df095a8209..d2ea893fc7 100644
--- a/website/source/layouts/_footer.erb
+++ b/website/source/layouts/_footer.erb
@@ -7,6 +7,9 @@
 						<li class="li-under"><a href="/intro/index.html">Intro</a></li>
 						<li class="active li-under"><a href="/docs/index.html">Docs</a></li>
 		        <li class="li-under"><a href="/community.html">Community</a></li>
+            <% if current_page.url != '/' %>
+              <li class="li-under"><a href="https://github.com/hashicorp/terraform/<%= github_path current_page %>">Edit this page</a></li>
+            <% end %>
 					</ul>
 				</div>
 				<div class="footer-hashi col-sm-5 col-xs-12">

From 8895ab751d73b13d94fdefdcc69095ac4845d9ee Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Wed, 23 Sep 2015 18:51:42 -0700
Subject: [PATCH 046/335] Add Makefile

---
 website/Makefile | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 website/Makefile

diff --git a/website/Makefile b/website/Makefile
new file mode 100644
index 0000000000..6b32d222ac
--- /dev/null
+++ b/website/Makefile
@@ -0,0 +1,11 @@
+all:
+	build
+
+init:
+	bundle
+
+dev: init
+			bundle exec middleman server
+
+build: init
+				bundle exec middleman build
\ No newline at end of file

From 325f95839a3a65bbaacc195c084255a6396d1eda Mon Sep 17 00:00:00 2001
From: rob boll <robertcboll@gmail.com>
Date: Thu, 24 Sep 2015 10:58:58 -0400
Subject: [PATCH 047/335] correct policy_document to policy in vpc_endpoint
 docs

---
 website/source/docs/providers/aws/r/vpc_endpoint.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/vpc_endpoint.html.markdown b/website/source/docs/providers/aws/r/vpc_endpoint.html.markdown
index 813aba329b..51fdbf5ee2 100644
--- a/website/source/docs/providers/aws/r/vpc_endpoint.html.markdown
+++ b/website/source/docs/providers/aws/r/vpc_endpoint.html.markdown
@@ -27,7 +27,7 @@ The following arguments are supported:
 
 * `vpc_id` - (Required) The ID of the VPC in which the endpoint will be used.
 * `service_name` - (Required) The AWS service name, in the form `com.amazonaws.region.service`.
-* `policy_document` - (Optional) A policy to attach to the endpoint that controls access to the service.
+* `policy` - (Optional) A policy to attach to the endpoint that controls access to the service.
 * `route_table_ids` - (Optional) One or more route table IDs.
 
 ## Attributes Reference

From ec43972b7b0010a1d3b1c2236a73e163391f1caa Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 09:57:38 -0700
Subject: [PATCH 048/335] Update README to point to Makefile

---
 website/README.md | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/website/README.md b/website/README.md
index 0e1c0fa49e..cb83f714db 100644
--- a/website/README.md
+++ b/website/README.md
@@ -12,15 +12,7 @@ requests like any normal GitHub project, and we'll merge it in.
 
 ## Running the Site Locally
 
-Running the site locally is simple. First you need a working copy of [Ruby >= 2.0](https://www.ruby-lang.org/en/downloads/) and [Bundler](http://bundler.io/).
-Then you can clone this repo and run the following commands from this directory:
-
-```
-$ bundle
-# ( installs all gem dependencies )
-$ bundle exec middleman server
-# ( boots the local server )
-```
+Running the site locally is simple. First you need a working copy of [Ruby >= 2.0](https://www.ruby-lang.org/en/downloads/) and [Bundler](http://bundler.io/). Then you can clone this repo and run `make dev`.
 
 Then open up `http://localhost:4567`. Note that some URLs you may need to append
 ".html" to make them work (in the navigation).

From f1800a4841a69abcdf471d06c12c54b860767e91 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 10:07:48 -0700
Subject: [PATCH 049/335] `bundle update middleman-hashicorp`

---
 website/Gemfile.lock | 79 ++++++++++++++++++++++++--------------------
 1 file changed, 44 insertions(+), 35 deletions(-)

diff --git a/website/Gemfile.lock b/website/Gemfile.lock
index 826d25e8f4..fac790740e 100644
--- a/website/Gemfile.lock
+++ b/website/Gemfile.lock
@@ -1,12 +1,12 @@
 GIT
   remote: https://github.com/hashicorp/middleman-hashicorp
-  revision: 76f0f284ad44cea0457484ea83467192f02daf87
+  revision: fc131cfce2a1d5c8671812d9844a944ebb4bd92f
   specs:
     middleman-hashicorp (0.1.0)
       bootstrap-sass (~> 3.3)
       builder (~> 3.2)
       less (~> 2.6)
-      middleman (~> 3.3)
+      middleman (~> 3.4)
       middleman-livereload (~> 3.4)
       middleman-minify-html (~> 3.4)
       middleman-syntax (~> 2.0)
@@ -21,21 +21,25 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (4.1.12)
-      i18n (~> 0.6, >= 0.6.9)
+    activesupport (4.2.4)
+      i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
-      thread_safe (~> 0.1)
+      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    autoprefixer-rails (5.2.1)
+    autoprefixer-rails (6.0.3)
       execjs
       json
     bootstrap-sass (3.3.5.1)
       autoprefixer-rails (>= 5.0.0.1)
       sass (>= 3.3.0)
     builder (3.2.2)
-    celluloid (0.16.0)
-      timers (~> 4.0.0)
+    capybara (2.4.4)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (~> 2.0)
     chunky_png (1.3.4)
     coffee-script (2.4.1)
       coffee-script-source
@@ -59,16 +63,15 @@ GEM
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
     erubis (2.7.0)
-    eventmachine (1.0.7)
-    execjs (2.5.2)
+    eventmachine (1.0.8)
+    execjs (2.6.0)
     ffi (1.9.10)
     git-version-bump (0.15.1)
-    haml (4.0.6)
+    haml (4.0.7)
       tilt
     hike (1.2.3)
-    hitimes (1.2.2)
-    hooks (0.4.0)
-      uber (~> 0.0.4)
+    hooks (0.4.1)
+      uber (~> 0.0.14)
     htmlcompressor (0.2.0)
     http_parser.rb (0.6.0)
     i18n (0.7.0)
@@ -77,34 +80,33 @@ GEM
     less (2.6.0)
       commonjs (~> 0.2.7)
     libv8 (3.16.14.11)
-    listen (2.10.1)
-      celluloid (~> 0.16.0)
+    listen (3.0.3)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
-    middleman (3.3.12)
+    middleman (3.4.0)
       coffee-script (~> 2.2)
       compass (>= 1.0.0, < 2.0.0)
       compass-import-once (= 1.0.5)
       execjs (~> 2.0)
       haml (>= 4.0.5)
       kramdown (~> 1.2)
-      middleman-core (= 3.3.12)
+      middleman-core (= 3.4.0)
       middleman-sprockets (>= 3.1.2)
       sass (>= 3.4.0, < 4.0)
       uglifier (~> 2.5)
-    middleman-core (3.3.12)
-      activesupport (~> 4.1.0)
+    middleman-core (3.4.0)
+      activesupport (~> 4.1)
       bundler (~> 1.1)
+      capybara (~> 2.4.4)
       erubis
       hooks (~> 0.3)
       i18n (~> 0.7.0)
-      listen (>= 2.7.9, < 3.0)
+      listen (~> 3.0.3)
       padrino-helpers (~> 0.12.3)
       rack (>= 1.4.5, < 2.0)
-      rack-test (~> 0.6.2)
       thor (>= 0.15.2, < 2.0)
       tilt (~> 1.4.1, < 2.0)
-    middleman-livereload (3.4.2)
+    middleman-livereload (3.4.3)
       em-websocket (~> 0.5.1)
       middleman-core (>= 3.3)
       rack-livereload (~> 0.3.15)
@@ -119,8 +121,12 @@ GEM
     middleman-syntax (2.0.0)
       middleman-core (~> 3.2)
       rouge (~> 1.0)
-    minitest (5.7.0)
+    mime-types (2.6.2)
+    mini_portile (0.6.2)
+    minitest (5.8.1)
     multi_json (1.11.2)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
     padrino-helpers (0.12.5)
       i18n (~> 0.6, >= 0.6.7)
       padrino-support (= 0.12.5)
@@ -128,7 +134,7 @@ GEM
     padrino-support (0.12.5)
       activesupport (>= 3.1)
     rack (1.6.4)
-    rack-contrib (1.3.0)
+    rack-contrib (1.4.0)
       git-version-bump (~> 0.15)
       rack (~> 1.4)
     rack-livereload (0.3.16)
@@ -136,16 +142,16 @@ GEM
     rack-protection (1.5.3)
       rack
     rack-rewrite (1.5.1)
-    rack-ssl-enforcer (0.2.8)
+    rack-ssl-enforcer (0.2.9)
     rack-test (0.6.3)
       rack (>= 1.0)
-    rb-fsevent (0.9.5)
+    rb-fsevent (0.9.6)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
     redcarpet (3.3.2)
     ref (2.0.0)
-    rouge (1.9.1)
-    sass (3.4.16)
+    rouge (1.10.1)
+    sass (3.4.18)
     sprockets (2.12.4)
       hike (~> 1.2)
       multi_json (~> 1.0)
@@ -159,24 +165,27 @@ GEM
     therubyracer (0.12.2)
       libv8 (~> 3.16.14.0)
       ref
-    thin (1.6.3)
+    thin (1.6.4)
       daemons (~> 1.0, >= 1.0.9)
-      eventmachine (~> 1.0)
+      eventmachine (~> 1.0, >= 1.0.4)
       rack (~> 1.0)
     thor (0.19.1)
     thread_safe (0.3.5)
     tilt (1.4.1)
-    timers (4.0.1)
-      hitimes
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    uber (0.0.13)
-    uglifier (2.7.1)
+    uber (0.0.15)
+    uglifier (2.7.2)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
+    xpath (2.0.0)
+      nokogiri (~> 1.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   middleman-hashicorp!
+
+BUNDLED WITH
+   1.10.6

From 22c2d6cf21cec706143533a88ec67506f4d6c221 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 10:29:03 -0700
Subject: [PATCH 050/335] Fix up spacing

---
 website/Makefile                   | 8 ++++----
 website/source/layouts/_footer.erb | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/website/Makefile b/website/Makefile
index 6b32d222ac..ba2a5b1de5 100644
--- a/website/Makefile
+++ b/website/Makefile
@@ -1,11 +1,11 @@
 all:
-	build
+  build
 
 init:
-	bundle
+  bundle
 
 dev: init
-			bundle exec middleman server
+      bundle exec middleman server
 
 build: init
-				bundle exec middleman build
\ No newline at end of file
+        bundle exec middleman build
\ No newline at end of file
diff --git a/website/source/layouts/_footer.erb b/website/source/layouts/_footer.erb
index d2ea893fc7..c190d0879f 100644
--- a/website/source/layouts/_footer.erb
+++ b/website/source/layouts/_footer.erb
@@ -7,9 +7,9 @@
 						<li class="li-under"><a href="/intro/index.html">Intro</a></li>
 						<li class="active li-under"><a href="/docs/index.html">Docs</a></li>
 		        <li class="li-under"><a href="/community.html">Community</a></li>
-            <% if current_page.url != '/' %>
-              <li class="li-under"><a href="https://github.com/hashicorp/terraform/<%= github_path current_page %>">Edit this page</a></li>
-            <% end %>
+                <% if current_page.url != '/' %>
+                  <li class="li-under"><a href="https://github.com/hashicorp/terraform/<%= github_path current_page %>">Edit this page</a></li>
+                <% end %>
 					</ul>
 				</div>
 				<div class="footer-hashi col-sm-5 col-xs-12">

From 0bda98899ebe1c996598acd9c51676e2782423a4 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 10:59:16 -0700
Subject: [PATCH 051/335] Make wants tabs

---
 website/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/Makefile b/website/Makefile
index ba2a5b1de5..6b32d222ac 100644
--- a/website/Makefile
+++ b/website/Makefile
@@ -1,11 +1,11 @@
 all:
-  build
+	build
 
 init:
-  bundle
+	bundle
 
 dev: init
-      bundle exec middleman server
+			bundle exec middleman server
 
 build: init
-        bundle exec middleman build
\ No newline at end of file
+				bundle exec middleman build
\ No newline at end of file

From b593502dcbc89481e61a6699b8345f39dd04b2da Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 11:29:04 -0700
Subject: [PATCH 052/335] _footer spacing fix

---
 website/source/layouts/_footer.erb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/source/layouts/_footer.erb b/website/source/layouts/_footer.erb
index c190d0879f..791861e423 100644
--- a/website/source/layouts/_footer.erb
+++ b/website/source/layouts/_footer.erb
@@ -6,10 +6,10 @@
 					<ul class="footer-links nav navbar-nav">
 						<li class="li-under"><a href="/intro/index.html">Intro</a></li>
 						<li class="active li-under"><a href="/docs/index.html">Docs</a></li>
-		        <li class="li-under"><a href="/community.html">Community</a></li>
-                <% if current_page.url != '/' %>
-                  <li class="li-under"><a href="https://github.com/hashicorp/terraform/<%= github_path current_page %>">Edit this page</a></li>
-                <% end %>
+						<li class="li-under"><a href="/community.html">Community</a></li>
+						<% if current_page.url != '/' %>
+							<li class="li-under"><a href="https://github.com/hashicorp/terraform/<%= github_path current_page %>">Edit this page</a></li>
+						<% end %>
 					</ul>
 				</div>
 				<div class="footer-hashi col-sm-5 col-xs-12">

From 462167521e8c77d351cd9029df59655007b4f3f7 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 11:31:17 -0700
Subject: [PATCH 053/335] Single tab in makefile

---
 website/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/Makefile b/website/Makefile
index 6b32d222ac..bb857f17c2 100644
--- a/website/Makefile
+++ b/website/Makefile
@@ -5,7 +5,7 @@ init:
 	bundle
 
 dev: init
-			bundle exec middleman server
+	bundle exec middleman server
 
 build: init
-				bundle exec middleman build
\ No newline at end of file
+	bundle exec middleman build
\ No newline at end of file

From 2e89ac1da0c3108e54decf1d8601a7a5c5e0afdf Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Thu, 24 Sep 2015 11:48:52 -0700
Subject: [PATCH 054/335] fix Makefile

---
 website/Makefile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/website/Makefile b/website/Makefile
index bb857f17c2..63bb4cab10 100644
--- a/website/Makefile
+++ b/website/Makefile
@@ -1,5 +1,4 @@
-all:
-	build
+all: build
 
 init:
 	bundle

From 1aff3f4a4482c22a90c6bf148edc580baccc372f Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Thu, 24 Sep 2015 14:15:27 -0500
Subject: [PATCH 055/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4623ef61ee..6c488df6f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,8 @@ BUG FIXES:
   * provider/aws: Allow `weight = 0` in Route53 records [GH-3196]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
+  * provider/openstack: remove security groups (by name) before adding security
+      groups (by id) [GH-2008]
 
 ## 0.6.3 (August 11, 2015)
 

From 03d7c1fa7d8a4dc1e5bf190f6accbba6f1060b5b Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Thu, 24 Sep 2015 15:57:25 -0400
Subject: [PATCH 056/335] Allow for -1 for Zone ID, which is valid in
 CloudStack

---
 .../providers/cloudstack/resource_cloudstack_template.go | 9 +++++++--
 builtin/providers/cloudstack/resources.go                | 3 +++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index 15c6ebec46..139a1ef52f 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -219,9 +219,14 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("password_enabled", t.Passwordenabled)
 	d.Set("is_ready", t.Isready)
 
+	if t.Zoneid == "" {
+		d.Set("zone", "-1")
+	} else {
+		setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)
+	}
+	
 	setValueOrUUID(d, "os_type", t.Ostypename, t.Ostypeid)
-	setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)
-
+	
 	return nil
 }
 
diff --git a/builtin/providers/cloudstack/resources.go b/builtin/providers/cloudstack/resources.go
index cc826492f8..6e259ba5f8 100644
--- a/builtin/providers/cloudstack/resources.go
+++ b/builtin/providers/cloudstack/resources.go
@@ -53,6 +53,9 @@ func retrieveUUID(cs *cloudstack.CloudStackClient, name, value string) (uuid str
 	case "network":
 		uuid, err = cs.Network.GetNetworkID(value)
 	case "zone":
+		if value == "-1" {
+			return value, nil
+		}
 		uuid, err = cs.Zone.GetZoneID(value)
 	case "ipaddress":
 		p := cs.Address.NewListPublicIpAddressesParams()

From aa950be63bf5120fa1200824e0332fe0fde52b5b Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Thu, 24 Sep 2015 16:16:12 -0400
Subject: [PATCH 057/335] Use constant for global resources

---
 .../providers/cloudstack/resource_cloudstack_template.go    | 6 +++---
 builtin/providers/cloudstack/resources.go                   | 4 +++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index 139a1ef52f..6762e34676 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -219,12 +219,12 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("password_enabled", t.Passwordenabled)
 	d.Set("is_ready", t.Isready)
 
-	if t.Zoneid == "" {
-		d.Set("zone", "-1")
+	if t.Zoneid == IS_GLOBAL_RESOURCE {
+		setValueOrUUID(d, "zone", t.Zonename, IS_GLOBAL_RESOURCE)
 	} else {
 		setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)
 	}
-	
+
 	setValueOrUUID(d, "os_type", t.Ostypename, t.Ostypeid)
 	
 	return nil
diff --git a/builtin/providers/cloudstack/resources.go b/builtin/providers/cloudstack/resources.go
index 6e259ba5f8..954bfd36c6 100644
--- a/builtin/providers/cloudstack/resources.go
+++ b/builtin/providers/cloudstack/resources.go
@@ -10,6 +10,8 @@ import (
 	"github.com/xanzy/go-cloudstack/cloudstack"
 )
 
+const IS_GLOBAL_RESOURCE = "-1"
+
 type retrieveError struct {
 	name  string
 	value string
@@ -53,7 +55,7 @@ func retrieveUUID(cs *cloudstack.CloudStackClient, name, value string) (uuid str
 	case "network":
 		uuid, err = cs.Network.GetNetworkID(value)
 	case "zone":
-		if value == "-1" {
+		if value == IS_GLOBAL_RESOURCE {
 			return value, nil
 		}
 		uuid, err = cs.Zone.GetZoneID(value)

From 7b4bb968d62d7b64de60afabde30554f7e082d9d Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Thu, 24 Sep 2015 16:28:40 -0400
Subject: [PATCH 058/335] Add project parameter to cloudstack_template resource

---
 .../resource_cloudstack_template.go           | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index 6762e34676..a045816dd2 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -51,6 +51,12 @@ func resourceCloudStackTemplate() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"project": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
 			"zone": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
@@ -124,6 +130,17 @@ func resourceCloudStackTemplateCreate(d *schema.ResourceData, meta interface{})
 		return e.Error()
 	}
 
+	// If there is a project supplied, we retrieve and set the project id
+	if project, ok := d.GetOk("project"); ok {
+		// Retrieve the project UUID
+		projectid, e := retrieveUUID(cs, "project", project.(string))
+		if e != nil {
+			return e.Error()
+		}
+		// Set the default project ID
+		p.SetProjectid(projectid)
+	}
+
 	// Retrieve the zone UUID
 	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
@@ -219,6 +236,8 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("password_enabled", t.Passwordenabled)
 	d.Set("is_ready", t.Isready)
 
+	setValueOrUUID(d, "project", t.Project, t.Projectid)
+
 	if t.Zoneid == IS_GLOBAL_RESOURCE {
 		setValueOrUUID(d, "zone", t.Zonename, IS_GLOBAL_RESOURCE)
 	} else {

From 158af9d0d4a934f8900d05c6eca4423075c88db5 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Thu, 24 Sep 2015 16:30:12 -0400
Subject: [PATCH 059/335] Refactored wait code to delete duplicated code &
 share functionality

---
 builtin/providers/google/compute_operation.go | 158 ++++++++++++++++++
 builtin/providers/google/operation.go         |  82 ---------
 .../google/resource_compute_address.go        |  44 +----
 .../google/resource_compute_autoscaler.go     |  64 +------
 .../resource_compute_backend_service.go       |  64 +------
 .../providers/google/resource_compute_disk.go |  53 +-----
 .../google/resource_compute_firewall.go       |  61 +------
 .../resource_compute_forwarding_rule.go       |  66 +-------
 .../resource_compute_http_health_check.go     |  64 +------
 .../google/resource_compute_instance.go       |  39 +----
 ...resource_compute_instance_group_manager.go |  53 +-----
 .../resource_compute_instance_template.go     |  44 +----
 .../google/resource_compute_network.go        |  42 +----
 .../resource_compute_project_metadata.go      |  31 +---
 .../google/resource_compute_route.go          |  42 +----
 .../google/resource_compute_target_pool.go    |  69 ++------
 .../google/resource_compute_vpn_gateway.go    |   4 +-
 .../google/resource_compute_vpn_tunnel.go     |  30 +---
 18 files changed, 238 insertions(+), 772 deletions(-)
 create mode 100644 builtin/providers/google/compute_operation.go
 delete mode 100644 builtin/providers/google/operation.go

diff --git a/builtin/providers/google/compute_operation.go b/builtin/providers/google/compute_operation.go
new file mode 100644
index 0000000000..987e983b47
--- /dev/null
+++ b/builtin/providers/google/compute_operation.go
@@ -0,0 +1,158 @@
+package google
+
+import (
+	"bytes"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"google.golang.org/api/compute/v1"
+)
+
+// OperationWaitType is an enum specifying what type of operation
+// we're waiting on.
+type ComputeOperationWaitType byte
+
+const (
+	ComputeOperationWaitInvalid ComputeOperationWaitType = iota
+	ComputeOperationWaitGlobal
+	ComputeOperationWaitRegion
+	ComputeOperationWaitZone
+)
+
+type ComputeOperationWaiter struct {
+	Service *compute.Service
+	Op      *compute.Operation
+	Project string
+	Region  string
+	Type    ComputeOperationWaitType
+	Zone    string
+}
+
+func (w *ComputeOperationWaiter) RefreshFunc() resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		var op *compute.Operation
+		var err error
+
+		switch w.Type {
+		case ComputeOperationWaitGlobal:
+			op, err = w.Service.GlobalOperations.Get(
+				w.Project, w.Op.Name).Do()
+		case ComputeOperationWaitRegion:
+			op, err = w.Service.RegionOperations.Get(
+				w.Project, w.Region, w.Op.Name).Do()
+		case ComputeOperationWaitZone:
+			op, err = w.Service.ZoneOperations.Get(
+				w.Project, w.Zone, w.Op.Name).Do()
+		default:
+			return nil, "bad-type", fmt.Errorf(
+				"Invalid wait type: %#v", w.Type)
+		}
+
+		if err != nil {
+			return nil, "", err
+		}
+
+		log.Printf("[DEBUG] Got %q when asking for operation %q", op.Status, w.Op.Name)
+
+		return op, op.Status, nil
+	}
+}
+
+func (w *ComputeOperationWaiter) Conf() *resource.StateChangeConf {
+	return &resource.StateChangeConf{
+		Pending: []string{"PENDING", "RUNNING"},
+		Target:  "DONE",
+		Refresh: w.RefreshFunc(),
+	}
+}
+
+// ComputeOperationError wraps compute.OperationError and implements the
+// error interface so it can be returned.
+type ComputeOperationError compute.OperationError
+
+func (e ComputeOperationError) Error() string {
+	var buf bytes.Buffer
+
+	for _, err := range e.Errors {
+		buf.WriteString(err.Message + "\n")
+	}
+
+	return buf.String()
+}
+
+func computeOperationWaitGlobal(config *Config, op *compute.Operation, activity string) error {
+	w := &ComputeOperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    ComputeOperationWaitGlobal,
+	}
+
+	state := w.Conf()
+	state.Delay = 10 * time.Second
+	state.Timeout = 4 * time.Minute
+	state.MinTimeout = 2 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for %s: %s", activity, err)
+	}
+
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		return ComputeOperationError(*op.Error)
+	}
+
+	return nil
+}
+
+func computeOperationWaitRegion(config *Config, op *compute.Operation, region, activity string) error {
+	w := &ComputeOperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Type:    ComputeOperationWaitRegion,
+		Region:  region,
+	}
+
+	state := w.Conf()
+	state.Delay = 10 * time.Second
+	state.Timeout = 4 * time.Minute
+	state.MinTimeout = 2 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for %s: %s", activity, err)
+	}
+
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		return ComputeOperationError(*op.Error)
+	}
+
+	return nil
+}
+
+func computeOperationWaitZone(config *Config, op *compute.Operation, zone, activity string) error {
+	w := &ComputeOperationWaiter{
+		Service: config.clientCompute,
+		Op:      op,
+		Project: config.Project,
+		Zone:    zone,
+		Type:    ComputeOperationWaitZone,
+	}
+	state := w.Conf()
+	state.Delay = 10 * time.Second
+	state.Timeout = 4 * time.Minute
+	state.MinTimeout = 2 * time.Second
+	opRaw, err := state.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for %s: %s", activity, err)
+	}
+	op = opRaw.(*compute.Operation)
+	if op.Error != nil {
+		// Return the error
+		return ComputeOperationError(*op.Error)
+	}
+	return nil
+}
diff --git a/builtin/providers/google/operation.go b/builtin/providers/google/operation.go
deleted file mode 100644
index 0971e3f5bb..0000000000
--- a/builtin/providers/google/operation.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package google
-
-import (
-	"bytes"
-	"fmt"
-	"log"
-
-	"github.com/hashicorp/terraform/helper/resource"
-	"google.golang.org/api/compute/v1"
-)
-
-// OperationWaitType is an enum specifying what type of operation
-// we're waiting on.
-type OperationWaitType byte
-
-const (
-	OperationWaitInvalid OperationWaitType = iota
-	OperationWaitGlobal
-	OperationWaitRegion
-	OperationWaitZone
-)
-
-type OperationWaiter struct {
-	Service *compute.Service
-	Op      *compute.Operation
-	Project string
-	Region  string
-	Type    OperationWaitType
-	Zone    string
-}
-
-func (w *OperationWaiter) RefreshFunc() resource.StateRefreshFunc {
-	return func() (interface{}, string, error) {
-		var op *compute.Operation
-		var err error
-
-		switch w.Type {
-		case OperationWaitGlobal:
-			op, err = w.Service.GlobalOperations.Get(
-				w.Project, w.Op.Name).Do()
-		case OperationWaitRegion:
-			op, err = w.Service.RegionOperations.Get(
-				w.Project, w.Region, w.Op.Name).Do()
-		case OperationWaitZone:
-			op, err = w.Service.ZoneOperations.Get(
-				w.Project, w.Zone, w.Op.Name).Do()
-		default:
-			return nil, "bad-type", fmt.Errorf(
-				"Invalid wait type: %#v", w.Type)
-		}
-
-		if err != nil {
-			return nil, "", err
-		}
-
-		log.Printf("[DEBUG] Got %q when asking for operation %q", op.Status, w.Op.Name)
-
-		return op, op.Status, nil
-	}
-}
-
-func (w *OperationWaiter) Conf() *resource.StateChangeConf {
-	return &resource.StateChangeConf{
-		Pending: []string{"PENDING", "RUNNING"},
-		Target:  "DONE",
-		Refresh: w.RefreshFunc(),
-	}
-}
-
-// OperationError wraps compute.OperationError and implements the
-// error interface so it can be returned.
-type OperationError compute.OperationError
-
-func (e OperationError) Error() string {
-	var buf bytes.Buffer
-
-	for _, err := range e.Errors {
-		buf.WriteString(err.Message + "\n")
-	}
-
-	return buf.String()
-}
diff --git a/builtin/providers/google/resource_compute_address.go b/builtin/providers/google/resource_compute_address.go
index 721d67d140..0027df230f 100644
--- a/builtin/providers/google/resource_compute_address.go
+++ b/builtin/providers/google/resource_compute_address.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -65,28 +64,9 @@ func resourceComputeAddressCreate(d *schema.ResourceData, meta interface{}) erro
 	// It probably maybe worked, so store the ID now
 	d.SetId(addr.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Region:  region,
-		Type:    OperationWaitRegion,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitRegion(config, op, region, "Creating Address")
 	if err != nil {
-		return fmt.Errorf("Error waiting for address to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeAddressRead(d, meta)
@@ -128,25 +108,9 @@ func resourceComputeAddressDelete(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("Error deleting address: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Region:  region,
-		Type:    OperationWaitRegion,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitRegion(config, op, region, "Deleting Address")
 	if err != nil {
-		return fmt.Errorf("Error waiting for address to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_autoscaler.go b/builtin/providers/google/resource_compute_autoscaler.go
index 10b7c84efd..8539c62b30 100644
--- a/builtin/providers/google/resource_compute_autoscaler.go
+++ b/builtin/providers/google/resource_compute_autoscaler.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -224,28 +223,9 @@ func resourceComputeAutoscalerCreate(d *schema.ResourceData, meta interface{}) e
 	// It probably maybe worked, so store the ID now
 	d.SetId(scaler.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitZone,
-		Zone:    zone.Name,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitZone(config, op, zone.Name, "Creating Autoscaler")
 	if err != nil {
-		return fmt.Errorf("Error waiting for Autoscaler to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeAutoscalerRead(d, meta)
@@ -292,25 +272,9 @@ func resourceComputeAutoscalerUpdate(d *schema.ResourceData, meta interface{}) e
 	// It probably maybe worked, so store the ID now
 	d.SetId(scaler.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitZone,
-		Zone:    zone,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitZone(config, op, zone, "Updating Autoscaler")
 	if err != nil {
-		return fmt.Errorf("Error waiting for Autoscaler to update: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeAutoscalerRead(d, meta)
@@ -326,25 +290,9 @@ func resourceComputeAutoscalerDelete(d *schema.ResourceData, meta interface{}) e
 		return fmt.Errorf("Error deleting autoscaler: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitZone,
-		Zone:    zone,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitZone(config, op, zone, "Deleting Autoscaler")
 	if err != nil {
-		return fmt.Errorf("Error waiting for Autoscaler to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_backend_service.go b/builtin/providers/google/resource_compute_backend_service.go
index a8826f8e45..cbd722d38e 100644
--- a/builtin/providers/google/resource_compute_backend_service.go
+++ b/builtin/providers/google/resource_compute_backend_service.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"log"
 	"regexp"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -165,28 +164,9 @@ func resourceComputeBackendServiceCreate(d *schema.ResourceData, meta interface{
 
 	d.SetId(service.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Region:  config.Region,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Creating Backend Service")
 	if err != nil {
-		return fmt.Errorf("Error waiting for backend service to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeBackendServiceRead(d, meta)
@@ -261,25 +241,9 @@ func resourceComputeBackendServiceUpdate(d *schema.ResourceData, meta interface{
 
 	d.SetId(service.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Region:  config.Region,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Updating Backend Service")
 	if err != nil {
-		return fmt.Errorf("Error waiting for backend service to update: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeBackendServiceRead(d, meta)
@@ -295,25 +259,9 @@ func resourceComputeBackendServiceDelete(d *schema.ResourceData, meta interface{
 		return fmt.Errorf("Error deleting backend service: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Region:  config.Region,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Deleting Backend Service")
 	if err != nil {
-		return fmt.Errorf("Error waiting for backend service to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_disk.go b/builtin/providers/google/resource_compute_disk.go
index 7202e45d94..1118702d6c 100644
--- a/builtin/providers/google/resource_compute_disk.go
+++ b/builtin/providers/google/resource_compute_disk.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -128,37 +127,10 @@ func resourceComputeDiskCreate(d *schema.ResourceData, meta interface{}) error {
 	// It probably maybe worked, so store the ID now
 	d.SetId(disk.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Zone:    d.Get("zone").(string),
-		Type:    OperationWaitZone,
-	}
-	state := w.Conf()
-
-	if disk.SourceSnapshot != "" {
-		//creating disk from snapshot takes some time
-		state.Timeout = 10 * time.Minute
-	} else {
-		state.Timeout = 2 * time.Minute
-	}
-
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Creating Disk")
 	if err != nil {
-		return fmt.Errorf("Error waiting for disk to create: %s", err)
+		return err
 	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
-	}
-
 	return resourceComputeDiskRead(d, meta)
 }
 
@@ -193,25 +165,10 @@ func resourceComputeDiskDelete(d *schema.ResourceData, meta interface{}) error {
 		return fmt.Errorf("Error deleting disk: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Zone:    d.Get("zone").(string),
-		Type:    OperationWaitZone,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	zone := d.Get("zone").(string)
+	err = computeOperationWaitZone(config, op, zone, "Creating Disk")
 	if err != nil {
-		return fmt.Errorf("Error waiting for disk to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_firewall.go b/builtin/providers/google/resource_compute_firewall.go
index 2a2433a87d..1cec2c8265 100644
--- a/builtin/providers/google/resource_compute_firewall.go
+++ b/builtin/providers/google/resource_compute_firewall.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"fmt"
 	"sort"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -135,27 +134,9 @@ func resourceComputeFirewallCreate(d *schema.ResourceData, meta interface{}) err
 	// It probably maybe worked, so store the ID now
 	d.SetId(firewall.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Creating Firewall")
 	if err != nil {
-		return fmt.Errorf("Error waiting for firewall to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeFirewallRead(d, meta)
@@ -198,24 +179,9 @@ func resourceComputeFirewallUpdate(d *schema.ResourceData, meta interface{}) err
 		return fmt.Errorf("Error updating firewall: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Updating Firewall")
 	if err != nil {
-		return fmt.Errorf("Error waiting for firewall to update: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.Partial(false)
@@ -233,24 +199,9 @@ func resourceComputeFirewallDelete(d *schema.ResourceData, meta interface{}) err
 		return fmt.Errorf("Error deleting firewall: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Deleting Firewall")
 	if err != nil {
-		return fmt.Errorf("Error waiting for firewall to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_forwarding_rule.go b/builtin/providers/google/resource_compute_forwarding_rule.go
index 0c905ead70..ac4851e51b 100644
--- a/builtin/providers/google/resource_compute_forwarding_rule.go
+++ b/builtin/providers/google/resource_compute_forwarding_rule.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -94,28 +93,9 @@ func resourceComputeForwardingRuleCreate(d *schema.ResourceData, meta interface{
 	// It probably maybe worked, so store the ID now
 	d.SetId(frule.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Region:  region,
-		Project: config.Project,
-		Type:    OperationWaitRegion,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitRegion(config, op, region, "Creating Fowarding Rule")
 	if err != nil {
-		return fmt.Errorf("Error waiting for ForwardingRule to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeForwardingRuleRead(d, meta)
@@ -137,29 +117,11 @@ func resourceComputeForwardingRuleUpdate(d *schema.ResourceData, meta interface{
 			return fmt.Errorf("Error updating target: %s", err)
 		}
 
-		// Wait for the operation to complete
-		w := &OperationWaiter{
-			Service: config.clientCompute,
-			Op:      op,
-			Region:  region,
-			Project: config.Project,
-			Type:    OperationWaitRegion,
-		}
-		state := w.Conf()
-		state.Timeout = 2 * time.Minute
-		state.MinTimeout = 1 * time.Second
-		opRaw, err := state.WaitForState()
+		err = computeOperationWaitRegion(config, op, region, "Updating Forwarding Rule")
 		if err != nil {
-			return fmt.Errorf("Error waiting for ForwardingRule to update target: %s", err)
+			return err
 		}
-		op = opRaw.(*compute.Operation)
-		if op.Error != nil {
-			// The resource didn't actually create
-			d.SetId("")
 
-			// Return the error
-			return OperationError(*op.Error)
-		}
 		d.SetPartial("target")
 	}
 
@@ -206,25 +168,9 @@ func resourceComputeForwardingRuleDelete(d *schema.ResourceData, meta interface{
 		return fmt.Errorf("Error deleting ForwardingRule: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Region:  region,
-		Project: config.Project,
-		Type:    OperationWaitRegion,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitRegion(config, op, region, "Deleting Forwarding Rule")
 	if err != nil {
-		return fmt.Errorf("Error waiting for ForwardingRule to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_http_health_check.go b/builtin/providers/google/resource_compute_http_health_check.go
index 4dfe3a03d1..c53267afda 100644
--- a/builtin/providers/google/resource_compute_http_health_check.go
+++ b/builtin/providers/google/resource_compute_http_health_check.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -121,27 +120,9 @@ func resourceComputeHttpHealthCheckCreate(d *schema.ResourceData, meta interface
 	// It probably maybe worked, so store the ID now
 	d.SetId(hchk.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Creating Http Health Check")
 	if err != nil {
-		return fmt.Errorf("Error waiting for HttpHealthCheck to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeHttpHealthCheckRead(d, meta)
@@ -190,27 +171,9 @@ func resourceComputeHttpHealthCheckUpdate(d *schema.ResourceData, meta interface
 	// It probably maybe worked, so store the ID now
 	d.SetId(hchk.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Updating Http Health Check")
 	if err != nil {
-		return fmt.Errorf("Error waiting for HttpHealthCheck to patch: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeHttpHealthCheckRead(d, meta)
@@ -254,24 +217,9 @@ func resourceComputeHttpHealthCheckDelete(d *schema.ResourceData, meta interface
 		return fmt.Errorf("Error deleting HttpHealthCheck: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Deleting Http Health Check")
 	if err != nil {
-		return fmt.Errorf("Error waiting for HttpHealthCheck to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_instance.go b/builtin/providers/google/resource_compute_instance.go
index 2a03a7f946..9879646413 100644
--- a/builtin/providers/google/resource_compute_instance.go
+++ b/builtin/providers/google/resource_compute_instance.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -273,32 +272,6 @@ func getInstance(config *Config, d *schema.ResourceData) (*compute.Instance, err
 	return instance, nil
 }
 
-func resourceOperationWaitZone(
-	config *Config, op *compute.Operation, zone string, activity string) error {
-
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Zone:    zone,
-		Type:    OperationWaitZone,
-	}
-	state := w.Conf()
-	state.Delay = 10 * time.Second
-	state.Timeout = 10 * time.Minute
-	state.MinTimeout = 2 * time.Second
-	opRaw, err := state.WaitForState()
-	if err != nil {
-		return fmt.Errorf("Error waiting for %s: %s", activity, err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
-	}
-	return nil
-}
-
 func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
@@ -521,7 +494,7 @@ func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) err
 	d.SetId(instance.Name)
 
 	// Wait for the operation to complete
-	waitErr := resourceOperationWaitZone(config, op, zone.Name, "instance to create")
+	waitErr := computeOperationWaitZone(config, op, zone.Name, "instance to create")
 	if waitErr != nil {
 		// The resource didn't actually create
 		d.SetId("")
@@ -703,7 +676,7 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 				return fmt.Errorf("Error updating metadata: %s", err)
 			}
 
-			opErr := resourceOperationWaitZone(config, op, zone, "metadata to update")
+			opErr := computeOperationWaitZone(config, op, zone, "metadata to update")
 			if opErr != nil {
 				return opErr
 			}
@@ -723,7 +696,7 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 			return fmt.Errorf("Error updating tags: %s", err)
 		}
 
-		opErr := resourceOperationWaitZone(config, op, zone, "tags to update")
+		opErr := computeOperationWaitZone(config, op, zone, "tags to update")
 		if opErr != nil {
 			return opErr
 		}
@@ -764,7 +737,7 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 					if err != nil {
 						return fmt.Errorf("Error deleting old access_config: %s", err)
 					}
-					opErr := resourceOperationWaitZone(config, op, zone, "old access_config to delete")
+					opErr := computeOperationWaitZone(config, op, zone, "old access_config to delete")
 					if opErr != nil {
 						return opErr
 					}
@@ -783,7 +756,7 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 					if err != nil {
 						return fmt.Errorf("Error adding new access_config: %s", err)
 					}
-					opErr := resourceOperationWaitZone(config, op, zone, "new access_config to add")
+					opErr := computeOperationWaitZone(config, op, zone, "new access_config to add")
 					if opErr != nil {
 						return opErr
 					}
@@ -809,7 +782,7 @@ func resourceComputeInstanceDelete(d *schema.ResourceData, meta interface{}) err
 	}
 
 	// Wait for the operation to complete
-	opErr := resourceOperationWaitZone(config, op, zone, "instance to delete")
+	opErr := computeOperationWaitZone(config, op, zone, "instance to delete")
 	if opErr != nil {
 		return opErr
 	}
diff --git a/builtin/providers/google/resource_compute_instance_group_manager.go b/builtin/providers/google/resource_compute_instance_group_manager.go
index 9651c935fa..ed48b26d51 100644
--- a/builtin/providers/google/resource_compute_instance_group_manager.go
+++ b/builtin/providers/google/resource_compute_instance_group_manager.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"google.golang.org/api/compute/v1"
 	"google.golang.org/api/googleapi"
@@ -82,26 +81,6 @@ func resourceComputeInstanceGroupManager() *schema.Resource {
 	}
 }
 
-func waitOpZone(config *Config, op *compute.Operation, zone string,
-	resource string, action string) (*compute.Operation, error) {
-
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Zone:    zone,
-		Type:    OperationWaitZone,
-	}
-	state := w.Conf()
-	state.Timeout = 8 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
-	if err != nil {
-		return nil, fmt.Errorf("Error waiting for %s to %s: %s", resource, action, err)
-	}
-	return opRaw.(*compute.Operation), nil
-}
-
 func resourceComputeInstanceGroupManagerCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
@@ -143,16 +122,10 @@ func resourceComputeInstanceGroupManagerCreate(d *schema.ResourceData, meta inte
 	d.SetId(manager.Name)
 
 	// Wait for the operation to complete
-	op, err = waitOpZone(config, op, d.Get("zone").(string), "InstanceGroupManager", "create")
+	err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Creating InstanceGroupManager")
 	if err != nil {
 		return err
 	}
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-		// Return the error
-		return OperationError(*op.Error)
-	}
 
 	return resourceComputeInstanceGroupManagerRead(d, meta)
 }
@@ -208,13 +181,10 @@ func resourceComputeInstanceGroupManagerUpdate(d *schema.ResourceData, meta inte
 		}
 
 		// Wait for the operation to complete
-		op, err = waitOpZone(config, op, d.Get("zone").(string), "InstanceGroupManager", "update TargetPools")
+		err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Updating InstanceGroupManager")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
 
 		d.SetPartial("target_pools")
 	}
@@ -233,13 +203,10 @@ func resourceComputeInstanceGroupManagerUpdate(d *schema.ResourceData, meta inte
 		}
 
 		// Wait for the operation to complete
-		op, err = waitOpZone(config, op, d.Get("zone").(string), "InstanceGroupManager", "update instance template")
+		err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Updating InstanceGroupManager")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
 
 		d.SetPartial("instance_template")
 	}
@@ -257,13 +224,10 @@ func resourceComputeInstanceGroupManagerUpdate(d *schema.ResourceData, meta inte
 			}
 
 			// Wait for the operation to complete
-			op, err = waitOpZone(config, op, d.Get("zone").(string), "InstanceGroupManager", "update target_size")
+			err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Updating InstanceGroupManager")
 			if err != nil {
 				return err
 			}
-			if op.Error != nil {
-				return OperationError(*op.Error)
-			}
 		}
 
 		d.SetPartial("target_size")
@@ -284,17 +248,10 @@ func resourceComputeInstanceGroupManagerDelete(d *schema.ResourceData, meta inte
 	}
 
 	// Wait for the operation to complete
-	op, err = waitOpZone(config, op, d.Get("zone").(string), "InstanceGroupManager", "delete")
+	err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Deleting InstanceGroupManager")
 	if err != nil {
 		return err
 	}
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
-	}
 
 	d.SetId("")
 	return nil
diff --git a/builtin/providers/google/resource_compute_instance_template.go b/builtin/providers/google/resource_compute_instance_template.go
index 060f4bb393..c0e367c169 100644
--- a/builtin/providers/google/resource_compute_instance_template.go
+++ b/builtin/providers/google/resource_compute_instance_template.go
@@ -2,7 +2,6 @@ package google
 
 import (
 	"fmt"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -401,28 +400,9 @@ func resourceComputeInstanceTemplateCreate(d *schema.ResourceData, meta interfac
 	// Store the ID now
 	d.SetId(instanceTemplate.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Delay = 10 * time.Second
-	state.Timeout = 10 * time.Minute
-	state.MinTimeout = 2 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Creating Instance Template")
 	if err != nil {
-		return fmt.Errorf("Error waiting for instance template to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeInstanceTemplateRead(d, meta)
@@ -467,25 +447,9 @@ func resourceComputeInstanceTemplateDelete(d *schema.ResourceData, meta interfac
 		return fmt.Errorf("Error deleting instance template: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Delay = 5 * time.Second
-	state.Timeout = 5 * time.Minute
-	state.MinTimeout = 2 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Deleting Instance Template")
 	if err != nil {
-		return fmt.Errorf("Error waiting for instance template to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_network.go b/builtin/providers/google/resource_compute_network.go
index 5e581eff21..5a61f2ad65 100644
--- a/builtin/providers/google/resource_compute_network.go
+++ b/builtin/providers/google/resource_compute_network.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -60,27 +59,9 @@ func resourceComputeNetworkCreate(d *schema.ResourceData, meta interface{}) erro
 	// It probably maybe worked, so store the ID now
 	d.SetId(network.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Creating Network")
 	if err != nil {
-		return fmt.Errorf("Error waiting for network to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeNetworkRead(d, meta)
@@ -118,24 +99,9 @@ func resourceComputeNetworkDelete(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("Error deleting network: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Deleting Network")
 	if err != nil {
-		return fmt.Errorf("Error waiting for network to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_project_metadata.go b/builtin/providers/google/resource_compute_project_metadata.go
index 3471d9110c..83b6fb0dfd 100644
--- a/builtin/providers/google/resource_compute_project_metadata.go
+++ b/builtin/providers/google/resource_compute_project_metadata.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	//	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -30,30 +29,6 @@ func resourceComputeProjectMetadata() *schema.Resource {
 	}
 }
 
-func resourceOperationWaitGlobal(config *Config, op *compute.Operation, activity string) error {
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
-	if err != nil {
-		return fmt.Errorf("Error waiting for %s: %s", activity, err)
-	}
-
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		return OperationError(*op.Error)
-	}
-
-	return nil
-}
-
 func resourceComputeProjectMetadataCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
@@ -92,7 +67,7 @@ func resourceComputeProjectMetadataCreate(d *schema.ResourceData, meta interface
 
 		log.Printf("[DEBUG] SetCommonMetadata: %d (%s)", op.Id, op.SelfLink)
 
-		return resourceOperationWaitGlobal(config, op, "SetCommonMetadata")
+		return computeOperationWaitGlobal(config, op, "SetCommonMetadata")
 	}
 
 	err := MetadataRetryWrapper(createMD)
@@ -153,7 +128,7 @@ func resourceComputeProjectMetadataUpdate(d *schema.ResourceData, meta interface
 			// Optimistic locking requires the fingerprint received to match
 			// the fingerprint we send the server, if there is a mismatch then we
 			// are working on old data, and must retry
-			return resourceOperationWaitGlobal(config, op, "SetCommonMetadata")
+			return computeOperationWaitGlobal(config, op, "SetCommonMetadata")
 		}
 
 		err := MetadataRetryWrapper(updateMD)
@@ -186,7 +161,7 @@ func resourceComputeProjectMetadataDelete(d *schema.ResourceData, meta interface
 
 	log.Printf("[DEBUG] SetCommonMetadata: %d (%s)", op.Id, op.SelfLink)
 
-	err = resourceOperationWaitGlobal(config, op, "SetCommonMetadata")
+	err = computeOperationWaitGlobal(config, op, "SetCommonMetadata")
 	if err != nil {
 		return err
 	}
diff --git a/builtin/providers/google/resource_compute_route.go b/builtin/providers/google/resource_compute_route.go
index 53176c8719..82b43d3580 100644
--- a/builtin/providers/google/resource_compute_route.go
+++ b/builtin/providers/google/resource_compute_route.go
@@ -3,7 +3,6 @@ package google
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -171,27 +170,9 @@ func resourceComputeRouteCreate(d *schema.ResourceData, meta interface{}) error
 	// It probably maybe worked, so store the ID now
 	d.SetId(route.Name)
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Creating Route")
 	if err != nil {
-		return fmt.Errorf("Error waiting for route to create: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	return resourceComputeRouteRead(d, meta)
@@ -228,24 +209,9 @@ func resourceComputeRouteDelete(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("Error deleting route: %s", err)
 	}
 
-	// Wait for the operation to complete
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitGlobal,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
+	err = computeOperationWaitGlobal(config, op, "Deleting Route")
 	if err != nil {
-		return fmt.Errorf("Error waiting for route to delete: %s", err)
-	}
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		// Return the error
-		return OperationError(*op.Error)
+		return err
 	}
 
 	d.SetId("")
diff --git a/builtin/providers/google/resource_compute_target_pool.go b/builtin/providers/google/resource_compute_target_pool.go
index 83611e2bd2..37af4a1e7f 100644
--- a/builtin/providers/google/resource_compute_target_pool.go
+++ b/builtin/providers/google/resource_compute_target_pool.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"
 	"strings"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/compute/v1"
@@ -79,26 +78,6 @@ func convertStringArr(ifaceArr []interface{}) []string {
 	return arr
 }
 
-func waitOp(config *Config, op *compute.Operation,
-	resource string, action string) (*compute.Operation, error) {
-
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Region:  config.Region,
-		Project: config.Project,
-		Type:    OperationWaitRegion,
-	}
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
-	if err != nil {
-		return nil, fmt.Errorf("Error waiting for %s to %s: %s", resource, action, err)
-	}
-	return opRaw.(*compute.Operation), nil
-}
-
 // Healthchecks need to exist before being referred to from the target pool.
 func convertHealthChecks(config *Config, names []string) ([]string, error) {
 	urls := make([]string, len(names))
@@ -171,16 +150,10 @@ func resourceComputeTargetPoolCreate(d *schema.ResourceData, meta interface{}) e
 	// It probably maybe worked, so store the ID now
 	d.SetId(tpool.Name)
 
-	op, err = waitOp(config, op, "TargetPool", "create")
+	err = computeOperationWaitRegion(config, op, config.Region, "Creating Target Pool")
 	if err != nil {
 		return err
 	}
-	if op.Error != nil {
-		// The resource didn't actually create
-		d.SetId("")
-		// Return the error
-		return OperationError(*op.Error)
-	}
 
 	return resourceComputeTargetPoolRead(d, meta)
 }
@@ -246,14 +219,11 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 		if err != nil {
 			return fmt.Errorf("Error updating health_check: %s", err)
 		}
-		op, err = waitOp(config, op, "TargetPool", "removing HealthChecks")
+
+		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
-
 		addReq := &compute.TargetPoolsAddHealthCheckRequest{
 			HealthChecks: make([]*compute.HealthCheckReference, len(add)),
 		}
@@ -265,14 +235,11 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 		if err != nil {
 			return fmt.Errorf("Error updating health_check: %s", err)
 		}
-		op, err = waitOp(config, op, "TargetPool", "adding HealthChecks")
+
+		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
-
 		d.SetPartial("health_checks")
 	}
 
@@ -302,14 +269,11 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 		if err != nil {
 			return fmt.Errorf("Error updating instances: %s", err)
 		}
-		op, err = waitOp(config, op, "TargetPool", "adding instances")
+
+		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
-
 		removeReq := &compute.TargetPoolsRemoveInstanceRequest{
 			Instances: make([]*compute.InstanceReference, len(remove)),
 		}
@@ -321,14 +285,11 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 		if err != nil {
 			return fmt.Errorf("Error updating instances: %s", err)
 		}
-		op, err = waitOp(config, op, "TargetPool", "removing instances")
+
+		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
-
 		d.SetPartial("instances")
 	}
 
@@ -343,14 +304,10 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 			return fmt.Errorf("Error updating backup_pool: %s", err)
 		}
 
-		op, err = waitOp(config, op, "TargetPool", "updating backup_pool")
+		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
-		if op.Error != nil {
-			return OperationError(*op.Error)
-		}
-
 		d.SetPartial("backup_pool")
 	}
 
@@ -390,14 +347,10 @@ func resourceComputeTargetPoolDelete(d *schema.ResourceData, meta interface{}) e
 		return fmt.Errorf("Error deleting TargetPool: %s", err)
 	}
 
-	op, err = waitOp(config, op, "TargetPool", "delete")
+	err = computeOperationWaitRegion(config, op, config.Region, "Deleting Target Pool")
 	if err != nil {
 		return err
 	}
-	if op.Error != nil {
-		return OperationError(*op.Error)
-	}
-
 	d.SetId("")
 	return nil
 }
diff --git a/builtin/providers/google/resource_compute_vpn_gateway.go b/builtin/providers/google/resource_compute_vpn_gateway.go
index 01a6c4b94a..ba25aeb1f2 100644
--- a/builtin/providers/google/resource_compute_vpn_gateway.go
+++ b/builtin/providers/google/resource_compute_vpn_gateway.go
@@ -69,7 +69,7 @@ func resourceComputeVpnGatewayCreate(d *schema.ResourceData, meta interface{}) e
 		return fmt.Errorf("Error Inserting VPN Gateway %s into network %s: %s", name, network, err)
 	}
 
-	err = resourceOperationWaitRegion(config, op, region, "Inserting VPN Gateway")
+	err = computeOperationWaitRegion(config, op, region, "Inserting VPN Gateway")
 	if err != nil {
 		return fmt.Errorf("Error Waiting to Insert VPN Gateway %s into network %s: %s", name, network, err)
 	}
@@ -111,7 +111,7 @@ func resourceComputeVpnGatewayDelete(d *schema.ResourceData, meta interface{}) e
 		return fmt.Errorf("Error Reading VPN Gateway %s: %s", name, err)
 	}
 
-	err = resourceOperationWaitRegion(config, op, region, "Deleting VPN Gateway")
+	err = computeOperationWaitRegion(config, op, region, "Deleting VPN Gateway")
 	if err != nil {
 		return fmt.Errorf("Error Waiting to Delete VPN Gateway %s: %s", name, err)
 	}
diff --git a/builtin/providers/google/resource_compute_vpn_tunnel.go b/builtin/providers/google/resource_compute_vpn_tunnel.go
index 55848d5463..172f96a907 100644
--- a/builtin/providers/google/resource_compute_vpn_tunnel.go
+++ b/builtin/providers/google/resource_compute_vpn_tunnel.go
@@ -2,7 +2,6 @@ package google
 
 import (
 	"fmt"
-	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -66,31 +65,6 @@ func resourceComputeVpnTunnel() *schema.Resource {
 	}
 }
 
-func resourceOperationWaitRegion(config *Config, op *compute.Operation, region, activity string) error {
-	w := &OperationWaiter{
-		Service: config.clientCompute,
-		Op:      op,
-		Project: config.Project,
-		Type:    OperationWaitRegion,
-		Region:  region,
-	}
-
-	state := w.Conf()
-	state.Timeout = 2 * time.Minute
-	state.MinTimeout = 1 * time.Second
-	opRaw, err := state.WaitForState()
-	if err != nil {
-		return fmt.Errorf("Error waiting for %s: %s", activity, err)
-	}
-
-	op = opRaw.(*compute.Operation)
-	if op.Error != nil {
-		return OperationError(*op.Error)
-	}
-
-	return nil
-}
-
 func resourceComputeVpnTunnelCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
@@ -125,7 +99,7 @@ func resourceComputeVpnTunnelCreate(d *schema.ResourceData, meta interface{}) er
 		return fmt.Errorf("Error Inserting VPN Tunnel %s : %s", name, err)
 	}
 
-	err = resourceOperationWaitRegion(config, op, region, "Inserting VPN Tunnel")
+	err = computeOperationWaitRegion(config, op, region, "Inserting VPN Tunnel")
 	if err != nil {
 		return fmt.Errorf("Error Waiting to Insert VPN Tunnel %s: %s", name, err)
 	}
@@ -169,7 +143,7 @@ func resourceComputeVpnTunnelDelete(d *schema.ResourceData, meta interface{}) er
 		return fmt.Errorf("Error Reading VPN Tunnel %s: %s", name, err)
 	}
 
-	err = resourceOperationWaitRegion(config, op, region, "Deleting VPN Tunnel")
+	err = computeOperationWaitRegion(config, op, region, "Deleting VPN Tunnel")
 	if err != nil {
 		return fmt.Errorf("Error Waiting to Delete VPN Tunnel %s: %s", name, err)
 	}

From 140b3377f43ba55ea427bc66ad358d8f087b3411 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Thu, 24 Sep 2015 15:37:02 -0500
Subject: [PATCH 060/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c488df6f3..789d760764 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,7 @@ IMPROVEMENTS:
 BUG FIXES:
 
   * core: Fix problems referencing list attributes in interpolations [GH-2157]
+  * core: don't error on computed value during input walk [GH-2988]
   * provider/google: Crashes with interface conversion in GCE Instance Template [GH-3027]
   * provider/google: Convert int to int64 when building the GKE cluster.NodeConfig struct [GH-2978]
   * provider/aws: Retry creation of `aws_ecs_service` if IAM policy isn't ready yet [GH-3061]

From fc89f576ca2acf6d1d1446da2999542af8a70233 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Thu, 24 Sep 2015 16:49:21 -0400
Subject: [PATCH 061/335] Change IS_GLOBAL_RESOURCE to UnlimitedResourceID to
 keep terminology in sync with CloudStack

---
 builtin/providers/cloudstack/resource_cloudstack_template.go | 4 ++--
 builtin/providers/cloudstack/resources.go                    | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index a045816dd2..2d5c42497d 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -238,8 +238,8 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 
 	setValueOrUUID(d, "project", t.Project, t.Projectid)
 
-	if t.Zoneid == IS_GLOBAL_RESOURCE {
-		setValueOrUUID(d, "zone", t.Zonename, IS_GLOBAL_RESOURCE)
+	if t.Zoneid == UnlimitedResourceID {
+		setValueOrUUID(d, "zone", t.Zonename, UnlimitedResourceID)
 	} else {
 		setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)
 	}
diff --git a/builtin/providers/cloudstack/resources.go b/builtin/providers/cloudstack/resources.go
index 954bfd36c6..02d7a81eca 100644
--- a/builtin/providers/cloudstack/resources.go
+++ b/builtin/providers/cloudstack/resources.go
@@ -10,7 +10,8 @@ import (
 	"github.com/xanzy/go-cloudstack/cloudstack"
 )
 
-const IS_GLOBAL_RESOURCE = "-1"
+// CloudStack uses a "special" ID of -1 to define an unlimited resource
+const UnlimitedResourceID = "-1"
 
 type retrieveError struct {
 	name  string
@@ -55,7 +56,7 @@ func retrieveUUID(cs *cloudstack.CloudStackClient, name, value string) (uuid str
 	case "network":
 		uuid, err = cs.Network.GetNetworkID(value)
 	case "zone":
-		if value == IS_GLOBAL_RESOURCE {
+		if value == UnlimitedResourceID {
 			return value, nil
 		}
 		uuid, err = cs.Zone.GetZoneID(value)

From 7852248f0eeb0564501d059bbbc127f27b3bb680 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Thu, 24 Sep 2015 17:04:45 -0400
Subject: [PATCH 062/335] Moved project block down

---
 .../resource_cloudstack_template.go           | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index 2d5c42497d..12de2152a5 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -130,17 +130,6 @@ func resourceCloudStackTemplateCreate(d *schema.ResourceData, meta interface{})
 		return e.Error()
 	}
 
-	// If there is a project supplied, we retrieve and set the project id
-	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
-		if e != nil {
-			return e.Error()
-		}
-		// Set the default project ID
-		p.SetProjectid(projectid)
-	}
-
 	// Retrieve the zone UUID
 	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
@@ -178,6 +167,17 @@ func resourceCloudStackTemplateCreate(d *schema.ResourceData, meta interface{})
 		p.SetPasswordenabled(v.(bool))
 	}
 
+	// If there is a project supplied, we retrieve and set the project id
+	if project, ok := d.GetOk("project"); ok {
+		// Retrieve the project UUID
+		projectid, e := retrieveUUID(cs, "project", project.(string))
+		if e != nil {
+			return e.Error()
+		}
+		// Set the default project ID
+		p.SetProjectid(projectid)
+	}
+
 	// Create the new template
 	r, err := cs.Template.RegisterTemplate(p)
 	if err != nil {

From 70522fb7708a0fec078098ab33f799cf0afcc126 Mon Sep 17 00:00:00 2001
From: Gorka Lerchundi Osa <glertxundi@gmail.com>
Date: Fri, 25 Sep 2015 09:23:36 +0200
Subject: [PATCH 063/335] implements base64{enc,dec} interpolation funcs

fixes #3320

Signed-off-by: Gorka Lerchundi Osa <glertxundi@gmail.com>
---
 config/interpolate_funcs.go      | 33 ++++++++++++++++++++++++++++++++
 config/interpolate_funcs_test.go | 33 ++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index bbe2b84349..4778f1ec6a 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"bytes"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -29,6 +30,8 @@ func init() {
 		"length":     interpolationFuncLength(),
 		"replace":    interpolationFuncReplace(),
 		"split":      interpolationFuncSplit(),
+		"base64enc":  interpolationFuncBase64Encode(),
+		"base64dec":  interpolationFuncBase64Decode(),
 	}
 }
 
@@ -392,3 +395,33 @@ func interpolationFuncValues(vs map[string]ast.Variable) ast.Function {
 		},
 	}
 }
+
+// interpolationFuncBase64Encode implements the "base64enc" function that allows
+// Base64 encoding.
+func interpolationFuncBase64Encode() ast.Function {
+	return ast.Function{
+		ArgTypes:   []ast.Type{ast.TypeString},
+		ReturnType: ast.TypeString,
+		Callback: func(args []interface{}) (interface{}, error) {
+			s := args[0].(string)
+			return base64.StdEncoding.EncodeToString([]byte(s)), nil
+		},
+	}
+}
+
+// interpolationFuncBase64Decode implements the "base64dec" function that allows
+// Base64 decoding.
+func interpolationFuncBase64Decode() ast.Function {
+	return ast.Function{
+		ArgTypes:   []ast.Type{ast.TypeString},
+		ReturnType: ast.TypeString,
+		Callback: func(args []interface{}) (interface{}, error) {
+			s := args[0].(string)
+			sDec, err := base64.StdEncoding.DecodeString(s)
+			if err != nil {
+				return "", fmt.Errorf("failed to decode base64 data '%s'", s)
+			}
+			return string(sDec), nil
+		},
+	}
+}
diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index 05f84c201d..773f92c99c 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -584,6 +584,39 @@ func TestInterpolateFuncElement(t *testing.T) {
 	})
 }
 
+func TestInterpolateFuncBase64Encode(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			// Regular base64 encoding
+			{
+				`${base64enc("abc123!?$*&()'-=@~")}`,
+				"YWJjMTIzIT8kKiYoKSctPUB+",
+				false,
+			},
+		},
+	})
+}
+
+func TestInterpolateFuncBase64Decode(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			// Regular base64 decoding
+			{
+				`${base64dec("YWJjMTIzIT8kKiYoKSctPUB+")}`,
+				"abc123!?$*&()'-=@~",
+				false,
+			},
+
+			// Invalid base64 data decoding
+			{
+				`${base64dec("this-is-an-invalid-base64-data")}`,
+				nil,
+				true,
+			},
+		},
+	})
+}
+
 type testFunctionConfig struct {
 	Cases []testFunctionCase
 	Vars  map[string]ast.Variable

From 4e2902582000713ced99e7abd916821bb3c75daf Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Fri, 25 Sep 2015 10:51:53 +0100
Subject: [PATCH 064/335] docs: rundeck: Remove extra backslashes

 - it may not feel right, but that's currently how the builtin functions work -> double quotes are not escaped
 - cc @apparentlymart
---
 website/source/docs/providers/rundeck/r/private_key.html.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/rundeck/r/private_key.html.md b/website/source/docs/providers/rundeck/r/private_key.html.md
index 1850f588e8..3d74aaf1d1 100644
--- a/website/source/docs/providers/rundeck/r/private_key.html.md
+++ b/website/source/docs/providers/rundeck/r/private_key.html.md
@@ -17,7 +17,7 @@ it runs commands.
 ```
 resource "rundeck_private_key" "anvils" {
     path = "anvils/id_rsa"
-    key_material = "${file(\"/id_rsa\")}"
+    key_material = "${file("/id_rsa")}"
 }
 ```
 

From 6bd40a7bf400c06394fa634db37e054a72a4eeae Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Fri, 25 Sep 2015 16:42:31 -0400
Subject: [PATCH 065/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 789d760764..7d7d3c8a3e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@ BUG FIXES:
   * core: don't error on computed value during input walk [GH-2988]
   * provider/google: Crashes with interface conversion in GCE Instance Template [GH-3027]
   * provider/google: Convert int to int64 when building the GKE cluster.NodeConfig struct [GH-2978]
+  * provider/google: google_compute_instance_template.network_interface.network should be a URL [GH-3226]
   * provider/aws: Retry creation of `aws_ecs_service` if IAM policy isn't ready yet [GH-3061]
   * provider/aws: Fix issue with mixed capitalization for RDS Instances  [GH-3053]
   * provider/aws: Fix issue with RDS to allow major version upgrades [GH-3053]

From 20362e750614e1e0741f4b794d47ab716e51d9e7 Mon Sep 17 00:00:00 2001
From: Joel Moss <joel@developwithstyle.com>
Date: Sat, 26 Sep 2015 00:56:24 +0100
Subject: [PATCH 066/335] Added Policyfile support to the Chef provisioner

This Adds three new arguments `use_policyfile`, `policy_group` and `policy_name` to the Chef
provisioner. If `use_policyfile` == true, then the other arguments are required.
---
 .../chef/linux_provisioner_test.go            |  2 ++
 .../provisioners/chef/resource_provisioner.go | 29 +++++++++++++++++--
 .../chef/windows_provisioner_test.go          |  2 ++
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/builtin/provisioners/chef/linux_provisioner_test.go b/builtin/provisioners/chef/linux_provisioner_test.go
index 27a1dbba0b..6c57bfef0c 100644
--- a/builtin/provisioners/chef/linux_provisioner_test.go
+++ b/builtin/provisioners/chef/linux_provisioner_test.go
@@ -310,6 +310,8 @@ validation_client_name  "validator"
 node_name               "nodename1"
 
 
+
+
 http_proxy          "http://proxy.local"
 ENV['http_proxy'] = "http://proxy.local"
 ENV['HTTP_PROXY'] = "http://proxy.local"
diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index f50b1b8316..d7dbd718dc 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -41,6 +41,12 @@ chef_server_url         "{{ .ServerURL }}"
 validation_client_name  "{{ .ValidationClientName }}"
 node_name               "{{ .NodeName }}"
 
+{{ if .UsePolicyfile }}
+use_policyfile true
+policy_group 	 "{{ .PolicyGroup }}"
+policy_name 	 "{{ .PolicyName }}"
+{{ end }}
+
 {{ if .HTTPProxy }}
 http_proxy          "{{ .HTTPProxy }}"
 ENV['http_proxy'] = "{{ .HTTPProxy }}"
@@ -62,6 +68,9 @@ type Provisioner struct {
 	Attributes           interface{} `mapstructure:"attributes"`
 	Environment          string      `mapstructure:"environment"`
 	LogToFile            bool        `mapstructure:"log_to_file"`
+	UsePolicyfile        bool        `mapstructure:"use_policyfile"`
+	PolicyGroup          string      `mapstructure:"policy_group"`
+	PolicyName           string      `mapstructure:"policy_name"`
 	HTTPProxy            string      `mapstructure:"http_proxy"`
 	HTTPSProxy           string      `mapstructure:"https_proxy"`
 	NOProxy              []string    `mapstructure:"no_proxy"`
@@ -183,6 +192,12 @@ func (r *ResourceProvisioner) Validate(c *terraform.ResourceConfig) (ws []string
 	if p.ValidationKeyPath == "" {
 		es = append(es, fmt.Errorf("Key not found: validation_key_path"))
 	}
+	if p.UsePolicyfile && p.PolicyName == "" {
+		es = append(es, fmt.Errorf("Policyfile enabled but key not found: policy_name"))
+	}
+	if p.UsePolicyfile && p.PolicyGroup == "" {
+		es = append(es, fmt.Errorf("Policyfile enabled but key not found: policy_group"))
+	}
 
 	return ws, es
 }
@@ -302,7 +317,15 @@ func (p *Provisioner) runChefClientFunc(
 	confDir string) func(terraform.UIOutput, communicator.Communicator) error {
 	return func(o terraform.UIOutput, comm communicator.Communicator) error {
 		fb := path.Join(confDir, firstBoot)
-		cmd := fmt.Sprintf("%s -j %q -E %q", chefCmd, fb, p.Environment)
+		var cmd string
+
+		// Policyfiles do not support chef environments, so don't pass the `-E` flag.
+		if p.UsePolicyfile {
+			cmd = fmt.Sprintf("%s -j %q", chefCmd, fb)
+		} else {
+			cmd = fmt.Sprintf("%s -j %q -E %q", chefCmd, fb, p.Environment)
+		}
+
 
 		if p.LogToFile {
 			if err := os.MkdirAll(logfileDir, 0755); err != nil {
@@ -413,7 +436,9 @@ func (p *Provisioner) deployConfigFiles(
 	}
 
 	// Add the initial runlist to the first boot settings
-	fb["run_list"] = p.RunList
+	if !p.UsePolicyfile {
+		fb["run_list"] = p.RunList
+	}
 
 	// Marshal the first boot settings to JSON
 	d, err := json.Marshal(fb)
diff --git a/builtin/provisioners/chef/windows_provisioner_test.go b/builtin/provisioners/chef/windows_provisioner_test.go
index a01599a30a..11e61d8883 100644
--- a/builtin/provisioners/chef/windows_provisioner_test.go
+++ b/builtin/provisioners/chef/windows_provisioner_test.go
@@ -342,6 +342,8 @@ validation_client_name  "validator"
 node_name               "nodename1"
 
 
+
+
 http_proxy          "http://proxy.local"
 ENV['http_proxy'] = "http://proxy.local"
 ENV['HTTP_PROXY'] = "http://proxy.local"

From 0bcf557198a2d3997626d7f0cfd7f6bb6d57cf99 Mon Sep 17 00:00:00 2001
From: Antoine Grondin <antoinegrondin@gmail.com>
Date: Sun, 27 Sep 2015 00:06:51 -0400
Subject: [PATCH 067/335] use official Go client for DigitalOcean provider

---
 builtin/providers/digitalocean/config.go      |  15 +-
 .../resource_digitalocean_domain.go           |  21 +--
 .../resource_digitalocean_domain_test.go      |  20 +--
 .../resource_digitalocean_droplet.go          | 138 ++++++++++++------
 .../resource_digitalocean_droplet_test.go     |  84 ++++++-----
 .../resource_digitalocean_record.go           |  86 +++++++----
 .../resource_digitalocean_record_test.go      |  44 ++++--
 .../resource_digitalocean_ssh_key.go          |  45 ++++--
 .../resource_digitalocean_ssh_key_test.go     |  31 ++--
 9 files changed, 311 insertions(+), 173 deletions(-)

diff --git a/builtin/providers/digitalocean/config.go b/builtin/providers/digitalocean/config.go
index c9a43bc095..498bf790be 100644
--- a/builtin/providers/digitalocean/config.go
+++ b/builtin/providers/digitalocean/config.go
@@ -3,7 +3,8 @@ package digitalocean
 import (
 	"log"
 
-	"github.com/pearkes/digitalocean"
+	"github.com/digitalocean/godo"
+	"golang.org/x/oauth2"
 )
 
 type Config struct {
@@ -11,14 +12,14 @@ type Config struct {
 }
 
 // Client() returns a new client for accessing digital ocean.
-func (c *Config) Client() (*digitalocean.Client, error) {
-	client, err := digitalocean.NewClient(c.Token)
+func (c *Config) Client() (*godo.Client, error) {
+	tokenSrc := oauth2.StaticTokenSource(&oauth2.Token{
+		AccessToken: c.Token,
+	})
 
-	log.Printf("[INFO] DigitalOcean Client configured for URL: %s", client.URL)
+	client := godo.NewClient(oauth2.NewClient(oauth2.NoContext, tokenSrc))
 
-	if err != nil {
-		return nil, err
-	}
+	log.Printf("[INFO] DigitalOcean Client configured for URL: %s", client.BaseURL.String())
 
 	return client, nil
 }
diff --git a/builtin/providers/digitalocean/resource_digitalocean_domain.go b/builtin/providers/digitalocean/resource_digitalocean_domain.go
index 8ab5f18845..d7c4edca13 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_domain.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_domain.go
@@ -5,8 +5,8 @@ import (
 	"log"
 	"strings"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/pearkes/digitalocean"
 )
 
 func resourceDigitalOceanDomain() *schema.Resource {
@@ -32,30 +32,31 @@ func resourceDigitalOceanDomain() *schema.Resource {
 }
 
 func resourceDigitalOceanDomainCreate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
 	// Build up our creation options
-	opts := &digitalocean.CreateDomain{
+
+	opts := &godo.DomainCreateRequest{
 		Name:      d.Get("name").(string),
 		IPAddress: d.Get("ip_address").(string),
 	}
 
 	log.Printf("[DEBUG] Domain create configuration: %#v", opts)
-	name, err := client.CreateDomain(opts)
+	domain, _, err := client.Domains.Create(opts)
 	if err != nil {
 		return fmt.Errorf("Error creating Domain: %s", err)
 	}
 
-	d.SetId(name)
-	log.Printf("[INFO] Domain Name: %s", name)
+	d.SetId(domain.Name)
+	log.Printf("[INFO] Domain Name: %s", domain.Name)
 
 	return resourceDigitalOceanDomainRead(d, meta)
 }
 
 func resourceDigitalOceanDomainRead(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	domain, err := client.RetrieveDomain(d.Id())
+	domain, _, err := client.Domains.Get(d.Id())
 	if err != nil {
 		// If the domain is somehow already destroyed, mark as
 		// successfully gone
@@ -73,10 +74,10 @@ func resourceDigitalOceanDomainRead(d *schema.ResourceData, meta interface{}) er
 }
 
 func resourceDigitalOceanDomainDelete(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
 	log.Printf("[INFO] Deleting Domain: %s", d.Id())
-	err := client.DestroyDomain(d.Id())
+	_, err := client.Domains.Delete(d.Id())
 	if err != nil {
 		return fmt.Errorf("Error deleting Domain: %s", err)
 	}
diff --git a/builtin/providers/digitalocean/resource_digitalocean_domain_test.go b/builtin/providers/digitalocean/resource_digitalocean_domain_test.go
index 918eea1551..2801414ee7 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_domain_test.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_domain_test.go
@@ -4,13 +4,13 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
-	"github.com/pearkes/digitalocean"
 )
 
 func TestAccDigitalOceanDomain_Basic(t *testing.T) {
-	var domain digitalocean.Domain
+	var domain godo.Domain
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -33,7 +33,7 @@ func TestAccDigitalOceanDomain_Basic(t *testing.T) {
 }
 
 func testAccCheckDigitalOceanDomainDestroy(s *terraform.State) error {
-	client := testAccProvider.Meta().(*digitalocean.Client)
+	client := testAccProvider.Meta().(*godo.Client)
 
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "digitalocean_domain" {
@@ -41,17 +41,17 @@ func testAccCheckDigitalOceanDomainDestroy(s *terraform.State) error {
 		}
 
 		// Try to find the domain
-		_, err := client.RetrieveDomain(rs.Primary.ID)
+		_, _, err := client.Domains.Get(rs.Primary.ID)
 
 		if err == nil {
-			fmt.Errorf("Domain still exists")
+			return fmt.Errorf("Domain still exists")
 		}
 	}
 
 	return nil
 }
 
-func testAccCheckDigitalOceanDomainAttributes(domain *digitalocean.Domain) resource.TestCheckFunc {
+func testAccCheckDigitalOceanDomainAttributes(domain *godo.Domain) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
 		if domain.Name != "foobar-test-terraform.com" {
@@ -62,7 +62,7 @@ func testAccCheckDigitalOceanDomainAttributes(domain *digitalocean.Domain) resou
 	}
 }
 
-func testAccCheckDigitalOceanDomainExists(n string, domain *digitalocean.Domain) resource.TestCheckFunc {
+func testAccCheckDigitalOceanDomainExists(n string, domain *godo.Domain) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 
@@ -74,9 +74,9 @@ func testAccCheckDigitalOceanDomainExists(n string, domain *digitalocean.Domain)
 			return fmt.Errorf("No Record ID is set")
 		}
 
-		client := testAccProvider.Meta().(*digitalocean.Client)
+		client := testAccProvider.Meta().(*godo.Client)
 
-		foundDomain, err := client.RetrieveDomain(rs.Primary.ID)
+		foundDomain, _, err := client.Domains.Get(rs.Primary.ID)
 
 		if err != nil {
 			return err
@@ -86,7 +86,7 @@ func testAccCheckDigitalOceanDomainExists(n string, domain *digitalocean.Domain)
 			return fmt.Errorf("Record not found")
 		}
 
-		*domain = foundDomain
+		*domain = *foundDomain
 
 		return nil
 	}
diff --git a/builtin/providers/digitalocean/resource_digitalocean_droplet.go b/builtin/providers/digitalocean/resource_digitalocean_droplet.go
index 88c0c6d07a..eb4a195eaf 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_droplet.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_droplet.go
@@ -3,12 +3,13 @@ package digitalocean
 import (
 	"fmt"
 	"log"
+	"strconv"
 	"strings"
 	"time"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/pearkes/digitalocean"
 )
 
 func resourceDigitalOceanDroplet() *schema.Resource {
@@ -101,11 +102,13 @@ func resourceDigitalOceanDroplet() *schema.Resource {
 }
 
 func resourceDigitalOceanDropletCreate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
 	// Build up our creation options
-	opts := &digitalocean.CreateDroplet{
-		Image:  d.Get("image").(string),
+	opts := &godo.DropletCreateRequest{
+		Image: godo.DropletCreateImage{
+			Slug: d.Get("image").(string),
+		},
 		Name:   d.Get("name").(string),
 		Region: d.Get("region").(string),
 		Size:   d.Get("size").(string),
@@ -116,7 +119,7 @@ func resourceDigitalOceanDropletCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	if attr, ok := d.GetOk("ipv6"); ok {
-		opts.IPV6 = attr.(bool)
+		opts.IPv6 = attr.(bool)
 	}
 
 	if attr, ok := d.GetOk("private_networking"); ok {
@@ -128,25 +131,32 @@ func resourceDigitalOceanDropletCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	// Get configured ssh_keys
-	ssh_keys := d.Get("ssh_keys.#").(int)
-	if ssh_keys > 0 {
-		opts.SSHKeys = make([]string, 0, ssh_keys)
-		for i := 0; i < ssh_keys; i++ {
+	sshKeys := d.Get("ssh_keys.#").(int)
+	if sshKeys > 0 {
+		opts.SSHKeys = make([]godo.DropletCreateSSHKey, 0, sshKeys)
+		for i := 0; i < sshKeys; i++ {
 			key := fmt.Sprintf("ssh_keys.%d", i)
-			opts.SSHKeys = append(opts.SSHKeys, d.Get(key).(string))
+			id, err := strconv.Atoi(d.Get(key).(string))
+			if err != nil {
+				return err
+			}
+
+			opts.SSHKeys = append(opts.SSHKeys, godo.DropletCreateSSHKey{
+				ID: id,
+			})
 		}
 	}
 
 	log.Printf("[DEBUG] Droplet create configuration: %#v", opts)
 
-	id, err := client.CreateDroplet(opts)
+	droplet, _, err := client.Droplets.Create(opts)
 
 	if err != nil {
 		return fmt.Errorf("Error creating droplet: %s", err)
 	}
 
 	// Assign the droplets id
-	d.SetId(id)
+	d.SetId(strconv.Itoa(droplet.ID))
 
 	log.Printf("[INFO] Droplet ID: %s", d.Id())
 
@@ -160,10 +170,15 @@ func resourceDigitalOceanDropletCreate(d *schema.ResourceData, meta interface{})
 }
 
 func resourceDigitalOceanDropletRead(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
+
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid droplet id: %v", err)
+	}
 
 	// Retrieve the droplet properties for updating the state
-	droplet, err := client.RetrieveDroplet(d.Id())
+	droplet, _, err := client.Droplets.Get(id)
 	if err != nil {
 		// check if the droplet no longer exists.
 		if err.Error() == "Error retrieving droplet: API Error: 404 Not Found" {
@@ -174,48 +189,70 @@ func resourceDigitalOceanDropletRead(d *schema.ResourceData, meta interface{}) e
 		return fmt.Errorf("Error retrieving droplet: %s", err)
 	}
 
-	if droplet.ImageSlug() != "" {
-		d.Set("image", droplet.ImageSlug())
+	if droplet.Image.Slug != "" {
+		d.Set("image", droplet.Image.Slug)
 	} else {
-		d.Set("image", droplet.ImageId())
+		d.Set("image", droplet.Image.ID)
 	}
 
 	d.Set("name", droplet.Name)
-	d.Set("region", droplet.RegionSlug())
-	d.Set("size", droplet.SizeSlug)
+	d.Set("region", droplet.Region.Slug)
+	d.Set("size", droplet.Size.Slug)
 	d.Set("status", droplet.Status)
-	d.Set("locked", droplet.IsLocked())
+	d.Set("locked", strconv.FormatBool(droplet.Locked))
 
-	if droplet.IPV6Address("public") != "" {
+	if publicIPv6 := findIPv6AddrByType(droplet, "public"); publicIPv6 != "" {
 		d.Set("ipv6", true)
-		d.Set("ipv6_address", droplet.IPV6Address("public"))
-		d.Set("ipv6_address_private", droplet.IPV6Address("private"))
+		d.Set("ipv6_address", publicIPv6)
+		d.Set("ipv6_address_private", findIPv6AddrByType(droplet, "private"))
 	}
 
-	d.Set("ipv4_address", droplet.IPV4Address("public"))
+	d.Set("ipv4_address", findIPv4AddrByType(droplet, "public"))
 
-	if droplet.NetworkingType() == "private" {
+	if privateIPv4 := findIPv4AddrByType(droplet, "private"); privateIPv4 != "" {
 		d.Set("private_networking", true)
-		d.Set("ipv4_address_private", droplet.IPV4Address("private"))
+		d.Set("ipv4_address_private", privateIPv4)
 	}
 
 	// Initialize the connection info
 	d.SetConnInfo(map[string]string{
 		"type": "ssh",
-		"host": droplet.IPV4Address("public"),
+		"host": findIPv4AddrByType(droplet, "public"),
 	})
 
 	return nil
 }
 
+func findIPv6AddrByType(d *godo.Droplet, addrType string) string {
+	for _, addr := range d.Networks.V6 {
+		if addr.Type == addrType {
+			return addr.IPAddress
+		}
+	}
+	return ""
+}
+
+func findIPv4AddrByType(d *godo.Droplet, addrType string) string {
+	for _, addr := range d.Networks.V4 {
+		if addr.Type == addrType {
+			return addr.IPAddress
+		}
+	}
+	return ""
+}
+
 func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
+
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid droplet id: %v", err)
+	}
 
 	if d.HasChange("size") {
 		oldSize, newSize := d.GetChange("size")
 
-		err := client.PowerOff(d.Id())
-
+		_, _, err = client.DropletActions.PowerOff(id)
 		if err != nil && !strings.Contains(err.Error(), "Droplet is already powered off") {
 			return fmt.Errorf(
 				"Error powering off droplet (%s): %s", d.Id(), err)
@@ -229,7 +266,7 @@ func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{})
 		}
 
 		// Resize the droplet
-		err = client.Resize(d.Id(), newSize.(string))
+		_, _, err = client.DropletActions.Resize(id, newSize.(string), true)
 		if err != nil {
 			newErr := powerOnAndWait(d, meta)
 			if newErr != nil {
@@ -254,7 +291,7 @@ func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{})
 				"Error waiting for resize droplet (%s) to finish: %s", d.Id(), err)
 		}
 
-		err = client.PowerOn(d.Id())
+		_, _, err = client.DropletActions.PowerOn(id)
 
 		if err != nil {
 			return fmt.Errorf(
@@ -272,7 +309,7 @@ func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{})
 		oldName, newName := d.GetChange("name")
 
 		// Rename the droplet
-		err := client.Rename(d.Id(), newName.(string))
+		_, _, err = client.DropletActions.Rename(id, newName.(string))
 
 		if err != nil {
 			return fmt.Errorf(
@@ -292,7 +329,7 @@ func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{})
 	// As there is no way to disable private networking,
 	// we only check if it needs to be enabled
 	if d.HasChange("private_networking") && d.Get("private_networking").(bool) {
-		err := client.EnablePrivateNetworking(d.Id())
+		_, _, err = client.DropletActions.EnablePrivateNetworking(id)
 
 		if err != nil {
 			return fmt.Errorf(
@@ -309,7 +346,7 @@ func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{})
 
 	// As there is no way to disable IPv6, we only check if it needs to be enabled
 	if d.HasChange("ipv6") && d.Get("ipv6").(bool) {
-		err := client.EnableIPV6s(d.Id())
+		_, _, err = client.DropletActions.EnableIPv6(id)
 
 		if err != nil {
 			return fmt.Errorf(
@@ -330,9 +367,14 @@ func resourceDigitalOceanDropletUpdate(d *schema.ResourceData, meta interface{})
 }
 
 func resourceDigitalOceanDropletDelete(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	_, err := WaitForDropletAttribute(
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid droplet id: %v", err)
+	}
+
+	_, err = WaitForDropletAttribute(
 		d, "false", []string{"", "true"}, "locked", meta)
 
 	if err != nil {
@@ -343,7 +385,7 @@ func resourceDigitalOceanDropletDelete(d *schema.ResourceData, meta interface{})
 	log.Printf("[INFO] Deleting droplet: %s", d.Id())
 
 	// Destroy the droplet
-	err = client.DestroyDroplet(d.Id())
+	_, err = client.Droplets.Delete(id)
 
 	// Handle remotely destroyed droplets
 	if err != nil && strings.Contains(err.Error(), "404 Not Found") {
@@ -386,9 +428,14 @@ func WaitForDropletAttribute(
 // cleaner and more efficient
 func newDropletStateRefreshFunc(
 	d *schema.ResourceData, attribute string, meta interface{}) resource.StateRefreshFunc {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 	return func() (interface{}, string, error) {
-		err := resourceDigitalOceanDropletRead(d, meta)
+		id, err := strconv.Atoi(d.Id())
+		if err != nil {
+			return nil, "", err
+		}
+
+		err = resourceDigitalOceanDropletRead(d, meta)
 		if err != nil {
 			return nil, "", err
 		}
@@ -404,7 +451,7 @@ func newDropletStateRefreshFunc(
 		// See if we can access our attribute
 		if attr, ok := d.GetOk(attribute); ok {
 			// Retrieve the droplet properties
-			droplet, err := client.RetrieveDroplet(d.Id())
+			droplet, _, err := client.Droplets.Get(id)
 			if err != nil {
 				return nil, "", fmt.Errorf("Error retrieving droplet: %s", err)
 			}
@@ -418,8 +465,13 @@ func newDropletStateRefreshFunc(
 
 // Powers on the droplet and waits for it to be active
 func powerOnAndWait(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
-	err := client.PowerOn(d.Id())
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid droplet id: %v", err)
+	}
+
+	client := meta.(*godo.Client)
+	_, _, err = client.DropletActions.PowerOn(id)
 	if err != nil {
 		return err
 	}
diff --git a/builtin/providers/digitalocean/resource_digitalocean_droplet_test.go b/builtin/providers/digitalocean/resource_digitalocean_droplet_test.go
index 587612e011..730718c3f4 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_droplet_test.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_droplet_test.go
@@ -2,16 +2,17 @@ package digitalocean
 
 import (
 	"fmt"
+	"strconv"
 	"strings"
 	"testing"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
-	"github.com/pearkes/digitalocean"
 )
 
 func TestAccDigitalOceanDroplet_Basic(t *testing.T) {
-	var droplet digitalocean.Droplet
+	var droplet godo.Droplet
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -40,7 +41,7 @@ func TestAccDigitalOceanDroplet_Basic(t *testing.T) {
 }
 
 func TestAccDigitalOceanDroplet_Update(t *testing.T) {
-	var droplet digitalocean.Droplet
+	var droplet godo.Droplet
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -71,7 +72,7 @@ func TestAccDigitalOceanDroplet_Update(t *testing.T) {
 }
 
 func TestAccDigitalOceanDroplet_PrivateNetworkingIpv6(t *testing.T) {
-	var droplet digitalocean.Droplet
+	var droplet godo.Droplet
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -94,15 +95,20 @@ func TestAccDigitalOceanDroplet_PrivateNetworkingIpv6(t *testing.T) {
 }
 
 func testAccCheckDigitalOceanDropletDestroy(s *terraform.State) error {
-	client := testAccProvider.Meta().(*digitalocean.Client)
+	client := testAccProvider.Meta().(*godo.Client)
 
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "digitalocean_droplet" {
 			continue
 		}
 
+		id, err := strconv.Atoi(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
 		// Try to find the Droplet
-		_, err := client.RetrieveDroplet(rs.Primary.ID)
+		_, _, err = client.Droplets.Get(id)
 
 		// Wait
 
@@ -116,19 +122,19 @@ func testAccCheckDigitalOceanDropletDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccCheckDigitalOceanDropletAttributes(droplet *digitalocean.Droplet) resource.TestCheckFunc {
+func testAccCheckDigitalOceanDropletAttributes(droplet *godo.Droplet) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
-		if droplet.ImageSlug() != "centos-5-8-x32" {
-			return fmt.Errorf("Bad image_slug: %s", droplet.ImageSlug())
+		if droplet.Image.Slug != "centos-5-8-x32" {
+			return fmt.Errorf("Bad image_slug: %s", droplet.Image.Slug)
 		}
 
-		if droplet.SizeSlug != "512mb" {
-			return fmt.Errorf("Bad size_slug: %s", droplet.SizeSlug)
+		if droplet.Size.Slug != "512mb" {
+			return fmt.Errorf("Bad size_slug: %s", droplet.Size.Slug)
 		}
 
-		if droplet.RegionSlug() != "nyc3" {
-			return fmt.Errorf("Bad region_slug: %s", droplet.RegionSlug())
+		if droplet.Region.Slug != "nyc3" {
+			return fmt.Errorf("Bad region_slug: %s", droplet.Region.Slug)
 		}
 
 		if droplet.Name != "foo" {
@@ -138,10 +144,10 @@ func testAccCheckDigitalOceanDropletAttributes(droplet *digitalocean.Droplet) re
 	}
 }
 
-func testAccCheckDigitalOceanDropletRenamedAndResized(droplet *digitalocean.Droplet) resource.TestCheckFunc {
+func testAccCheckDigitalOceanDropletRenamedAndResized(droplet *godo.Droplet) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
-		if droplet.SizeSlug != "1gb" {
+		if droplet.Size.Slug != "1gb" {
 			return fmt.Errorf("Bad size_slug: %s", droplet.SizeSlug)
 		}
 
@@ -153,50 +159,46 @@ func testAccCheckDigitalOceanDropletRenamedAndResized(droplet *digitalocean.Drop
 	}
 }
 
-func testAccCheckDigitalOceanDropletAttributes_PrivateNetworkingIpv6(droplet *digitalocean.Droplet) resource.TestCheckFunc {
+func testAccCheckDigitalOceanDropletAttributes_PrivateNetworkingIpv6(droplet *godo.Droplet) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
-		if droplet.ImageSlug() != "centos-5-8-x32" {
-			return fmt.Errorf("Bad image_slug: %s", droplet.ImageSlug())
+		if droplet.Image.Slug != "centos-5-8-x32" {
+			return fmt.Errorf("Bad image_slug: %s", droplet.Image.Slug)
 		}
 
-		if droplet.SizeSlug != "1gb" {
-			return fmt.Errorf("Bad size_slug: %s", droplet.SizeSlug)
+		if droplet.Size.Slug != "1gb" {
+			return fmt.Errorf("Bad size_slug: %s", droplet.Size.Slug)
 		}
 
-		if droplet.RegionSlug() != "sgp1" {
-			return fmt.Errorf("Bad region_slug: %s", droplet.RegionSlug())
+		if droplet.Region.Slug != "sgp1" {
+			return fmt.Errorf("Bad region_slug: %s", droplet.Region.Slug)
 		}
 
 		if droplet.Name != "baz" {
 			return fmt.Errorf("Bad name: %s", droplet.Name)
 		}
 
-		if droplet.IPV4Address("private") == "" {
-			return fmt.Errorf("No ipv4 private: %s", droplet.IPV4Address("private"))
+		if findIPv4AddrByType(droplet, "private") == "" {
+			return fmt.Errorf("No ipv4 private: %s", findIPv4AddrByType(droplet, "private"))
 		}
 
 		// if droplet.IPV6Address("private") == "" {
 		// 	return fmt.Errorf("No ipv6 private: %s", droplet.IPV6Address("private"))
 		// }
 
-		if droplet.NetworkingType() != "private" {
-			return fmt.Errorf("Bad networking type: %s", droplet.NetworkingType())
+		if findIPv4AddrByType(droplet, "public") == "" {
+			return fmt.Errorf("No ipv4 public: %s", findIPv4AddrByType(droplet, "public"))
 		}
 
-		if droplet.IPV4Address("public") == "" {
-			return fmt.Errorf("No ipv4 public: %s", droplet.IPV4Address("public"))
-		}
-
-		if droplet.IPV6Address("public") == "" {
-			return fmt.Errorf("No ipv6 public: %s", droplet.IPV6Address("public"))
+		if findIPv6AddrByType(droplet, "public") == "" {
+			return fmt.Errorf("No ipv6 public: %s", findIPv6AddrByType(droplet, "public"))
 		}
 
 		return nil
 	}
 }
 
-func testAccCheckDigitalOceanDropletExists(n string, droplet *digitalocean.Droplet) resource.TestCheckFunc {
+func testAccCheckDigitalOceanDropletExists(n string, droplet *godo.Droplet) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 		if !ok {
@@ -207,19 +209,25 @@ func testAccCheckDigitalOceanDropletExists(n string, droplet *digitalocean.Dropl
 			return fmt.Errorf("No Droplet ID is set")
 		}
 
-		client := testAccProvider.Meta().(*digitalocean.Client)
+		client := testAccProvider.Meta().(*godo.Client)
 
-		retrieveDroplet, err := client.RetrieveDroplet(rs.Primary.ID)
+		id, err := strconv.Atoi(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		// Try to find the Droplet
+		retrieveDroplet, _, err := client.Droplets.Get(id)
 
 		if err != nil {
 			return err
 		}
 
-		if retrieveDroplet.StringId() != rs.Primary.ID {
+		if strconv.Itoa(retrieveDroplet.ID) != rs.Primary.ID {
 			return fmt.Errorf("Droplet not found")
 		}
 
-		*droplet = retrieveDroplet
+		*droplet = *retrieveDroplet
 
 		return nil
 	}
@@ -230,7 +238,7 @@ func testAccCheckDigitalOceanDropletExists(n string, droplet *digitalocean.Dropl
 // other test already
 //
 //func Test_new_droplet_state_refresh_func(t *testing.T) {
-//	droplet := digitalocean.Droplet{
+//	droplet := godo.Droplet{
 //		Name: "foobar",
 //	}
 //	resourceMap, _ := resource_digitalocean_droplet_update_state(
diff --git a/builtin/providers/digitalocean/resource_digitalocean_record.go b/builtin/providers/digitalocean/resource_digitalocean_record.go
index 2ff095aae1..ebcb2e0f8f 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_record.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_record.go
@@ -3,10 +3,11 @@ package digitalocean
 import (
 	"fmt"
 	"log"
+	"strconv"
 	"strings"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/pearkes/digitalocean"
 )
 
 func resourceDigitalOceanRecord() *schema.Resource {
@@ -66,34 +67,55 @@ func resourceDigitalOceanRecord() *schema.Resource {
 }
 
 func resourceDigitalOceanRecordCreate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	newRecord := digitalocean.CreateRecord{
-		Type:     d.Get("type").(string),
-		Name:     d.Get("name").(string),
-		Data:     d.Get("value").(string),
-		Priority: d.Get("priority").(string),
-		Port:     d.Get("port").(string),
-		Weight:   d.Get("weight").(string),
+	newRecord := godo.DomainRecordEditRequest{
+		Type: d.Get("type").(string),
+		Name: d.Get("name").(string),
+		Data: d.Get("value").(string),
+	}
+
+	var err error
+	if priority := d.Get("priority").(string); priority != "" {
+		newRecord.Priority, err = strconv.Atoi(priority)
+		if err != nil {
+			return fmt.Errorf("Failed to parse priority as an integer: %v", err)
+		}
+	}
+	if port := d.Get("port").(string); port != "" {
+		newRecord.Port, err = strconv.Atoi(port)
+		if err != nil {
+			return fmt.Errorf("Failed to parse port as an integer: %v", err)
+		}
+	}
+	if weight := d.Get("weight").(string); weight != "" {
+		newRecord.Weight, err = strconv.Atoi(weight)
+		if err != nil {
+			return fmt.Errorf("Failed to parse weight as an integer: %v", err)
+		}
 	}
 
 	log.Printf("[DEBUG] record create configuration: %#v", newRecord)
-	recId, err := client.CreateRecord(d.Get("domain").(string), &newRecord)
+	rec, _, err := client.Domains.CreateRecord(d.Get("domain").(string), &newRecord)
 	if err != nil {
 		return fmt.Errorf("Failed to create record: %s", err)
 	}
 
-	d.SetId(recId)
+	d.SetId(strconv.Itoa(rec.ID))
 	log.Printf("[INFO] Record ID: %s", d.Id())
 
 	return resourceDigitalOceanRecordRead(d, meta)
 }
 
 func resourceDigitalOceanRecordRead(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 	domain := d.Get("domain").(string)
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid record ID: %v", err)
+	}
 
-	rec, err := client.RetrieveRecord(domain, d.Id())
+	rec, _, err := client.Domains.Record(domain, id)
 	if err != nil {
 		// If the record is somehow already destroyed, mark as
 		// successfully gone
@@ -120,23 +142,29 @@ func resourceDigitalOceanRecordRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("name", rec.Name)
 	d.Set("type", rec.Type)
 	d.Set("value", rec.Data)
-	d.Set("weight", rec.StringWeight())
-	d.Set("priority", rec.StringPriority())
-	d.Set("port", rec.StringPort())
+	d.Set("weight", strconv.Itoa(rec.Weight))
+	d.Set("priority", strconv.Itoa(rec.Priority))
+	d.Set("port", strconv.Itoa(rec.Port))
 
 	return nil
 }
 
 func resourceDigitalOceanRecordUpdate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	var updateRecord digitalocean.UpdateRecord
-	if v, ok := d.GetOk("name"); ok {
-		updateRecord.Name = v.(string)
+	domain := d.Get("domain").(string)
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid record ID: %v", err)
 	}
 
-	log.Printf("[DEBUG] record update configuration: %#v", updateRecord)
-	err := client.UpdateRecord(d.Get("domain").(string), d.Id(), &updateRecord)
+	var editRecord godo.DomainRecordEditRequest
+	if v, ok := d.GetOk("name"); ok {
+		editRecord.Name = v.(string)
+	}
+
+	log.Printf("[DEBUG] record update configuration: %#v", editRecord)
+	_, _, err = client.Domains.EditRecord(domain, id, &editRecord)
 	if err != nil {
 		return fmt.Errorf("Failed to update record: %s", err)
 	}
@@ -145,11 +173,17 @@ func resourceDigitalOceanRecordUpdate(d *schema.ResourceData, meta interface{})
 }
 
 func resourceDigitalOceanRecordDelete(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	log.Printf(
-		"[INFO] Deleting record: %s, %s", d.Get("domain").(string), d.Id())
-	err := client.DestroyRecord(d.Get("domain").(string), d.Id())
+	domain := d.Get("domain").(string)
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid record ID: %v", err)
+	}
+
+	log.Printf("[INFO] Deleting record: %s, %d", domain, id)
+
+	_, err = client.Domains.DeleteRecord(domain, id)
 	if err != nil {
 		// If the record is somehow already destroyed, mark as
 		// successfully gone
diff --git a/builtin/providers/digitalocean/resource_digitalocean_record_test.go b/builtin/providers/digitalocean/resource_digitalocean_record_test.go
index 139fd30b71..7811ee9c80 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_record_test.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_record_test.go
@@ -2,15 +2,16 @@ package digitalocean
 
 import (
 	"fmt"
+	"strconv"
 	"testing"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
-	"github.com/pearkes/digitalocean"
 )
 
 func TestAccDigitalOceanRecord_Basic(t *testing.T) {
-	var record digitalocean.Record
+	var record godo.DomainRecord
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -35,7 +36,7 @@ func TestAccDigitalOceanRecord_Basic(t *testing.T) {
 }
 
 func TestAccDigitalOceanRecord_Updated(t *testing.T) {
-	var record digitalocean.Record
+	var record godo.DomainRecord
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -77,7 +78,7 @@ func TestAccDigitalOceanRecord_Updated(t *testing.T) {
 }
 
 func TestAccDigitalOceanRecord_HostnameValue(t *testing.T) {
-	var record digitalocean.Record
+	var record godo.DomainRecord
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -104,7 +105,7 @@ func TestAccDigitalOceanRecord_HostnameValue(t *testing.T) {
 }
 
 func TestAccDigitalOceanRecord_RelativeHostnameValue(t *testing.T) {
-	var record digitalocean.Record
+	var record godo.DomainRecord
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -131,7 +132,7 @@ func TestAccDigitalOceanRecord_RelativeHostnameValue(t *testing.T) {
 }
 
 func TestAccDigitalOceanRecord_ExternalHostnameValue(t *testing.T) {
-	var record digitalocean.Record
+	var record godo.DomainRecord
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -158,14 +159,19 @@ func TestAccDigitalOceanRecord_ExternalHostnameValue(t *testing.T) {
 }
 
 func testAccCheckDigitalOceanRecordDestroy(s *terraform.State) error {
-	client := testAccProvider.Meta().(*digitalocean.Client)
+	client := testAccProvider.Meta().(*godo.Client)
 
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "digitalocean_record" {
 			continue
 		}
+		domain := rs.Primary.Attributes["domain"]
+		id, err := strconv.Atoi(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
 
-		_, err := client.RetrieveRecord(rs.Primary.Attributes["domain"], rs.Primary.ID)
+		_, _, err = client.Domains.Record(domain, id)
 
 		if err == nil {
 			return fmt.Errorf("Record still exists")
@@ -175,7 +181,7 @@ func testAccCheckDigitalOceanRecordDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccCheckDigitalOceanRecordAttributes(record *digitalocean.Record) resource.TestCheckFunc {
+func testAccCheckDigitalOceanRecordAttributes(record *godo.DomainRecord) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
 		if record.Data != "192.168.0.10" {
@@ -186,7 +192,7 @@ func testAccCheckDigitalOceanRecordAttributes(record *digitalocean.Record) resou
 	}
 }
 
-func testAccCheckDigitalOceanRecordAttributesUpdated(record *digitalocean.Record) resource.TestCheckFunc {
+func testAccCheckDigitalOceanRecordAttributesUpdated(record *godo.DomainRecord) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
 		if record.Data != "192.168.0.11" {
@@ -197,7 +203,7 @@ func testAccCheckDigitalOceanRecordAttributesUpdated(record *digitalocean.Record
 	}
 }
 
-func testAccCheckDigitalOceanRecordExists(n string, record *digitalocean.Record) resource.TestCheckFunc {
+func testAccCheckDigitalOceanRecordExists(n string, record *godo.DomainRecord) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 
@@ -209,25 +215,31 @@ func testAccCheckDigitalOceanRecordExists(n string, record *digitalocean.Record)
 			return fmt.Errorf("No Record ID is set")
 		}
 
-		client := testAccProvider.Meta().(*digitalocean.Client)
+		client := testAccProvider.Meta().(*godo.Client)
 
-		foundRecord, err := client.RetrieveRecord(rs.Primary.Attributes["domain"], rs.Primary.ID)
+		domain := rs.Primary.Attributes["domain"]
+		id, err := strconv.Atoi(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		foundRecord, _, err := client.Domains.Record(domain, id)
 
 		if err != nil {
 			return err
 		}
 
-		if foundRecord.StringId() != rs.Primary.ID {
+		if strconv.Itoa(foundRecord.ID) != rs.Primary.ID {
 			return fmt.Errorf("Record not found")
 		}
 
-		*record = foundRecord
+		*record = *foundRecord
 
 		return nil
 	}
 }
 
-func testAccCheckDigitalOceanRecordAttributesHostname(data string, record *digitalocean.Record) resource.TestCheckFunc {
+func testAccCheckDigitalOceanRecordAttributesHostname(data string, record *godo.DomainRecord) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
 		if record.Data != data {
diff --git a/builtin/providers/digitalocean/resource_digitalocean_ssh_key.go b/builtin/providers/digitalocean/resource_digitalocean_ssh_key.go
index 96a4ad80da..d6eb96f09f 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_ssh_key.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_ssh_key.go
@@ -3,10 +3,11 @@ package digitalocean
 import (
 	"fmt"
 	"log"
+	"strconv"
 	"strings"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/pearkes/digitalocean"
 )
 
 func resourceDigitalOceanSSHKey() *schema.Resource {
@@ -42,30 +43,35 @@ func resourceDigitalOceanSSHKey() *schema.Resource {
 }
 
 func resourceDigitalOceanSSHKeyCreate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
 	// Build up our creation options
-	opts := &digitalocean.CreateSSHKey{
+	opts := &godo.KeyCreateRequest{
 		Name:      d.Get("name").(string),
 		PublicKey: d.Get("public_key").(string),
 	}
 
 	log.Printf("[DEBUG] SSH Key create configuration: %#v", opts)
-	id, err := client.CreateSSHKey(opts)
+	key, _, err := client.Keys.Create(opts)
 	if err != nil {
 		return fmt.Errorf("Error creating SSH Key: %s", err)
 	}
 
-	d.SetId(id)
-	log.Printf("[INFO] SSH Key: %s", id)
+	d.SetId(strconv.Itoa(key.ID))
+	log.Printf("[INFO] SSH Key: %d", key.ID)
 
 	return resourceDigitalOceanSSHKeyRead(d, meta)
 }
 
 func resourceDigitalOceanSSHKeyRead(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	key, err := client.RetrieveSSHKey(d.Id())
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid SSH key id: %v", err)
+	}
+
+	key, _, err := client.Keys.GetByID(id)
 	if err != nil {
 		// If the key is somehow already destroyed, mark as
 		// successfully gone
@@ -84,7 +90,12 @@ func resourceDigitalOceanSSHKeyRead(d *schema.ResourceData, meta interface{}) er
 }
 
 func resourceDigitalOceanSSHKeyUpdate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
+
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid SSH key id: %v", err)
+	}
 
 	var newName string
 	if v, ok := d.GetOk("name"); ok {
@@ -92,7 +103,10 @@ func resourceDigitalOceanSSHKeyUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	log.Printf("[DEBUG] SSH key update name: %#v", newName)
-	err := client.RenameSSHKey(d.Id(), newName)
+	opts := &godo.KeyUpdateRequest{
+		Name: newName,
+	}
+	_, _, err = client.Keys.UpdateByID(id, opts)
 	if err != nil {
 		return fmt.Errorf("Failed to update SSH key: %s", err)
 	}
@@ -101,10 +115,15 @@ func resourceDigitalOceanSSHKeyUpdate(d *schema.ResourceData, meta interface{})
 }
 
 func resourceDigitalOceanSSHKeyDelete(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*digitalocean.Client)
+	client := meta.(*godo.Client)
 
-	log.Printf("[INFO] Deleting SSH key: %s", d.Id())
-	err := client.DestroySSHKey(d.Id())
+	id, err := strconv.Atoi(d.Id())
+	if err != nil {
+		return fmt.Errorf("invalid SSH key id: %v", err)
+	}
+
+	log.Printf("[INFO] Deleting SSH key: %d", id)
+	_, err = client.Keys.DeleteByID(id)
 	if err != nil {
 		return fmt.Errorf("Error deleting SSH key: %s", err)
 	}
diff --git a/builtin/providers/digitalocean/resource_digitalocean_ssh_key_test.go b/builtin/providers/digitalocean/resource_digitalocean_ssh_key_test.go
index 009366e18a..3aebe1821c 100644
--- a/builtin/providers/digitalocean/resource_digitalocean_ssh_key_test.go
+++ b/builtin/providers/digitalocean/resource_digitalocean_ssh_key_test.go
@@ -6,13 +6,13 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/digitalocean/godo"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
-	"github.com/pearkes/digitalocean"
 )
 
 func TestAccDigitalOceanSSHKey_Basic(t *testing.T) {
-	var key digitalocean.SSHKey
+	var key godo.Key
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -35,15 +35,20 @@ func TestAccDigitalOceanSSHKey_Basic(t *testing.T) {
 }
 
 func testAccCheckDigitalOceanSSHKeyDestroy(s *terraform.State) error {
-	client := testAccProvider.Meta().(*digitalocean.Client)
+	client := testAccProvider.Meta().(*godo.Client)
 
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "digitalocean_ssh_key" {
 			continue
 		}
 
+		id, err := strconv.Atoi(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
 		// Try to find the key
-		_, err := client.RetrieveSSHKey(rs.Primary.ID)
+		_, _, err = client.Keys.GetByID(id)
 
 		if err == nil {
 			fmt.Errorf("SSH key still exists")
@@ -53,7 +58,7 @@ func testAccCheckDigitalOceanSSHKeyDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccCheckDigitalOceanSSHKeyAttributes(key *digitalocean.SSHKey) resource.TestCheckFunc {
+func testAccCheckDigitalOceanSSHKeyAttributes(key *godo.Key) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 
 		if key.Name != "foobar" {
@@ -64,7 +69,7 @@ func testAccCheckDigitalOceanSSHKeyAttributes(key *digitalocean.SSHKey) resource
 	}
 }
 
-func testAccCheckDigitalOceanSSHKeyExists(n string, key *digitalocean.SSHKey) resource.TestCheckFunc {
+func testAccCheckDigitalOceanSSHKeyExists(n string, key *godo.Key) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 
@@ -76,19 +81,25 @@ func testAccCheckDigitalOceanSSHKeyExists(n string, key *digitalocean.SSHKey) re
 			return fmt.Errorf("No Record ID is set")
 		}
 
-		client := testAccProvider.Meta().(*digitalocean.Client)
+		client := testAccProvider.Meta().(*godo.Client)
 
-		foundKey, err := client.RetrieveSSHKey(rs.Primary.ID)
+		id, err := strconv.Atoi(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		// Try to find the key
+		foundKey, _, err := client.Keys.GetByID(id)
 
 		if err != nil {
 			return err
 		}
 
-		if strconv.Itoa(int(foundKey.Id)) != rs.Primary.ID {
+		if strconv.Itoa(foundKey.ID) != rs.Primary.ID {
 			return fmt.Errorf("Record not found")
 		}
 
-		*key = foundKey
+		*key = *foundKey
 
 		return nil
 	}

From 2ba8dc38fae1e885b6ce79fda27463b51470d852 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Sun, 27 Sep 2015 18:58:48 -0700
Subject: [PATCH 068/335] Switch to go-multierror
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It seems there are 4 locations left that use the `helper/multierror`
package, where the rest is TF settled on the `hashicorp/go-multierror`
package.

Functionally this doesn’t change anything, so I suggest to delete the
builtin version as it can only cause confusion (both packages have the
same name, but are still different types according to Go’s type system.
---
 builtin/providers/aws/config.go               |  2 +-
 .../aws/resource_aws_db_security_group.go     |  2 +-
 .../providers/heroku/resource_heroku_app.go   |  2 +-
 config/config.go                              |  2 +-
 helper/multierror/error.go                    | 54 ------------------
 helper/multierror/error_test.go               | 56 -------------------
 6 files changed, 4 insertions(+), 114 deletions(-)
 delete mode 100644 helper/multierror/error.go
 delete mode 100644 helper/multierror/error_test.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index a57c65c1b2..369f0df374 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -5,7 +5,7 @@ import (
 	"log"
 	"strings"
 
-	"github.com/hashicorp/terraform/helper/multierror"
+	"github.com/hashicorp/go-multierror"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
diff --git a/builtin/providers/aws/resource_aws_db_security_group.go b/builtin/providers/aws/resource_aws_db_security_group.go
index 6932fc971e..367400ae77 100644
--- a/builtin/providers/aws/resource_aws_db_security_group.go
+++ b/builtin/providers/aws/resource_aws_db_security_group.go
@@ -9,8 +9,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/rds"
+	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform/helper/hashcode"
-	"github.com/hashicorp/terraform/helper/multierror"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 )
diff --git a/builtin/providers/heroku/resource_heroku_app.go b/builtin/providers/heroku/resource_heroku_app.go
index 52954aa5d1..4c2f3bf97a 100644
--- a/builtin/providers/heroku/resource_heroku_app.go
+++ b/builtin/providers/heroku/resource_heroku_app.go
@@ -5,7 +5,7 @@ import (
 	"log"
 
 	"github.com/cyberdelia/heroku-go/v3"
-	"github.com/hashicorp/terraform/helper/multierror"
+	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
diff --git a/config/config.go b/config/config.go
index 811b77ec7e..c088414dab 100644
--- a/config/config.go
+++ b/config/config.go
@@ -8,10 +8,10 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform/config/lang"
 	"github.com/hashicorp/terraform/config/lang/ast"
 	"github.com/hashicorp/terraform/flatmap"
-	"github.com/hashicorp/terraform/helper/multierror"
 	"github.com/mitchellh/mapstructure"
 	"github.com/mitchellh/reflectwalk"
 )
diff --git a/helper/multierror/error.go b/helper/multierror/error.go
deleted file mode 100644
index ae21e4366f..0000000000
--- a/helper/multierror/error.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package multierror
-
-import (
-	"fmt"
-	"strings"
-)
-
-// Error is an error type to track multiple errors. This is used to
-// accumulate errors in cases such as configuration parsing, and returning
-// them as a single error.
-type Error struct {
-	Errors []error
-}
-
-func (e *Error) Error() string {
-	points := make([]string, len(e.Errors))
-	for i, err := range e.Errors {
-		points[i] = fmt.Sprintf("* %s", err)
-	}
-
-	return fmt.Sprintf(
-		"%d error(s) occurred:\n\n%s",
-		len(e.Errors), strings.Join(points, "\n"))
-}
-
-func (e *Error) GoString() string {
-	return fmt.Sprintf("*%#v", *e)
-}
-
-// ErrorAppend is a helper function that will append more errors
-// onto an Error in order to create a larger multi-error. If the
-// original error is not an Error, it will be turned into one.
-func ErrorAppend(err error, errs ...error) *Error {
-	if err == nil {
-		err = new(Error)
-	}
-
-	switch err := err.(type) {
-	case *Error:
-		if err == nil {
-			err = new(Error)
-		}
-
-		err.Errors = append(err.Errors, errs...)
-		return err
-	default:
-		newErrs := make([]error, len(errs)+1)
-		newErrs[0] = err
-		copy(newErrs[1:], errs)
-		return &Error{
-			Errors: newErrs,
-		}
-	}
-}
diff --git a/helper/multierror/error_test.go b/helper/multierror/error_test.go
deleted file mode 100644
index 207c004656..0000000000
--- a/helper/multierror/error_test.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package multierror
-
-import (
-	"errors"
-	"testing"
-)
-
-func TestError_Impl(t *testing.T) {
-	var raw interface{}
-	raw = &Error{}
-	if _, ok := raw.(error); !ok {
-		t.Fatal("Error must implement error")
-	}
-}
-
-func TestErrorError(t *testing.T) {
-	expected := `2 error(s) occurred:
-
-* foo
-* bar`
-
-	errors := []error{
-		errors.New("foo"),
-		errors.New("bar"),
-	}
-
-	multi := &Error{errors}
-	if multi.Error() != expected {
-		t.Fatalf("bad: %s", multi.Error())
-	}
-}
-
-func TestErrorAppend_Error(t *testing.T) {
-	original := &Error{
-		Errors: []error{errors.New("foo")},
-	}
-
-	result := ErrorAppend(original, errors.New("bar"))
-	if len(result.Errors) != 2 {
-		t.Fatalf("wrong len: %d", len(result.Errors))
-	}
-
-	original = &Error{}
-	result = ErrorAppend(original, errors.New("bar"))
-	if len(result.Errors) != 1 {
-		t.Fatalf("wrong len: %d", len(result.Errors))
-	}
-}
-
-func TestErrorAppend_NonError(t *testing.T) {
-	original := errors.New("foo")
-	result := ErrorAppend(original, errors.New("bar"))
-	if len(result.Errors) != 2 {
-		t.Fatalf("wrong len: %d", len(result.Errors))
-	}
-}

From ccf683b6eab01576e5b584bcfdbe751eca6017ba Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Sun, 27 Sep 2015 19:49:58 -0700
Subject: [PATCH 069/335] Add support for network domains

Fixes #3248
---
 .../cloudstack/resource_cloudstack_vpc.go     | 21 ++++++++++++++++++-
 .../resource_cloudstack_vpc_test.go           |  5 +++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index 8fe132d94f..4cc07d7b60 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -40,6 +40,12 @@ func resourceCloudStackVPC() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"network_domain": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
 			"project": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@@ -79,7 +85,19 @@ func resourceCloudStackVPCCreate(d *schema.ResourceData, meta interface{}) error
 	}
 
 	// Create a new parameter struct
-	p := cs.VPC.NewCreateVPCParams(d.Get("cidr").(string), displaytext.(string), name, vpcofferingid, zoneid)
+	p := cs.VPC.NewCreateVPCParams(
+		d.Get("cidr").(string),
+		displaytext.(string),
+		name,
+		vpcofferingid,
+		zoneid,
+	)
+
+	// If there is a network domain supplied, make sure to add it to the request
+	if networkDomain, ok := d.GetOk("network_domain"); ok {
+		// Set the network domain
+		p.SetNetworkdomain(networkDomain.(string))
+	}
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
@@ -122,6 +140,7 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("name", v.Name)
 	d.Set("display_text", v.Displaytext)
 	d.Set("cidr", v.Cidr)
+	d.Set("network_domain", v.Networkdomain)
 
 	// Get the VPC offering details
 	o, _, err := cs.VPC.GetVPCOfferingByID(v.Vpcofferingid)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go b/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
index 011358a953..abaa730606 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
@@ -76,6 +76,10 @@ func testAccCheckCloudStackVPCAttributes(
 			return fmt.Errorf("Bad VPC CIDR: %s", vpc.Cidr)
 		}
 
+		if vpc.Networkdomain != "terraform-domain" {
+			return fmt.Errorf("Bad network domain: %s", vpc.Networkdomain)
+		}
+
 		return nil
 	}
 }
@@ -107,6 +111,7 @@ resource "cloudstack_vpc" "foo" {
   display_text = "terraform-vpc-text"
   cidr = "%s"
   vpc_offering = "%s"
+	network_domain = "terraform-domain"
   zone = "%s"
 }`,
 	CLOUDSTACK_VPC_CIDR_1,

From 979c86ec261dcdaf40443ae89a9c2537ba5de73c Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Sun, 27 Sep 2015 19:56:44 -0700
Subject: [PATCH 070/335] Fix styling...

---
 builtin/providers/cloudstack/resource_cloudstack_vpc_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go b/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
index abaa730606..7c1d1492ef 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
@@ -111,7 +111,7 @@ resource "cloudstack_vpc" "foo" {
   display_text = "terraform-vpc-text"
   cidr = "%s"
   vpc_offering = "%s"
-	network_domain = "terraform-domain"
+  network_domain = "terraform-domain"
   zone = "%s"
 }`,
 	CLOUDSTACK_VPC_CIDR_1,

From a9b86636c80d8462dc6f0bed2f760da8a562aed6 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Mon, 28 Sep 2015 13:31:08 -0400
Subject: [PATCH 071/335] Check for proper empty response instead of
 UnlimitedResourceID

---
 builtin/providers/cloudstack/resource_cloudstack_template.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index 12de2152a5..c2d9459a7a 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -238,7 +238,7 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 
 	setValueOrUUID(d, "project", t.Project, t.Projectid)
 
-	if t.Zoneid == UnlimitedResourceID {
+	if t.Zoneid == "" {
 		setValueOrUUID(d, "zone", t.Zonename, UnlimitedResourceID)
 	} else {
 		setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)

From f59c71b35a3c671208bf2ceaa84e9be5a48929aa Mon Sep 17 00:00:00 2001
From: Kevin Nuckolls <kevin.nuckolls@gmail.com>
Date: Wed, 6 May 2015 10:58:42 -0500
Subject: [PATCH 072/335] works for apply, no tests yet

---
 command/apply.go | 10 +++++++---
 command/meta.go  |  8 ++++++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/command/apply.go b/command/apply.go
index f924c65caa..232b44b827 100644
--- a/command/apply.go
+++ b/command/apply.go
@@ -39,6 +39,7 @@ func (c *ApplyCommand) Run(args []string) int {
 		cmdFlags.BoolVar(&destroyForce, "force", false, "force")
 	}
 	cmdFlags.BoolVar(&refresh, "refresh", true, "refresh")
+	cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", 0, "parallelism")
 	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
 	cmdFlags.StringVar(&c.Meta.stateOutPath, "state-out", "", "path")
 	cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
@@ -94,9 +95,10 @@ func (c *ApplyCommand) Run(args []string) int {
 
 	// Build the context based on the arguments given
 	ctx, planned, err := c.Context(contextOpts{
-		Destroy:   c.Destroy,
-		Path:      configPath,
-		StatePath: c.Meta.statePath,
+		Destroy:     c.Destroy,
+		Path:        configPath,
+		StatePath:   c.Meta.statePath,
+		Parallelism: c.Meta.parallelism,
 	})
 	if err != nil {
 		c.Ui.Error(err.Error())
@@ -278,6 +280,8 @@ Options:
 
   -no-color              If specified, output won't contain any color.
 
+  -parallelism=#         Limit the number of concurrent operations.
+
   -refresh=true          Update state prior to checking for differences. This
                          has no effect if a plan file is given to apply.
 
diff --git a/command/meta.go b/command/meta.go
index 4c1c09afe8..af4a523028 100644
--- a/command/meta.go
+++ b/command/meta.go
@@ -59,9 +59,13 @@ type Meta struct {
 	//
 	// backupPath is used to backup the state file before writing a modified
 	// version. It defaults to stateOutPath + DefaultBackupExtension
+	//
+	// parallelism is used to control the number of concurrent operations
+	// allowed when walking the graph
 	statePath    string
 	stateOutPath string
 	backupPath   string
+	parallelism  int
 }
 
 // initStatePaths is used to initialize the default values for
@@ -151,6 +155,7 @@ func (m *Meta) Context(copts contextOpts) (*terraform.Context, bool, error) {
 	}
 
 	opts.Module = mod
+	opts.Parallelism = copts.Parallelism
 	opts.State = state.State()
 	ctx := terraform.NewContext(opts)
 	return ctx, false, nil
@@ -430,4 +435,7 @@ type contextOpts struct {
 
 	// Set to true when running a destroy plan/apply.
 	Destroy bool
+
+	// Number of concurrent operations allowed
+	Parallelism int
 }

From fc60b2858c2a440a3a77e93a05ff9cd6764cf878 Mon Sep 17 00:00:00 2001
From: Kevin Nuckolls <kevin.nuckolls@gmail.com>
Date: Thu, 7 May 2015 10:21:00 -0500
Subject: [PATCH 073/335] Added -parallelism to refresh and plan cli UI

---
 command/plan.go    | 8 +++++---
 command/refresh.go | 6 ++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/command/plan.go b/command/plan.go
index 15c2b505f2..e1b43babef 100644
--- a/command/plan.go
+++ b/command/plan.go
@@ -27,6 +27,7 @@ func (c *PlanCommand) Run(args []string) int {
 	cmdFlags.BoolVar(&refresh, "refresh", true, "refresh")
 	c.addModuleDepthFlag(cmdFlags, &moduleDepth)
 	cmdFlags.StringVar(&outPath, "out", "", "path")
+	cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", 0, "parallelism")
 	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
 	cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
 	cmdFlags.BoolVar(&detailed, "detailed-exitcode", false, "detailed-exitcode")
@@ -57,9 +58,10 @@ func (c *PlanCommand) Run(args []string) int {
 	c.Meta.extraHooks = []terraform.Hook{countHook}
 
 	ctx, _, err := c.Context(contextOpts{
-		Destroy:   destroy,
-		Path:      path,
-		StatePath: c.Meta.statePath,
+		Destroy:     destroy,
+		Path:        path,
+		StatePath:   c.Meta.statePath,
+		Parallelism: c.Meta.parallelism,
 	})
 	if err != nil {
 		c.Ui.Error(err.Error())
diff --git a/command/refresh.go b/command/refresh.go
index ee3cd70071..99190bf872 100644
--- a/command/refresh.go
+++ b/command/refresh.go
@@ -18,6 +18,7 @@ func (c *RefreshCommand) Run(args []string) int {
 
 	cmdFlags := c.Meta.flagSet("refresh")
 	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
+	cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", 0, "parallelism")
 	cmdFlags.StringVar(&c.Meta.stateOutPath, "state-out", "", "path")
 	cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
 	cmdFlags.Usage = func() { c.Ui.Error(c.Help()) }
@@ -78,8 +79,9 @@ func (c *RefreshCommand) Run(args []string) int {
 
 	// Build the context based on the arguments given
 	ctx, _, err := c.Context(contextOpts{
-		Path:      configPath,
-		StatePath: c.Meta.statePath,
+		Path:        configPath,
+		StatePath:   c.Meta.statePath,
+		Parallelism: c.Meta.parallelism,
 	})
 	if err != nil {
 		c.Ui.Error(err.Error())

From bf9c5c46d09413c234e2ef3d784081ca290f15b8 Mon Sep 17 00:00:00 2001
From: Kevin Nuckolls <kevin.nuckolls@gmail.com>
Date: Fri, 8 May 2015 02:01:21 -0500
Subject: [PATCH 074/335] Tests for apply parallelism=1 and parallelism=2

---
 command/apply_test.go                     | 76 +++++++++++++++++++++++
 command/command_test.go                   | 15 +++++
 command/test-fixtures/parallelism/main.tf | 13 ++++
 3 files changed, 104 insertions(+)
 create mode 100644 command/test-fixtures/parallelism/main.tf

diff --git a/command/apply_test.go b/command/apply_test.go
index 052bd592cc..c5379c4f37 100644
--- a/command/apply_test.go
+++ b/command/apply_test.go
@@ -58,6 +58,82 @@ func TestApply(t *testing.T) {
 	}
 }
 
+func TestApply_parallelism1(t *testing.T) {
+	statePath := testTempFile(t)
+
+	ui := new(cli.MockUi)
+	p := testProvider()
+	pr := new(terraform.MockResourceProvisioner)
+
+	pr.ApplyFn = func(*terraform.InstanceState, *terraform.ResourceConfig) error {
+		time.Sleep(time.Second)
+		return nil
+	}
+
+	args := []string{
+		"-state", statePath,
+		"-parallelism=1",
+		testFixturePath("parallelism"),
+	}
+
+	c := &ApplyCommand{
+		Meta: Meta{
+			ContextOpts: testCtxConfigWithShell(p, pr),
+			Ui:          ui,
+		},
+	}
+
+	start := time.Now()
+	if code := c.Run(args); code != 0 {
+		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+	}
+	elapsed := time.Since(start).Seconds()
+
+	// This test should take exactly two seconds, plus some minor amount of execution time.
+	if elapsed < 2 || elapsed > 2.2 {
+		t.Fatalf("bad: %f\n\n%s", elapsed, ui.ErrorWriter.String())
+	}
+
+}
+
+func TestApply_parallelism2(t *testing.T) {
+	statePath := testTempFile(t)
+
+	ui := new(cli.MockUi)
+	p := testProvider()
+	pr := new(terraform.MockResourceProvisioner)
+
+	pr.ApplyFn = func(*terraform.InstanceState, *terraform.ResourceConfig) error {
+		time.Sleep(time.Second)
+		return nil
+	}
+
+	args := []string{
+		"-state", statePath,
+		"-parallelism=2",
+		testFixturePath("parallelism"),
+	}
+
+	c := &ApplyCommand{
+		Meta: Meta{
+			ContextOpts: testCtxConfigWithShell(p, pr),
+			Ui:          ui,
+		},
+	}
+
+	start := time.Now()
+	if code := c.Run(args); code != 0 {
+		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+	}
+	elapsed := time.Since(start).Seconds()
+
+	// This test should take exactly one second, plus some minor amount of execution time.
+	if elapsed < 1 || elapsed > 1.2 {
+		t.Fatalf("bad: %f\n\n%s", elapsed, ui.ErrorWriter.String())
+	}
+
+}
+
 func TestApply_configInvalid(t *testing.T) {
 	p := testProvider()
 	ui := new(cli.MockUi)
diff --git a/command/command_test.go b/command/command_test.go
index 2544cf5318..2b9f93dd1d 100644
--- a/command/command_test.go
+++ b/command/command_test.go
@@ -52,6 +52,21 @@ func testCtxConfig(p terraform.ResourceProvider) *terraform.ContextOpts {
 	}
 }
 
+func testCtxConfigWithShell(p terraform.ResourceProvider, pr terraform.ResourceProvisioner) *terraform.ContextOpts {
+	return &terraform.ContextOpts{
+		Providers: map[string]terraform.ResourceProviderFactory{
+			"test": func() (terraform.ResourceProvider, error) {
+				return p, nil
+			},
+		},
+		Provisioners: map[string]terraform.ResourceProvisionerFactory{
+			"shell": func() (terraform.ResourceProvisioner, error) {
+				return pr, nil
+			},
+		},
+	}
+}
+
 func testModule(t *testing.T, name string) *module.Tree {
 	mod, err := module.NewTreeModule("", filepath.Join(fixtureDir, name))
 	if err != nil {
diff --git a/command/test-fixtures/parallelism/main.tf b/command/test-fixtures/parallelism/main.tf
new file mode 100644
index 0000000000..7708209c17
--- /dev/null
+++ b/command/test-fixtures/parallelism/main.tf
@@ -0,0 +1,13 @@
+resource "test_instance" "foo1" {
+	ami = "bar"
+
+	// shell has been configured to sleep for one second
+	provisioner "shell" {}
+}
+
+resource "test_instance" "foo2" {
+	ami = "bar"
+
+	// shell has been configured to sleep for one second
+	provisioner "shell" {}
+}

From 1d6a5c5401a4abaa03d2a8233aac6e07ba321d8e Mon Sep 17 00:00:00 2001
From: carinadigital <carinadigtial@gmail.com>
Date: Mon, 6 Jul 2015 14:13:01 +0100
Subject: [PATCH 075/335] Update docs to show correct launching of atlas
 artifact in AWS.

---
 website/source/docs/providers/atlas/r/artifact.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/atlas/r/artifact.html.markdown b/website/source/docs/providers/atlas/r/artifact.html.markdown
index 7c8be2985c..08dae8fd9a 100644
--- a/website/source/docs/providers/atlas/r/artifact.html.markdown
+++ b/website/source/docs/providers/atlas/r/artifact.html.markdown
@@ -32,6 +32,7 @@ resource "atlas_artifact" "web" {
 }
 
 # Start our instance with the dynamic ami value
+# Remember to include the AWS region as it is part of the full ID
 resource "aws_instance" "app" {
     ami = "${atlas_artifact.web.metadata_full.region-us-east-1}"
     ...
@@ -82,4 +83,3 @@ The following attributes are exported:
   For example, the "region.us-east-1" key will become "region-us-east-1".
 * `version_real` - The matching version of the artifact
 * `slug` - The artifact slug in Atlas
-

From 1e90f986f22604f808f7af3857a16fa21f7b2ba0 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Wed, 30 Sep 2015 14:03:14 -0400
Subject: [PATCH 076/335] Update conditional to set UnlimitedResourceID for
 Zonename as well as Zoneid

---
 builtin/providers/cloudstack/resource_cloudstack_template.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index c2d9459a7a..2cce32ae7c 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -239,7 +239,7 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 	setValueOrUUID(d, "project", t.Project, t.Projectid)
 
 	if t.Zoneid == "" {
-		setValueOrUUID(d, "zone", t.Zonename, UnlimitedResourceID)
+		setValueOrUUID(d, "zone", UnlimitedResourceID, UnlimitedResourceID)
 	} else {
 		setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)
 	}

From e0632de30c3582520444699da181989d88c5907b Mon Sep 17 00:00:00 2001
From: Kazunori Kojima <kjm.kznr@gmail.com>
Date: Fri, 2 Oct 2015 01:49:32 +0900
Subject: [PATCH 077/335] Add support S3 CORS

---
 .../providers/aws/resource_aws_s3_bucket.go   | 117 ++++++++++++++++++
 .../aws/resource_aws_s3_bucket_test.go        |  62 ++++++++++
 .../providers/aws/r/s3_bucket.html.markdown   |  26 ++++
 3 files changed, 205 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go
index a329d4ff6d..93105ec510 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket.go
@@ -41,6 +41,39 @@ func resourceAwsS3Bucket() *schema.Resource {
 				StateFunc: normalizeJson,
 			},
 
+			"cors_rule": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"allowed_headers": &schema.Schema{
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"allowed_methods": &schema.Schema{
+							Type:     schema.TypeList,
+							Required: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"allowed_origins": &schema.Schema{
+							Type:     schema.TypeList,
+							Required: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"expose_headers": &schema.Schema{
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"max_age_seconds": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+					},
+				},
+			},
+
 			"website": &schema.Schema{
 				Type:     schema.TypeList,
 				Optional: true,
@@ -168,6 +201,12 @@ func resourceAwsS3BucketUpdate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	if d.HasChange("cors_rule") {
+		if err := resourceAwsS3BucketCorsUpdate(s3conn, d); err != nil {
+			return err
+		}
+	}
+
 	if d.HasChange("website") {
 		if err := resourceAwsS3BucketWebsiteUpdate(s3conn, d); err != nil {
 			return err
@@ -221,6 +260,25 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	// Read the CORS
+	cors, err := s3conn.GetBucketCors(&s3.GetBucketCorsInput{
+		Bucket: aws.String(d.Id()),
+	})
+	log.Printf("[DEBUG] S3 bucket: %s, read CORS: %v", d.Id(), cors)
+	if err != nil {
+		rules := make([]map[string]interface{}, 0, len(cors.CORSRules))
+		for _, ruleObject := range cors.CORSRules {
+			rule := make(map[string]interface{})
+			rule["allowed_headers"] = ruleObject.AllowedHeaders
+			rule["allowed_methods"] = ruleObject.AllowedMethods
+			rule["allowed_origins"] = ruleObject.AllowedOrigins
+			rule["expose_headers"] = ruleObject.ExposeHeaders
+			rule["max_age_seconds"] = ruleObject.MaxAgeSeconds
+			rules = append(rules, rule)
+		}
+		d.Set("cors_rule", rules)
+	}
+
 	// Read the website configuration
 	ws, err := s3conn.GetBucketWebsite(&s3.GetBucketWebsiteInput{
 		Bucket: aws.String(d.Id()),
@@ -400,6 +458,65 @@ func resourceAwsS3BucketPolicyUpdate(s3conn *s3.S3, d *schema.ResourceData) erro
 	return nil
 }
 
+func resourceAwsS3BucketCorsUpdate(s3conn *s3.S3, d *schema.ResourceData) error {
+	bucket := d.Get("bucket").(string)
+	rawCors := d.Get("cors_rule").([]interface{})
+
+	if len(rawCors) == 0 {
+		// Delete CORS
+		log.Printf("[DEBUG] S3 bucket: %s, delete CORS", bucket)
+		_, err := s3conn.DeleteBucketCors(&s3.DeleteBucketCorsInput{
+			Bucket: aws.String(bucket),
+		})
+		if err != nil {
+			return fmt.Errorf("Error deleting S3 CORS: %s", err)
+		}
+	} else {
+		// Put CORS
+		rules := make([]*s3.CORSRule, 0, len(rawCors))
+		for _, cors := range rawCors {
+			corsMap := cors.(map[string]interface{})
+			r := &s3.CORSRule{}
+			for k, v := range corsMap {
+				log.Printf("[DEBUG] S3 bucket: %s, put CORS: %#v, %#v", bucket, k, v)
+				if k == "max_age_seconds" {
+					r.MaxAgeSeconds = aws.Int64(int64(v.(int)))
+				} else {
+					vMap := make([]*string, len(v.([]interface{})))
+					for i, vv := range v.([]interface{}) {
+						str := vv.(string)
+						vMap[i] = aws.String(str)
+					}
+					switch k {
+					case "allowed_headers":
+						r.AllowedHeaders = vMap
+					case "allowed_methods":
+						r.AllowedMethods = vMap
+					case "allowed_origins":
+						r.AllowedOrigins = vMap
+					case "expose_headers":
+						r.ExposeHeaders = vMap
+					}
+				}
+			}
+			rules = append(rules, r)
+		}
+		corsInput := &s3.PutBucketCorsInput{
+			Bucket: aws.String(bucket),
+			CORSConfiguration: &s3.CORSConfiguration{
+				CORSRules: rules,
+			},
+		}
+		log.Printf("[DEBUG] S3 bucket: %s, put CORS: %#v", bucket, corsInput)
+		_, err := s3conn.PutBucketCors(corsInput)
+		if err != nil {
+			return fmt.Errorf("Error putting S3 CORS: %s", err)
+		}
+	}
+
+	return nil
+}
+
 func resourceAwsS3BucketWebsiteUpdate(s3conn *s3.S3, d *schema.ResourceData) error {
 	ws := d.Get("website").([]interface{})
 
diff --git a/builtin/providers/aws/resource_aws_s3_bucket_test.go b/builtin/providers/aws/resource_aws_s3_bucket_test.go
index e494816b3e..4a969365ab 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_test.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_test.go
@@ -188,6 +188,34 @@ func TestAccAWSS3Bucket_Versioning(t *testing.T) {
 	})
 }
 
+func TestAccAWSS3Bucket_Cors(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSS3BucketDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSS3BucketConfigWithCORS,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSS3BucketExists("aws_s3_bucket.bucket"),
+					testAccCheckAWSS3BucketCors(
+						"aws_s3_bucket.bucket",
+						[]*s3.CORSRule{
+							&s3.CORSRule{
+								AllowedHeaders: []*string{aws.String("*")},
+								AllowedMethods: []*string{aws.String("PUT"), aws.String("POST")},
+								AllowedOrigins: []*string{aws.String("https://www.example.com")},
+								ExposeHeaders:  []*string{aws.String("x-amz-server-side-encryption"), aws.String("ETag")},
+								MaxAgeSeconds:  aws.Int64(3000),
+							},
+						},
+					),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSS3BucketDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).s3conn
 
@@ -370,6 +398,26 @@ func testAccCheckAWSS3BucketVersioning(n string, versioningStatus string) resour
 		return nil
 	}
 }
+func testAccCheckAWSS3BucketCors(n string, corsRules []*s3.CORSRule) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, _ := s.RootModule().Resources[n]
+		conn := testAccProvider.Meta().(*AWSClient).s3conn
+
+		out, err := conn.GetBucketCors(&s3.GetBucketCorsInput{
+			Bucket: aws.String(rs.Primary.ID),
+		})
+
+		if err != nil {
+			return fmt.Errorf("GetBucketCors error: %v", err)
+		}
+
+		if !reflect.DeepEqual(out.CORSRules, corsRules) {
+			return fmt.Errorf("bad error cors rule, expected: %v, got %v", corsRules, out.CORSRules)
+		}
+
+		return nil
+	}
+}
 
 // These need a bit of randomness as the name can only be used once globally
 // within AWS
@@ -452,3 +500,17 @@ resource "aws_s3_bucket" "bucket" {
 	}
 }
 `, randInt)
+
+var testAccAWSS3BucketConfigWithCORS = fmt.Sprintf(`
+resource "aws_s3_bucket" "bucket" {
+	bucket = "tf-test-bucket-%d"
+	acl = "public-read"
+	cors_rule {
+			allowed_headers = ["*"]
+			allowed_methods = ["PUT","POST"]
+			allowed_origins = ["https://www.example.com"]
+			expose_headers = ["x-amz-server-side-encryption","ETag"]
+			max_age_seconds = 3000
+	}
+}
+`, randInt)
diff --git a/website/source/docs/providers/aws/r/s3_bucket.html.markdown b/website/source/docs/providers/aws/r/s3_bucket.html.markdown
index 011f733475..da008053c7 100644
--- a/website/source/docs/providers/aws/r/s3_bucket.html.markdown
+++ b/website/source/docs/providers/aws/r/s3_bucket.html.markdown
@@ -41,6 +41,23 @@ resource "aws_s3_bucket" "b" {
 }
 ```
 
+### Using CORS
+
+```
+resource "aws_s3_bucket" "b" {
+    bucket = "s3-website-test.hashicorp.com"
+    acl = "public-read"
+
+    cors_rule {
+        allowed_headers = ["*"]
+        allowed_methods = ["PUT","POST"]
+        allowed_origins = ["https://s3-website-test.hashicorp.com"]
+        expose_headers = ["ETag"]
+        max_age_seconds = 3000
+    }
+}
+```
+
 ### Using versioning
 
 ```
@@ -64,6 +81,7 @@ The following arguments are supported:
 * `tags` - (Optional) A mapping of tags to assign to the bucket.
 * `force_destroy` - (Optional, Default:false ) A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.
 * `website` - (Optional) A website object (documented below).
+* `cors_rule` - (Optional) A rule of [Cross-Origin Resource Sharing](http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) (documented below).
 * `versioning` - (Optional) A state of [versioning](http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) (documented below)
 
 The website object supports the following:
@@ -72,6 +90,14 @@ The website object supports the following:
 * `error_document` - (Optional) An absolute path to the document to return in case of a 4XX error.
 * `redirect_all_requests_to` - (Optional) A hostname to redirect all website requests for this bucket to.
 
+The CORS supports the following:
+
+* `allowed_headers` (Optional) Specifies which headers are allowed.
+* `allowed_methods` (Required) Specifies which methods are allowed. Can be `GET`, `PUT`, `POST`, `DELETE` or `HEAD`.
+* `allowed_origins` (Required) Specifies which origins are allowed.
+* `expose_headers` (Optional) Specifies expose header in the response.
+* `max_age_seconds` (Optional) Specifies time in seconds that browser can cache the response for a preflight request.
+
 The versioning supports the following:
 
 * `enabled` - (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.

From efa26ed2a7eac658ad92793d9d2361fff1f2d007 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Thu, 1 Oct 2015 17:00:30 -0500
Subject: [PATCH 078/335] provider/aws: Fix issue with disabling source dest
 check on first run

---
 .../providers/aws/resource_aws_instance.go    | 32 ++++++++++---------
 .../aws/resource_aws_instance_test.go         |  3 ++
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_instance.go b/builtin/providers/aws/resource_aws_instance.go
index 093b6ae86b..faac6e0a52 100644
--- a/builtin/providers/aws/resource_aws_instance.go
+++ b/builtin/providers/aws/resource_aws_instance.go
@@ -414,11 +414,6 @@ func resourceAwsInstanceCreate(d *schema.ResourceData, meta interface{}) error {
 		})
 	}
 
-	// Set our attributes
-	if err := resourceAwsInstanceRead(d, meta); err != nil {
-		return err
-	}
-
 	// Update if we need to
 	return resourceAwsInstanceUpdate(d, meta)
 }
@@ -548,16 +543,23 @@ func resourceAwsInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	// SourceDestCheck can only be set on VPC instances
-	if d.Get("subnet_id").(string) != "" {
-		log.Printf("[INFO] Modifying instance %s", d.Id())
-		_, err := conn.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{
-			InstanceId: aws.String(d.Id()),
-			SourceDestCheck: &ec2.AttributeBooleanValue{
-				Value: aws.Bool(d.Get("source_dest_check").(bool)),
-			},
-		})
-		if err != nil {
-			return err
+	// AWS will return an error of InvalidParameterCombination if we attempt
+	// to modify the source_dest_check of an instance in EC2 Classic
+	log.Printf("[INFO] Modifying instance %s", d.Id())
+	_, err := conn.ModifyInstanceAttribute(&ec2.ModifyInstanceAttributeInput{
+		InstanceId: aws.String(d.Id()),
+		SourceDestCheck: &ec2.AttributeBooleanValue{
+			Value: aws.Bool(d.Get("source_dest_check").(bool)),
+		},
+	})
+	if err != nil {
+		if ec2err, ok := err.(awserr.Error); ok {
+			// Toloerate InvalidParameterCombination error in Classic, otherwise
+			// return the error
+			if "InvalidParameterCombination" != ec2err.Code() {
+				return err
+			}
+			log.Printf("[WARN] Attempted to modify SourceDestCheck on non VPC instance: %s", ec2err.Message())
 		}
 	}
 
diff --git a/builtin/providers/aws/resource_aws_instance_test.go b/builtin/providers/aws/resource_aws_instance_test.go
index 258320d543..3224f9b5e1 100644
--- a/builtin/providers/aws/resource_aws_instance_test.go
+++ b/builtin/providers/aws/resource_aws_instance_test.go
@@ -190,6 +190,9 @@ func TestAccAWSInstance_sourceDestCheck(t *testing.T) {
 
 	testCheck := func(enabled bool) resource.TestCheckFunc {
 		return func(*terraform.State) error {
+			if v.SourceDestCheck == nil {
+				return fmt.Errorf("bad source_dest_check: got nil")
+			}
 			if *v.SourceDestCheck != enabled {
 				return fmt.Errorf("bad source_dest_check: %#v", *v.SourceDestCheck)
 			}

From 12b50606493bff00bad37cae9bf62d18c91bf836 Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Fri, 2 Oct 2015 15:18:57 -0500
Subject: [PATCH 079/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7d7d3c8a3e..427146e2d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ FEATURES:
   * **New resource: `cloudstack_loadbalancer_rule`** [GH-2934]
   * **New resource: `google_compute_project_metadata`** [GH-3065]
   * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2874]
+  * **New resources: `aws_cloudwatch_log_group`** [GH-2415]
   * **New resource: `google_storage_bucket_object`** [GH-3192]
   * **New resources: `google_compute_vpn_gateway`, `google_compute_vpn_tunnel`** [GH-3213]
 

From 7aa14da9c77ebcab4e4bca0202ef98970e303508 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Fri, 2 Oct 2015 16:47:59 -0500
Subject: [PATCH 080/335] provider/aws: Renable TestAccAWSRouteTable_vpcPeering
 with additional config

---
 .../aws/resource_aws_route_table_test.go      | 38 +++++++++++++++----
 1 file changed, 31 insertions(+), 7 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_route_table_test.go b/builtin/providers/aws/resource_aws_route_table_test.go
index 6eb8951fd6..7437520246 100644
--- a/builtin/providers/aws/resource_aws_route_table_test.go
+++ b/builtin/providers/aws/resource_aws_route_table_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"os"
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -215,9 +216,14 @@ func testAccCheckRouteTableExists(n string, v *ec2.RouteTable) resource.TestChec
 // TODO: re-enable this test.
 // VPC Peering connections are prefixed with pcx
 // Right now there is no VPC Peering resource
-func _TestAccAWSRouteTable_vpcPeering(t *testing.T) {
+func TestAccAWSRouteTable_vpcPeering(t *testing.T) {
 	var v ec2.RouteTable
 
+	acctId := os.Getenv("TF_ACC_ID")
+	if acctId == "" {
+		t.Fatal("Error: Test TestAccAWSRouteTable_vpcPeering requires an Account ID in TF_ACC_ID ")
+	}
+
 	testCheck := func(*terraform.State) error {
 		if len(v.Routes) != 2 {
 			return fmt.Errorf("bad routes: %#v", v.Routes)
@@ -243,7 +249,7 @@ func _TestAccAWSRouteTable_vpcPeering(t *testing.T) {
 		CheckDestroy: testAccCheckRouteTableDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccRouteTableVpcPeeringConfig,
+				Config: testAccRouteTableVpcPeeringConfig(acctId),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRouteTableExists(
 						"aws_route_table.foo", &v),
@@ -395,11 +401,10 @@ resource "aws_route_table" "foo" {
 }
 `
 
-// TODO: re-enable this test.
 // VPC Peering connections are prefixed with pcx
-// Right now there is no VPC Peering resource
-const testAccRouteTableVpcPeeringConfig = `
-resource "aws_vpc" "foo" {
+// This test requires an ENV var, TF_ACC_ID, with a valid AWS Account ID
+func testAccRouteTableVpcPeeringConfig(acc string) string {
+	cfg := `resource "aws_vpc" "foo" {
 	cidr_block = "10.1.0.0/16"
 }
 
@@ -407,15 +412,34 @@ resource "aws_internet_gateway" "foo" {
 	vpc_id = "${aws_vpc.foo.id}"
 }
 
+resource "aws_vpc" "bar" {
+	cidr_block = "10.3.0.0/16"
+}
+
+resource "aws_internet_gateway" "bar" {
+	vpc_id = "${aws_vpc.bar.id}"
+}
+
+resource "aws_vpc_peering_connection" "foo" {
+		vpc_id = "${aws_vpc.foo.id}"
+		peer_vpc_id = "${aws_vpc.bar.id}"
+		peer_owner_id = "%s"
+		tags {
+			foo = "bar"
+		}
+}
+
 resource "aws_route_table" "foo" {
 	vpc_id = "${aws_vpc.foo.id}"
 
 	route {
 		cidr_block = "10.2.0.0/16"
-        vpc_peering_connection_id = "pcx-12345"
+		vpc_peering_connection_id = "${aws_vpc_peering_connection.foo.id}"
 	}
 }
 `
+	return fmt.Sprintf(cfg, acc)
+}
 
 const testAccRouteTableVgwRoutePropagationConfig = `
 resource "aws_vpc" "foo" {

From d0f734af7690c44fb2e757eb452b5f38dc53f23b Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Fri, 2 Oct 2015 16:50:26 -0500
Subject: [PATCH 081/335] remove TODO

---
 builtin/providers/aws/resource_aws_route_table_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_route_table_test.go b/builtin/providers/aws/resource_aws_route_table_test.go
index 7437520246..f43e22bde0 100644
--- a/builtin/providers/aws/resource_aws_route_table_test.go
+++ b/builtin/providers/aws/resource_aws_route_table_test.go
@@ -213,7 +213,6 @@ func testAccCheckRouteTableExists(n string, v *ec2.RouteTable) resource.TestChec
 	}
 }
 
-// TODO: re-enable this test.
 // VPC Peering connections are prefixed with pcx
 // Right now there is no VPC Peering resource
 func TestAccAWSRouteTable_vpcPeering(t *testing.T) {

From 910469ddee2dfc1743dfeaed5af3b95d8db72af8 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Fri, 2 Oct 2015 20:54:07 -0400
Subject: [PATCH 082/335] Add Source NAT IP parameter

When creating a VPC, CloudStack automatically assigns a source NAT IP
from it's pool. It's handy to have this IP available in Terraform, which
can be used in ACLs for example. This commit adds such support.
---
 .../cloudstack/resource_cloudstack_vpc.go         | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index 8fe132d94f..1b2ecbf86c 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -51,6 +51,11 @@ func resourceCloudStackVPC() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+
+			"source_nat_ip": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -133,6 +138,16 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 	setValueOrUUID(d, "project", v.Project, v.Projectid)
 	setValueOrUUID(d, "zone", v.Zonename, v.Zoneid)
 
+	// Grab the source NAT IP that CloudStack assigned.
+	p := cs.Address.NewListPublicIpAddressesParams()
+	p.SetVpcid(d.Id())
+	p.SetIssourcenat(true)
+	p.SetProjectid(v.Projectid)
+	l, e := cs.Address.ListPublicIpAddresses(p)
+	if (e == nil) && (l.Count == 1) {
+		d.Set("source_nat_ip", l.PublicIpAddresses[0].Ipaddress)
+	}
+
 	return nil
 }
 

From 1335131daa658b1ba6ae834dd15ccfefad4b8a23 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Sat, 3 Oct 2015 09:25:03 -0700
Subject: [PATCH 083/335] aws: Only fail on missing TF_ACC_ID if we're actually
 running acc. tests

---
 builtin/providers/aws/resource_aws_route_table_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_route_table_test.go b/builtin/providers/aws/resource_aws_route_table_test.go
index f43e22bde0..17fd4087ec 100644
--- a/builtin/providers/aws/resource_aws_route_table_test.go
+++ b/builtin/providers/aws/resource_aws_route_table_test.go
@@ -219,7 +219,7 @@ func TestAccAWSRouteTable_vpcPeering(t *testing.T) {
 	var v ec2.RouteTable
 
 	acctId := os.Getenv("TF_ACC_ID")
-	if acctId == "" {
+	if acctId == "" && os.Getenv(resource.TestEnvVar) != "" {
 		t.Fatal("Error: Test TestAccAWSRouteTable_vpcPeering requires an Account ID in TF_ACC_ID ")
 	}
 

From 2b60d0c6b67db1a6fa2d219941e8aa6966c34aa1 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 30 Sep 2015 15:50:21 -0700
Subject: [PATCH 084/335] Add repro test case for bug #2892

---
 terraform/context_apply_test.go               | 84 +++++++++++++++++++
 .../child/main.tf                             |  5 ++
 .../apply-destroy-cross-providers/main.tf     |  6 ++
 3 files changed, 95 insertions(+)
 create mode 100644 terraform/test-fixtures/apply-destroy-cross-providers/child/main.tf
 create mode 100644 terraform/test-fixtures/apply-destroy-cross-providers/main.tf

diff --git a/terraform/context_apply_test.go b/terraform/context_apply_test.go
index 4b2113d632..1fd069db08 100644
--- a/terraform/context_apply_test.go
+++ b/terraform/context_apply_test.go
@@ -10,6 +10,8 @@ import (
 	"sync/atomic"
 	"testing"
 	"time"
+
+	"github.com/hashicorp/terraform/config/module"
 )
 
 func TestContext2Apply(t *testing.T) {
@@ -298,6 +300,88 @@ func TestContext2Apply_destroyComputed(t *testing.T) {
 	}
 }
 
+// https://github.com/hashicorp/terraform/issues/2892
+func TestContext2Apply_destroyCrossProviders(t *testing.T) {
+	m := testModule(t, "apply-destroy-cross-providers")
+
+	p_aws := testProvider("aws")
+	p_aws.ApplyFn = testApplyFn
+	p_aws.DiffFn = testDiffFn
+
+	p_tf := testProvider("terraform")
+	p_tf.ApplyFn = testApplyFn
+	p_tf.DiffFn = testDiffFn
+
+	providers := map[string]ResourceProviderFactory{
+		"aws":       testProviderFuncFixed(p_aws),
+		"terraform": testProviderFuncFixed(p_tf),
+	}
+
+	// Bug only appears from time to time,
+	// so we run this test multiple times
+	// to check for the race-condition
+	for i := 0; i <= 10; i++ {
+		ctx := getContextForApply_destroyCrossProviders(
+			t, m, providers)
+
+		if p, err := ctx.Plan(); err != nil {
+			t.Fatalf("err: %s", err)
+		} else {
+			t.Logf(p.String())
+		}
+
+		if _, err := ctx.Apply(); err != nil {
+			t.Fatalf("err: %s", err)
+		}
+	}
+}
+
+func getContextForApply_destroyCrossProviders(
+	t *testing.T,
+	m *module.Tree,
+	providers map[string]ResourceProviderFactory) *Context {
+	state := &State{
+		Modules: []*ModuleState{
+			&ModuleState{
+				Path: rootModulePath,
+				Resources: map[string]*ResourceState{
+					"terraform_remote_state.shared": &ResourceState{
+						Type: "terraform_remote_state",
+						Primary: &InstanceState{
+							ID: "remote-2652591293",
+							Attributes: map[string]string{
+								"output.env_name": "test",
+							},
+						},
+					},
+				},
+			},
+			&ModuleState{
+				Path: []string{"root", "example"},
+				Resources: map[string]*ResourceState{
+					"aws_vpc.bar": &ResourceState{
+						Type: "aws_vpc",
+						Primary: &InstanceState{
+							ID: "vpc-aaabbb12",
+							Attributes: map[string]string{
+								"value": "test",
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	ctx := testContext2(t, &ContextOpts{
+		Module:    m,
+		Providers: providers,
+		State:     state,
+		Destroy:   true,
+	})
+
+	return ctx
+}
+
 func TestContext2Apply_minimal(t *testing.T) {
 	m := testModule(t, "apply-minimal")
 	p := testProvider("aws")
diff --git a/terraform/test-fixtures/apply-destroy-cross-providers/child/main.tf b/terraform/test-fixtures/apply-destroy-cross-providers/child/main.tf
new file mode 100644
index 0000000000..048b26dec8
--- /dev/null
+++ b/terraform/test-fixtures/apply-destroy-cross-providers/child/main.tf
@@ -0,0 +1,5 @@
+variable "value" {}
+
+resource "aws_vpc" "bar" {
+    value = "${var.value}"
+}
diff --git a/terraform/test-fixtures/apply-destroy-cross-providers/main.tf b/terraform/test-fixtures/apply-destroy-cross-providers/main.tf
new file mode 100644
index 0000000000..b0595b9e81
--- /dev/null
+++ b/terraform/test-fixtures/apply-destroy-cross-providers/main.tf
@@ -0,0 +1,6 @@
+resource "terraform_remote_state" "shared" {}
+
+module "child" {
+    source = "./child"
+    value = "${terraform_remote_state.shared.output.env_name}"
+}

From 40b04154feb5d0a9c4fddeadc52b4d2999c41ae6 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Fri, 2 Oct 2015 11:18:33 -0700
Subject: [PATCH 085/335] Add operation walkDestroy

---
 terraform/context.go                  | 6 +++++-
 terraform/evaltree_provider.go        | 4 ++--
 terraform/graph_config_node_output.go | 2 +-
 terraform/graph_walk_operation.go     | 1 +
 terraform/transform_deposed.go        | 2 +-
 terraform/transform_orphan.go         | 2 +-
 terraform/transform_output.go         | 4 ++--
 terraform/transform_provider.go       | 2 +-
 terraform/transform_resource.go       | 4 ++--
 terraform/transform_tainted.go        | 2 +-
 terraform/walkoperation_string.go     | 4 ++--
 11 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/terraform/context.go b/terraform/context.go
index be01a492a1..0f567ddf24 100644
--- a/terraform/context.go
+++ b/terraform/context.go
@@ -292,7 +292,11 @@ func (c *Context) Apply() (*State, error) {
 	}
 
 	// Do the walk
-	_, err = c.walk(graph, walkApply)
+	if c.destroy {
+		_, err = c.walk(graph, walkDestroy)
+	} else {
+		_, err = c.walk(graph, walkApply)
+	}
 
 	// Clean out any unused things
 	c.state.prune()
diff --git a/terraform/evaltree_provider.go b/terraform/evaltree_provider.go
index 99e3ccb1e0..9ec6ea0c57 100644
--- a/terraform/evaltree_provider.go
+++ b/terraform/evaltree_provider.go
@@ -71,7 +71,7 @@ func ProviderEvalTree(n string, config *config.RawConfig) EvalNode {
 
 	// Apply stuff
 	seq = append(seq, &EvalOpFilter{
-		Ops: []walkOperation{walkRefresh, walkPlan, walkApply},
+		Ops: []walkOperation{walkRefresh, walkPlan, walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalGetProvider{
@@ -98,7 +98,7 @@ func ProviderEvalTree(n string, config *config.RawConfig) EvalNode {
 	// We configure on everything but validate, since validate may
 	// not have access to all the variables.
 	seq = append(seq, &EvalOpFilter{
-		Ops: []walkOperation{walkRefresh, walkPlan, walkApply},
+		Ops: []walkOperation{walkRefresh, walkPlan, walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalConfigProvider{
diff --git a/terraform/graph_config_node_output.go b/terraform/graph_config_node_output.go
index 5b2d95fdc7..d4f00451c7 100644
--- a/terraform/graph_config_node_output.go
+++ b/terraform/graph_config_node_output.go
@@ -44,7 +44,7 @@ func (n *GraphNodeConfigOutput) DependentOn() []string {
 // GraphNodeEvalable impl.
 func (n *GraphNodeConfigOutput) EvalTree() EvalNode {
 	return &EvalOpFilter{
-		Ops: []walkOperation{walkRefresh, walkPlan, walkApply},
+		Ops: []walkOperation{walkRefresh, walkPlan, walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalWriteOutput{
diff --git a/terraform/graph_walk_operation.go b/terraform/graph_walk_operation.go
index c2143fbd83..f2de24134d 100644
--- a/terraform/graph_walk_operation.go
+++ b/terraform/graph_walk_operation.go
@@ -13,4 +13,5 @@ const (
 	walkPlanDestroy
 	walkRefresh
 	walkValidate
+	walkDestroy
 )
diff --git a/terraform/transform_deposed.go b/terraform/transform_deposed.go
index 6ae1695f0c..fa3143c3ce 100644
--- a/terraform/transform_deposed.go
+++ b/terraform/transform_deposed.go
@@ -110,7 +110,7 @@ func (n *graphNodeDeposedResource) EvalTree() EvalNode {
 	var diff *InstanceDiff
 	var err error
 	seq.Nodes = append(seq.Nodes, &EvalOpFilter{
-		Ops: []walkOperation{walkApply},
+		Ops: []walkOperation{walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalGetProvider{
diff --git a/terraform/transform_orphan.go b/terraform/transform_orphan.go
index bb381c823d..45ea050ba3 100644
--- a/terraform/transform_orphan.go
+++ b/terraform/transform_orphan.go
@@ -263,7 +263,7 @@ func (n *graphNodeOrphanResource) EvalTree() EvalNode {
 	// Apply
 	var err error
 	seq.Nodes = append(seq.Nodes, &EvalOpFilter{
-		Ops: []walkOperation{walkApply},
+		Ops: []walkOperation{walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalReadDiff{
diff --git a/terraform/transform_output.go b/terraform/transform_output.go
index 5ea48a0165..d3e839ce1c 100644
--- a/terraform/transform_output.go
+++ b/terraform/transform_output.go
@@ -62,7 +62,7 @@ func (n *graphNodeOrphanOutput) Name() string {
 
 func (n *graphNodeOrphanOutput) EvalTree() EvalNode {
 	return &EvalOpFilter{
-		Ops: []walkOperation{walkApply, walkRefresh},
+		Ops: []walkOperation{walkApply, walkDestroy, walkRefresh},
 		Node: &EvalDeleteOutput{
 			Name: n.OutputName,
 		},
@@ -90,7 +90,7 @@ func (n *graphNodeOrphanOutputFlat) Name() string {
 
 func (n *graphNodeOrphanOutputFlat) EvalTree() EvalNode {
 	return &EvalOpFilter{
-		Ops: []walkOperation{walkApply, walkRefresh},
+		Ops: []walkOperation{walkApply, walkDestroy, walkRefresh},
 		Node: &EvalDeleteOutput{
 			Name: n.OutputName,
 		},
diff --git a/terraform/transform_provider.go b/terraform/transform_provider.go
index 8a6655182b..0ea226713c 100644
--- a/terraform/transform_provider.go
+++ b/terraform/transform_provider.go
@@ -255,7 +255,7 @@ func (n *graphNodeDisabledProvider) EvalTree() EvalNode {
 	var resourceConfig *ResourceConfig
 
 	return &EvalOpFilter{
-		Ops: []walkOperation{walkInput, walkValidate, walkRefresh, walkPlan, walkApply},
+		Ops: []walkOperation{walkInput, walkValidate, walkRefresh, walkPlan, walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalInterpolate{
diff --git a/terraform/transform_resource.go b/terraform/transform_resource.go
index 0b56721b07..a52b3ba724 100644
--- a/terraform/transform_resource.go
+++ b/terraform/transform_resource.go
@@ -369,7 +369,7 @@ func (n *graphNodeExpandedResource) EvalTree() EvalNode {
 	var createNew, tainted bool
 	var createBeforeDestroyEnabled bool
 	seq.Nodes = append(seq.Nodes, &EvalOpFilter{
-		Ops: []walkOperation{walkApply},
+		Ops: []walkOperation{walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				// Get the saved diff for apply
@@ -591,7 +591,7 @@ func (n *graphNodeExpandedResourceDestroy) EvalTree() EvalNode {
 	var state *InstanceState
 	var err error
 	return &EvalOpFilter{
-		Ops: []walkOperation{walkApply},
+		Ops: []walkOperation{walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				// Get the saved diff for apply
diff --git a/terraform/transform_tainted.go b/terraform/transform_tainted.go
index fdc1ae6bc4..37e25df32a 100644
--- a/terraform/transform_tainted.go
+++ b/terraform/transform_tainted.go
@@ -114,7 +114,7 @@ func (n *graphNodeTaintedResource) EvalTree() EvalNode {
 	// Apply
 	var diff *InstanceDiff
 	seq.Nodes = append(seq.Nodes, &EvalOpFilter{
-		Ops: []walkOperation{walkApply},
+		Ops: []walkOperation{walkApply, walkDestroy},
 		Node: &EvalSequence{
 			Nodes: []EvalNode{
 				&EvalGetProvider{
diff --git a/terraform/walkoperation_string.go b/terraform/walkoperation_string.go
index 423793c3c8..1ce3661c49 100644
--- a/terraform/walkoperation_string.go
+++ b/terraform/walkoperation_string.go
@@ -4,9 +4,9 @@ package terraform
 
 import "fmt"
 
-const _walkOperation_name = "walkInvalidwalkInputwalkApplywalkPlanwalkPlanDestroywalkRefreshwalkValidate"
+const _walkOperation_name = "walkInvalidwalkInputwalkApplywalkPlanwalkPlanDestroywalkRefreshwalkValidatewalkDestroy"
 
-var _walkOperation_index = [...]uint8{0, 11, 20, 29, 37, 52, 63, 75}
+var _walkOperation_index = [...]uint8{0, 11, 20, 29, 37, 52, 63, 75, 86}
 
 func (i walkOperation) String() string {
 	if i >= walkOperation(len(_walkOperation_index)-1) {

From 3a05f0155397e5bb854c29a186486e758bf6085c Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Fri, 2 Oct 2015 11:20:09 -0700
Subject: [PATCH 086/335] Treat missing variables during destroy as unknown

---
 terraform/interpolate.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/terraform/interpolate.go b/terraform/interpolate.go
index d8e5288ec4..31c366eabc 100644
--- a/terraform/interpolate.go
+++ b/terraform/interpolate.go
@@ -342,7 +342,7 @@ func (i *Interpolater) computeResourceVariable(
 	// TODO: test by creating a state and configuration that is referencing
 	// a non-existent variable "foo.bar" where the state only has "foo"
 	// and verify plan works, but apply doesn't.
-	if i.Operation == walkApply {
+	if i.Operation == walkApply || i.Operation == walkDestroy {
 		goto MISSING
 	}
 
@@ -384,7 +384,7 @@ MISSING:
 	//
 	// For an input walk, computed values are okay to return because we're only
 	// looking for missing variables to prompt the user for.
-	if i.Operation == walkRefresh || i.Operation == walkPlanDestroy || i.Operation == walkInput {
+	if i.Operation == walkRefresh || i.Operation == walkPlanDestroy || i.Operation == walkDestroy || i.Operation == walkInput {
 		return config.UnknownVariableValue, nil
 	}
 
@@ -481,7 +481,7 @@ func (i *Interpolater) computeResourceMultiVariable(
 		//
 		// For an input walk, computed values are okay to return because we're only
 		// looking for missing variables to prompt the user for.
-		if i.Operation == walkRefresh || i.Operation == walkPlanDestroy || i.Operation == walkInput {
+		if i.Operation == walkRefresh || i.Operation == walkPlanDestroy || i.Operation == walkDestroy || i.Operation == walkInput {
 			return config.UnknownVariableValue, nil
 		}
 

From abe5189eb8d64cb1a31d6c5a23e325acd265cabb Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Sat, 3 Oct 2015 14:25:31 -0700
Subject: [PATCH 087/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 427146e2d7..e8da4d93a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ BUG FIXES:
 
   * core: Fix problems referencing list attributes in interpolations [GH-2157]
   * core: don't error on computed value during input walk [GH-2988]
+  * core: Ignore missing variables during destroy phase [GH-3393]
   * provider/google: Crashes with interface conversion in GCE Instance Template [GH-3027]
   * provider/google: Convert int to int64 when building the GKE cluster.NodeConfig struct [GH-2978]
   * provider/google: google_compute_instance_template.network_interface.network should be a URL [GH-3226]

From 641b701830d25bd9b7f243615fdc1d05be802d91 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Sat, 19 Sep 2015 19:11:49 +0100
Subject: [PATCH 088/335] schema: Make validation more strict

---
 helper/schema/resource.go      | 13 +++++++++++++
 helper/schema/resource_test.go | 30 ++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/helper/schema/resource.go b/helper/schema/resource.go
index 571fe18a60..8b3e53ad33 100644
--- a/helper/schema/resource.go
+++ b/helper/schema/resource.go
@@ -244,7 +244,20 @@ func (r *Resource) InternalValidate(topSchemaMap schemaMap) error {
 				return fmt.Errorf(
 					"No Update defined, must set ForceNew on: %#v", nonForceNewAttrs)
 			}
+		} else {
+			nonUpdateableAttrs := make([]string, 0)
+			for k, v := range r.Schema {
+				if v.ForceNew || (v.Computed && !v.Optional) {
+					nonUpdateableAttrs = append(nonUpdateableAttrs, k)
+				}
+			}
+			updateableAttrs := len(r.Schema) - len(nonUpdateableAttrs)
+			if updateableAttrs == 0 {
+				return fmt.Errorf(
+					"All fields are ForceNew or Computed w/out Optional, Update is superfluous")
+			}
 		}
+
 		tsm = schemaMap(r.Schema)
 	}
 
diff --git a/helper/schema/resource_test.go b/helper/schema/resource_test.go
index e35979eb2f..3604322e75 100644
--- a/helper/schema/resource_test.go
+++ b/helper/schema/resource_test.go
@@ -335,6 +335,36 @@ func TestResourceInternalValidate(t *testing.T) {
 			},
 			true,
 		},
+
+		// Update undefined for non-ForceNew field
+		{
+			&Resource{
+				Create: func(d *ResourceData, meta interface{}) error { return nil },
+				Schema: map[string]*Schema{
+					"boo": &Schema{
+						Type:     TypeInt,
+						Optional: true,
+					},
+				},
+			},
+			true,
+		},
+
+		// Update defined for ForceNew field
+		{
+			&Resource{
+				Create: func(d *ResourceData, meta interface{}) error { return nil },
+				Update: func(d *ResourceData, meta interface{}) error { return nil },
+				Schema: map[string]*Schema{
+					"goo": &Schema{
+						Type:     TypeInt,
+						Optional: true,
+						ForceNew: true,
+					},
+				},
+			},
+			true,
+		},
 	}
 
 	for i, tc := range cases {

From 9cbcb9a438f8f2b178abd3fcfb738b72035d27fd Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Sat, 19 Sep 2015 22:37:14 +0100
Subject: [PATCH 089/335] Remove no-op Updates from resource schemas

---
 builtin/providers/atlas/resource_artifact.go         |  1 -
 .../aws/resource_aws_app_cookie_stickiness_policy.go |  2 --
 .../aws/resource_aws_lb_cookie_stickiness_policy.go  |  2 --
 .../providers/aws/resource_aws_s3_bucket_object.go   |  1 -
 .../providers/aws/resource_vpn_connection_route.go   |  2 --
 .../providers/azure/resource_azure_storage_blob.go   | 12 ------------
 .../google/resource_storage_bucket_object.go         |  9 +--------
 builtin/providers/null/resource.go                   |  5 -----
 8 files changed, 1 insertion(+), 33 deletions(-)

diff --git a/builtin/providers/atlas/resource_artifact.go b/builtin/providers/atlas/resource_artifact.go
index f4d264a8aa..b9ed5aea09 100644
--- a/builtin/providers/atlas/resource_artifact.go
+++ b/builtin/providers/atlas/resource_artifact.go
@@ -19,7 +19,6 @@ func resourceArtifact() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceArtifactRead,
 		Read:   resourceArtifactRead,
-		Update: resourceArtifactRead,
 		Delete: resourceArtifactDelete,
 
 		Schema: map[string]*schema.Schema{
diff --git a/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go b/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go
index 3f7e1bf7ff..7220643fee 100644
--- a/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go
+++ b/builtin/providers/aws/resource_aws_app_cookie_stickiness_policy.go
@@ -15,8 +15,6 @@ func resourceAwsAppCookieStickinessPolicy() *schema.Resource {
 		// There is no concept of "updating" an App Stickiness policy in
 		// the AWS API.
 		Create: resourceAwsAppCookieStickinessPolicyCreate,
-		Update: resourceAwsAppCookieStickinessPolicyCreate,
-
 		Read:   resourceAwsAppCookieStickinessPolicyRead,
 		Delete: resourceAwsAppCookieStickinessPolicyDelete,
 
diff --git a/builtin/providers/aws/resource_aws_lb_cookie_stickiness_policy.go b/builtin/providers/aws/resource_aws_lb_cookie_stickiness_policy.go
index 50c6186de1..bed01aadd7 100644
--- a/builtin/providers/aws/resource_aws_lb_cookie_stickiness_policy.go
+++ b/builtin/providers/aws/resource_aws_lb_cookie_stickiness_policy.go
@@ -15,8 +15,6 @@ func resourceAwsLBCookieStickinessPolicy() *schema.Resource {
 		// There is no concept of "updating" an LB Stickiness policy in
 		// the AWS API.
 		Create: resourceAwsLBCookieStickinessPolicyCreate,
-		Update: resourceAwsLBCookieStickinessPolicyCreate,
-
 		Read:   resourceAwsLBCookieStickinessPolicyRead,
 		Delete: resourceAwsLBCookieStickinessPolicyDelete,
 
diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 9d46952d07..5ecbef0132 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -16,7 +16,6 @@ func resourceAwsS3BucketObject() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsS3BucketObjectPut,
 		Read:   resourceAwsS3BucketObjectRead,
-		Update: resourceAwsS3BucketObjectPut,
 		Delete: resourceAwsS3BucketObjectDelete,
 
 		Schema: map[string]*schema.Schema{
diff --git a/builtin/providers/aws/resource_vpn_connection_route.go b/builtin/providers/aws/resource_vpn_connection_route.go
index 580ecff194..e6863f7215 100644
--- a/builtin/providers/aws/resource_vpn_connection_route.go
+++ b/builtin/providers/aws/resource_vpn_connection_route.go
@@ -17,8 +17,6 @@ func resourceAwsVpnConnectionRoute() *schema.Resource {
 		// You can't update a route. You can just delete one and make
 		// a new one.
 		Create: resourceAwsVpnConnectionRouteCreate,
-		Update: resourceAwsVpnConnectionRouteCreate,
-
 		Read:   resourceAwsVpnConnectionRouteRead,
 		Delete: resourceAwsVpnConnectionRouteDelete,
 
diff --git a/builtin/providers/azure/resource_azure_storage_blob.go b/builtin/providers/azure/resource_azure_storage_blob.go
index 4e870e0ad3..9a3dca1a97 100644
--- a/builtin/providers/azure/resource_azure_storage_blob.go
+++ b/builtin/providers/azure/resource_azure_storage_blob.go
@@ -13,7 +13,6 @@ func resourceAzureStorageBlob() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAzureStorageBlobCreate,
 		Read:   resourceAzureStorageBlobRead,
-		Update: resourceAzureStorageBlobUpdate,
 		Exists: resourceAzureStorageBlobExists,
 		Delete: resourceAzureStorageBlobDelete,
 
@@ -122,17 +121,6 @@ func resourceAzureStorageBlobRead(d *schema.ResourceData, meta interface{}) erro
 	return nil
 }
 
-// resourceAzureStorageBlobUpdate does all the necessary API calls to
-// update a blob on Azure.
-func resourceAzureStorageBlobUpdate(d *schema.ResourceData, meta interface{}) error {
-	// NOTE: although empty as most parameters have ForceNew set; this is
-	// still required in case of changes to the storage_service_key
-
-	// run the ExistsFunc beforehand to ensure the resource's existence nonetheless:
-	_, err := resourceAzureStorageBlobExists(d, meta)
-	return err
-}
-
 // resourceAzureStorageBlobExists does all the necessary API calls to
 // check for the existence of the blob on Azure.
 func resourceAzureStorageBlobExists(d *schema.ResourceData, meta interface{}) (bool, error) {
diff --git a/builtin/providers/google/resource_storage_bucket_object.go b/builtin/providers/google/resource_storage_bucket_object.go
index cd5fe7d9c1..bd8e4f04d2 100644
--- a/builtin/providers/google/resource_storage_bucket_object.go
+++ b/builtin/providers/google/resource_storage_bucket_object.go
@@ -1,8 +1,8 @@
 package google
 
 import (
-	"os"
 	"fmt"
+	"os"
 
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -13,7 +13,6 @@ func resourceStorageBucketObject() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceStorageBucketObjectCreate,
 		Read:   resourceStorageBucketObjectRead,
-		Update: resourceStorageBucketObjectUpdate,
 		Delete: resourceStorageBucketObjectDelete,
 
 		Schema: map[string]*schema.Schema{
@@ -107,12 +106,6 @@ func resourceStorageBucketObjectRead(d *schema.ResourceData, meta interface{}) e
 	return nil
 }
 
-func resourceStorageBucketObjectUpdate(d *schema.ResourceData, meta interface{}) error {
-	// The Cloud storage API doesn't support updating object data contents,
-	// only metadata. So once we implement metadata we'll have work to do here
-	return nil
-}
-
 func resourceStorageBucketObjectDelete(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
diff --git a/builtin/providers/null/resource.go b/builtin/providers/null/resource.go
index 0badf346cd..ad56ba4bdc 100644
--- a/builtin/providers/null/resource.go
+++ b/builtin/providers/null/resource.go
@@ -16,7 +16,6 @@ func resource() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceCreate,
 		Read:   resourceRead,
-		Update: resourceUpdate,
 		Delete: resourceDelete,
 
 		Schema: map[string]*schema.Schema{},
@@ -32,10 +31,6 @@ func resourceRead(d *schema.ResourceData, meta interface{}) error {
 	return nil
 }
 
-func resourceUpdate(d *schema.ResourceData, meta interface{}) error {
-	return nil
-}
-
 func resourceDelete(d *schema.ResourceData, meta interface{}) error {
 	d.SetId("")
 	return nil

From c3d15a2336d783e4f73c4c81c20bf076cb5bd848 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 14:49:50 -0700
Subject: [PATCH 090/335] Docs for base64 interpolation functions.

---
 website/source/docs/configuration/interpolation.html.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/website/source/docs/configuration/interpolation.html.md b/website/source/docs/configuration/interpolation.html.md
index f4730acd6a..ff47202d8b 100644
--- a/website/source/docs/configuration/interpolation.html.md
+++ b/website/source/docs/configuration/interpolation.html.md
@@ -74,6 +74,12 @@ are documented below.
 
 The supported built-in functions are:
 
+  * `base64dec(string)` - Given a base64-encoded string, decodes it and
+    returns the original string.
+
+  * `base64enc(string)` - Returns a base64-encoded representation of the
+    given string.
+
   * `concat(list1, list2)` - Combines two or more lists into a single list.
      Example: `concat(aws_instance.db.*.tags.Name, aws_instance.web.*.tags.Name)`
 

From 0b85d35e87f26fd2ffdd241ed45a29f8277ab019 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 15:12:51 -0700
Subject: [PATCH 091/335] Rename base64enc/dec to encode/decode.

There isn't any precedent for abbreviating words in the interpolation
function names, and it may not be clear to all users what "enc" and "dec"
are short for, so instead we'll prefer to spell out the whole words for
improved readability.
---
 config/interpolate_funcs.go                   | 32 +++++++++----------
 config/interpolate_funcs_test.go              |  6 ++--
 .../docs/configuration/interpolation.html.md  |  4 +--
 3 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index 4778f1ec6a..abaa9817c1 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -20,18 +20,18 @@ var Funcs map[string]ast.Function
 
 func init() {
 	Funcs = map[string]ast.Function{
-		"concat":     interpolationFuncConcat(),
-		"element":    interpolationFuncElement(),
-		"file":       interpolationFuncFile(),
-		"format":     interpolationFuncFormat(),
-		"formatlist": interpolationFuncFormatList(),
-		"index":      interpolationFuncIndex(),
-		"join":       interpolationFuncJoin(),
-		"length":     interpolationFuncLength(),
-		"replace":    interpolationFuncReplace(),
-		"split":      interpolationFuncSplit(),
-		"base64enc":  interpolationFuncBase64Encode(),
-		"base64dec":  interpolationFuncBase64Decode(),
+		"concat":       interpolationFuncConcat(),
+		"element":      interpolationFuncElement(),
+		"file":         interpolationFuncFile(),
+		"format":       interpolationFuncFormat(),
+		"formatlist":   interpolationFuncFormatList(),
+		"index":        interpolationFuncIndex(),
+		"join":         interpolationFuncJoin(),
+		"length":       interpolationFuncLength(),
+		"replace":      interpolationFuncReplace(),
+		"split":        interpolationFuncSplit(),
+		"base64encode": interpolationFuncBase64Encode(),
+		"base64decode": interpolationFuncBase64Decode(),
 	}
 }
 
@@ -396,8 +396,8 @@ func interpolationFuncValues(vs map[string]ast.Variable) ast.Function {
 	}
 }
 
-// interpolationFuncBase64Encode implements the "base64enc" function that allows
-// Base64 encoding.
+// interpolationFuncBase64Encode implements the "base64encode" function that
+// allows Base64 encoding.
 func interpolationFuncBase64Encode() ast.Function {
 	return ast.Function{
 		ArgTypes:   []ast.Type{ast.TypeString},
@@ -409,8 +409,8 @@ func interpolationFuncBase64Encode() ast.Function {
 	}
 }
 
-// interpolationFuncBase64Decode implements the "base64dec" function that allows
-// Base64 decoding.
+// interpolationFuncBase64Decode implements the "base64decode" function that
+// allows Base64 decoding.
 func interpolationFuncBase64Decode() ast.Function {
 	return ast.Function{
 		ArgTypes:   []ast.Type{ast.TypeString},
diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index 773f92c99c..e4d275e580 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -589,7 +589,7 @@ func TestInterpolateFuncBase64Encode(t *testing.T) {
 		Cases: []testFunctionCase{
 			// Regular base64 encoding
 			{
-				`${base64enc("abc123!?$*&()'-=@~")}`,
+				`${base64encode("abc123!?$*&()'-=@~")}`,
 				"YWJjMTIzIT8kKiYoKSctPUB+",
 				false,
 			},
@@ -602,14 +602,14 @@ func TestInterpolateFuncBase64Decode(t *testing.T) {
 		Cases: []testFunctionCase{
 			// Regular base64 decoding
 			{
-				`${base64dec("YWJjMTIzIT8kKiYoKSctPUB+")}`,
+				`${base64decode("YWJjMTIzIT8kKiYoKSctPUB+")}`,
 				"abc123!?$*&()'-=@~",
 				false,
 			},
 
 			// Invalid base64 data decoding
 			{
-				`${base64dec("this-is-an-invalid-base64-data")}`,
+				`${base64decode("this-is-an-invalid-base64-data")}`,
 				nil,
 				true,
 			},
diff --git a/website/source/docs/configuration/interpolation.html.md b/website/source/docs/configuration/interpolation.html.md
index ff47202d8b..2e8eec5b69 100644
--- a/website/source/docs/configuration/interpolation.html.md
+++ b/website/source/docs/configuration/interpolation.html.md
@@ -74,10 +74,10 @@ are documented below.
 
 The supported built-in functions are:
 
-  * `base64dec(string)` - Given a base64-encoded string, decodes it and
+  * `base64decode(string)` - Given a base64-encoded string, decodes it and
     returns the original string.
 
-  * `base64enc(string)` - Returns a base64-encoded representation of the
+  * `base64encode(string)` - Returns a base64-encoded representation of the
     given string.
 
   * `concat(list1, list2)` - Combines two or more lists into a single list.

From b92f50ed1b3a0b4661bed285f3fdc1a5a55624a5 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 16:02:32 -0700
Subject: [PATCH 092/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d2777ae0ee..f049151c5c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@ BUG FIXES:
       by AWS [GH-3120]
   * provider/aws: Read instance source_dest_check and save to state [GH-3152]
   * provider/aws: Allow `weight = 0` in Route53 records [GH-3196]
+  * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
   * provider/openstack: remove security groups (by name) before adding security

From 9b4a85ebd03cdd45057c3002bd401abcbd9dc293 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 17:18:28 -0700
Subject: [PATCH 093/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f049151c5c..5daeda740c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,6 +49,10 @@ BUG FIXES:
   * provider/openstack: remove security groups (by name) before adding security
       groups (by id) [GH-2008]
 
+INTERNAL IMPROVEMENTS:
+
+  * helper/schema: Don't allow ``Update`` func if no attributes can actually be updated, per schema.
+
 ## 0.6.3 (August 11, 2015)
 
 BUG FIXES:

From 0ee282bbc24c74115e07513b1224c014fdffa664 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 17:32:13 -0700
Subject: [PATCH 094/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5daeda740c..98d1e03fe3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ FEATURES:
   * **New resources: `aws_cloudwatch_log_group`** [GH-2415]
   * **New resource: `google_storage_bucket_object`** [GH-3192]
   * **New resources: `google_compute_vpn_gateway`, `google_compute_vpn_tunnel`** [GH-3213]
+  * **New resource: `aws_iam_saml_provider`** [GH-3156]
 
 IMPROVEMENTS:
 

From c3a6c050a28cde2ae05a547d04738a51343a150c Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 17:43:41 -0700
Subject: [PATCH 095/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 98d1e03fe3..8a24800448 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ IMPROVEMENTS:
   * provider/aws: Add `versioning` option to `aws_s3_bucket` [GH-2942]
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
+  * remote/s3: Allow canned ACLs to be set on state objects. [GH-3233]
 
 BUG FIXES:
 

From 53f1edc28c40211de938396d6a05d31cbda914e8 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 3 Oct 2015 17:56:46 -0700
Subject: [PATCH 096/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a24800448..907e9d9364 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -54,6 +54,7 @@ BUG FIXES:
 INTERNAL IMPROVEMENTS:
 
   * helper/schema: Don't allow ``Update`` func if no attributes can actually be updated, per schema.
+  * helper/multierror: Remove in favor of [github.com/hashicorp/go-multierror](http://github.com/hashicorp/go-multierror).
 
 ## 0.6.3 (August 11, 2015)
 

From ccc8f0d0fbe7a5441f1539275de542823dd71a22 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Thu, 1 Oct 2015 15:14:55 -0700
Subject: [PATCH 097/335] S3 remote state use application/json Content-Type.

The state is always JSON, in spite of the fact that this interface
presents it as an opaque byte array. It's more helpful to those interacting
with the state object outside of Terraform for it to have a more specific
content-type.
---
 state/remote/s3.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/state/remote/s3.go b/state/remote/s3.go
index 26330d1126..bdc6a63cf9 100644
--- a/state/remote/s3.go
+++ b/state/remote/s3.go
@@ -133,7 +133,7 @@ func (c *S3Client) Get() (*Payload, error) {
 }
 
 func (c *S3Client) Put(data []byte) error {
-	contentType := "application/octet-stream"
+	contentType := "application/json"
 	contentLength := int64(len(data))
 
 	i := &s3.PutObjectInput{

From e849ec3af5bb291c73bbaf82727ceb74e48d4471 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Thu, 1 Oct 2015 14:43:08 -0700
Subject: [PATCH 098/335] Example for the command arg on docker_container.

For those accustomed to running commands via a shell it may not be clear
why this argument is a list and what the elements of that list should be.
Hopefully giving an example will help people understand what is expected.

This is in response to the misunderstanding discovered in #3011.
---
 website/source/docs/providers/docker/r/container.html.markdown | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/providers/docker/r/container.html.markdown b/website/source/docs/providers/docker/r/container.html.markdown
index 5653f139ad..ee10ab6e61 100644
--- a/website/source/docs/providers/docker/r/container.html.markdown
+++ b/website/source/docs/providers/docker/r/container.html.markdown
@@ -35,7 +35,8 @@ The following arguments are supported:
   as is shown in the example above.
 
 * `command` - (Optional, list of strings) The command to use to start the
-    container.
+    container. For example, to run `/usr/bin/myprogram -f baz.conf` set the
+    command to be `["/usr/bin/myprogram", "-f", "baz.conf"]`.
 * `dns` - (Optional, set of strings) Set of DNS servers.
 * `env` - (Optional, set of strings) Environmental variables to set.
 * `links` - (Optional, set of strings) Set of links for link based

From cc8e8a55de4ca3d2aaeaa8c3af64904740046ef9 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Mon, 17 Aug 2015 19:26:58 -0700
Subject: [PATCH 099/335] helper/schema: Default hashing function for sets

A common issue with new resource implementations is not considering parts
of a complex structure that's used inside a set, which causes quirky
behavior.

The schema helper has enough information to provide a default reasonable
implementation of a set function that includes all non-computed attributes
in a deterministic way. Here we implement such a function and use it
when no explicit hashing function is provided.

In order to achieve this we encapsulate the construction of the zero
value for a schema in a new method schema.ZeroValue, which allows us to
put the fallback logic to the new default function in a single spot.
It is no longer valid to use &Set{F: schema.Set} and all uses of that
construct should be replaced with schema.ZeroValue().(*Set) .
---
 helper/schema/field_reader.go        |  10 +-
 helper/schema/field_reader_config.go |   2 +-
 helper/schema/field_reader_diff.go   |   2 +-
 helper/schema/field_reader_map.go    |   2 +-
 helper/schema/schema.go              |  32 +++-
 helper/schema/schema_test.go         |   2 +-
 helper/schema/serialize.go           | 105 +++++++++++++
 helper/schema/serialize_test.go      | 214 +++++++++++++++++++++++++++
 helper/schema/set.go                 |  23 +++
 9 files changed, 374 insertions(+), 18 deletions(-)
 create mode 100644 helper/schema/serialize.go
 create mode 100644 helper/schema/serialize_test.go

diff --git a/helper/schema/field_reader.go b/helper/schema/field_reader.go
index fc2a1e0902..c3a6c76fa0 100644
--- a/helper/schema/field_reader.go
+++ b/helper/schema/field_reader.go
@@ -38,15 +38,7 @@ func (r *FieldReadResult) ValueOrZero(s *Schema) interface{} {
 		return r.Value
 	}
 
-	result := s.Type.Zero()
-
-	// The zero value of a set is nil, but we want it
-	// to actually be an empty set object...
-	if set, ok := result.(*Set); ok && set.F == nil {
-		set.F = s.Set
-	}
-
-	return result
+	return s.ZeroValue()
 }
 
 // addrToSchema finds the final element schema for the given address
diff --git a/helper/schema/field_reader_config.go b/helper/schema/field_reader_config.go
index 69b63eac74..76aeed2bd8 100644
--- a/helper/schema/field_reader_config.go
+++ b/helper/schema/field_reader_config.go
@@ -201,7 +201,7 @@ func (r *ConfigFieldReader) readSet(
 	address []string, schema *Schema) (FieldReadResult, map[int]int, error) {
 	indexMap := make(map[int]int)
 	// Create the set that will be our result
-	set := &Set{F: schema.Set}
+	set := schema.ZeroValue().(*Set)
 
 	raw, err := readListField(&nestedConfigFieldReader{r}, address, schema)
 	if err != nil {
diff --git a/helper/schema/field_reader_diff.go b/helper/schema/field_reader_diff.go
index e17a6685ec..dcb379436e 100644
--- a/helper/schema/field_reader_diff.go
+++ b/helper/schema/field_reader_diff.go
@@ -141,7 +141,7 @@ func (r *DiffFieldReader) readSet(
 	prefix := strings.Join(address, ".") + "."
 
 	// Create the set that will be our result
-	set := &Set{F: schema.Set}
+	set := schema.ZeroValue().(*Set)
 
 	// Go through the map and find all the set items
 	for k, d := range r.Diff.Attributes {
diff --git a/helper/schema/field_reader_map.go b/helper/schema/field_reader_map.go
index 6dc76c4740..feb3fcc0a7 100644
--- a/helper/schema/field_reader_map.go
+++ b/helper/schema/field_reader_map.go
@@ -105,7 +105,7 @@ func (r *MapFieldReader) readSet(
 	}
 
 	// Create the set that will be our result
-	set := &Set{F: schema.Set}
+	set := schema.ZeroValue().(*Set)
 
 	// If we have an empty list, then return an empty list
 	if countRaw.Computed || countRaw.Value.(int) == 0 {
diff --git a/helper/schema/schema.go b/helper/schema/schema.go
index 59a3260fb9..da0bb38b3a 100644
--- a/helper/schema/schema.go
+++ b/helper/schema/schema.go
@@ -207,6 +207,30 @@ func (s *Schema) DefaultValue() (interface{}, error) {
 	return nil, nil
 }
 
+// Returns a zero value for the schema.
+func (s *Schema) ZeroValue() interface{} {
+	// If it's a set then we'll do a bit of extra work to provide the
+	// right hashing function in our empty value.
+	if s.Type == TypeSet {
+		setFunc := s.Set
+		if setFunc == nil {
+			// Default set function uses the schema to hash the whole value
+			elem := s.Elem
+			switch t := elem.(type) {
+			case *Schema:
+				setFunc = HashSchema(t)
+			case *Resource:
+				setFunc = HashResource(t)
+			default:
+				panic("invalid set element type")
+			}
+		}
+		return &Set{F: setFunc}
+	} else {
+		return s.Type.Zero()
+	}
+}
+
 func (s *Schema) finalizeDiff(
 	d *terraform.ResourceAttrDiff) *terraform.ResourceAttrDiff {
 	if d == nil {
@@ -496,10 +520,8 @@ func (m schemaMap) InternalValidate(topSchemaMap schemaMap) error {
 				return fmt.Errorf("%s: Default is not valid for lists or sets", k)
 			}
 
-			if v.Type == TypeList && v.Set != nil {
+			if v.Type != TypeSet && v.Set != nil {
 				return fmt.Errorf("%s: Set can only be set for TypeSet", k)
-			} else if v.Type == TypeSet && v.Set == nil {
-				return fmt.Errorf("%s: Set must be set", k)
 			}
 
 			switch t := v.Elem.(type) {
@@ -782,10 +804,10 @@ func (m schemaMap) diffSet(
 	}
 
 	if o == nil {
-		o = &Set{F: schema.Set}
+		o = schema.ZeroValue().(*Set)
 	}
 	if n == nil {
-		n = &Set{F: schema.Set}
+		n = schema.ZeroValue().(*Set)
 	}
 	os := o.(*Set)
 	ns := n.(*Set)
diff --git a/helper/schema/schema_test.go b/helper/schema/schema_test.go
index 83aa72a5ca..404d7286cf 100644
--- a/helper/schema/schema_test.go
+++ b/helper/schema/schema_test.go
@@ -2789,7 +2789,7 @@ func TestSchemaMap_InternalValidate(t *testing.T) {
 					Optional: true,
 				},
 			},
-			true,
+			false,
 		},
 
 		// Required but computed
diff --git a/helper/schema/serialize.go b/helper/schema/serialize.go
new file mode 100644
index 0000000000..78f5bfbd6a
--- /dev/null
+++ b/helper/schema/serialize.go
@@ -0,0 +1,105 @@
+package schema
+
+import (
+	"bytes"
+	"sort"
+	"strconv"
+)
+
+func SerializeValueForHash(buf *bytes.Buffer, val interface{}, schema *Schema) {
+	if val == nil {
+		buf.WriteRune(';')
+		return
+	}
+
+	switch schema.Type {
+	case TypeBool:
+		if val.(bool) {
+			buf.WriteRune('1')
+		} else {
+			buf.WriteRune('0')
+		}
+	case TypeInt:
+		buf.WriteString(strconv.Itoa(val.(int)))
+	case TypeFloat:
+		buf.WriteString(strconv.FormatFloat(val.(float64), 'g', -1, 64))
+	case TypeString:
+		buf.WriteString(val.(string))
+	case TypeList:
+		buf.WriteRune('(')
+		l := val.([]interface{})
+		for _, innerVal := range l {
+			serializeCollectionMemberForHash(buf, innerVal, schema.Elem)
+		}
+		buf.WriteRune(')')
+	case TypeMap:
+		m := val.(map[string]interface{})
+		var keys []string
+		for k := range m {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		buf.WriteRune('[')
+		for _, k := range keys {
+			innerVal := m[k]
+			buf.WriteString(k)
+			buf.WriteRune(':')
+			serializeCollectionMemberForHash(buf, innerVal, schema.Elem)
+		}
+		buf.WriteRune(']')
+	case TypeSet:
+		buf.WriteRune('{')
+		s := val.(*Set)
+		for _, innerVal := range s.List() {
+			serializeCollectionMemberForHash(buf, innerVal, schema.Elem)
+		}
+		buf.WriteRune('}')
+	default:
+		panic("unknown schema type to serialize")
+	}
+	buf.WriteRune(';')
+}
+
+// SerializeValueForHash appends a serialization of the given resource config
+// to the given buffer, guaranteeing deterministic results given the same value
+// and schema.
+//
+// Its primary purpose is as input into a hashing function in order
+// to hash complex substructures when used in sets, and so the serialization
+// is not reversible.
+func SerializeResourceForHash(buf *bytes.Buffer, val interface{}, resource *Resource) {
+	sm := resource.Schema
+	m := val.(map[string]interface{})
+	var keys []string
+	for k := range sm {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+	for _, k := range keys {
+		innerSchema := sm[k]
+		// Skip attributes that are not user-provided. Computed attributes
+		// do not contribute to the hash since their ultimate value cannot
+		// be known at plan/diff time.
+		if !(innerSchema.Required || innerSchema.Optional) {
+			continue
+		}
+
+		buf.WriteString(k)
+		buf.WriteRune(':')
+		innerVal := m[k]
+		SerializeValueForHash(buf, innerVal, innerSchema)
+	}
+}
+
+func serializeCollectionMemberForHash(buf *bytes.Buffer, val interface{}, elem interface{}) {
+	switch tElem := elem.(type) {
+	case *Schema:
+		SerializeValueForHash(buf, val, tElem)
+	case *Resource:
+		buf.WriteRune('<')
+		SerializeResourceForHash(buf, val, tElem)
+		buf.WriteString(">;")
+	default:
+		panic("invalid element type")
+	}
+}
diff --git a/helper/schema/serialize_test.go b/helper/schema/serialize_test.go
new file mode 100644
index 0000000000..7fe9e20bf2
--- /dev/null
+++ b/helper/schema/serialize_test.go
@@ -0,0 +1,214 @@
+package schema
+
+import (
+	"bytes"
+	"testing"
+)
+
+func TestSerializeForHash(t *testing.T) {
+	type testCase struct {
+		Schema   interface{}
+		Value    interface{}
+		Expected string
+	}
+
+	tests := []testCase{
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeInt,
+			},
+			Value:    0,
+			Expected: "0;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeInt,
+			},
+			Value:    200,
+			Expected: "200;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeBool,
+			},
+			Value:    true,
+			Expected: "1;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeBool,
+			},
+			Value:    false,
+			Expected: "0;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeFloat,
+			},
+			Value:    1.0,
+			Expected: "1;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeFloat,
+			},
+			Value:    1.54,
+			Expected: "1.54;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeFloat,
+			},
+			Value:    0.1,
+			Expected: "0.1;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeString,
+			},
+			Value:    "hello",
+			Expected: "hello;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeString,
+			},
+			Value:    "1",
+			Expected: "1;",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeList,
+				Elem: &Schema{
+					Type: TypeString,
+				},
+			},
+			Value:    []interface{}{},
+			Expected: "();",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeList,
+				Elem: &Schema{
+					Type: TypeString,
+				},
+			},
+			Value:    []interface{}{"hello", "world"},
+			Expected: "(hello;world;);",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeList,
+				Elem: &Resource{
+					Schema: map[string]*Schema{
+						"fo": &Schema{
+							Type:     TypeString,
+							Required: true,
+						},
+						"fum": &Schema{
+							Type:     TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
+			Value: []interface{}{
+				map[string]interface{}{
+					"fo": "bar",
+				},
+				map[string]interface{}{
+					"fo":  "baz",
+					"fum": "boz",
+				},
+			},
+			Expected: "(<fo:bar;fum:;>;<fo:baz;fum:boz;>;);",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeSet,
+				Elem: &Schema{
+					Type: TypeString,
+				},
+			},
+			Value: NewSet(func(i interface{}) int { return len(i.(string)) }, []interface{}{
+				"hello",
+				"woo",
+			}),
+			Expected: "{woo;hello;};",
+		},
+
+		testCase{
+			Schema: &Schema{
+				Type: TypeMap,
+				Elem: &Schema{
+					Type: TypeString,
+				},
+			},
+			Value: map[string]interface{}{
+				"foo": "bar",
+				"baz": "foo",
+			},
+			Expected: "[baz:foo;foo:bar;];",
+		},
+
+		testCase{
+			Schema: &Resource{
+				Schema: map[string]*Schema{
+					"name": &Schema{
+						Type:     TypeString,
+						Required: true,
+					},
+					"size": &Schema{
+						Type:     TypeInt,
+						Optional: true,
+					},
+					"green": &Schema{
+						Type:     TypeBool,
+						Optional: true,
+						Computed: true,
+					},
+					"upside_down": &Schema{
+						Type:     TypeBool,
+						Computed: true,
+					},
+				},
+			},
+			Value: map[string]interface{}{
+				"name":  "my-fun-database",
+				"size":  12,
+				"green": true,
+			},
+			Expected: "green:1;name:my-fun-database;size:12;",
+		},
+	}
+
+	for _, test := range tests {
+		var gotBuf bytes.Buffer
+		schema := test.Schema
+
+		switch s := schema.(type) {
+		case *Schema:
+			SerializeValueForHash(&gotBuf, test.Value, s)
+		case *Resource:
+			SerializeResourceForHash(&gotBuf, test.Value, s)
+		}
+
+		got := gotBuf.String()
+		if got != test.Expected {
+			t.Errorf("hash(%#v) got %#v, but want %#v", test.Value, got, test.Expected)
+		}
+	}
+}
diff --git a/helper/schema/set.go b/helper/schema/set.go
index 8d21866df2..e070a1eb9f 100644
--- a/helper/schema/set.go
+++ b/helper/schema/set.go
@@ -1,6 +1,7 @@
 package schema
 
 import (
+	"bytes"
 	"fmt"
 	"reflect"
 	"sort"
@@ -15,6 +16,28 @@ func HashString(v interface{}) int {
 	return hashcode.String(v.(string))
 }
 
+// HashResource hashes complex structures that are described using
+// a *Resource. This is the default set implementation used when a set's
+// element type is a full resource.
+func HashResource(resource *Resource) SchemaSetFunc {
+	return func(v interface{}) int {
+		var buf bytes.Buffer
+		SerializeResourceForHash(&buf, v, resource)
+		return hashcode.String(buf.String())
+	}
+}
+
+// HashSchema hashes values that are described using a *Schema. This is the
+// default set implementation used when a set's element type is a single
+// schema.
+func HashSchema(schema *Schema) SchemaSetFunc {
+	return func(v interface{}) int {
+		var buf bytes.Buffer
+		SerializeValueForHash(&buf, v, schema)
+		return hashcode.String(buf.String())
+	}
+}
+
 // Set is a set data structure that is returned for elements of type
 // TypeSet.
 type Set struct {

From cd96b8a7fc3b1d6a2bed5036011c4694ba079fe2 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 2 Jun 2015 21:19:50 +0100
Subject: [PATCH 100/335] provider/aws: Add efs_file_system

---
 builtin/providers/aws/config.go               |   5 +
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_efs_file_system.go       | 165 ++++++++++++++++++
 .../aws/resource_aws_efs_file_system_test.go  | 133 ++++++++++++++
 builtin/providers/aws/tagsEFS.go              |  94 ++++++++++
 builtin/providers/aws/tagsEFS_test.go         |  85 +++++++++
 6 files changed, 483 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_efs_file_system.go
 create mode 100644 builtin/providers/aws/resource_aws_efs_file_system_test.go
 create mode 100644 builtin/providers/aws/tagsEFS.go
 create mode 100644 builtin/providers/aws/tagsEFS_test.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index 8f94430d24..f462810fc1 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -16,6 +16,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/dynamodb"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ecs"
+	"github.com/aws/aws-sdk-go/service/efs"
 	"github.com/aws/aws-sdk-go/service/elasticache"
 	"github.com/aws/aws-sdk-go/service/elb"
 	"github.com/aws/aws-sdk-go/service/iam"
@@ -47,6 +48,7 @@ type AWSClient struct {
 	dynamodbconn       *dynamodb.DynamoDB
 	ec2conn            *ec2.EC2
 	ecsconn            *ecs.ECS
+	efsconn            *efs.EFS
 	elbconn            *elb.ELB
 	autoscalingconn    *autoscaling.AutoScaling
 	s3conn             *s3.S3
@@ -140,6 +142,9 @@ func (c *Config) Client() (interface{}, error) {
 		log.Println("[INFO] Initializing ECS Connection")
 		client.ecsconn = ecs.New(awsConfig)
 
+		log.Println("[INFO] Initializing EFS Connection")
+		client.efsconn = efs.New(awsConfig)
+
 		// aws-sdk-go uses v4 for signing requests, which requires all global
 		// endpoints to use 'us-east-1'.
 		// See http://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 8596b844e5..f57cd47ea0 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -175,6 +175,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_ecs_cluster":                  resourceAwsEcsCluster(),
 			"aws_ecs_service":                  resourceAwsEcsService(),
 			"aws_ecs_task_definition":          resourceAwsEcsTaskDefinition(),
+			"aws_efs_file_system":              resourceAwsEfsFileSystem(),
 			"aws_eip":                          resourceAwsEip(),
 			"aws_elasticache_cluster":          resourceAwsElasticacheCluster(),
 			"aws_elasticache_parameter_group":  resourceAwsElasticacheParameterGroup(),
diff --git a/builtin/providers/aws/resource_aws_efs_file_system.go b/builtin/providers/aws/resource_aws_efs_file_system.go
new file mode 100644
index 0000000000..4beae81e02
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_efs_file_system.go
@@ -0,0 +1,165 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/efs"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsEfsFileSystem() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsEfsFileSystemCreate,
+		Read:   resourceAwsEfsFileSystemRead,
+		Update: resourceAwsEfsFileSystemUpdate,
+		Delete: resourceAwsEfsFileSystemDelete,
+
+		Schema: map[string]*schema.Schema{
+			"reference_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"tags": tagsSchema(),
+		},
+	}
+}
+
+func resourceAwsEfsFileSystemCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+
+	referenceName := ""
+	if v, ok := d.GetOk("reference_name"); ok {
+		referenceName = v.(string) + "-"
+	}
+	token := referenceName + resource.UniqueId()
+	fs, err := conn.CreateFileSystem(&efs.CreateFileSystemInput{
+		CreationToken: aws.String(token),
+	})
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Creating EFS file system: %s", *fs)
+	d.SetId(*fs.FileSystemId)
+
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"creating"},
+		Target:  "available",
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeFileSystems(&efs.DescribeFileSystemsInput{
+				FileSystemId: aws.String(d.Id()),
+			})
+			if err != nil {
+				return nil, "error", err
+			}
+
+			if len(resp.FileSystems) < 1 {
+				return nil, "not-found", fmt.Errorf("EFS file system %q not found", d.Id())
+			}
+
+			fs := resp.FileSystems[0]
+			log.Printf("[DEBUG] current status of %q: %q", *fs.FileSystemId, *fs.LifeCycleState)
+			return fs, *fs.LifeCycleState, nil
+		},
+		Timeout:    10 * time.Minute,
+		Delay:      2 * time.Second,
+		MinTimeout: 3 * time.Second,
+	}
+
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for EFS file system (%q) to create: %q",
+			d.Id(), err.Error())
+	}
+	log.Printf("[DEBUG] EFS file system created: %q", *fs.FileSystemId)
+
+	return resourceAwsEfsFileSystemUpdate(d, meta)
+}
+
+func resourceAwsEfsFileSystemUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+	err := setTagsEFS(conn, d)
+	if err != nil {
+		return err
+	}
+
+	return resourceAwsEfsFileSystemRead(d, meta)
+}
+
+func resourceAwsEfsFileSystemRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+
+	resp, err := conn.DescribeFileSystems(&efs.DescribeFileSystemsInput{
+		FileSystemId: aws.String(d.Id()),
+	})
+	if err != nil {
+		return err
+	}
+	if len(resp.FileSystems) < 1 {
+		return fmt.Errorf("EFS file system %q not found", d.Id())
+	}
+
+	tagsResp, err := conn.DescribeTags(&efs.DescribeTagsInput{
+		FileSystemId: aws.String(d.Id()),
+	})
+	if err != nil {
+		return err
+	}
+
+	d.Set("tags", tagsToMapEFS(tagsResp.Tags))
+
+	return nil
+}
+
+func resourceAwsEfsFileSystemDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+
+	log.Printf("[DEBUG] Deleting EFS file system %s", d.Id())
+	_, err := conn.DeleteFileSystem(&efs.DeleteFileSystemInput{
+		FileSystemId: aws.String(d.Id()),
+	})
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"available", "deleting"},
+		Target:  "",
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeFileSystems(&efs.DescribeFileSystemsInput{
+				FileSystemId: aws.String(d.Id()),
+			})
+			if err != nil {
+				efsErr, ok := err.(awserr.Error)
+				if ok && efsErr.Code() == "FileSystemNotFound" {
+					return nil, "", nil
+				}
+				return nil, "error", err
+			}
+
+			if len(resp.FileSystems) < 1 {
+				return nil, "", nil
+			}
+
+			fs := resp.FileSystems[0]
+			log.Printf("[DEBUG] current status of %q: %q",
+				*fs.FileSystemId, *fs.LifeCycleState)
+			return fs, *fs.LifeCycleState, nil
+		},
+		Timeout:    10 * time.Minute,
+		Delay:      2 * time.Second,
+		MinTimeout: 3 * time.Second,
+	}
+
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] EFS file system %q deleted.", d.Id())
+
+	return nil
+}
diff --git a/builtin/providers/aws/resource_aws_efs_file_system_test.go b/builtin/providers/aws/resource_aws_efs_file_system_test.go
new file mode 100644
index 0000000000..03e683476c
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_efs_file_system_test.go
@@ -0,0 +1,133 @@
+package aws
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/efs"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSEFSFileSystem(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckEfsFileSystemDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSEFSFileSystemConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckEfsFileSystem(
+						"aws_efs_file_system.foo",
+					),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSEFSFileSystemConfigWithTags,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckEfsFileSystem(
+						"aws_efs_file_system.foo-with-tags",
+					),
+					testAccCheckEfsFileSystemTags(
+						"aws_efs_file_system.foo-with-tags",
+						map[string]string{
+							"Name":    "foo-efs",
+							"Another": "tag",
+						},
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckEfsFileSystemDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+func testAccCheckEfsFileSystem(resourceID string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceID]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceID)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		fs, ok := s.RootModule().Resources[resourceID]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceID)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).efsconn
+		_, err := conn.DescribeFileSystems(&efs.DescribeFileSystemsInput{
+			FileSystemId: aws.String(fs.Primary.ID),
+		})
+
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckEfsFileSystemTags(resourceID string, expectedTags map[string]string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceID]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceID)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		fs, ok := s.RootModule().Resources[resourceID]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceID)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).efsconn
+		resp, err := conn.DescribeTags(&efs.DescribeTagsInput{
+			FileSystemId: aws.String(fs.Primary.ID),
+		})
+
+		if !reflect.DeepEqual(expectedTags, tagsToMapEFS(resp.Tags)) {
+			return fmt.Errorf("Tags mismatch.\nExpected: %#v\nGiven: %#v",
+				expectedTags, resp.Tags)
+		}
+
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
+const testAccAWSEFSFileSystemConfig = `
+resource "aws_efs_file_system" "foo" {
+	reference_name = "radeksimko"
+}
+`
+
+const testAccAWSEFSFileSystemConfigWithTags = `
+resource "aws_efs_file_system" "foo-with-tags" {
+	reference_name = "yada_yada"
+	tags {
+		Name = "foo-efs"
+		Another = "tag"
+	}
+}
+`
diff --git a/builtin/providers/aws/tagsEFS.go b/builtin/providers/aws/tagsEFS.go
new file mode 100644
index 0000000000..8303d68882
--- /dev/null
+++ b/builtin/providers/aws/tagsEFS.go
@@ -0,0 +1,94 @@
+package aws
+
+import (
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/efs"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+// setTags is a helper to set the tags for a resource. It expects the
+// tags field to be named "tags"
+func setTagsEFS(conn *efs.EFS, d *schema.ResourceData) error {
+	if d.HasChange("tags") {
+		oraw, nraw := d.GetChange("tags")
+		o := oraw.(map[string]interface{})
+		n := nraw.(map[string]interface{})
+		create, remove := diffTagsEFS(tagsFromMapEFS(o), tagsFromMapEFS(n))
+
+		// Set tags
+		if len(remove) > 0 {
+			log.Printf("[DEBUG] Removing tags: %#v", remove)
+			k := make([]*string, 0, len(remove))
+			for _, t := range remove {
+				k = append(k, t.Key)
+			}
+			_, err := conn.DeleteTags(&efs.DeleteTagsInput{
+				FileSystemId: aws.String(d.Id()),
+				TagKeys:      k,
+			})
+			if err != nil {
+				return err
+			}
+		}
+		if len(create) > 0 {
+			log.Printf("[DEBUG] Creating tags: %#v", create)
+			_, err := conn.CreateTags(&efs.CreateTagsInput{
+				FileSystemId: aws.String(d.Id()),
+				Tags:         create,
+			})
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// diffTags takes our tags locally and the ones remotely and returns
+// the set of tags that must be created, and the set of tags that must
+// be destroyed.
+func diffTagsEFS(oldTags, newTags []*efs.Tag) ([]*efs.Tag, []*efs.Tag) {
+	// First, we're creating everything we have
+	create := make(map[string]interface{})
+	for _, t := range newTags {
+		create[*t.Key] = *t.Value
+	}
+
+	// Build the list of what to remove
+	var remove []*efs.Tag
+	for _, t := range oldTags {
+		old, ok := create[*t.Key]
+		if !ok || old != *t.Value {
+			// Delete it!
+			remove = append(remove, t)
+		}
+	}
+
+	return tagsFromMapEFS(create), remove
+}
+
+// tagsFromMap returns the tags for the given map of data.
+func tagsFromMapEFS(m map[string]interface{}) []*efs.Tag {
+	var result []*efs.Tag
+	for k, v := range m {
+		result = append(result, &efs.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v.(string)),
+		})
+	}
+
+	return result
+}
+
+// tagsToMap turns the list of tags into a map.
+func tagsToMapEFS(ts []*efs.Tag) map[string]string {
+	result := make(map[string]string)
+	for _, t := range ts {
+		result[*t.Key] = *t.Value
+	}
+
+	return result
+}
diff --git a/builtin/providers/aws/tagsEFS_test.go b/builtin/providers/aws/tagsEFS_test.go
new file mode 100644
index 0000000000..ca2ae88436
--- /dev/null
+++ b/builtin/providers/aws/tagsEFS_test.go
@@ -0,0 +1,85 @@
+package aws
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/efs"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestDiffEFSTags(t *testing.T) {
+	cases := []struct {
+		Old, New       map[string]interface{}
+		Create, Remove map[string]string
+	}{
+		// Basic add/remove
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"bar": "baz",
+			},
+			Create: map[string]string{
+				"bar": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+
+		// Modify
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"foo": "baz",
+			},
+			Create: map[string]string{
+				"foo": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+	}
+
+	for i, tc := range cases {
+		c, r := diffTagsEFS(tagsFromMapEFS(tc.Old), tagsFromMapEFS(tc.New))
+		cm := tagsToMapEFS(c)
+		rm := tagsToMapEFS(r)
+		if !reflect.DeepEqual(cm, tc.Create) {
+			t.Fatalf("%d: bad create: %#v", i, cm)
+		}
+		if !reflect.DeepEqual(rm, tc.Remove) {
+			t.Fatalf("%d: bad remove: %#v", i, rm)
+		}
+	}
+}
+
+// testAccCheckTags can be used to check the tags on a resource.
+func testAccCheckEFSTags(
+	ts *[]*efs.Tag, key string, value string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		m := tagsToMapEFS(*ts)
+		v, ok := m[key]
+		if value != "" && !ok {
+			return fmt.Errorf("Missing tag: %s", key)
+		} else if value == "" && ok {
+			return fmt.Errorf("Extra tag: %s", key)
+		}
+		if value == "" {
+			return nil
+		}
+
+		if v != value {
+			return fmt.Errorf("%s: bad value: %s", key, v)
+		}
+
+		return nil
+	}
+}

From 167b44770f00b786622cf211b19d3091439e60b7 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 15 Sep 2015 23:11:53 +0100
Subject: [PATCH 101/335] provider/aws: Add efs_mount_target

---
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_efs_mount_target.go      | 223 ++++++++++++++++++
 .../aws/resource_aws_efs_mount_target_test.go | 135 +++++++++++
 builtin/providers/aws/structure.go            |  13 +-
 4 files changed, 371 insertions(+), 1 deletion(-)
 create mode 100644 builtin/providers/aws/resource_aws_efs_mount_target.go
 create mode 100644 builtin/providers/aws/resource_aws_efs_mount_target_test.go

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index f57cd47ea0..350aeb75da 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -176,6 +176,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_ecs_service":                  resourceAwsEcsService(),
 			"aws_ecs_task_definition":          resourceAwsEcsTaskDefinition(),
 			"aws_efs_file_system":              resourceAwsEfsFileSystem(),
+			"aws_efs_mount_target":             resourceAwsEfsMountTarget(),
 			"aws_eip":                          resourceAwsEip(),
 			"aws_elasticache_cluster":          resourceAwsElasticacheCluster(),
 			"aws_elasticache_parameter_group":  resourceAwsElasticacheParameterGroup(),
diff --git a/builtin/providers/aws/resource_aws_efs_mount_target.go b/builtin/providers/aws/resource_aws_efs_mount_target.go
new file mode 100644
index 0000000000..ca7656e634
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_efs_mount_target.go
@@ -0,0 +1,223 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/efs"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsEfsMountTarget() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsEfsMountTargetCreate,
+		Read:   resourceAwsEfsMountTargetRead,
+		Update: resourceAwsEfsMountTargetUpdate,
+		Delete: resourceAwsEfsMountTargetDelete,
+
+		Schema: map[string]*schema.Schema{
+			"file_system_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"ip_address": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"security_groups": &schema.Schema{
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+				Computed: true,
+				Optional: true,
+			},
+
+			"subnet_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"network_interface_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsEfsMountTargetCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+
+	input := efs.CreateMountTargetInput{
+		FileSystemId: aws.String(d.Get("file_system_id").(string)),
+		SubnetId:     aws.String(d.Get("subnet_id").(string)),
+	}
+
+	if v, ok := d.GetOk("ip_address"); ok {
+		input.IpAddress = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("security_groups"); ok {
+		input.SecurityGroups = expandStringList(v.(*schema.Set).List())
+	}
+
+	log.Printf("[DEBUG] Creating EFS mount target: %#v", input)
+
+	mt, err := conn.CreateMountTarget(&input)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(*mt.MountTargetId)
+
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"creating"},
+		Target:  "available",
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeMountTargets(&efs.DescribeMountTargetsInput{
+				MountTargetId: aws.String(d.Id()),
+			})
+			if err != nil {
+				return nil, "error", err
+			}
+
+			if len(resp.MountTargets) < 1 {
+				return nil, "error", fmt.Errorf("EFS mount target %q not found", d.Id())
+			}
+
+			mt := resp.MountTargets[0]
+
+			log.Printf("[DEBUG] Current status of %q: %q", *mt.MountTargetId, *mt.LifeCycleState)
+			return mt, *mt.LifeCycleState, nil
+		},
+		Timeout:    10 * time.Minute,
+		Delay:      2 * time.Second,
+		MinTimeout: 3 * time.Second,
+	}
+
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for EFS mount target (%s) to create: %s", d.Id(), err)
+	}
+
+	log.Printf("[DEBUG] EFS mount target created: %s", *mt.MountTargetId)
+
+	return resourceAwsEfsMountTargetRead(d, meta)
+}
+
+func resourceAwsEfsMountTargetUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+
+	if d.HasChange("security_groups") {
+		input := efs.ModifyMountTargetSecurityGroupsInput{
+			MountTargetId:  aws.String(d.Id()),
+			SecurityGroups: expandStringList(d.Get("security_groups").(*schema.Set).List()),
+		}
+		_, err := conn.ModifyMountTargetSecurityGroups(&input)
+		if err != nil {
+			return err
+		}
+	}
+
+	return resourceAwsEfsMountTargetRead(d, meta)
+}
+
+func resourceAwsEfsMountTargetRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+	resp, err := conn.DescribeMountTargets(&efs.DescribeMountTargetsInput{
+		MountTargetId: aws.String(d.Id()),
+	})
+	if err != nil {
+		return err
+	}
+
+	if len(resp.MountTargets) < 1 {
+		return fmt.Errorf("EFS mount target %q not found", d.Id())
+	}
+
+	mt := resp.MountTargets[0]
+
+	log.Printf("[DEBUG] Found EFS mount target: %#v", mt)
+
+	d.SetId(*mt.MountTargetId)
+	d.Set("file_system_id", *mt.FileSystemId)
+	d.Set("ip_address", *mt.IpAddress)
+	d.Set("subnet_id", *mt.SubnetId)
+	d.Set("network_interface_id", *mt.NetworkInterfaceId)
+
+	sgResp, err := conn.DescribeMountTargetSecurityGroups(&efs.DescribeMountTargetSecurityGroupsInput{
+		MountTargetId: aws.String(d.Id()),
+	})
+	if err != nil {
+		return err
+	}
+
+	d.Set("security_groups", schema.NewSet(schema.HashString, flattenStringList(sgResp.SecurityGroups)))
+
+	return nil
+}
+
+func resourceAwsEfsMountTargetDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).efsconn
+
+	log.Printf("[DEBUG] Deleting EFS mount target %q", d.Id())
+	_, err := conn.DeleteMountTarget(&efs.DeleteMountTargetInput{
+		MountTargetId: aws.String(d.Id()),
+	})
+	if err != nil {
+		return err
+	}
+
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"available", "deleting", "deleted"},
+		Target:  "",
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeMountTargets(&efs.DescribeMountTargetsInput{
+				MountTargetId: aws.String(d.Id()),
+			})
+			if err != nil {
+				awsErr, ok := err.(awserr.Error)
+				if !ok {
+					return nil, "error", err
+				}
+
+				if awsErr.Code() == "MountTargetNotFound" {
+					return nil, "", nil
+				}
+
+				return nil, "error", awsErr
+			}
+
+			if len(resp.MountTargets) < 1 {
+				return nil, "", nil
+			}
+
+			mt := resp.MountTargets[0]
+
+			log.Printf("[DEBUG] Current status of %q: %q", *mt.MountTargetId, *mt.LifeCycleState)
+			return mt, *mt.LifeCycleState, nil
+		},
+		Timeout:    10 * time.Minute,
+		Delay:      2 * time.Second,
+		MinTimeout: 3 * time.Second,
+	}
+
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf("Error waiting for EFS mount target (%q) to delete: %q",
+			d.Id(), err.Error())
+	}
+
+	log.Printf("[DEBUG] EFS mount target %q deleted.", d.Id())
+
+	return nil
+}
diff --git a/builtin/providers/aws/resource_aws_efs_mount_target_test.go b/builtin/providers/aws/resource_aws_efs_mount_target_test.go
new file mode 100644
index 0000000000..e9d624e03f
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_efs_mount_target_test.go
@@ -0,0 +1,135 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/efs"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSEFSMountTarget(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckEfsMountTargetDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSEFSMountTargetConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckEfsMountTarget(
+						"aws_efs_mount_target.alpha",
+					),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSEFSMountTargetConfigModified,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckEfsMountTarget(
+						"aws_efs_mount_target.alpha",
+					),
+					testAccCheckEfsMountTarget(
+						"aws_efs_mount_target.beta",
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckEfsMountTargetDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+func testAccCheckEfsMountTarget(resourceID string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceID]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceID)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		fs, ok := s.RootModule().Resources[resourceID]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceID)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).efsconn
+		mt, err := conn.DescribeMountTargets(&efs.DescribeMountTargetsInput{
+			MountTargetId: aws.String(fs.Primary.ID),
+		})
+		if err != nil {
+			return err
+		}
+
+		if *mt.MountTargets[0].MountTargetId != fs.Primary.ID {
+			return fmt.Errorf("Mount target ID mismatch: %q != %q",
+				*mt.MountTargets[0].MountTargetId, fs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+const testAccAWSEFSMountTargetConfig = `
+resource "aws_efs_file_system" "foo" {
+	reference_name = "radeksimko"
+}
+
+resource "aws_efs_mount_target" "alpha" {
+	file_system_id = "${aws_efs_file_system.foo.id}"
+	subnet_id = "${aws_subnet.alpha.id}"
+}
+
+resource "aws_vpc" "foo" {
+	cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "alpha" {
+	vpc_id = "${aws_vpc.foo.id}"
+	availability_zone = "us-west-2a"
+	cidr_block = "10.0.1.0/24"
+}
+`
+
+const testAccAWSEFSMountTargetConfigModified = `
+resource "aws_efs_file_system" "foo" {
+	reference_name = "radeksimko"
+}
+
+resource "aws_efs_mount_target" "alpha" {
+	file_system_id = "${aws_efs_file_system.foo.id}"
+	subnet_id = "${aws_subnet.alpha.id}"
+}
+
+resource "aws_efs_mount_target" "beta" {
+	file_system_id = "${aws_efs_file_system.foo.id}"
+	subnet_id = "${aws_subnet.beta.id}"
+}
+
+resource "aws_vpc" "foo" {
+	cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "alpha" {
+	vpc_id = "${aws_vpc.foo.id}"
+	availability_zone = "us-west-2a"
+	cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_subnet" "beta" {
+	vpc_id = "${aws_vpc.foo.id}"
+	availability_zone = "us-west-2b"
+	cidr_block = "10.0.2.0/24"
+}
+`
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index 9b1c0ab790..d736e0ad5a 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -368,7 +368,7 @@ func flattenElastiCacheParameters(list []*elasticache.Parameter) []map[string]in
 }
 
 // Takes the result of flatmap.Expand for an array of strings
-// and returns a []string
+// and returns a []*string
 func expandStringList(configured []interface{}) []*string {
 	vs := make([]*string, 0, len(configured))
 	for _, v := range configured {
@@ -377,6 +377,17 @@ func expandStringList(configured []interface{}) []*string {
 	return vs
 }
 
+// Takes list of pointers to strings. Expand to an array
+// of raw strings and returns a []interface{}
+// to keep compatibility w/ schema.NewSetschema.NewSet
+func flattenStringList(list []*string) []interface{} {
+	vs := make([]interface{}, 0, len(list))
+	for _, v := range list {
+		vs = append(vs, *v)
+	}
+	return vs
+}
+
 //Flattens an array of private ip addresses into a []string, where the elements returned are the IP strings e.g. "192.168.0.0"
 func flattenNetworkInterfacesPrivateIPAddresses(dtos []*ec2.NetworkInterfacePrivateIpAddress) []string {
 	ips := make([]string, 0, len(dtos))

From d86c753cf179b0181dfab1148ba8712e263dc60d Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 16 Sep 2015 12:44:41 +0100
Subject: [PATCH 102/335] provider/aws: Add docs for EFS resources

---
 .../aws/r/efs_file_system.html.markdown       | 35 ++++++++++++++
 .../aws/r/efs_mount_target.html.markdown      | 47 +++++++++++++++++++
 website/source/layouts/aws.erb                | 16 +++++++
 3 files changed, 98 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/efs_file_system.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/efs_mount_target.html.markdown

diff --git a/website/source/docs/providers/aws/r/efs_file_system.html.markdown b/website/source/docs/providers/aws/r/efs_file_system.html.markdown
new file mode 100644
index 0000000000..ac4cbb0b3a
--- /dev/null
+++ b/website/source/docs/providers/aws/r/efs_file_system.html.markdown
@@ -0,0 +1,35 @@
+---
+layout: "aws"
+page_title: "AWS: aws_efs_file_system"
+sidebar_current: "docs-aws-resource-efs-file-system"
+description: |-
+  Provides an EFS file system.
+---
+
+# aws\_efs\_file\_system
+
+Provides an EFS file system.
+
+## Example Usage
+
+```
+resource "aws_efs_file_system" "foo" {
+  reference_name = "my-product"
+  tags {
+    Name = "MyProduct"
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `reference_name` - (Optional) A reference name used in Creation Token
+* `tags` - (Optional) A mapping of tags to assign to the file system
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID that identifies the file system
diff --git a/website/source/docs/providers/aws/r/efs_mount_target.html.markdown b/website/source/docs/providers/aws/r/efs_mount_target.html.markdown
new file mode 100644
index 0000000000..59bd3bee22
--- /dev/null
+++ b/website/source/docs/providers/aws/r/efs_mount_target.html.markdown
@@ -0,0 +1,47 @@
+---
+layout: "aws"
+page_title: "AWS: aws_efs_mount_target"
+sidebar_current: "docs-aws-resource-efs-mount-target"
+description: |-
+  Provides an EFS mount target.
+---
+
+# aws\_efs\_file\_system
+
+Provides an EFS file system. Per [documentation](http://docs.aws.amazon.com/efs/latest/ug/limits.html)
+the limit is 1 mount target per AZ.
+
+## Example Usage
+
+```
+resource "aws_efs_mount_target" "alpha" {
+  file_system_id = "${aws_efs_file_system.foo.id}"
+  subnet_id = "${aws_subnet.alpha.id}"
+}
+
+resource "aws_vpc" "foo" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "alpha" {
+  vpc_id = "${aws_vpc.foo.id}"
+  availability_zone = "us-west-2a"
+  cidr_block = "10.0.1.0/24"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `file_system_id` - (Required) The ID of the file system for which the mount target is intended.
+* `subnet_id` - (Required) The ID of the subnet that the mount target is in.
+* `ip_address` - (Optional) The address at which the file system may be mounted via the mount target.
+* `security_groups` - (Optional) A list of up to 5 VPC security group IDs in effect for the mount target.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the mount target
+* `network_interface_id` - The ID of the network interface that Amazon EFS created when it created the mount target.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 1f5c7dee15..17281a9f84 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -132,6 +132,22 @@
                 </li>
 
 
+                <li<%= sidebar_current(/^docs-aws-resource-efs/) %>>
+                    <a href="#">EFS Resources</a>
+                    <ul class="nav nav-visible">
+
+                        <li<%= sidebar_current("docs-aws-resource-efs-file-system") %>>
+                            <a href="/docs/providers/aws/r/efs_file_system.html">aws_efs_file_system</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-efs-mount-target") %>>
+                            <a href="/docs/providers/aws/r/efs_mount_target.html">aws_efs_mount_target</a>
+                        </li>
+
+                    </ul>
+                </li>
+
+
                 <li<%= sidebar_current(/^docs-aws-resource-elasticache/) %>>
                     <a href="#">ElastiCache Resources</a>
                     <ul class="nav nav-visible">

From 967c88a3754b99c6aea2610a05cb5d85a738f5b5 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 4 Oct 2015 09:43:56 -0700
Subject: [PATCH 103/335] Update CHANGELOG.md

Add some PR references I apparently missed on the first pass. Whoops!
---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 907e9d9364..c7d846c387 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,8 +53,8 @@ BUG FIXES:
 
 INTERNAL IMPROVEMENTS:
 
-  * helper/schema: Don't allow ``Update`` func if no attributes can actually be updated, per schema.
-  * helper/multierror: Remove in favor of [github.com/hashicorp/go-multierror](http://github.com/hashicorp/go-multierror).
+  * helper/schema: Don't allow ``Update`` func if no attributes can actually be updated, per schema. [GH-3288]
+  * helper/multierror: Remove in favor of [github.com/hashicorp/go-multierror](http://github.com/hashicorp/go-multierror). [GH-3336]
 
 ## 0.6.3 (August 11, 2015)
 

From 350b8e2df2e38bc35493a72787fda5029615447b Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Mon, 5 Oct 2015 14:05:21 +0200
Subject: [PATCH 104/335] Small refactor of the UUID/UnlimitedResourceID logic

This makes things a little more generic and robust.
---
 builtin/providers/cloudstack/provider_test.go |  6 +-
 .../cloudstack/resource_cloudstack_disk.go    | 44 +++++-----
 .../resource_cloudstack_egress_firewall.go    |  8 +-
 ...esource_cloudstack_egress_firewall_test.go |  8 +-
 .../resource_cloudstack_firewall.go           |  8 +-
 .../resource_cloudstack_firewall_test.go      |  8 +-
 .../resource_cloudstack_instance.go           | 36 ++++-----
 .../resource_cloudstack_ipaddress.go          | 20 ++---
 .../resource_cloudstack_loadbalancer.go       | 16 ++--
 .../resource_cloudstack_loadbalancer_test.go  |  4 +-
 .../cloudstack/resource_cloudstack_network.go | 32 ++++----
 .../resource_cloudstack_network_acl.go        |  8 +-
 .../resource_cloudstack_network_acl_rule.go   |  6 +-
 ...source_cloudstack_network_acl_rule_test.go |  8 +-
 .../cloudstack/resource_cloudstack_nic.go     | 18 ++---
 .../resource_cloudstack_port_forward.go       | 15 ++--
 .../resource_cloudstack_port_forward_test.go  |  8 +-
 ...resource_cloudstack_secondary_ipaddress.go | 10 +--
 ...rce_cloudstack_secondary_ipaddress_test.go |  8 +-
 .../resource_cloudstack_ssh_keypair.go        |  2 +-
 .../resource_cloudstack_template.go           | 28 +++----
 .../cloudstack/resource_cloudstack_vpc.go     | 20 ++---
 .../resource_cloudstack_vpn_connection.go     |  2 +-
 ...esource_cloudstack_vpn_customer_gateway.go |  2 +-
 .../resource_cloudstack_vpn_gateway.go        |  8 +-
 builtin/providers/cloudstack/resources.go     | 80 ++++++++++---------
 26 files changed, 206 insertions(+), 207 deletions(-)

diff --git a/builtin/providers/cloudstack/provider_test.go b/builtin/providers/cloudstack/provider_test.go
index 1207fd085b..b1b8442a55 100644
--- a/builtin/providers/cloudstack/provider_test.go
+++ b/builtin/providers/cloudstack/provider_test.go
@@ -32,18 +32,18 @@ func testSetValueOnResourceData(t *testing.T) {
 	d := schema.ResourceData{}
 	d.Set("id", "name")
 
-	setValueOrUUID(&d, "id", "name", "54711781-274e-41b2-83c0-17194d0108f7")
+	setValueOrID(&d, "id", "name", "54711781-274e-41b2-83c0-17194d0108f7")
 
 	if d.Get("id").(string) != "name" {
 		t.Fatal("err: 'id' does not match 'name'")
 	}
 }
 
-func testSetUUIDOnResourceData(t *testing.T) {
+func testSetIDOnResourceData(t *testing.T) {
 	d := schema.ResourceData{}
 	d.Set("id", "54711781-274e-41b2-83c0-17194d0108f7")
 
-	setValueOrUUID(&d, "id", "name", "54711781-274e-41b2-83c0-17194d0108f7")
+	setValueOrID(&d, "id", "name", "54711781-274e-41b2-83c0-17194d0108f7")
 
 	if d.Get("id").(string) != "54711781-274e-41b2-83c0-17194d0108f7" {
 		t.Fatal("err: 'id' doest not match '54711781-274e-41b2-83c0-17194d0108f7'")
diff --git a/builtin/providers/cloudstack/resource_cloudstack_disk.go b/builtin/providers/cloudstack/resource_cloudstack_disk.go
index 30e7950dad..63a788f662 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_disk.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_disk.go
@@ -80,12 +80,12 @@ func resourceCloudStackDiskCreate(d *schema.ResourceData, meta interface{}) erro
 	// Create a new parameter struct
 	p := cs.Volume.NewCreateVolumeParams(name)
 
-	// Retrieve the disk_offering UUID
-	diskofferingid, e := retrieveUUID(cs, "disk_offering", d.Get("disk_offering").(string))
+	// Retrieve the disk_offering ID
+	diskofferingid, e := retrieveID(cs, "disk_offering", d.Get("disk_offering").(string))
 	if e != nil {
 		return e.Error()
 	}
-	// Set the disk_offering UUID
+	// Set the disk_offering ID
 	p.SetDiskofferingid(diskofferingid)
 
 	if d.Get("size").(int) != 0 {
@@ -95,8 +95,8 @@ func resourceCloudStackDiskCreate(d *schema.ResourceData, meta interface{}) erro
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
+		// Retrieve the project ID
+		projectid, e := retrieveID(cs, "project", project.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -104,8 +104,8 @@ func resourceCloudStackDiskCreate(d *schema.ResourceData, meta interface{}) erro
 		p.SetProjectid(projectid)
 	}
 
-	// Retrieve the zone UUID
-	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
+	// Retrieve the zone ID
+	zoneid, e := retrieveID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -118,7 +118,7 @@ func resourceCloudStackDiskCreate(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("Error creating the new disk %s: %s", name, err)
 	}
 
-	// Set the volume UUID and partials
+	// Set the volume ID and partials
 	d.SetId(r.Id)
 	d.SetPartial("name")
 	d.SetPartial("device")
@@ -160,9 +160,9 @@ func resourceCloudStackDiskRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("attach", v.Attached != "")           // If attached this will contain a timestamp when attached
 	d.Set("size", int(v.Size/(1024*1024*1024))) // Needed to get GB's again
 
-	setValueOrUUID(d, "disk_offering", v.Diskofferingname, v.Diskofferingid)
-	setValueOrUUID(d, "project", v.Project, v.Projectid)
-	setValueOrUUID(d, "zone", v.Zonename, v.Zoneid)
+	setValueOrID(d, "disk_offering", v.Diskofferingname, v.Diskofferingid)
+	setValueOrID(d, "project", v.Project, v.Projectid)
+	setValueOrID(d, "zone", v.Zonename, v.Zoneid)
 
 	if v.Attached != "" {
 		// Get the virtual machine details
@@ -184,7 +184,7 @@ func resourceCloudStackDiskRead(d *schema.ResourceData, meta interface{}) error
 		}
 
 		d.Set("device", retrieveDeviceName(v.Deviceid, c.Name))
-		setValueOrUUID(d, "virtual_machine", v.Vmname, v.Virtualmachineid)
+		setValueOrID(d, "virtual_machine", v.Vmname, v.Virtualmachineid)
 	}
 
 	return nil
@@ -205,13 +205,13 @@ func resourceCloudStackDiskUpdate(d *schema.ResourceData, meta interface{}) erro
 		// Create a new parameter struct
 		p := cs.Volume.NewResizeVolumeParams(d.Id())
 
-		// Retrieve the disk_offering UUID
-		diskofferingid, e := retrieveUUID(cs, "disk_offering", d.Get("disk_offering").(string))
+		// Retrieve the disk_offering ID
+		diskofferingid, e := retrieveID(cs, "disk_offering", d.Get("disk_offering").(string))
 		if e != nil {
 			return e.Error()
 		}
 
-		// Set the disk_offering UUID
+		// Set the disk_offering ID
 		p.SetDiskofferingid(diskofferingid)
 
 		if d.Get("size").(int) != 0 {
@@ -228,7 +228,7 @@ func resourceCloudStackDiskUpdate(d *schema.ResourceData, meta interface{}) erro
 			return fmt.Errorf("Error changing disk offering/size for disk %s: %s", name, err)
 		}
 
-		// Update the volume UUID and set partials
+		// Update the volume ID and set partials
 		d.SetId(r.Id)
 		d.SetPartial("disk_offering")
 		d.SetPartial("size")
@@ -278,7 +278,7 @@ func resourceCloudStackDiskDelete(d *schema.ResourceData, meta interface{}) erro
 
 	// Delete the voluem
 	if _, err := cs.Volume.DeleteVolume(p); err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
@@ -299,8 +299,8 @@ func resourceCloudStackDiskAttach(d *schema.ResourceData, meta interface{}) erro
 		return err
 	}
 
-	// Retrieve the virtual_machine UUID
-	virtualmachineid, e := retrieveUUID(cs, "virtual_machine", d.Get("virtual_machine").(string))
+	// Retrieve the virtual_machine ID
+	virtualmachineid, e := retrieveID(cs, "virtual_machine", d.Get("virtual_machine").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -341,13 +341,13 @@ func resourceCloudStackDiskDetach(d *schema.ResourceData, meta interface{}) erro
 	// Create a new parameter struct
 	p := cs.Volume.NewDetachVolumeParams()
 
-	// Set the volume UUID
+	// Set the volume ID
 	p.SetId(d.Id())
 
 	// Detach the currently attached volume
 	if _, err := cs.Volume.DetachVolume(p); err != nil {
-		// Retrieve the virtual_machine UUID
-		virtualmachineid, e := retrieveUUID(cs, "virtual_machine", d.Get("virtual_machine").(string))
+		// Retrieve the virtual_machine ID
+		virtualmachineid, e := retrieveID(cs, "virtual_machine", d.Get("virtual_machine").(string))
 		if e != nil {
 			return e.Error()
 		}
diff --git a/builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go b/builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go
index e61ac01733..55209eadf2 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go
@@ -89,8 +89,8 @@ func resourceCloudStackEgressFirewallCreate(d *schema.ResourceData, meta interfa
 		return err
 	}
 
-	// Retrieve the network UUID
-	networkid, e := retrieveUUID(cs, "network", d.Get("network").(string))
+	// Retrieve the network ID
+	networkid, e := retrieveID(cs, "network", d.Get("network").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -222,7 +222,7 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 
 				// Get the rule
 				r, count, err := cs.Firewall.GetEgressFirewallRuleByID(id.(string))
-				// If the count == 0, there is no object found for this UUID
+				// If the count == 0, there is no object found for this ID
 				if err != nil {
 					if count == 0 {
 						delete(uuids, "icmp")
@@ -415,7 +415,7 @@ func resourceCloudStackEgressFirewallDeleteRule(
 		// Delete the rule
 		if _, err := cs.Firewall.DeleteEgressFirewallRule(p); err != nil {
 
-			// This is a very poor way to be told the UUID does no longer exist :(
+			// This is a very poor way to be told the ID does no longer exist :(
 			if strings.Contains(err.Error(), fmt.Sprintf(
 				"Invalid parameter id value=%s due to incorrect long value format, "+
 					"or entity does not exist", id.(string))) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_egress_firewall_test.go b/builtin/providers/cloudstack/resource_cloudstack_egress_firewall_test.go
index 05c3b985e7..dbca8c32b4 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_egress_firewall_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_egress_firewall_test.go
@@ -123,13 +123,13 @@ func testAccCheckCloudStackEgressFirewallRulesExist(n string) resource.TestCheck
 			return fmt.Errorf("No firewall ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
 				continue
 			}
 
 			cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
-			_, count, err := cs.Firewall.GetEgressFirewallRuleByID(uuid)
+			_, count, err := cs.Firewall.GetEgressFirewallRuleByID(id)
 
 			if err != nil {
 				return err
@@ -156,12 +156,12 @@ func testAccCheckCloudStackEgressFirewallDestroy(s *terraform.State) error {
 			return fmt.Errorf("No instance ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
 				continue
 			}
 
-			_, _, err := cs.Firewall.GetEgressFirewallRuleByID(uuid)
+			_, _, err := cs.Firewall.GetEgressFirewallRuleByID(id)
 			if err == nil {
 				return fmt.Errorf("Egress rule %s still exists", rs.Primary.ID)
 			}
diff --git a/builtin/providers/cloudstack/resource_cloudstack_firewall.go b/builtin/providers/cloudstack/resource_cloudstack_firewall.go
index 48a7805451..1e7ff8e708 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_firewall.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_firewall.go
@@ -89,8 +89,8 @@ func resourceCloudStackFirewallCreate(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	// Retrieve the ipaddress UUID
-	ipaddressid, e := retrieveUUID(cs, "ipaddress", d.Get("ipaddress").(string))
+	// Retrieve the ipaddress ID
+	ipaddressid, e := retrieveID(cs, "ipaddress", d.Get("ipaddress").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -222,7 +222,7 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
 
 				// Get the rule
 				r, count, err := cs.Firewall.GetFirewallRuleByID(id.(string))
-				// If the count == 0, there is no object found for this UUID
+				// If the count == 0, there is no object found for this ID
 				if err != nil {
 					if count == 0 {
 						delete(uuids, "icmp")
@@ -415,7 +415,7 @@ func resourceCloudStackFirewallDeleteRule(
 		// Delete the rule
 		if _, err := cs.Firewall.DeleteFirewallRule(p); err != nil {
 
-			// This is a very poor way to be told the UUID does no longer exist :(
+			// This is a very poor way to be told the ID does no longer exist :(
 			if strings.Contains(err.Error(), fmt.Sprintf(
 				"Invalid parameter id value=%s due to incorrect long value format, "+
 					"or entity does not exist", id.(string))) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_firewall_test.go b/builtin/providers/cloudstack/resource_cloudstack_firewall_test.go
index 2be2cebea7..a86cdc3b2b 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_firewall_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_firewall_test.go
@@ -110,13 +110,13 @@ func testAccCheckCloudStackFirewallRulesExist(n string) resource.TestCheckFunc {
 			return fmt.Errorf("No firewall ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
 				continue
 			}
 
 			cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
-			_, count, err := cs.Firewall.GetFirewallRuleByID(uuid)
+			_, count, err := cs.Firewall.GetFirewallRuleByID(id)
 
 			if err != nil {
 				return err
@@ -143,12 +143,12 @@ func testAccCheckCloudStackFirewallDestroy(s *terraform.State) error {
 			return fmt.Errorf("No instance ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
 				continue
 			}
 
-			_, _, err := cs.Firewall.GetFirewallRuleByID(uuid)
+			_, _, err := cs.Firewall.GetFirewallRuleByID(id)
 			if err == nil {
 				return fmt.Errorf("Firewall rule %s still exists", rs.Primary.ID)
 			}
diff --git a/builtin/providers/cloudstack/resource_cloudstack_instance.go b/builtin/providers/cloudstack/resource_cloudstack_instance.go
index ea5d85caf6..504a2dbbf0 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_instance.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_instance.go
@@ -100,14 +100,14 @@ func resourceCloudStackInstance() *schema.Resource {
 func resourceCloudStackInstanceCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
-	// Retrieve the service_offering UUID
-	serviceofferingid, e := retrieveUUID(cs, "service_offering", d.Get("service_offering").(string))
+	// Retrieve the service_offering ID
+	serviceofferingid, e := retrieveID(cs, "service_offering", d.Get("service_offering").(string))
 	if e != nil {
 		return e.Error()
 	}
 
-	// Retrieve the zone UUID
-	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
+	// Retrieve the zone ID
+	zoneid, e := retrieveID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -118,8 +118,8 @@ func resourceCloudStackInstanceCreate(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	// Retrieve the template UUID
-	templateid, e := retrieveTemplateUUID(cs, zone.Id, d.Get("template").(string))
+	// Retrieve the template ID
+	templateid, e := retrieveTemplateID(cs, zone.Id, d.Get("template").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -139,8 +139,8 @@ func resourceCloudStackInstanceCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	if zone.Networktype == "Advanced" {
-		// Retrieve the network UUID
-		networkid, e := retrieveUUID(cs, "network", d.Get("network").(string))
+		// Retrieve the network ID
+		networkid, e := retrieveID(cs, "network", d.Get("network").(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -155,8 +155,8 @@ func resourceCloudStackInstanceCreate(d *schema.ResourceData, meta interface{})
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
+		// Retrieve the project ID
+		projectid, e := retrieveID(cs, "project", project.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -229,11 +229,11 @@ func resourceCloudStackInstanceRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("ipaddress", vm.Nic[0].Ipaddress)
 	//NB cloudstack sometimes sends back the wrong keypair name, so dont update it
 
-	setValueOrUUID(d, "network", vm.Nic[0].Networkname, vm.Nic[0].Networkid)
-	setValueOrUUID(d, "service_offering", vm.Serviceofferingname, vm.Serviceofferingid)
-	setValueOrUUID(d, "template", vm.Templatename, vm.Templateid)
-	setValueOrUUID(d, "project", vm.Project, vm.Projectid)
-	setValueOrUUID(d, "zone", vm.Zonename, vm.Zoneid)
+	setValueOrID(d, "network", vm.Nic[0].Networkname, vm.Nic[0].Networkid)
+	setValueOrID(d, "service_offering", vm.Serviceofferingname, vm.Serviceofferingid)
+	setValueOrID(d, "template", vm.Templatename, vm.Templateid)
+	setValueOrID(d, "project", vm.Project, vm.Projectid)
+	setValueOrID(d, "zone", vm.Zonename, vm.Zoneid)
 
 	return nil
 }
@@ -278,8 +278,8 @@ func resourceCloudStackInstanceUpdate(d *schema.ResourceData, meta interface{})
 		if d.HasChange("service_offering") {
 			log.Printf("[DEBUG] Service offering changed for %s, starting update", name)
 
-			// Retrieve the service_offering UUID
-			serviceofferingid, e := retrieveUUID(cs, "service_offering", d.Get("service_offering").(string))
+			// Retrieve the service_offering ID
+			serviceofferingid, e := retrieveID(cs, "service_offering", d.Get("service_offering").(string))
 			if e != nil {
 				return e.Error()
 			}
@@ -335,7 +335,7 @@ func resourceCloudStackInstanceDelete(d *schema.ResourceData, meta interface{})
 
 	log.Printf("[INFO] Destroying instance: %s", d.Get("name").(string))
 	if _, err := cs.VirtualMachine.DestroyVirtualMachine(p); err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go b/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
index 7d958d104f..aff6f79bb2 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
@@ -53,8 +53,8 @@ func resourceCloudStackIPAddressCreate(d *schema.ResourceData, meta interface{})
 	p := cs.Address.NewAssociateIpAddressParams()
 
 	if network, ok := d.GetOk("network"); ok {
-		// Retrieve the network UUID
-		networkid, e := retrieveUUID(cs, "network", network.(string))
+		// Retrieve the network ID
+		networkid, e := retrieveID(cs, "network", network.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -64,8 +64,8 @@ func resourceCloudStackIPAddressCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	if vpc, ok := d.GetOk("vpc"); ok {
-		// Retrieve the vpc UUID
-		vpcid, e := retrieveUUID(cs, "vpc", vpc.(string))
+		// Retrieve the vpc ID
+		vpcid, e := retrieveID(cs, "vpc", vpc.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -76,8 +76,8 @@ func resourceCloudStackIPAddressCreate(d *schema.ResourceData, meta interface{})
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
+		// Retrieve the project ID
+		projectid, e := retrieveID(cs, "project", project.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -122,7 +122,7 @@ func resourceCloudStackIPAddressRead(d *schema.ResourceData, meta interface{}) e
 			return err
 		}
 
-		setValueOrUUID(d, "network", n.Name, f.Associatednetworkid)
+		setValueOrID(d, "network", n.Name, f.Associatednetworkid)
 	}
 
 	if _, ok := d.GetOk("vpc"); ok {
@@ -132,10 +132,10 @@ func resourceCloudStackIPAddressRead(d *schema.ResourceData, meta interface{}) e
 			return err
 		}
 
-		setValueOrUUID(d, "vpc", v.Name, f.Vpcid)
+		setValueOrID(d, "vpc", v.Name, f.Vpcid)
 	}
 
-	setValueOrUUID(d, "project", f.Project, f.Projectid)
+	setValueOrID(d, "project", f.Project, f.Projectid)
 
 	return nil
 }
@@ -148,7 +148,7 @@ func resourceCloudStackIPAddressDelete(d *schema.ResourceData, meta interface{})
 
 	// Disassociate the IP address
 	if _, err := cs.Address.DisassociateIpAddress(p); err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_loadbalancer.go b/builtin/providers/cloudstack/resource_cloudstack_loadbalancer.go
index 73bf1d4938..6f8d5473f0 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_loadbalancer.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_loadbalancer.go
@@ -89,9 +89,9 @@ func resourceCloudStackLoadBalancerRuleCreate(d *schema.ResourceData, meta inter
 		p.SetDescription(d.Get("name").(string))
 	}
 
-	// Retrieve the network and the UUID
+	// Retrieve the network and the ID
 	if network, ok := d.GetOk("network"); ok {
-		networkid, e := retrieveUUID(cs, "network", network.(string))
+		networkid, e := retrieveID(cs, "network", network.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -100,8 +100,8 @@ func resourceCloudStackLoadBalancerRuleCreate(d *schema.ResourceData, meta inter
 		p.SetNetworkid(networkid)
 	}
 
-	// Retrieve the ipaddress UUID
-	ipaddressid, e := retrieveUUID(cs, "ipaddress", d.Get("ipaddress").(string))
+	// Retrieve the ipaddress ID
+	ipaddressid, e := retrieveID(cs, "ipaddress", d.Get("ipaddress").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -113,7 +113,7 @@ func resourceCloudStackLoadBalancerRuleCreate(d *schema.ResourceData, meta inter
 		return err
 	}
 
-	// Set the load balancer rule UUID and set partials
+	// Set the load balancer rule ID and set partials
 	d.SetId(r.Id)
 	d.SetPartial("name")
 	d.SetPartial("description")
@@ -163,7 +163,7 @@ func resourceCloudStackLoadBalancerRuleRead(d *schema.ResourceData, meta interfa
 	d.Set("public_port", lb.Publicport)
 	d.Set("private_port", lb.Privateport)
 
-	setValueOrUUID(d, "ipaddress", lb.Publicip, lb.Publicipid)
+	setValueOrID(d, "ipaddress", lb.Publicip, lb.Publicipid)
 
 	// Only set network if user specified it to avoid spurious diffs
 	if _, ok := d.GetOk("network"); ok {
@@ -171,7 +171,7 @@ func resourceCloudStackLoadBalancerRuleRead(d *schema.ResourceData, meta interfa
 		if err != nil {
 			return err
 		}
-		setValueOrUUID(d, "network", network.Name, lb.Networkid)
+		setValueOrID(d, "network", network.Name, lb.Networkid)
 	}
 
 	return nil
@@ -229,7 +229,7 @@ func resourceCloudStackLoadBalancerRuleDelete(d *schema.ResourceData, meta inter
 
 	log.Printf("[INFO] Deleting load balancer rule: %s", d.Get("name").(string))
 	if _, err := cs.LoadBalancer.DeleteLoadBalancerRule(p); err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if !strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_loadbalancer_test.go b/builtin/providers/cloudstack/resource_cloudstack_loadbalancer_test.go
index 59e119b168..a316d5988b 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_loadbalancer_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_loadbalancer_test.go
@@ -223,12 +223,12 @@ func testAccCheckCloudStackLoadBalancerRuleDestroy(s *terraform.State) error {
 			return fmt.Errorf("No Loadbalancer rule ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, "uuid") {
 				continue
 			}
 
-			_, _, err := cs.LoadBalancer.GetLoadBalancerRuleByID(uuid)
+			_, _, err := cs.LoadBalancer.GetLoadBalancerRuleByID(id)
 			if err == nil {
 				return fmt.Errorf("Loadbalancer rule %s still exists", rs.Primary.ID)
 			}
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network.go b/builtin/providers/cloudstack/resource_cloudstack_network.go
index 9be63b927f..a76beae325 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network.go
@@ -72,14 +72,14 @@ func resourceCloudStackNetworkCreate(d *schema.ResourceData, meta interface{}) e
 
 	name := d.Get("name").(string)
 
-	// Retrieve the network_offering UUID
-	networkofferingid, e := retrieveUUID(cs, "network_offering", d.Get("network_offering").(string))
+	// Retrieve the network_offering ID
+	networkofferingid, e := retrieveID(cs, "network_offering", d.Get("network_offering").(string))
 	if e != nil {
 		return e.Error()
 	}
 
-	// Retrieve the zone UUID
-	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
+	// Retrieve the zone ID
+	zoneid, e := retrieveID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -108,27 +108,27 @@ func resourceCloudStackNetworkCreate(d *schema.ResourceData, meta interface{}) e
 	// Check is this network needs to be created in a VPC
 	vpc := d.Get("vpc").(string)
 	if vpc != "" {
-		// Retrieve the vpc UUID
-		vpcid, e := retrieveUUID(cs, "vpc", vpc)
+		// Retrieve the vpc ID
+		vpcid, e := retrieveID(cs, "vpc", vpc)
 		if e != nil {
 			return e.Error()
 		}
 
-		// Set the vpc UUID
+		// Set the vpc ID
 		p.SetVpcid(vpcid)
 
 		// Since we're in a VPC, check if we want to assiciate an ACL list
 		aclid := d.Get("aclid").(string)
 		if aclid != "" {
-			// Set the acl UUID
+			// Set the acl ID
 			p.SetAclid(aclid)
 		}
 	}
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
+		// Retrieve the project ID
+		projectid, e := retrieveID(cs, "project", project.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -167,9 +167,9 @@ func resourceCloudStackNetworkRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("display_text", n.Displaytext)
 	d.Set("cidr", n.Cidr)
 
-	setValueOrUUID(d, "network_offering", n.Networkofferingname, n.Networkofferingid)
-	setValueOrUUID(d, "project", n.Project, n.Projectid)
-	setValueOrUUID(d, "zone", n.Zonename, n.Zoneid)
+	setValueOrID(d, "network_offering", n.Networkofferingname, n.Networkofferingid)
+	setValueOrID(d, "project", n.Project, n.Projectid)
+	setValueOrID(d, "zone", n.Zonename, n.Zoneid)
 
 	return nil
 }
@@ -200,8 +200,8 @@ func resourceCloudStackNetworkUpdate(d *schema.ResourceData, meta interface{}) e
 
 	// Check if the network offering is changed
 	if d.HasChange("network_offering") {
-		// Retrieve the network_offering UUID
-		networkofferingid, e := retrieveUUID(cs, "network_offering", d.Get("network_offering").(string))
+		// Retrieve the network_offering ID
+		networkofferingid, e := retrieveID(cs, "network_offering", d.Get("network_offering").(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -228,7 +228,7 @@ func resourceCloudStackNetworkDelete(d *schema.ResourceData, meta interface{}) e
 	// Delete the network
 	_, err := cs.Network.DeleteNetwork(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network_acl.go b/builtin/providers/cloudstack/resource_cloudstack_network_acl.go
index 7f073bbf86..2504b762bf 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl.go
@@ -43,8 +43,8 @@ func resourceCloudStackNetworkACLCreate(d *schema.ResourceData, meta interface{}
 
 	name := d.Get("name").(string)
 
-	// Retrieve the vpc UUID
-	vpcid, e := retrieveUUID(cs, "vpc", d.Get("vpc").(string))
+	// Retrieve the vpc ID
+	vpcid, e := retrieveID(cs, "vpc", d.Get("vpc").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -95,7 +95,7 @@ func resourceCloudStackNetworkACLRead(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	setValueOrUUID(d, "vpc", v.Name, v.Id)
+	setValueOrID(d, "vpc", v.Name, v.Id)
 
 	return nil
 }
@@ -109,7 +109,7 @@ func resourceCloudStackNetworkACLDelete(d *schema.ResourceData, meta interface{}
 	// Delete the network ACL list
 	_, err := cs.NetworkACL.DeleteNetworkACLList(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go
index fceeb7d453..ba2650484b 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go
@@ -247,7 +247,7 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 
 				// Get the rule
 				r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
-				// If the count == 0, there is no object found for this UUID
+				// If the count == 0, there is no object found for this ID
 				if err != nil {
 					if count == 0 {
 						delete(uuids, "icmp")
@@ -275,7 +275,7 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 
 				// Get the rule
 				r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
-				// If the count == 0, there is no object found for this UUID
+				// If the count == 0, there is no object found for this ID
 				if err != nil {
 					if count == 0 {
 						delete(uuids, "all")
@@ -469,7 +469,7 @@ func resourceCloudStackNetworkACLRuleDeleteRule(
 		// Delete the rule
 		if _, err := cs.NetworkACL.DeleteNetworkACL(p); err != nil {
 
-			// This is a very poor way to be told the UUID does no longer exist :(
+			// This is a very poor way to be told the ID does no longer exist :(
 			if strings.Contains(err.Error(), fmt.Sprintf(
 				"Invalid parameter id value=%s due to incorrect long value format, "+
 					"or entity does not exist", id.(string))) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
index 5f450f9313..6f2370f5b6 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
@@ -122,13 +122,13 @@ func testAccCheckCloudStackNetworkACLRulesExist(n string) resource.TestCheckFunc
 			return fmt.Errorf("No network ACL rule ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
 				continue
 			}
 
 			cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
-			_, count, err := cs.NetworkACL.GetNetworkACLByID(uuid)
+			_, count, err := cs.NetworkACL.GetNetworkACLByID(id)
 
 			if err != nil {
 				return err
@@ -155,12 +155,12 @@ func testAccCheckCloudStackNetworkACLRuleDestroy(s *terraform.State) error {
 			return fmt.Errorf("No network ACL rule ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
 				continue
 			}
 
-			_, _, err := cs.NetworkACL.GetNetworkACLByID(uuid)
+			_, _, err := cs.NetworkACL.GetNetworkACLByID(id)
 			if err == nil {
 				return fmt.Errorf("Network ACL rule %s still exists", rs.Primary.ID)
 			}
diff --git a/builtin/providers/cloudstack/resource_cloudstack_nic.go b/builtin/providers/cloudstack/resource_cloudstack_nic.go
index 2eb89c80ba..e118a5fe98 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_nic.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_nic.go
@@ -41,14 +41,14 @@ func resourceCloudStackNIC() *schema.Resource {
 func resourceCloudStackNICCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
-	// Retrieve the network UUID
-	networkid, e := retrieveUUID(cs, "network", d.Get("network").(string))
+	// Retrieve the network ID
+	networkid, e := retrieveID(cs, "network", d.Get("network").(string))
 	if e != nil {
 		return e.Error()
 	}
 
-	// Retrieve the virtual_machine UUID
-	virtualmachineid, e := retrieveUUID(cs, "virtual_machine", d.Get("virtual_machine").(string))
+	// Retrieve the virtual_machine ID
+	virtualmachineid, e := retrieveID(cs, "virtual_machine", d.Get("virtual_machine").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -103,8 +103,8 @@ func resourceCloudStackNICRead(d *schema.ResourceData, meta interface{}) error {
 	for _, n := range vm.Nic {
 		if n.Id == d.Id() {
 			d.Set("ipaddress", n.Ipaddress)
-			setValueOrUUID(d, "network", n.Networkname, n.Networkid)
-			setValueOrUUID(d, "virtual_machine", vm.Name, vm.Id)
+			setValueOrID(d, "network", n.Networkname, n.Networkid)
+			setValueOrID(d, "virtual_machine", vm.Name, vm.Id)
 			found = true
 			break
 		}
@@ -121,8 +121,8 @@ func resourceCloudStackNICRead(d *schema.ResourceData, meta interface{}) error {
 func resourceCloudStackNICDelete(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
-	// Retrieve the virtual_machine UUID
-	virtualmachineid, e := retrieveUUID(cs, "virtual_machine", d.Get("virtual_machine").(string))
+	// Retrieve the virtual_machine ID
+	virtualmachineid, e := retrieveID(cs, "virtual_machine", d.Get("virtual_machine").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -133,7 +133,7 @@ func resourceCloudStackNICDelete(d *schema.ResourceData, meta interface{}) error
 	// Remove the NIC
 	_, err := cs.VirtualMachine.RemoveNicFromVirtualMachine(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_port_forward.go b/builtin/providers/cloudstack/resource_cloudstack_port_forward.go
index 3781fc1aef..0bec41af54 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_port_forward.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_port_forward.go
@@ -72,8 +72,8 @@ func resourceCloudStackPortForward() *schema.Resource {
 func resourceCloudStackPortForwardCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
-	// Retrieve the ipaddress UUID
-	ipaddressid, e := retrieveUUID(cs, "ipaddress", d.Get("ipaddress").(string))
+	// Retrieve the ipaddress ID
+	ipaddressid, e := retrieveID(cs, "ipaddress", d.Get("ipaddress").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -115,8 +115,8 @@ func resourceCloudStackPortForwardCreateForward(
 		return err
 	}
 
-	// Retrieve the virtual_machine UUID
-	virtualmachineid, e := retrieveUUID(cs, "virtual_machine", forward["virtual_machine"].(string))
+	// Retrieve the virtual_machine ID
+	virtualmachineid, e := retrieveID(cs, "virtual_machine", forward["virtual_machine"].(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -167,7 +167,7 @@ func resourceCloudStackPortForwardRead(d *schema.ResourceData, meta interface{})
 
 			// Get the forward
 			r, count, err := cs.Firewall.GetPortForwardingRuleByID(id.(string))
-			// If the count == 0, there is no object found for this UUID
+			// If the count == 0, there is no object found for this ID
 			if err != nil {
 				if count == 0 {
 					forward["uuid"] = ""
@@ -192,7 +192,7 @@ func resourceCloudStackPortForwardRead(d *schema.ResourceData, meta interface{})
 			forward["private_port"] = privPort
 			forward["public_port"] = pubPort
 
-			if isUUID(forward["virtual_machine"].(string)) {
+			if isID(forward["virtual_machine"].(string)) {
 				forward["virtual_machine"] = r.Virtualmachineid
 			} else {
 				forward["virtual_machine"] = r.Virtualmachinename
@@ -317,7 +317,7 @@ func resourceCloudStackPortForwardDeleteForward(
 
 	// Delete the forward
 	if _, err := cs.Firewall.DeletePortForwardingRule(p); err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if !strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", forward["uuid"].(string))) {
@@ -325,6 +325,7 @@ func resourceCloudStackPortForwardDeleteForward(
 		}
 	}
 
+	// Empty the UUID of this rule
 	forward["uuid"] = ""
 
 	return nil
diff --git a/builtin/providers/cloudstack/resource_cloudstack_port_forward_test.go b/builtin/providers/cloudstack/resource_cloudstack_port_forward_test.go
index 39ebfe8f6b..b0851753f8 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_port_forward_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_port_forward_test.go
@@ -102,13 +102,13 @@ func testAccCheckCloudStackPortForwardsExist(n string) resource.TestCheckFunc {
 			return fmt.Errorf("No port forward ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, "uuid") {
 				continue
 			}
 
 			cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
-			_, count, err := cs.Firewall.GetPortForwardingRuleByID(uuid)
+			_, count, err := cs.Firewall.GetPortForwardingRuleByID(id)
 
 			if err != nil {
 				return err
@@ -135,12 +135,12 @@ func testAccCheckCloudStackPortForwardDestroy(s *terraform.State) error {
 			return fmt.Errorf("No port forward ID is set")
 		}
 
-		for k, uuid := range rs.Primary.Attributes {
+		for k, id := range rs.Primary.Attributes {
 			if !strings.Contains(k, "uuid") {
 				continue
 			}
 
-			_, _, err := cs.Firewall.GetPortForwardingRuleByID(uuid)
+			_, _, err := cs.Firewall.GetPortForwardingRuleByID(id)
 			if err == nil {
 				return fmt.Errorf("Port forward %s still exists", rs.Primary.ID)
 			}
diff --git a/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress.go b/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress.go
index 1c491be449..697e55eb46 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress.go
@@ -44,8 +44,8 @@ func resourceCloudStackSecondaryIPAddressCreate(d *schema.ResourceData, meta int
 
 	nicid := d.Get("nicid").(string)
 	if nicid == "" {
-		// Retrieve the virtual_machine UUID
-		virtualmachineid, e := retrieveUUID(cs, "virtual_machine", d.Get("virtual_machine").(string))
+		// Retrieve the virtual_machine ID
+		virtualmachineid, e := retrieveID(cs, "virtual_machine", d.Get("virtual_machine").(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -84,8 +84,8 @@ func resourceCloudStackSecondaryIPAddressCreate(d *schema.ResourceData, meta int
 func resourceCloudStackSecondaryIPAddressRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
-	// Retrieve the virtual_machine UUID
-	virtualmachineid, e := retrieveUUID(cs, "virtual_machine", d.Get("virtual_machine").(string))
+	// Retrieve the virtual_machine ID
+	virtualmachineid, e := retrieveID(cs, "virtual_machine", d.Get("virtual_machine").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -146,7 +146,7 @@ func resourceCloudStackSecondaryIPAddressDelete(d *schema.ResourceData, meta int
 
 	log.Printf("[INFO] Removing secondary IP address: %s", d.Get("ipaddress").(string))
 	if _, err := cs.Nic.RemoveIpFromNic(p); err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress_test.go b/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress_test.go
index e0c353e208..beedcd2cb2 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress_test.go
@@ -64,8 +64,8 @@ func testAccCheckCloudStackSecondaryIPAddressExists(
 
 		cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
 
-		// Retrieve the virtual_machine UUID
-		virtualmachineid, e := retrieveUUID(
+		// Retrieve the virtual_machine ID
+		virtualmachineid, e := retrieveID(
 			cs, "virtual_machine", rs.Primary.Attributes["virtual_machine"])
 		if e != nil {
 			return e.Error()
@@ -136,8 +136,8 @@ func testAccCheckCloudStackSecondaryIPAddressDestroy(s *terraform.State) error {
 			return fmt.Errorf("No IP address ID is set")
 		}
 
-		// Retrieve the virtual_machine UUID
-		virtualmachineid, e := retrieveUUID(
+		// Retrieve the virtual_machine ID
+		virtualmachineid, e := retrieveID(
 			cs, "virtual_machine", rs.Primary.Attributes["virtual_machine"])
 		if e != nil {
 			return e.Error()
diff --git a/builtin/providers/cloudstack/resource_cloudstack_ssh_keypair.go b/builtin/providers/cloudstack/resource_cloudstack_ssh_keypair.go
index 9fb859a229..8f6f0f9c54 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_ssh_keypair.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_ssh_keypair.go
@@ -116,7 +116,7 @@ func resourceCloudStackSSHKeyPairDelete(d *schema.ResourceData, meta interface{}
 	// Remove the SSH Keypair
 	_, err := cs.SSH.DeleteSSHKeyPair(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"A key pair with name '%s' does not exist for account", d.Id())) {
 			return nil
diff --git a/builtin/providers/cloudstack/resource_cloudstack_template.go b/builtin/providers/cloudstack/resource_cloudstack_template.go
index 2cce32ae7c..04aaca22ed 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_template.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_template.go
@@ -124,14 +124,14 @@ func resourceCloudStackTemplateCreate(d *schema.ResourceData, meta interface{})
 		displaytext = name
 	}
 
-	// Retrieve the os_type UUID
-	ostypeid, e := retrieveUUID(cs, "os_type", d.Get("os_type").(string))
+	// Retrieve the os_type ID
+	ostypeid, e := retrieveID(cs, "os_type", d.Get("os_type").(string))
 	if e != nil {
 		return e.Error()
 	}
 
-	// Retrieve the zone UUID
-	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
+	// Retrieve the zone ID
+	zoneid, e := retrieveID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -169,8 +169,8 @@ func resourceCloudStackTemplateCreate(d *schema.ResourceData, meta interface{})
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
+		// Retrieve the project ID
+		projectid, e := retrieveID(cs, "project", project.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -236,16 +236,10 @@ func resourceCloudStackTemplateRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("password_enabled", t.Passwordenabled)
 	d.Set("is_ready", t.Isready)
 
-	setValueOrUUID(d, "project", t.Project, t.Projectid)
+	setValueOrID(d, "os_type", t.Ostypename, t.Ostypeid)
+	setValueOrID(d, "project", t.Project, t.Projectid)
+	setValueOrID(d, "zone", t.Zonename, t.Zoneid)
 
-	if t.Zoneid == "" {
-		setValueOrUUID(d, "zone", UnlimitedResourceID, UnlimitedResourceID)
-	} else {
-		setValueOrUUID(d, "zone", t.Zonename, t.Zoneid)
-	}
-
-	setValueOrUUID(d, "os_type", t.Ostypename, t.Ostypeid)
-	
 	return nil
 }
 
@@ -273,7 +267,7 @@ func resourceCloudStackTemplateUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	if d.HasChange("os_type") {
-		ostypeid, e := retrieveUUID(cs, "os_type", d.Get("os_type").(string))
+		ostypeid, e := retrieveID(cs, "os_type", d.Get("os_type").(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -302,7 +296,7 @@ func resourceCloudStackTemplateDelete(d *schema.ResourceData, meta interface{})
 	log.Printf("[INFO] Deleting template: %s", d.Get("name").(string))
 	_, err := cs.Template.DeleteTemplate(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index 4cc07d7b60..1671416f40 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -66,14 +66,14 @@ func resourceCloudStackVPCCreate(d *schema.ResourceData, meta interface{}) error
 
 	name := d.Get("name").(string)
 
-	// Retrieve the vpc_offering UUID
-	vpcofferingid, e := retrieveUUID(cs, "vpc_offering", d.Get("vpc_offering").(string))
+	// Retrieve the vpc_offering ID
+	vpcofferingid, e := retrieveID(cs, "vpc_offering", d.Get("vpc_offering").(string))
 	if e != nil {
 		return e.Error()
 	}
 
-	// Retrieve the zone UUID
-	zoneid, e := retrieveUUID(cs, "zone", d.Get("zone").(string))
+	// Retrieve the zone ID
+	zoneid, e := retrieveID(cs, "zone", d.Get("zone").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -101,8 +101,8 @@ func resourceCloudStackVPCCreate(d *schema.ResourceData, meta interface{}) error
 
 	// If there is a project supplied, we retrieve and set the project id
 	if project, ok := d.GetOk("project"); ok {
-		// Retrieve the project UUID
-		projectid, e := retrieveUUID(cs, "project", project.(string))
+		// Retrieve the project ID
+		projectid, e := retrieveID(cs, "project", project.(string))
 		if e != nil {
 			return e.Error()
 		}
@@ -148,9 +148,9 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
-	setValueOrUUID(d, "vpc_offering", o.Name, v.Vpcofferingid)
-	setValueOrUUID(d, "project", v.Project, v.Projectid)
-	setValueOrUUID(d, "zone", v.Zonename, v.Zoneid)
+	setValueOrID(d, "vpc_offering", o.Name, v.Vpcofferingid)
+	setValueOrID(d, "project", v.Project, v.Projectid)
+	setValueOrID(d, "zone", v.Zonename, v.Zoneid)
 
 	return nil
 }
@@ -191,7 +191,7 @@ func resourceCloudStackVPCDelete(d *schema.ResourceData, meta interface{}) error
 	// Delete the VPC
 	_, err := cs.VPC.DeleteVPC(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_connection.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_connection.go
index b036890a5a..322f07a2c9 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpn_connection.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_connection.go
@@ -81,7 +81,7 @@ func resourceCloudStackVPNConnectionDelete(d *schema.ResourceData, meta interfac
 	// Delete the VPN Connection
 	_, err := cs.VPN.DeleteVpnConnection(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway.go
index f27e28d385..b049c0319e 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway.go
@@ -179,7 +179,7 @@ func resourceCloudStackVPNCustomerGatewayDelete(d *schema.ResourceData, meta int
 	// Delete the VPN Customer Gateway
 	_, err := cs.VPN.DeleteVpnCustomerGateway(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
index 704511ca88..17533a3a62 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
@@ -33,8 +33,8 @@ func resourceCloudStackVPNGateway() *schema.Resource {
 func resourceCloudStackVPNGatewayCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
-	// Retrieve the VPC UUID
-	vpcid, e := retrieveUUID(cs, "vpc", d.Get("vpc").(string))
+	// Retrieve the VPC ID
+	vpcid, e := retrieveID(cs, "vpc", d.Get("vpc").(string))
 	if e != nil {
 		return e.Error()
 	}
@@ -69,7 +69,7 @@ func resourceCloudStackVPNGatewayRead(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	setValueOrUUID(d, "vpc", d.Get("vpc").(string), v.Vpcid)
+	setValueOrID(d, "vpc", d.Get("vpc").(string), v.Vpcid)
 
 	d.Set("public_ip", v.Publicip)
 
@@ -85,7 +85,7 @@ func resourceCloudStackVPNGatewayDelete(d *schema.ResourceData, meta interface{}
 	// Delete the VPN Gateway
 	_, err := cs.VPN.DeleteVpnGateway(p)
 	if err != nil {
-		// This is a very poor way to be told the UUID does no longer exist :(
+		// This is a very poor way to be told the ID does no longer exist :(
 		if strings.Contains(err.Error(), fmt.Sprintf(
 			"Invalid parameter id value=%s due to incorrect long value format, "+
 				"or entity does not exist", d.Id())) {
diff --git a/builtin/providers/cloudstack/resources.go b/builtin/providers/cloudstack/resources.go
index 02d7a81eca..53e017b149 100644
--- a/builtin/providers/cloudstack/resources.go
+++ b/builtin/providers/cloudstack/resources.go
@@ -20,46 +20,51 @@ type retrieveError struct {
 }
 
 func (e *retrieveError) Error() error {
-	return fmt.Errorf("Error retrieving UUID of %s %s: %s", e.name, e.value, e.err)
+	return fmt.Errorf("Error retrieving ID of %s %s: %s", e.name, e.value, e.err)
 }
 
-func setValueOrUUID(d *schema.ResourceData, key string, value string, uuid string) {
-	if isUUID(d.Get(key).(string)) {
-		d.Set(key, uuid)
+func setValueOrID(d *schema.ResourceData, key string, value string, id string) {
+	if isID(d.Get(key).(string)) {
+		// If the given id is an empty string, check if the configured value matches
+		// the UnlimitedResourceID in which case we set id to UnlimitedResourceID
+		if id == "" && d.Get(key).(string) == UnlimitedResourceID {
+			id = UnlimitedResourceID
+		}
+
+		d.Set(key, id)
 	} else {
 		d.Set(key, value)
 	}
 }
 
-func retrieveUUID(cs *cloudstack.CloudStackClient, name, value string) (uuid string, e *retrieveError) {
-	// If the supplied value isn't a UUID, try to retrieve the UUID ourselves
-	if isUUID(value) {
+func retrieveID(cs *cloudstack.CloudStackClient, name, value string) (id string, e *retrieveError) {
+	// If the supplied value isn't a ID, try to retrieve the ID ourselves
+	if isID(value) {
 		return value, nil
 	}
 
-	log.Printf("[DEBUG] Retrieving UUID of %s: %s", name, value)
+	log.Printf("[DEBUG] Retrieving ID of %s: %s", name, value)
 
 	var err error
 	switch name {
 	case "disk_offering":
-		uuid, err = cs.DiskOffering.GetDiskOfferingID(value)
+		id, err = cs.DiskOffering.GetDiskOfferingID(value)
 	case "virtual_machine":
-		uuid, err = cs.VirtualMachine.GetVirtualMachineID(value)
+		id, err = cs.VirtualMachine.GetVirtualMachineID(value)
 	case "service_offering":
-		uuid, err = cs.ServiceOffering.GetServiceOfferingID(value)
+		id, err = cs.ServiceOffering.GetServiceOfferingID(value)
 	case "network_offering":
-		uuid, err = cs.NetworkOffering.GetNetworkOfferingID(value)
+		id, err = cs.NetworkOffering.GetNetworkOfferingID(value)
+	case "project":
+		id, err = cs.Project.GetProjectID(value)
 	case "vpc_offering":
-		uuid, err = cs.VPC.GetVPCOfferingID(value)
+		id, err = cs.VPC.GetVPCOfferingID(value)
 	case "vpc":
-		uuid, err = cs.VPC.GetVPCID(value)
+		id, err = cs.VPC.GetVPCID(value)
 	case "network":
-		uuid, err = cs.Network.GetNetworkID(value)
+		id, err = cs.Network.GetNetworkID(value)
 	case "zone":
-		if value == UnlimitedResourceID {
-			return value, nil
-		}
-		uuid, err = cs.Zone.GetZoneID(value)
+		id, err = cs.Zone.GetZoneID(value)
 	case "ipaddress":
 		p := cs.Address.NewListPublicIpAddressesParams()
 		p.SetIpaddress(value)
@@ -69,10 +74,10 @@ func retrieveUUID(cs *cloudstack.CloudStackClient, name, value string) (uuid str
 			break
 		}
 		if l.Count == 1 {
-			uuid = l.PublicIpAddresses[0].Id
+			id = l.PublicIpAddresses[0].Id
 			break
 		}
-		err = fmt.Errorf("Could not find UUID of IP address: %s", value)
+		err = fmt.Errorf("Could not find ID of IP address: %s", value)
 	case "os_type":
 		p := cs.GuestOS.NewListOsTypesParams()
 		p.SetDescription(value)
@@ -82,43 +87,42 @@ func retrieveUUID(cs *cloudstack.CloudStackClient, name, value string) (uuid str
 			break
 		}
 		if l.Count == 1 {
-			uuid = l.OsTypes[0].Id
+			id = l.OsTypes[0].Id
 			break
 		}
-		err = fmt.Errorf("Could not find UUID of OS Type: %s", value)
-	case "project":
-		uuid, err = cs.Project.GetProjectID(value)
+		err = fmt.Errorf("Could not find ID of OS Type: %s", value)
 	default:
-		return uuid, &retrieveError{name: name, value: value,
+		return id, &retrieveError{name: name, value: value,
 			err: fmt.Errorf("Unknown request: %s", name)}
 	}
 
 	if err != nil {
-		return uuid, &retrieveError{name: name, value: value, err: err}
+		return id, &retrieveError{name: name, value: value, err: err}
 	}
 
-	return uuid, nil
+	return id, nil
 }
 
-func retrieveTemplateUUID(cs *cloudstack.CloudStackClient, zoneid, value string) (uuid string, e *retrieveError) {
-	// If the supplied value isn't a UUID, try to retrieve the UUID ourselves
-	if isUUID(value) {
+func retrieveTemplateID(cs *cloudstack.CloudStackClient, zoneid, value string) (id string, e *retrieveError) {
+	// If the supplied value isn't a ID, try to retrieve the ID ourselves
+	if isID(value) {
 		return value, nil
 	}
 
-	log.Printf("[DEBUG] Retrieving UUID of template: %s", value)
+	log.Printf("[DEBUG] Retrieving ID of template: %s", value)
 
-	uuid, err := cs.Template.GetTemplateID(value, "executable", zoneid)
+	id, err := cs.Template.GetTemplateID(value, "executable", zoneid)
 	if err != nil {
-		return uuid, &retrieveError{name: "template", value: value, err: err}
+		return id, &retrieveError{name: "template", value: value, err: err}
 	}
 
-	return uuid, nil
+	return id, nil
 }
 
-func isUUID(s string) bool {
-	re := regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$`)
-	return re.MatchString(s)
+// ID can be either a UUID or a UnlimitedResourceID
+func isID(id string) bool {
+	re := regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|-1$`)
+	return re.MatchString(id)
 }
 
 // RetryFunc is the function retried n times

From 26cc97941e78009d35513ef1d160145e2e50e388 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 5 Oct 2015 08:05:43 -0700
Subject: [PATCH 105/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7d846c387..90bb4c4f0d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ FEATURES:
   * **New resource: `google_storage_bucket_object`** [GH-3192]
   * **New resources: `google_compute_vpn_gateway`, `google_compute_vpn_tunnel`** [GH-3213]
   * **New resource: `aws_iam_saml_provider`** [GH-3156]
+  * **New resources: `aws_efs_file_system` and `aws_efs_mount_target`** [GH-2196]
 
 IMPROVEMENTS:
 

From 3e9e96286aa1a822aa09ec3444b0a2e654d90489 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Mon, 5 Oct 2015 09:38:52 -0700
Subject: [PATCH 106/335] Document that heredoc syntax is supported.

Previously the only "documentation" I could find about this was a pull
request in the HCL repository.
---
 website/source/docs/configuration/syntax.html.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/website/source/docs/configuration/syntax.html.md b/website/source/docs/configuration/syntax.html.md
index 2f0e7d5472..8fcc6c68ce 100644
--- a/website/source/docs/configuration/syntax.html.md
+++ b/website/source/docs/configuration/syntax.html.md
@@ -54,6 +54,11 @@ Basic bullet point reference:
     is
     [documented here](/docs/configuration/interpolation.html).
 
+  * Multiline strings can use shell-style "here doc" syntax, with
+    the string starting with a marker like `<<EOT` and then the
+    string ending with `EOT` on a line of its own. The lines of
+    the string and the end marker must *not* be indented.
+
   * Numbers are assumed to be base 10. If you prefix a number with
     `0x`, it is treated as a hexadecimal number.
 

From c2d8782064f47bb8f7f025a585330ae13357d430 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 5 Oct 2015 14:31:57 -0500
Subject: [PATCH 107/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 90bb4c4f0d..07994518a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -49,6 +49,7 @@ BUG FIXES:
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
+  * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/openstack: remove security groups (by name) before adding security
       groups (by id) [GH-2008]
 

From 237362d99eb4352dc994c7f64a572103988cb11b Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 5 Oct 2015 14:32:15 -0500
Subject: [PATCH 108/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07994518a7..37b408c817 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,7 @@ IMPROVEMENTS:
   * provider/aws: Add `versioning` option to `aws_s3_bucket` [GH-2942]
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
+  * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * remote/s3: Allow canned ACLs to be set on state objects. [GH-3233]
 
 BUG FIXES:
@@ -49,7 +50,6 @@ BUG FIXES:
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
-  * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/openstack: remove security groups (by name) before adding security
       groups (by id) [GH-2008]
 

From 7bcca4a2908ba61beaba3caf9f97b855d71b06d0 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 5 Oct 2015 14:44:46 -0500
Subject: [PATCH 109/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37b408c817..887446b20e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ IMPROVEMENTS:
   * core: Print all outputs when `terraform output` is called with no arguments [GH-2920]
   * core: In plan output summary, count resource replacement as Add/Remove instead of Change [GH-3173]
   * core: Add interpolation functions for base64 encoding and decoding. [GH-3325]
+  * core: Expose parallelism as a CLI option instead of a hard-coding the default of 10 [GH-3365]
   * provider/aws: Add `instance_initiated_shutdown_behavior` to AWS Instance [GH-2887]
   * provider/aws: Support IAM role names (previously just ARNs) in `aws_ecs_service.iam_role` [GH-3061]
   * provider/aws: Add update method to RDS Subnet groups, can modify subnets without recreating  [GH-3053]

From e1a46904d607adf27426614cdf523b743f1c7537 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 5 Oct 2015 15:06:08 -0500
Subject: [PATCH 110/335] command: pull parallelism default up to CLI layer

/cc @knuckolls @josephholsten
---
 command/apply.go   | 6 ++++--
 command/command.go | 4 ++++
 command/plan.go    | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/command/apply.go b/command/apply.go
index 232b44b827..3991dee547 100644
--- a/command/apply.go
+++ b/command/apply.go
@@ -39,7 +39,8 @@ func (c *ApplyCommand) Run(args []string) int {
 		cmdFlags.BoolVar(&destroyForce, "force", false, "force")
 	}
 	cmdFlags.BoolVar(&refresh, "refresh", true, "refresh")
-	cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", 0, "parallelism")
+	cmdFlags.IntVar(
+		&c.Meta.parallelism, "parallelism", DefaultParallelism, "parallelism")
 	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
 	cmdFlags.StringVar(&c.Meta.stateOutPath, "state-out", "", "path")
 	cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
@@ -280,7 +281,8 @@ Options:
 
   -no-color              If specified, output won't contain any color.
 
-  -parallelism=#         Limit the number of concurrent operations.
+  -parallelism=n         Limit the number of concurrent operations.
+                         Defaults to 10.
 
   -refresh=true          Update state prior to checking for differences. This
                          has no effect if a plan file is given to apply.
diff --git a/command/command.go b/command/command.go
index c9a87230b7..80e82e78c5 100644
--- a/command/command.go
+++ b/command/command.go
@@ -26,6 +26,10 @@ const DefaultBackupExtension = ".backup"
 // by default.
 const DefaultDataDirectory = ".terraform"
 
+// DefaultParallelism is the limit Terraform places on total parallel
+// operations as it walks the dependency graph.
+const DefaultParallelism = 10
+
 func validateContext(ctx *terraform.Context, ui cli.Ui) bool {
 	if ws, es := ctx.Validate(); len(ws) > 0 || len(es) > 0 {
 		ui.Output(
diff --git a/command/plan.go b/command/plan.go
index e1b43babef..232e42f80c 100644
--- a/command/plan.go
+++ b/command/plan.go
@@ -27,7 +27,8 @@ func (c *PlanCommand) Run(args []string) int {
 	cmdFlags.BoolVar(&refresh, "refresh", true, "refresh")
 	c.addModuleDepthFlag(cmdFlags, &moduleDepth)
 	cmdFlags.StringVar(&outPath, "out", "", "path")
-	cmdFlags.IntVar(&c.Meta.parallelism, "parallelism", 0, "parallelism")
+	cmdFlags.IntVar(
+		&c.Meta.parallelism, "parallelism", DefaultParallelism, "parallelism")
 	cmdFlags.StringVar(&c.Meta.statePath, "state", DefaultStateFilename, "path")
 	cmdFlags.StringVar(&c.Meta.backupPath, "backup", "", "path")
 	cmdFlags.BoolVar(&detailed, "detailed-exitcode", false, "detailed-exitcode")
@@ -185,6 +186,8 @@ Options:
   -out=path           Write a plan file to the given path. This can be used as
                       input to the "apply" command.
 
+  -parallelism=#      Limit the number of concurrent operations. Defaults to 10.
+
   -refresh=true       Update state prior to checking for differences.
 
   -state=statefile    Path to a Terraform state file to use to look

From 27eb6a1e4ae04ccc0e25f0372ba433357ba0640f Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 5 Oct 2015 16:37:32 -0500
Subject: [PATCH 111/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 887446b20e..4e65fcfe02 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -57,6 +57,7 @@ BUG FIXES:
 INTERNAL IMPROVEMENTS:
 
   * helper/schema: Don't allow ``Update`` func if no attributes can actually be updated, per schema. [GH-3288]
+  * helper/schema: Default hashing function for sets [GH-3018]
   * helper/multierror: Remove in favor of [github.com/hashicorp/go-multierror](http://github.com/hashicorp/go-multierror). [GH-3336]
 
 ## 0.6.3 (August 11, 2015)

From 374070d066c0d25f7bf77c05259447336a2e18ff Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 5 Oct 2015 17:18:03 -0500
Subject: [PATCH 112/335] website: docs for parallelism setting

/cc @stack72 @knuckolls @mitchellh
---
 command/apply.go                              |  3 +++
 command/plan.go                               |  2 +-
 .../source/docs/commands/apply.html.markdown  |  3 +++
 .../source/docs/commands/plan.html.markdown   |  3 +++
 website/source/docs/internals/graph.html.md   | 21 +++++++++++++++++--
 5 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/command/apply.go b/command/apply.go
index 3991dee547..8001cfe077 100644
--- a/command/apply.go
+++ b/command/apply.go
@@ -326,6 +326,9 @@ Options:
 
   -no-color              If specified, output won't contain any color.
 
+  -parallelism=n         Limit the number of concurrent operations.
+                         Defaults to 10.
+
   -refresh=true          Update state prior to checking for differences. This
                          has no effect if a plan file is given to apply.
 
diff --git a/command/plan.go b/command/plan.go
index 232e42f80c..cd1aeaec6f 100644
--- a/command/plan.go
+++ b/command/plan.go
@@ -186,7 +186,7 @@ Options:
   -out=path           Write a plan file to the given path. This can be used as
                       input to the "apply" command.
 
-  -parallelism=#      Limit the number of concurrent operations. Defaults to 10.
+  -parallelism=n      Limit the number of concurrent operations. Defaults to 10.
 
   -refresh=true       Update state prior to checking for differences.
 
diff --git a/website/source/docs/commands/apply.html.markdown b/website/source/docs/commands/apply.html.markdown
index dec4ea19d6..770d41c959 100644
--- a/website/source/docs/commands/apply.html.markdown
+++ b/website/source/docs/commands/apply.html.markdown
@@ -35,6 +35,9 @@ The command-line flags are all optional. The list of available flags are:
 
 * `-no-color` - Disables output with coloring.
 
+* `-parallelism=n` - Limit the number of concurrent operation as Terraform
+  [walks the graph](/docs/internals/graph.html#walking-the-graph).
+
 * `-refresh=true` - Update the state for each resource prior to planning
   and applying. This has no effect if a plan file is given directly to
   apply.
diff --git a/website/source/docs/commands/plan.html.markdown b/website/source/docs/commands/plan.html.markdown
index 1c0b1b68ac..e4a48ab5ba 100644
--- a/website/source/docs/commands/plan.html.markdown
+++ b/website/source/docs/commands/plan.html.markdown
@@ -48,6 +48,9 @@ The command-line flags are all optional. The list of available flags are:
   changes shown in this plan are applied. Read the warning on saved
   plans below.
 
+* `-parallelism=n` - Limit the number of concurrent operation as Terraform
+  [walks the graph](/docs/internals/graph.html#walking-the-graph).
+
 * `-refresh=true` - Update the state prior to checking for differences.
 
 * `-state=path` - Path to the state file. Defaults to "terraform.tfstate".
diff --git a/website/source/docs/internals/graph.html.md b/website/source/docs/internals/graph.html.md
index 4b1a56de7c..6b74283bac 100644
--- a/website/source/docs/internals/graph.html.md
+++ b/website/source/docs/internals/graph.html.md
@@ -92,7 +92,24 @@ Building the graph is done in a series of sequential steps:
   1. Validate the graph has no cycles and has a single root.
 
 ## Walking the Graph
+<a id="walking-the-graph"></a>
 
 To walk the graph, a standard depth-first traversal is done. Graph
-walking is done with as much parallelism as possible: a node is walked
-as soon as all of its dependencies are walked.
+walking is done in parallel: a node is walked as soon as all of its
+dependencies are walked.
+
+The amount of parallelism is limited using a semaphore to prevent too many
+concurrent operations from overwhelming the resources of the machine running
+Terraform. By default, up to 10 nodes in the graph will be processed
+concurrently. This number can be set using the `-parallelism` flag on the
+[plan](/docs/commands/plan.html), [apply](/docs/commands/apply.html), and
+[destroy](/docs/commands/destroy.html) commands.
+
+Setting `-parallelism` is considered an advanced operation and should not be
+necessary for normal usage of Terraform. It may be helpful in certain special
+use cases or to help debug Terraform issues.
+
+Note that some providers (AWS, for example), handle API rate limiting issues at
+a lower level by implementing graceful backoff/retry in their respective API
+clients. For this reason, Terraform does not use this `parallelism` feature to
+address API rate limits directly.

From d212b278a954c452c0faba346cfaf6dd70373899 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Mon, 5 Oct 2015 18:59:52 -0400
Subject: [PATCH 113/335] Only set projectID if it is set

---
 builtin/providers/cloudstack/resource_cloudstack_vpc.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index 2e396231ba..aa70dff747 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -161,7 +161,10 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 	p := cs.Address.NewListPublicIpAddressesParams()
 	p.SetVpcid(d.Id())
 	p.SetIssourcenat(true)
-	p.SetProjectid(v.Projectid)
+	if project, ok := d.GetOk("project"); ok {
+    	p.SetProjectid(v.Projectid)
+	}
+	
 	l, e := cs.Address.ListPublicIpAddresses(p)
 	if (e == nil) && (l.Count == 1) {
 		d.Set("source_nat_ip", l.PublicIpAddresses[0].Ipaddress)

From aa4cf423f763bf3f6ba539507bfe4d7911ee8154 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Mon, 5 Oct 2015 19:01:14 -0400
Subject: [PATCH 114/335] Fix whitespace

---
 builtin/providers/cloudstack/resource_cloudstack_vpc.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index aa70dff747..198d28d003 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -162,9 +162,9 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 	p.SetVpcid(d.Id())
 	p.SetIssourcenat(true)
 	if project, ok := d.GetOk("project"); ok {
-    	p.SetProjectid(v.Projectid)
+		p.SetProjectid(v.Projectid)
 	}
-	
+
 	l, e := cs.Address.ListPublicIpAddresses(p)
 	if (e == nil) && (l.Count == 1) {
 		d.Set("source_nat_ip", l.PublicIpAddresses[0].Ipaddress)

From b3bbba7767c2ee77b405801101b5fde62ef80bf3 Mon Sep 17 00:00:00 2001
From: Hany Fahim <hany@vmfarms.com>
Date: Mon, 5 Oct 2015 19:06:50 -0400
Subject: [PATCH 115/335] project was not being referenced

---
 builtin/providers/cloudstack/resource_cloudstack_vpc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index 198d28d003..5168e9162e 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -161,7 +161,7 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 	p := cs.Address.NewListPublicIpAddressesParams()
 	p.SetVpcid(d.Id())
 	p.SetIssourcenat(true)
-	if project, ok := d.GetOk("project"); ok {
+	if _, ok := d.GetOk("project"); ok {
 		p.SetProjectid(v.Projectid)
 	}
 

From 231d7879e3cc28ab7da6374ac187a475d9db9e73 Mon Sep 17 00:00:00 2001
From: Takaaki Furukawa <takaaki.furukawa@rakuten.com>
Date: Tue, 6 Oct 2015 12:53:07 +0900
Subject: [PATCH 116/335] Add VMware vSphere provider support

---
 builtin/bins/provider-vsphere/main.go         |   12 +
 builtin/bins/provider-vsphere/main_test.go    |    1 +
 builtin/providers/vsphere/config.go           |   39 +
 builtin/providers/vsphere/provider.go         |   50 +
 builtin/providers/vsphere/provider_test.go    |   43 +
 .../resource_vsphere_virtual_machine.go       | 1062 +++++++++++++++++
 .../resource_vsphere_virtual_machine_test.go  |  240 ++++
 7 files changed, 1447 insertions(+)
 create mode 100644 builtin/bins/provider-vsphere/main.go
 create mode 100644 builtin/bins/provider-vsphere/main_test.go
 create mode 100644 builtin/providers/vsphere/config.go
 create mode 100644 builtin/providers/vsphere/provider.go
 create mode 100644 builtin/providers/vsphere/provider_test.go
 create mode 100644 builtin/providers/vsphere/resource_vsphere_virtual_machine.go
 create mode 100644 builtin/providers/vsphere/resource_vsphere_virtual_machine_test.go

diff --git a/builtin/bins/provider-vsphere/main.go b/builtin/bins/provider-vsphere/main.go
new file mode 100644
index 0000000000..99dba9584e
--- /dev/null
+++ b/builtin/bins/provider-vsphere/main.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"github.com/hashicorp/terraform/builtin/providers/vsphere"
+	"github.com/hashicorp/terraform/plugin"
+)
+
+func main() {
+	plugin.Serve(&plugin.ServeOpts{
+		ProviderFunc: vsphere.Provider,
+	})
+}
diff --git a/builtin/bins/provider-vsphere/main_test.go b/builtin/bins/provider-vsphere/main_test.go
new file mode 100644
index 0000000000..06ab7d0f9a
--- /dev/null
+++ b/builtin/bins/provider-vsphere/main_test.go
@@ -0,0 +1 @@
+package main
diff --git a/builtin/providers/vsphere/config.go b/builtin/providers/vsphere/config.go
new file mode 100644
index 0000000000..1f6af7ffd6
--- /dev/null
+++ b/builtin/providers/vsphere/config.go
@@ -0,0 +1,39 @@
+package vsphere
+
+import (
+	"fmt"
+	"log"
+	"net/url"
+
+	"github.com/vmware/govmomi"
+	"golang.org/x/net/context"
+)
+
+const (
+	defaultInsecureFlag = true
+)
+
+type Config struct {
+	User          string
+	Password      string
+	VCenterServer string
+}
+
+// Client() returns a new client for accessing VMWare vSphere.
+func (c *Config) Client() (*govmomi.Client, error) {
+	u, err := url.Parse("https://" + c.VCenterServer + "/sdk")
+	if err != nil {
+		return nil, fmt.Errorf("Error parse url: %s", err)
+	}
+
+	u.User = url.UserPassword(c.User, c.Password)
+
+	client, err := govmomi.NewClient(context.TODO(), u, defaultInsecureFlag)
+	if err != nil {
+		return nil, fmt.Errorf("Error setting up client: %s", err)
+	}
+
+	log.Printf("[INFO] VMWare vSphere Client configured for URL: %s", u)
+
+	return client, nil
+}
diff --git a/builtin/providers/vsphere/provider.go b/builtin/providers/vsphere/provider.go
new file mode 100644
index 0000000000..4dce81a9d6
--- /dev/null
+++ b/builtin/providers/vsphere/provider.go
@@ -0,0 +1,50 @@
+package vsphere
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// Provider returns a terraform.ResourceProvider.
+func Provider() terraform.ResourceProvider {
+	return &schema.Provider{
+		Schema: map[string]*schema.Schema{
+			"user": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_USER", nil),
+				Description: "The user name for vSphere API operations.",
+			},
+
+			"password": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_PASSWORD", nil),
+				Description: "The user password for vSphere API operations.",
+			},
+
+			"vcenter_server": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_VCENTER", nil),
+				Description: "The vCenter Server name for vSphere API operations.",
+			},
+		},
+
+		ResourcesMap: map[string]*schema.Resource{
+			"vsphere_virtual_machine": resourceVSphereVirtualMachine(),
+		},
+
+		ConfigureFunc: providerConfigure,
+	}
+}
+
+func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	config := Config{
+		User:          d.Get("user").(string),
+		Password:      d.Get("password").(string),
+		VCenterServer: d.Get("vcenter_server").(string),
+	}
+
+	return config.Client()
+}
diff --git a/builtin/providers/vsphere/provider_test.go b/builtin/providers/vsphere/provider_test.go
new file mode 100644
index 0000000000..bb8e4dc55f
--- /dev/null
+++ b/builtin/providers/vsphere/provider_test.go
@@ -0,0 +1,43 @@
+package vsphere
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+var testAccProviders map[string]terraform.ResourceProvider
+var testAccProvider *schema.Provider
+
+func init() {
+	testAccProvider = Provider().(*schema.Provider)
+	testAccProviders = map[string]terraform.ResourceProvider{
+		"vsphere": testAccProvider,
+	}
+}
+
+func TestProvider(t *testing.T) {
+	if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
+func TestProvider_impl(t *testing.T) {
+	var _ terraform.ResourceProvider = Provider()
+}
+
+func testAccPreCheck(t *testing.T) {
+	if v := os.Getenv("VSPHERE_USER"); v == "" {
+		t.Fatal("VSPHERE_USER must be set for acceptance tests")
+	}
+
+	if v := os.Getenv("VSPHERE_PASSWORD"); v == "" {
+		t.Fatal("VSPHERE_PASSWORD must be set for acceptance tests")
+	}
+
+	if v := os.Getenv("VSPHERE_VCENTER"); v == "" {
+		t.Fatal("VSPHERE_VCENTER must be set for acceptance tests")
+	}
+}
diff --git a/builtin/providers/vsphere/resource_vsphere_virtual_machine.go b/builtin/providers/vsphere/resource_vsphere_virtual_machine.go
new file mode 100644
index 0000000000..583b2ed6bc
--- /dev/null
+++ b/builtin/providers/vsphere/resource_vsphere_virtual_machine.go
@@ -0,0 +1,1062 @@
+package vsphere
+
+import (
+	"fmt"
+	"log"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/vmware/govmomi"
+	"github.com/vmware/govmomi/find"
+	"github.com/vmware/govmomi/object"
+	"github.com/vmware/govmomi/property"
+	"github.com/vmware/govmomi/vim25/mo"
+	"github.com/vmware/govmomi/vim25/types"
+	"golang.org/x/net/context"
+)
+
+var DefaultDNSSuffixes = []string{
+	"vsphere.local",
+}
+
+var DefaultDNSServers = []string{
+	"8.8.8.8",
+	"8.8.4.4",
+}
+
+type networkInterface struct {
+	deviceName  string
+	label       string
+	ipAddress   string
+	subnetMask  string
+	adapterType string // TODO: Make "adapter_type" argument
+}
+
+type hardDisk struct {
+	size int64
+	iops int64
+}
+
+type virtualMachine struct {
+	name              string
+	datacenter        string
+	cluster           string
+	resourcePool      string
+	datastore         string
+	vcpu              int
+	memoryMb          int64
+	template          string
+	networkInterfaces []networkInterface
+	hardDisks         []hardDisk
+	gateway           string
+	domain            string
+	timeZone          string
+	dnsSuffixes       []string
+	dnsServers        []string
+}
+
+func resourceVSphereVirtualMachine() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceVSphereVirtualMachineCreate,
+		Read:   resourceVSphereVirtualMachineRead,
+		Delete: resourceVSphereVirtualMachineDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"vcpu": &schema.Schema{
+				Type:     schema.TypeInt,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"memory": &schema.Schema{
+				Type:     schema.TypeInt,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"datacenter": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"cluster": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"resource_pool": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"gateway": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"domain": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Default:  "vsphere.local",
+			},
+
+			"time_zone": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Default:  "Etc/UTC",
+			},
+
+			"dns_suffix": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				ForceNew: true,
+			},
+
+			"dns_server": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				ForceNew: true,
+			},
+
+			"network_interface": &schema.Schema{
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"label": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+
+						"ip_address": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							Computed: true,
+							ForceNew: true,
+						},
+
+						"subnet_mask": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							Computed: true,
+							ForceNew: true,
+						},
+
+						"adapter_type": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+						},
+					},
+				},
+			},
+
+			"disk": &schema.Schema{
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"template": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+						},
+
+						"datastore": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+						},
+
+						"size": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+							ForceNew: true,
+						},
+
+						"iops": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+							ForceNew: true,
+						},
+					},
+				},
+			},
+
+			"boot_delay": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceVSphereVirtualMachineCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*govmomi.Client)
+
+	vm := virtualMachine{
+		name:     d.Get("name").(string),
+		vcpu:     d.Get("vcpu").(int),
+		memoryMb: int64(d.Get("memory").(int)),
+	}
+
+	if v, ok := d.GetOk("datacenter"); ok {
+		vm.datacenter = v.(string)
+	}
+
+	if v, ok := d.GetOk("cluster"); ok {
+		vm.cluster = v.(string)
+	}
+
+	if v, ok := d.GetOk("resource_pool"); ok {
+		vm.resourcePool = v.(string)
+	}
+
+	if v, ok := d.GetOk("gateway"); ok {
+		vm.gateway = v.(string)
+	}
+
+	if v, ok := d.GetOk("domain"); ok {
+		vm.domain = v.(string)
+	}
+
+	if v, ok := d.GetOk("time_zone"); ok {
+		vm.timeZone = v.(string)
+	}
+
+	dns_suffix := d.Get("dns_suffix.#").(int)
+	if dns_suffix > 0 {
+		vm.dnsSuffixes = make([]string, 0, dns_suffix)
+		for i := 0; i < dns_suffix; i++ {
+			s := fmt.Sprintf("dns_suffix.%d", i)
+			vm.dnsSuffixes = append(vm.dnsSuffixes, d.Get(s).(string))
+		}
+	} else {
+		vm.dnsSuffixes = DefaultDNSSuffixes
+	}
+
+	dns_server := d.Get("dns_server.#").(int)
+	if dns_server > 0 {
+		vm.dnsServers = make([]string, 0, dns_server)
+		for i := 0; i < dns_server; i++ {
+			s := fmt.Sprintf("dns_server.%d", i)
+			vm.dnsServers = append(vm.dnsServers, d.Get(s).(string))
+		}
+	} else {
+		vm.dnsServers = DefaultDNSServers
+	}
+
+	networksCount := d.Get("network_interface.#").(int)
+	networks := make([]networkInterface, networksCount)
+	for i := 0; i < networksCount; i++ {
+		prefix := fmt.Sprintf("network_interface.%d", i)
+		networks[i].label = d.Get(prefix + ".label").(string)
+		if v, ok := d.GetOk(prefix + ".ip_address"); ok {
+			networks[i].ipAddress = v.(string)
+		}
+		if v, ok := d.GetOk(prefix + ".subnet_mask"); ok {
+			networks[i].subnetMask = v.(string)
+		}
+	}
+	vm.networkInterfaces = networks
+	log.Printf("[DEBUG] network_interface init: %v", networks)
+
+	diskCount := d.Get("disk.#").(int)
+	disks := make([]hardDisk, diskCount)
+	for i := 0; i < diskCount; i++ {
+		prefix := fmt.Sprintf("disk.%d", i)
+		if i == 0 {
+			if v, ok := d.GetOk(prefix + ".template"); ok {
+				vm.template = v.(string)
+			} else {
+				if v, ok := d.GetOk(prefix + ".size"); ok {
+					disks[i].size = int64(v.(int))
+				} else {
+					return fmt.Errorf("If template argument is not specified, size argument is required.")
+				}
+			}
+			if v, ok := d.GetOk(prefix + ".datastore"); ok {
+				vm.datastore = v.(string)
+			}
+		} else {
+			if v, ok := d.GetOk(prefix + ".size"); ok {
+				disks[i].size = int64(v.(int))
+			} else {
+				return fmt.Errorf("Size argument is required.")
+			}
+		}
+		if v, ok := d.GetOk(prefix + ".iops"); ok {
+			disks[i].iops = int64(v.(int))
+		}
+	}
+	vm.hardDisks = disks
+	log.Printf("[DEBUG] disk init: %v", disks)
+
+	if vm.template != "" {
+		err := vm.deployVirtualMachine(client)
+		if err != nil {
+			return fmt.Errorf("error: %s", err)
+		}
+	} else {
+		err := vm.createVirtualMachine(client)
+		if err != nil {
+			return fmt.Errorf("error: %s", err)
+		}
+	}
+
+	if _, ok := d.GetOk("network_interface.0.ip_address"); !ok {
+		if v, ok := d.GetOk("boot_delay"); ok {
+			stateConf := &resource.StateChangeConf{
+				Pending:    []string{"pending"},
+				Target:     "active",
+				Refresh:    waitForNetworkingActive(client, vm.datacenter, vm.name),
+				Timeout:    600 * time.Second,
+				Delay:      time.Duration(v.(int)) * time.Second,
+				MinTimeout: 2 * time.Second,
+			}
+
+			_, err := stateConf.WaitForState()
+			if err != nil {
+				return fmt.Errorf("error: %s", err)
+			}
+		}
+	}
+	d.SetId(vm.name)
+	log.Printf("[INFO] Created virtual machine: %s", d.Id())
+
+	return resourceVSphereVirtualMachineRead(d, meta)
+}
+
+func resourceVSphereVirtualMachineRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*govmomi.Client)
+	dc, err := getDatacenter(client, d.Get("datacenter").(string))
+	if err != nil {
+		return err
+	}
+	finder := find.NewFinder(client.Client, true)
+	finder = finder.SetDatacenter(dc)
+
+	vm, err := finder.VirtualMachine(context.TODO(), d.Get("name").(string))
+	if err != nil {
+		log.Printf("[ERROR] Virtual machine not found: %s", d.Get("name").(string))
+		d.SetId("")
+		return nil
+	}
+
+	var mvm mo.VirtualMachine
+
+	collector := property.DefaultCollector(client.Client)
+	if err := collector.RetrieveOne(context.TODO(), vm.Reference(), []string{"guest", "summary", "datastore"}, &mvm); err != nil {
+		log.Printf("[ERROR] %#v", err)
+	}
+
+	log.Printf("[DEBUG] %#v", dc)
+	log.Printf("[DEBUG] %#v", mvm.Summary.Config)
+	log.Printf("[DEBUG] %#v", mvm.Guest.Net)
+
+	networkInterfaces := make([]map[string]interface{}, 0)
+	for _, v := range mvm.Guest.Net {
+		if v.DeviceConfigId >= 0 {
+			log.Printf("[DEBUG] %#v", v.Network)
+			networkInterface := make(map[string]interface{})
+			networkInterface["label"] = v.Network
+			if len(v.IpAddress) > 0 {
+				log.Printf("[DEBUG] %#v", v.IpAddress[0])
+				networkInterface["ip_address"] = v.IpAddress[0]
+
+				m := net.CIDRMask(v.IpConfig.IpAddress[0].PrefixLength, 32)
+				subnetMask := net.IPv4(m[0], m[1], m[2], m[3])
+				networkInterface["subnet_mask"] = subnetMask.String()
+				log.Printf("[DEBUG] %#v", subnetMask.String())
+			}
+			networkInterfaces = append(networkInterfaces, networkInterface)
+		}
+	}
+	d.Set("network_interface", networkInterfaces)
+
+	var rootDatastore string
+	for _, v := range mvm.Datastore {
+		var md mo.Datastore
+		if err := collector.RetrieveOne(context.TODO(), v, []string{"name", "parent"}, &md); err != nil {
+			log.Printf("[ERROR] %#v", err)
+		}
+		if md.Parent.Type == "StoragePod" {
+			var msp mo.StoragePod
+			if err := collector.RetrieveOne(context.TODO(), *md.Parent, []string{"name"}, &msp); err != nil {
+				log.Printf("[ERROR] %#v", err)
+			}
+			rootDatastore = msp.Name
+			log.Printf("[DEBUG] %#v", msp.Name)
+		} else {
+			rootDatastore = md.Name
+			log.Printf("[DEBUG] %#v", md.Name)
+		}
+		break
+	}
+
+	d.Set("datacenter", dc)
+	d.Set("memory", mvm.Summary.Config.MemorySizeMB)
+	d.Set("cpu", mvm.Summary.Config.NumCpu)
+	d.Set("datastore", rootDatastore)
+
+	// Initialize the connection info
+	d.SetConnInfo(map[string]string{
+		"type": "ssh",
+		"host": networkInterfaces[0]["ip_address"].(string),
+	})
+
+	return nil
+}
+
+func resourceVSphereVirtualMachineDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*govmomi.Client)
+	dc, err := getDatacenter(client, d.Get("datacenter").(string))
+	if err != nil {
+		return err
+	}
+	finder := find.NewFinder(client.Client, true)
+	finder = finder.SetDatacenter(dc)
+
+	vm, err := finder.VirtualMachine(context.TODO(), d.Get("name").(string))
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[INFO] Deleting virtual machine: %s", d.Id())
+
+	task, err := vm.PowerOff(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	err = task.Wait(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	task, err = vm.Destroy(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	err = task.Wait(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	d.SetId("")
+	return nil
+}
+
+func waitForNetworkingActive(client *govmomi.Client, datacenter, name string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		dc, err := getDatacenter(client, datacenter)
+		if err != nil {
+			log.Printf("[ERROR] %#v", err)
+			return nil, "", err
+		}
+		finder := find.NewFinder(client.Client, true)
+		finder = finder.SetDatacenter(dc)
+
+		vm, err := finder.VirtualMachine(context.TODO(), name)
+		if err != nil {
+			log.Printf("[ERROR] %#v", err)
+			return nil, "", err
+		}
+
+		var mvm mo.VirtualMachine
+		collector := property.DefaultCollector(client.Client)
+		if err := collector.RetrieveOne(context.TODO(), vm.Reference(), []string{"summary"}, &mvm); err != nil {
+			log.Printf("[ERROR] %#v", err)
+			return nil, "", err
+		}
+
+		if mvm.Summary.Guest.IpAddress != "" {
+			log.Printf("[DEBUG] IP address with DHCP: %v", mvm.Summary.Guest.IpAddress)
+			return mvm.Summary, "active", err
+		} else {
+			log.Printf("[DEBUG] Waiting for IP address")
+			return nil, "pending", err
+		}
+	}
+}
+
+// getDatacenter gets datacenter object
+func getDatacenter(c *govmomi.Client, dc string) (*object.Datacenter, error) {
+	finder := find.NewFinder(c.Client, true)
+	if dc != "" {
+		d, err := finder.Datacenter(context.TODO(), dc)
+		return d, err
+	} else {
+		d, err := finder.DefaultDatacenter(context.TODO())
+		return d, err
+	}
+}
+
+// addHardDisk adds a new Hard Disk to the VirtualMachine.
+func addHardDisk(vm *object.VirtualMachine, size, iops int64, diskType string) error {
+	devices, err := vm.Device(context.TODO())
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] vm devices: %#v\n", devices)
+
+	controller, err := devices.FindDiskController("scsi")
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] disk controller: %#v\n", controller)
+
+	disk := devices.CreateDisk(controller, "")
+	existing := devices.SelectByBackingInfo(disk.Backing)
+	log.Printf("[DEBUG] disk: %#v\n", disk)
+
+	if len(existing) == 0 {
+		disk.CapacityInKB = int64(size * 1024 * 1024)
+		if iops != 0 {
+			disk.StorageIOAllocation = &types.StorageIOAllocationInfo{
+				Limit: iops,
+			}
+		}
+		backing := disk.Backing.(*types.VirtualDiskFlatVer2BackingInfo)
+
+		if diskType == "eager_zeroed" {
+			// eager zeroed thick virtual disk
+			backing.ThinProvisioned = types.NewBool(false)
+			backing.EagerlyScrub = types.NewBool(true)
+		} else if diskType == "thin" {
+			// thin provisioned virtual disk
+			backing.ThinProvisioned = types.NewBool(true)
+		}
+
+		log.Printf("[DEBUG] addHardDisk: %#v\n", disk)
+		log.Printf("[DEBUG] addHardDisk: %#v\n", disk.CapacityInKB)
+
+		return vm.AddDevice(context.TODO(), disk)
+	} else {
+		log.Printf("[DEBUG] addHardDisk: Disk already present.\n")
+
+		return nil
+	}
+}
+
+// createNetworkDevice creates VirtualDeviceConfigSpec for Network Device.
+func createNetworkDevice(f *find.Finder, label, adapterType string) (*types.VirtualDeviceConfigSpec, error) {
+	network, err := f.Network(context.TODO(), "*"+label)
+	if err != nil {
+		return nil, err
+	}
+
+	backing, err := network.EthernetCardBackingInfo(context.TODO())
+	if err != nil {
+		return nil, err
+	}
+
+	if adapterType == "vmxnet3" {
+		return &types.VirtualDeviceConfigSpec{
+			Operation: types.VirtualDeviceConfigSpecOperationAdd,
+			Device: &types.VirtualVmxnet3{
+				types.VirtualVmxnet{
+					types.VirtualEthernetCard{
+						VirtualDevice: types.VirtualDevice{
+							Key:     -1,
+							Backing: backing,
+						},
+						AddressType: string(types.VirtualEthernetCardMacTypeGenerated),
+					},
+				},
+			},
+		}, nil
+	} else if adapterType == "e1000" {
+		return &types.VirtualDeviceConfigSpec{
+			Operation: types.VirtualDeviceConfigSpecOperationAdd,
+			Device: &types.VirtualE1000{
+				types.VirtualEthernetCard{
+					VirtualDevice: types.VirtualDevice{
+						Key:     -1,
+						Backing: backing,
+					},
+					AddressType: string(types.VirtualEthernetCardMacTypeGenerated),
+				},
+			},
+		}, nil
+	} else {
+		return nil, fmt.Errorf("Invalid network adapter type.")
+	}
+}
+
+// createVMRelocateSpec creates VirtualMachineRelocateSpec to set a place for a new VirtualMachine.
+func createVMRelocateSpec(rp *object.ResourcePool, ds *object.Datastore, vm *object.VirtualMachine) (types.VirtualMachineRelocateSpec, error) {
+	var key int
+
+	devices, err := vm.Device(context.TODO())
+	if err != nil {
+		return types.VirtualMachineRelocateSpec{}, err
+	}
+	for _, d := range devices {
+		if devices.Type(d) == "disk" {
+			key = d.GetVirtualDevice().Key
+		}
+	}
+
+	rpr := rp.Reference()
+	dsr := ds.Reference()
+	return types.VirtualMachineRelocateSpec{
+		Datastore: &dsr,
+		Pool:      &rpr,
+		Disk: []types.VirtualMachineRelocateSpecDiskLocator{
+			types.VirtualMachineRelocateSpecDiskLocator{
+				Datastore: dsr,
+				DiskBackingInfo: &types.VirtualDiskFlatVer2BackingInfo{
+					DiskMode:        "persistent",
+					ThinProvisioned: types.NewBool(false),
+					EagerlyScrub:    types.NewBool(true),
+				},
+				DiskId: key,
+			},
+		},
+	}, nil
+}
+
+// getDatastoreObject gets datastore object.
+func getDatastoreObject(client *govmomi.Client, f *object.DatacenterFolders, name string) (types.ManagedObjectReference, error) {
+	s := object.NewSearchIndex(client.Client)
+	ref, err := s.FindChild(context.TODO(), f.DatastoreFolder, name)
+	if err != nil {
+		return types.ManagedObjectReference{}, err
+	}
+	if ref == nil {
+		return types.ManagedObjectReference{}, fmt.Errorf("Datastore '%s' not found.", name)
+	}
+	log.Printf("[DEBUG] getDatastoreObject: reference: %#v", ref)
+	return ref.Reference(), nil
+}
+
+// createStoragePlacementSpecCreate creates StoragePlacementSpec for create action.
+func createStoragePlacementSpecCreate(f *object.DatacenterFolders, rp *object.ResourcePool, storagePod object.StoragePod, configSpec types.VirtualMachineConfigSpec) types.StoragePlacementSpec {
+	vmfr := f.VmFolder.Reference()
+	rpr := rp.Reference()
+	spr := storagePod.Reference()
+
+	sps := types.StoragePlacementSpec{
+		Type:       "create",
+		ConfigSpec: &configSpec,
+		PodSelectionSpec: types.StorageDrsPodSelectionSpec{
+			StoragePod: &spr,
+		},
+		Folder:       &vmfr,
+		ResourcePool: &rpr,
+	}
+	log.Printf("[DEBUG] findDatastore: StoragePlacementSpec: %#v\n", sps)
+	return sps
+}
+
+// createStoragePlacementSpecClone creates StoragePlacementSpec for clone action.
+func createStoragePlacementSpecClone(c *govmomi.Client, f *object.DatacenterFolders, vm *object.VirtualMachine, rp *object.ResourcePool, storagePod object.StoragePod) types.StoragePlacementSpec {
+	vmr := vm.Reference()
+	vmfr := f.VmFolder.Reference()
+	rpr := rp.Reference()
+	spr := storagePod.Reference()
+
+	var o mo.VirtualMachine
+	err := vm.Properties(context.TODO(), vmr, []string{"datastore"}, &o)
+	if err != nil {
+		return types.StoragePlacementSpec{}
+	}
+	ds := object.NewDatastore(c.Client, o.Datastore[0])
+	log.Printf("[DEBUG] findDatastore: datastore: %#v\n", ds)
+
+	devices, err := vm.Device(context.TODO())
+	if err != nil {
+		return types.StoragePlacementSpec{}
+	}
+
+	var key int
+	for _, d := range devices.SelectByType((*types.VirtualDisk)(nil)) {
+		key = d.GetVirtualDevice().Key
+		log.Printf("[DEBUG] findDatastore: virtual devices: %#v\n", d.GetVirtualDevice())
+	}
+
+	sps := types.StoragePlacementSpec{
+		Type: "clone",
+		Vm:   &vmr,
+		PodSelectionSpec: types.StorageDrsPodSelectionSpec{
+			StoragePod: &spr,
+		},
+		CloneSpec: &types.VirtualMachineCloneSpec{
+			Location: types.VirtualMachineRelocateSpec{
+				Disk: []types.VirtualMachineRelocateSpecDiskLocator{
+					types.VirtualMachineRelocateSpecDiskLocator{
+						Datastore:       ds.Reference(),
+						DiskBackingInfo: &types.VirtualDiskFlatVer2BackingInfo{},
+						DiskId:          key,
+					},
+				},
+				Pool: &rpr,
+			},
+			PowerOn:  false,
+			Template: false,
+		},
+		CloneName: "dummy",
+		Folder:    &vmfr,
+	}
+	return sps
+}
+
+// findDatastore finds Datastore object.
+func findDatastore(c *govmomi.Client, sps types.StoragePlacementSpec) (*object.Datastore, error) {
+	var datastore *object.Datastore
+	log.Printf("[DEBUG] findDatastore: StoragePlacementSpec: %#v\n", sps)
+
+	srm := object.NewStorageResourceManager(c.Client)
+	rds, err := srm.RecommendDatastores(context.TODO(), sps)
+	if err != nil {
+		return nil, err
+	}
+	log.Printf("[DEBUG] findDatastore: recommendDatastores: %#v\n", rds)
+
+	spa := rds.Recommendations[0].Action[0].(*types.StoragePlacementAction)
+	datastore = object.NewDatastore(c.Client, spa.Destination)
+	log.Printf("[DEBUG] findDatastore: datastore: %#v", datastore)
+
+	return datastore, nil
+}
+
+// createVirtualMchine creates a new VirtualMachine.
+func (vm *virtualMachine) createVirtualMachine(c *govmomi.Client) error {
+	dc, err := getDatacenter(c, vm.datacenter)
+	if err != nil {
+		return err
+	}
+	finder := find.NewFinder(c.Client, true)
+	finder = finder.SetDatacenter(dc)
+
+	var resourcePool *object.ResourcePool
+	if vm.resourcePool == "" {
+		if vm.cluster == "" {
+			resourcePool, err = finder.DefaultResourcePool(context.TODO())
+			if err != nil {
+				return err
+			}
+		} else {
+			resourcePool, err = finder.ResourcePool(context.TODO(), "*"+vm.cluster+"/Resources")
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		resourcePool, err = finder.ResourcePool(context.TODO(), vm.resourcePool)
+		if err != nil {
+			return err
+		}
+	}
+	log.Printf("[DEBUG] resource pool: %#v", resourcePool)
+
+	dcFolders, err := dc.Folders(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	// network
+	networkDevices := []types.BaseVirtualDeviceConfigSpec{}
+	for _, network := range vm.networkInterfaces {
+		// network device
+		nd, err := createNetworkDevice(finder, network.label, "e1000")
+		if err != nil {
+			return err
+		}
+		networkDevices = append(networkDevices, nd)
+	}
+
+	// make config spec
+	configSpec := types.VirtualMachineConfigSpec{
+		GuestId:           "otherLinux64Guest",
+		Name:              vm.name,
+		NumCPUs:           vm.vcpu,
+		NumCoresPerSocket: 1,
+		MemoryMB:          vm.memoryMb,
+		DeviceChange:      networkDevices,
+	}
+	log.Printf("[DEBUG] virtual machine config spec: %v", configSpec)
+
+	var datastore *object.Datastore
+	if vm.datastore == "" {
+		datastore, err = finder.DefaultDatastore(context.TODO())
+		if err != nil {
+			return err
+		}
+	} else {
+		datastore, err = finder.Datastore(context.TODO(), vm.datastore)
+		if err != nil {
+			// TODO: datastore cluster support in govmomi finder function
+			d, err := getDatastoreObject(c, dcFolders, vm.datastore)
+			if err != nil {
+				return err
+			}
+
+			if d.Type == "StoragePod" {
+				sp := object.StoragePod{
+					object.NewFolder(c.Client, d),
+				}
+				sps := createStoragePlacementSpecCreate(dcFolders, resourcePool, sp, configSpec)
+				datastore, err = findDatastore(c, sps)
+				if err != nil {
+					return err
+				}
+			} else {
+				datastore = object.NewDatastore(c.Client, d)
+			}
+		}
+	}
+
+	log.Printf("[DEBUG] datastore: %#v", datastore)
+
+	var mds mo.Datastore
+	if err = datastore.Properties(context.TODO(), datastore.Reference(), []string{"name"}, &mds); err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] datastore: %#v", mds.Name)
+	scsi, err := object.SCSIControllerTypes().CreateSCSIController("scsi")
+	if err != nil {
+		log.Printf("[ERROR] %s", err)
+	}
+
+	configSpec.DeviceChange = append(configSpec.DeviceChange, &types.VirtualDeviceConfigSpec{
+		Operation: types.VirtualDeviceConfigSpecOperationAdd,
+		Device:    scsi,
+	})
+	configSpec.Files = &types.VirtualMachineFileInfo{VmPathName: fmt.Sprintf("[%s]", mds.Name)}
+
+	task, err := dcFolders.VmFolder.CreateVM(context.TODO(), configSpec, resourcePool, nil)
+	if err != nil {
+		log.Printf("[ERROR] %s", err)
+	}
+
+	err = task.Wait(context.TODO())
+	if err != nil {
+		log.Printf("[ERROR] %s", err)
+	}
+
+	newVM, err := finder.VirtualMachine(context.TODO(), vm.name)
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] new vm: %v", newVM)
+
+	log.Printf("[DEBUG] add hard disk: %v", vm.hardDisks)
+	for _, hd := range vm.hardDisks {
+		log.Printf("[DEBUG] add hard disk: %v", hd.size)
+		log.Printf("[DEBUG] add hard disk: %v", hd.iops)
+		err = addHardDisk(newVM, hd.size, hd.iops, "thin")
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// deployVirtualMchine deploys a new VirtualMachine.
+func (vm *virtualMachine) deployVirtualMachine(c *govmomi.Client) error {
+	dc, err := getDatacenter(c, vm.datacenter)
+	if err != nil {
+		return err
+	}
+	finder := find.NewFinder(c.Client, true)
+	finder = finder.SetDatacenter(dc)
+
+	template, err := finder.VirtualMachine(context.TODO(), vm.template)
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] template: %#v", template)
+
+	var resourcePool *object.ResourcePool
+	if vm.resourcePool == "" {
+		if vm.cluster == "" {
+			resourcePool, err = finder.DefaultResourcePool(context.TODO())
+			if err != nil {
+				return err
+			}
+		} else {
+			resourcePool, err = finder.ResourcePool(context.TODO(), "*"+vm.cluster+"/Resources")
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		resourcePool, err = finder.ResourcePool(context.TODO(), vm.resourcePool)
+		if err != nil {
+			return err
+		}
+	}
+	log.Printf("[DEBUG] resource pool: %#v", resourcePool)
+
+	dcFolders, err := dc.Folders(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	var datastore *object.Datastore
+	if vm.datastore == "" {
+		datastore, err = finder.DefaultDatastore(context.TODO())
+		if err != nil {
+			return err
+		}
+	} else {
+		datastore, err = finder.Datastore(context.TODO(), vm.datastore)
+		if err != nil {
+			// TODO: datastore cluster support in govmomi finder function
+			d, err := getDatastoreObject(c, dcFolders, vm.datastore)
+			if err != nil {
+				return err
+			}
+
+			if d.Type == "StoragePod" {
+				sp := object.StoragePod{
+					object.NewFolder(c.Client, d),
+				}
+				sps := createStoragePlacementSpecClone(c, dcFolders, template, resourcePool, sp)
+				datastore, err = findDatastore(c, sps)
+				if err != nil {
+					return err
+				}
+			} else {
+				datastore = object.NewDatastore(c.Client, d)
+			}
+		}
+	}
+	log.Printf("[DEBUG] datastore: %#v", datastore)
+
+	relocateSpec, err := createVMRelocateSpec(resourcePool, datastore, template)
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] relocate spec: %v", relocateSpec)
+
+	// network
+	networkDevices := []types.BaseVirtualDeviceConfigSpec{}
+	networkConfigs := []types.CustomizationAdapterMapping{}
+	for _, network := range vm.networkInterfaces {
+		// network device
+		nd, err := createNetworkDevice(finder, network.label, "vmxnet3")
+		if err != nil {
+			return err
+		}
+		networkDevices = append(networkDevices, nd)
+
+		var ipSetting types.CustomizationIPSettings
+		if network.ipAddress == "" {
+			ipSetting = types.CustomizationIPSettings{
+				Ip: &types.CustomizationDhcpIpGenerator{},
+			}
+		} else {
+			log.Printf("[DEBUG] gateway: %v", vm.gateway)
+			log.Printf("[DEBUG] ip address: %v", network.ipAddress)
+			log.Printf("[DEBUG] subnet mask: %v", network.subnetMask)
+			ipSetting = types.CustomizationIPSettings{
+				Gateway: []string{
+					vm.gateway,
+				},
+				Ip: &types.CustomizationFixedIp{
+					IpAddress: network.ipAddress,
+				},
+				SubnetMask: network.subnetMask,
+			}
+		}
+
+		// network config
+		config := types.CustomizationAdapterMapping{
+			Adapter: ipSetting,
+		}
+		networkConfigs = append(networkConfigs, config)
+	}
+	log.Printf("[DEBUG] network configs: %v", networkConfigs[0].Adapter)
+
+	// make config spec
+	configSpec := types.VirtualMachineConfigSpec{
+		NumCPUs:           vm.vcpu,
+		NumCoresPerSocket: 1,
+		MemoryMB:          vm.memoryMb,
+		DeviceChange:      networkDevices,
+	}
+	log.Printf("[DEBUG] virtual machine config spec: %v", configSpec)
+
+	// create CustomizationSpec
+	customSpec := types.CustomizationSpec{
+		Identity: &types.CustomizationLinuxPrep{
+			HostName: &types.CustomizationFixedName{
+				Name: strings.Split(vm.name, ".")[0],
+			},
+			Domain:     vm.domain,
+			TimeZone:   vm.timeZone,
+			HwClockUTC: types.NewBool(true),
+		},
+		GlobalIPSettings: types.CustomizationGlobalIPSettings{
+			DnsSuffixList: vm.dnsSuffixes,
+			DnsServerList: vm.dnsServers,
+		},
+		NicSettingMap: networkConfigs,
+	}
+	log.Printf("[DEBUG] custom spec: %v", customSpec)
+
+	// make vm clone spec
+	cloneSpec := types.VirtualMachineCloneSpec{
+		Location:      relocateSpec,
+		Template:      false,
+		Config:        &configSpec,
+		Customization: &customSpec,
+		PowerOn:       true,
+	}
+	log.Printf("[DEBUG] clone spec: %v", cloneSpec)
+
+	task, err := template.Clone(context.TODO(), dcFolders.VmFolder, vm.name, cloneSpec)
+	if err != nil {
+		return err
+	}
+
+	_, err = task.WaitForResult(context.TODO(), nil)
+	if err != nil {
+		return err
+	}
+
+	newVM, err := finder.VirtualMachine(context.TODO(), vm.name)
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] new vm: %v", newVM)
+
+	ip, err := newVM.WaitForIP(context.TODO())
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] ip address: %v", ip)
+
+	for i := 1; i < len(vm.hardDisks); i++ {
+		err = addHardDisk(newVM, vm.hardDisks[i].size, vm.hardDisks[i].iops, "eager_zeroed")
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/builtin/providers/vsphere/resource_vsphere_virtual_machine_test.go b/builtin/providers/vsphere/resource_vsphere_virtual_machine_test.go
new file mode 100644
index 0000000000..75bc339e85
--- /dev/null
+++ b/builtin/providers/vsphere/resource_vsphere_virtual_machine_test.go
@@ -0,0 +1,240 @@
+package vsphere
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/vmware/govmomi"
+	"github.com/vmware/govmomi/find"
+	"github.com/vmware/govmomi/object"
+	"golang.org/x/net/context"
+)
+
+func TestAccVSphereVirtualMachine_basic(t *testing.T) {
+	var vm virtualMachine
+	datacenter := os.Getenv("VSPHERE_DATACENTER")
+	cluster := os.Getenv("VSPHERE_CLUSTER")
+	datastore := os.Getenv("VSPHERE_DATASTORE")
+	template := os.Getenv("VSPHERE_TEMPLATE")
+	gateway := os.Getenv("VSPHERE_NETWORK_GATEWAY")
+	label := os.Getenv("VSPHERE_NETWORK_LABEL")
+	ip_address := os.Getenv("VSPHERE_NETWORK_IP_ADDRESS")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckVSphereVirtualMachineDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: fmt.Sprintf(
+					testAccCheckVSphereVirtualMachineConfig_basic,
+					datacenter,
+					cluster,
+					gateway,
+					label,
+					ip_address,
+					datastore,
+					template,
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVSphereVirtualMachineExists("vsphere_virtual_machine.foo", &vm),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "name", "terraform-test"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "datacenter", datacenter),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "vcpu", "2"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "memory", "4096"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "disk.#", "2"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "disk.0.datastore", datastore),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "disk.0.template", template),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "network_interface.#", "1"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.foo", "network_interface.0.label", label),
+				),
+			},
+		},
+	})
+}
+
+func TestAccVSphereVirtualMachine_dhcp(t *testing.T) {
+	var vm virtualMachine
+	datacenter := os.Getenv("VSPHERE_DATACENTER")
+	cluster := os.Getenv("VSPHERE_CLUSTER")
+	datastore := os.Getenv("VSPHERE_DATASTORE")
+	template := os.Getenv("VSPHERE_TEMPLATE")
+	label := os.Getenv("VSPHERE_NETWORK_LABEL_DHCP")
+	password := os.Getenv("VSPHERE_VM_PASSWORD")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckVSphereVirtualMachineDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: fmt.Sprintf(
+					testAccCheckVSphereVirtualMachineConfig_dhcp,
+					datacenter,
+					cluster,
+					label,
+					datastore,
+					template,
+					password,
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVSphereVirtualMachineExists("vsphere_virtual_machine.bar", &vm),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "name", "terraform-test"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "datacenter", datacenter),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "vcpu", "2"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "memory", "4096"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "disk.#", "1"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "disk.0.datastore", datastore),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "disk.0.template", template),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "network_interface.#", "1"),
+					resource.TestCheckResourceAttr(
+						"vsphere_virtual_machine.bar", "network_interface.0.label", label),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckVSphereVirtualMachineDestroy(s *terraform.State) error {
+	client := testAccProvider.Meta().(*govmomi.Client)
+	finder := find.NewFinder(client.Client, true)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "vsphere_virtual_machine" {
+			continue
+		}
+
+		dc, err := finder.Datacenter(context.TODO(), rs.Primary.Attributes["datacenter"])
+		if err != nil {
+			return fmt.Errorf("error %s", err)
+		}
+
+		dcFolders, err := dc.Folders(context.TODO())
+		if err != nil {
+			return fmt.Errorf("error %s", err)
+		}
+
+		_, err = object.NewSearchIndex(client.Client).FindChild(context.TODO(), dcFolders.VmFolder, rs.Primary.Attributes["name"])
+		if err == nil {
+			return fmt.Errorf("Record still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckVSphereVirtualMachineExists(n string, vm *virtualMachine) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		client := testAccProvider.Meta().(*govmomi.Client)
+		finder := find.NewFinder(client.Client, true)
+
+		dc, err := finder.Datacenter(context.TODO(), rs.Primary.Attributes["datacenter"])
+		if err != nil {
+			return fmt.Errorf("error %s", err)
+		}
+
+		dcFolders, err := dc.Folders(context.TODO())
+		if err != nil {
+			return fmt.Errorf("error %s", err)
+		}
+
+		_, err = object.NewSearchIndex(client.Client).FindChild(context.TODO(), dcFolders.VmFolder, rs.Primary.Attributes["name"])
+		/*
+			vmRef, err := client.SearchIndex().FindChild(dcFolders.VmFolder, rs.Primary.Attributes["name"])
+			if err != nil {
+				return fmt.Errorf("error %s", err)
+			}
+
+			found := govmomi.NewVirtualMachine(client, vmRef.Reference())
+			fmt.Printf("%v", found)
+
+			if found.Name != rs.Primary.ID {
+				return fmt.Errorf("Instance not found")
+			}
+			*instance = *found
+		*/
+
+		*vm = virtualMachine{
+			name: rs.Primary.ID,
+		}
+
+		return nil
+	}
+}
+
+const testAccCheckVSphereVirtualMachineConfig_basic = `
+resource "vsphere_virtual_machine" "foo" {
+    name = "terraform-test"
+    datacenter = "%s"
+    cluster = "%s"
+    vcpu = 2
+    memory = 4096
+    gateway = "%s"
+    network_interface {
+        label = "%s"
+        ip_address = "%s"
+        subnet_mask = "255.255.255.0"
+    }
+    disk {
+        datastore = "%s"
+        template = "%s"
+        iops = 500
+    }
+    disk {
+        size = 1
+        iops = 500
+    }
+}
+`
+
+const testAccCheckVSphereVirtualMachineConfig_dhcp = `
+resource "vsphere_virtual_machine" "bar" {
+    name = "terraform-test"
+    datacenter = "%s"
+    cluster = "%s"
+    vcpu = 2
+    memory = 4096
+    network_interface {
+        label = "%s"
+    }
+    disk {
+        datastore = "%s"
+        template = "%s"
+    }
+
+    connection {
+        host = "${self.network_interface.0.ip_address}"
+        user = "root"
+        password = "%s"
+    }
+}
+`

From 5c30573a63d14531fb560e140ceadac61777db19 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 10 May 2015 01:52:40 -0700
Subject: [PATCH 117/335] AWS config forced to us-east-1 in variable, not
 inline.

There are several AWS services that are global in scope and thus need to
be accessed via the us-east-1 endpoints, so we'll make the us-east-1
variant of the config available as a variable we can reuse between multiple
clients as we add support for new services.
---
 builtin/providers/aws/config.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index f462810fc1..5f1f18a8c5 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -106,6 +106,16 @@ func (c *Config) Client() (interface{}, error) {
 			MaxRetries:  aws.Int(c.MaxRetries),
 			Endpoint:    aws.String(c.DynamoDBEndpoint),
 		}
+		// Some services exist only in us-east-1, e.g. because they manage
+		// resources that can span across multiple regions, or because
+		// signature format v4 requires region to be us-east-1 for global
+		// endpoints:
+		// http://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html
+		usEast1AwsConfig := &aws.Config{
+			Credentials: creds,
+			Region:      aws.String("us-east-1"),
+			MaxRetries:  aws.Int(c.MaxRetries),
+		}
 
 		log.Println("[INFO] Initializing DynamoDB connection")
 		client.dynamodbconn = dynamodb.New(awsDynamoDBConfig)
@@ -145,15 +155,8 @@ func (c *Config) Client() (interface{}, error) {
 		log.Println("[INFO] Initializing EFS Connection")
 		client.efsconn = efs.New(awsConfig)
 
-		// aws-sdk-go uses v4 for signing requests, which requires all global
-		// endpoints to use 'us-east-1'.
-		// See http://docs.aws.amazon.com/general/latest/gr/sigv4_changes.html
 		log.Println("[INFO] Initializing Route 53 connection")
-		client.r53conn = route53.New(&aws.Config{
-			Credentials: creds,
-			Region:      aws.String("us-east-1"),
-			MaxRetries:  aws.Int(c.MaxRetries),
-		})
+		client.r53conn = route53.New(usEast1AwsConfig)
 
 		log.Println("[INFO] Initializing Elasticache Connection")
 		client.elasticacheconn = elasticache.New(awsConfig)

From 8e79f0cb3adee3ffac1ead66e677738a2d557bc0 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 10 May 2015 20:20:17 -0700
Subject: [PATCH 118/335] Prepare for adding OpsWorks resources.

Here we add an OpsWorks client instance to the central client bundle and
establish a new documentation section, both of which will be fleshed out in
subsequent commits that add some OpsWorks resources.
---
 builtin/providers/aws/config.go | 5 +++++
 website/source/layouts/aws.erb  | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index 5f1f18a8c5..2260a548a7 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -22,6 +22,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/aws/aws-sdk-go/service/kinesis"
 	"github.com/aws/aws-sdk-go/service/lambda"
+	"github.com/aws/aws-sdk-go/service/opsworks"
 	"github.com/aws/aws-sdk-go/service/rds"
 	"github.com/aws/aws-sdk-go/service/route53"
 	"github.com/aws/aws-sdk-go/service/s3"
@@ -61,6 +62,7 @@ type AWSClient struct {
 	kinesisconn        *kinesis.Kinesis
 	elasticacheconn    *elasticache.ElastiCache
 	lambdaconn         *lambda.Lambda
+	opsworksconn    *opsworks.OpsWorks
 }
 
 // Client configures and returns a fully initialized AWSClient
@@ -169,6 +171,9 @@ func (c *Config) Client() (interface{}, error) {
 
 		log.Println("[INFO] Initializing CloudWatch Logs connection")
 		client.cloudwatchlogsconn = cloudwatchlogs.New(awsConfig)
+
+		log.Println("[INFO] Initializing OpsWorks Connection")
+		client.opsworksconn = opsworks.New(usEast1AwsConfig)
 	}
 
 	if len(errs) > 0 {
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 17281a9f84..08161f0b82 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -255,6 +255,14 @@
                 </li>
 
 
+                <li<%= sidebar_current(/^docs-aws-resource-opsworks/) %>>
+                    <a href="#">OpsWorks Resources</a>
+                    <ul class="nav nav-visible">
+
+                    </ul>
+                </li>
+
+
                 <li<%= sidebar_current(/^docs-aws-resource-db/) %>>
                     <a href="#">RDS Resources</a>
                     <ul class="nav nav-visible">

From 4ce3d089fb5b0aab9986ab9ebf2f40b1aac371bd Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 10 May 2015 20:21:03 -0700
Subject: [PATCH 119/335] aws_opswork_stack resource type.

"Stack" is the root concept in OpsWorks, and acts as a container for a number
of different "layers" that each provide some service for an application.
A stack isn't very interesting on its own, but it needs to be created before
any layers can be created.
---
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_opsworks_stack.go        | 456 ++++++++++++++++++
 .../aws/resource_aws_opsworks_stack_test.go   | 353 ++++++++++++++
 .../aws/r/opsworks_stack.html.markdown        |  68 +++
 website/source/layouts/aws.erb                |   4 +
 5 files changed, 882 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_stack.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_stack_test.go
 create mode 100644 website/source/docs/providers/aws/r/opsworks_stack.html.markdown

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 350aeb75da..cfb54f54fd 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -207,6 +207,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_main_route_table_association": resourceAwsMainRouteTableAssociation(),
 			"aws_network_acl":                  resourceAwsNetworkAcl(),
 			"aws_network_interface":            resourceAwsNetworkInterface(),
+			"aws_opsworks_stack":               resourceAwsOpsworksStack(),
 			"aws_proxy_protocol_policy":        resourceAwsProxyProtocolPolicy(),
 			"aws_route53_delegation_set":       resourceAwsRoute53DelegationSet(),
 			"aws_route53_record":               resourceAwsRoute53Record(),
diff --git a/builtin/providers/aws/resource_aws_opsworks_stack.go b/builtin/providers/aws/resource_aws_opsworks_stack.go
new file mode 100644
index 0000000000..5d0bf1aa83
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_stack.go
@@ -0,0 +1,456 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/opsworks"
+)
+
+func resourceAwsOpsworksStack() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsOpsworksStackCreate,
+		Read:   resourceAwsOpsworksStackRead,
+		Update: resourceAwsOpsworksStackUpdate,
+		Delete: resourceAwsOpsworksStackDelete,
+
+		Schema: map[string]*schema.Schema{
+			"id": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"region": &schema.Schema{
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Required: true,
+			},
+
+			"service_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"default_instance_profile_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"color": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"configuration_manager_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "Chef",
+			},
+
+			"configuration_manager_version": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "11.4",
+			},
+
+			"manage_berkshelf": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+
+			"berkshelf_version": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "3.2.0",
+			},
+
+			"custom_cookbooks_source": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"type": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"url": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"username": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"password": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"revision": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"ssh_key": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
+
+			"custom_json": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"default_availability_zone": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+
+			"default_os": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "Ubuntu 12.04 LTS",
+			},
+
+			"default_root_device_type": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "instance-store",
+			},
+
+			"default_ssh_key_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"default_subnet_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"hostname_theme": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "Layer_Dependent",
+			},
+
+			"use_custom_cookbooks": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+
+			"use_opsworks_security_groups": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
+			"vpc_id": &schema.Schema{
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Optional: true,
+			},
+		},
+	}
+}
+
+func resourceAwsOpsworksStackValidate(d *schema.ResourceData) error {
+	cookbooksSourceCount := d.Get("custom_cookbooks_source.#").(int)
+	if cookbooksSourceCount > 1 {
+		return fmt.Errorf("Only one custom_cookbooks_source is permitted")
+	}
+
+	vpcId := d.Get("vpc_id").(string)
+	if vpcId != "" {
+		if d.Get("default_subnet_id").(string) == "" {
+			return fmt.Errorf("default_subnet_id must be set if vpc_id is set")
+		}
+	} else {
+		if d.Get("default_availability_zone").(string) == "" {
+			return fmt.Errorf("either vpc_id or default_availability_zone must be set")
+		}
+	}
+
+	return nil
+}
+
+func resourceAwsOpsworksStackCustomCookbooksSource(d *schema.ResourceData) *opsworks.Source {
+	count := d.Get("custom_cookbooks_source.#").(int)
+	if count == 0 {
+		return nil
+	}
+
+	return &opsworks.Source{
+		Type:     aws.String(d.Get("custom_cookbooks_source.0.type").(string)),
+		Url:      aws.String(d.Get("custom_cookbooks_source.0.url").(string)),
+		Username: aws.String(d.Get("custom_cookbooks_source.0.username").(string)),
+		Password: aws.String(d.Get("custom_cookbooks_source.0.password").(string)),
+		Revision: aws.String(d.Get("custom_cookbooks_source.0.revision").(string)),
+		SshKey:   aws.String(d.Get("custom_cookbooks_source.0.ssh_key").(string)),
+	}
+}
+
+func resourceAwsOpsworksSetStackCustomCookbooksSource(d *schema.ResourceData, v *opsworks.Source) {
+	nv := make([]interface{}, 0, 1)
+	if v != nil {
+		m := make(map[string]interface{})
+		if v.Type != nil {
+			m["type"] = *v.Type
+		}
+		if v.Url != nil {
+			m["url"] = *v.Url
+		}
+		if v.Username != nil {
+			m["username"] = *v.Username
+		}
+		if v.Password != nil {
+			m["password"] = *v.Password
+		}
+		if v.Revision != nil {
+			m["revision"] = *v.Revision
+		}
+		if v.SshKey != nil {
+			m["ssh_key"] = *v.SshKey
+		}
+		nv = append(nv, m)
+	}
+
+	err := d.Set("custom_cookbooks_source", nv)
+	if err != nil {
+		// should never happen
+		panic(err)
+	}
+}
+
+func resourceAwsOpsworksStackRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*AWSClient).opsworksconn
+
+	req := &opsworks.DescribeStacksInput{
+		StackIds: []*string{
+			aws.String(d.Id()),
+		},
+	}
+
+	log.Printf("[DEBUG] Reading OpsWorks stack: %s", d.Id())
+
+	resp, err := client.DescribeStacks(req)
+	if err != nil {
+		if awserr, ok := err.(awserr.Error); ok {
+			if awserr.Code() == "ResourceNotFoundException" {
+				d.SetId("")
+				return nil
+			}
+		}
+		return err
+	}
+
+	stack := resp.Stacks[0]
+	d.Set("name", stack.Name)
+	d.Set("region", stack.Region)
+	d.Set("default_instance_profile_arn", stack.DefaultInstanceProfileArn)
+	d.Set("service_role_arn", stack.ServiceRoleArn)
+	d.Set("default_availability_zone", stack.DefaultAvailabilityZone)
+	d.Set("default_os", stack.DefaultOs)
+	d.Set("default_root_device_type", stack.DefaultRootDeviceType)
+	d.Set("default_ssh_key_name", stack.DefaultSshKeyName)
+	d.Set("default_subnet_id", stack.DefaultSubnetId)
+	d.Set("hostname_theme", stack.HostnameTheme)
+	d.Set("use_custom_cookbooks", stack.UseCustomCookbooks)
+	d.Set("use_opsworks_security_groups", stack.UseOpsworksSecurityGroups)
+	d.Set("vpc_id", stack.VpcId)
+	if color, ok := stack.Attributes["Color"]; ok {
+		d.Set("color", color)
+	}
+	if stack.ConfigurationManager != nil {
+		d.Set("configuration_manager_name", stack.ConfigurationManager.Name)
+		d.Set("configuration_manager_version", stack.ConfigurationManager.Version)
+	}
+	if stack.ChefConfiguration != nil {
+		d.Set("berkshelf_version", stack.ChefConfiguration.BerkshelfVersion)
+		d.Set("manage_berkshelf", stack.ChefConfiguration.ManageBerkshelf)
+	}
+	resourceAwsOpsworksSetStackCustomCookbooksSource(d, stack.CustomCookbooksSource)
+
+	return nil
+}
+
+func resourceAwsOpsworksStackCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*AWSClient).opsworksconn
+
+	err := resourceAwsOpsworksStackValidate(d)
+	if err != nil {
+		return err
+	}
+
+	req := &opsworks.CreateStackInput{
+		DefaultInstanceProfileArn: aws.String(d.Get("default_instance_profile_arn").(string)),
+		Name:                    aws.String(d.Get("name").(string)),
+		Region:                  aws.String(d.Get("region").(string)),
+		ServiceRoleArn:          aws.String(d.Get("service_role_arn").(string)),
+	}
+	inVpc := false
+	if vpcId, ok := d.GetOk("vpc_id"); ok {
+		req.VpcId = aws.String(vpcId.(string))
+		inVpc = true
+	}
+	if defaultSubnetId, ok := d.GetOk("default_subnet_id"); ok {
+		req.DefaultSubnetId = aws.String(defaultSubnetId.(string))
+	}
+	if defaultAvailabilityZone, ok := d.GetOk("default_availability_zone"); ok {
+		req.DefaultAvailabilityZone = aws.String(defaultAvailabilityZone.(string))
+	}
+
+	log.Printf("[DEBUG] Creating OpsWorks stack: %s", *req.Name)
+
+	var resp *opsworks.CreateStackOutput
+	err = resource.Retry(20*time.Minute, func() error {
+		var cerr error
+		resp, cerr = client.CreateStack(req)
+		if cerr != nil {
+			if opserr, ok := cerr.(awserr.Error); ok {
+				// If Terraform is also managing the service IAM role,
+				// it may have just been created and not yet be
+				// propagated.
+				// AWS doesn't provide a machine-readable code for this
+				// specific error, so we're forced to do fragile message
+				// matching.
+				// The full error we're looking for looks something like
+				// the following:
+				// Service Role Arn: [...] is not yet propagated, please try again in a couple of minutes
+				if opserr.Code() == "ValidationException" && strings.Contains(opserr.Message(), "not yet propagated") {
+					log.Printf("[INFO] Waiting for service IAM role to propagate")
+					return cerr
+				}
+			}
+			return resource.RetryError{Err: cerr}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	stackId := *resp.StackId
+	d.SetId(stackId)
+	d.Set("id", stackId)
+
+	if inVpc {
+		// For VPC-based stacks, OpsWorks asynchronously creates some default
+		// security groups which must exist before layers can be created.
+		// Unfortunately it doesn't tell us what the ids of these are, so
+		// we can't actually check for them. Instead, we just wait a nominal
+		// amount of time for their creation to complete.
+		log.Print("[INFO] Waiting for OpsWorks built-in security groups to be created")
+		time.Sleep(30 * time.Second)
+	}
+
+	return resourceAwsOpsworksStackUpdate(d, meta)
+}
+
+func resourceAwsOpsworksStackUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*AWSClient).opsworksconn
+
+	err := resourceAwsOpsworksStackValidate(d)
+	if err != nil {
+		return err
+	}
+
+	req := &opsworks.UpdateStackInput{
+		CustomJson:                aws.String(d.Get("custom_json").(string)),
+		DefaultInstanceProfileArn: aws.String(d.Get("default_instance_profile_arn").(string)),
+		DefaultRootDeviceType:     aws.String(d.Get("default_root_device_type").(string)),
+		DefaultSshKeyName:         aws.String(d.Get("default_ssh_key_name").(string)),
+		Name:                      aws.String(d.Get("name").(string)),
+		ServiceRoleArn:            aws.String(d.Get("service_role_arn").(string)),
+		StackId:                   aws.String(d.Id()),
+		UseCustomCookbooks:        aws.Bool(d.Get("use_custom_cookbooks").(bool)),
+		UseOpsworksSecurityGroups: aws.Bool(d.Get("use_opsworks_security_groups").(bool)),
+		Attributes:                make(map[string]*string),
+		CustomCookbooksSource:     resourceAwsOpsworksStackCustomCookbooksSource(d),
+	}
+	if v, ok := d.GetOk("default_os"); ok {
+		req.DefaultOs = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("default_subnet_id"); ok {
+		req.DefaultSubnetId = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("default_availability_zone"); ok {
+		req.DefaultAvailabilityZone = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("hostname_theme"); ok {
+		req.HostnameTheme = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("color"); ok {
+		req.Attributes["Color"] = aws.String(v.(string))
+	}
+	req.ChefConfiguration = &opsworks.ChefConfiguration{
+		BerkshelfVersion: aws.String(d.Get("berkshelf_version").(string)),
+		ManageBerkshelf:  aws.Bool(d.Get("manage_berkshelf").(bool)),
+	}
+	req.ConfigurationManager = &opsworks.StackConfigurationManager{
+		Name:    aws.String(d.Get("configuration_manager_name").(string)),
+		Version: aws.String(d.Get("configuration_manager_version").(string)),
+	}
+
+	log.Printf("[DEBUG] Updating OpsWorks stack: %s", d.Id())
+
+	_, err = client.UpdateStack(req)
+	if err != nil {
+		return err
+	}
+
+	return resourceAwsOpsworksStackRead(d, meta)
+}
+
+func resourceAwsOpsworksStackDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*AWSClient).opsworksconn
+
+	req := &opsworks.DeleteStackInput{
+		StackId: aws.String(d.Id()),
+	}
+
+	log.Printf("[DEBUG] Deleting OpsWorks stack: %s", d.Id())
+
+	_, err := client.DeleteStack(req)
+	if err != nil {
+		return err
+	}
+
+	// For a stack in a VPC, OpsWorks has created some default security groups
+	// in the VPC, which it will now delete.
+	// Unfortunately, the security groups are deleted asynchronously and there
+	// is no robust way for us to determine when it is done. The VPC itself
+	// isn't deletable until the security groups are cleaned up, so this could
+	// make 'terraform destroy' fail if the VPC is also managed and we don't
+	// wait for the security groups to be deleted.
+	// There is no robust way to check for this, so we'll just wait a
+	// nominal amount of time.
+	if _, ok := d.GetOk("vpc_id"); ok {
+		log.Print("[INFO] Waiting for Opsworks built-in security groups to be deleted")
+		time.Sleep(30 * time.Second)
+	}
+
+	return nil
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_stack_test.go b/builtin/providers/aws/resource_aws_opsworks_stack_test.go
new file mode 100644
index 0000000000..b740b6a20d
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_stack_test.go
@@ -0,0 +1,353 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/aws/aws-sdk-go/service/opsworks"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// These tests assume the existence of predefined Opsworks IAM roles named `aws-opsworks-ec2-role`
+// and `aws-opsworks-service-role`.
+
+///////////////////////////////
+//// Tests for the No-VPC case
+///////////////////////////////
+
+var testAccAwsOpsworksStackConfigNoVpcCreate = `
+resource "aws_opsworks_stack" "tf-acc" {
+  name = "tf-opsworks-acc"
+  region = "us-west-2"
+  service_role_arn = "%s"
+  default_instance_profile_arn = "%s"
+  default_availability_zone = "us-west-2a"
+  default_os = "Amazon Linux 2014.09"
+  default_root_device_type = "ebs"
+  custom_json = "{\"key\": \"value\"}"
+  configuration_manager_version = "11.10"
+  use_opsworks_security_groups = false
+}
+`
+var testAccAWSOpsworksStackConfigNoVpcUpdate = `
+resource "aws_opsworks_stack" "tf-acc" {
+  name = "tf-opsworks-acc"
+  region = "us-west-2"
+  service_role_arn = "%s"
+  default_instance_profile_arn = "%s"
+  default_availability_zone = "us-west-2a"
+  default_os = "Amazon Linux 2014.09"
+  default_root_device_type = "ebs"
+  custom_json = "{\"key\": \"value\"}"
+  configuration_manager_version = "11.10"
+  use_opsworks_security_groups = false
+  use_custom_cookbooks = true
+  manage_berkshelf = true
+  custom_cookbooks_source {
+    type = "git"
+    revision = "master"
+    url = "https://github.com/awslabs/opsworks-example-cookbooks.git"
+  }
+}
+`
+
+func TestAccAwsOpsworksStackNoVpc(t *testing.T) {
+	opsiam := testAccAwsOpsworksStackIam{}
+	testAccAwsOpsworksStackPopulateIam(t, &opsiam)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsOpsworksStackDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: fmt.Sprintf(testAccAwsOpsworksStackConfigNoVpcCreate, opsiam.ServiceRoleArn, opsiam.InstanceProfileArn),
+				Check:  testAccAwsOpsworksStackCheckResourceAttrsCreate,
+			},
+			resource.TestStep{
+				Config: fmt.Sprintf(testAccAWSOpsworksStackConfigNoVpcUpdate, opsiam.ServiceRoleArn, opsiam.InstanceProfileArn),
+				Check:  testAccAwsOpsworksStackCheckResourceAttrsUpdate,
+			},
+		},
+	})
+}
+
+////////////////////////////
+//// Tests for the VPC case
+////////////////////////////
+
+var testAccAwsOpsworksStackConfigVpcCreate = `
+resource "aws_vpc" "tf-acc" {
+  cidr_block = "10.3.5.0/24"
+}
+resource "aws_subnet" "tf-acc" {
+  vpc_id = "${aws_vpc.tf-acc.id}"
+  cidr_block = "${aws_vpc.tf-acc.cidr_block}"
+  availability_zone = "us-west-2a"
+}
+resource "aws_opsworks_stack" "tf-acc" {
+  name = "tf-opsworks-acc"
+  region = "us-west-2"
+  vpc_id = "${aws_vpc.tf-acc.id}"
+  default_subnet_id = "${aws_subnet.tf-acc.id}"
+  service_role_arn = "%s"
+  default_instance_profile_arn = "%s"
+  default_os = "Amazon Linux 2014.09"
+  default_root_device_type = "ebs"
+  custom_json = "{\"key\": \"value\"}"
+  configuration_manager_version = "11.10"
+  use_opsworks_security_groups = false
+}
+`
+
+var testAccAWSOpsworksStackConfigVpcUpdate = `
+resource "aws_vpc" "tf-acc" {
+  cidr_block = "10.3.5.0/24"
+}
+resource "aws_subnet" "tf-acc" {
+  vpc_id = "${aws_vpc.tf-acc.id}"
+  cidr_block = "${aws_vpc.tf-acc.cidr_block}"
+  availability_zone = "us-west-2a"
+}
+resource "aws_opsworks_stack" "tf-acc" {
+  name = "tf-opsworks-acc"
+  region = "us-west-2"
+  vpc_id = "${aws_vpc.tf-acc.id}"
+  default_subnet_id = "${aws_subnet.tf-acc.id}"
+  service_role_arn = "%s"
+  default_instance_profile_arn = "%s"
+  default_os = "Amazon Linux 2014.09"
+  default_root_device_type = "ebs"
+  custom_json = "{\"key\": \"value\"}"
+  configuration_manager_version = "11.10"
+  use_opsworks_security_groups = false
+  use_custom_cookbooks = true
+  manage_berkshelf = true
+  custom_cookbooks_source {
+    type = "git"
+    revision = "master"
+    url = "https://github.com/awslabs/opsworks-example-cookbooks.git"
+  }
+}
+`
+
+func TestAccAwsOpsworksStackVpc(t *testing.T) {
+	opsiam := testAccAwsOpsworksStackIam{}
+	testAccAwsOpsworksStackPopulateIam(t, &opsiam)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsOpsworksStackDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: fmt.Sprintf(testAccAwsOpsworksStackConfigVpcCreate, opsiam.ServiceRoleArn, opsiam.InstanceProfileArn),
+				Check:  testAccAwsOpsworksStackCheckResourceAttrsCreate,
+			},
+			resource.TestStep{
+				Config: fmt.Sprintf(testAccAWSOpsworksStackConfigVpcUpdate, opsiam.ServiceRoleArn, opsiam.InstanceProfileArn),
+				Check: resource.ComposeTestCheckFunc(
+					testAccAwsOpsworksStackCheckResourceAttrsUpdate,
+					testAccAwsOpsworksCheckVpc,
+				),
+			},
+		},
+	})
+}
+
+////////////////////////////
+//// Checkers and Utilities
+////////////////////////////
+
+var testAccAwsOpsworksStackCheckResourceAttrsCreate = resource.ComposeTestCheckFunc(
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"name",
+		"tf-opsworks-acc",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"default_availability_zone",
+		"us-west-2a",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"default_os",
+		"Amazon Linux 2014.09",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"default_root_device_type",
+		"ebs",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"custom_json",
+		`{"key": "value"}`,
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"configuration_manager_version",
+		"11.10",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"use_opsworks_security_groups",
+		"false",
+	),
+)
+
+var testAccAwsOpsworksStackCheckResourceAttrsUpdate = resource.ComposeTestCheckFunc(
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"name",
+		"tf-opsworks-acc",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"default_availability_zone",
+		"us-west-2a",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"default_os",
+		"Amazon Linux 2014.09",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"default_root_device_type",
+		"ebs",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"custom_json",
+		`{"key": "value"}`,
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"configuration_manager_version",
+		"11.10",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"use_opsworks_security_groups",
+		"false",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"use_custom_cookbooks",
+		"true",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"manage_berkshelf",
+		"true",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"custom_cookbooks_source.0.type",
+		"git",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"custom_cookbooks_source.0.revision",
+		"master",
+	),
+	resource.TestCheckResourceAttr(
+		"aws_opsworks_stack.tf-acc",
+		"custom_cookbooks_source.0.url",
+		"https://github.com/awslabs/opsworks-example-cookbooks.git",
+	),
+)
+
+func testAccAwsOpsworksCheckVpc(s *terraform.State) error {
+	rs, ok := s.RootModule().Resources["aws_opsworks_stack.tf-acc"]
+	if !ok {
+		return fmt.Errorf("Not found: %s", "aws_opsworks_stack.tf-acc")
+	}
+	if rs.Primary.ID == "" {
+		return fmt.Errorf("No ID is set")
+	}
+
+	p := rs.Primary
+
+	opsworksconn := testAccProvider.Meta().(*AWSClient).opsworksconn
+	describeOpts := &opsworks.DescribeStacksInput{
+		StackIds: []*string{aws.String(p.ID)},
+	}
+	resp, err := opsworksconn.DescribeStacks(describeOpts)
+	if err != nil {
+		return err
+	}
+	if len(resp.Stacks) == 0 {
+		return fmt.Errorf("No stack %s not found", p.ID)
+	}
+	if p.Attributes["vpc_id"] != *resp.Stacks[0].VpcId {
+		return fmt.Errorf("VPCID Got %s, expected %s", *resp.Stacks[0].VpcId, p.Attributes["vpc_id"])
+	}
+	if p.Attributes["default_subnet_id"] != *resp.Stacks[0].DefaultSubnetId {
+		return fmt.Errorf("VPCID Got %s, expected %s", *resp.Stacks[0].DefaultSubnetId, p.Attributes["default_subnet_id"])
+	}
+	return nil
+}
+
+func testAccCheckAwsOpsworksStackDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+// Holds the two IAM object ARNs used in stack objects we'll create.
+type testAccAwsOpsworksStackIam struct {
+	ServiceRoleArn     string
+	InstanceProfileArn string
+}
+
+func testAccAwsOpsworksStackPopulateIam(t *testing.T, opsiam *testAccAwsOpsworksStackIam) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccInstanceConfig_pre, // noop
+				Check:  testAccCheckAwsOpsworksEnsureIam(t, opsiam),
+			},
+		},
+	})
+}
+
+func testAccCheckAwsOpsworksEnsureIam(t *testing.T, opsiam *testAccAwsOpsworksStackIam) func(*terraform.State) error {
+	return func(_ *terraform.State) error {
+		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
+
+		serviceRoleOpts := &iam.GetRoleInput{
+			RoleName: aws.String("aws-opsworks-service-role"),
+		}
+		respServiceRole, err := iamconn.GetRole(serviceRoleOpts)
+		if err != nil {
+			return err
+		}
+
+		instanceProfileOpts := &iam.GetInstanceProfileInput{
+			InstanceProfileName: aws.String("aws-opsworks-ec2-role"),
+		}
+		respInstanceProfile, err := iamconn.GetInstanceProfile(instanceProfileOpts)
+		if err != nil {
+			return err
+		}
+
+		opsiam.ServiceRoleArn = *respServiceRole.Role.Arn
+		opsiam.InstanceProfileArn = *respInstanceProfile.InstanceProfile.Arn
+
+		t.Logf("[DEBUG] ServiceRoleARN for OpsWorks: %s", opsiam.ServiceRoleArn)
+		t.Logf("[DEBUG] Instance Profile ARN for OpsWorks: %s", opsiam.InstanceProfileArn)
+
+		return nil
+
+	}
+}
diff --git a/website/source/docs/providers/aws/r/opsworks_stack.html.markdown b/website/source/docs/providers/aws/r/opsworks_stack.html.markdown
new file mode 100644
index 0000000000..d664ca1a95
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_stack.html.markdown
@@ -0,0 +1,68 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_stack"
+sidebar_current: "docs-aws-resource-opsworks-stack"
+description: |-
+  Provides an OpsWorks stack resource.
+---
+
+# aws\_opsworks\_stack
+
+Provides an OpsWorks stack resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_stack" "main" {
+    name = "awesome-stack"
+    region = "us-west-1"
+    service_role_arn = "${aws_iam_role.opsworks.arn}"
+    default_instance_profile_arn = "${aws_iam_instance_profile.opsworks.arn}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the stack.
+* `region` - (Required) The name of the region where the stack will exist.
+* `service_role_arn` - (Required) The ARN of an IAM role that the OpsWorks service will act as.
+* `default_instance_profile_arn` - (Required) The ARN of an IAM Instance Profile that created instances
+  will have by default.
+* `berkshelf_version` - (Optional) If `manage_berkshelf` is enabled, the version of Berkshelf to use.
+* `color` - (Optional) Color to paint next to the stack's resources in the OpsWorks console.
+* `default_availability_zone` - (Optional) Name of the availability zone where instances will be created
+  by default. This is required unless you set `vpc_id`.
+* `configuration_manager_name` - (Optional) Name of the configuration manager to use. Defaults to "Chef".
+* `configuration_manager_version` - (Optional) Version of the configuratino manager to use. Defaults to "11.4".
+* `custom_cookbooks_source` - (Optional) When `use_custom_cookbooks` is set, provide this sub-object as
+  described below.
+* `default_os` - (Optional) Name of OS that will be installed on instances by default.
+* `default_root_device_type` - (Optional) Name of the type of root device instances will have by default.
+* `default_ssh_key_name` - (Optional) Name of the SSH keypair that instances will have by default.
+* `default_subnet_id` - (Optional) Id of the subnet in which instances will be created by default. Mandatory
+  if `vpc_id` is set, and forbidden if it isn't.
+* `hostname_theme` - (Optional) Keyword representing the naming scheme that will be used for instance hostnames
+  within this stack.
+* `manage_berkshelf` - (Optional) Boolean value controlling whether Opsworks will run Berkshelf for this stack.
+* `use_custom_cookbooks` - (Optional) Boolean value controlling whether the custom cookbook settings are
+  enabled.
+* `use_opsworks_security_groups` - (Optional) Boolean value controlling whether the standard OpsWorks
+  security groups apply to created instances.
+* `vpc_id` - (Optional) The id of the VPC that this stack belongs to.
+
+The `custom_cookbooks_source` block supports the following arguments:
+
+* `type` - (Required) The type of source to use. For example, "archive".
+* `url` - (Required) The URL where the cookbooks resource can be found.
+* `username` - (Optional) Username to use when authenticating to the source.
+* `password` - (Optional) Password to use when authenticating to the source.
+* `ssh_key` - (Optional) SSH key to use when authenticating to the source.
+* `revision` - (Optional) For sources that are version-aware, the revision to use.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the stack.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 08161f0b82..3996f817c4 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -259,6 +259,10 @@
                     <a href="#">OpsWorks Resources</a>
                     <ul class="nav nav-visible">
 
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-stack") %>>
+                            <a href="/docs/providers/aws/r/opsworks_stack.html">aws_opsworks_stack</a>
+                        </li>
+
                     </ul>
                 </li>
 

From 6c715040739e0fb5513d541ef6f0f47ebf955866 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 31 May 2015 22:07:32 -0700
Subject: [PATCH 120/335] Various AWS OpsWorks layer resource types.

A "Layer" is a particular service that forms part of the infrastructure for
a set of applications. Some layers are application servers and others are
pure infrastructure, like MySQL servers or load balancers.

Although the AWS API only has one type called "Layer", it actually has
a number of different "soft" types that each have slightly different
validation rules and extra properties that are packed into the Attributes
map.

To make the validation rule differences explicit in Terraform, and to make
the Terraform structure more closely resemble the OpsWorks UI than its
API, we use a separate resource type per layer type, with the common code
factored out into a shared struct type.
---
 builtin/providers/aws/conversions.go          |  33 ++
 builtin/providers/aws/opsworks_layers.go      | 558 ++++++++++++++++++
 builtin/providers/aws/provider.go             |  10 +
 .../aws/resource_aws_opsworks_custom_layer.go |  17 +
 ...resource_aws_opsworks_custom_layer_test.go | 234 ++++++++
 .../resource_aws_opsworks_ganglia_layer.go    |  33 ++
 .../resource_aws_opsworks_haproxy_layer.go    |  48 ++
 .../resource_aws_opsworks_java_app_layer.go   |  42 ++
 .../resource_aws_opsworks_memcached_layer.go  |  22 +
 .../aws/resource_aws_opsworks_mysql_layer.go  |  27 +
 .../resource_aws_opsworks_nodejs_app_layer.go |  22 +
 .../resource_aws_opsworks_php_app_layer.go    |  16 +
 .../resource_aws_opsworks_rails_app_layer.go  |  47 ++
 .../resource_aws_opsworks_static_web_layer.go |  16 +
 .../aws/r/opsworks_custom_layer.html.markdown |  65 ++
 .../r/opsworks_ganglia_layer.html.markdown    |  66 +++
 .../r/opsworks_haproxy_layer.html.markdown    |  69 +++
 .../r/opsworks_java_app_layer.html.markdown   |  67 +++
 .../r/opsworks_memcached_layer.html.markdown  |  63 ++
 .../aws/r/opsworks_mysql_layer.html.markdown  |  64 ++
 .../r/opsworks_nodejs_app_layer.html.markdown |  63 ++
 .../r/opsworks_php_app_layer.html.markdown    |  62 ++
 .../r/opsworks_rails_app_layer.html.markdown  |  68 +++
 .../r/opsworks_static_web_layer.html.markdown |  62 ++
 website/source/layouts/aws.erb                |  42 +-
 25 files changed, 1815 insertions(+), 1 deletion(-)
 create mode 100644 builtin/providers/aws/conversions.go
 create mode 100644 builtin/providers/aws/opsworks_layers.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_custom_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_custom_layer_test.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_haproxy_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_java_app_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_memcached_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_mysql_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_nodejs_app_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_php_app_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_rails_app_layer.go
 create mode 100644 builtin/providers/aws/resource_aws_opsworks_static_web_layer.go
 create mode 100644 website/source/docs/providers/aws/r/opsworks_custom_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_ganglia_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_haproxy_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_java_app_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_memcached_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_nodejs_app_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_php_app_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_rails_app_layer.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/opsworks_static_web_layer.html.markdown

diff --git a/builtin/providers/aws/conversions.go b/builtin/providers/aws/conversions.go
new file mode 100644
index 0000000000..7911237459
--- /dev/null
+++ b/builtin/providers/aws/conversions.go
@@ -0,0 +1,33 @@
+package aws
+
+import (
+	"github.com/awslabs/aws-sdk-go/aws"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func makeAwsStringList(in []interface {}) []*string {
+	ret := make([]*string, len(in), len(in))
+	for i := 0; i < len(in); i++ {
+		ret[i] = aws.String(in[i].(string))
+	}
+	return ret
+}
+
+func makeAwsStringSet(in *schema.Set) []*string {
+	inList := in.List()
+	ret := make([]*string, len(inList), len(inList))
+	for i := 0; i < len(ret); i++ {
+		ret[i] = aws.String(inList[i].(string))
+	}
+	return ret
+}
+
+func unwrapAwsStringList(in []*string) []string {
+	ret := make([]string, len(in), len(in))
+	for i := 0; i < len(in); i++ {
+		if in[i] != nil {
+			ret[i] = *(in[i])
+		}
+	}
+	return ret
+}
diff --git a/builtin/providers/aws/opsworks_layers.go b/builtin/providers/aws/opsworks_layers.go
new file mode 100644
index 0000000000..4ad9382eb0
--- /dev/null
+++ b/builtin/providers/aws/opsworks_layers.go
@@ -0,0 +1,558 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"strconv"
+
+	"github.com/hashicorp/terraform/helper/hashcode"
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/opsworks"
+)
+
+// OpsWorks has a single concept of "layer" which represents several different
+// layer types. The differences between these are in some extra properties that
+// get packed into an "Attributes" map, but in the OpsWorks UI these are presented
+// as first-class options, and so Terraform prefers to expose them this way and
+// hide the implementation detail that they are all packed into a single type
+// in the underlying API.
+//
+// This file contains utilities that are shared between all of the concrete
+// layer resource types, which have names matching aws_opsworks_*_layer .
+
+type opsworksLayerTypeAttribute struct {
+	AttrName  string
+	Type      schema.ValueType
+	Default   interface{}
+	Required  bool
+	WriteOnly bool
+}
+
+type opsworksLayerType struct {
+	TypeName         string
+	DefaultLayerName string
+	Attributes       map[string]*opsworksLayerTypeAttribute
+	CustomShortName  bool
+}
+
+var (
+	opsworksTrueString  = "1"
+	opsworksFalseString = "0"
+)
+
+func (lt *opsworksLayerType) SchemaResource() *schema.Resource {
+	resourceSchema := map[string]*schema.Schema{
+		"id": &schema.Schema{
+			Type:     schema.TypeString,
+			Computed: true,
+		},
+
+		"auto_assign_elastic_ips": &schema.Schema{
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  false,
+		},
+
+		"auto_assign_public_ips": &schema.Schema{
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  false,
+		},
+
+		"custom_instance_profile_arn": &schema.Schema{
+			Type:     schema.TypeString,
+			Optional: true,
+		},
+
+		"custom_setup_recipes": &schema.Schema{
+			Type:     schema.TypeList,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+		},
+
+		"custom_configure_recipes": &schema.Schema{
+			Type:     schema.TypeList,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+		},
+
+		"custom_deploy_recipes": &schema.Schema{
+			Type:     schema.TypeList,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+		},
+
+		"custom_undeploy_recipes": &schema.Schema{
+			Type:     schema.TypeList,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+		},
+
+		"custom_shutdown_recipes": &schema.Schema{
+			Type:     schema.TypeList,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+		},
+
+		"custom_security_group_ids": &schema.Schema{
+			Type:     schema.TypeSet,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+			Set:      schema.HashString,
+		},
+
+		"auto_healing": &schema.Schema{
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  true,
+		},
+
+		"install_updates_on_boot": &schema.Schema{
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  true,
+		},
+
+		"instance_shutdown_timeout": &schema.Schema{
+			Type:     schema.TypeInt,
+			Optional: true,
+			Default:  120,
+		},
+
+		"drain_elb_on_shutdown": &schema.Schema{
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  true,
+		},
+
+		"system_packages": &schema.Schema{
+			Type:     schema.TypeSet,
+			Optional: true,
+			Elem:     &schema.Schema{Type: schema.TypeString},
+			Set:      schema.HashString,
+		},
+
+		"stack_id": &schema.Schema{
+			Type:     schema.TypeString,
+			ForceNew: true,
+			Required: true,
+		},
+
+		"use_ebs_optimized_instances": &schema.Schema{
+			Type:     schema.TypeBool,
+			Optional: true,
+			Default:  false,
+		},
+
+		"ebs_volume": &schema.Schema{
+			Type:     schema.TypeSet,
+			Optional: true,
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+
+					"iops": &schema.Schema{
+						Type:     schema.TypeInt,
+						Optional: true,
+						Default:  0,
+					},
+
+					"mount_point": &schema.Schema{
+						Type:     schema.TypeString,
+						Required: true,
+					},
+
+					"number_of_disks": &schema.Schema{
+						Type:     schema.TypeInt,
+						Required: true,
+					},
+
+					"raid_level": &schema.Schema{
+						Type:     schema.TypeString,
+						Optional: true,
+						Default:  "",
+					},
+
+					"size": &schema.Schema{
+						Type:     schema.TypeInt,
+						Required: true,
+					},
+
+					"type": &schema.Schema{
+						Type:     schema.TypeString,
+						Optional: true,
+						Default:  "standard",
+					},
+				},
+			},
+			Set: func(v interface{}) int {
+				m := v.(map[string]interface{})
+				return hashcode.String(m["mount_point"].(string))
+			},
+		},
+	}
+
+	if lt.CustomShortName {
+		resourceSchema["short_name"] = &schema.Schema{
+			Type:     schema.TypeString,
+			Required: true,
+		}
+	}
+
+	if lt.DefaultLayerName != "" {
+		resourceSchema["name"] = &schema.Schema{
+			Type:     schema.TypeString,
+			Optional: true,
+			Default:  lt.DefaultLayerName,
+		}
+	} else {
+		resourceSchema["name"] = &schema.Schema{
+			Type:     schema.TypeString,
+			Required: true,
+		}
+	}
+
+	for key, def := range lt.Attributes {
+		resourceSchema[key] = &schema.Schema{
+			Type:     def.Type,
+			Default:  def.Default,
+			Required: def.Required,
+			Optional: !def.Required,
+		}
+	}
+
+	return &schema.Resource{
+		Read: func(d *schema.ResourceData, meta interface{}) error {
+			client := meta.(*AWSClient).opsworksconn
+			return lt.Read(d, client)
+		},
+		Create: func(d *schema.ResourceData, meta interface{}) error {
+			client := meta.(*AWSClient).opsworksconn
+			return lt.Create(d, client)
+		},
+		Update: func(d *schema.ResourceData, meta interface{}) error {
+			client := meta.(*AWSClient).opsworksconn
+			return lt.Update(d, client)
+		},
+		Delete: func(d *schema.ResourceData, meta interface{}) error {
+			client := meta.(*AWSClient).opsworksconn
+			return lt.Delete(d, client)
+		},
+
+		Schema: resourceSchema,
+	}
+}
+
+func (lt *opsworksLayerType) Read(d *schema.ResourceData, client *opsworks.OpsWorks) error {
+
+	req := &opsworks.DescribeLayersInput{
+		LayerIds: []*string{
+			aws.String(d.Id()),
+		},
+	}
+
+	log.Printf("[DEBUG] Reading OpsWorks layer: %s", d.Id())
+
+	resp, err := client.DescribeLayers(req)
+	if err != nil {
+		if awserr, ok := err.(awserr.Error); ok {
+			if awserr.Code() == "ResourceNotFoundException" {
+				d.SetId("")
+				return nil
+			}
+		}
+		return err
+	}
+
+	layer := resp.Layers[0]
+	d.Set("id", layer.LayerId)
+	d.Set("auto_assign_elastic_ips", layer.AutoAssignElasticIps)
+	d.Set("auto_assign_public_ips", layer.AutoAssignPublicIps)
+	d.Set("custom_instance_profile_arn", layer.CustomInstanceProfileArn)
+	d.Set("custom_security_group_ids", unwrapAwsStringList(layer.CustomSecurityGroupIds))
+	d.Set("auto_healing", layer.EnableAutoHealing)
+	d.Set("install_updates_on_boot", layer.InstallUpdatesOnBoot)
+	d.Set("name", layer.Name)
+	d.Set("system_packages", unwrapAwsStringList(layer.Packages))
+	d.Set("stack_id", layer.StackId)
+	d.Set("use_ebs_optimized_instances", layer.UseEbsOptimizedInstances)
+
+	if lt.CustomShortName {
+		d.Set("short_name", layer.Shortname)
+	}
+
+	lt.SetAttributeMap(d, layer.Attributes)
+	lt.SetLifecycleEventConfiguration(d, layer.LifecycleEventConfiguration)
+	lt.SetCustomRecipes(d, layer.CustomRecipes)
+	lt.SetVolumeConfigurations(d, layer.VolumeConfigurations)
+
+	return nil
+}
+
+func (lt *opsworksLayerType) Create(d *schema.ResourceData, client *opsworks.OpsWorks) error {
+
+	req := &opsworks.CreateLayerInput{
+		AutoAssignElasticIps:        aws.Bool(d.Get("auto_assign_elastic_ips").(bool)),
+		AutoAssignPublicIps:         aws.Bool(d.Get("auto_assign_public_ips").(bool)),
+		CustomInstanceProfileArn:    aws.String(d.Get("custom_instance_profile_arn").(string)),
+		CustomRecipes:               lt.CustomRecipes(d),
+		CustomSecurityGroupIds:      makeAwsStringSet(d.Get("custom_security_group_ids").(*schema.Set)),
+		EnableAutoHealing:           aws.Bool(d.Get("auto_healing").(bool)),
+		InstallUpdatesOnBoot:        aws.Bool(d.Get("install_updates_on_boot").(bool)),
+		LifecycleEventConfiguration: lt.LifecycleEventConfiguration(d),
+		Name:                     aws.String(d.Get("name").(string)),
+		Packages:                 makeAwsStringSet(d.Get("system_packages").(*schema.Set)),
+		Type:                     aws.String(lt.TypeName),
+		StackId:                  aws.String(d.Get("stack_id").(string)),
+		UseEbsOptimizedInstances: aws.Bool(d.Get("use_ebs_optimized_instances").(bool)),
+		Attributes:               lt.AttributeMap(d),
+		VolumeConfigurations:     lt.VolumeConfigurations(d),
+	}
+
+	if lt.CustomShortName {
+		req.Shortname = aws.String(d.Get("short_name").(string))
+	} else {
+		req.Shortname = aws.String(lt.TypeName)
+	}
+
+	log.Printf("[DEBUG] Creating OpsWorks layer: %s", d.Id())
+
+	resp, err := client.CreateLayer(req)
+	if err != nil {
+		return err
+	}
+
+	layerId := *resp.LayerId
+	d.SetId(layerId)
+	d.Set("id", layerId)
+
+	return lt.Read(d, client)
+}
+
+func (lt *opsworksLayerType) Update(d *schema.ResourceData, client *opsworks.OpsWorks) error {
+
+	req := &opsworks.UpdateLayerInput{
+		LayerId:                     aws.String(d.Id()),
+		AutoAssignElasticIps:        aws.Bool(d.Get("auto_assign_elastic_ips").(bool)),
+		AutoAssignPublicIps:         aws.Bool(d.Get("auto_assign_public_ips").(bool)),
+		CustomInstanceProfileArn:    aws.String(d.Get("custom_instance_profile_arn").(string)),
+		CustomRecipes:               lt.CustomRecipes(d),
+		CustomSecurityGroupIds:      makeAwsStringSet(d.Get("custom_security_group_ids").(*schema.Set)),
+		EnableAutoHealing:           aws.Bool(d.Get("auto_healing").(bool)),
+		InstallUpdatesOnBoot:        aws.Bool(d.Get("install_updates_on_boot").(bool)),
+		LifecycleEventConfiguration: lt.LifecycleEventConfiguration(d),
+		Name:                     aws.String(d.Get("name").(string)),
+		Packages:                 makeAwsStringSet(d.Get("system_packages").(*schema.Set)),
+		UseEbsOptimizedInstances: aws.Bool(d.Get("use_ebs_optimized_instances").(bool)),
+		Attributes:               lt.AttributeMap(d),
+		VolumeConfigurations:     lt.VolumeConfigurations(d),
+	}
+
+	if lt.CustomShortName {
+		req.Shortname = aws.String(d.Get("short_name").(string))
+	} else {
+		req.Shortname = aws.String(lt.TypeName)
+	}
+
+	log.Printf("[DEBUG] Updating OpsWorks layer: %s", d.Id())
+
+	_, err := client.UpdateLayer(req)
+	if err != nil {
+		return err
+	}
+
+	return lt.Read(d, client)
+}
+
+func (lt *opsworksLayerType) Delete(d *schema.ResourceData, client *opsworks.OpsWorks) error {
+	req := &opsworks.DeleteLayerInput{
+		LayerId: aws.String(d.Id()),
+	}
+
+	log.Printf("[DEBUG] Deleting OpsWorks layer: %s", d.Id())
+
+	_, err := client.DeleteLayer(req)
+	return err
+}
+
+func (lt *opsworksLayerType) AttributeMap(d *schema.ResourceData) map[string]*string {
+	attrs := map[string]*string{}
+
+	for key, def := range lt.Attributes {
+		value := d.Get(key)
+		switch def.Type {
+		case schema.TypeString:
+			strValue := value.(string)
+			attrs[def.AttrName] = &strValue
+		case schema.TypeInt:
+			intValue := value.(int)
+			strValue := strconv.Itoa(intValue)
+			attrs[def.AttrName] = &strValue
+		case schema.TypeBool:
+			boolValue := value.(bool)
+			if boolValue {
+				attrs[def.AttrName] = &opsworksTrueString
+			} else {
+				attrs[def.AttrName] = &opsworksFalseString
+			}
+		default:
+			// should never happen
+			panic(fmt.Errorf("Unsupported OpsWorks layer attribute type"))
+		}
+	}
+
+	return attrs
+}
+
+func (lt *opsworksLayerType) SetAttributeMap(d *schema.ResourceData, attrs map[string]*string) {
+	for key, def := range lt.Attributes {
+		// Ignore write-only attributes; we'll just keep what we already have stored.
+		// (The AWS API returns garbage placeholder values for these.)
+		if def.WriteOnly {
+			continue
+		}
+
+		if strPtr, ok := attrs[def.AttrName]; ok && strPtr != nil {
+			strValue := *strPtr
+
+			switch def.Type {
+			case schema.TypeString:
+				d.Set(key, strValue)
+			case schema.TypeInt:
+				intValue, err := strconv.Atoi(strValue)
+				if err == nil {
+					d.Set(key, intValue)
+				} else {
+					// Got garbage from the AWS API
+					d.Set(key, nil)
+				}
+			case schema.TypeBool:
+				boolValue := true
+				if strValue == opsworksFalseString {
+					boolValue = false
+				}
+				d.Set(key, boolValue)
+			default:
+				// should never happen
+				panic(fmt.Errorf("Unsupported OpsWorks layer attribute type"))
+			}
+			return
+
+		} else {
+			d.Set(key, nil)
+		}
+	}
+}
+
+func (lt *opsworksLayerType) LifecycleEventConfiguration(d *schema.ResourceData) *opsworks.LifecycleEventConfiguration {
+	return &opsworks.LifecycleEventConfiguration{
+		Shutdown: &opsworks.ShutdownEventConfiguration{
+			DelayUntilElbConnectionsDrained: aws.Bool(d.Get("drain_elb_on_shutdown").(bool)),
+			ExecutionTimeout:                aws.Int64(int64(d.Get("instance_shutdown_timeout").(int))),
+		},
+	}
+}
+
+func (lt *opsworksLayerType) SetLifecycleEventConfiguration(d *schema.ResourceData, v *opsworks.LifecycleEventConfiguration) {
+	if v == nil || v.Shutdown == nil {
+		d.Set("drain_elb_on_shutdown", nil)
+		d.Set("instance_shutdown_timeout", nil)
+	} else {
+		d.Set("drain_elb_on_shutdown", v.Shutdown.DelayUntilElbConnectionsDrained)
+		d.Set("instance_shutdown_timeout", v.Shutdown.ExecutionTimeout)
+	}
+}
+
+func (lt *opsworksLayerType) CustomRecipes(d *schema.ResourceData) *opsworks.Recipes {
+	return &opsworks.Recipes{
+		Configure: makeAwsStringList(d.Get("custom_configure_recipes").([]interface{})),
+		Deploy:    makeAwsStringList(d.Get("custom_deploy_recipes").([]interface{})),
+		Setup:     makeAwsStringList(d.Get("custom_setup_recipes").([]interface{})),
+		Shutdown:  makeAwsStringList(d.Get("custom_shutdown_recipes").([]interface{})),
+		Undeploy:  makeAwsStringList(d.Get("custom_undeploy_recipes").([]interface{})),
+	}
+}
+
+func (lt *opsworksLayerType) SetCustomRecipes(d *schema.ResourceData, v *opsworks.Recipes) {
+	// Null out everything first, and then we'll consider what to put back.
+	d.Set("custom_configure_recipes", nil)
+	d.Set("custom_deploy_recipes", nil)
+	d.Set("custom_setup_recipes", nil)
+	d.Set("custom_shutdown_recipes", nil)
+	d.Set("custom_undeploy_recipes", nil)
+
+	if v == nil {
+		return
+	}
+
+	d.Set("custom_configure_recipes", unwrapAwsStringList(v.Configure))
+	d.Set("custom_deploy_recipes", unwrapAwsStringList(v.Deploy))
+	d.Set("custom_setup_recipes", unwrapAwsStringList(v.Setup))
+	d.Set("custom_shutdown_recipes", unwrapAwsStringList(v.Shutdown))
+	d.Set("custom_undeploy_recipes", unwrapAwsStringList(v.Undeploy))
+}
+
+func (lt *opsworksLayerType) VolumeConfigurations(d *schema.ResourceData) []*opsworks.VolumeConfiguration {
+	configuredVolumes := d.Get("ebs_volume").(*schema.Set).List()
+	result := make([]*opsworks.VolumeConfiguration, len(configuredVolumes))
+
+	for i := 0; i < len(configuredVolumes); i++ {
+		volumeData := configuredVolumes[i].(map[string]interface{})
+
+		result[i] = &opsworks.VolumeConfiguration{
+			MountPoint:    aws.String(volumeData["mount_point"].(string)),
+			NumberOfDisks: aws.Int64(int64(volumeData["number_of_disks"].(int))),
+			Size:          aws.Int64(int64(volumeData["size"].(int))),
+			VolumeType:    aws.String(volumeData["type"].(string)),
+		}
+		iops := int64(volumeData["iops"].(int))
+		if iops != 0 {
+			result[i].Iops = aws.Int64(iops)
+		}
+
+		raidLevelStr := volumeData["raid_level"].(string)
+		if raidLevelStr != "" {
+			raidLevel, err := strconv.Atoi(raidLevelStr)
+			if err == nil {
+				result[i].RaidLevel = aws.Int64(int64(raidLevel))
+			}
+		}
+	}
+
+	return result
+}
+
+func (lt *opsworksLayerType) SetVolumeConfigurations(d *schema.ResourceData, v []*opsworks.VolumeConfiguration) {
+	newValue := make([]*map[string]interface{}, len(v))
+
+	for i := 0; i < len(v); i++ {
+		config := v[i]
+		data := make(map[string]interface{})
+		newValue[i] = &data
+
+		if config.Iops != nil {
+			data["iops"] = int(*config.Iops)
+		} else {
+			data["iops"] = 0
+		}
+		if config.MountPoint != nil {
+			data["mount_point"] = *config.MountPoint
+		}
+		if config.NumberOfDisks != nil {
+			data["number_of_disks"] = int(*config.NumberOfDisks)
+		}
+		if config.RaidLevel != nil {
+			data["raid_level"] = strconv.Itoa(int(*config.RaidLevel))
+		}
+		if config.Size != nil {
+			data["size"] = int(*config.Size)
+		}
+		if config.VolumeType != nil {
+			data["type"] = *config.VolumeType
+		}
+	}
+
+	d.Set("ebs_volume", newValue)
+}
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index cfb54f54fd..3b5aa67ad4 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -208,6 +208,16 @@ func Provider() terraform.ResourceProvider {
 			"aws_network_acl":                  resourceAwsNetworkAcl(),
 			"aws_network_interface":            resourceAwsNetworkInterface(),
 			"aws_opsworks_stack":               resourceAwsOpsworksStack(),
+			"aws_opsworks_java_app_layer":      resourceAwsOpsworksJavaAppLayer(),
+			"aws_opsworks_haproxy_layer":       resourceAwsOpsworksHaproxyLayer(),
+			"aws_opsworks_static_web_layer":    resourceAwsOpsworksStaticWebLayer(),
+			"aws_opsworks_php_app_layer":       resourceAwsOpsworksPhpAppLayer(),
+			"aws_opsworks_rails_app_layer":     resourceAwsOpsworksRailsAppLayer(),
+			"aws_opsworks_nodejs_app_layer":    resourceAwsOpsworksNodejsAppLayer(),
+			"aws_opsworks_memcached_layer":     resourceAwsOpsworksMemcachedLayer(),
+			"aws_opsworks_mysql_layer":         resourceAwsOpsworksMysqlLayer(),
+			"aws_opsworks_ganglia_layer":       resourceAwsOpsworksGangliaLayer(),
+			"aws_opsworks_custom_layer":        resourceAwsOpsworksCustomLayer(),
 			"aws_proxy_protocol_policy":        resourceAwsProxyProtocolPolicy(),
 			"aws_route53_delegation_set":       resourceAwsRoute53DelegationSet(),
 			"aws_route53_record":               resourceAwsRoute53Record(),
diff --git a/builtin/providers/aws/resource_aws_opsworks_custom_layer.go b/builtin/providers/aws/resource_aws_opsworks_custom_layer.go
new file mode 100644
index 0000000000..59de60db6a
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_custom_layer.go
@@ -0,0 +1,17 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksCustomLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:        "custom",
+		CustomShortName: true,
+
+		// The "custom" layer type has no additional attributes
+		Attributes: map[string]*opsworksLayerTypeAttribute{},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_custom_layer_test.go b/builtin/providers/aws/resource_aws_opsworks_custom_layer_test.go
new file mode 100644
index 0000000000..14a65b1061
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_custom_layer_test.go
@@ -0,0 +1,234 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// These tests assume the existence of predefined Opsworks IAM roles named `aws-opsworks-ec2-role`
+// and `aws-opsworks-service-role`.
+
+func TestAccAwsOpsworksCustomLayer(t *testing.T) {
+	opsiam := testAccAwsOpsworksStackIam{}
+	testAccAwsOpsworksStackPopulateIam(t, &opsiam)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsOpsworksCustomLayerDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: fmt.Sprintf(testAccAwsOpsworksCustomLayerConfigCreate, opsiam.ServiceRoleArn, opsiam.InstanceProfileArn),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "name", "tf-ops-acc-custom-layer",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "auto_assign_elastic_ips", "false",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "auto_healing", "true",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "drain_elb_on_shutdown", "true",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "instance_shutdown_timeout", "300",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "custom_security_group_ids.#", "2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.#", "2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.1368285564", "git",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.2937857443", "golang",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.#", "1",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.type", "gp2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.number_of_disks", "2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.mount_point", "/home",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.size", "100",
+					),
+				),
+			},
+			resource.TestStep{
+				Config: fmt.Sprintf(testAccAwsOpsworksCustomLayerConfigUpdate, opsiam.ServiceRoleArn, opsiam.InstanceProfileArn),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "name", "tf-ops-acc-custom-layer",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "drain_elb_on_shutdown", "false",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "instance_shutdown_timeout", "120",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "custom_security_group_ids.#", "3",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.#", "3",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.1368285564", "git",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.2937857443", "golang",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "system_packages.4101929740", "subversion",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.#", "2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.type", "gp2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.number_of_disks", "2",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.mount_point", "/home",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.3575749636.size", "100",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.1266957920.type", "io1",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.1266957920.number_of_disks", "4",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.1266957920.mount_point", "/var",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.1266957920.size", "100",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.1266957920.raid_level", "1",
+					),
+					resource.TestCheckResourceAttr(
+						"aws_opsworks_custom_layer.tf-acc", "ebs_volume.1266957920.iops", "3000",
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAwsOpsworksCustomLayerDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+var testAccAwsOpsworksCustomLayerSecurityGroups = `
+resource "aws_security_group" "tf-ops-acc-layer1" {
+  name = "tf-ops-acc-layer1"
+  ingress {
+    from_port = 8
+    to_port = -1
+    protocol = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+resource "aws_security_group" "tf-ops-acc-layer2" {
+  name = "tf-ops-acc-layer2"
+  ingress {
+    from_port = 8
+    to_port = -1
+    protocol = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+`
+
+var testAccAwsOpsworksCustomLayerConfigCreate = testAccAwsOpsworksStackConfigNoVpcCreate + testAccAwsOpsworksCustomLayerSecurityGroups + `
+resource "aws_opsworks_custom_layer" "tf-acc" {
+  stack_id = "${aws_opsworks_stack.tf-acc.id}"
+  name = "tf-ops-acc-custom-layer"
+  short_name = "tf-ops-acc-custom-layer"
+  auto_assign_public_ips = true
+  custom_security_group_ids = [
+    "${aws_security_group.tf-ops-acc-layer1.id}",
+    "${aws_security_group.tf-ops-acc-layer2.id}",
+  ]
+  drain_elb_on_shutdown = true
+  instance_shutdown_timeout = 300
+  system_packages = [
+    "git",
+    "golang",
+  ]
+  ebs_volume {
+    type = "gp2"
+    number_of_disks = 2
+    mount_point = "/home"
+    size = 100
+    raid_level = 0
+  }
+}
+`
+
+var testAccAwsOpsworksCustomLayerConfigUpdate = testAccAwsOpsworksStackConfigNoVpcCreate + testAccAwsOpsworksCustomLayerSecurityGroups + `
+resource "aws_security_group" "tf-ops-acc-layer3" {
+  name = "tf-ops-acc-layer3"
+  ingress {
+    from_port = 8
+    to_port = -1
+    protocol = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+resource "aws_opsworks_custom_layer" "tf-acc" {
+  stack_id = "${aws_opsworks_stack.tf-acc.id}"
+  name = "tf-ops-acc-custom-layer"
+  short_name = "tf-ops-acc-custom-layer"
+  auto_assign_public_ips = true
+  custom_security_group_ids = [
+    "${aws_security_group.tf-ops-acc-layer1.id}",
+    "${aws_security_group.tf-ops-acc-layer2.id}",
+    "${aws_security_group.tf-ops-acc-layer3.id}",
+  ]
+  drain_elb_on_shutdown = false
+  instance_shutdown_timeout = 120
+  system_packages = [
+    "git",
+    "golang",
+    "subversion",
+  ]
+  ebs_volume {
+    type = "gp2"
+    number_of_disks = 2
+    mount_point = "/home"
+    size = 100
+    raid_level = 0
+  }
+  ebs_volume {
+    type = "io1"
+    number_of_disks = 4
+    mount_point = "/var"
+    size = 100
+    raid_level = 1
+    iops = 3000
+  }
+}
+`
diff --git a/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go b/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go
new file mode 100644
index 0000000000..c37bb70e5d
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go
@@ -0,0 +1,33 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksGangliaLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName: "monitoring-master",
+		DefaultLayerName: "Ganglia",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"url": &opsworksLayerTypeAttribute{
+				AttrName: "GangliaUrl",
+				Type:     schema.TypeString,
+				Default:  "/ganglia",
+			},
+			"username": &opsworksLayerTypeAttribute{
+				AttrName: "GangliaUser",
+				Type:     schema.TypeString,
+				Default:  "opsworks",
+			},
+			"password": &opsworksLayerTypeAttribute{
+				AttrName:  "GangliaPassword",
+				Type:      schema.TypeString,
+				Required:  true,
+				WriteOnly: true,
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_haproxy_layer.go b/builtin/providers/aws/resource_aws_opsworks_haproxy_layer.go
new file mode 100644
index 0000000000..2b05dce05b
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_haproxy_layer.go
@@ -0,0 +1,48 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksHaproxyLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "lb",
+		DefaultLayerName: "HAProxy",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"stats_enabled": &opsworksLayerTypeAttribute{
+				AttrName: "EnableHaproxyStats",
+				Type:     schema.TypeBool,
+				Default:  true,
+			},
+			"stats_url": &opsworksLayerTypeAttribute{
+				AttrName: "HaproxyStatsUrl",
+				Type:     schema.TypeString,
+				Default:  "/haproxy?stats",
+			},
+			"stats_user": &opsworksLayerTypeAttribute{
+				AttrName: "HaproxyStatsUser",
+				Type:     schema.TypeString,
+				Default:  "opsworks",
+			},
+			"stats_password": &opsworksLayerTypeAttribute{
+				AttrName:  "HaproxyStatsPassword",
+				Type:      schema.TypeString,
+				WriteOnly: true,
+				Required:  true,
+			},
+			"healthcheck_url": &opsworksLayerTypeAttribute{
+				AttrName: "HaproxyHealthCheckUrl",
+				Type:     schema.TypeString,
+				Default:  "/",
+			},
+			"healthcheck_method": &opsworksLayerTypeAttribute{
+				AttrName: "HaproxyHealthCheckMethod",
+				Type:     schema.TypeString,
+				Default:  "OPTIONS",
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_java_app_layer.go b/builtin/providers/aws/resource_aws_opsworks_java_app_layer.go
new file mode 100644
index 0000000000..2b79fcfad3
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_java_app_layer.go
@@ -0,0 +1,42 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksJavaAppLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "java-app",
+		DefaultLayerName: "Java App Server",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"jvm_type": &opsworksLayerTypeAttribute{
+				AttrName: "Jvm",
+				Type:     schema.TypeString,
+				Default:  "openjdk",
+			},
+			"jvm_version": &opsworksLayerTypeAttribute{
+				AttrName: "JvmVersion",
+				Type:     schema.TypeString,
+				Default:  "7",
+			},
+			"jvm_options": &opsworksLayerTypeAttribute{
+				AttrName: "JvmOptions",
+				Type:     schema.TypeString,
+				Default:  "",
+			},
+			"app_server": &opsworksLayerTypeAttribute{
+				AttrName: "JavaAppServer",
+				Type:     schema.TypeString,
+				Default:  "tomcat",
+			},
+			"app_server_version": &opsworksLayerTypeAttribute{
+				AttrName: "JavaAppServerVersion",
+				Type:     schema.TypeString,
+				Default:  "7",
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_memcached_layer.go b/builtin/providers/aws/resource_aws_opsworks_memcached_layer.go
new file mode 100644
index 0000000000..626b428bb5
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_memcached_layer.go
@@ -0,0 +1,22 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksMemcachedLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "memcached",
+		DefaultLayerName: "Memcached",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"allocated_memory": &opsworksLayerTypeAttribute{
+				AttrName: "MemcachedMemory",
+				Type:     schema.TypeInt,
+				Default:  512,
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_mysql_layer.go b/builtin/providers/aws/resource_aws_opsworks_mysql_layer.go
new file mode 100644
index 0000000000..6ab4476a3d
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_mysql_layer.go
@@ -0,0 +1,27 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksMysqlLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "db-master",
+		DefaultLayerName: "MySQL",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"root_password": &opsworksLayerTypeAttribute{
+				AttrName:  "MysqlRootPassword",
+				Type:      schema.TypeString,
+				WriteOnly: true,
+			},
+			"root_password_on_all_instances": &opsworksLayerTypeAttribute{
+				AttrName: "MysqlRootPasswordUbiquitous",
+				Type:     schema.TypeBool,
+				Default:  true,
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_nodejs_app_layer.go b/builtin/providers/aws/resource_aws_opsworks_nodejs_app_layer.go
new file mode 100644
index 0000000000..24f3d0f3eb
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_nodejs_app_layer.go
@@ -0,0 +1,22 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksNodejsAppLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "nodejs-app",
+		DefaultLayerName: "Node.js App Server",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"nodejs_version": &opsworksLayerTypeAttribute{
+				AttrName: "NodejsVersion",
+				Type:     schema.TypeString,
+				Default:  "0.10.38",
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_php_app_layer.go b/builtin/providers/aws/resource_aws_opsworks_php_app_layer.go
new file mode 100644
index 0000000000..c3176af5bd
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_php_app_layer.go
@@ -0,0 +1,16 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksPhpAppLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "php-app",
+		DefaultLayerName: "PHP App Server",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_rails_app_layer.go b/builtin/providers/aws/resource_aws_opsworks_rails_app_layer.go
new file mode 100644
index 0000000000..54a0084ddb
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_rails_app_layer.go
@@ -0,0 +1,47 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksRailsAppLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "rails-app",
+		DefaultLayerName: "Rails App Server",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{
+			"ruby_version": &opsworksLayerTypeAttribute{
+				AttrName: "RubyVersion",
+				Type:     schema.TypeString,
+				Default:  "2.0.0",
+			},
+			"app_server": &opsworksLayerTypeAttribute{
+				AttrName: "RailsStack",
+				Type:     schema.TypeString,
+				Default:  "apache_passenger",
+			},
+			"passenger_version": &opsworksLayerTypeAttribute{
+				AttrName: "PassengerVersion",
+				Type:     schema.TypeString,
+				Default:  "4.0.46",
+			},
+			"rubygems_version": &opsworksLayerTypeAttribute{
+				AttrName: "RubygemsVersion",
+				Type:     schema.TypeString,
+				Default:  "2.2.2",
+			},
+			"manage_bundler": &opsworksLayerTypeAttribute{
+				AttrName: "ManageBundler",
+				Type:     schema.TypeBool,
+				Default:  true,
+			},
+			"bundler_version": &opsworksLayerTypeAttribute{
+				AttrName: "BundlerVersion",
+				Type:     schema.TypeString,
+				Default:  "1.5.3",
+			},
+		},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/builtin/providers/aws/resource_aws_opsworks_static_web_layer.go b/builtin/providers/aws/resource_aws_opsworks_static_web_layer.go
new file mode 100644
index 0000000000..df91b1b1b4
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_opsworks_static_web_layer.go
@@ -0,0 +1,16 @@
+package aws
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsOpsworksStaticWebLayer() *schema.Resource {
+	layerType := &opsworksLayerType{
+		TypeName:         "web",
+		DefaultLayerName: "Static Web Server",
+
+		Attributes: map[string]*opsworksLayerTypeAttribute{},
+	}
+
+	return layerType.SchemaResource()
+}
diff --git a/website/source/docs/providers/aws/r/opsworks_custom_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_custom_layer.html.markdown
new file mode 100644
index 0000000000..8bab636929
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_custom_layer.html.markdown
@@ -0,0 +1,65 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_custom_layer"
+sidebar_current: "docs-aws-resource-opsworks-custom-layer"
+description: |-
+  Provides an OpsWorks custom layer resource.
+---
+
+# aws\_opsworks\_custom\_layer
+
+Provides an OpsWorks custom layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_custom_layer" "custlayer" {
+    name = "My Awesome Custom Layer"
+    short_name = "awesome"
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A human-readable name for the layer.
+* `short_name` - (Required) A short, machine-readable name for the layer, which will be used to identify it in the Chef node JSON.
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_ganglia_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_ganglia_layer.html.markdown
new file mode 100644
index 0000000000..2137e0bf2a
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_ganglia_layer.html.markdown
@@ -0,0 +1,66 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_ganglia_layer"
+sidebar_current: "docs-aws-resource-opsworks-ganglia-layer"
+description: |-
+  Provides an OpsWorks Ganglia layer resource.
+---
+
+# aws\_opsworks\_ganglia\_layer
+
+Provides an OpsWorks Ganglia layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_ganglia_layer" "monitor" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+    password = "foobarbaz"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `password` - (Required) The password to use for Ganglia.
+* `name` - (Optional) A human-readable name for the layer.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `url` - (Optional) The URL path to use for Ganglia. Defaults to "/ganglia".
+* `username` - (Optiona) The username to use for Ganglia. Defaults to "opsworks".
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_haproxy_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_haproxy_layer.html.markdown
new file mode 100644
index 0000000000..a921a8135e
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_haproxy_layer.html.markdown
@@ -0,0 +1,69 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_haproxy_layer"
+sidebar_current: "docs-aws-resource-opsworks-haproxy-layer"
+description: |-
+  Provides an OpsWorks HAProxy layer resource.
+---
+
+# aws\_opsworks\_haproxy\_layer
+
+Provides an OpsWorks haproxy layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_haproxy_layer" "lb" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+    stats_password = "foobarbaz"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `stats_password` - (Required) The password to use for HAProxy stats.
+* `name` - (Optional) A human-readable name for the layer.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `healthcheck_method` - (Optional) HTTP method to use for instance healthchecks. Defaults to "OPTIONS".
+* `healthcheck_url` - (Optional) URL path to use for instance healthchecks. Defaults to "/".
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `stats_enabled` - (Optional) Whether to enable HAProxy stats.
+* `stats_url` - (Optional) The HAProxy stats URL. Defaults to "/haproxy?stats".
+* `stats_user` - (Optional) The username for HAProxy stats. Defaults to "opsworks".
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_java_app_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_java_app_layer.html.markdown
new file mode 100644
index 0000000000..c9a4823fe3
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_java_app_layer.html.markdown
@@ -0,0 +1,67 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_java_app_layer"
+sidebar_current: "docs-aws-resource-opsworks-java-app-layer"
+description: |-
+  Provides an OpsWorks Java application layer resource.
+---
+
+# aws\_opsworks\_java\_app\_layer
+
+Provides an OpsWorks Java application layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_java_app_layer" "app" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `app_server` - (Optional) Keyword for the application container to use. Defaults to "tomcat".
+* `app_server_version` - (Optional) Version of the selected application container to use. Defaults to "7".
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `jvm_type` - (Optional) Keyword for the type of JVM to use. Defaults to `openjdk`.
+* `jvm_options` - (Optional) Options to set for the JVM.
+* `jvm_version` - (Optional) Version of JVM to use. Defaults to "7".
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_memcached_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_memcached_layer.html.markdown
new file mode 100644
index 0000000000..4a725bd7cf
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_memcached_layer.html.markdown
@@ -0,0 +1,63 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_memcached_layer"
+sidebar_current: "docs-aws-resource-opsworks-memcached-layer"
+description: |-
+  Provides an OpsWorks memcached layer resource.
+---
+
+# aws\_opsworks\_memcached\_layer
+
+Provides an OpsWorks memcached layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_memcached_layer" "cache" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `allocated_memory` - (Optional) Amount of memory to allocate for the cache on each instance, in megabytes. Defaults to 512MB.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown
new file mode 100644
index 0000000000..fcbcef97d5
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_mysql_layer.html.markdown
@@ -0,0 +1,64 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_mysql_layer"
+sidebar_current: "docs-aws-resource-opsworks-mysql-layer"
+description: |-
+  Provides an OpsWorks MySQL layer resource.
+---
+
+# aws\_opsworks\_mysql\_layer
+
+Provides an OpsWorks MySQL layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_mysql_layer" "db" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `root_password` - (Optional) Root password to use for MySQL.
+* `root_password_on_all_instances` - (Optional) Whether to set the root user password to all instances in the stack so they can access the instances in this layer.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_nodejs_app_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_nodejs_app_layer.html.markdown
new file mode 100644
index 0000000000..e5a0f5b8a2
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_nodejs_app_layer.html.markdown
@@ -0,0 +1,63 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_nodejs_app_layer"
+sidebar_current: "docs-aws-resource-opsworks-nodejs-app-layer"
+description: |-
+  Provides an OpsWorks NodeJS application layer resource.
+---
+
+# aws\_opsworks\_nodejs\_app\_layer
+
+Provides an OpsWorks NodeJS application layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_nodejs_app_layer" "app" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `nodejs_version` - (Optional) The version of NodeJS to use. Defaults to "0.10.38".
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_php_app_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_php_app_layer.html.markdown
new file mode 100644
index 0000000000..ec91e4ed36
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_php_app_layer.html.markdown
@@ -0,0 +1,62 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_php_app_layer"
+sidebar_current: "docs-aws-resource-opsworks-php-app-layer"
+description: |-
+  Provides an OpsWorks PHP application layer resource.
+---
+
+# aws\_opsworks\_php\_app\_layer
+
+Provides an OpsWorks PHP application layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_php_app_layer" "app" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_rails_app_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_rails_app_layer.html.markdown
new file mode 100644
index 0000000000..ee4f85ed4c
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_rails_app_layer.html.markdown
@@ -0,0 +1,68 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_rails_app_layer"
+sidebar_current: "docs-aws-resource-opsworks-rails-app-layer"
+description: |-
+  Provides an OpsWorks Ruby on Rails application layer resource.
+---
+
+# aws\_opsworks\_rails\_app\_layer
+
+Provides an OpsWorks Ruby on Rails application layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_rails_app_layer" "app" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `app_server` - (Optional) Keyword for the app server to use. Defaults to "apache_passenger".
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `bundler_version` - (Optional) When OpsWorks is managing Bundler, which version to use. Defaults to "1.5.3".
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `manage_bundler` - (Optional) Whether OpsWorks should manage bundler. On by default.
+* `passenger_version` - (Optional) The version of Passenger to use. Defaults to "4.0.46".
+* `ruby_version` - (Optional) The version of Ruby to use. Defaults to "2.0.0".
+* `rubygems_version` - (Optional) The version of RubyGems to use. Defaults to "2.2.2".
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/docs/providers/aws/r/opsworks_static_web_layer.html.markdown b/website/source/docs/providers/aws/r/opsworks_static_web_layer.html.markdown
new file mode 100644
index 0000000000..70272e8d07
--- /dev/null
+++ b/website/source/docs/providers/aws/r/opsworks_static_web_layer.html.markdown
@@ -0,0 +1,62 @@
+---
+layout: "aws"
+page_title: "AWS: aws_opsworks_static_web_layer"
+sidebar_current: "docs-aws-resource-opsworks-static-web-layer"
+description: |-
+  Provides an OpsWorks static web server layer resource.
+---
+
+# aws\_opsworks\_static\_web\_layer
+
+Provides an OpsWorks static web server layer resource.
+
+## Example Usage
+
+```
+resource "aws_opsworks_static_web_layer" "web" {
+    stack_id = "${aws_opsworks_stack.main.id}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `stack_id` - (Required) The id of the stack the layer will belong to.
+* `name` - (Optional) A human-readable name for the layer.
+* `auto_assign_elastic_ips` - (Optional) Whether to automatically assign an elastic IP address to the layer's instances.
+* `auto_assign_public_ips` - (Optional) For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.
+* `custom_instance_profile_arn` - (Optional) The ARN of an IAM profile that will be used for the layer's instances.
+* `custom_security_group_ids` - (Optional) Ids for a set of security groups to apply to the layer's instances.
+* `auto_healing` - (Optional) Whether to enable auto-healing for the layer.
+* `install_updates_on_boot` - (Optional) Whether to install OS and package updates on each instance when it boots.
+* `instance_shutdown_timeout` - (Optional) The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.
+* `drain_elb_on_shutdown` - (Optional) Whether to enable Elastic Load Balancing connection draining.
+* `system_packages` - (Optional) Names of a set of system packages to install on the layer's instances.
+* `use_ebs_optimized_instances` - (Optional) Whether to use EBS-optimized instances.
+* `ebs_volume` - (Optional) `ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.
+
+The following extra optional arguments, all lists of Chef recipe names, allow
+custom Chef recipes to be applied to layer instances at the five different
+lifecycle events, if custom cookbooks are enabled on the layer's stack:
+
+* `custom_configure_recipes`
+* `custom_deploy_recipes`
+* `custom_setup_recipes`
+* `custom_shutdown_recipes`
+* `custom_undeploy_recipes`
+
+An `ebs_volume` block supports the following arguments:
+
+* `mount_point` - (Required) The path to mount the EBS volume on the layer's instances.
+* `size` - (Required) The size of the volume in gigabytes.
+* `number_of_disks` - (Required) The number of disks to use for the EBS volume.
+* `raid_level` - (Required) The RAID level to use for the volume.
+* `type` - (Optional) The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.
+* `iops` - (Optional) For PIOPS volumes, the IOPS per disk.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The id of the layer.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 3996f817c4..296463206c 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -22,7 +22,7 @@
                         <li<%= sidebar_current("docs-aws-resource-cloudwatch-metric-alarm") %>>
                             <a href="/docs/providers/aws/r/cloudwatch_metric_alarm.html">aws_cloudwatch_metric_alarm</a>
                         </li>
-
+ 
                     </ul>
                 </li>
 
@@ -259,10 +259,50 @@
                     <a href="#">OpsWorks Resources</a>
                     <ul class="nav nav-visible">
 
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-custom-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_custom_layer.html">aws_opsworks_custom_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-ganglia-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_ganglia_layer.html">aws_opsworks_ganglia_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-haproxy-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_haproxy_layer.html">aws_opsworks_haproxy_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-java-app-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_java_app_layer.html">aws_opsworks_java_app_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-memcached-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_memcached_layer.html">aws_opsworks_memcached_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-mysql-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_mysql_layer.html">aws_opsworks_mysql_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-nodejs-app-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_nodejs_app_layer.html">aws_opsworks_nodejs_app_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-php-app-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_php_app_layer.html">aws_opsworks_php_app_layer</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-rails-app-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_rails_app_layer.html">aws_opsworks_rails_app_layer</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-opsworks-stack") %>>
                             <a href="/docs/providers/aws/r/opsworks_stack.html">aws_opsworks_stack</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-opsworks-static-web-layer") %>>
+                            <a href="/docs/providers/aws/r/opsworks_static_web_layer.html">aws_opsworks_static_web_layer</a>
+                        </li>
+
                     </ul>
                 </li>
 

From d4e3e4cae7d65ed5b8178f4cc666044f29c25f06 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Tue, 6 Oct 2015 14:49:16 +0200
Subject: [PATCH 121/335] Fix regexp

---
 builtin/providers/cloudstack/resources.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/cloudstack/resources.go b/builtin/providers/cloudstack/resources.go
index 53e017b149..f7115e7933 100644
--- a/builtin/providers/cloudstack/resources.go
+++ b/builtin/providers/cloudstack/resources.go
@@ -121,7 +121,7 @@ func retrieveTemplateID(cs *cloudstack.CloudStackClient, zoneid, value string) (
 
 // ID can be either a UUID or a UnlimitedResourceID
 func isID(id string) bool {
-	re := regexp.MustCompile(`^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|-1$`)
+	re := regexp.MustCompile(`^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|-1)$`)
 	return re.MatchString(id)
 }
 

From 4ede14ee3e60295ba7e02e3aaeaa54f7804d0ddb Mon Sep 17 00:00:00 2001
From: balser <balser.brian@gmail.com>
Date: Tue, 6 Oct 2015 13:39:39 -0400
Subject: [PATCH 122/335] Correct VPC customer gw type in examples.

---
 .../source/docs/providers/aws/r/customer_gateway.html.markdown  | 2 +-
 .../docs/providers/aws/r/vpn_connection_route.html.markdown     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/source/docs/providers/aws/r/customer_gateway.html.markdown b/website/source/docs/providers/aws/r/customer_gateway.html.markdown
index bde5cd1e1a..32b340522c 100644
--- a/website/source/docs/providers/aws/r/customer_gateway.html.markdown
+++ b/website/source/docs/providers/aws/r/customer_gateway.html.markdown
@@ -18,7 +18,7 @@ Provides a customer gateway inside a VPC. These objects can be connected to VPN
 resource "aws_customer_gateway" "main" {
     bgp_asn = 60000
     ip_address = "172.83.124.10"
-    type = ipsec.1
+    type = "ipsec.1"
     tags {
         Name = "main-customer-gateway"
     }
diff --git a/website/source/docs/providers/aws/r/vpn_connection_route.html.markdown b/website/source/docs/providers/aws/r/vpn_connection_route.html.markdown
index a0d2f2ccc1..0f4782f2df 100644
--- a/website/source/docs/providers/aws/r/vpn_connection_route.html.markdown
+++ b/website/source/docs/providers/aws/r/vpn_connection_route.html.markdown
@@ -24,7 +24,7 @@ resource "aws_vpn_gateway" "vpn_gateway" {
 resource "aws_customer_gateway" "customer_gateway" {
 	  bgp_asn = 60000
 	  ip_address = "172.0.0.1"
-	  type = ipsec.1
+	  type = "ipsec.1"
 }
 
 resource "aws_vpn_connection" "main" {

From 1be8e85d44d75f84042d1274bf8ee48af3c8a025 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Tue, 15 Sep 2015 10:01:13 -0400
Subject: [PATCH 123/335] Implements optional region for remaining GCE
 resources

---
 .../resource_compute_backend_service.go       |  6 +++
 .../google/resource_compute_target_pool.go    | 42 +++++++++++--------
 .../r/compute_backend_service.html.markdown   |  2 +
 .../r/compute_target_pool.html.markdown       |  1 +
 4 files changed, 34 insertions(+), 17 deletions(-)

diff --git a/builtin/providers/google/resource_compute_backend_service.go b/builtin/providers/google/resource_compute_backend_service.go
index cbd722d38e..ead6e24023 100644
--- a/builtin/providers/google/resource_compute_backend_service.go
+++ b/builtin/providers/google/resource_compute_backend_service.go
@@ -66,6 +66,12 @@ func resourceComputeBackendService() *schema.Resource {
 				Optional: true,
 			},
 
+			"region": &schema.Schema{
+				Type:     schema.TypeString,
+				ForceNew: true,
+				Optional: true,
+			},
+
 			"health_checks": &schema.Schema{
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
diff --git a/builtin/providers/google/resource_compute_target_pool.go b/builtin/providers/google/resource_compute_target_pool.go
index 37af4a1e7f..91e83a46aa 100644
--- a/builtin/providers/google/resource_compute_target_pool.go
+++ b/builtin/providers/google/resource_compute_target_pool.go
@@ -66,6 +66,12 @@ func resourceComputeTargetPool() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 			},
+
+			"region": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
 		},
 	}
 }
@@ -115,6 +121,7 @@ func convertInstances(config *Config, names []string) ([]string, error) {
 
 func resourceComputeTargetPoolCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
+	region := getOptionalRegion(d, config)
 
 	hchkUrls, err := convertHealthChecks(
 		config, convertStringArr(d.Get("health_checks").([]interface{})))
@@ -142,7 +149,7 @@ func resourceComputeTargetPoolCreate(d *schema.ResourceData, meta interface{}) e
 	}
 	log.Printf("[DEBUG] TargetPool insert request: %#v", tpool)
 	op, err := config.clientCompute.TargetPools.Insert(
-		config.Project, config.Region, tpool).Do()
+		config.Project, region, tpool).Do()
 	if err != nil {
 		return fmt.Errorf("Error creating TargetPool: %s", err)
 	}
@@ -150,11 +157,10 @@ func resourceComputeTargetPoolCreate(d *schema.ResourceData, meta interface{}) e
 	// It probably maybe worked, so store the ID now
 	d.SetId(tpool.Name)
 
-	err = computeOperationWaitRegion(config, op, config.Region, "Creating Target Pool")
+	err = computeOperationWaitRegion(config, op, region, "Creating Target Pool")
 	if err != nil {
 		return err
 	}
-
 	return resourceComputeTargetPoolRead(d, meta)
 }
 
@@ -190,6 +196,7 @@ func calcAddRemove(from []string, to []string) ([]string, []string) {
 
 func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
+	region := getOptionalRegion(d, config)
 
 	d.Partial(true)
 
@@ -215,12 +222,12 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 			removeReq.HealthChecks[i] = &compute.HealthCheckReference{HealthCheck: v}
 		}
 		op, err := config.clientCompute.TargetPools.RemoveHealthCheck(
-			config.Project, config.Region, d.Id(), removeReq).Do()
+			config.Project, region, d.Id(), removeReq).Do()
 		if err != nil {
 			return fmt.Errorf("Error updating health_check: %s", err)
 		}
 
-		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
+		err = computeOperationWaitRegion(config, op, region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
@@ -231,12 +238,12 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 			addReq.HealthChecks[i] = &compute.HealthCheckReference{HealthCheck: v}
 		}
 		op, err = config.clientCompute.TargetPools.AddHealthCheck(
-			config.Project, config.Region, d.Id(), addReq).Do()
+			config.Project, region, d.Id(), addReq).Do()
 		if err != nil {
 			return fmt.Errorf("Error updating health_check: %s", err)
 		}
 
-		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
+		err = computeOperationWaitRegion(config, op, region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
@@ -265,12 +272,12 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 			addReq.Instances[i] = &compute.InstanceReference{Instance: v}
 		}
 		op, err := config.clientCompute.TargetPools.AddInstance(
-			config.Project, config.Region, d.Id(), addReq).Do()
+			config.Project, region, d.Id(), addReq).Do()
 		if err != nil {
 			return fmt.Errorf("Error updating instances: %s", err)
 		}
 
-		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
+		err = computeOperationWaitRegion(config, op, region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
@@ -281,12 +288,11 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 			removeReq.Instances[i] = &compute.InstanceReference{Instance: v}
 		}
 		op, err = config.clientCompute.TargetPools.RemoveInstance(
-			config.Project, config.Region, d.Id(), removeReq).Do()
+			config.Project, region, d.Id(), removeReq).Do()
 		if err != nil {
 			return fmt.Errorf("Error updating instances: %s", err)
 		}
-
-		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
+		err = computeOperationWaitRegion(config, op, region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
@@ -299,12 +305,12 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 			Target: bpool_name,
 		}
 		op, err := config.clientCompute.TargetPools.SetBackup(
-			config.Project, config.Region, d.Id(), tref).Do()
+			config.Project, region, d.Id(), tref).Do()
 		if err != nil {
 			return fmt.Errorf("Error updating backup_pool: %s", err)
 		}
 
-		err = computeOperationWaitRegion(config, op, config.Region, "Updating Target Pool")
+		err = computeOperationWaitRegion(config, op, region, "Updating Target Pool")
 		if err != nil {
 			return err
 		}
@@ -318,9 +324,10 @@ func resourceComputeTargetPoolUpdate(d *schema.ResourceData, meta interface{}) e
 
 func resourceComputeTargetPoolRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
+	region := getOptionalRegion(d, config)
 
 	tpool, err := config.clientCompute.TargetPools.Get(
-		config.Project, config.Region, d.Id()).Do()
+		config.Project, region, d.Id()).Do()
 	if err != nil {
 		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
 			// The resource doesn't exist anymore
@@ -339,15 +346,16 @@ func resourceComputeTargetPoolRead(d *schema.ResourceData, meta interface{}) err
 
 func resourceComputeTargetPoolDelete(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
+	region := getOptionalRegion(d, config)
 
 	// Delete the TargetPool
 	op, err := config.clientCompute.TargetPools.Delete(
-		config.Project, config.Region, d.Id()).Do()
+		config.Project, region, d.Id()).Do()
 	if err != nil {
 		return fmt.Errorf("Error deleting TargetPool: %s", err)
 	}
 
-	err = computeOperationWaitRegion(config, op, config.Region, "Deleting Target Pool")
+	err = computeOperationWaitRegion(config, op, region, "Deleting Target Pool")
 	if err != nil {
 		return err
 	}
diff --git a/website/source/docs/providers/google/r/compute_backend_service.html.markdown b/website/source/docs/providers/google/r/compute_backend_service.html.markdown
index c9d9396c51..5a862e2385 100644
--- a/website/source/docs/providers/google/r/compute_backend_service.html.markdown
+++ b/website/source/docs/providers/google/r/compute_backend_service.html.markdown
@@ -19,6 +19,7 @@ resource "google_compute_backend_service" "foobar" {
     port_name = "http"
     protocol = "HTTP"
     timeout_sec = 10
+    region = us-central1
 
     backend {
         group = "${google_compute_instance_group_manager.foo.instance_group}"
@@ -67,6 +68,7 @@ The following arguments are supported:
     for checking the health of the backend service.
 * `description` - (Optional) The textual description for the backend service.
 * `backend` - (Optional) The list of backends that serve this BackendService. See *Backend* below.
+* `region` - (Optional) The region the service sits in. If not specified, the project region is used.
 * `port_name` - (Optional) The name of a service that has been added to
 	an instance group in this backend. See [related docs](https://cloud.google.com/compute/docs/instance-groups/#specifying_service_endpoints)
     for details. Defaults to http.
diff --git a/website/source/docs/providers/google/r/compute_target_pool.html.markdown b/website/source/docs/providers/google/r/compute_target_pool.html.markdown
index 1efc5905e0..82bc4a7d1f 100644
--- a/website/source/docs/providers/google/r/compute_target_pool.html.markdown
+++ b/website/source/docs/providers/google/r/compute_target_pool.html.markdown
@@ -49,6 +49,7 @@ The following arguments are supported:
 
 * `session_affinity` - (Optional) How to distribute load.  Options are "NONE" (no affinity).  "CLIENT\_IP" (hash of the source/dest addresses / ports), and "CLIENT\_IP\_PROTO" also includes the protocol (default "NONE").
 
+* `region` - (Optional) Where the target pool resides. Defaults to project region.
 
 ## Attributes Reference
 

From d15acb042c0f7ace185935371b3fb3f597065c7b Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Wed, 16 Sep 2015 14:46:46 -0400
Subject: [PATCH 124/335] Implemented bucket & object ACLs, as well as
 documentation and tests

---
 builtin/providers/google/provider.go          |   2 +
 .../google/resource_storage_bucket.go         |  16 +-
 .../google/resource_storage_bucket_acl.go     | 292 +++++++++++++++++
 .../resource_storage_bucket_acl_test.go       | 232 +++++++++++++
 .../google/resource_storage_bucket_object.go  |   8 +-
 .../google/resource_storage_object_acl.go     | 254 ++++++++++++++
 .../resource_storage_object_acl_test.go       | 310 ++++++++++++++++++
 .../google/r/storage_bucket.html.markdown     |   8 +-
 .../google/r/storage_bucket_acl.html.markdown |  36 ++
 .../r/storage_bucket_object.html.markdown     |   4 +-
 .../google/r/storage_object_acl.html.markdown |  43 +++
 website/source/layouts/google.erb             |   8 +
 12 files changed, 1198 insertions(+), 15 deletions(-)
 create mode 100644 builtin/providers/google/resource_storage_bucket_acl.go
 create mode 100644 builtin/providers/google/resource_storage_bucket_acl_test.go
 create mode 100644 builtin/providers/google/resource_storage_object_acl.go
 create mode 100644 builtin/providers/google/resource_storage_object_acl_test.go
 create mode 100644 website/source/docs/providers/google/r/storage_bucket_acl.html.markdown
 create mode 100644 website/source/docs/providers/google/r/storage_object_acl.html.markdown

diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go
index a023b81c99..7c9587219b 100644
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@@ -54,7 +54,9 @@ func Provider() terraform.ResourceProvider {
 			"google_dns_record_set":                 resourceDnsRecordSet(),
 			"google_compute_instance_group_manager": resourceComputeInstanceGroupManager(),
 			"google_storage_bucket":                 resourceStorageBucket(),
+			"google_storage_bucket_acl":             resourceStorageBucketAcl(),
 			"google_storage_bucket_object":          resourceStorageBucketObject(),
+			"google_storage_object_acl":             resourceStorageObjectAcl(),
 		},
 
 		ConfigureFunc: providerConfigure,
diff --git a/builtin/providers/google/resource_storage_bucket.go b/builtin/providers/google/resource_storage_bucket.go
index de03d5f6da..64e4fd434b 100644
--- a/builtin/providers/google/resource_storage_bucket.go
+++ b/builtin/providers/google/resource_storage_bucket.go
@@ -24,10 +24,10 @@ func resourceStorageBucket() *schema.Resource {
 				ForceNew: true,
 			},
 			"predefined_acl": &schema.Schema{
-				Type:     schema.TypeString,
-				Default:  "projectPrivate",
-				Optional: true,
-				ForceNew: true,
+				Type:       schema.TypeString,
+				Deprecated: "Please use resource \"storage_bucket_acl.predefined_acl\" instead.",
+				Optional:   true,
+				ForceNew:   true,
 			},
 			"location": &schema.Schema{
 				Type:     schema.TypeString,
@@ -69,7 +69,6 @@ func resourceStorageBucketCreate(d *schema.ResourceData, meta interface{}) error
 
 	// Get the bucket and acl
 	bucket := d.Get("name").(string)
-	acl := d.Get("predefined_acl").(string)
 	location := d.Get("location").(string)
 
 	// Create a bucket, setting the acl, location and name.
@@ -95,7 +94,12 @@ func resourceStorageBucketCreate(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
-	res, err := config.clientStorage.Buckets.Insert(config.Project, sb).PredefinedAcl(acl).Do()
+	call := config.clientStorage.Buckets.Insert(config.Project, sb)
+	if v, ok := d.GetOk("predefined_acl"); ok {
+		call = call.PredefinedAcl(v.(string))
+	}
+
+	res, err := call.Do()
 
 	if err != nil {
 		fmt.Printf("Error creating bucket %s: %v", bucket, err)
diff --git a/builtin/providers/google/resource_storage_bucket_acl.go b/builtin/providers/google/resource_storage_bucket_acl.go
new file mode 100644
index 0000000000..1c2ef2ab65
--- /dev/null
+++ b/builtin/providers/google/resource_storage_bucket_acl.go
@@ -0,0 +1,292 @@
+package google
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"google.golang.org/api/storage/v1"
+)
+
+func resourceStorageBucketAcl() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceStorageBucketAclCreate,
+		Read:   resourceStorageBucketAclRead,
+		Update: resourceStorageBucketAclUpdate,
+		Delete: resourceStorageBucketAclDelete,
+
+		Schema: map[string]*schema.Schema{
+			"bucket": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"predefined_acl": &schema.Schema{
+				Type:       schema.TypeString,
+				Optional:   true,
+				ForceNew:   true,
+			},
+			"role_entity": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"default_acl": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+		},
+	}
+}
+
+type RoleEntity struct {
+	Role   string
+	Entity string
+}
+
+func getBucketAclId(bucket string) string {
+	return bucket + "-acl"
+}
+
+func getRoleEntityPair(role_entity string) (*RoleEntity, error) {
+	split := strings.Split(role_entity, ":")
+	if len(split) != 2 {
+		return nil, fmt.Errorf("Error, each role entity pair must be " +
+			"formatted as ROLE:entity")
+	}
+
+	return &RoleEntity{Role: split[0], Entity: split[1]}, nil
+}
+
+func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+	predefined_acl := ""
+	default_acl := ""
+	role_entity := make([]interface{}, 0)
+
+	if v, ok := d.GetOk("predefined_acl"); ok {
+		predefined_acl = v.(string)
+	}
+
+	if v, ok := d.GetOk("role_entity"); ok {
+		role_entity = v.([]interface{})
+	}
+
+	if v, ok := d.GetOk("default_acl"); ok {
+		default_acl = v.(string)
+	}
+
+	if len(predefined_acl) > 0 {
+		if len(role_entity) > 0 {
+			return fmt.Errorf("Error, you cannot specify both " +
+				"\"predefined_acl\" and \"role_entity\"");
+		}
+
+		res, err := config.clientStorage.Buckets.Get(bucket).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error reading bucket %s: %v", bucket, err)
+		}
+
+		res, err = config.clientStorage.Buckets.Update(bucket,
+			res).PredefinedAcl(predefined_acl).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
+		}
+
+		return resourceStorageBucketAclRead(d, meta);
+	} else if len(role_entity) > 0 {
+		for _, v := range(role_entity) {
+			pair, err := getRoleEntityPair(v.(string))
+
+			bucketAccessControl := &storage.BucketAccessControl{
+				Role:   pair.Role,
+				Entity: pair.Entity,
+			}
+
+			log.Printf("[DEBUG]: storing re %s-%s", pair.Role, pair.Entity)
+
+			_, err = config.clientStorage.BucketAccessControls.Insert(bucket, bucketAccessControl).Do()
+
+			if err != nil {
+				return fmt.Errorf("Error updating ACL for bucket %s: %v", bucket, err)
+			}
+		}
+
+		return resourceStorageBucketAclRead(d, meta);
+	}
+
+	if len(default_acl) > 0 {
+		res, err := config.clientStorage.Buckets.Get(bucket).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error reading bucket %s: %v", bucket, err)
+		}
+
+		res, err = config.clientStorage.Buckets.Update(bucket,
+			res).PredefinedDefaultObjectAcl(default_acl).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
+		}
+
+		return resourceStorageBucketAclRead(d, meta);
+	}
+
+	return nil
+}
+
+
+func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+
+	// Predefined ACLs cannot easily be parsed once they have been processed
+	// by the GCP server
+	if _, ok := d.GetOk("predefined_acl"); !ok {
+		role_entity := make([]interface{}, 0)
+		re_local := d.Get("role_entity").([]interface{})
+		re_local_map := make(map[string]string)
+		for _, v := range(re_local) {
+			res, err := getRoleEntityPair(v.(string))
+
+			if err != nil {
+				return fmt.Errorf(
+					"Old state has malformed Role/Entity pair: %v", err)
+			}
+
+			re_local_map[res.Entity] = res.Role
+		}
+
+		res, err := config.clientStorage.BucketAccessControls.List(bucket).Do()
+
+		if err != nil {
+			return err
+		}
+
+		for _, v := range(res.Items) {
+			log.Printf("[DEBUG]: examining re %s-%s", v.Role, v.Entity)
+			// We only store updates to the locally defined access controls
+			if _, in := re_local_map[v.Entity]; in {
+				role_entity = append(role_entity, fmt.Sprintf("%s:%s", v.Role, v.Entity))
+				log.Printf("[DEBUG]: saving re %s-%s", v.Role, v.Entity)
+			}
+		}
+
+		d.Set("role_entity", role_entity)
+	}
+
+	d.SetId(getBucketAclId(bucket))
+	return nil
+}
+
+func resourceStorageBucketAclUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+
+	if d.HasChange("role_entity") {
+		o, n := d.GetChange("role_entity")
+		old_re, new_re := o.([]interface{}), n.([]interface{})
+
+		old_re_map := make(map[string]string)
+		for _, v := range(old_re) {
+			res, err := getRoleEntityPair(v.(string))
+
+			if err != nil {
+				return fmt.Errorf(
+					"Old state has malformed Role/Entity pair: %v", err)
+			}
+
+			old_re_map[res.Entity] = res.Role
+		}
+
+		for _, v := range(new_re) {
+			pair, err := getRoleEntityPair(v.(string))
+
+			bucketAccessControl := &storage.BucketAccessControl{
+				Role:   pair.Role,
+				Entity: pair.Entity,
+			}
+
+			// If the old state is missing this entity, it needs to
+			// be created. Otherwise it is updated
+			if _, ok := old_re_map[pair.Entity]; ok {
+				_, err = config.clientStorage.BucketAccessControls.Update(
+					bucket, pair.Entity, bucketAccessControl).Do()
+			} else {
+				_, err = config.clientStorage.BucketAccessControls.Insert(
+					bucket, bucketAccessControl).Do()
+			}
+
+			// Now we only store the keys that have to be removed
+			delete(old_re_map, pair.Entity)
+
+			if err != nil {
+				return fmt.Errorf("Error updating ACL for bucket %s: %v", bucket, err)
+			}
+		}
+
+		for entity, _ := range(old_re_map) {
+			log.Printf("[DEBUG]: removing entity %s", entity)
+			err := config.clientStorage.BucketAccessControls.Delete(bucket, entity).Do()
+
+			if err != nil {
+				return fmt.Errorf("Error updating ACL for bucket %s: %v", bucket, err)
+			}
+		}
+
+		return resourceStorageBucketAclRead(d, meta);
+	}
+
+	if d.HasChange("default_acl") {
+		default_acl := d.Get("default_acl").(string)
+
+		res, err := config.clientStorage.Buckets.Get(bucket).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error reading bucket %s: %v", bucket, err)
+		}
+
+		res, err = config.clientStorage.Buckets.Update(bucket,
+			res).PredefinedDefaultObjectAcl(default_acl).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
+		}
+
+		return resourceStorageBucketAclRead(d, meta);
+	}
+
+	return nil
+}
+
+func resourceStorageBucketAclDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+
+	re_local := d.Get("role_entity").([]interface{})
+	for _, v := range(re_local) {
+		res, err := getRoleEntityPair(v.(string))
+		if err != nil {
+			return err
+		}
+
+		log.Printf("[DEBUG]: removing entity %s", res.Entity)
+
+		err = config.clientStorage.BucketAccessControls.Delete(bucket, res.Entity).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error deleting entity %s ACL: %s", res.Entity, err)
+		}
+	}
+
+	return nil
+}
diff --git a/builtin/providers/google/resource_storage_bucket_acl_test.go b/builtin/providers/google/resource_storage_bucket_acl_test.go
new file mode 100644
index 0000000000..afcb991c56
--- /dev/null
+++ b/builtin/providers/google/resource_storage_bucket_acl_test.go
@@ -0,0 +1,232 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+	"math/rand"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+
+	//"google.golang.org/api/storage/v1"
+)
+
+var roleEntityBasic1 = "OWNER:user-omeemail@gmail.com"
+
+var roleEntityBasic2 = "READER:user-anotheremail@gmail.com"
+
+var roleEntityBasic3_owner = "OWNER:user-yetanotheremail@gmail.com"
+
+var roleEntityBasic3_reader = "READER:user-yetanotheremail@gmail.com"
+
+var testAclBucketName = fmt.Sprintf("%s-%d", "tf-test-acl-bucket", rand.New(rand.NewSource(time.Now().UnixNano())).Int())
+
+func TestAccGoogleStorageBucketAcl_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasic1,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic1),
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
+				),
+			},
+		},
+	})
+}
+
+func TestAccGoogleStorageBucketAcl_upgrade(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasic1,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic1),
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasic2,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic3_owner),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasicDelete,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic1),
+					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic2),
+					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic3_owner),
+				),
+			},
+		},
+	})
+}
+
+func TestAccGoogleStorageBucketAcl_downgrade(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasic2,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic3_owner),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasic3,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
+					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic3_reader),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclBasicDelete,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic1),
+					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic2),
+					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic3_owner),
+				),
+			},
+		},
+	})
+}
+
+func TestAccGoogleStorageBucketAcl_predefined(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageBucketsAclPredefined,
+			},
+		},
+	})
+}
+
+func testAccCheckGoogleStorageBucketAclDelete(bucket, roleEntityS string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		roleEntity, _ := getRoleEntityPair(roleEntityS)
+		config := testAccProvider.Meta().(*Config)
+
+		_, err := config.clientStorage.BucketAccessControls.Get(bucket, roleEntity.Entity).Do()
+
+		if err != nil {
+			return nil
+		}
+
+		return fmt.Errorf("Error, entity %s still exists", roleEntity.Entity)
+	}
+}
+
+func testAccCheckGoogleStorageBucketAcl(bucket, roleEntityS string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		roleEntity, _ := getRoleEntityPair(roleEntityS)
+		config := testAccProvider.Meta().(*Config)
+
+		res, err := config.clientStorage.BucketAccessControls.Get(bucket, roleEntity.Entity).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error retrieving contents of acl for bucket %s: %s", bucket, err)
+		}
+
+		if (res.Role != roleEntity.Role) {
+			return fmt.Errorf("Error, Role mismatch %s != %s", res.Role, roleEntity.Role)
+		}
+
+		return nil
+	}
+}
+
+func testAccGoogleStorageBucketAclDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_storage_bucket_acl" {
+			continue
+		}
+
+		bucket := rs.Primary.Attributes["bucket"]
+
+		_, err := config.clientStorage.BucketAccessControls.List(bucket).Do()
+
+		if err == nil {
+			return fmt.Errorf("Acl for bucket %s still exists", bucket)
+		}
+	}
+
+	return nil
+}
+
+var testGoogleStorageBucketsAclBasic1 = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_acl" "acl" {
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = ["%s", "%s"]
+}
+`, testAclBucketName, roleEntityBasic1, roleEntityBasic2)
+
+var testGoogleStorageBucketsAclBasic2 = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_acl" "acl" {
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = ["%s", "%s"]
+}
+`, testAclBucketName, roleEntityBasic2, roleEntityBasic3_owner)
+
+var testGoogleStorageBucketsAclBasicDelete = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_acl" "acl" {
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = []
+}
+`, testAclBucketName)
+
+var testGoogleStorageBucketsAclBasic3 = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_acl" "acl" {
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = ["%s", "%s"]
+}
+`, testAclBucketName, roleEntityBasic2, roleEntityBasic3_reader)
+
+
+var testGoogleStorageBucketsAclPredefined = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_acl" "acl" {
+	bucket = "${google_storage_bucket.bucket.name}"
+	predefined_acl = "projectPrivate"
+	default_acl = "projectPrivate"
+}
+`, testAclBucketName)
diff --git a/builtin/providers/google/resource_storage_bucket_object.go b/builtin/providers/google/resource_storage_bucket_object.go
index cd5fe7d9c1..589b50bf1b 100644
--- a/builtin/providers/google/resource_storage_bucket_object.go
+++ b/builtin/providers/google/resource_storage_bucket_object.go
@@ -34,7 +34,7 @@ func resourceStorageBucketObject() *schema.Resource {
 			},
 			"predefined_acl": &schema.Schema{
 				Type:     schema.TypeString,
-				Default:  "projectPrivate",
+				Deprecated: "Please use resource \"storage_object_acl.predefined_acl\" instead.",
 				Optional: true,
 				ForceNew: true,
 			},
@@ -60,7 +60,6 @@ func resourceStorageBucketObjectCreate(d *schema.ResourceData, meta interface{})
 	bucket := d.Get("bucket").(string)
 	name := d.Get("name").(string)
 	source := d.Get("source").(string)
-	acl := d.Get("predefined_acl").(string)
 
 	file, err := os.Open(source)
 	if err != nil {
@@ -73,7 +72,10 @@ func resourceStorageBucketObjectCreate(d *schema.ResourceData, meta interface{})
 	insertCall := objectsService.Insert(bucket, object)
 	insertCall.Name(name)
 	insertCall.Media(file)
-	insertCall.PredefinedAcl(acl)
+	if v, ok := d.GetOk("predefined_acl"); ok {
+		insertCall.PredefinedAcl(v.(string))
+	}
+
 
 	_, err = insertCall.Do()
 
diff --git a/builtin/providers/google/resource_storage_object_acl.go b/builtin/providers/google/resource_storage_object_acl.go
new file mode 100644
index 0000000000..867453284a
--- /dev/null
+++ b/builtin/providers/google/resource_storage_object_acl.go
@@ -0,0 +1,254 @@
+package google
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"google.golang.org/api/storage/v1"
+)
+
+func resourceStorageObjectAcl() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceStorageObjectAclCreate,
+		Read:   resourceStorageObjectAclRead,
+		Update: resourceStorageObjectAclUpdate,
+		Delete: resourceStorageObjectAclDelete,
+
+		Schema: map[string]*schema.Schema{
+			"bucket": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"object": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"role_entity": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"predefined_acl": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func getObjectAclId(object string) string {
+	return object + "-acl"
+}
+
+func resourceStorageObjectAclCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+	object := d.Get("object").(string)
+
+	predefined_acl := ""
+	role_entity := make([]interface{}, 0)
+
+	if v, ok := d.GetOk("predefined_acl"); ok {
+		predefined_acl = v.(string)
+	}
+
+	if v, ok := d.GetOk("role_entity"); ok {
+		role_entity = v.([]interface{})
+	}
+
+	if len(predefined_acl) > 0 {
+		if len(role_entity) > 0 {
+			return fmt.Errorf("Error, you cannot specify both " +
+				"\"predefined_acl\" and \"role_entity\"");
+		}
+
+		res, err := config.clientStorage.Objects.Get(bucket, object).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error reading object %s: %v", bucket, err)
+		}
+
+		res, err = config.clientStorage.Objects.Update(bucket,object,
+			res).PredefinedAcl(predefined_acl).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error updating object %s: %v", bucket, err)
+		}
+
+		return resourceStorageBucketAclRead(d, meta);
+	} else if len(role_entity) > 0 {
+		for _, v := range(role_entity) {
+			pair, err := getRoleEntityPair(v.(string))
+
+			objectAccessControl := &storage.ObjectAccessControl{
+				Role:   pair.Role,
+				Entity: pair.Entity,
+			}
+
+			log.Printf("[DEBUG]: setting role = %s, entity = %s", pair.Role, pair.Entity)
+
+			_, err = config.clientStorage.ObjectAccessControls.Insert(bucket,
+				object, objectAccessControl).Do()
+
+			if err != nil {
+				return fmt.Errorf("Error setting ACL for %s on object %s: %v", pair.Entity, object, err)
+			}
+		}
+
+		return resourceStorageObjectAclRead(d, meta);
+	}
+
+	return fmt.Errorf("Error, you must specify either " +
+		"\"predefined_acl\" or \"role_entity\"");
+}
+
+
+func resourceStorageObjectAclRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+	object := d.Get("object").(string)
+
+	// Predefined ACLs cannot easily be parsed once they have been processed
+	// by the GCP server
+	if _, ok := d.GetOk("predefined_acl"); !ok {
+		role_entity := make([]interface{}, 0)
+		re_local := d.Get("role_entity").([]interface{})
+		re_local_map := make(map[string]string)
+		for _, v := range(re_local) {
+			res, err := getRoleEntityPair(v.(string))
+
+			if err != nil {
+				return fmt.Errorf(
+					"Old state has malformed Role/Entity pair: %v", err)
+			}
+
+			re_local_map[res.Entity] = res.Role
+		}
+
+		res, err := config.clientStorage.ObjectAccessControls.List(bucket, object).Do()
+
+		if err != nil {
+			return err
+		}
+
+		for _, v := range(res.Items) {
+			role := ""
+			entity := ""
+			for key, val := range (v.(map[string]interface{})) {
+				if key == "role" {
+					role = val.(string)
+				} else if key == "entity" {
+					entity = val.(string)
+				}
+			}
+			if _, in := re_local_map[entity]; in {
+				role_entity = append(role_entity, fmt.Sprintf("%s:%s", role, entity))
+				log.Printf("[DEBUG]: saving re %s-%s", role, entity)
+			}
+		}
+
+		d.Set("role_entity", role_entity)
+	}
+
+	d.SetId(getObjectAclId(object))
+	return nil
+}
+
+func resourceStorageObjectAclUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+	object := d.Get("object").(string)
+
+	if d.HasChange("role_entity") {
+		o, n := d.GetChange("role_entity")
+		old_re, new_re := o.([]interface{}), n.([]interface{})
+
+		old_re_map := make(map[string]string)
+		for _, v := range(old_re) {
+			res, err := getRoleEntityPair(v.(string))
+
+			if err != nil {
+				return fmt.Errorf(
+					"Old state has malformed Role/Entity pair: %v", err)
+			}
+
+			old_re_map[res.Entity] = res.Role
+		}
+
+		for _, v := range(new_re) {
+			pair, err := getRoleEntityPair(v.(string))
+
+			objectAccessControl := &storage.ObjectAccessControl{
+				Role:   pair.Role,
+				Entity: pair.Entity,
+			}
+
+			// If the old state is missing this entity, it needs to
+			// be created. Otherwise it is updated
+			if _, ok := old_re_map[pair.Entity]; ok {
+				_, err = config.clientStorage.ObjectAccessControls.Update(
+					bucket, object, pair.Entity, objectAccessControl).Do()
+			} else {
+				_, err = config.clientStorage.ObjectAccessControls.Insert(
+					bucket, object, objectAccessControl).Do()
+			}
+
+			// Now we only store the keys that have to be removed
+			delete(old_re_map, pair.Entity)
+
+			if err != nil {
+				return fmt.Errorf("Error updating ACL for object %s: %v", bucket, err)
+			}
+		}
+
+		for entity, _ := range(old_re_map) {
+			log.Printf("[DEBUG]: removing entity %s", entity)
+			err := config.clientStorage.ObjectAccessControls.Delete(bucket, object, entity).Do()
+
+			if err != nil {
+				return fmt.Errorf("Error updating ACL for object %s: %v", bucket, err)
+			}
+		}
+
+		return resourceStorageObjectAclRead(d, meta);
+	}
+
+	return nil
+}
+
+func resourceStorageObjectAclDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	bucket := d.Get("bucket").(string)
+	object := d.Get("object").(string)
+
+	re_local := d.Get("role_entity").([]interface{})
+	for _, v := range(re_local) {
+		res, err := getRoleEntityPair(v.(string))
+		if err != nil {
+			return err
+		}
+
+		entity := res.Entity
+
+		log.Printf("[DEBUG]: removing entity %s", entity)
+
+		err = config.clientStorage.ObjectAccessControls.Delete(bucket, object,
+			entity).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error deleting entity %s ACL: %s",
+				entity, err)
+		}
+	}
+
+	return nil
+}
diff --git a/builtin/providers/google/resource_storage_object_acl_test.go b/builtin/providers/google/resource_storage_object_acl_test.go
new file mode 100644
index 0000000000..f0154aca63
--- /dev/null
+++ b/builtin/providers/google/resource_storage_object_acl_test.go
@@ -0,0 +1,310 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+	"math/rand"
+	"io/ioutil"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+
+	//"google.golang.org/api/storage/v1"
+)
+
+var tfObjectAcl, errObjectAcl = ioutil.TempFile("", "tf-gce-test")
+var testAclObjectName = fmt.Sprintf("%s-%d", "tf-test-acl-object",
+	rand.New(rand.NewSource(time.Now().UnixNano())).Int())
+
+func TestAccGoogleStorageObjectAcl_basic(t *testing.T) {
+	objectData := []byte("data data data")
+	ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if errObjectAcl != nil {
+				panic(errObjectAcl)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageObjectAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasic1,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic1),
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+				),
+			},
+		},
+	})
+}
+
+func TestAccGoogleStorageObjectAcl_upgrade(t *testing.T) {
+	objectData := []byte("data data data")
+	ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if errObjectAcl != nil {
+				panic(errObjectAcl)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageObjectAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasic1,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic1),
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasic2,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic3_owner),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasicDelete,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
+						testAclObjectName, roleEntityBasic1),
+					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
+						testAclObjectName, roleEntityBasic3_reader),
+				),
+			},
+		},
+	})
+}
+
+func TestAccGoogleStorageObjectAcl_downgrade(t *testing.T) {
+	objectData := []byte("data data data")
+	ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if errObjectAcl != nil {
+				panic(errObjectAcl)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageObjectAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasic2,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic3_owner),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasic3,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
+						testAclObjectName, roleEntityBasic3_reader),
+				),
+			},
+
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclBasicDelete,
+				Check:  resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
+						testAclObjectName, roleEntityBasic1),
+					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
+						testAclObjectName, roleEntityBasic2),
+					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
+						testAclObjectName, roleEntityBasic3_reader),
+				),
+			},
+		},
+	})
+}
+
+func TestAccGoogleStorageObjectAcl_predefined(t *testing.T) {
+	objectData := []byte("data data data")
+	ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if errObjectAcl != nil {
+				panic(errObjectAcl)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageObjectAclDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageObjectsAclPredefined,
+			},
+		},
+	})
+}
+
+func testAccCheckGoogleStorageObjectAcl(bucket, object, roleEntityS string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		roleEntity, _ := getRoleEntityPair(roleEntityS)
+		config := testAccProvider.Meta().(*Config)
+
+		res, err := config.clientStorage.ObjectAccessControls.Get(bucket,
+			object, roleEntity.Entity).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error retrieving contents of acl for bucket %s: %s", bucket, err)
+		}
+
+		if (res.Role != roleEntity.Role) {
+			return fmt.Errorf("Error, Role mismatch %s != %s", res.Role, roleEntity.Role)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckGoogleStorageObjectAclDelete(bucket, object, roleEntityS string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		roleEntity, _ := getRoleEntityPair(roleEntityS)
+		config := testAccProvider.Meta().(*Config)
+
+		_, err := config.clientStorage.ObjectAccessControls.Get(bucket,
+			object, roleEntity.Entity).Do()
+
+		if err != nil {
+			return nil
+		}
+
+		return fmt.Errorf("Error, Entity still exists %s", roleEntity.Entity)
+	}
+}
+
+func testAccGoogleStorageObjectAclDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_storage_bucket_acl" {
+			continue
+		}
+
+		bucket := rs.Primary.Attributes["bucket"]
+		object := rs.Primary.Attributes["object"]
+
+		_, err := config.clientStorage.ObjectAccessControls.List(bucket, object).Do()
+
+		if err == nil {
+			return fmt.Errorf("Acl for bucket %s still exists", bucket)
+		}
+	}
+
+	return nil
+}
+
+var testGoogleStorageObjectsAclBasicDelete = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name = "%s"
+	bucket = "${google_storage_bucket.bucket.name}"
+	source = "%s"
+}
+
+resource "google_storage_object_acl" "acl" {
+	object = "${google_storage_bucket_object.object.name}"
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = []
+}
+`, testAclBucketName, testAclObjectName, tfObjectAcl.Name())
+
+var testGoogleStorageObjectsAclBasic1 = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name = "%s"
+	bucket = "${google_storage_bucket.bucket.name}"
+	source = "%s"
+}
+
+resource "google_storage_object_acl" "acl" {
+	object = "${google_storage_bucket_object.object.name}"
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = ["%s", "%s"]
+}
+`, testAclBucketName, testAclObjectName, tfObjectAcl.Name(),
+	roleEntityBasic1, roleEntityBasic2)
+
+var testGoogleStorageObjectsAclBasic2 = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name = "%s"
+	bucket = "${google_storage_bucket.bucket.name}"
+	source = "%s"
+}
+
+resource "google_storage_object_acl" "acl" {
+	object = "${google_storage_bucket_object.object.name}"
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = ["%s", "%s"]
+}
+`, testAclBucketName, testAclObjectName, tfObjectAcl.Name(),
+	roleEntityBasic2, roleEntityBasic3_owner)
+
+var testGoogleStorageObjectsAclBasic3 = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name = "%s"
+	bucket = "${google_storage_bucket.bucket.name}"
+	source = "%s"
+}
+
+resource "google_storage_object_acl" "acl" {
+	object = "${google_storage_bucket_object.object.name}"
+	bucket = "${google_storage_bucket.bucket.name}"
+	role_entity = ["%s", "%s"]
+}
+`, testAclBucketName, testAclObjectName, tfObjectAcl.Name(),
+	roleEntityBasic2,  roleEntityBasic3_reader)
+
+var testGoogleStorageObjectsAclPredefined = fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name = "%s"
+	bucket = "${google_storage_bucket.bucket.name}"
+	source = "%s"
+}
+
+resource "google_storage_object_acl" "acl" {
+	object = "${google_storage_bucket_object.object.name}"
+	bucket = "${google_storage_bucket.bucket.name}"
+	predefined_acl = "projectPrivate"
+}
+`, testAclBucketName, testAclObjectName, tfObjectAcl.Name())
diff --git a/website/source/docs/providers/google/r/storage_bucket.html.markdown b/website/source/docs/providers/google/r/storage_bucket.html.markdown
index a7eea21b13..2821e5588f 100644
--- a/website/source/docs/providers/google/r/storage_bucket.html.markdown
+++ b/website/source/docs/providers/google/r/storage_bucket.html.markdown
@@ -17,9 +17,8 @@ Example creating a private bucket in standard storage, in the EU region.
 
 ```
 resource "google_storage_bucket" "image-store" {
-    name = "image-store-bucket"
-    predefined_acl = "projectPrivate"
-    location = "EU"
+	name = "image-store-bucket"
+	location = "EU"
     website {
         main_page_suffix = "index.html"
         not_found_page = "404.html"
@@ -33,7 +32,8 @@ resource "google_storage_bucket" "image-store" {
 The following arguments are supported:
 
 * `name` - (Required) The name of the bucket.
-* `predefined_acl` - (Optional, Default: 'private') The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply.
+* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Please switch
+to `google_storage_bucket_acl.predefined_acl`.
 * `location` - (Optional, Default: 'US') The [GCS location](https://cloud.google.com/storage/docs/bucket-locations) 
 * `force_destroy` - (Optional, Default: false) When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run. 
 
diff --git a/website/source/docs/providers/google/r/storage_bucket_acl.html.markdown b/website/source/docs/providers/google/r/storage_bucket_acl.html.markdown
new file mode 100644
index 0000000000..b7734b065d
--- /dev/null
+++ b/website/source/docs/providers/google/r/storage_bucket_acl.html.markdown
@@ -0,0 +1,36 @@
+---
+layout: "google"
+page_title: "Google: google_storage_bucket_acl"
+sidebar_current: "docs-google-resource-storage-acl"
+description: |-
+  Creates a new bucket ACL in Google Cloud Storage.
+---
+
+# google\_storage\_bucket\_acl
+
+Creates a new bucket ACL in Google cloud storage service(GCS). 
+
+## Example Usage
+
+Example creating an ACL on a bucket with one owner, and one reader.
+
+```
+resource "google_storage_bucket" "image-store" {
+	name = "image-store-bucket"
+	location = "EU"
+}
+
+resource "google_storage_bucket_acl" "image-store-acl" {
+    bucket = "${google_storage_bucket.image_store.name}"
+    role_entity = ["OWNER:user-my.email@gmail.com", 
+        "READER:group-mygroup"]
+}
+
+```
+
+## Argument Reference
+
+* `bucket` - (Required) The name of the bucket it applies to.
+* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if both `role_entity` and `default_acl` are not.
+* `default_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply to future buckets. Must be set both `role_entity` and `predefined_acl` are not.
+* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Bucket ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls)  for more details. Must be set if both `predefined_acl` and `default_acl` are not.
diff --git a/website/source/docs/providers/google/r/storage_bucket_object.html.markdown b/website/source/docs/providers/google/r/storage_bucket_object.html.markdown
index 76e4b7c5d6..61b32823f5 100644
--- a/website/source/docs/providers/google/r/storage_bucket_object.html.markdown
+++ b/website/source/docs/providers/google/r/storage_bucket_object.html.markdown
@@ -20,7 +20,6 @@ resource "google_storage_bucket_object" "picture" {
 	name = "butterfly01"
     source = "/images/nature/garden-tiger-moth.jpg"
     bucket = "image-store"
-	predefined_acl = "publicRead"
 }
 
 ```
@@ -32,7 +31,8 @@ The following arguments are supported:
 * `name` - (Required) The name of the object.
 * `bucket` - (Required) The name of the containing bucket.
 * `source` - (Required) A path to the data you want to upload.
-* `predefined_acl` - (Optional, Default: 'projectPrivate') The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply.
+* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply. Please switch 
+to `google_storage_object_acl.predefined_acl`.
 
 ## Attributes Reference
 
diff --git a/website/source/docs/providers/google/r/storage_object_acl.html.markdown b/website/source/docs/providers/google/r/storage_object_acl.html.markdown
new file mode 100644
index 0000000000..9f04d48443
--- /dev/null
+++ b/website/source/docs/providers/google/r/storage_object_acl.html.markdown
@@ -0,0 +1,43 @@
+---
+layout: "google"
+page_title: "Google: google_storage_object_acl"
+sidebar_current: "docs-google-resource-storage-acl"
+description: |-
+  Creates a new object ACL in Google Cloud Storage.
+---
+
+# google\_storage\_object\_acl
+
+Creates a new object ACL in Google cloud storage service (GCS)
+
+## Example Usage
+
+Create an object ACL with one owner and one reader.
+
+```
+resource "google_storage_bucket" "image-store" {
+	name = "image-store-bucket"
+	location = "EU"
+}
+
+resource "google_storage_bucket_object" "image" {
+	name = "image1"
+    bucket = "${google_storage_bucket.name}"
+    source = "image1.jpg"
+}
+
+resource "google_storage_object_acl" "image-store-acl" {
+    bucket = "${google_storage_bucket.image_store.name}"
+    object = "${google_storage_bucket_object.image_store.name}"
+    role_entity = ["OWNER:user-my.email@gmail.com",
+        "READER:group-mygroup"]
+}
+
+```
+
+## Argument Reference
+
+* `bucket` - (Required) The name of the bucket it applies to.
+* `object` - (Required) The name of the object it applies to.
+* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `role_entity` is not.
+* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. Must be set if `predefined_acl` is not.
diff --git a/website/source/layouts/google.erb b/website/source/layouts/google.erb
index 46a9a61e13..d2f6d6b7a8 100644
--- a/website/source/layouts/google.erb
+++ b/website/source/layouts/google.erb
@@ -93,9 +93,17 @@
 			<a href="/docs/providers/google/r/storage_bucket.html">google_storage_bucket</a>
 			</li>
 
+			<li<%= sidebar_current("docs-google-resource-storage-bucket-acl") %>>
+			<a href="/docs/providers/google/r/storage_bucket_acl.html">google_storage_bucket_acl</a>
+			</li>
+
 			<li<%= sidebar_current("docs-google-resource-storage-bucket-object") %>>
 			<a href="/docs/providers/google/r/storage_bucket_object.html">google_storage_bucket_object</a>
 			</li>
+
+			<li<%= sidebar_current("docs-google-resource-storage-object-acl") %>>
+			<a href="/docs/providers/google/r/storage_object_acl.html">google_storage_object_acl</a>
+			</li>
 		</ul>
 		</li>
 	</ul>

From 4e3179cf31936e2899085b99d52bb71251c96e2e Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Tue, 6 Oct 2015 14:53:06 -0400
Subject: [PATCH 125/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e65fcfe02..3fd01bc0f8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ FEATURES:
   * **New resources: `aws_cloudwatch_log_group`** [GH-2415]
   * **New resource: `google_storage_bucket_object`** [GH-3192]
   * **New resources: `google_compute_vpn_gateway`, `google_compute_vpn_tunnel`** [GH-3213]
+  * **New resources: `google_storage_bucket_acl`, `google_storage_object_acl`** [GH-3272]
   * **New resource: `aws_iam_saml_provider`** [GH-3156]
   * **New resources: `aws_efs_file_system` and `aws_efs_mount_target`** [GH-2196]
 
@@ -29,6 +30,7 @@ IMPROVEMENTS:
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
+  * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]
   * remote/s3: Allow canned ACLs to be set on state objects. [GH-3233]
 
 BUG FIXES:

From 82946d8eb17192be5c48e81ee35b76b2c6ca4966 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 6 Oct 2015 14:58:21 -0500
Subject: [PATCH 126/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3fd01bc0f8..d918241a61 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ FEATURES:
   * **New provider: `rundeck`** [GH-2412]
   * **New resource: `cloudstack_loadbalancer_rule`** [GH-2934]
   * **New resource: `google_compute_project_metadata`** [GH-3065]
-  * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2874]
+  * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2784]
   * **New resources: `aws_cloudwatch_log_group`** [GH-2415]
   * **New resource: `google_storage_bucket_object`** [GH-3192]
   * **New resources: `google_compute_vpn_gateway`, `google_compute_vpn_tunnel`** [GH-3213]

From e635d40bd2cfa304283e7dae0afcff2a04955a90 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 6 Oct 2015 15:25:41 -0500
Subject: [PATCH 127/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d918241a61..7019444c0a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ FEATURES:
   * **New resources: `google_storage_bucket_acl`, `google_storage_object_acl`** [GH-3272]
   * **New resource: `aws_iam_saml_provider`** [GH-3156]
   * **New resources: `aws_efs_file_system` and `aws_efs_mount_target`** [GH-2196]
+  * **New resources: `aws_opsworks_*`** [GH-2162]
 
 IMPROVEMENTS:
 

From 5739c4869ca586e4ebf878e2687ef81ce488c327 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 4 Aug 2015 16:24:55 -0500
Subject: [PATCH 128/335] provider/aws: Docs for RDS Cluster, Cluster Instance

---
 builtin/providers/aws/provider.go             |   2 +
 .../providers/aws/resource_aws_db_instance.go |  28 +-
 .../providers/aws/resource_aws_rds_cluster.go | 319 ++++++++++++++++++
 .../aws/resource_aws_rds_cluster_instance.go  | 210 ++++++++++++
 .../resource_aws_rds_cluster_instance_test.go | 127 +++++++
 .../aws/resource_aws_rds_cluster_test.go      | 102 ++++++
 builtin/providers/aws/structure.go            |  22 ++
 builtin/providers/aws/tagsRDS.go              |  22 +-
 website/Gemfile.lock                          |   3 -
 .../providers/aws/r/rds_cluster.html.markdown |  85 +++++
 .../aws/r/rds_cluster_instance.html.markdown  |  87 +++++
 website/source/layouts/aws.erb                |  11 +-
 12 files changed, 987 insertions(+), 31 deletions(-)
 create mode 100644 builtin/providers/aws/resource_aws_rds_cluster.go
 create mode 100644 builtin/providers/aws/resource_aws_rds_cluster_instance.go
 create mode 100644 builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
 create mode 100644 builtin/providers/aws/resource_aws_rds_cluster_test.go
 create mode 100644 website/source/docs/providers/aws/r/rds_cluster.html.markdown
 create mode 100644 website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 3b5aa67ad4..cf89db0b7a 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -219,6 +219,8 @@ func Provider() terraform.ResourceProvider {
 			"aws_opsworks_ganglia_layer":       resourceAwsOpsworksGangliaLayer(),
 			"aws_opsworks_custom_layer":        resourceAwsOpsworksCustomLayer(),
 			"aws_proxy_protocol_policy":        resourceAwsProxyProtocolPolicy(),
+                        "aws_rds_cluster":                  resourceAwsRDSCluster(),
+                        "aws_rds_cluster_instance":         resourceAwsRDSClusterInstance(),
 			"aws_route53_delegation_set":       resourceAwsRoute53DelegationSet(),
 			"aws_route53_record":               resourceAwsRoute53Record(),
 			"aws_route53_zone_association":     resourceAwsRoute53ZoneAssociation(),
diff --git a/builtin/providers/aws/resource_aws_db_instance.go b/builtin/providers/aws/resource_aws_db_instance.go
index afe7635008..60b3dd329c 100644
--- a/builtin/providers/aws/resource_aws_db_instance.go
+++ b/builtin/providers/aws/resource_aws_db_instance.go
@@ -75,29 +75,10 @@ func resourceAwsDbInstance() *schema.Resource {
 			},
 
 			"identifier": &schema.Schema{
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
-				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
-					value := v.(string)
-					if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"only lowercase alphanumeric characters and hyphens allowed in %q", k))
-					}
-					if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"first character of %q must be a letter", k))
-					}
-					if regexp.MustCompile(`--`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot contain two consecutive hyphens", k))
-					}
-					if regexp.MustCompile(`-$`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot end with a hyphen", k))
-					}
-					return
-				},
+                                Type:         schema.TypeString,
+                                Required:     true,
+                                ForceNew:     true,
+                                ValidateFunc: validateRdsId,
 			},
 
 			"instance_class": &schema.Schema{
@@ -524,7 +505,6 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
 		if v.DBName != nil && *v.DBName != "" {
 			name = *v.DBName
 		}
-
 		log.Printf("[DEBUG] Error building ARN for DB Instance, not setting Tags for DB %s", name)
 	} else {
 		resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
diff --git a/builtin/providers/aws/resource_aws_rds_cluster.go b/builtin/providers/aws/resource_aws_rds_cluster.go
new file mode 100644
index 0000000000..0e3d9339a4
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_rds_cluster.go
@@ -0,0 +1,319 @@
+package aws
+
+import (
+        "fmt"
+        "log"
+        "time"
+
+        "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/aws/awserr"
+        "github.com/aws/aws-sdk-go/service/rds"
+        "github.com/hashicorp/terraform/helper/resource"
+        "github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsRDSCluster() *schema.Resource {
+        return &schema.Resource{
+                Create: resourceAwsRDSClusterCreate,
+                Read:   resourceAwsRDSClusterRead,
+                Update: resourceAwsRDSClusterUpdate,
+                Delete: resourceAwsRDSClusterDelete,
+
+                Schema: map[string]*schema.Schema{
+
+                        "availability_zones": &schema.Schema{
+                                Type:     schema.TypeSet,
+                                Elem:     &schema.Schema{Type: schema.TypeString},
+                                Optional: true,
+                                ForceNew: true,
+                                Computed: true,
+                                Set:      schema.HashString,
+                        },
+
+                        "cluster_identifier": &schema.Schema{
+                                Type:         schema.TypeString,
+                                Required:     true,
+                                ForceNew:     true,
+                                ValidateFunc: validateRdsId,
+                        },
+
+                        "cluster_members": &schema.Schema{
+                                Type:     schema.TypeSet,
+                                Elem:     &schema.Schema{Type: schema.TypeString},
+                                Optional: true,
+                                Computed: true,
+                                Set:      schema.HashString,
+                        },
+
+                        "database_name": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                Computed: true,
+                                ForceNew: true,
+                        },
+
+                        "db_subnet_group_name": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                ForceNew: true,
+                                Computed: true,
+                        },
+
+                        "endpoint": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Computed: true,
+                        },
+
+                        "engine": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Computed: true,
+                        },
+
+                        "master_username": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Required: true,
+                                ForceNew: true,
+                        },
+
+                        "master_password": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Required: true,
+                        },
+
+                        "port": &schema.Schema{
+                                Type:     schema.TypeInt,
+                                Optional: true,
+                                Computed: true,
+                        },
+
+                        // apply_immediately is used to determine when the update modifications
+                        // take place.
+                        // See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html
+                        "apply_immediately": &schema.Schema{
+                                Type:     schema.TypeBool,
+                                Optional: true,
+                                Computed: true,
+                        },
+
+                        "vpc_security_group_ids": &schema.Schema{
+                                Type:     schema.TypeSet,
+                                Optional: true,
+                                Computed: true,
+                                Elem:     &schema.Schema{Type: schema.TypeString},
+                                Set:      schema.HashString,
+                        },
+                },
+        }
+}
+
+func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+
+        createOpts := &rds.CreateDBClusterInput{
+                DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
+                Engine:              aws.String("aurora"),
+                MasterUserPassword:  aws.String(d.Get("master_password").(string)),
+                MasterUsername:      aws.String(d.Get("master_username").(string)),
+        }
+
+        if v := d.Get("database_name"); v.(string) != "" {
+                createOpts.DatabaseName = aws.String(v.(string))
+        }
+
+        if attr, ok := d.GetOk("port"); ok {
+                createOpts.Port = aws.Int64(int64(attr.(int)))
+        }
+
+        if attr, ok := d.GetOk("db_subnet_group_name"); ok {
+                createOpts.DBSubnetGroupName = aws.String(attr.(string))
+        }
+
+        if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
+                createOpts.VpcSecurityGroupIds = expandStringList(attr.List())
+        }
+
+        if attr := d.Get("availability_zones").(*schema.Set); attr.Len() > 0 {
+                createOpts.AvailabilityZones = expandStringList(attr.List())
+        }
+
+        log.Printf("[DEBUG] RDS Cluster create options: %s", createOpts)
+        resp, err := conn.CreateDBCluster(createOpts)
+        if err != nil {
+                log.Printf("[ERROR] Error creating RDS Cluster: %s", err)
+                return err
+        }
+
+        log.Printf("[DEBUG]: Cluster create response: %s", resp)
+        d.SetId(*resp.DBCluster.DBClusterIdentifier)
+        stateConf := &resource.StateChangeConf{
+                Pending:    []string{"creating", "backing-up", "modifying"},
+                Target:     "available",
+                Refresh:    resourceAwsRDSClusterStateRefreshFunc(d, meta),
+                Timeout:    5 * time.Minute,
+                MinTimeout: 3 * time.Second,
+        }
+
+        // Wait, catching any errors
+        _, err = stateConf.WaitForState()
+        if err != nil {
+                return fmt.Errorf("[WARN] Error waiting for RDS Cluster state to be \"available\": %s", err)
+        }
+
+        return resourceAwsRDSClusterRead(d, meta)
+}
+
+func resourceAwsRDSClusterRead(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+
+        resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+                DBClusterIdentifier: aws.String(d.Id()),
+                // final snapshot identifier
+        })
+
+        if err != nil {
+                if awsErr, ok := err.(awserr.Error); ok {
+                        if "DBClusterNotFoundFault" == awsErr.Code() {
+                                d.SetId("")
+                                log.Printf("[DEBUG] RDS Cluster (%s) not found", d.Id())
+                                return nil
+                        }
+                }
+                log.Printf("[DEBUG] Error describing RDS Cluster (%s)", d.Id())
+                return err
+        }
+
+        var dbc *rds.DBCluster
+        for _, c := range resp.DBClusters {
+                if *c.DBClusterIdentifier == d.Id() {
+                        dbc = c
+                }
+        }
+
+        if dbc == nil {
+                log.Printf("[WARN] RDS Cluster (%s) not found", d.Id())
+                d.SetId("")
+                return nil
+        }
+
+        if err := d.Set("availability_zones", aws.StringValueSlice(dbc.AvailabilityZones)); err != nil {
+                return fmt.Errorf("[DEBUG] Error saving AvailabilityZones to state for RDS Cluster (%s): %s", d.Id(), err)
+        }
+        d.Set("database_name", dbc.DatabaseName)
+        d.Set("db_subnet_group_name", dbc.DBSubnetGroup)
+        d.Set("endpoint", dbc.Endpoint)
+        d.Set("engine", dbc.Engine)
+        d.Set("master_username", dbc.MasterUsername)
+        d.Set("port", dbc.Port)
+
+        var vpcg []string
+        for _, g := range dbc.VpcSecurityGroups {
+                vpcg = append(vpcg, *g.VpcSecurityGroupId)
+        }
+        if err := d.Set("vpc_security_group_ids", vpcg); err != nil {
+                return fmt.Errorf("[DEBUG] Error saving VPC Security Group IDs to state for RDS Cluster (%s): %s", d.Id(), err)
+        }
+
+        var cm []string
+        for _, m := range dbc.DBClusterMembers {
+                cm = append(cm, *m.DBInstanceIdentifier)
+        }
+        if err := d.Set("cluster_members", cm); err != nil {
+                return fmt.Errorf("[DEBUG] Error saving RDS Cluster Members to state for RDS Cluster (%s): %s", d.Id(), err)
+        }
+
+        return nil
+}
+
+func resourceAwsRDSClusterUpdate(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+
+        req := &rds.ModifyDBClusterInput{
+                ApplyImmediately:    aws.Bool(d.Get("apply_immediately").(bool)),
+                DBClusterIdentifier: aws.String(d.Id()),
+        }
+
+        if d.HasChange("master_password") {
+                req.MasterUserPassword = aws.String(d.Get("master_password").(string))
+        }
+
+        if d.HasChange("vpc_security_group_ids") {
+                if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
+                        req.VpcSecurityGroupIds = expandStringList(attr.List())
+                } else {
+                        req.VpcSecurityGroupIds = []*string{}
+                }
+        }
+
+        _, err := conn.ModifyDBCluster(req)
+        if err != nil {
+                return fmt.Errorf("[WARN] Error modifying RDS Cluster (%s): %s", d.Id(), err)
+        }
+
+        return resourceAwsRDSClusterRead(d, meta)
+}
+
+func resourceAwsRDSClusterDelete(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+        log.Printf("[DEBUG] Destroying RDS Cluster (%s)", d.Id())
+
+        _, err := conn.DeleteDBCluster(&rds.DeleteDBClusterInput{
+                DBClusterIdentifier: aws.String(d.Id()),
+                SkipFinalSnapshot:   aws.Bool(true),
+                // final snapshot identifier
+        })
+
+        stateConf := &resource.StateChangeConf{
+                Pending:    []string{"deleting", "backing-up", "modifying"},
+                Target:     "destroyed",
+                Refresh:    resourceAwsRDSClusterStateRefreshFunc(d, meta),
+                Timeout:    5 * time.Minute,
+                MinTimeout: 3 * time.Second,
+        }
+
+        // Wait, catching any errors
+        _, err = stateConf.WaitForState()
+        if err != nil {
+                return fmt.Errorf("[WARN] Error deleting RDS Cluster (%s): %s", d.Id(), err)
+        }
+
+        return nil
+}
+
+func resourceAwsRDSClusterStateRefreshFunc(
+        d *schema.ResourceData, meta interface{}) resource.StateRefreshFunc {
+        return func() (interface{}, string, error) {
+                conn := meta.(*AWSClient).rdsconn
+
+                resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+                        DBClusterIdentifier: aws.String(d.Id()),
+                })
+
+                if err != nil {
+                        if awsErr, ok := err.(awserr.Error); ok {
+                                if "DBClusterNotFoundFault" == awsErr.Code() {
+                                        return 42, "destroyed", nil
+                                }
+                        }
+                        log.Printf("[WARN] Error on retrieving DB Cluster (%s) when waiting: %s", d.Id(), err)
+                        return nil, "", err
+                }
+
+                var dbc *rds.DBCluster
+
+                for _, c := range resp.DBClusters {
+                        if *c.DBClusterIdentifier == d.Id() {
+                                dbc = c
+                        }
+                }
+
+                if dbc == nil {
+                        return 42, "destroyed", nil
+                }
+
+                if dbc.Status != nil {
+                        log.Printf("[DEBUG] DB Cluster status (%s): %s", d.Id(), *dbc.Status)
+                }
+
+                return dbc, *dbc.Status, nil
+        }
+}
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance.go b/builtin/providers/aws/resource_aws_rds_cluster_instance.go
new file mode 100644
index 0000000000..27a82b8978
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_rds_cluster_instance.go
@@ -0,0 +1,210 @@
+package aws
+
+import (
+        "fmt"
+        "log"
+        "time"
+
+        "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/service/rds"
+        "github.com/hashicorp/terraform/helper/resource"
+        "github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsRDSClusterInstance() *schema.Resource {
+        return &schema.Resource{
+                Create: resourceAwsRDSClusterInstanceCreate,
+                Read:   resourceAwsRDSClusterInstanceRead,
+                Update: resourceAwsRDSClusterInstanceUpdate,
+                Delete: resourceAwsRDSClusterInstanceDelete,
+
+                Schema: map[string]*schema.Schema{
+                        "identifier": &schema.Schema{
+                                Type:         schema.TypeString,
+                                Optional:     true,
+                                ForceNew:     true,
+                                ValidateFunc: validateRdsId,
+                        },
+
+                        "db_subnet_group_name": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                ForceNew: true,
+                                Computed: true,
+                        },
+
+                        "writer": &schema.Schema{
+                                Type:     schema.TypeBool,
+                                Computed: true,
+                        },
+
+                        "cluster_identifier": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Required: true,
+                                ForceNew: true,
+                        },
+
+                        "endpoint": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Computed: true,
+                        },
+
+                        "port": &schema.Schema{
+                                Type:     schema.TypeInt,
+                                Computed: true,
+                        },
+
+                        "instance_class": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Required: true,
+                                ForceNew: true,
+                        },
+
+                        "tags": tagsSchema(),
+                },
+        }
+}
+
+func resourceAwsRDSClusterInstanceCreate(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+        tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
+
+        createOpts := &rds.CreateDBInstanceInput{
+                DBInstanceClass:     aws.String(d.Get("instance_class").(string)),
+                DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
+                Engine:              aws.String("aurora"),
+                Tags:                tags,
+        }
+
+        if v := d.Get("identifier").(string); v != "" {
+                createOpts.DBInstanceIdentifier = aws.String(v)
+        } else {
+                createOpts.DBInstanceIdentifier = aws.String(resource.UniqueId())
+        }
+
+        if attr, ok := d.GetOk("db_subnet_group_name"); ok {
+                createOpts.DBSubnetGroupName = aws.String(attr.(string))
+        }
+
+        log.Printf("[DEBUG] Creating RDS DB Instance opts: %s", createOpts)
+        resp, err := conn.CreateDBInstance(createOpts)
+        if err != nil {
+                return err
+        }
+
+        d.SetId(*resp.DBInstance.DBInstanceIdentifier)
+
+        // reuse db_instance refresh func
+        stateConf := &resource.StateChangeConf{
+                Pending:    []string{"creating", "backing-up", "modifying"},
+                Target:     "available",
+                Refresh:    resourceAwsDbInstanceStateRefreshFunc(d, meta),
+                Timeout:    40 * time.Minute,
+                MinTimeout: 10 * time.Second,
+                Delay:      10 * time.Second,
+        }
+
+        // Wait, catching any errors
+        _, err = stateConf.WaitForState()
+        if err != nil {
+                return err
+        }
+
+        return resourceAwsRDSClusterInstanceRead(d, meta)
+}
+
+func resourceAwsRDSClusterInstanceRead(d *schema.ResourceData, meta interface{}) error {
+        db, err := resourceAwsDbInstanceRetrieve(d, meta)
+        if err != nil {
+                log.Printf("[WARN] Error on retrieving RDS Cluster Instance (%s): %s", d.Id(), err)
+                d.SetId("")
+                return nil
+        }
+
+        // Retreive DB Cluster information, to determine if this Instance is a writer
+        conn := meta.(*AWSClient).rdsconn
+        resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+                DBClusterIdentifier: db.DBClusterIdentifier,
+        })
+
+        var dbc *rds.DBCluster
+        for _, c := range resp.DBClusters {
+                if *c.DBClusterIdentifier == *db.DBClusterIdentifier {
+                        dbc = c
+                }
+        }
+
+        if dbc == nil {
+                return fmt.Errorf("[WARN] Error finding RDS Cluster (%s) for Cluster Instance (%s): %s",
+                        *db.DBClusterIdentifier, *db.DBInstanceIdentifier, err)
+        }
+
+        for _, m := range dbc.DBClusterMembers {
+                if *db.DBInstanceIdentifier == *m.DBInstanceIdentifier {
+                        if *m.IsClusterWriter == true {
+                                d.Set("writer", true)
+                        } else {
+                                d.Set("writer", false)
+                        }
+                }
+        }
+
+        if db.Endpoint != nil {
+                d.Set("endpoint", db.Endpoint.Address)
+                d.Set("port", db.Endpoint.Port)
+        }
+
+        // Fetch and save tags
+        arn, err := buildRDSARN(d, meta)
+        if err != nil {
+                log.Printf("[DEBUG] Error building ARN for RDS Cluster Instance (%s), not setting Tags", *db.DBInstanceIdentifier)
+        } else {
+                if err := saveTagsRDS(conn, d, arn); err != nil {
+                        log.Printf("[WARN] Failed to save tags for RDS Cluster Instance (%s): %s", *db.DBClusterIdentifier, err)
+                }
+        }
+
+        return nil
+}
+
+func resourceAwsRDSClusterInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+
+        if arn, err := buildRDSARN(d, meta); err == nil {
+                if err := setTagsRDS(conn, d, arn); err != nil {
+                        return err
+                }
+        }
+
+        return resourceAwsRDSClusterInstanceRead(d, meta)
+}
+
+func resourceAwsRDSClusterInstanceDelete(d *schema.ResourceData, meta interface{}) error {
+        conn := meta.(*AWSClient).rdsconn
+
+        log.Printf("[DEBUG] RDS Cluster Instance destroy: %v", d.Id())
+
+        opts := rds.DeleteDBInstanceInput{DBInstanceIdentifier: aws.String(d.Id())}
+
+        log.Printf("[DEBUG] RDS Cluster Instance destroy configuration: %s", opts)
+        if _, err := conn.DeleteDBInstance(&opts); err != nil {
+                return err
+        }
+
+        // re-uses db_instance refresh func
+        log.Println("[INFO] Waiting for RDS Cluster Instance to be destroyed")
+        stateConf := &resource.StateChangeConf{
+                Pending:    []string{"modifying", "deleting"},
+                Target:     "",
+                Refresh:    resourceAwsDbInstanceStateRefreshFunc(d, meta),
+                Timeout:    40 * time.Minute,
+                MinTimeout: 10 * time.Second,
+        }
+
+        if _, err := stateConf.WaitForState(); err != nil {
+                return err
+        }
+
+        return nil
+
+}
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
new file mode 100644
index 0000000000..aff6aa786f
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
@@ -0,0 +1,127 @@
+package aws
+
+import (
+        "fmt"
+        "math/rand"
+        "strings"
+        "testing"
+        "time"
+
+        "github.com/hashicorp/terraform/helper/resource"
+        "github.com/hashicorp/terraform/terraform"
+
+        "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/service/rds"
+)
+
+func TestAccAWSRDSClusterInstance_basic(t *testing.T) {
+        var v rds.DBInstance
+
+        resource.Test(t, resource.TestCase{
+                PreCheck:     func() { testAccPreCheck(t) },
+                Providers:    testAccProviders,
+                CheckDestroy: testAccCheckAWSClusterDestroy,
+                Steps: []resource.TestStep{
+                        resource.TestStep{
+                                Config: testAccAWSClusterInstanceConfig,
+                                Check: resource.ComposeTestCheckFunc(
+                                        testAccCheckAWSClusterInstanceExists("aws_rds_cluster_instance.cluster_instances", &v),
+                                        testAccCheckAWSDBClusterInstanceAttributes(&v),
+                                ),
+                        },
+                },
+        })
+}
+
+func testAccCheckAWSClusterInstanceDestroy(s *terraform.State) error {
+        for _, rs := range s.RootModule().Resources {
+                if rs.Type != "aws_rds_cluster" {
+                        continue
+                }
+
+                // Try to find the Group
+                conn := testAccProvider.Meta().(*AWSClient).rdsconn
+                var err error
+                resp, err := conn.DescribeDBInstances(
+                        &rds.DescribeDBInstancesInput{
+                                DBInstanceIdentifier: aws.String(rs.Primary.ID),
+                        })
+
+                if err == nil {
+                        if len(resp.DBInstances) != 0 &&
+                                *resp.DBInstances[0].DBInstanceIdentifier == rs.Primary.ID {
+                                return fmt.Errorf("DB Cluster Instance %s still exists", rs.Primary.ID)
+                        }
+                }
+
+                //check for an expected "Cluster not found" type error
+                return err
+
+        }
+
+        return nil
+}
+
+func testAccCheckAWSDBClusterInstanceAttributes(v *rds.DBInstance) resource.TestCheckFunc {
+        return func(s *terraform.State) error {
+
+                if *v.Engine != "aurora" {
+                        return fmt.Errorf("bad engine, expected \"aurora\": %#v", *v.Engine)
+                }
+
+                if !strings.HasPrefix(*v.DBClusterIdentifier, "tf-aurora-cluster") {
+                        return fmt.Errorf("Bad Cluster Identifier prefix:\nexpected: %s\ngot: %s", "tf-aurora-cluster", *v.DBClusterIdentifier)
+                }
+
+                return nil
+        }
+}
+
+func testAccCheckAWSClusterInstanceExists(n string, v *rds.DBInstance) resource.TestCheckFunc {
+        return func(s *terraform.State) error {
+                rs, ok := s.RootModule().Resources[n]
+                if !ok {
+                        return fmt.Errorf("Not found: %s", n)
+                }
+
+                if rs.Primary.ID == "" {
+                        return fmt.Errorf("No DB Instance ID is set")
+                }
+
+                conn := testAccProvider.Meta().(*AWSClient).rdsconn
+                resp, err := conn.DescribeDBInstances(&rds.DescribeDBInstancesInput{
+                        DBInstanceIdentifier: aws.String(rs.Primary.ID),
+                })
+
+                if err != nil {
+                        return err
+                }
+
+                for _, d := range resp.DBInstances {
+                        if *d.DBInstanceIdentifier == rs.Primary.ID {
+                                *v = *d
+                                return nil
+                        }
+                }
+
+                return fmt.Errorf("DB Cluster (%s) not found", rs.Primary.ID)
+        }
+}
+
+// Add some random to the name, to avoid collision
+var testAccAWSClusterInstanceConfig = fmt.Sprintf(`
+resource "aws_rds_cluster" "default" {
+  cluster_identifier = "tf-aurora-cluster-test-%d"
+  availability_zones = ["us-west-2a","us-west-2b","us-west-2c"]
+  database_name = "mydb"
+  master_username = "foo"
+  master_password = "mustbeeightcharaters"
+}
+
+resource "aws_rds_cluster_instance" "cluster_instances" {
+  identifier = "aurora-cluster-test-instance"
+        cluster_identifier = "${aws_rds_cluster.default.id}"
+  instance_class = "db.r3.large"
+}
+
+`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_test.go b/builtin/providers/aws/resource_aws_rds_cluster_test.go
new file mode 100644
index 0000000000..18ffa7bf20
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_rds_cluster_test.go
@@ -0,0 +1,102 @@
+package aws
+
+import (
+        "fmt"
+        "math/rand"
+        "testing"
+        "time"
+
+        "github.com/hashicorp/terraform/helper/resource"
+        "github.com/hashicorp/terraform/terraform"
+
+        "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/service/rds"
+)
+
+func TestAccAWSRDSCluster_basic(t *testing.T) {
+        var v rds.DBCluster
+
+        resource.Test(t, resource.TestCase{
+                PreCheck:     func() { testAccPreCheck(t) },
+                Providers:    testAccProviders,
+                CheckDestroy: testAccCheckAWSClusterDestroy,
+                Steps: []resource.TestStep{
+                        resource.TestStep{
+                                Config: testAccAWSClusterConfig,
+                                Check: resource.ComposeTestCheckFunc(
+                                        testAccCheckAWSClusterExists("aws_rds_cluster.default", &v),
+                                ),
+                        },
+                },
+        })
+}
+
+func testAccCheckAWSClusterDestroy(s *terraform.State) error {
+        for _, rs := range s.RootModule().Resources {
+                if rs.Type != "aws_rds_cluster" {
+                        continue
+                }
+
+                // Try to find the Group
+                conn := testAccProvider.Meta().(*AWSClient).rdsconn
+                var err error
+                resp, err := conn.DescribeDBClusters(
+                        &rds.DescribeDBClustersInput{
+                                DBClusterIdentifier: aws.String(rs.Primary.ID),
+                        })
+
+                if err == nil {
+                        if len(resp.DBClusters) != 0 &&
+                                *resp.DBClusters[0].DBClusterIdentifier == rs.Primary.ID {
+                                return fmt.Errorf("DB Cluster %s still exists", rs.Primary.ID)
+                        }
+                }
+
+                // check for an expected "Cluster not found" type error
+                return err
+
+        }
+
+        return nil
+}
+
+func testAccCheckAWSClusterExists(n string, v *rds.DBCluster) resource.TestCheckFunc {
+        return func(s *terraform.State) error {
+                rs, ok := s.RootModule().Resources[n]
+                if !ok {
+                        return fmt.Errorf("Not found: %s", n)
+                }
+
+                if rs.Primary.ID == "" {
+                        return fmt.Errorf("No DB Instance ID is set")
+                }
+
+                conn := testAccProvider.Meta().(*AWSClient).rdsconn
+                resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+                        DBClusterIdentifier: aws.String(rs.Primary.ID),
+                })
+
+                if err != nil {
+                        return err
+                }
+
+                for _, c := range resp.DBClusters {
+                        if *c.DBClusterIdentifier == rs.Primary.ID {
+                                *v = *c
+                                return nil
+                        }
+                }
+
+                return fmt.Errorf("DB Cluster (%s) not found", rs.Primary.ID)
+        }
+}
+
+// Add some random to the name, to avoid collision
+var testAccAWSClusterConfig = fmt.Sprintf(`
+resource "aws_rds_cluster" "default" {
+  cluster_identifier = "tf-aurora-cluster-%d"
+  availability_zones = ["us-west-2a","us-west-2b","us-west-2c"]
+  database_name = "mydb"
+  master_username = "foo"
+  master_password = "mustbeeightcharaters"
+}`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index d736e0ad5a..d8dd6af65f 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+        "regexp"
 	"sort"
 	"strings"
 
@@ -457,3 +458,24 @@ func expandResourceRecords(recs []interface{}, typeStr string) []*route53.Resour
 	}
 	return records
 }
+
+func validateRdsId(v interface{}, k string) (ws []string, errors []error) {
+        value := v.(string)
+        if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
+                errors = append(errors, fmt.Errorf(
+                        "only lowercase alphanumeric characters and hyphens allowed in %q", k))
+        }
+        if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
+                errors = append(errors, fmt.Errorf(
+                        "first character of %q must be a letter", k))
+        }
+        if regexp.MustCompile(`--`).MatchString(value) {
+                errors = append(errors, fmt.Errorf(
+                        "%q cannot contain two consecutive hyphens", k))
+        }
+        if regexp.MustCompile(`-$`).MatchString(value) {
+                errors = append(errors, fmt.Errorf(
+                        "%q cannot end with a hyphen", k))
+        }
+        return
+}
diff --git a/builtin/providers/aws/tagsRDS.go b/builtin/providers/aws/tagsRDS.go
index 3e4e0c7009..7ba0ee903e 100644
--- a/builtin/providers/aws/tagsRDS.go
+++ b/builtin/providers/aws/tagsRDS.go
@@ -1,6 +1,7 @@
 package aws
 
 import (
+        "fmt"
 	"log"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -19,7 +20,7 @@ func setTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
 
 		// Set tags
 		if len(remove) > 0 {
-			log.Printf("[DEBUG] Removing tags: %#v", remove)
+                        log.Printf("[DEBUG] Removing tags: %s", remove)
 			k := make([]*string, len(remove), len(remove))
 			for i, t := range remove {
 				k[i] = t.Key
@@ -34,7 +35,7 @@ func setTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
 			}
 		}
 		if len(create) > 0 {
-			log.Printf("[DEBUG] Creating tags: %#v", create)
+                        log.Printf("[DEBUG] Creating tags: %s", create)
 			_, err := conn.AddTagsToResource(&rds.AddTagsToResourceInput{
 				ResourceName: aws.String(arn),
 				Tags:         create,
@@ -93,3 +94,20 @@ func tagsToMapRDS(ts []*rds.Tag) map[string]string {
 
 	return result
 }
+
+func saveTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
+        resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
+                ResourceName: aws.String(arn),
+        })
+
+        if err != nil {
+                return fmt.Errorf("[DEBUG] Error retreiving tags for ARN: %s", arn)
+        }
+
+        var dt []*rds.Tag
+        if len(resp.TagList) > 0 {
+                dt = resp.TagList
+        }
+
+        return d.Set("tags", tagsToMapRDS(dt))
+}
diff --git a/website/Gemfile.lock b/website/Gemfile.lock
index fac790740e..cff5dfa3e9 100644
--- a/website/Gemfile.lock
+++ b/website/Gemfile.lock
@@ -186,6 +186,3 @@ PLATFORMS
 
 DEPENDENCIES
   middleman-hashicorp!
-
-BUNDLED WITH
-   1.10.6
diff --git a/website/source/docs/providers/aws/r/rds_cluster.html.markdown b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
new file mode 100644
index 0000000000..2490e85296
--- /dev/null
+++ b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
@@ -0,0 +1,85 @@
+---
+layout: "aws"
+page_title: "AWS: aws_rds_cluster"
+sidebar_current: "docs-aws-resource-rds-cluster"
+description: |-
+  Provides an RDS Cluster Resource
+---
+
+# aws\_rds\_cluster
+
+Provides an RDS Cluster Resource. A Cluster Resource defines attributes that are
+applied to the entire cluster of [RDS Cluster Instances][3]. Use the RDS Cluster
+resource and RDS Cluster Instances to create and use Amazon Aurora, a MySQL-compatible
+database engine.
+
+For more information on Amazon Aurora, see [Aurora on Amazon RDS][2] in the Amazon RDS User Guide.
+
+## Example Usage
+
+```
+resource "aws_rds_cluster" "default" {
+  cluster_identifier = "aurora-cluster-demo"
+  availability_zones = ["us-west-2a","us-west-2b","us-west-2c"]
+  database_name = "mydb"
+  master_username = "foo"
+  master_password = "bar"
+}
+```
+
+~> **NOTE:** RDS Clusters resources that are created without any matching
+RDS Cluster Instances do not currently display in the AWS Console.
+
+## Argument Reference
+
+For more detailed documentation about each argument, refer to
+the [AWS official documentation](http://docs.aws.amazon.com/AmazonRDS/latest/CommandLineReference/CLIReference-cmd-ModifyDBInstance.html).
+
+The following arguments are supported:
+
+* `cluster_identifier` - (Required) The Cluster Identifier. Must be a lower case
+string.
+* `database_name` - (Optional) The name for your database of up to 8 alpha-numeric
+  characters. If you do not provide a name, Amazon RDS will not create a
+  database in the DB cluster you are creating
+* `master_password` - (Required) Password for the master DB user. Note that this may
+    show up in logs, and it will be stored in the state file
+* `master_username` - (Required) Username for the master DB user
+* `availability_zones` - (Optional) A list of EC2 Availability Zones that
+  instances in the DB cluster can be created in
+* `backup_retention_period` - (Optional) The days to retain backups for. Default
+1
+* `port` - (Optional) The port on which the DB accepts connections
+* `vpc_security_group_ids` - (Optional) List of VPC security groups to associate
+  with the Cluster
+* `apply_immediately` - (Optional) Specifies whether any cluster modifications
+     are applied immediately, or during the next maintenance window. Default is
+     `false`. See [Amazon RDS Documentation for more information.](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)
+* `vpc_security_group_ids` - (Optional) List of VPC security groups to associate.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The RDS Cluster Identifier
+* `cluster_identifier` - The RDS Cluster Identifier
+* `cluster_members` – List of RDS Instances that are a part of this cluster
+* `address` - The address of the RDS instance.
+* `allocated_storage` - The amount of allocated storage
+* `availability_zones` - The availability zone of the instance
+* `backup_retention_period` - The backup retention period
+* `backup_window` - The backup window
+* `endpoint` - The primary, writeable connection endpoint
+* `engine` - The database engine
+* `engine_version` - The database engine version
+* `maintenance_window` - The instance maintenance window
+* `database_name` - The database name
+* `port` - The database port
+* `status` - The RDS instance status
+* `username` - The master username for the database
+* `storage_encrypted` - Specifies whether the DB instance is encrypted
+
+[1]: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Replication.html
+
+[2]: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html
+[3]: /docs/providers/aws/r/rds_cluster_instance.html
diff --git a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
new file mode 100644
index 0000000000..49769a393d
--- /dev/null
+++ b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
@@ -0,0 +1,87 @@
+---
+layout: "aws"
+page_title: "AWS: aws_rds_cluster_instance"
+sidebar_current: "docs-aws-resource-rds-cluster-instance"
+description: |-
+  Provides an RDS Cluster Resource Instance
+---
+
+# aws\_rds\_cluster\_instance
+
+Provides an RDS Cluster Resource Instance. A Cluster Instance Resource defines
+attributes that are specific to a single instance in a [RDS Cluster][3],
+specifically running Amazon Aurora.
+
+Unlike other RDS resources that support replication, with Amazon Aurora you do
+not designate a primary and subsequent replicas. Instead, you simply add RDS
+Instances and Aurora manages the replication. You can use the [count][5]
+meta-parameter to make multiple instances and join them all to the same RDS
+Cluster, or you may specify different Cluster Instance resources with various
+`instance_class` sizes.
+
+For more information on Amazon Aurora, see [Aurora on Amazon RDS][2] in the Amazon RDS User Guide.
+
+## Example Usage
+
+```
+resource "aws_rds_cluster_instance" "cluster_instances" {
+  count = 2
+  identifier = "aurora-cluster-demo"
+  cluster_identifer = "${aws_rds_cluster.default.id}"
+  instance_class = "db.r3.large"
+}
+
+resource "aws_rds_cluster" "default" {
+  cluster_identifier = "aurora-cluster-demo"
+  availability_zones = ["us-west-2a","us-west-2b","us-west-2c"]
+  database_name = "mydb"
+  master_username = "foo"
+  master_password = "bar"
+}
+```
+
+## Argument Reference
+
+For more detailed documentation about each argument, refer to
+the [AWS official documentation](http://docs.aws.amazon.com/AmazonRDS/latest/CommandLineReference/CLIReference-cmd-ModifyDBInstance.html).
+
+The following arguments are supported:
+
+* `identifier` - (Required) The Instance Identifier. Must be a lower case
+string.
+* `cluster_identifier` - (Required) The Cluster Identifier for this Instance to
+join. Must be a lower case
+string.
+* `instance_class` - (Required) The instance class to use. For details on CPU
+and memory, see [Scaling Aurora DB Instances][4]. Aurora currently
+  supports the below instance classes.
+  - db.r3.large
+  - db.r3.xlarge
+  - db.r3.2xlarge
+  - db.r3.4xlarge
+  - db.r3.8xlarge
+
+.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `cluster_identifier` - The RDS Cluster Identifier
+* `identifier` - The Instance identifier
+* `id` - The Instance identifier
+* `writer` – Boolean indicating if this instance is writable. `False` indicates
+this instance is a read replica
+* `allocated_storage` - The amount of allocated storage
+* `availability_zones` - The availability zone of the instance
+* `endpoint` - The IP address for this instance. May not be writable
+* `engine` - The database engine
+* `engine_version` - The database engine version
+* `database_name` - The database name
+* `port` - The database port
+* `status` - The RDS instance status
+
+[2]: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html
+[3]: /docs/providers/aws/r/rds_cluster.html
+[4]: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.html
+[5]: /docs/configuration/resources.html#count
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 296463206c..33a0cf8b12 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -306,8 +306,7 @@
                     </ul>
                 </li>
 
-
-                <li<%= sidebar_current(/^docs-aws-resource-db/) %>>
+                <li<%= sidebar_current(/^docs-aws-resource-(db|rds)/) %>>
                     <a href="#">RDS Resources</a>
                     <ul class="nav nav-visible">
 
@@ -327,6 +326,14 @@
                             <a href="/docs/providers/aws/r/db_subnet_group.html">aws_db_subnet_group</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-rds-cluster") %>>
+                            <a href="/docs/providers/aws/r/rds_cluster.html">aws_rds_cluster</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-rds-cluster-instance") %>>
+                            <a href="/docs/providers/aws/r/rds_cluster_instance.html">aws_rds_cluster_instance</a>
+                        </li>
+
                     </ul>
                 </li>
 

From 77d8f873087febeb6a148196b9b2ade546f13d30 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 6 Oct 2015 09:08:35 -0500
Subject: [PATCH 129/335] add publicly_accessible, update docs

---
 .../providers/aws/resource_aws_rds_cluster_instance.go | 10 ++++++++++
 .../docs/providers/aws/r/rds_cluster.html.markdown     |  1 -
 .../providers/aws/r/rds_cluster_instance.html.markdown |  6 ++++--
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance.go b/builtin/providers/aws/resource_aws_rds_cluster_instance.go
index 27a82b8978..df4bc1f5f8 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_instance.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_instance.go
@@ -54,6 +54,13 @@ func resourceAwsRDSClusterInstance() *schema.Resource {
                                 Computed: true,
                         },
 
+                        "publicly_accessible": &schema.Schema{
+                                Type:     schema.TypeBool,
+                                Optional: true,
+                                Default:  false,
+                                ForceNew: true,
+                        },
+
                         "instance_class": &schema.Schema{
                                 Type:     schema.TypeString,
                                 Required: true,
@@ -73,6 +80,7 @@ func resourceAwsRDSClusterInstanceCreate(d *schema.ResourceData, meta interface{
                 DBInstanceClass:     aws.String(d.Get("instance_class").(string)),
                 DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
                 Engine:              aws.String("aurora"),
+                PubliclyAccessible:  aws.Bool(d.Get("publicly_accessible").(bool)),
                 Tags:                tags,
         }
 
@@ -154,6 +162,8 @@ func resourceAwsRDSClusterInstanceRead(d *schema.ResourceData, meta interface{})
                 d.Set("port", db.Endpoint.Port)
         }
 
+        d.Set("publicly_accessible", db.PubliclyAccessible)
+
         // Fetch and save tags
         arn, err := buildRDSARN(d, meta)
         if err != nil {
diff --git a/website/source/docs/providers/aws/r/rds_cluster.html.markdown b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
index 2490e85296..64870b889d 100644
--- a/website/source/docs/providers/aws/r/rds_cluster.html.markdown
+++ b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
@@ -55,7 +55,6 @@ string.
 * `apply_immediately` - (Optional) Specifies whether any cluster modifications
      are applied immediately, or during the next maintenance window. Default is
      `false`. See [Amazon RDS Documentation for more information.](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)
-* `vpc_security_group_ids` - (Optional) List of VPC security groups to associate.
 
 ## Attributes Reference
 
diff --git a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
index 49769a393d..1571beab74 100644
--- a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
+++ b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
@@ -60,8 +60,9 @@ and memory, see [Scaling Aurora DB Instances][4]. Aurora currently
   - db.r3.2xlarge
   - db.r3.4xlarge
   - db.r3.8xlarge
-
-.
+* `publicly_accessible` - (Optional) Bool to control if instance is publicly accessible.
+Default `false`. See the documentation on [Creating DB Instances][6] for more
+details on controlling this property.
 
 ## Attributes Reference
 
@@ -85,3 +86,4 @@ this instance is a read replica
 [3]: /docs/providers/aws/r/rds_cluster.html
 [4]: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.html
 [5]: /docs/configuration/resources.html#count
+[6]: http://docs.aws.amazon.com/fr_fr/AmazonRDS/latest/APIReference/API_CreateDBInstance.html

From 70841285c26167515a4b66c474cd8789882f1e29 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 7 Oct 2015 11:04:34 -0500
Subject: [PATCH 130/335] Update RDS Cluster for final snapshot, update
 tests/docs

---
 .../providers/aws/resource_aws_rds_cluster.go | 38 ++++++++++++++++---
 .../resource_aws_rds_cluster_instance_test.go |  9 ++++-
 .../aws/resource_aws_rds_cluster_test.go      | 10 ++++-
 .../providers/aws/r/rds_cluster.html.markdown |  3 ++
 .../aws/r/rds_cluster_instance.html.markdown  |  4 +-
 5 files changed, 54 insertions(+), 10 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster.go b/builtin/providers/aws/resource_aws_rds_cluster.go
index 0e3d9339a4..897fe31ed7 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster.go
@@ -3,6 +3,7 @@ package aws
 import (
         "fmt"
         "log"
+        "regexp"
         "time"
 
         "github.com/aws/aws-sdk-go/aws"
@@ -69,6 +70,25 @@ func resourceAwsRDSCluster() *schema.Resource {
                                 Computed: true,
                         },
 
+                        "final_snapshot_identifier": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
+                                        value := v.(string)
+                                        if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) {
+                                                es = append(es, fmt.Errorf(
+                                                        "only alphanumeric characters and hyphens allowed in %q", k))
+                                        }
+                                        if regexp.MustCompile(`--`).MatchString(value) {
+                                                es = append(es, fmt.Errorf("%q cannot contain two consecutive hyphens", k))
+                                        }
+                                        if regexp.MustCompile(`-$`).MatchString(value) {
+                                                es = append(es, fmt.Errorf("%q cannot end in a hyphen", k))
+                                        }
+                                        return
+                                },
+                        },
+
                         "master_username": &schema.Schema{
                                 Type:     schema.TypeString,
                                 Required: true,
@@ -167,7 +187,6 @@ func resourceAwsRDSClusterRead(d *schema.ResourceData, meta interface{}) error {
 
         resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
                 DBClusterIdentifier: aws.String(d.Id()),
-                // final snapshot identifier
         })
 
         if err != nil {
@@ -256,11 +275,20 @@ func resourceAwsRDSClusterDelete(d *schema.ResourceData, meta interface{}) error
         conn := meta.(*AWSClient).rdsconn
         log.Printf("[DEBUG] Destroying RDS Cluster (%s)", d.Id())
 
-        _, err := conn.DeleteDBCluster(&rds.DeleteDBClusterInput{
+        deleteOpts := rds.DeleteDBClusterInput{
                 DBClusterIdentifier: aws.String(d.Id()),
-                SkipFinalSnapshot:   aws.Bool(true),
-                // final snapshot identifier
-        })
+        }
+
+        finalSnapshot := d.Get("final_snapshot_identifier").(string)
+        if finalSnapshot == "" {
+                deleteOpts.SkipFinalSnapshot = aws.Bool(true)
+        } else {
+                deleteOpts.FinalDBSnapshotIdentifier = aws.String(finalSnapshot)
+                deleteOpts.SkipFinalSnapshot = aws.Bool(false)
+        }
+
+        log.Printf("[DEBUG] RDS Cluster delete options: %s", deleteOpts)
+        _, err := conn.DeleteDBCluster(&deleteOpts)
 
         stateConf := &resource.StateChangeConf{
                 Pending:    []string{"deleting", "backing-up", "modifying"},
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
index aff6aa786f..f923c1712f 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
@@ -11,6 +11,7 @@ import (
         "github.com/hashicorp/terraform/terraform"
 
         "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/aws/awserr"
         "github.com/aws/aws-sdk-go/service/rds"
 )
 
@@ -54,7 +55,13 @@ func testAccCheckAWSClusterInstanceDestroy(s *terraform.State) error {
                         }
                 }
 
-                //check for an expected "Cluster not found" type error
+                // Return nil if the Cluster Instance is already destroyed
+                if awsErr, ok := err.(awserr.Error); ok {
+                        if awsErr.Code() == "DBInstanceNotFound" {
+                                return nil
+                        }
+                }
+
                 return err
 
         }
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_test.go b/builtin/providers/aws/resource_aws_rds_cluster_test.go
index 18ffa7bf20..2fd7689497 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_test.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_test.go
@@ -10,6 +10,7 @@ import (
         "github.com/hashicorp/terraform/terraform"
 
         "github.com/aws/aws-sdk-go/aws"
+        "github.com/aws/aws-sdk-go/aws/awserr"
         "github.com/aws/aws-sdk-go/service/rds"
 )
 
@@ -52,9 +53,14 @@ func testAccCheckAWSClusterDestroy(s *terraform.State) error {
                         }
                 }
 
-                // check for an expected "Cluster not found" type error
-                return err
+                // Return nil if the cluster is already destroyed
+                if awsErr, ok := err.(awserr.Error); ok {
+                        if awsErr.Code() == "DBClusterNotFound" {
+                                return nil
+                        }
+                }
 
+                return err
         }
 
         return nil
diff --git a/website/source/docs/providers/aws/r/rds_cluster.html.markdown b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
index 64870b889d..c45814f466 100644
--- a/website/source/docs/providers/aws/r/rds_cluster.html.markdown
+++ b/website/source/docs/providers/aws/r/rds_cluster.html.markdown
@@ -45,6 +45,9 @@ string.
 * `master_password` - (Required) Password for the master DB user. Note that this may
     show up in logs, and it will be stored in the state file
 * `master_username` - (Required) Username for the master DB user
+* `final_snapshot_identifier` - (Optional) The name of your final DB snapshot
+    when this DB cluster is deleted. If omitted, no final snapshot will be
+    made.
 * `availability_zones` - (Optional) A list of EC2 Availability Zones that
   instances in the DB cluster can be created in
 * `backup_retention_period` - (Optional) The days to retain backups for. Default
diff --git a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
index 1571beab74..76792cc517 100644
--- a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
+++ b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
@@ -47,8 +47,8 @@ the [AWS official documentation](http://docs.aws.amazon.com/AmazonRDS/latest/Com
 
 The following arguments are supported:
 
-* `identifier` - (Required) The Instance Identifier. Must be a lower case
-string.
+* `identifier` - (Optional) The Instance Identifier. Must be a lower case
+string. If omited, a unique identifier will be generated.
 * `cluster_identifier` - (Required) The Cluster Identifier for this Instance to
 join. Must be a lower case
 string.

From 7abe2a10e7a16046c1dfde831a0a3678180274f8 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 7 Oct 2015 11:24:00 -0500
Subject: [PATCH 131/335] Fix spellng errorr

---
 .../docs/providers/aws/r/rds_cluster_instance.html.markdown     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
index 76792cc517..782339a343 100644
--- a/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
+++ b/website/source/docs/providers/aws/r/rds_cluster_instance.html.markdown
@@ -48,7 +48,7 @@ the [AWS official documentation](http://docs.aws.amazon.com/AmazonRDS/latest/Com
 The following arguments are supported:
 
 * `identifier` - (Optional) The Instance Identifier. Must be a lower case
-string. If omited, a unique identifier will be generated.
+string. If omitted, a unique identifier will be generated.
 * `cluster_identifier` - (Required) The Cluster Identifier for this Instance to
 join. Must be a lower case
 string.

From 71b1cb1289f9f35258e43e84025552f46e5f99a5 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 7 Oct 2015 11:27:24 -0500
Subject: [PATCH 132/335] go fmt after rebase

---
 .../providers/aws/resource_aws_rds_cluster.go | 548 +++++++++---------
 .../aws/resource_aws_rds_cluster_instance.go  | 332 +++++------
 .../resource_aws_rds_cluster_instance_test.go | 166 +++---
 .../aws/resource_aws_rds_cluster_test.go      | 144 ++---
 4 files changed, 595 insertions(+), 595 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_rds_cluster.go b/builtin/providers/aws/resource_aws_rds_cluster.go
index 897fe31ed7..57f3a27b33 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster.go
@@ -1,347 +1,347 @@
 package aws
 
 import (
-        "fmt"
-        "log"
-        "regexp"
-        "time"
+	"fmt"
+	"log"
+	"regexp"
+	"time"
 
-        "github.com/aws/aws-sdk-go/aws"
-        "github.com/aws/aws-sdk-go/aws/awserr"
-        "github.com/aws/aws-sdk-go/service/rds"
-        "github.com/hashicorp/terraform/helper/resource"
-        "github.com/hashicorp/terraform/helper/schema"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/rds"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
 )
 
 func resourceAwsRDSCluster() *schema.Resource {
-        return &schema.Resource{
-                Create: resourceAwsRDSClusterCreate,
-                Read:   resourceAwsRDSClusterRead,
-                Update: resourceAwsRDSClusterUpdate,
-                Delete: resourceAwsRDSClusterDelete,
+	return &schema.Resource{
+		Create: resourceAwsRDSClusterCreate,
+		Read:   resourceAwsRDSClusterRead,
+		Update: resourceAwsRDSClusterUpdate,
+		Delete: resourceAwsRDSClusterDelete,
 
-                Schema: map[string]*schema.Schema{
+		Schema: map[string]*schema.Schema{
 
-                        "availability_zones": &schema.Schema{
-                                Type:     schema.TypeSet,
-                                Elem:     &schema.Schema{Type: schema.TypeString},
-                                Optional: true,
-                                ForceNew: true,
-                                Computed: true,
-                                Set:      schema.HashString,
-                        },
+			"availability_zones": &schema.Schema{
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+				ForceNew: true,
+				Computed: true,
+				Set:      schema.HashString,
+			},
 
-                        "cluster_identifier": &schema.Schema{
-                                Type:         schema.TypeString,
-                                Required:     true,
-                                ForceNew:     true,
-                                ValidateFunc: validateRdsId,
-                        },
+			"cluster_identifier": &schema.Schema{
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateRdsId,
+			},
 
-                        "cluster_members": &schema.Schema{
-                                Type:     schema.TypeSet,
-                                Elem:     &schema.Schema{Type: schema.TypeString},
-                                Optional: true,
-                                Computed: true,
-                                Set:      schema.HashString,
-                        },
+			"cluster_members": &schema.Schema{
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+				Computed: true,
+				Set:      schema.HashString,
+			},
 
-                        "database_name": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                Computed: true,
-                                ForceNew: true,
-                        },
+			"database_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
 
-                        "db_subnet_group_name": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                ForceNew: true,
-                                Computed: true,
-                        },
+			"db_subnet_group_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Computed: true,
+			},
 
-                        "endpoint": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Computed: true,
-                        },
+			"endpoint": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 
-                        "engine": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Computed: true,
-                        },
+			"engine": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 
-                        "final_snapshot_identifier": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
-                                        value := v.(string)
-                                        if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) {
-                                                es = append(es, fmt.Errorf(
-                                                        "only alphanumeric characters and hyphens allowed in %q", k))
-                                        }
-                                        if regexp.MustCompile(`--`).MatchString(value) {
-                                                es = append(es, fmt.Errorf("%q cannot contain two consecutive hyphens", k))
-                                        }
-                                        if regexp.MustCompile(`-$`).MatchString(value) {
-                                                es = append(es, fmt.Errorf("%q cannot end in a hyphen", k))
-                                        }
-                                        return
-                                },
-                        },
+			"final_snapshot_identifier": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
+					value := v.(string)
+					if !regexp.MustCompile(`^[0-9A-Za-z-]+$`).MatchString(value) {
+						es = append(es, fmt.Errorf(
+							"only alphanumeric characters and hyphens allowed in %q", k))
+					}
+					if regexp.MustCompile(`--`).MatchString(value) {
+						es = append(es, fmt.Errorf("%q cannot contain two consecutive hyphens", k))
+					}
+					if regexp.MustCompile(`-$`).MatchString(value) {
+						es = append(es, fmt.Errorf("%q cannot end in a hyphen", k))
+					}
+					return
+				},
+			},
 
-                        "master_username": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Required: true,
-                                ForceNew: true,
-                        },
+			"master_username": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
 
-                        "master_password": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Required: true,
-                        },
+			"master_password": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
 
-                        "port": &schema.Schema{
-                                Type:     schema.TypeInt,
-                                Optional: true,
-                                Computed: true,
-                        },
+			"port": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+				Computed: true,
+			},
 
-                        // apply_immediately is used to determine when the update modifications
-                        // take place.
-                        // See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html
-                        "apply_immediately": &schema.Schema{
-                                Type:     schema.TypeBool,
-                                Optional: true,
-                                Computed: true,
-                        },
+			// apply_immediately is used to determine when the update modifications
+			// take place.
+			// See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html
+			"apply_immediately": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Computed: true,
+			},
 
-                        "vpc_security_group_ids": &schema.Schema{
-                                Type:     schema.TypeSet,
-                                Optional: true,
-                                Computed: true,
-                                Elem:     &schema.Schema{Type: schema.TypeString},
-                                Set:      schema.HashString,
-                        },
-                },
-        }
+			"vpc_security_group_ids": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+		},
+	}
 }
 
 func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
+	conn := meta.(*AWSClient).rdsconn
 
-        createOpts := &rds.CreateDBClusterInput{
-                DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
-                Engine:              aws.String("aurora"),
-                MasterUserPassword:  aws.String(d.Get("master_password").(string)),
-                MasterUsername:      aws.String(d.Get("master_username").(string)),
-        }
+	createOpts := &rds.CreateDBClusterInput{
+		DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
+		Engine:              aws.String("aurora"),
+		MasterUserPassword:  aws.String(d.Get("master_password").(string)),
+		MasterUsername:      aws.String(d.Get("master_username").(string)),
+	}
 
-        if v := d.Get("database_name"); v.(string) != "" {
-                createOpts.DatabaseName = aws.String(v.(string))
-        }
+	if v := d.Get("database_name"); v.(string) != "" {
+		createOpts.DatabaseName = aws.String(v.(string))
+	}
 
-        if attr, ok := d.GetOk("port"); ok {
-                createOpts.Port = aws.Int64(int64(attr.(int)))
-        }
+	if attr, ok := d.GetOk("port"); ok {
+		createOpts.Port = aws.Int64(int64(attr.(int)))
+	}
 
-        if attr, ok := d.GetOk("db_subnet_group_name"); ok {
-                createOpts.DBSubnetGroupName = aws.String(attr.(string))
-        }
+	if attr, ok := d.GetOk("db_subnet_group_name"); ok {
+		createOpts.DBSubnetGroupName = aws.String(attr.(string))
+	}
 
-        if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
-                createOpts.VpcSecurityGroupIds = expandStringList(attr.List())
-        }
+	if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
+		createOpts.VpcSecurityGroupIds = expandStringList(attr.List())
+	}
 
-        if attr := d.Get("availability_zones").(*schema.Set); attr.Len() > 0 {
-                createOpts.AvailabilityZones = expandStringList(attr.List())
-        }
+	if attr := d.Get("availability_zones").(*schema.Set); attr.Len() > 0 {
+		createOpts.AvailabilityZones = expandStringList(attr.List())
+	}
 
-        log.Printf("[DEBUG] RDS Cluster create options: %s", createOpts)
-        resp, err := conn.CreateDBCluster(createOpts)
-        if err != nil {
-                log.Printf("[ERROR] Error creating RDS Cluster: %s", err)
-                return err
-        }
+	log.Printf("[DEBUG] RDS Cluster create options: %s", createOpts)
+	resp, err := conn.CreateDBCluster(createOpts)
+	if err != nil {
+		log.Printf("[ERROR] Error creating RDS Cluster: %s", err)
+		return err
+	}
 
-        log.Printf("[DEBUG]: Cluster create response: %s", resp)
-        d.SetId(*resp.DBCluster.DBClusterIdentifier)
-        stateConf := &resource.StateChangeConf{
-                Pending:    []string{"creating", "backing-up", "modifying"},
-                Target:     "available",
-                Refresh:    resourceAwsRDSClusterStateRefreshFunc(d, meta),
-                Timeout:    5 * time.Minute,
-                MinTimeout: 3 * time.Second,
-        }
+	log.Printf("[DEBUG]: Cluster create response: %s", resp)
+	d.SetId(*resp.DBCluster.DBClusterIdentifier)
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{"creating", "backing-up", "modifying"},
+		Target:     "available",
+		Refresh:    resourceAwsRDSClusterStateRefreshFunc(d, meta),
+		Timeout:    5 * time.Minute,
+		MinTimeout: 3 * time.Second,
+	}
 
-        // Wait, catching any errors
-        _, err = stateConf.WaitForState()
-        if err != nil {
-                return fmt.Errorf("[WARN] Error waiting for RDS Cluster state to be \"available\": %s", err)
-        }
+	// Wait, catching any errors
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf("[WARN] Error waiting for RDS Cluster state to be \"available\": %s", err)
+	}
 
-        return resourceAwsRDSClusterRead(d, meta)
+	return resourceAwsRDSClusterRead(d, meta)
 }
 
 func resourceAwsRDSClusterRead(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
+	conn := meta.(*AWSClient).rdsconn
 
-        resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
-                DBClusterIdentifier: aws.String(d.Id()),
-        })
+	resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+		DBClusterIdentifier: aws.String(d.Id()),
+	})
 
-        if err != nil {
-                if awsErr, ok := err.(awserr.Error); ok {
-                        if "DBClusterNotFoundFault" == awsErr.Code() {
-                                d.SetId("")
-                                log.Printf("[DEBUG] RDS Cluster (%s) not found", d.Id())
-                                return nil
-                        }
-                }
-                log.Printf("[DEBUG] Error describing RDS Cluster (%s)", d.Id())
-                return err
-        }
+	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok {
+			if "DBClusterNotFoundFault" == awsErr.Code() {
+				d.SetId("")
+				log.Printf("[DEBUG] RDS Cluster (%s) not found", d.Id())
+				return nil
+			}
+		}
+		log.Printf("[DEBUG] Error describing RDS Cluster (%s)", d.Id())
+		return err
+	}
 
-        var dbc *rds.DBCluster
-        for _, c := range resp.DBClusters {
-                if *c.DBClusterIdentifier == d.Id() {
-                        dbc = c
-                }
-        }
+	var dbc *rds.DBCluster
+	for _, c := range resp.DBClusters {
+		if *c.DBClusterIdentifier == d.Id() {
+			dbc = c
+		}
+	}
 
-        if dbc == nil {
-                log.Printf("[WARN] RDS Cluster (%s) not found", d.Id())
-                d.SetId("")
-                return nil
-        }
+	if dbc == nil {
+		log.Printf("[WARN] RDS Cluster (%s) not found", d.Id())
+		d.SetId("")
+		return nil
+	}
 
-        if err := d.Set("availability_zones", aws.StringValueSlice(dbc.AvailabilityZones)); err != nil {
-                return fmt.Errorf("[DEBUG] Error saving AvailabilityZones to state for RDS Cluster (%s): %s", d.Id(), err)
-        }
-        d.Set("database_name", dbc.DatabaseName)
-        d.Set("db_subnet_group_name", dbc.DBSubnetGroup)
-        d.Set("endpoint", dbc.Endpoint)
-        d.Set("engine", dbc.Engine)
-        d.Set("master_username", dbc.MasterUsername)
-        d.Set("port", dbc.Port)
+	if err := d.Set("availability_zones", aws.StringValueSlice(dbc.AvailabilityZones)); err != nil {
+		return fmt.Errorf("[DEBUG] Error saving AvailabilityZones to state for RDS Cluster (%s): %s", d.Id(), err)
+	}
+	d.Set("database_name", dbc.DatabaseName)
+	d.Set("db_subnet_group_name", dbc.DBSubnetGroup)
+	d.Set("endpoint", dbc.Endpoint)
+	d.Set("engine", dbc.Engine)
+	d.Set("master_username", dbc.MasterUsername)
+	d.Set("port", dbc.Port)
 
-        var vpcg []string
-        for _, g := range dbc.VpcSecurityGroups {
-                vpcg = append(vpcg, *g.VpcSecurityGroupId)
-        }
-        if err := d.Set("vpc_security_group_ids", vpcg); err != nil {
-                return fmt.Errorf("[DEBUG] Error saving VPC Security Group IDs to state for RDS Cluster (%s): %s", d.Id(), err)
-        }
+	var vpcg []string
+	for _, g := range dbc.VpcSecurityGroups {
+		vpcg = append(vpcg, *g.VpcSecurityGroupId)
+	}
+	if err := d.Set("vpc_security_group_ids", vpcg); err != nil {
+		return fmt.Errorf("[DEBUG] Error saving VPC Security Group IDs to state for RDS Cluster (%s): %s", d.Id(), err)
+	}
 
-        var cm []string
-        for _, m := range dbc.DBClusterMembers {
-                cm = append(cm, *m.DBInstanceIdentifier)
-        }
-        if err := d.Set("cluster_members", cm); err != nil {
-                return fmt.Errorf("[DEBUG] Error saving RDS Cluster Members to state for RDS Cluster (%s): %s", d.Id(), err)
-        }
+	var cm []string
+	for _, m := range dbc.DBClusterMembers {
+		cm = append(cm, *m.DBInstanceIdentifier)
+	}
+	if err := d.Set("cluster_members", cm); err != nil {
+		return fmt.Errorf("[DEBUG] Error saving RDS Cluster Members to state for RDS Cluster (%s): %s", d.Id(), err)
+	}
 
-        return nil
+	return nil
 }
 
 func resourceAwsRDSClusterUpdate(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
+	conn := meta.(*AWSClient).rdsconn
 
-        req := &rds.ModifyDBClusterInput{
-                ApplyImmediately:    aws.Bool(d.Get("apply_immediately").(bool)),
-                DBClusterIdentifier: aws.String(d.Id()),
-        }
+	req := &rds.ModifyDBClusterInput{
+		ApplyImmediately:    aws.Bool(d.Get("apply_immediately").(bool)),
+		DBClusterIdentifier: aws.String(d.Id()),
+	}
 
-        if d.HasChange("master_password") {
-                req.MasterUserPassword = aws.String(d.Get("master_password").(string))
-        }
+	if d.HasChange("master_password") {
+		req.MasterUserPassword = aws.String(d.Get("master_password").(string))
+	}
 
-        if d.HasChange("vpc_security_group_ids") {
-                if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
-                        req.VpcSecurityGroupIds = expandStringList(attr.List())
-                } else {
-                        req.VpcSecurityGroupIds = []*string{}
-                }
-        }
+	if d.HasChange("vpc_security_group_ids") {
+		if attr := d.Get("vpc_security_group_ids").(*schema.Set); attr.Len() > 0 {
+			req.VpcSecurityGroupIds = expandStringList(attr.List())
+		} else {
+			req.VpcSecurityGroupIds = []*string{}
+		}
+	}
 
-        _, err := conn.ModifyDBCluster(req)
-        if err != nil {
-                return fmt.Errorf("[WARN] Error modifying RDS Cluster (%s): %s", d.Id(), err)
-        }
+	_, err := conn.ModifyDBCluster(req)
+	if err != nil {
+		return fmt.Errorf("[WARN] Error modifying RDS Cluster (%s): %s", d.Id(), err)
+	}
 
-        return resourceAwsRDSClusterRead(d, meta)
+	return resourceAwsRDSClusterRead(d, meta)
 }
 
 func resourceAwsRDSClusterDelete(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
-        log.Printf("[DEBUG] Destroying RDS Cluster (%s)", d.Id())
+	conn := meta.(*AWSClient).rdsconn
+	log.Printf("[DEBUG] Destroying RDS Cluster (%s)", d.Id())
 
-        deleteOpts := rds.DeleteDBClusterInput{
-                DBClusterIdentifier: aws.String(d.Id()),
-        }
+	deleteOpts := rds.DeleteDBClusterInput{
+		DBClusterIdentifier: aws.String(d.Id()),
+	}
 
-        finalSnapshot := d.Get("final_snapshot_identifier").(string)
-        if finalSnapshot == "" {
-                deleteOpts.SkipFinalSnapshot = aws.Bool(true)
-        } else {
-                deleteOpts.FinalDBSnapshotIdentifier = aws.String(finalSnapshot)
-                deleteOpts.SkipFinalSnapshot = aws.Bool(false)
-        }
+	finalSnapshot := d.Get("final_snapshot_identifier").(string)
+	if finalSnapshot == "" {
+		deleteOpts.SkipFinalSnapshot = aws.Bool(true)
+	} else {
+		deleteOpts.FinalDBSnapshotIdentifier = aws.String(finalSnapshot)
+		deleteOpts.SkipFinalSnapshot = aws.Bool(false)
+	}
 
-        log.Printf("[DEBUG] RDS Cluster delete options: %s", deleteOpts)
-        _, err := conn.DeleteDBCluster(&deleteOpts)
+	log.Printf("[DEBUG] RDS Cluster delete options: %s", deleteOpts)
+	_, err := conn.DeleteDBCluster(&deleteOpts)
 
-        stateConf := &resource.StateChangeConf{
-                Pending:    []string{"deleting", "backing-up", "modifying"},
-                Target:     "destroyed",
-                Refresh:    resourceAwsRDSClusterStateRefreshFunc(d, meta),
-                Timeout:    5 * time.Minute,
-                MinTimeout: 3 * time.Second,
-        }
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{"deleting", "backing-up", "modifying"},
+		Target:     "destroyed",
+		Refresh:    resourceAwsRDSClusterStateRefreshFunc(d, meta),
+		Timeout:    5 * time.Minute,
+		MinTimeout: 3 * time.Second,
+	}
 
-        // Wait, catching any errors
-        _, err = stateConf.WaitForState()
-        if err != nil {
-                return fmt.Errorf("[WARN] Error deleting RDS Cluster (%s): %s", d.Id(), err)
-        }
+	// Wait, catching any errors
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf("[WARN] Error deleting RDS Cluster (%s): %s", d.Id(), err)
+	}
 
-        return nil
+	return nil
 }
 
 func resourceAwsRDSClusterStateRefreshFunc(
-        d *schema.ResourceData, meta interface{}) resource.StateRefreshFunc {
-        return func() (interface{}, string, error) {
-                conn := meta.(*AWSClient).rdsconn
+	d *schema.ResourceData, meta interface{}) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		conn := meta.(*AWSClient).rdsconn
 
-                resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
-                        DBClusterIdentifier: aws.String(d.Id()),
-                })
+		resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+			DBClusterIdentifier: aws.String(d.Id()),
+		})
 
-                if err != nil {
-                        if awsErr, ok := err.(awserr.Error); ok {
-                                if "DBClusterNotFoundFault" == awsErr.Code() {
-                                        return 42, "destroyed", nil
-                                }
-                        }
-                        log.Printf("[WARN] Error on retrieving DB Cluster (%s) when waiting: %s", d.Id(), err)
-                        return nil, "", err
-                }
+		if err != nil {
+			if awsErr, ok := err.(awserr.Error); ok {
+				if "DBClusterNotFoundFault" == awsErr.Code() {
+					return 42, "destroyed", nil
+				}
+			}
+			log.Printf("[WARN] Error on retrieving DB Cluster (%s) when waiting: %s", d.Id(), err)
+			return nil, "", err
+		}
 
-                var dbc *rds.DBCluster
+		var dbc *rds.DBCluster
 
-                for _, c := range resp.DBClusters {
-                        if *c.DBClusterIdentifier == d.Id() {
-                                dbc = c
-                        }
-                }
+		for _, c := range resp.DBClusters {
+			if *c.DBClusterIdentifier == d.Id() {
+				dbc = c
+			}
+		}
 
-                if dbc == nil {
-                        return 42, "destroyed", nil
-                }
+		if dbc == nil {
+			return 42, "destroyed", nil
+		}
 
-                if dbc.Status != nil {
-                        log.Printf("[DEBUG] DB Cluster status (%s): %s", d.Id(), *dbc.Status)
-                }
+		if dbc.Status != nil {
+			log.Printf("[DEBUG] DB Cluster status (%s): %s", d.Id(), *dbc.Status)
+		}
 
-                return dbc, *dbc.Status, nil
-        }
+		return dbc, *dbc.Status, nil
+	}
 }
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance.go b/builtin/providers/aws/resource_aws_rds_cluster_instance.go
index df4bc1f5f8..bdffd59d4c 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_instance.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_instance.go
@@ -1,220 +1,220 @@
 package aws
 
 import (
-        "fmt"
-        "log"
-        "time"
+	"fmt"
+	"log"
+	"time"
 
-        "github.com/aws/aws-sdk-go/aws"
-        "github.com/aws/aws-sdk-go/service/rds"
-        "github.com/hashicorp/terraform/helper/resource"
-        "github.com/hashicorp/terraform/helper/schema"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/rds"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
 )
 
 func resourceAwsRDSClusterInstance() *schema.Resource {
-        return &schema.Resource{
-                Create: resourceAwsRDSClusterInstanceCreate,
-                Read:   resourceAwsRDSClusterInstanceRead,
-                Update: resourceAwsRDSClusterInstanceUpdate,
-                Delete: resourceAwsRDSClusterInstanceDelete,
+	return &schema.Resource{
+		Create: resourceAwsRDSClusterInstanceCreate,
+		Read:   resourceAwsRDSClusterInstanceRead,
+		Update: resourceAwsRDSClusterInstanceUpdate,
+		Delete: resourceAwsRDSClusterInstanceDelete,
 
-                Schema: map[string]*schema.Schema{
-                        "identifier": &schema.Schema{
-                                Type:         schema.TypeString,
-                                Optional:     true,
-                                ForceNew:     true,
-                                ValidateFunc: validateRdsId,
-                        },
+		Schema: map[string]*schema.Schema{
+			"identifier": &schema.Schema{
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validateRdsId,
+			},
 
-                        "db_subnet_group_name": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                ForceNew: true,
-                                Computed: true,
-                        },
+			"db_subnet_group_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Computed: true,
+			},
 
-                        "writer": &schema.Schema{
-                                Type:     schema.TypeBool,
-                                Computed: true,
-                        },
+			"writer": &schema.Schema{
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 
-                        "cluster_identifier": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Required: true,
-                                ForceNew: true,
-                        },
+			"cluster_identifier": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
 
-                        "endpoint": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Computed: true,
-                        },
+			"endpoint": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 
-                        "port": &schema.Schema{
-                                Type:     schema.TypeInt,
-                                Computed: true,
-                        },
+			"port": &schema.Schema{
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
 
-                        "publicly_accessible": &schema.Schema{
-                                Type:     schema.TypeBool,
-                                Optional: true,
-                                Default:  false,
-                                ForceNew: true,
-                        },
+			"publicly_accessible": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+				ForceNew: true,
+			},
 
-                        "instance_class": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Required: true,
-                                ForceNew: true,
-                        },
+			"instance_class": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
 
-                        "tags": tagsSchema(),
-                },
-        }
+			"tags": tagsSchema(),
+		},
+	}
 }
 
 func resourceAwsRDSClusterInstanceCreate(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
-        tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
+	conn := meta.(*AWSClient).rdsconn
+	tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
 
-        createOpts := &rds.CreateDBInstanceInput{
-                DBInstanceClass:     aws.String(d.Get("instance_class").(string)),
-                DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
-                Engine:              aws.String("aurora"),
-                PubliclyAccessible:  aws.Bool(d.Get("publicly_accessible").(bool)),
-                Tags:                tags,
-        }
+	createOpts := &rds.CreateDBInstanceInput{
+		DBInstanceClass:     aws.String(d.Get("instance_class").(string)),
+		DBClusterIdentifier: aws.String(d.Get("cluster_identifier").(string)),
+		Engine:              aws.String("aurora"),
+		PubliclyAccessible:  aws.Bool(d.Get("publicly_accessible").(bool)),
+		Tags:                tags,
+	}
 
-        if v := d.Get("identifier").(string); v != "" {
-                createOpts.DBInstanceIdentifier = aws.String(v)
-        } else {
-                createOpts.DBInstanceIdentifier = aws.String(resource.UniqueId())
-        }
+	if v := d.Get("identifier").(string); v != "" {
+		createOpts.DBInstanceIdentifier = aws.String(v)
+	} else {
+		createOpts.DBInstanceIdentifier = aws.String(resource.UniqueId())
+	}
 
-        if attr, ok := d.GetOk("db_subnet_group_name"); ok {
-                createOpts.DBSubnetGroupName = aws.String(attr.(string))
-        }
+	if attr, ok := d.GetOk("db_subnet_group_name"); ok {
+		createOpts.DBSubnetGroupName = aws.String(attr.(string))
+	}
 
-        log.Printf("[DEBUG] Creating RDS DB Instance opts: %s", createOpts)
-        resp, err := conn.CreateDBInstance(createOpts)
-        if err != nil {
-                return err
-        }
+	log.Printf("[DEBUG] Creating RDS DB Instance opts: %s", createOpts)
+	resp, err := conn.CreateDBInstance(createOpts)
+	if err != nil {
+		return err
+	}
 
-        d.SetId(*resp.DBInstance.DBInstanceIdentifier)
+	d.SetId(*resp.DBInstance.DBInstanceIdentifier)
 
-        // reuse db_instance refresh func
-        stateConf := &resource.StateChangeConf{
-                Pending:    []string{"creating", "backing-up", "modifying"},
-                Target:     "available",
-                Refresh:    resourceAwsDbInstanceStateRefreshFunc(d, meta),
-                Timeout:    40 * time.Minute,
-                MinTimeout: 10 * time.Second,
-                Delay:      10 * time.Second,
-        }
+	// reuse db_instance refresh func
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{"creating", "backing-up", "modifying"},
+		Target:     "available",
+		Refresh:    resourceAwsDbInstanceStateRefreshFunc(d, meta),
+		Timeout:    40 * time.Minute,
+		MinTimeout: 10 * time.Second,
+		Delay:      10 * time.Second,
+	}
 
-        // Wait, catching any errors
-        _, err = stateConf.WaitForState()
-        if err != nil {
-                return err
-        }
+	// Wait, catching any errors
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return err
+	}
 
-        return resourceAwsRDSClusterInstanceRead(d, meta)
+	return resourceAwsRDSClusterInstanceRead(d, meta)
 }
 
 func resourceAwsRDSClusterInstanceRead(d *schema.ResourceData, meta interface{}) error {
-        db, err := resourceAwsDbInstanceRetrieve(d, meta)
-        if err != nil {
-                log.Printf("[WARN] Error on retrieving RDS Cluster Instance (%s): %s", d.Id(), err)
-                d.SetId("")
-                return nil
-        }
+	db, err := resourceAwsDbInstanceRetrieve(d, meta)
+	if err != nil {
+		log.Printf("[WARN] Error on retrieving RDS Cluster Instance (%s): %s", d.Id(), err)
+		d.SetId("")
+		return nil
+	}
 
-        // Retreive DB Cluster information, to determine if this Instance is a writer
-        conn := meta.(*AWSClient).rdsconn
-        resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
-                DBClusterIdentifier: db.DBClusterIdentifier,
-        })
+	// Retreive DB Cluster information, to determine if this Instance is a writer
+	conn := meta.(*AWSClient).rdsconn
+	resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+		DBClusterIdentifier: db.DBClusterIdentifier,
+	})
 
-        var dbc *rds.DBCluster
-        for _, c := range resp.DBClusters {
-                if *c.DBClusterIdentifier == *db.DBClusterIdentifier {
-                        dbc = c
-                }
-        }
+	var dbc *rds.DBCluster
+	for _, c := range resp.DBClusters {
+		if *c.DBClusterIdentifier == *db.DBClusterIdentifier {
+			dbc = c
+		}
+	}
 
-        if dbc == nil {
-                return fmt.Errorf("[WARN] Error finding RDS Cluster (%s) for Cluster Instance (%s): %s",
-                        *db.DBClusterIdentifier, *db.DBInstanceIdentifier, err)
-        }
+	if dbc == nil {
+		return fmt.Errorf("[WARN] Error finding RDS Cluster (%s) for Cluster Instance (%s): %s",
+			*db.DBClusterIdentifier, *db.DBInstanceIdentifier, err)
+	}
 
-        for _, m := range dbc.DBClusterMembers {
-                if *db.DBInstanceIdentifier == *m.DBInstanceIdentifier {
-                        if *m.IsClusterWriter == true {
-                                d.Set("writer", true)
-                        } else {
-                                d.Set("writer", false)
-                        }
-                }
-        }
+	for _, m := range dbc.DBClusterMembers {
+		if *db.DBInstanceIdentifier == *m.DBInstanceIdentifier {
+			if *m.IsClusterWriter == true {
+				d.Set("writer", true)
+			} else {
+				d.Set("writer", false)
+			}
+		}
+	}
 
-        if db.Endpoint != nil {
-                d.Set("endpoint", db.Endpoint.Address)
-                d.Set("port", db.Endpoint.Port)
-        }
+	if db.Endpoint != nil {
+		d.Set("endpoint", db.Endpoint.Address)
+		d.Set("port", db.Endpoint.Port)
+	}
 
-        d.Set("publicly_accessible", db.PubliclyAccessible)
+	d.Set("publicly_accessible", db.PubliclyAccessible)
 
-        // Fetch and save tags
-        arn, err := buildRDSARN(d, meta)
-        if err != nil {
-                log.Printf("[DEBUG] Error building ARN for RDS Cluster Instance (%s), not setting Tags", *db.DBInstanceIdentifier)
-        } else {
-                if err := saveTagsRDS(conn, d, arn); err != nil {
-                        log.Printf("[WARN] Failed to save tags for RDS Cluster Instance (%s): %s", *db.DBClusterIdentifier, err)
-                }
-        }
+	// Fetch and save tags
+	arn, err := buildRDSARN(d, meta)
+	if err != nil {
+		log.Printf("[DEBUG] Error building ARN for RDS Cluster Instance (%s), not setting Tags", *db.DBInstanceIdentifier)
+	} else {
+		if err := saveTagsRDS(conn, d, arn); err != nil {
+			log.Printf("[WARN] Failed to save tags for RDS Cluster Instance (%s): %s", *db.DBClusterIdentifier, err)
+		}
+	}
 
-        return nil
+	return nil
 }
 
 func resourceAwsRDSClusterInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
+	conn := meta.(*AWSClient).rdsconn
 
-        if arn, err := buildRDSARN(d, meta); err == nil {
-                if err := setTagsRDS(conn, d, arn); err != nil {
-                        return err
-                }
-        }
+	if arn, err := buildRDSARN(d, meta); err == nil {
+		if err := setTagsRDS(conn, d, arn); err != nil {
+			return err
+		}
+	}
 
-        return resourceAwsRDSClusterInstanceRead(d, meta)
+	return resourceAwsRDSClusterInstanceRead(d, meta)
 }
 
 func resourceAwsRDSClusterInstanceDelete(d *schema.ResourceData, meta interface{}) error {
-        conn := meta.(*AWSClient).rdsconn
+	conn := meta.(*AWSClient).rdsconn
 
-        log.Printf("[DEBUG] RDS Cluster Instance destroy: %v", d.Id())
+	log.Printf("[DEBUG] RDS Cluster Instance destroy: %v", d.Id())
 
-        opts := rds.DeleteDBInstanceInput{DBInstanceIdentifier: aws.String(d.Id())}
+	opts := rds.DeleteDBInstanceInput{DBInstanceIdentifier: aws.String(d.Id())}
 
-        log.Printf("[DEBUG] RDS Cluster Instance destroy configuration: %s", opts)
-        if _, err := conn.DeleteDBInstance(&opts); err != nil {
-                return err
-        }
+	log.Printf("[DEBUG] RDS Cluster Instance destroy configuration: %s", opts)
+	if _, err := conn.DeleteDBInstance(&opts); err != nil {
+		return err
+	}
 
-        // re-uses db_instance refresh func
-        log.Println("[INFO] Waiting for RDS Cluster Instance to be destroyed")
-        stateConf := &resource.StateChangeConf{
-                Pending:    []string{"modifying", "deleting"},
-                Target:     "",
-                Refresh:    resourceAwsDbInstanceStateRefreshFunc(d, meta),
-                Timeout:    40 * time.Minute,
-                MinTimeout: 10 * time.Second,
-        }
+	// re-uses db_instance refresh func
+	log.Println("[INFO] Waiting for RDS Cluster Instance to be destroyed")
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{"modifying", "deleting"},
+		Target:     "",
+		Refresh:    resourceAwsDbInstanceStateRefreshFunc(d, meta),
+		Timeout:    40 * time.Minute,
+		MinTimeout: 10 * time.Second,
+	}
 
-        if _, err := stateConf.WaitForState(); err != nil {
-                return err
-        }
+	if _, err := stateConf.WaitForState(); err != nil {
+		return err
+	}
 
-        return nil
+	return nil
 
 }
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
index f923c1712f..046132fad2 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_instance_test.go
@@ -1,118 +1,118 @@
 package aws
 
 import (
-        "fmt"
-        "math/rand"
-        "strings"
-        "testing"
-        "time"
+	"fmt"
+	"math/rand"
+	"strings"
+	"testing"
+	"time"
 
-        "github.com/hashicorp/terraform/helper/resource"
-        "github.com/hashicorp/terraform/terraform"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
 
-        "github.com/aws/aws-sdk-go/aws"
-        "github.com/aws/aws-sdk-go/aws/awserr"
-        "github.com/aws/aws-sdk-go/service/rds"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/rds"
 )
 
 func TestAccAWSRDSClusterInstance_basic(t *testing.T) {
-        var v rds.DBInstance
+	var v rds.DBInstance
 
-        resource.Test(t, resource.TestCase{
-                PreCheck:     func() { testAccPreCheck(t) },
-                Providers:    testAccProviders,
-                CheckDestroy: testAccCheckAWSClusterDestroy,
-                Steps: []resource.TestStep{
-                        resource.TestStep{
-                                Config: testAccAWSClusterInstanceConfig,
-                                Check: resource.ComposeTestCheckFunc(
-                                        testAccCheckAWSClusterInstanceExists("aws_rds_cluster_instance.cluster_instances", &v),
-                                        testAccCheckAWSDBClusterInstanceAttributes(&v),
-                                ),
-                        },
-                },
-        })
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSClusterDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSClusterInstanceConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSClusterInstanceExists("aws_rds_cluster_instance.cluster_instances", &v),
+					testAccCheckAWSDBClusterInstanceAttributes(&v),
+				),
+			},
+		},
+	})
 }
 
 func testAccCheckAWSClusterInstanceDestroy(s *terraform.State) error {
-        for _, rs := range s.RootModule().Resources {
-                if rs.Type != "aws_rds_cluster" {
-                        continue
-                }
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_rds_cluster" {
+			continue
+		}
 
-                // Try to find the Group
-                conn := testAccProvider.Meta().(*AWSClient).rdsconn
-                var err error
-                resp, err := conn.DescribeDBInstances(
-                        &rds.DescribeDBInstancesInput{
-                                DBInstanceIdentifier: aws.String(rs.Primary.ID),
-                        })
+		// Try to find the Group
+		conn := testAccProvider.Meta().(*AWSClient).rdsconn
+		var err error
+		resp, err := conn.DescribeDBInstances(
+			&rds.DescribeDBInstancesInput{
+				DBInstanceIdentifier: aws.String(rs.Primary.ID),
+			})
 
-                if err == nil {
-                        if len(resp.DBInstances) != 0 &&
-                                *resp.DBInstances[0].DBInstanceIdentifier == rs.Primary.ID {
-                                return fmt.Errorf("DB Cluster Instance %s still exists", rs.Primary.ID)
-                        }
-                }
+		if err == nil {
+			if len(resp.DBInstances) != 0 &&
+				*resp.DBInstances[0].DBInstanceIdentifier == rs.Primary.ID {
+				return fmt.Errorf("DB Cluster Instance %s still exists", rs.Primary.ID)
+			}
+		}
 
-                // Return nil if the Cluster Instance is already destroyed
-                if awsErr, ok := err.(awserr.Error); ok {
-                        if awsErr.Code() == "DBInstanceNotFound" {
-                                return nil
-                        }
-                }
+		// Return nil if the Cluster Instance is already destroyed
+		if awsErr, ok := err.(awserr.Error); ok {
+			if awsErr.Code() == "DBInstanceNotFound" {
+				return nil
+			}
+		}
 
-                return err
+		return err
 
-        }
+	}
 
-        return nil
+	return nil
 }
 
 func testAccCheckAWSDBClusterInstanceAttributes(v *rds.DBInstance) resource.TestCheckFunc {
-        return func(s *terraform.State) error {
+	return func(s *terraform.State) error {
 
-                if *v.Engine != "aurora" {
-                        return fmt.Errorf("bad engine, expected \"aurora\": %#v", *v.Engine)
-                }
+		if *v.Engine != "aurora" {
+			return fmt.Errorf("bad engine, expected \"aurora\": %#v", *v.Engine)
+		}
 
-                if !strings.HasPrefix(*v.DBClusterIdentifier, "tf-aurora-cluster") {
-                        return fmt.Errorf("Bad Cluster Identifier prefix:\nexpected: %s\ngot: %s", "tf-aurora-cluster", *v.DBClusterIdentifier)
-                }
+		if !strings.HasPrefix(*v.DBClusterIdentifier, "tf-aurora-cluster") {
+			return fmt.Errorf("Bad Cluster Identifier prefix:\nexpected: %s\ngot: %s", "tf-aurora-cluster", *v.DBClusterIdentifier)
+		}
 
-                return nil
-        }
+		return nil
+	}
 }
 
 func testAccCheckAWSClusterInstanceExists(n string, v *rds.DBInstance) resource.TestCheckFunc {
-        return func(s *terraform.State) error {
-                rs, ok := s.RootModule().Resources[n]
-                if !ok {
-                        return fmt.Errorf("Not found: %s", n)
-                }
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
 
-                if rs.Primary.ID == "" {
-                        return fmt.Errorf("No DB Instance ID is set")
-                }
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No DB Instance ID is set")
+		}
 
-                conn := testAccProvider.Meta().(*AWSClient).rdsconn
-                resp, err := conn.DescribeDBInstances(&rds.DescribeDBInstancesInput{
-                        DBInstanceIdentifier: aws.String(rs.Primary.ID),
-                })
+		conn := testAccProvider.Meta().(*AWSClient).rdsconn
+		resp, err := conn.DescribeDBInstances(&rds.DescribeDBInstancesInput{
+			DBInstanceIdentifier: aws.String(rs.Primary.ID),
+		})
 
-                if err != nil {
-                        return err
-                }
+		if err != nil {
+			return err
+		}
 
-                for _, d := range resp.DBInstances {
-                        if *d.DBInstanceIdentifier == rs.Primary.ID {
-                                *v = *d
-                                return nil
-                        }
-                }
+		for _, d := range resp.DBInstances {
+			if *d.DBInstanceIdentifier == rs.Primary.ID {
+				*v = *d
+				return nil
+			}
+		}
 
-                return fmt.Errorf("DB Cluster (%s) not found", rs.Primary.ID)
-        }
+		return fmt.Errorf("DB Cluster (%s) not found", rs.Primary.ID)
+	}
 }
 
 // Add some random to the name, to avoid collision
diff --git a/builtin/providers/aws/resource_aws_rds_cluster_test.go b/builtin/providers/aws/resource_aws_rds_cluster_test.go
index 2fd7689497..ffa2fa8e90 100644
--- a/builtin/providers/aws/resource_aws_rds_cluster_test.go
+++ b/builtin/providers/aws/resource_aws_rds_cluster_test.go
@@ -1,100 +1,100 @@
 package aws
 
 import (
-        "fmt"
-        "math/rand"
-        "testing"
-        "time"
+	"fmt"
+	"math/rand"
+	"testing"
+	"time"
 
-        "github.com/hashicorp/terraform/helper/resource"
-        "github.com/hashicorp/terraform/terraform"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
 
-        "github.com/aws/aws-sdk-go/aws"
-        "github.com/aws/aws-sdk-go/aws/awserr"
-        "github.com/aws/aws-sdk-go/service/rds"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/rds"
 )
 
 func TestAccAWSRDSCluster_basic(t *testing.T) {
-        var v rds.DBCluster
+	var v rds.DBCluster
 
-        resource.Test(t, resource.TestCase{
-                PreCheck:     func() { testAccPreCheck(t) },
-                Providers:    testAccProviders,
-                CheckDestroy: testAccCheckAWSClusterDestroy,
-                Steps: []resource.TestStep{
-                        resource.TestStep{
-                                Config: testAccAWSClusterConfig,
-                                Check: resource.ComposeTestCheckFunc(
-                                        testAccCheckAWSClusterExists("aws_rds_cluster.default", &v),
-                                ),
-                        },
-                },
-        })
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSClusterDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSClusterConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSClusterExists("aws_rds_cluster.default", &v),
+				),
+			},
+		},
+	})
 }
 
 func testAccCheckAWSClusterDestroy(s *terraform.State) error {
-        for _, rs := range s.RootModule().Resources {
-                if rs.Type != "aws_rds_cluster" {
-                        continue
-                }
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_rds_cluster" {
+			continue
+		}
 
-                // Try to find the Group
-                conn := testAccProvider.Meta().(*AWSClient).rdsconn
-                var err error
-                resp, err := conn.DescribeDBClusters(
-                        &rds.DescribeDBClustersInput{
-                                DBClusterIdentifier: aws.String(rs.Primary.ID),
-                        })
+		// Try to find the Group
+		conn := testAccProvider.Meta().(*AWSClient).rdsconn
+		var err error
+		resp, err := conn.DescribeDBClusters(
+			&rds.DescribeDBClustersInput{
+				DBClusterIdentifier: aws.String(rs.Primary.ID),
+			})
 
-                if err == nil {
-                        if len(resp.DBClusters) != 0 &&
-                                *resp.DBClusters[0].DBClusterIdentifier == rs.Primary.ID {
-                                return fmt.Errorf("DB Cluster %s still exists", rs.Primary.ID)
-                        }
-                }
+		if err == nil {
+			if len(resp.DBClusters) != 0 &&
+				*resp.DBClusters[0].DBClusterIdentifier == rs.Primary.ID {
+				return fmt.Errorf("DB Cluster %s still exists", rs.Primary.ID)
+			}
+		}
 
-                // Return nil if the cluster is already destroyed
-                if awsErr, ok := err.(awserr.Error); ok {
-                        if awsErr.Code() == "DBClusterNotFound" {
-                                return nil
-                        }
-                }
+		// Return nil if the cluster is already destroyed
+		if awsErr, ok := err.(awserr.Error); ok {
+			if awsErr.Code() == "DBClusterNotFound" {
+				return nil
+			}
+		}
 
-                return err
-        }
+		return err
+	}
 
-        return nil
+	return nil
 }
 
 func testAccCheckAWSClusterExists(n string, v *rds.DBCluster) resource.TestCheckFunc {
-        return func(s *terraform.State) error {
-                rs, ok := s.RootModule().Resources[n]
-                if !ok {
-                        return fmt.Errorf("Not found: %s", n)
-                }
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
 
-                if rs.Primary.ID == "" {
-                        return fmt.Errorf("No DB Instance ID is set")
-                }
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No DB Instance ID is set")
+		}
 
-                conn := testAccProvider.Meta().(*AWSClient).rdsconn
-                resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
-                        DBClusterIdentifier: aws.String(rs.Primary.ID),
-                })
+		conn := testAccProvider.Meta().(*AWSClient).rdsconn
+		resp, err := conn.DescribeDBClusters(&rds.DescribeDBClustersInput{
+			DBClusterIdentifier: aws.String(rs.Primary.ID),
+		})
 
-                if err != nil {
-                        return err
-                }
+		if err != nil {
+			return err
+		}
 
-                for _, c := range resp.DBClusters {
-                        if *c.DBClusterIdentifier == rs.Primary.ID {
-                                *v = *c
-                                return nil
-                        }
-                }
+		for _, c := range resp.DBClusters {
+			if *c.DBClusterIdentifier == rs.Primary.ID {
+				*v = *c
+				return nil
+			}
+		}
 
-                return fmt.Errorf("DB Cluster (%s) not found", rs.Primary.ID)
-        }
+		return fmt.Errorf("DB Cluster (%s) not found", rs.Primary.ID)
+	}
 }
 
 // Add some random to the name, to avoid collision

From 6b219a155386a77d23071dce02b29bc3e3632df4 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 7 Oct 2015 12:19:18 -0500
Subject: [PATCH 133/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7019444c0a..8d95149fe3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -52,6 +52,7 @@ BUG FIXES:
   * provider/aws: Read instance source_dest_check and save to state [GH-3152]
   * provider/aws: Allow `weight = 0` in Route53 records [GH-3196]
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
+  * provider/aws: Fix ValidateAccountId for IAM Instance Profiles [GH-3313]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
   * provider/openstack: remove security groups (by name) before adding security

From 2b75e65129a41a0723971ca0fc5b3fb4efb02043 Mon Sep 17 00:00:00 2001
From: Robert Roland <robert@robertroland.org>
Date: Wed, 7 Oct 2015 13:07:41 -0700
Subject: [PATCH 134/335] Update container.html.markdown

Correcting a misspelling in the docs.
---
 website/source/docs/providers/docker/r/container.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/docker/r/container.html.markdown b/website/source/docs/providers/docker/r/container.html.markdown
index 5653f139ad..fa940720d7 100644
--- a/website/source/docs/providers/docker/r/container.html.markdown
+++ b/website/source/docs/providers/docker/r/container.html.markdown
@@ -76,7 +76,7 @@ the following:
   volume will be mounted.
 * `host_path` - (Optional, string) The path on the host where the volume
   is coming from.
-* `read_only` - (Optinal, bool) If true, this volume will be readonly.
+* `read_only` - (Optional, bool) If true, this volume will be readonly.
   Defaults to false.
 
 ## Attributes Reference

From f9efede8524cec3f5a59090dc774c312f2516460 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 7 Oct 2015 13:35:06 -0700
Subject: [PATCH 135/335] gofmt files from recently merged PRs

---
 builtin/providers/aws/config.go               |  2 +-
 builtin/providers/aws/conversions.go          |  2 +-
 builtin/providers/aws/provider.go             |  4 +-
 .../providers/aws/resource_aws_db_instance.go |  8 ++--
 .../resource_aws_opsworks_ganglia_layer.go    |  2 +-
 .../aws/resource_aws_opsworks_stack.go        |  6 +--
 builtin/providers/aws/structure.go            | 38 +++++++++----------
 builtin/providers/aws/tagsRDS.go              | 28 +++++++-------
 .../azure/resource_azure_instance.go          | 12 +++---
 builtin/providers/google/metadata.go          |  6 +--
 .../google/resource_compute_instance.go       |  8 ++--
 .../resource_compute_project_metadata.go      | 10 ++---
 .../google/resource_compute_vpn_gateway.go    |  4 +-
 .../google/resource_storage_bucket.go         |  4 +-
 .../google/resource_storage_bucket_acl.go     | 33 ++++++++--------
 .../resource_storage_bucket_acl_test.go       | 27 +++++++------
 .../google/resource_storage_bucket_object.go  |  7 ++--
 .../resource_storage_bucket_object_test.go    |  9 ++---
 .../google/resource_storage_object_acl.go     | 29 +++++++-------
 .../resource_storage_object_acl_test.go       | 22 +++++------
 ...source_openstack_blockstorage_volume_v1.go |  2 +-
 .../resource_openstack_compute_instance_v2.go |  1 -
 builtin/providers/rundeck/resource_job.go     |  8 ++--
 .../provisioners/chef/resource_provisioner.go |  1 -
 24 files changed, 133 insertions(+), 140 deletions(-)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index 6e57fd6a37..a20405997e 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -62,7 +62,7 @@ type AWSClient struct {
 	kinesisconn        *kinesis.Kinesis
 	elasticacheconn    *elasticache.ElastiCache
 	lambdaconn         *lambda.Lambda
-	opsworksconn    *opsworks.OpsWorks
+	opsworksconn       *opsworks.OpsWorks
 }
 
 // Client configures and returns a fully initialized AWSClient
diff --git a/builtin/providers/aws/conversions.go b/builtin/providers/aws/conversions.go
index 7911237459..5c0caca70b 100644
--- a/builtin/providers/aws/conversions.go
+++ b/builtin/providers/aws/conversions.go
@@ -5,7 +5,7 @@ import (
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
-func makeAwsStringList(in []interface {}) []*string {
+func makeAwsStringList(in []interface{}) []*string {
 	ret := make([]*string, len(in), len(in))
 	for i := 0; i < len(in); i++ {
 		ret[i] = aws.String(in[i].(string))
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index cf89db0b7a..c915c61fb4 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -219,8 +219,8 @@ func Provider() terraform.ResourceProvider {
 			"aws_opsworks_ganglia_layer":       resourceAwsOpsworksGangliaLayer(),
 			"aws_opsworks_custom_layer":        resourceAwsOpsworksCustomLayer(),
 			"aws_proxy_protocol_policy":        resourceAwsProxyProtocolPolicy(),
-                        "aws_rds_cluster":                  resourceAwsRDSCluster(),
-                        "aws_rds_cluster_instance":         resourceAwsRDSClusterInstance(),
+			"aws_rds_cluster":                  resourceAwsRDSCluster(),
+			"aws_rds_cluster_instance":         resourceAwsRDSClusterInstance(),
 			"aws_route53_delegation_set":       resourceAwsRoute53DelegationSet(),
 			"aws_route53_record":               resourceAwsRoute53Record(),
 			"aws_route53_zone_association":     resourceAwsRoute53ZoneAssociation(),
diff --git a/builtin/providers/aws/resource_aws_db_instance.go b/builtin/providers/aws/resource_aws_db_instance.go
index 60b3dd329c..d1d3a4ae11 100644
--- a/builtin/providers/aws/resource_aws_db_instance.go
+++ b/builtin/providers/aws/resource_aws_db_instance.go
@@ -75,10 +75,10 @@ func resourceAwsDbInstance() *schema.Resource {
 			},
 
 			"identifier": &schema.Schema{
-                                Type:         schema.TypeString,
-                                Required:     true,
-                                ForceNew:     true,
-                                ValidateFunc: validateRdsId,
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateRdsId,
 			},
 
 			"instance_class": &schema.Schema{
diff --git a/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go b/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go
index c37bb70e5d..24778501c4 100644
--- a/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go
+++ b/builtin/providers/aws/resource_aws_opsworks_ganglia_layer.go
@@ -6,7 +6,7 @@ import (
 
 func resourceAwsOpsworksGangliaLayer() *schema.Resource {
 	layerType := &opsworksLayerType{
-		TypeName: "monitoring-master",
+		TypeName:         "monitoring-master",
 		DefaultLayerName: "Ganglia",
 
 		Attributes: map[string]*opsworksLayerTypeAttribute{
diff --git a/builtin/providers/aws/resource_aws_opsworks_stack.go b/builtin/providers/aws/resource_aws_opsworks_stack.go
index 5d0bf1aa83..8eeda3f05b 100644
--- a/builtin/providers/aws/resource_aws_opsworks_stack.go
+++ b/builtin/providers/aws/resource_aws_opsworks_stack.go
@@ -306,9 +306,9 @@ func resourceAwsOpsworksStackCreate(d *schema.ResourceData, meta interface{}) er
 
 	req := &opsworks.CreateStackInput{
 		DefaultInstanceProfileArn: aws.String(d.Get("default_instance_profile_arn").(string)),
-		Name:                    aws.String(d.Get("name").(string)),
-		Region:                  aws.String(d.Get("region").(string)),
-		ServiceRoleArn:          aws.String(d.Get("service_role_arn").(string)),
+		Name:           aws.String(d.Get("name").(string)),
+		Region:         aws.String(d.Get("region").(string)),
+		ServiceRoleArn: aws.String(d.Get("service_role_arn").(string)),
 	}
 	inVpc := false
 	if vpcId, ok := d.GetOk("vpc_id"); ok {
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index d8dd6af65f..dc7b6d89b7 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-        "regexp"
+	"regexp"
 	"sort"
 	"strings"
 
@@ -460,22 +460,22 @@ func expandResourceRecords(recs []interface{}, typeStr string) []*route53.Resour
 }
 
 func validateRdsId(v interface{}, k string) (ws []string, errors []error) {
-        value := v.(string)
-        if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
-                errors = append(errors, fmt.Errorf(
-                        "only lowercase alphanumeric characters and hyphens allowed in %q", k))
-        }
-        if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
-                errors = append(errors, fmt.Errorf(
-                        "first character of %q must be a letter", k))
-        }
-        if regexp.MustCompile(`--`).MatchString(value) {
-                errors = append(errors, fmt.Errorf(
-                        "%q cannot contain two consecutive hyphens", k))
-        }
-        if regexp.MustCompile(`-$`).MatchString(value) {
-                errors = append(errors, fmt.Errorf(
-                        "%q cannot end with a hyphen", k))
-        }
-        return
+	value := v.(string)
+	if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"only lowercase alphanumeric characters and hyphens allowed in %q", k))
+	}
+	if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"first character of %q must be a letter", k))
+	}
+	if regexp.MustCompile(`--`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot contain two consecutive hyphens", k))
+	}
+	if regexp.MustCompile(`-$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot end with a hyphen", k))
+	}
+	return
 }
diff --git a/builtin/providers/aws/tagsRDS.go b/builtin/providers/aws/tagsRDS.go
index 7ba0ee903e..bcc3eb9ead 100644
--- a/builtin/providers/aws/tagsRDS.go
+++ b/builtin/providers/aws/tagsRDS.go
@@ -1,7 +1,7 @@
 package aws
 
 import (
-        "fmt"
+	"fmt"
 	"log"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -20,7 +20,7 @@ func setTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
 
 		// Set tags
 		if len(remove) > 0 {
-                        log.Printf("[DEBUG] Removing tags: %s", remove)
+			log.Printf("[DEBUG] Removing tags: %s", remove)
 			k := make([]*string, len(remove), len(remove))
 			for i, t := range remove {
 				k[i] = t.Key
@@ -35,7 +35,7 @@ func setTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
 			}
 		}
 		if len(create) > 0 {
-                        log.Printf("[DEBUG] Creating tags: %s", create)
+			log.Printf("[DEBUG] Creating tags: %s", create)
 			_, err := conn.AddTagsToResource(&rds.AddTagsToResourceInput{
 				ResourceName: aws.String(arn),
 				Tags:         create,
@@ -96,18 +96,18 @@ func tagsToMapRDS(ts []*rds.Tag) map[string]string {
 }
 
 func saveTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
-        resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
-                ResourceName: aws.String(arn),
-        })
+	resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
+		ResourceName: aws.String(arn),
+	})
 
-        if err != nil {
-                return fmt.Errorf("[DEBUG] Error retreiving tags for ARN: %s", arn)
-        }
+	if err != nil {
+		return fmt.Errorf("[DEBUG] Error retreiving tags for ARN: %s", arn)
+	}
 
-        var dt []*rds.Tag
-        if len(resp.TagList) > 0 {
-                dt = resp.TagList
-        }
+	var dt []*rds.Tag
+	if len(resp.TagList) > 0 {
+		dt = resp.TagList
+	}
 
-        return d.Set("tags", tagsToMapRDS(dt))
+	return d.Set("tags", tagsToMapRDS(dt))
 }
diff --git a/builtin/providers/azure/resource_azure_instance.go b/builtin/providers/azure/resource_azure_instance.go
index fb264f28ea..c95285ec25 100644
--- a/builtin/providers/azure/resource_azure_instance.go
+++ b/builtin/providers/azure/resource_azure_instance.go
@@ -297,15 +297,15 @@ func resourceAzureInstanceCreate(d *schema.ResourceData, meta interface{}) (err
 		if err != nil {
 			return fmt.Errorf("Error configuring %s for Windows: %s", name, err)
 		}
-		
+
 		if domain_name, ok := d.GetOk("domain_name"); ok {
 			err = vmutils.ConfigureWindowsToJoinDomain(
-				&role, 
-				d.Get("domain_username").(string), 
-				d.Get("domain_password").(string), 
-				domain_name.(string), 
+				&role,
+				d.Get("domain_username").(string),
+				d.Get("domain_password").(string),
+				domain_name.(string),
 				d.Get("domain_ou").(string),
-			) 
+			)
 			if err != nil {
 				return fmt.Errorf("Error configuring %s for WindowsToJoinDomain: %s", name, err)
 			}
diff --git a/builtin/providers/google/metadata.go b/builtin/providers/google/metadata.go
index bc609ac88c..e75c450228 100644
--- a/builtin/providers/google/metadata.go
+++ b/builtin/providers/google/metadata.go
@@ -23,7 +23,7 @@ func MetadataRetryWrapper(update func() error) error {
 		}
 	}
 
-	return fmt.Errorf("Failed to update metadata after %d retries", attempt);
+	return fmt.Errorf("Failed to update metadata after %d retries", attempt)
 }
 
 // Update the metadata (serverMD) according to the provided diff (oldMDMap v
@@ -51,7 +51,7 @@ func MetadataUpdate(oldMDMap map[string]interface{}, newMDMap map[string]interfa
 	// Reformat old metadata into a list
 	serverMD.Items = nil
 	for key, val := range curMDMap {
-		v := val;
+		v := val
 		serverMD.Items = append(serverMD.Items, &compute.MetadataItems{
 			Key:   key,
 			Value: &v,
@@ -60,7 +60,7 @@ func MetadataUpdate(oldMDMap map[string]interface{}, newMDMap map[string]interfa
 }
 
 // Format metadata from the server data format -> schema data format
-func MetadataFormatSchema(md *compute.Metadata) (map[string]interface{}) {
+func MetadataFormatSchema(md *compute.Metadata) map[string]interface{} {
 	newMD := make(map[string]interface{})
 
 	for _, kv := range md.Items {
diff --git a/builtin/providers/google/resource_compute_instance.go b/builtin/providers/google/resource_compute_instance.go
index 9879646413..52575767e5 100644
--- a/builtin/providers/google/resource_compute_instance.go
+++ b/builtin/providers/google/resource_compute_instance.go
@@ -507,12 +507,12 @@ func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) err
 func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
-	instance, err := getInstance(config, d);
+	instance, err := getInstance(config, d)
 	if err != nil {
 		return err
 	}
 
-	// Synch metadata 
+	// Synch metadata
 	md := instance.Metadata
 
 	if err = d.Set("metadata", MetadataFormatSchema(md)); err != nil {
@@ -644,7 +644,7 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 
 	zone := d.Get("zone").(string)
 
-	instance, err := getInstance(config, d);
+	instance, err := getInstance(config, d)
 	if err != nil {
 		return err
 	}
@@ -658,7 +658,7 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 
 		updateMD := func() error {
 			// Reload the instance in the case of a fingerprint mismatch
-			instance, err = getInstance(config, d);
+			instance, err = getInstance(config, d)
 			if err != nil {
 				return err
 			}
diff --git a/builtin/providers/google/resource_compute_project_metadata.go b/builtin/providers/google/resource_compute_project_metadata.go
index 83b6fb0dfd..c2f8a4a5fa 100644
--- a/builtin/providers/google/resource_compute_project_metadata.go
+++ b/builtin/providers/google/resource_compute_project_metadata.go
@@ -72,10 +72,10 @@ func resourceComputeProjectMetadataCreate(d *schema.ResourceData, meta interface
 
 	err := MetadataRetryWrapper(createMD)
 	if err != nil {
-		return err;
+		return err
 	}
 
-	return resourceComputeProjectMetadataRead(d, meta);
+	return resourceComputeProjectMetadataRead(d, meta)
 }
 
 func resourceComputeProjectMetadataRead(d *schema.ResourceData, meta interface{}) error {
@@ -115,7 +115,7 @@ func resourceComputeProjectMetadataUpdate(d *schema.ResourceData, meta interface
 
 			md := project.CommonInstanceMetadata
 
-		    MetadataUpdate(o.(map[string]interface{}), n.(map[string]interface{}), md)
+			MetadataUpdate(o.(map[string]interface{}), n.(map[string]interface{}), md)
 
 			op, err := config.clientCompute.Projects.SetCommonInstanceMetadata(config.Project, md).Do()
 
@@ -133,10 +133,10 @@ func resourceComputeProjectMetadataUpdate(d *schema.ResourceData, meta interface
 
 		err := MetadataRetryWrapper(updateMD)
 		if err != nil {
-			return err;
+			return err
 		}
 
-		return resourceComputeProjectMetadataRead(d, meta);
+		return resourceComputeProjectMetadataRead(d, meta)
 	}
 
 	return nil
diff --git a/builtin/providers/google/resource_compute_vpn_gateway.go b/builtin/providers/google/resource_compute_vpn_gateway.go
index ba25aeb1f2..bd5350b9c3 100644
--- a/builtin/providers/google/resource_compute_vpn_gateway.go
+++ b/builtin/providers/google/resource_compute_vpn_gateway.go
@@ -56,8 +56,8 @@ func resourceComputeVpnGatewayCreate(d *schema.ResourceData, meta interface{}) e
 	vpnGatewaysService := compute.NewTargetVpnGatewaysService(config.clientCompute)
 
 	vpnGateway := &compute.TargetVpnGateway{
-		Name:        name,
-		Network:     network,
+		Name:    name,
+		Network: network,
 	}
 
 	if v, ok := d.GetOk("description"); ok {
diff --git a/builtin/providers/google/resource_storage_bucket.go b/builtin/providers/google/resource_storage_bucket.go
index 64e4fd434b..9118119a8f 100644
--- a/builtin/providers/google/resource_storage_bucket.go
+++ b/builtin/providers/google/resource_storage_bucket.go
@@ -128,8 +128,8 @@ func resourceStorageBucketUpdate(d *schema.ResourceData, meta interface{}) error
 				return fmt.Errorf("At most one website block is allowed")
 			}
 
-			// Setting fields to "" to be explicit that the PATCH call will 
-			// delete this field. 
+			// Setting fields to "" to be explicit that the PATCH call will
+			// delete this field.
 			if len(websites) == 0 {
 				sb.Website.NotFoundPage = ""
 				sb.Website.MainPageSuffix = ""
diff --git a/builtin/providers/google/resource_storage_bucket_acl.go b/builtin/providers/google/resource_storage_bucket_acl.go
index 1c2ef2ab65..3b866e0ad2 100644
--- a/builtin/providers/google/resource_storage_bucket_acl.go
+++ b/builtin/providers/google/resource_storage_bucket_acl.go
@@ -24,9 +24,9 @@ func resourceStorageBucketAcl() *schema.Resource {
 				ForceNew: true,
 			},
 			"predefined_acl": &schema.Schema{
-				Type:       schema.TypeString,
-				Optional:   true,
-				ForceNew:   true,
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
 			},
 			"role_entity": &schema.Schema{
 				Type:     schema.TypeList,
@@ -83,7 +83,7 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 	if len(predefined_acl) > 0 {
 		if len(role_entity) > 0 {
 			return fmt.Errorf("Error, you cannot specify both " +
-				"\"predefined_acl\" and \"role_entity\"");
+				"\"predefined_acl\" and \"role_entity\"")
 		}
 
 		res, err := config.clientStorage.Buckets.Get(bucket).Do()
@@ -99,9 +99,9 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
 		}
 
-		return resourceStorageBucketAclRead(d, meta);
+		return resourceStorageBucketAclRead(d, meta)
 	} else if len(role_entity) > 0 {
-		for _, v := range(role_entity) {
+		for _, v := range role_entity {
 			pair, err := getRoleEntityPair(v.(string))
 
 			bucketAccessControl := &storage.BucketAccessControl{
@@ -118,7 +118,7 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 
-		return resourceStorageBucketAclRead(d, meta);
+		return resourceStorageBucketAclRead(d, meta)
 	}
 
 	if len(default_acl) > 0 {
@@ -135,13 +135,12 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
 		}
 
-		return resourceStorageBucketAclRead(d, meta);
+		return resourceStorageBucketAclRead(d, meta)
 	}
 
 	return nil
 }
 
-
 func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
@@ -153,7 +152,7 @@ func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) erro
 		role_entity := make([]interface{}, 0)
 		re_local := d.Get("role_entity").([]interface{})
 		re_local_map := make(map[string]string)
-		for _, v := range(re_local) {
+		for _, v := range re_local {
 			res, err := getRoleEntityPair(v.(string))
 
 			if err != nil {
@@ -170,7 +169,7 @@ func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) erro
 			return err
 		}
 
-		for _, v := range(res.Items) {
+		for _, v := range res.Items {
 			log.Printf("[DEBUG]: examining re %s-%s", v.Role, v.Entity)
 			// We only store updates to the locally defined access controls
 			if _, in := re_local_map[v.Entity]; in {
@@ -196,7 +195,7 @@ func resourceStorageBucketAclUpdate(d *schema.ResourceData, meta interface{}) er
 		old_re, new_re := o.([]interface{}), n.([]interface{})
 
 		old_re_map := make(map[string]string)
-		for _, v := range(old_re) {
+		for _, v := range old_re {
 			res, err := getRoleEntityPair(v.(string))
 
 			if err != nil {
@@ -207,7 +206,7 @@ func resourceStorageBucketAclUpdate(d *schema.ResourceData, meta interface{}) er
 			old_re_map[res.Entity] = res.Role
 		}
 
-		for _, v := range(new_re) {
+		for _, v := range new_re {
 			pair, err := getRoleEntityPair(v.(string))
 
 			bucketAccessControl := &storage.BucketAccessControl{
@@ -233,7 +232,7 @@ func resourceStorageBucketAclUpdate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 
-		for entity, _ := range(old_re_map) {
+		for entity, _ := range old_re_map {
 			log.Printf("[DEBUG]: removing entity %s", entity)
 			err := config.clientStorage.BucketAccessControls.Delete(bucket, entity).Do()
 
@@ -242,7 +241,7 @@ func resourceStorageBucketAclUpdate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 
-		return resourceStorageBucketAclRead(d, meta);
+		return resourceStorageBucketAclRead(d, meta)
 	}
 
 	if d.HasChange("default_acl") {
@@ -261,7 +260,7 @@ func resourceStorageBucketAclUpdate(d *schema.ResourceData, meta interface{}) er
 			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
 		}
 
-		return resourceStorageBucketAclRead(d, meta);
+		return resourceStorageBucketAclRead(d, meta)
 	}
 
 	return nil
@@ -273,7 +272,7 @@ func resourceStorageBucketAclDelete(d *schema.ResourceData, meta interface{}) er
 	bucket := d.Get("bucket").(string)
 
 	re_local := d.Get("role_entity").([]interface{})
-	for _, v := range(re_local) {
+	for _, v := range re_local {
 		res, err := getRoleEntityPair(v.(string))
 		if err != nil {
 			return err
diff --git a/builtin/providers/google/resource_storage_bucket_acl_test.go b/builtin/providers/google/resource_storage_bucket_acl_test.go
index afcb991c56..9cdc2b1733 100644
--- a/builtin/providers/google/resource_storage_bucket_acl_test.go
+++ b/builtin/providers/google/resource_storage_bucket_acl_test.go
@@ -2,8 +2,8 @@ package google
 
 import (
 	"fmt"
-	"testing"
 	"math/rand"
+	"testing"
 	"time"
 
 	"github.com/hashicorp/terraform/helper/resource"
@@ -24,13 +24,13 @@ var testAclBucketName = fmt.Sprintf("%s-%d", "tf-test-acl-bucket", rand.New(rand
 
 func TestAccGoogleStorageBucketAcl_basic(t *testing.T) {
 	resource.Test(t, resource.TestCase{
-		PreCheck: func() { testAccPreCheck(t) },
+		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasic1,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
 				),
@@ -41,13 +41,13 @@ func TestAccGoogleStorageBucketAcl_basic(t *testing.T) {
 
 func TestAccGoogleStorageBucketAcl_upgrade(t *testing.T) {
 	resource.Test(t, resource.TestCase{
-		PreCheck: func() { testAccPreCheck(t) },
+		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasic1,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
 				),
@@ -55,7 +55,7 @@ func TestAccGoogleStorageBucketAcl_upgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasic2,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic3_owner),
 				),
@@ -63,7 +63,7 @@ func TestAccGoogleStorageBucketAcl_upgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasicDelete,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic3_owner),
@@ -75,13 +75,13 @@ func TestAccGoogleStorageBucketAcl_upgrade(t *testing.T) {
 
 func TestAccGoogleStorageBucketAcl_downgrade(t *testing.T) {
 	resource.Test(t, resource.TestCase{
-		PreCheck: func() { testAccPreCheck(t) },
+		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasic2,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic3_owner),
 				),
@@ -89,7 +89,7 @@ func TestAccGoogleStorageBucketAcl_downgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasic3,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageBucketAcl(testAclBucketName, roleEntityBasic3_reader),
 				),
@@ -97,7 +97,7 @@ func TestAccGoogleStorageBucketAcl_downgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageBucketsAclBasicDelete,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageBucketAclDelete(testAclBucketName, roleEntityBasic3_owner),
@@ -109,7 +109,7 @@ func TestAccGoogleStorageBucketAcl_downgrade(t *testing.T) {
 
 func TestAccGoogleStorageBucketAcl_predefined(t *testing.T) {
 	resource.Test(t, resource.TestCase{
-		PreCheck: func() { testAccPreCheck(t) },
+		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccGoogleStorageBucketAclDestroy,
 		Steps: []resource.TestStep{
@@ -146,7 +146,7 @@ func testAccCheckGoogleStorageBucketAcl(bucket, roleEntityS string) resource.Tes
 			return fmt.Errorf("Error retrieving contents of acl for bucket %s: %s", bucket, err)
 		}
 
-		if (res.Role != roleEntity.Role) {
+		if res.Role != roleEntity.Role {
 			return fmt.Errorf("Error, Role mismatch %s != %s", res.Role, roleEntity.Role)
 		}
 
@@ -218,7 +218,6 @@ resource "google_storage_bucket_acl" "acl" {
 }
 `, testAclBucketName, roleEntityBasic2, roleEntityBasic3_reader)
 
-
 var testGoogleStorageBucketsAclPredefined = fmt.Sprintf(`
 resource "google_storage_bucket" "bucket" {
 	name = "%s"
diff --git a/builtin/providers/google/resource_storage_bucket_object.go b/builtin/providers/google/resource_storage_bucket_object.go
index 473349d3c9..231153a85c 100644
--- a/builtin/providers/google/resource_storage_bucket_object.go
+++ b/builtin/providers/google/resource_storage_bucket_object.go
@@ -32,10 +32,10 @@ func resourceStorageBucketObject() *schema.Resource {
 				ForceNew: true,
 			},
 			"predefined_acl": &schema.Schema{
-				Type:     schema.TypeString,
+				Type:       schema.TypeString,
 				Deprecated: "Please use resource \"storage_object_acl.predefined_acl\" instead.",
-				Optional: true,
-				ForceNew: true,
+				Optional:   true,
+				ForceNew:   true,
 			},
 			"md5hash": &schema.Schema{
 				Type:     schema.TypeString,
@@ -75,7 +75,6 @@ func resourceStorageBucketObjectCreate(d *schema.ResourceData, meta interface{})
 		insertCall.PredefinedAcl(v.(string))
 	}
 
-
 	_, err = insertCall.Do()
 
 	if err != nil {
diff --git a/builtin/providers/google/resource_storage_bucket_object_test.go b/builtin/providers/google/resource_storage_bucket_object_test.go
index d7be902a1a..e84822fddf 100644
--- a/builtin/providers/google/resource_storage_bucket_object_test.go
+++ b/builtin/providers/google/resource_storage_bucket_object_test.go
@@ -1,11 +1,11 @@
 package google
 
 import (
-	"fmt"
-	"testing"
-	"io/ioutil"
 	"crypto/md5"
 	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"testing"
 
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
@@ -48,7 +48,6 @@ func testAccCheckGoogleStorageObject(bucket, object, md5 string) resource.TestCh
 
 		objectsService := storage.NewObjectsService(config.clientStorage)
 
-
 		getCall := objectsService.Get(bucket, object)
 		res, err := getCall.Do()
 
@@ -56,7 +55,7 @@ func testAccCheckGoogleStorageObject(bucket, object, md5 string) resource.TestCh
 			return fmt.Errorf("Error retrieving contents of object %s: %s", object, err)
 		}
 
-		if (md5 != res.Md5Hash) {
+		if md5 != res.Md5Hash {
 			return fmt.Errorf("Error contents of %s garbled, md5 hashes don't match (%s, %s)", object, md5, res.Md5Hash)
 		}
 
diff --git a/builtin/providers/google/resource_storage_object_acl.go b/builtin/providers/google/resource_storage_object_acl.go
index 867453284a..5212f81db2 100644
--- a/builtin/providers/google/resource_storage_object_acl.go
+++ b/builtin/providers/google/resource_storage_object_acl.go
@@ -65,7 +65,7 @@ func resourceStorageObjectAclCreate(d *schema.ResourceData, meta interface{}) er
 	if len(predefined_acl) > 0 {
 		if len(role_entity) > 0 {
 			return fmt.Errorf("Error, you cannot specify both " +
-				"\"predefined_acl\" and \"role_entity\"");
+				"\"predefined_acl\" and \"role_entity\"")
 		}
 
 		res, err := config.clientStorage.Objects.Get(bucket, object).Do()
@@ -74,16 +74,16 @@ func resourceStorageObjectAclCreate(d *schema.ResourceData, meta interface{}) er
 			return fmt.Errorf("Error reading object %s: %v", bucket, err)
 		}
 
-		res, err = config.clientStorage.Objects.Update(bucket,object,
+		res, err = config.clientStorage.Objects.Update(bucket, object,
 			res).PredefinedAcl(predefined_acl).Do()
 
 		if err != nil {
 			return fmt.Errorf("Error updating object %s: %v", bucket, err)
 		}
 
-		return resourceStorageBucketAclRead(d, meta);
+		return resourceStorageBucketAclRead(d, meta)
 	} else if len(role_entity) > 0 {
-		for _, v := range(role_entity) {
+		for _, v := range role_entity {
 			pair, err := getRoleEntityPair(v.(string))
 
 			objectAccessControl := &storage.ObjectAccessControl{
@@ -101,14 +101,13 @@ func resourceStorageObjectAclCreate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 
-		return resourceStorageObjectAclRead(d, meta);
+		return resourceStorageObjectAclRead(d, meta)
 	}
 
 	return fmt.Errorf("Error, you must specify either " +
-		"\"predefined_acl\" or \"role_entity\"");
+		"\"predefined_acl\" or \"role_entity\"")
 }
 
-
 func resourceStorageObjectAclRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
@@ -121,7 +120,7 @@ func resourceStorageObjectAclRead(d *schema.ResourceData, meta interface{}) erro
 		role_entity := make([]interface{}, 0)
 		re_local := d.Get("role_entity").([]interface{})
 		re_local_map := make(map[string]string)
-		for _, v := range(re_local) {
+		for _, v := range re_local {
 			res, err := getRoleEntityPair(v.(string))
 
 			if err != nil {
@@ -138,10 +137,10 @@ func resourceStorageObjectAclRead(d *schema.ResourceData, meta interface{}) erro
 			return err
 		}
 
-		for _, v := range(res.Items) {
+		for _, v := range res.Items {
 			role := ""
 			entity := ""
-			for key, val := range (v.(map[string]interface{})) {
+			for key, val := range v.(map[string]interface{}) {
 				if key == "role" {
 					role = val.(string)
 				} else if key == "entity" {
@@ -172,7 +171,7 @@ func resourceStorageObjectAclUpdate(d *schema.ResourceData, meta interface{}) er
 		old_re, new_re := o.([]interface{}), n.([]interface{})
 
 		old_re_map := make(map[string]string)
-		for _, v := range(old_re) {
+		for _, v := range old_re {
 			res, err := getRoleEntityPair(v.(string))
 
 			if err != nil {
@@ -183,7 +182,7 @@ func resourceStorageObjectAclUpdate(d *schema.ResourceData, meta interface{}) er
 			old_re_map[res.Entity] = res.Role
 		}
 
-		for _, v := range(new_re) {
+		for _, v := range new_re {
 			pair, err := getRoleEntityPair(v.(string))
 
 			objectAccessControl := &storage.ObjectAccessControl{
@@ -209,7 +208,7 @@ func resourceStorageObjectAclUpdate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 
-		for entity, _ := range(old_re_map) {
+		for entity, _ := range old_re_map {
 			log.Printf("[DEBUG]: removing entity %s", entity)
 			err := config.clientStorage.ObjectAccessControls.Delete(bucket, object, entity).Do()
 
@@ -218,7 +217,7 @@ func resourceStorageObjectAclUpdate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 
-		return resourceStorageObjectAclRead(d, meta);
+		return resourceStorageObjectAclRead(d, meta)
 	}
 
 	return nil
@@ -231,7 +230,7 @@ func resourceStorageObjectAclDelete(d *schema.ResourceData, meta interface{}) er
 	object := d.Get("object").(string)
 
 	re_local := d.Get("role_entity").([]interface{})
-	for _, v := range(re_local) {
+	for _, v := range re_local {
 		res, err := getRoleEntityPair(v.(string))
 		if err != nil {
 			return err
diff --git a/builtin/providers/google/resource_storage_object_acl_test.go b/builtin/providers/google/resource_storage_object_acl_test.go
index f0154aca63..ff14f683c8 100644
--- a/builtin/providers/google/resource_storage_object_acl_test.go
+++ b/builtin/providers/google/resource_storage_object_acl_test.go
@@ -2,9 +2,9 @@ package google
 
 import (
 	"fmt"
-	"testing"
-	"math/rand"
 	"io/ioutil"
+	"math/rand"
+	"testing"
 	"time"
 
 	"github.com/hashicorp/terraform/helper/resource"
@@ -32,7 +32,7 @@ func TestAccGoogleStorageObjectAcl_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasic1,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
 						testAclObjectName, roleEntityBasic1),
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
@@ -58,7 +58,7 @@ func TestAccGoogleStorageObjectAcl_upgrade(t *testing.T) {
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasic1,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
 						testAclObjectName, roleEntityBasic1),
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
@@ -68,7 +68,7 @@ func TestAccGoogleStorageObjectAcl_upgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasic2,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
 						testAclObjectName, roleEntityBasic2),
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
@@ -78,7 +78,7 @@ func TestAccGoogleStorageObjectAcl_upgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasicDelete,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
 						testAclObjectName, roleEntityBasic1),
 					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
@@ -106,7 +106,7 @@ func TestAccGoogleStorageObjectAcl_downgrade(t *testing.T) {
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasic2,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
 						testAclObjectName, roleEntityBasic2),
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
@@ -116,7 +116,7 @@ func TestAccGoogleStorageObjectAcl_downgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasic3,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
 						testAclObjectName, roleEntityBasic2),
 					testAccCheckGoogleStorageObjectAcl(testAclBucketName,
@@ -126,7 +126,7 @@ func TestAccGoogleStorageObjectAcl_downgrade(t *testing.T) {
 
 			resource.TestStep{
 				Config: testGoogleStorageObjectsAclBasicDelete,
-				Check:  resource.ComposeTestCheckFunc(
+				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
 						testAclObjectName, roleEntityBasic1),
 					testAccCheckGoogleStorageObjectAclDelete(testAclBucketName,
@@ -171,7 +171,7 @@ func testAccCheckGoogleStorageObjectAcl(bucket, object, roleEntityS string) reso
 			return fmt.Errorf("Error retrieving contents of acl for bucket %s: %s", bucket, err)
 		}
 
-		if (res.Role != roleEntity.Role) {
+		if res.Role != roleEntity.Role {
 			return fmt.Errorf("Error, Role mismatch %s != %s", res.Role, roleEntity.Role)
 		}
 
@@ -289,7 +289,7 @@ resource "google_storage_object_acl" "acl" {
 	role_entity = ["%s", "%s"]
 }
 `, testAclBucketName, testAclObjectName, tfObjectAcl.Name(),
-	roleEntityBasic2,  roleEntityBasic3_reader)
+	roleEntityBasic2, roleEntityBasic3_reader)
 
 var testGoogleStorageObjectsAclPredefined = fmt.Sprintf(`
 resource "google_storage_bucket" "bucket" {
diff --git a/builtin/providers/openstack/resource_openstack_blockstorage_volume_v1.go b/builtin/providers/openstack/resource_openstack_blockstorage_volume_v1.go
index cd5a5d567b..e049269a96 100644
--- a/builtin/providers/openstack/resource_openstack_blockstorage_volume_v1.go
+++ b/builtin/providers/openstack/resource_openstack_blockstorage_volume_v1.go
@@ -136,7 +136,7 @@ func resourceBlockStorageVolumeV1Create(d *schema.ResourceData, meta interface{}
 		v.ID)
 
 	stateConf := &resource.StateChangeConf{
-                Pending:    []string{"downloading"},
+		Pending:    []string{"downloading"},
 		Target:     "available",
 		Refresh:    VolumeV1StateRefreshFunc(blockStorageClient, v.ID),
 		Timeout:    10 * time.Minute,
diff --git a/builtin/providers/openstack/resource_openstack_compute_instance_v2.go b/builtin/providers/openstack/resource_openstack_compute_instance_v2.go
index 75014cc75e..3101f41bc4 100644
--- a/builtin/providers/openstack/resource_openstack_compute_instance_v2.go
+++ b/builtin/providers/openstack/resource_openstack_compute_instance_v2.go
@@ -610,7 +610,6 @@ func resourceComputeInstanceV2Update(d *schema.ResourceData, meta interface{}) e
 
 		log.Printf("[DEBUG] Security groups to remove: %v", secgroupsToRemove)
 
-
 		for _, g := range secgroupsToRemove.List() {
 			err := secgroups.RemoveServerFromGroup(computeClient, d.Id(), g.(string)).ExtractErr()
 			if err != nil {
diff --git a/builtin/providers/rundeck/resource_job.go b/builtin/providers/rundeck/resource_job.go
index 7411d5746c..c9af25b0b7 100644
--- a/builtin/providers/rundeck/resource_job.go
+++ b/builtin/providers/rundeck/resource_job.go
@@ -340,10 +340,10 @@ func jobFromResourceData(d *schema.ResourceData) (*rundeck.JobDetail, error) {
 		LogLevel:                  d.Get("log_level").(string),
 		AllowConcurrentExecutions: d.Get("allow_concurrent_executions").(bool),
 		Dispatch: &rundeck.JobDispatch{
-			MaxThreadCount:            d.Get("max_thread_count").(int),
-			ContinueOnError:           d.Get("continue_on_error").(bool),
-			RankAttribute:             d.Get("rank_attribute").(string),
-			RankOrder:                 d.Get("rank_order").(string),
+			MaxThreadCount:  d.Get("max_thread_count").(int),
+			ContinueOnError: d.Get("continue_on_error").(bool),
+			RankAttribute:   d.Get("rank_attribute").(string),
+			RankOrder:       d.Get("rank_order").(string),
 		},
 	}
 
diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index d7dbd718dc..7b94486d29 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -326,7 +326,6 @@ func (p *Provisioner) runChefClientFunc(
 			cmd = fmt.Sprintf("%s -j %q -E %q", chefCmd, fb, p.Environment)
 		}
 
-
 		if p.LogToFile {
 			if err := os.MkdirAll(logfileDir, 0755); err != nil {
 				return fmt.Errorf("Error creating logfile directory %s: %v", logfileDir, err)

From 05a091f892be4a786a1026dc0f61bed8c5ae8350 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 7 Oct 2015 15:58:05 -0500
Subject: [PATCH 136/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d95149fe3..419695b7ee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 FEATURES:
 
   * **New provider: `rundeck`** [GH-2412]
+  * **New provider: `packet`** [GH-2260]
   * **New resource: `cloudstack_loadbalancer_rule`** [GH-2934]
   * **New resource: `google_compute_project_metadata`** [GH-3065]
   * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2784]

From d089ac8e8276067b35d823e66bd9202331217eef Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 7 Oct 2015 18:18:26 -0500
Subject: [PATCH 137/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 419695b7ee..5b8a190451 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -54,6 +54,7 @@ BUG FIXES:
   * provider/aws: Allow `weight = 0` in Route53 records [GH-3196]
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/aws: Fix ValidateAccountId for IAM Instance Profiles [GH-3313]
+  * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
   * provider/openstack: remove security groups (by name) before adding security

From 2b9f4f895eae1d58972b106ebafeb5515fc2603f Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Thu, 1 Oct 2015 15:12:46 -0700
Subject: [PATCH 138/335] provider/aws: Add support for
 aws_elasticsearch_domain

---
 builtin/providers/aws/config.go               |   5 +
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_elasticsearch_domain.go  | 399 ++++++++++++++++++
 builtin/providers/aws/structure.go            | 111 +++++
 4 files changed, 516 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_elasticsearch_domain.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index a20405997e..badc3e20ea 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -18,6 +18,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/ecs"
 	"github.com/aws/aws-sdk-go/service/efs"
 	"github.com/aws/aws-sdk-go/service/elasticache"
+	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
 	"github.com/aws/aws-sdk-go/service/elb"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/aws/aws-sdk-go/service/kinesis"
@@ -51,6 +52,7 @@ type AWSClient struct {
 	ecsconn            *ecs.ECS
 	efsconn            *efs.EFS
 	elbconn            *elb.ELB
+	esconn             *elasticsearch.ElasticsearchService
 	autoscalingconn    *autoscaling.AutoScaling
 	s3conn             *s3.S3
 	sqsconn            *sqs.SQS
@@ -157,6 +159,9 @@ func (c *Config) Client() (interface{}, error) {
 		log.Println("[INFO] Initializing EFS Connection")
 		client.efsconn = efs.New(awsConfig)
 
+		log.Println("[INFO] Initializing ElasticSearch Connection")
+		client.esconn = elasticsearch.New(awsConfig)
+
 		log.Println("[INFO] Initializing Route 53 connection")
 		client.r53conn = route53.New(usEast1AwsConfig)
 
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index c915c61fb4..42b1d6242b 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -182,6 +182,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_elasticache_parameter_group":  resourceAwsElasticacheParameterGroup(),
 			"aws_elasticache_security_group":   resourceAwsElasticacheSecurityGroup(),
 			"aws_elasticache_subnet_group":     resourceAwsElasticacheSubnetGroup(),
+			"aws_elasticsearch_domain":         resourceAwsElasticSearchDomain(),
 			"aws_elb":                          resourceAwsElb(),
 			"aws_flow_log":                     resourceAwsFlowLog(),
 			"aws_iam_access_key":               resourceAwsIamAccessKey(),
diff --git a/builtin/providers/aws/resource_aws_elasticsearch_domain.go b/builtin/providers/aws/resource_aws_elasticsearch_domain.go
new file mode 100644
index 0000000000..8f2d6c9c9f
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_elasticsearch_domain.go
@@ -0,0 +1,399 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsElasticSearchDomain() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsElasticSearchDomainCreate,
+		Read:   resourceAwsElasticSearchDomainRead,
+		Update: resourceAwsElasticSearchDomainUpdate,
+		Delete: resourceAwsElasticSearchDomainDelete,
+
+		Schema: map[string]*schema.Schema{
+			"access_policies": &schema.Schema{
+				Type:      schema.TypeString,
+				StateFunc: normalizeJson,
+				Optional:  true,
+			},
+			"advanced_options": &schema.Schema{
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+			},
+			"domain_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if !regexp.MustCompile(`^[0-9A-Za-z]+`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"%q must start with a letter or number", k))
+					}
+					if !regexp.MustCompile(`^[0-9A-Za-z][0-9a-z-]+$`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"%q can only contain lowercase characters, numbers and hyphens", k))
+					}
+					return
+				},
+			},
+			"arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"domain_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"endpoint": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"ebs_options": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"ebs_enabled": &schema.Schema{
+							Type:     schema.TypeBool,
+							Required: true,
+						},
+						"iops": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"volume_size": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"volume_type": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
+			"cluster_config": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"dedicated_master_count": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"dedicated_master_enabled": &schema.Schema{
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
+						"dedicated_master_type": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"instance_count": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+							Default:  1,
+						},
+						"instance_type": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  "m3.medium.elasticsearch",
+						},
+						"zone_awareness_enabled": &schema.Schema{
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+					},
+				},
+			},
+			"snapshot_options": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"automated_snapshot_start_hour": &schema.Schema{
+							Type:     schema.TypeInt,
+							Required: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceAwsElasticSearchDomainCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).esconn
+
+	input := elasticsearch.CreateElasticsearchDomainInput{
+		DomainName: aws.String(d.Get("domain_name").(string)),
+	}
+
+	if v, ok := d.GetOk("access_policies"); ok {
+		input.AccessPolicies = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("advanced_options"); ok {
+		input.AdvancedOptions = stringMapToPointers(v.(map[string]interface{}))
+	}
+
+	if v, ok := d.GetOk("ebs_options"); ok {
+		options := v.([]interface{})
+
+		if len(options) > 1 {
+			return fmt.Errorf("Only a single ebs_options block is expected")
+		} else if len(options) == 1 {
+			if options[0] == nil {
+				return fmt.Errorf("At least one field is expected inside ebs_options")
+			}
+
+			s := options[0].(map[string]interface{})
+			input.EBSOptions = expandESEBSOptions(s)
+		}
+	}
+
+	if v, ok := d.GetOk("cluster_config"); ok {
+		config := v.([]interface{})
+
+		if len(config) > 1 {
+			return fmt.Errorf("Only a single cluster_config block is expected")
+		} else if len(config) == 1 {
+			if config[0] == nil {
+				return fmt.Errorf("At least one field is expected inside cluster_config")
+			}
+			m := config[0].(map[string]interface{})
+			input.ElasticsearchClusterConfig = expandESClusterConfig(m)
+		}
+	}
+
+	if v, ok := d.GetOk("snapshot_options"); ok {
+		options := v.([]interface{})
+
+		if len(options) > 1 {
+			return fmt.Errorf("Only a single snapshot_options block is expected")
+		} else if len(options) == 1 {
+			if options[0] == nil {
+				return fmt.Errorf("At least one field is expected inside snapshot_options")
+			}
+
+			o := options[0].(map[string]interface{})
+
+			snapshotOptions := elasticsearch.SnapshotOptions{
+				AutomatedSnapshotStartHour: aws.Int64(int64(o["automated_snapshot_start_hour"].(int))),
+			}
+
+			input.SnapshotOptions = &snapshotOptions
+		}
+	}
+
+	log.Printf("[DEBUG] Creating ElasticSearch domain: %s", input)
+	out, err := conn.CreateElasticsearchDomain(&input)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(*out.DomainStatus.ARN)
+
+	log.Printf("[DEBUG] Waiting for ElasticSearch domain %q to be created", d.Id())
+	err = resource.Retry(15*time.Minute, func() error {
+		out, err := conn.DescribeElasticsearchDomain(&elasticsearch.DescribeElasticsearchDomainInput{
+			DomainName: aws.String(d.Get("domain_name").(string)),
+		})
+		if err != nil {
+			return resource.RetryError{Err: err}
+		}
+
+		if !*out.DomainStatus.Processing && out.DomainStatus.Endpoint != nil {
+			return nil
+		}
+
+		return fmt.Errorf("%q: Timeout while waiting for the domain to be created", d.Id())
+	})
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] ElasticSearch domain %q created", d.Id())
+
+	return resourceAwsElasticSearchDomainRead(d, meta)
+}
+
+func resourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).esconn
+
+	out, err := conn.DescribeElasticsearchDomain(&elasticsearch.DescribeElasticsearchDomainInput{
+		DomainName: aws.String(d.Get("domain_name").(string)),
+	})
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Received ElasticSearch domain: %s", out)
+
+	ds := out.DomainStatus
+
+	d.Set("access_policies", *ds.AccessPolicies)
+	err = d.Set("advanced_options", pointersMapToStringList(ds.AdvancedOptions))
+	if err != nil {
+		return err
+	}
+	d.Set("domain_id", *ds.DomainId)
+	d.Set("domain_name", *ds.DomainName)
+	if ds.Endpoint != nil {
+		d.Set("endpoint", *ds.Endpoint)
+	}
+
+	err = d.Set("ebs_options", flattenESEBSOptions(ds.EBSOptions))
+	if err != nil {
+		return err
+	}
+	err = d.Set("cluster_config", flattenESClusterConfig(ds.ElasticsearchClusterConfig))
+	if err != nil {
+		return err
+	}
+	if ds.SnapshotOptions != nil {
+		d.Set("snapshot_options", map[string]interface{}{
+			"automated_snapshot_start_hour": *ds.SnapshotOptions.AutomatedSnapshotStartHour,
+		})
+	}
+
+	d.Set("arn", *ds.ARN)
+
+	return nil
+}
+
+func resourceAwsElasticSearchDomainUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).esconn
+
+	input := elasticsearch.UpdateElasticsearchDomainConfigInput{
+		DomainName: aws.String(d.Get("domain_name").(string)),
+	}
+
+	if d.HasChange("access_policies") {
+		input.AccessPolicies = aws.String(d.Get("access_policies").(string))
+	}
+
+	if d.HasChange("advanced_options") {
+		input.AdvancedOptions = stringMapToPointers(d.Get("advanced_options").(map[string]interface{}))
+	}
+
+	if d.HasChange("ebs_options") {
+		options := d.Get("ebs_options").([]interface{})
+
+		if len(options) > 1 {
+			return fmt.Errorf("Only a single ebs_options block is expected")
+		} else if len(options) == 1 {
+			s := options[0].(map[string]interface{})
+			input.EBSOptions = expandESEBSOptions(s)
+		}
+	}
+
+	if d.HasChange("cluster_config") {
+		config := d.Get("cluster_config").([]interface{})
+
+		if len(config) > 1 {
+			return fmt.Errorf("Only a single cluster_config block is expected")
+		} else if len(config) == 1 {
+			m := config[0].(map[string]interface{})
+			input.ElasticsearchClusterConfig = expandESClusterConfig(m)
+		}
+	}
+
+	if d.HasChange("snapshot_options") {
+		options := d.Get("snapshot_options").([]interface{})
+
+		if len(options) > 1 {
+			return fmt.Errorf("Only a single snapshot_options block is expected")
+		} else if len(options) == 1 {
+			o := options[0].(map[string]interface{})
+
+			snapshotOptions := elasticsearch.SnapshotOptions{
+				AutomatedSnapshotStartHour: aws.Int64(int64(o["automated_snapshot_start_hour"].(int))),
+			}
+
+			input.SnapshotOptions = &snapshotOptions
+		}
+	}
+
+	_, err := conn.UpdateElasticsearchDomainConfig(&input)
+	if err != nil {
+		return err
+	}
+
+	err = resource.Retry(25*time.Minute, func() error {
+		out, err := conn.DescribeElasticsearchDomain(&elasticsearch.DescribeElasticsearchDomainInput{
+			DomainName: aws.String(d.Get("domain_name").(string)),
+		})
+		if err != nil {
+			return resource.RetryError{Err: err}
+		}
+
+		if *out.DomainStatus.Processing == false {
+			return nil
+		}
+
+		return fmt.Errorf("%q: Timeout while waiting for changes to be processed", d.Id())
+	})
+	if err != nil {
+		return err
+	}
+
+	return resourceAwsElasticSearchDomainRead(d, meta)
+}
+
+func resourceAwsElasticSearchDomainDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).esconn
+
+	log.Printf("[DEBUG] Deleting ElasticSearch domain: %q", d.Get("domain_name").(string))
+	_, err := conn.DeleteElasticsearchDomain(&elasticsearch.DeleteElasticsearchDomainInput{
+		DomainName: aws.String(d.Get("domain_name").(string)),
+	})
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Waiting for ElasticSearch domain %q to be deleted", d.Get("domain_name").(string))
+	err = resource.Retry(15*time.Minute, func() error {
+		out, err := conn.DescribeElasticsearchDomain(&elasticsearch.DescribeElasticsearchDomainInput{
+			DomainName: aws.String(d.Get("domain_name").(string)),
+		})
+
+		if err != nil {
+			awsErr, ok := err.(awserr.Error)
+			if !ok {
+				return resource.RetryError{Err: err}
+			}
+
+			if awsErr.Code() == "ResourceNotFoundException" {
+				return nil
+			}
+
+			return resource.RetryError{Err: awsErr}
+		}
+
+		if !*out.DomainStatus.Processing {
+			return nil
+		}
+
+		return fmt.Errorf("%q: Timeout while waiting for the domain to be deleted", d.Id())
+	})
+
+	d.SetId("")
+
+	return err
+}
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index dc7b6d89b7..b738027f85 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -12,6 +12,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ecs"
 	"github.com/aws/aws-sdk-go/service/elasticache"
+	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
 	"github.com/aws/aws-sdk-go/service/elb"
 	"github.com/aws/aws-sdk-go/service/rds"
 	"github.com/aws/aws-sdk-go/service/route53"
@@ -479,3 +480,113 @@ func validateRdsId(v interface{}, k string) (ws []string, errors []error) {
 	}
 	return
 }
+
+func expandESClusterConfig(m map[string]interface{}) *elasticsearch.ElasticsearchClusterConfig {
+	config := elasticsearch.ElasticsearchClusterConfig{}
+
+	if v, ok := m["dedicated_master_enabled"]; ok {
+		isEnabled := v.(bool)
+		config.DedicatedMasterEnabled = aws.Bool(isEnabled)
+
+		if isEnabled {
+			if v, ok := m["dedicated_master_count"]; ok && v.(int) > 0 {
+				config.DedicatedMasterCount = aws.Int64(int64(v.(int)))
+			}
+			if v, ok := m["dedicated_master_type"]; ok && v.(string) != "" {
+				config.DedicatedMasterType = aws.String(v.(string))
+			}
+		}
+	}
+
+	if v, ok := m["instance_count"]; ok {
+		config.InstanceCount = aws.Int64(int64(v.(int)))
+	}
+	if v, ok := m["instance_type"]; ok {
+		config.InstanceType = aws.String(v.(string))
+	}
+
+	if v, ok := m["zone_awareness_enabled"]; ok {
+		config.ZoneAwarenessEnabled = aws.Bool(v.(bool))
+	}
+
+	return &config
+}
+
+func flattenESClusterConfig(c *elasticsearch.ElasticsearchClusterConfig) []map[string]interface{} {
+	m := map[string]interface{}{}
+
+	if c.DedicatedMasterCount != nil {
+		m["dedicated_master_count"] = *c.DedicatedMasterCount
+	}
+	if c.DedicatedMasterEnabled != nil {
+		m["dedicated_master_enabled"] = *c.DedicatedMasterEnabled
+	}
+	if c.DedicatedMasterType != nil {
+		m["dedicated_master_type"] = *c.DedicatedMasterType
+	}
+	if c.InstanceCount != nil {
+		m["instance_count"] = *c.InstanceCount
+	}
+	if c.InstanceType != nil {
+		m["instance_type"] = *c.InstanceType
+	}
+	if c.ZoneAwarenessEnabled != nil {
+		m["zone_awareness_enabled"] = *c.ZoneAwarenessEnabled
+	}
+
+	return []map[string]interface{}{m}
+}
+
+func flattenESEBSOptions(o *elasticsearch.EBSOptions) []map[string]interface{} {
+	m := map[string]interface{}{}
+
+	if o.EBSEnabled != nil {
+		m["ebs_enabled"] = *o.EBSEnabled
+	}
+	if o.Iops != nil {
+		m["iops"] = *o.Iops
+	}
+	if o.VolumeSize != nil {
+		m["volume_size"] = *o.VolumeSize
+	}
+	if o.VolumeType != nil {
+		m["volume_type"] = *o.VolumeType
+	}
+
+	return []map[string]interface{}{m}
+}
+
+func expandESEBSOptions(m map[string]interface{}) *elasticsearch.EBSOptions {
+	options := elasticsearch.EBSOptions{}
+
+	if v, ok := m["ebs_enabled"]; ok {
+		options.EBSEnabled = aws.Bool(v.(bool))
+	}
+	if v, ok := m["iops"]; ok && v.(int) > 0 {
+		options.Iops = aws.Int64(int64(v.(int)))
+	}
+	if v, ok := m["volume_size"]; ok && v.(int) > 0 {
+		options.VolumeSize = aws.Int64(int64(v.(int)))
+	}
+	if v, ok := m["volume_type"]; ok && v.(string) != "" {
+		options.VolumeType = aws.String(v.(string))
+	}
+
+	return &options
+}
+
+func pointersMapToStringList(pointers map[string]*string) map[string]interface{} {
+	list := make(map[string]interface{}, len(pointers))
+	for i, v := range pointers {
+		list[i] = *v
+	}
+	return list
+}
+
+func stringMapToPointers(m map[string]interface{}) map[string]*string {
+	list := make(map[string]*string, len(m))
+	for i, v := range m {
+		list[i] = aws.String(v.(string))
+	}
+	return list
+}

From c221da9aeb8d541e941a68fdc0400b8f88ecefaf Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Thu, 1 Oct 2015 15:13:12 -0700
Subject: [PATCH 139/335] provider/aws: Add acceptance test for
 aws_elasticsearch_domain

---
 .../resource_aws_elasticsearch_domain_test.go | 122 ++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_elasticsearch_domain_test.go

diff --git a/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go b/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go
new file mode 100644
index 0000000000..dee675d0d0
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_elasticsearch_domain_test.go
@@ -0,0 +1,122 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSElasticSearchDomain_basic(t *testing.T) {
+	var domain elasticsearch.ElasticsearchDomainStatus
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckESDomainDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccESDomainConfig_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSElasticSearchDomain_complex(t *testing.T) {
+	var domain elasticsearch.ElasticsearchDomainStatus
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckESDomainDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccESDomainConfig_complex,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckESDomainExists(n string, domain *elasticsearch.ElasticsearchDomainStatus) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ES Domain ID is set")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).esconn
+		opts := &elasticsearch.DescribeElasticsearchDomainInput{
+			DomainName: aws.String(rs.Primary.Attributes["domain_name"]),
+		}
+
+		resp, err := conn.DescribeElasticsearchDomain(opts)
+		if err != nil {
+			return fmt.Errorf("Error describing domain: %s", err.Error())
+		}
+
+		*domain = *resp.DomainStatus
+
+		return nil
+	}
+}
+
+func testAccCheckESDomainDestroy(s *terraform.State) error {
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_elasticsearch_domain" {
+			continue
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).esconn
+		opts := &elasticsearch.DescribeElasticsearchDomainInput{
+			DomainName: aws.String(rs.Primary.Attributes["domain_name"]),
+		}
+
+		_, err := conn.DescribeElasticsearchDomain(opts)
+		if err != nil {
+			return fmt.Errorf("Error describing ES domains: %q", err.Error())
+		}
+	}
+	return nil
+}
+
+const testAccESDomainConfig_basic = `
+resource "aws_elasticsearch_domain" "example" {
+	domain_name = "tf-test-1"
+}
+`
+
+const testAccESDomainConfig_complex = `
+resource "aws_elasticsearch_domain" "example" {
+	domain_name = "tf-test-2"
+
+	advanced_options {
+		"indices.fielddata.cache.size" = 80
+	}
+
+	ebs_options {
+		ebs_enabled = false
+	}
+
+	cluster_config {
+		instance_count = 2
+		zone_awareness_enabled = true
+	}
+
+	snapshot_options {
+		automated_snapshot_start_hour = 23
+	}
+}
+`

From e65ef8f13ff2289de85ee34b1def591f416817ef Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Thu, 1 Oct 2015 15:13:32 -0700
Subject: [PATCH 140/335] provider/aws: Add docs for aws_elasticsearch_domain

---
 .../aws/r/elasticsearch_domain.html.markdown  | 83 +++++++++++++++++++
 website/source/layouts/aws.erb                | 12 +++
 2 files changed, 95 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown

diff --git a/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown b/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown
new file mode 100644
index 0000000000..9dbacffcd6
--- /dev/null
+++ b/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown
@@ -0,0 +1,83 @@
+---
+layout: "aws"
+page_title: "AWS: aws_elasticsearch_domain"
+sidebar_current: "docs-aws-elasticsearch-domain"
+description: |-
+  Provides an ElasticSearch Domain.
+---
+
+# aws\_elasticsearch\_domain
+
+
+## Example Usage
+
+```
+resource "aws_elasticsearch_domain" "es" {
+	domain_name = "tf-test"
+	advanced_options {
+		"rest.action.multi.allow_explicit_index" = true
+	}
+
+	access_policies = <<CONFIG
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Action": "es:*",
+			"Principal": "*",
+			"Effect": "Allow",
+			"Condition": {
+				"IpAddress": {"aws:SourceIp": ["66.193.100.22/32"]}
+			}
+		}
+	]
+}
+CONFIG
+
+	snapshot_options {
+		automated_snapshot_start_hour = 23
+	}
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `domain_name` - (Required) Name of the domain.
+* `access_policies` - (Optional) IAM policy document specifying the access policies for the domain
+* `advanced_options` - (Optional) Key-value string pairs to specify advanced configuration options.
+* `ebs_options` - (Optional) EBS related options, see below.
+* `cluster_config` - (Optional) Cluster configuration of the domain, see below.
+* `snapshot_options` - (Optional) Snapshot related options, see below.
+
+**ebs_options** supports the following attributes:
+
+* `ebs_enabled` - (Required) Whether EBS volumes are attached to data nodes in the domain
+* `volume_type` - (Optional) The type of EBS volumes attached to data nodes.
+* `volume_size` - (Optional) The size of EBS volumes attached to data nodes.
+* `iops` - (Optional) The baseline input/output (I/O) performance of EBS volumes
+	attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.
+
+**cluster_config** supports the following attributes:
+
+* `instance_type` - (Optional) Instance type of data nodes in the cluster.
+* `instance_count` - (Optional) Number of instances in the cluster.
+* `dedicated_master_enabled` - (Optional) Indicates whether dedicated master nodes are enabled for the cluster.
+* `dedicated_master_type` - (Optional) Instance type of the dedicated master nodes in the cluster.
+* `dedicated_master_count` - (Optional) Number of dedicated master nodes in the cluster
+* `zone_awarness_enabled` - (Optional) Indicates whether zone awareness is enabled.
+
+**snapshot_options** supports the following attribute:
+
+* `automated_snapshot_start_hour` - (Required) Hour during which the service takes an automated daily
+	snapshot of the indices in the domain.
+
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `arn` - Amazon Resource Name (ARN) of the domain.
+* `domain_id` - Unique identifier for the domain.
+* `endpoint` - Domain-specific endpoint used to submit index, search, and data upload requests.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 33a0cf8b12..0c33d54ab1 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -172,6 +172,18 @@
                 </li>
 
 
+                <li<%= sidebar_current(/^docs-aws-resource-elasticsearch/) %>>
+                    <a href="#">ElasticSearch Resources</a>
+                    <ul class="nav nav-visible">
+
+                        <li<%= sidebar_current("docs-aws-resource-elasticsearch-domain") %>>
+                            <a href="/docs/providers/aws/r/elasticsearch_domain.html">aws_elasticsearch_domain</a>
+                        </li>
+
+                    </ul>
+                </li>
+
+
                 <li<%= sidebar_current(/^docs-aws-resource-iam/) %>>
                     <a href="#">IAM Resources</a>
                     <ul class="nav nav-visible">

From db22852a4f9c78d6d9c47fc0fc29b3d45c511598 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 7 Oct 2015 17:20:33 -0700
Subject: [PATCH 141/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b8a190451..41ea81b0e8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@ IMPROVEMENTS:
   * provider/aws: read `iam_instance_profile` for `aws_instance` and save to state [GH-3167]
   * provider/aws: Add `versioning` option to `aws_s3_bucket` [GH-2942]
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
+  * provider/aws: Add validation for `app_cookie_stickiness_policy.name` [GH-3277]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From e7f3675fd543d0cfbcaff003b54ea381ee0b6829 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 7 Oct 2015 17:44:44 -0700
Subject: [PATCH 142/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 41ea81b0e8..6dcc3db10d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@ IMPROVEMENTS:
   * provider/aws: Add `versioning` option to `aws_s3_bucket` [GH-2942]
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/aws: Add validation for `app_cookie_stickiness_policy.name` [GH-3277]
+  * provider/aws: Add validation for `db_parameter_group.name` [GH-3279]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From 7610874264b0c39c119c52d6d1821677ad6bd4f1 Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Tue, 15 Sep 2015 09:34:57 +0200
Subject: [PATCH 143/335] Initial implementation of compact() interpolation
 function

---
 config/interpolate_funcs.go | 17 +++++++++++++++++
 config/string_list.go       | 13 +++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index abaa9817c1..67523ddb2b 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -30,6 +30,7 @@ func init() {
 		"length":       interpolationFuncLength(),
 		"replace":      interpolationFuncReplace(),
 		"split":        interpolationFuncSplit(),
+		"compact":    interpolationFuncCompact(),
 		"base64encode": interpolationFuncBase64Encode(),
 		"base64decode": interpolationFuncBase64Decode(),
 	}
@@ -279,6 +280,22 @@ func interpolationFuncSplit() ast.Function {
 	}
 }
 
+// interpolationFuncCompact strips a list of values (e.g. as returned by
+// "split") of any empty strings
+func interpolationFuncCompact() ast.Function {
+	return ast.Function{
+		ArgTypes:   []ast.Type{ast.TypeString},
+		ReturnType: ast.TypeString,
+		Variadic:   false,
+		Callback: func(args []interface{}) (interface{}, error) {
+			if !IsStringList(args[0].(string)) {
+				return args[0].(string), nil
+			}
+			return CompactStringList(StringList(args[0].(string))).String(), nil
+		},
+	}
+}
+
 // interpolationFuncLookup implements the "lookup" function that allows
 // dynamic lookups of map types within a Terraform configuration.
 func interpolationFuncLookup(vs map[string]ast.Variable) ast.Function {
diff --git a/config/string_list.go b/config/string_list.go
index 70d43d1e4b..d4d1850d05 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -74,3 +74,16 @@ func (sl StringList) String() string {
 func IsStringList(s string) bool {
 	return strings.Contains(s, stringListDelim)
 }
+
+func CompactStringList(sl StringList) StringList {
+	parts := sl.Slice()
+
+	var newlist []string
+	// drop the empty strings
+	for i := range parts {
+		if parts[i] != "" {
+			newlist = append(newlist,  parts[i])
+		}
+	}
+	return NewStringList(newlist)
+}

From 735803ef0995833bfd042d9c7c5832aa37cdcf18 Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Tue, 15 Sep 2015 15:50:31 +0200
Subject: [PATCH 144/335] Test cases for compact()

---
 config/interpolate_funcs_test.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index e4d275e580..e3564aee1e 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -11,6 +11,34 @@ import (
 	"github.com/hashicorp/terraform/config/lang/ast"
 )
 
+
+func TestInterpolateFuncCompact(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			// empty string within array
+			{
+				`${compact(split(",", "b,,c"))}`,
+				NewStringList([]string{"b", "c"}).String(),
+				false,
+			},
+
+			// empty string at the end of array
+			{
+				`${compact(split(",", "b,c,"))}`,
+				NewStringList([]string{"b", "c"}).String(),
+				false,
+			},
+
+			// single empty string
+			{
+				`${compact(split(",", ""))}`,
+				NewStringList([]string{}).String(),
+				false,
+			},
+		},
+	})
+}
+
 func TestInterpolateFuncDeprecatedConcat(t *testing.T) {
 	testFunction(t, testFunctionConfig{
 		Cases: []testFunctionCase{

From ef2b0a0b71f5e1c26acb1efdc3ae9098c5c6b48b Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Wed, 16 Sep 2015 11:08:58 +0200
Subject: [PATCH 145/335] Order functions alphabetically

---
 config/interpolate_funcs.go | 52 ++++++++++++++++++-------------------
 config/string_list.go       | 27 +++++++++----------
 2 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index 67523ddb2b..7cd7f74768 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -20,22 +20,38 @@ var Funcs map[string]ast.Function
 
 func init() {
 	Funcs = map[string]ast.Function{
-		"concat":       interpolationFuncConcat(),
-		"element":      interpolationFuncElement(),
-		"file":         interpolationFuncFile(),
-		"format":       interpolationFuncFormat(),
-		"formatlist":   interpolationFuncFormatList(),
-		"index":        interpolationFuncIndex(),
-		"join":         interpolationFuncJoin(),
-		"length":       interpolationFuncLength(),
-		"replace":      interpolationFuncReplace(),
-		"split":        interpolationFuncSplit(),
 		"compact":    interpolationFuncCompact(),
+		"concat":     interpolationFuncConcat(),
+		"element":    interpolationFuncElement(),
+		"file":       interpolationFuncFile(),
+		"format":     interpolationFuncFormat(),
+		"formatlist": interpolationFuncFormatList(),
+		"index":      interpolationFuncIndex(),
+		"join":       interpolationFuncJoin(),
+		"length":     interpolationFuncLength(),
+		"replace":    interpolationFuncReplace(),
+		"split":      interpolationFuncSplit(),
 		"base64encode": interpolationFuncBase64Encode(),
 		"base64decode": interpolationFuncBase64Decode(),
 	}
 }
 
+// interpolationFuncCompact strips a list of multi-variable values
+// (e.g. as returned by "split") of any empty strings.
+func interpolationFuncCompact() ast.Function {
+	return ast.Function{
+		ArgTypes:   []ast.Type{ast.TypeString},
+		ReturnType: ast.TypeString,
+		Variadic:   false,
+		Callback: func(args []interface{}) (interface{}, error) {
+			if !IsStringList(args[0].(string)) {
+				return args[0].(string), nil
+			}
+			return CompactStringList(StringList(args[0].(string))).String(), nil
+		},
+	}
+}
+
 // interpolationFuncConcat implements the "concat" function that
 // concatenates multiple strings. This isn't actually necessary anymore
 // since our language supports string concat natively, but for backwards
@@ -280,22 +296,6 @@ func interpolationFuncSplit() ast.Function {
 	}
 }
 
-// interpolationFuncCompact strips a list of values (e.g. as returned by
-// "split") of any empty strings
-func interpolationFuncCompact() ast.Function {
-	return ast.Function{
-		ArgTypes:   []ast.Type{ast.TypeString},
-		ReturnType: ast.TypeString,
-		Variadic:   false,
-		Callback: func(args []interface{}) (interface{}, error) {
-			if !IsStringList(args[0].(string)) {
-				return args[0].(string), nil
-			}
-			return CompactStringList(StringList(args[0].(string))).String(), nil
-		},
-	}
-}
-
 // interpolationFuncLookup implements the "lookup" function that allows
 // dynamic lookups of map types within a Terraform configuration.
 func interpolationFuncLookup(vs map[string]ast.Variable) ast.Function {
diff --git a/config/string_list.go b/config/string_list.go
index d4d1850d05..d68fadfd0d 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -24,6 +24,20 @@ type StringList string
 // ["", ""]       => SLDSLDSLD
 const stringListDelim = `B780FFEC-B661-4EB8-9236-A01737AD98B6`
 
+// Takes a Stringlist and returns one without empty strings in it
+func (sl StringList) CompactStringList() StringList {
+	parts := sl.Slice()
+
+	var newlist []string
+	// drop the empty strings
+	for i := range parts {
+		if parts[i] != "" {
+			newlist = append(newlist,  parts[i])
+		}
+	}
+	return NewStringList(newlist)
+}
+
 // Build a StringList from a slice
 func NewStringList(parts []string) StringList {
 	// We have to special case the empty list representation
@@ -74,16 +88,3 @@ func (sl StringList) String() string {
 func IsStringList(s string) bool {
 	return strings.Contains(s, stringListDelim)
 }
-
-func CompactStringList(sl StringList) StringList {
-	parts := sl.Slice()
-
-	var newlist []string
-	// drop the empty strings
-	for i := range parts {
-		if parts[i] != "" {
-			newlist = append(newlist,  parts[i])
-		}
-	}
-	return NewStringList(newlist)
-}

From 95b2a60b29dabf13830b727d46df6dd2c09bafc8 Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Wed, 16 Sep 2015 11:09:34 +0200
Subject: [PATCH 146/335] Use {a,b} instead of {b,c}

How does the alphabet even?
---
 config/interpolate_funcs_test.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index e3564aee1e..8a33169a67 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -17,15 +17,15 @@ func TestInterpolateFuncCompact(t *testing.T) {
 		Cases: []testFunctionCase{
 			// empty string within array
 			{
-				`${compact(split(",", "b,,c"))}`,
-				NewStringList([]string{"b", "c"}).String(),
+				`${compact(split(",", "a,,b"))}`,
+				NewStringList([]string{"a", "b"}).String(),
 				false,
 			},
 
 			// empty string at the end of array
 			{
-				`${compact(split(",", "b,c,"))}`,
-				NewStringList([]string{"b", "c"}).String(),
+				`${compact(split(",", "a,b,"))}`,
+				NewStringList([]string{"a", "b"}).String(),
 				false,
 			},
 

From aed3f98703335bbfe2e17a17757a54765ac9ce6d Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Wed, 16 Sep 2015 11:23:43 +0200
Subject: [PATCH 147/335] Rename func which is now a method.

---
 config/interpolate_funcs.go | 2 +-
 config/string_list.go       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index 7cd7f74768..992171914a 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -47,7 +47,7 @@ func interpolationFuncCompact() ast.Function {
 			if !IsStringList(args[0].(string)) {
 				return args[0].(string), nil
 			}
-			return CompactStringList(StringList(args[0].(string))).String(), nil
+			return StringList(args[0].(string)).Compact().String(), nil
 		},
 	}
 }
diff --git a/config/string_list.go b/config/string_list.go
index d68fadfd0d..5ed9336abd 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -25,7 +25,7 @@ type StringList string
 const stringListDelim = `B780FFEC-B661-4EB8-9236-A01737AD98B6`
 
 // Takes a Stringlist and returns one without empty strings in it
-func (sl StringList) CompactStringList() StringList {
+func (sl StringList) Compact() StringList {
 	parts := sl.Slice()
 
 	var newlist []string

From cc921b0bc7c4ee6bbd8010d9563f88052e0da8d7 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Thu, 8 Oct 2015 10:03:55 +0200
Subject: [PATCH 148/335] Small refactor for better readability and updated the
 docs

---
 .../cloudstack/resource_cloudstack_vpc.go     | 26 ++++++++++++-------
 .../providers/cloudstack/r/vpc.html.markdown  |  3 ++-
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index c40b4aa759..07502e58e5 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -52,16 +52,16 @@ func resourceCloudStackVPC() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"source_nat_ip": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
 			"zone": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
-
-			"source_nat_ip": &schema.Schema{
-				Type:     schema.TypeString,
-				Computed: true,
-			},
 		},
 	}
 }
@@ -157,19 +157,27 @@ func resourceCloudStackVPCRead(d *schema.ResourceData, meta interface{}) error {
 	setValueOrID(d, "project", v.Project, v.Projectid)
 	setValueOrID(d, "zone", v.Zonename, v.Zoneid)
 
-	// Grab the source NAT IP that CloudStack assigned.
+	// Create a new parameter struct
 	p := cs.Address.NewListPublicIpAddressesParams()
 	p.SetVpcid(d.Id())
 	p.SetIssourcenat(true)
+
 	if _, ok := d.GetOk("project"); ok {
 		p.SetProjectid(v.Projectid)
 	}
 
-	l, e := cs.Address.ListPublicIpAddresses(p)
-	if (e == nil) && (l.Count == 1) {
-		d.Set("source_nat_ip", l.PublicIpAddresses[0].Ipaddress)
+	// Get the source NAT IP assigned to the VPC
+	l, err := cs.Address.ListPublicIpAddresses(p)
+	if err != nil {
+		return err
 	}
 
+	if l.Count != 1 {
+		return fmt.Errorf("Unexpected number (%d) of source NAT IPs returned", l.Count)
+	}
+
+	d.Set("source_nat_ip", l.PublicIpAddresses[0].Ipaddress)
+
 	return nil
 }
 
diff --git a/website/source/docs/providers/cloudstack/r/vpc.html.markdown b/website/source/docs/providers/cloudstack/r/vpc.html.markdown
index d773576316..4610feb0da 100644
--- a/website/source/docs/providers/cloudstack/r/vpc.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/vpc.html.markdown
@@ -39,7 +39,7 @@ The following arguments are supported:
 
 * `project` - (Optional) The name or ID of the project to deploy this
     instance to. Changing this forces a new resource to be created.
-    
+
 * `zone` - (Required) The name or ID of the zone where this disk volume will be
     available. Changing this forces a new resource to be created.
 
@@ -49,3 +49,4 @@ The following attributes are exported:
 
 * `id` - The ID of the VPC.
 * `display_text` - The display text of the VPC.
+* `source_nat_ip` - The source NAT IP assigned to the VPC.

From cc56431b978af010747bbf93d9e32c185f8c9f9a Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 09:39:11 +0100
Subject: [PATCH 149/335] Added a set of tests for the AWS DBParamGroup Name

---
 .../aws/resource_aws_db_parameter_group.go    | 57 ++++++++++---------
 .../resource_aws_db_parameter_group_test.go   | 45 +++++++++++++++
 2 files changed, 75 insertions(+), 27 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_db_parameter_group.go b/builtin/providers/aws/resource_aws_db_parameter_group.go
index 72101ac908..b4f07e43de 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group.go
@@ -25,33 +25,10 @@ func resourceAwsDbParameterGroup() *schema.Resource {
 		Delete: resourceAwsDbParameterGroupDelete,
 		Schema: map[string]*schema.Schema{
 			"name": &schema.Schema{
-				Type:     schema.TypeString,
-				ForceNew: true,
-				Required: true,
-				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
-					value := v.(string)
-					if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"only lowercase alphanumeric characters and hyphens allowed in %q", k))
-					}
-					if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"first character of %q must be a letter", k))
-					}
-					if regexp.MustCompile(`--`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot contain two consecutive hyphens", k))
-					}
-					if regexp.MustCompile(`-$`).MatchString(value) {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot end with a hyphen", k))
-					}
-					if len(value) > 255 {
-						errors = append(errors, fmt.Errorf(
-							"%q cannot be greater than 255 characters", k))
-					}
-					return
-				},
+				Type:         schema.TypeString,
+				ForceNew:     true,
+				Required:     true,
+				ValidateFunc: validateDbParamGroupName,
 			},
 			"family": &schema.Schema{
 				Type:     schema.TypeString,
@@ -252,3 +229,29 @@ func resourceAwsDbParameterHash(v interface{}) int {
 
 	return hashcode.String(buf.String())
 }
+
+func validateDbParamGroupName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"only lowercase alphanumeric characters and hyphens allowed in %q", k))
+	}
+	if !regexp.MustCompile(`^[a-z]`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"first character of %q must be a letter", k))
+	}
+	if regexp.MustCompile(`--`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot contain two consecutive hyphens", k))
+	}
+	if regexp.MustCompile(`-$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot end with a hyphen", k))
+	}
+	if len(value) > 255 {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot be greater than 255 characters", k))
+	}
+	return
+
+}
diff --git a/builtin/providers/aws/resource_aws_db_parameter_group_test.go b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
index 93e74bb748..354c16db94 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
@@ -106,6 +106,51 @@ func TestAccAWSDBParameterGroupOnly(t *testing.T) {
 	})
 }
 
+func TestResourceAWSDBParameterGroupName_uppercaseCharacter(t *testing.T) {
+	var dbParamGroupName = "tEsting123"
+	_, errors := validateDbParamGroupName(dbParamGroupName, "aws_db_parameter_group_name")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	}
+}
+
+func TestResourceAWSDBParameterGroupName_specialCharacters(t *testing.T) {
+	var dbParamGroupName = "testing123!"
+	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	}
+}
+
+func TestResourceAWSDBParameterGroupName_firstCharacterNumber(t *testing.T) {
+	var dbParamGroupName = "1testing123"
+	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	}
+}
+
+func TestResourceAWSDBParameterGroupName_doubleHyphen(t *testing.T) {
+	var dbParamGroupName = "testing--123"
+	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	}
+}
+
+func TestResourceAWSDBParameterGroupName_trailingHyphen(t *testing.T) {
+	var dbParamGroupName = "testing123-"
+	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	}
+}
+
 func testAccCheckAWSDBParameterGroupDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).rdsconn
 

From 4cf9c64de0c0b0c6b7a78153d81318da6a0a3674 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 09:47:50 +0100
Subject: [PATCH 150/335] Gofmt change for resource docker_image test

---
 builtin/providers/docker/resource_docker_image_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/docker/resource_docker_image_test.go b/builtin/providers/docker/resource_docker_image_test.go
index 844b56329e..0f0f0707ad 100644
--- a/builtin/providers/docker/resource_docker_image_test.go
+++ b/builtin/providers/docker/resource_docker_image_test.go
@@ -1,8 +1,9 @@
 package docker
 
 import (
-	"github.com/hashicorp/terraform/helper/resource"
 	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
 )
 
 func TestAccDockerImage_basic(t *testing.T) {

From 97188d65834ab38a7b8d63daa05bbff33a8de453 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 10:05:50 +0100
Subject: [PATCH 151/335] Adding a RandomString generator to test for
 db_param_group_name being too long

---
 .../resource_aws_db_parameter_group_test.go   | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_db_parameter_group_test.go b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
index 354c16db94..2df4ce3c43 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
@@ -2,7 +2,9 @@ package aws
 
 import (
 	"fmt"
+	"math/rand"
 	"testing"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
@@ -151,6 +153,15 @@ func TestResourceAWSDBParameterGroupName_trailingHyphen(t *testing.T) {
 	}
 }
 
+func TestResourceAWSDBParameterGroupName_tooManyCharacters(t *testing.T) {
+	dbParamGroupName := RandomString(256)
+	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
+
+	if len(errors) != 1 {
+		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	}
+}
+
 func testAccCheckAWSDBParameterGroupDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).rdsconn
 
@@ -238,6 +249,16 @@ func testAccCheckAWSDBParameterGroupExists(n string, v *rds.DBParameterGroup) re
 	}
 }
 
+func RandomString(strlen int) string {
+	rand.Seed(time.Now().UTC().UnixNano())
+	const chars = "abcdefghijklmnopqrstuvwxyz0123456789"
+	result := make([]byte, strlen)
+	for i := 0; i < strlen; i++ {
+		result[i] = chars[rand.Intn(len(chars))]
+	}
+	return string(result)
+}
+
 const testAccAWSDBParameterGroupConfig = `
 resource "aws_db_parameter_group" "bar" {
 	name = "parameter-group-test-terraform"

From bd78dfd8859125fb8c3f98fec3c394ed1a11a0f8 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 12:15:59 +0100
Subject: [PATCH 152/335] Refactoring the multiple tests into a simple test
 case with multiple inputs as per feedback

---
 .../resource_aws_db_parameter_group_test.go   | 85 ++++++++-----------
 1 file changed, 35 insertions(+), 50 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_db_parameter_group_test.go b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
index 2df4ce3c43..8a49eb0319 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
@@ -108,57 +108,42 @@ func TestAccAWSDBParameterGroupOnly(t *testing.T) {
 	})
 }
 
-func TestResourceAWSDBParameterGroupName_uppercaseCharacter(t *testing.T) {
-	var dbParamGroupName = "tEsting123"
-	_, errors := validateDbParamGroupName(dbParamGroupName, "aws_db_parameter_group_name")
-
-	if len(errors) != 1 {
-		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+func TestResourceAWSDBParameterGroupName_validation(t *testing.T) {
+	cases := []struct {
+		Value    string
+		ErrCount int
+	}{
+		{
+			Value:    "tEsting123",
+			ErrCount: 1,
+		},
+		{
+			Value:    "testing123!",
+			ErrCount: 1,
+		},
+		{
+			Value:    "1testing123",
+			ErrCount: 1,
+		},
+		{
+			Value:    "testing--123",
+			ErrCount: 1,
+		},
+		{
+			Value:    "testing123-",
+			ErrCount: 1,
+		},
+		{
+			Value:    randomString(256),
+			ErrCount: 1,
+		},
 	}
-}
 
-func TestResourceAWSDBParameterGroupName_specialCharacters(t *testing.T) {
-	var dbParamGroupName = "testing123!"
-	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
-
-	if len(errors) != 1 {
-		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
-	}
-}
-
-func TestResourceAWSDBParameterGroupName_firstCharacterNumber(t *testing.T) {
-	var dbParamGroupName = "1testing123"
-	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
-
-	if len(errors) != 1 {
-		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
-	}
-}
-
-func TestResourceAWSDBParameterGroupName_doubleHyphen(t *testing.T) {
-	var dbParamGroupName = "testing--123"
-	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
-
-	if len(errors) != 1 {
-		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
-	}
-}
-
-func TestResourceAWSDBParameterGroupName_trailingHyphen(t *testing.T) {
-	var dbParamGroupName = "testing123-"
-	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
-
-	if len(errors) != 1 {
-		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
-	}
-}
-
-func TestResourceAWSDBParameterGroupName_tooManyCharacters(t *testing.T) {
-	dbParamGroupName := RandomString(256)
-	_, errors := validateDbParamGroupName(dbParamGroupName, "SampleKey")
-
-	if len(errors) != 1 {
-		t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+	for _, tc := range cases {
+		_, errors := validateDbParamGroupName(tc.Value, "aws_db_parameter_group_name")
+		if len(errors) != tc.ErrCount {
+			t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
+		}
 	}
 }
 
@@ -249,7 +234,7 @@ func testAccCheckAWSDBParameterGroupExists(n string, v *rds.DBParameterGroup) re
 	}
 }
 
-func RandomString(strlen int) string {
+func randomString(strlen int) string {
 	rand.Seed(time.Now().UTC().UnixNano())
 	const chars = "abcdefghijklmnopqrstuvwxyz0123456789"
 	result := make([]byte, strlen)

From 29630547f466e6deec271c729626c8f8129275f2 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 12:41:07 +0100
Subject: [PATCH 153/335] Fixing the broken build in the aws_db_parameter_group
 tests

---
 builtin/providers/aws/resource_aws_db_parameter_group_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/builtin/providers/aws/resource_aws_db_parameter_group_test.go b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
index 8a49eb0319..397f209013 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
@@ -141,6 +141,7 @@ func TestResourceAWSDBParameterGroupName_validation(t *testing.T) {
 
 	for _, tc := range cases {
 		_, errors := validateDbParamGroupName(tc.Value, "aws_db_parameter_group_name")
+
 		if len(errors) != tc.ErrCount {
 			t.Fatalf("Expected the DB Parameter Group Name to trigger a validation error")
 		}

From 6ac07e970aa060819d44f604921e18135018ed37 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 12:50:17 +0100
Subject: [PATCH 154/335] Removing the numbers from the dbParamGroup name
 random string. There is an edge case that this could actually trigger a
 failure due to not allowing to start with a number

---
 builtin/providers/aws/resource_aws_db_parameter_group_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_db_parameter_group_test.go b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
index 397f209013..d0042df232 100644
--- a/builtin/providers/aws/resource_aws_db_parameter_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_parameter_group_test.go
@@ -237,7 +237,7 @@ func testAccCheckAWSDBParameterGroupExists(n string, v *rds.DBParameterGroup) re
 
 func randomString(strlen int) string {
 	rand.Seed(time.Now().UTC().UnixNano())
-	const chars = "abcdefghijklmnopqrstuvwxyz0123456789"
+	const chars = "abcdefghijklmnopqrstuvwxyz"
 	result := make([]byte, strlen)
 	for i := 0; i < strlen; i++ {
 		result[i] = chars[rand.Intn(len(chars))]

From e4845f75cc539c0b8ae7c89a016913dcbaf4459c Mon Sep 17 00:00:00 2001
From: Panagiotis Moustafellos <pmoust@gmail.com>
Date: Thu, 8 Oct 2015 15:48:04 +0300
Subject: [PATCH 155/335] removed extra parentheses

---
 builtin/providers/aws/conversions.go          |  2 +-
 builtin/providers/aws/network_acl_entry.go    |  2 +-
 builtin/providers/aws/resource_aws_ami.go     | 26 +++++++++----------
 .../aws/resource_aws_dynamodb_table.go        | 24 ++++++++---------
 .../aws/resource_aws_dynamodb_table_test.go   |  2 +-
 builtin/providers/aws/resource_aws_eip.go     |  2 +-
 .../providers/aws/resource_aws_elb_test.go    |  2 +-
 ...resource_aws_iam_policy_attachment_test.go |  2 +-
 .../providers/aws/resource_aws_instance.go    |  6 ++---
 .../resource_cloudstack_ipaddress.go          |  2 +-
 .../docker/resource_docker_container_funcs.go |  2 +-
 .../google/resource_compute_instance_test.go  |  2 +-
 .../resource_openstack_compute_secgroup_v2.go |  2 +-
 .../resource_openstack_lb_pool_v1.go          |  2 +-
 command/flag_kv_test.go                       |  4 +--
 communicator/winrm/provisioner.go             |  2 +-
 config/append_test.go                         |  2 +-
 config/interpolate_funcs_test.go              |  2 +-
 config/interpolate_test.go                    |  2 +-
 config/lang/check_identifier_test.go          |  2 +-
 config/lang/check_types_test.go               |  4 +--
 config/lang/eval_test.go                      |  2 +-
 config/lang/parse_test.go                     |  2 +-
 config/loader.go                              |  2 +-
 config/merge_test.go                          |  2 +-
 config/module/detect_file_test.go             |  2 +-
 config/module/detect_test.go                  |  2 +-
 helper/schema/field_reader_config_test.go     |  6 ++---
 helper/schema/field_reader_diff_test.go       |  2 +-
 helper/schema/field_reader_map_test.go        |  2 +-
 helper/schema/field_reader_test.go            |  2 +-
 helper/schema/field_writer_map_test.go        |  2 +-
 helper/schema/provider_test.go                |  6 ++---
 helper/schema/resource.go                     |  2 +-
 helper/schema/resource_data_test.go           |  2 +-
 helper/schema/resource_test.go                |  4 +--
 helper/schema/schema.go                       |  2 +-
 helper/schema/schema_test.go                  |  8 +++---
 terraform/eval_apply.go                       |  2 +-
 terraform/graph_builder.go                    |  2 +-
 terraform/graph_config_node_resource.go       |  2 +-
 terraform/graph_dot_test.go                   |  6 ++---
 terraform/resource_address.go                 | 20 +++++++-------
 43 files changed, 89 insertions(+), 89 deletions(-)

diff --git a/builtin/providers/aws/conversions.go b/builtin/providers/aws/conversions.go
index 5c0caca70b..1b69cee063 100644
--- a/builtin/providers/aws/conversions.go
+++ b/builtin/providers/aws/conversions.go
@@ -26,7 +26,7 @@ func unwrapAwsStringList(in []*string) []string {
 	ret := make([]string, len(in), len(in))
 	for i := 0; i < len(in); i++ {
 		if in[i] != nil {
-			ret[i] = *(in[i])
+			ret[i] = *in[i]
 		}
 	}
 	return ret
diff --git a/builtin/providers/aws/network_acl_entry.go b/builtin/providers/aws/network_acl_entry.go
index 299c9f8c5b..22b909bceb 100644
--- a/builtin/providers/aws/network_acl_entry.go
+++ b/builtin/providers/aws/network_acl_entry.go
@@ -29,7 +29,7 @@ func expandNetworkAclEntries(configured []interface{}, entryType string) ([]*ec2
 				From: aws.Int64(int64(data["from_port"].(int))),
 				To:   aws.Int64(int64(data["to_port"].(int))),
 			},
-			Egress:     aws.Bool((entryType == "egress")),
+			Egress:     aws.Bool(entryType == "egress"),
 			RuleAction: aws.String(data["action"].(string)),
 			RuleNumber: aws.Int64(int64(data["rule_no"].(int))),
 			CidrBlock:  aws.String(data["cidr_block"].(string)),
diff --git a/builtin/providers/aws/resource_aws_ami.go b/builtin/providers/aws/resource_aws_ami.go
index ec3ce73b97..621881036e 100644
--- a/builtin/providers/aws/resource_aws_ami.go
+++ b/builtin/providers/aws/resource_aws_ami.go
@@ -130,7 +130,7 @@ func resourceAwsAmiRead(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	image := res.Images[0]
-	state := *(image.State)
+	state := *image.State
 
 	if state == "pending" {
 		// This could happen if a user manually adds an image we didn't create
@@ -142,7 +142,7 @@ func resourceAwsAmiRead(d *schema.ResourceData, meta interface{}) error {
 		if err != nil {
 			return err
 		}
-		state = *(image.State)
+		state = *image.State
 	}
 
 	if state == "deregistered" {
@@ -170,22 +170,22 @@ func resourceAwsAmiRead(d *schema.ResourceData, meta interface{}) error {
 	for _, blockDev := range image.BlockDeviceMappings {
 		if blockDev.Ebs != nil {
 			ebsBlockDev := map[string]interface{}{
-				"device_name":           *(blockDev.DeviceName),
-				"delete_on_termination": *(blockDev.Ebs.DeleteOnTermination),
-				"encrypted":             *(blockDev.Ebs.Encrypted),
+				"device_name":           *blockDev.DeviceName,
+				"delete_on_termination": *blockDev.Ebs.DeleteOnTermination,
+				"encrypted":             *blockDev.Ebs.Encrypted,
 				"iops":                  0,
-				"snapshot_id":           *(blockDev.Ebs.SnapshotId),
-				"volume_size":           int(*(blockDev.Ebs.VolumeSize)),
-				"volume_type":           *(blockDev.Ebs.VolumeType),
+				"snapshot_id":           *blockDev.Ebs.SnapshotId,
+				"volume_size":           int(*blockDev.Ebs.VolumeSize),
+				"volume_type":           *blockDev.Ebs.VolumeType,
 			}
 			if blockDev.Ebs.Iops != nil {
-				ebsBlockDev["iops"] = int(*(blockDev.Ebs.Iops))
+				ebsBlockDev["iops"] = int(*blockDev.Ebs.Iops)
 			}
 			ebsBlockDevs = append(ebsBlockDevs, ebsBlockDev)
 		} else {
 			ephemeralBlockDevs = append(ephemeralBlockDevs, map[string]interface{}{
-				"device_name":  *(blockDev.DeviceName),
-				"virtual_name": *(blockDev.VirtualName),
+				"device_name":  *blockDev.DeviceName,
+				"virtual_name": *blockDev.VirtualName,
 			})
 		}
 	}
@@ -301,7 +301,7 @@ func resourceAwsAmiWaitForAvailable(id string, client *ec2.EC2) (*ec2.Image, err
 			return nil, fmt.Errorf("new AMI vanished while pending")
 		}
 
-		state := *(res.Images[0].State)
+		state := *res.Images[0].State
 
 		if state == "pending" {
 			// Give it a few seconds before we poll again.
@@ -316,7 +316,7 @@ func resourceAwsAmiWaitForAvailable(id string, client *ec2.EC2) (*ec2.Image, err
 
 		// If we're not pending or available then we're in one of the invalid/error
 		// states, so stop polling and bail out.
-		stateReason := *(res.Images[0].StateReason)
+		stateReason := *res.Images[0].StateReason
 		return nil, fmt.Errorf("new AMI became %s while pending: %s", state, stateReason)
 	}
 }
diff --git a/builtin/providers/aws/resource_aws_dynamodb_table.go b/builtin/providers/aws/resource_aws_dynamodb_table.go
index 3336862298..df043ffe08 100644
--- a/builtin/providers/aws/resource_aws_dynamodb_table.go
+++ b/builtin/providers/aws/resource_aws_dynamodb_table.go
@@ -384,7 +384,7 @@ func resourceAwsDynamoDbTableUpdate(d *schema.ResourceData, meta interface{}) er
 				updates = append(updates, update)
 
 				// Hash key is required, range key isn't
-				hashkey_type, err := getAttributeType(d, *(gsi.KeySchema[0].AttributeName))
+				hashkey_type, err := getAttributeType(d, *gsi.KeySchema[0].AttributeName)
 				if err != nil {
 					return err
 				}
@@ -396,7 +396,7 @@ func resourceAwsDynamoDbTableUpdate(d *schema.ResourceData, meta interface{}) er
 
 				// If there's a range key, there will be 2 elements in KeySchema
 				if len(gsi.KeySchema) == 2 {
-					rangekey_type, err := getAttributeType(d, *(gsi.KeySchema[1].AttributeName))
+					rangekey_type, err := getAttributeType(d, *gsi.KeySchema[1].AttributeName)
 					if err != nil {
 						return err
 					}
@@ -480,8 +480,8 @@ func resourceAwsDynamoDbTableUpdate(d *schema.ResourceData, meta interface{}) er
 
 				capacityUpdated := false
 
-				if int64(gsiReadCapacity) != *(gsi.ProvisionedThroughput.ReadCapacityUnits) ||
-					int64(gsiWriteCapacity) != *(gsi.ProvisionedThroughput.WriteCapacityUnits) {
+				if int64(gsiReadCapacity) != *gsi.ProvisionedThroughput.ReadCapacityUnits ||
+					int64(gsiWriteCapacity) != *gsi.ProvisionedThroughput.WriteCapacityUnits {
 					capacityUpdated = true
 				}
 
@@ -544,8 +544,8 @@ func resourceAwsDynamoDbTableRead(d *schema.ResourceData, meta interface{}) erro
 	attributes := []interface{}{}
 	for _, attrdef := range table.AttributeDefinitions {
 		attribute := map[string]string{
-			"name": *(attrdef.AttributeName),
-			"type": *(attrdef.AttributeType),
+			"name": *attrdef.AttributeName,
+			"type": *attrdef.AttributeType,
 		}
 		attributes = append(attributes, attribute)
 		log.Printf("[DEBUG] Added Attribute: %s", attribute["name"])
@@ -556,9 +556,9 @@ func resourceAwsDynamoDbTableRead(d *schema.ResourceData, meta interface{}) erro
 	gsiList := make([]map[string]interface{}, 0, len(table.GlobalSecondaryIndexes))
 	for _, gsiObject := range table.GlobalSecondaryIndexes {
 		gsi := map[string]interface{}{
-			"write_capacity": *(gsiObject.ProvisionedThroughput.WriteCapacityUnits),
-			"read_capacity":  *(gsiObject.ProvisionedThroughput.ReadCapacityUnits),
-			"name":           *(gsiObject.IndexName),
+			"write_capacity": *gsiObject.ProvisionedThroughput.WriteCapacityUnits,
+			"read_capacity":  *gsiObject.ProvisionedThroughput.ReadCapacityUnits,
+			"name":           *gsiObject.IndexName,
 		}
 
 		for _, attribute := range gsiObject.KeySchema {
@@ -571,7 +571,7 @@ func resourceAwsDynamoDbTableRead(d *schema.ResourceData, meta interface{}) erro
 			}
 		}
 
-		gsi["projection_type"] = *(gsiObject.Projection.ProjectionType)
+		gsi["projection_type"] = *gsiObject.Projection.ProjectionType
 		gsi["non_key_attributes"] = gsiObject.Projection.NonKeyAttributes
 
 		gsiList = append(gsiList, gsi)
@@ -647,7 +647,7 @@ func createGSIFromData(data *map[string]interface{}) dynamodb.GlobalSecondaryInd
 
 func getGlobalSecondaryIndex(indexName string, indexList []*dynamodb.GlobalSecondaryIndexDescription) (*dynamodb.GlobalSecondaryIndexDescription, error) {
 	for _, gsi := range indexList {
-		if *(gsi.IndexName) == indexName {
+		if *gsi.IndexName == indexName {
 			return gsi, nil
 		}
 	}
@@ -726,7 +726,7 @@ func waitForTableToBeActive(tableName string, meta interface{}) error {
 			return err
 		}
 
-		activeState = *(result.Table.TableStatus) == "ACTIVE"
+		activeState = *result.Table.TableStatus == "ACTIVE"
 
 		// Wait for a few seconds
 		if !activeState {
diff --git a/builtin/providers/aws/resource_aws_dynamodb_table_test.go b/builtin/providers/aws/resource_aws_dynamodb_table_test.go
index 6c26efc737..adf457f0a6 100644
--- a/builtin/providers/aws/resource_aws_dynamodb_table_test.go
+++ b/builtin/providers/aws/resource_aws_dynamodb_table_test.go
@@ -211,7 +211,7 @@ func dynamoDbAttributesToMap(attributes *[]*dynamodb.AttributeDefinition) map[st
 	attrmap := make(map[string]string)
 
 	for _, attrdef := range *attributes {
-		attrmap[*(attrdef.AttributeName)] = *(attrdef.AttributeType)
+		attrmap[*attrdef.AttributeName] = *attrdef.AttributeType
 	}
 
 	return attrmap
diff --git a/builtin/providers/aws/resource_aws_eip.go b/builtin/providers/aws/resource_aws_eip.go
index 4729af537c..e284da4640 100644
--- a/builtin/providers/aws/resource_aws_eip.go
+++ b/builtin/providers/aws/resource_aws_eip.go
@@ -134,7 +134,7 @@ func resourceAwsEipRead(d *schema.ResourceData, meta interface{}) error {
 
 	// Verify AWS returned our EIP
 	if len(describeAddresses.Addresses) != 1 ||
-		(domain == "vpc" && *describeAddresses.Addresses[0].AllocationId != id) ||
+		domain == "vpc" && *describeAddresses.Addresses[0].AllocationId != id ||
 		*describeAddresses.Addresses[0].PublicIp != id {
 		if err != nil {
 			return fmt.Errorf("Unable to find EIP: %#v", describeAddresses.Addresses)
diff --git a/builtin/providers/aws/resource_aws_elb_test.go b/builtin/providers/aws/resource_aws_elb_test.go
index 5b85f54ce8..dadf4aba3c 100644
--- a/builtin/providers/aws/resource_aws_elb_test.go
+++ b/builtin/providers/aws/resource_aws_elb_test.go
@@ -431,7 +431,7 @@ func TestResourceAwsElbListenerHash(t *testing.T) {
 	for tn, tc := range cases {
 		leftHash := resourceAwsElbListenerHash(tc.Left)
 		rightHash := resourceAwsElbListenerHash(tc.Right)
-		if (leftHash == rightHash) != tc.Match {
+		if leftHash == rightHash != tc.Match {
 			t.Fatalf("%s: expected match: %t, but did not get it", tn, tc.Match)
 		}
 	}
diff --git a/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go b/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go
index a68d956a5b..11e50b0d9e 100644
--- a/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go
+++ b/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go
@@ -102,7 +102,7 @@ func testAccCheckAWSPolicyAttachmentAttributes(users []string, roles []string, g
 			}
 		}
 		if uc != 0 || rc != 0 || gc != 0 {
-			return fmt.Errorf("Error: Number of attached users, roles, or groups was incorrect:\n expected %d users and found %d\nexpected %d roles and found %d\nexpected %d groups and found %d", len(users), (len(users) - uc), len(roles), (len(roles) - rc), len(groups), (len(groups) - gc))
+			return fmt.Errorf("Error: Number of attached users, roles, or groups was incorrect:\n expected %d users and found %d\nexpected %d roles and found %d\nexpected %d groups and found %d", len(users), len(users)-uc, len(roles), len(roles)-rc, len(groups), len(groups)-gc)
 		}
 		return nil
 	}
diff --git a/builtin/providers/aws/resource_aws_instance.go b/builtin/providers/aws/resource_aws_instance.go
index faac6e0a52..d096a45d6f 100644
--- a/builtin/providers/aws/resource_aws_instance.go
+++ b/builtin/providers/aws/resource_aws_instance.go
@@ -695,7 +695,7 @@ func readBlockDevicesFromInstance(instance *ec2.Instance, conn *ec2.EC2) (map[st
 	instanceBlockDevices := make(map[string]*ec2.InstanceBlockDeviceMapping)
 	for _, bd := range instance.BlockDeviceMappings {
 		if bd.Ebs != nil {
-			instanceBlockDevices[*(bd.Ebs.VolumeId)] = bd
+			instanceBlockDevices[*bd.Ebs.VolumeId] = bd
 		}
 	}
 
@@ -755,9 +755,9 @@ func readBlockDevicesFromInstance(instance *ec2.Instance, conn *ec2.EC2) (map[st
 }
 
 func blockDeviceIsRoot(bd *ec2.InstanceBlockDeviceMapping, instance *ec2.Instance) bool {
-	return (bd.DeviceName != nil &&
+	return bd.DeviceName != nil &&
 		instance.RootDeviceName != nil &&
-		*bd.DeviceName == *instance.RootDeviceName)
+		*bd.DeviceName == *instance.RootDeviceName
 }
 
 func fetchRootDeviceName(ami string, conn *ec2.EC2) (*string, error) {
diff --git a/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go b/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
index aff6f79bb2..e2e590f6be 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
@@ -165,7 +165,7 @@ func verifyIPAddressParams(d *schema.ResourceData) error {
 	_, network := d.GetOk("network")
 	_, vpc := d.GetOk("vpc")
 
-	if (network && vpc) || (!network && !vpc) {
+	if network && vpc || !network && !vpc {
 		return fmt.Errorf(
 			"You must supply a value for either (so not both) the 'network' or 'vpc' parameter")
 	}
diff --git a/builtin/providers/docker/resource_docker_container_funcs.go b/builtin/providers/docker/resource_docker_container_funcs.go
index 058a4411ba..aa74a4e1d8 100644
--- a/builtin/providers/docker/resource_docker_container_funcs.go
+++ b/builtin/providers/docker/resource_docker_container_funcs.go
@@ -148,7 +148,7 @@ func resourceDockerContainerRead(d *schema.ResourceData, meta interface{}) error
 		}
 
 		if container.State.Running ||
-			(!container.State.Running && !d.Get("must_run").(bool)) {
+			!container.State.Running && !d.Get("must_run").(bool) {
 			break
 		}
 
diff --git a/builtin/providers/google/resource_compute_instance_test.go b/builtin/providers/google/resource_compute_instance_test.go
index 394e66dbfc..61c4906a25 100644
--- a/builtin/providers/google/resource_compute_instance_test.go
+++ b/builtin/providers/google/resource_compute_instance_test.go
@@ -376,7 +376,7 @@ func testAccCheckComputeInstanceDisk(instance *compute.Instance, source string,
 		}
 
 		for _, disk := range instance.Disks {
-			if strings.LastIndex(disk.Source, "/"+source) == (len(disk.Source)-len(source)-1) && disk.AutoDelete == delete && disk.Boot == boot {
+			if strings.LastIndex(disk.Source, "/"+source) == len(disk.Source)-len(source)-1 && disk.AutoDelete == delete && disk.Boot == boot {
 				return nil
 			}
 		}
diff --git a/builtin/providers/openstack/resource_openstack_compute_secgroup_v2.go b/builtin/providers/openstack/resource_openstack_compute_secgroup_v2.go
index e6d8be8ea1..18812cb59e 100644
--- a/builtin/providers/openstack/resource_openstack_compute_secgroup_v2.go
+++ b/builtin/providers/openstack/resource_openstack_compute_secgroup_v2.go
@@ -219,7 +219,7 @@ func resourceComputeSecGroupV2Delete(d *schema.ResourceData, meta interface{}) e
 }
 
 func resourceSecGroupRulesV2(d *schema.ResourceData) []secgroups.CreateRuleOpts {
-	rawRules := (d.Get("rule")).([]interface{})
+	rawRules := d.Get("rule").([]interface{})
 	createRuleOptsList := make([]secgroups.CreateRuleOpts, len(rawRules))
 	for i, raw := range rawRules {
 		rawMap := raw.(map[string]interface{})
diff --git a/builtin/providers/openstack/resource_openstack_lb_pool_v1.go b/builtin/providers/openstack/resource_openstack_lb_pool_v1.go
index 1384796d5c..64e0436dbc 100644
--- a/builtin/providers/openstack/resource_openstack_lb_pool_v1.go
+++ b/builtin/providers/openstack/resource_openstack_lb_pool_v1.go
@@ -292,7 +292,7 @@ func resourcePoolMonitorIDsV1(d *schema.ResourceData) []string {
 }
 
 func resourcePoolMembersV1(d *schema.ResourceData) []members.CreateOpts {
-	memberOptsRaw := (d.Get("member")).(*schema.Set)
+	memberOptsRaw := d.Get("member").(*schema.Set)
 	memberOpts := make([]members.CreateOpts, memberOptsRaw.Len())
 	for i, raw := range memberOptsRaw.List() {
 		rawMap := raw.(map[string]interface{})
diff --git a/command/flag_kv_test.go b/command/flag_kv_test.go
index b17266cc69..a134a16921 100644
--- a/command/flag_kv_test.go
+++ b/command/flag_kv_test.go
@@ -45,7 +45,7 @@ func TestFlagKV(t *testing.T) {
 	for _, tc := range cases {
 		f := new(FlagKV)
 		err := f.Set(tc.Input)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("bad error. Input: %#v", tc.Input)
 		}
 
@@ -95,7 +95,7 @@ foo = "bar"
 
 		f := new(FlagKVFile)
 		err := f.Set(path)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("bad error. Input: %#v", tc.Input)
 		}
 
diff --git a/communicator/winrm/provisioner.go b/communicator/winrm/provisioner.go
index 59c0ba7dde..d1562998cd 100644
--- a/communicator/winrm/provisioner.go
+++ b/communicator/winrm/provisioner.go
@@ -99,7 +99,7 @@ func safeDuration(dur string, defaultDur time.Duration) time.Duration {
 
 func formatDuration(duration time.Duration) string {
 	h := int(duration.Hours())
-	m := int(duration.Minutes()) - (h * 60)
+	m := int(duration.Minutes()) - h*60
 	s := int(duration.Seconds()) - (h*3600 + m*60)
 
 	res := "PT"
diff --git a/config/append_test.go b/config/append_test.go
index adeb7835b4..8d6258ecdd 100644
--- a/config/append_test.go
+++ b/config/append_test.go
@@ -91,7 +91,7 @@ func TestAppend(t *testing.T) {
 
 	for i, tc := range cases {
 		actual, err := Append(tc.c1, tc.c2)
-		if (err != nil) != tc.err {
+		if err != nil != tc.err {
 			t.Fatalf("%d: error fail", i)
 		}
 
diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index e4d275e580..87b26a5ee2 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -636,7 +636,7 @@ func testFunction(t *testing.T, config testFunctionConfig) {
 		}
 
 		out, _, err := lang.Eval(ast, langEvalConfig(config.Vars))
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("Case #%d:\ninput: %#v\nerr: %s", i, tc.Input, err)
 		}
 
diff --git a/config/interpolate_test.go b/config/interpolate_test.go
index 69a6ca2293..3328571cc5 100644
--- a/config/interpolate_test.go
+++ b/config/interpolate_test.go
@@ -66,7 +66,7 @@ func TestNewInterpolatedVariable(t *testing.T) {
 
 	for i, tc := range cases {
 		actual, err := NewInterpolatedVariable(tc.Input)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("%d. Error: %s", i, err)
 		}
 		if !reflect.DeepEqual(actual, tc.Result) {
diff --git a/config/lang/check_identifier_test.go b/config/lang/check_identifier_test.go
index 1ed52580ef..fe76be1d47 100644
--- a/config/lang/check_identifier_test.go
+++ b/config/lang/check_identifier_test.go
@@ -134,7 +134,7 @@ func TestIdentifierCheck(t *testing.T) {
 
 		visitor := &IdentifierCheck{Scope: tc.Scope}
 		err = visitor.Visit(node)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("Error: %s\n\nInput: %s", err, tc.Input)
 		}
 	}
diff --git a/config/lang/check_types_test.go b/config/lang/check_types_test.go
index eb108044e6..6087f98d5d 100644
--- a/config/lang/check_types_test.go
+++ b/config/lang/check_types_test.go
@@ -169,7 +169,7 @@ func TestTypeCheck(t *testing.T) {
 
 		visitor := &TypeCheck{Scope: tc.Scope}
 		err = visitor.Visit(node)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("Error: %s\n\nInput: %s", err, tc.Input)
 		}
 	}
@@ -247,7 +247,7 @@ func TestTypeCheck_implicit(t *testing.T) {
 		// Do the first pass...
 		visitor := &TypeCheck{Scope: tc.Scope, Implicit: implicitMap}
 		err = visitor.Visit(node)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("Error: %s\n\nInput: %s", err, tc.Input)
 		}
 		if err != nil {
diff --git a/config/lang/eval_test.go b/config/lang/eval_test.go
index 44f25d6fd7..122f44d1f4 100644
--- a/config/lang/eval_test.go
+++ b/config/lang/eval_test.go
@@ -260,7 +260,7 @@ func TestEval(t *testing.T) {
 		}
 
 		out, outType, err := Eval(node, &EvalConfig{GlobalScope: tc.Scope})
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("Error: %s\n\nInput: %s", err, tc.Input)
 		}
 		if outType != tc.ResultType {
diff --git a/config/lang/parse_test.go b/config/lang/parse_test.go
index 8d705dccb9..dc75424bc9 100644
--- a/config/lang/parse_test.go
+++ b/config/lang/parse_test.go
@@ -353,7 +353,7 @@ func TestParse(t *testing.T) {
 
 	for _, tc := range cases {
 		actual, err := Parse(tc.Input)
-		if (err != nil) != tc.Error {
+		if err != nil != tc.Error {
 			t.Fatalf("Error: %s\n\nInput: %s", err, tc.Input)
 		}
 		if !reflect.DeepEqual(actual, tc.Result) {
diff --git a/config/loader.go b/config/loader.go
index 4f5d8e7658..5711ce8ef8 100644
--- a/config/loader.go
+++ b/config/loader.go
@@ -210,5 +210,5 @@ func dirFiles(dir string) ([]string, []string, error) {
 func isIgnoredFile(name string) bool {
 	return strings.HasPrefix(name, ".") || // Unix-like hidden files
 		strings.HasSuffix(name, "~") || // vim
-		(strings.HasPrefix(name, "#") && strings.HasSuffix(name, "#")) // emacs
+		strings.HasPrefix(name, "#") && strings.HasSuffix(name, "#") // emacs
 }
diff --git a/config/merge_test.go b/config/merge_test.go
index 40144f0c77..6fe55a2d51 100644
--- a/config/merge_test.go
+++ b/config/merge_test.go
@@ -157,7 +157,7 @@ func TestMerge(t *testing.T) {
 
 	for i, tc := range cases {
 		actual, err := Merge(tc.c1, tc.c2)
-		if (err != nil) != tc.err {
+		if err != nil != tc.err {
 			t.Fatalf("%d: error fail", i)
 		}
 
diff --git a/config/module/detect_file_test.go b/config/module/detect_file_test.go
index 4c75ce83d4..3e9db8bba2 100644
--- a/config/module/detect_file_test.go
+++ b/config/module/detect_file_test.go
@@ -74,7 +74,7 @@ func TestFileDetector_noPwd(t *testing.T) {
 	f := new(FileDetector)
 	for i, tc := range noPwdFileTests {
 		out, ok, err := f.Detect(tc.in, tc.pwd)
-		if (err != nil) != tc.err {
+		if err != nil != tc.err {
 			t.Fatalf("%d: err: %s", i, err)
 		}
 		if !ok {
diff --git a/config/module/detect_test.go b/config/module/detect_test.go
index e1e3b43722..d2ee8ea1af 100644
--- a/config/module/detect_test.go
+++ b/config/module/detect_test.go
@@ -41,7 +41,7 @@ func TestDetect(t *testing.T) {
 
 	for i, tc := range cases {
 		output, err := Detect(tc.Input, tc.Pwd)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%d: bad err: %s", i, err)
 		}
 		if output != tc.Output {
diff --git a/helper/schema/field_reader_config_test.go b/helper/schema/field_reader_config_test.go
index 96028a89c1..be37fcef9f 100644
--- a/helper/schema/field_reader_config_test.go
+++ b/helper/schema/field_reader_config_test.go
@@ -122,7 +122,7 @@ func TestConfigFieldReader_DefaultHandling(t *testing.T) {
 			Config: tc.Config,
 		}
 		out, err := r.ReadField(tc.Addr)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 		if s, ok := out.Value.(*Set); ok {
@@ -192,7 +192,7 @@ func TestConfigFieldReader_ComputedMap(t *testing.T) {
 			Config: tc.Config,
 		}
 		out, err := r.ReadField(tc.Addr)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 		if s, ok := out.Value.(*Set); ok {
@@ -283,7 +283,7 @@ func TestConfigFieldReader_ComputedSet(t *testing.T) {
 			Config: tc.Config,
 		}
 		out, err := r.ReadField(tc.Addr)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 		if s, ok := out.Value.(*Set); ok {
diff --git a/helper/schema/field_reader_diff_test.go b/helper/schema/field_reader_diff_test.go
index 205b254f40..a763e4702c 100644
--- a/helper/schema/field_reader_diff_test.go
+++ b/helper/schema/field_reader_diff_test.go
@@ -237,7 +237,7 @@ func TestDiffFieldReader_extra(t *testing.T) {
 
 	for name, tc := range cases {
 		out, err := r.ReadField(tc.Addr)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 		if s, ok := out.Value.(*Set); ok {
diff --git a/helper/schema/field_reader_map_test.go b/helper/schema/field_reader_map_test.go
index e2d5342ee3..61ffd4484f 100644
--- a/helper/schema/field_reader_map_test.go
+++ b/helper/schema/field_reader_map_test.go
@@ -86,7 +86,7 @@ func TestMapFieldReader_extra(t *testing.T) {
 
 	for name, tc := range cases {
 		out, err := r.ReadField(tc.Addr)
-		if (err != nil) != tc.OutErr {
+		if err != nil != tc.OutErr {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 		if out.Computed != tc.OutComputed {
diff --git a/helper/schema/field_reader_test.go b/helper/schema/field_reader_test.go
index 7d4690762b..c61fb8eb73 100644
--- a/helper/schema/field_reader_test.go
+++ b/helper/schema/field_reader_test.go
@@ -387,7 +387,7 @@ func testFieldReader(t *testing.T, f func(map[string]*Schema) FieldReader) {
 	for name, tc := range cases {
 		r := f(schema)
 		out, err := r.ReadField(tc.Addr)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 		if s, ok := out.Value.(*Set); ok {
diff --git a/helper/schema/field_writer_map_test.go b/helper/schema/field_writer_map_test.go
index 8cf8100f2c..3f54f8303b 100644
--- a/helper/schema/field_writer_map_test.go
+++ b/helper/schema/field_writer_map_test.go
@@ -242,7 +242,7 @@ func TestMapFieldWriter(t *testing.T) {
 	for name, tc := range cases {
 		w := &MapFieldWriter{Schema: schema}
 		err := w.WriteField(tc.Addr, tc.Value)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%s: err: %s", name, err)
 		}
 
diff --git a/helper/schema/provider_test.go b/helper/schema/provider_test.go
index e1f4b93b0f..5701520a24 100644
--- a/helper/schema/provider_test.go
+++ b/helper/schema/provider_test.go
@@ -79,7 +79,7 @@ func TestProviderConfigure(t *testing.T) {
 		}
 
 		err = tc.P.Configure(terraform.NewResourceConfig(c))
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%d: %s", i, err)
 		}
 	}
@@ -141,7 +141,7 @@ func TestProviderValidate(t *testing.T) {
 		}
 
 		_, es := tc.P.Validate(terraform.NewResourceConfig(c))
-		if (len(es) > 0) != tc.Err {
+		if len(es) > 0 != tc.Err {
 			t.Fatalf("%d: %#v", i, es)
 		}
 	}
@@ -180,7 +180,7 @@ func TestProviderValidateResource(t *testing.T) {
 		}
 
 		_, es := tc.P.ValidateResource(tc.Type, terraform.NewResourceConfig(c))
-		if (len(es) > 0) != tc.Err {
+		if len(es) > 0 != tc.Err {
 			t.Fatalf("%d: %#v", i, es)
 		}
 	}
diff --git a/helper/schema/resource.go b/helper/schema/resource.go
index 8b3e53ad33..a7b8cfe1e5 100644
--- a/helper/schema/resource.go
+++ b/helper/schema/resource.go
@@ -247,7 +247,7 @@ func (r *Resource) InternalValidate(topSchemaMap schemaMap) error {
 		} else {
 			nonUpdateableAttrs := make([]string, 0)
 			for k, v := range r.Schema {
-				if v.ForceNew || (v.Computed && !v.Optional) {
+				if v.ForceNew || v.Computed && !v.Optional {
 					nonUpdateableAttrs = append(nonUpdateableAttrs, k)
 				}
 			}
diff --git a/helper/schema/resource_data_test.go b/helper/schema/resource_data_test.go
index 95479cfbf6..dc62a8a190 100644
--- a/helper/schema/resource_data_test.go
+++ b/helper/schema/resource_data_test.go
@@ -1736,7 +1736,7 @@ func TestResourceDataSet(t *testing.T) {
 		}
 
 		err = d.Set(tc.Key, tc.Value)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%d err: %s", i, err)
 		}
 
diff --git a/helper/schema/resource_test.go b/helper/schema/resource_test.go
index 3604322e75..ecfede51b2 100644
--- a/helper/schema/resource_test.go
+++ b/helper/schema/resource_test.go
@@ -369,7 +369,7 @@ func TestResourceInternalValidate(t *testing.T) {
 
 	for i, tc := range cases {
 		err := tc.In.InternalValidate(schemaMap{})
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("%d: bad: %s", i, err)
 		}
 	}
@@ -585,7 +585,7 @@ func TestResourceRefresh_needsMigration(t *testing.T) {
 		if err != nil {
 			t.Fatalf("err: %#v", err)
 		}
-		s.Attributes["newfoo"] = strconv.Itoa((int(oldfoo * 10)))
+		s.Attributes["newfoo"] = strconv.Itoa(int(oldfoo * 10))
 		delete(s.Attributes, "oldfoo")
 
 		return s, nil
diff --git a/helper/schema/schema.go b/helper/schema/schema.go
index da0bb38b3a..34145b1367 100644
--- a/helper/schema/schema.go
+++ b/helper/schema/schema.go
@@ -827,7 +827,7 @@ func (m schemaMap) diffSet(
 	newStr := strconv.Itoa(newLen)
 
 	// If the set computed then say that the # is computed
-	if computedSet || (schema.Computed && !nSet) {
+	if computedSet || schema.Computed && !nSet {
 		// If # already exists, equals 0 and no new set is supplied, there
 		// is nothing to record in the diff
 		count, ok := d.GetOk(k + ".#")
diff --git a/helper/schema/schema_test.go b/helper/schema/schema_test.go
index 404d7286cf..faf703b0f8 100644
--- a/helper/schema/schema_test.go
+++ b/helper/schema/schema_test.go
@@ -2437,7 +2437,7 @@ func TestSchemaMap_Diff(t *testing.T) {
 
 		d, err := schemaMap(tc.Schema).Diff(
 			tc.State, terraform.NewResourceConfig(c))
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("#%d err: %s", i, err)
 		}
 
@@ -2595,7 +2595,7 @@ func TestSchemaMap_Input(t *testing.T) {
 		rc.Config = make(map[string]interface{})
 
 		actual, err := schemaMap(tc.Schema).Input(input, rc)
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			t.Fatalf("#%v err: %s", i, err)
 		}
 
@@ -2916,7 +2916,7 @@ func TestSchemaMap_InternalValidate(t *testing.T) {
 
 	for i, tc := range cases {
 		err := schemaMap(tc.In).InternalValidate(schemaMap{})
-		if (err != nil) != tc.Err {
+		if err != nil != tc.Err {
 			if tc.Err {
 				t.Fatalf("%d: Expected error did not occur:\n\n%#v", i, tc.In)
 			}
@@ -3652,7 +3652,7 @@ func TestSchemaMap_Validate(t *testing.T) {
 		}
 
 		ws, es := schemaMap(tc.Schema).Validate(terraform.NewResourceConfig(c))
-		if (len(es) > 0) != tc.Err {
+		if len(es) > 0 != tc.Err {
 			if len(es) == 0 {
 				t.Errorf("%q: no errors", tn)
 			}
diff --git a/terraform/eval_apply.go b/terraform/eval_apply.go
index c22a6ca4e5..6314baa86e 100644
--- a/terraform/eval_apply.go
+++ b/terraform/eval_apply.go
@@ -49,7 +49,7 @@ func (n *EvalApply) Eval(ctx EvalContext) (interface{}, error) {
 
 	// Flag if we're creating a new instance
 	if n.CreateNew != nil {
-		*n.CreateNew = (state.ID == "" && !diff.Destroy) || diff.RequiresNew()
+		*n.CreateNew = state.ID == "" && !diff.Destroy || diff.RequiresNew()
 	}
 
 	{
diff --git a/terraform/graph_builder.go b/terraform/graph_builder.go
index 2190be15ec..ca99667016 100644
--- a/terraform/graph_builder.go
+++ b/terraform/graph_builder.go
@@ -107,7 +107,7 @@ func (b *BuiltinGraphBuilder) Steps(path []string) []GraphTransformer {
 		&OrphanTransformer{
 			State:     b.State,
 			Module:    b.Root,
-			Targeting: (len(b.Targets) > 0),
+			Targeting: len(b.Targets) > 0,
 		},
 
 		// Output-related transformations
diff --git a/terraform/graph_config_node_resource.go b/terraform/graph_config_node_resource.go
index dfc9587146..2bf0e4568a 100644
--- a/terraform/graph_config_node_resource.go
+++ b/terraform/graph_config_node_resource.go
@@ -165,7 +165,7 @@ func (n *GraphNodeConfigResource) DynamicExpand(ctx EvalContext) (*Graph, error)
 		steps = append(steps, &OrphanTransformer{
 			State:     state,
 			View:      n.Resource.Id(),
-			Targeting: (len(n.Targets) > 0),
+			Targeting: len(n.Targets) > 0,
 		})
 
 		steps = append(steps, &DeposedTransformer{
diff --git a/terraform/graph_dot_test.go b/terraform/graph_dot_test.go
index da0e1f55ed..ecef1984da 100644
--- a/terraform/graph_dot_test.go
+++ b/terraform/graph_dot_test.go
@@ -210,13 +210,13 @@ digraph {
 
 	for tn, tc := range cases {
 		actual, err := GraphDot(tc.Graph(), &tc.Opts)
-		if (err == nil) && tc.Error != "" {
+		if err == nil && tc.Error != "" {
 			t.Fatalf("%s: expected err: %s, got none", tn, tc.Error)
 		}
-		if (err != nil) && (tc.Error == "") {
+		if err != nil && tc.Error == "" {
 			t.Fatalf("%s: unexpected err: %s", tn, err)
 		}
-		if (err != nil) && (tc.Error != "") {
+		if err != nil && tc.Error != "" {
 			if !strings.Contains(err.Error(), tc.Error) {
 				t.Fatalf("%s: expected err: %s\nto contain: %s", tn, err, tc.Error)
 			}
diff --git a/terraform/resource_address.go b/terraform/resource_address.go
index 583cdd2a03..f7dd940747 100644
--- a/terraform/resource_address.go
+++ b/terraform/resource_address.go
@@ -53,26 +53,26 @@ func (addr *ResourceAddress) Equals(raw interface{}) bool {
 		return false
 	}
 
-	pathMatch := ((len(addr.Path) == 0 && len(other.Path) == 0) ||
-		reflect.DeepEqual(addr.Path, other.Path))
+	pathMatch := len(addr.Path) == 0 && len(other.Path) == 0 ||
+		reflect.DeepEqual(addr.Path, other.Path)
 
-	indexMatch := (addr.Index == -1 ||
+	indexMatch := addr.Index == -1 ||
 		other.Index == -1 ||
-		addr.Index == other.Index)
+		addr.Index == other.Index
 
-	nameMatch := (addr.Name == "" ||
+	nameMatch := addr.Name == "" ||
 		other.Name == "" ||
-		addr.Name == other.Name)
+		addr.Name == other.Name
 
-	typeMatch := (addr.Type == "" ||
+	typeMatch := addr.Type == "" ||
 		other.Type == "" ||
-		addr.Type == other.Type)
+		addr.Type == other.Type
 
-	return (pathMatch &&
+	return pathMatch &&
 		indexMatch &&
 		addr.InstanceType == other.InstanceType &&
 		nameMatch &&
-		typeMatch)
+		typeMatch
 }
 
 func ParseResourceIndex(s string) (int, error) {

From 5a953a4fbd7f6234f4fddd334125c59f1c912e6e Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Thu, 8 Oct 2015 07:11:33 -0700
Subject: [PATCH 156/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6dcc3db10d..b25713fcfc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ FEATURES:
   * **New resource: `aws_iam_saml_provider`** [GH-3156]
   * **New resources: `aws_efs_file_system` and `aws_efs_mount_target`** [GH-2196]
   * **New resources: `aws_opsworks_*`** [GH-2162]
+  * **New resource: `aws_elasticsearch_domain`** [GH-3443]
 
 IMPROVEMENTS:
 

From c68d9c4ae0ba4c1faf8010cefef61041cce38e03 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Thu, 20 Aug 2015 10:32:34 -0500
Subject: [PATCH 157/335] provider/aws: Allow Instance to be computed in EIPs

---
 builtin/providers/aws/resource_aws_eip.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_eip.go b/builtin/providers/aws/resource_aws_eip.go
index 4729af537c..5dabe9fc05 100644
--- a/builtin/providers/aws/resource_aws_eip.go
+++ b/builtin/providers/aws/resource_aws_eip.go
@@ -30,13 +30,13 @@ func resourceAwsEip() *schema.Resource {
 			"instance": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+                                Computed: true,
 			},
 
 			"network_interface": &schema.Schema{
-				Type:          schema.TypeString,
-				Optional:      true,
-				Computed:      true,
-				ConflictsWith: []string{"instance"},
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                Computed: true,
 			},
 
 			"allocation_id": &schema.Schema{

From 9d973f127913a5f9a1f82973d6e0898f3be64240 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Thu, 8 Oct 2015 09:20:51 -0500
Subject: [PATCH 158/335] document limitation of instance id / network
 interface id

---
 website/source/docs/providers/aws/r/eip.html.markdown | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/source/docs/providers/aws/r/eip.html.markdown b/website/source/docs/providers/aws/r/eip.html.markdown
index dd44391be5..11692a4e9d 100644
--- a/website/source/docs/providers/aws/r/eip.html.markdown
+++ b/website/source/docs/providers/aws/r/eip.html.markdown
@@ -27,6 +27,11 @@ The following arguments are supported:
 * `instance` - (Optional) EC2 instance ID.
 * `network_interface` - (Optional) Network interface ID to associate with.
 
+~> **NOTE:** You can specify either the `instance` ID or the `network_interface` ID, 
+but not both. Including both will **not** return an error from the AWS API, but will
+have undefined behavior. See the relevant [AssociateAddress API Call][1] for
+more information.
+
 ## Attributes Reference
 
 The following attributes are exported:
@@ -36,3 +41,5 @@ The following attributes are exported:
 * `instance` - Contains the ID of the attached instance.
 * `network_interface` - Contains the ID of the attached network interface.
 
+
+[1]: http://docs.aws.amazon.com/fr_fr/AWSEC2/latest/APIReference/API_AssociateAddress.html

From aaa922c0fdaa59a141876d6c2d73fd1e1619836e Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Thu, 8 Oct 2015 09:39:59 -0500
Subject: [PATCH 159/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b25713fcfc..7d1dac706f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ IMPROVEMENTS:
   * provider/aws: Paginate notifications returned for ASG Notifications [GH-3043]
   * provider/aws: add `ses_smtp_password` to `aws_iam_access_key` [GH-3165]
   * provider/aws: read `iam_instance_profile` for `aws_instance` and save to state [GH-3167]
+  * provider/aws: allow `instance` to be computed in `aws_eip` [GH-3036]
   * provider/aws: Add `versioning` option to `aws_s3_bucket` [GH-2942]
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/aws: Add validation for `app_cookie_stickiness_policy.name` [GH-3277]

From f2f4ded97047360ae07521e0201d7736907af3d8 Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Thu, 8 Oct 2015 16:49:41 +0200
Subject: [PATCH 160/335] Initialize list as an empty slice

---
 config/string_list.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/string_list.go b/config/string_list.go
index 5ed9336abd..a175b821d6 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -28,7 +28,7 @@ const stringListDelim = `B780FFEC-B661-4EB8-9236-A01737AD98B6`
 func (sl StringList) Compact() StringList {
 	parts := sl.Slice()
 
-	var newlist []string
+  newlist := []string{}
 	// drop the empty strings
 	for i := range parts {
 		if parts[i] != "" {

From 53f44878ff118f4b59f2381731d4c07da09aed41 Mon Sep 17 00:00:00 2001
From: Svend Sorensen <ssorensen@whitepages.com>
Date: Wed, 7 Oct 2015 13:11:54 -0700
Subject: [PATCH 161/335] Add tests for empty string lists

---
 config/string_list_test.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/config/string_list_test.go b/config/string_list_test.go
index 64049eb502..3fe57dfe28 100644
--- a/config/string_list_test.go
+++ b/config/string_list_test.go
@@ -27,3 +27,26 @@ func TestStringList_element(t *testing.T) {
 			list, expected, actual)
 	}
 }
+
+func TestStringList_empty_slice(t *testing.T) {
+	expected := []string{}
+	l := NewStringList(expected)
+	actual := l.Slice()
+
+	if !reflect.DeepEqual(expected, actual) {
+		t.Fatalf("Expected %q, got %q", expected, actual)
+	}
+}
+
+func TestStringList_empty_slice_length(t *testing.T) {
+	list := []string{}
+	l := NewStringList([]string{})
+	actual := l.Length()
+
+	expected := 0
+
+	if actual != expected {
+		t.Fatalf("Expected length of %q to be %d, got %d",
+			list, expected, actual)
+	}
+}

From 8e4a313f17a22089b53f38437069718469612997 Mon Sep 17 00:00:00 2001
From: Svend Sorensen <ssorensen@whitepages.com>
Date: Wed, 7 Oct 2015 13:28:46 -0700
Subject: [PATCH 162/335] Return an empty slice for empty string lists

---
 config/string_list.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/string_list.go b/config/string_list.go
index a175b821d6..da45df7366 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -69,11 +69,11 @@ func (sl StringList) Length() int {
 func (sl StringList) Slice() []string {
 	parts := strings.Split(string(sl), stringListDelim)
 
+	// split on an empty StringList will have a length of 2, since there is
+	// always at least one deliminator
 	switch len(parts) {
-	case 0, 1:
+	case 0, 1, 2:
 		return []string{}
-	case 2:
-		return []string{""}
 	}
 
 	// strip empty elements generated by leading and trailing delimiters

From 73b51698ada29342e69086eba86e643f2e31bb1a Mon Sep 17 00:00:00 2001
From: Svend Sorensen <ssorensen@whitepages.com>
Date: Wed, 7 Oct 2015 13:56:43 -0700
Subject: [PATCH 163/335] Replace simple case with if

---
 config/string_list.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/string_list.go b/config/string_list.go
index da45df7366..ba41d0256d 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -71,8 +71,7 @@ func (sl StringList) Slice() []string {
 
 	// split on an empty StringList will have a length of 2, since there is
 	// always at least one deliminator
-	switch len(parts) {
-	case 0, 1, 2:
+	if len(parts) <= 2 {
 		return []string{}
 	}
 

From 3040d8419fefac935d94450013f1bb7bfc08e741 Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Thu, 8 Oct 2015 18:07:07 +0200
Subject: [PATCH 164/335] Test removing weird zero+zero Route53 test case

---
 terraform/interpolate_test.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/terraform/interpolate_test.go b/terraform/interpolate_test.go
index bbbb1024a4..fbce848eaf 100644
--- a/terraform/interpolate_test.go
+++ b/terraform/interpolate_test.go
@@ -330,11 +330,6 @@ func TestInterpolator_resourceMultiAttributesWithResourceCount(t *testing.T) {
 		Value: config.NewStringList([]string{}).String(),
 		Type:  ast.TypeString,
 	})
-	// Zero + zero elements
-	testInterpolate(t, i, scope, "aws_route53_zone.terra.*.nothing", ast.Variable{
-		Value: config.NewStringList([]string{"", ""}).String(),
-		Type:  ast.TypeString,
-	})
 	// Zero + 1 element
 	testInterpolate(t, i, scope, "aws_route53_zone.terra.*.special", ast.Variable{
 		Value: config.NewStringList([]string{"extra"}).String(),

From 0a5387db903e1906ab625c46cd0c741687466d1b Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 17:24:33 +0100
Subject: [PATCH 165/335] Adding some examples of the S3 bucket object
 parameters as well as checking for an empty string in the new S3 bucket
 object params

---
 .../aws/resource_aws_s3_bucket_object.go      | 44 ++++++++++++-------
 .../aws/r/s3_bucket_object.html.markdown      | 10 ++---
 2 files changed, 32 insertions(+), 22 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 537ed32974..9f2e45960b 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -76,30 +76,40 @@ func resourceAwsS3BucketObjectPut(d *schema.ResourceData, meta interface{}) erro
 
 	bucket := d.Get("bucket").(string)
 	key := d.Get("key").(string)
-	source := d.Get("source").(string)
-	encoding := d.Get("content_encoding").(string)
-	contentType := d.Get("content_type").(string)
-	cacheControl := d.Get("cache_control").(string)
-	contentLanguage := d.Get("content_language").(string)
-	contentDisposition := d.Get("content_disposition").(string)
 
+	source := d.Get("source").(string)
 	file, err := os.Open(source)
 
 	if err != nil {
 		return fmt.Errorf("Error opening S3 bucket object source (%s): %s", source, err)
 	}
+	putInput := &s3.PutObjectInput{
+		Bucket: aws.String(bucket),
+		Key:    aws.String(key),
+		Body:   file,
+	}
 
-	resp, err := s3conn.PutObject(
-		&s3.PutObjectInput{
-			Bucket:             aws.String(bucket),
-			Key:                aws.String(key),
-			Body:               file,
-			CacheControl:       aws.String(cacheControl),
-			ContentDisposition: aws.String(contentDisposition),
-			ContentEncoding:    aws.String(encoding),
-			ContentLanguage:    aws.String(contentLanguage),
-			ContentType:        aws.String(contentType),
-		})
+	if v, ok := d.GetOk("cache_control"); ok {
+		putInput.CacheControl = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("content_type"); ok {
+		putInput.ContentType = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("content_encoding"); ok {
+		putInput.ContentEncoding = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("content_language"); ok {
+		putInput.ContentLanguage = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("content_disposition"); ok {
+		putInput.ContentDisposition = aws.String(v.(string))
+	}
+
+	resp, err := s3conn.PutObject(putInput)
 
 	if err != nil {
 		return fmt.Errorf("Error putting object in S3 bucket (%s): %s", bucket, err)
diff --git a/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown b/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
index 649130f80a..99c24f38c2 100644
--- a/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
+++ b/website/source/docs/providers/aws/r/s3_bucket_object.html.markdown
@@ -29,11 +29,11 @@ The following arguments are supported:
 * `bucket` - (Required) The name of the bucket to put the file in.
 * `key` - (Required) The name of the object once it is in the bucket.
 * `source` - (Required) The path to the source file being uploaded to the bucket.
-* `cache_control` - (Optional) Specifies caching behavior along the request/reply chain.
-* `content_disposition` - (Optional) Specifies presentational information for the object.
-* `content_encoding` - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
-* `content_language` - (Optional) The language the content is in.
-* `content_type` - (Optional) A standard MIME type describing the format of the object data.
+* `cache_control` - (Optional) Specifies caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for futher details.
+* `content_disposition` - (Optional) Specifies presentational information for the object. Read [wc3 content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.
+* `content_encoding` - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.
+* `content_language` - (Optional) The language the content is in e.g. en-US or en-GB.
+* `content_type` - (Optional) A standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.
 
 ## Attributes Reference
 

From 8e2163c963b1a141f61c2986ef490522aff25fd7 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 18:44:59 +0100
Subject: [PATCH 166/335] Removing the S3 Bucket Object Update method. This was
 removed in master but seems to be broken in my branch

---
 builtin/providers/aws/resource_aws_s3_bucket_object.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 9f2e45960b..3f072ebd29 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -16,7 +16,6 @@ func resourceAwsS3BucketObject() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsS3BucketObjectPut,
 		Read:   resourceAwsS3BucketObjectRead,
-		Update: resourceAwsS3BucketObjectPut,
 		Delete: resourceAwsS3BucketObjectDelete,
 
 		Schema: map[string]*schema.Schema{

From 25ab79ba434581a339f930abe6bed9e261a6e731 Mon Sep 17 00:00:00 2001
From: Seth Vargo <sethvargo@gmail.com>
Date: Thu, 8 Oct 2015 13:45:54 -0400
Subject: [PATCH 167/335] Apply shopt options to include hidden files

---
 scripts/website_push.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/website_push.sh b/scripts/website_push.sh
index 36b62f1be4..fa58fd694a 100755
--- a/scripts/website_push.sh
+++ b/scripts/website_push.sh
@@ -16,7 +16,8 @@ while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
 DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )"
 
 # Copy into tmpdir
-cp -R $DIR/website/ $DEPLOY/
+shopt -s dotglob
+cp -r $DIR/website/* $DEPLOY/
 
 # Change into that directory
 pushd $DEPLOY &>/dev/null
@@ -25,6 +26,7 @@ pushd $DEPLOY &>/dev/null
 touch .gitignore
 echo ".sass-cache" >> .gitignore
 echo "build" >> .gitignore
+echo "vendor" >> .gitignore
 
 # Add everything
 git init -q .

From b3010e1412a3e2b8b8193a39c55b2e58a6883747 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 18:50:30 +0100
Subject: [PATCH 168/335] Because of the lack of Update, S3 Bucket Object needs
 to force new when changing the params

---
 builtin/providers/aws/resource_aws_s3_bucket_object.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index 3f072ebd29..a01ab760e6 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -28,26 +28,31 @@ func resourceAwsS3BucketObject() *schema.Resource {
 			"cache_control": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+				ForceNew: true,
 			},
 
 			"content_disposition": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+				ForceNew: true,
 			},
 
 			"content_encoding": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+				ForceNew: true,
 			},
 
 			"content_language": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+				ForceNew: true,
 			},
 
 			"content_type": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+				ForceNew: true,
 			},
 
 			"key": &schema.Schema{

From 110be439e260551d0bb93f343e096a4bb4cd2efd Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Thu, 8 Oct 2015 12:19:44 -0700
Subject: [PATCH 169/335] provider/aws: Add aws_placement_group

---
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_placement_group.go       | 150 ++++++++++++++++++
 2 files changed, 151 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_placement_group.go

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 42b1d6242b..26f2b7657b 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -219,6 +219,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_opsworks_mysql_layer":         resourceAwsOpsworksMysqlLayer(),
 			"aws_opsworks_ganglia_layer":       resourceAwsOpsworksGangliaLayer(),
 			"aws_opsworks_custom_layer":        resourceAwsOpsworksCustomLayer(),
+			"aws_placement_group":              resourceAwsPlacementGroup(),
 			"aws_proxy_protocol_policy":        resourceAwsProxyProtocolPolicy(),
 			"aws_rds_cluster":                  resourceAwsRDSCluster(),
 			"aws_rds_cluster_instance":         resourceAwsRDSClusterInstance(),
diff --git a/builtin/providers/aws/resource_aws_placement_group.go b/builtin/providers/aws/resource_aws_placement_group.go
new file mode 100644
index 0000000000..9f0452f755
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_placement_group.go
@@ -0,0 +1,150 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsPlacementGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsPlacementGroupCreate,
+		Read:   resourceAwsPlacementGroupRead,
+		Delete: resourceAwsPlacementGroupDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"strategy": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceAwsPlacementGroupCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+
+	name := d.Get("name").(string)
+	input := ec2.CreatePlacementGroupInput{
+		GroupName: aws.String(name),
+		Strategy:  aws.String(d.Get("strategy").(string)),
+	}
+	log.Printf("[DEBUG] Creating EC2 Placement group: %s", input)
+	_, err := conn.CreatePlacementGroup(&input)
+	if err != nil {
+		return err
+	}
+
+	wait := resource.StateChangeConf{
+		Pending:    []string{"pending"},
+		Target:     "available",
+		Timeout:    5 * time.Minute,
+		MinTimeout: 1 * time.Second,
+		Refresh: func() (interface{}, string, error) {
+			out, err := conn.DescribePlacementGroups(&ec2.DescribePlacementGroupsInput{
+				GroupNames: []*string{aws.String(name)},
+			})
+
+			if err != nil {
+				return out, "", err
+			}
+
+			if len(out.PlacementGroups) == 0 {
+				return out, "", fmt.Errorf("Placement group not found (%q)", name)
+			}
+			pg := out.PlacementGroups[0]
+
+			return out, *pg.State, nil
+		},
+	}
+
+	_, err = wait.WaitForState()
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] EC2 Placement group created: %q", name)
+
+	d.SetId(name)
+
+	return resourceAwsPlacementGroupRead(d, meta)
+}
+
+func resourceAwsPlacementGroupRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+	input := ec2.DescribePlacementGroupsInput{
+		GroupNames: []*string{aws.String(d.Get("name").(string))},
+	}
+	out, err := conn.DescribePlacementGroups(&input)
+	if err != nil {
+		return err
+	}
+	pg := out.PlacementGroups[0]
+
+	log.Printf("[DEBUG] Received EC2 Placement Group: %s", pg)
+
+	d.Set("name", pg.GroupName)
+	d.Set("strategy", pg.Strategy)
+
+	return nil
+}
+
+func resourceAwsPlacementGroupDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+
+	log.Printf("[DEBUG] Deleting EC2 Placement Group %q", d.Id())
+	_, err := conn.DeletePlacementGroup(&ec2.DeletePlacementGroupInput{
+		GroupName: aws.String(d.Id()),
+	})
+	if err != nil {
+		return err
+	}
+
+	wait := resource.StateChangeConf{
+		Pending:    []string{"deleting"},
+		Target:     "deleted",
+		Timeout:    5 * time.Minute,
+		MinTimeout: 1 * time.Second,
+		Refresh: func() (interface{}, string, error) {
+			out, err := conn.DescribePlacementGroups(&ec2.DescribePlacementGroupsInput{
+				GroupNames: []*string{aws.String(d.Id())},
+			})
+
+			if err != nil {
+				awsErr := err.(awserr.Error)
+				if awsErr.Code() == "InvalidPlacementGroup.Unknown" {
+					return out, "deleted", nil
+				}
+				return out, "", awsErr
+			}
+
+			if len(out.PlacementGroups) == 0 {
+				return out, "deleted", nil
+			}
+
+			pg := out.PlacementGroups[0]
+
+			return out, *pg.State, nil
+		},
+	}
+
+	_, err = wait.WaitForState()
+	if err != nil {
+		return err
+	}
+
+	d.SetId("")
+	return nil
+}

From f30c647a2654078833a369b28af8591e0c1e6edf Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Thu, 8 Oct 2015 12:44:47 -0700
Subject: [PATCH 170/335] provider/aws: Add acceptance test for
 aws_placement_group

---
 .../aws/resource_aws_placement_group_test.go  | 98 +++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_placement_group_test.go

diff --git a/builtin/providers/aws/resource_aws_placement_group_test.go b/builtin/providers/aws/resource_aws_placement_group_test.go
new file mode 100644
index 0000000000..a68e43e92f
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_placement_group_test.go
@@ -0,0 +1,98 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+)
+
+func TestAccAWSPlacementGroup_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSPlacementGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSPlacementGroupConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSPlacementGroupExists("aws_placement_group.pg"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSPlacementGroupDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).ec2conn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_placement_group" {
+			continue
+		}
+		_, err := conn.DeletePlacementGroup(&ec2.DeletePlacementGroupInput{
+			GroupName: aws.String(rs.Primary.ID),
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func testAccCheckAWSPlacementGroupExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Placement Group ID is set")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).ec2conn
+		_, err := conn.DescribePlacementGroups(&ec2.DescribePlacementGroupsInput{
+			GroupNames: []*string{aws.String(rs.Primary.ID)},
+		})
+
+		if err != nil {
+			return fmt.Errorf("Placement Group error: %v", err)
+		}
+		return nil
+	}
+}
+
+func testAccCheckAWSDestroyPlacementGroup(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Placement Group ID is set")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).ec2conn
+		_, err := conn.DeletePlacementGroup(&ec2.DeletePlacementGroupInput{
+			GroupName: aws.String(rs.Primary.ID),
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error destroying Placement Group (%s): %s", rs.Primary.ID, err)
+		}
+		return nil
+	}
+}
+
+var testAccAWSPlacementGroupConfig = `
+resource "aws_placement_group" "pg" {
+	name = "tf-test-pg"
+	strategy = "cluster"
+}
+`

From 78f76b993cddd10ee7fe207d937711e9e254008b Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Thu, 8 Oct 2015 12:58:03 -0700
Subject: [PATCH 171/335] provider/aws: Add docs for aws_placement_group

---
 .../aws/r/placement_group.html.markdown       | 34 +++++++++++++++++++
 website/source/layouts/aws.erb                |  6 +++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 website/source/docs/providers/aws/r/placement_group.html.markdown

diff --git a/website/source/docs/providers/aws/r/placement_group.html.markdown b/website/source/docs/providers/aws/r/placement_group.html.markdown
new file mode 100644
index 0000000000..e4ad98df8e
--- /dev/null
+++ b/website/source/docs/providers/aws/r/placement_group.html.markdown
@@ -0,0 +1,34 @@
+---
+layout: "aws"
+page_title: "AWS: aws_placement_group"
+sidebar_current: "docs-aws-resource-placement-group"
+description: |-
+  Provides an EC2 placement group.
+---
+
+# aws\_placement\_group
+
+Provides an EC2 placement group. Read more about placement groups
+in [AWS Docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).
+
+## Example Usage
+
+```
+resource "aws_placement_group" "web" {
+    name = "hunky-dory-pg"
+    strategy = "cluster"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the placement group.
+* `strategy` - (Required) The placement strategy. The only supported value is `cluster`
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The name of the placement group.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 0c33d54ab1..8994204cdc 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -39,7 +39,7 @@
                 </li>
 
 
-                <li<%= sidebar_current(/^docs-aws-resource-(app|autoscaling|ebs|elb|eip|instance|launch|lb|proxy|spot|volume)/) %>>
+                <li<%= sidebar_current(/^docs-aws-resource-(app|autoscaling|ebs|elb|eip|instance|launch|lb|proxy|spot|volume|placement)/) %>>
                     <a href="#">EC2 Resources</a>
                     <ul class="nav nav-visible">
 
@@ -95,6 +95,10 @@
                             <a href="/docs/providers/aws/r/lb_cookie_stickiness_policy.html">aws_lb_cookie_stickiness_policy</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-placement-group") %>>
+                            <a href="/docs/providers/aws/r/placement_group.html">aws_placement_group</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-proxy-protocol-policy") %>>
                             <a href="/docs/providers/aws/r/proxy_protocol_policy.html">aws_proxy_protocol_policy</a>
                         </li>

From acb8d044a3893200ce386978ccb51380fe446889 Mon Sep 17 00:00:00 2001
From: Rafael Fonseca <rafael@vendhq.com>
Date: Fri, 9 Oct 2015 09:34:17 +1300
Subject: [PATCH 172/335] Add missing 'e'

---
 .../docs/providers/aws/r/elasticsearch_domain.html.markdown     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown b/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown
index 9dbacffcd6..373edd59bd 100644
--- a/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown
+++ b/website/source/docs/providers/aws/r/elasticsearch_domain.html.markdown
@@ -66,7 +66,7 @@ The following arguments are supported:
 * `dedicated_master_enabled` - (Optional) Indicates whether dedicated master nodes are enabled for the cluster.
 * `dedicated_master_type` - (Optional) Instance type of the dedicated master nodes in the cluster.
 * `dedicated_master_count` - (Optional) Number of dedicated master nodes in the cluster
-* `zone_awarness_enabled` - (Optional) Indicates whether zone awareness is enabled.
+* `zone_awareness_enabled` - (Optional) Indicates whether zone awareness is enabled.
 
 **snapshot_options** supports the following attribute:
 

From 080e08fb735c0793b22671d35a16045292d65c09 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 8 Oct 2015 23:14:34 +0100
Subject: [PATCH 173/335] Adding Computed to the Content-Type of S3 Bucket
 Object. Regardless of whether you set a content-type, AWS will always set a
 content-type

---
 builtin/providers/aws/resource_aws_s3_bucket_object.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_object.go b/builtin/providers/aws/resource_aws_s3_bucket_object.go
index a01ab760e6..938780d2ea 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_object.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_object.go
@@ -53,6 +53,7 @@ func resourceAwsS3BucketObject() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
+				Computed: true,
 			},
 
 			"key": &schema.Schema{

From a66ac7e751234bc4373375a3fa37abe6d3227f19 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Sun, 13 Sep 2015 17:57:58 +0100
Subject: [PATCH 174/335] provider/aws: Add aws_directory_service_directory
 resource

---
 builtin/providers/aws/config.go               |   5 +
 builtin/providers/aws/provider.go             |   1 +
 ...esource_aws_directory_service_directory.go | 291 ++++++++++++++++++
 builtin/providers/aws/structure.go            |  11 +
 4 files changed, 308 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_directory_service_directory.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index badc3e20ea..5eac34e8aa 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -13,6 +13,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/autoscaling"
 	"github.com/aws/aws-sdk-go/service/cloudwatch"
 	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+	"github.com/aws/aws-sdk-go/service/directoryservice"
 	"github.com/aws/aws-sdk-go/service/dynamodb"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ecs"
@@ -47,6 +48,7 @@ type Config struct {
 type AWSClient struct {
 	cloudwatchconn     *cloudwatch.CloudWatch
 	cloudwatchlogsconn *cloudwatchlogs.CloudWatchLogs
+	dsconn             *directoryservice.DirectoryService
 	dynamodbconn       *dynamodb.DynamoDB
 	ec2conn            *ec2.EC2
 	ecsconn            *ecs.ECS
@@ -179,6 +181,9 @@ func (c *Config) Client() (interface{}, error) {
 
 		log.Println("[INFO] Initializing OpsWorks Connection")
 		client.opsworksconn = opsworks.New(usEast1AwsConfig)
+
+		log.Println("[INFO] Initializing Directory Service connection")
+		client.dsconn = directoryservice.New(awsConfig)
 	}
 
 	if len(errs) > 0 {
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 42b1d6242b..dc9a69960c 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -170,6 +170,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_db_parameter_group":           resourceAwsDbParameterGroup(),
 			"aws_db_security_group":            resourceAwsDbSecurityGroup(),
 			"aws_db_subnet_group":              resourceAwsDbSubnetGroup(),
+			"aws_directory_service_directory":  resourceAwsDirectoryServiceDirectory(),
 			"aws_dynamodb_table":               resourceAwsDynamoDbTable(),
 			"aws_ebs_volume":                   resourceAwsEbsVolume(),
 			"aws_ecs_cluster":                  resourceAwsEcsCluster(),
diff --git a/builtin/providers/aws/resource_aws_directory_service_directory.go b/builtin/providers/aws/resource_aws_directory_service_directory.go
new file mode 100644
index 0000000000..1fdb9491ee
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_directory_service_directory.go
@@ -0,0 +1,291 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/directoryservice"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func resourceAwsDirectoryServiceDirectory() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsDirectoryServiceDirectoryCreate,
+		Read:   resourceAwsDirectoryServiceDirectoryRead,
+		Update: resourceAwsDirectoryServiceDirectoryUpdate,
+		Delete: resourceAwsDirectoryServiceDirectoryDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"password": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"size": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"alias": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+			"description": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"short_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+			"vpc_settings": &schema.Schema{
+				Type:     schema.TypeList,
+				Required: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"subnet_ids": &schema.Schema{
+							Type:     schema.TypeSet,
+							Required: true,
+							ForceNew: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set:      schema.HashString,
+						},
+						"vpc_id": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+						},
+					},
+				},
+			},
+			"enable_sso": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
+			"access_url": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"dns_ip_addresses": &schema.Schema{
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+				Computed: true,
+			},
+			"type": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsDirectoryServiceDirectoryCreate(d *schema.ResourceData, meta interface{}) error {
+	dsconn := meta.(*AWSClient).dsconn
+
+	input := directoryservice.CreateDirectoryInput{
+		Name:     aws.String(d.Get("name").(string)),
+		Password: aws.String(d.Get("password").(string)),
+		Size:     aws.String(d.Get("size").(string)),
+	}
+
+	if v, ok := d.GetOk("description"); ok {
+		input.Description = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("short_name"); ok {
+		input.ShortName = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("vpc_settings"); ok {
+		settings := v.([]interface{})
+
+		if len(settings) > 1 {
+			return fmt.Errorf("Only a single vpc_settings block is expected")
+		} else if len(settings) == 1 {
+			s := settings[0].(map[string]interface{})
+			var subnetIds []*string
+			for _, id := range s["subnet_ids"].(*schema.Set).List() {
+				subnetIds = append(subnetIds, aws.String(id.(string)))
+			}
+
+			vpcSettings := directoryservice.DirectoryVpcSettings{
+				SubnetIds: subnetIds,
+				VpcId:     aws.String(s["vpc_id"].(string)),
+			}
+			input.VpcSettings = &vpcSettings
+		}
+	}
+
+	log.Printf("[DEBUG] Creating Directory Service: %s", input)
+	out, err := dsconn.CreateDirectory(&input)
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] Directory Service created: %s", out)
+	d.SetId(*out.DirectoryId)
+
+	// Wait for creation
+	log.Printf("[DEBUG] Waiting for DS (%q) to become available", d.Id())
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"Requested", "Creating", "Created"},
+		Target:  "Active",
+		Refresh: func() (interface{}, string, error) {
+			resp, err := dsconn.DescribeDirectories(&directoryservice.DescribeDirectoriesInput{
+				DirectoryIds: []*string{aws.String(d.Id())},
+			})
+			if err != nil {
+				log.Printf("Error during creation of DS: %q", err.Error())
+				return nil, "", err
+			}
+
+			ds := resp.DirectoryDescriptions[0]
+			log.Printf("[DEBUG] Creation of DS %q is in following stage: %q.",
+				d.Id(), *ds.Stage)
+			return ds, *ds.Stage, nil
+		},
+		Timeout: 10 * time.Minute,
+	}
+	if _, err := stateConf.WaitForState(); err != nil {
+		return fmt.Errorf(
+			"Error waiting for Directory Service (%s) to become available: %#v",
+			d.Id(), err)
+	}
+
+	if v, ok := d.GetOk("alias"); ok {
+		d.SetPartial("alias")
+
+		input := directoryservice.CreateAliasInput{
+			DirectoryId: aws.String(d.Id()),
+			Alias:       aws.String(v.(string)),
+		}
+
+		log.Printf("[DEBUG] Assigning alias %q to DS directory %q",
+			v.(string), d.Id())
+		out, err := dsconn.CreateAlias(&input)
+		if err != nil {
+			return err
+		}
+		log.Printf("[DEBUG] Alias %q assigned to DS directory %q",
+			*out.Alias, *out.DirectoryId)
+	}
+
+	return resourceAwsDirectoryServiceDirectoryUpdate(d, meta)
+}
+
+func resourceAwsDirectoryServiceDirectoryUpdate(d *schema.ResourceData, meta interface{}) error {
+	dsconn := meta.(*AWSClient).dsconn
+
+	if d.HasChange("enable_sso") {
+		d.SetPartial("enable_sso")
+		var err error
+
+		if v, ok := d.GetOk("enable_sso"); ok && v.(bool) {
+			log.Printf("[DEBUG] Enabling SSO for DS directory %q", d.Id())
+			_, err = dsconn.EnableSso(&directoryservice.EnableSsoInput{
+				DirectoryId: aws.String(d.Id()),
+			})
+		} else {
+			log.Printf("[DEBUG] Disabling SSO for DS directory %q", d.Id())
+			_, err = dsconn.DisableSso(&directoryservice.DisableSsoInput{
+				DirectoryId: aws.String(d.Id()),
+			})
+		}
+
+		if err != nil {
+			return err
+		}
+	}
+
+	return resourceAwsDirectoryServiceDirectoryRead(d, meta)
+}
+
+func resourceAwsDirectoryServiceDirectoryRead(d *schema.ResourceData, meta interface{}) error {
+	dsconn := meta.(*AWSClient).dsconn
+
+	input := directoryservice.DescribeDirectoriesInput{
+		DirectoryIds: []*string{aws.String(d.Id())},
+	}
+	out, err := dsconn.DescribeDirectories(&input)
+	if err != nil {
+		return err
+	}
+
+	dir := out.DirectoryDescriptions[0]
+	log.Printf("[DEBUG] Received DS directory: %s", *dir)
+
+	d.Set("access_url", *dir.AccessUrl)
+	d.Set("alias", *dir.Alias)
+	if dir.Description != nil {
+		d.Set("description", *dir.Description)
+	}
+	d.Set("dns_ip_addresses", schema.NewSet(schema.HashString, flattenStringList(dir.DnsIpAddrs)))
+	d.Set("name", *dir.Name)
+	if dir.ShortName != nil {
+		d.Set("short_name", *dir.ShortName)
+	}
+	d.Set("size", *dir.Size)
+	d.Set("type", *dir.Type)
+	d.Set("vpc_settings", flattenDSVpcSettings(dir.VpcSettings))
+	d.Set("enable_sso", *dir.SsoEnabled)
+
+	return nil
+}
+
+func resourceAwsDirectoryServiceDirectoryDelete(d *schema.ResourceData, meta interface{}) error {
+	dsconn := meta.(*AWSClient).dsconn
+
+	input := directoryservice.DeleteDirectoryInput{
+		DirectoryId: aws.String(d.Id()),
+	}
+	_, err := dsconn.DeleteDirectory(&input)
+	if err != nil {
+		return err
+	}
+
+	// Wait for deletion
+	log.Printf("[DEBUG] Waiting for DS (%q) to be deleted", d.Id())
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"Deleting"},
+		Target:  "",
+		Refresh: func() (interface{}, string, error) {
+			resp, err := dsconn.DescribeDirectories(&directoryservice.DescribeDirectoriesInput{
+				DirectoryIds: []*string{aws.String(d.Id())},
+			})
+			if err != nil {
+				return nil, "", err
+			}
+
+			if len(resp.DirectoryDescriptions) == 0 {
+				return nil, "", nil
+			}
+
+			ds := resp.DirectoryDescriptions[0]
+			log.Printf("[DEBUG] Deletion of DS %q is in following stage: %q.",
+				d.Id(), *ds.Stage)
+			return ds, *ds.Stage, nil
+		},
+		Timeout: 10 * time.Minute,
+	}
+	if _, err := stateConf.WaitForState(); err != nil {
+		return fmt.Errorf(
+			"Error waiting for Directory Service (%s) to be deleted: %q",
+			d.Id(), err.Error())
+	}
+
+	return nil
+}
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index b738027f85..5976a8ff0e 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/directoryservice"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ecs"
 	"github.com/aws/aws-sdk-go/service/elasticache"
@@ -590,3 +591,13 @@ func stringMapToPointers(m map[string]interface{}) map[string]*string {
 	}
 	return list
 }
+
+func flattenDSVpcSettings(
+	s *directoryservice.DirectoryVpcSettingsDescription) []map[string]interface{} {
+	settings := make(map[string]interface{}, 0)
+
+	settings["subnet_ids"] = schema.NewSet(schema.HashString, flattenStringList(s.SubnetIds))
+	settings["vpc_id"] = *s.VpcId
+
+	return []map[string]interface{}{settings}
+}

From f43ea74f4d424649a4bdfab6e88cf7c098dccd8e Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Sun, 13 Sep 2015 17:58:22 +0100
Subject: [PATCH 175/335] provider/aws: Add docs for
 aws_directory_service_directory

---
 .../directory_service_directory.html.markdown | 68 +++++++++++++++++++
 website/source/layouts/aws.erb                | 10 +++
 2 files changed, 78 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/directory_service_directory.html.markdown

diff --git a/website/source/docs/providers/aws/r/directory_service_directory.html.markdown b/website/source/docs/providers/aws/r/directory_service_directory.html.markdown
new file mode 100644
index 0000000000..04049ee553
--- /dev/null
+++ b/website/source/docs/providers/aws/r/directory_service_directory.html.markdown
@@ -0,0 +1,68 @@
+---
+layout: "aws"
+page_title: "AWS: aws_directory_service_directory"
+sidebar_current: "docs-aws-resource-directory-service-directory"
+description: |-
+  Provides a directory in AWS Directory Service.
+---
+
+# aws\_directory\_service\_directory
+
+Provides a directory in AWS Directory Service.
+
+## Example Usage
+
+```
+resource "aws_directory_service_directory" "bar" {
+  name = "corp.notexample.com"
+  password = "SuperSecretPassw0rd"
+  size = "Small"
+
+  vpc_settings {
+    vpc_id = "${aws_vpc.main.id}"
+    subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
+  }
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "foo" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2a"
+  cidr_block = "10.0.1.0/24"
+}
+resource "aws_subnet" "bar" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2b"
+  cidr_block = "10.0.2.0/24"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The fully qualified name for the directory, such as `corp.example.com`
+* `password` - (Required) The password for the directory administrator.
+* `size` - (Required) The size of the directory (`Small` or `Large` are accepted values).
+* `vpc_settings` - (Required) VPC related information about the directory. Fields documented below.
+* `alias` - (Optional) The alias for the directory (must be unique amongst all aliases in AWS). Required for `enable_sso`.
+* `description` - (Optional) A textual description for the directory.
+* `short_name` - (Optional) The short name of the directory, such as `CORP`.
+* `enable_sso` - (Optional) Whether to enable single-sign on for the directory. Requires `alias`. Defaults to `false`.
+
+**vpc\_settings** supports the following:
+
+* `subnet_ids` - (Required) The identifiers of the subnets for the directory servers (min. 2 subnets in 2 different AZs).
+* `vpc_id` - (Required) The identifier of the VPC that the directory is in.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The directory identifier.
+* `access_url` - The access URL for the directory, such as `http://alias.awsapps.com`.
+* `dns_ip_addresses` - A list of IP addresses of the DNS servers for the directory.
+* `type` - The directory type.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 0c33d54ab1..743bc0b843 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -26,6 +26,16 @@
                     </ul>
                 </li>
 
+                <li<%= sidebar_current(/^docs-aws-resource-directory-service/) %>>
+                    <a href="#">Directory Service Resources</a>
+                    <ul class="nav nav-visible">
+
+                        <li<%= sidebar_current("docs-aws-resource-directory-service-directory") %>>
+                            <a href="/docs/providers/aws/r/directory_service_directory.html">aws_directory_service_directory</a>
+                        </li>
+
+                    </ul>
+                </li>
 
                 <li<%= sidebar_current(/^docs-aws-resource-dynamodb/) %>>
                     <a href="#">DynamoDB Resources</a>

From 59e5be2fe80ef3302671fc0ab7d1ac2a4ba3305c Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Sun, 13 Sep 2015 17:58:43 +0100
Subject: [PATCH 176/335] provider/aws: Add acceptance tests for
 aws_directory_service_directory

---
 ...ce_aws_directory_service_directory_test.go | 283 ++++++++++++++++++
 1 file changed, 283 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_directory_service_directory_test.go

diff --git a/builtin/providers/aws/resource_aws_directory_service_directory_test.go b/builtin/providers/aws/resource_aws_directory_service_directory_test.go
new file mode 100644
index 0000000000..b10174bdb0
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_directory_service_directory_test.go
@@ -0,0 +1,283 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/directoryservice"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSDirectoryServiceDirectory_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckDirectoryServiceDirectoryDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccDirectoryServiceDirectoryConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceDirectoryExists("aws_directory_service_directory.bar"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSDirectoryServiceDirectory_withAliasAndSso(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckDirectoryServiceDirectoryDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccDirectoryServiceDirectoryConfig_withAlias,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceDirectoryExists("aws_directory_service_directory.bar_a"),
+					testAccCheckServiceDirectoryAlias("aws_directory_service_directory.bar_a",
+						fmt.Sprintf("tf-d-%d", randomInteger)),
+					testAccCheckServiceDirectorySso("aws_directory_service_directory.bar_a", false),
+				),
+			},
+			resource.TestStep{
+				Config: testAccDirectoryServiceDirectoryConfig_withSso,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceDirectoryExists("aws_directory_service_directory.bar_a"),
+					testAccCheckServiceDirectoryAlias("aws_directory_service_directory.bar_a",
+						fmt.Sprintf("tf-d-%d", randomInteger)),
+					testAccCheckServiceDirectorySso("aws_directory_service_directory.bar_a", true),
+				),
+			},
+			resource.TestStep{
+				Config: testAccDirectoryServiceDirectoryConfig_withSso_modified,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServiceDirectoryExists("aws_directory_service_directory.bar_a"),
+					testAccCheckServiceDirectoryAlias("aws_directory_service_directory.bar_a",
+						fmt.Sprintf("tf-d-%d", randomInteger)),
+					testAccCheckServiceDirectorySso("aws_directory_service_directory.bar_a", false),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckDirectoryServiceDirectoryDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v",
+			s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+func testAccCheckServiceDirectoryExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		dsconn := testAccProvider.Meta().(*AWSClient).dsconn
+		out, err := dsconn.DescribeDirectories(&directoryservice.DescribeDirectoriesInput{
+			DirectoryIds: []*string{aws.String(rs.Primary.ID)},
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if len(out.DirectoryDescriptions) < 1 {
+			return fmt.Errorf("No DS directory found")
+		}
+
+		if *out.DirectoryDescriptions[0].DirectoryId != rs.Primary.ID {
+			return fmt.Errorf("DS directory ID mismatch - existing: %q, state: %q",
+				*out.DirectoryDescriptions[0].DirectoryId, rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckServiceDirectoryAlias(name, alias string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		dsconn := testAccProvider.Meta().(*AWSClient).dsconn
+		out, err := dsconn.DescribeDirectories(&directoryservice.DescribeDirectoriesInput{
+			DirectoryIds: []*string{aws.String(rs.Primary.ID)},
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if *out.DirectoryDescriptions[0].Alias != alias {
+			return fmt.Errorf("DS directory Alias mismatch - actual: %q, expected: %q",
+				*out.DirectoryDescriptions[0].Alias, alias)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckServiceDirectorySso(name string, ssoEnabled bool) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		dsconn := testAccProvider.Meta().(*AWSClient).dsconn
+		out, err := dsconn.DescribeDirectories(&directoryservice.DescribeDirectoriesInput{
+			DirectoryIds: []*string{aws.String(rs.Primary.ID)},
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if *out.DirectoryDescriptions[0].SsoEnabled != ssoEnabled {
+			return fmt.Errorf("DS directory SSO mismatch - actual: %t, expected: %t",
+				*out.DirectoryDescriptions[0].SsoEnabled, ssoEnabled)
+		}
+
+		return nil
+	}
+}
+
+const testAccDirectoryServiceDirectoryConfig = `
+resource "aws_directory_service_directory" "bar" {
+  name = "corp.notexample.com"
+  password = "SuperSecretPassw0rd"
+  size = "Small"
+
+  vpc_settings {
+    vpc_id = "${aws_vpc.main.id}"
+    subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
+  }
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "foo" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2a"
+  cidr_block = "10.0.1.0/24"
+}
+resource "aws_subnet" "bar" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2b"
+  cidr_block = "10.0.2.0/24"
+}
+`
+
+var randomInteger = genRandInt()
+var testAccDirectoryServiceDirectoryConfig_withAlias = fmt.Sprintf(`
+resource "aws_directory_service_directory" "bar_a" {
+  name = "corp.notexample.com"
+  password = "SuperSecretPassw0rd"
+  size = "Small"
+  alias = "tf-d-%d"
+
+  vpc_settings {
+    vpc_id = "${aws_vpc.main.id}"
+    subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
+  }
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "foo" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2a"
+  cidr_block = "10.0.1.0/24"
+}
+resource "aws_subnet" "bar" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2b"
+  cidr_block = "10.0.2.0/24"
+}
+`, randomInteger)
+
+var testAccDirectoryServiceDirectoryConfig_withSso = fmt.Sprintf(`
+resource "aws_directory_service_directory" "bar_a" {
+  name = "corp.notexample.com"
+  password = "SuperSecretPassw0rd"
+  size = "Small"
+  alias = "tf-d-%d"
+  enable_sso = true
+
+  vpc_settings {
+    vpc_id = "${aws_vpc.main.id}"
+    subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
+  }
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "foo" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2a"
+  cidr_block = "10.0.1.0/24"
+}
+resource "aws_subnet" "bar" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2b"
+  cidr_block = "10.0.2.0/24"
+}
+`, randomInteger)
+
+var testAccDirectoryServiceDirectoryConfig_withSso_modified = fmt.Sprintf(`
+resource "aws_directory_service_directory" "bar_a" {
+  name = "corp.notexample.com"
+  password = "SuperSecretPassw0rd"
+  size = "Small"
+  alias = "tf-d-%d"
+  enable_sso = false
+
+  vpc_settings {
+    vpc_id = "${aws_vpc.main.id}"
+    subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
+  }
+}
+
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "foo" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2a"
+  cidr_block = "10.0.1.0/24"
+}
+resource "aws_subnet" "bar" {
+  vpc_id = "${aws_vpc.main.id}"
+  availability_zone = "us-west-2b"
+  cidr_block = "10.0.2.0/24"
+}
+`, randomInteger)

From 3143d1703db8c3ea298fefba56387e10ef3f27c2 Mon Sep 17 00:00:00 2001
From: "Julian C. Dunn" <jdunn@chef.io>
Date: Fri, 9 Oct 2015 01:19:14 -0400
Subject: [PATCH 177/335] Graphviz Workspace appears to be dead, so remove it
 from the docs.

---
 website/source/docs/commands/graph.html.markdown | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/website/source/docs/commands/graph.html.markdown b/website/source/docs/commands/graph.html.markdown
index c7c426142a..d24005fcb9 100644
--- a/website/source/docs/commands/graph.html.markdown
+++ b/website/source/docs/commands/graph.html.markdown
@@ -46,9 +46,6 @@ by GraphViz:
 $ terraform graph | dot -Tpng > graph.png
 ```
 
-Alternatively, the web-based [GraphViz Workspace](http://graphviz-dev.appspot.com)
-can be used to quickly render DOT file inputs as well.
-
 Here is an example graph output:
 ![Graph Example](graph-example.png)
 

From 295c9245bbd45f00864b542e4b7abf0ad4cce766 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Fri, 9 Oct 2015 00:12:12 -0700
Subject: [PATCH 178/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7d1dac706f..c2a11f8205 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,6 +38,7 @@ IMPROVEMENTS:
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]
   * remote/s3: Allow canned ACLs to be set on state objects. [GH-3233]
+  * remote/s3: Remote state is stored in S3 with `Content-Type: application/json` [GH-3385]
 
 BUG FIXES:
 

From fd2d9371e9fe0b47d95d6206e0718e6c3101383c Mon Sep 17 00:00:00 2001
From: Daniel Paul Searles <daniel.paul.searles@gmail.com>
Date: Fri, 9 Oct 2015 11:27:38 -0700
Subject: [PATCH 179/335] A script must have executable permissions.

Why:

* The current example for passing arguments to a local script does not
  include making the uploaded file executable.

This change addresses the need by:

* Add a step to make the uploaded script executable to the example
  showing how to pass arguments to an uploaded script.
---
 website/source/docs/provisioners/remote-exec.html.markdown | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/provisioners/remote-exec.html.markdown b/website/source/docs/provisioners/remote-exec.html.markdown
index d771e55866..7ce46c684e 100644
--- a/website/source/docs/provisioners/remote-exec.html.markdown
+++ b/website/source/docs/provisioners/remote-exec.html.markdown
@@ -63,7 +63,10 @@ resource "aws_instance" "web" {
     }
 
     provisioner "remote-exec" {
-        inline = ["/tmp/script.sh args"]
+        inline = [
+          "chmod +x /tmp/script.sh",
+          "/tmp/script.sh args"
+        ]
     }
 }
 ```

From 3b3726675b76311c05f826c646e9a75c019344aa Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Fri, 9 Oct 2015 17:41:55 -0400
Subject: [PATCH 180/335] Add Packet layout.

---
 website/source/assets/stylesheets/_docs.scss |  1 +
 website/source/layouts/packet.erb            | 32 ++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 website/source/layouts/packet.erb

diff --git a/website/source/assets/stylesheets/_docs.scss b/website/source/assets/stylesheets/_docs.scss
index 799b631a0a..6849f91069 100755
--- a/website/source/assets/stylesheets/_docs.scss
+++ b/website/source/assets/stylesheets/_docs.scss
@@ -20,6 +20,7 @@ body.layout-google,
 body.layout-heroku,
 body.layout-mailgun,
 body.layout-openstack,
+body.layout-packet,
 body.layout-rundeck,
 body.layout-template,
 body.layout-docs,
diff --git a/website/source/layouts/packet.erb b/website/source/layouts/packet.erb
new file mode 100644
index 0000000000..f7464f198e
--- /dev/null
+++ b/website/source/layouts/packet.erb
@@ -0,0 +1,32 @@
+<% wrap_layout :inner do %>
+  <% content_for :sidebar do %>
+    <div class="docs-sidebar hidden-print affix-top" role="complementary">
+      <ul class="nav docs-sidenav">
+        <li<%= sidebar_current("docs-home") %>>
+          <a href="/docs/providers/index.html">&laquo; Documentation Home</a>
+        </li>
+
+        <li<%= sidebar_current("docs-packet-index") %>>
+          <a href="/docs/providers/packet/index.html">Packet Provider</a>
+        </li>
+
+        <li<%= sidebar_current(/^docs-packet-resource/) %>>
+          <a href="#">Resources</a>
+          <ul class="nav nav-visible">
+            <li<%= sidebar_current("docs-packet-resource-device") %>>
+              <a href="/docs/providers/packet/r/device.html">packet_device</a>
+            </li>
+            <li<%= sidebar_current("docs-packet-resource-project") %>>
+              <a href="/docs/providers/packet/r/project.html">packet_project</a>
+            </li>
+            <li<%= sidebar_current("docs-packet-resource-ssh-key") %>>
+              <a href="/docs/providers/packet/r/ssh_key.html">packet_ssh_key</a>
+            </li>            
+          </ul>
+        </li>
+      </ul>
+    </div>
+  <% end %>
+
+  <%= yield %>
+  <% end %>

From 234adffd516dbd4662abae3ed2bdd06b38e93fc9 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Fri, 9 Oct 2015 17:42:36 -0400
Subject: [PATCH 181/335] Add Packet to docs layout sidebar

---
 website/source/layouts/docs.erb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 63a775e86b..af96b52c1e 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -177,6 +177,10 @@
 					<a href="/docs/providers/openstack/index.html">OpenStack</a>
 					</li>
 
+					<li<%= sidebar_current("docs-providers-packet") %>>
+					<a href="/docs/providers/packet/index.html">Packet</a>
+					</li>
+
 					<li<%= sidebar_current("docs-providers-rundeck") %>>
 					<a href="/docs/providers/rundeck/index.html">Rundeck</a>
 					</li>

From 444d63240b724d708aa468114c6828b4549a7377 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Fri, 9 Oct 2015 17:43:10 -0400
Subject: [PATCH 182/335] Update page title for project.html.markdown

---
 website/source/docs/providers/packet/r/project.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/packet/r/project.html.markdown b/website/source/docs/providers/packet/r/project.html.markdown
index d17190eec5..b008f864fe 100644
--- a/website/source/docs/providers/packet/r/project.html.markdown
+++ b/website/source/docs/providers/packet/r/project.html.markdown
@@ -1,6 +1,6 @@
 ---
 layout: "packet"
-page_title: "Packet: packet_ssh_key"
+page_title: "Packet: packet_project"
 sidebar_current: "docs-packet-resource-project"
 description: |-
   Provides a Packet Project resource.

From b9a62151ced5fd14cba6eae6a012f0f0cf20d0df Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 10 Oct 2015 11:19:04 -0700
Subject: [PATCH 183/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c2a11f8205..ee32ea38a8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 FEATURES:
 
   * **New provider: `rundeck`** [GH-2412]
-  * **New provider: `packet`** [GH-2260]
+  * **New provider: `packet`** [GH-2260], [GH-3472]
   * **New resource: `cloudstack_loadbalancer_rule`** [GH-2934]
   * **New resource: `google_compute_project_metadata`** [GH-3065]
   * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2784]

From 639443f265d1bbcdc6c7e31da758411d1d0d1c69 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 10 Oct 2015 11:27:39 -0700
Subject: [PATCH 184/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ee32ea38a8..48e7e92bba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,7 @@ IMPROVEMENTS:
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/aws: Add validation for `app_cookie_stickiness_policy.name` [GH-3277]
   * provider/aws: Add validation for `db_parameter_group.name` [GH-3279]
+  * provider/aws: `aws_s3_bucket_object` allows interpolated content to be set with new `content` attribute. [GH-3200]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From a4fb080abe6330222d60a164b5ed8cc72c67db18 Mon Sep 17 00:00:00 2001
From: Trevor Pounds <trevor.pounds@gmail.com>
Date: Sat, 10 Oct 2015 14:53:45 -0700
Subject: [PATCH 185/335] Add missing `to_port` argument to website docs.

---
 .../docs/providers/aws/r/security_group_rule.html.markdown       | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/source/docs/providers/aws/r/security_group_rule.html.markdown b/website/source/docs/providers/aws/r/security_group_rule.html.markdown
index b77286296f..4a772d1a77 100644
--- a/website/source/docs/providers/aws/r/security_group_rule.html.markdown
+++ b/website/source/docs/providers/aws/r/security_group_rule.html.markdown
@@ -49,6 +49,7 @@ or `egress` (outbound).
      depending on the `type`.
 * `self` - (Optional) If true, the security group itself will be added as
      a source to this ingress rule.
+* `to_port` - (Required) The end range port.
 
 ## Attributes Reference
 

From 16b11e443d4984e010b85f4a7356c77fd9af7652 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 10 Oct 2015 15:17:25 -0700
Subject: [PATCH 186/335] go fmt the "compact" function changes.

---
 config/interpolate_funcs.go      | 22 +++++++++++-----------
 config/interpolate_funcs_test.go |  1 -
 config/string_list.go            |  4 ++--
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index 992171914a..5322e46c4f 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -20,17 +20,17 @@ var Funcs map[string]ast.Function
 
 func init() {
 	Funcs = map[string]ast.Function{
-		"compact":    interpolationFuncCompact(),
-		"concat":     interpolationFuncConcat(),
-		"element":    interpolationFuncElement(),
-		"file":       interpolationFuncFile(),
-		"format":     interpolationFuncFormat(),
-		"formatlist": interpolationFuncFormatList(),
-		"index":      interpolationFuncIndex(),
-		"join":       interpolationFuncJoin(),
-		"length":     interpolationFuncLength(),
-		"replace":    interpolationFuncReplace(),
-		"split":      interpolationFuncSplit(),
+		"compact":      interpolationFuncCompact(),
+		"concat":       interpolationFuncConcat(),
+		"element":      interpolationFuncElement(),
+		"file":         interpolationFuncFile(),
+		"format":       interpolationFuncFormat(),
+		"formatlist":   interpolationFuncFormatList(),
+		"index":        interpolationFuncIndex(),
+		"join":         interpolationFuncJoin(),
+		"length":       interpolationFuncLength(),
+		"replace":      interpolationFuncReplace(),
+		"split":        interpolationFuncSplit(),
 		"base64encode": interpolationFuncBase64Encode(),
 		"base64decode": interpolationFuncBase64Decode(),
 	}
diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index 8a33169a67..561e1176b6 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -11,7 +11,6 @@ import (
 	"github.com/hashicorp/terraform/config/lang/ast"
 )
 
-
 func TestInterpolateFuncCompact(t *testing.T) {
 	testFunction(t, testFunctionConfig{
 		Cases: []testFunctionCase{
diff --git a/config/string_list.go b/config/string_list.go
index ba41d0256d..e3caea70bc 100644
--- a/config/string_list.go
+++ b/config/string_list.go
@@ -28,11 +28,11 @@ const stringListDelim = `B780FFEC-B661-4EB8-9236-A01737AD98B6`
 func (sl StringList) Compact() StringList {
 	parts := sl.Slice()
 
-  newlist := []string{}
+	newlist := []string{}
 	// drop the empty strings
 	for i := range parts {
 		if parts[i] != "" {
-			newlist = append(newlist,  parts[i])
+			newlist = append(newlist, parts[i])
 		}
 	}
 	return NewStringList(newlist)

From 8ebcfc4e233922934cb0c1571c3e61ca8220c63f Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 10 Oct 2015 15:19:44 -0700
Subject: [PATCH 187/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 48e7e92bba..dd94d81f85 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -23,6 +23,7 @@ IMPROVEMENTS:
   * core: In plan output summary, count resource replacement as Add/Remove instead of Change [GH-3173]
   * core: Add interpolation functions for base64 encoding and decoding. [GH-3325]
   * core: Expose parallelism as a CLI option instead of a hard-coding the default of 10 [GH-3365]
+  * core: Add interpolation function `compact`, to remove empty elements from a list. [GH-3239]
   * provider/aws: Add `instance_initiated_shutdown_behavior` to AWS Instance [GH-2887]
   * provider/aws: Support IAM role names (previously just ARNs) in `aws_ecs_service.iam_role` [GH-3061]
   * provider/aws: Add update method to RDS Subnet groups, can modify subnets without recreating  [GH-3053]

From 9a6f680eda2eef2044fee8b0cc8ffd8bdfa82231 Mon Sep 17 00:00:00 2001
From: Shani Elharrar <shani.elha@gmail.com>
Date: Sun, 30 Aug 2015 09:59:21 +0300
Subject: [PATCH 188/335] Updated note about variable files

---
 .../source/intro/getting-started/variables.html.md  | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/website/source/intro/getting-started/variables.html.md b/website/source/intro/getting-started/variables.html.md
index 691c91f385..41e828a724 100644
--- a/website/source/intro/getting-started/variables.html.md
+++ b/website/source/intro/getting-started/variables.html.md
@@ -95,8 +95,17 @@ files. And like Terraform configuration files, these files can also be JSON.
 in the form of `TF_VAR_name` to find the value for a variable. For example,
 the `TF_VAR_access_key` variable can be set to set the `access_key` variable.
 
-We recommend using the "terraform.tfvars" file, and ignoring it from
-version control.
+We don't recommend saving usernames and password to version control, But you
+can create a local secret variables file and use `-var-file` to load it.
+
+You can use multiple `-var-file` arguments in a single command, with some
+checked in to version control and others not checked in. For example:
+
+```
+$ terraform plan \
+  -var-file="secret.tfvars" \
+  -var-file="production.tfvars"
+```
 
 <a id="mappings"></a>
 ## Mappings

From 44135b9d8934fc876ab482de12a9bb91677ed41d Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 10 Oct 2015 18:11:30 -0700
Subject: [PATCH 189/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dd94d81f85..81b11afe49 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ FEATURES:
   * **New resources: `aws_efs_file_system` and `aws_efs_mount_target`** [GH-2196]
   * **New resources: `aws_opsworks_*`** [GH-2162]
   * **New resource: `aws_elasticsearch_domain`** [GH-3443]
+  * **New resource: `aws_directory_service_directory`** [GH-3228]
 
 IMPROVEMENTS:
 

From b62833e7b8e0e22316cd433b8e161df8d8770782 Mon Sep 17 00:00:00 2001
From: Anthony Stanton <anthony@contentful.com>
Date: Sun, 11 Oct 2015 08:59:21 +0200
Subject: [PATCH 190/335] Add documentation for compact()

---
 website/source/docs/configuration/interpolation.html.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/website/source/docs/configuration/interpolation.html.md b/website/source/docs/configuration/interpolation.html.md
index 2e8eec5b69..28d03790d7 100644
--- a/website/source/docs/configuration/interpolation.html.md
+++ b/website/source/docs/configuration/interpolation.html.md
@@ -80,6 +80,11 @@ The supported built-in functions are:
   * `base64encode(string)` - Returns a base64-encoded representation of the
     given string.
 
+  * `compact(list)` - Removes empty string elements from a list. This can be
+     useful in some cases, for example when passing joined lists as module
+     variables or when parsing module outputs.
+     Example: `compact(module.my_asg.load_balancer_names)`
+
   * `concat(list1, list2)` - Combines two or more lists into a single list.
      Example: `concat(aws_instance.db.*.tags.Name, aws_instance.web.*.tags.Name)`
 

From 8f237a7256e01317643e90ec7330d9977ca4333b Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 09:34:27 -0700
Subject: [PATCH 191/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 81b11afe49..d19780b43b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,7 +24,7 @@ IMPROVEMENTS:
   * core: In plan output summary, count resource replacement as Add/Remove instead of Change [GH-3173]
   * core: Add interpolation functions for base64 encoding and decoding. [GH-3325]
   * core: Expose parallelism as a CLI option instead of a hard-coding the default of 10 [GH-3365]
-  * core: Add interpolation function `compact`, to remove empty elements from a list. [GH-3239]
+  * core: Add interpolation function `compact`, to remove empty elements from a list. [GH-3239], [GH-3479]
   * provider/aws: Add `instance_initiated_shutdown_behavior` to AWS Instance [GH-2887]
   * provider/aws: Support IAM role names (previously just ARNs) in `aws_ecs_service.iam_role` [GH-3061]
   * provider/aws: Add update method to RDS Subnet groups, can modify subnets without recreating  [GH-3053]

From 0090c063e8c29d8af226b00bffd31e8eb3b35f77 Mon Sep 17 00:00:00 2001
From: Fatih Arslan <ftharsln@gmail.com>
Date: Thu, 1 Oct 2015 22:45:12 +0300
Subject: [PATCH 192/335] log: support for user defined log levels

This PR brings support for better log level handling. Terraform logs
are already written in the form which can be understood by the module
https://github.com/hashicorp/logutils .

The TF_LOG environment variable now accepts a log level. Users can pass
levels in the form of "info", "Info" or "INFO" If an invalid log level is
passed, we print a warning but still continue, for backward compatibility
with the old TF_LOG=1 style.
---
 log.go | 59 +++++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 48 insertions(+), 11 deletions(-)

diff --git a/log.go b/log.go
index 70046b3477..1077c3e558 100644
--- a/log.go
+++ b/log.go
@@ -2,28 +2,65 @@ package main
 
 import (
 	"io"
+	"log"
 	"os"
+	"strings"
+
+	"github.com/hashicorp/logutils"
 )
 
 // These are the environmental variables that determine if we log, and if
 // we log whether or not the log should go to a file.
-const EnvLog = "TF_LOG"          //Set to True
-const EnvLogFile = "TF_LOG_PATH" //Set to a file
+const (
+	EnvLog     = "TF_LOG"      // Set to True
+	EnvLogFile = "TF_LOG_PATH" // Set to a file
+)
 
-// logOutput determines where we should send logs (if anywhere).
+var validLevels = []logutils.LogLevel{"TRACE", "DEBUG", "INFO", "WARN", "ERROR"}
+
+// logOutput determines where we should send logs (if anywhere) and the log level.
 func logOutput() (logOutput io.Writer, err error) {
 	logOutput = nil
-	if os.Getenv(EnvLog) != "" {
-		logOutput = os.Stderr
+	envLevel := os.Getenv(EnvLog)
+	if envLevel == "" {
+		return
+	}
 
-		if logPath := os.Getenv(EnvLogFile); logPath != "" {
-			var err error
-			logOutput, err = os.Create(logPath)
-			if err != nil {
-				return nil, err
-			}
+	logOutput = os.Stderr
+	if logPath := os.Getenv(EnvLogFile); logPath != "" {
+		var err error
+		logOutput, err = os.Create(logPath)
+		if err != nil {
+			return nil, err
 		}
 	}
 
+	// This was the default since the beginning
+	logLevel := logutils.LogLevel("TRACE")
+
+	if isValidLogLevel(envLevel) {
+		// allow following for better ux: info, Info or INFO
+		logLevel = logutils.LogLevel(strings.ToUpper(envLevel))
+	} else {
+		log.Printf("[WARN] Invalid log level: %q. Defaulting to level: TRACE. Valid levels are: %+v",
+			envLevel, validLevels)
+	}
+
+	logOutput = &logutils.LevelFilter{
+		Levels:   validLevels,
+		MinLevel: logLevel,
+		Writer:   logOutput,
+	}
+
 	return
 }
+
+func isValidLogLevel(level string) bool {
+	for _, l := range validLevels {
+		if strings.ToUpper(level) == string(l) {
+			return true
+		}
+	}
+
+	return false
+}

From 8173cd25bb69b4f0be7bf1a15105d5b1d0c08860 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 10:45:33 -0700
Subject: [PATCH 193/335] Demote some log lines to DEBUG.

Now that we support log line filtering (as of 0090c063) it's good to be
a bit more fussy about what log levels are assigned to different things.

Here we make a few things that are implementation details log as DEBUG,
and prevent spurious errors from EvalValidateCount where it was returning
an empty EvalValidateError rather than nil when everything was okay.
---
 config_unix.go             | 2 +-
 plugin/client.go           | 4 ++--
 terraform/context.go       | 2 +-
 terraform/eval_validate.go | 7 +++++--
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/config_unix.go b/config_unix.go
index c51ea5ec4f..69d76278af 100644
--- a/config_unix.go
+++ b/config_unix.go
@@ -33,7 +33,7 @@ func configDir() (string, error) {
 func homeDir() (string, error) {
 	// First prefer the HOME environmental variable
 	if home := os.Getenv("HOME"); home != "" {
-		log.Printf("Detected home directory from env var: %s", home)
+		log.Printf("[DEBUG] Detected home directory from env var: %s", home)
 		return home, nil
 	}
 
diff --git a/plugin/client.go b/plugin/client.go
index be54526c73..8a3b03fc0a 100644
--- a/plugin/client.go
+++ b/plugin/client.go
@@ -88,7 +88,7 @@ func CleanupClients() {
 		}(client)
 	}
 
-	log.Println("waiting for all plugin processes to complete...")
+	log.Println("[DEBUG] waiting for all plugin processes to complete...")
 	wg.Wait()
 }
 
@@ -326,7 +326,7 @@ func (c *Client) logStderr(r io.Reader) {
 			c.config.Stderr.Write([]byte(line))
 
 			line = strings.TrimRightFunc(line, unicode.IsSpace)
-			log.Printf("%s: %s", filepath.Base(c.config.Cmd.Path), line)
+			log.Printf("[DEBUG] %s: %s", filepath.Base(c.config.Cmd.Path), line)
 		}
 
 		if err == io.EOF {
diff --git a/terraform/context.go b/terraform/context.go
index 0f567ddf24..d91a851765 100644
--- a/terraform/context.go
+++ b/terraform/context.go
@@ -513,7 +513,7 @@ func (c *Context) releaseRun(ch chan<- struct{}) {
 func (c *Context) walk(
 	graph *Graph, operation walkOperation) (*ContextGraphWalker, error) {
 	// Walk the graph
-	log.Printf("[INFO] Starting graph walk: %s", operation.String())
+	log.Printf("[DEBUG] Starting graph walk: %s", operation.String())
 	walker := &ContextGraphWalker{Context: c, Operation: operation}
 	return walker, graph.Walk(walker)
 }
diff --git a/terraform/eval_validate.go b/terraform/eval_validate.go
index e808240a02..5337882305 100644
--- a/terraform/eval_validate.go
+++ b/terraform/eval_validate.go
@@ -49,9 +49,12 @@ func (n *EvalValidateCount) Eval(ctx EvalContext) (interface{}, error) {
 	}
 
 RETURN:
-	return nil, &EvalValidateError{
-		Errors: errs,
+	if len(errs) != 0 {
+		err = &EvalValidateError{
+			Errors: errs,
+		}
 	}
+	return nil, err
 }
 
 // EvalValidateProvider is an EvalNode implementation that validates

From ca583928e7e19ceec80cea3c8ac5954c948ba831 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 10:48:57 -0700
Subject: [PATCH 194/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d19780b43b..adfe7c2a85 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,7 @@ IMPROVEMENTS:
   * core: Add interpolation functions for base64 encoding and decoding. [GH-3325]
   * core: Expose parallelism as a CLI option instead of a hard-coding the default of 10 [GH-3365]
   * core: Add interpolation function `compact`, to remove empty elements from a list. [GH-3239], [GH-3479]
+  * core: Allow filtering of log output by level, using e.g. ``TF_LOG=INFO`` [GH-3380]
   * provider/aws: Add `instance_initiated_shutdown_behavior` to AWS Instance [GH-2887]
   * provider/aws: Support IAM role names (previously just ARNs) in `aws_ecs_service.iam_role` [GH-3061]
   * provider/aws: Add update method to RDS Subnet groups, can modify subnets without recreating  [GH-3053]

From 200a42ab46e03a875056b40a8d6814ddde036f11 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 10:56:04 -0700
Subject: [PATCH 195/335] Documentation of TF_LOG taking log levels.

As of 0090c063e it is now possible to filter the logs by level by setting
TF_LOG to one of the known log level names.
---
 website/source/docs/internals/debugging.html.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/internals/debugging.html.md b/website/source/docs/internals/debugging.html.md
index e10a218806..7aa5fe25ec 100644
--- a/website/source/docs/internals/debugging.html.md
+++ b/website/source/docs/internals/debugging.html.md
@@ -8,7 +8,9 @@ description: |-
 
 # Debugging Terraform
 
-Terraform has detailed logs which can be enabled by setting the TF_LOG environmental variable to any value. This will cause detailed logs to appear on stderr.
+Terraform has detailed logs which can be enabled by setting the `TF_LOG` environmental variable to any value. This will cause detailed logs to appear on stderr.
+
+You can set `TF_LOG` to one of the log levels `TRACE`, `DEBUG`, `INFO`, `WARN` or `ERROR` to change the verbosity of the logs. `TRACE` is the most verbose and it is the default if `TF_LOG` is set to something other than a log level name.
 
 To persist logged output you can set TF_LOG_PATH in order to force the log to always go to a specific file when logging is enabled. Note that even when TF_LOG_PATH is set, TF_LOG must be set in order for any logging to be enabled.
 

From 719e8c956e377a3f23f9bdbb22773b069165081b Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 13:50:25 -0700
Subject: [PATCH 196/335] Grafana provider

---
 builtin/providers/grafana/provider.go      | 39 ++++++++++++++++
 builtin/providers/grafana/provider_test.go | 54 ++++++++++++++++++++++
 2 files changed, 93 insertions(+)
 create mode 100644 builtin/providers/grafana/provider.go
 create mode 100644 builtin/providers/grafana/provider_test.go

diff --git a/builtin/providers/grafana/provider.go b/builtin/providers/grafana/provider.go
new file mode 100644
index 0000000000..fb83f1e814
--- /dev/null
+++ b/builtin/providers/grafana/provider.go
@@ -0,0 +1,39 @@
+package grafana
+
+import (
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+
+	gapi "github.com/apparentlymart/go-grafana-api"
+)
+
+func Provider() terraform.ResourceProvider {
+	return &schema.Provider{
+		Schema: map[string]*schema.Schema{
+			"url": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_URL", nil),
+				Description: "URL of the root of the target Grafana server.",
+			},
+			"auth": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_AUTH", nil),
+				Description: "Credentials for accessing the Grafana API.",
+			},
+		},
+
+		ResourcesMap: map[string]*schema.Resource{
+		},
+
+		ConfigureFunc: providerConfigure,
+	}
+}
+
+func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	return gapi.New(
+		d.Get("auth").(string),
+		d.Get("url").(string),
+	)
+}
diff --git a/builtin/providers/grafana/provider_test.go b/builtin/providers/grafana/provider_test.go
new file mode 100644
index 0000000000..9daba4c720
--- /dev/null
+++ b/builtin/providers/grafana/provider_test.go
@@ -0,0 +1,54 @@
+package grafana
+
+import (
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+// To run these acceptance tests, you will need a Grafana server.
+// Grafana can be downloaded here: http://grafana.org/download/
+//
+// The tests will need an API key to authenticate with the server. To create
+// one, use the menu for one of your installation's organizations (The
+// "Main Org." is fine if you've just done a fresh installation to run these
+// tests) to reach the "API Keys" admin page.
+//
+// Giving the API key the Admin role is the easiest way to ensure enough
+// access is granted to run all of the tests.
+//
+// Once you've created the API key, set the GRAFANA_URL and GRAFANA_AUTH
+// environment variables to the Grafana base URL and the API key respectively,
+// and then run:
+//    make testacc TEST=./builtin/providers/grafana
+
+var testAccProviders map[string]terraform.ResourceProvider
+var testAccProvider *schema.Provider
+
+func init() {
+	testAccProvider = Provider().(*schema.Provider)
+	testAccProviders = map[string]terraform.ResourceProvider{
+		"grafana": testAccProvider,
+	}
+}
+
+func TestProvider(t *testing.T) {
+	if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
+func TestProvider_impl(t *testing.T) {
+	var _ terraform.ResourceProvider = Provider()
+}
+
+func testAccPreCheck(t *testing.T) {
+	if v := os.Getenv("GRAFANA_URL"); v == "" {
+		t.Fatal("GRAFANA_URL must be set for acceptance tests")
+	}
+	if v := os.Getenv("GRAFANA_AUTH"); v == "" {
+		t.Fatal("GRAFANA_AUTH must be set for acceptance tests")
+	}
+}

From 3af5552b549fb04a2caf921100057ea87d0fe8df Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 14:24:23 -0700
Subject: [PATCH 197/335] Makefile target to build a single plugin for local
 testing.

Often when developing a plugin it's only necessary to rebuild that plugin.
Here we add a simple Makefile target that makes that easy:

    make plugin-dev PLUGIN=provider-aws

Since it's only building one package and it's only building for the
host architecture, this just uses "go install" directly, rather than using
gox as we do when installing multiple packages, possibly for multiple
architectures.
---
 CHANGELOG.md | 1 +
 Makefile     | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index adfe7c2a85..5e6fae1ba1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -71,6 +71,7 @@ BUG FIXES:
 
 INTERNAL IMPROVEMENTS:
 
+  * core: Makefile target "plugin-dev" for building just one plugin. [GH-3229]
   * helper/schema: Don't allow ``Update`` func if no attributes can actually be updated, per schema. [GH-3288]
   * helper/schema: Default hashing function for sets [GH-3018]
   * helper/multierror: Remove in favor of [github.com/hashicorp/go-multierror](http://github.com/hashicorp/go-multierror). [GH-3336]
diff --git a/Makefile b/Makefile
index 548b3ed2b7..e531063078 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,12 @@ dev: generate
 quickdev: generate
 	@TF_QUICKDEV=1 TF_DEV=1 sh -c "'$(CURDIR)/scripts/build.sh'"
 
+# Shorthand for building and installing just one plugin for local testing.
+# Run as (for example): make plugin-dev PLUGIN=provider-aws
+plugin-dev: generate
+	go install github.com/hashicorp/terraform/builtin/bins/$(PLUGIN)
+	mv $(GOPATH)/bin/$(PLUGIN) $(GOPATH)/bin/terraform-$(PLUGIN)
+
 release: updatedeps
 	gox -build-toolchain
 	@$(MAKE) bin

From 3db76ce287ba3ce03adc873d2e1bab164f047d17 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 16:01:20 -0700
Subject: [PATCH 198/335] Revert "Grafana provider"

This reverts commit 719e8c956e377a3f23f9bdbb22773b069165081b,
which was accidentally included in a merge.
---
 builtin/providers/grafana/provider.go      | 39 ----------------
 builtin/providers/grafana/provider_test.go | 54 ----------------------
 2 files changed, 93 deletions(-)
 delete mode 100644 builtin/providers/grafana/provider.go
 delete mode 100644 builtin/providers/grafana/provider_test.go

diff --git a/builtin/providers/grafana/provider.go b/builtin/providers/grafana/provider.go
deleted file mode 100644
index fb83f1e814..0000000000
--- a/builtin/providers/grafana/provider.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package grafana
-
-import (
-	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/hashicorp/terraform/terraform"
-
-	gapi "github.com/apparentlymart/go-grafana-api"
-)
-
-func Provider() terraform.ResourceProvider {
-	return &schema.Provider{
-		Schema: map[string]*schema.Schema{
-			"url": &schema.Schema{
-				Type:        schema.TypeString,
-				Required:    true,
-				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_URL", nil),
-				Description: "URL of the root of the target Grafana server.",
-			},
-			"auth": &schema.Schema{
-				Type:        schema.TypeString,
-				Required:    true,
-				DefaultFunc: schema.EnvDefaultFunc("GRAFANA_AUTH", nil),
-				Description: "Credentials for accessing the Grafana API.",
-			},
-		},
-
-		ResourcesMap: map[string]*schema.Resource{
-		},
-
-		ConfigureFunc: providerConfigure,
-	}
-}
-
-func providerConfigure(d *schema.ResourceData) (interface{}, error) {
-	return gapi.New(
-		d.Get("auth").(string),
-		d.Get("url").(string),
-	)
-}
diff --git a/builtin/providers/grafana/provider_test.go b/builtin/providers/grafana/provider_test.go
deleted file mode 100644
index 9daba4c720..0000000000
--- a/builtin/providers/grafana/provider_test.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package grafana
-
-import (
-	"os"
-	"testing"
-
-	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/hashicorp/terraform/terraform"
-)
-
-// To run these acceptance tests, you will need a Grafana server.
-// Grafana can be downloaded here: http://grafana.org/download/
-//
-// The tests will need an API key to authenticate with the server. To create
-// one, use the menu for one of your installation's organizations (The
-// "Main Org." is fine if you've just done a fresh installation to run these
-// tests) to reach the "API Keys" admin page.
-//
-// Giving the API key the Admin role is the easiest way to ensure enough
-// access is granted to run all of the tests.
-//
-// Once you've created the API key, set the GRAFANA_URL and GRAFANA_AUTH
-// environment variables to the Grafana base URL and the API key respectively,
-// and then run:
-//    make testacc TEST=./builtin/providers/grafana
-
-var testAccProviders map[string]terraform.ResourceProvider
-var testAccProvider *schema.Provider
-
-func init() {
-	testAccProvider = Provider().(*schema.Provider)
-	testAccProviders = map[string]terraform.ResourceProvider{
-		"grafana": testAccProvider,
-	}
-}
-
-func TestProvider(t *testing.T) {
-	if err := Provider().(*schema.Provider).InternalValidate(); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestProvider_impl(t *testing.T) {
-	var _ terraform.ResourceProvider = Provider()
-}
-
-func testAccPreCheck(t *testing.T) {
-	if v := os.Getenv("GRAFANA_URL"); v == "" {
-		t.Fatal("GRAFANA_URL must be set for acceptance tests")
-	}
-	if v := os.Getenv("GRAFANA_AUTH"); v == "" {
-		t.Fatal("GRAFANA_AUTH must be set for acceptance tests")
-	}
-}

From 7d600cadd26f066c4590f279dd49599c24beca25 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Sat, 3 Oct 2015 23:52:29 +0100
Subject: [PATCH 199/335] Adding the docs for the autoscaling_lifecycle_hook

---
 .../autoscaling_lifecycle_hooks.html.markdown | 55 +++++++++++++++++++
 website/source/layouts/aws.erb                |  4 ++
 2 files changed, 59 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/autoscaling_lifecycle_hooks.html.markdown

diff --git a/website/source/docs/providers/aws/r/autoscaling_lifecycle_hooks.html.markdown b/website/source/docs/providers/aws/r/autoscaling_lifecycle_hooks.html.markdown
new file mode 100644
index 0000000000..a753c864b4
--- /dev/null
+++ b/website/source/docs/providers/aws/r/autoscaling_lifecycle_hooks.html.markdown
@@ -0,0 +1,55 @@
+---
+layout: "aws"
+page_title: "AWS: aws_autoscaling_lifecycle_hook"
+sidebar_current: "docs-aws-resource-autoscaling-lifecycle-hook"
+description: |-
+  Provides an AutoScaling Lifecycle Hooks resource.
+---
+
+# aws\_autoscaling\_lifecycle\_hook
+
+Provides an AutoScaling Lifecycle Hook resource.
+
+## Example Usage
+
+```
+resource "aws_autoscaling_group" "foobar" {
+    availability_zones = ["us-west-2a"]
+    name = "terraform-test-foobar5"
+    health_check_type = "EC2"
+    termination_policies = ["OldestInstance"]
+    tag {
+        key = "Foo"
+        value = "foo-bar"
+        propagate_at_launch = true
+    }
+}
+
+resource "aws_autoscaling_lifecycle_hook" "foobar" {
+    name = "foobar"
+    autoscaling_group_name = "${aws_autoscaling_group.foobar.name}"
+    default_result = "CONTINUE"
+    heartbeat_timeout = 2000
+    lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING"
+    notification_metadata = <<EOF
+{
+  "foo": "bar"
+}
+EOF
+    notification_target_arn = "arn:aws:sqs:us-east-1:444455556666:queue1*"
+    role_arn = "arn:aws:iam::123456789012:role/S3Access"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the lifecycle hook.
+* `autoscaling_group_name` - (Requred) The name of the Auto Scaling group to which you want to assign the lifecycle hook
+* `default_result` - (Optional) Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs.
+* `heartbeat_timeout` - (Optional) Defines the amount of time, in seconds, that can elapse before the lifecycle hook times out. When the lifecycle hook times out, Auto Scaling performs the action defined in the DefaultResult parameter
+* `lifecycle_transition` - (Optional) The instance state to which you want to attach the lifecycle hook. For a list of lifecycle hook types, see [describe-lifecycle-hook-types](http://docs.aws.amazon.com/cli/latest/reference/autoscaling/describe-lifecycle-hook-types.html#examples)
+* `notification_metadata` - (Optional) Contains additional information that you want to include any time Auto Scaling sends a message to the notification target.
+* `notification_target_arn` - (Required) The ARN of the notification target that Auto Scaling will use to notify you when an instance is in the transition state for the lifecycle hook. This ARN target can be either an SQS queue or an SNS topic.
+* `role_arn` - (Required) The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target.
\ No newline at end of file
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 33a0cf8b12..c4a8cdb438 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -63,6 +63,10 @@
                             <a href="/docs/providers/aws/r/autoscaling_group.html">aws_autoscaling_group</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-autoscaling-lifecycle-hook") %>>
+                            <a href="/docs/providers/aws/r/autoscaling_lifecycle_hooks.html">aws_autoscaling_lifecycle_hooks</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-autoscaling-notification") %>>
                             <a href="/docs/providers/aws/r/autoscaling_notification.html">aws_autoscaling_notification</a>
                         </li>

From 57c80a0d46aa4236c2b5da4418345dff08aa2283 Mon Sep 17 00:00:00 2001
From: Jonathan Leibiusky <ionathan@gmail.com>
Date: Mon, 28 Sep 2015 23:09:45 -0700
Subject: [PATCH 200/335] Add support for aws autoscaling lifecycle hooks.

---
 builtin/providers/aws/provider.go             |   1 +
 ...resource_aws_autoscaling_lifecycle_hook.go | 175 ++++++++++++++++++
 ...rce_aws_autoscaling_lifecycle_hook_test.go | 168 +++++++++++++++++
 website/source/layouts/aws.erb                |   2 +-
 4 files changed, 345 insertions(+), 1 deletion(-)
 create mode 100644 builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook.go
 create mode 100644 builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook_test.go

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index c915c61fb4..65a3007af7 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -164,6 +164,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_autoscaling_notification":     resourceAwsAutoscalingNotification(),
 			"aws_autoscaling_policy":           resourceAwsAutoscalingPolicy(),
 			"aws_cloudwatch_log_group":         resourceAwsCloudWatchLogGroup(),
+			"aws_autoscaling_lifecycle_hook":   resourceAwsAutoscalingLifecycleHook(),
 			"aws_cloudwatch_metric_alarm":      resourceAwsCloudWatchMetricAlarm(),
 			"aws_customer_gateway":             resourceAwsCustomerGateway(),
 			"aws_db_instance":                  resourceAwsDbInstance(),
diff --git a/builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook.go b/builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook.go
new file mode 100644
index 0000000000..faacadb7a2
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook.go
@@ -0,0 +1,175 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/autoscaling"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsAutoscalingLifecycleHook() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsAutoscalingLifecycleHookPut,
+		Read:   resourceAwsAutoscalingLifecycleHookRead,
+		Update: resourceAwsAutoscalingLifecycleHookPut,
+		Delete: resourceAwsAutoscalingLifecycleHookDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"autoscaling_group_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"default_result": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"heartbeat_timeout": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"lifecycle_transition": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"notification_metadata": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"notification_target_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func resourceAwsAutoscalingLifecycleHookPut(d *schema.ResourceData, meta interface{}) error {
+	autoscalingconn := meta.(*AWSClient).autoscalingconn
+
+	params := getAwsAutoscalingPutLifecycleHookInput(d)
+
+	log.Printf("[DEBUG] AutoScaling PutLifecyleHook: %#v", params)
+	_, err := autoscalingconn.PutLifecycleHook(&params)
+	if err != nil {
+		return fmt.Errorf("Error putting lifecycle hook: %s", err)
+	}
+
+	d.SetId(d.Get("name").(string))
+
+	return resourceAwsAutoscalingLifecycleHookRead(d, meta)
+}
+
+func resourceAwsAutoscalingLifecycleHookRead(d *schema.ResourceData, meta interface{}) error {
+	p, err := getAwsAutoscalingLifecycleHook(d, meta)
+	if err != nil {
+		return err
+	}
+	if p == nil {
+		d.SetId("")
+		return nil
+	}
+
+	log.Printf("[DEBUG] Read Lifecycle Hook: ASG: %s, SH: %s, Obj: %#v", d.Get("autoscaling_group_name"), d.Get("name"), p)
+
+	d.Set("default_result", p.DefaultResult)
+	d.Set("heartbeat_timeout", p.HeartbeatTimeout)
+	d.Set("lifecycle_transition", p.LifecycleTransition)
+	d.Set("notification_metadata", p.NotificationMetadata)
+	d.Set("notification_target_arn", p.NotificationTargetARN)
+	d.Set("name", p.LifecycleHookName)
+	d.Set("role_arn", p.RoleARN)
+
+	return nil
+}
+
+func resourceAwsAutoscalingLifecycleHookDelete(d *schema.ResourceData, meta interface{}) error {
+	autoscalingconn := meta.(*AWSClient).autoscalingconn
+	p, err := getAwsAutoscalingLifecycleHook(d, meta)
+	if err != nil {
+		return err
+	}
+	if p == nil {
+		return nil
+	}
+
+	params := autoscaling.DeleteLifecycleHookInput{
+		AutoScalingGroupName: aws.String(d.Get("autoscaling_group_name").(string)),
+		LifecycleHookName:    aws.String(d.Get("name").(string)),
+	}
+	if _, err := autoscalingconn.DeleteLifecycleHook(&params); err != nil {
+		return fmt.Errorf("Autoscaling Lifecycle Hook: %s ", err)
+	}
+
+	d.SetId("")
+	return nil
+}
+
+func getAwsAutoscalingPutLifecycleHookInput(d *schema.ResourceData) autoscaling.PutLifecycleHookInput {
+	var params = autoscaling.PutLifecycleHookInput{
+		AutoScalingGroupName: aws.String(d.Get("autoscaling_group_name").(string)),
+		LifecycleHookName:    aws.String(d.Get("name").(string)),
+	}
+
+	if v, ok := d.GetOk("default_result"); ok {
+		params.DefaultResult = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("heartbeat_timeout"); ok {
+		params.HeartbeatTimeout = aws.Int64(int64(v.(int)))
+	}
+
+	if v, ok := d.GetOk("lifecycle_transition"); ok {
+		params.LifecycleTransition = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("notification_metadata"); ok {
+		params.NotificationMetadata = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("notification_target_arn"); ok {
+		params.NotificationTargetARN = aws.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("role_arn"); ok {
+		params.RoleARN = aws.String(v.(string))
+	}
+
+	return params
+}
+
+func getAwsAutoscalingLifecycleHook(d *schema.ResourceData, meta interface{}) (*autoscaling.LifecycleHook, error) {
+	autoscalingconn := meta.(*AWSClient).autoscalingconn
+
+	params := autoscaling.DescribeLifecycleHooksInput{
+		AutoScalingGroupName: aws.String(d.Get("autoscaling_group_name").(string)),
+		LifecycleHookNames:   []*string{aws.String(d.Get("name").(string))},
+	}
+
+	log.Printf("[DEBUG] AutoScaling Lifecycle Hook Describe Params: %#v", params)
+	resp, err := autoscalingconn.DescribeLifecycleHooks(&params)
+	if err != nil {
+		return nil, fmt.Errorf("Error retrieving lifecycle hooks: %s", err)
+	}
+
+	// find lifecycle hooks
+	name := d.Get("name")
+	for idx, sp := range resp.LifecycleHooks {
+		if *sp.LifecycleHookName == name {
+			return resp.LifecycleHooks[idx], nil
+		}
+	}
+
+	// lifecycle hook not found
+	return nil, nil
+}
diff --git a/builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook_test.go b/builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook_test.go
new file mode 100644
index 0000000000..f425570e9c
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_autoscaling_lifecycle_hook_test.go
@@ -0,0 +1,168 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/autoscaling"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSAutoscalingLifecycleHook_basic(t *testing.T) {
+	var hook autoscaling.LifecycleHook
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSAutoscalingLifecycleHookDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSAutoscalingLifecycleHookConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckLifecycleHookExists("aws_autoscaling_lifecycle_hook.foobar", &hook),
+					resource.TestCheckResourceAttr("aws_autoscaling_lifecycle_hook.foobar", "autoscaling_group_name", "terraform-test-foobar5"),
+					resource.TestCheckResourceAttr("aws_autoscaling_lifecycle_hook.foobar", "default_result", "CONTINUE"),
+					resource.TestCheckResourceAttr("aws_autoscaling_lifecycle_hook.foobar", "heartbeat_timeout", "2000"),
+					resource.TestCheckResourceAttr("aws_autoscaling_lifecycle_hook.foobar", "lifecycle_transition", "autoscaling:EC2_INSTANCE_LAUNCHING"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckLifecycleHookExists(n string, hook *autoscaling.LifecycleHook) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			rs = rs
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).autoscalingconn
+		params := &autoscaling.DescribeLifecycleHooksInput{
+			AutoScalingGroupName: aws.String(rs.Primary.Attributes["autoscaling_group_name"]),
+			LifecycleHookNames:   []*string{aws.String(rs.Primary.ID)},
+		}
+		resp, err := conn.DescribeLifecycleHooks(params)
+		if err != nil {
+			return err
+		}
+		if len(resp.LifecycleHooks) == 0 {
+			return fmt.Errorf("LifecycleHook not found")
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckAWSAutoscalingLifecycleHookDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).autoscalingconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_autoscaling_group" {
+			continue
+		}
+
+		params := autoscaling.DescribeLifecycleHooksInput{
+			AutoScalingGroupName: aws.String(rs.Primary.Attributes["autoscaling_group_name"]),
+			LifecycleHookNames:   []*string{aws.String(rs.Primary.ID)},
+		}
+
+		resp, err := conn.DescribeLifecycleHooks(&params)
+
+		if err == nil {
+			if len(resp.LifecycleHooks) != 0 &&
+				*resp.LifecycleHooks[0].LifecycleHookName == rs.Primary.ID {
+				return fmt.Errorf("Lifecycle Hook Still Exists: %s", rs.Primary.ID)
+			}
+		}
+	}
+
+	return nil
+}
+
+var testAccAWSAutoscalingLifecycleHookConfig = fmt.Sprintf(`
+resource "aws_launch_configuration" "foobar" {
+    name = "terraform-test-foobar5"
+    image_id = "ami-21f78e11"
+    instance_type = "t1.micro"
+}
+
+resource "aws_sqs_queue" "foobar" {
+  name = "foobar"
+  delay_seconds = 90
+  max_message_size = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
+
+resource "aws_iam_role" "foobar" {
+    name = "foobar"
+    assume_role_policy = <<EOF
+{
+  "Version" : "2012-10-17",
+  "Statement": [ {
+    "Effect": "Allow",
+    "Principal": {"AWS": "*"},
+    "Action": [ "sts:AssumeRole" ]
+  } ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "foobar" {
+    name = "foobar"
+    role = "${aws_iam_role.foobar.id}"
+    policy = <<EOF
+{
+    "Version" : "2012-10-17",
+    "Statement": [ {
+      "Effect": "Allow",
+      "Action": [
+	"sqs:SendMessage",
+	"sqs:GetQueueUrl",
+	"sns:Publish"
+      ],
+      "Resource": [
+	"${aws_sqs_queue.foobar.arn}"
+      ]
+    } ]
+}
+EOF
+}
+
+
+resource "aws_autoscaling_group" "foobar" {
+    availability_zones = ["us-west-2a"]
+    name = "terraform-test-foobar5"
+    max_size = 5
+    min_size = 2
+    health_check_grace_period = 300
+    health_check_type = "ELB"
+    force_delete = true
+    termination_policies = ["OldestInstance"]
+    launch_configuration = "${aws_launch_configuration.foobar.name}"
+    tag {
+        key = "Foo"
+        value = "foo-bar"
+        propagate_at_launch = true
+    }
+}
+
+resource "aws_autoscaling_lifecycle_hook" "foobar" {
+    name = "foobar"
+    autoscaling_group_name = "${aws_autoscaling_group.foobar.name}"
+    default_result = "CONTINUE"
+    heartbeat_timeout = 2000
+    lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING"
+    notification_metadata = <<EOF
+{
+  "foo": "bar"
+}
+EOF
+    notification_target_arn = "${aws_sqs_queue.foobar.arn}"
+    role_arn = "${aws_iam_role.foobar.arn}"
+}
+`)
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index c4a8cdb438..326a6a2a2b 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -64,7 +64,7 @@
                         </li>
 
                         <li<%= sidebar_current("docs-aws-resource-autoscaling-lifecycle-hook") %>>
-                            <a href="/docs/providers/aws/r/autoscaling_lifecycle_hooks.html">aws_autoscaling_lifecycle_hooks</a>
+                            <a href="/docs/providers/aws/r/autoscaling_lifecycle_hooks.html">aws_autoscaling_lifecycle_hook</a>
                         </li>
 
                         <li<%= sidebar_current("docs-aws-resource-autoscaling-notification") %>>

From f34628de54ee34f4f8ed35ebd49da0b315dfdcfa Mon Sep 17 00:00:00 2001
From: Takaaki Furukawa <takaaki.furukawa@rakuten.com>
Date: Mon, 12 Oct 2015 13:06:29 +0900
Subject: [PATCH 201/335] Refactor ResourceData, pluralize some arguments and
 add error check in d.Set for complex types

---
 .../resource_vsphere_virtual_machine.go       | 113 +++++++++---------
 1 file changed, 56 insertions(+), 57 deletions(-)

diff --git a/builtin/providers/vsphere/resource_vsphere_virtual_machine.go b/builtin/providers/vsphere/resource_vsphere_virtual_machine.go
index 583b2ed6bc..c6b1292acf 100644
--- a/builtin/providers/vsphere/resource_vsphere_virtual_machine.go
+++ b/builtin/providers/vsphere/resource_vsphere_virtual_machine.go
@@ -121,14 +121,14 @@ func resourceVSphereVirtualMachine() *schema.Resource {
 				Default:  "Etc/UTC",
 			},
 
-			"dns_suffix": &schema.Schema{
+			"dns_suffixes": &schema.Schema{
 				Type:     schema.TypeList,
 				Optional: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				ForceNew: true,
 			},
 
-			"dns_server": &schema.Schema{
+			"dns_servers": &schema.Schema{
 				Type:     schema.TypeList,
 				Optional: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
@@ -245,83 +245,79 @@ func resourceVSphereVirtualMachineCreate(d *schema.ResourceData, meta interface{
 		vm.timeZone = v.(string)
 	}
 
-	dns_suffix := d.Get("dns_suffix.#").(int)
-	if dns_suffix > 0 {
-		vm.dnsSuffixes = make([]string, 0, dns_suffix)
-		for i := 0; i < dns_suffix; i++ {
-			s := fmt.Sprintf("dns_suffix.%d", i)
-			vm.dnsSuffixes = append(vm.dnsSuffixes, d.Get(s).(string))
+	if raw, ok := d.GetOk("dns_suffixes"); ok {
+		for _, v := range raw.([]interface{}) {
+			vm.dnsSuffixes = append(vm.dnsSuffixes, v.(string))
 		}
 	} else {
 		vm.dnsSuffixes = DefaultDNSSuffixes
 	}
 
-	dns_server := d.Get("dns_server.#").(int)
-	if dns_server > 0 {
-		vm.dnsServers = make([]string, 0, dns_server)
-		for i := 0; i < dns_server; i++ {
-			s := fmt.Sprintf("dns_server.%d", i)
-			vm.dnsServers = append(vm.dnsServers, d.Get(s).(string))
+	if raw, ok := d.GetOk("dns_servers"); ok {
+		for _, v := range raw.([]interface{}) {
+			vm.dnsServers = append(vm.dnsServers, v.(string))
 		}
 	} else {
 		vm.dnsServers = DefaultDNSServers
 	}
 
-	networksCount := d.Get("network_interface.#").(int)
-	networks := make([]networkInterface, networksCount)
-	for i := 0; i < networksCount; i++ {
-		prefix := fmt.Sprintf("network_interface.%d", i)
-		networks[i].label = d.Get(prefix + ".label").(string)
-		if v, ok := d.GetOk(prefix + ".ip_address"); ok {
-			networks[i].ipAddress = v.(string)
-		}
-		if v, ok := d.GetOk(prefix + ".subnet_mask"); ok {
-			networks[i].subnetMask = v.(string)
+	if vL, ok := d.GetOk("network_interface"); ok {
+		networks := make([]networkInterface, len(vL.([]interface{})))
+		for i, v := range vL.([]interface{}) {
+			network := v.(map[string]interface{})
+			networks[i].label = network["label"].(string)
+			if v, ok := network["ip_address"].(string); ok && v != "" {
+				networks[i].ipAddress = v
+			}
+			if v, ok := network["subnet_mask"].(string); ok && v != "" {
+				networks[i].subnetMask = v
+			}
 		}
+		vm.networkInterfaces = networks
+		log.Printf("[DEBUG] network_interface init: %v", networks)
 	}
-	vm.networkInterfaces = networks
-	log.Printf("[DEBUG] network_interface init: %v", networks)
 
-	diskCount := d.Get("disk.#").(int)
-	disks := make([]hardDisk, diskCount)
-	for i := 0; i < diskCount; i++ {
-		prefix := fmt.Sprintf("disk.%d", i)
-		if i == 0 {
-			if v, ok := d.GetOk(prefix + ".template"); ok {
-				vm.template = v.(string)
-			} else {
-				if v, ok := d.GetOk(prefix + ".size"); ok {
-					disks[i].size = int64(v.(int))
+	if vL, ok := d.GetOk("disk"); ok {
+		disks := make([]hardDisk, len(vL.([]interface{})))
+		for i, v := range vL.([]interface{}) {
+			disk := v.(map[string]interface{})
+			if i == 0 {
+				if v, ok := disk["template"].(string); ok && v != "" {
+					vm.template = v
 				} else {
-					return fmt.Errorf("If template argument is not specified, size argument is required.")
+					if v, ok := disk["size"].(int); ok && v != 0 {
+						disks[i].size = int64(v)
+					} else {
+						return fmt.Errorf("If template argument is not specified, size argument is required.")
+					}
+				}
+				if v, ok := disk["datastore"].(string); ok && v != "" {
+					vm.datastore = v
+				}
+			} else {
+				if v, ok := disk["size"].(int); ok && v != 0 {
+					disks[i].size = int64(v)
+				} else {
+					return fmt.Errorf("Size argument is required.")
 				}
 			}
-			if v, ok := d.GetOk(prefix + ".datastore"); ok {
-				vm.datastore = v.(string)
-			}
-		} else {
-			if v, ok := d.GetOk(prefix + ".size"); ok {
-				disks[i].size = int64(v.(int))
-			} else {
-				return fmt.Errorf("Size argument is required.")
+			if v, ok := disk["iops"].(int); ok && v != 0 {
+				disks[i].iops = int64(v)
 			}
 		}
-		if v, ok := d.GetOk(prefix + ".iops"); ok {
-			disks[i].iops = int64(v.(int))
-		}
+		vm.hardDisks = disks
+		log.Printf("[DEBUG] disk init: %v", disks)
 	}
-	vm.hardDisks = disks
-	log.Printf("[DEBUG] disk init: %v", disks)
 
 	if vm.template != "" {
 		err := vm.deployVirtualMachine(client)
 		if err != nil {
-			return fmt.Errorf("error: %s", err)
+			return err
 		}
 	} else {
 		err := vm.createVirtualMachine(client)
 		if err != nil {
-			return fmt.Errorf("error: %s", err)
+			return err
 		}
 	}
 
@@ -338,7 +334,7 @@ func resourceVSphereVirtualMachineCreate(d *schema.ResourceData, meta interface{
 
 			_, err := stateConf.WaitForState()
 			if err != nil {
-				return fmt.Errorf("error: %s", err)
+				return err
 			}
 		}
 	}
@@ -368,7 +364,7 @@ func resourceVSphereVirtualMachineRead(d *schema.ResourceData, meta interface{})
 
 	collector := property.DefaultCollector(client.Client)
 	if err := collector.RetrieveOne(context.TODO(), vm.Reference(), []string{"guest", "summary", "datastore"}, &mvm); err != nil {
-		log.Printf("[ERROR] %#v", err)
+		return err
 	}
 
 	log.Printf("[DEBUG] %#v", dc)
@@ -393,18 +389,21 @@ func resourceVSphereVirtualMachineRead(d *schema.ResourceData, meta interface{})
 			networkInterfaces = append(networkInterfaces, networkInterface)
 		}
 	}
-	d.Set("network_interface", networkInterfaces)
+	err = d.Set("network_interface", networkInterfaces)
+	if err != nil {
+		return fmt.Errorf("Invalid network interfaces to set: %#v", networkInterfaces)
+	}
 
 	var rootDatastore string
 	for _, v := range mvm.Datastore {
 		var md mo.Datastore
 		if err := collector.RetrieveOne(context.TODO(), v, []string{"name", "parent"}, &md); err != nil {
-			log.Printf("[ERROR] %#v", err)
+			return err
 		}
 		if md.Parent.Type == "StoragePod" {
 			var msp mo.StoragePod
 			if err := collector.RetrieveOne(context.TODO(), *md.Parent, []string{"name"}, &msp); err != nil {
-				log.Printf("[ERROR] %#v", err)
+				return err
 			}
 			rootDatastore = msp.Name
 			log.Printf("[DEBUG] %#v", msp.Name)

From e8cfc5eca2201f46e1c3fefbf6416b30b4138b57 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 11 Oct 2015 23:01:20 -0700
Subject: [PATCH 202/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e6fae1ba1..b711dd1e36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ FEATURES:
   * **New resources: `aws_opsworks_*`** [GH-2162]
   * **New resource: `aws_elasticsearch_domain`** [GH-3443]
   * **New resource: `aws_directory_service_directory`** [GH-3228]
+  * **New resource: `aws_autoscaling_lifecycle_hook`** [GH-3351]
 
 IMPROVEMENTS:
 

From 299b673eebcac631a7426cab328050b18fef920d Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 07:07:56 -0500
Subject: [PATCH 203/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b711dd1e36..a9e89169bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -65,6 +65,7 @@ BUG FIXES:
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/aws: Fix ValidateAccountId for IAM Instance Profiles [GH-3313]
   * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
+  * provider/digitalocean: Fix issue causing unnecessary diffs based on droplet slugsize case [GH-3284]
   * provider/openstack: add state 'downloading' to list of expected states in
       `blockstorage_volume_v1` creation [GH-2866]
   * provider/openstack: remove security groups (by name) before adding security

From d3137b90da9bcc24297935fb345af0ac5e8c4c09 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 10:14:15 -0500
Subject: [PATCH 204/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9e89169bc..ef843faaaf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@ FEATURES:
 
   * **New provider: `rundeck`** [GH-2412]
   * **New provider: `packet`** [GH-2260], [GH-3472]
+  * **New provider: `vsphere`** [GH-3419]
   * **New resource: `cloudstack_loadbalancer_rule`** [GH-2934]
   * **New resource: `google_compute_project_metadata`** [GH-3065]
   * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2784]

From 36f78cc1dcc8426a77059be5d14ce1a040dd0e08 Mon Sep 17 00:00:00 2001
From: Garrett Heel <garrett@runscope.com>
Date: Fri, 2 Oct 2015 16:11:49 -0700
Subject: [PATCH 205/335] provider/aws: Allow tags for kinesis streams

---
 .../aws/resource_aws_kinesis_stream.go        |  33 +++++-
 .../aws/resource_aws_kinesis_stream_test.go   |   3 +
 builtin/providers/aws/tags_kinesis.go         | 105 ++++++++++++++++++
 builtin/providers/aws/tags_kinesis_test.go    |  84 ++++++++++++++
 .../aws/r/kinesis_stream.html.markdown        |   4 +
 5 files changed, 227 insertions(+), 2 deletions(-)
 create mode 100644 builtin/providers/aws/tags_kinesis.go
 create mode 100644 builtin/providers/aws/tags_kinesis_test.go

diff --git a/builtin/providers/aws/resource_aws_kinesis_stream.go b/builtin/providers/aws/resource_aws_kinesis_stream.go
index 45d685c1d1..1abb9dbc32 100644
--- a/builtin/providers/aws/resource_aws_kinesis_stream.go
+++ b/builtin/providers/aws/resource_aws_kinesis_stream.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"log"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -15,6 +16,7 @@ func resourceAwsKinesisStream() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsKinesisStreamCreate,
 		Read:   resourceAwsKinesisStreamRead,
+		Update: resourceAwsKinesisStreamUpdate,
 		Delete: resourceAwsKinesisStreamDelete,
 
 		Schema: map[string]*schema.Schema{
@@ -35,6 +37,7 @@ func resourceAwsKinesisStream() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }
@@ -75,13 +78,28 @@ func resourceAwsKinesisStreamCreate(d *schema.ResourceData, meta interface{}) er
 	d.SetId(*s.StreamARN)
 	d.Set("arn", s.StreamARN)
 
-	return nil
+	return resourceAwsKinesisStreamUpdate(d, meta)
+}
+
+func resourceAwsKinesisStreamUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).kinesisconn
+
+	d.Partial(true)
+	if err := setTagsKinesis(conn, d); err != nil {
+		return err
+	}
+
+	d.SetPartial("tags")
+	d.Partial(false)
+
+	return resourceAwsKinesisStreamRead(d, meta)
 }
 
 func resourceAwsKinesisStreamRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).kinesisconn
+	sn := d.Get("name").(string)
 	describeOpts := &kinesis.DescribeStreamInput{
-		StreamName: aws.String(d.Get("name").(string)),
+		StreamName: aws.String(sn),
 	}
 	resp, err := conn.DescribeStream(describeOpts)
 	if err != nil {
@@ -99,6 +117,17 @@ func resourceAwsKinesisStreamRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("arn", *s.StreamARN)
 	d.Set("shard_count", len(s.Shards))
 
+	// set tags
+	describeTagsOpts := &kinesis.ListTagsForStreamInput{
+		StreamName: aws.String(sn),
+	}
+	tagsResp, err := conn.ListTagsForStream(describeTagsOpts)
+	if err != nil {
+		log.Printf("[DEBUG] Error retrieving tags for Stream: %s. %s", sn, err)
+	} else {
+		d.Set("tags", tagsToMapKinesis(tagsResp.Tags))
+	}
+
 	return nil
 }
 
diff --git a/builtin/providers/aws/resource_aws_kinesis_stream_test.go b/builtin/providers/aws/resource_aws_kinesis_stream_test.go
index c9580ad228..82c0b64fac 100644
--- a/builtin/providers/aws/resource_aws_kinesis_stream_test.go
+++ b/builtin/providers/aws/resource_aws_kinesis_stream_test.go
@@ -107,5 +107,8 @@ var testAccKinesisStreamConfig = fmt.Sprintf(`
 resource "aws_kinesis_stream" "test_stream" {
 	name = "terraform-kinesis-test-%d"
 	shard_count = 2
+	tags {
+		Name = "tf-test"
+	}
 }
 `, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
diff --git a/builtin/providers/aws/tags_kinesis.go b/builtin/providers/aws/tags_kinesis.go
new file mode 100644
index 0000000000..c9562644d3
--- /dev/null
+++ b/builtin/providers/aws/tags_kinesis.go
@@ -0,0 +1,105 @@
+package aws
+
+import (
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/kinesis"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+// setTags is a helper to set the tags for a resource. It expects the
+// tags field to be named "tags"
+func setTagsKinesis(conn *kinesis.Kinesis, d *schema.ResourceData) error {
+
+	sn := d.Get("name").(string)
+
+	if d.HasChange("tags") {
+		oraw, nraw := d.GetChange("tags")
+		o := oraw.(map[string]interface{})
+		n := nraw.(map[string]interface{})
+		create, remove := diffTagsKinesis(tagsFromMapKinesis(o), tagsFromMapKinesis(n))
+
+		// Set tags
+		if len(remove) > 0 {
+			log.Printf("[DEBUG] Removing tags: %#v", remove)
+			k := make([]*string, len(remove), len(remove))
+			for i, t := range remove {
+				k[i] = t.Key
+			}
+
+			_, err := conn.RemoveTagsFromStream(&kinesis.RemoveTagsFromStreamInput{
+				StreamName: aws.String(sn),
+				TagKeys:    k,
+			})
+			if err != nil {
+				return err
+			}
+		}
+
+		if len(create) > 0 {
+
+			log.Printf("[DEBUG] Creating tags: %#v", create)
+			t := make(map[string]*string)
+			for _, tag := range create {
+				t[*tag.Key] = tag.Value
+			}
+
+			_, err := conn.AddTagsToStream(&kinesis.AddTagsToStreamInput{
+				StreamName: aws.String(sn),
+				Tags:       t,
+			})
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// diffTags takes our tags locally and the ones remotely and returns
+// the set of tags that must be created, and the set of tags that must
+// be destroyed.
+func diffTagsKinesis(oldTags, newTags []*kinesis.Tag) ([]*kinesis.Tag, []*kinesis.Tag) {
+	// First, we're creating everything we have
+	create := make(map[string]interface{})
+	for _, t := range newTags {
+		create[*t.Key] = *t.Value
+	}
+
+	// Build the list of what to remove
+	var remove []*kinesis.Tag
+	for _, t := range oldTags {
+		old, ok := create[*t.Key]
+		if !ok || old != *t.Value {
+			// Delete it!
+			remove = append(remove, t)
+		}
+	}
+
+	return tagsFromMapKinesis(create), remove
+}
+
+// tagsFromMap returns the tags for the given map of data.
+func tagsFromMapKinesis(m map[string]interface{}) []*kinesis.Tag {
+	var result []*kinesis.Tag
+	for k, v := range m {
+		result = append(result, &kinesis.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v.(string)),
+		})
+	}
+
+	return result
+}
+
+// tagsToMap turns the list of tags into a map.
+func tagsToMapKinesis(ts []*kinesis.Tag) map[string]string {
+	result := make(map[string]string)
+	for _, t := range ts {
+		result[*t.Key] = *t.Value
+	}
+
+	return result
+}
diff --git a/builtin/providers/aws/tags_kinesis_test.go b/builtin/providers/aws/tags_kinesis_test.go
new file mode 100644
index 0000000000..d97365ad85
--- /dev/null
+++ b/builtin/providers/aws/tags_kinesis_test.go
@@ -0,0 +1,84 @@
+package aws
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/kinesis"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestDiffTagsKinesis(t *testing.T) {
+	cases := []struct {
+		Old, New       map[string]interface{}
+		Create, Remove map[string]string
+	}{
+		// Basic add/remove
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"bar": "baz",
+			},
+			Create: map[string]string{
+				"bar": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+
+		// Modify
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"foo": "baz",
+			},
+			Create: map[string]string{
+				"foo": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+	}
+
+	for i, tc := range cases {
+		c, r := diffTagsKinesis(tagsFromMapKinesis(tc.Old), tagsFromMapKinesis(tc.New))
+		cm := tagsToMapKinesis(c)
+		rm := tagsToMapKinesis(r)
+		if !reflect.DeepEqual(cm, tc.Create) {
+			t.Fatalf("%d: bad create: %#v", i, cm)
+		}
+		if !reflect.DeepEqual(rm, tc.Remove) {
+			t.Fatalf("%d: bad remove: %#v", i, rm)
+		}
+	}
+}
+
+// testAccCheckTags can be used to check the tags on a resource.
+func testAccCheckKinesisTags(ts []*kinesis.Tag, key string, value string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		m := tagsToMapKinesis(ts)
+		v, ok := m[key]
+		if value != "" && !ok {
+			return fmt.Errorf("Missing tag: %s", key)
+		} else if value == "" && ok {
+			return fmt.Errorf("Extra tag: %s", key)
+		}
+		if value == "" {
+			return nil
+		}
+
+		if v != value {
+			return fmt.Errorf("%s: bad value: %s", key, v)
+		}
+
+		return nil
+	}
+}
diff --git a/website/source/docs/providers/aws/r/kinesis_stream.html.markdown b/website/source/docs/providers/aws/r/kinesis_stream.html.markdown
index a667bb4278..b1ef962997 100644
--- a/website/source/docs/providers/aws/r/kinesis_stream.html.markdown
+++ b/website/source/docs/providers/aws/r/kinesis_stream.html.markdown
@@ -19,6 +19,9 @@ For more details, see the [Amazon Kinesis Documentation][1].
 resource "aws_kinesis_stream" "test_stream" {
 	name = "terraform-kinesis-test"
 	shard_count = 1
+	tags {
+		Environment = "test"
+	}
 }
 ```
 
@@ -31,6 +34,7 @@ AWS account and region the Stream is created in.
 * `shard_count` – (Required) The number of shards that the stream will use.
 Amazon has guidlines for specifying the Stream size that should be referenced 
 when creating a Kinesis stream. See [Amazon Kinesis Streams][2] for more.
+* `tags` - (Optional) A mapping of tags to assign to the resource.
 
 ## Attributes Reference
 

From 344fef7099c65a0e20a10f244bb98e3b45660408 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Mon, 12 Oct 2015 09:39:48 -0700
Subject: [PATCH 206/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef843faaaf..262fd50e77 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,7 @@ IMPROVEMENTS:
   * provider/aws: Add validation for `app_cookie_stickiness_policy.name` [GH-3277]
   * provider/aws: Add validation for `db_parameter_group.name` [GH-3279]
   * provider/aws: `aws_s3_bucket_object` allows interpolated content to be set with new `content` attribute. [GH-3200]
+  * provider/aws: Allow tags for `aws_kinesis_stream` resource. [GH-3397]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From 8436931cecd0df23d5c355b5f3b0b190d76bde98 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 11:44:53 -0500
Subject: [PATCH 207/335] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 262fd50e77..d04f464e22 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ FEATURES:
 
   * **New provider: `rundeck`** [GH-2412]
   * **New provider: `packet`** [GH-2260], [GH-3472]
-  * **New provider: `vsphere`** [GH-3419]
+  * **New provider: `vsphere`**: Initial support for a VM resource [GH-3419]
   * **New resource: `cloudstack_loadbalancer_rule`** [GH-2934]
   * **New resource: `google_compute_project_metadata`** [GH-3065]
   * **New resources: `aws_ami`, `aws_ami_copy`, `aws_ami_from_instance`** [GH-2784]

From af5dae59075daee4e4c65fa97c2d2441ec763074 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Mon, 12 Oct 2015 15:00:43 -0400
Subject: [PATCH 208/335] bundle update middleman-hashicorp

---
 website/Gemfile.lock | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/website/Gemfile.lock b/website/Gemfile.lock
index cff5dfa3e9..325143cfd7 100644
--- a/website/Gemfile.lock
+++ b/website/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/hashicorp/middleman-hashicorp
-  revision: fc131cfce2a1d5c8671812d9844a944ebb4bd92f
+  revision: b152b6436348e8e1f9990436228b25b4c5c6fcb8
   specs:
     middleman-hashicorp (0.1.0)
       bootstrap-sass (~> 3.3)
@@ -76,7 +76,7 @@ GEM
     http_parser.rb (0.6.0)
     i18n (0.7.0)
     json (1.8.3)
-    kramdown (1.8.0)
+    kramdown (1.9.0)
     less (2.6.0)
       commonjs (~> 0.2.7)
     libv8 (3.16.14.11)
@@ -148,10 +148,10 @@ GEM
     rb-fsevent (0.9.6)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
-    redcarpet (3.3.2)
+    redcarpet (3.3.3)
     ref (2.0.0)
     rouge (1.10.1)
-    sass (3.4.18)
+    sass (3.4.19)
     sprockets (2.12.4)
       hike (~> 1.2)
       multi_json (~> 1.0)
@@ -186,3 +186,6 @@ PLATFORMS
 
 DEPENDENCIES
   middleman-hashicorp!
+
+BUNDLED WITH
+   1.10.6

From 8a5d558656f8c231241df7630e89f4581a70a843 Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Mon, 12 Oct 2015 15:01:06 -0400
Subject: [PATCH 209/335] add github slug to website config

---
 website/config.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/config.rb b/website/config.rb
index 80bbb64439..5d0d0ec166 100644
--- a/website/config.rb
+++ b/website/config.rb
@@ -10,4 +10,5 @@ activate :hashicorp do |h|
   h.bintray_repo    = "mitchellh/terraform"
   h.bintray_user    = "mitchellh"
   h.bintray_key     = ENV["BINTRAY_API_KEY"]
+  h.github_slug     = "hashicorp/terraform"
 end

From b9c43b2ee91d56fdc7091c4584b4f6488797bdbc Mon Sep 17 00:00:00 2001
From: Sam Handler <sam@hashicorp.com>
Date: Mon, 12 Oct 2015 15:02:11 -0400
Subject: [PATCH 210/335] use github_url in 'Edit This Page link

---
 website/source/layouts/_footer.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/layouts/_footer.erb b/website/source/layouts/_footer.erb
index 791861e423..d42c55cac6 100644
--- a/website/source/layouts/_footer.erb
+++ b/website/source/layouts/_footer.erb
@@ -8,7 +8,7 @@
 						<li class="active li-under"><a href="/docs/index.html">Docs</a></li>
 						<li class="li-under"><a href="/community.html">Community</a></li>
 						<% if current_page.url != '/' %>
-							<li class="li-under"><a href="https://github.com/hashicorp/terraform/<%= github_path current_page %>">Edit this page</a></li>
+							<li class="li-under"><a href="<%= github_url :current_page %>">Edit this page</a></li>
 						<% end %>
 					</ul>
 				</div>

From 9f106bc98e9dc985d2f1ed5824925ded8ef918c3 Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Mon, 12 Oct 2015 14:24:14 -0500
Subject: [PATCH 211/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d04f464e22..9160afcc8c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@ IMPROVEMENTS:
   * provider/aws: Support IAM role names (previously just ARNs) in `aws_ecs_service.iam_role` [GH-3061]
   * provider/aws: Add update method to RDS Subnet groups, can modify subnets without recreating  [GH-3053]
   * provider/aws: Paginate notifications returned for ASG Notifications [GH-3043]
+  * provider/aws: Adds additional S3 Bucket Object inputs [GH-3265]
   * provider/aws: add `ses_smtp_password` to `aws_iam_access_key` [GH-3165]
   * provider/aws: read `iam_instance_profile` for `aws_instance` and save to state [GH-3167]
   * provider/aws: allow `instance` to be computed in `aws_eip` [GH-3036]

From ed25948651799ff7a03575faa2a9d3f5b016900b Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 14:24:57 -0500
Subject: [PATCH 212/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9160afcc8c..4ca088c721 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ FEATURES:
   * **New resource: `aws_elasticsearch_domain`** [GH-3443]
   * **New resource: `aws_directory_service_directory`** [GH-3228]
   * **New resource: `aws_autoscaling_lifecycle_hook`** [GH-3351]
+  * **New resource: `aws_placement_group`** [GH-3457]
 
 IMPROVEMENTS:
 

From 810d0882792cedbb5ce3898b6d93673e5c461265 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Mon, 12 Oct 2015 15:50:04 -0500
Subject: [PATCH 213/335] Fix whitespace formatting with go fmt

---
 builtin/providers/aws/resource_aws_eip.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_eip.go b/builtin/providers/aws/resource_aws_eip.go
index bf7a9e3c5c..4b369ee606 100644
--- a/builtin/providers/aws/resource_aws_eip.go
+++ b/builtin/providers/aws/resource_aws_eip.go
@@ -30,13 +30,13 @@ func resourceAwsEip() *schema.Resource {
 			"instance": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
-                                Computed: true,
+				Computed: true,
 			},
 
 			"network_interface": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                Computed: true,
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
 			},
 
 			"allocation_id": &schema.Schema{

From d3c5c0d85f72025536152921f80d72f63ba3580b Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 18 Aug 2015 09:56:54 -0500
Subject: [PATCH 214/335] provider/aws: Update Security Group Rules to Version
 2

---
 .../aws/resource_aws_security_group_rule.go   |  83 +++--
 ...esource_aws_security_group_rule_migrate.go |   8 +-
 .../resource_aws_security_group_rule_test.go  | 284 ++++++++++++++++--
 3 files changed, 332 insertions(+), 43 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_security_group_rule.go b/builtin/providers/aws/resource_aws_security_group_rule.go
index 97b6d40250..bd40c284f4 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule.go
@@ -20,7 +20,7 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
 		Read:   resourceAwsSecurityGroupRuleRead,
 		Delete: resourceAwsSecurityGroupRuleDelete,
 
-		SchemaVersion: 1,
+                SchemaVersion: 2,
 		MigrateState:  resourceAwsSecurityGroupRuleMigrateState,
 
 		Schema: map[string]*schema.Schema{
@@ -67,14 +67,15 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
 				Optional:      true,
 				ForceNew:      true,
 				Computed:      true,
-				ConflictsWith: []string{"cidr_blocks"},
+                                ConflictsWith: []string{"cidr_blocks", "self"},
 			},
 
 			"self": &schema.Schema{
-				Type:     schema.TypeBool,
-				Optional: true,
-				Default:  false,
-				ForceNew: true,
+                                Type:          schema.TypeBool,
+                                Optional:      true,
+                                Default:       false,
+                                ForceNew:      true,
+                                ConflictsWith: []string{"cidr_blocks"},
 			},
 		},
 	}
@@ -142,7 +143,7 @@ information and instructions for recovery. Error message: %s`, awsErr.Message())
 			ruleType, autherr)
 	}
 
-	d.SetId(ipPermissionIDHash(ruleType, perm))
+        d.SetId(ipPermissionIDHash(sg_id, ruleType, perm))
 
 	return resourceAwsSecurityGroupRuleRead(d, meta)
 }
@@ -158,24 +159,67 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 	}
 
 	var rule *ec2.IpPermission
+        var rules []*ec2.IpPermission
 	ruleType := d.Get("type").(string)
-	var rl []*ec2.IpPermission
 	switch ruleType {
 	case "ingress":
-		rl = sg.IpPermissions
+                rules = sg.IpPermissions
 	default:
-		rl = sg.IpPermissionsEgress
+                rules = sg.IpPermissionsEgress
 	}
 
-	for _, r := range rl {
-		if d.Id() == ipPermissionIDHash(ruleType, r) {
-			rule = r
+        p := expandIPPerm(d, sg)
+
+        if len(rules) == 0 {
+                return fmt.Errorf("No IPPerms")
+        }
+
+        for _, r := range rules {
+                if r.ToPort != nil && *p.ToPort != *r.ToPort {
+                        continue
+                }
+
+                if r.FromPort != nil && *p.FromPort != *r.FromPort {
+                        continue
+                }
+
+                if r.IpProtocol != nil && *p.IpProtocol != *r.IpProtocol {
+                        continue
+                }
+
+                remaining := len(p.IpRanges)
+                for _, ip := range p.IpRanges {
+                        for _, rip := range r.IpRanges {
+                                if *ip.CidrIp == *rip.CidrIp {
+                                        remaining--
+                                }
+                        }
+                }
+
+                if remaining > 0 {
+                        continue
 		}
+
+                remaining = len(p.UserIdGroupPairs)
+                for _, ip := range p.UserIdGroupPairs {
+                        for _, rip := range r.UserIdGroupPairs {
+                                if *ip.GroupId == *rip.GroupId {
+                                        remaining--
+                                }
+                        }
+                }
+
+                if remaining > 0 {
+                        continue
+                }
+
+                log.Printf("[DEBUG] Found rule for Security Group Rule (%s): %s", d.Id(), r)
+                rule = r
 	}
 
 	if rule == nil {
-		log.Printf("[DEBUG] Unable to find matching %s Security Group Rule for Group %s",
-			ruleType, sg_id)
+                log.Printf("[DEBUG] Unable to find matching %s Security Group Rule (%s) for Group %s",
+                        ruleType, d.Id(), sg_id)
 		d.SetId("")
 		return nil
 	}
@@ -186,14 +230,14 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 	d.Set("type", ruleType)
 
 	var cb []string
-	for _, c := range rule.IpRanges {
+        for _, c := range p.IpRanges {
 		cb = append(cb, *c.CidrIp)
 	}
 
 	d.Set("cidr_blocks", cb)
 
-	if len(rule.UserIdGroupPairs) > 0 {
-		s := rule.UserIdGroupPairs[0]
+        if len(p.UserIdGroupPairs) > 0 {
+                s := p.UserIdGroupPairs[0]
 		d.Set("source_security_group_id", *s.GroupId)
 	}
 
@@ -285,8 +329,9 @@ func (b ByGroupPair) Less(i, j int) bool {
 	panic("mismatched security group rules, may be a terraform bug")
 }
 
-func ipPermissionIDHash(ruleType string, ip *ec2.IpPermission) string {
+func ipPermissionIDHash(sg_id, ruleType string, ip *ec2.IpPermission) string {
 	var buf bytes.Buffer
+        buf.WriteString(fmt.Sprintf("%s-", sg_id))
 	if ip.FromPort != nil && *ip.FromPort > 0 {
 		buf.WriteString(fmt.Sprintf("%d-", *ip.FromPort))
 	}
diff --git a/builtin/providers/aws/resource_aws_security_group_rule_migrate.go b/builtin/providers/aws/resource_aws_security_group_rule_migrate.go
index 98ecced70f..3dd6f5f726 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_migrate.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_migrate.go
@@ -17,6 +17,12 @@ func resourceAwsSecurityGroupRuleMigrateState(
 	case 0:
 		log.Println("[INFO] Found AWS Security Group State v0; migrating to v1")
 		return migrateSGRuleStateV0toV1(is)
+        case 1:
+                log.Println("[INFO] Found AWS Security Group State v1; migrating to v2")
+                // migrating to version 2 of the schema is the same as 0->1, since the
+                // method signature has changed now and will use the security group id in
+                // the hash
+                return migrateSGRuleStateV0toV1(is)
 	default:
 		return is, fmt.Errorf("Unexpected schema version: %d", v)
 	}
@@ -37,7 +43,7 @@ func migrateSGRuleStateV0toV1(is *terraform.InstanceState) (*terraform.InstanceS
 	}
 
 	log.Printf("[DEBUG] Attributes before migration: %#v", is.Attributes)
-	newID := ipPermissionIDHash(is.Attributes["type"], perm)
+        newID := ipPermissionIDHash(is.Attributes["security_group_id"], is.Attributes["type"], perm)
 	is.Attributes["id"] = newID
 	is.ID = newID
 	log.Printf("[DEBUG] Attributes after migration: %#v, new id: %s", is.Attributes, newID)
diff --git a/builtin/providers/aws/resource_aws_security_group_rule_test.go b/builtin/providers/aws/resource_aws_security_group_rule_test.go
index c160703f36..a00385ba79 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_test.go
@@ -2,7 +2,7 @@ package aws
 
 import (
 	"fmt"
-	"reflect"
+        "log"
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -90,15 +90,15 @@ func TestIpPermissionIDHash(t *testing.T) {
 		Type   string
 		Output string
 	}{
-		{simple, "ingress", "sg-82613597"},
-		{egress, "egress", "sg-363054720"},
-		{egress_all, "egress", "sg-2766285362"},
-		{vpc_security_group_source, "egress", "sg-2661404947"},
-		{security_group_source, "egress", "sg-1841245863"},
+                {simple, "ingress", "sg-3403497314"},
+                {egress, "egress", "sg-1173186295"},
+                {egress_all, "egress", "sg-766323498"},
+                {vpc_security_group_source, "egress", "sg-351225364"},
+                {security_group_source, "egress", "sg-2198807188"},
 	}
 
 	for _, tc := range cases {
-		actual := ipPermissionIDHash(tc.Type, tc.Input)
+                actual := ipPermissionIDHash("sg-12345", tc.Type, tc.Input)
 		if actual != tc.Output {
 			t.Errorf("input: %s - %s\noutput: %s", tc.Type, tc.Input, actual)
 		}
@@ -132,7 +132,7 @@ func TestAccAWSSecurityGroupRule_Ingress_VPC(t *testing.T) {
 				Config: testAccAWSSecurityGroupRuleIngressConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-					testAccCheckAWSSecurityGroupRuleAttributes(&group, "ingress"),
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress_1", &group, nil, "ingress"),
 					resource.TestCheckResourceAttr(
 						"aws_security_group_rule.ingress_1", "from_port", "80"),
 					testRuleCount,
@@ -169,7 +169,7 @@ func TestAccAWSSecurityGroupRule_Ingress_Classic(t *testing.T) {
 				Config: testAccAWSSecurityGroupRuleIngressClassicConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-					testAccCheckAWSSecurityGroupRuleAttributes(&group, "ingress"),
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress_1", &group, nil, "ingress"),
 					resource.TestCheckResourceAttr(
 						"aws_security_group_rule.ingress_1", "from_port", "80"),
 					testRuleCount,
@@ -231,7 +231,7 @@ func TestAccAWSSecurityGroupRule_Egress(t *testing.T) {
 				Config: testAccAWSSecurityGroupRuleEgressConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-					testAccCheckAWSSecurityGroupRuleAttributes(&group, "egress"),
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.egress_1", &group, nil, "egress"),
 				),
 			},
 		},
@@ -256,6 +256,92 @@ func TestAccAWSSecurityGroupRule_SelfReference(t *testing.T) {
 	})
 }
 
+// testing partial match implementation
+func TestAccAWSSecurityGroupRule_PartialMatching_Basic(t *testing.T) {
+        var group ec2.SecurityGroup
+
+        p := ec2.IpPermission{
+                FromPort:   aws.Int64(80),
+                ToPort:     aws.Int64(80),
+                IpProtocol: aws.String("tcp"),
+                IpRanges: []*ec2.IpRange{
+                        &ec2.IpRange{CidrIp: aws.String("10.0.2.0/24")},
+                        &ec2.IpRange{CidrIp: aws.String("10.0.3.0/24")},
+                        &ec2.IpRange{CidrIp: aws.String("10.0.4.0/24")},
+                },
+        }
+
+        o := ec2.IpPermission{
+                FromPort:   aws.Int64(80),
+                ToPort:     aws.Int64(80),
+                IpProtocol: aws.String("tcp"),
+                IpRanges: []*ec2.IpRange{
+                        &ec2.IpRange{CidrIp: aws.String("10.0.5.0/24")},
+                },
+        }
+
+        resource.Test(t, resource.TestCase{
+                PreCheck:     func() { testAccPreCheck(t) },
+                Providers:    testAccProviders,
+                CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
+                Steps: []resource.TestStep{
+                        resource.TestStep{
+                                Config: testAccAWSSecurityGroupRulePartialMatching,
+                                Check: resource.ComposeTestCheckFunc(
+                                        testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress", &group, &p, "ingress"),
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.other", &group, &o, "ingress"),
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.nat_ingress", &group, &o, "ingress"),
+                                ),
+                        },
+                },
+        })
+}
+
+func TestAccAWSSecurityGroupRule_PartialMatching_Source(t *testing.T) {
+        var group ec2.SecurityGroup
+        var nat ec2.SecurityGroup
+        var p ec2.IpPermission
+
+        // This function creates the expected IPPermission with the group id from an
+        // external security group, needed because Security Group IDs are generated on
+        // AWS side and can't be known ahead of time.
+        setupSG := func(*terraform.State) error {
+                if nat.GroupId == nil {
+                        return fmt.Errorf("Error: nat group has nil GroupID")
+                }
+
+                p = ec2.IpPermission{
+                        FromPort:   aws.Int64(80),
+                        ToPort:     aws.Int64(80),
+                        IpProtocol: aws.String("tcp"),
+                        UserIdGroupPairs: []*ec2.UserIdGroupPair{
+                                &ec2.UserIdGroupPair{GroupId: nat.GroupId},
+                        },
+                }
+
+                return nil
+        }
+
+        resource.Test(t, resource.TestCase{
+                PreCheck:     func() { testAccPreCheck(t) },
+                Providers:    testAccProviders,
+                CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
+                Steps: []resource.TestStep{
+                        resource.TestStep{
+                                Config: testAccAWSSecurityGroupRulePartialMatching_Source,
+                                Check: resource.ComposeTestCheckFunc(
+                                        testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
+                                        testAccCheckAWSSecurityGroupRuleExists("aws_security_group.nat", &nat),
+                                        setupSG,
+                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.source_ingress", &group, &p, "ingress"),
+                                ),
+                        },
+                },
+        })
+
+}
+
 func testAccCheckAWSSecurityGroupRuleDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ec2conn
 
@@ -319,14 +405,27 @@ func testAccCheckAWSSecurityGroupRuleExists(n string, group *ec2.SecurityGroup)
 	}
 }
 
-func testAccCheckAWSSecurityGroupRuleAttributes(group *ec2.SecurityGroup, ruleType string) resource.TestCheckFunc {
+func testAccCheckAWSSecurityGroupRuleAttributes(n string, group *ec2.SecurityGroup, p *ec2.IpPermission, ruleType string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-		p := &ec2.IpPermission{
-			FromPort:   aws.Int64(80),
-			ToPort:     aws.Int64(8000),
-			IpProtocol: aws.String("tcp"),
-			IpRanges:   []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}},
+                rs, ok := s.RootModule().Resources[n]
+                if !ok {
+                        return fmt.Errorf("Security Group Rule Not found: %s", n)
+                }
+
+                if rs.Primary.ID == "" {
+                        return fmt.Errorf("No Security Group Rule is set")
 		}
+
+                if p == nil {
+                        p = &ec2.IpPermission{
+                                FromPort:   aws.Int64(80),
+                                ToPort:     aws.Int64(8000),
+                                IpProtocol: aws.String("tcp"),
+                                IpRanges:   []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}},
+                        }
+                }
+
+                var matchingRule *ec2.IpPermission
 		var rules []*ec2.IpPermission
 		if ruleType == "ingress" {
 			rules = group.IpPermissions
@@ -338,15 +437,53 @@ func testAccCheckAWSSecurityGroupRuleAttributes(group *ec2.SecurityGroup, ruleTy
 			return fmt.Errorf("No IPPerms")
 		}
 
-		// Compare our ingress
-		if !reflect.DeepEqual(rules[0], p) {
-			return fmt.Errorf(
-				"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
-				rules[0],
-				p)
+                for _, r := range rules {
+                        if r.ToPort != nil && *p.ToPort != *r.ToPort {
+                                continue
+                        }
+
+                        if r.FromPort != nil && *p.FromPort != *r.FromPort {
+                                continue
+                        }
+
+                        if r.IpProtocol != nil && *p.IpProtocol != *r.IpProtocol {
+                                continue
+                        }
+
+                        remaining := len(p.IpRanges)
+                        for _, ip := range p.IpRanges {
+                                for _, rip := range r.IpRanges {
+                                        if *ip.CidrIp == *rip.CidrIp {
+                                                remaining--
+                                        }
+                                }
+                        }
+
+                        if remaining > 0 {
+                                continue
+                        }
+
+                        remaining = len(p.UserIdGroupPairs)
+                        for _, ip := range p.UserIdGroupPairs {
+                                for _, rip := range r.UserIdGroupPairs {
+                                        if *ip.GroupId == *rip.GroupId {
+                                                remaining--
+                                        }
+                                }
+                        }
+
+                        if remaining > 0 {
+                                continue
+                        }
+                        matchingRule = r
 		}
 
-		return nil
+                if matchingRule != nil {
+                        log.Printf("[DEBUG] Matching rule found : %s", matchingRule)
+                        return nil
+                }
+
+                return fmt.Errorf("Error here\n\tlooking for %s, wasn't found in %s", p, rules)
 	}
 }
 
@@ -480,3 +617,104 @@ resource "aws_security_group_rule" "self" {
   security_group_id = "${aws_security_group.web.id}"
 }
 `
+
+const testAccAWSSecurityGroupRulePartialMatching = `
+resource "aws_vpc" "default" {
+  cidr_block = "10.0.0.0/16"
+  tags {
+    Name = "tf-sg-rule-bug"
+  }
+}
+
+resource "aws_security_group" "web" {
+    name = "tf-other"
+    vpc_id = "${aws_vpc.default.id}"
+    tags {
+        Name        = "tf-other-sg"
+    }
+}
+
+resource "aws_security_group" "nat" {
+    name = "tf-nat"
+    vpc_id = "${aws_vpc.default.id}"
+    tags {
+        Name        = "tf-nat-sg"
+    }
+}
+
+resource "aws_security_group_rule" "ingress" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.2.0/24", "10.0.3.0/24", "10.0.4.0/24"]
+
+   security_group_id = "${aws_security_group.web.id}"
+}
+
+resource "aws_security_group_rule" "other" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.5.0/24"]
+
+   security_group_id = "${aws_security_group.web.id}"
+}
+
+// same a above, but different group, to guard against bad hashing
+resource "aws_security_group_rule" "nat_ingress" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.2.0/24", "10.0.3.0/24", "10.0.4.0/24"]
+
+   security_group_id = "${aws_security_group.nat.id}"
+}
+`
+
+const testAccAWSSecurityGroupRulePartialMatching_Source = `
+resource "aws_vpc" "default" {
+  cidr_block = "10.0.0.0/16"
+  tags {
+    Name = "tf-sg-rule-bug"
+  }
+}
+
+resource "aws_security_group" "web" {
+    name = "tf-other"
+    vpc_id = "${aws_vpc.default.id}"
+    tags {
+        Name        = "tf-other-sg"
+    }
+}
+
+resource "aws_security_group" "nat" {
+    name = "tf-nat"
+    vpc_id = "${aws_vpc.default.id}"
+    tags {
+        Name        = "tf-nat-sg"
+    }
+}
+
+resource "aws_security_group_rule" "source_ingress" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+
+                source_security_group_id = "${aws_security_group.nat.id}"
+   security_group_id = "${aws_security_group.web.id}"
+}
+
+resource "aws_security_group_rule" "other_ingress" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.2.0/24", "10.0.3.0/24", "10.0.4.0/24"]
+
+   security_group_id = "${aws_security_group.web.id}"
+}
+`

From e0bb04b82287565f33baa1dc4cdef8953000616e Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 18 Aug 2015 10:17:15 -0500
Subject: [PATCH 215/335] update expeded hash for migration test

---
 .../aws/resource_aws_security_group_rule_migrate_test.go      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go b/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
index 664f050393..f9352fa278 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
@@ -27,7 +27,7 @@ func TestAWSSecurityGroupRuleMigrateState(t *testing.T) {
 				"from_port":                "0",
 				"source_security_group_id": "sg-11877275",
 			},
-			Expected: "sg-3766347571",
+                        Expected: "sg-2889201120",
 		},
 		"v0_2": {
 			StateVersion: 0,
@@ -44,7 +44,7 @@ func TestAWSSecurityGroupRuleMigrateState(t *testing.T) {
 				"cidr_blocks.2":     "172.16.3.0/24",
 				"cidr_blocks.3":     "172.16.4.0/24",
 				"cidr_blocks.#":     "4"},
-			Expected: "sg-4100229787",
+                        Expected: "sg-1826358977",
 		},
 	}
 

From 03aac9f42b7c1159abe681951acb5a3ac1aea34b Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Fri, 21 Aug 2015 09:58:56 -0500
Subject: [PATCH 216/335] Expand on an error case with more descriptive error

---
 builtin/providers/aws/resource_aws_eip.go     | 22 +++++++++----------
 .../aws/resource_aws_security_group_rule.go   |  8 ++++---
 .../resource_aws_security_group_rule_test.go  |  2 +-
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_eip.go b/builtin/providers/aws/resource_aws_eip.go
index 4b369ee606..0a7801beed 100644
--- a/builtin/providers/aws/resource_aws_eip.go
+++ b/builtin/providers/aws/resource_aws_eip.go
@@ -27,19 +27,19 @@ func resourceAwsEip() *schema.Resource {
 				ForceNew: true,
 			},
 
-			"instance": &schema.Schema{
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
-			},
+                        "instance": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                Computed: true,
+                        },
 
-			"network_interface": &schema.Schema{
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
-			},
+                        "network_interface": &schema.Schema{
+                                Type:     schema.TypeString,
+                                Optional: true,
+                                Computed: true,
+                        },
 
-			"allocation_id": &schema.Schema{
+                        "allocation_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
 			},
diff --git a/builtin/providers/aws/resource_aws_security_group_rule.go b/builtin/providers/aws/resource_aws_security_group_rule.go
index bd40c284f4..a1f078a827 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule.go
@@ -171,7 +171,9 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
         p := expandIPPerm(d, sg)
 
         if len(rules) == 0 {
-                return fmt.Errorf("No IPPerms")
+                return fmt.Errorf(
+                        "[WARN] No %s rules were found for Security Group (%s) looking for Security Group Rule (%s)",
+                        ruleType, *sg.GroupName, d.Id())
         }
 
         for _, r := range rules {
@@ -198,7 +200,7 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 
                 if remaining > 0 {
                         continue
-		}
+                }
 
                 remaining = len(p.UserIdGroupPairs)
                 for _, ip := range p.UserIdGroupPairs {
@@ -211,7 +213,7 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 
                 if remaining > 0 {
                         continue
-                }
+		}
 
                 log.Printf("[DEBUG] Found rule for Security Group Rule (%s): %s", d.Id(), r)
                 rule = r
diff --git a/builtin/providers/aws/resource_aws_security_group_rule_test.go b/builtin/providers/aws/resource_aws_security_group_rule_test.go
index a00385ba79..29e831446c 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_test.go
@@ -257,7 +257,7 @@ func TestAccAWSSecurityGroupRule_SelfReference(t *testing.T) {
 }
 
 // testing partial match implementation
-func TestAccAWSSecurityGroupRule_PartialMatching_Basic(t *testing.T) {
+func TestAccAWSSecurityGroupRule_PartialMatching_basic(t *testing.T) {
         var group ec2.SecurityGroup
 
         p := ec2.IpPermission{

From 9f3a17e9b4074b420431a8e345b377f543a654d2 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Mon, 12 Oct 2015 15:19:42 -0500
Subject: [PATCH 217/335] update sg rule ids

---
 builtin/providers/aws/resource_aws_eip.go     |  22 +-
 .../aws/resource_aws_security_group_rule.go   | 126 ++++----
 ...esource_aws_security_group_rule_migrate.go |  14 +-
 ...ce_aws_security_group_rule_migrate_test.go |   4 +-
 .../resource_aws_security_group_rule_test.go  | 270 +++++++++---------
 5 files changed, 218 insertions(+), 218 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_eip.go b/builtin/providers/aws/resource_aws_eip.go
index 0a7801beed..4b369ee606 100644
--- a/builtin/providers/aws/resource_aws_eip.go
+++ b/builtin/providers/aws/resource_aws_eip.go
@@ -27,19 +27,19 @@ func resourceAwsEip() *schema.Resource {
 				ForceNew: true,
 			},
 
-                        "instance": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                Computed: true,
-                        },
+			"instance": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
 
-                        "network_interface": &schema.Schema{
-                                Type:     schema.TypeString,
-                                Optional: true,
-                                Computed: true,
-                        },
+			"network_interface": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
 
-                        "allocation_id": &schema.Schema{
+			"allocation_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
 			},
diff --git a/builtin/providers/aws/resource_aws_security_group_rule.go b/builtin/providers/aws/resource_aws_security_group_rule.go
index a1f078a827..55499cfd58 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule.go
@@ -20,7 +20,7 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
 		Read:   resourceAwsSecurityGroupRuleRead,
 		Delete: resourceAwsSecurityGroupRuleDelete,
 
-                SchemaVersion: 2,
+		SchemaVersion: 2,
 		MigrateState:  resourceAwsSecurityGroupRuleMigrateState,
 
 		Schema: map[string]*schema.Schema{
@@ -67,15 +67,15 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
 				Optional:      true,
 				ForceNew:      true,
 				Computed:      true,
-                                ConflictsWith: []string{"cidr_blocks", "self"},
+				ConflictsWith: []string{"cidr_blocks", "self"},
 			},
 
 			"self": &schema.Schema{
-                                Type:          schema.TypeBool,
-                                Optional:      true,
-                                Default:       false,
-                                ForceNew:      true,
-                                ConflictsWith: []string{"cidr_blocks"},
+				Type:          schema.TypeBool,
+				Optional:      true,
+				Default:       false,
+				ForceNew:      true,
+				ConflictsWith: []string{"cidr_blocks"},
 			},
 		},
 	}
@@ -143,7 +143,7 @@ information and instructions for recovery. Error message: %s`, awsErr.Message())
 			ruleType, autherr)
 	}
 
-        d.SetId(ipPermissionIDHash(sg_id, ruleType, perm))
+	d.SetId(ipPermissionIDHash(sg_id, ruleType, perm))
 
 	return resourceAwsSecurityGroupRuleRead(d, meta)
 }
@@ -159,69 +159,69 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 	}
 
 	var rule *ec2.IpPermission
-        var rules []*ec2.IpPermission
+	var rules []*ec2.IpPermission
 	ruleType := d.Get("type").(string)
 	switch ruleType {
 	case "ingress":
-                rules = sg.IpPermissions
+		rules = sg.IpPermissions
 	default:
-                rules = sg.IpPermissionsEgress
+		rules = sg.IpPermissionsEgress
 	}
 
-        p := expandIPPerm(d, sg)
+	p := expandIPPerm(d, sg)
 
-        if len(rules) == 0 {
-                return fmt.Errorf(
-                        "[WARN] No %s rules were found for Security Group (%s) looking for Security Group Rule (%s)",
-                        ruleType, *sg.GroupName, d.Id())
-        }
+	if len(rules) == 0 {
+		return fmt.Errorf(
+			"[WARN] No %s rules were found for Security Group (%s) looking for Security Group Rule (%s)",
+			ruleType, *sg.GroupName, d.Id())
+	}
 
-        for _, r := range rules {
-                if r.ToPort != nil && *p.ToPort != *r.ToPort {
-                        continue
-                }
-
-                if r.FromPort != nil && *p.FromPort != *r.FromPort {
-                        continue
-                }
-
-                if r.IpProtocol != nil && *p.IpProtocol != *r.IpProtocol {
-                        continue
-                }
-
-                remaining := len(p.IpRanges)
-                for _, ip := range p.IpRanges {
-                        for _, rip := range r.IpRanges {
-                                if *ip.CidrIp == *rip.CidrIp {
-                                        remaining--
-                                }
-                        }
-                }
-
-                if remaining > 0 {
-                        continue
-                }
-
-                remaining = len(p.UserIdGroupPairs)
-                for _, ip := range p.UserIdGroupPairs {
-                        for _, rip := range r.UserIdGroupPairs {
-                                if *ip.GroupId == *rip.GroupId {
-                                        remaining--
-                                }
-                        }
-                }
-
-                if remaining > 0 {
-                        continue
+	for _, r := range rules {
+		if r.ToPort != nil && *p.ToPort != *r.ToPort {
+			continue
 		}
 
-                log.Printf("[DEBUG] Found rule for Security Group Rule (%s): %s", d.Id(), r)
-                rule = r
+		if r.FromPort != nil && *p.FromPort != *r.FromPort {
+			continue
+		}
+
+		if r.IpProtocol != nil && *p.IpProtocol != *r.IpProtocol {
+			continue
+		}
+
+		remaining := len(p.IpRanges)
+		for _, ip := range p.IpRanges {
+			for _, rip := range r.IpRanges {
+				if *ip.CidrIp == *rip.CidrIp {
+					remaining--
+				}
+			}
+		}
+
+		if remaining > 0 {
+			continue
+		}
+
+		remaining = len(p.UserIdGroupPairs)
+		for _, ip := range p.UserIdGroupPairs {
+			for _, rip := range r.UserIdGroupPairs {
+				if *ip.GroupId == *rip.GroupId {
+					remaining--
+				}
+			}
+		}
+
+		if remaining > 0 {
+			continue
+		}
+
+		log.Printf("[DEBUG] Found rule for Security Group Rule (%s): %s", d.Id(), r)
+		rule = r
 	}
 
 	if rule == nil {
-                log.Printf("[DEBUG] Unable to find matching %s Security Group Rule (%s) for Group %s",
-                        ruleType, d.Id(), sg_id)
+		log.Printf("[DEBUG] Unable to find matching %s Security Group Rule (%s) for Group %s",
+			ruleType, d.Id(), sg_id)
 		d.SetId("")
 		return nil
 	}
@@ -232,14 +232,14 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 	d.Set("type", ruleType)
 
 	var cb []string
-        for _, c := range p.IpRanges {
+	for _, c := range p.IpRanges {
 		cb = append(cb, *c.CidrIp)
 	}
 
 	d.Set("cidr_blocks", cb)
 
-        if len(p.UserIdGroupPairs) > 0 {
-                s := p.UserIdGroupPairs[0]
+	if len(p.UserIdGroupPairs) > 0 {
+		s := p.UserIdGroupPairs[0]
 		d.Set("source_security_group_id", *s.GroupId)
 	}
 
@@ -333,7 +333,7 @@ func (b ByGroupPair) Less(i, j int) bool {
 
 func ipPermissionIDHash(sg_id, ruleType string, ip *ec2.IpPermission) string {
 	var buf bytes.Buffer
-        buf.WriteString(fmt.Sprintf("%s-", sg_id))
+	buf.WriteString(fmt.Sprintf("%s-", sg_id))
 	if ip.FromPort != nil && *ip.FromPort > 0 {
 		buf.WriteString(fmt.Sprintf("%d-", *ip.FromPort))
 	}
@@ -373,7 +373,7 @@ func ipPermissionIDHash(sg_id, ruleType string, ip *ec2.IpPermission) string {
 		}
 	}
 
-	return fmt.Sprintf("sg-%d", hashcode.String(buf.String()))
+	return fmt.Sprintf("sgrule-%d", hashcode.String(buf.String()))
 }
 
 func expandIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup) *ec2.IpPermission {
diff --git a/builtin/providers/aws/resource_aws_security_group_rule_migrate.go b/builtin/providers/aws/resource_aws_security_group_rule_migrate.go
index 3dd6f5f726..0b57f3f171 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_migrate.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_migrate.go
@@ -17,12 +17,12 @@ func resourceAwsSecurityGroupRuleMigrateState(
 	case 0:
 		log.Println("[INFO] Found AWS Security Group State v0; migrating to v1")
 		return migrateSGRuleStateV0toV1(is)
-        case 1:
-                log.Println("[INFO] Found AWS Security Group State v1; migrating to v2")
-                // migrating to version 2 of the schema is the same as 0->1, since the
-                // method signature has changed now and will use the security group id in
-                // the hash
-                return migrateSGRuleStateV0toV1(is)
+	case 1:
+		log.Println("[INFO] Found AWS Security Group State v1; migrating to v2")
+		// migrating to version 2 of the schema is the same as 0->1, since the
+		// method signature has changed now and will use the security group id in
+		// the hash
+		return migrateSGRuleStateV0toV1(is)
 	default:
 		return is, fmt.Errorf("Unexpected schema version: %d", v)
 	}
@@ -43,7 +43,7 @@ func migrateSGRuleStateV0toV1(is *terraform.InstanceState) (*terraform.InstanceS
 	}
 
 	log.Printf("[DEBUG] Attributes before migration: %#v", is.Attributes)
-        newID := ipPermissionIDHash(is.Attributes["security_group_id"], is.Attributes["type"], perm)
+	newID := ipPermissionIDHash(is.Attributes["security_group_id"], is.Attributes["type"], perm)
 	is.Attributes["id"] = newID
 	is.ID = newID
 	log.Printf("[DEBUG] Attributes after migration: %#v, new id: %s", is.Attributes, newID)
diff --git a/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go b/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
index f9352fa278..87e3a1d63c 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
@@ -27,7 +27,7 @@ func TestAWSSecurityGroupRuleMigrateState(t *testing.T) {
 				"from_port":                "0",
 				"source_security_group_id": "sg-11877275",
 			},
-                        Expected: "sg-2889201120",
+			Expected: "sg-2889201120",
 		},
 		"v0_2": {
 			StateVersion: 0,
@@ -44,7 +44,7 @@ func TestAWSSecurityGroupRuleMigrateState(t *testing.T) {
 				"cidr_blocks.2":     "172.16.3.0/24",
 				"cidr_blocks.3":     "172.16.4.0/24",
 				"cidr_blocks.#":     "4"},
-                        Expected: "sg-1826358977",
+			Expected: "sg-1826358977",
 		},
 	}
 
diff --git a/builtin/providers/aws/resource_aws_security_group_rule_test.go b/builtin/providers/aws/resource_aws_security_group_rule_test.go
index 29e831446c..f06dd3e137 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_test.go
@@ -2,7 +2,7 @@ package aws
 
 import (
 	"fmt"
-        "log"
+	"log"
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -90,15 +90,15 @@ func TestIpPermissionIDHash(t *testing.T) {
 		Type   string
 		Output string
 	}{
-                {simple, "ingress", "sg-3403497314"},
-                {egress, "egress", "sg-1173186295"},
-                {egress_all, "egress", "sg-766323498"},
-                {vpc_security_group_source, "egress", "sg-351225364"},
-                {security_group_source, "egress", "sg-2198807188"},
+		{simple, "ingress", "sgrule-3403497314"},
+		{egress, "egress", "sgrule-1173186295"},
+		{egress_all, "egress", "sgrule-766323498"},
+		{vpc_security_group_source, "egress", "sgrule-351225364"},
+		{security_group_source, "egress", "sgrule-2198807188"},
 	}
 
 	for _, tc := range cases {
-                actual := ipPermissionIDHash("sg-12345", tc.Type, tc.Input)
+		actual := ipPermissionIDHash("sg-12345", tc.Type, tc.Input)
 		if actual != tc.Output {
 			t.Errorf("input: %s - %s\noutput: %s", tc.Type, tc.Input, actual)
 		}
@@ -132,7 +132,7 @@ func TestAccAWSSecurityGroupRule_Ingress_VPC(t *testing.T) {
 				Config: testAccAWSSecurityGroupRuleIngressConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress_1", &group, nil, "ingress"),
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress_1", &group, nil, "ingress"),
 					resource.TestCheckResourceAttr(
 						"aws_security_group_rule.ingress_1", "from_port", "80"),
 					testRuleCount,
@@ -169,7 +169,7 @@ func TestAccAWSSecurityGroupRule_Ingress_Classic(t *testing.T) {
 				Config: testAccAWSSecurityGroupRuleIngressClassicConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress_1", &group, nil, "ingress"),
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress_1", &group, nil, "ingress"),
 					resource.TestCheckResourceAttr(
 						"aws_security_group_rule.ingress_1", "from_port", "80"),
 					testRuleCount,
@@ -231,7 +231,7 @@ func TestAccAWSSecurityGroupRule_Egress(t *testing.T) {
 				Config: testAccAWSSecurityGroupRuleEgressConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.egress_1", &group, nil, "egress"),
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.egress_1", &group, nil, "egress"),
 				),
 			},
 		},
@@ -258,87 +258,87 @@ func TestAccAWSSecurityGroupRule_SelfReference(t *testing.T) {
 
 // testing partial match implementation
 func TestAccAWSSecurityGroupRule_PartialMatching_basic(t *testing.T) {
-        var group ec2.SecurityGroup
+	var group ec2.SecurityGroup
 
-        p := ec2.IpPermission{
-                FromPort:   aws.Int64(80),
-                ToPort:     aws.Int64(80),
-                IpProtocol: aws.String("tcp"),
-                IpRanges: []*ec2.IpRange{
-                        &ec2.IpRange{CidrIp: aws.String("10.0.2.0/24")},
-                        &ec2.IpRange{CidrIp: aws.String("10.0.3.0/24")},
-                        &ec2.IpRange{CidrIp: aws.String("10.0.4.0/24")},
-                },
-        }
+	p := ec2.IpPermission{
+		FromPort:   aws.Int64(80),
+		ToPort:     aws.Int64(80),
+		IpProtocol: aws.String("tcp"),
+		IpRanges: []*ec2.IpRange{
+			&ec2.IpRange{CidrIp: aws.String("10.0.2.0/24")},
+			&ec2.IpRange{CidrIp: aws.String("10.0.3.0/24")},
+			&ec2.IpRange{CidrIp: aws.String("10.0.4.0/24")},
+		},
+	}
 
-        o := ec2.IpPermission{
-                FromPort:   aws.Int64(80),
-                ToPort:     aws.Int64(80),
-                IpProtocol: aws.String("tcp"),
-                IpRanges: []*ec2.IpRange{
-                        &ec2.IpRange{CidrIp: aws.String("10.0.5.0/24")},
-                },
-        }
+	o := ec2.IpPermission{
+		FromPort:   aws.Int64(80),
+		ToPort:     aws.Int64(80),
+		IpProtocol: aws.String("tcp"),
+		IpRanges: []*ec2.IpRange{
+			&ec2.IpRange{CidrIp: aws.String("10.0.5.0/24")},
+		},
+	}
 
-        resource.Test(t, resource.TestCase{
-                PreCheck:     func() { testAccPreCheck(t) },
-                Providers:    testAccProviders,
-                CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
-                Steps: []resource.TestStep{
-                        resource.TestStep{
-                                Config: testAccAWSSecurityGroupRulePartialMatching,
-                                Check: resource.ComposeTestCheckFunc(
-                                        testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress", &group, &p, "ingress"),
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.other", &group, &o, "ingress"),
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.nat_ingress", &group, &o, "ingress"),
-                                ),
-                        },
-                },
-        })
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupRulePartialMatching,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.ingress", &group, &p, "ingress"),
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.other", &group, &o, "ingress"),
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.nat_ingress", &group, &o, "ingress"),
+				),
+			},
+		},
+	})
 }
 
 func TestAccAWSSecurityGroupRule_PartialMatching_Source(t *testing.T) {
-        var group ec2.SecurityGroup
-        var nat ec2.SecurityGroup
-        var p ec2.IpPermission
+	var group ec2.SecurityGroup
+	var nat ec2.SecurityGroup
+	var p ec2.IpPermission
 
-        // This function creates the expected IPPermission with the group id from an
-        // external security group, needed because Security Group IDs are generated on
-        // AWS side and can't be known ahead of time.
-        setupSG := func(*terraform.State) error {
-                if nat.GroupId == nil {
-                        return fmt.Errorf("Error: nat group has nil GroupID")
-                }
+	// This function creates the expected IPPermission with the group id from an
+	// external security group, needed because Security Group IDs are generated on
+	// AWS side and can't be known ahead of time.
+	setupSG := func(*terraform.State) error {
+		if nat.GroupId == nil {
+			return fmt.Errorf("Error: nat group has nil GroupID")
+		}
 
-                p = ec2.IpPermission{
-                        FromPort:   aws.Int64(80),
-                        ToPort:     aws.Int64(80),
-                        IpProtocol: aws.String("tcp"),
-                        UserIdGroupPairs: []*ec2.UserIdGroupPair{
-                                &ec2.UserIdGroupPair{GroupId: nat.GroupId},
-                        },
-                }
+		p = ec2.IpPermission{
+			FromPort:   aws.Int64(80),
+			ToPort:     aws.Int64(80),
+			IpProtocol: aws.String("tcp"),
+			UserIdGroupPairs: []*ec2.UserIdGroupPair{
+				&ec2.UserIdGroupPair{GroupId: nat.GroupId},
+			},
+		}
 
-                return nil
-        }
+		return nil
+	}
 
-        resource.Test(t, resource.TestCase{
-                PreCheck:     func() { testAccPreCheck(t) },
-                Providers:    testAccProviders,
-                CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
-                Steps: []resource.TestStep{
-                        resource.TestStep{
-                                Config: testAccAWSSecurityGroupRulePartialMatching_Source,
-                                Check: resource.ComposeTestCheckFunc(
-                                        testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
-                                        testAccCheckAWSSecurityGroupRuleExists("aws_security_group.nat", &nat),
-                                        setupSG,
-                                        testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.source_ingress", &group, &p, "ingress"),
-                                ),
-                        },
-                },
-        })
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSecurityGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupRulePartialMatching_Source,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.web", &group),
+					testAccCheckAWSSecurityGroupRuleExists("aws_security_group.nat", &nat),
+					setupSG,
+					testAccCheckAWSSecurityGroupRuleAttributes("aws_security_group_rule.source_ingress", &group, &p, "ingress"),
+				),
+			},
+		},
+	})
 
 }
 
@@ -407,25 +407,25 @@ func testAccCheckAWSSecurityGroupRuleExists(n string, group *ec2.SecurityGroup)
 
 func testAccCheckAWSSecurityGroupRuleAttributes(n string, group *ec2.SecurityGroup, p *ec2.IpPermission, ruleType string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-                rs, ok := s.RootModule().Resources[n]
-                if !ok {
-                        return fmt.Errorf("Security Group Rule Not found: %s", n)
-                }
-
-                if rs.Primary.ID == "" {
-                        return fmt.Errorf("No Security Group Rule is set")
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Security Group Rule Not found: %s", n)
 		}
 
-                if p == nil {
-                        p = &ec2.IpPermission{
-                                FromPort:   aws.Int64(80),
-                                ToPort:     aws.Int64(8000),
-                                IpProtocol: aws.String("tcp"),
-                                IpRanges:   []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}},
-                        }
-                }
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Security Group Rule is set")
+		}
 
-                var matchingRule *ec2.IpPermission
+		if p == nil {
+			p = &ec2.IpPermission{
+				FromPort:   aws.Int64(80),
+				ToPort:     aws.Int64(8000),
+				IpProtocol: aws.String("tcp"),
+				IpRanges:   []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}},
+			}
+		}
+
+		var matchingRule *ec2.IpPermission
 		var rules []*ec2.IpPermission
 		if ruleType == "ingress" {
 			rules = group.IpPermissions
@@ -437,53 +437,53 @@ func testAccCheckAWSSecurityGroupRuleAttributes(n string, group *ec2.SecurityGro
 			return fmt.Errorf("No IPPerms")
 		}
 
-                for _, r := range rules {
-                        if r.ToPort != nil && *p.ToPort != *r.ToPort {
-                                continue
-                        }
+		for _, r := range rules {
+			if r.ToPort != nil && *p.ToPort != *r.ToPort {
+				continue
+			}
 
-                        if r.FromPort != nil && *p.FromPort != *r.FromPort {
-                                continue
-                        }
+			if r.FromPort != nil && *p.FromPort != *r.FromPort {
+				continue
+			}
 
-                        if r.IpProtocol != nil && *p.IpProtocol != *r.IpProtocol {
-                                continue
-                        }
+			if r.IpProtocol != nil && *p.IpProtocol != *r.IpProtocol {
+				continue
+			}
 
-                        remaining := len(p.IpRanges)
-                        for _, ip := range p.IpRanges {
-                                for _, rip := range r.IpRanges {
-                                        if *ip.CidrIp == *rip.CidrIp {
-                                                remaining--
-                                        }
-                                }
-                        }
+			remaining := len(p.IpRanges)
+			for _, ip := range p.IpRanges {
+				for _, rip := range r.IpRanges {
+					if *ip.CidrIp == *rip.CidrIp {
+						remaining--
+					}
+				}
+			}
 
-                        if remaining > 0 {
-                                continue
-                        }
+			if remaining > 0 {
+				continue
+			}
 
-                        remaining = len(p.UserIdGroupPairs)
-                        for _, ip := range p.UserIdGroupPairs {
-                                for _, rip := range r.UserIdGroupPairs {
-                                        if *ip.GroupId == *rip.GroupId {
-                                                remaining--
-                                        }
-                                }
-                        }
+			remaining = len(p.UserIdGroupPairs)
+			for _, ip := range p.UserIdGroupPairs {
+				for _, rip := range r.UserIdGroupPairs {
+					if *ip.GroupId == *rip.GroupId {
+						remaining--
+					}
+				}
+			}
 
-                        if remaining > 0 {
-                                continue
-                        }
-                        matchingRule = r
+			if remaining > 0 {
+				continue
+			}
+			matchingRule = r
 		}
 
-                if matchingRule != nil {
-                        log.Printf("[DEBUG] Matching rule found : %s", matchingRule)
-                        return nil
-                }
+		if matchingRule != nil {
+			log.Printf("[DEBUG] Matching rule found : %s", matchingRule)
+			return nil
+		}
 
-                return fmt.Errorf("Error here\n\tlooking for %s, wasn't found in %s", p, rules)
+		return fmt.Errorf("Error here\n\tlooking for %s, wasn't found in %s", p, rules)
 	}
 }
 

From 8d84369738340701912a538c07d1b7926ef5c695 Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Mon, 12 Oct 2015 16:03:43 -0500
Subject: [PATCH 218/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ca088c721..5bc6260f58 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -68,6 +68,7 @@ BUG FIXES:
   * provider/aws: Allow `weight = 0` in Route53 records [GH-3196]
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/aws: Fix ValidateAccountId for IAM Instance Profiles [GH-3313]
+  * provider/aws: Update Security Group Rules to Version 2 [GH-3019]
   * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
   * provider/digitalocean: Fix issue causing unnecessary diffs based on droplet slugsize case [GH-3284]
   * provider/openstack: add state 'downloading' to list of expected states in

From 31b8f04bda7234c37bd01589bdb5f0c3d7a10c3c Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Fri, 9 Oct 2015 11:49:36 -0500
Subject: [PATCH 219/335] provider/aws: Migrate KeyPair to version 1

---
 .../providers/aws/resource_aws_key_pair.go    | 13 +++++
 .../aws/resource_aws_key_pair_migrate.go      | 38 +++++++++++++
 .../aws/resource_aws_key_pair_migrate_test.go | 55 +++++++++++++++++++
 3 files changed, 106 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_key_pair_migrate.go
 create mode 100644 builtin/providers/aws/resource_aws_key_pair_migrate_test.go

diff --git a/builtin/providers/aws/resource_aws_key_pair.go b/builtin/providers/aws/resource_aws_key_pair.go
index e747fbfc50..0d6c51fcf9 100644
--- a/builtin/providers/aws/resource_aws_key_pair.go
+++ b/builtin/providers/aws/resource_aws_key_pair.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -18,6 +19,9 @@ func resourceAwsKeyPair() *schema.Resource {
 		Update: nil,
 		Delete: resourceAwsKeyPairDelete,
 
+		SchemaVersion: 1,
+		MigrateState:  resourceAwsKeyPairMigrateState,
+
 		Schema: map[string]*schema.Schema{
 			"key_name": &schema.Schema{
 				Type:     schema.TypeString,
@@ -29,6 +33,14 @@ func resourceAwsKeyPair() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
+				StateFunc: func(v interface{}) string {
+					switch v.(type) {
+					case string:
+						return strings.TrimSpace(v.(string))
+					default:
+						return ""
+					}
+				},
 			},
 			"fingerprint": &schema.Schema{
 				Type:     schema.TypeString,
@@ -45,6 +57,7 @@ func resourceAwsKeyPairCreate(d *schema.ResourceData, meta interface{}) error {
 	if keyName == "" {
 		keyName = resource.UniqueId()
 	}
+
 	publicKey := d.Get("public_key").(string)
 	req := &ec2.ImportKeyPairInput{
 		KeyName:           aws.String(keyName),
diff --git a/builtin/providers/aws/resource_aws_key_pair_migrate.go b/builtin/providers/aws/resource_aws_key_pair_migrate.go
new file mode 100644
index 0000000000..0d56123aab
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_key_pair_migrate.go
@@ -0,0 +1,38 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func resourceAwsKeyPairMigrateState(
+	v int, is *terraform.InstanceState, meta interface{}) (*terraform.InstanceState, error) {
+	switch v {
+	case 0:
+		log.Println("[INFO] Found AWS Key Pair State v0; migrating to v1")
+		return migrateKeyPairStateV0toV1(is)
+	default:
+		return is, fmt.Errorf("Unexpected schema version: %d", v)
+	}
+
+	return is, nil
+}
+
+func migrateKeyPairStateV0toV1(is *terraform.InstanceState) (*terraform.InstanceState, error) {
+	if is.Empty() {
+		log.Println("[DEBUG] Empty InstanceState; nothing to migrate.")
+		return is, nil
+	}
+
+	log.Printf("[DEBUG] Attributes before migration: %#v", is.Attributes)
+
+	// replace public_key with a stripped version, removing `\n` from the end
+	// see https://github.com/hashicorp/terraform/issues/3455
+	is.Attributes["public_key"] = strings.TrimSpace(is.Attributes["public_key"])
+
+	log.Printf("[DEBUG] Attributes after migration: %#v", is.Attributes)
+	return is, nil
+}
diff --git a/builtin/providers/aws/resource_aws_key_pair_migrate_test.go b/builtin/providers/aws/resource_aws_key_pair_migrate_test.go
new file mode 100644
index 0000000000..825d3c40fe
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_key_pair_migrate_test.go
@@ -0,0 +1,55 @@
+package aws
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAWSKeyPairMigrateState(t *testing.T) {
+	cases := map[string]struct {
+		StateVersion int
+		ID           string
+		Attributes   map[string]string
+		Expected     string
+		Meta         interface{}
+	}{
+		"v0_1": {
+			StateVersion: 0,
+			ID:           "tf-testing-file",
+			Attributes: map[string]string{
+				"fingerprint": "1d:cd:46:31:a9:4a:e0:06:8a:a1:22:cb:3b:bf:8e:42",
+				"key_name":    "tf-testing-file",
+				"public_key":  "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cnOwRTZCJCzPSzq0dl3== ctshryock",
+			},
+			Expected: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cnOwRTZCJCzPSzq0dl3== ctshryock",
+		},
+		"v0_2": {
+			StateVersion: 0,
+			ID:           "tf-testing-file",
+			Attributes: map[string]string{
+				"fingerprint": "1d:cd:46:31:a9:4a:e0:06:8a:a1:22:cb:3b:bf:8e:42",
+				"key_name":    "tf-testing-file",
+				"public_key":  "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cnOwRTZCJCzPSzq0dl3== ctshryock\n",
+			},
+			Expected: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4LBtwcFsQAYWw1cnOwRTZCJCzPSzq0dl3== ctshryock",
+		},
+	}
+
+	for tn, tc := range cases {
+		is := &terraform.InstanceState{
+			ID:         tc.ID,
+			Attributes: tc.Attributes,
+		}
+		is, err := resourceAwsKeyPairMigrateState(
+			tc.StateVersion, is, tc.Meta)
+
+		if err != nil {
+			t.Fatalf("bad: %s, err: %#v", tn, err)
+		}
+
+		if is.Attributes["public_key"] != tc.Expected {
+			t.Fatalf("Bad public_key migration: %s\n\n expected: %s", is.Attributes["public_key"], tc.Expected)
+		}
+	}
+}

From c44e9d10a48994d0b2136592f420e275131b2384 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Mon, 12 Oct 2015 16:26:49 -0500
Subject: [PATCH 220/335] update migration test

---
 .../aws/resource_aws_security_group_rule_migrate_test.go      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go b/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
index 87e3a1d63c..496834b8c0 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule_migrate_test.go
@@ -27,7 +27,7 @@ func TestAWSSecurityGroupRuleMigrateState(t *testing.T) {
 				"from_port":                "0",
 				"source_security_group_id": "sg-11877275",
 			},
-			Expected: "sg-2889201120",
+			Expected: "sgrule-2889201120",
 		},
 		"v0_2": {
 			StateVersion: 0,
@@ -44,7 +44,7 @@ func TestAWSSecurityGroupRuleMigrateState(t *testing.T) {
 				"cidr_blocks.2":     "172.16.3.0/24",
 				"cidr_blocks.3":     "172.16.4.0/24",
 				"cidr_blocks.#":     "4"},
-			Expected: "sg-1826358977",
+			Expected: "sgrule-1826358977",
 		},
 	}
 

From 307902ec2d8ec5728fdbc3e135e38343775ded48 Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Mon, 12 Oct 2015 16:34:16 -0500
Subject: [PATCH 221/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5bc6260f58..119e027b3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -69,6 +69,7 @@ BUG FIXES:
   * provider/aws: Normalize aws_elasticache_cluster id to lowercase, allowing convergence. [GH-3235]
   * provider/aws: Fix ValidateAccountId for IAM Instance Profiles [GH-3313]
   * provider/aws: Update Security Group Rules to Version 2 [GH-3019]
+  * provider/aws: Migrate KeyPair to version 1, fixing issue with using `file()` [GH-3470]
   * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
   * provider/digitalocean: Fix issue causing unnecessary diffs based on droplet slugsize case [GH-3284]
   * provider/openstack: add state 'downloading' to list of expected states in

From a811a72f11e327dde17a8c5db06e5b44765da482 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 15:50:07 -0500
Subject: [PATCH 222/335] provider/aws: fix force_delete on ASGs

The `ForceDelete` parameter was getting sent to the upstream API call,
but only after we had already finished draining instances from
Terraform, so it was a moot point by then.

This fixes that by skipping the drain when force_delete is true, and it
also simplifies the field config a bit:

 * set a default of false to simplify the logic
 * remove `ForceNew` since there's no need to replace the resource to
   flip this value
 * pull a detail comment from code into the docs
---
 .../aws/resource_aws_autoscaling_group.go     | 20 +++++++++----------
 .../aws/r/autoscaling_group.html.markdown     |  5 ++++-
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_autoscaling_group.go b/builtin/providers/aws/resource_aws_autoscaling_group.go
index 771bda2e3a..e6d62b61a0 100644
--- a/builtin/providers/aws/resource_aws_autoscaling_group.go
+++ b/builtin/providers/aws/resource_aws_autoscaling_group.go
@@ -73,8 +73,7 @@ func resourceAwsAutoscalingGroup() *schema.Resource {
 			"force_delete": &schema.Schema{
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
-				ForceNew: true,
+				Default:  false,
 			},
 
 			"health_check_grace_period": &schema.Schema{
@@ -334,15 +333,9 @@ func resourceAwsAutoscalingGroupDelete(d *schema.ResourceData, meta interface{})
 	}
 
 	log.Printf("[DEBUG] AutoScaling Group destroy: %v", d.Id())
-	deleteopts := autoscaling.DeleteAutoScalingGroupInput{AutoScalingGroupName: aws.String(d.Id())}
-
-	// You can force an autoscaling group to delete
-	// even if it's in the process of scaling a resource.
-	// Normally, you would set the min-size and max-size to 0,0
-	// and then delete the group. This bypasses that and leaves
-	// resources potentially dangling.
-	if d.Get("force_delete").(bool) {
-		deleteopts.ForceDelete = aws.Bool(true)
+	deleteopts := autoscaling.DeleteAutoScalingGroupInput{
+		AutoScalingGroupName: aws.String(d.Id()),
+		ForceDelete:          aws.Bool(d.Get("force_delete").(bool)),
 	}
 
 	// We retry the delete operation to handle InUse/InProgress errors coming
@@ -414,6 +407,11 @@ func getAwsAutoscalingGroup(
 func resourceAwsAutoscalingGroupDrain(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).autoscalingconn
 
+	if d.Get("force_delete").(bool) {
+		log.Printf("[DEBUG] Skipping ASG drain, force_delete was set.")
+		return nil
+	}
+
 	// First, set the capacity to zero so the group will drain
 	log.Printf("[DEBUG] Reducing autoscaling group capacity to zero")
 	opts := autoscaling.UpdateAutoScalingGroupInput{
diff --git a/website/source/docs/providers/aws/r/autoscaling_group.html.markdown b/website/source/docs/providers/aws/r/autoscaling_group.html.markdown
index 022b1cf715..40831e99a1 100644
--- a/website/source/docs/providers/aws/r/autoscaling_group.html.markdown
+++ b/website/source/docs/providers/aws/r/autoscaling_group.html.markdown
@@ -57,7 +57,10 @@ The following arguments are supported:
     for this number of healthy instances all attached load balancers.
     (See also [Waiting for Capacity](#waiting-for-capacity) below.)
 * `force_delete` - (Optional) Allows deleting the autoscaling group without waiting
-   for all instances in the pool to terminate.
+   for all instances in the pool to terminate.  You can force an autoscaling group to delete
+   even if it's in the process of scaling a resource. Normally, Terraform
+   drains all the instances before deleting the group.  This bypasses that
+   behavior and potentially leaves resources dangling.
 * `load_balancers` (Optional) A list of load balancer names to add to the autoscaling
    group names.
 * `vpc_zone_identifier` (Optional) A list of subnet IDs to launch resources in.

From 7549872780675a25474fbad4a9cab5746a032706 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 17:20:05 -0500
Subject: [PATCH 223/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 119e027b3b..a61e8af63f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -70,6 +70,7 @@ BUG FIXES:
   * provider/aws: Fix ValidateAccountId for IAM Instance Profiles [GH-3313]
   * provider/aws: Update Security Group Rules to Version 2 [GH-3019]
   * provider/aws: Migrate KeyPair to version 1, fixing issue with using `file()` [GH-3470]
+  * provider/aws: Fix force_delete on autoscaling groups [GH-3485]
   * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
   * provider/digitalocean: Fix issue causing unnecessary diffs based on droplet slugsize case [GH-3284]
   * provider/openstack: add state 'downloading' to list of expected states in

From aaac9435ecf4fa139e5160c2e39295ccc5d223d8 Mon Sep 17 00:00:00 2001
From: Geert Theys <geert.theys@gmail.com>
Date: Tue, 13 Oct 2015 12:57:22 +0200
Subject: [PATCH 224/335] fix illegal char in the policy name

aws_lb_cookie_stickiness_policy.elbland: Error creating LBCookieStickinessPolicy: ValidationError: Policy name cannot contain characters that are not letters, or digits or the dash.
---
 .../providers/aws/r/lb_cookie_stickiness_policy.html.markdown   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/lb_cookie_stickiness_policy.html.markdown b/website/source/docs/providers/aws/r/lb_cookie_stickiness_policy.html.markdown
index bb4ad524e3..59e581c124 100644
--- a/website/source/docs/providers/aws/r/lb_cookie_stickiness_policy.html.markdown
+++ b/website/source/docs/providers/aws/r/lb_cookie_stickiness_policy.html.markdown
@@ -25,7 +25,7 @@ resource "aws_elb" "lb" {
 }
 
 resource "aws_lb_cookie_stickiness_policy" "foo" {
-	  name = "foo_policy"
+	  name = "foo-policy"
 	  load_balancer = "${aws_elb.lb.id}"
 	  lb_port = 80
 	  cookie_expiration_period = 600

From 60b7037cdd9e6d903a662f3dbdf4c48b0b58dcc5 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Tue, 13 Oct 2015 06:20:46 -0500
Subject: [PATCH 225/335] provider/aws: Additional error checking to VPC
 Peering conn

---
 .../aws/resource_aws_vpc_peering_connection.go       | 12 +++++++-----
 .../aws/resource_aws_vpc_peering_connection_test.go  |  1 +
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_vpc_peering_connection.go b/builtin/providers/aws/resource_aws_vpc_peering_connection.go
index b279797f6d..6b7c4dc52c 100644
--- a/builtin/providers/aws/resource_aws_vpc_peering_connection.go
+++ b/builtin/providers/aws/resource_aws_vpc_peering_connection.go
@@ -127,6 +127,9 @@ func resourceVPCPeeringConnectionAccept(conn *ec2.EC2, id string) (string, error
 	}
 
 	resp, err := conn.AcceptVpcPeeringConnection(req)
+	if err != nil {
+		return "", err
+	}
 	pc := resp.VpcPeeringConnection
 	return *pc.Status.Code, err
 }
@@ -153,16 +156,15 @@ func resourceAwsVPCPeeringUpdate(d *schema.ResourceData, meta interface{}) error
 		}
 		pc := pcRaw.(*ec2.VpcPeeringConnection)
 
-		if *pc.Status.Code == "pending-acceptance" {
+		if pc.Status != nil && *pc.Status.Code == "pending-acceptance" {
 
 			status, err := resourceVPCPeeringConnectionAccept(conn, d.Id())
-
-			log.Printf(
-				"[DEBUG] VPC Peering connection accept status %s",
-				status)
 			if err != nil {
 				return err
 			}
+			log.Printf(
+				"[DEBUG] VPC Peering connection accept status: %s",
+				status)
 		}
 	}
 
diff --git a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
index dc78a70826..8f73602505 100644
--- a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
+++ b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
@@ -117,6 +117,7 @@ resource "aws_vpc" "bar" {
 resource "aws_vpc_peering_connection" "foo" {
 		vpc_id = "${aws_vpc.foo.id}"
 		peer_vpc_id = "${aws_vpc.bar.id}"
+		auto_accept = true
 }
 `
 

From 5266db31e26712f29d950abe46e22a9a925934d6 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 3 Sep 2015 22:57:56 +0100
Subject: [PATCH 226/335] Adding the ability to manage a glacier vault

---
 builtin/providers/aws/config.go               |   5 +
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_glacier_vault.go         | 380 ++++++++++++++++++
 3 files changed, 386 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_glacier_vault.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index 5eac34e8aa..f8f443b73d 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -21,6 +21,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/elasticache"
 	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
 	"github.com/aws/aws-sdk-go/service/elb"
+	"github.com/aws/aws-sdk-go/service/glacier"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/aws/aws-sdk-go/service/kinesis"
 	"github.com/aws/aws-sdk-go/service/lambda"
@@ -67,6 +68,7 @@ type AWSClient struct {
 	elasticacheconn    *elasticache.ElastiCache
 	lambdaconn         *lambda.Lambda
 	opsworksconn       *opsworks.OpsWorks
+	glacierconn        *glacier.Glacier
 }
 
 // Client configures and returns a fully initialized AWSClient
@@ -184,6 +186,9 @@ func (c *Config) Client() (interface{}, error) {
 
 		log.Println("[INFO] Initializing Directory Service connection")
 		client.dsconn = directoryservice.New(awsConfig)
+
+		log.Println("[INFO] Initializing Glacier connection")
+		client.glacierconn = glacier.New(awsConfig)
 	}
 
 	if len(errs) > 0 {
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index c740e4bc8c..f73580d0f7 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -187,6 +187,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_elasticsearch_domain":         resourceAwsElasticSearchDomain(),
 			"aws_elb":                          resourceAwsElb(),
 			"aws_flow_log":                     resourceAwsFlowLog(),
+			"aws_glacier_vault":                resourceAwsGlacierVault(),
 			"aws_iam_access_key":               resourceAwsIamAccessKey(),
 			"aws_iam_group_policy":             resourceAwsIamGroupPolicy(),
 			"aws_iam_group":                    resourceAwsIamGroup(),
diff --git a/builtin/providers/aws/resource_aws_glacier_vault.go b/builtin/providers/aws/resource_aws_glacier_vault.go
new file mode 100644
index 0000000000..b077a35cd9
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_glacier_vault.go
@@ -0,0 +1,380 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/glacier"
+)
+
+func resourceAwsGlacierVault() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsGlacierVaultCreate,
+		Read:   resourceAwsGlacierVaultRead,
+		Update: resourceAwsGlacierVaultUpdate,
+		Delete: resourceAwsGlacierVaultDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if !regexp.MustCompile(`^[.0-9A-Za-z-_]+$`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"only alphanumeric characters, hyphens, underscores, and periods allowed in %q", k))
+					}
+					if len(value) > 255 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be longer than 255 characters", k))
+					}
+					return
+				},
+			},
+
+			"location": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"access_policy": &schema.Schema{
+				Type:      schema.TypeString,
+				Optional:  true,
+				StateFunc: normalizeJson,
+			},
+
+			"notification": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"events": &schema.Schema{
+							Type:     schema.TypeSet,
+							Required: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set:      schema.HashString,
+						},
+						"sns_topic": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
+
+			"tags": tagsSchema(),
+		},
+	}
+}
+
+func resourceAwsGlacierVaultCreate(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	input := &glacier.CreateVaultInput{
+		VaultName: aws.String(d.Get("name").(string)),
+	}
+
+	out, err := glacierconn.CreateVault(input)
+	if err != nil {
+		return fmt.Errorf("Error creating Glacier Vault: %s", err)
+	}
+
+	d.SetId(d.Get("name").(string))
+	d.Set("location", *out.Location)
+
+	return resourceAwsGlacierVaultUpdate(d, meta)
+}
+
+func resourceAwsGlacierVaultUpdate(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	if err := setGlacierVaultTags(glacierconn, d); err != nil {
+		return err
+	}
+
+	if d.HasChange("access_policy") {
+		if err := resourceAwsGlacierVaultPolicyUpdate(glacierconn, d); err != nil {
+			return err
+		}
+	}
+
+	if d.HasChange("notification") {
+		if err := resourceAwsGlacierVaultNotificationUpdate(glacierconn, d); err != nil {
+			return err
+		}
+	}
+
+	return resourceAwsGlacierVaultRead(d, meta)
+}
+
+func resourceAwsGlacierVaultRead(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	input := &glacier.DescribeVaultInput{
+		VaultName: aws.String(d.Id()),
+	}
+
+	out, err := glacierconn.DescribeVault(input)
+	if err != nil {
+		return fmt.Errorf("Error reading Glacier Vault: %s", err.Error())
+	}
+
+	d.Set("arn", *out.VaultARN)
+
+	tags, err := getGlacierVaultTags(glacierconn, d.Id())
+	if err != nil {
+		return err
+	}
+	d.Set("tags", tags)
+
+	log.Printf("[DEBUG] Getting the access_policy for Vault %s", d.Id())
+	pol, err := glacierconn.GetVaultAccessPolicy(&glacier.GetVaultAccessPolicyInput{
+		VaultName: aws.String(d.Id()),
+	})
+
+	if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "ResourceNotFoundException" {
+		d.Set("access_policy", "")
+	} else if pol != nil {
+		d.Set("access_policy", normalizeJson(*pol.Policy.Policy))
+	} else {
+		return err
+	}
+
+	notifications, err := getGlacierVaultNotification(glacierconn, d.Id())
+	if err != nil {
+		return err
+	}
+	d.Set("notification", notifications)
+
+	return nil
+}
+
+func resourceAwsGlacierVaultDelete(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	log.Printf("[DEBUG] Glacier Delete Vault: %s", d.Id())
+	_, err := glacierconn.DeleteVault(&glacier.DeleteVaultInput{
+		VaultName: aws.String(d.Id()),
+	})
+	if err != nil {
+		return fmt.Errorf("Error deleting Glacier Vault: %s", err.Error())
+	}
+	return nil
+}
+
+func resourceAwsGlacierVaultNotificationUpdate(glacierconn *glacier.Glacier, d *schema.ResourceData) error {
+
+	if v, ok := d.GetOk("notification"); ok {
+		settings := v.([]interface{})
+
+		if len(settings) > 1 {
+			return fmt.Errorf("Only a single Notification setup is allowed for Glacier Vault")
+		} else if len(settings) == 1 {
+			s := settings[0].(map[string]interface{})
+			var events []*string
+			for _, id := range s["events"].(*schema.Set).List() {
+				event := id.(string)
+				if event != "ArchiveRetrievalCompleted" && event != "InventoryRetrievalCompleted" {
+					return fmt.Errorf("Glacier Vault Notification Events can only be 'ArchiveRetrievalCompleted' or 'InventoryRetrievalCompleted'")
+				} else {
+					events = append(events, aws.String(event))
+				}
+			}
+
+			_, err := glacierconn.SetVaultNotifications(&glacier.SetVaultNotificationsInput{
+				VaultName: aws.String(d.Id()),
+				VaultNotificationConfig: &glacier.VaultNotificationConfig{
+					SNSTopic: aws.String(s["sns_topic"].(string)),
+					Events:   events,
+				},
+			})
+
+			if err != nil {
+				return fmt.Errorf("Error Updating Glacier Vault Notifications: %s", err.Error())
+			}
+		}
+	}
+
+	return nil
+}
+
+func resourceAwsGlacierVaultPolicyUpdate(glacierconn *glacier.Glacier, d *schema.ResourceData) error {
+	vaultName := d.Id()
+	policyContents := d.Get("access_policy").(string)
+
+	policy := &glacier.VaultAccessPolicy{
+		Policy: aws.String(policyContents),
+	}
+
+	if policyContents != "" {
+		log.Printf("[DEBUG] Glacier Vault: %s, put policy", vaultName)
+
+		_, err := glacierconn.SetVaultAccessPolicy(&glacier.SetVaultAccessPolicyInput{
+			VaultName: aws.String(d.Id()),
+			Policy:    policy,
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error putting Glacier Vault policy: %s", err.Error())
+		}
+	} else {
+		log.Printf("[DEBUG] Glacier Vault: %s, delete policy: %s", vaultName, policy)
+		_, err := glacierconn.DeleteVaultAccessPolicy(&glacier.DeleteVaultAccessPolicyInput{
+			VaultName: aws.String(d.Id()),
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error deleting Glacier Vault policy: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+func setGlacierVaultTags(conn *glacier.Glacier, d *schema.ResourceData) error {
+	if d.HasChange("tags") {
+		oraw, nraw := d.GetChange("tags")
+		o := oraw.(map[string]interface{})
+		n := nraw.(map[string]interface{})
+		create, remove := diffGlacierVaultTags(mapGlacierVaultTags(o), mapGlacierVaultTags(n))
+
+		// Set tags
+		if len(remove) > 0 {
+			tagsToRemove := &glacier.RemoveTagsFromVaultInput{
+				VaultName: aws.String(d.Id()),
+				TagKeys:   glacierStringsToPointyString(remove),
+			}
+
+			log.Printf("[DEBUG] Removing tags: from %s", d.Id())
+			_, err := conn.RemoveTagsFromVault(tagsToRemove)
+			if err != nil {
+				return err
+			}
+		}
+		if len(create) > 0 {
+			tagsToAdd := &glacier.AddTagsToVaultInput{
+				VaultName: aws.String(d.Id()),
+				Tags:      glacierVaultTagsFromMap(create),
+			}
+
+			log.Printf("[DEBUG] Creating tags: for %s", d.Id())
+			_, err := conn.AddTagsToVault(tagsToAdd)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func mapGlacierVaultTags(m map[string]interface{}) map[string]string {
+	results := make(map[string]string)
+	for k, v := range m {
+		results[k] = v.(string)
+	}
+
+	return results
+}
+
+func diffGlacierVaultTags(oldTags, newTags map[string]string) (map[string]string, []string) {
+
+	create := make(map[string]string)
+	for k, v := range newTags {
+		create[k] = v
+	}
+
+	// Build the list of what to remove
+	var remove []string
+	for k, v := range oldTags {
+		old, ok := create[k]
+		if !ok || old != v {
+			// Delete it!
+			remove = append(remove, k)
+		}
+	}
+
+	return create, remove
+}
+
+func getGlacierVaultTags(glacierconn *glacier.Glacier, vaultName string) (map[string]string, error) {
+	request := &glacier.ListTagsForVaultInput{
+		VaultName: aws.String(vaultName),
+	}
+
+	log.Printf("[DEBUG] Getting the tags: for %s", vaultName)
+	response, err := glacierconn.ListTagsForVault(request)
+	if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "NoSuchTagSet" {
+		return map[string]string{}, nil
+	} else if err != nil {
+		return nil, err
+	}
+
+	return glacierVaultTagsToMap(response.Tags), nil
+}
+
+func glacierVaultTagsToMap(responseTags map[string]*string) map[string]string {
+	results := make(map[string]string, len(responseTags))
+	for k, v := range responseTags {
+		results[k] = *v
+	}
+
+	return results
+}
+
+func glacierVaultTagsFromMap(responseTags map[string]string) map[string]*string {
+	results := make(map[string]*string, len(responseTags))
+	for k, v := range responseTags {
+		results[k] = aws.String(v)
+	}
+
+	return results
+}
+
+func glacierStringsToPointyString(s []string) []*string {
+	results := make([]*string, len(s))
+	for i, x := range s {
+		results[i] = aws.String(x)
+	}
+
+	return results
+}
+
+func glacierPointersToStringList(pointers []*string) []interface{} {
+	list := make([]interface{}, len(pointers))
+	for i, v := range pointers {
+		list[i] = *v
+	}
+	return list
+}
+
+func getGlacierVaultNotification(glacierconn *glacier.Glacier, vaultName string) ([]map[string]interface{}, error) {
+	request := &glacier.GetVaultNotificationsInput{
+		VaultName: aws.String(vaultName),
+	}
+
+	response, err := glacierconn.GetVaultNotifications(request)
+	if err != nil {
+		return nil, fmt.Errorf("Error reading Glacier Vault Notifications: %s", err.Error())
+	}
+
+	notifications := make(map[string]interface{}, 0)
+
+	log.Print("[DEBUG] Flattening Glacier Vault Notifications")
+
+	notifications["events"] = schema.NewSet(schema.HashString, glacierPointersToStringList(response.VaultNotificationConfig.Events))
+	notifications["sns_topic"] = *response.VaultNotificationConfig.SNSTopic
+
+	return []map[string]interface{}{notifications}, nil
+}

From 95d35ad77f5609a54f59b454b4860f3aa7dba33c Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Tue, 15 Sep 2015 23:32:54 +0100
Subject: [PATCH 227/335] Adding the the docs for the Glacier Vault resource

Updating the glacier docs to include a link to the AWS developer guide
---
 .../aws/r/glacier_vault.html.markdown         | 68 +++++++++++++++++++
 website/source/layouts/aws.erb                |  9 +++
 2 files changed, 77 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/glacier_vault.html.markdown

diff --git a/website/source/docs/providers/aws/r/glacier_vault.html.markdown b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
new file mode 100644
index 0000000000..ad7e2a6d14
--- /dev/null
+++ b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
@@ -0,0 +1,68 @@
+---
+layout: "aws"
+page_title: "AWS: aws_glacier_vault"
+sidebar_current: "docs-aws-resource-glacier-vault"
+description: |-
+  Provides a Glacier Vault.
+---
+
+# aws\_glacier\_vault
+
+Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](http://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality
+
+## Example Usage
+
+```
+resource "aws_glacier_vault" "my_archive" {
+    name = "MyArchive"
+    
+    notification {
+      sns_topic = "arn:aws:sns:us-west-2:432981146916:MyArchiveTopic"
+      events = ["ArchiveRetrievalCompleted","InventoryRetrievalCompleted"]
+    }
+    
+    access_policy = <<EOF
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+          "Sid": "add-read-only-perm",
+          "Principal": "*",
+          "Effect": "Allow",
+          "Action": [
+             "glacier:InitiateJob",
+             "glacier:GetJobOutput"
+          ],
+          "Resource": [
+             "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
+          ]
+       }
+    ]
+}
+EOF
+
+    tags {
+      Test="MyArchive"
+    }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).
+* `access_policy` - (Required) The policy document. This is a JSON formatted string.
+  The heredoc syntax or `file` function is helpful here.
+* `notification` - (Required) The notifications for the Vault. Fields documented below.
+* `tags` - (Optional) A mapping of tags to assign to the resource.
+
+**notification** supports the following:
+
+* `events` - (Required) You can configure a vault to public a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events.
+* `sns_topic` - (Required) The SNS Topic ARN.
+
+The following attributes are exported:
+
+* `location` - The URI of the vault that was created.
+* `arn` - The ARN of the vault.
\ No newline at end of file
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index c26f0cb4dc..4b34da23a4 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -201,6 +201,15 @@
                     </ul>
                 </li>
 
+                <li<%= sidebar_current(/^docs-aws-resource-glacier/) %>>
+                    <a href="#">Glacier Resources</a>
+                    <ul class="nav nav-visible">
+                        <li<%= sidebar_current("docs-aws-resource-glacier-vault") %>>
+                            <a href="/docs/providers/aws/r/glacier_vault.html">aws_glacier_vault</a>
+                        </li>
+                    </ul>
+                 </li>
+
 
                 <li<%= sidebar_current(/^docs-aws-resource-iam/) %>>
                     <a href="#">IAM Resources</a>

From 2a7b8be9f3aae116c5168f10aa19ea6c7273e643 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Thu, 17 Sep 2015 01:46:10 +0100
Subject: [PATCH 228/335] Gofmt of the aws glacier vault resource

---
 .../aws/resource_aws_glacier_vault.go         |  29 +--
 .../aws/resource_aws_glacier_vault_test.go    | 175 ++++++++++++++++++
 .../aws/r/glacier_vault.html.markdown         |  19 +-
 3 files changed, 206 insertions(+), 17 deletions(-)
 create mode 100644 builtin/providers/aws/resource_aws_glacier_vault_test.go

diff --git a/builtin/providers/aws/resource_aws_glacier_vault.go b/builtin/providers/aws/resource_aws_glacier_vault.go
index b077a35cd9..21ac4d7cc1 100644
--- a/builtin/providers/aws/resource_aws_glacier_vault.go
+++ b/builtin/providers/aws/resource_aws_glacier_vault.go
@@ -143,7 +143,7 @@ func resourceAwsGlacierVaultRead(d *schema.ResourceData, meta interface{}) error
 		VaultName: aws.String(d.Id()),
 	})
 
-	if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "ResourceNotFoundException" {
+	if awserr, ok := err.(awserr.Error); ok && awserr.Code() == "ResourceNotFoundException" {
 		d.Set("access_policy", "")
 	} else if pol != nil {
 		d.Set("access_policy", normalizeJson(*pol.Policy.Policy))
@@ -152,10 +152,13 @@ func resourceAwsGlacierVaultRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	notifications, err := getGlacierVaultNotification(glacierconn, d.Id())
-	if err != nil {
+	if awserr, ok := err.(awserr.Error); ok && awserr.Code() == "ResourceNotFoundException" {
+		d.Set("notification", "")
+	} else if pol != nil {
+		d.Set("notification", notifications)
+	} else {
 		return err
 	}
-	d.Set("notification", notifications)
 
 	return nil
 }
@@ -179,17 +182,12 @@ func resourceAwsGlacierVaultNotificationUpdate(glacierconn *glacier.Glacier, d *
 		settings := v.([]interface{})
 
 		if len(settings) > 1 {
-			return fmt.Errorf("Only a single Notification setup is allowed for Glacier Vault")
+			return fmt.Errorf("Only a single Notification Block is allowed for Glacier Vault")
 		} else if len(settings) == 1 {
 			s := settings[0].(map[string]interface{})
 			var events []*string
 			for _, id := range s["events"].(*schema.Set).List() {
-				event := id.(string)
-				if event != "ArchiveRetrievalCompleted" && event != "InventoryRetrievalCompleted" {
-					return fmt.Errorf("Glacier Vault Notification Events can only be 'ArchiveRetrievalCompleted' or 'InventoryRetrievalCompleted'")
-				} else {
-					events = append(events, aws.String(event))
-				}
+				events = append(events, aws.String(id.(string)))
 			}
 
 			_, err := glacierconn.SetVaultNotifications(&glacier.SetVaultNotificationsInput{
@@ -204,6 +202,15 @@ func resourceAwsGlacierVaultNotificationUpdate(glacierconn *glacier.Glacier, d *
 				return fmt.Errorf("Error Updating Glacier Vault Notifications: %s", err.Error())
 			}
 		}
+	} else {
+		_, err := glacierconn.DeleteVaultNotifications(&glacier.DeleteVaultNotificationsInput{
+			VaultName: aws.String(d.Id()),
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error Removing Glacier Vault Notifications: %s", err.Error())
+		}
+
 	}
 
 	return nil
@@ -315,7 +322,7 @@ func getGlacierVaultTags(glacierconn *glacier.Glacier, vaultName string) (map[st
 
 	log.Printf("[DEBUG] Getting the tags: for %s", vaultName)
 	response, err := glacierconn.ListTagsForVault(request)
-	if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "NoSuchTagSet" {
+	if awserr, ok := err.(awserr.Error); ok && awserr.Code() == "NoSuchTagSet" {
 		return map[string]string{}, nil
 	} else if err != nil {
 		return nil, err
diff --git a/builtin/providers/aws/resource_aws_glacier_vault_test.go b/builtin/providers/aws/resource_aws_glacier_vault_test.go
new file mode 100644
index 0000000000..fc5e150d94
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_glacier_vault_test.go
@@ -0,0 +1,175 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/glacier"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSGlacierVault_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlacierVaultDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccGlacierVault_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlacierVaultExists("aws_glacier_vault.test"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSGlacierVault_full(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlacierVaultDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccGlacierVault_full,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlacierVaultExists("aws_glacier_vault.full"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSGlacierVault_RemoveNotifications(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGlacierVaultDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccGlacierVault_full,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlacierVaultExists("aws_glacier_vault.full"),
+				),
+			},
+			resource.TestStep{
+				Config: testAccGlacierVault_withoutNotification,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGlacierVaultExists("aws_glacier_vault.full"),
+					testAccCheckVaultNotificationsMissing("aws_glacier_vault.full"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckGlacierVaultExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		glacierconn := testAccProvider.Meta().(*AWSClient).glacierconn
+		out, err := glacierconn.DescribeVault(&glacier.DescribeVaultInput{
+			VaultName: aws.String(rs.Primary.ID),
+		})
+
+		if err != nil {
+			return err
+		}
+
+		if out.VaultARN == nil {
+			return fmt.Errorf("No Glacier Vault Found")
+		}
+
+		if *out.VaultName != rs.Primary.ID {
+			return fmt.Errorf("Glacier Vault Mismatch - existing: %q, state: %q",
+				*out.VaultName, rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckVaultNotificationsMissing(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		glacierconn := testAccProvider.Meta().(*AWSClient).glacierconn
+		out, err := glacierconn.GetVaultNotifications(&glacier.GetVaultNotificationsInput{
+			VaultName: aws.String(rs.Primary.ID),
+		})
+
+		if awserr, ok := err.(awserr.Error); ok && awserr.Code() != "ResourceNotFoundException" {
+			return fmt.Errorf("Expected ResourceNotFoundException for Vault %s Notification Block but got %s", rs.Primary.ID, awserr.Code())
+		}
+
+		if out.VaultNotificationConfig != nil {
+			return fmt.Errorf("Vault Notification Block has been found for %s", rs.Primary.ID)
+		}
+
+		return nil
+	}
+
+}
+
+func testAccCheckGlacierVaultDestroy(s *terraform.State) error {
+	if len(s.RootModule().Resources) > 0 {
+		return fmt.Errorf("Expected all resources to be gone, but found: %#v",
+			s.RootModule().Resources)
+	}
+
+	return nil
+}
+
+const testAccGlacierVault_basic = `
+resource "aws_glacier_vault" "test" {
+  name = "my_test_vault"
+}
+`
+
+const testAccGlacierVault_full = `
+resource "aws_sns_topic" "aws_sns_topic" {
+  name = "glacier-sns-topic"
+}
+
+resource "aws_glacier_vault" "full" {
+  name = "my_test_vault"
+  notification {
+  	sns_topic = "${aws_sns_topic.aws_sns_topic.arn}"
+  	events = ["ArchiveRetrievalCompleted","InventoryRetrievalCompleted"]
+  }
+  tags {
+    Test="Test1"
+  }
+}
+`
+
+const testAccGlacierVault_withoutNotification = `
+resource "aws_sns_topic" "aws_sns_topic" {
+  name = "glacier-sns-topic"
+}
+
+resource "aws_glacier_vault" "full" {
+  name = "my_test_vault"
+  tags {
+    Test="Test1"
+  }
+}
+`
diff --git a/website/source/docs/providers/aws/r/glacier_vault.html.markdown b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
index ad7e2a6d14..920bee4f54 100644
--- a/website/source/docs/providers/aws/r/glacier_vault.html.markdown
+++ b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
@@ -10,14 +10,21 @@ description: |-
 
 Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](http://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality
 
+~> **NOTE:** When trying to remove a Glacier Vault, the Vault must be empty. 
+
 ## Example Usage
 
 ```
+
+resource "aws_sns_topic" "aws_sns_topic" {
+  name = "glacier-sns-topic"
+}
+
 resource "aws_glacier_vault" "my_archive" {
     name = "MyArchive"
     
     notification {
-      sns_topic = "arn:aws:sns:us-west-2:432981146916:MyArchiveTopic"
+      sns_topic = "${aws_sns_topic.aws_sns_topic.arn}"
       events = ["ArchiveRetrievalCompleted","InventoryRetrievalCompleted"]
     }
     
@@ -51,15 +58,15 @@ EOF
 
 The following arguments are supported:
 
-* `name` - (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).
-* `access_policy` - (Required) The policy document. This is a JSON formatted string.
-  The heredoc syntax or `file` function is helpful here.
-* `notification` - (Required) The notifications for the Vault. Fields documented below.
+* `name` - (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '\_' (underscore), '-' (hyphen), and '.' (period).
+* `access_policy` - (Optional) The policy document. This is a JSON formatted string.
+  The heredoc syntax or `file` function is helpful here. Use the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html) for more information on Glacier Vault Policy
+* `notification` - (Optional) The notifications for the Vault. Fields documented below.
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 
 **notification** supports the following:
 
-* `events` - (Required) You can configure a vault to public a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events.
+* `events` - (Required) You can configure a vault to publish a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events.
 * `sns_topic` - (Required) The SNS Topic ARN.
 
 The following attributes are exported:

From 9f01efae6f027ce6cd646ebb7c018f95a410104d Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Mon, 5 Oct 2015 11:24:09 +0100
Subject: [PATCH 229/335] Adding a test to make sure that the
 diffGlacierVaultTags func works as expected

---
 .../aws/resource_aws_glacier_vault_test.go    | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_glacier_vault_test.go b/builtin/providers/aws/resource_aws_glacier_vault_test.go
index fc5e150d94..4f5c26bf28 100644
--- a/builtin/providers/aws/resource_aws_glacier_vault_test.go
+++ b/builtin/providers/aws/resource_aws_glacier_vault_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"reflect"
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -67,6 +68,57 @@ func TestAccAWSGlacierVault_RemoveNotifications(t *testing.T) {
 	})
 }
 
+func TestDiffGlacierVaultTags(t *testing.T) {
+	cases := []struct {
+		Old, New map[string]interface{}
+		Create   map[string]string
+		Remove   []string
+	}{
+		// Basic add/remove
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"bar": "baz",
+			},
+			Create: map[string]string{
+				"bar": "baz",
+			},
+			Remove: []string{
+				"foo",
+			},
+		},
+
+		// Modify
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"foo": "baz",
+			},
+			Create: map[string]string{
+				"foo": "baz",
+			},
+			Remove: []string{
+				"foo",
+			},
+		},
+	}
+
+	for i, tc := range cases {
+		c, r := diffGlacierVaultTags(mapGlacierVaultTags(tc.Old), mapGlacierVaultTags(tc.New))
+
+		if !reflect.DeepEqual(c, tc.Create) {
+			t.Fatalf("%d: bad create: %#v", i, c)
+		}
+		if !reflect.DeepEqual(r, tc.Remove) {
+			t.Fatalf("%d: bad remove: %#v", i, r)
+		}
+	}
+}
+
 func testAccCheckGlacierVaultExists(name string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[name]

From 2f42f58256b0a6f4e6921f2d1f8a1e63a0545442 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 13 Oct 2015 17:15:34 +0200
Subject: [PATCH 230/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a61e8af63f..cfe4dd75ae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ FEATURES:
   * **New resource: `aws_directory_service_directory`** [GH-3228]
   * **New resource: `aws_autoscaling_lifecycle_hook`** [GH-3351]
   * **New resource: `aws_placement_group`** [GH-3457]
+  * **New resource: `aws_glacier_vault`** [GH-3491]
 
 IMPROVEMENTS:
 

From 95832c2fb217182c16f856edbed2d51d8e07719b Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Tue, 13 Oct 2015 12:56:53 -0500
Subject: [PATCH 231/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cfe4dd75ae..9458c1a733 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -72,6 +72,7 @@ BUG FIXES:
   * provider/aws: Update Security Group Rules to Version 2 [GH-3019]
   * provider/aws: Migrate KeyPair to version 1, fixing issue with using `file()` [GH-3470]
   * provider/aws: Fix force_delete on autoscaling groups [GH-3485]
+  * provider/aws: Fix crash with VPC Peering connections [GH-3490]
   * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
   * provider/digitalocean: Fix issue causing unnecessary diffs based on droplet slugsize case [GH-3284]
   * provider/openstack: add state 'downloading' to list of expected states in

From 43c7711ac89172ac45b365be60c81d757f765532 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 13 Oct 2015 18:21:21 +0200
Subject: [PATCH 232/335] docs/aws: Fix whitespacing in glacier_vault

---
 .../docs/providers/aws/r/glacier_vault.html.markdown  | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/website/source/docs/providers/aws/r/glacier_vault.html.markdown b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
index 920bee4f54..523260d721 100644
--- a/website/source/docs/providers/aws/r/glacier_vault.html.markdown
+++ b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
@@ -10,24 +10,23 @@ description: |-
 
 Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](http://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality
 
-~> **NOTE:** When trying to remove a Glacier Vault, the Vault must be empty. 
+~> **NOTE:** When trying to remove a Glacier Vault, the Vault must be empty.
 
 ## Example Usage
 
 ```
-
 resource "aws_sns_topic" "aws_sns_topic" {
   name = "glacier-sns-topic"
 }
 
 resource "aws_glacier_vault" "my_archive" {
     name = "MyArchive"
-    
+
     notification {
       sns_topic = "${aws_sns_topic.aws_sns_topic.arn}"
       events = ["ArchiveRetrievalCompleted","InventoryRetrievalCompleted"]
     }
-    
+
     access_policy = <<EOF
 {
     "Version":"2012-10-17",
@@ -49,7 +48,7 @@ resource "aws_glacier_vault" "my_archive" {
 EOF
 
     tags {
-      Test="MyArchive"
+      Test = "MyArchive"
     }
 }
 ```
@@ -72,4 +71,4 @@ The following arguments are supported:
 The following attributes are exported:
 
 * `location` - The URI of the vault that was created.
-* `arn` - The ARN of the vault.
\ No newline at end of file
+* `arn` - The ARN of the vault.

From 88e56479a5445e2b4a3b9c0b32d7a5b1a89dbd5a Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 13 Oct 2015 22:52:11 +0200
Subject: [PATCH 233/335] docs: Make IAM policy doc canonical

---
 .../source/docs/providers/aws/r/glacier_vault.html.markdown   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/website/source/docs/providers/aws/r/glacier_vault.html.markdown b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
index 523260d721..6805338c79 100644
--- a/website/source/docs/providers/aws/r/glacier_vault.html.markdown
+++ b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
@@ -39,9 +39,7 @@ resource "aws_glacier_vault" "my_archive" {
              "glacier:InitiateJob",
              "glacier:GetJobOutput"
           ],
-          "Resource": [
-             "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
-          ]
+          "Resource": "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
        }
     ]
 }

From 61948f35d25076d19c14d02ccbc09c7c8fcdf0f8 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 6 Jul 2015 23:45:47 +0100
Subject: [PATCH 234/335] provider/aws: Add docs for aws_cloudformation_stack

---
 .../aws/r/cloudformation_stack.html.markdown  | 63 +++++++++++++++++++
 website/source/layouts/aws.erb                |  8 +++
 2 files changed, 71 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/cloudformation_stack.html.markdown

diff --git a/website/source/docs/providers/aws/r/cloudformation_stack.html.markdown b/website/source/docs/providers/aws/r/cloudformation_stack.html.markdown
new file mode 100644
index 0000000000..6a13520a20
--- /dev/null
+++ b/website/source/docs/providers/aws/r/cloudformation_stack.html.markdown
@@ -0,0 +1,63 @@
+---
+layout: "aws"
+page_title: "AWS: aws_cloudformation_stack"
+sidebar_current: "docs-aws-resource-cloudformation-stack"
+description: |-
+  Provides a CloudFormation Stack resource.
+---
+
+# aws\_cloudformation\_stack
+
+Provides a CloudFormation Stack resource.
+
+## Example Usage
+
+```
+resource "aws_cloudformation_stack" "network" {
+  name = "networking-stack"
+  template_body = <<STACK
+{
+  "Resources" : {
+    "my-vpc": {
+      "Type" : "AWS::EC2::VPC",
+      "Properties" : {
+        "CidrBlock" : "10.0.0.0/16",
+        "Tags" : [
+          {"Key": "Name", "Value": "Primary_CF_VPC"}
+        ]
+      }
+    }
+  }
+}
+STACK
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Stack name.
+* `template_body` - (Optional) Structure containing the template body (max size: 51,200 bytes).
+* `template_url` - (Optional) Location of a file containing the template body (max size: 460,800 bytes).
+* `capabilities` - (Optional) A list of capabilities.
+  Currently, the only valid value is `CAPABILITY_IAM`
+* `disable_rollback` - (Optional) Set to true to disable rollback of the stack if stack creation failed.
+  Conflicts with `on_failure`.
+* `notification_arns` - (Optional) A list of SNS topic ARNs to publish stack related events.
+* `on_failure` - (Optional) Action to be taken if stack creation fails. This must be
+  one of: `DO_NOTHING`, `ROLLBACK`, or `DELETE`. Conflicts with `disable_rollback`.
+* `parameters` - (Optional) A list of Parameter structures that specify input parameters for the stack.
+* `policy_body` - (Optional) Structure containing the stack policy body.
+  Conflicts w/ `policy_url`.
+* `policy_url` - (Optional) Location of a file containing the stack policy.
+  Conflicts w/ `policy_body`.
+* `tags` - (Optional) A list of tags to associate with this stack.
+* `timeout_in_minutes` - (Optional) The amount of time that can pass before the stack status becomes `CREATE_FAILED`.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `arn` - A unique identifier of the stack.
+* `outputs` - A list of output structures.
diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 4b34da23a4..78efc54cd1 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -10,6 +10,14 @@
                     <a href="/docs/providers/aws/index.html">AWS Provider</a>
                 </li>
 
+                <li<%= sidebar_current(/^docs-aws-resource-cloudformation/) %>>
+                    <a href="#">CloudFormation Resources</a>
+                    <ul class="nav nav-visible">
+                        <li<%= sidebar_current("docs-aws-resource-cloudformation-stack") %>>
+                            <a href="/docs/providers/aws/r/cloudformation_stack.html">aws_cloudformation_stack</a>
+                        </li>
+                    </ul>
+                </li>
 
                 <li<%= sidebar_current(/^docs-aws-resource-cloudwatch/) %>>
                     <a href="#">CloudWatch Resources</a>

From 4dfbbe307490d28c2039ed7da8113818e82026f3 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 7 Jul 2015 08:00:05 +0100
Subject: [PATCH 235/335] provider/aws: Add implementation for
 aws_cloudformation_stack

---
 builtin/providers/aws/config.go               |   5 +
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_cloudformation_stack.go  | 451 ++++++++++++++++++
 builtin/providers/aws/structure.go            |  55 +++
 4 files changed, 512 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_cloudformation_stack.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index f8f443b73d..bbbad7eeaf 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/service/autoscaling"
+	"github.com/aws/aws-sdk-go/service/cloudformation"
 	"github.com/aws/aws-sdk-go/service/cloudwatch"
 	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
 	"github.com/aws/aws-sdk-go/service/directoryservice"
@@ -47,6 +48,7 @@ type Config struct {
 }
 
 type AWSClient struct {
+	cfconn             *cloudformation.CloudFormation
 	cloudwatchconn     *cloudwatch.CloudWatch
 	cloudwatchlogsconn *cloudwatchlogs.CloudWatchLogs
 	dsconn             *directoryservice.DirectoryService
@@ -175,6 +177,9 @@ func (c *Config) Client() (interface{}, error) {
 		log.Println("[INFO] Initializing Lambda Connection")
 		client.lambdaconn = lambda.New(awsConfig)
 
+		log.Println("[INFO] Initializing Cloudformation Connection")
+		client.cfconn = cloudformation.New(awsConfig)
+
 		log.Println("[INFO] Initializing CloudWatch SDK connection")
 		client.cloudwatchconn = cloudwatch.New(awsConfig)
 
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index f73580d0f7..547f9617ac 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -163,6 +163,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_autoscaling_group":            resourceAwsAutoscalingGroup(),
 			"aws_autoscaling_notification":     resourceAwsAutoscalingNotification(),
 			"aws_autoscaling_policy":           resourceAwsAutoscalingPolicy(),
+			"aws_cloudformation_stack":         resourceAwsCloudFormationStack(),
 			"aws_cloudwatch_log_group":         resourceAwsCloudWatchLogGroup(),
 			"aws_autoscaling_lifecycle_hook":   resourceAwsAutoscalingLifecycleHook(),
 			"aws_cloudwatch_metric_alarm":      resourceAwsCloudWatchMetricAlarm(),
diff --git a/builtin/providers/aws/resource_aws_cloudformation_stack.go b/builtin/providers/aws/resource_aws_cloudformation_stack.go
new file mode 100644
index 0000000000..1846a31054
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_cloudformation_stack.go
@@ -0,0 +1,451 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/cloudformation"
+)
+
+func resourceAwsCloudFormationStack() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCloudFormationStackCreate,
+		Read:   resourceAwsCloudFormationStackRead,
+		Update: resourceAwsCloudFormationStackUpdate,
+		Delete: resourceAwsCloudFormationStackDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"template_body": &schema.Schema{
+				Type:      schema.TypeString,
+				Optional:  true,
+				Computed:  true,
+				StateFunc: normalizeJson,
+			},
+			"template_url": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"capabilities": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+			"disable_rollback": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
+			"notification_arns": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+			"on_failure": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+			"parameters": &schema.Schema{
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+			},
+			"outputs": &schema.Schema{
+				Type:     schema.TypeMap,
+				Computed: true,
+			},
+			"policy_body": &schema.Schema{
+				Type:      schema.TypeString,
+				Optional:  true,
+				Computed:  true,
+				StateFunc: normalizeJson,
+			},
+			"policy_url": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"timeout_in_minutes": &schema.Schema{
+				Type:     schema.TypeInt,
+				Optional: true,
+				ForceNew: true,
+			},
+			"tags": &schema.Schema{
+				Type:     schema.TypeMap,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceAwsCloudFormationStackCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cfconn
+
+	input := cloudformation.CreateStackInput{
+		StackName: aws.String(d.Get("name").(string)),
+	}
+	if v, ok := d.GetOk("template_body"); ok {
+		input.TemplateBody = aws.String(normalizeJson(v.(string)))
+	}
+	if v, ok := d.GetOk("template_url"); ok {
+		input.TemplateURL = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("capabilities"); ok {
+		input.Capabilities = expandStringList(v.(*schema.Set).List())
+	}
+	if v, ok := d.GetOk("disable_rollback"); ok {
+		input.DisableRollback = aws.Bool(v.(bool))
+	}
+	if v, ok := d.GetOk("notification_arns"); ok {
+		input.NotificationARNs = expandStringList(v.(*schema.Set).List())
+	}
+	if v, ok := d.GetOk("on_failure"); ok {
+		input.OnFailure = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("parameters"); ok {
+		input.Parameters = expandCloudFormationParameters(v.(map[string]interface{}))
+	}
+	if v, ok := d.GetOk("policy_body"); ok {
+		input.StackPolicyBody = aws.String(normalizeJson(v.(string)))
+	}
+	if v, ok := d.GetOk("policy_url"); ok {
+		input.StackPolicyURL = aws.String(v.(string))
+	}
+	if v, ok := d.GetOk("tags"); ok {
+		input.Tags = expandCloudFormationTags(v.(map[string]interface{}))
+	}
+	if v, ok := d.GetOk("timeout_in_minutes"); ok {
+		input.TimeoutInMinutes = aws.Int64(int64(v.(int)))
+	}
+
+	log.Printf("[DEBUG] Creating CloudFormation Stack: %s", input)
+	resp, err := conn.CreateStack(&input)
+	if err != nil {
+		return fmt.Errorf("Creating CloudFormation stack failed: %s", err.Error())
+	}
+
+	d.SetId(*resp.StackId)
+
+	wait := resource.StateChangeConf{
+		Pending:    []string{"CREATE_IN_PROGRESS", "ROLLBACK_IN_PROGRESS", "ROLLBACK_COMPLETE"},
+		Target:     "CREATE_COMPLETE",
+		Timeout:    30 * time.Minute,
+		MinTimeout: 5 * time.Second,
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeStacks(&cloudformation.DescribeStacksInput{
+				StackName: aws.String(d.Get("name").(string)),
+			})
+			status := *resp.Stacks[0].StackStatus
+			log.Printf("[DEBUG] Current CloudFormation stack status: %q", status)
+
+			if status == "ROLLBACK_COMPLETE" {
+				stack := resp.Stacks[0]
+				failures, err := getCloudFormationFailures(stack.StackName, *stack.CreationTime, conn)
+				if err != nil {
+					return resp, "", fmt.Errorf(
+						"Failed getting details about rollback: %q", err.Error())
+				}
+
+				return resp, "", fmt.Errorf("ROLLBACK_COMPLETE:\n%q", failures)
+			}
+			return resp, status, err
+		},
+	}
+
+	_, err = wait.WaitForState()
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[INFO] CloudFormation Stack %q created", d.Get("name").(string))
+
+	return resourceAwsCloudFormationStackRead(d, meta)
+}
+
+func resourceAwsCloudFormationStackRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cfconn
+	stackName := d.Get("name").(string)
+
+	input := &cloudformation.DescribeStacksInput{
+		StackName: aws.String(stackName),
+	}
+	resp, err := conn.DescribeStacks(input)
+	if err != nil {
+		return err
+	}
+
+	stacks := resp.Stacks
+	if len(stacks) < 1 {
+		return nil
+	}
+
+	tInput := cloudformation.GetTemplateInput{
+		StackName: aws.String(stackName),
+	}
+	out, err := conn.GetTemplate(&tInput)
+	if err != nil {
+		return err
+	}
+
+	d.Set("template_body", normalizeJson(*out.TemplateBody))
+
+	stack := stacks[0]
+	log.Printf("[DEBUG] Received CloudFormation stack: %s", stack)
+
+	d.Set("name", stack.StackName)
+	d.Set("arn", stack.StackId)
+
+	if stack.TimeoutInMinutes != nil {
+		d.Set("timeout_in_minutes", int(*stack.TimeoutInMinutes))
+	}
+	if stack.Description != nil {
+		d.Set("description", stack.Description)
+	}
+	if stack.DisableRollback != nil {
+		d.Set("disable_rollback", stack.DisableRollback)
+	}
+	if len(stack.NotificationARNs) > 0 {
+		err = d.Set("notification_arns", schema.NewSet(schema.HashString, flattenStringList(stack.NotificationARNs)))
+		if err != nil {
+			return err
+		}
+	}
+
+	originalParams := d.Get("parameters").(map[string]interface{})
+	err = d.Set("parameters", flattenCloudFormationParameters(stack.Parameters, originalParams))
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("tags", flattenCloudFormationTags(stack.Tags))
+	if err != nil {
+		return err
+	}
+
+	err = d.Set("outputs", flattenCloudFormationOutputs(stack.Outputs))
+	if err != nil {
+		return err
+	}
+
+	if len(stack.Capabilities) > 0 {
+		err = d.Set("capabilities", schema.NewSet(schema.HashString, flattenStringList(stack.Capabilities)))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func resourceAwsCloudFormationStackUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cfconn
+
+	input := &cloudformation.UpdateStackInput{
+		StackName: aws.String(d.Get("name").(string)),
+	}
+
+	if d.HasChange("template_body") {
+		input.TemplateBody = aws.String(normalizeJson(d.Get("template_body").(string)))
+	}
+	if d.HasChange("template_url") {
+		input.TemplateURL = aws.String(d.Get("template_url").(string))
+	}
+	if d.HasChange("capabilities") {
+		input.Capabilities = expandStringList(d.Get("capabilities").(*schema.Set).List())
+	}
+	if d.HasChange("notification_arns") {
+		input.NotificationARNs = expandStringList(d.Get("notification_arns").(*schema.Set).List())
+	}
+	if d.HasChange("parameters") {
+		input.Parameters = expandCloudFormationParameters(d.Get("parameters").(map[string]interface{}))
+	}
+	if d.HasChange("policy_body") {
+		input.StackPolicyBody = aws.String(normalizeJson(d.Get("policy_body").(string)))
+	}
+	if d.HasChange("policy_url") {
+		input.StackPolicyURL = aws.String(d.Get("policy_url").(string))
+	}
+
+	log.Printf("[DEBUG] Updating CloudFormation stack: %s", input)
+	stack, err := conn.UpdateStack(input)
+	if err != nil {
+		return err
+	}
+
+	lastUpdatedTime, err := getLastCfEventTimestamp(d.Get("name").(string), conn)
+	if err != nil {
+		return err
+	}
+
+	wait := resource.StateChangeConf{
+		Pending: []string{
+			"UPDATE_COMPLETE_CLEANUP_IN_PROGRESS",
+			"UPDATE_IN_PROGRESS",
+			"UPDATE_ROLLBACK_IN_PROGRESS",
+			"UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS",
+			"UPDATE_ROLLBACK_COMPLETE",
+		},
+		Target:     "UPDATE_COMPLETE",
+		Timeout:    15 * time.Minute,
+		MinTimeout: 5 * time.Second,
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeStacks(&cloudformation.DescribeStacksInput{
+				StackName: aws.String(d.Get("name").(string)),
+			})
+			stack := resp.Stacks[0]
+			status := *stack.StackStatus
+			log.Printf("[DEBUG] Current CloudFormation stack status: %q", status)
+
+			if status == "UPDATE_ROLLBACK_COMPLETE" {
+				failures, err := getCloudFormationFailures(stack.StackName, *lastUpdatedTime, conn)
+				if err != nil {
+					return resp, "", fmt.Errorf(
+						"Failed getting details about rollback: %q", err.Error())
+				}
+
+				return resp, "", fmt.Errorf(
+					"UPDATE_ROLLBACK_COMPLETE:\n%q", failures)
+			}
+
+			return resp, status, err
+		},
+	}
+
+	_, err = wait.WaitForState()
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] CloudFormation stack %q has been updated", *stack.StackId)
+
+	return resourceAwsCloudFormationStackRead(d, meta)
+}
+
+func resourceAwsCloudFormationStackDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cfconn
+
+	input := &cloudformation.DeleteStackInput{
+		StackName: aws.String(d.Get("name").(string)),
+	}
+	log.Printf("[DEBUG] Deleting CloudFormation stack %s", input)
+	_, err := conn.DeleteStack(input)
+	if err != nil {
+		awsErr, ok := err.(awserr.Error)
+		if !ok {
+			return err
+		}
+
+		if awsErr.Code() == "ValidationError" {
+			// Ignore stack which has been already deleted
+			return nil
+		}
+		return err
+	}
+
+	wait := resource.StateChangeConf{
+		Pending:    []string{"DELETE_IN_PROGRESS", "ROLLBACK_IN_PROGRESS"},
+		Target:     "DELETE_COMPLETE",
+		Timeout:    30 * time.Minute,
+		MinTimeout: 5 * time.Second,
+		Refresh: func() (interface{}, string, error) {
+			resp, err := conn.DescribeStacks(&cloudformation.DescribeStacksInput{
+				StackName: aws.String(d.Get("name").(string)),
+			})
+
+			if err != nil {
+				awsErr, ok := err.(awserr.Error)
+				if !ok {
+					return resp, "DELETE_FAILED", err
+				}
+
+				log.Printf("[DEBUG] Error when deleting CloudFormation stack: %s: %s",
+					awsErr.Code(), awsErr.Message())
+
+				if awsErr.Code() == "ValidationError" {
+					return resp, "DELETE_COMPLETE", nil
+				}
+			}
+
+			if len(resp.Stacks) == 0 {
+				log.Printf("[DEBUG] CloudFormation stack %q is already gone", d.Get("name"))
+				return resp, "DELETE_COMPLETE", nil
+			}
+
+			status := *resp.Stacks[0].StackStatus
+			log.Printf("[DEBUG] Current CloudFormation stack status: %q", status)
+
+			return resp, status, err
+		},
+	}
+
+	_, err = wait.WaitForState()
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] CloudFormation stack %q has been deleted", d.Id())
+
+	d.SetId("")
+
+	return nil
+}
+
+// getLastCfEventTimestamp takes the first event in a list
+// of events ordered from the newest to the oldest
+// and extracts timestamp from it
+// LastUpdatedTime only provides last >successful< updated time
+func getLastCfEventTimestamp(stackName string, conn *cloudformation.CloudFormation) (
+	*time.Time, error) {
+	output, err := conn.DescribeStackEvents(&cloudformation.DescribeStackEventsInput{
+		StackName: aws.String(stackName),
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return output.StackEvents[0].Timestamp, nil
+}
+
+// getCloudFormationFailures returns ResourceStatusReason(s)
+// of events that should be failures based on regexp match of status
+func getCloudFormationFailures(stackName *string, afterTime time.Time,
+	conn *cloudformation.CloudFormation) ([]string, error) {
+	var failures []string
+	// Only catching failures from last 100 events
+	// Some extra iteration logic via NextToken could be added
+	// but in reality it's nearly impossible to generate >100
+	// events by a single stack update
+	events, err := conn.DescribeStackEvents(&cloudformation.DescribeStackEventsInput{
+		StackName: stackName,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	failRe := regexp.MustCompile("_FAILED$")
+	rollbackRe := regexp.MustCompile("^ROLLBACK_")
+
+	for _, e := range events.StackEvents {
+		if (failRe.MatchString(*e.ResourceStatus) || rollbackRe.MatchString(*e.ResourceStatus)) &&
+			e.Timestamp.After(afterTime) && e.ResourceStatusReason != nil {
+			failures = append(failures, *e.ResourceStatusReason)
+		}
+	}
+
+	return failures, nil
+}
diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go
index 5976a8ff0e..fd581c84a7 100644
--- a/builtin/providers/aws/structure.go
+++ b/builtin/providers/aws/structure.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudformation"
 	"github.com/aws/aws-sdk-go/service/directoryservice"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/ecs"
@@ -601,3 +602,57 @@ func flattenDSVpcSettings(
 
 	return []map[string]interface{}{settings}
 }
+
+func expandCloudFormationParameters(params map[string]interface{}) []*cloudformation.Parameter {
+	var cfParams []*cloudformation.Parameter
+	for k, v := range params {
+		cfParams = append(cfParams, &cloudformation.Parameter{
+			ParameterKey:   aws.String(k),
+			ParameterValue: aws.String(v.(string)),
+		})
+	}
+
+	return cfParams
+}
+
+// flattenCloudFormationParameters is flattening list of
+// *cloudformation.Parameters and only returning existing
+// parameters to avoid clash with default values
+func flattenCloudFormationParameters(cfParams []*cloudformation.Parameter,
+	originalParams map[string]interface{}) map[string]interface{} {
+	params := make(map[string]interface{}, len(cfParams))
+	for _, p := range cfParams {
+		_, isConfigured := originalParams[*p.ParameterKey]
+		if isConfigured {
+			params[*p.ParameterKey] = *p.ParameterValue
+		}
+	}
+	return params
+}
+
+func expandCloudFormationTags(tags map[string]interface{}) []*cloudformation.Tag {
+	var cfTags []*cloudformation.Tag
+	for k, v := range tags {
+		cfTags = append(cfTags, &cloudformation.Tag{
+			Key:   aws.String(k),
+			Value: aws.String(v.(string)),
+		})
+	}
+	return cfTags
+}
+
+func flattenCloudFormationTags(cfTags []*cloudformation.Tag) map[string]string {
+	tags := make(map[string]string, len(cfTags))
+	for _, t := range cfTags {
+		tags[*t.Key] = *t.Value
+	}
+	return tags
+}
+
+func flattenCloudFormationOutputs(cfOutputs []*cloudformation.Output) map[string]string {
+	outputs := make(map[string]string, len(cfOutputs))
+	for _, o := range cfOutputs {
+		outputs[*o.OutputKey] = *o.OutputValue
+	}
+	return outputs
+}

From 7088a0096e920501726c5769b941dfa85d4a38d6 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 13 Jul 2015 07:51:32 +0100
Subject: [PATCH 236/335] provider/aws: Add acceptance tests for
 aws_cloudformation_stack

---
 .../resource_aws_cloudformation_stack_test.go | 228 ++++++++++++++++++
 1 file changed, 228 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_cloudformation_stack_test.go

diff --git a/builtin/providers/aws/resource_aws_cloudformation_stack_test.go b/builtin/providers/aws/resource_aws_cloudformation_stack_test.go
new file mode 100644
index 0000000000..7ad24be344
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_cloudformation_stack_test.go
@@ -0,0 +1,228 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudformation"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSCloudFormation_basic(t *testing.T) {
+	var stack cloudformation.Stack
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudFormationDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudFormationConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudFormationStackExists("aws_cloudformation_stack.network", &stack),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCloudFormation_defaultParams(t *testing.T) {
+	var stack cloudformation.Stack
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudFormationDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudFormationConfig_defaultParams,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudFormationStackExists("aws_cloudformation_stack.asg-demo", &stack),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCloudFormation_allAttributes(t *testing.T) {
+	var stack cloudformation.Stack
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudFormationDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudFormationConfig_allAttributes,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudFormationStackExists("aws_cloudformation_stack.full", &stack),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudFormationStackExists(n string, stack *cloudformation.Stack) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			rs = rs
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).cfconn
+		params := &cloudformation.DescribeStacksInput{
+			StackName: aws.String(rs.Primary.ID),
+		}
+		resp, err := conn.DescribeStacks(params)
+		if err != nil {
+			return err
+		}
+		if len(resp.Stacks) == 0 {
+			return fmt.Errorf("CloudFormation stack not found")
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckAWSCloudFormationDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).cfconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_cloudformation_stack" {
+			continue
+		}
+
+		params := cloudformation.DescribeStacksInput{
+			StackName: aws.String(rs.Primary.ID),
+		}
+
+		resp, err := conn.DescribeStacks(&params)
+
+		if err == nil {
+			if len(resp.Stacks) != 0 &&
+				*resp.Stacks[0].StackId == rs.Primary.ID {
+				return fmt.Errorf("CloudFormation stack still exists: %q", rs.Primary.ID)
+			}
+		}
+	}
+
+	return nil
+}
+
+var testAccAWSCloudFormationConfig = `
+resource "aws_cloudformation_stack" "network" {
+  name = "tf-networking-stack"
+  template_body = <<STACK
+{
+  "Resources" : {
+    "MyVPC": {
+      "Type" : "AWS::EC2::VPC",
+      "Properties" : {
+        "CidrBlock" : "10.0.0.0/16",
+        "Tags" : [
+          {"Key": "Name", "Value": "Primary_CF_VPC"}
+        ]
+      }
+    }
+  },
+  "Outputs" : {
+    "DefaultSgId" : {
+      "Description": "The ID of default security group",
+      "Value" : { "Fn::GetAtt" : [ "MyVPC", "DefaultSecurityGroup" ]}
+    },
+    "VpcID" : {
+      "Description": "The VPC ID",
+      "Value" : { "Ref" : "MyVPC" }
+    }
+  }
+}
+STACK
+}`
+
+var testAccAWSCloudFormationConfig_defaultParams = `
+resource "aws_cloudformation_stack" "asg-demo" {
+  name = "tf-asg-demo-stack"
+  template_body = <<BODY
+{
+    "Parameters": {
+        "TopicName": {
+            "Type": "String"
+        },
+        "VPCCIDR": {
+            "Type": "String",
+            "Default": "10.10.0.0/16"
+        }
+    },
+    "Resources": {
+        "NotificationTopic": {
+            "Type": "AWS::SNS::Topic",
+            "Properties": {
+                "TopicName": {
+                    "Ref": "TopicName"
+                }
+            }
+        },
+        "MyVPC": {
+            "Type": "AWS::EC2::VPC",
+            "Properties": {
+                "CidrBlock": {
+                    "Ref": "VPCCIDR"
+                },
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "Primary_CF_VPC"
+                    }
+                ]
+            }
+        }
+    },
+    "Outputs": {
+        "VPCCIDR": {
+            "Value": {
+                "Ref": "VPCCIDR"
+            }
+        }
+    }
+}
+BODY
+
+  parameters {
+    TopicName = "ExampleTopic"
+  }
+}
+`
+
+var testAccAWSCloudFormationConfig_allAttributes = `
+resource "aws_cloudformation_stack" "full" {
+  name = "tf-full-stack"
+  template_body = <<STACK
+{
+  "Resources" : {
+    "MyVPC": {
+      "Type" : "AWS::EC2::VPC",
+      "Properties" : {
+        "CidrBlock" : "10.0.0.0/16",
+        "Tags" : [
+          {"Key": "Name", "Value": "Primary_CF_VPC"}
+        ]
+      }
+    }
+  }
+}
+STACK
+
+  capabilities = ["CAPABILITY_IAM"]
+  notification_arns = ["${aws_sns_topic.cf-updates.arn}"]
+  on_failure = "DELETE"
+  timeout_in_minutes = 1
+}
+
+resource "aws_sns_topic" "cf-updates" {
+  name = "tf-cf-notifications"
+}
+`

From 127c1aef61ce23ed7acb7ae79cbb8e7078f10b7d Mon Sep 17 00:00:00 2001
From: Garrett Heel <garrett@runscope.com>
Date: Tue, 22 Sep 2015 14:39:49 -0700
Subject: [PATCH 237/335] provider/aws: fix bug with reading GSIs from dynamodb

---
 .../providers/aws/resource_aws_dynamodb_table.go  | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_dynamodb_table.go b/builtin/providers/aws/resource_aws_dynamodb_table.go
index df043ffe08..4193ddcb0d 100644
--- a/builtin/providers/aws/resource_aws_dynamodb_table.go
+++ b/builtin/providers/aws/resource_aws_dynamodb_table.go
@@ -571,14 +571,23 @@ func resourceAwsDynamoDbTableRead(d *schema.ResourceData, meta interface{}) erro
 			}
 		}
 
-		gsi["projection_type"] = *gsiObject.Projection.ProjectionType
-		gsi["non_key_attributes"] = gsiObject.Projection.NonKeyAttributes
+		gsi["projection_type"] = *(gsiObject.Projection.ProjectionType)
+
+		nonKeyAttrs := make([]string, 0, len(gsiObject.Projection.NonKeyAttributes))
+		for _, nonKeyAttr := range gsiObject.Projection.NonKeyAttributes {
+			nonKeyAttrs = append(nonKeyAttrs, *nonKeyAttr)
+		}
+		gsi["non_key_attributes"] = nonKeyAttrs
 
 		gsiList = append(gsiList, gsi)
 		log.Printf("[DEBUG] Added GSI: %s - Read: %d / Write: %d", gsi["name"], gsi["read_capacity"], gsi["write_capacity"])
 	}
 
-	d.Set("global_secondary_index", gsiList)
+	err = d.Set("global_secondary_index", gsiList)
+	if err != nil {
+		return err
+	}
+
 	d.Set("arn", table.TableArn)
 
 	return nil

From ef5b6e93a9d399b1b54d6d6207d7ed44e13f44f0 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 13 Oct 2015 16:57:11 -0500
Subject: [PATCH 238/335] provider/azure: fix issues loading config from
 homedir

Issues were:

 * `settings_file` `ValidateFunc` needs to expand homedir just like the
   `configure` does, otherwise ~-based paths fail validation
 * `isFile` was being called before ~-expand so configure was failing as well
 * `Config` was swallowing error so provider was ending up with `nil`,
   resulting in crash

To fix:

 * Consolidate settings_file path/contents handling into a single helper
   called from both `validate` and `configure` funcs
 * Return err from `Config`

To cover:

 * Added test case to validate w/ tilde-path
 * Added configure test w/ tilde-path
---
 builtin/providers/azure/config.go        |  2 +-
 builtin/providers/azure/provider.go      | 58 ++++++++--------
 builtin/providers/azure/provider_test.go | 85 +++++++++++++++++++++++-
 3 files changed, 111 insertions(+), 34 deletions(-)

diff --git a/builtin/providers/azure/config.go b/builtin/providers/azure/config.go
index cbb23d58b5..b096a10c4b 100644
--- a/builtin/providers/azure/config.go
+++ b/builtin/providers/azure/config.go
@@ -98,7 +98,7 @@ func (c Client) getStorageServiceQueueClient(serviceName string) (storage.QueueS
 func (c *Config) NewClientFromSettingsData() (*Client, error) {
 	mc, err := management.ClientFromPublishSettingsData(c.Settings, c.SubscriptionID)
 	if err != nil {
-		return nil, nil
+		return nil, err
 	}
 
 	return &Client{
diff --git a/builtin/providers/azure/provider.go b/builtin/providers/azure/provider.go
index fe100be35f..975a93b001 100644
--- a/builtin/providers/azure/provider.go
+++ b/builtin/providers/azure/provider.go
@@ -64,22 +64,12 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		Certificate:    []byte(d.Get("certificate").(string)),
 	}
 
-	settings := d.Get("settings_file").(string)
-
-	if settings != "" {
-		if ok, _ := isFile(settings); ok {
-			settingsFile, err := homedir.Expand(settings)
-			if err != nil {
-				return nil, fmt.Errorf("Error expanding the settings file path: %s", err)
-			}
-			publishSettingsContent, err := ioutil.ReadFile(settingsFile)
-			if err != nil {
-				return nil, fmt.Errorf("Error reading settings file: %s", err)
-			}
-			config.Settings = publishSettingsContent
-		} else {
-			config.Settings = []byte(settings)
-		}
+	settingsFile := d.Get("settings_file").(string)
+	if settingsFile != "" {
+		// any errors from readSettings would have been caught at the validate
+		// step, so we can avoid handling them now
+		settings, _, _ := readSettings(settingsFile)
+		config.Settings = settings
 		return config.NewClientFromSettingsData()
 	}
 
@@ -92,31 +82,39 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 			"or both a 'subscription_id' and 'certificate'.")
 }
 
-func validateSettingsFile(v interface{}, k string) (warnings []string, errors []error) {
+func validateSettingsFile(v interface{}, k string) ([]string, []error) {
 	value := v.(string)
-
 	if value == "" {
-		return
+		return nil, nil
 	}
 
-	var settings settingsData
-	if err := xml.Unmarshal([]byte(value), &settings); err != nil {
-		warnings = append(warnings, `
+	_, warnings, errors := readSettings(value)
+	return warnings, errors
+}
+
+const settingsPathWarnMsg = `
 settings_file is not valid XML, so we are assuming it is a file path. This
 support will be removed in the future. Please update your configuration to use
-${file("filename.publishsettings")} instead.`)
-	} else {
+${file("filename.publishsettings")} instead.`
+
+func readSettings(pathOrContents string) (s []byte, ws []string, es []error) {
+	var settings settingsData
+	if err := xml.Unmarshal([]byte(pathOrContents), &settings); err == nil {
+		s = []byte(pathOrContents)
 		return
 	}
 
-	if ok, err := isFile(value); !ok {
-		errors = append(errors,
-			fmt.Errorf(
-				"account_file path could not be read from '%s': %s",
-				value,
-				err))
+	ws = append(ws, settingsPathWarnMsg)
+	path, err := homedir.Expand(pathOrContents)
+	if err != nil {
+		es = append(es, fmt.Errorf("Error expanding path: %s", err))
+		return
 	}
 
+	s, err = ioutil.ReadFile(path)
+	if err != nil {
+		es = append(es, fmt.Errorf("Could not read file '%s': %s", path, err))
+	}
 	return
 }
 
diff --git a/builtin/providers/azure/provider_test.go b/builtin/providers/azure/provider_test.go
index 5c720640fb..b3feb83925 100644
--- a/builtin/providers/azure/provider_test.go
+++ b/builtin/providers/azure/provider_test.go
@@ -3,12 +3,14 @@ package azure
 import (
 	"io"
 	"io/ioutil"
-	"log"
 	"os"
+	"strings"
 	"testing"
 
+	"github.com/hashicorp/terraform/config"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/terraform"
+	"github.com/mitchellh/go-homedir"
 )
 
 var testAccProviders map[string]terraform.ResourceProvider
@@ -67,20 +69,33 @@ func TestAzure_validateSettingsFile(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Error creating temporary file in TestAzure_validateSettingsFile: %s", err)
 	}
+	defer os.Remove(f.Name())
 
 	fx, err := ioutil.TempFile("", "tf-test-xml")
 	if err != nil {
 		t.Fatalf("Error creating temporary file with XML in TestAzure_validateSettingsFile: %s", err)
 	}
+	defer os.Remove(fx.Name())
+
+	home, err := homedir.Dir()
+	if err != nil {
+		t.Fatalf("Error fetching homedir: %s", err)
+	}
+	fh, err := ioutil.TempFile(home, "tf-test-home")
+	if err != nil {
+		t.Fatalf("Error creating homedir-based temporary file: %s", err)
+	}
+	defer os.Remove(fh.Name())
 
 	_, err = io.WriteString(fx, "<PublishData></PublishData>")
 	if err != nil {
 		t.Fatalf("Error writing XML File: %s", err)
 	}
-
-	log.Printf("fx name: %s", fx.Name())
 	fx.Close()
 
+	r := strings.NewReplacer(home, "~")
+	homePath := r.Replace(fh.Name())
+
 	cases := []struct {
 		Input string // String of XML or a path to an XML file
 		W     int    // expected count of warnings
@@ -89,6 +104,7 @@ func TestAzure_validateSettingsFile(t *testing.T) {
 		{"test", 1, 1},
 		{f.Name(), 1, 0},
 		{fx.Name(), 1, 0},
+		{homePath, 1, 0},
 		{"<PublishData></PublishData>", 0, 0},
 	}
 
@@ -104,6 +120,53 @@ func TestAzure_validateSettingsFile(t *testing.T) {
 	}
 }
 
+func TestAzure_providerConfigure(t *testing.T) {
+	home, err := homedir.Dir()
+	if err != nil {
+		t.Fatalf("Error fetching homedir: %s", err)
+	}
+	fh, err := ioutil.TempFile(home, "tf-test-home")
+	if err != nil {
+		t.Fatalf("Error creating homedir-based temporary file: %s", err)
+	}
+	defer os.Remove(fh.Name())
+
+	_, err = io.WriteString(fh, testAzurePublishSettingsStr)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	fh.Close()
+
+	r := strings.NewReplacer(home, "~")
+	homePath := r.Replace(fh.Name())
+
+	cases := []struct {
+		SettingsFile string // String of XML or a path to an XML file
+		NilMeta      bool   // whether meta is expected to be nil
+	}{
+		{testAzurePublishSettingsStr, false},
+		{homePath, false},
+	}
+
+	for _, tc := range cases {
+		rp := Provider()
+		raw := map[string]interface{}{
+			"settings_file": tc.SettingsFile,
+		}
+
+		rawConfig, err := config.NewRawConfig(raw)
+		if err != nil {
+			t.Fatalf("err: %s", err)
+		}
+
+		err = rp.Configure(terraform.NewResourceConfig(rawConfig))
+		meta := rp.(*schema.Provider).Meta()
+		if (meta == nil) != tc.NilMeta {
+			t.Fatalf("expected NilMeta: %t, got meta: %#v", tc.NilMeta, meta)
+		}
+	}
+}
+
 func TestAzure_isFile(t *testing.T) {
 	f, err := ioutil.TempFile("", "tf-test-file")
 	if err != nil {
@@ -129,3 +192,19 @@ func TestAzure_isFile(t *testing.T) {
 		}
 	}
 }
+
+// testAzurePublishSettingsStr is a revoked publishsettings file
+const testAzurePublishSettingsStr = `
+<?xml version="1.0" encoding="utf-8"?>
+<PublishData>
+  <PublishProfile
+    SchemaVersion="2.0"
+    PublishMethod="AzureServiceManagementAPI">
+    <Subscription
+      ServiceManagementUrl="https://management.core.windows.net"
+      Id="a65bf94f-26b3-4fb1-9d50-6e27c6096df1"
+      Name="terraform-testing"
+      ManagementCertificate="MIIJ/AIBAzCCCbwGCSqGSIb3DQEHAaCCCa0EggmpMIIJpTCCBe4GCSqGSIb3DQEHAaCCBd8EggXbMIIF1zCCBdMGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAhqcsGLGr+LsQICB9AEggTImIsD3qDkT8IkH4qOlRanUFVQIWCUfXBf5U0QnXS/7N2a5fOeSou0dFuxXg81emaxecr8Myge9rBMHvLi2m4h9JIah6K/33hJhGu3nwiu+n7MzjwpjOfkc4tFMUqD1m/TAF32feq3hYqDjc3FLHrAXNIsrvaucmPipsfT/sq29xC6cWN1sUw6X43F18rqqDKyyGUuEMOJwK9s2Vir/oXlzl6bspVRJHCf0Yyo5+2GWhgcEWjzAOjIZCF7iciYj75aG3mUZjcJYT5DqUQyiyKD/LjWhiYkmHRioaCo4amyrCX92uFuZMIlHOk4LhU+UCyTn/dsvavdj8IH146u/5tUxOIsjP5hN3CcZS/TlMvX9W74uGr5BBs7EWvccUCrYyhmhFOl0YY2+99wob3VOUDSEF73VerYpFEM5POxFzjBj8K7NleB8lEuSjJXn9FbYVUpcZ/u1qhAYewFgf7KBWUTKPjGuf1b8nRVndSIaLyxSZOVbCfUtlAindZoBWjGzCa0opie1axZgouObFxHeo7ZJGjiO2q73YrZOqpPB0zOi/sycadHRKBp4O2Svz4WXBKqa2RV9oM4PYrRnH51cdFmCFqQ4eKGJCnc/Kzdwlt6ldMiCV6gsHTm44NcfPwZW5ivKZPG5aM2mad4rPpQiX+6dQz/ForKZj3WpwI+UIchc7fhwvKykCRpH/GLDBKVrjgWioKHcTDRiqOimCjLkJA+u4Qg/qHKkMOIyr75zfTEw7S9MTiYPSEnFJO60pt3rRrMU99N1Jw07Ld24SsmK4iZExLGFxYKh6jkBWV6CgqWg7qHHH3j1MZTarZSa4W1QdLjwxCQxIPU1O4L5xEa2Ki1prJyDp2E49mo6r2LDkwJrTP9GSvyGBoEpkpKVzgHsRtotikcNetsdlfDCnJiYs2Z6IvcQ2sCZaQXlofVoHZxI3OJUNvulLtuX0L8XedZtbgoFKX1u1KcgRBpae6/S+4VAjB03R+kELoC9BzicBJMifHhpOZuWqhD4zfWq1WQvBqiHI1M0GB5RDtDxxQ0IhdDJavDU6NrgNBQGxfAv1TFd/y/Mvyaq94n1+LrN0joSrxWL6QyxZF4fECGHCf0FDOHSJovkrpc6Fbc4a5mfnzIzsVeLa+m40/3rwkqs+vISCGiVwKd5xmLCmkRrae97Qh/tVRVgpFtRiUOgYVfYulhqURW4fV76giLEZydWvJUkpBxn0LNgpSHO6NJGNHtC1PoSkLEFVae1OVZaAIcshdfssCuVkuZWA3ujxkcnvzQ5uKUyRb6jF3+ID+lqzTh8hY+R+h7iLf7WRICuVedxbNa+TS+bO0/mG90eZo7An1naWy4ty9Hpn+uhKdJ3NpY8LWFZbWkHBF7IHbvlzG59GRmwJWts69y95BiqMWn4wW+1QdAdRL3WvOoMV9McVi/RQVxNskpZ65HiIq4L4VgIgx1G7Yd37zQqDEoBIxLXEq84tyXl1UVmYSt68MFBOPklUtqSiLaDgues2+l+iRjqhsDgsfZXTttxMig6W5WDsOl+xlYt+XaSiLIomjCmCy52cVlhhRjDV92Wl+RTRfi6YlHFeKtnPL1MjuIrz4c+f4PQ4JIn5TRselc6LNTbopr+DinUlz/odjM492AMYHRMBMGCSqGSIb3DQEJFTEGBAQBAAAAMFsGCSqGSIb3DQEJFDFOHkwAewA0AEQAMQBBADYANABFADQALQAzADcAQgBGAC0ANAA5AEYAMgAtADkAOQBEADEALQA1ADkANgBGAEEAMgAzADUARgBBAEQAMQB9MF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIwggOvBgkqhkiG9w0BBwagggOgMIIDnAIBADCCA5UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECPLFyVJDDpzhAgIH0ICCA2hEt7WDTT87EBsNidgZgcuPvMH41IqmN3dd7Vk6RKwwO8dnLGzD6sCA9sLaQ3uKeX9WrxnBbrIzqk4yq6RRPBhW9Gegs85oldLfBsDFpyD4Wi4tQ6LBkH20/Ziy+vPZbZXDlCrrF75ruhtBQrLgtEJ6b/fj9MBw336917A9ALXKa8qcIykq5lBKTz1gRITUkIl35Ylb3kl6wB8L1hSq7jf0tuqMTREI33T3WCn8oBEPdVlgR5L4D6yVGlp62ogUnfFJ8C1V6vLiE45Z9w3ttxi3WCsG/rqz/pWkY2ctGE4Mv5ORuqwZDSChK60DbkfANpdUzqgb+Lw39CLAnmkfQMuZVJyAs/PV65yuVFmdfy5n+m2YzQNLztbsYhdyYHVrgTNrAEsy+3N0OhT3OKschHMoN4YPyu09gxHQWXuSo3X8HvoBHD6NeJ6FIdu1NJx3qCrVJPREMX30Zf6AmmWe3aIFjDz351bIc0Rc4YDAc1RRf1A/JDzeYRZrPDwdbJAj/g4oBEeZEdSmcNFxc42Tz5igTaJWyxHOkAU2iRGU17xb2diVUSCfbVsUwfiSQNcOArMl+JvLfvZp9Ye5lhZKrgTQbWdrDm9jvtCyzAxBILjjBdmQJEoJth9WlgS3ASVxarO194cqjlRvTmmNZ8kdOLt1Ybr2ZlAG2g3gOn7NQeEzyd8WBcxVCGiEyeJBvqpVSMnDGJ4VLHXsiknstr42USzAQN+t7cLOJ+J2Y0phgZ87oAixJnpEoz8z/Z65VV5syREeubiHK5uQmz3pc5qL/5LbYNT1ZqXWbDO+HXpTFJwbZ2DubNjSG1zrGNctzoRuhQidTOepyMvnlJN1PfKZoIQcA+G6PHkrNnBqo13tE9faQA8x2gvOoQYGSFi95UGlc4sTXER0+EbOCYwXkUGatQSlMLpfVXrMkRwlO6g9rC63LZC7ubqqzPPlQwdwbHTMEDxZ5ZsO21RT1JIiXfQEu/gp+HAL+Xqbsiq3Q4CCKTh04mV0Dj4a+kg6XU6BETgdwSjBbxxsbhK7yc0jlgGrNXvC72Ua7IN19zcwsrvwqtkVSc850/i1qQf066h1g/5i5Co7eIgAdRT1/S4nw5CBYGsgr5bl1ZAB2OmmkEiZqYYi3LdeYgr2yK5XcwrcPcOCWv/iN5AHhpgPqzA3MB8wBwYFKw4DAhoEFCcvtRx98fW7DF3rONM5nagH2ffMBBQi0PdBdLzm4i8p2Dhdjj4Vi0whig==" />
+  </PublishProfile>
+</PublishData>
+`

From 8d017be63724fb6bc9b237de5196b9b88b3c4523 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 10:35:40 -0500
Subject: [PATCH 239/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9458c1a733..6dfefc4193 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,6 +44,7 @@ IMPROVEMENTS:
   * provider/aws: Add validation for `db_parameter_group.name` [GH-3279]
   * provider/aws: `aws_s3_bucket_object` allows interpolated content to be set with new `content` attribute. [GH-3200]
   * provider/aws: Allow tags for `aws_kinesis_stream` resource. [GH-3397]
+  * provider/aws: Configurable capacity waiting duration for ASGs [GH-3191]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From 6d2fee9c28831251aace76ea8f5653ba0c5510b1 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Wed, 14 Oct 2015 18:06:09 +0100
Subject: [PATCH 240/335] After the DynamoDB table is created, the ARN wasn't
 being set

---
 builtin/providers/aws/resource_aws_dynamodb_table.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_dynamodb_table.go b/builtin/providers/aws/resource_aws_dynamodb_table.go
index df043ffe08..b322ad8977 100644
--- a/builtin/providers/aws/resource_aws_dynamodb_table.go
+++ b/builtin/providers/aws/resource_aws_dynamodb_table.go
@@ -287,6 +287,10 @@ func resourceAwsDynamoDbTableCreate(d *schema.ResourceData, meta interface{}) er
 		} else {
 			// No error, set ID and return
 			d.SetId(*output.TableDescription.TableName)
+			if err := d.Set("arn", *output.TableDescription.TableArn); err != nil {
+				return err
+			}
+
 			return nil
 		}
 	}

From 12625997c1124f5bc410d1d311d6b49909ead03f Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Fri, 25 Sep 2015 17:48:08 -0400
Subject: [PATCH 241/335] Added global address & tests

---
 builtin/providers/google/provider.go          |   1 +
 .../google/resource_compute_global_address.go | 100 ++++++++++++++++++
 .../resource_compute_global_address_test.go   |  81 ++++++++++++++
 .../r/compute_global_address.html.markdown    |  37 +++++++
 4 files changed, 219 insertions(+)
 create mode 100644 builtin/providers/google/resource_compute_global_address.go
 create mode 100644 builtin/providers/google/resource_compute_global_address_test.go
 create mode 100644 website/source/docs/providers/google/r/compute_global_address.html.markdown

diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go
index 7c9587219b..87a299d81b 100644
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@@ -40,6 +40,7 @@ func Provider() terraform.ResourceProvider {
 			"google_compute_disk":                   resourceComputeDisk(),
 			"google_compute_firewall":               resourceComputeFirewall(),
 			"google_compute_forwarding_rule":        resourceComputeForwardingRule(),
+			"google_compute_global_address":         resourceComputeGlobalAddress(),
 			"google_compute_http_health_check":      resourceComputeHttpHealthCheck(),
 			"google_compute_instance":               resourceComputeInstance(),
 			"google_compute_instance_template":      resourceComputeInstanceTemplate(),
diff --git a/builtin/providers/google/resource_compute_global_address.go b/builtin/providers/google/resource_compute_global_address.go
new file mode 100644
index 0000000000..0d19bdfcf6
--- /dev/null
+++ b/builtin/providers/google/resource_compute_global_address.go
@@ -0,0 +1,100 @@
+package google
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/compute/v1"
+	"google.golang.org/api/googleapi"
+)
+
+func resourceComputeGlobalAddress() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeGlobalAddressCreate,
+		Read:   resourceComputeGlobalAddressRead,
+		Delete: resourceComputeGlobalAddressDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"address": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"self_link": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceComputeGlobalAddressCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Build the address parameter
+	addr := &compute.Address{Name: d.Get("name").(string)}
+	op, err := config.clientCompute.GlobalAddresses.Insert(
+		config.Project, addr).Do()
+	if err != nil {
+		return fmt.Errorf("Error creating address: %s", err)
+	}
+
+	// It probably maybe worked, so store the ID now
+	d.SetId(addr.Name)
+
+	err = resourceOperationWaitGlobal(config, op, "Creating Global Address")
+	if err != nil {
+		return err
+	}
+
+	return resourceComputeGlobalAddressRead(d, meta)
+}
+
+func resourceComputeGlobalAddressRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	addr, err := config.clientCompute.GlobalAddresses.Get(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
+			// The resource doesn't exist anymore
+			d.SetId("")
+
+			return nil
+		}
+
+		return fmt.Errorf("Error reading address: %s", err)
+	}
+
+	d.Set("address", addr.Address)
+	d.Set("self_link", addr.SelfLink)
+
+	return nil
+}
+
+func resourceComputeGlobalAddressDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	// Delete the address
+	log.Printf("[DEBUG] address delete request")
+	op, err := config.clientCompute.GlobalAddresses.Delete(
+		config.Project, d.Id()).Do()
+	if err != nil {
+		return fmt.Errorf("Error deleting address: %s", err)
+	}
+
+	err = resourceOperationWaitGlobal(config, op, "Deletingg Global Address")
+	if err != nil {
+		return err
+	}
+
+	d.SetId("")
+	return nil
+}
diff --git a/builtin/providers/google/resource_compute_global_address_test.go b/builtin/providers/google/resource_compute_global_address_test.go
new file mode 100644
index 0000000000..2ef7b97ea7
--- /dev/null
+++ b/builtin/providers/google/resource_compute_global_address_test.go
@@ -0,0 +1,81 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"google.golang.org/api/compute/v1"
+)
+
+func TestAccComputeGlobalAddress_basic(t *testing.T) {
+	var addr compute.Address
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeGlobalAddressDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeGlobalAddress_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeGlobalAddressExists(
+						"google_compute_global_address.foobar", &addr),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckComputeGlobalAddressDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "google_compute_global_address" {
+			continue
+		}
+
+		_, err := config.clientCompute.GlobalAddresses.Get(
+			config.Project, rs.Primary.ID).Do()
+		if err == nil {
+			return fmt.Errorf("Address still exists")
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckComputeGlobalAddressExists(n string, addr *compute.Address) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+
+		found, err := config.clientCompute.GlobalAddresses.Get(
+			config.Project, rs.Primary.ID).Do()
+		if err != nil {
+			return err
+		}
+
+		if found.Name != rs.Primary.ID {
+			return fmt.Errorf("Addr not found")
+		}
+
+		*addr = *found
+
+		return nil
+	}
+}
+
+const testAccComputeGlobalAddress_basic = `
+resource "google_compute_global_address" "foobar" {
+	name = "terraform-test"
+}`
diff --git a/website/source/docs/providers/google/r/compute_global_address.html.markdown b/website/source/docs/providers/google/r/compute_global_address.html.markdown
new file mode 100644
index 0000000000..1fdb24e6dd
--- /dev/null
+++ b/website/source/docs/providers/google/r/compute_global_address.html.markdown
@@ -0,0 +1,37 @@
+---
+layout: "google"
+page_title: "Google: google_compute_global_address"
+sidebar_current: "docs-google-resource-global-address"
+description: |-
+  Creates a static global IP address resource for a Google Compute Engine project.
+---
+
+# google\_compute\_global\_address
+
+Creates a static IP address resource global to a for Google Compute Engine project.  For more information see
+[the official documentation](https://cloud.google.com/compute/docs/instances-and-network) and
+[API](https://cloud.google.com/compute/docs/reference/latest/globalAddresses).
+
+
+## Example Usage
+
+```
+resource "google_compute_global_address" "default" {
+	name = "test-address"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) A unique name for the resource, required by GCE.
+    Changing this forces a new resource to be created.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `name` - The name of the resource.
+* `address` - The IP address that was allocated.
+* `self_link` - The URI of the created resource.

From b7f7c7a7315a2e6c355f45c330c9d59ebc9c0e36 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Wed, 14 Oct 2015 13:17:08 -0400
Subject: [PATCH 242/335] Provider GCE, fixed metadata state update bug

---
 builtin/providers/google/provider.go          |   1 -
 .../google/resource_compute_global_address.go | 100 ------------------
 .../resource_compute_global_address_test.go   |  81 --------------
 .../google/resource_compute_instance.go       |  18 +++-
 .../google/resource_compute_instance_test.go  |   2 +-
 .../r/compute_global_address.html.markdown    |  37 -------
 6 files changed, 18 insertions(+), 221 deletions(-)
 delete mode 100644 builtin/providers/google/resource_compute_global_address.go
 delete mode 100644 builtin/providers/google/resource_compute_global_address_test.go
 delete mode 100644 website/source/docs/providers/google/r/compute_global_address.html.markdown

diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go
index 87a299d81b..7c9587219b 100644
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@@ -40,7 +40,6 @@ func Provider() terraform.ResourceProvider {
 			"google_compute_disk":                   resourceComputeDisk(),
 			"google_compute_firewall":               resourceComputeFirewall(),
 			"google_compute_forwarding_rule":        resourceComputeForwardingRule(),
-			"google_compute_global_address":         resourceComputeGlobalAddress(),
 			"google_compute_http_health_check":      resourceComputeHttpHealthCheck(),
 			"google_compute_instance":               resourceComputeInstance(),
 			"google_compute_instance_template":      resourceComputeInstanceTemplate(),
diff --git a/builtin/providers/google/resource_compute_global_address.go b/builtin/providers/google/resource_compute_global_address.go
deleted file mode 100644
index 0d19bdfcf6..0000000000
--- a/builtin/providers/google/resource_compute_global_address.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package google
-
-import (
-	"fmt"
-	"log"
-
-	"github.com/hashicorp/terraform/helper/schema"
-	"google.golang.org/api/compute/v1"
-	"google.golang.org/api/googleapi"
-)
-
-func resourceComputeGlobalAddress() *schema.Resource {
-	return &schema.Resource{
-		Create: resourceComputeGlobalAddressCreate,
-		Read:   resourceComputeGlobalAddressRead,
-		Delete: resourceComputeGlobalAddressDelete,
-
-		Schema: map[string]*schema.Schema{
-			"name": &schema.Schema{
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
-			},
-
-			"address": &schema.Schema{
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-
-			"self_link": &schema.Schema{
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-		},
-	}
-}
-
-func resourceComputeGlobalAddressCreate(d *schema.ResourceData, meta interface{}) error {
-	config := meta.(*Config)
-
-	// Build the address parameter
-	addr := &compute.Address{Name: d.Get("name").(string)}
-	op, err := config.clientCompute.GlobalAddresses.Insert(
-		config.Project, addr).Do()
-	if err != nil {
-		return fmt.Errorf("Error creating address: %s", err)
-	}
-
-	// It probably maybe worked, so store the ID now
-	d.SetId(addr.Name)
-
-	err = resourceOperationWaitGlobal(config, op, "Creating Global Address")
-	if err != nil {
-		return err
-	}
-
-	return resourceComputeGlobalAddressRead(d, meta)
-}
-
-func resourceComputeGlobalAddressRead(d *schema.ResourceData, meta interface{}) error {
-	config := meta.(*Config)
-
-	addr, err := config.clientCompute.GlobalAddresses.Get(
-		config.Project, d.Id()).Do()
-	if err != nil {
-		if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 {
-			// The resource doesn't exist anymore
-			d.SetId("")
-
-			return nil
-		}
-
-		return fmt.Errorf("Error reading address: %s", err)
-	}
-
-	d.Set("address", addr.Address)
-	d.Set("self_link", addr.SelfLink)
-
-	return nil
-}
-
-func resourceComputeGlobalAddressDelete(d *schema.ResourceData, meta interface{}) error {
-	config := meta.(*Config)
-
-	// Delete the address
-	log.Printf("[DEBUG] address delete request")
-	op, err := config.clientCompute.GlobalAddresses.Delete(
-		config.Project, d.Id()).Do()
-	if err != nil {
-		return fmt.Errorf("Error deleting address: %s", err)
-	}
-
-	err = resourceOperationWaitGlobal(config, op, "Deletingg Global Address")
-	if err != nil {
-		return err
-	}
-
-	d.SetId("")
-	return nil
-}
diff --git a/builtin/providers/google/resource_compute_global_address_test.go b/builtin/providers/google/resource_compute_global_address_test.go
deleted file mode 100644
index 2ef7b97ea7..0000000000
--- a/builtin/providers/google/resource_compute_global_address_test.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package google
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/hashicorp/terraform/helper/resource"
-	"github.com/hashicorp/terraform/terraform"
-	"google.golang.org/api/compute/v1"
-)
-
-func TestAccComputeGlobalAddress_basic(t *testing.T) {
-	var addr compute.Address
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProviders,
-		CheckDestroy: testAccCheckComputeGlobalAddressDestroy,
-		Steps: []resource.TestStep{
-			resource.TestStep{
-				Config: testAccComputeGlobalAddress_basic,
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeGlobalAddressExists(
-						"google_compute_global_address.foobar", &addr),
-				),
-			},
-		},
-	})
-}
-
-func testAccCheckComputeGlobalAddressDestroy(s *terraform.State) error {
-	config := testAccProvider.Meta().(*Config)
-
-	for _, rs := range s.RootModule().Resources {
-		if rs.Type != "google_compute_global_address" {
-			continue
-		}
-
-		_, err := config.clientCompute.GlobalAddresses.Get(
-			config.Project, rs.Primary.ID).Do()
-		if err == nil {
-			return fmt.Errorf("Address still exists")
-		}
-	}
-
-	return nil
-}
-
-func testAccCheckComputeGlobalAddressExists(n string, addr *compute.Address) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		rs, ok := s.RootModule().Resources[n]
-		if !ok {
-			return fmt.Errorf("Not found: %s", n)
-		}
-
-		if rs.Primary.ID == "" {
-			return fmt.Errorf("No ID is set")
-		}
-
-		config := testAccProvider.Meta().(*Config)
-
-		found, err := config.clientCompute.GlobalAddresses.Get(
-			config.Project, rs.Primary.ID).Do()
-		if err != nil {
-			return err
-		}
-
-		if found.Name != rs.Primary.ID {
-			return fmt.Errorf("Addr not found")
-		}
-
-		*addr = *found
-
-		return nil
-	}
-}
-
-const testAccComputeGlobalAddress_basic = `
-resource "google_compute_global_address" "foobar" {
-	name = "terraform-test"
-}`
diff --git a/builtin/providers/google/resource_compute_instance.go b/builtin/providers/google/resource_compute_instance.go
index 52575767e5..229d1b05e3 100644
--- a/builtin/providers/google/resource_compute_instance.go
+++ b/builtin/providers/google/resource_compute_instance.go
@@ -515,10 +515,17 @@ func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error
 	// Synch metadata
 	md := instance.Metadata
 
-	if err = d.Set("metadata", MetadataFormatSchema(md)); err != nil {
+	_md := MetadataFormatSchema(md)
+	if script, scriptExists := d.GetOk("metadata_startup_script"); scriptExists {
+		d.Set("metadata_startup_script", script)
+		delete(_md, "startup-script")
+	}
+
+	if err = d.Set("metadata", _md); err != nil {
 		return fmt.Errorf("Error setting metadata: %s", err)
 	}
 
+
 	d.Set("can_ip_forward", instance.CanIpForward)
 
 	// Set the service accounts
@@ -635,6 +642,7 @@ func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	d.Set("self_link", instance.SelfLink)
+	d.SetId(instance.Name)
 
 	return nil
 }
@@ -655,6 +663,14 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 	// If the Metadata has changed, then update that.
 	if d.HasChange("metadata") {
 		o, n := d.GetChange("metadata")
+		if script, scriptExists := d.GetOk("metadata_startup_script"); scriptExists {
+			if _, ok := n.(map[string]interface{})["startup-script"]; ok {
+				return fmt.Errorf("Only one of metadata.startup-script and metadata_startup_script may be defined")
+			}
+
+			n.(map[string]interface{})["startup-script"] = script
+		}
+
 
 		updateMD := func() error {
 			// Reload the instance in the case of a fingerprint mismatch
diff --git a/builtin/providers/google/resource_compute_instance_test.go b/builtin/providers/google/resource_compute_instance_test.go
index 61c4906a25..f59da73ef9 100644
--- a/builtin/providers/google/resource_compute_instance_test.go
+++ b/builtin/providers/google/resource_compute_instance_test.go
@@ -32,7 +32,7 @@ func TestAccComputeInstance_basic_deprecated_network(t *testing.T) {
 	})
 }
 
-func TestAccComputeInstance_basic(t *testing.T) {
+func TestAccComputeInstance_basic1(t *testing.T) {
 	var instance compute.Instance
 
 	resource.Test(t, resource.TestCase{
diff --git a/website/source/docs/providers/google/r/compute_global_address.html.markdown b/website/source/docs/providers/google/r/compute_global_address.html.markdown
deleted file mode 100644
index 1fdb24e6dd..0000000000
--- a/website/source/docs/providers/google/r/compute_global_address.html.markdown
+++ /dev/null
@@ -1,37 +0,0 @@
----
-layout: "google"
-page_title: "Google: google_compute_global_address"
-sidebar_current: "docs-google-resource-global-address"
-description: |-
-  Creates a static global IP address resource for a Google Compute Engine project.
----
-
-# google\_compute\_global\_address
-
-Creates a static IP address resource global to a for Google Compute Engine project.  For more information see
-[the official documentation](https://cloud.google.com/compute/docs/instances-and-network) and
-[API](https://cloud.google.com/compute/docs/reference/latest/globalAddresses).
-
-
-## Example Usage
-
-```
-resource "google_compute_global_address" "default" {
-	name = "test-address"
-}
-```
-
-## Argument Reference
-
-The following arguments are supported:
-
-* `name` - (Required) A unique name for the resource, required by GCE.
-    Changing this forces a new resource to be created.
-
-## Attributes Reference
-
-The following attributes are exported:
-
-* `name` - The name of the resource.
-* `address` - The IP address that was allocated.
-* `self_link` - The URI of the created resource.

From b1d731bd6f24a1aab2ede549a46bf2b9c93be68e Mon Sep 17 00:00:00 2001
From: Joel Moss <joel@developwithstyle.com>
Date: Wed, 14 Oct 2015 19:05:38 +0100
Subject: [PATCH 243/335] [chef provisioning] When use_policyfile is given, the
 run list is not used, so don't require it

---
 builtin/provisioners/chef/resource_provisioner.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/provisioners/chef/resource_provisioner.go b/builtin/provisioners/chef/resource_provisioner.go
index 7b94486d29..50b5666ee1 100644
--- a/builtin/provisioners/chef/resource_provisioner.go
+++ b/builtin/provisioners/chef/resource_provisioner.go
@@ -180,7 +180,7 @@ func (r *ResourceProvisioner) Validate(c *terraform.ResourceConfig) (ws []string
 	if p.NodeName == "" {
 		es = append(es, fmt.Errorf("Key not found: node_name"))
 	}
-	if p.RunList == nil {
+	if !p.UsePolicyfile && p.RunList == nil {
 		es = append(es, fmt.Errorf("Key not found: run_list"))
 	}
 	if p.ServerURL == "" {

From 7af484c8f6e9aca7792877a55655c68351fb5910 Mon Sep 17 00:00:00 2001
From: stack72 <public@paulstack.co.uk>
Date: Wed, 14 Oct 2015 19:16:58 +0100
Subject: [PATCH 244/335] Changing the DynamoDb Create to do a Read at the end

---
 builtin/providers/aws/resource_aws_dynamodb_table.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_dynamodb_table.go b/builtin/providers/aws/resource_aws_dynamodb_table.go
index b322ad8977..c88f50d8aa 100644
--- a/builtin/providers/aws/resource_aws_dynamodb_table.go
+++ b/builtin/providers/aws/resource_aws_dynamodb_table.go
@@ -291,7 +291,7 @@ func resourceAwsDynamoDbTableCreate(d *schema.ResourceData, meta interface{}) er
 				return err
 			}
 
-			return nil
+			return resourceAwsDynamoDbTableRead(d, meta)
 		}
 	}
 

From 4fb7ae6600ceef8ca5cdb554f9ae7057d412b92f Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 14 Oct 2015 13:55:19 -0500
Subject: [PATCH 245/335] rename test so it can be ran in isolation

---
 builtin/providers/aws/resource_aws_s3_bucket_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket_test.go b/builtin/providers/aws/resource_aws_s3_bucket_test.go
index e494816b3e..1ce05583c9 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_test.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_test.go
@@ -64,7 +64,7 @@ func TestAccAWSS3Bucket_Policy(t *testing.T) {
 	})
 }
 
-func TestAccAWSS3Bucket_Website(t *testing.T) {
+func TestAccAWSS3Bucket_Website_Simple(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,

From f9c577aa2ad1646e1a529d3cb23355e4ce8c2c0f Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 14 Oct 2015 13:55:37 -0500
Subject: [PATCH 246/335] update requirement for peer test

---
 .../providers/aws/resource_aws_vpc_peering_connection_test.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
index 8f73602505..ca92ce66a6 100644
--- a/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
+++ b/builtin/providers/aws/resource_aws_vpc_peering_connection_test.go
@@ -36,6 +36,7 @@ func TestAccAWSVPCPeeringConnection_basic(t *testing.T) {
 
 func TestAccAWSVPCPeeringConnection_tags(t *testing.T) {
 	var connection ec2.VpcPeeringConnection
+	peerId := os.Getenv("TF_PEER_ID")
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -43,7 +44,7 @@ func TestAccAWSVPCPeeringConnection_tags(t *testing.T) {
 		CheckDestroy: testAccCheckVpcDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccVpcPeeringConfigTags,
+				Config: fmt.Sprintf(testAccVpcPeeringConfigTags, peerId),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSVpcPeeringConnectionExists("aws_vpc_peering_connection.foo", &connection),
 					testAccCheckTags(&connection.Tags, "foo", "bar"),
@@ -133,6 +134,7 @@ resource "aws_vpc" "bar" {
 resource "aws_vpc_peering_connection" "foo" {
 		vpc_id = "${aws_vpc.foo.id}"
 		peer_vpc_id = "${aws_vpc.bar.id}"
+		peer_owner_id = "%s"
 		tags {
 			foo = "bar"
 		}

From 6ab339b62dad8fd56ebc4bad2136bd062c0ab138 Mon Sep 17 00:00:00 2001
From: Clint Shryock <clint@ctshryock.com>
Date: Wed, 14 Oct 2015 14:49:33 -0500
Subject: [PATCH 247/335] unset website_endpoint, website_domain if website
 part is removed

---
 builtin/providers/aws/resource_aws_s3_bucket.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go
index a329d4ff6d..b45f69cc47 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket.go
@@ -464,6 +464,9 @@ func resourceAwsS3BucketWebsiteDelete(s3conn *s3.S3, d *schema.ResourceData) err
 		return fmt.Errorf("Error deleting S3 website: %s", err)
 	}
 
+	d.Set("website_endpoint", "")
+	d.Set("website_domain", "")
+
 	return nil
 }
 

From 2a179d10657d58cc8ea63f7700f3a493a1c2e1a2 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 13:44:28 -0500
Subject: [PATCH 248/335] helper/schema: ValidateFunc support for maps

---
 helper/schema/schema.go      | 15 +++++++++++++--
 helper/schema/schema_test.go |  2 +-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/helper/schema/schema.go b/helper/schema/schema.go
index 34145b1367..f4d8609957 100644
--- a/helper/schema/schema.go
+++ b/helper/schema/schema.go
@@ -540,8 +540,8 @@ func (m schemaMap) InternalValidate(topSchemaMap schemaMap) error {
 
 		if v.ValidateFunc != nil {
 			switch v.Type {
-			case TypeList, TypeSet, TypeMap:
-				return fmt.Errorf("ValidateFunc is only supported on primitives.")
+			case TypeList, TypeSet:
+				return fmt.Errorf("ValidateFunc is not yet supported on lists or sets.")
 			}
 		}
 	}
@@ -1118,6 +1118,17 @@ func (m schemaMap) validateMap(
 		}
 	}
 
+	if schema.ValidateFunc != nil {
+		validatableMap := make(map[string]interface{})
+		for _, raw := range raws {
+			for k, v := range raw.(map[string]interface{}) {
+				validatableMap[k] = v
+			}
+		}
+
+		return schema.ValidateFunc(validatableMap, k)
+	}
+
 	return nil, nil
 }
 
diff --git a/helper/schema/schema_test.go b/helper/schema/schema_test.go
index faf703b0f8..09eeef119e 100644
--- a/helper/schema/schema_test.go
+++ b/helper/schema/schema_test.go
@@ -2903,7 +2903,7 @@ func TestSchemaMap_InternalValidate(t *testing.T) {
 		{
 			map[string]*Schema{
 				"foo": &Schema{
-					Type:     TypeMap,
+					Type:     TypeSet,
 					Required: true,
 					ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
 						return

From ab0534a356208ade7b5cba5096c215e0ac84f4c4 Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Wed, 14 Oct 2015 16:27:05 -0500
Subject: [PATCH 249/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6dfefc4193..61f9785a09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -42,6 +42,7 @@ IMPROVEMENTS:
   * provider/aws: Add `configuation_endpoint` to `aws_elasticache_cluster` [GH-3250]
   * provider/aws: Add validation for `app_cookie_stickiness_policy.name` [GH-3277]
   * provider/aws: Add validation for `db_parameter_group.name` [GH-3279]
+  * provider/aws: Set DynamoDB Table ARN after creation [GH-3500]
   * provider/aws: `aws_s3_bucket_object` allows interpolated content to be set with new `content` attribute. [GH-3200]
   * provider/aws: Allow tags for `aws_kinesis_stream` resource. [GH-3397]
   * provider/aws: Configurable capacity waiting duration for ASGs [GH-3191]

From a1939e70f7fc806532e977adfdf2356c525c8c2a Mon Sep 17 00:00:00 2001
From: Rob Zienert <rob@robzienert.com>
Date: Sun, 9 Aug 2015 03:02:28 -0500
Subject: [PATCH 250/335] Adding ignore_changes lifecycle meta property

---
 .gitignore                                    |  1 +
 config/config.go                              |  5 +-
 config/loader_test.go                         | 57 +++++++++++++++++++
 config/test-fixtures/ignore-changes.tf        | 17 ++++++
 terraform/context_plan_test.go                | 46 +++++++++++++++
 terraform/eval_ignore_changes.go              | 32 +++++++++++
 terraform/terraform_test.go                   | 13 +++++
 .../test-fixtures/plan-ignore-changes/main.tf |  9 +++
 terraform/transform_resource.go               |  4 ++
 .../docs/configuration/resources.html.md      | 11 ++++
 10 files changed, 193 insertions(+), 2 deletions(-)
 create mode 100644 config/test-fixtures/ignore-changes.tf
 create mode 100644 terraform/eval_ignore_changes.go
 create mode 100644 terraform/test-fixtures/plan-ignore-changes/main.tf

diff --git a/.gitignore b/.gitignore
index 314611940e..66ea31701f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@ website/node_modules
 *.bak
 *~
 .*.swp
+.idea
diff --git a/config/config.go b/config/config.go
index c088414dab..d31777f6e8 100644
--- a/config/config.go
+++ b/config/config.go
@@ -84,8 +84,9 @@ type Resource struct {
 // ResourceLifecycle is used to store the lifecycle tuning parameters
 // to allow customized behavior
 type ResourceLifecycle struct {
-	CreateBeforeDestroy bool `mapstructure:"create_before_destroy"`
-	PreventDestroy      bool `mapstructure:"prevent_destroy"`
+	CreateBeforeDestroy bool     `mapstructure:"create_before_destroy"`
+	PreventDestroy      bool     `mapstructure:"prevent_destroy"`
+	IgnoreChanges       []string `mapstructure:"ignore_changes"`
 }
 
 // Provisioner is a configured provisioner step on a resource.
diff --git a/config/loader_test.go b/config/loader_test.go
index d239bd0b9a..eaf4f10aaa 100644
--- a/config/loader_test.go
+++ b/config/loader_test.go
@@ -440,6 +440,54 @@ func TestLoadFile_createBeforeDestroy(t *testing.T) {
 	}
 }
 
+func TestLoadFile_ignoreChanges(t *testing.T) {
+	c, err := LoadFile(filepath.Join(fixtureDir, "ignore-changes.tf"))
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if c == nil {
+		t.Fatal("config should not be nil")
+	}
+
+	actual := resourcesStr(c.Resources)
+	print(actual)
+	if actual != strings.TrimSpace(ignoreChangesResourcesStr) {
+		t.Fatalf("bad:\n%s", actual)
+	}
+
+	// Check for the flag value
+	r := c.Resources[0]
+	if r.Name != "web" && r.Type != "aws_instance" {
+		t.Fatalf("Bad: %#v", r)
+	}
+
+	// Should populate ignore changes
+	if len(r.Lifecycle.IgnoreChanges) == 0 {
+		t.Fatalf("Bad: %#v", r)
+	}
+
+	r = c.Resources[1]
+	if r.Name != "bar" && r.Type != "aws_instance" {
+		t.Fatalf("Bad: %#v", r)
+	}
+
+	// Should not populate ignore changes
+	if len(r.Lifecycle.IgnoreChanges) > 0 {
+		t.Fatalf("Bad: %#v", r)
+	}
+
+	r = c.Resources[2]
+	if r.Name != "baz" && r.Type != "aws_instance" {
+		t.Fatalf("Bad: %#v", r)
+	}
+
+	// Should not populate ignore changes
+	if len(r.Lifecycle.IgnoreChanges) > 0 {
+		t.Fatalf("Bad: %#v", r)
+	}
+}
+
 func TestLoad_preventDestroyString(t *testing.T) {
 	c, err := LoadFile(filepath.Join(fixtureDir, "prevent-destroy-string.tf"))
 	if err != nil {
@@ -676,3 +724,12 @@ aws_instance[bar] (x1)
 aws_instance[web] (x1)
   ami
 `
+
+const ignoreChangesResourcesStr = `
+aws_instance[bar] (x1)
+  ami
+aws_instance[baz] (x1)
+  ami
+aws_instance[web] (x1)
+  ami
+`
diff --git a/config/test-fixtures/ignore-changes.tf b/config/test-fixtures/ignore-changes.tf
new file mode 100644
index 0000000000..765a057983
--- /dev/null
+++ b/config/test-fixtures/ignore-changes.tf
@@ -0,0 +1,17 @@
+resource "aws_instance" "web" {
+    ami = "foo"
+    lifecycle {
+        ignore_changes = ["ami"]
+    }
+}
+
+resource "aws_instance" "bar" {
+    ami = "foo"
+    lifecycle {
+        ignore_changes = []
+    }
+}
+
+resource "aws_instance" "baz" {
+  ami = "foo"
+}
diff --git a/terraform/context_plan_test.go b/terraform/context_plan_test.go
index 50f2bb4716..db6f245772 100644
--- a/terraform/context_plan_test.go
+++ b/terraform/context_plan_test.go
@@ -1672,3 +1672,49 @@ func TestContext2Plan_varListErr(t *testing.T) {
 		t.Fatal("should error")
 	}
 }
+
+func TestContext2Plan_ignoreChanges(t *testing.T) {
+	m := testModule(t, "plan-ignore-changes")
+	p := testProvider("aws")
+	p.DiffFn = testDiffFn
+	s := &State{
+		Modules: []*ModuleState{
+			&ModuleState{
+				Path: rootModulePath,
+				Resources: map[string]*ResourceState{
+					"aws_instance.foo": &ResourceState{
+						Primary: &InstanceState{
+							ID:         "bar",
+							Attributes: map[string]string{"ami": "ami-abcd1234"},
+						},
+					},
+				},
+			},
+		},
+	}
+	ctx := testContext2(t, &ContextOpts{
+		Module: m,
+		Providers: map[string]ResourceProviderFactory{
+			"aws": testProviderFuncFixed(p),
+		},
+		Variables: map[string]string{
+			"foo": "ami-1234abcd",
+		},
+		State: s,
+	})
+
+	plan, err := ctx.Plan()
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if len(plan.Diff.RootModule().Resources) < 1 {
+		t.Fatalf("bad: %#v", plan.Diff.RootModule().Resources)
+	}
+
+	actual := strings.TrimSpace(plan.String())
+	expected := strings.TrimSpace(testTerraformPlanIgnoreChangesStr)
+	if actual != expected {
+		t.Fatalf("bad:\n%s\n\nexpected\n\n%s", actual, expected)
+	}
+}
diff --git a/terraform/eval_ignore_changes.go b/terraform/eval_ignore_changes.go
new file mode 100644
index 0000000000..1a44089a98
--- /dev/null
+++ b/terraform/eval_ignore_changes.go
@@ -0,0 +1,32 @@
+package terraform
+import (
+	"github.com/hashicorp/terraform/config"
+	"strings"
+)
+
+// EvalIgnoreChanges is an EvalNode implementation that removes diff
+// attributes if their name matches names provided by the resource's
+// IgnoreChanges lifecycle.
+type EvalIgnoreChanges struct {
+	Resource *config.Resource
+	Diff **InstanceDiff
+}
+
+func (n *EvalIgnoreChanges) Eval(ctx EvalContext) (interface{}, error) {
+	if n.Diff == nil || *n.Diff == nil || n.Resource == nil || n.Resource.Id() == "" {
+		return nil, nil
+	}
+
+	diff := *n.Diff
+	ignoreChanges := n.Resource.Lifecycle.IgnoreChanges
+
+	for _, ignoredName := range	ignoreChanges {
+		for name := range diff.Attributes {
+			if strings.HasPrefix(name, ignoredName) {
+				delete(diff.Attributes, name)
+			}
+		}
+	}
+
+	return nil, nil
+}
diff --git a/terraform/terraform_test.go b/terraform/terraform_test.go
index c84e9803cf..02d4de2a28 100644
--- a/terraform/terraform_test.go
+++ b/terraform/terraform_test.go
@@ -1286,3 +1286,16 @@ STATE:
 
 <no state>
 `
+
+const testTerraformPlanIgnoreChangesStr = `
+DIFF:
+
+UPDATE: aws_instance.foo
+  type: "" => "aws_instance"
+
+STATE:
+
+aws_instance.foo:
+  ID = bar
+  ami = ami-abcd1234
+`
diff --git a/terraform/test-fixtures/plan-ignore-changes/main.tf b/terraform/test-fixtures/plan-ignore-changes/main.tf
new file mode 100644
index 0000000000..056256a1d8
--- /dev/null
+++ b/terraform/test-fixtures/plan-ignore-changes/main.tf
@@ -0,0 +1,9 @@
+variable "foo" {}
+
+resource "aws_instance" "foo" {
+  ami = "${var.foo}"
+
+  lifecycle {
+    ignore_changes = ["ami"]
+  }
+}
diff --git a/terraform/transform_resource.go b/terraform/transform_resource.go
index a52b3ba724..81ff158d9c 100644
--- a/terraform/transform_resource.go
+++ b/terraform/transform_resource.go
@@ -318,6 +318,10 @@ func (n *graphNodeExpandedResource) EvalTree() EvalNode {
 					Resource: n.Resource,
 					Diff:     &diff,
 				},
+				&EvalIgnoreChanges{
+					Resource: n.Resource,
+					Diff: &diff,
+				},
 				&EvalWriteState{
 					Name:         n.stateId(),
 					ResourceType: n.Resource.Type,
diff --git a/website/source/docs/configuration/resources.html.md b/website/source/docs/configuration/resources.html.md
index f099c5f252..d5e087fec4 100644
--- a/website/source/docs/configuration/resources.html.md
+++ b/website/source/docs/configuration/resources.html.md
@@ -68,11 +68,20 @@ The `lifecycle` block allows the following keys to be set:
       destruction of a given resource. When this is set to `true`, any plan
       that includes a destroy of this resource will return an error message.
 
+  * `ignore_changes` (list of strings) - Customizes how diffs are evaluated for
+      resources, allowing individual attributes to be ignored through changes.
+      As an example, this can be used to ignore dynamic changes to the
+      resource from external resources. Other meta-parameters cannot be ignored.
+
 ~> **NOTE on create\_before\_destroy and dependencies:** Resources that utilize
 the `create_before_destroy` key can only depend on other resources that also
 include `create_before_destroy`. Referencing a resource that does not include
 `create_before_destroy` will result in a dependency graph cycle. 
 
+~> **NOTE on ignore\_changes:** Ignored attribute names can be matched by their
+name, not state ID. For example, if an `aws_route_table` has two routes defined
+and the `ignore_changes` list contains "route", both routes will be ignored.
+
 -------------
 
 Within a resource, you can optionally have a **connection block**.
@@ -191,6 +200,8 @@ where `LIFECYCLE` is:
 ```
 lifecycle {
     [create_before_destroy = true|false]
+    [prevent_destroy = true|false]
+    [ignore_changes = [ATTRIBUTE NAME, ...]]
 }
 ```
 

From 4f4c572aa4394d0bd5ff509e09c4cdff5f0d7626 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 18:23:14 -0500
Subject: [PATCH 251/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61f9785a09..0a4437768b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ FEATURES:
   * **New resource: `aws_autoscaling_lifecycle_hook`** [GH-3351]
   * **New resource: `aws_placement_group`** [GH-3457]
   * **New resource: `aws_glacier_vault`** [GH-3491]
+  * **New lifecycle flag: `ignore_changes`** [GH-2525]
 
 IMPROVEMENTS:
 

From 4f400a1944186ab2c7f057343d7a45b94b13dd71 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 13:17:44 -0500
Subject: [PATCH 252/335] provider/google: one more fix to GCE metadata

In #3501 @lwander got us almost all the way there, but we still had
tests failing. This seemed to be because GCE sets
`metadata.startup-script` to a blank string on instance creation, and if
a user specifies any `metadata` in their config this is seen as the
desired full contents of metadata, so we get a diff trying to remove
`startup-script`.

Here, to address this, we just proactively remove the "startup-script"
key from `Read`, and then we enforce that "metadata_startup_script"
is the only way to configure startup scripts on instances.
---
 .../google/resource_compute_instance.go       | 30 +++++++++++--------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/builtin/providers/google/resource_compute_instance.go b/builtin/providers/google/resource_compute_instance.go
index 229d1b05e3..68b8aed357 100644
--- a/builtin/providers/google/resource_compute_instance.go
+++ b/builtin/providers/google/resource_compute_instance.go
@@ -197,9 +197,10 @@ func resourceComputeInstance() *schema.Resource {
 			},
 
 			"metadata": &schema.Schema{
-				Type:     schema.TypeMap,
-				Optional: true,
-				Elem:     schema.TypeString,
+				Type:         schema.TypeMap,
+				Optional:     true,
+				Elem:         schema.TypeString,
+				ValidateFunc: validateInstanceMetadata,
 			},
 
 			"service_account": &schema.Schema{
@@ -516,16 +517,16 @@ func resourceComputeInstanceRead(d *schema.ResourceData, meta interface{}) error
 	md := instance.Metadata
 
 	_md := MetadataFormatSchema(md)
+	delete(_md, "startup-script")
+
 	if script, scriptExists := d.GetOk("metadata_startup_script"); scriptExists {
 		d.Set("metadata_startup_script", script)
-		delete(_md, "startup-script")
 	}
 
 	if err = d.Set("metadata", _md); err != nil {
 		return fmt.Errorf("Error setting metadata: %s", err)
 	}
 
-
 	d.Set("can_ip_forward", instance.CanIpForward)
 
 	// Set the service accounts
@@ -671,7 +672,6 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 			n.(map[string]interface{})["startup-script"] = script
 		}
 
-
 		updateMD := func() error {
 			// Reload the instance in the case of a fingerprint mismatch
 			instance, err = getInstance(config, d)
@@ -810,13 +810,8 @@ func resourceComputeInstanceDelete(d *schema.ResourceData, meta interface{}) err
 func resourceInstanceMetadata(d *schema.ResourceData) (*compute.Metadata, error) {
 	m := &compute.Metadata{}
 	mdMap := d.Get("metadata").(map[string]interface{})
-	_, mapScriptExists := mdMap["startup-script"]
-	dScript, dScriptExists := d.GetOk("metadata_startup_script")
-	if mapScriptExists && dScriptExists {
-		return nil, fmt.Errorf("Not allowed to have both metadata_startup_script and metadata.startup-script")
-	}
-	if dScriptExists {
-		mdMap["startup-script"] = dScript
+	if v, ok := d.GetOk("metadata_startup_script"); ok && v.(string) != "" {
+		mdMap["startup-script"] = v
 	}
 	if len(mdMap) > 0 {
 		m.Items = make([]*compute.MetadataItems, 0, len(mdMap))
@@ -852,3 +847,12 @@ func resourceInstanceTags(d *schema.ResourceData) *compute.Tags {
 
 	return tags
 }
+
+func validateInstanceMetadata(v interface{}, k string) (ws []string, es []error) {
+	mdMap := v.(map[string]interface{})
+	if _, ok := mdMap["startup-script"]; ok {
+		es = append(es, fmt.Errorf(
+			"Use metadata_startup_script instead of a startup-script key in %q.", k))
+	}
+	return
+}

From beff2ff4600d205cf2b549a4537f5dbec9ff62ea Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 14 Oct 2015 19:35:20 -0700
Subject: [PATCH 253/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0a4437768b..a29895acaa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -47,6 +47,7 @@ IMPROVEMENTS:
   * provider/aws: `aws_s3_bucket_object` allows interpolated content to be set with new `content` attribute. [GH-3200]
   * provider/aws: Allow tags for `aws_kinesis_stream` resource. [GH-3397]
   * provider/aws: Configurable capacity waiting duration for ASGs [GH-3191]
+  * provider/aws: Allow non-persistent Spot Requests [GH-3311]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From 2e3b3cfad210b07cf77ae38d9495d2bb9bf8c1c7 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 14 Oct 2015 19:37:33 -0700
Subject: [PATCH 254/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a29895acaa..9a7d913180 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -48,6 +48,7 @@ IMPROVEMENTS:
   * provider/aws: Allow tags for `aws_kinesis_stream` resource. [GH-3397]
   * provider/aws: Configurable capacity waiting duration for ASGs [GH-3191]
   * provider/aws: Allow non-persistent Spot Requests [GH-3311]
+  * provider/aws: Support tags for AWS DB subnet group [GH-3138]
   * provider/cloudstack: Add `project` parameter to `cloudstack_vpc`, `cloudstack_network`, `cloudstack_ipaddress` and `cloudstack_disk` [GH-3035]
   * provider/openstack: add functionality to attach FloatingIP to Port [GH-1788]
   * provider/google: Can now do multi-region deployments without using multiple providers [GH-3258]

From b2b41192acbf8db54b8aef86be9191d57374f717 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 22:16:58 -0500
Subject: [PATCH 255/335] provider/google: container test needed bigger
 instance to pass

---
 builtin/providers/google/resource_container_cluster_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builtin/providers/google/resource_container_cluster_test.go b/builtin/providers/google/resource_container_cluster_test.go
index 72f398a07c..ea4a5a597b 100644
--- a/builtin/providers/google/resource_container_cluster_test.go
+++ b/builtin/providers/google/resource_container_cluster_test.go
@@ -113,7 +113,7 @@ resource "google_container_cluster" "with_node_config" {
 	}
 
 	node_config {
-		machine_type = "f1-micro"
+		machine_type = "g1-small"
 		disk_size_gb = 15
 		oauth_scopes = [
 			"https://www.googleapis.com/auth/compute",

From 0efffc67f0015e4e7c6a51135b496bc0b5063e2c Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 22:17:34 -0500
Subject: [PATCH 256/335] provider/google: storage bucket tests shouldn't not
 check predefined_acl

it was depreceted in https://github.com/hashicorp/terraform/pull/3272
---
 builtin/providers/google/resource_storage_bucket_test.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/builtin/providers/google/resource_storage_bucket_test.go b/builtin/providers/google/resource_storage_bucket_test.go
index a7b59c61a9..3860fc9a6f 100644
--- a/builtin/providers/google/resource_storage_bucket_test.go
+++ b/builtin/providers/google/resource_storage_bucket_test.go
@@ -52,8 +52,6 @@ func TestAccStorageCustomAttributes(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudStorageBucketExists(
 						"google_storage_bucket.bucket", &bucketName),
-					resource.TestCheckResourceAttr(
-						"google_storage_bucket.bucket", "predefined_acl", "publicReadWrite"),
 					resource.TestCheckResourceAttr(
 						"google_storage_bucket.bucket", "location", "EU"),
 					resource.TestCheckResourceAttr(
@@ -77,8 +75,6 @@ func TestAccStorageBucketUpdate(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudStorageBucketExists(
 						"google_storage_bucket.bucket", &bucketName),
-					resource.TestCheckResourceAttr(
-						"google_storage_bucket.bucket", "predefined_acl", "projectPrivate"),
 					resource.TestCheckResourceAttr(
 						"google_storage_bucket.bucket", "location", "US"),
 					resource.TestCheckResourceAttr(

From f6e525e5310db681078b096ee8d7aa74b66b4820 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 22:36:01 -0500
Subject: [PATCH 257/335] provider/google: one more test that should skip
 predefined_acl

it was depreceted in https://github.com/hashicorp/terraform/pull/3272
---
 builtin/providers/google/resource_storage_bucket_test.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/builtin/providers/google/resource_storage_bucket_test.go b/builtin/providers/google/resource_storage_bucket_test.go
index 3860fc9a6f..8e83300500 100644
--- a/builtin/providers/google/resource_storage_bucket_test.go
+++ b/builtin/providers/google/resource_storage_bucket_test.go
@@ -27,8 +27,6 @@ func TestAccStorage_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudStorageBucketExists(
 						"google_storage_bucket.bucket", &bucketName),
-					resource.TestCheckResourceAttr(
-						"google_storage_bucket.bucket", "predefined_acl", "projectPrivate"),
 					resource.TestCheckResourceAttr(
 						"google_storage_bucket.bucket", "location", "US"),
 					resource.TestCheckResourceAttr(

From 3fbeb326cd53f75e01350df06eae89e681b54314 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 14 Oct 2015 21:34:07 -0500
Subject: [PATCH 258/335] provider/azure: acc tests fixes

 * avoid name collisions
 * update image names
---
 builtin/providers/azure/provider_test.go      |   6 +
 .../azure/resource_azure_data_disk_test.go    | 138 +++++++++---------
 .../azure/resource_azure_instance_test.go     |   4 +-
 3 files changed, 81 insertions(+), 67 deletions(-)

diff --git a/builtin/providers/azure/provider_test.go b/builtin/providers/azure/provider_test.go
index b3feb83925..ca4017aae0 100644
--- a/builtin/providers/azure/provider_test.go
+++ b/builtin/providers/azure/provider_test.go
@@ -3,9 +3,11 @@ package azure
 import (
 	"io"
 	"io/ioutil"
+	"math/rand"
 	"os"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/hashicorp/terraform/config"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -193,6 +195,10 @@ func TestAzure_isFile(t *testing.T) {
 	}
 }
 
+func genRandInt() int {
+	return rand.New(rand.NewSource(time.Now().UnixNano())).Int() % 100000
+}
+
 // testAzurePublishSettingsStr is a revoked publishsettings file
 const testAzurePublishSettingsStr = `
 <?xml version="1.0" encoding="utf-8"?>
diff --git a/builtin/providers/azure/resource_azure_data_disk_test.go b/builtin/providers/azure/resource_azure_data_disk_test.go
index dfad26b5ef..2c6660f66d 100644
--- a/builtin/providers/azure/resource_azure_data_disk_test.go
+++ b/builtin/providers/azure/resource_azure_data_disk_test.go
@@ -13,6 +13,7 @@ import (
 
 func TestAccAzureDataDisk_basic(t *testing.T) {
 	var disk virtualmachinedisk.DataDiskResponse
+	name := fmt.Sprintf("terraform-test%d", genRandInt())
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -20,13 +21,13 @@ func TestAccAzureDataDisk_basic(t *testing.T) {
 		CheckDestroy: testAccCheckAzureDataDiskDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccAzureDataDisk_basic,
+				Config: testAccAzureDataDisk_basic(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAzureDataDiskExists(
 						"azure_data_disk.foo", &disk),
 					testAccCheckAzureDataDiskAttributes(&disk),
 					resource.TestCheckResourceAttr(
-						"azure_data_disk.foo", "label", "terraform-test-0"),
+						"azure_data_disk.foo", "label", fmt.Sprintf("%s-0", name)),
 					resource.TestCheckResourceAttr(
 						"azure_data_disk.foo", "size", "10"),
 				),
@@ -37,6 +38,7 @@ func TestAccAzureDataDisk_basic(t *testing.T) {
 
 func TestAccAzureDataDisk_update(t *testing.T) {
 	var disk virtualmachinedisk.DataDiskResponse
+	name := fmt.Sprintf("terraform-test%d", genRandInt())
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -44,12 +46,12 @@ func TestAccAzureDataDisk_update(t *testing.T) {
 		CheckDestroy: testAccCheckAzureDataDiskDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccAzureDataDisk_advanced,
+				Config: testAccAzureDataDisk_advanced(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAzureDataDiskExists(
 						"azure_data_disk.foo", &disk),
 					resource.TestCheckResourceAttr(
-						"azure_data_disk.foo", "label", "terraform-test1-1"),
+						"azure_data_disk.foo", "label", fmt.Sprintf("%s-1", name)),
 					resource.TestCheckResourceAttr(
 						"azure_data_disk.foo", "lun", "1"),
 					resource.TestCheckResourceAttr(
@@ -57,17 +59,17 @@ func TestAccAzureDataDisk_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"azure_data_disk.foo", "caching", "ReadOnly"),
 					resource.TestCheckResourceAttr(
-						"azure_data_disk.foo", "virtual_machine", "terraform-test1"),
+						"azure_data_disk.foo", "virtual_machine", name),
 				),
 			},
 
 			resource.TestStep{
-				Config: testAccAzureDataDisk_update,
+				Config: testAccAzureDataDisk_update(name),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAzureDataDiskExists(
 						"azure_data_disk.foo", &disk),
 					resource.TestCheckResourceAttr(
-						"azure_data_disk.foo", "label", "terraform-test1-1"),
+						"azure_data_disk.foo", "label", fmt.Sprintf("%s-1", name)),
 					resource.TestCheckResourceAttr(
 						"azure_data_disk.foo", "lun", "2"),
 					resource.TestCheckResourceAttr(
@@ -168,68 +170,74 @@ func testAccCheckAzureDataDiskDestroy(s *terraform.State) error {
 	return nil
 }
 
-var testAccAzureDataDisk_basic = fmt.Sprintf(`
-resource "azure_instance" "foo" {
-    name = "terraform-test"
-    image = "Ubuntu Server 14.04 LTS"
-    size = "Basic_A1"
-    storage_service_name = "%s"
-    location = "West US"
-    username = "terraform"
-    password = "Pass!admin123"
+func testAccAzureDataDisk_basic(name string) string {
+	return fmt.Sprintf(`
+		resource "azure_instance" "foo" {
+				name = "%s"
+				image = "Ubuntu Server 14.04 LTS"
+				size = "Basic_A1"
+				storage_service_name = "%s"
+				location = "West US"
+				username = "terraform"
+				password = "Pass!admin123"
+		}
+
+		resource "azure_data_disk" "foo" {
+				lun = 0
+				size = 10
+				storage_service_name = "${azure_instance.foo.storage_service_name}"
+				virtual_machine = "${azure_instance.foo.id}"
+		}`, name, testAccStorageServiceName)
 }
 
-resource "azure_data_disk" "foo" {
-    lun = 0
-    size = 10
-    storage_service_name = "${azure_instance.foo.storage_service_name}"
-    virtual_machine = "${azure_instance.foo.id}"
-}`, testAccStorageServiceName)
+func testAccAzureDataDisk_advanced(name string) string {
+	return fmt.Sprintf(`
+		resource "azure_instance" "foo" {
+				name = "%s"
+				image = "Ubuntu Server 14.04 LTS"
+				size = "Basic_A1"
+				storage_service_name = "%s"
+				location = "West US"
+				username = "terraform"
+				password = "Pass!admin123"
+		}
 
-var testAccAzureDataDisk_advanced = fmt.Sprintf(`
-resource "azure_instance" "foo" {
-    name = "terraform-test1"
-    image = "Ubuntu Server 14.04 LTS"
-    size = "Basic_A1"
-    storage_service_name = "%s"
-    location = "West US"
-    username = "terraform"
-    password = "Pass!admin123"
+		resource "azure_data_disk" "foo" {
+				lun = 1
+				size = 10
+				caching = "ReadOnly"
+				storage_service_name = "${azure_instance.foo.storage_service_name}"
+				virtual_machine = "${azure_instance.foo.id}"
+		}`, name, testAccStorageServiceName)
 }
 
-resource "azure_data_disk" "foo" {
-    lun = 1
-    size = 10
-    caching = "ReadOnly"
-    storage_service_name = "${azure_instance.foo.storage_service_name}"
-    virtual_machine = "${azure_instance.foo.id}"
-}`, testAccStorageServiceName)
+func testAccAzureDataDisk_update(name string) string {
+	return fmt.Sprintf(`
+		resource "azure_instance" "foo" {
+				name = "%s"
+				image = "Ubuntu Server 14.04 LTS"
+				size = "Basic_A1"
+				storage_service_name = "%s"
+				location = "West US"
+				username = "terraform"
+				password = "Pass!admin123"
+		}
 
-var testAccAzureDataDisk_update = fmt.Sprintf(`
-resource "azure_instance" "foo" {
-    name = "terraform-test1"
-    image = "Ubuntu Server 14.04 LTS"
-    size = "Basic_A1"
-    storage_service_name = "%s"
-    location = "West US"
-    username = "terraform"
-    password = "Pass!admin123"
+		resource "azure_instance" "bar" {
+				name = "terraform-test2"
+				image = "Ubuntu Server 14.04 LTS"
+				size = "Basic_A1"
+				storage_service_name = "${azure_instance.foo.storage_service_name}"
+				location = "West US"
+				username = "terraform"
+				password = "Pass!admin123"
+		}
+
+		resource "azure_data_disk" "foo" {
+				lun = 2
+				size = 20
+				caching = "ReadWrite"
+				storage_service_name = "${azure_instance.bar.storage_service_name}"
+				virtual_machine = "${azure_instance.bar.id}"
+		}`, name, testAccStorageServiceName)
 }
-
-resource "azure_instance" "bar" {
-    name = "terraform-test2"
-    image = "Ubuntu Server 14.04 LTS"
-    size = "Basic_A1"
-    storage_service_name = "${azure_instance.foo.storage_service_name}"
-    location = "West US"
-    username = "terraform"
-    password = "Pass!admin123"
-}
-
-resource "azure_data_disk" "foo" {
-    lun = 2
-    size = 20
-    caching = "ReadWrite"
-    storage_service_name = "${azure_instance.bar.storage_service_name}"
-    virtual_machine = "${azure_instance.bar.id}"
-}`, testAccStorageServiceName)
diff --git a/builtin/providers/azure/resource_azure_instance_test.go b/builtin/providers/azure/resource_azure_instance_test.go
index 79e7121540..7e63486c3f 100644
--- a/builtin/providers/azure/resource_azure_instance_test.go
+++ b/builtin/providers/azure/resource_azure_instance_test.go
@@ -446,7 +446,7 @@ resource "azure_security_group_rule" "foo" {
 
 resource "azure_instance" "foo" {
     name = "terraform-test1"
-    image = "Windows Server 2012 R2 Datacenter, April 2015"
+    image = "Windows Server 2012 R2 Datacenter, September 2015"
     size = "Basic_A1"
     storage_service_name = "%s"
     location = "West US"
@@ -520,7 +520,7 @@ resource "azure_security_group_rule" "bar" {
 
 resource "azure_instance" "foo" {
     name = "terraform-test1"
-    image = "Windows Server 2012 R2 Datacenter, April 2015"
+    image = "Windows Server 2012 R2 Datacenter, September 2015"
     size = "Basic_A2"
     storage_service_name = "%s"
     location = "West US"

From 05d6c5b509e814a12903ca770d6ee24b790c812f Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Mon, 12 Oct 2015 11:42:27 -0500
Subject: [PATCH 259/335] vsphere docs; first draft

I'm not familiar with vSphere so I had to skip over details in some
places, but this at least gets the basic structure in for the docs.
---
 website/source/assets/stylesheets/_docs.scss  |  1 +
 .../providers/vsphere/index.html.markdown     | 56 +++++++++++++++
 .../vsphere/r/virtual_machine.html.markdown   | 69 +++++++++++++++++++
 website/source/layouts/docs.erb               |  4 ++
 website/source/layouts/vsphere.erb            | 26 +++++++
 5 files changed, 156 insertions(+)
 create mode 100644 website/source/docs/providers/vsphere/index.html.markdown
 create mode 100644 website/source/docs/providers/vsphere/r/virtual_machine.html.markdown
 create mode 100644 website/source/layouts/vsphere.erb

diff --git a/website/source/assets/stylesheets/_docs.scss b/website/source/assets/stylesheets/_docs.scss
index 6849f91069..0defd251a5 100755
--- a/website/source/assets/stylesheets/_docs.scss
+++ b/website/source/assets/stylesheets/_docs.scss
@@ -23,6 +23,7 @@ body.layout-openstack,
 body.layout-packet,
 body.layout-rundeck,
 body.layout-template,
+body.layout-vsphere,
 body.layout-docs,
 body.layout-downloads,
 body.layout-inner,
diff --git a/website/source/docs/providers/vsphere/index.html.markdown b/website/source/docs/providers/vsphere/index.html.markdown
new file mode 100644
index 0000000000..3930519a1f
--- /dev/null
+++ b/website/source/docs/providers/vsphere/index.html.markdown
@@ -0,0 +1,56 @@
+---
+layout: "vsphere"
+page_title: "Provider: vSphere"
+sidebar_current: "docs-vsphere-index"
+description: |-
+  The vSphere provider is used to interact with the resources supported by
+  vSphere. The provider needs to be configured with the proper credentials before
+  it can be used.
+---
+
+# vSphere Provider
+
+The vSphere provider is used to interact with the resources supported by vSphere.
+The provider needs to be configured with the proper credentials before it can be used.
+
+Use the navigation to the left to read about the available resources.
+
+## Example Usage
+
+```
+# Configure the vSphere Provider
+provider "vsphere" {
+  user           = "${var.vsphere_user}"
+  password       = "${var.vsphere_password}"
+  vcenter_server = "${var.vsphere_vcenter_server}"
+}
+
+# Create a virtual machine
+resource "vsphere_virtual_machine" "web" {
+  name   = "terraform_web"
+  vcpu   = 2
+  memory = 4096
+
+  network_interface {
+    label = "VM Network"
+  }
+
+  disk {
+    size = 1
+    iops = 500
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are used to configure the vSphere Provider:
+
+* `user` - (Required) This is the username for vSphere API operations. Can also
+  be specified with the `VSPHERE_USER` environment variable.
+* `password` - (Required) This is the password for vSphere API operations. Can
+  also be specified with the `VSPHERE_PASSWORD` environment variable.
+* `vcenter_server` - (Required) This is the vCenter server name for vSphere API
+  operations. Can also be specified with the `VSPHERE_VCENTER` environment
+  variable.
+
diff --git a/website/source/docs/providers/vsphere/r/virtual_machine.html.markdown b/website/source/docs/providers/vsphere/r/virtual_machine.html.markdown
new file mode 100644
index 0000000000..6ce012d65c
--- /dev/null
+++ b/website/source/docs/providers/vsphere/r/virtual_machine.html.markdown
@@ -0,0 +1,69 @@
+---
+layout: "vsphere"
+page_title: "vSphere: vsphere_virtual_machine"
+sidebar_current: "docs-vsphere-resource-virtual-machine"
+description: |-
+  Provides a vSphere virtual machine resource. This can be used to create, modify, and delete virtual machines.
+---
+
+# vsphere\_virtual\_machine
+
+Provides a vSphere virtual machine resource. This can be used to create,
+modify, and delete virtual machines.
+
+## Example Usage
+
+```
+resource "vsphere_virtual_machine" "web" {
+  name   = "terraform_web"
+  vcpu   = 2
+  memory = 4096
+
+  network_interface {
+    label = "VM Network"
+  }
+
+  disk {
+    size = 1
+    iops = 500
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The virtual machine name
+* `vcpu` - (Required) The number of virtual CPUs to allocate to the virtual machine
+* `memory` - (Required) The amount of RAM (in MB) to allocate to the virtual machine
+* `datacenter` - (Optional) The name of a Datacenter in which to launch the virtual machine
+* `cluster` - (Optional) Name of a Cluster in which to launch the virtual machine
+* `resource_pool` (Optional) The name of a Resource Pool in which to launch the virtual machine
+* `gateway` - (Optional) Gateway IP address to use for all network interfaces
+* `domain` - (Optional) A FQDN for the virtual machine; defaults to "vsphere.local"
+* `time_zone` - (Optional) The [time zone](https://www.vmware.com/support/developer/vc-sdk/visdk41pubs/ApiReference/timezone.html) to set on the virtual machine. Defaults to "Etc/UTC"
+* `dns_suffixes` - (Optional) List of name resolution suffixes for the virtual network adapter
+* `dns_servers` - (Optional) List of DNS servers for the virtual network adapter; defaults to 8.8.8.8, 8.8.4.4
+* `network_interface` - (Required) Configures virtual network interfaces; see [Network Interfaces](#network-interfaces) below for details.
+* `disk` - (Required) Configures virtual disks; see [Disks](#disks) below for details
+* `boot_delay` - (Optional) Time in seconds to wait for machine network to be ready.
+
+<a id="network-interfaces"></a>
+## Network Interfaces
+
+Network interfaces support the following attributes:
+
+* `label` - (Required) Label to assign to this network interface
+* `ip_address` - (Optional) Static IP to assign to this network interface. Interface will use DHCP if this is left blank.
+* `subnet_mask` - (Optional) Subnet mask to use when statically assigning an IP.
+
+<a id="disks"></a>
+## Disks
+
+Disks support the following attributes:
+
+* `template` - (Required if size not provided) Template for this disk.
+* `datastore` - (Optional) Datastore for this disk
+* `size` - (Required if template not provided) Size of this disk (in GB).
+* `iops` - (Optional) Number of virtual iops to allocate for this disk.
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index af96b52c1e..937c120de4 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -188,6 +188,10 @@
 					<li<%= sidebar_current("docs-providers-template") %>>
 					<a href="/docs/providers/template/index.html">Template</a>
 					</li>
+
+					<li<%= sidebar_current("docs-providers-vsphere") %>>
+					<a href="/docs/providers/vsphere/index.html">vSphere</a>
+					</li>
 				</ul>
 				</li>
 
diff --git a/website/source/layouts/vsphere.erb b/website/source/layouts/vsphere.erb
new file mode 100644
index 0000000000..49e58c0578
--- /dev/null
+++ b/website/source/layouts/vsphere.erb
@@ -0,0 +1,26 @@
+<% wrap_layout :inner do %>
+  <% content_for :sidebar do %>
+    <div class="docs-sidebar hidden-print affix-top" role="complementary">
+      <ul class="nav docs-sidenav">
+        <li<%= sidebar_current("docs-home") %>>
+          <a href="/docs/providers/index.html">&laquo; Documentation Home</a>
+        </li>
+
+        <li<%= sidebar_current("docs-vsphere-index") %>>
+          <a href="/docs/providers/vsphere/index.html">vSphere Provider</a>
+        </li>
+
+        <li<%= sidebar_current(/^docs-vsphere-resource/) %>>
+          <a href="#">Resources</a>
+          <ul class="nav nav-visible">
+            <li<%= sidebar_current("docs-vsphere-resource-virtual-machine") %>>
+              <a href="/docs/providers/vsphere/r/virtual_machine.html">vsphere_virtual_machine</a>
+            </li>
+          </ul>
+        </li>
+      </ul>
+    </div>
+  <% end %>
+
+  <%= yield %>
+<% end %>

From 9d41e6f3d1a3c926850cc984236b3f53d2499127 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Thu, 15 Oct 2015 09:35:06 -0500
Subject: [PATCH 260/335] vsphere docs: add warning about possible changes

Since we merged this so that the community could collaborate on
improvements, I thought it would be prudent to inform potential users of
the status of the provider so they know what to expect.
---
 website/source/docs/providers/vsphere/index.html.markdown | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/source/docs/providers/vsphere/index.html.markdown b/website/source/docs/providers/vsphere/index.html.markdown
index 3930519a1f..17448b024f 100644
--- a/website/source/docs/providers/vsphere/index.html.markdown
+++ b/website/source/docs/providers/vsphere/index.html.markdown
@@ -15,6 +15,9 @@ The provider needs to be configured with the proper credentials before it can be
 
 Use the navigation to the left to read about the available resources.
 
+~> **NOTE:** The vSphere Provider currently represents _initial support_ and
+therefore may undergo significant changes as the community improves it.
+
 ## Example Usage
 
 ```

From d918d775f392ecd6b4ae8fb8323cc650d78051f2 Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Thu, 15 Oct 2015 10:04:55 -0500
Subject: [PATCH 261/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9a7d913180..1e30d90e7f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -78,6 +78,7 @@ BUG FIXES:
   * provider/aws: Migrate KeyPair to version 1, fixing issue with using `file()` [GH-3470]
   * provider/aws: Fix force_delete on autoscaling groups [GH-3485]
   * provider/aws: Fix crash with VPC Peering connections [GH-3490]
+  * provider/aws: fix bug with reading GSIs from dynamodb [GH-3300]
   * provider/docker: Fix issue preventing private images from being referenced [GH-2619]
   * provider/digitalocean: Fix issue causing unnecessary diffs based on droplet slugsize case [GH-3284]
   * provider/openstack: add state 'downloading' to list of expected states in

From 562a793430d804f4b1691bd0e00484360cbc2994 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Thu, 15 Oct 2015 10:21:20 -0500
Subject: [PATCH 262/335] style: ran go fmt

---
 terraform/eval_ignore_changes.go | 5 +++--
 terraform/transform_resource.go  | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/terraform/eval_ignore_changes.go b/terraform/eval_ignore_changes.go
index 1a44089a98..2eb2d9bb18 100644
--- a/terraform/eval_ignore_changes.go
+++ b/terraform/eval_ignore_changes.go
@@ -1,4 +1,5 @@
 package terraform
+
 import (
 	"github.com/hashicorp/terraform/config"
 	"strings"
@@ -9,7 +10,7 @@ import (
 // IgnoreChanges lifecycle.
 type EvalIgnoreChanges struct {
 	Resource *config.Resource
-	Diff **InstanceDiff
+	Diff     **InstanceDiff
 }
 
 func (n *EvalIgnoreChanges) Eval(ctx EvalContext) (interface{}, error) {
@@ -20,7 +21,7 @@ func (n *EvalIgnoreChanges) Eval(ctx EvalContext) (interface{}, error) {
 	diff := *n.Diff
 	ignoreChanges := n.Resource.Lifecycle.IgnoreChanges
 
-	for _, ignoredName := range	ignoreChanges {
+	for _, ignoredName := range ignoreChanges {
 		for name := range diff.Attributes {
 			if strings.HasPrefix(name, ignoredName) {
 				delete(diff.Attributes, name)
diff --git a/terraform/transform_resource.go b/terraform/transform_resource.go
index 81ff158d9c..5091f29c98 100644
--- a/terraform/transform_resource.go
+++ b/terraform/transform_resource.go
@@ -320,7 +320,7 @@ func (n *graphNodeExpandedResource) EvalTree() EvalNode {
 				},
 				&EvalIgnoreChanges{
 					Resource: n.Resource,
-					Diff: &diff,
+					Diff:     &diff,
 				},
 				&EvalWriteState{
 					Name:         n.stateId(),

From 49396ba3e03461d9b2bc486e52c45385adb0f094 Mon Sep 17 00:00:00 2001
From: clint shryock <clint@ctshryock.com>
Date: Thu, 15 Oct 2015 15:51:15 +0000
Subject: [PATCH 263/335] v0.6.4

---
 CHANGELOG.md         |   2 +-
 deps/v0-6-4.json     | 440 +++++++++++++++++++++++++++++++++++++++++++
 terraform/version.go |   2 +-
 3 files changed, 442 insertions(+), 2 deletions(-)
 create mode 100644 deps/v0-6-4.json

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1e30d90e7f..0b2132d9cd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-## 0.6.4 (unreleased)
+## 0.6.4 (October 15, 2015)
 
 FEATURES:
 
diff --git a/deps/v0-6-4.json b/deps/v0-6-4.json
new file mode 100644
index 0000000000..e0d17b58fc
--- /dev/null
+++ b/deps/v0-6-4.json
@@ -0,0 +1,440 @@
+{
+	"ImportPath": "github.com/hashicorp/terraform",
+	"GoVersion": "go1.4.2",
+	"Packages": [
+		"./..."
+	],
+	"Deps": [
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/core/http",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/core/tls",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/management",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/storage",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/apparentlymart/go-rundeck-api/rundeck",
+			"Comment": "v0.0.1",
+			"Rev": "cddcfbabbe903e9c8df35ff9569dbb8d67789200"
+		},
+		{
+			"ImportPath": "github.com/armon/circbuf",
+			"Rev": "bbbad097214e2918d8543d5201d12bfd7bca254d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/aws",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/endpoints",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/ec2query",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/json/jsonutil",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/jsonrpc",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/query",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/rest",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/restjson",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/restxml",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/xml/xmlutil",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/signer/v4",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/autoscaling",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/cloudwatch",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/cloudwatchlogs",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/directoryservice",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/dynamodb",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/ec2",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/ecs",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/efs",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elasticache",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elasticsearchservice",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elb",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/glacier",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/iam",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/kinesis",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/lambda",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/opsworks",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/rds",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/route53",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/s3",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/sns",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/sqs",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/awslabs/aws-sdk-go/aws",
+			"Comment": "v0.9.14-3-g308eaa6",
+			"Rev": "308eaa65c0ddf03c701d511b7d73b3f3620452a1"
+		},
+		{
+			"ImportPath": "github.com/cyberdelia/heroku-go/v3",
+			"Rev": "8344c6a3e281a99a693f5b71186249a8620eeb6b"
+		},
+		{
+			"ImportPath": "github.com/dylanmei/iso8601",
+			"Rev": "2075bf119b58e5576c6ed9f867b8f3d17f2e54d4"
+		},
+		{
+			"ImportPath": "github.com/dylanmei/winrmtest",
+			"Rev": "3e9661c52c45dab9a8528966a23d421922fca9b9"
+		},
+		{
+			"ImportPath": "github.com/fsouza/go-dockerclient",
+			"Rev": "09604abc82243886001c3f56fd709d4ba603cead"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/atlas-go/archive",
+			"Comment": "20141209094003-77-g85a782d",
+			"Rev": "85a782d724b87fcd19db1c4aef9d5337a9bb7a0f"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/atlas-go/v1",
+			"Comment": "20141209094003-77-g85a782d",
+			"Rev": "85a782d724b87fcd19db1c4aef9d5337a9bb7a0f"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/consul/api",
+			"Comment": "v0.5.2-325-g5d9530d",
+			"Rev": "5d9530d7def3be989ba141382f1b9d82583418f4"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/errwrap",
+			"Rev": "7554cd9344cec97297fa6649b055a8c98c2a1e55"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-checkpoint",
+			"Rev": "528ab62f37fa83d4360e8ab2b2c425d6692ef533"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-multierror",
+			"Rev": "d30f09973e19c1dfcd120b2d9c4f168e68d6b5d5"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-version",
+			"Rev": "2b9865f60ce11e527bd1255ba82036d465570aa3"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/hcl",
+			"Rev": "4de51957ef8d4aba6e285ddfc587633bbfc7c0e8"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/logutils",
+			"Rev": "0dc08b1671f34c4250ce212759ebd880f743d883"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/yamux",
+			"Rev": "ddcd0a6ec7c55e29f235e27935bf98d302281bd3"
+		},
+		{
+			"ImportPath": "github.com/imdario/mergo",
+			"Comment": "0.2.0-5-g61a5285",
+			"Rev": "61a52852277811e93e06d28e0d0c396284a7730b"
+		},
+		{
+			"ImportPath": "github.com/masterzen/simplexml/dom",
+			"Rev": "95ba30457eb1121fa27753627c774c7cd4e90083"
+		},
+		{
+			"ImportPath": "github.com/masterzen/winrm/soap",
+			"Rev": "b280be362a0c6af26fbaaa055924fb9c4830b006"
+		},
+		{
+			"ImportPath": "github.com/masterzen/winrm/winrm",
+			"Rev": "b280be362a0c6af26fbaaa055924fb9c4830b006"
+		},
+		{
+			"ImportPath": "github.com/masterzen/xmlpath",
+			"Rev": "13f4951698adc0fa9c1dda3e275d489a24201161"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/cli",
+			"Rev": "8102d0ed5ea2709ade1243798785888175f6e415"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/colorstring",
+			"Rev": "8631ce90f28644f54aeedcb3e389a85174e067d1"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/copystructure",
+			"Rev": "6fc66267e9da7d155a9d3bd489e00dad02666dc6"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/go-homedir",
+			"Rev": "df55a15e5ce646808815381b3db47a8c66ea62f4"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/go-linereader",
+			"Rev": "07bab5fdd9580500aea6ada0e09df4aa28e68abd"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/mapstructure",
+			"Rev": "281073eb9eb092240d33ef253c404f1cca550309"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/osext",
+			"Rev": "0dd3f918b21bec95ace9dc86c7e70266cfc5c702"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/packer/common/uuid",
+			"Comment": "v0.8.6-76-g88386bc",
+			"Rev": "88386bc9db1c850306e5c3737f14bef3a2c4050d"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/panicwrap",
+			"Rev": "1655d88c8ff7495ae9d2c19fd8f445f4657e22b0"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/prefixedio",
+			"Rev": "89d9b535996bf0a185f85b59578f2e245f9e1724"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/reflectwalk",
+			"Rev": "eecf4c70c626c7cfbb95c90195bc34d386c74ac6"
+		},
+		{
+			"ImportPath": "github.com/nu7hatch/gouuid",
+			"Rev": "179d4d0c4d8d407a32af483c2354df1d2c91e6c3"
+		},
+		{
+			"ImportPath": "github.com/packer-community/winrmcp/winrmcp",
+			"Rev": "743b1afe5ee3f6d5ba71a0d50673fa0ba2123d6b"
+		},
+		{
+			"ImportPath": "github.com/packethost/packngo",
+			"Rev": "496f5c8895c06505fae527830a9e554dc65325f4"
+		},
+		{
+			"ImportPath": "github.com/pborman/uuid",
+			"Rev": "cccd189d45f7ac3368a0d127efb7f4d08ae0b655"
+		},
+		{
+			"ImportPath": "github.com/pearkes/cloudflare",
+			"Rev": "19e280b056f3742e535ea12ae92a37ea7767ea82"
+		},
+		{
+			"ImportPath": "github.com/pearkes/digitalocean",
+			"Rev": "e966f00c2d9de5743e87697ab77c7278f5998914"
+		},
+		{
+			"ImportPath": "github.com/pearkes/dnsimple",
+			"Rev": "2a807d118c9e52e94819f414a6ec0293b45cad01"
+		},
+		{
+			"ImportPath": "github.com/pearkes/mailgun",
+			"Rev": "5b02e7e9ffee9869f81393e80db138f6ff726260"
+		},
+		{
+			"ImportPath": "github.com/rackspace/gophercloud",
+			"Comment": "v1.0.0-681-g8d032cb",
+			"Rev": "8d032cb1e835a0018269de3d6b53bb24fc77a8c0"
+		},
+		{
+			"ImportPath": "github.com/satori/go.uuid",
+			"Rev": "08f0718b61e95ddba0ade3346725fe0e4bf28ca6"
+		},
+		{
+			"ImportPath": "github.com/soniah/dnsmadeeasy",
+			"Comment": "v1.1-2-g5578a8c",
+			"Rev": "5578a8c15e33958c61cf7db720b6181af65f4a9e"
+		},
+		{
+			"ImportPath": "github.com/vaughan0/go-ini",
+			"Rev": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"
+		},
+		{
+			"ImportPath": "github.com/vmware/govmomi",
+			"Comment": "v0.2.0-28-g6037863",
+			"Rev": "603786323c18c13dd8b3da3d4f86b1dce4adf126"
+		},
+		{
+			"ImportPath": "github.com/xanzy/go-cloudstack/cloudstack",
+			"Comment": "v1.2.0-48-g0e6e56f",
+			"Rev": "0e6e56fc0db3f48f060273f2e2ffe5d8d41b0112"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/curve25519",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/pkcs12",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/ssh",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/net/context",
+			"Rev": "21c3935a8fc0f954d03e6b8a560c9600ffee38d2"
+		},
+		{
+			"ImportPath": "golang.org/x/oauth2",
+			"Rev": "ef4eca6b097fad7cec79afcc278d213a6de1c960"
+		},
+		{
+			"ImportPath": "google.golang.org/api/compute/v1",
+			"Rev": "e2903ca9e33d6cbaedda541d96996219056e8214"
+		},
+		{
+			"ImportPath": "google.golang.org/api/container/v1",
+			"Rev": "e2903ca9e33d6cbaedda541d96996219056e8214"
+		},
+		{
+			"ImportPath": "google.golang.org/api/dns/v1",
+			"Rev": "e2903ca9e33d6cbaedda541d96996219056e8214"
+		},
+		{
+			"ImportPath": "google.golang.org/api/googleapi",
+			"Rev": "e2903ca9e33d6cbaedda541d96996219056e8214"
+		},
+		{
+			"ImportPath": "google.golang.org/api/internal",
+			"Rev": "e2903ca9e33d6cbaedda541d96996219056e8214"
+		},
+		{
+			"ImportPath": "google.golang.org/api/storage/v1",
+			"Rev": "e2903ca9e33d6cbaedda541d96996219056e8214"
+		},
+		{
+			"ImportPath": "google.golang.org/cloud/compute/metadata",
+			"Rev": "4bea1598a0936d6d116506b59a8e1aa962b585c3"
+		},
+		{
+			"ImportPath": "google.golang.org/cloud/internal",
+			"Rev": "4bea1598a0936d6d116506b59a8e1aa962b585c3"
+		}
+	]
+}
diff --git a/terraform/version.go b/terraform/version.go
index 741766330b..a07a344c14 100644
--- a/terraform/version.go
+++ b/terraform/version.go
@@ -6,4 +6,4 @@ const Version = "0.6.4"
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = "dev"
+const VersionPrerelease = ""

From 1bfd4b0f7175688d00e344f0ddb6ea6295d11468 Mon Sep 17 00:00:00 2001
From: clint shryock <clint@ctshryock.com>
Date: Thu, 15 Oct 2015 17:50:20 +0000
Subject: [PATCH 264/335] Reset CHANGELOG/version for 0.6.5 release

---
 CHANGELOG.md         | 2 ++
 terraform/version.go | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0b2132d9cd..81316bf545 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.6.5 (Unreleased)
+
 ## 0.6.4 (October 15, 2015)
 
 FEATURES:
diff --git a/terraform/version.go b/terraform/version.go
index a07a344c14..badbcd92ee 100644
--- a/terraform/version.go
+++ b/terraform/version.go
@@ -1,9 +1,9 @@
 package terraform
 
 // The main version number that is being run at the moment.
-const Version = "0.6.4"
+const Version = "0.6.5"
 
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = ""
+const VersionPrerelease = "dev"

From 26bc27594b1136f45be0844ba9a8bd071f2d9c14 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Thu, 15 Oct 2015 20:57:42 +0200
Subject: [PATCH 265/335] docs: Fix EFS documentation

---
 .../docs/providers/aws/r/efs_mount_target.html.markdown     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/source/docs/providers/aws/r/efs_mount_target.html.markdown b/website/source/docs/providers/aws/r/efs_mount_target.html.markdown
index 59bd3bee22..c29b1b742c 100644
--- a/website/source/docs/providers/aws/r/efs_mount_target.html.markdown
+++ b/website/source/docs/providers/aws/r/efs_mount_target.html.markdown
@@ -6,10 +6,10 @@ description: |-
   Provides an EFS mount target.
 ---
 
-# aws\_efs\_file\_system
+# aws\_efs\_mount\_target
 
-Provides an EFS file system. Per [documentation](http://docs.aws.amazon.com/efs/latest/ug/limits.html)
-the limit is 1 mount target per AZ.
+Provides an EFS mount target. Per [documentation](http://docs.aws.amazon.com/efs/latest/ug/limits.html)
+the limit is 1 mount target per AZ for a single EFS file system.
 
 ## Example Usage
 

From 4017a611c34edf49554a8622bf65ac5122a5b679 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Thu, 15 Oct 2015 20:59:58 +0200
Subject: [PATCH 266/335] docs: Glacier Vault - add title + make note more
 brief

---
 .../source/docs/providers/aws/r/glacier_vault.html.markdown   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/providers/aws/r/glacier_vault.html.markdown b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
index 6805338c79..d783c02263 100644
--- a/website/source/docs/providers/aws/r/glacier_vault.html.markdown
+++ b/website/source/docs/providers/aws/r/glacier_vault.html.markdown
@@ -10,7 +10,7 @@ description: |-
 
 Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](http://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality
 
-~> **NOTE:** When trying to remove a Glacier Vault, the Vault must be empty.
+~> **NOTE:** When removing a Glacier Vault, the Vault must be empty.
 
 ## Example Usage
 
@@ -66,6 +66,8 @@ The following arguments are supported:
 * `events` - (Required) You can configure a vault to publish a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events.
 * `sns_topic` - (Required) The SNS Topic ARN.
 
+## Attributes Reference
+
 The following attributes are exported:
 
 * `location` - The URI of the vault that was created.

From 06f4ac8166595b47638c2ae39e68a6b0e6f549bf Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Thu, 15 Oct 2015 13:36:58 -0700
Subject: [PATCH 267/335] config/module: use go-getter

---
 .gitignore                             |   1 +
 config/module/copy_dir.go              |  76 ---------
 config/module/detect.go                |  92 -----------
 config/module/detect_bitbucket.go      |  66 --------
 config/module/detect_bitbucket_test.go |  67 --------
 config/module/detect_file.go           |  60 -------
 config/module/detect_file_test.go      |  88 ----------
 config/module/detect_github.go         |  73 ---------
 config/module/detect_github_test.go    |  55 -------
 config/module/detect_test.go           |  51 ------
 config/module/folder_storage.go        |  65 --------
 config/module/folder_storage_test.go   |  48 ------
 config/module/get.go                   | 217 +++----------------------
 config/module/get_file.go              |  46 ------
 config/module/get_file_test.go         | 104 ------------
 config/module/get_git.go               |  74 ---------
 config/module/get_git_test.go          | 143 ----------------
 config/module/get_hg.go                |  89 ----------
 config/module/get_hg_test.go           |  81 ---------
 config/module/get_http.go              | 173 --------------------
 config/module/get_http_test.go         | 155 ------------------
 config/module/get_test.go              | 128 ---------------
 config/module/module_test.go           |  25 +--
 config/module/storage.go               |  25 ---
 config/module/tree.go                  |  28 +---
 25 files changed, 32 insertions(+), 1998 deletions(-)
 delete mode 100644 config/module/copy_dir.go
 delete mode 100644 config/module/detect.go
 delete mode 100644 config/module/detect_bitbucket.go
 delete mode 100644 config/module/detect_bitbucket_test.go
 delete mode 100644 config/module/detect_file.go
 delete mode 100644 config/module/detect_file_test.go
 delete mode 100644 config/module/detect_github.go
 delete mode 100644 config/module/detect_github_test.go
 delete mode 100644 config/module/detect_test.go
 delete mode 100644 config/module/folder_storage.go
 delete mode 100644 config/module/folder_storage_test.go
 delete mode 100644 config/module/get_file.go
 delete mode 100644 config/module/get_file_test.go
 delete mode 100644 config/module/get_git.go
 delete mode 100644 config/module/get_git_test.go
 delete mode 100644 config/module/get_hg.go
 delete mode 100644 config/module/get_hg_test.go
 delete mode 100644 config/module/get_http.go
 delete mode 100644 config/module/get_http_test.go
 delete mode 100644 config/module/get_test.go
 delete mode 100644 config/module/storage.go

diff --git a/.gitignore b/.gitignore
index 66ea31701f..5a230d5ca2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 *.dll
 *.exe
+.DS_Store
 example.tf
 terraform.tfplan
 terraform.tfstate
diff --git a/config/module/copy_dir.go b/config/module/copy_dir.go
deleted file mode 100644
index f2ae63b77b..0000000000
--- a/config/module/copy_dir.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package module
-
-import (
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-// copyDir copies the src directory contents into dst. Both directories
-// should already exist.
-func copyDir(dst, src string) error {
-	src, err := filepath.EvalSymlinks(src)
-	if err != nil {
-		return err
-	}
-
-	walkFn := func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if path == src {
-			return nil
-		}
-
-		if strings.HasPrefix(filepath.Base(path), ".") {
-			// Skip any dot files
-			if info.IsDir() {
-				return filepath.SkipDir
-			} else {
-				return nil
-			}
-		}
-
-		// The "path" has the src prefixed to it. We need to join our
-		// destination with the path without the src on it.
-		dstPath := filepath.Join(dst, path[len(src):])
-
-		// If we have a directory, make that subdirectory, then continue
-		// the walk.
-		if info.IsDir() {
-			if path == filepath.Join(src, dst) {
-				// dst is in src; don't walk it.
-				return nil
-			}
-
-			if err := os.MkdirAll(dstPath, 0755); err != nil {
-				return err
-			}
-
-			return nil
-		}
-
-		// If we have a file, copy the contents.
-		srcF, err := os.Open(path)
-		if err != nil {
-			return err
-		}
-		defer srcF.Close()
-
-		dstF, err := os.Create(dstPath)
-		if err != nil {
-			return err
-		}
-		defer dstF.Close()
-
-		if _, err := io.Copy(dstF, srcF); err != nil {
-			return err
-		}
-
-		// Chmod it
-		return os.Chmod(dstPath, info.Mode())
-	}
-
-	return filepath.Walk(src, walkFn)
-}
diff --git a/config/module/detect.go b/config/module/detect.go
deleted file mode 100644
index 51e07f725b..0000000000
--- a/config/module/detect.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"path/filepath"
-
-	"github.com/hashicorp/terraform/helper/url"
-)
-
-// Detector defines the interface that an invalid URL or a URL with a blank
-// scheme is passed through in order to determine if its shorthand for
-// something else well-known.
-type Detector interface {
-	// Detect will detect whether the string matches a known pattern to
-	// turn it into a proper URL.
-	Detect(string, string) (string, bool, error)
-}
-
-// Detectors is the list of detectors that are tried on an invalid URL.
-// This is also the order they're tried (index 0 is first).
-var Detectors []Detector
-
-func init() {
-	Detectors = []Detector{
-		new(GitHubDetector),
-		new(BitBucketDetector),
-		new(FileDetector),
-	}
-}
-
-// Detect turns a source string into another source string if it is
-// detected to be of a known pattern.
-//
-// This is safe to be called with an already valid source string: Detect
-// will just return it.
-func Detect(src string, pwd string) (string, error) {
-	getForce, getSrc := getForcedGetter(src)
-
-	// Separate out the subdir if there is one, we don't pass that to detect
-	getSrc, subDir := getDirSubdir(getSrc)
-
-	u, err := url.Parse(getSrc)
-	if err == nil && u.Scheme != "" {
-		// Valid URL
-		return src, nil
-	}
-
-	for _, d := range Detectors {
-		result, ok, err := d.Detect(getSrc, pwd)
-		if err != nil {
-			return "", err
-		}
-		if !ok {
-			continue
-		}
-
-		var detectForce string
-		detectForce, result = getForcedGetter(result)
-		result, detectSubdir := getDirSubdir(result)
-
-		// If we have a subdir from the detection, then prepend it to our
-		// requested subdir.
-		if detectSubdir != "" {
-			if subDir != "" {
-				subDir = filepath.Join(detectSubdir, subDir)
-			} else {
-				subDir = detectSubdir
-			}
-		}
-		if subDir != "" {
-			u, err := url.Parse(result)
-			if err != nil {
-				return "", fmt.Errorf("Error parsing URL: %s", err)
-			}
-			u.Path += "//" + subDir
-			result = u.String()
-		}
-
-		// Preserve the forced getter if it exists. We try to use the
-		// original set force first, followed by any force set by the
-		// detector.
-		if getForce != "" {
-			result = fmt.Sprintf("%s::%s", getForce, result)
-		} else if detectForce != "" {
-			result = fmt.Sprintf("%s::%s", detectForce, result)
-		}
-
-		return result, nil
-	}
-
-	return "", fmt.Errorf("invalid source string: %s", src)
-}
diff --git a/config/module/detect_bitbucket.go b/config/module/detect_bitbucket.go
deleted file mode 100644
index 657637c099..0000000000
--- a/config/module/detect_bitbucket.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package module
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-// BitBucketDetector implements Detector to detect BitBucket URLs and turn
-// them into URLs that the Git or Hg Getter can understand.
-type BitBucketDetector struct{}
-
-func (d *BitBucketDetector) Detect(src, _ string) (string, bool, error) {
-	if len(src) == 0 {
-		return "", false, nil
-	}
-
-	if strings.HasPrefix(src, "bitbucket.org/") {
-		return d.detectHTTP(src)
-	}
-
-	return "", false, nil
-}
-
-func (d *BitBucketDetector) detectHTTP(src string) (string, bool, error) {
-	u, err := url.Parse("https://" + src)
-	if err != nil {
-		return "", true, fmt.Errorf("error parsing BitBucket URL: %s", err)
-	}
-
-	// We need to get info on this BitBucket repository to determine whether
-	// it is Git or Hg.
-	var info struct {
-		SCM string `json:"scm"`
-	}
-	infoUrl := "https://api.bitbucket.org/1.0/repositories" + u.Path
-	resp, err := http.Get(infoUrl)
-	if err != nil {
-		return "", true, fmt.Errorf("error looking up BitBucket URL: %s", err)
-	}
-	if resp.StatusCode == 403 {
-		// A private repo
-		return "", true, fmt.Errorf(
-			"shorthand BitBucket URL can't be used for private repos, " +
-				"please use a full URL")
-	}
-	dec := json.NewDecoder(resp.Body)
-	if err := dec.Decode(&info); err != nil {
-		return "", true, fmt.Errorf("error looking up BitBucket URL: %s", err)
-	}
-
-	switch info.SCM {
-	case "git":
-		if !strings.HasSuffix(u.Path, ".git") {
-			u.Path += ".git"
-		}
-
-		return "git::" + u.String(), true, nil
-	case "hg":
-		return "hg::" + u.String(), true, nil
-	default:
-		return "", true, fmt.Errorf("unknown BitBucket SCM type: %s", info.SCM)
-	}
-}
diff --git a/config/module/detect_bitbucket_test.go b/config/module/detect_bitbucket_test.go
deleted file mode 100644
index b05fd5999c..0000000000
--- a/config/module/detect_bitbucket_test.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package module
-
-import (
-	"net/http"
-	"strings"
-	"testing"
-)
-
-const testBBUrl = "https://bitbucket.org/hashicorp/tf-test-git"
-
-func TestBitBucketDetector(t *testing.T) {
-	t.Parallel()
-
-	if _, err := http.Get(testBBUrl); err != nil {
-		t.Log("internet may not be working, skipping BB tests")
-		t.Skip()
-	}
-
-	cases := []struct {
-		Input  string
-		Output string
-	}{
-		// HTTP
-		{
-			"bitbucket.org/hashicorp/tf-test-git",
-			"git::https://bitbucket.org/hashicorp/tf-test-git.git",
-		},
-		{
-			"bitbucket.org/hashicorp/tf-test-git.git",
-			"git::https://bitbucket.org/hashicorp/tf-test-git.git",
-		},
-		{
-			"bitbucket.org/hashicorp/tf-test-hg",
-			"hg::https://bitbucket.org/hashicorp/tf-test-hg",
-		},
-	}
-
-	pwd := "/pwd"
-	f := new(BitBucketDetector)
-	for i, tc := range cases {
-		var err error
-		for i := 0; i < 3; i++ {
-			var output string
-			var ok bool
-			output, ok, err = f.Detect(tc.Input, pwd)
-			if err != nil {
-				if strings.Contains(err.Error(), "invalid character") {
-					continue
-				}
-
-				t.Fatalf("err: %s", err)
-			}
-			if !ok {
-				t.Fatal("not ok")
-			}
-
-			if output != tc.Output {
-				t.Fatalf("%d: bad: %#v", i, output)
-			}
-
-			break
-		}
-		if i >= 3 {
-			t.Fatalf("failure from bitbucket: %s", err)
-		}
-	}
-}
diff --git a/config/module/detect_file.go b/config/module/detect_file.go
deleted file mode 100644
index 859739f954..0000000000
--- a/config/module/detect_file.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"runtime"
-)
-
-// FileDetector implements Detector to detect file paths.
-type FileDetector struct{}
-
-func (d *FileDetector) Detect(src, pwd string) (string, bool, error) {
-	if len(src) == 0 {
-		return "", false, nil
-	}
-
-	if !filepath.IsAbs(src) {
-		if pwd == "" {
-			return "", true, fmt.Errorf(
-				"relative paths require a module with a pwd")
-		}
-
-		// Stat the pwd to determine if its a symbolic link. If it is,
-		// then the pwd becomes the original directory. Otherwise,
-		// `filepath.Join` below does some weird stuff.
-		//
-		// We just ignore if the pwd doesn't exist. That error will be
-		// caught later when we try to use the URL.
-		if fi, err := os.Lstat(pwd); !os.IsNotExist(err) {
-			if err != nil {
-				return "", true, err
-			}
-			if fi.Mode()&os.ModeSymlink != 0 {
-				pwd, err = os.Readlink(pwd)
-				if err != nil {
-					return "", true, err
-				}
-			}
-		}
-
-		src = filepath.Join(pwd, src)
-	}
-
-	return fmtFileURL(src), true, nil
-}
-
-func fmtFileURL(path string) string {
-	if runtime.GOOS == "windows" {
-		// Make sure we're using "/" on Windows. URLs are "/"-based.
-		path = filepath.ToSlash(path)
-		return fmt.Sprintf("file://%s", path)
-	}
-
-	// Make sure that we don't start with "/" since we add that below.
-	if path[0] == '/' {
-		path = path[1:]
-	}
-	return fmt.Sprintf("file:///%s", path)
-}
diff --git a/config/module/detect_file_test.go b/config/module/detect_file_test.go
deleted file mode 100644
index 3e9db8bba2..0000000000
--- a/config/module/detect_file_test.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package module
-
-import (
-	"runtime"
-	"testing"
-)
-
-type fileTest struct {
-	in, pwd, out string
-	err          bool
-}
-
-var fileTests = []fileTest{
-	{"./foo", "/pwd", "file:///pwd/foo", false},
-	{"./foo?foo=bar", "/pwd", "file:///pwd/foo?foo=bar", false},
-	{"foo", "/pwd", "file:///pwd/foo", false},
-}
-
-var unixFileTests = []fileTest{
-	{"/foo", "/pwd", "file:///foo", false},
-	{"/foo?bar=baz", "/pwd", "file:///foo?bar=baz", false},
-}
-
-var winFileTests = []fileTest{
-	{"/foo", "/pwd", "file:///pwd/foo", false},
-	{`C:\`, `/pwd`, `file://C:/`, false},
-	{`C:\?bar=baz`, `/pwd`, `file://C:/?bar=baz`, false},
-}
-
-func TestFileDetector(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		fileTests = append(fileTests, winFileTests...)
-	} else {
-		fileTests = append(fileTests, unixFileTests...)
-	}
-
-	f := new(FileDetector)
-	for i, tc := range fileTests {
-		out, ok, err := f.Detect(tc.in, tc.pwd)
-		if err != nil {
-			t.Fatalf("err: %s", err)
-		}
-		if !ok {
-			t.Fatal("not ok")
-		}
-
-		if out != tc.out {
-			t.Fatalf("%d: bad: %#v", i, out)
-		}
-	}
-}
-
-var noPwdFileTests = []fileTest{
-	{in: "./foo", pwd: "", out: "", err: true},
-	{in: "foo", pwd: "", out: "", err: true},
-}
-
-var noPwdUnixFileTests = []fileTest{
-	{in: "/foo", pwd: "", out: "file:///foo", err: false},
-}
-
-var noPwdWinFileTests = []fileTest{
-	{in: "/foo", pwd: "", out: "", err: true},
-	{in: `C:\`, pwd: ``, out: `file://C:/`, err: false},
-}
-
-func TestFileDetector_noPwd(t *testing.T) {
-	if runtime.GOOS == "windows" {
-		noPwdFileTests = append(noPwdFileTests, noPwdWinFileTests...)
-	} else {
-		noPwdFileTests = append(noPwdFileTests, noPwdUnixFileTests...)
-	}
-
-	f := new(FileDetector)
-	for i, tc := range noPwdFileTests {
-		out, ok, err := f.Detect(tc.in, tc.pwd)
-		if err != nil != tc.err {
-			t.Fatalf("%d: err: %s", i, err)
-		}
-		if !ok {
-			t.Fatal("not ok")
-		}
-
-		if out != tc.out {
-			t.Fatalf("%d: bad: %#v", i, out)
-		}
-	}
-}
diff --git a/config/module/detect_github.go b/config/module/detect_github.go
deleted file mode 100644
index c4a4e89f0b..0000000000
--- a/config/module/detect_github.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"net/url"
-	"strings"
-)
-
-// GitHubDetector implements Detector to detect GitHub URLs and turn
-// them into URLs that the Git Getter can understand.
-type GitHubDetector struct{}
-
-func (d *GitHubDetector) Detect(src, _ string) (string, bool, error) {
-	if len(src) == 0 {
-		return "", false, nil
-	}
-
-	if strings.HasPrefix(src, "github.com/") {
-		return d.detectHTTP(src)
-	} else if strings.HasPrefix(src, "git@github.com:") {
-		return d.detectSSH(src)
-	}
-
-	return "", false, nil
-}
-
-func (d *GitHubDetector) detectHTTP(src string) (string, bool, error) {
-	parts := strings.Split(src, "/")
-	if len(parts) < 3 {
-		return "", false, fmt.Errorf(
-			"GitHub URLs should be github.com/username/repo")
-	}
-
-	urlStr := fmt.Sprintf("https://%s", strings.Join(parts[:3], "/"))
-	url, err := url.Parse(urlStr)
-	if err != nil {
-		return "", true, fmt.Errorf("error parsing GitHub URL: %s", err)
-	}
-
-	if !strings.HasSuffix(url.Path, ".git") {
-		url.Path += ".git"
-	}
-
-	if len(parts) > 3 {
-		url.Path += "//" + strings.Join(parts[3:], "/")
-	}
-
-	return "git::" + url.String(), true, nil
-}
-
-func (d *GitHubDetector) detectSSH(src string) (string, bool, error) {
-	idx := strings.Index(src, ":")
-	qidx := strings.Index(src, "?")
-	if qidx == -1 {
-		qidx = len(src)
-	}
-
-	var u url.URL
-	u.Scheme = "ssh"
-	u.User = url.User("git")
-	u.Host = "github.com"
-	u.Path = src[idx+1 : qidx]
-	if qidx < len(src) {
-		q, err := url.ParseQuery(src[qidx+1:])
-		if err != nil {
-			return "", true, fmt.Errorf("error parsing GitHub SSH URL: %s", err)
-		}
-
-		u.RawQuery = q.Encode()
-	}
-
-	return "git::" + u.String(), true, nil
-}
diff --git a/config/module/detect_github_test.go b/config/module/detect_github_test.go
deleted file mode 100644
index 822e1806d3..0000000000
--- a/config/module/detect_github_test.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package module
-
-import (
-	"testing"
-)
-
-func TestGitHubDetector(t *testing.T) {
-	cases := []struct {
-		Input  string
-		Output string
-	}{
-		// HTTP
-		{"github.com/hashicorp/foo", "git::https://github.com/hashicorp/foo.git"},
-		{"github.com/hashicorp/foo.git", "git::https://github.com/hashicorp/foo.git"},
-		{
-			"github.com/hashicorp/foo/bar",
-			"git::https://github.com/hashicorp/foo.git//bar",
-		},
-		{
-			"github.com/hashicorp/foo?foo=bar",
-			"git::https://github.com/hashicorp/foo.git?foo=bar",
-		},
-		{
-			"github.com/hashicorp/foo.git?foo=bar",
-			"git::https://github.com/hashicorp/foo.git?foo=bar",
-		},
-
-		// SSH
-		{"git@github.com:hashicorp/foo.git", "git::ssh://git@github.com/hashicorp/foo.git"},
-		{
-			"git@github.com:hashicorp/foo.git//bar",
-			"git::ssh://git@github.com/hashicorp/foo.git//bar",
-		},
-		{
-			"git@github.com:hashicorp/foo.git?foo=bar",
-			"git::ssh://git@github.com/hashicorp/foo.git?foo=bar",
-		},
-	}
-
-	pwd := "/pwd"
-	f := new(GitHubDetector)
-	for i, tc := range cases {
-		output, ok, err := f.Detect(tc.Input, pwd)
-		if err != nil {
-			t.Fatalf("err: %s", err)
-		}
-		if !ok {
-			t.Fatal("not ok")
-		}
-
-		if output != tc.Output {
-			t.Fatalf("%d: bad: %#v", i, output)
-		}
-	}
-}
diff --git a/config/module/detect_test.go b/config/module/detect_test.go
deleted file mode 100644
index d2ee8ea1af..0000000000
--- a/config/module/detect_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package module
-
-import (
-	"testing"
-)
-
-func TestDetect(t *testing.T) {
-	cases := []struct {
-		Input  string
-		Pwd    string
-		Output string
-		Err    bool
-	}{
-		{"./foo", "/foo", "file:///foo/foo", false},
-		{"git::./foo", "/foo", "git::file:///foo/foo", false},
-		{
-			"git::github.com/hashicorp/foo",
-			"",
-			"git::https://github.com/hashicorp/foo.git",
-			false,
-		},
-		{
-			"./foo//bar",
-			"/foo",
-			"file:///foo/foo//bar",
-			false,
-		},
-		{
-			"git::github.com/hashicorp/foo//bar",
-			"",
-			"git::https://github.com/hashicorp/foo.git//bar",
-			false,
-		},
-		{
-			"git::https://github.com/hashicorp/consul.git",
-			"",
-			"git::https://github.com/hashicorp/consul.git",
-			false,
-		},
-	}
-
-	for i, tc := range cases {
-		output, err := Detect(tc.Input, tc.Pwd)
-		if err != nil != tc.Err {
-			t.Fatalf("%d: bad err: %s", i, err)
-		}
-		if output != tc.Output {
-			t.Fatalf("%d: bad output: %s\nexpected: %s", i, output, tc.Output)
-		}
-	}
-}
diff --git a/config/module/folder_storage.go b/config/module/folder_storage.go
deleted file mode 100644
index 81c9a2ac19..0000000000
--- a/config/module/folder_storage.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package module
-
-import (
-	"crypto/md5"
-	"encoding/hex"
-	"fmt"
-	"os"
-	"path/filepath"
-)
-
-// FolderStorage is an implementation of the Storage interface that manages
-// modules on the disk.
-type FolderStorage struct {
-	// StorageDir is the directory where the modules will be stored.
-	StorageDir string
-}
-
-// Dir implements Storage.Dir
-func (s *FolderStorage) Dir(key string) (d string, e bool, err error) {
-	d = s.dir(key)
-	_, err = os.Stat(d)
-	if err == nil {
-		// Directory exists
-		e = true
-		return
-	}
-	if os.IsNotExist(err) {
-		// Directory doesn't exist
-		d = ""
-		e = false
-		err = nil
-		return
-	}
-
-	// An error
-	d = ""
-	e = false
-	return
-}
-
-// Get implements Storage.Get
-func (s *FolderStorage) Get(key string, source string, update bool) error {
-	dir := s.dir(key)
-	if !update {
-		if _, err := os.Stat(dir); err == nil {
-			// If the directory already exists, then we're done since
-			// we're not updating.
-			return nil
-		} else if !os.IsNotExist(err) {
-			// If the error we got wasn't a file-not-exist error, then
-			// something went wrong and we should report it.
-			return fmt.Errorf("Error reading module directory: %s", err)
-		}
-	}
-
-	// Get the source. This always forces an update.
-	return Get(dir, source)
-}
-
-// dir returns the directory name internally that we'll use to map to
-// internally.
-func (s *FolderStorage) dir(key string) string {
-	sum := md5.Sum([]byte(key))
-	return filepath.Join(s.StorageDir, hex.EncodeToString(sum[:]))
-}
diff --git a/config/module/folder_storage_test.go b/config/module/folder_storage_test.go
deleted file mode 100644
index 7fda6b21a4..0000000000
--- a/config/module/folder_storage_test.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package module
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestFolderStorage_impl(t *testing.T) {
-	var _ Storage = new(FolderStorage)
-}
-
-func TestFolderStorage(t *testing.T) {
-	s := &FolderStorage{StorageDir: tempDir(t)}
-
-	module := testModule("basic")
-
-	// A module shouldn't exist at first...
-	_, ok, err := s.Dir(module)
-	if err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	if ok {
-		t.Fatal("should not exist")
-	}
-
-	key := "foo"
-
-	// We can get it
-	err = s.Get(key, module, false)
-	if err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Now the module exists
-	dir, ok, err := s.Dir(key)
-	if err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	if !ok {
-		t.Fatal("should exist")
-	}
-
-	mainPath := filepath.Join(dir, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
diff --git a/config/module/get.go b/config/module/get.go
index 627d395a9d..3820e65f29 100644
--- a/config/module/get.go
+++ b/config/module/get.go
@@ -1,207 +1,36 @@
 package module
 
 import (
-	"bytes"
-	"fmt"
-	"io/ioutil"
-	"net/url"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"regexp"
-	"strings"
-	"syscall"
-
-	urlhelper "github.com/hashicorp/terraform/helper/url"
+	"github.com/hashicorp/go-getter"
 )
 
-// Getter defines the interface that schemes must implement to download
-// and update modules.
-type Getter interface {
-	// Get downloads the given URL into the given directory. This always
-	// assumes that we're updating and gets the latest version that it can.
-	//
-	// The directory may already exist (if we're updating). If it is in a
-	// format that isn't understood, an error should be returned. Get shouldn't
-	// simply nuke the directory.
-	Get(string, *url.URL) error
-}
-
-// Getters is the mapping of scheme to the Getter implementation that will
-// be used to get a dependency.
-var Getters map[string]Getter
-
-// forcedRegexp is the regular expression that finds forced getters. This
-// syntax is schema::url, example: git::https://foo.com
-var forcedRegexp = regexp.MustCompile(`^([A-Za-z]+)::(.+)$`)
-
-func init() {
-	httpGetter := new(HttpGetter)
-
-	Getters = map[string]Getter{
-		"file":  new(FileGetter),
-		"git":   new(GitGetter),
-		"hg":    new(HgGetter),
-		"http":  httpGetter,
-		"https": httpGetter,
-	}
-}
-
-// Get downloads the module specified by src into the folder specified by
-// dst. If dst already exists, Get will attempt to update it.
+// GetMode is an enum that describes how modules are loaded.
 //
-// src is a URL, whereas dst is always just a file path to a folder. This
-// folder doesn't need to exist. It will be created if it doesn't exist.
-func Get(dst, src string) error {
-	var force string
-	force, src = getForcedGetter(src)
-
-	// If there is a subdir component, then we download the root separately
-	// and then copy over the proper subdir.
-	var realDst string
-	src, subDir := getDirSubdir(src)
-	if subDir != "" {
-		tmpDir, err := ioutil.TempDir("", "tf")
-		if err != nil {
-			return err
-		}
-		if err := os.RemoveAll(tmpDir); err != nil {
-			return err
-		}
-		defer os.RemoveAll(tmpDir)
-
-		realDst = dst
-		dst = tmpDir
-	}
-
-	u, err := urlhelper.Parse(src)
-	if err != nil {
-		return err
-	}
-	if force == "" {
-		force = u.Scheme
-	}
-
-	g, ok := Getters[force]
-	if !ok {
-		return fmt.Errorf(
-			"module download not supported for scheme '%s'", force)
-	}
-
-	err = g.Get(dst, u)
-	if err != nil {
-		err = fmt.Errorf("error downloading module '%s': %s", src, err)
-		return err
-	}
-
-	// If we have a subdir, copy that over
-	if subDir != "" {
-		if err := os.RemoveAll(realDst); err != nil {
-			return err
-		}
-		if err := os.MkdirAll(realDst, 0755); err != nil {
-			return err
-		}
-
-		return copyDir(realDst, filepath.Join(dst, subDir))
-	}
-
-	return nil
-}
-
-// GetCopy is the same as Get except that it downloads a copy of the
-// module represented by source.
+// GetModeLoad says that modules will not be downloaded or updated, they will
+// only be loaded from the storage.
 //
-// This copy will omit and dot-prefixed files (such as .git/, .hg/) and
-// can't be updated on its own.
-func GetCopy(dst, src string) error {
-	// Create the temporary directory to do the real Get to
-	tmpDir, err := ioutil.TempDir("", "tf")
-	if err != nil {
-		return err
-	}
-	if err := os.RemoveAll(tmpDir); err != nil {
-		return err
-	}
-	defer os.RemoveAll(tmpDir)
+// GetModeGet says that modules can be initially downloaded if they don't
+// exist, but otherwise to just load from the current version in storage.
+//
+// GetModeUpdate says that modules should be checked for updates and
+// downloaded prior to loading. If there are no updates, we load the version
+// from disk, otherwise we download first and then load.
+type GetMode byte
 
-	// Get to that temporary dir
-	if err := Get(tmpDir, src); err != nil {
-		return err
-	}
+const (
+	GetModeNone GetMode = iota
+	GetModeGet
+	GetModeUpdate
+)
 
-	// Make sure the destination exists
-	if err := os.MkdirAll(dst, 0755); err != nil {
-		return err
-	}
-
-	// Copy to the final location
-	return copyDir(dst, tmpDir)
-}
-
-// getRunCommand is a helper that will run a command and capture the output
-// in the case an error happens.
-func getRunCommand(cmd *exec.Cmd) error {
-	var buf bytes.Buffer
-	cmd.Stdout = &buf
-	cmd.Stderr = &buf
-	err := cmd.Run()
-	if err == nil {
-		return nil
-	}
-	if exiterr, ok := err.(*exec.ExitError); ok {
-		// The program has exited with an exit code != 0
-		if status, ok := exiterr.Sys().(syscall.WaitStatus); ok {
-			return fmt.Errorf(
-				"%s exited with %d: %s",
-				cmd.Path,
-				status.ExitStatus(),
-				buf.String())
+func getStorage(s getter.Storage, key string, src string, mode GetMode) (string, bool, error) {
+	// Get the module with the level specified if we were told to.
+	if mode > GetModeNone {
+		if err := s.Get(key, src, mode == GetModeUpdate); err != nil {
+			return "", false, err
 		}
 	}
 
-	return fmt.Errorf("error running %s: %s", cmd.Path, buf.String())
-}
-
-// getDirSubdir takes a source and returns a tuple of the URL without
-// the subdir and the URL with the subdir.
-func getDirSubdir(src string) (string, string) {
-	// Calcaulate an offset to avoid accidentally marking the scheme
-	// as the dir.
-	var offset int
-	if idx := strings.Index(src, "://"); idx > -1 {
-		offset = idx + 3
-	}
-
-	// First see if we even have an explicit subdir
-	idx := strings.Index(src[offset:], "//")
-	if idx == -1 {
-		return src, ""
-	}
-
-	idx += offset
-	subdir := src[idx+2:]
-	src = src[:idx]
-
-	// Next, check if we have query parameters and push them onto the
-	// URL.
-	if idx = strings.Index(subdir, "?"); idx > -1 {
-		query := subdir[idx:]
-		subdir = subdir[:idx]
-		src += query
-	}
-
-	return src, subdir
-}
-
-// getForcedGetter takes a source and returns the tuple of the forced
-// getter and the raw URL (without the force syntax).
-func getForcedGetter(src string) (string, string) {
-	var forced string
-	if ms := forcedRegexp.FindStringSubmatch(src); ms != nil {
-		forced = ms[1]
-		src = ms[2]
-	}
-
-	return forced, src
+	// Get the directory where the module is.
+	return s.Dir(key)
 }
diff --git a/config/module/get_file.go b/config/module/get_file.go
deleted file mode 100644
index 73cb858341..0000000000
--- a/config/module/get_file.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"net/url"
-	"os"
-	"path/filepath"
-)
-
-// FileGetter is a Getter implementation that will download a module from
-// a file scheme.
-type FileGetter struct{}
-
-func (g *FileGetter) Get(dst string, u *url.URL) error {
-	// The source path must exist and be a directory to be usable.
-	if fi, err := os.Stat(u.Path); err != nil {
-		return fmt.Errorf("source path error: %s", err)
-	} else if !fi.IsDir() {
-		return fmt.Errorf("source path must be a directory")
-	}
-
-	fi, err := os.Lstat(dst)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-
-	// If the destination already exists, it must be a symlink
-	if err == nil {
-		mode := fi.Mode()
-		if mode&os.ModeSymlink == 0 {
-			return fmt.Errorf("destination exists and is not a symlink")
-		}
-
-		// Remove the destination
-		if err := os.Remove(dst); err != nil {
-			return err
-		}
-	}
-
-	// Create all the parent directories
-	if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
-		return err
-	}
-
-	return os.Symlink(u.Path, dst)
-}
diff --git a/config/module/get_file_test.go b/config/module/get_file_test.go
deleted file mode 100644
index 4c9f6126a7..0000000000
--- a/config/module/get_file_test.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package module
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestFileGetter_impl(t *testing.T) {
-	var _ Getter = new(FileGetter)
-}
-
-func TestFileGetter(t *testing.T) {
-	g := new(FileGetter)
-	dst := tempDir(t)
-
-	// With a dir that doesn't exist
-	if err := g.Get(dst, testModuleURL("basic")); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the destination folder is a symlink
-	fi, err := os.Lstat(dst)
-	if err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	if fi.Mode()&os.ModeSymlink == 0 {
-		t.Fatal("destination is not a symlink")
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestFileGetter_sourceFile(t *testing.T) {
-	g := new(FileGetter)
-	dst := tempDir(t)
-
-	// With a source URL that is a path to a file
-	u := testModuleURL("basic")
-	u.Path += "/main.tf"
-	if err := g.Get(dst, u); err == nil {
-		t.Fatal("should error")
-	}
-}
-
-func TestFileGetter_sourceNoExist(t *testing.T) {
-	g := new(FileGetter)
-	dst := tempDir(t)
-
-	// With a source URL that doesn't exist
-	u := testModuleURL("basic")
-	u.Path += "/main"
-	if err := g.Get(dst, u); err == nil {
-		t.Fatal("should error")
-	}
-}
-
-func TestFileGetter_dir(t *testing.T) {
-	g := new(FileGetter)
-	dst := tempDir(t)
-
-	if err := os.MkdirAll(dst, 0755); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// With a dir that exists that isn't a symlink
-	if err := g.Get(dst, testModuleURL("basic")); err == nil {
-		t.Fatal("should error")
-	}
-}
-
-func TestFileGetter_dirSymlink(t *testing.T) {
-	g := new(FileGetter)
-	dst := tempDir(t)
-	dst2 := tempDir(t)
-
-	// Make parents
-	if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	if err := os.MkdirAll(dst2, 0755); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Make a symlink
-	if err := os.Symlink(dst2, dst); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// With a dir that exists that isn't a symlink
-	if err := g.Get(dst, testModuleURL("basic")); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
diff --git a/config/module/get_git.go b/config/module/get_git.go
deleted file mode 100644
index 5ab27ba0be..0000000000
--- a/config/module/get_git.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"net/url"
-	"os"
-	"os/exec"
-)
-
-// GitGetter is a Getter implementation that will download a module from
-// a git repository.
-type GitGetter struct{}
-
-func (g *GitGetter) Get(dst string, u *url.URL) error {
-	if _, err := exec.LookPath("git"); err != nil {
-		return fmt.Errorf("git must be available and on the PATH")
-	}
-
-	// Extract some query parameters we use
-	var ref string
-	q := u.Query()
-	if len(q) > 0 {
-		ref = q.Get("ref")
-		q.Del("ref")
-
-		// Copy the URL
-		var newU url.URL = *u
-		u = &newU
-		u.RawQuery = q.Encode()
-	}
-
-	// First: clone or update the repository
-	_, err := os.Stat(dst)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	if err == nil {
-		err = g.update(dst, u)
-	} else {
-		err = g.clone(dst, u)
-	}
-	if err != nil {
-		return err
-	}
-
-	// Next: check out the proper tag/branch if it is specified, and checkout
-	if ref == "" {
-		return nil
-	}
-
-	return g.checkout(dst, ref)
-}
-
-func (g *GitGetter) checkout(dst string, ref string) error {
-	cmd := exec.Command("git", "checkout", ref)
-	cmd.Dir = dst
-	return getRunCommand(cmd)
-}
-
-func (g *GitGetter) clone(dst string, u *url.URL) error {
-	cmd := exec.Command("git", "clone", u.String(), dst)
-	return getRunCommand(cmd)
-}
-
-func (g *GitGetter) update(dst string, u *url.URL) error {
-	// We have to be on a branch to pull
-	if err := g.checkout(dst, "master"); err != nil {
-		return err
-	}
-
-	cmd := exec.Command("git", "pull", "--ff-only")
-	cmd.Dir = dst
-	return getRunCommand(cmd)
-}
diff --git a/config/module/get_git_test.go b/config/module/get_git_test.go
deleted file mode 100644
index 3885ff8e79..0000000000
--- a/config/module/get_git_test.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package module
-
-import (
-	"os"
-	"os/exec"
-	"path/filepath"
-	"testing"
-)
-
-var testHasGit bool
-
-func init() {
-	if _, err := exec.LookPath("git"); err == nil {
-		testHasGit = true
-	}
-}
-
-func TestGitGetter_impl(t *testing.T) {
-	var _ Getter = new(GitGetter)
-}
-
-func TestGitGetter(t *testing.T) {
-	if !testHasGit {
-		t.Log("git not found, skipping")
-		t.Skip()
-	}
-
-	g := new(GitGetter)
-	dst := tempDir(t)
-
-	// Git doesn't allow nested ".git" directories so we do some hackiness
-	// here to get around that...
-	moduleDir := filepath.Join(fixtureDir, "basic-git")
-	oldName := filepath.Join(moduleDir, "DOTgit")
-	newName := filepath.Join(moduleDir, ".git")
-	if err := os.Rename(oldName, newName); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	defer os.Rename(newName, oldName)
-
-	// With a dir that doesn't exist
-	if err := g.Get(dst, testModuleURL("basic-git")); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestGitGetter_branch(t *testing.T) {
-	if !testHasGit {
-		t.Log("git not found, skipping")
-		t.Skip()
-	}
-
-	g := new(GitGetter)
-	dst := tempDir(t)
-
-	// Git doesn't allow nested ".git" directories so we do some hackiness
-	// here to get around that...
-	moduleDir := filepath.Join(fixtureDir, "basic-git")
-	oldName := filepath.Join(moduleDir, "DOTgit")
-	newName := filepath.Join(moduleDir, ".git")
-	if err := os.Rename(oldName, newName); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	defer os.Rename(newName, oldName)
-
-	url := testModuleURL("basic-git")
-	q := url.Query()
-	q.Add("ref", "test-branch")
-	url.RawQuery = q.Encode()
-
-	if err := g.Get(dst, url); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main_branch.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Get again should work
-	if err := g.Get(dst, url); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath = filepath.Join(dst, "main_branch.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestGitGetter_tag(t *testing.T) {
-	if !testHasGit {
-		t.Log("git not found, skipping")
-		t.Skip()
-	}
-
-	g := new(GitGetter)
-	dst := tempDir(t)
-
-	// Git doesn't allow nested ".git" directories so we do some hackiness
-	// here to get around that...
-	moduleDir := filepath.Join(fixtureDir, "basic-git")
-	oldName := filepath.Join(moduleDir, "DOTgit")
-	newName := filepath.Join(moduleDir, ".git")
-	if err := os.Rename(oldName, newName); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-	defer os.Rename(newName, oldName)
-
-	url := testModuleURL("basic-git")
-	q := url.Query()
-	q.Add("ref", "v1.0")
-	url.RawQuery = q.Encode()
-
-	if err := g.Get(dst, url); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main_tag1.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Get again should work
-	if err := g.Get(dst, url); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath = filepath.Join(dst, "main_tag1.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
diff --git a/config/module/get_hg.go b/config/module/get_hg.go
deleted file mode 100644
index f74c140932..0000000000
--- a/config/module/get_hg.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"net/url"
-	"os"
-	"os/exec"
-	"runtime"
-
-	urlhelper "github.com/hashicorp/terraform/helper/url"
-)
-
-// HgGetter is a Getter implementation that will download a module from
-// a Mercurial repository.
-type HgGetter struct{}
-
-func (g *HgGetter) Get(dst string, u *url.URL) error {
-	if _, err := exec.LookPath("hg"); err != nil {
-		return fmt.Errorf("hg must be available and on the PATH")
-	}
-
-	newURL, err := urlhelper.Parse(u.String())
-	if err != nil {
-		return err
-	}
-	if fixWindowsDrivePath(newURL) {
-		// See valid file path form on http://www.selenic.com/hg/help/urls
-		newURL.Path = fmt.Sprintf("/%s", newURL.Path)
-	}
-
-	// Extract some query parameters we use
-	var rev string
-	q := newURL.Query()
-	if len(q) > 0 {
-		rev = q.Get("rev")
-		q.Del("rev")
-
-		newURL.RawQuery = q.Encode()
-	}
-
-	_, err = os.Stat(dst)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-	if err != nil {
-		if err := g.clone(dst, newURL); err != nil {
-			return err
-		}
-	}
-
-	if err := g.pull(dst, newURL); err != nil {
-		return err
-	}
-
-	return g.update(dst, newURL, rev)
-}
-
-func (g *HgGetter) clone(dst string, u *url.URL) error {
-	cmd := exec.Command("hg", "clone", "-U", u.String(), dst)
-	return getRunCommand(cmd)
-}
-
-func (g *HgGetter) pull(dst string, u *url.URL) error {
-	cmd := exec.Command("hg", "pull")
-	cmd.Dir = dst
-	return getRunCommand(cmd)
-}
-
-func (g *HgGetter) update(dst string, u *url.URL, rev string) error {
-	args := []string{"update"}
-	if rev != "" {
-		args = append(args, rev)
-	}
-
-	cmd := exec.Command("hg", args...)
-	cmd.Dir = dst
-	return getRunCommand(cmd)
-}
-
-func fixWindowsDrivePath(u *url.URL) bool {
-	// hg assumes a file:/// prefix for Windows drive letter file paths.
-	// (e.g. file:///c:/foo/bar)
-	// If the URL Path does not begin with a '/' character, the resulting URL
-	// path will have a file:// prefix. (e.g. file://c:/foo/bar)
-	// See http://www.selenic.com/hg/help/urls and the examples listed in
-	// http://selenic.com/repo/hg-stable/file/1265a3a71d75/mercurial/util.py#l1936
-	return runtime.GOOS == "windows" && u.Scheme == "file" &&
-		len(u.Path) > 1 && u.Path[0] != '/' && u.Path[1] == ':'
-}
diff --git a/config/module/get_hg_test.go b/config/module/get_hg_test.go
deleted file mode 100644
index d7125bde21..0000000000
--- a/config/module/get_hg_test.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package module
-
-import (
-	"os"
-	"os/exec"
-	"path/filepath"
-	"testing"
-)
-
-var testHasHg bool
-
-func init() {
-	if _, err := exec.LookPath("hg"); err == nil {
-		testHasHg = true
-	}
-}
-
-func TestHgGetter_impl(t *testing.T) {
-	var _ Getter = new(HgGetter)
-}
-
-func TestHgGetter(t *testing.T) {
-	t.Parallel()
-
-	if !testHasHg {
-		t.Log("hg not found, skipping")
-		t.Skip()
-	}
-
-	g := new(HgGetter)
-	dst := tempDir(t)
-
-	// With a dir that doesn't exist
-	if err := g.Get(dst, testModuleURL("basic-hg")); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestHgGetter_branch(t *testing.T) {
-	t.Parallel()
-
-	if !testHasHg {
-		t.Log("hg not found, skipping")
-		t.Skip()
-	}
-
-	g := new(HgGetter)
-	dst := tempDir(t)
-
-	url := testModuleURL("basic-hg")
-	q := url.Query()
-	q.Add("rev", "test-branch")
-	url.RawQuery = q.Encode()
-
-	if err := g.Get(dst, url); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main_branch.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Get again should work
-	if err := g.Get(dst, url); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath = filepath.Join(dst, "main_branch.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
diff --git a/config/module/get_http.go b/config/module/get_http.go
deleted file mode 100644
index be65d921a8..0000000000
--- a/config/module/get_http.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package module
-
-import (
-	"encoding/xml"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-// HttpGetter is a Getter implementation that will download a module from
-// an HTTP endpoint. The protocol for downloading a module from an HTTP
-// endpoing is as follows:
-//
-// An HTTP GET request is made to the URL with the additional GET parameter
-// "terraform-get=1". This lets you handle that scenario specially if you
-// wish. The response must be a 2xx.
-//
-// First, a header is looked for "X-Terraform-Get" which should contain
-// a source URL to download.
-//
-// If the header is not present, then a meta tag is searched for named
-// "terraform-get" and the content should be a source URL.
-//
-// The source URL, whether from the header or meta tag, must be a fully
-// formed URL. The shorthand syntax of "github.com/foo/bar" or relative
-// paths are not allowed.
-type HttpGetter struct{}
-
-func (g *HttpGetter) Get(dst string, u *url.URL) error {
-	// Copy the URL so we can modify it
-	var newU url.URL = *u
-	u = &newU
-
-	// Add terraform-get to the parameter.
-	q := u.Query()
-	q.Add("terraform-get", "1")
-	u.RawQuery = q.Encode()
-
-	// Get the URL
-	resp, err := http.Get(u.String())
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		return fmt.Errorf("bad response code: %d", resp.StatusCode)
-	}
-
-	// Extract the source URL
-	var source string
-	if v := resp.Header.Get("X-Terraform-Get"); v != "" {
-		source = v
-	} else {
-		source, err = g.parseMeta(resp.Body)
-		if err != nil {
-			return err
-		}
-	}
-	if source == "" {
-		return fmt.Errorf("no source URL was returned")
-	}
-
-	// If there is a subdir component, then we download the root separately
-	// into a temporary directory, then copy over the proper subdir.
-	source, subDir := getDirSubdir(source)
-	if subDir == "" {
-		return Get(dst, source)
-	}
-
-	// We have a subdir, time to jump some hoops
-	return g.getSubdir(dst, source, subDir)
-}
-
-// getSubdir downloads the source into the destination, but with
-// the proper subdir.
-func (g *HttpGetter) getSubdir(dst, source, subDir string) error {
-	// Create a temporary directory to store the full source
-	td, err := ioutil.TempDir("", "tf")
-	if err != nil {
-		return err
-	}
-	defer os.RemoveAll(td)
-
-	// Download that into the given directory
-	if err := Get(td, source); err != nil {
-		return err
-	}
-
-	// Make sure the subdir path actually exists
-	sourcePath := filepath.Join(td, subDir)
-	if _, err := os.Stat(sourcePath); err != nil {
-		return fmt.Errorf(
-			"Error downloading %s: %s", source, err)
-	}
-
-	// Copy the subdirectory into our actual destination.
-	if err := os.RemoveAll(dst); err != nil {
-		return err
-	}
-
-	// Make the final destination
-	if err := os.MkdirAll(dst, 0755); err != nil {
-		return err
-	}
-
-	return copyDir(dst, sourcePath)
-}
-
-// parseMeta looks for the first meta tag in the given reader that
-// will give us the source URL.
-func (g *HttpGetter) parseMeta(r io.Reader) (string, error) {
-	d := xml.NewDecoder(r)
-	d.CharsetReader = charsetReader
-	d.Strict = false
-	var err error
-	var t xml.Token
-	for {
-		t, err = d.Token()
-		if err != nil {
-			if err == io.EOF {
-				err = nil
-			}
-			return "", err
-		}
-		if e, ok := t.(xml.StartElement); ok && strings.EqualFold(e.Name.Local, "body") {
-			return "", nil
-		}
-		if e, ok := t.(xml.EndElement); ok && strings.EqualFold(e.Name.Local, "head") {
-			return "", nil
-		}
-		e, ok := t.(xml.StartElement)
-		if !ok || !strings.EqualFold(e.Name.Local, "meta") {
-			continue
-		}
-		if attrValue(e.Attr, "name") != "terraform-get" {
-			continue
-		}
-		if f := attrValue(e.Attr, "content"); f != "" {
-			return f, nil
-		}
-	}
-}
-
-// attrValue returns the attribute value for the case-insensitive key
-// `name', or the empty string if nothing is found.
-func attrValue(attrs []xml.Attr, name string) string {
-	for _, a := range attrs {
-		if strings.EqualFold(a.Name.Local, name) {
-			return a.Value
-		}
-	}
-	return ""
-}
-
-// charsetReader returns a reader for the given charset. Currently
-// it only supports UTF-8 and ASCII. Otherwise, it returns a meaningful
-// error which is printed by go get, so the user can find why the package
-// wasn't downloaded if the encoding is not supported. Note that, in
-// order to reduce potential errors, ASCII is treated as UTF-8 (i.e. characters
-// greater than 0x7f are not rejected).
-func charsetReader(charset string, input io.Reader) (io.Reader, error) {
-	switch strings.ToLower(charset) {
-	case "ascii":
-		return input, nil
-	default:
-		return nil, fmt.Errorf("can't decode XML document using charset %q", charset)
-	}
-}
diff --git a/config/module/get_http_test.go b/config/module/get_http_test.go
deleted file mode 100644
index 5f2590f481..0000000000
--- a/config/module/get_http_test.go
+++ /dev/null
@@ -1,155 +0,0 @@
-package module
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestHttpGetter_impl(t *testing.T) {
-	var _ Getter = new(HttpGetter)
-}
-
-func TestHttpGetter_header(t *testing.T) {
-	ln := testHttpServer(t)
-	defer ln.Close()
-
-	g := new(HttpGetter)
-	dst := tempDir(t)
-
-	var u url.URL
-	u.Scheme = "http"
-	u.Host = ln.Addr().String()
-	u.Path = "/header"
-
-	// Get it!
-	if err := g.Get(dst, &u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestHttpGetter_meta(t *testing.T) {
-	ln := testHttpServer(t)
-	defer ln.Close()
-
-	g := new(HttpGetter)
-	dst := tempDir(t)
-
-	var u url.URL
-	u.Scheme = "http"
-	u.Host = ln.Addr().String()
-	u.Path = "/meta"
-
-	// Get it!
-	if err := g.Get(dst, &u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestHttpGetter_metaSubdir(t *testing.T) {
-	ln := testHttpServer(t)
-	defer ln.Close()
-
-	g := new(HttpGetter)
-	dst := tempDir(t)
-
-	var u url.URL
-	u.Scheme = "http"
-	u.Host = ln.Addr().String()
-	u.Path = "/meta-subdir"
-
-	// Get it!
-	if err := g.Get(dst, &u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	// Verify the main file exists
-	mainPath := filepath.Join(dst, "sub.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestHttpGetter_none(t *testing.T) {
-	ln := testHttpServer(t)
-	defer ln.Close()
-
-	g := new(HttpGetter)
-	dst := tempDir(t)
-
-	var u url.URL
-	u.Scheme = "http"
-	u.Host = ln.Addr().String()
-	u.Path = "/none"
-
-	// Get it!
-	if err := g.Get(dst, &u); err == nil {
-		t.Fatal("should error")
-	}
-}
-
-func testHttpServer(t *testing.T) net.Listener {
-	ln, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mux := http.NewServeMux()
-	mux.HandleFunc("/header", testHttpHandlerHeader)
-	mux.HandleFunc("/meta", testHttpHandlerMeta)
-	mux.HandleFunc("/meta-subdir", testHttpHandlerMetaSubdir)
-
-	var server http.Server
-	server.Handler = mux
-	go server.Serve(ln)
-
-	return ln
-}
-
-func testHttpHandlerHeader(w http.ResponseWriter, r *http.Request) {
-	w.Header().Add("X-Terraform-Get", testModuleURL("basic").String())
-	w.WriteHeader(200)
-}
-
-func testHttpHandlerMeta(w http.ResponseWriter, r *http.Request) {
-	w.Write([]byte(fmt.Sprintf(testHttpMetaStr, testModuleURL("basic").String())))
-}
-
-func testHttpHandlerMetaSubdir(w http.ResponseWriter, r *http.Request) {
-	w.Write([]byte(fmt.Sprintf(testHttpMetaStr, testModuleURL("basic//subdir").String())))
-}
-
-func testHttpHandlerNone(w http.ResponseWriter, r *http.Request) {
-	w.Write([]byte(testHttpNoneStr))
-}
-
-const testHttpMetaStr = `
-<html>
-<head>
-<meta name="terraform-get" content="%s">
-</head>
-</html>
-`
-
-const testHttpNoneStr = `
-<html>
-<head>
-</head>
-</html>
-`
diff --git a/config/module/get_test.go b/config/module/get_test.go
deleted file mode 100644
index b403c835ce..0000000000
--- a/config/module/get_test.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package module
-
-import (
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-)
-
-func TestGet_badSchema(t *testing.T) {
-	dst := tempDir(t)
-	u := testModule("basic")
-	u = strings.Replace(u, "file", "nope", -1)
-
-	if err := Get(dst, u); err == nil {
-		t.Fatal("should error")
-	}
-}
-
-func TestGet_file(t *testing.T) {
-	dst := tempDir(t)
-	u := testModule("basic")
-
-	if err := Get(dst, u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestGet_fileForced(t *testing.T) {
-	dst := tempDir(t)
-	u := testModule("basic")
-	u = "file::" + u
-
-	if err := Get(dst, u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestGet_fileSubdir(t *testing.T) {
-	dst := tempDir(t)
-	u := testModule("basic//subdir")
-
-	if err := Get(dst, u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mainPath := filepath.Join(dst, "sub.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestGetCopy_dot(t *testing.T) {
-	dst := tempDir(t)
-	u := testModule("basic-dot")
-
-	if err := GetCopy(dst, u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mainPath = filepath.Join(dst, "foo.tf")
-	if _, err := os.Stat(mainPath); err == nil {
-		t.Fatal("should not have foo.tf")
-	}
-}
-
-func TestGetCopy_file(t *testing.T) {
-	dst := tempDir(t)
-	u := testModule("basic")
-
-	if err := GetCopy(dst, u); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-
-	mainPath := filepath.Join(dst, "main.tf")
-	if _, err := os.Stat(mainPath); err != nil {
-		t.Fatalf("err: %s", err)
-	}
-}
-
-func TestGetDirSubdir(t *testing.T) {
-	cases := []struct {
-		Input    string
-		Dir, Sub string
-	}{
-		{
-			"hashicorp.com",
-			"hashicorp.com", "",
-		},
-		{
-			"hashicorp.com//foo",
-			"hashicorp.com", "foo",
-		},
-		{
-			"hashicorp.com//foo?bar=baz",
-			"hashicorp.com?bar=baz", "foo",
-		},
-		{
-			"file://foo//bar",
-			"file://foo", "bar",
-		},
-	}
-
-	for i, tc := range cases {
-		adir, asub := getDirSubdir(tc.Input)
-		if adir != tc.Dir {
-			t.Fatalf("%d: bad dir: %#v", i, adir)
-		}
-		if asub != tc.Sub {
-			t.Fatalf("%d: bad sub: %#v", i, asub)
-		}
-	}
-}
diff --git a/config/module/module_test.go b/config/module/module_test.go
index f1517e4801..89fee6ec56 100644
--- a/config/module/module_test.go
+++ b/config/module/module_test.go
@@ -2,13 +2,12 @@ package module
 
 import (
 	"io/ioutil"
-	"net/url"
 	"os"
 	"path/filepath"
 	"testing"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config"
-	urlhelper "github.com/hashicorp/terraform/helper/url"
 )
 
 const fixtureDir = "./test-fixtures"
@@ -34,24 +33,6 @@ func testConfig(t *testing.T, n string) *config.Config {
 	return c
 }
 
-func testModule(n string) string {
-	p := filepath.Join(fixtureDir, n)
-	p, err := filepath.Abs(p)
-	if err != nil {
-		panic(err)
-	}
-	return fmtFileURL(p)
-}
-
-func testModuleURL(n string) *url.URL {
-	u, err := urlhelper.Parse(testModule(n))
-	if err != nil {
-		panic(err)
-	}
-
-	return u
-}
-
-func testStorage(t *testing.T) Storage {
-	return &FolderStorage{StorageDir: tempDir(t)}
+func testStorage(t *testing.T) getter.Storage {
+	return &getter.FolderStorage{StorageDir: tempDir(t)}
 }
diff --git a/config/module/storage.go b/config/module/storage.go
deleted file mode 100644
index 9c752f6309..0000000000
--- a/config/module/storage.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package module
-
-// Storage is an interface that knows how to lookup downloaded modules
-// as well as download and update modules from their sources into the
-// proper location.
-type Storage interface {
-	// Dir returns the directory on local disk where the modulue source
-	// can be loaded from.
-	Dir(string) (string, bool, error)
-
-	// Get will download and optionally update the given module.
-	Get(string, string, bool) error
-}
-
-func getStorage(s Storage, key string, src string, mode GetMode) (string, bool, error) {
-	// Get the module with the level specified if we were told to.
-	if mode > GetModeNone {
-		if err := s.Get(key, src, mode == GetModeUpdate); err != nil {
-			return "", false, err
-		}
-	}
-
-	// Get the directory where the module is.
-	return s.Dir(key)
-}
diff --git a/config/module/tree.go b/config/module/tree.go
index d7b3ac9661..6a75c19c23 100644
--- a/config/module/tree.go
+++ b/config/module/tree.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config"
 )
 
@@ -27,25 +28,6 @@ type Tree struct {
 	lock     sync.RWMutex
 }
 
-// GetMode is an enum that describes how modules are loaded.
-//
-// GetModeLoad says that modules will not be downloaded or updated, they will
-// only be loaded from the storage.
-//
-// GetModeGet says that modules can be initially downloaded if they don't
-// exist, but otherwise to just load from the current version in storage.
-//
-// GetModeUpdate says that modules should be checked for updates and
-// downloaded prior to loading. If there are no updates, we load the version
-// from disk, otherwise we download first and then load.
-type GetMode byte
-
-const (
-	GetModeNone GetMode = iota
-	GetModeGet
-	GetModeUpdate
-)
-
 // NewTree returns a new Tree for the given config structure.
 func NewTree(name string, c *config.Config) *Tree {
 	return &Tree{config: c, name: name}
@@ -136,7 +118,7 @@ func (t *Tree) Name() string {
 // module trees inherently require the configuration to be in a reasonably
 // sane state: no circular dependencies, proper module sources, etc. A full
 // suite of validations can be done by running Validate (after loading).
-func (t *Tree) Load(s Storage, mode GetMode) error {
+func (t *Tree) Load(s getter.Storage, mode GetMode) error {
 	t.lock.Lock()
 	defer t.lock.Unlock()
 
@@ -159,15 +141,15 @@ func (t *Tree) Load(s Storage, mode GetMode) error {
 		path = append(path, m.Name)
 
 		// Split out the subdir if we have one
-		source, subDir := getDirSubdir(m.Source)
+		source, subDir := getter.SourceDirSubdir(m.Source)
 
-		source, err := Detect(source, t.config.Dir)
+		source, err := getter.Detect(source, t.config.Dir, getter.Detectors)
 		if err != nil {
 			return fmt.Errorf("module %s: %s", m.Name, err)
 		}
 
 		// Check if the detector introduced something new.
-		source, subDir2 := getDirSubdir(source)
+		source, subDir2 := getter.SourceDirSubdir(source)
 		if subDir2 != "" {
 			subDir = filepath.Join(subDir2, subDir)
 		}

From 344e7c26b5f116842932d0e6b6ad2f1a250526f4 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Thu, 15 Oct 2015 13:48:58 -0700
Subject: [PATCH 268/335] fix a bunch of tests from go-getter import

---
 command/apply.go               |   4 +-
 command/command_test.go        |   3 +-
 command/init.go                |   3 +-
 command/meta.go                |   5 +-
 command/module_storage.go      |   4 +-
 command/module_storage_test.go |   4 +-
 config/lang/y.go               | 272 ++++++++++++++++++++++++---------
 config/module/copy_dir.go      |  76 +++++++++
 config/module/get.go           |  33 ++++
 helper/resource/testing.go     |   3 +-
 10 files changed, 328 insertions(+), 79 deletions(-)
 create mode 100644 config/module/copy_dir.go

diff --git a/command/apply.go b/command/apply.go
index 8001cfe077..0687116a8a 100644
--- a/command/apply.go
+++ b/command/apply.go
@@ -7,8 +7,8 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/go-multierror"
-	"github.com/hashicorp/terraform/config/module"
 	"github.com/hashicorp/terraform/terraform"
 )
 
@@ -76,7 +76,7 @@ func (c *ApplyCommand) Run(args []string) int {
 
 	if !c.Destroy && maybeInit {
 		// Do a detect to determine if we need to do an init + apply.
-		if detected, err := module.Detect(configPath, pwd); err != nil {
+		if detected, err := getter.Detect(configPath, pwd, getter.Detectors); err != nil {
 			c.Ui.Error(fmt.Sprintf(
 				"Invalid path: %s", err))
 			return 1
diff --git a/command/command_test.go b/command/command_test.go
index 2b9f93dd1d..954579c3dd 100644
--- a/command/command_test.go
+++ b/command/command_test.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config/module"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -73,7 +74,7 @@ func testModule(t *testing.T, name string) *module.Tree {
 		t.Fatalf("err: %s", err)
 	}
 
-	s := &module.FolderStorage{StorageDir: tempDir(t)}
+	s := &getter.FolderStorage{StorageDir: tempDir(t)}
 	if err := mod.Load(s, module.GetModeGet); err != nil {
 		t.Fatalf("err: %s", err)
 	}
diff --git a/command/init.go b/command/init.go
index fb842d08de..1b92c0806c 100644
--- a/command/init.go
+++ b/command/init.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config"
 	"github.com/hashicorp/terraform/config/module"
 	"github.com/hashicorp/terraform/terraform"
@@ -75,7 +76,7 @@ func (c *InitCommand) Run(args []string) int {
 	}
 
 	// Detect
-	source, err = module.Detect(source, pwd)
+	source, err = getter.Detect(source, pwd, getter.Detectors)
 	if err != nil {
 		c.Ui.Error(fmt.Sprintf(
 			"Error with module source: %s", err))
diff --git a/command/meta.go b/command/meta.go
index af4a523028..3a12de02f7 100644
--- a/command/meta.go
+++ b/command/meta.go
@@ -9,6 +9,7 @@ import (
 	"path/filepath"
 	"strconv"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config/module"
 	"github.com/hashicorp/terraform/state"
 	"github.com/hashicorp/terraform/terraform"
@@ -330,9 +331,9 @@ func (m *Meta) flagSet(n string) *flag.FlagSet {
 
 // moduleStorage returns the module.Storage implementation used to store
 // modules for commands.
-func (m *Meta) moduleStorage(root string) module.Storage {
+func (m *Meta) moduleStorage(root string) getter.Storage {
 	return &uiModuleStorage{
-		Storage: &module.FolderStorage{
+		Storage: &getter.FolderStorage{
 			StorageDir: filepath.Join(root, "modules"),
 		},
 		Ui: m.Ui,
diff --git a/command/module_storage.go b/command/module_storage.go
index e17786a807..5bb832897d 100644
--- a/command/module_storage.go
+++ b/command/module_storage.go
@@ -3,14 +3,14 @@ package command
 import (
 	"fmt"
 
-	"github.com/hashicorp/terraform/config/module"
+	"github.com/hashicorp/go-getter"
 	"github.com/mitchellh/cli"
 )
 
 // uiModuleStorage implements module.Storage and is just a proxy to output
 // to the UI any Get operations.
 type uiModuleStorage struct {
-	Storage module.Storage
+	Storage getter.Storage
 	Ui      cli.Ui
 }
 
diff --git a/command/module_storage_test.go b/command/module_storage_test.go
index b77c2b5f78..97a5ed7ae3 100644
--- a/command/module_storage_test.go
+++ b/command/module_storage_test.go
@@ -3,9 +3,9 @@ package command
 import (
 	"testing"
 
-	"github.com/hashicorp/terraform/config/module"
+	"github.com/hashicorp/go-getter"
 )
 
 func TestUiModuleStorage_impl(t *testing.T) {
-	var _ module.Storage = new(uiModuleStorage)
+	var _ getter.Storage = new(uiModuleStorage)
 }
diff --git a/config/lang/y.go b/config/lang/y.go
index e7dd185ae1..fd0693f151 100644
--- a/config/lang/y.go
+++ b/config/lang/y.go
@@ -30,7 +30,10 @@ const INTEGER = 57355
 const FLOAT = 57356
 const STRING = 57357
 
-var parserToknames = []string{
+var parserToknames = [...]string{
+	"$end",
+	"error",
+	"$unk",
 	"PROGRAM_BRACKET_LEFT",
 	"PROGRAM_BRACKET_RIGHT",
 	"PROGRAM_STRING_START",
@@ -44,7 +47,7 @@ var parserToknames = []string{
 	"FLOAT",
 	"STRING",
 }
-var parserStatenames = []string{}
+var parserStatenames = [...]string{}
 
 const parserEofCode = 1
 const parserErrCode = 2
@@ -53,7 +56,7 @@ const parserMaxDepth = 200
 //line lang.y:165
 
 //line yacctab:1
-var parserExca = []int{
+var parserExca = [...]int{
 	-1, 1,
 	1, -1,
 	-2, 0,
@@ -67,75 +70,103 @@ var parserStates []string
 
 const parserLast = 30
 
-var parserAct = []int{
+var parserAct = [...]int{
 
 	9, 20, 16, 16, 7, 7, 3, 18, 10, 8,
 	1, 17, 14, 12, 13, 6, 6, 19, 8, 22,
 	15, 23, 24, 11, 2, 25, 16, 21, 4, 5,
 }
-var parserPact = []int{
+var parserPact = [...]int{
 
 	1, -1000, 1, -1000, -1000, -1000, -1000, 0, -1000, 15,
 	0, 1, -1000, -1000, -1, -1000, 0, -8, 0, -1000,
 	-1000, 12, -9, -1000, 0, -9,
 }
-var parserPgo = []int{
+var parserPgo = [...]int{
 
 	0, 0, 29, 28, 23, 6, 27, 10,
 }
-var parserR1 = []int{
+var parserR1 = [...]int{
 
 	0, 7, 7, 4, 4, 5, 5, 2, 1, 1,
 	1, 1, 1, 1, 1, 6, 6, 6, 3,
 }
-var parserR2 = []int{
+var parserR2 = [...]int{
 
 	0, 0, 1, 1, 2, 1, 1, 3, 3, 1,
 	1, 1, 3, 1, 4, 0, 3, 1, 1,
 }
-var parserChk = []int{
+var parserChk = [...]int{
 
 	-1000, -7, -4, -5, -3, -2, 15, 4, -5, -1,
 	8, -4, 13, 14, 12, 5, 11, -1, 8, -1,
 	9, -6, -1, 9, 10, -1,
 }
-var parserDef = []int{
+var parserDef = [...]int{
 
 	1, -2, 2, 3, 5, 6, 18, 0, 4, 0,
 	0, 9, 10, 11, 13, 7, 0, 0, 15, 12,
 	8, 0, 17, 14, 0, 16,
 }
-var parserTok1 = []int{
+var parserTok1 = [...]int{
 
 	1,
 }
-var parserTok2 = []int{
+var parserTok2 = [...]int{
 
 	2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
 	12, 13, 14, 15,
 }
-var parserTok3 = []int{
+var parserTok3 = [...]int{
 	0,
 }
 
+var parserErrorMessages = [...]struct {
+	state int
+	token int
+	msg   string
+}{}
+
 //line yaccpar:1
 
 /*	parser for yacc output	*/
 
-var parserDebug = 0
+var (
+	parserDebug        = 0
+	parserErrorVerbose = false
+)
 
 type parserLexer interface {
 	Lex(lval *parserSymType) int
 	Error(s string)
 }
 
+type parserParser interface {
+	Parse(parserLexer) int
+	Lookahead() int
+}
+
+type parserParserImpl struct {
+	lookahead func() int
+}
+
+func (p *parserParserImpl) Lookahead() int {
+	return p.lookahead()
+}
+
+func parserNewParser() parserParser {
+	p := &parserParserImpl{
+		lookahead: func() int { return -1 },
+	}
+	return p
+}
+
 const parserFlag = -1000
 
 func parserTokname(c int) string {
-	// 4 is TOKSTART above
-	if c >= 4 && c-4 < len(parserToknames) {
-		if parserToknames[c-4] != "" {
-			return parserToknames[c-4]
+	if c >= 1 && c-1 < len(parserToknames) {
+		if parserToknames[c-1] != "" {
+			return parserToknames[c-1]
 		}
 	}
 	return __yyfmt__.Sprintf("tok-%v", c)
@@ -150,51 +181,129 @@ func parserStatname(s int) string {
 	return __yyfmt__.Sprintf("state-%v", s)
 }
 
-func parserlex1(lex parserLexer, lval *parserSymType) int {
-	c := 0
-	char := lex.Lex(lval)
+func parserErrorMessage(state, lookAhead int) string {
+	const TOKSTART = 4
+
+	if !parserErrorVerbose {
+		return "syntax error"
+	}
+
+	for _, e := range parserErrorMessages {
+		if e.state == state && e.token == lookAhead {
+			return "syntax error: " + e.msg
+		}
+	}
+
+	res := "syntax error: unexpected " + parserTokname(lookAhead)
+
+	// To match Bison, suggest at most four expected tokens.
+	expected := make([]int, 0, 4)
+
+	// Look for shiftable tokens.
+	base := parserPact[state]
+	for tok := TOKSTART; tok-1 < len(parserToknames); tok++ {
+		if n := base + tok; n >= 0 && n < parserLast && parserChk[parserAct[n]] == tok {
+			if len(expected) == cap(expected) {
+				return res
+			}
+			expected = append(expected, tok)
+		}
+	}
+
+	if parserDef[state] == -2 {
+		i := 0
+		for parserExca[i] != -1 || parserExca[i+1] != state {
+			i += 2
+		}
+
+		// Look for tokens that we accept or reduce.
+		for i += 2; parserExca[i] >= 0; i += 2 {
+			tok := parserExca[i]
+			if tok < TOKSTART || parserExca[i+1] == 0 {
+				continue
+			}
+			if len(expected) == cap(expected) {
+				return res
+			}
+			expected = append(expected, tok)
+		}
+
+		// If the default action is to accept or reduce, give up.
+		if parserExca[i+1] != 0 {
+			return res
+		}
+	}
+
+	for i, tok := range expected {
+		if i == 0 {
+			res += ", expecting "
+		} else {
+			res += " or "
+		}
+		res += parserTokname(tok)
+	}
+	return res
+}
+
+func parserlex1(lex parserLexer, lval *parserSymType) (char, token int) {
+	token = 0
+	char = lex.Lex(lval)
 	if char <= 0 {
-		c = parserTok1[0]
+		token = parserTok1[0]
 		goto out
 	}
 	if char < len(parserTok1) {
-		c = parserTok1[char]
+		token = parserTok1[char]
 		goto out
 	}
 	if char >= parserPrivate {
 		if char < parserPrivate+len(parserTok2) {
-			c = parserTok2[char-parserPrivate]
+			token = parserTok2[char-parserPrivate]
 			goto out
 		}
 	}
 	for i := 0; i < len(parserTok3); i += 2 {
-		c = parserTok3[i+0]
-		if c == char {
-			c = parserTok3[i+1]
+		token = parserTok3[i+0]
+		if token == char {
+			token = parserTok3[i+1]
 			goto out
 		}
 	}
 
 out:
-	if c == 0 {
-		c = parserTok2[1] /* unknown char */
+	if token == 0 {
+		token = parserTok2[1] /* unknown char */
 	}
 	if parserDebug >= 3 {
-		__yyfmt__.Printf("lex %s(%d)\n", parserTokname(c), uint(char))
+		__yyfmt__.Printf("lex %s(%d)\n", parserTokname(token), uint(char))
 	}
-	return c
+	return char, token
 }
 
 func parserParse(parserlex parserLexer) int {
+	return parserNewParser().Parse(parserlex)
+}
+
+func (parserrcvr *parserParserImpl) Parse(parserlex parserLexer) int {
 	var parsern int
 	var parserlval parserSymType
 	var parserVAL parserSymType
+	var parserDollar []parserSymType
+	_ = parserDollar // silence set and not used
 	parserS := make([]parserSymType, parserMaxDepth)
 
 	Nerrs := 0   /* number of errors */
 	Errflag := 0 /* error recovery flag */
 	parserstate := 0
 	parserchar := -1
+	parsertoken := -1 // parserchar translated into internal numbering
+	parserrcvr.lookahead = func() int { return parserchar }
+	defer func() {
+		// Make sure we report no lookahead when not parsing.
+		parserstate = -1
+		parserchar = -1
+		parsertoken = -1
+	}()
 	parserp := -1
 	goto parserstack
 
@@ -207,7 +316,7 @@ ret1:
 parserstack:
 	/* put a state and value onto the stack */
 	if parserDebug >= 4 {
-		__yyfmt__.Printf("char %v in %v\n", parserTokname(parserchar), parserStatname(parserstate))
+		__yyfmt__.Printf("char %v in %v\n", parserTokname(parsertoken), parserStatname(parserstate))
 	}
 
 	parserp++
@@ -225,15 +334,16 @@ parsernewstate:
 		goto parserdefault /* simple state */
 	}
 	if parserchar < 0 {
-		parserchar = parserlex1(parserlex, &parserlval)
+		parserchar, parsertoken = parserlex1(parserlex, &parserlval)
 	}
-	parsern += parserchar
+	parsern += parsertoken
 	if parsern < 0 || parsern >= parserLast {
 		goto parserdefault
 	}
 	parsern = parserAct[parsern]
-	if parserChk[parsern] == parserchar { /* valid shift */
+	if parserChk[parsern] == parsertoken { /* valid shift */
 		parserchar = -1
+		parsertoken = -1
 		parserVAL = parserlval
 		parserstate = parsern
 		if Errflag > 0 {
@@ -247,7 +357,7 @@ parserdefault:
 	parsern = parserDef[parserstate]
 	if parsern == -2 {
 		if parserchar < 0 {
-			parserchar = parserlex1(parserlex, &parserlval)
+			parserchar, parsertoken = parserlex1(parserlex, &parserlval)
 		}
 
 		/* look through exception table */
@@ -260,7 +370,7 @@ parserdefault:
 		}
 		for xi += 2; ; xi += 2 {
 			parsern = parserExca[xi+0]
-			if parsern < 0 || parsern == parserchar {
+			if parsern < 0 || parsern == parsertoken {
 				break
 			}
 		}
@@ -273,11 +383,11 @@ parserdefault:
 		/* error ... attempt to resume parsing */
 		switch Errflag {
 		case 0: /* brand new error */
-			parserlex.Error("syntax error")
+			parserlex.Error(parserErrorMessage(parserstate, parsertoken))
 			Nerrs++
 			if parserDebug >= 1 {
 				__yyfmt__.Printf("%s", parserStatname(parserstate))
-				__yyfmt__.Printf(" saw %s\n", parserTokname(parserchar))
+				__yyfmt__.Printf(" saw %s\n", parserTokname(parsertoken))
 			}
 			fallthrough
 
@@ -305,12 +415,13 @@ parserdefault:
 
 		case 3: /* no shift yet; clobber input char */
 			if parserDebug >= 2 {
-				__yyfmt__.Printf("error recovery discards %s\n", parserTokname(parserchar))
+				__yyfmt__.Printf("error recovery discards %s\n", parserTokname(parsertoken))
 			}
-			if parserchar == parserEofCode {
+			if parsertoken == parserEofCode {
 				goto ret1
 			}
 			parserchar = -1
+			parsertoken = -1
 			goto parsernewstate /* try again in the same state */
 		}
 	}
@@ -325,6 +436,13 @@ parserdefault:
 	_ = parserpt // guard against "declared and not used"
 
 	parserp -= parserR2[parsern]
+	// parserp is now the index of $0. Perform the default action. Iff the
+	// reduced production is ε, $1 is possibly out of range.
+	if parserp+1 >= len(parserS) {
+		nyys := make([]parserSymType, len(parserS)*2)
+		copy(nyys, parserS)
+		parserS = nyys
+	}
 	parserVAL = parserS[parserp+1]
 
 	/* consult goto table to find next state */
@@ -344,6 +462,7 @@ parserdefault:
 	switch parsernt {
 
 	case 1:
+		parserDollar = parserS[parserpt-0 : parserpt+1]
 		//line lang.y:35
 		{
 			parserResult = &ast.LiteralNode{
@@ -353,9 +472,10 @@ parserdefault:
 			}
 		}
 	case 2:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:43
 		{
-			parserResult = parserS[parserpt-0].node
+			parserResult = parserDollar[1].node
 
 			// We want to make sure that the top value is always a Concat
 			// so that the return value is always a string type from an
@@ -365,28 +485,30 @@ parserdefault:
 			// because functionally the AST is the same, but we do that because
 			// it makes for an easy literal check later (to check if a string
 			// has any interpolations).
-			if _, ok := parserS[parserpt-0].node.(*ast.Concat); !ok {
-				if n, ok := parserS[parserpt-0].node.(*ast.LiteralNode); !ok || n.Typex != ast.TypeString {
+			if _, ok := parserDollar[1].node.(*ast.Concat); !ok {
+				if n, ok := parserDollar[1].node.(*ast.LiteralNode); !ok || n.Typex != ast.TypeString {
 					parserResult = &ast.Concat{
-						Exprs: []ast.Node{parserS[parserpt-0].node},
-						Posx:  parserS[parserpt-0].node.Pos(),
+						Exprs: []ast.Node{parserDollar[1].node},
+						Posx:  parserDollar[1].node.Pos(),
 					}
 				}
 			}
 		}
 	case 3:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:66
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 4:
+		parserDollar = parserS[parserpt-2 : parserpt+1]
 		//line lang.y:70
 		{
 			var result []ast.Node
-			if c, ok := parserS[parserpt-1].node.(*ast.Concat); ok {
-				result = append(c.Exprs, parserS[parserpt-0].node)
+			if c, ok := parserDollar[1].node.(*ast.Concat); ok {
+				result = append(c.Exprs, parserDollar[2].node)
 			} else {
-				result = []ast.Node{parserS[parserpt-1].node, parserS[parserpt-0].node}
+				result = []ast.Node{parserDollar[1].node, parserDollar[2].node}
 			}
 
 			parserVAL.node = &ast.Concat{
@@ -395,89 +517,103 @@ parserdefault:
 			}
 		}
 	case 5:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:86
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 6:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:90
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 7:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:96
 		{
-			parserVAL.node = parserS[parserpt-1].node
+			parserVAL.node = parserDollar[2].node
 		}
 	case 8:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:102
 		{
-			parserVAL.node = parserS[parserpt-1].node
+			parserVAL.node = parserDollar[2].node
 		}
 	case 9:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:106
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 10:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:110
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserS[parserpt-0].token.Value.(int),
+				Value: parserDollar[1].token.Value.(int),
 				Typex: ast.TypeInt,
-				Posx:  parserS[parserpt-0].token.Pos,
+				Posx:  parserDollar[1].token.Pos,
 			}
 		}
 	case 11:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:118
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserS[parserpt-0].token.Value.(float64),
+				Value: parserDollar[1].token.Value.(float64),
 				Typex: ast.TypeFloat,
-				Posx:  parserS[parserpt-0].token.Pos,
+				Posx:  parserDollar[1].token.Pos,
 			}
 		}
 	case 12:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:126
 		{
 			parserVAL.node = &ast.Arithmetic{
-				Op:    parserS[parserpt-1].token.Value.(ast.ArithmeticOp),
-				Exprs: []ast.Node{parserS[parserpt-2].node, parserS[parserpt-0].node},
-				Posx:  parserS[parserpt-2].node.Pos(),
+				Op:    parserDollar[2].token.Value.(ast.ArithmeticOp),
+				Exprs: []ast.Node{parserDollar[1].node, parserDollar[3].node},
+				Posx:  parserDollar[1].node.Pos(),
 			}
 		}
 	case 13:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:134
 		{
-			parserVAL.node = &ast.VariableAccess{Name: parserS[parserpt-0].token.Value.(string), Posx: parserS[parserpt-0].token.Pos}
+			parserVAL.node = &ast.VariableAccess{Name: parserDollar[1].token.Value.(string), Posx: parserDollar[1].token.Pos}
 		}
 	case 14:
+		parserDollar = parserS[parserpt-4 : parserpt+1]
 		//line lang.y:138
 		{
-			parserVAL.node = &ast.Call{Func: parserS[parserpt-3].token.Value.(string), Args: parserS[parserpt-1].nodeList, Posx: parserS[parserpt-3].token.Pos}
+			parserVAL.node = &ast.Call{Func: parserDollar[1].token.Value.(string), Args: parserDollar[3].nodeList, Posx: parserDollar[1].token.Pos}
 		}
 	case 15:
+		parserDollar = parserS[parserpt-0 : parserpt+1]
 		//line lang.y:143
 		{
 			parserVAL.nodeList = nil
 		}
 	case 16:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:147
 		{
-			parserVAL.nodeList = append(parserS[parserpt-2].nodeList, parserS[parserpt-0].node)
+			parserVAL.nodeList = append(parserDollar[1].nodeList, parserDollar[3].node)
 		}
 	case 17:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:151
 		{
-			parserVAL.nodeList = append(parserVAL.nodeList, parserS[parserpt-0].node)
+			parserVAL.nodeList = append(parserVAL.nodeList, parserDollar[1].node)
 		}
 	case 18:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:157
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserS[parserpt-0].token.Value.(string),
+				Value: parserDollar[1].token.Value.(string),
 				Typex: ast.TypeString,
-				Posx:  parserS[parserpt-0].token.Pos,
+				Posx:  parserDollar[1].token.Pos,
 			}
 		}
 	}
diff --git a/config/module/copy_dir.go b/config/module/copy_dir.go
new file mode 100644
index 0000000000..f2ae63b77b
--- /dev/null
+++ b/config/module/copy_dir.go
@@ -0,0 +1,76 @@
+package module
+
+import (
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// copyDir copies the src directory contents into dst. Both directories
+// should already exist.
+func copyDir(dst, src string) error {
+	src, err := filepath.EvalSymlinks(src)
+	if err != nil {
+		return err
+	}
+
+	walkFn := func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if path == src {
+			return nil
+		}
+
+		if strings.HasPrefix(filepath.Base(path), ".") {
+			// Skip any dot files
+			if info.IsDir() {
+				return filepath.SkipDir
+			} else {
+				return nil
+			}
+		}
+
+		// The "path" has the src prefixed to it. We need to join our
+		// destination with the path without the src on it.
+		dstPath := filepath.Join(dst, path[len(src):])
+
+		// If we have a directory, make that subdirectory, then continue
+		// the walk.
+		if info.IsDir() {
+			if path == filepath.Join(src, dst) {
+				// dst is in src; don't walk it.
+				return nil
+			}
+
+			if err := os.MkdirAll(dstPath, 0755); err != nil {
+				return err
+			}
+
+			return nil
+		}
+
+		// If we have a file, copy the contents.
+		srcF, err := os.Open(path)
+		if err != nil {
+			return err
+		}
+		defer srcF.Close()
+
+		dstF, err := os.Create(dstPath)
+		if err != nil {
+			return err
+		}
+		defer dstF.Close()
+
+		if _, err := io.Copy(dstF, srcF); err != nil {
+			return err
+		}
+
+		// Chmod it
+		return os.Chmod(dstPath, info.Mode())
+	}
+
+	return filepath.Walk(src, walkFn)
+}
diff --git a/config/module/get.go b/config/module/get.go
index 3820e65f29..cba15277fd 100644
--- a/config/module/get.go
+++ b/config/module/get.go
@@ -1,6 +1,9 @@
 package module
 
 import (
+	"io/ioutil"
+	"os"
+
 	"github.com/hashicorp/go-getter"
 )
 
@@ -23,6 +26,36 @@ const (
 	GetModeUpdate
 )
 
+// GetCopy is the same as Get except that it downloads a copy of the
+// module represented by source.
+//
+// This copy will omit and dot-prefixed files (such as .git/, .hg/) and
+// can't be updated on its own.
+func GetCopy(dst, src string) error {
+	// Create the temporary directory to do the real Get to
+	tmpDir, err := ioutil.TempDir("", "tf")
+	if err != nil {
+		return err
+	}
+	if err := os.RemoveAll(tmpDir); err != nil {
+		return err
+	}
+	defer os.RemoveAll(tmpDir)
+
+	// Get to that temporary dir
+	if err := getter.Get(tmpDir, src); err != nil {
+		return err
+	}
+
+	// Make sure the destination exists
+	if err := os.MkdirAll(dst, 0755); err != nil {
+		return err
+	}
+
+	// Copy to the final location
+	return copyDir(dst, tmpDir)
+}
+
 func getStorage(s getter.Storage, key string, src string, mode GetMode) (string, bool, error) {
 	// Get the module with the level specified if we were told to.
 	if mode > GetModeNone {
diff --git a/helper/resource/testing.go b/helper/resource/testing.go
index eaa0cbf710..0b53c3c615 100644
--- a/helper/resource/testing.go
+++ b/helper/resource/testing.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config/module"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -198,7 +199,7 @@ func testStep(
 	}
 
 	// Load the modules
-	modStorage := &module.FolderStorage{
+	modStorage := &getter.FolderStorage{
 		StorageDir: filepath.Join(cfgPath, ".tfmodules"),
 	}
 	err = mod.Load(modStorage, module.GetModeGet)

From 263cc1b8553545682316894ea8382c7d724a81ee Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Thu, 15 Oct 2015 13:52:27 -0700
Subject: [PATCH 269/335] terraform: final failing test

---
 terraform/terraform_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/terraform/terraform_test.go b/terraform/terraform_test.go
index 02d4de2a28..d17726acb4 100644
--- a/terraform/terraform_test.go
+++ b/terraform/terraform_test.go
@@ -13,6 +13,7 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/hashicorp/go-getter"
 	"github.com/hashicorp/terraform/config"
 	"github.com/hashicorp/terraform/config/module"
 )
@@ -70,7 +71,7 @@ func testModule(t *testing.T, name string) *module.Tree {
 		t.Fatalf("err: %s", err)
 	}
 
-	s := &module.FolderStorage{StorageDir: tempDir(t)}
+	s := &getter.FolderStorage{StorageDir: tempDir(t)}
 	if err := mod.Load(s, module.GetModeGet); err != nil {
 		t.Fatalf("err: %s", err)
 	}

From 05007bed38db92072c492c057a2b4613d59022f9 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Fri, 16 Oct 2015 09:11:39 -0500
Subject: [PATCH 270/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 81316bf545..a615847855 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 0.6.5 (Unreleased)
 
+INTERNAL IMPROVEMENTS:
+
+ * provider/digitalocean: use official Go client [GH-3333]
+
 ## 0.6.4 (October 15, 2015)
 
 FEATURES:

From 347f9c0bea68722a85a1e453c69e6a756043f6b8 Mon Sep 17 00:00:00 2001
From: clint shryock <clint@ctshryock.com>
Date: Fri, 16 Oct 2015 14:00:23 -0500
Subject: [PATCH 271/335] vagrantfile: update base image name to Bento, from
 Chef

---
 Vagrantfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Vagrantfile b/Vagrantfile
index 8a936e04cf..59709339d7 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -42,7 +42,7 @@ source /etc/profile.d/gopath.sh
 SCRIPT
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "chef/ubuntu-12.04"
+  config.vm.box = "bento/ubuntu-12.04"
   config.vm.hostname = "terraform"
 
   config.vm.provision "shell", inline: $script, privileged: false

From c2fdb7171e4d84cc3f37b8e2163b9d43aa6306e5 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Sat, 17 Oct 2015 17:33:45 -0700
Subject: [PATCH 272/335] use upstream osext, which fixes some bugs

---
 config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.go b/config.go
index 6482238889..c9b2a7f754 100644
--- a/config.go
+++ b/config.go
@@ -12,7 +12,7 @@ import (
 	"github.com/hashicorp/hcl"
 	"github.com/hashicorp/terraform/plugin"
 	"github.com/hashicorp/terraform/terraform"
-	"github.com/mitchellh/osext"
+	"github.com/kardianos/osext"
 )
 
 // Config is the structure of the configuration for the Terraform CLI.

From 593077161589a9ba920324450d0634d93834b20e Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Sun, 18 Oct 2015 13:21:41 -0400
Subject: [PATCH 273/335] Update compute_instance.html.markdown

Make it clear that you can't have two networks
---
 .../docs/providers/google/r/compute_instance.html.markdown    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/source/docs/providers/google/r/compute_instance.html.markdown b/website/source/docs/providers/google/r/compute_instance.html.markdown
index bf8add9e62..938bc71dff 100644
--- a/website/source/docs/providers/google/r/compute_instance.html.markdown
+++ b/website/source/docs/providers/google/r/compute_instance.html.markdown
@@ -82,8 +82,8 @@ The following arguments are supported:
   are not allowed to be used simultaneously.
 
 * `network_interface` - (Required) Networks to attach to the instance. This can be
-    specified multiple times for multiple networks. Structure is documented
-    below.
+    specified multiple times for multiple networks, but GCE is currently limited
+    to just 1. Structure is documented below.
 
 * `network` - (DEPRECATED, Required) Networks to attach to the instance. This can be
     specified multiple times for multiple networks. Structure is documented

From bb51882f337e80ca85b75069155ed03c52636dd3 Mon Sep 17 00:00:00 2001
From: Nathan Zadoks <nathan@nathan7.eu>
Date: Mon, 12 Oct 2015 17:04:58 -0400
Subject: [PATCH 274/335] Etcd remote state backend

---
 state/remote/etcd.go      | 78 +++++++++++++++++++++++++++++++++++++++
 state/remote/etcd_test.go | 38 +++++++++++++++++++
 state/remote/remote.go    |  1 +
 3 files changed, 117 insertions(+)
 create mode 100644 state/remote/etcd.go
 create mode 100644 state/remote/etcd_test.go

diff --git a/state/remote/etcd.go b/state/remote/etcd.go
new file mode 100644
index 0000000000..f596a8492c
--- /dev/null
+++ b/state/remote/etcd.go
@@ -0,0 +1,78 @@
+package remote
+
+import (
+	"crypto/md5"
+	"fmt"
+	"strings"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/golang.org/x/net/context"
+	etcdapi "github.com/coreos/etcd/client"
+)
+
+func etcdFactory(conf map[string]string) (Client, error) {
+	path, ok := conf["path"]
+	if !ok {
+		return nil, fmt.Errorf("missing 'path' configuration")
+	}
+
+	endpoints, ok := conf["endpoints"]
+	if !ok || endpoints == "" {
+		return nil, fmt.Errorf("missing 'endpoints' configuration")
+	}
+
+	config := etcdapi.Config{
+		Endpoints: strings.Split(endpoints, " "),
+	}
+	if username, ok := conf["username"]; ok && username != "" {
+		config.Username = username
+	}
+	if password, ok := conf["password"]; ok && password != "" {
+		config.Password = password
+	}
+
+	client, err := etcdapi.New(config)
+	if err != nil {
+		return nil, err
+	}
+
+	return &EtcdClient{
+		Client: client,
+		Path:   path,
+	}, nil
+}
+
+// EtcdClient is a remote client that stores data in etcd.
+type EtcdClient struct {
+	Client etcdapi.Client
+	Path   string
+}
+
+func (c *EtcdClient) Get() (*Payload, error) {
+	resp, err := etcdapi.NewKeysAPI(c.Client).Get(context.Background(), c.Path, &etcdapi.GetOptions{Quorum: true})
+	if err != nil {
+		if err, ok := err.(etcdapi.Error); ok && err.Code == etcdapi.ErrorCodeKeyNotFound {
+			return nil, nil
+		}
+		return nil, err
+	}
+	if resp.Node.Dir {
+		return nil, fmt.Errorf("path is a directory")
+	}
+
+	data := []byte(resp.Node.Value)
+	md5 := md5.Sum(data)
+	return &Payload{
+		Data: data,
+		MD5:  md5[:],
+	}, nil
+}
+
+func (c *EtcdClient) Put(data []byte) error {
+	_, err := etcdapi.NewKeysAPI(c.Client).Set(context.Background(), c.Path, string(data), nil)
+	return err
+}
+
+func (c *EtcdClient) Delete() error {
+	_, err := etcdapi.NewKeysAPI(c.Client).Delete(context.Background(), c.Path, nil)
+	return err
+}
diff --git a/state/remote/etcd_test.go b/state/remote/etcd_test.go
new file mode 100644
index 0000000000..6d06d801b2
--- /dev/null
+++ b/state/remote/etcd_test.go
@@ -0,0 +1,38 @@
+package remote
+
+import (
+	"fmt"
+	"os"
+	"testing"
+	"time"
+)
+
+func TestEtcdClient_impl(t *testing.T) {
+	var _ Client = new(EtcdClient)
+}
+
+func TestEtcdClient(t *testing.T) {
+	endpoint := os.Getenv("ETCD_ENDPOINT")
+	if endpoint == "" {
+		t.Skipf("skipping; ETCD_ENDPOINT must be set")
+	}
+
+	config := map[string]string{
+		"endpoints": endpoint,
+		"path":      fmt.Sprintf("tf-unit/%s", time.Now().String()),
+	}
+
+	if username := os.Getenv("ETCD_USERNAME"); username != "" {
+		config["username"] = username
+	}
+	if password := os.Getenv("ETCD_PASSWORD"); password != "" {
+		config["password"] = password
+	}
+
+	client, err := etcdFactory(config)
+	if err != nil {
+		t.Fatalf("Error for valid config: %s", err)
+	}
+
+	testClient(t, client)
+}
diff --git a/state/remote/remote.go b/state/remote/remote.go
index 7ebea32229..5337ad7b7b 100644
--- a/state/remote/remote.go
+++ b/state/remote/remote.go
@@ -38,6 +38,7 @@ func NewClient(t string, conf map[string]string) (Client, error) {
 var BuiltinClients = map[string]Factory{
 	"atlas":  atlasFactory,
 	"consul": consulFactory,
+	"etcd":   etcdFactory,
 	"http":   httpFactory,
 	"s3":     s3Factory,
 	"swift":  swiftFactory,

From 362a2035c0bb709162ab75d47ef6db2b23bcef56 Mon Sep 17 00:00:00 2001
From: Nathan Zadoks <nathan@nathan7.eu>
Date: Thu, 15 Oct 2015 22:32:59 -0400
Subject: [PATCH 275/335] Document the etcd remote state backend

---
 website/source/docs/commands/remote-config.html.markdown | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/website/source/docs/commands/remote-config.html.markdown b/website/source/docs/commands/remote-config.html.markdown
index 73a06f8211..aaa4148fcb 100644
--- a/website/source/docs/commands/remote-config.html.markdown
+++ b/website/source/docs/commands/remote-config.html.markdown
@@ -50,6 +50,11 @@ The following backends are supported:
   variables can optionally be provided. Address is assumed to be the
   local agent if not provided.
 
+* Etcd - Stores the state in etcd at a given path.
+  Requires the `path` and `endpoints` variables. The `username` and `password`
+  variables can optionally be provided. `endpoints` is assumed to be a
+  space-separated list of etcd endpoints.
+
 * S3 - Stores the state as a given key in a given bucket on Amazon S3.
   Requires the `bucket` and `key` variables. Supports and honors the standard
   AWS environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`

From 3021069207bf24c8c66f2877fd5d6eafea0d2c02 Mon Sep 17 00:00:00 2001
From: David Adams <dadams@instructure.com>
Date: Sun, 18 Oct 2015 18:23:13 -0500
Subject: [PATCH 276/335] Update init and remote config command docs

* Update init docs to be correct, and provide an example.
* Update remote config docs to provide more details about the Consul
  backend and to provide another example.
---
 .../source/docs/commands/init.html.markdown   | 37 ++++++++++++++-----
 .../docs/commands/remote-config.html.markdown | 16 ++++++--
 2 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/website/source/docs/commands/init.html.markdown b/website/source/docs/commands/init.html.markdown
index ee4286c278..803d937d75 100644
--- a/website/source/docs/commands/init.html.markdown
+++ b/website/source/docs/commands/init.html.markdown
@@ -31,17 +31,34 @@ a remote state configuration if provided.
 
 The command-line flags are all optional. The list of available flags are:
 
-* `-address=url` - URL of the remote storage server. Required for HTTP backend,
-  optional for Atlas and Consul.
-
-* `-access-token=token` - Authentication token for state storage server.
-  Required for Atlas backend, optional for Consul.
-
 * `-backend=atlas` - Specifies the type of remote backend. Must be one
-  of Atlas, Consul, or HTTP. Defaults to atlas.
+  of Atlas, Consul, S3, or HTTP. Defaults to Atlas.
 
-* `-name=name` - Name of the state file in the state storage server.
-  Required for Atlas backend.
+* `-backend-config="k=v"` - Specify a configuration variable for a backend. This is how you set the required variables for the selected backend (as detailed in the [remote command documentation](/docs/command/remote.html).
 
-* `-path=path` - Path of the remote state in Consul. Required for the Consul backend.
 
+## Example: Consul
+
+This example will initialize the current directory and configure Consul remote storage:
+
+```
+$ terraform init \
+    -backend=consul \
+    -backend-config="address=your.consul.endpoint:443" \
+    -backend-config="scheme=https" \
+    -backend-config="path=tf/path/for/project" \
+    /path/to/source/module
+```
+
+## Example: S3
+
+This example will initialize the current directory and configure S3 remote storage:
+
+```
+$ terraform init \
+    -backend=s3 \
+    -backend-config="bucket=your-s3-bucket" \
+    -backend-config="key=tf/path/for/project.json" \
+    -backend-config="acl=bucket-owner-full-control" \
+    /path/to/source/module
+```
diff --git a/website/source/docs/commands/remote-config.html.markdown b/website/source/docs/commands/remote-config.html.markdown
index 73a06f8211..cd6f8f9d3a 100644
--- a/website/source/docs/commands/remote-config.html.markdown
+++ b/website/source/docs/commands/remote-config.html.markdown
@@ -45,10 +45,18 @@ The following backends are supported:
 * Atlas - Stores the state in Atlas. Requires the `name` and `access_token`
   variables. The `address` variable can optionally be provided.
 
-* Consul - Stores the state in the KV store at a given path.
-  Requires the `path` variable. The `address` and `access_token`
-  variables can optionally be provided. Address is assumed to be the
-  local agent if not provided.
+* Consul - Stores the state in the KV store at a given path. Requires the
+  `path` variable. Supports the `CONSUL_HTTP_TOKEN` environment variable
+  for specifying access credentials, or the `access_token` variable may
+  be provided, but this is not recommended since it would be included in
+  cleartext inside the persisted, shard state. Other supported parameters
+  include:
+  * `address` - DNS name and port of your Consul endpoint specified in the
+    format `dnsname:port`. Defaults to the local agent HTTP listener. This
+    may also be specified using the `CONSUL_HTTP_ADDR` environment variable.
+  * `scheme` - Specifies what protocol to use when talking to the given
+    `address`, either `http` or `https`. SSL support can also be triggered
+    by setting then environment variable `CONSUL_HTTP_SSL` to `true`.
 
 * S3 - Stores the state as a given key in a given bucket on Amazon S3.
   Requires the `bucket` and `key` variables. Supports and honors the standard

From 3c0ed11922f17bb48ac14c76e3242070d3b82f2e Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Fri, 16 Oct 2015 17:17:35 -0400
Subject: [PATCH 277/335] Remove usage of http.DefaultClient

---
 state/remote/atlas.go     | 9 ++++++---
 state/remote/http_test.go | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/state/remote/atlas.go b/state/remote/atlas.go
index f52d834a2c..2c2c48895a 100644
--- a/state/remote/atlas.go
+++ b/state/remote/atlas.go
@@ -83,7 +83,8 @@ func (c *AtlasClient) Get() (*Payload, error) {
 	}
 
 	// Request the url
-	resp, err := http.DefaultClient.Do(req)
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}
@@ -161,7 +162,8 @@ func (c *AtlasClient) Put(state []byte) error {
 	req.ContentLength = int64(len(state))
 
 	// Make the request
-	resp, err := http.DefaultClient.Do(req)
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload state: %v", err)
 	}
@@ -186,7 +188,8 @@ func (c *AtlasClient) Delete() error {
 	}
 
 	// Make the request
-	resp, err := http.DefaultClient.Do(req)
+	client := &http.Client{}
+	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to delete state: %v", err)
 	}
diff --git a/state/remote/http_test.go b/state/remote/http_test.go
index e6e7297c19..74ed1755a2 100644
--- a/state/remote/http_test.go
+++ b/state/remote/http_test.go
@@ -24,7 +24,7 @@ func TestHTTPClient(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 
-	client := &HTTPClient{URL: url, Client: http.DefaultClient}
+	client := &HTTPClient{URL: url, Client: &http.Client{}}
 	testClient(t, client)
 }
 

From b0ceffc322efabc3ad2ff4bf41090eab25053bbe Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Mon, 19 Oct 2015 12:04:10 -0400
Subject: [PATCH 278/335] Remove usage from dependencies as well. Other
 dependencies need upstream merging to completely solve this.

---
 builtin/providers/aws/config.go | 3 +++
 builtin/providers/dme/config.go | 6 +++++-
 state/remote/s3.go              | 2 ++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index f8f443b73d..8b9428fbc2 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -3,6 +3,7 @@ package aws
 import (
 	"fmt"
 	"log"
+	"net/http"
 	"strings"
 
 	"github.com/hashicorp/go-multierror"
@@ -98,6 +99,7 @@ func (c *Config) Client() (interface{}, error) {
 			Credentials: creds,
 			Region:      aws.String(c.Region),
 			MaxRetries:  aws.Int(c.MaxRetries),
+			HTTPClient:  &http.Client{},
 		}
 
 		log.Println("[INFO] Initializing IAM Connection")
@@ -123,6 +125,7 @@ func (c *Config) Client() (interface{}, error) {
 			Credentials: creds,
 			Region:      aws.String("us-east-1"),
 			MaxRetries:  aws.Int(c.MaxRetries),
+			HTTPClient:  &http.Client{},
 		}
 
 		log.Println("[INFO] Initializing DynamoDB connection")
diff --git a/builtin/providers/dme/config.go b/builtin/providers/dme/config.go
index 514df0d101..2d387673fe 100644
--- a/builtin/providers/dme/config.go
+++ b/builtin/providers/dme/config.go
@@ -2,8 +2,10 @@ package dme
 
 import (
 	"fmt"
-	"github.com/soniah/dnsmadeeasy"
 	"log"
+	"net/http"
+
+	"github.com/soniah/dnsmadeeasy"
 )
 
 // Config contains DNSMadeEasy provider settings
@@ -20,6 +22,8 @@ func (c *Config) Client() (*dnsmadeeasy.Client, error) {
 		return nil, fmt.Errorf("Error setting up client: %s", err)
 	}
 
+	client.HTTP = &http.Client{}
+
 	if c.UseSandbox {
 		client.URL = dnsmadeeasy.SandboxURL
 	}
diff --git a/state/remote/s3.go b/state/remote/s3.go
index bdc6a63cf9..f6cfdfbde2 100644
--- a/state/remote/s3.go
+++ b/state/remote/s3.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"net/http"
 	"os"
 	"strconv"
 
@@ -75,6 +76,7 @@ func s3Factory(conf map[string]string) (Client, error) {
 	awsConfig := &aws.Config{
 		Credentials: credentialsProvider,
 		Region:      aws.String(regionName),
+		HTTPClient:  &http.Client{},
 	}
 	nativeClient := s3.New(awsConfig)
 

From 5fa5c4bc535c7798b0ec792e02dda4495e0854bc Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Mon, 19 Oct 2015 13:03:28 -0400
Subject: [PATCH 279/335] Use new packngo API allowing passing in a custom
 http.Client

---
 builtin/providers/packet/config.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/packet/config.go b/builtin/providers/packet/config.go
index 659ee9ebc8..b7d408c626 100644
--- a/builtin/providers/packet/config.go
+++ b/builtin/providers/packet/config.go
@@ -1,6 +1,8 @@
 package packet
 
 import (
+	"net/http"
+
 	"github.com/packethost/packngo"
 )
 
@@ -14,5 +16,5 @@ type Config struct {
 
 // Client() returns a new client for accessing packet.
 func (c *Config) Client() *packngo.Client {
-	return packngo.NewClient(consumerToken, c.AuthToken)
+	return packngo.NewClient(consumerToken, c.AuthToken, &http.Client{})
 }

From 7a24da8c94733b474955fb8acd79ef8fc56f92f8 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Mon, 19 Oct 2015 18:43:49 -0700
Subject: [PATCH 280/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a615847855..007dedfcd6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 0.6.5 (Unreleased)
 
+FEATURES:
+
+  * New remote state backend: `etcd` [GH-3487]
+
 INTERNAL IMPROVEMENTS:
 
  * provider/digitalocean: use official Go client [GH-3333]

From fca44bdec3a1510a413813124b074cfd2ea08829 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 20 Oct 2015 12:28:12 -0500
Subject: [PATCH 281/335] core: state metadata difference should bump serial

Remote state includes MD5-based checksumming to protect against State
conflicts. This can generate improper conflicts with states that differ
only in their Schema version.

We began to see this issue with
https://github.com/hashicorp/terraform/pull/3470 which changes the
"schema_version" of aws_key_pairs.
---
 terraform/state.go      | 15 +++++++++
 terraform/state_test.go | 72 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)

diff --git a/terraform/state.go b/terraform/state.go
index 21b2c04de3..e97e0c27ce 100644
--- a/terraform/state.go
+++ b/terraform/state.go
@@ -965,6 +965,21 @@ func (s *InstanceState) Equal(other *InstanceState) bool {
 		}
 	}
 
+	// Meta must be equal
+	if len(s.Meta) != len(other.Meta) {
+		return false
+	}
+	for k, v := range s.Meta {
+		otherV, ok := other.Meta[k]
+		if !ok {
+			return false
+		}
+
+		if v != otherV {
+			return false
+		}
+	}
+
 	return true
 }
 
diff --git a/terraform/state_test.go b/terraform/state_test.go
index eeb974d0b5..cc7b91bbc8 100644
--- a/terraform/state_test.go
+++ b/terraform/state_test.go
@@ -188,6 +188,43 @@ func TestStateEqual(t *testing.T) {
 				},
 			},
 		},
+
+		// Meta differs
+		{
+			false,
+			&State{
+				Modules: []*ModuleState{
+					&ModuleState{
+						Path: rootModulePath,
+						Resources: map[string]*ResourceState{
+							"test_instance.foo": &ResourceState{
+								Primary: &InstanceState{
+									Meta: map[string]string{
+										"schema_version": "1",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			&State{
+				Modules: []*ModuleState{
+					&ModuleState{
+						Path: rootModulePath,
+						Resources: map[string]*ResourceState{
+							"test_instance.foo": &ResourceState{
+								Primary: &InstanceState{
+									Meta: map[string]string{
+										"schema_version": "2",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 
 	for i, tc := range cases {
@@ -224,6 +261,41 @@ func TestStateIncrementSerialMaybe(t *testing.T) {
 			},
 			1,
 		},
+		"S2 is different, but only via Instance Metadata": {
+			&State{
+				Serial: 3,
+				Modules: []*ModuleState{
+					&ModuleState{
+						Path: rootModulePath,
+						Resources: map[string]*ResourceState{
+							"test_instance.foo": &ResourceState{
+								Primary: &InstanceState{
+									Meta: map[string]string{},
+								},
+							},
+						},
+					},
+				},
+			},
+			&State{
+				Serial: 3,
+				Modules: []*ModuleState{
+					&ModuleState{
+						Path: rootModulePath,
+						Resources: map[string]*ResourceState{
+							"test_instance.foo": &ResourceState{
+								Primary: &InstanceState{
+									Meta: map[string]string{
+										"schema_version": "1",
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			4,
+		},
 		"S1 serial is higher": {
 			&State{Serial: 5},
 			&State{

From d4f7cdc877721880c46c6d8bff726613532522b2 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Mon, 19 Oct 2015 15:38:23 -0400
Subject: [PATCH 282/335] GCP UserAgent now shows accurate Terraform version

---
 builtin/providers/google/config.go | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/builtin/providers/google/config.go b/builtin/providers/google/config.go
index 6bfa3553d4..1198a7c0ae 100644
--- a/builtin/providers/google/config.go
+++ b/builtin/providers/google/config.go
@@ -10,8 +10,7 @@ import (
 	"runtime"
 	"strings"
 
-	// TODO(dcunnin): Use version code from version.go
-	// "github.com/hashicorp/terraform"
+	"github.com/hashicorp/terraform/terraform"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	"golang.org/x/oauth2/jwt"
@@ -117,13 +116,11 @@ func (c *Config) loadAndValidate() error {
 
 	}
 
-	// Build UserAgent
-	versionString := "0.0.0"
-	// TODO(dcunnin): Use Terraform's version code from version.go
-	// versionString := main.Version
-	// if main.VersionPrerelease != "" {
-	// 	versionString = fmt.Sprintf("%s-%s", versionString, main.VersionPrerelease)
-	// }
+	versionString := terraform.Version
+	prerelease := terraform.VersionPrerelease
+	if len(prerelease) > 0 {
+		versionString = fmt.Sprintf("%s-%s", versionString, prerelease)
+	}
 	userAgent := fmt.Sprintf(
 		"(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, versionString)
 

From bba2c3221d4b16e1aa8fe26e4c6cba2b4e318380 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Mon, 19 Oct 2015 15:27:41 -0400
Subject: [PATCH 283/335] Added oauth2 support for GCP

---
 builtin/providers/google/config.go   | 28 ++++++++++++----------------
 builtin/providers/google/provider.go |  6 +++++-
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/builtin/providers/google/config.go b/builtin/providers/google/config.go
index 6bfa3553d4..120c578e1d 100644
--- a/builtin/providers/google/config.go
+++ b/builtin/providers/google/config.go
@@ -36,6 +36,13 @@ type Config struct {
 
 func (c *Config) loadAndValidate() error {
 	var account accountFile
+	clientScopes := []string{
+		"https://www.googleapis.com/auth/compute",
+		"https://www.googleapis.com/auth/cloud-platform",
+		"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
+		"https://www.googleapis.com/auth/devstorage.full_control",
+	}
+
 
 	if c.AccountFile == "" {
 		c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
@@ -79,13 +86,6 @@ func (c *Config) loadAndValidate() error {
 			}
 		}
 
-		clientScopes := []string{
-			"https://www.googleapis.com/auth/compute",
-			"https://www.googleapis.com/auth/cloud-platform",
-			"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
-			"https://www.googleapis.com/auth/devstorage.full_control",
-		}
-
 		// Get the token for use in our requests
 		log.Printf("[INFO] Requesting Google token...")
 		log.Printf("[INFO]   -- Email: %s", account.ClientEmail)
@@ -105,16 +105,12 @@ func (c *Config) loadAndValidate() error {
 		client = conf.Client(oauth2.NoContext)
 
 	} else {
-		log.Printf("[INFO] Requesting Google token via GCE Service Role...")
-		client = &http.Client{
-			Transport: &oauth2.Transport{
-				// Fetch from Google Compute Engine's metadata server to retrieve
-				// an access token for the provided account.
-				// If no account is specified, "default" is used.
-				Source: google.ComputeTokenSource(""),
-			},
+		log.Printf("[INFO] Authenticating using DefaultClient");
+		err := error(nil)
+		client, err = google.DefaultClient(oauth2.NoContext, clientScopes...)
+		if err != nil {
+			return err
 		}
-
 	}
 
 	// Build UserAgent
diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go
index 7c9587219b..acafd851c4 100644
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@@ -15,7 +15,7 @@ func Provider() terraform.ResourceProvider {
 		Schema: map[string]*schema.Schema{
 			"account_file": &schema.Schema{
 				Type:         schema.TypeString,
-				Required:     true,
+				Optional:     true,
 				DefaultFunc:  schema.EnvDefaultFunc("GOOGLE_ACCOUNT_FILE", nil),
 				ValidateFunc: validateAccountFile,
 			},
@@ -78,6 +78,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 }
 
 func validateAccountFile(v interface{}, k string) (warnings []string, errors []error) {
+	if v == nil {
+		return
+	}
+
 	value := v.(string)
 
 	if value == "" {

From 05c0998d2d84d7b06743761e9858a17470935cdb Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 20 Oct 2015 14:33:28 -0500
Subject: [PATCH 284/335] core: store deeply nested modules in a consistent
 order in the state

We were only comparing the last element of the module, which meant that
deeply nested modules with the same name but different ancestry had an
undefined sort order, which could cause inconsistencies in state
storage and potentially break remote state MD5 checksumming.
---
 terraform/state.go      |  5 ++---
 terraform/state_test.go | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/terraform/state.go b/terraform/state.go
index e97e0c27ce..8734cfc178 100644
--- a/terraform/state.go
+++ b/terraform/state.go
@@ -1207,9 +1207,8 @@ func (s moduleStateSort) Less(i, j int) bool {
 		return len(a.Path) < len(b.Path)
 	}
 
-	// Otherwise, compare by last path element
-	idx := len(a.Path) - 1
-	return a.Path[idx] < b.Path[idx]
+	// Otherwise, compare lexically
+	return strings.Join(a.Path, ".") < strings.Join(b.Path, ".")
 }
 
 func (s moduleStateSort) Swap(i, j int) {
diff --git a/terraform/state_test.go b/terraform/state_test.go
index cc7b91bbc8..8d24a8e75c 100644
--- a/terraform/state_test.go
+++ b/terraform/state_test.go
@@ -40,6 +40,23 @@ func TestStateAddModule(t *testing.T) {
 				[]string{"root", "foo", "bar"},
 			},
 		},
+		// Same last element, different middle element
+		{
+			[][]string{
+				[]string{"root", "foo", "bar"}, // This one should sort after...
+				[]string{"root", "foo"},
+				[]string{"root"},
+				[]string{"root", "bar", "bar"}, // ...this one.
+				[]string{"root", "bar"},
+			},
+			[][]string{
+				[]string{"root"},
+				[]string{"root", "bar"},
+				[]string{"root", "foo"},
+				[]string{"root", "bar", "bar"},
+				[]string{"root", "foo", "bar"},
+			},
+		},
 	}
 
 	for _, tc := range cases {

From e59fb4e6ca2e6c184acbdc3c7e14d07f0b2e0a83 Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <ctiwald@conductor.com>
Date: Sun, 19 Jul 2015 00:09:00 -0400
Subject: [PATCH 285/335] aws: Add support for "aws_codedeploy_app" resources.

---
 builtin/providers/aws/config.go               |   5 +
 builtin/providers/aws/provider.go             |   1 +
 .../aws/resource_aws_codedeploy_app.go        | 127 ++++++++++++++++++
 3 files changed, 133 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_codedeploy_app.go

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index 8b9428fbc2..dfd8b1b2ec 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -14,6 +14,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/autoscaling"
 	"github.com/aws/aws-sdk-go/service/cloudwatch"
 	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
+	"github.com/aws/aws-sdk-go/service/codedeploy"
 	"github.com/aws/aws-sdk-go/service/directoryservice"
 	"github.com/aws/aws-sdk-go/service/dynamodb"
 	"github.com/aws/aws-sdk-go/service/ec2"
@@ -70,6 +71,7 @@ type AWSClient struct {
 	lambdaconn         *lambda.Lambda
 	opsworksconn       *opsworks.OpsWorks
 	glacierconn        *glacier.Glacier
+	codedeployconn     *codedeploy.CodeDeploy
 }
 
 // Client configures and returns a fully initialized AWSClient
@@ -192,6 +194,9 @@ func (c *Config) Client() (interface{}, error) {
 
 		log.Println("[INFO] Initializing Glacier connection")
 		client.glacierconn = glacier.New(awsConfig)
+
+		log.Println("[INFO] Initializing CodeDeploy Connection")
+		client.codedeployconn = codedeploy.New(awsConfig)
 	}
 
 	if len(errs) > 0 {
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index f73580d0f7..132fa4678a 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -166,6 +166,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_cloudwatch_log_group":         resourceAwsCloudWatchLogGroup(),
 			"aws_autoscaling_lifecycle_hook":   resourceAwsAutoscalingLifecycleHook(),
 			"aws_cloudwatch_metric_alarm":      resourceAwsCloudWatchMetricAlarm(),
+			"aws_codedeploy_app":               resourceAwsCodeDeployApp(),
 			"aws_customer_gateway":             resourceAwsCustomerGateway(),
 			"aws_db_instance":                  resourceAwsDbInstance(),
 			"aws_db_parameter_group":           resourceAwsDbParameterGroup(),
diff --git a/builtin/providers/aws/resource_aws_codedeploy_app.go b/builtin/providers/aws/resource_aws_codedeploy_app.go
new file mode 100644
index 0000000000..ccf07a82d8
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_codedeploy_app.go
@@ -0,0 +1,127 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/codedeploy"
+)
+
+func resourceAwsCodeDeployApp() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCodeDeployAppCreate,
+		Read:   resourceAwsCodeDeployAppRead,
+		Update: resourceAwsCodeDeployUpdate,
+		Delete: resourceAwsCodeDeployAppDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			// The unique ID is set by AWS on create.
+			"unique_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsCodeDeployAppCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	application := d.Get("name").(string)
+	log.Printf("[DEBUG] Creating CodeDeploy application %s", application)
+
+	resp, err := conn.CreateApplication(&codedeploy.CreateApplicationInput{
+		ApplicationName: aws.String(application),
+	})
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] CodeDeploy application %s created", *resp.ApplicationId)
+
+	// Despite giving the application a unique ID, AWS doesn't actually use
+	// it in API calls. Use it and the app name to identify the resource in
+	// the state file. This allows us to reliably detect both when the TF
+	// config file changes and when the user deletes the app without removing
+	// it first from the TF config.
+	d.SetId(fmt.Sprintf("%s:%s", *resp.ApplicationId, application))
+
+	return resourceAwsCodeDeployAppRead(d, meta)
+}
+
+func resourceAwsCodeDeployAppRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	_, application := resourceAwsCodeDeployAppParseId(d.Id())
+	log.Printf("[DEBUG] Reading CodeDeploy application %s", application)
+	resp, err := conn.GetApplication(&codedeploy.GetApplicationInput{
+		ApplicationName: aws.String(application),
+	})
+	if err != nil {
+		if codedeployerr, ok := err.(awserr.Error); ok && codedeployerr.Code() == "ApplicationDoesNotExistException" {
+			d.SetId("")
+			return nil
+		} else {
+			log.Printf("[ERROR] Error finding CodeDeploy application: %s", err)
+			return err
+		}
+	}
+
+	d.Set("name", *resp.Application.ApplicationName)
+
+	return nil
+}
+
+func resourceAwsCodeDeployUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	o, n := d.GetChange("name")
+
+	_, err := conn.UpdateApplication(&codedeploy.UpdateApplicationInput{
+		ApplicationName:    aws.String(o.(string)),
+		NewApplicationName: aws.String(n.(string)),
+	})
+	if err != nil {
+		return err
+	}
+	log.Printf("[DEBUG] CodeDeploy application %s updated", n)
+
+	d.Set("name", n)
+
+	return nil
+}
+
+func resourceAwsCodeDeployAppDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	_, err := conn.DeleteApplication(&codedeploy.DeleteApplicationInput{
+		ApplicationName: aws.String(d.Get("name").(string)),
+	})
+	if err != nil {
+		if cderr, ok := err.(awserr.Error); ok && cderr.Code() == "InvalidApplicationNameException" {
+			d.SetId("")
+			return nil
+		} else {
+			log.Printf("[ERROR] Error deleting CodeDeploy application: %s", err)
+			return err
+		}
+	}
+
+	return nil
+}
+
+func resourceAwsCodeDeployAppParseId(id string) (string, string) {
+	parts := strings.SplitN(id, ":", 2)
+	return parts[0], parts[1]
+}

From 42c077700a26b4cf65999db199030ac88bc68d14 Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <ctiwald@conductor.com>
Date: Sun, 19 Jul 2015 00:09:25 -0400
Subject: [PATCH 286/335] aws: Add acceptance tests for "aws_codedeploy_app"
 resources.

---
 .../aws/resource_aws_codedeploy_app_test.go   | 78 +++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_codedeploy_app_test.go

diff --git a/builtin/providers/aws/resource_aws_codedeploy_app_test.go b/builtin/providers/aws/resource_aws_codedeploy_app_test.go
new file mode 100644
index 0000000000..9c016f1842
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_codedeploy_app_test.go
@@ -0,0 +1,78 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/codedeploy"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSCodeDeployApp_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCodeDeployAppDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCodeDeployApp,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSCodeDeployAppExists("aws_codedeploy_app.foo"),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCodeDeployAppModifier,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSCodeDeployAppExists("aws_codedeploy_app.foo"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSCodeDeployAppDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).codedeployconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_codedeploy_app" {
+			continue
+		}
+
+		resp, err := conn.GetApplication(&codedeploy.GetApplicationInput{
+			ApplicationName: aws.String(rs.Primary.ID),
+		})
+
+		if err == nil {
+			if resp.Application != nil {
+				return fmt.Errorf("CodeDeploy app still exists:\n%#v", *resp.Application.ApplicationId)
+			}
+		}
+
+		return err
+	}
+
+	return nil
+}
+
+func testAccCheckAWSCodeDeployAppExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		_, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		return nil
+	}
+}
+
+var testAccAWSCodeDeployApp = `
+resource "aws_codedeploy_app" "foo" {
+	name = "foo"
+}`
+
+var testAccAWSCodeDeployAppModifier = `
+resource "aws_codedeploy_app" "foo" {
+	name = "bar"
+}`

From fa3dfd1420dea811e8b0992092a43afaee703e8e Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <ctiwald@conductor.com>
Date: Sun, 19 Jul 2015 00:07:43 -0400
Subject: [PATCH 287/335] aws: Add documentation for "aws_codedeploy_app"
 resources.

---
 .../aws/r/codedeploy_app.html.markdown        | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/codedeploy_app.html.markdown

diff --git a/website/source/docs/providers/aws/r/codedeploy_app.html.markdown b/website/source/docs/providers/aws/r/codedeploy_app.html.markdown
new file mode 100644
index 0000000000..054fd1eda9
--- /dev/null
+++ b/website/source/docs/providers/aws/r/codedeploy_app.html.markdown
@@ -0,0 +1,32 @@
+---
+layout: "aws"
+page_title: "AWS: aws_codedeploy_app"
+sidebar_current: "docs-aws-resource-codedeploy-app"
+description: |\
+  Provides a CodeDeploy application.
+---
+
+# aws\_codedeploy\_app
+
+Provides a CodeDeploy application to be used as a basis for deployments
+
+## Example Usage
+
+```
+resource "aws_codedeploy_app" "foo" {
+  name = "foo"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the application.
+
+## Attribute Reference
+
+The following arguments are exported:
+
+* `id` - Amazon's assigned ID for the application.
+* `name` - The application's name.

From a546a12c2dbbeb6215c4c16ce5e6dbf3a00554dc Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <christiwald@gmail.com>
Date: Tue, 20 Oct 2015 18:03:57 -0400
Subject: [PATCH 288/335] aws: Add support for aws_codedeploy_deployment_group
 resources

---
 builtin/providers/aws/provider.go             |   1 +
 ...esource_aws_codedeploy_deployment_group.go | 375 ++++++++++++++++++
 2 files changed, 376 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_codedeploy_deployment_group.go

diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
index 132fa4678a..fed004741d 100644
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@@ -167,6 +167,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_autoscaling_lifecycle_hook":   resourceAwsAutoscalingLifecycleHook(),
 			"aws_cloudwatch_metric_alarm":      resourceAwsCloudWatchMetricAlarm(),
 			"aws_codedeploy_app":               resourceAwsCodeDeployApp(),
+			"aws_codedeploy_deployment_group":  resourceAwsCodeDeployDeploymentGroup(),
 			"aws_customer_gateway":             resourceAwsCustomerGateway(),
 			"aws_db_instance":                  resourceAwsDbInstance(),
 			"aws_db_parameter_group":           resourceAwsDbParameterGroup(),
diff --git a/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go b/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go
new file mode 100644
index 0000000000..a9f3acb078
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go
@@ -0,0 +1,375 @@
+package aws
+
+import (
+	"bytes"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/hashcode"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/codedeploy"
+)
+
+func resourceAwsCodeDeployDeploymentGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCodeDeployDeploymentGroupCreate,
+		Read:   resourceAwsCodeDeployDeploymentGroupRead,
+		Update: resourceAwsCodeDeployDeploymentGroupUpdate,
+		Delete: resourceAwsCodeDeployDeploymentGroupDelete,
+
+		Schema: map[string]*schema.Schema{
+			"application_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if len(value) > 100 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot exceed 100 characters", k))
+					}
+					return
+				},
+			},
+
+			"deployment_group_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if len(value) > 100 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot exceed 100 characters", k))
+					}
+					return
+				},
+			},
+
+			"service_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+			},
+
+			"autoscaling_groups": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+
+			"deployment_config_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "CodeDeployDefault.OneAtATime",
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if len(value) > 100 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot exceed 100 characters", k))
+					}
+					return
+				},
+			},
+
+			"ec2_tag_filter": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"key": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"type": &schema.Schema{
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateTagFilters,
+						},
+
+						"value": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+				Set: resourceAwsCodeDeployTagFilterHash,
+			},
+
+			"on_premises_instance_tag_filter": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"key": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"type": &schema.Schema{
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateTagFilters,
+						},
+
+						"value": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+				Set: resourceAwsCodeDeployTagFilterHash,
+			},
+		},
+	}
+}
+
+func resourceAwsCodeDeployDeploymentGroupCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	application := d.Get("application_name").(string)
+	deploymentGroup := d.Get("deployment_group_name").(string)
+
+	input := codedeploy.CreateDeploymentGroupInput{
+		ApplicationName:     aws.String(application),
+		DeploymentGroupName: aws.String(deploymentGroup),
+		ServiceRoleArn:      aws.String(d.Get("service_role_arn").(string)),
+	}
+	if attr, ok := d.GetOk("deployment_config_name"); ok {
+		input.DeploymentConfigName = aws.String(attr.(string))
+	}
+	if attr, ok := d.GetOk("autoscaling_groups"); ok {
+		input.AutoScalingGroups = expandStringList(attr.(*schema.Set).List())
+	}
+	if attr, ok := d.GetOk("on_premises_instance_tag_filters"); ok {
+		onPremFilters := buildOnPremTagFilters(attr.(*schema.Set).List())
+		input.OnPremisesInstanceTagFilters = onPremFilters
+	}
+	if attr, ok := d.GetOk("ec2_tag_filter"); ok {
+		ec2TagFilters := buildEC2TagFilters(attr.(*schema.Set).List())
+		input.Ec2TagFilters = ec2TagFilters
+	}
+
+	// Retry to handle IAM role eventual consistency.
+	var resp *codedeploy.CreateDeploymentGroupOutput
+	var err error
+	err = resource.Retry(2*time.Minute, func() error {
+		resp, err = conn.CreateDeploymentGroup(&input)
+		if err != nil {
+			codedeployErr, ok := err.(awserr.Error)
+			if !ok {
+				return &resource.RetryError{Err: err}
+			}
+			if codedeployErr.Code() == "InvalidRoleException" {
+				log.Printf("[DEBUG] Trying to create deployment group again: %q",
+					codedeployErr.Message())
+				return err
+			}
+
+			return &resource.RetryError{Err: err}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	d.SetId(*resp.DeploymentGroupId)
+
+	return resourceAwsCodeDeployDeploymentGroupRead(d, meta)
+}
+
+func resourceAwsCodeDeployDeploymentGroupRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	log.Printf("[DEBUG] Reading CodeDeploy DeploymentGroup %s", d.Id())
+	resp, err := conn.GetDeploymentGroup(&codedeploy.GetDeploymentGroupInput{
+		ApplicationName:     aws.String(d.Get("application_name").(string)),
+		DeploymentGroupName: aws.String(d.Get("deployment_group_name").(string)),
+	})
+	if err != nil {
+		return err
+	}
+
+	d.Set("application_name", *resp.DeploymentGroupInfo.ApplicationName)
+	d.Set("autoscaling_groups", resp.DeploymentGroupInfo.AutoScalingGroups)
+	d.Set("deployment_config_name", *resp.DeploymentGroupInfo.DeploymentConfigName)
+	d.Set("deployment_group_name", *resp.DeploymentGroupInfo.DeploymentGroupName)
+	d.Set("service_role_arn", *resp.DeploymentGroupInfo.ServiceRoleArn)
+	if err := d.Set("ec2_tag_filter", ec2TagFiltersToMap(resp.DeploymentGroupInfo.Ec2TagFilters)); err != nil {
+		return err
+	}
+	if err := d.Set("on_premises_instance_tag_filter", onPremisesTagFiltersToMap(resp.DeploymentGroupInfo.OnPremisesInstanceTagFilters)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceAwsCodeDeployDeploymentGroupUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	input := codedeploy.UpdateDeploymentGroupInput{
+		ApplicationName:            aws.String(d.Get("application_name").(string)),
+		CurrentDeploymentGroupName: aws.String(d.Get("deployment_group_name").(string)),
+	}
+
+	if d.HasChange("autoscaling_groups") {
+		_, n := d.GetChange("autoscaling_groups")
+		input.AutoScalingGroups = expandStringList(n.(*schema.Set).List())
+	}
+	if d.HasChange("deployment_config_name") {
+		_, n := d.GetChange("deployment_config_name")
+		input.DeploymentConfigName = aws.String(n.(string))
+	}
+	if d.HasChange("deployment_group_name") {
+		_, n := d.GetChange("deployment_group_name")
+		input.NewDeploymentGroupName = aws.String(n.(string))
+	}
+
+	// TagFilters aren't like tags. They don't append. They simply replace.
+	if d.HasChange("on_premises_instance_tag_filter") {
+		_, n := d.GetChange("on_premises_instance_tag_filter")
+		onPremFilters := buildOnPremTagFilters(n.(*schema.Set).List())
+		input.OnPremisesInstanceTagFilters = onPremFilters
+	}
+	if d.HasChange("ec2_tag_filter") {
+		_, n := d.GetChange("ec2_tag_filter")
+		ec2Filters := buildEC2TagFilters(n.(*schema.Set).List())
+		input.Ec2TagFilters = ec2Filters
+	}
+
+	log.Printf("[DEBUG] Updating CodeDeploy DeploymentGroup %s", d.Id())
+	_, err := conn.UpdateDeploymentGroup(&input)
+	if err != nil {
+		return err
+	}
+
+	return resourceAwsCodeDeployDeploymentGroupRead(d, meta)
+}
+
+func resourceAwsCodeDeployDeploymentGroupDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).codedeployconn
+
+	log.Printf("[DEBUG] Deleting CodeDeploy DeploymentGroup %s", d.Id())
+	_, err := conn.DeleteDeploymentGroup(&codedeploy.DeleteDeploymentGroupInput{
+		ApplicationName:     aws.String(d.Get("application_name").(string)),
+		DeploymentGroupName: aws.String(d.Get("deployment_group_name").(string)),
+	})
+	if err != nil {
+		return err
+	}
+
+	d.SetId("")
+
+	return nil
+}
+
+// buildOnPremTagFilters converts raw schema lists into a list of
+// codedeploy.TagFilters.
+func buildOnPremTagFilters(configured []interface{}) []*codedeploy.TagFilter {
+	filters := make([]*codedeploy.TagFilter, 0)
+	for _, raw := range configured {
+		var filter codedeploy.TagFilter
+		m := raw.(map[string]interface{})
+
+		filter.Key = aws.String(m["key"].(string))
+		filter.Type = aws.String(m["type"].(string))
+		filter.Value = aws.String(m["value"].(string))
+
+		filters = append(filters, &filter)
+	}
+
+	return filters
+}
+
+// buildEC2TagFilters converts raw schema lists into a list of
+// codedeploy.EC2TagFilters.
+func buildEC2TagFilters(configured []interface{}) []*codedeploy.EC2TagFilter {
+	filters := make([]*codedeploy.EC2TagFilter, 0)
+	for _, raw := range configured {
+		var filter codedeploy.EC2TagFilter
+		m := raw.(map[string]interface{})
+
+		filter.Key = aws.String(m["key"].(string))
+		filter.Type = aws.String(m["type"].(string))
+		filter.Value = aws.String(m["value"].(string))
+
+		filters = append(filters, &filter)
+	}
+
+	return filters
+}
+
+// ec2TagFiltersToMap converts lists of tag filters into a []map[string]string.
+func ec2TagFiltersToMap(list []*codedeploy.EC2TagFilter) []map[string]string {
+	result := make([]map[string]string, 0, len(list))
+	for _, tf := range list {
+		l := make(map[string]string)
+		if *tf.Key != "" {
+			l["key"] = *tf.Key
+		}
+		if *tf.Value != "" {
+			l["value"] = *tf.Value
+		}
+		if *tf.Type != "" {
+			l["type"] = *tf.Type
+		}
+		result = append(result, l)
+	}
+	return result
+}
+
+// onPremisesTagFiltersToMap converts lists of on-prem tag filters into a []map[string]string.
+func onPremisesTagFiltersToMap(list []*codedeploy.TagFilter) []map[string]string {
+	result := make([]map[string]string, 0, len(list))
+	for _, tf := range list {
+		l := make(map[string]string)
+		if *tf.Key != "" {
+			l["key"] = *tf.Key
+		}
+		if *tf.Value != "" {
+			l["value"] = *tf.Value
+		}
+		if *tf.Type != "" {
+			l["type"] = *tf.Type
+		}
+		result = append(result, l)
+	}
+	return result
+}
+
+// validateTagFilters confirms the "value" component of a tag filter is one of
+// AWS's three allowed types.
+func validateTagFilters(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if value != "KEY_ONLY" && value != "VALUE_ONLY" && value != "KEY_AND_VALUE" {
+		errors = append(errors, fmt.Errorf(
+			"%q must be one of \"KEY_ONLY\", \"VALUE_ONLY\", or \"KEY_AND_VALUE\"", k))
+	}
+	return
+}
+
+func resourceAwsCodeDeployTagFilterHash(v interface{}) int {
+	var buf bytes.Buffer
+	m := v.(map[string]interface{})
+
+	// Nothing's actually required in tag filters, so we must check the
+	// presence of all values before attempting a hash.
+	if v, ok := m["key"]; ok {
+		buf.WriteString(fmt.Sprintf("%s-", v.(string)))
+	}
+	if v, ok := m["type"]; ok {
+		buf.WriteString(fmt.Sprintf("%s-", v.(string)))
+	}
+	if v, ok := m["value"]; ok {
+		buf.WriteString(fmt.Sprintf("%s-", v.(string)))
+	}
+
+	return hashcode.String(buf.String())
+}

From 390f226eb51d66cf9398a882d605658d9c683d44 Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <christiwald@gmail.com>
Date: Tue, 20 Oct 2015 18:04:15 -0400
Subject: [PATCH 289/335] aws: Add aws_codedeploy_deployment_group tests

---
 ...ce_aws_codedeploy_deployment_group_test.go | 199 ++++++++++++++++++
 1 file changed, 199 insertions(+)
 create mode 100644 builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go

diff --git a/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go b/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go
new file mode 100644
index 0000000000..d883b26b8d
--- /dev/null
+++ b/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go
@@ -0,0 +1,199 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/codedeploy"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSCodeDeployDeploymentGroup_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCodeDeployDeploymentGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCodeDeployDeploymentGroup,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSCodeDeployDeploymentGroupExists("aws_codedeploy_deployment_group.foo"),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCodeDeployDeploymentGroupModifier,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSCodeDeployDeploymentGroupExists("aws_codedeploy_deployment_group.foo"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSCodeDeployDeploymentGroupDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).codedeployconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_codedeploy_deployment_group" {
+			continue
+		}
+
+		resp, err := conn.GetDeploymentGroup(&codedeploy.GetDeploymentGroupInput{
+			ApplicationName:     aws.String(rs.Primary.Attributes["application_name"]),
+			DeploymentGroupName: aws.String(rs.Primary.Attributes["deployment_group_name"]),
+		})
+
+		if err == nil {
+			if resp.DeploymentGroupInfo.DeploymentGroupName != nil {
+				return fmt.Errorf("CodeDeploy deployment group still exists:\n%#v", *resp.DeploymentGroupInfo.DeploymentGroupName)
+			}
+		}
+
+		return err
+	}
+
+	return nil
+}
+
+func testAccCheckAWSCodeDeployDeploymentGroupExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		_, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		return nil
+	}
+}
+
+var testAccAWSCodeDeployDeploymentGroup = `
+resource "aws_codedeploy_app" "foo_app" {
+	name = "foo_app"
+}
+
+resource "aws_iam_role_policy" "foo_policy" {
+	name = "foo_policy"
+	role = "${aws_iam_role.foo_role.id}"
+	policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:CompleteLifecycleAction",
+                "autoscaling:DeleteLifecycleHook",
+	        "autoscaling:DescribeAutoScalingGroups",
+                "autoscaling:DescribeLifecycleHooks",
+                "autoscaling:PutLifecycleHook",
+                "autoscaling:RecordLifecycleActionHeartbeat",
+                "ec2:DescribeInstances",
+                "ec2:DescribeInstanceStatus",
+                "tag:GetTags",
+	        "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role" "foo_role" {
+	name = "foo_role"
+	assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": [
+          "codedeploy.amazonaws.com"
+        ]
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_codedeploy_deployment_group" "foo" {
+	application_name = "${aws_codedeploy_app.foo_app.name}"
+	deployment_group_name = "foo"
+	service_role_arn = "${aws_iam_role.foo_role.arn}"
+	ec2_tag_filter {
+		key = "filterkey"
+		type = "KEY_AND_VALUE"
+		value = "filtervalue"
+	}
+}`
+
+var testAccAWSCodeDeployDeploymentGroupModifier = `
+resource "aws_codedeploy_app" "foo_app" {
+	name = "foo_app"
+}
+
+resource "aws_iam_role_policy" "foo_policy" {
+	name = "foo_policy"
+	role = "${aws_iam_role.foo_role.id}"
+	policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:CompleteLifecycleAction",
+                "autoscaling:DeleteLifecycleHook",
+	        "autoscaling:DescribeAutoScalingGroups",
+                "autoscaling:DescribeLifecycleHooks",
+                "autoscaling:PutLifecycleHook",
+                "autoscaling:RecordLifecycleActionHeartbeat",
+                "ec2:DescribeInstances",
+                "ec2:DescribeInstanceStatus",
+                "tag:GetTags",
+	        "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role" "foo_role" {
+	name = "foo_role"
+	assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": [
+          "codedeploy.amazonaws.com"
+        ]
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_codedeploy_deployment_group" "foo" {
+	application_name = "${aws_codedeploy_app.foo_app.name}"
+	deployment_group_name = "bar"
+	service_role_arn = "${aws_iam_role.foo_role.arn}"
+	ec2_tag_filter {
+		key = "filterkey"
+		type = "KEY_AND_VALUE"
+		value = "filtervalue"
+	}
+}`

From 095250535890a9d16e24eea1b9ab4adc0427874e Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <christiwald@gmail.com>
Date: Tue, 20 Oct 2015 18:04:39 -0400
Subject: [PATCH 290/335] aws: Add docs for aws_codedeploy_deployment_group

---
 .../codedeploy_deployment_group.html.markdown | 108 ++++++++++++++++++
 1 file changed, 108 insertions(+)
 create mode 100644 website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown

diff --git a/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown b/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
new file mode 100644
index 0000000000..cb2417fed6
--- /dev/null
+++ b/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
@@ -0,0 +1,108 @@
+---
+layout: "aws"
+page_title: "AWS: aws_codedeploy_deployment_group"
+sidebar_current: "docs-aws-resource-codedeploy-deployment-group"
+description: |\
+  Provides a CodeDeploy deployment group.
+---
+
+# aws\_codedeploy\_deployment\_group
+
+Provides a CodeDeploy deployment group for an application
+
+## Example Usage
+
+```
+resource "aws_codedeploy_app" "foo_app" {
+    name = "foo_app"
+}
+
+resource "aws_iam_role_policy" "foo_policy" {
+    name = "foo_policy"
+    role = "${aws_iam_role.foo_role.id}"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:CompleteLifecycleAction",
+                "autoscaling:DeleteLifecycleHook",
+            "autoscaling:DescribeAutoScalingGroups",
+                "autoscaling:DescribeLifecycleHooks",
+                "autoscaling:PutLifecycleHook",
+                "autoscaling:RecordLifecycleActionHeartbeat",
+                "ec2:DescribeInstances",
+                "ec2:DescribeInstanceStatus",
+                "tag:GetTags",
+            "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role" "foo_role" {
+    name = "foo_role"
+    assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": [
+          "codedeploy.amazonaws.com"
+        ]
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_codedeploy_deployment_group" "foo" {
+    application_name = "${aws_codedeploy_app.foo_app.name}"
+    deployment_group_name = "bar"
+    service_role_arn = "${aws_iam_role.foo_role.arn}"
+    ec2_tag_filter {
+        key = "filterkey"
+        type = "KEY_AND_VALUE"
+        value = "filtervalue"
+    }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `application_name` - (Required) The name of the application.
+* `deployment_group_name` - (Required) The name of the deployment group.
+* `service_role_arn` - (Required) The service role ARN that allows deployments.
+* `autoscaling_groups` - (Optional) Autoscaling groups associated with the deployment group.
+* `deployment_config_name` - (Optional) The name of the group's deployment config. The default is "CodeDeployDefault.OneAtATime".
+* `ec2_tag_filter` - (Optional) Tag filters associated with the group. See the AWS docs for details.
+* `on_premises_instance_tag_filter" - (Optional) On premise tag filters associated with the group. See the AWS docs for details.
+
+Both ec2_tag_filter and on_premises_tag_filter blocks support the following:
+
+* `key` - (Optional) The key of the tag filter.
+* `type` - (Optional) The type of the tag filter, either KEY_ONLY, VALUE_ONLY, or KEY_AND_VALUE.
+* `value` - (Optional) The value of the tag filter.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The deployment group's ID.
+* `application_name` - The group's assigned application.
+* `deployment_group_name` - The group's name.
+* `service_role_arn` - The group's service role ARN.
+* `autoscaling_groups` - The autoscaling groups associated with the deployment group.
+* `deployment_config_name` - The name of the group's deployment config.

From 77847b1572a3ae269892b7e6858662ae9b00134f Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 21 Oct 2015 09:49:23 -0500
Subject: [PATCH 291/335] config/lang: restore go1.4.3 generated code

my theory is that @mitchellh checked in a go1.5 generated file in
344e7c26b5f116842932d0e6b6ad2f1a250526f4
---
 config/lang/y.go | 272 ++++++++++++-----------------------------------
 1 file changed, 68 insertions(+), 204 deletions(-)

diff --git a/config/lang/y.go b/config/lang/y.go
index fd0693f151..e7dd185ae1 100644
--- a/config/lang/y.go
+++ b/config/lang/y.go
@@ -30,10 +30,7 @@ const INTEGER = 57355
 const FLOAT = 57356
 const STRING = 57357
 
-var parserToknames = [...]string{
-	"$end",
-	"error",
-	"$unk",
+var parserToknames = []string{
 	"PROGRAM_BRACKET_LEFT",
 	"PROGRAM_BRACKET_RIGHT",
 	"PROGRAM_STRING_START",
@@ -47,7 +44,7 @@ var parserToknames = [...]string{
 	"FLOAT",
 	"STRING",
 }
-var parserStatenames = [...]string{}
+var parserStatenames = []string{}
 
 const parserEofCode = 1
 const parserErrCode = 2
@@ -56,7 +53,7 @@ const parserMaxDepth = 200
 //line lang.y:165
 
 //line yacctab:1
-var parserExca = [...]int{
+var parserExca = []int{
 	-1, 1,
 	1, -1,
 	-2, 0,
@@ -70,103 +67,75 @@ var parserStates []string
 
 const parserLast = 30
 
-var parserAct = [...]int{
+var parserAct = []int{
 
 	9, 20, 16, 16, 7, 7, 3, 18, 10, 8,
 	1, 17, 14, 12, 13, 6, 6, 19, 8, 22,
 	15, 23, 24, 11, 2, 25, 16, 21, 4, 5,
 }
-var parserPact = [...]int{
+var parserPact = []int{
 
 	1, -1000, 1, -1000, -1000, -1000, -1000, 0, -1000, 15,
 	0, 1, -1000, -1000, -1, -1000, 0, -8, 0, -1000,
 	-1000, 12, -9, -1000, 0, -9,
 }
-var parserPgo = [...]int{
+var parserPgo = []int{
 
 	0, 0, 29, 28, 23, 6, 27, 10,
 }
-var parserR1 = [...]int{
+var parserR1 = []int{
 
 	0, 7, 7, 4, 4, 5, 5, 2, 1, 1,
 	1, 1, 1, 1, 1, 6, 6, 6, 3,
 }
-var parserR2 = [...]int{
+var parserR2 = []int{
 
 	0, 0, 1, 1, 2, 1, 1, 3, 3, 1,
 	1, 1, 3, 1, 4, 0, 3, 1, 1,
 }
-var parserChk = [...]int{
+var parserChk = []int{
 
 	-1000, -7, -4, -5, -3, -2, 15, 4, -5, -1,
 	8, -4, 13, 14, 12, 5, 11, -1, 8, -1,
 	9, -6, -1, 9, 10, -1,
 }
-var parserDef = [...]int{
+var parserDef = []int{
 
 	1, -2, 2, 3, 5, 6, 18, 0, 4, 0,
 	0, 9, 10, 11, 13, 7, 0, 0, 15, 12,
 	8, 0, 17, 14, 0, 16,
 }
-var parserTok1 = [...]int{
+var parserTok1 = []int{
 
 	1,
 }
-var parserTok2 = [...]int{
+var parserTok2 = []int{
 
 	2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
 	12, 13, 14, 15,
 }
-var parserTok3 = [...]int{
+var parserTok3 = []int{
 	0,
 }
 
-var parserErrorMessages = [...]struct {
-	state int
-	token int
-	msg   string
-}{}
-
 //line yaccpar:1
 
 /*	parser for yacc output	*/
 
-var (
-	parserDebug        = 0
-	parserErrorVerbose = false
-)
+var parserDebug = 0
 
 type parserLexer interface {
 	Lex(lval *parserSymType) int
 	Error(s string)
 }
 
-type parserParser interface {
-	Parse(parserLexer) int
-	Lookahead() int
-}
-
-type parserParserImpl struct {
-	lookahead func() int
-}
-
-func (p *parserParserImpl) Lookahead() int {
-	return p.lookahead()
-}
-
-func parserNewParser() parserParser {
-	p := &parserParserImpl{
-		lookahead: func() int { return -1 },
-	}
-	return p
-}
-
 const parserFlag = -1000
 
 func parserTokname(c int) string {
-	if c >= 1 && c-1 < len(parserToknames) {
-		if parserToknames[c-1] != "" {
-			return parserToknames[c-1]
+	// 4 is TOKSTART above
+	if c >= 4 && c-4 < len(parserToknames) {
+		if parserToknames[c-4] != "" {
+			return parserToknames[c-4]
 		}
 	}
 	return __yyfmt__.Sprintf("tok-%v", c)
@@ -181,129 +150,51 @@ func parserStatname(s int) string {
 	return __yyfmt__.Sprintf("state-%v", s)
 }
 
-func parserErrorMessage(state, lookAhead int) string {
-	const TOKSTART = 4
-
-	if !parserErrorVerbose {
-		return "syntax error"
-	}
-
-	for _, e := range parserErrorMessages {
-		if e.state == state && e.token == lookAhead {
-			return "syntax error: " + e.msg
-		}
-	}
-
-	res := "syntax error: unexpected " + parserTokname(lookAhead)
-
-	// To match Bison, suggest at most four expected tokens.
-	expected := make([]int, 0, 4)
-
-	// Look for shiftable tokens.
-	base := parserPact[state]
-	for tok := TOKSTART; tok-1 < len(parserToknames); tok++ {
-		if n := base + tok; n >= 0 && n < parserLast && parserChk[parserAct[n]] == tok {
-			if len(expected) == cap(expected) {
-				return res
-			}
-			expected = append(expected, tok)
-		}
-	}
-
-	if parserDef[state] == -2 {
-		i := 0
-		for parserExca[i] != -1 || parserExca[i+1] != state {
-			i += 2
-		}
-
-		// Look for tokens that we accept or reduce.
-		for i += 2; parserExca[i] >= 0; i += 2 {
-			tok := parserExca[i]
-			if tok < TOKSTART || parserExca[i+1] == 0 {
-				continue
-			}
-			if len(expected) == cap(expected) {
-				return res
-			}
-			expected = append(expected, tok)
-		}
-
-		// If the default action is to accept or reduce, give up.
-		if parserExca[i+1] != 0 {
-			return res
-		}
-	}
-
-	for i, tok := range expected {
-		if i == 0 {
-			res += ", expecting "
-		} else {
-			res += " or "
-		}
-		res += parserTokname(tok)
-	}
-	return res
-}
-
-func parserlex1(lex parserLexer, lval *parserSymType) (char, token int) {
-	token = 0
-	char = lex.Lex(lval)
+func parserlex1(lex parserLexer, lval *parserSymType) int {
+	c := 0
+	char := lex.Lex(lval)
 	if char <= 0 {
-		token = parserTok1[0]
+		c = parserTok1[0]
 		goto out
 	}
 	if char < len(parserTok1) {
-		token = parserTok1[char]
+		c = parserTok1[char]
 		goto out
 	}
 	if char >= parserPrivate {
 		if char < parserPrivate+len(parserTok2) {
-			token = parserTok2[char-parserPrivate]
+			c = parserTok2[char-parserPrivate]
 			goto out
 		}
 	}
 	for i := 0; i < len(parserTok3); i += 2 {
-		token = parserTok3[i+0]
-		if token == char {
-			token = parserTok3[i+1]
+		c = parserTok3[i+0]
+		if c == char {
+			c = parserTok3[i+1]
 			goto out
 		}
 	}
 
 out:
-	if token == 0 {
-		token = parserTok2[1] /* unknown char */
+	if c == 0 {
+		c = parserTok2[1] /* unknown char */
 	}
 	if parserDebug >= 3 {
-		__yyfmt__.Printf("lex %s(%d)\n", parserTokname(token), uint(char))
+		__yyfmt__.Printf("lex %s(%d)\n", parserTokname(c), uint(char))
 	}
-	return char, token
+	return c
 }
 
 func parserParse(parserlex parserLexer) int {
-	return parserNewParser().Parse(parserlex)
-}
-
-func (parserrcvr *parserParserImpl) Parse(parserlex parserLexer) int {
 	var parsern int
 	var parserlval parserSymType
 	var parserVAL parserSymType
-	var parserDollar []parserSymType
-	_ = parserDollar // silence set and not used
 	parserS := make([]parserSymType, parserMaxDepth)
 
 	Nerrs := 0   /* number of errors */
 	Errflag := 0 /* error recovery flag */
 	parserstate := 0
 	parserchar := -1
-	parsertoken := -1 // parserchar translated into internal numbering
-	parserrcvr.lookahead = func() int { return parserchar }
-	defer func() {
-		// Make sure we report no lookahead when not parsing.
-		parserstate = -1
-		parserchar = -1
-		parsertoken = -1
-	}()
 	parserp := -1
 	goto parserstack
 
@@ -316,7 +207,7 @@ ret1:
 parserstack:
 	/* put a state and value onto the stack */
 	if parserDebug >= 4 {
-		__yyfmt__.Printf("char %v in %v\n", parserTokname(parsertoken), parserStatname(parserstate))
+		__yyfmt__.Printf("char %v in %v\n", parserTokname(parserchar), parserStatname(parserstate))
 	}
 
 	parserp++
@@ -334,16 +225,15 @@ parsernewstate:
 		goto parserdefault /* simple state */
 	}
 	if parserchar < 0 {
-		parserchar, parsertoken = parserlex1(parserlex, &parserlval)
+		parserchar = parserlex1(parserlex, &parserlval)
 	}
-	parsern += parsertoken
+	parsern += parserchar
 	if parsern < 0 || parsern >= parserLast {
 		goto parserdefault
 	}
 	parsern = parserAct[parsern]
-	if parserChk[parsern] == parsertoken { /* valid shift */
+	if parserChk[parsern] == parserchar { /* valid shift */
 		parserchar = -1
-		parsertoken = -1
 		parserVAL = parserlval
 		parserstate = parsern
 		if Errflag > 0 {
@@ -357,7 +247,7 @@ parserdefault:
 	parsern = parserDef[parserstate]
 	if parsern == -2 {
 		if parserchar < 0 {
-			parserchar, parsertoken = parserlex1(parserlex, &parserlval)
+			parserchar = parserlex1(parserlex, &parserlval)
 		}
 
 		/* look through exception table */
@@ -370,7 +260,7 @@ parserdefault:
 		}
 		for xi += 2; ; xi += 2 {
 			parsern = parserExca[xi+0]
-			if parsern < 0 || parsern == parsertoken {
+			if parsern < 0 || parsern == parserchar {
 				break
 			}
 		}
@@ -383,11 +273,11 @@ parserdefault:
 		/* error ... attempt to resume parsing */
 		switch Errflag {
 		case 0: /* brand new error */
-			parserlex.Error(parserErrorMessage(parserstate, parsertoken))
+			parserlex.Error("syntax error")
 			Nerrs++
 			if parserDebug >= 1 {
 				__yyfmt__.Printf("%s", parserStatname(parserstate))
-				__yyfmt__.Printf(" saw %s\n", parserTokname(parsertoken))
+				__yyfmt__.Printf(" saw %s\n", parserTokname(parserchar))
 			}
 			fallthrough
 
@@ -415,13 +305,12 @@ parserdefault:
 
 		case 3: /* no shift yet; clobber input char */
 			if parserDebug >= 2 {
-				__yyfmt__.Printf("error recovery discards %s\n", parserTokname(parsertoken))
+				__yyfmt__.Printf("error recovery discards %s\n", parserTokname(parserchar))
 			}
-			if parsertoken == parserEofCode {
+			if parserchar == parserEofCode {
 				goto ret1
 			}
 			parserchar = -1
-			parsertoken = -1
 			goto parsernewstate /* try again in the same state */
 		}
 	}
@@ -436,13 +325,6 @@ parserdefault:
 	_ = parserpt // guard against "declared and not used"
 
 	parserp -= parserR2[parsern]
-	// parserp is now the index of $0. Perform the default action. Iff the
-	// reduced production is ε, $1 is possibly out of range.
-	if parserp+1 >= len(parserS) {
-		nyys := make([]parserSymType, len(parserS)*2)
-		copy(nyys, parserS)
-		parserS = nyys
-	}
 	parserVAL = parserS[parserp+1]
 
 	/* consult goto table to find next state */
@@ -462,7 +344,6 @@ parserdefault:
 	switch parsernt {
 
 	case 1:
-		parserDollar = parserS[parserpt-0 : parserpt+1]
 		//line lang.y:35
 		{
 			parserResult = &ast.LiteralNode{
@@ -472,10 +353,9 @@ parserdefault:
 			}
 		}
 	case 2:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:43
 		{
-			parserResult = parserDollar[1].node
+			parserResult = parserS[parserpt-0].node
 
 			// We want to make sure that the top value is always a Concat
 			// so that the return value is always a string type from an
@@ -485,30 +365,28 @@ parserdefault:
 			// because functionally the AST is the same, but we do that because
 			// it makes for an easy literal check later (to check if a string
 			// has any interpolations).
-			if _, ok := parserDollar[1].node.(*ast.Concat); !ok {
-				if n, ok := parserDollar[1].node.(*ast.LiteralNode); !ok || n.Typex != ast.TypeString {
+			if _, ok := parserS[parserpt-0].node.(*ast.Concat); !ok {
+				if n, ok := parserS[parserpt-0].node.(*ast.LiteralNode); !ok || n.Typex != ast.TypeString {
 					parserResult = &ast.Concat{
-						Exprs: []ast.Node{parserDollar[1].node},
-						Posx:  parserDollar[1].node.Pos(),
+						Exprs: []ast.Node{parserS[parserpt-0].node},
+						Posx:  parserS[parserpt-0].node.Pos(),
 					}
 				}
 			}
 		}
 	case 3:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:66
 		{
-			parserVAL.node = parserDollar[1].node
+			parserVAL.node = parserS[parserpt-0].node
 		}
 	case 4:
-		parserDollar = parserS[parserpt-2 : parserpt+1]
 		//line lang.y:70
 		{
 			var result []ast.Node
-			if c, ok := parserDollar[1].node.(*ast.Concat); ok {
-				result = append(c.Exprs, parserDollar[2].node)
+			if c, ok := parserS[parserpt-1].node.(*ast.Concat); ok {
+				result = append(c.Exprs, parserS[parserpt-0].node)
 			} else {
-				result = []ast.Node{parserDollar[1].node, parserDollar[2].node}
+				result = []ast.Node{parserS[parserpt-1].node, parserS[parserpt-0].node}
 			}
 
 			parserVAL.node = &ast.Concat{
@@ -517,103 +395,89 @@ parserdefault:
 			}
 		}
 	case 5:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:86
 		{
-			parserVAL.node = parserDollar[1].node
+			parserVAL.node = parserS[parserpt-0].node
 		}
 	case 6:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:90
 		{
-			parserVAL.node = parserDollar[1].node
+			parserVAL.node = parserS[parserpt-0].node
 		}
 	case 7:
-		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:96
 		{
-			parserVAL.node = parserDollar[2].node
+			parserVAL.node = parserS[parserpt-1].node
 		}
 	case 8:
-		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:102
 		{
-			parserVAL.node = parserDollar[2].node
+			parserVAL.node = parserS[parserpt-1].node
 		}
 	case 9:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:106
 		{
-			parserVAL.node = parserDollar[1].node
+			parserVAL.node = parserS[parserpt-0].node
 		}
 	case 10:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:110
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserDollar[1].token.Value.(int),
+				Value: parserS[parserpt-0].token.Value.(int),
 				Typex: ast.TypeInt,
-				Posx:  parserDollar[1].token.Pos,
+				Posx:  parserS[parserpt-0].token.Pos,
 			}
 		}
 	case 11:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:118
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserDollar[1].token.Value.(float64),
+				Value: parserS[parserpt-0].token.Value.(float64),
 				Typex: ast.TypeFloat,
-				Posx:  parserDollar[1].token.Pos,
+				Posx:  parserS[parserpt-0].token.Pos,
 			}
 		}
 	case 12:
-		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:126
 		{
 			parserVAL.node = &ast.Arithmetic{
-				Op:    parserDollar[2].token.Value.(ast.ArithmeticOp),
-				Exprs: []ast.Node{parserDollar[1].node, parserDollar[3].node},
-				Posx:  parserDollar[1].node.Pos(),
+				Op:    parserS[parserpt-1].token.Value.(ast.ArithmeticOp),
+				Exprs: []ast.Node{parserS[parserpt-2].node, parserS[parserpt-0].node},
+				Posx:  parserS[parserpt-2].node.Pos(),
 			}
 		}
 	case 13:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:134
 		{
-			parserVAL.node = &ast.VariableAccess{Name: parserDollar[1].token.Value.(string), Posx: parserDollar[1].token.Pos}
+			parserVAL.node = &ast.VariableAccess{Name: parserS[parserpt-0].token.Value.(string), Posx: parserS[parserpt-0].token.Pos}
 		}
 	case 14:
-		parserDollar = parserS[parserpt-4 : parserpt+1]
 		//line lang.y:138
 		{
-			parserVAL.node = &ast.Call{Func: parserDollar[1].token.Value.(string), Args: parserDollar[3].nodeList, Posx: parserDollar[1].token.Pos}
+			parserVAL.node = &ast.Call{Func: parserS[parserpt-3].token.Value.(string), Args: parserS[parserpt-1].nodeList, Posx: parserS[parserpt-3].token.Pos}
 		}
 	case 15:
-		parserDollar = parserS[parserpt-0 : parserpt+1]
 		//line lang.y:143
 		{
 			parserVAL.nodeList = nil
 		}
 	case 16:
-		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:147
 		{
-			parserVAL.nodeList = append(parserDollar[1].nodeList, parserDollar[3].node)
+			parserVAL.nodeList = append(parserS[parserpt-2].nodeList, parserS[parserpt-0].node)
 		}
 	case 17:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:151
 		{
-			parserVAL.nodeList = append(parserVAL.nodeList, parserDollar[1].node)
+			parserVAL.nodeList = append(parserVAL.nodeList, parserS[parserpt-0].node)
 		}
 	case 18:
-		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:157
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserDollar[1].token.Value.(string),
+				Value: parserS[parserpt-0].token.Value.(string),
 				Typex: ast.TypeString,
-				Posx:  parserDollar[1].token.Pos,
+				Posx:  parserS[parserpt-0].token.Pos,
 			}
 		}
 	}

From cccc5d03e393acdddacbdb8dc27cdeed602047a9 Mon Sep 17 00:00:00 2001
From: Matt Morrison <matt@mojo.net.nz>
Date: Tue, 20 Oct 2015 14:49:51 +1300
Subject: [PATCH 292/335] Add lower / upper interpolation functions

---
 config/interpolate_funcs.go                   | 28 +++++++++++
 config/interpolate_funcs_test.go              | 48 +++++++++++++++++++
 .../docs/configuration/interpolation.html.md  |  4 ++
 3 files changed, 80 insertions(+)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index 5322e46c4f..1b58ac93cd 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -29,10 +29,12 @@ func init() {
 		"index":        interpolationFuncIndex(),
 		"join":         interpolationFuncJoin(),
 		"length":       interpolationFuncLength(),
+		"lower":        interpolationFuncLower(),
 		"replace":      interpolationFuncReplace(),
 		"split":        interpolationFuncSplit(),
 		"base64encode": interpolationFuncBase64Encode(),
 		"base64decode": interpolationFuncBase64Decode(),
+		"upper":        interpolationFuncUpper(),
 	}
 }
 
@@ -442,3 +444,29 @@ func interpolationFuncBase64Decode() ast.Function {
 		},
 	}
 }
+
+// interpolationFuncLower implements the "lower" function that does
+// string lower casing.
+func interpolationFuncLower() ast.Function {
+	return ast.Function{
+		ArgTypes:   []ast.Type{ast.TypeString},
+		ReturnType: ast.TypeString,
+		Callback: func(args []interface{}) (interface{}, error) {
+			toLower := args[0].(string)
+			return strings.ToLower(toLower), nil
+		},
+	}
+}
+
+// interpolationFuncUpper implements the "upper" function that does
+// string upper casing.
+func interpolationFuncUpper() ast.Function {
+	return ast.Function{
+		ArgTypes:   []ast.Type{ast.TypeString},
+		ReturnType: ast.TypeString,
+		Callback: func(args []interface{}) (interface{}, error) {
+			toUpper := args[0].(string)
+			return strings.ToUpper(toUpper), nil
+		},
+	}
+}
diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index cafdf05640..f40f56860e 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -644,6 +644,54 @@ func TestInterpolateFuncBase64Decode(t *testing.T) {
 	})
 }
 
+func TestInterpolateFuncLower(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			{
+				`${lower("HELLO")}`,
+				"hello",
+				false,
+			},
+
+			{
+				`${lower("")}`,
+				"",
+				false,
+			},
+
+			{
+				`${lower()}`,
+				nil,
+				true,
+			},
+		},
+	})
+}
+
+func TestInterpolateFuncUpper(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			{
+				`${upper("hello")}`,
+				"HELLO",
+				false,
+			},
+
+			{
+				`${upper("")}`,
+				"",
+				false,
+			},
+
+			{
+				`${upper()}`,
+				nil,
+				true,
+			},
+		},
+	})
+}
+
 type testFunctionConfig struct {
 	Cases []testFunctionCase
 	Vars  map[string]ast.Variable
diff --git a/website/source/docs/configuration/interpolation.html.md b/website/source/docs/configuration/interpolation.html.md
index 28d03790d7..9408390760 100644
--- a/website/source/docs/configuration/interpolation.html.md
+++ b/website/source/docs/configuration/interpolation.html.md
@@ -131,6 +131,8 @@ The supported built-in functions are:
       variable. The `map` parameter should be another variable, such
       as `var.amis`.
 
+  * `lower(string)` - returns a copy of the string with all Unicode letters mapped to their lower case.
+
   * `replace(string, search, replace)` - Does a search and replace on the
       given string. All instances of `search` are replaced with the value
       of `replace`. If `search` is wrapped in forward slashes, it is treated
@@ -147,6 +149,8 @@ The supported built-in functions are:
       `a_resource_param = ["${split(",", var.CSV_STRING)}"]`.
       Example: `split(",", module.amod.server_ids)`
 
+  * `upper(string)` - returns a copy of the string with all Unicode letters mapped to their upper case.
+
 ## Templates
 
 Long strings can be managed using templates. [Templates](/docs/providers/template/index.html) are [resources](/docs/configuration/resources.html) defined by a filename and some variables to use during interpolation. They have a computed `rendered` attribute containing the result.

From 938b7e2dba9d27b7f0fab7faa201231a06d9e42a Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 21 Oct 2015 08:19:51 -0700
Subject: [PATCH 293/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 007dedfcd6..48ceb0cd7c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 FEATURES:
 
   * New remote state backend: `etcd` [GH-3487]
+  * New interpolation functions: `upper` and `lower` [GH-3558]
 
 INTERNAL IMPROVEMENTS:
 

From dd56b39e0ce8a0567eb6f154a5e73f681bfa615e Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 21 Oct 2015 08:34:46 -0700
Subject: [PATCH 294/335] Codeploy deployment group app_name instead of
 application_name.

The corresponding resource is called aws_codeploy_app, so for consistency
we'll name the attribute app_name instead of application_name.
---
 .../aws/resource_aws_codedeploy_deployment_group.go  | 12 ++++++------
 .../resource_aws_codedeploy_deployment_group_test.go |  6 +++---
 .../aws/r/codedeploy_deployment_group.html.markdown  |  6 +++---
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go b/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go
index a9f3acb078..ee81f1cf3c 100644
--- a/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go
+++ b/builtin/providers/aws/resource_aws_codedeploy_deployment_group.go
@@ -23,7 +23,7 @@ func resourceAwsCodeDeployDeploymentGroup() *schema.Resource {
 		Delete: resourceAwsCodeDeployDeploymentGroupDelete,
 
 		Schema: map[string]*schema.Schema{
-			"application_name": &schema.Schema{
+			"app_name": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
@@ -132,7 +132,7 @@ func resourceAwsCodeDeployDeploymentGroup() *schema.Resource {
 func resourceAwsCodeDeployDeploymentGroupCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).codedeployconn
 
-	application := d.Get("application_name").(string)
+	application := d.Get("app_name").(string)
 	deploymentGroup := d.Get("deployment_group_name").(string)
 
 	input := codedeploy.CreateDeploymentGroupInput{
@@ -189,14 +189,14 @@ func resourceAwsCodeDeployDeploymentGroupRead(d *schema.ResourceData, meta inter
 
 	log.Printf("[DEBUG] Reading CodeDeploy DeploymentGroup %s", d.Id())
 	resp, err := conn.GetDeploymentGroup(&codedeploy.GetDeploymentGroupInput{
-		ApplicationName:     aws.String(d.Get("application_name").(string)),
+		ApplicationName:     aws.String(d.Get("app_name").(string)),
 		DeploymentGroupName: aws.String(d.Get("deployment_group_name").(string)),
 	})
 	if err != nil {
 		return err
 	}
 
-	d.Set("application_name", *resp.DeploymentGroupInfo.ApplicationName)
+	d.Set("app_name", *resp.DeploymentGroupInfo.ApplicationName)
 	d.Set("autoscaling_groups", resp.DeploymentGroupInfo.AutoScalingGroups)
 	d.Set("deployment_config_name", *resp.DeploymentGroupInfo.DeploymentConfigName)
 	d.Set("deployment_group_name", *resp.DeploymentGroupInfo.DeploymentGroupName)
@@ -215,7 +215,7 @@ func resourceAwsCodeDeployDeploymentGroupUpdate(d *schema.ResourceData, meta int
 	conn := meta.(*AWSClient).codedeployconn
 
 	input := codedeploy.UpdateDeploymentGroupInput{
-		ApplicationName:            aws.String(d.Get("application_name").(string)),
+		ApplicationName:            aws.String(d.Get("app_name").(string)),
 		CurrentDeploymentGroupName: aws.String(d.Get("deployment_group_name").(string)),
 	}
 
@@ -258,7 +258,7 @@ func resourceAwsCodeDeployDeploymentGroupDelete(d *schema.ResourceData, meta int
 
 	log.Printf("[DEBUG] Deleting CodeDeploy DeploymentGroup %s", d.Id())
 	_, err := conn.DeleteDeploymentGroup(&codedeploy.DeleteDeploymentGroupInput{
-		ApplicationName:     aws.String(d.Get("application_name").(string)),
+		ApplicationName:     aws.String(d.Get("app_name").(string)),
 		DeploymentGroupName: aws.String(d.Get("deployment_group_name").(string)),
 	})
 	if err != nil {
diff --git a/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go b/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go
index d883b26b8d..7608b1f585 100644
--- a/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go
+++ b/builtin/providers/aws/resource_aws_codedeploy_deployment_group_test.go
@@ -41,7 +41,7 @@ func testAccCheckAWSCodeDeployDeploymentGroupDestroy(s *terraform.State) error {
 		}
 
 		resp, err := conn.GetDeploymentGroup(&codedeploy.GetDeploymentGroupInput{
-			ApplicationName:     aws.String(rs.Primary.Attributes["application_name"]),
+			ApplicationName:     aws.String(rs.Primary.Attributes["app_name"]),
 			DeploymentGroupName: aws.String(rs.Primary.Attributes["deployment_group_name"]),
 		})
 
@@ -123,7 +123,7 @@ EOF
 }
 
 resource "aws_codedeploy_deployment_group" "foo" {
-	application_name = "${aws_codedeploy_app.foo_app.name}"
+	app_name = "${aws_codedeploy_app.foo_app.name}"
 	deployment_group_name = "foo"
 	service_role_arn = "${aws_iam_role.foo_role.arn}"
 	ec2_tag_filter {
@@ -188,7 +188,7 @@ EOF
 }
 
 resource "aws_codedeploy_deployment_group" "foo" {
-	application_name = "${aws_codedeploy_app.foo_app.name}"
+	app_name = "${aws_codedeploy_app.foo_app.name}"
 	deployment_group_name = "bar"
 	service_role_arn = "${aws_iam_role.foo_role.arn}"
 	ec2_tag_filter {
diff --git a/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown b/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
index cb2417fed6..ae0c3b6455 100644
--- a/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
+++ b/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
@@ -67,7 +67,7 @@ EOF
 }
 
 resource "aws_codedeploy_deployment_group" "foo" {
-    application_name = "${aws_codedeploy_app.foo_app.name}"
+    app_name = "${aws_codedeploy_app.foo_app.name}"
     deployment_group_name = "bar"
     service_role_arn = "${aws_iam_role.foo_role.arn}"
     ec2_tag_filter {
@@ -82,7 +82,7 @@ resource "aws_codedeploy_deployment_group" "foo" {
 
 The following arguments are supported:
 
-* `application_name` - (Required) The name of the application.
+* `app_name` - (Required) The name of the application.
 * `deployment_group_name` - (Required) The name of the deployment group.
 * `service_role_arn` - (Required) The service role ARN that allows deployments.
 * `autoscaling_groups` - (Optional) Autoscaling groups associated with the deployment group.
@@ -101,7 +101,7 @@ Both ec2_tag_filter and on_premises_tag_filter blocks support the following:
 The following attributes are exported:
 
 * `id` - The deployment group's ID.
-* `application_name` - The group's assigned application.
+* `app_name` - The group's assigned application.
 * `deployment_group_name` - The group's name.
 * `service_role_arn` - The group's service role ARN.
 * `autoscaling_groups` - The autoscaling groups associated with the deployment group.

From 305db7341b7d710e35c6b4273ea292fc43435a13 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 21 Oct 2015 10:37:18 -0500
Subject: [PATCH 295/335] Update CHANGELOG.md

---
 CHANGELOG.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 48ceb0cd7c..a68b335178 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,9 +5,16 @@ FEATURES:
   * New remote state backend: `etcd` [GH-3487]
   * New interpolation functions: `upper` and `lower` [GH-3558]
 
+BUG FIXES:
+
+  * core: Fix remote state conflicts caused by ambiguity in ordering of deeply nested modules [GH-3573]
+  * core: Fix remote state conflicts caused by state metadata differences [GH-3569]
+  * core: Avoid using http.DefaultClient [GH-3532]
+
 INTERNAL IMPROVEMENTS:
 
- * provider/digitalocean: use official Go client [GH-3333]
+  * provider/digitalocean: use official Go client [GH-3333]
+  * core: extract module fetching to external library [GH-3516]
 
 ## 0.6.4 (October 15, 2015)
 

From 8a60219c0455de66a30372734f961e30542f1f81 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 21 Oct 2015 08:40:26 -0700
Subject: [PATCH 296/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a68b335178..ea969533ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 FEATURES:
 
+  * **New resources: `aws_codeploy_app` and `aws_codeploy_deployment_group`** [GH-2783]
   * New remote state backend: `etcd` [GH-3487]
   * New interpolation functions: `upper` and `lower` [GH-3558]
 

From f790309634ba59f87712635cdf751b6d653762b3 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 21 Oct 2015 08:44:19 -0700
Subject: [PATCH 297/335] CodeDeploy links to the AWS provider sidebar.

Missed these when merging #2783.
---
 website/source/layouts/aws.erb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb
index 4b34da23a4..f6efd23775 100644
--- a/website/source/layouts/aws.erb
+++ b/website/source/layouts/aws.erb
@@ -26,6 +26,21 @@
                     </ul>
                 </li>
 
+                <li<%= sidebar_current(/^docs-aws-resource-codedeploy/) %>>
+                    <a href="#">CodeDeploy Resources</a>
+                    <ul class="nav nav-visible">
+
+                        <li<%= sidebar_current("docs-aws-resource-codedeploy-app") %>>
+                            <a href="/docs/providers/aws/r/codedeploy_app.html">aws_codedeploy_app</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-aws-resource-codedeploy-deployment-group") %>>
+                            <a href="/docs/providers/aws/r/codedeploy_deployment_group.html">aws_codedeploy_deployment_group</a>
+                        </li>
+
+                    </ul>
+                </li>
+
                 <li<%= sidebar_current(/^docs-aws-resource-directory-service/) %>>
                     <a href="#">Directory Service Resources</a>
                     <ul class="nav nav-visible">

From 5ea09afad549b9acb60f36705a0288493e673f18 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 21 Oct 2015 15:42:16 +0000
Subject: [PATCH 298/335] v0.6.5

---
 CHANGELOG.md         |   2 +-
 deps/v0-6-5.json     | 476 +++++++++++++++++++++++++++++++++++++++++++
 terraform/version.go |   2 +-
 3 files changed, 478 insertions(+), 2 deletions(-)
 create mode 100644 deps/v0-6-5.json

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea969533ad..7181c2f8c8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-## 0.6.5 (Unreleased)
+## 0.6.5 (October 21, 2015)
 
 FEATURES:
 
diff --git a/deps/v0-6-5.json b/deps/v0-6-5.json
new file mode 100644
index 0000000000..71ace61754
--- /dev/null
+++ b/deps/v0-6-5.json
@@ -0,0 +1,476 @@
+{
+	"ImportPath": "github.com/hashicorp/terraform",
+	"GoVersion": "go1.4.2",
+	"Packages": [
+		"./..."
+	],
+	"Deps": [
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/core/http",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/core/tls",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/management",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/storage",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/apparentlymart/go-rundeck-api/rundeck",
+			"Comment": "v0.0.1",
+			"Rev": "cddcfbabbe903e9c8df35ff9569dbb8d67789200"
+		},
+		{
+			"ImportPath": "github.com/armon/circbuf",
+			"Rev": "bbbad097214e2918d8543d5201d12bfd7bca254d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/aws",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/endpoints",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/ec2query",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/json/jsonutil",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/jsonrpc",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/query",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/rest",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/restjson",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/restxml",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/xml/xmlutil",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/signer/v4",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/autoscaling",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/cloudwatch",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/cloudwatchlogs",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/directoryservice",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/dynamodb",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/ec2",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/ecs",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/efs",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elasticache",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elasticsearchservice",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elb",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/glacier",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/iam",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/kinesis",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/lambda",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/opsworks",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/rds",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/route53",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/s3",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/sns",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/sqs",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/awslabs/aws-sdk-go/aws",
+			"Comment": "v0.9.15",
+			"Rev": "7ab6754ddaaa7972ac1c896ddd7f796cc726e79d"
+		},
+		{
+			"ImportPath": "github.com/coreos/etcd/client",
+			"Comment": "v2.2.0-246-g8d3ed01",
+			"Rev": "8d3ed0176c41a5585e040368455fe803fa95511b"
+		},
+		{
+			"ImportPath": "github.com/coreos/etcd/pkg/pathutil",
+			"Comment": "v2.2.0-246-g8d3ed01",
+			"Rev": "8d3ed0176c41a5585e040368455fe803fa95511b"
+		},
+		{
+			"ImportPath": "github.com/coreos/etcd/pkg/types",
+			"Comment": "v2.2.0-246-g8d3ed01",
+			"Rev": "8d3ed0176c41a5585e040368455fe803fa95511b"
+		},
+		{
+			"ImportPath": "github.com/cyberdelia/heroku-go/v3",
+			"Rev": "8344c6a3e281a99a693f5b71186249a8620eeb6b"
+		},
+		{
+			"ImportPath": "github.com/digitalocean/godo",
+			"Comment": "v0.9.0-2-gc03bb09",
+			"Rev": "c03bb099b8dc38e87581902a56885013a0865703"
+		},
+		{
+			"ImportPath": "github.com/dylanmei/iso8601",
+			"Rev": "2075bf119b58e5576c6ed9f867b8f3d17f2e54d4"
+		},
+		{
+			"ImportPath": "github.com/dylanmei/winrmtest",
+			"Rev": "3e9661c52c45dab9a8528966a23d421922fca9b9"
+		},
+		{
+			"ImportPath": "github.com/fsouza/go-dockerclient",
+			"Rev": "412c004d923b7b89701e7a1632de83f843657a03"
+		},
+		{
+			"ImportPath": "github.com/google/go-querystring/query",
+			"Rev": "547ef5ac979778feb2f760cdb5f4eae1a2207b86"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/atlas-go/archive",
+			"Comment": "20141209094003-79-gabffe75",
+			"Rev": "abffe75c7dff7f6c3344727348a95fe70c519696"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/atlas-go/v1",
+			"Comment": "20141209094003-79-gabffe75",
+			"Rev": "abffe75c7dff7f6c3344727348a95fe70c519696"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/consul/api",
+			"Comment": "v0.5.2-461-g158eabd",
+			"Rev": "158eabdd6f2408067c1d7656fa10e49434f96480"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/errwrap",
+			"Rev": "7554cd9344cec97297fa6649b055a8c98c2a1e55"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-checkpoint",
+			"Rev": "ee53b27929ebf0a6d217c96d2107c6c09b8bebb3"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-getter",
+			"Rev": "2463fe5ef95a59a4096482fb9390b5683a5c380a"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-multierror",
+			"Rev": "d30f09973e19c1dfcd120b2d9c4f168e68d6b5d5"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-version",
+			"Rev": "2b9865f60ce11e527bd1255ba82036d465570aa3"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/hcl",
+			"Rev": "4de51957ef8d4aba6e285ddfc587633bbfc7c0e8"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/logutils",
+			"Rev": "0dc08b1671f34c4250ce212759ebd880f743d883"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/yamux",
+			"Rev": "ddcd0a6ec7c55e29f235e27935bf98d302281bd3"
+		},
+		{
+			"ImportPath": "github.com/imdario/mergo",
+			"Comment": "0.2.0-5-g61a5285",
+			"Rev": "61a52852277811e93e06d28e0d0c396284a7730b"
+		},
+		{
+			"ImportPath": "github.com/kardianos/osext",
+			"Rev": "6e7f843663477789fac7c02def0d0909e969b4e5"
+		},
+		{
+			"ImportPath": "github.com/masterzen/simplexml/dom",
+			"Rev": "95ba30457eb1121fa27753627c774c7cd4e90083"
+		},
+		{
+			"ImportPath": "github.com/masterzen/winrm/soap",
+			"Rev": "e3e57d617b7d9573db6c98567a261916ff53cfb3"
+		},
+		{
+			"ImportPath": "github.com/masterzen/winrm/winrm",
+			"Rev": "e3e57d617b7d9573db6c98567a261916ff53cfb3"
+		},
+		{
+			"ImportPath": "github.com/masterzen/xmlpath",
+			"Rev": "13f4951698adc0fa9c1dda3e275d489a24201161"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/cli",
+			"Rev": "8102d0ed5ea2709ade1243798785888175f6e415"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/colorstring",
+			"Rev": "8631ce90f28644f54aeedcb3e389a85174e067d1"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/copystructure",
+			"Rev": "6fc66267e9da7d155a9d3bd489e00dad02666dc6"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/go-homedir",
+			"Rev": "df55a15e5ce646808815381b3db47a8c66ea62f4"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/go-linereader",
+			"Rev": "07bab5fdd9580500aea6ada0e09df4aa28e68abd"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/mapstructure",
+			"Rev": "281073eb9eb092240d33ef253c404f1cca550309"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/osext",
+			"Rev": "5e2d6d41470f99c881826dedd8c526728b783c9c"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/packer/common/uuid",
+			"Comment": "v0.8.6-114-gd66268f",
+			"Rev": "d66268f5f92dc3f785616f9d10f233ece8636e9c"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/panicwrap",
+			"Rev": "1655d88c8ff7495ae9d2c19fd8f445f4657e22b0"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/prefixedio",
+			"Rev": "89d9b535996bf0a185f85b59578f2e245f9e1724"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/reflectwalk",
+			"Rev": "eecf4c70c626c7cfbb95c90195bc34d386c74ac6"
+		},
+		{
+			"ImportPath": "github.com/nu7hatch/gouuid",
+			"Rev": "179d4d0c4d8d407a32af483c2354df1d2c91e6c3"
+		},
+		{
+			"ImportPath": "github.com/packer-community/winrmcp/winrmcp",
+			"Rev": "3d184cea22ee1c41ec1697e0d830ff0c78f7ea97"
+		},
+		{
+			"ImportPath": "github.com/packethost/packngo",
+			"Rev": "f03d7dc788a8b57b62d301ccb98c950c325756f8"
+		},
+		{
+			"ImportPath": "github.com/pborman/uuid",
+			"Rev": "cccd189d45f7ac3368a0d127efb7f4d08ae0b655"
+		},
+		{
+			"ImportPath": "github.com/pearkes/cloudflare",
+			"Rev": "922f1c75017c54430fb706364d29eff10f64c56d"
+		},
+		{
+			"ImportPath": "github.com/pearkes/dnsimple",
+			"Rev": "59fa6243d3d5ac56ab0df76be4c6da30821154b0"
+		},
+		{
+			"ImportPath": "github.com/pearkes/mailgun",
+			"Rev": "5b02e7e9ffee9869f81393e80db138f6ff726260"
+		},
+		{
+			"ImportPath": "github.com/rackspace/gophercloud",
+			"Comment": "v1.0.0-683-gdc139e8",
+			"Rev": "dc139e8a4612310304c1c71aa2b07d94ab7bdeaf"
+		},
+		{
+			"ImportPath": "github.com/satori/go.uuid",
+			"Rev": "08f0718b61e95ddba0ade3346725fe0e4bf28ca6"
+		},
+		{
+			"ImportPath": "github.com/soniah/dnsmadeeasy",
+			"Comment": "v1.1-2-g5578a8c",
+			"Rev": "5578a8c15e33958c61cf7db720b6181af65f4a9e"
+		},
+		{
+			"ImportPath": "github.com/tent/http-link-go",
+			"Rev": "ac974c61c2f990f4115b119354b5e0b47550e888"
+		},
+		{
+			"ImportPath": "github.com/ugorji/go/codec",
+			"Rev": "8a2a3a8c488c3ebd98f422a965260278267a0551"
+		},
+		{
+			"ImportPath": "github.com/vaughan0/go-ini",
+			"Rev": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"
+		},
+		{
+			"ImportPath": "github.com/vmware/govmomi",
+			"Comment": "v0.2.0-32-gc33a28e",
+			"Rev": "c33a28ed780856865047dda04412c67f2d55de8e"
+		},
+		{
+			"ImportPath": "github.com/xanzy/go-cloudstack/cloudstack",
+			"Comment": "v1.2.0-48-g0e6e56f",
+			"Rev": "0e6e56fc0db3f48f060273f2e2ffe5d8d41b0112"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/curve25519",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/pkcs12",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/ssh",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/net/context",
+			"Rev": "9946ad7d5eae91d8edca4f54d1a1e130a052e823"
+		},
+		{
+			"ImportPath": "golang.org/x/oauth2",
+			"Rev": "ef4eca6b097fad7cec79afcc278d213a6de1c960"
+		},
+		{
+			"ImportPath": "google.golang.org/api/compute/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/container/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/dns/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/googleapi",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/internal",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/storage/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/cloud/compute/metadata",
+			"Rev": "2400193c85c3561d13880d34e0e10c4315bb02af"
+		},
+		{
+			"ImportPath": "google.golang.org/cloud/internal",
+			"Rev": "2400193c85c3561d13880d34e0e10c4315bb02af"
+		}
+	]
+}
diff --git a/terraform/version.go b/terraform/version.go
index badbcd92ee..ff938c2448 100644
--- a/terraform/version.go
+++ b/terraform/version.go
@@ -6,4 +6,4 @@ const Version = "0.6.5"
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = "dev"
+const VersionPrerelease = ""

From d2034a26b28c4578ba7cd71cf4b1dfb0792ab860 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 21 Oct 2015 11:34:52 -0500
Subject: [PATCH 299/335] release: clean up after v0.6.5

---
 CHANGELOG.md         | 2 ++
 terraform/version.go | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7181c2f8c8..d1ac202b3a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.6.6 (Unreleased)
+
 ## 0.6.5 (October 21, 2015)
 
 FEATURES:
diff --git a/terraform/version.go b/terraform/version.go
index ff938c2448..403f09bd2f 100644
--- a/terraform/version.go
+++ b/terraform/version.go
@@ -1,9 +1,9 @@
 package terraform
 
 // The main version number that is being run at the moment.
-const Version = "0.6.5"
+const Version = "0.6.6"
 
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = ""
+const VersionPrerelease = "dev"

From 932f0ddbeb598531f96ab2b7c29c87e6bb46cdef Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Wed, 21 Oct 2015 09:45:22 -0700
Subject: [PATCH 300/335] Fix syntax errors in AWS CodeDeploy resource docs.

---
 .../source/docs/providers/aws/r/codedeploy_app.html.markdown    | 2 +-
 .../providers/aws/r/codedeploy_deployment_group.html.markdown   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/source/docs/providers/aws/r/codedeploy_app.html.markdown b/website/source/docs/providers/aws/r/codedeploy_app.html.markdown
index 054fd1eda9..146709e61b 100644
--- a/website/source/docs/providers/aws/r/codedeploy_app.html.markdown
+++ b/website/source/docs/providers/aws/r/codedeploy_app.html.markdown
@@ -2,7 +2,7 @@
 layout: "aws"
 page_title: "AWS: aws_codedeploy_app"
 sidebar_current: "docs-aws-resource-codedeploy-app"
-description: |\
+description: |-
   Provides a CodeDeploy application.
 ---
 
diff --git a/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown b/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
index ae0c3b6455..c157065357 100644
--- a/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
+++ b/website/source/docs/providers/aws/r/codedeploy_deployment_group.html.markdown
@@ -2,7 +2,7 @@
 layout: "aws"
 page_title: "AWS: aws_codedeploy_deployment_group"
 sidebar_current: "docs-aws-resource-codedeploy-deployment-group"
-description: |\
+description: |-
   Provides a CodeDeploy deployment group.
 ---
 

From ef161e1c1b57545e183537b14ff3f7c7e7fefae4 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Thu, 22 Oct 2015 08:10:42 -0700
Subject: [PATCH 301/335] Various interpolation functions for CIDR range
 manipulation.

These new functions allow Terraform to be used for network address space
planning tasks, and make it easier to produce reusable modules that
contain or depend on network infrastructure.

For example:
- cidrsubnet allows an aws_subnet to derive its
  CIDR prefix from its parent aws_vpc.
- cidrhost allows a fixed IP address for a resource to be assigned within
  an address range defined elsewhere.
- cidrnetmask provides the dotted-decimal form of a prefix length that is
  accepted by some systems such as routing tables and static network
  interface configuration files.

The bulk of the work here is done by an external library I authored called
go-cidr. It is MIT licensed and was implemented primarily for the purpose
of using it within Terraform. It has its own unit tests and so the unit
tests within this change focus on simple success cases and on the correct
handling of the various error cases.
---
 config/interpolate_funcs.go                   |  91 +++++++++++++++
 config/interpolate_funcs_test.go              | 109 ++++++++++++++++++
 .../docs/configuration/interpolation.html.md  |  16 +++
 3 files changed, 216 insertions(+)

diff --git a/config/interpolate_funcs.go b/config/interpolate_funcs.go
index 1b58ac93cd..e98ade2f0c 100644
--- a/config/interpolate_funcs.go
+++ b/config/interpolate_funcs.go
@@ -6,11 +6,13 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 
+	"github.com/apparentlymart/go-cidr/cidr"
 	"github.com/hashicorp/terraform/config/lang/ast"
 	"github.com/mitchellh/go-homedir"
 )
@@ -20,6 +22,9 @@ var Funcs map[string]ast.Function
 
 func init() {
 	Funcs = map[string]ast.Function{
+		"cidrhost":     interpolationFuncCidrHost(),
+		"cidrnetmask":  interpolationFuncCidrNetmask(),
+		"cidrsubnet":   interpolationFuncCidrSubnet(),
 		"compact":      interpolationFuncCompact(),
 		"concat":       interpolationFuncConcat(),
 		"element":      interpolationFuncElement(),
@@ -54,6 +59,92 @@ func interpolationFuncCompact() ast.Function {
 	}
 }
 
+// interpolationFuncCidrHost implements the "cidrhost" function that
+// fills in the host part of a CIDR range address to create a single
+// host address
+func interpolationFuncCidrHost() ast.Function {
+	return ast.Function{
+		ArgTypes: []ast.Type{
+			ast.TypeString, // starting CIDR mask
+			ast.TypeInt,    // host number to insert
+		},
+		ReturnType: ast.TypeString,
+		Variadic:   false,
+		Callback: func(args []interface{}) (interface{}, error) {
+			hostNum := args[1].(int)
+			_, network, err := net.ParseCIDR(args[0].(string))
+			if err != nil {
+				return nil, fmt.Errorf("invalid CIDR expression: %s", err)
+			}
+
+			ip, err := cidr.Host(network, hostNum)
+			if err != nil {
+				return nil, err
+			}
+
+			return ip.String(), nil
+		},
+	}
+}
+
+// interpolationFuncCidrNetmask implements the "cidrnetmask" function
+// that returns the subnet mask in IP address notation.
+func interpolationFuncCidrNetmask() ast.Function {
+	return ast.Function{
+		ArgTypes: []ast.Type{
+			ast.TypeString, // CIDR mask
+		},
+		ReturnType: ast.TypeString,
+		Variadic:   false,
+		Callback: func(args []interface{}) (interface{}, error) {
+			_, network, err := net.ParseCIDR(args[0].(string))
+			if err != nil {
+				return nil, fmt.Errorf("invalid CIDR expression: %s", err)
+			}
+
+			return net.IP(network.Mask).String(), nil
+		},
+	}
+}
+
+// interpolationFuncCidrSubnet implements the "cidrsubnet" function that
+// adds an additional subnet of the given length onto an existing
+// IP block expressed in CIDR notation.
+func interpolationFuncCidrSubnet() ast.Function {
+	return ast.Function{
+		ArgTypes: []ast.Type{
+			ast.TypeString, // starting CIDR mask
+			ast.TypeInt,    // number of bits to extend the prefix
+			ast.TypeInt,    // network number to append to the prefix
+		},
+		ReturnType: ast.TypeString,
+		Variadic:   false,
+		Callback: func(args []interface{}) (interface{}, error) {
+			extraBits := args[1].(int)
+			subnetNum := args[2].(int)
+			_, network, err := net.ParseCIDR(args[0].(string))
+			if err != nil {
+				return nil, fmt.Errorf("invalid CIDR expression: %s", err)
+			}
+
+			// For portability with 32-bit systems where the subnet number
+			// will be a 32-bit int, we only allow extension of 32 bits in
+			// one call even if we're running on a 64-bit machine.
+			// (Of course, this is significant only for IPv6.)
+			if extraBits > 32 {
+				return nil, fmt.Errorf("may not extend prefix by more than 32 bits")
+			}
+
+			newNetwork, err := cidr.Subnet(network, extraBits, subnetNum)
+			if err != nil {
+				return nil, err
+			}
+
+			return newNetwork.String(), nil
+		},
+	}
+}
+
 // interpolationFuncConcat implements the "concat" function that
 // concatenates multiple strings. This isn't actually necessary anymore
 // since our language supports string concat natively, but for backwards
diff --git a/config/interpolate_funcs_test.go b/config/interpolate_funcs_test.go
index f40f56860e..7b7311fd4f 100644
--- a/config/interpolate_funcs_test.go
+++ b/config/interpolate_funcs_test.go
@@ -38,6 +38,115 @@ func TestInterpolateFuncCompact(t *testing.T) {
 	})
 }
 
+func TestInterpolateFuncCidrHost(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			{
+				`${cidrhost("192.168.1.0/24", 5)}`,
+				"192.168.1.5",
+				false,
+			},
+			{
+				`${cidrhost("192.168.1.0/30", 255)}`,
+				nil,
+				true, // 255 doesn't fit in two bits
+			},
+			{
+				`${cidrhost("not-a-cidr", 6)}`,
+				nil,
+				true, // not a valid CIDR mask
+			},
+			{
+				`${cidrhost("10.256.0.0/8", 6)}`,
+				nil,
+				true, // can't have an octet >255
+			},
+		},
+	})
+}
+
+func TestInterpolateFuncCidrNetmask(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			{
+				`${cidrnetmask("192.168.1.0/24")}`,
+				"255.255.255.0",
+				false,
+			},
+			{
+				`${cidrnetmask("192.168.1.0/32")}`,
+				"255.255.255.255",
+				false,
+			},
+			{
+				`${cidrnetmask("0.0.0.0/0")}`,
+				"0.0.0.0",
+				false,
+			},
+			{
+				// This doesn't really make sense for IPv6 networks
+				// but it ought to do something sensible anyway.
+				`${cidrnetmask("1::/64")}`,
+				"ffff:ffff:ffff:ffff::",
+				false,
+			},
+			{
+				`${cidrnetmask("not-a-cidr")}`,
+				nil,
+				true, // not a valid CIDR mask
+			},
+			{
+				`${cidrnetmask("10.256.0.0/8")}`,
+				nil,
+				true, // can't have an octet >255
+			},
+		},
+	})
+}
+
+func TestInterpolateFuncCidrSubnet(t *testing.T) {
+	testFunction(t, testFunctionConfig{
+		Cases: []testFunctionCase{
+			{
+				`${cidrsubnet("192.168.2.0/20", 4, 6)}`,
+				"192.168.6.0/24",
+				false,
+			},
+			{
+				`${cidrsubnet("fe80::/48", 16, 6)}`,
+				"fe80:0:0:6::/64",
+				false,
+			},
+			{
+				// IPv4 address encoded in IPv6 syntax gets normalized
+				`${cidrsubnet("::ffff:192.168.0.0/112", 8, 6)}`,
+				"192.168.6.0/24",
+				false,
+			},
+			{
+				`${cidrsubnet("192.168.0.0/30", 4, 6)}`,
+				nil,
+				true, // not enough bits left
+			},
+			{
+				`${cidrsubnet("192.168.0.0/16", 2, 16)}`,
+				nil,
+				true, // can't encode 16 in 2 bits
+			},
+			{
+				`${cidrsubnet("not-a-cidr", 4, 6)}`,
+				nil,
+				true, // not a valid CIDR mask
+			},
+			{
+				`${cidrsubnet("10.256.0.0/8", 4, 6)}`,
+				nil,
+				true, // can't have an octet >255
+			},
+		},
+	})
+}
+
 func TestInterpolateFuncDeprecatedConcat(t *testing.T) {
 	testFunction(t, testFunctionConfig{
 		Cases: []testFunctionCase{
diff --git a/website/source/docs/configuration/interpolation.html.md b/website/source/docs/configuration/interpolation.html.md
index 9408390760..049c718251 100644
--- a/website/source/docs/configuration/interpolation.html.md
+++ b/website/source/docs/configuration/interpolation.html.md
@@ -80,6 +80,22 @@ The supported built-in functions are:
   * `base64encode(string)` - Returns a base64-encoded representation of the
     given string.
 
+  * `cidrhost(iprange, hostnum)` - Takes an IP address range in CIDR notation
+    and creates an IP address with the given host number. For example,
+    ``cidrhost("10.0.0.0/8", 2)`` returns ``10.0.0.2``.
+
+  * `cidrnetmask(iprange)` - Takes an IP address range in CIDR notation
+    and returns the address-formatted subnet mask format that some
+    systems expect for IPv4 interfaces. For example,
+    ``cidrmask("10.0.0.0/8")`` returns ``255.0.0.0``. Not applicable
+    to IPv6 networks since CIDR notation is the only valid notation for
+    IPv6.
+
+  * `cidrsubnet(iprange, newbits, netnum)` - Takes an IP address range in
+    CIDR notation (like ``10.0.0.0/8``) and extends its prefix to include an
+    additional subnet number. For example,
+    ``cidrsubnet("10.0.0.0/8", 8, 2)`` returns ``10.2.0.0/16``.
+
   * `compact(list)` - Removes empty string elements from a list. This can be
      useful in some cases, for example when passing joined lists as module
      variables or when parsing module outputs.

From 5a704ec14d5270efe688b36bc6d4224d493a76a2 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Thu, 22 Oct 2015 08:45:52 -0700
Subject: [PATCH 302/335] Update CHANGELOG.md

Previously I added the new CIDR interpolation functions under the already-released 0.6.5 by mistake.
---
 CHANGELOG.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ebf0e538b..f96f001e5b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 0.6.6 (Unreleased)
 
+FEATURES:
+
+  * New interpolation functions: `cidrhost`, `cidrnetmask` and `cidrsubnet` [GH-3127]
+
 IMPROVEMENTS:
 
   * "forces new resource" now highlighted in plan output [GH-3136]
@@ -11,7 +15,6 @@ FEATURES:
   * **New resources: `aws_codeploy_app` and `aws_codeploy_deployment_group`** [GH-2783]
   * New remote state backend: `etcd` [GH-3487]
   * New interpolation functions: `upper` and `lower` [GH-3558]
-  * New interpolation functions: `cidrhost`, `cidrnetmask` and `cidrsubnet` [GH-3127]
 
 BUG FIXES:
 

From 1373a6086ba14b8d09cd3797346272b5a6eb37cd Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 22 Oct 2015 14:03:25 -0400
Subject: [PATCH 303/335] Use cleanhttp for new http clients

---
 builtin/providers/aws/config.go    | 6 +++---
 builtin/providers/dme/config.go    | 4 ++--
 builtin/providers/packet/config.go | 5 ++---
 state/remote/atlas.go              | 8 +++++---
 state/remote/etcd.go               | 2 +-
 state/remote/http_test.go          | 4 +++-
 state/remote/s3.go                 | 4 ++--
 7 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
index dfd8b1b2ec..f8bb18589f 100644
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@@ -3,9 +3,9 @@ package aws
 import (
 	"fmt"
 	"log"
-	"net/http"
 	"strings"
 
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/go-multierror"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -101,7 +101,7 @@ func (c *Config) Client() (interface{}, error) {
 			Credentials: creds,
 			Region:      aws.String(c.Region),
 			MaxRetries:  aws.Int(c.MaxRetries),
-			HTTPClient:  &http.Client{},
+			HTTPClient:  cleanhttp.DefaultClient(),
 		}
 
 		log.Println("[INFO] Initializing IAM Connection")
@@ -127,7 +127,7 @@ func (c *Config) Client() (interface{}, error) {
 			Credentials: creds,
 			Region:      aws.String("us-east-1"),
 			MaxRetries:  aws.Int(c.MaxRetries),
-			HTTPClient:  &http.Client{},
+			HTTPClient:  cleanhttp.DefaultClient(),
 		}
 
 		log.Println("[INFO] Initializing DynamoDB connection")
diff --git a/builtin/providers/dme/config.go b/builtin/providers/dme/config.go
index 2d387673fe..cc75f120c1 100644
--- a/builtin/providers/dme/config.go
+++ b/builtin/providers/dme/config.go
@@ -3,8 +3,8 @@ package dme
 import (
 	"fmt"
 	"log"
-	"net/http"
 
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/soniah/dnsmadeeasy"
 )
 
@@ -22,7 +22,7 @@ func (c *Config) Client() (*dnsmadeeasy.Client, error) {
 		return nil, fmt.Errorf("Error setting up client: %s", err)
 	}
 
-	client.HTTP = &http.Client{}
+	client.HTTP = cleanhttp.DefaultClient()
 
 	if c.UseSandbox {
 		client.URL = dnsmadeeasy.SandboxURL
diff --git a/builtin/providers/packet/config.go b/builtin/providers/packet/config.go
index b7d408c626..bce54bf48c 100644
--- a/builtin/providers/packet/config.go
+++ b/builtin/providers/packet/config.go
@@ -1,8 +1,7 @@
 package packet
 
 import (
-	"net/http"
-
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/packethost/packngo"
 )
 
@@ -16,5 +15,5 @@ type Config struct {
 
 // Client() returns a new client for accessing packet.
 func (c *Config) Client() *packngo.Client {
-	return packngo.NewClient(consumerToken, c.AuthToken, &http.Client{})
+	return packngo.NewClient(consumerToken, c.AuthToken, cleanhttp.DefaultClient())
 }
diff --git a/state/remote/atlas.go b/state/remote/atlas.go
index 2c2c48895a..9a93730f38 100644
--- a/state/remote/atlas.go
+++ b/state/remote/atlas.go
@@ -11,6 +11,8 @@ import (
 	"os"
 	"path"
 	"strings"
+
+	"github.com/hashicorp/go-cleanhttp"
 )
 
 const (
@@ -83,7 +85,7 @@ func (c *AtlasClient) Get() (*Payload, error) {
 	}
 
 	// Request the url
-	client := &http.Client{}
+	client := cleanhttp.DefaultClient()
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
@@ -162,7 +164,7 @@ func (c *AtlasClient) Put(state []byte) error {
 	req.ContentLength = int64(len(state))
 
 	// Make the request
-	client := &http.Client{}
+	client := cleanhttp.DefaultClient()
 	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload state: %v", err)
@@ -188,7 +190,7 @@ func (c *AtlasClient) Delete() error {
 	}
 
 	// Make the request
-	client := &http.Client{}
+	client := cleanhttp.DefaultClient()
 	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to delete state: %v", err)
diff --git a/state/remote/etcd.go b/state/remote/etcd.go
index f596a8492c..7993603ff2 100644
--- a/state/remote/etcd.go
+++ b/state/remote/etcd.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/coreos/etcd/Godeps/_workspace/src/golang.org/x/net/context"
 	etcdapi "github.com/coreos/etcd/client"
+	"golang.org/x/net/context"
 )
 
 func etcdFactory(conf map[string]string) (Client, error) {
diff --git a/state/remote/http_test.go b/state/remote/http_test.go
index 74ed1755a2..55d682d17d 100644
--- a/state/remote/http_test.go
+++ b/state/remote/http_test.go
@@ -8,6 +8,8 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"testing"
+
+	"github.com/hashicorp/go-cleanhttp"
 )
 
 func TestHTTPClient_impl(t *testing.T) {
@@ -24,7 +26,7 @@ func TestHTTPClient(t *testing.T) {
 		t.Fatalf("err: %s", err)
 	}
 
-	client := &HTTPClient{URL: url, Client: &http.Client{}}
+	client := &HTTPClient{URL: url, Client: cleanhttp.DefaultClient()}
 	testClient(t, client)
 }
 
diff --git a/state/remote/s3.go b/state/remote/s3.go
index f6cfdfbde2..a8fefe6d17 100644
--- a/state/remote/s3.go
+++ b/state/remote/s3.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"io"
 	"log"
-	"net/http"
 	"os"
 	"strconv"
 
@@ -14,6 +13,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
 	"github.com/aws/aws-sdk-go/service/s3"
+	"github.com/hashicorp/go-cleanhttp"
 )
 
 func s3Factory(conf map[string]string) (Client, error) {
@@ -76,7 +76,7 @@ func s3Factory(conf map[string]string) (Client, error) {
 	awsConfig := &aws.Config{
 		Credentials: credentialsProvider,
 		Region:      aws.String(regionName),
-		HTTPClient:  &http.Client{},
+		HTTPClient:  cleanhttp.DefaultClient(),
 	}
 	nativeClient := s3.New(awsConfig)
 

From 6aa5fdc938813e2f635221477766fcc81bf001c8 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Thu, 22 Oct 2015 15:03:53 -0500
Subject: [PATCH 304/335] state/remote/atlas: handle conflicts on equivalent
 states

Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
Serial number but the checksum of the raw content differs. This can
sometimes happen when Terraform changes state representation internally
between versions in a way that's semantically neutral but affects the JSON
output and therefore the checksum.

Here we detect and handle this situation by ticking the serial and retrying
iff for the previous state and the proposed state:

  * the serials match
  * the parsed states are Equal (semantically equivalent)

In other words, in this situation Terraform can override Atlas's detected
conflict by asserting that the state it is pushing is indeed correct.
---
 state/remote/atlas.go      |  84 +++++++++++-
 state/remote/atlas_test.go | 262 +++++++++++++++++++++++++++++++++++++
 2 files changed, 343 insertions(+), 3 deletions(-)

diff --git a/state/remote/atlas.go b/state/remote/atlas.go
index 9a93730f38..f33f407cec 100644
--- a/state/remote/atlas.go
+++ b/state/remote/atlas.go
@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
 	"net/url"
 	"os"
@@ -13,6 +14,7 @@ import (
 	"strings"
 
 	"github.com/hashicorp/go-cleanhttp"
+	"github.com/hashicorp/terraform/terraform"
 )
 
 const (
@@ -75,6 +77,9 @@ type AtlasClient struct {
 	Name        string
 	AccessToken string
 	RunId       string
+	HTTPClient  *http.Client
+
+	conflictHandlingAttempted bool
 }
 
 func (c *AtlasClient) Get() (*Payload, error) {
@@ -85,7 +90,7 @@ func (c *AtlasClient) Get() (*Payload, error) {
 	}
 
 	// Request the url
-	client := cleanhttp.DefaultClient()
+	client := c.http()
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
@@ -164,7 +169,7 @@ func (c *AtlasClient) Put(state []byte) error {
 	req.ContentLength = int64(len(state))
 
 	// Make the request
-	client := cleanhttp.DefaultClient()
+	client := c.http()
 	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to upload state: %v", err)
@@ -175,6 +180,8 @@ func (c *AtlasClient) Put(state []byte) error {
 	switch resp.StatusCode {
 	case http.StatusOK:
 		return nil
+	case http.StatusConflict:
+		return c.handleConflict(c.readBody(resp.Body), state)
 	default:
 		return fmt.Errorf(
 			"HTTP error: %d\n\nBody: %s",
@@ -190,7 +197,7 @@ func (c *AtlasClient) Delete() error {
 	}
 
 	// Make the request
-	client := cleanhttp.DefaultClient()
+	client := c.http()
 	resp, err := client.Do(req)
 	if err != nil {
 		return fmt.Errorf("Failed to delete state: %v", err)
@@ -241,3 +248,74 @@ func (c *AtlasClient) url() *url.URL {
 		RawQuery: values.Encode(),
 	}
 }
+
+func (c *AtlasClient) http() *http.Client {
+	if c.HTTPClient != nil {
+		return c.HTTPClient
+	}
+	return cleanhttp.DefaultClient()
+}
+
+// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
+// Serial number but the checksum of the raw content differs. This can
+// sometimes happen when Terraform changes state representation internally
+// between versions in a way that's semantically neutral but affects the JSON
+// output and therefore the checksum.
+//
+// Here we detect and handle this situation by ticking the serial and retrying
+// iff for the previous state and the proposed state:
+//
+//   * the serials match
+//   * the parsed states are Equal (semantically equivalent)
+//
+// In other words, in this situation Terraform can override Atlas's detected
+// conflict by asserting that the state it is pushing is indeed correct.
+func (c *AtlasClient) handleConflict(msg string, state []byte) error {
+	log.Printf("[DEBUG] Handling Atlas conflict response: %s", msg)
+
+	if c.conflictHandlingAttempted {
+		log.Printf("[DEBUG] Already attempted conflict resolution; returning conflict.")
+	} else {
+		c.conflictHandlingAttempted = true
+		log.Printf("[DEBUG] Atlas reported conflict, checking for equivalent states.")
+
+		payload, err := c.Get()
+		if err != nil {
+			return conflictHandlingError(err)
+		}
+
+		currentState, err := terraform.ReadState(bytes.NewReader(payload.Data))
+		if err != nil {
+			return conflictHandlingError(err)
+		}
+
+		proposedState, err := terraform.ReadState(bytes.NewReader(state))
+		if err != nil {
+			return conflictHandlingError(err)
+		}
+
+		if statesAreEquivalent(currentState, proposedState) {
+			log.Printf("[DEBUG] States are equivalent, incrementing serial and retrying.")
+			proposedState.Serial++
+			var buf bytes.Buffer
+			if err := terraform.WriteState(proposedState, &buf); err != nil {
+				return conflictHandlingError(err)
+			}
+			return c.Put(buf.Bytes())
+		} else {
+			log.Printf("[DEBUG] States are not equivalent, returning conflict.")
+		}
+	}
+
+	return fmt.Errorf(
+		"Atlas detected a remote state conflict.\n\nMessage: %s", msg)
+}
+
+func conflictHandlingError(err error) error {
+	return fmt.Errorf(
+		"Error while handling a conflict response from Atlas: %s", err)
+}
+
+func statesAreEquivalent(current, proposed *terraform.State) bool {
+	return current.Serial == proposed.Serial && current.Equal(proposed)
+}
diff --git a/state/remote/atlas_test.go b/state/remote/atlas_test.go
index 202e15dad9..ae7ee8a1bd 100644
--- a/state/remote/atlas_test.go
+++ b/state/remote/atlas_test.go
@@ -1,9 +1,15 @@
 package remote
 
 import (
+	"bytes"
+	"crypto/md5"
 	"net/http"
+	"net/http/httptest"
 	"os"
 	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform/terraform"
 )
 
 func TestAtlasClient_impl(t *testing.T) {
@@ -30,3 +36,259 @@ func TestAtlasClient(t *testing.T) {
 
 	testClient(t, client)
 }
+
+func TestAtlasClient_ReportedConflictEqualStates(t *testing.T) {
+	fakeAtlas := newFakeAtlas(t, testStateModuleOrderChange)
+	srv := fakeAtlas.Server()
+	defer srv.Close()
+	client, err := atlasFactory(map[string]string{
+		"access_token": "sometoken",
+		"name":         "someuser/some-test-remote-state",
+		"address":      srv.URL,
+	})
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	state, err := terraform.ReadState(bytes.NewReader(testStateModuleOrderChange))
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	var stateJson bytes.Buffer
+	if err := terraform.WriteState(state, &stateJson); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if err := client.Put(stateJson.Bytes()); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
+func TestAtlasClient_NoConflict(t *testing.T) {
+	fakeAtlas := newFakeAtlas(t, testStateSimple)
+	srv := fakeAtlas.Server()
+	defer srv.Close()
+	client, err := atlasFactory(map[string]string{
+		"access_token": "sometoken",
+		"name":         "someuser/some-test-remote-state",
+		"address":      srv.URL,
+	})
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	state, err := terraform.ReadState(bytes.NewReader(testStateSimple))
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	fakeAtlas.NoConflictAllowed(true)
+
+	var stateJson bytes.Buffer
+	if err := terraform.WriteState(state, &stateJson); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if err := client.Put(stateJson.Bytes()); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+}
+
+func TestAtlasClient_LegitimateConflict(t *testing.T) {
+	fakeAtlas := newFakeAtlas(t, testStateSimple)
+	srv := fakeAtlas.Server()
+	defer srv.Close()
+	client, err := atlasFactory(map[string]string{
+		"access_token": "sometoken",
+		"name":         "someuser/some-test-remote-state",
+		"address":      srv.URL,
+	})
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	state, err := terraform.ReadState(bytes.NewReader(testStateSimple))
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	// Changing the state but not the serial. Should generate a conflict.
+	state.RootModule().Outputs["drift"] = "happens"
+
+	var stateJson bytes.Buffer
+	if err := terraform.WriteState(state, &stateJson); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if err := client.Put(stateJson.Bytes()); err == nil {
+		t.Fatal("Expected error from state conflict, got none.")
+	}
+}
+
+func TestAtlasClient_UnresolvableConflict(t *testing.T) {
+	fakeAtlas := newFakeAtlas(t, testStateSimple)
+
+	// Something unexpected causes Atlas to conflict in a way that we can't fix.
+	fakeAtlas.AlwaysConflict(true)
+
+	srv := fakeAtlas.Server()
+	defer srv.Close()
+	client, err := atlasFactory(map[string]string{
+		"access_token": "sometoken",
+		"name":         "someuser/some-test-remote-state",
+		"address":      srv.URL,
+	})
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	state, err := terraform.ReadState(bytes.NewReader(testStateSimple))
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	var stateJson bytes.Buffer
+	if err := terraform.WriteState(state, &stateJson); err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	doneCh := make(chan struct{})
+	go func() {
+		defer close(doneCh)
+		if err := client.Put(stateJson.Bytes()); err == nil {
+			t.Fatal("Expected error from state conflict, got none.")
+		}
+	}()
+
+	select {
+	case <-doneCh:
+		// OK
+	case <-time.After(50 * time.Millisecond):
+		t.Fatalf("Timed out after 50ms, probably because retrying infinitely.")
+	}
+}
+
+// Stub Atlas HTTP API for a given state JSON string; does checksum-based
+// conflict detection equivalent to Atlas's.
+type fakeAtlas struct {
+	state []byte
+	t     *testing.T
+
+	// Used to test that we only do the special conflict handling retry once.
+	alwaysConflict bool
+
+	// Used to fail the test immediately if a conflict happens.
+	noConflictAllowed bool
+}
+
+func newFakeAtlas(t *testing.T, state []byte) *fakeAtlas {
+	return &fakeAtlas{
+		state: state,
+		t:     t,
+	}
+}
+
+func (f *fakeAtlas) Server() *httptest.Server {
+	return httptest.NewServer(http.HandlerFunc(f.handler))
+}
+
+func (f *fakeAtlas) CurrentState() *terraform.State {
+	currentState, err := terraform.ReadState(bytes.NewReader(f.state))
+	if err != nil {
+		f.t.Fatalf("err: %s", err)
+	}
+	return currentState
+}
+
+func (f *fakeAtlas) CurrentSerial() int64 {
+	return f.CurrentState().Serial
+}
+
+func (f *fakeAtlas) CurrentSum() [md5.Size]byte {
+	return md5.Sum(f.state)
+}
+
+func (f *fakeAtlas) AlwaysConflict(b bool) {
+	f.alwaysConflict = b
+}
+
+func (f *fakeAtlas) NoConflictAllowed(b bool) {
+	f.noConflictAllowed = b
+}
+
+func (f *fakeAtlas) handler(resp http.ResponseWriter, req *http.Request) {
+	switch req.Method {
+	case "GET":
+		// Respond with the current stored state.
+		resp.Header().Set("Content-Type", "application/json")
+		resp.Write(f.state)
+	case "PUT":
+		var buf bytes.Buffer
+		buf.ReadFrom(req.Body)
+		sum := md5.Sum(buf.Bytes())
+		state, err := terraform.ReadState(&buf)
+		if err != nil {
+			f.t.Fatalf("err: %s", err)
+		}
+		conflict := f.CurrentSerial() == state.Serial && f.CurrentSum() != sum
+		conflict = conflict || f.alwaysConflict
+		if conflict {
+			if f.noConflictAllowed {
+				f.t.Fatal("Got conflict when NoConflictAllowed was set.")
+			}
+			http.Error(resp, "Conflict", 409)
+		} else {
+			f.state = buf.Bytes()
+			resp.WriteHeader(200)
+		}
+	}
+}
+
+// This is a tfstate file with the module order changed, which is a structural
+// but not a semantic difference. Terraform will sort these modules as it
+// loads the state.
+var testStateModuleOrderChange = []byte(
+	`{
+    "version": 1,
+    "serial": 1,
+    "modules": [
+        {
+            "path": [
+                "root",
+                "child2",
+                "grandchild"
+            ],
+            "outputs": {
+                "foo": "bar2"
+            },
+            "resources": null
+        },
+        {
+            "path": [
+                "root",
+                "child1",
+                "grandchild"
+            ],
+            "outputs": {
+                "foo": "bar1"
+            },
+            "resources": null
+        }
+    ]
+}
+`)
+
+var testStateSimple = []byte(
+	`{
+    "version": 1,
+    "serial": 1,
+    "modules": [
+        {
+            "path": [
+                "root"
+            ],
+            "outputs": {
+                "foo": "bar"
+            },
+            "resources": null
+        }
+    ]
+}
+`)

From 48439bdf625a33e34efe64a0b977e0f73ab877ae Mon Sep 17 00:00:00 2001
From: Warren Konkel <wkonkel@gmail.com>
Date: Thu, 22 Oct 2015 15:48:25 -0700
Subject: [PATCH 305/335] typo

---
 examples/aws-rds/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/aws-rds/README.md b/examples/aws-rds/README.md
index 79e9ebd026..5af928c397 100644
--- a/examples/aws-rds/README.md
+++ b/examples/aws-rds/README.md
@@ -10,7 +10,7 @@ If you need to use existing security groups and subnets, remove the sg.tf and su
 
 Pass the password variable through your ENV variable.
 
-Several paraneters are externalized, review the different variables.tf files and change them to fit your needs. Carefully review the CIDR blocks, egress/ingress rules, availability zones that are very specific to your account.
+Several parameters are externalized, review the different variables.tf files and change them to fit your needs. Carefully review the CIDR blocks, egress/ingress rules, availability zones that are very specific to your account.
 
 Once ready run 'terraform plan' to review. At the minimum, provide the vpc_id as input variable.
 

From a67182543c63a08b9467eff6112c6c63c28c8fe8 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sat, 15 Aug 2015 17:16:14 -0700
Subject: [PATCH 306/335] Nicer error when list/map assigned to string
 argument.

Previous this would return the following sort of error:
expected type 'string', got unconvertible type '[]interface {}'

This is the raw error returned by the underlying mapstructure library.
This is not a helpful error message for anyone who doesn't know Go's
type system, and it exposes Terraform's internals to the UI.

Instead we'll catch these cases before we try to use mapstructure and
return a more straightforward message.

By checking the type before the IsComputed exception this also avoids
a crash caused when the assigned value is a computed list. Otherwise
the list of interpolations is allowed through here and then crashes later
during Diff when the value is not a primitive as expected.
---
 helper/schema/schema.go      | 19 ++++++++++++++++++-
 helper/schema/schema_test.go | 30 ++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/helper/schema/schema.go b/helper/schema/schema.go
index f4d8609957..8ed8135264 100644
--- a/helper/schema/schema.go
+++ b/helper/schema/schema.go
@@ -1178,8 +1178,25 @@ func (m schemaMap) validatePrimitive(
 	raw interface{},
 	schema *Schema,
 	c *terraform.ResourceConfig) ([]string, []error) {
+
+	// Catch if the user gave a complex type where a primitive was
+	// expected, so we can return a friendly error message that
+	// doesn't contain Go type system terminology.
+	switch reflect.ValueOf(raw).Type().Kind() {
+	case reflect.Slice:
+		return nil, []error{
+			fmt.Errorf("%s must be a single value, not a list", k),
+		}
+	case reflect.Map:
+		return nil, []error{
+			fmt.Errorf("%s must be a single value, not a map", k),
+		}
+	default: // ok
+	}
+
 	if c.IsComputed(k) {
-		// If the key is being computed, then it is not an error
+		// If the key is being computed, then it is not an error as
+		// long as it's not a slice or map.
 		return nil, nil
 	}
 
diff --git a/helper/schema/schema_test.go b/helper/schema/schema_test.go
index 09eeef119e..e43300c998 100644
--- a/helper/schema/schema_test.go
+++ b/helper/schema/schema_test.go
@@ -3409,6 +3409,36 @@ func TestSchemaMap_Validate(t *testing.T) {
 			Err: true,
 		},
 
+		"Bad, should not allow lists to be assigned to string attributes": {
+			Schema: map[string]*Schema{
+				"availability_zone": &Schema{
+					Type:     TypeString,
+					Required: true,
+				},
+			},
+
+			Config: map[string]interface{}{
+				"availability_zone": []interface{}{"foo", "bar", "baz"},
+			},
+
+			Err: true,
+		},
+
+		"Bad, should not allow maps to be assigned to string attributes": {
+			Schema: map[string]*Schema{
+				"availability_zone": &Schema{
+					Type:     TypeString,
+					Required: true,
+				},
+			},
+
+			Config: map[string]interface{}{
+				"availability_zone": map[string]interface{}{"foo": "bar", "baz": "thing"},
+			},
+
+			Err: true,
+		},
+
 		"Deprecated attribute usage generates warning, but not error": {
 			Schema: map[string]*Schema{
 				"old_news": &Schema{

From 864b2dee0119b1c2931a5e0cfe0c0796dc6a4708 Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Thu, 22 Oct 2015 21:27:51 -0700
Subject: [PATCH 307/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f96f001e5b..f862c8500a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@ IMPROVEMENTS:
 
   * "forces new resource" now highlighted in plan output [GH-3136]
 
+BUG FIXES:
+
+  * helper/schema: Better error message for assigning list/map to string [GH-3009]
+
 ## 0.6.5 (October 21, 2015)
 
 FEATURES:

From aa5d02104c8efe95b61433fb9eb8cb77f46fce45 Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Fri, 23 Oct 2015 09:54:54 +0200
Subject: [PATCH 308/335] Add `computed` flag to the `network_domain` parameter

Without this flag you will get a diff based on the `network_domain`
parameter, if you not specify the parameter.
---
 builtin/providers/cloudstack/resource_cloudstack_vpc.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc.go b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
index 07502e58e5..d99a4042a5 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc.go
@@ -43,6 +43,7 @@ func resourceCloudStackVPC() *schema.Resource {
 			"network_domain": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
+				Computed: true,
 				ForceNew: true,
 			},
 

From d86376c0ac2f4b173454001c26d6b18117f5ddf6 Mon Sep 17 00:00:00 2001
From: Joshua Garnett <jgarnett@zynga.com>
Date: Fri, 23 Oct 2015 08:22:46 -0400
Subject: [PATCH 309/335] Fixing the cloudwatch_metric_alarm auto scale example

---
 .../docs/providers/aws/r/cloudwatch_metric_alarm.html.markdown | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/source/docs/providers/aws/r/cloudwatch_metric_alarm.html.markdown b/website/source/docs/providers/aws/r/cloudwatch_metric_alarm.html.markdown
index d75333596f..6c6cab23b7 100644
--- a/website/source/docs/providers/aws/r/cloudwatch_metric_alarm.html.markdown
+++ b/website/source/docs/providers/aws/r/cloudwatch_metric_alarm.html.markdown
@@ -45,6 +45,9 @@ resource "aws_cloudwatch_metric_alarm" "bat" {
     period = "120"
     statistic = "Average"
     threshold = "80"
+    dimensions {
+        AutoScalingGroupName = "${aws_autoscaling_group.bar.name}"
+    }
     alarm_description = "This metric monitor ec2 cpu utilization"
     alarm_actions = ["${aws_autoscaling_policy.bat.arn}"]
 }

From 60e76961c6251e7745aed821d2cbc1cd79be9bf9 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Fri, 23 Oct 2015 09:56:22 -0500
Subject: [PATCH 310/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f862c8500a..d122dd5f8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ IMPROVEMENTS:
 BUG FIXES:
 
   * helper/schema: Better error message for assigning list/map to string [GH-3009]
+  * remote/state/atlas: Additional remote state conflict handling for semantically neutral state changes [GH-3603]
 
 ## 0.6.5 (October 21, 2015)
 

From d83cb911cd0f3d460122ff9072b38eed07b8945e Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Fri, 23 Oct 2015 15:31:41 +0000
Subject: [PATCH 311/335] v0.6.6

---
 CHANGELOG.md         |   2 +-
 deps/v0-6-6.json     | 489 +++++++++++++++++++++++++++++++++++++++++++
 terraform/version.go |   2 +-
 3 files changed, 491 insertions(+), 2 deletions(-)
 create mode 100644 deps/v0-6-6.json

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d122dd5f8f..26d2967715 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-## 0.6.6 (Unreleased)
+## 0.6.6 (October 23, 2015)
 
 FEATURES:
 
diff --git a/deps/v0-6-6.json b/deps/v0-6-6.json
new file mode 100644
index 0000000000..fcc90ead99
--- /dev/null
+++ b/deps/v0-6-6.json
@@ -0,0 +1,489 @@
+{
+	"ImportPath": "github.com/hashicorp/terraform",
+	"GoVersion": "go1.4.2",
+	"Packages": [
+		"./..."
+	],
+	"Deps": [
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/core/http",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/core/tls",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/management",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/Azure/azure-sdk-for-go/storage",
+			"Comment": "v1.2-261-g3dcabb6",
+			"Rev": "3dcabb61c225af4013db7af20d4fe430fd09e311"
+		},
+		{
+			"ImportPath": "github.com/apparentlymart/go-cidr/cidr",
+			"Rev": "a3ebdb999b831ecb6ab8a226e31b07b2b9061c47"
+		},
+		{
+			"ImportPath": "github.com/apparentlymart/go-rundeck-api/rundeck",
+			"Comment": "v0.0.1",
+			"Rev": "cddcfbabbe903e9c8df35ff9569dbb8d67789200"
+		},
+		{
+			"ImportPath": "github.com/armon/circbuf",
+			"Rev": "bbbad097214e2918d8543d5201d12bfd7bca254d"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/aws",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/endpoints",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/ec2query",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/json/jsonutil",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/jsonrpc",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/query",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/rest",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/restjson",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/restxml",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/protocol/xml/xmlutil",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/internal/signer/v4",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/autoscaling",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/cloudwatch",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/cloudwatchlogs",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/codedeploy",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/directoryservice",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/dynamodb",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/ec2",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/ecs",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/efs",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elasticache",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elasticsearchservice",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/elb",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/glacier",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/iam",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/kinesis",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/lambda",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/opsworks",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/rds",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/route53",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/s3",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/sns",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/aws/aws-sdk-go/service/sqs",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/awslabs/aws-sdk-go/aws",
+			"Comment": "v0.9.16-1-g66c840e",
+			"Rev": "66c840e9981dd121a4239fc25e33b6c1c1caa781"
+		},
+		{
+			"ImportPath": "github.com/coreos/etcd/client",
+			"Comment": "v2.2.0-261-gae62a77",
+			"Rev": "ae62a77de61d70f434ed848ba48b44247cb54c94"
+		},
+		{
+			"ImportPath": "github.com/coreos/etcd/pkg/pathutil",
+			"Comment": "v2.2.0-261-gae62a77",
+			"Rev": "ae62a77de61d70f434ed848ba48b44247cb54c94"
+		},
+		{
+			"ImportPath": "github.com/coreos/etcd/pkg/types",
+			"Comment": "v2.2.0-261-gae62a77",
+			"Rev": "ae62a77de61d70f434ed848ba48b44247cb54c94"
+		},
+		{
+			"ImportPath": "github.com/cyberdelia/heroku-go/v3",
+			"Rev": "8344c6a3e281a99a693f5b71186249a8620eeb6b"
+		},
+		{
+			"ImportPath": "github.com/digitalocean/godo",
+			"Comment": "v0.9.0-2-gc03bb09",
+			"Rev": "c03bb099b8dc38e87581902a56885013a0865703"
+		},
+		{
+			"ImportPath": "github.com/dylanmei/iso8601",
+			"Rev": "2075bf119b58e5576c6ed9f867b8f3d17f2e54d4"
+		},
+		{
+			"ImportPath": "github.com/dylanmei/winrmtest",
+			"Rev": "3e9661c52c45dab9a8528966a23d421922fca9b9"
+		},
+		{
+			"ImportPath": "github.com/fsouza/go-dockerclient",
+			"Rev": "44f75219dec4d25d3ac5483d38d3ada7eaf047ab"
+		},
+		{
+			"ImportPath": "github.com/google/go-querystring/query",
+			"Rev": "547ef5ac979778feb2f760cdb5f4eae1a2207b86"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/atlas-go/archive",
+			"Comment": "20141209094003-81-g6c9afe8",
+			"Rev": "6c9afe8bb88099b424db07dea18f434371de8199"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/atlas-go/v1",
+			"Comment": "20141209094003-81-g6c9afe8",
+			"Rev": "6c9afe8bb88099b424db07dea18f434371de8199"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/consul/api",
+			"Comment": "v0.5.2-469-g6a350d5",
+			"Rev": "6a350d5d19a41f94e0c99a933410e8545c4e7a51"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/errwrap",
+			"Rev": "7554cd9344cec97297fa6649b055a8c98c2a1e55"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-checkpoint",
+			"Rev": "e4b2dc34c0f698ee04750bf2035d8b9384233e1b"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-cleanhttp",
+			"Rev": "5df5ddc69534f1a4697289f1dca2193fbb40213f"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-getter",
+			"Rev": "2463fe5ef95a59a4096482fb9390b5683a5c380a"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-multierror",
+			"Rev": "d30f09973e19c1dfcd120b2d9c4f168e68d6b5d5"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/go-version",
+			"Rev": "2b9865f60ce11e527bd1255ba82036d465570aa3"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/hcl",
+			"Rev": "4de51957ef8d4aba6e285ddfc587633bbfc7c0e8"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/logutils",
+			"Rev": "0dc08b1671f34c4250ce212759ebd880f743d883"
+		},
+		{
+			"ImportPath": "github.com/hashicorp/yamux",
+			"Rev": "ddcd0a6ec7c55e29f235e27935bf98d302281bd3"
+		},
+		{
+			"ImportPath": "github.com/imdario/mergo",
+			"Comment": "0.2.0-5-g61a5285",
+			"Rev": "61a52852277811e93e06d28e0d0c396284a7730b"
+		},
+		{
+			"ImportPath": "github.com/kardianos/osext",
+			"Rev": "6e7f843663477789fac7c02def0d0909e969b4e5"
+		},
+		{
+			"ImportPath": "github.com/masterzen/simplexml/dom",
+			"Rev": "95ba30457eb1121fa27753627c774c7cd4e90083"
+		},
+		{
+			"ImportPath": "github.com/masterzen/winrm/soap",
+			"Rev": "e3e57d617b7d9573db6c98567a261916ff53cfb3"
+		},
+		{
+			"ImportPath": "github.com/masterzen/winrm/winrm",
+			"Rev": "e3e57d617b7d9573db6c98567a261916ff53cfb3"
+		},
+		{
+			"ImportPath": "github.com/masterzen/xmlpath",
+			"Rev": "13f4951698adc0fa9c1dda3e275d489a24201161"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/cli",
+			"Rev": "8102d0ed5ea2709ade1243798785888175f6e415"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/colorstring",
+			"Rev": "8631ce90f28644f54aeedcb3e389a85174e067d1"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/copystructure",
+			"Rev": "6fc66267e9da7d155a9d3bd489e00dad02666dc6"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/go-homedir",
+			"Rev": "df55a15e5ce646808815381b3db47a8c66ea62f4"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/go-linereader",
+			"Rev": "07bab5fdd9580500aea6ada0e09df4aa28e68abd"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/mapstructure",
+			"Rev": "281073eb9eb092240d33ef253c404f1cca550309"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/osext",
+			"Rev": "5e2d6d41470f99c881826dedd8c526728b783c9c"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/packer/common/uuid",
+			"Comment": "v0.8.6-128-g8e63ce1",
+			"Rev": "8e63ce13028ed6a3204d7ed210c4790ea11d7db9"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/panicwrap",
+			"Rev": "1655d88c8ff7495ae9d2c19fd8f445f4657e22b0"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/prefixedio",
+			"Rev": "89d9b535996bf0a185f85b59578f2e245f9e1724"
+		},
+		{
+			"ImportPath": "github.com/mitchellh/reflectwalk",
+			"Rev": "eecf4c70c626c7cfbb95c90195bc34d386c74ac6"
+		},
+		{
+			"ImportPath": "github.com/nu7hatch/gouuid",
+			"Rev": "179d4d0c4d8d407a32af483c2354df1d2c91e6c3"
+		},
+		{
+			"ImportPath": "github.com/packer-community/winrmcp/winrmcp",
+			"Rev": "3d184cea22ee1c41ec1697e0d830ff0c78f7ea97"
+		},
+		{
+			"ImportPath": "github.com/packethost/packngo",
+			"Rev": "f03d7dc788a8b57b62d301ccb98c950c325756f8"
+		},
+		{
+			"ImportPath": "github.com/pborman/uuid",
+			"Rev": "cccd189d45f7ac3368a0d127efb7f4d08ae0b655"
+		},
+		{
+			"ImportPath": "github.com/pearkes/cloudflare",
+			"Rev": "3d4cd12a4c3a7fc29b338b774f7f8b7e3d5afc2e"
+		},
+		{
+			"ImportPath": "github.com/pearkes/dnsimple",
+			"Rev": "78996265f576c7580ff75d0cb2c606a61883ceb8"
+		},
+		{
+			"ImportPath": "github.com/pearkes/mailgun",
+			"Rev": "b88605989c4141d22a6d874f78800399e5bb7ac2"
+		},
+		{
+			"ImportPath": "github.com/rackspace/gophercloud",
+			"Comment": "v1.0.0-685-g63ee53d",
+			"Rev": "63ee53d682169b50b8dfaca88722ba19bd5b17a6"
+		},
+		{
+			"ImportPath": "github.com/satori/go.uuid",
+			"Rev": "08f0718b61e95ddba0ade3346725fe0e4bf28ca6"
+		},
+		{
+			"ImportPath": "github.com/soniah/dnsmadeeasy",
+			"Comment": "v1.1-2-g5578a8c",
+			"Rev": "5578a8c15e33958c61cf7db720b6181af65f4a9e"
+		},
+		{
+			"ImportPath": "github.com/tent/http-link-go",
+			"Rev": "ac974c61c2f990f4115b119354b5e0b47550e888"
+		},
+		{
+			"ImportPath": "github.com/ugorji/go/codec",
+			"Rev": "8a2a3a8c488c3ebd98f422a965260278267a0551"
+		},
+		{
+			"ImportPath": "github.com/vaughan0/go-ini",
+			"Rev": "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1"
+		},
+		{
+			"ImportPath": "github.com/vmware/govmomi",
+			"Comment": "v0.2.0-36-g6be2410",
+			"Rev": "6be2410334b7be4f6f8962206e49042207f99673"
+		},
+		{
+			"ImportPath": "github.com/xanzy/go-cloudstack/cloudstack",
+			"Comment": "v1.2.0-48-g0e6e56f",
+			"Rev": "0e6e56fc0db3f48f060273f2e2ffe5d8d41b0112"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/curve25519",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/pkcs12",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/ssh",
+			"Rev": "c8b9e6388ef638d5a8a9d865c634befdc46a6784"
+		},
+		{
+			"ImportPath": "golang.org/x/net/context",
+			"Rev": "2cba614e8ff920c60240d2677bc019af32ee04e5"
+		},
+		{
+			"ImportPath": "golang.org/x/oauth2",
+			"Rev": "038cb4adce85ed41e285c2e7cc6221a92bfa44aa"
+		},
+		{
+			"ImportPath": "google.golang.org/api/compute/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/container/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/dns/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/googleapi",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/internal",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/api/storage/v1",
+			"Rev": "c83ee8e9b7e6c40a486c0992a963ea8b6911de67"
+		},
+		{
+			"ImportPath": "google.golang.org/cloud/compute/metadata",
+			"Rev": "2400193c85c3561d13880d34e0e10c4315bb02af"
+		},
+		{
+			"ImportPath": "google.golang.org/cloud/internal",
+			"Rev": "2400193c85c3561d13880d34e0e10c4315bb02af"
+		}
+	]
+}
diff --git a/terraform/version.go b/terraform/version.go
index 403f09bd2f..bdb20fa1eb 100644
--- a/terraform/version.go
+++ b/terraform/version.go
@@ -6,4 +6,4 @@ const Version = "0.6.6"
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = "dev"
+const VersionPrerelease = ""

From 81ffb72230be732d9bd1d793138b1c41b20830f7 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Fri, 23 Oct 2015 10:50:35 -0500
Subject: [PATCH 312/335] release: clean up after v0.6.6

---
 CHANGELOG.md         | 2 ++
 terraform/version.go | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26d2967715..60f65d87f1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.6.7 (Unreleased)
+
 ## 0.6.6 (October 23, 2015)
 
 FEATURES:
diff --git a/terraform/version.go b/terraform/version.go
index bdb20fa1eb..eb34e7f304 100644
--- a/terraform/version.go
+++ b/terraform/version.go
@@ -1,9 +1,9 @@
 package terraform
 
 // The main version number that is being run at the moment.
-const Version = "0.6.6"
+const Version = "0.6.7"
 
 // A pre-release marker for the version. If this is "" (empty string)
 // then it means that it is a final release. Otherwise, this is a pre-release
 // such as "dev" (in development), "beta", "rc1", etc.
-const VersionPrerelease = ""
+const VersionPrerelease = "dev"

From 0c81a9c1082bd9f4e32c387e6a5cea1a571da2cc Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Fri, 23 Oct 2015 15:06:46 -0400
Subject: [PATCH 313/335] provider/google: Fixed timeout bug on large instance
 groups

---
 ...resource_compute_instance_group_manager.go | 27 +++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/builtin/providers/google/resource_compute_instance_group_manager.go b/builtin/providers/google/resource_compute_instance_group_manager.go
index ed48b26d51..9387381460 100644
--- a/builtin/providers/google/resource_compute_instance_group_manager.go
+++ b/builtin/providers/google/resource_compute_instance_group_manager.go
@@ -3,6 +3,7 @@ package google
 import (
 	"fmt"
 	"log"
+	"strings"
 
 	"google.golang.org/api/compute/v1"
 	"google.golang.org/api/googleapi"
@@ -247,10 +248,32 @@ func resourceComputeInstanceGroupManagerDelete(d *schema.ResourceData, meta inte
 		return fmt.Errorf("Error deleting instance group manager: %s", err)
 	}
 
+	currentSize := int64(d.Get("target_size").(int))
+
 	// Wait for the operation to complete
 	err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Deleting InstanceGroupManager")
-	if err != nil {
-		return err
+
+	for err != nil && currentSize > 0 {
+		if !strings.Contains(err.Error(), "timeout") {
+			return err;
+		}
+
+		instanceGroup, err := config.clientCompute.InstanceGroups.Get(
+			config.Project, d.Get("zone").(string), d.Id()).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error getting instance group size: %s", err);
+		}
+
+		if instanceGroup.Size >= currentSize {
+			return fmt.Errorf("Error, instance group isn't shrinking during delete")
+		}
+
+		log.Printf("[INFO] timeout occured, but instance group is shrinking (%d < %d)", instanceGroup.Size, currentSize)
+
+		currentSize = instanceGroup.Size
+
+		err = computeOperationWaitZone(config, op, d.Get("zone").(string), "Deleting InstanceGroupManager")
 	}
 
 	d.SetId("")

From f23a8bfe4e855210a33640a5eabae120b63a531d Mon Sep 17 00:00:00 2001
From: Daniel Imfeld <daniel@danielimfeld.com>
Date: Fri, 23 Oct 2015 17:58:04 -0500
Subject: [PATCH 314/335] Update list of GCE service scope short names

---
 builtin/providers/google/service_scope.go | 28 +++++++++++++----------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/builtin/providers/google/service_scope.go b/builtin/providers/google/service_scope.go
index 3985a9cc93..d4c5181251 100644
--- a/builtin/providers/google/service_scope.go
+++ b/builtin/providers/google/service_scope.go
@@ -4,18 +4,22 @@ func canonicalizeServiceScope(scope string) string {
 	// This is a convenience map of short names used by the gcloud tool
 	// to the GCE auth endpoints they alias to.
 	scopeMap := map[string]string{
-		"bigquery":       "https://www.googleapis.com/auth/bigquery",
-		"compute-ro":     "https://www.googleapis.com/auth/compute.readonly",
-		"compute-rw":     "https://www.googleapis.com/auth/compute",
-		"datastore":      "https://www.googleapis.com/auth/datastore",
-		"logging-write":  "https://www.googleapis.com/auth/logging.write",
-		"sql":            "https://www.googleapis.com/auth/sqlservice",
-		"sql-admin":      "https://www.googleapis.com/auth/sqlservice.admin",
-		"storage-full":   "https://www.googleapis.com/auth/devstorage.full_control",
-		"storage-ro":     "https://www.googleapis.com/auth/devstorage.read_only",
-		"storage-rw":     "https://www.googleapis.com/auth/devstorage.read_write",
-		"taskqueue":      "https://www.googleapis.com/auth/taskqueue",
-		"userinfo-email": "https://www.googleapis.com/auth/userinfo.email",
+		"bigquery":        "https://www.googleapis.com/auth/bigquery",
+		"cloud-platform":  "https://www.googleapis.com/auth/cloud-platform",
+		"compute-ro":      "https://www.googleapis.com/auth/compute.readonly",
+		"compute-rw":      "https://www.googleapis.com/auth/compute",
+		"datastore":       "https://www.googleapis.com/auth/datastore",
+		"logging-write":   "https://www.googleapis.com/auth/logging.write",
+		"monitoring":      "https://www.googleapis.com/auth/monitoring",
+		"sql":             "https://www.googleapis.com/auth/sqlservice",
+		"sql-admin":       "https://www.googleapis.com/auth/sqlservice.admin",
+		"storage-full":    "https://www.googleapis.com/auth/devstorage.full_control",
+		"storage-ro":      "https://www.googleapis.com/auth/devstorage.read_only",
+		"storage-rw":      "https://www.googleapis.com/auth/devstorage.read_write",
+		"taskqueue":       "https://www.googleapis.com/auth/taskqueue",
+		"useraccounts-ro": "https://www.googleapis.com/auth/cloud.useraccounts.readonly",
+		"useraccounts-rw": "https://www.googleapis.com/auth/cloud.useraccounts",
+		"userinfo-email":  "https://www.googleapis.com/auth/userinfo.email",
 	}
 
 	if matchedUrl, ok := scopeMap[scope]; ok {

From 61e890ecc90b9fb94ee851e2946b3957c131fada Mon Sep 17 00:00:00 2001
From: John Gosset <john.gosset@gmail.com>
Date: Sun, 25 Oct 2015 16:39:33 -0400
Subject: [PATCH 315/335] Update list of backends in RemoteConfigCommand's
 Help() method

---
 command/remote_config.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/command/remote_config.go b/command/remote_config.go
index 95973dfdb8..d7e73a5d8d 100644
--- a/command/remote_config.go
+++ b/command/remote_config.go
@@ -338,7 +338,7 @@ func (c *RemoteConfigCommand) enableRemoteState() int {
 
 func (c *RemoteConfigCommand) Help() string {
 	helpText := `
-Usage: terraform remote [options]
+Usage: terraform remote config [options]
 
   Configures Terraform to use a remote state server. This allows state
   to be pulled down when necessary and then pushed to the server when
@@ -348,7 +348,8 @@ Usage: terraform remote [options]
 Options:
 
   -backend=Atlas         Specifies the type of remote backend. Must be one
-                         of Atlas, Consul, or HTTP. Defaults to Atlas.
+                         of Atlas, Consul, Etcd, HTTP, S3, or Swift. Defaults
+                         to Atlas.
 
   -backend-config="k=v"  Specifies configuration for the remote storage
                          backend. This can be specified multiple times.

From 7e539ef2cbbad5fcd27355e33322023fedfd9b2a Mon Sep 17 00:00:00 2001
From: Martin Atkins <mart@degeneration.co.uk>
Date: Sun, 25 Oct 2015 14:27:20 -0700
Subject: [PATCH 316/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 60f65d87f1..19d7eb186d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 0.6.7 (Unreleased)
 
+BUG FIXES:
+
+  * `terraform remote config`: update `--help` output [GH-3632]
+
 ## 0.6.6 (October 23, 2015)
 
 FEATURES:

From 3b91f047a3fad4a054aa8f63d5803243e7117cec Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Mon, 26 Oct 2015 00:49:44 -0400
Subject: [PATCH 317/335] Update vpn.tf

Fix grammar in comment
---
 examples/gce-vpn/vpn.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/gce-vpn/vpn.tf b/examples/gce-vpn/vpn.tf
index 2693c10018..23fa8a02c8 100644
--- a/examples/gce-vpn/vpn.tf
+++ b/examples/gce-vpn/vpn.tf
@@ -98,7 +98,7 @@ resource "google_compute_forwarding_rule" "fr2_udp4500" {
 }
 
 # Each tunnel is responsible for encrypting and decrypting traffic exiting
-# and leaving it's associated gateway
+# and leaving its associated gateway
 resource "google_compute_vpn_tunnel" "tunnel1" {
     name = "tunnel1"
     region = "${var.region1}"

From ccdadf88f69f8fccdae02c7b48c261ea36da2a33 Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Mon, 26 Oct 2015 02:58:59 -0400
Subject: [PATCH 318/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19d7eb186d..520377d69f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 BUG FIXES:
 
   * `terraform remote config`: update `--help` output [GH-3632]
+  * Google provider: Timeout when deleting large instance_group_manager [GH-3591]
 
 ## 0.6.6 (October 23, 2015)
 

From 8b70867fdd9537997cc285eb07968cbaf74e56d1 Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Mon, 26 Oct 2015 03:04:45 -0400
Subject: [PATCH 319/335] Update CHANGELOG.md

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 520377d69f..fa81334aaa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,11 @@ BUG FIXES:
   * `terraform remote config`: update `--help` output [GH-3632]
   * Google provider: Timeout when deleting large instance_group_manager [GH-3591]
 
+IMPROVEMENTS:
+
+  * Google provider: Accurate Terraform Version [GH-3554]
+  * Google provider: Simplified auth (DefaultClient support) [GH-3553]
+
 ## 0.6.6 (October 23, 2015)
 
 FEATURES:

From 456f1a76768fa9bad8e024156f87689e78b80f9e Mon Sep 17 00:00:00 2001
From: Seth Vargo <sethvargo@gmail.com>
Date: Sun, 25 Oct 2015 23:58:36 -0400
Subject: [PATCH 320/335] Use releases for releases

---
 website/Gemfile.lock                         |   6 +-
 website/config.rb                            |  13 +--
 website/source/assets/images/fastly_logo.png | Bin 0 -> 182835 bytes
 website/source/downloads.html.erb            |  84 ++++++++++---------
 4 files changed, 50 insertions(+), 53 deletions(-)
 create mode 100644 website/source/assets/images/fastly_logo.png

diff --git a/website/Gemfile.lock b/website/Gemfile.lock
index 325143cfd7..59b9283951 100644
--- a/website/Gemfile.lock
+++ b/website/Gemfile.lock
@@ -1,8 +1,8 @@
 GIT
   remote: https://github.com/hashicorp/middleman-hashicorp
-  revision: b152b6436348e8e1f9990436228b25b4c5c6fcb8
+  revision: f21146d03182b7236b85ee8bc430fd613125d5bb
   specs:
-    middleman-hashicorp (0.1.0)
+    middleman-hashicorp (0.2.0)
       bootstrap-sass (~> 3.3)
       builder (~> 3.2)
       less (~> 2.6)
@@ -79,7 +79,7 @@ GEM
     kramdown (1.9.0)
     less (2.6.0)
       commonjs (~> 0.2.7)
-    libv8 (3.16.14.11)
+    libv8 (3.16.14.13)
     listen (3.0.3)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
diff --git a/website/config.rb b/website/config.rb
index 5d0d0ec166..f8432d2555 100644
--- a/website/config.rb
+++ b/website/config.rb
@@ -1,14 +1,7 @@
-#-------------------------------------------------------------------------
-# Configure Middleman
-#-------------------------------------------------------------------------
-
 set :base_url, "https://www.terraform.io/"
 
 activate :hashicorp do |h|
-  h.version         = ENV["TERRAFORM_VERSION"]
-  h.bintray_enabled = ENV["BINTRAY_ENABLED"]
-  h.bintray_repo    = "mitchellh/terraform"
-  h.bintray_user    = "mitchellh"
-  h.bintray_key     = ENV["BINTRAY_API_KEY"]
-  h.github_slug     = "hashicorp/terraform"
+  h.name        = "terraform"
+  h.version     = "0.6.6"
+  h.github_slug = "hashicorp/terraform"
 end
diff --git a/website/source/assets/images/fastly_logo.png b/website/source/assets/images/fastly_logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..0c4619e964742b43dad160839a7e4f4433b53790
GIT binary patch
literal 182835
zcmeFa2~<tr8$Wy!GBg;XkV-^olm=9;S(4JMXjBo6q)}a86opI;nhnjfCe4>*C=HZ~
zrb`-BD$OZ+_de%bx^<7=f35d@*Sp@e?6u_Fd-r+v^L(Ch@3YT2S5*(~W1F{p9)cij
ziu-q~A;^li2*OI9GaG!<6c(`;{5RKT|B*8YBDxy>V{(kxehz%O?Cc($v+CAnXB~{}
zOpzVOt&L6j6)la-P1Q_|jyu`DHkCtWyrwAb-l5_6v8!PR6T**N5>Iz;OP!S@GGo@0
zI(9&VsBwnQB>D+_uW@kTFTcJDXlEk+`KH8MX5wG@O&+ii|4MqXn}hgQ^0lkH#J?iT
z7R&$T*G+4k|MKhce*#ZN=bwfrqk;T0X*xLm`7j+E|AH1B9RH#;9UTAC5<MLM@-Q79
z{|XN}IQ|tLba4DDJm}!~S9s9D@vrcpgX3S}K?ldb!h;@;|7Q!2u)J-rPOk87mhCR;
zGHNq@oEdM&Y{z_Kx65OX6^|b0awzpYV_SRA$%==0*2jAWD@I%&MGf=3X$|9EKYw7>
zB*w_x3;(uiVZ8fq3o%y~{&lHk?_U>F{tY}y4dCz})bx1#GcI~O`2V>R9U%WA7abh`
z0>~6NkbeP$9+7_mgdUH70fZipe-+3SJpKg`dO-dK5PCfR1rT~X{soXJc>Mn}fCLm=
z19DK?*ep|>Tle{o*$+NTGVmSKH_0;amRwO@=w_+^#C-UoONObub6)q41QotXV!LPe
zxw9B3&!GA@ygyd3X*N<e;PSNX=ebjhkb<s~UoKD0P4M32;azZjU_{&_<KDi`(0L6a
zC4o88Pi1l(Tk5UcKIa7&oHdYV?_T-YHRtu9Ty17tj$5<kj7dXHIwT9jRSar8t7U57
zQPH?cYJ=SEb*{s<!o{(TeZR_$T{+&LJZ`NQ;xSr%r$4g$M@S0677<F_Rk*jLptM4|
zq=WnE*jpzf-I+%<qCVw0UFtbEG`iAf_`O7i!<<gb(5*Gc3M7mtF){gY0bCgQWwNX8
zXm@6uol~t?iIe6~;o!PEpI08yh`RqW$UOA=_Yu{V&CYcl+|)6*#2h!v_{jt&9p`Eb
zfUP5xI5tbkz2E&zOD{TcMa~r4Dz~nt#r5Z#RB7I*r+J0>8{6zZWZKtQU+0{3>ZC*R
z83DNSW!&UMki-=kw&sLlH_M&9dU9O#IU#a6&EFHdOio*CmuWT(o_a{IHHWIQ3X<S^
zRUsYM!Tma@JM17!S)+PN-uDlDKEq?_32QIp<=KCbv9Ia5ws6wWlMcxfL07;Yn%vd9
z>aH2(njWdtX}mo5sb{88CpEGw^G?Ak&u@Bz)=*WmhtC0Nt}U2!GVSn}S<ek+<kEd1
zuk1Y@3v4gNhpv3SO3m!z0*(Ev9$mR^bEyA^!T1m~l~lNVMfL2<P`IC~5Wsb8_6Wtz
z+I3Xkve<6VU|^NCY}prA8r3QPU(;Z!%?W!beOuv1p*p9-*T{!Y9PF>M@-yFIx<s1Y
zUP@;5W365mf5osx?W=;q5Sw{#hL-VDVQIt8^0Vdr8umYJd{x2<+ef4zWGnrQWvxT^
z_VG^eZe-@E2zOdu>yj%IWL@1nk=0cHq5srzf^A3SC98q%E0|vNk&AQ9kN2!97)`Ca
zv9v^M>lAkJkK`ZAfaQ_p4@d-WR@vng6;!aU7?JOnO&tDOBx7fv-&!Nx#L*>xZE4B9
z(~Kz~_TrG^ZMTheu7AmMWj00JEOMR9#qwj~`V)@$bfk+lx~AzU><4`qHPzXW;pACK
ztgRt2Gm`BumJSbg`S$d7)VF0WuN-qYVV$N^cAUWb+LywUdv~n&xYK%4xF=U4fTd!I
zPgAo>dHx45x|4K#=IGc{3c)5UiV-)IUFH#YS<s+PW3x@8&Jywi*1$nZ;|K4au?|<u
zP`1t%8NHt_X*wB?33iZmdB8~GxVA|AboE82xXk5mwyDnww`eYP8E<Sl?Z%<irqsVV
zIWs%XHt*hXMgV~C3SL4R&jUI?8M?P$%Q}7@vf@tZ*g%(qiG99wlTT+tHwq!#f5)Kp
zN<$O|yxz(o8HNygH<NrRl|tt@8NG(L#vcw4o%S4#swo-BLg8f#987L(e$rUlnt8&$
zdqp##$FNO6U6VA`SPNUn-sWE2fSe`U5-bOk*&tV(VnsF|<5~Je1EVeoAVN>|nw|S!
z%IFI7eIba<7KR|mlRrP=_9(49(b&PJ!4$s9r`g%R+-(8~_0ZWemA5)baq^1vBu4MP
zfFkYL4~_YulergCvFl>%$)i2rhiw6norm*|q%NynA>wx?Ytl)R4#|m|pnT>L+=u$J
zEUF8gO!gpDO`yvyiNghNjkov`7;*b@DC^k+UPe*@!y~i3CXu8&Bptg3vW1O}M?Ye?
zu5}UJZ+|`<I}RbZC?3p$Y^yo&=X<)Nv$vq#4ZX18MY_sQqy)#&{rcwv*6-YgBAd{1
zO%quTWaz6mLAWMq!&qS0sm8i)^r%edr`!|)B-tV1@4YtyTQHLk%v@d`Bs2qIk@EjD
zG~H4A1_;r(A7`PHg7)aKSSBRI2&QvJtz8)Qb=C3u^ymmjTSBAGLZm%di@;#Q;~=KJ
zR_i^y&E$iJ71@yXM4&2d0)NH%(C{*<jrZ(N>|e2Q1`;y7hlqFyN<5ac@MJ1)S&jxX
z;<brT!c8dG>xyiA%R541n2<ddf{dgC-(|mnb{h97*GQqJ)LG6teh$KExt4(A3e&wH
zDLD%l+1xJQT;M$p%!{-{cP?YnWKl_A!4<pKdsMn6_Ctm{Ht7oME%|Hj)$2X_T_Z;!
z&zjkU;%$ZE$s5XXAkGhc8Ph}B(N0U0B#ySEI=|>g!ubdpO@xf9-sddbqmVgz{XIg~
zzo$q*^=t^Rb+Q+T)BX2a9U^BV18N(Iz_N#6ZGc?rEEDldfSZ^ZG*S&Tbs=D3o5Si}
zIPxMDn}><qQ4q#F)o{*2MTN?7(f0@<O(@eMm{5fFdl?0k+q=nFAc$Dn->F{VEVPib
z4s0T^A=D+3L^?&uwm*Tc;{c&T+#V1qK<EO5>IO*XU(N(It&>8?nILy-5yZ>znGmh5
zAbGuM+gh*!^mZWBztCk!nO#vLxb2L8lMY~*nGgpxh(kLWLY6stUX2+UnMD{z*56oz
zAhPkCh4u>lFUY(|Z>Jd%W)ZS}pgI#*V~rZEN9~|Dh?oT)U`@&H>pe~?xXa8QK*&wQ
zmLQF9VqgsLE0naMJ4(7m<}fo-dpnCL@F_x$YkfEiH-{ChV0K0*=b$k$Y+iQ4ObEpa
z%_pa>wJ{+%Z;1l>-7ouRAmj!`iKA`(4kjcHq&DO)9DvADo6lJ&9#)RJZC3!y28>#`
z&^`d?X>G4h0$~{v;Vej3W9D1qQGNo3RTn`o*Sl-{q_nMkd^Rv)7jdG9AXJ(HASwVE
z{&soW_*&Q(W-f+JsO%Q(3xea@c$U+wAYzYI6Cwe#IK_IuM15<&xf?UEO6CA1hEx&c
zZmSMJ%|}Uswf`QfH(7ot0Ha2-g?bwafNo?70hW!oepuAEgP=SL-wb_2fggr*gHg6B
z1YtidN)UBaAD95&Z3NQ!mq#o@Nc*7uGi+WEAu8K?4<m(C6tb1?2w`Z42EnH!5!@<i
z4H0XQB-8{f2FQG%?rD=Ov5udORP2DvGiqc3XsnKVygqFRE9hGh&4iq-_^Uw(Ks?1B
zaa;9|?wX5)7ZR2&5nG{mDtdhq4O0>XF$l(YhK;iX=$F)A?${_EmNTvZvJPiBVLbB%
zl7$aTGdp8&T_(1K4ggnpIRr{@xrm?S5{6?VWHl(i^F~mXa#t`T#r>K@ssH#(;5g?8
zPLr&|XCtZsg!RX9=wRoeK?&6#BqRp(LDq-<r$H?1Jt(UTl)(1{QR#5N3>Z-RED&}`
zB741C4iZK7<8Z)^WkAFYeS{*Og`Hy2PL+gaSO&DEnt;Zd>r8+_Ucx-}4niB7wyYwk
zMMjGmiQZ3?rBz{>K(Y^IYgYz-wc&q^{qP6`H@X5;xiO5Dirht+^yMr(hIXygCQ7Bt
zp=ZXXEUU=Tn1MuV5HiRN8C;^qs*Q?lMJO^#&nt6T#TaxBJHjl-b`5BC5A@|TaWjz$
z=D&9=I)KG9RRChcU&OAWK;5i?#!&7`<U-LfaffSUjw&AqWh7zcfOV6F3DY0gg8ZgC
z1XyDog+RUSYIPS-G$V|P^C5^5a5_=Ho(UOHB}5zTxDd=FTou}6fY9whf2rWH@i}pM
z+6iYf$`JApf8!^`ZE8R_QG}&JAhe0CB1JZV<q05o`;-#-o`o^=Jy5E^xCL{gJak5e
zE!qo$USicB^a@PPj}l707(%ozf;+J<3m9a3&fny|3Q3+p;oQK4RJh(^I5L7nUxyvN
z0hBkHknod)(wIPL?!q$WDu`ecgpsuh=HrTGa7qCcKH?9^Gi>2oVLTDd0+vJFMrh%d
zs9tUw2ee8ao`Fzb|7G%uj%;J|d*m`MLcfNgC!2Z*WXuV|*l7WiuWa;hi6w~gX*A5I
zR712H6ate=bnePXWRfow#`EktP~~x?0~8rHDY&Y@v)k*_Rut(ZxB@|xo|Z#FhD1R{
zZXP=m5Is+*WtbVM3%dJO01NBgb%qETU6dd?|6d18!7Y|BPC$Z&P2HeKa;zjwWLi+g
zd5RJT`<DTu?u{f&i&)3~AdqE&K2*zxMUOQJ%BN^_WCN>yRFp^;B2faNDCb1sQU<89
zkRHO)sS3`olR4A@p~eJ4d11OWj8bFe8Vv^Fsh2p&W8;1UVvsqA-3i8m+Iw&wV*+q)
z1nZU=8yK1cf=I#IsB1TzCu+<EM6(DD5zc%KwZSq4RPri9pZW&PP|x3(Te=gRfG9)~
z3XKxv(qeXIUIzM|CR%h*-39^^MGH(^0tW$>2p{1>R259U$(EJlvp0b?oB9(er!@(r
zwlIeX1;SY&%rN7(2^FmXr`)G2K|~}Q5Ka>Y;8fQTtUrO(Di9BQO9%rzMy|vc&Ol5V
zNjx5wmy>15Q}Rr_i}le;|LRbFuVn$t(l(v&q%K&yS#!4Vf_ek7tW?Pp&T{gi{u65s
z$dP-_^HQl@O*0jsum|9xrEFbQRo!R<FeMwmH3XKfIs?KgD96@r36il+SIY7iYY1iv
zSl1(wk&XKDK0v$4N5zPU&Vxj=tlH{;k=US1;*2yvl7L3imJOrxX+@$!l@t1RQDkI(
zNE3`_=AA_8;{aT~lYJQiK;<G_$rFOB<A%3lVsb`*s)8tR+ULEv0^pKiyZa1UQWZ+^
zE#ZU@u3FnXj)`&TA5#Lp<BeW@U__6z2$Fk_lDh+f8pCz~rgYiYsOEqX*+}F8c^Ea4
zB1A9hV|nH+CWLAXKQL^2B!KA#cWejP9eraWb&Ugf1;Zu?JMvgsbXd7T-#U7bP`%5c
zde>V4MLZD#hYTCZ7IL)jUZC@~f&$?DPofD;5G9v_l6#_0WCn2ZOEzgx1O{ab4jDG`
zXIMDpZ<ex`DL4hV6YT)z%mTs+qegxQJKwMcNrO@}2+(2J1YxFhwXo>;Ha-MF35L;(
zQ48M>8BD?*>B$p9Y2oyhq79|h*+Ymh+Q}2RT4~Q-U{fV=9^b<WkWoeZnxh1Z2#qBM
zY9lNQD8g_Fp{r>?5ge428_Ie>=pt+K5E`i|Fw&7%F#5+S5<wS%LU$a<NU^w0WW*?6
z)(4e;ZVrbF`;@J*Msm@N@CD!9Ee8J68wzENBTP_2Fo{y-p@~!zI~h!kj;0nJQA~N)
z0snDZ_7jZ>6L)VEI_3c)Nd;l{9DfaZQnCppeGN4*Ap>m_4%r#=7nQ<=drHp`=oa5W
z=n?2#xd~PvI@-4h*cXD?m0A!PY1M|p8_P~4Lj)?rDX6UuLK(iIGC;j1=Mx$@oJv#P
zS5;vV*6`SSab67q_71=V?D!5ib#gXQ?nU63<tP@Spd-Tuvz_CRKQxSOM4E(sykw*X
z^=BdE1w?*=Ko5wEgH`(iA~!)$`Q8J)kOwsjYl*INq2ozQ4PwzWz8iAKu$2P=Ngtqq
zm-Z8BM-FPov~vxD%ppufz0g$eCV*_pe~Bncktbk~zZ@8t9n=H^3!#u?bAUwn(GbA2
zM66L4Q3d4)9jW*|(943)gaV2|0kf<i^S8hshRqRX?0Fz^N6kP;0Yo-W=7L-ugj^Xx
zvtZc9;q35k48-9ekzY{Z5`<9Y_5URv%9SL}l>w1<a#0j2Aqs1WOtd!;j;I3WWq%Q`
z1|sEzA_eEd3>%dLV!*Gi?f{DUON22A;|Wek7DO$70gRquBcmf8**X_No{bZNB?2s7
z)ep`##0ee88U!Np&V$N%L1>v~L=;01w4)uo40UNMk+1gpL9q5gun5ZriXOy)2j(E#
zSfhgg42CTirmAAw)e!eELIsusli@V9=r{y|gDR2ZlZT;<n^4w?afhVtJ_UbB@fQJa
z3|kNC&ahBiu#wPU6d>vze1PZYF&+{z3<-fb80>a4D<)>!5(L@#6D)@?Y*Z6~7QZ`0
z>pr1s_#j)O@Xue^l7QoF2Y-+h!ertKL(!KW&;LEzvY^0hFbn6`lDeiyWTQS1_FS0g
zt_-RZR6*qOKb?HnFoXas6v684RS@_?)*)2#BtrH#2?$ZoKs43W)veny!IBZb2BGVq
z9Su;}dE<-@ZXzJ)3g@g};$Y0uASwzesITUq0|s#kreKE6W+qfm5{!_<dNx4yoDCLo
z{?}+8pacb$w*a!ouu&GmkQItD<s9$veFwqCD{>OlkDNVZz5~?044do?sGmxheN_R#
zjN1*kX4aR6LPZF>EYyz*3cE9iZ4BED7-Ba`N)4WKTLC!Q2@Q;4lf4buQUMbMQuIp;
zZocCTdx2}lDEs9o`-E}wC5rtA;Pne&Im@t7=0Z^2;PSyvK|=On?bMeFD*C@D@jFTg
zO(-x9GHg_M&7FTWFlLbD=M3twHD6?9*bzZc=AGb*)13E2^I;n}oxACeS|AvmF{R*F
z(B4h|9^g+x=Jin&2<K<PFxh`Gg}Mp0;N~F80$8^Q2-X`y)kHznIDG&~i8zhh!0Ptq
zRXp6TB#Jb$u<k|>vMFJ#MF$&g2L$F2#w!|?S$~-nVGQ}8$(eA+h%hwuz7!}vVM%1T
z3`&L(Vj(g*KUhAF*8UZu<ZIAfC{<N(uM2SyDgo1PvfOE4OIOs{ns>}%Y$#+?Xau}y
zd?B3k8E%2BdqR^Vt~*N500hUIbA~9c<AhK!2@^yMX4S!jrCu_cW_CfFy!IEH6h<95
z8Ajpfgf`g*0dK0Ws)9SFo~<F$OBqyfegVojq4Lm9V6DyZe~e}TIS(M3-%*@^{FLEL
zXiR&huH^wGGi(^=VZav1+y#Vw0)HR*h59(La1bcKw=6N=&~uxb&}kc^#6fni&AAw?
zbpc_eq&m9fn5=i%*~Qj%SbnDuC5MU4$Vchi;B1Z=yLn@D)lY978oT}a;Ox@_=2sei
zLdoJu;Gv1ndkzEZ(tdk|p{#&8y8~##D!Zv+zn;jJOMWh7LY~K!rY3MAR5PAzTe;@^
zUlYR@pFD8QC!mWBZn=5}(oNBmDK2XK{=D%KtHIq5f||#kFW(zveo`hPtp4$~l+0tU
z*6lSaH>xu?3lPxK@mvIhQlhE8N2c)8jb@!DYVRYS9O`_0@>$zut0IT(simp;8rIwD
z0{y!qKINq)HMu{jY!6XnOpfd;1RVH@<sO7`-H~lqO5NsGK_^qS_xlz$Bz_;|OilP4
z7k0A$^oEZ?T)h#^?ZcsNM-E~bF`%dQ0I2wL27pKV?3`U&^cOZN^#wkPUGcU)tUIe*
zsbz?-L1tr}QlZP!#xySVx1nbUp3IrNND!_^3g>y;=eJ&7`aqnm>|EIgz=n*dfB%_-
z?gUj6(smdakZqk8LY`kbzu(L4Q0xz(rHL`y&J;ZnK6H#vX-K-+A?)O#obQei2H&Y*
zMV(=b-v=!PDl0!mjCtcToj`vL`_+rA8sd*z7vxsAe$a@|oWET=xlNvcfX*$bA#&3<
z5!ND;J=@o5p68rfpy&`;VtYh5DM2S$`@nLB10#m=09t;lm^p~-rv)CLbAQGgvUZno
z&2q`<bx+aX9=d%*sAnPLQz>3|L4>X61$vAYD|4B<%T|9i`^eGZP|jw%?M>GG!fd<l
zH=dJriDG;@qV))RC%?Y6kx-e7Vr(`i%TX)g`(681u`xb@9CjZ)LBYLHHF#KnD17is
zPs}vzakHwEeJ0K>`Crdl%Nwo77KAT4`kzwxHk%D|Dw&kRw}x+c70bN*Vph_P>{~03
zvk9`_Rjn>)P~j=<NBD-a9l2^dRlryq>|NZ3Ue7~Hvv{oT*?m<e03WG302!k``R1v2
zzTj?284qIt5YjjFnIbptfNh$LTdyd%35S%|x)yQF6!p}LJnF2@xFfh`cpVflRi~_G
zkR95bpCqmKPgqaTl{}2`_YLqDc~mQspc~S-4b~pyOna$%ftJUT1i=WYm;t&)*Ib^9
z#AfgTT#no$m|7txu0j?&t7anae@H``QiL=E7cT~EUCQR^z5{knGHw;I9BaWZbNcrc
zo1P??E+FBi;FclPr1^^xjTWV1Q%k~r_Gmu?WkmJzPn$4x(GVi|5L9WA1M=a+>;EDG
zB?J}W;7+i^hjF7K5V(qOqaR|HAU8q@<)kn{)}nw2Jn3RH2riQ#h$ni#*0s*eyColq
z>TX)6woNUMHxbNI5K18`;fwDgEsw<sJC#Gr3;~uYyJ75;LJ*NJP;F7>v*sc<iUnHU
z{k<Q8B%SfK`w&1#>?F#WzSZ{nXM`fEtOFq!>9z9)p7-}o_FJWxC_y;~vQEEYtRX-~
zj)r}1%ugGGQo??&pdW&iXCBBJFeB>ZsDL_D+Xs$JV(?3@z`2fGdClM07h8?Wcvfb;
ze>%ZsDFo3!1j10qW*H!(P9PCaRC@qv_#r-JWI^}ZmdDbB`tHQ|D*Xt`7sf3K1OCZR
zn~jo;dw|>BLO}>XD9zIA{X>Wuhrt%1+A6^qz_4B0h4yGmR2R)7B=Z8^qvx9?zda{;
z1}Qq7sN_XnKrjclNHLKDe%h=cWc}JcbWEe5zbU2}eGZgk?F&Mbnis+40ol`GcEpd2
z;=YHXWJK)ji_zOEWe-A@7&gNhs6nzkI*Pgs!#->Iq2O8KOq4H)2O0JNUy8HAC{-Ra
z7g<|#kEoO3a&)wbObH^_rEEs|=+066i-QDspmLuNA=FhQYWOw==0rJ${1vs+`oHkH
zl@AKrTc}(dAp=y=>r>aCI@%kcH^WeFy?+^_I-)`vbzFCQm~VcWNYwY3A>8l9;HRmL
zoDmWLzN3035X&G4VZRrI7;ZvQn@R%xym&DvihsOOM#Qh*RWc{aljM_V(67&uCd7RJ
z!+n4ev*<_xm`jHIg<;gOZBYAX$Sgk@)f<1yyCXz=7&@b}rhd3ih>J0*xi@Bc|FZ|N
zeb8uZBMcqSQO^k|%^(Ei3VLs^c+lYg=&@O><((dpy!@ysS7cig6G2Tm&5GERWg%pw
z&cASqMlNVc8h;TO#2NAr*Ue0n=>I_p`9EOBnHX3!o(1~ZeNA9!B;d;h#3lrOC5xl-
zmLw_@p07k0?<Sppju>+2c}UvnQ-sk&hu9;*2$xV1bu%Q1v`#|rz7IFmBSr}g|3m`v
zUxSWB*o>erlg%QIZrw=K=lTC_`b3nGIhetA5LW=-iE|C0ik(kHp7i&pAU;Eb1JTI~
z_Cmurp-JpZj{gUWC8GX+q7|ZZ|DTXLp@T3xFF;ErqQNnbBKj3KXQH3~zm}SaFHF}&
zzy1?>Dl%Bmn))s6^FJ-qkf8mK23gvNY5)Jf9>k`Nh=1{a&#>RH;2BBog#1zMr!K#~
zsxw_IDVWe>G~7OAJk3&>*896T4!ryon%QQqu(bEs_VLWEl8jDy+5Mbw#sm8ACZ6kn
zUoji(<#KU2Qz!da+AwXYgLTi7yF)Wqne&@cUx%-|$o_QI!8uKAPwy~=TwwjrW$5;{
zEf;;Hg!SKA<kU5o_z#|8R~1qmVioT>+vz!@gD5+bPyaPPy+V@+BkACG|4yEU%s;@U
zLh{c@rXqs;Gm@#0{4<iNi2O5>X^8wYl4+3qizHJa`DY|k5&0KMrXlkGTO;{pLN}#o
zi%2RCGRko)Ov)b|b~}FO)AkspPRWUooChZ}f1RbT`6&hHlJ##aZXP!9EiuyLl^cI&
z^7hoNoRQj&|6XJ$+@5f-9!-xj`YD{DJwY}99@dc8`{c^xhj;=C=IFI1loT~&P%~>;
z#&tzx{FMFMv~&q@6WQ^wG5=3aUESh#4kP_a-VF<%X^uDzSpN)i|D`|nws5{r(SjzW
zw|PAZ=A&Ko%lIU#KWkDw){^ntOb|z|bg;Xk_wbL{dLGx%FyTUlOY8o7x!zHv*kSCM
ziG$eqF<IC4^{#x>&Ub;XTwfPA(_gNmCeTfA$f*_DEy~;v9p0J^J^Y%%&zoDSIim0;
z)2*=SX`v@Cdv{H0o#(>*#1kLOrtGg2y-2qXX;TFldK6TW_Ta08k({i40q5s!S9;|=
zB+|H^4L{9uKBwnOe;tZC6TL3+8~?BeNyXfh97PA2lRm>q7iD>mW)~JrWTw_Ru#^i{
zmPRG}e9K$jxG^w8TL1Ss@PJ&7uGs$m&h<+E2LHmLcZ*&zD?EFjT%9^5<}qycHm}|2
zT+X2}IZEcnz;mb4es@O?dgvF8M?|(?`BIcFzKS|C-XKffJu%42ZH1P<)yw2Y(T2pz
z#wE&i%huCTpukJrlfFsni0d<}P4rAx<gk4A)AuXFWwvnWLWPq}kJV7{mIhZ=ljCBE
zmd>Z=^?dV+Y*@Z-(y72+Uel?F`V3eUPsS5zBi1hskH+R#GL4AzSG0edU!GH0%2za$
z{ov%bhjea$l-;7!%~1e}jM25`BB{%LT5FkmPc|;EbJ;&OF~j8~I{a$-;VtNgzc!%h
zwDJY1k@I!X(B-d4aQxs?1^31<tNf)OJG~;mO?l|3?AkvT3&`3$0A_LNypXl7_F86}
zTW(7~y38{%6pL+h0lx8lGGqv{g@$2pa{h*9qgPEH>Edip9BaOBxqsqg!ePi{a2QbT
zCnq5>(Hak?ktGt3ow+~eC?!c&_Q<iH;(Afrn3{LuW5`1Kwfmkuw6%)e1DaWLoA19W
zNlQ|m6)?J7d+V2>Ro6T}{z|<x2+1Gv?tF^4KG6JFBbKXBq<oy-Vja0?qU}3zj?|Z?
z6**)4Kl^}{RvY8NB?H7J_bA6~>hoNw$J$Yz&H4RPb`aX^r*Uy-P;<+69;d}TH(6b;
zg<T%(017mLERV?k=Y$+37rtsd=FE1jPMy2pPCI*b29W429a0oi+FHr0=%iv(N8UGj
zLGyaAvKKm6eoD93Wlw-XWJLMAW?9m#`K?T(IohA7Iafb)n$`2ZYjD>2K6cgpKbJj~
z=k`Lj|FkyRr57qQu(-M99E$n@^K72Cde$^Xw57aE=IAVnZmfovE|JjAIJ;#pPEjfc
zsp&BYMNE&ctFrTS{paB&67kwB7vR>vKTUQ%4Y!_0NyVMXJ}pHJt6o#K=tK+(%GbzW
zKCh7^3fx)%oI!mzpt<E3%Z-hVU}(fOTJxj((%Q~<AD1fUNJ{^q2##d+X+#TRAO>#x
z`-(Nl^KF*AV76$^R`RS=xYTAO@A(emYW@%mE3VJn_$Xa^3D}IXeO^~lkND@|rFCiN
z_Ec8yolQqMjJ94*z0Ur?$yVgxEGnP6M$akdd{@@>(K7LtZ_`4+=0OCB64=u(otnN0
zkUXNU10Hy+%a>_g*s*h7=jHF)u9rD1rz3mQ2lq+J#vie{0Nn%mo0gDejzmc98T`B>
zZ7_|8G#{M6a|c+sk^4$neXgaY%;f&e{inRT8X|^g*}BXz(XkHFy4GoVot2Jqqd!iW
zWM`vlcXYlwlOxyn(E%l0z_mixL+5Q^lOTfFeU0mLuKhJ9aTYTo7WB+HGj*85*1O62
ztkJmJ>TZcd?G;>fRL6PY1#Qr%##dXJTmwg3$D|TQT*tYGcI3G<L-`xky;?2JPMK~1
z&nwe;lpdN_ex<H5Ipd^#<+leX9j2g~1TI#i<U|h`_`1(z5oG2G($qDmG)m<#y4KOa
zrJN%LFKbb?q3Jc-QyrCS(+v^o>SLEB;xiQ-w+kfF8|!wsF#)#V^!yFh&whn}NxzB&
zU-}yUA?GaRw0!*76D|;?p#$4MAK^}7wtkllR7JgWwUgeNIB1uR%t7_gnY>+SOE>$0
z*|L`3oyMgTM&u?$x-L2ozktm9uRk`w@zT#h>g5;&S@${piT*hIqZL{qLm)kVd;*#I
z-DJ_nP=k+@*T7X453vX)9h^yxFJk^)@Ip#%;^mmT=XdcBW5Dwvl;r;R+AW)|)%@42
z8#D*8F<W{v!Mw-)^HT7@>knSGc?q_39NTo@0h)ZLQoF^zc3=NzH=qQrPU(aKj~Y+M
zD_uX6K}_kn4(<9-Q?HY|n~0;40797+_!+8wzpV?m7MIzDJfNi)boB-$2EFnPPupqW
zD`O-lG+J(yaBwD>>pAoBf)~E*K0mhsg9`Z$1^d22q0+!pB0#37KM_2Mi@K*XE&olU
zlKf?fXl+l<T9{@vK)*kYXEn{DPJjrw@;1-#<*P`qw^gNA(s~~w){cg4!b?H#8zsG2
z=a;?cq`0%6G6g}QKxFons3(mB`WvmjyWAf6xu5F=MgLmow`<T{em8RY8r&dwuIFz^
zDs)us<1Ehs3U7S9AtC3}V5=VYMQ2cu4ey1T9AyhDw|>T5S~v5P976WV2+V8CR_b~A
zd06n+{=<3V9)nvSLZA8F__=7Ts{{LF9kXftxEpz8C=s7z%a*iD1u(CCI1hv6Wx(bB
zU;D$#nUE1V@3iXF;ZwkK*T>4lLnDd)O%Wc9%)w(A>D<@wFUs5;O8WQaAYttmItK5&
zk`B9ja=u?&1=uCKTaU!Ayy#?W`5$=VEoHrqXHTKCj}c#W-8_0*?&YOfhOnA!Pq{d+
zUsw2X<i>kT-3kByob3SuA#cIBlseY17#SmX`H|w?K-G;K62!j#)UVIKd|oGs-Q=jX
zIlbO;eew9xYjmj}k+oG<?MeD1_06_+V#Q3DHmQ3OS(w4&3ijxJ&$*j35UQ#}mp92W
zG}mwRy?C2RRz1$>=MwBhcaSj=D&>?>p6H`!eeOc%ki&m0y?3Ikq5SZ2T}~Ei<%KSt
z&!I-i%<q`aAuCU?oP5f@dF4&^<cqSbE=L|$vfFj%_>+4~`wmtK^`4hBFZ*@6yWrj!
zKyCqU6S)CCVB}3RAiJ`<PD>T8J9EidnjZ%`@KsK3JYlXf$}Od8o&U9=sP8Ggl5Th}
zz~i9LoHAyzd)Mrah8NPR<@=HVEuL#~{pXBV1j}q%2sYETKl--O;o_jyVdg=%OPx;E
ze`JBfp58eC{sY=H*W>sRb$I)MeAcH<NUwEJxqi}_((%CaOHuY}O`P&YhMz{PjRd#H
zujou)Zhqcs?C?{#b?{GPIY?89Qs<6>JC+|UP6!~q!p&NOsy#|o;(7N{K;PcCEn9{*
z*O^xJ=7wGcA8)uVjd$RxGt65QD<ea<0fPK<4PKm#_$&=}XtX#Ds0rLr%gR?U6Wige
z4NwU}DIV^spX=Y7dmoa!z^14CQ9mPXQM`<gWpbzk_aF9vkn;RAibnG7*8lY%2nm>j
z<i<YEu$nQbmBLn)BLmZ8<E~JZ?WRE<+l;{Doa@%=Sf`eYe3K5H-Py2$ZhHjfr2tOu
zM!j>zcJFWNUdu0LA{RV}&*F-(6Ui@e^Ofop_2YofP0=epb7EabNU!OW#lX63uIpM3
zJ&ikY!TIg8!Q7I`Od`2rt1w(`E}c_Q6qVY%5OLHt70DO%JvC6%CDTx3XC@3z$c>ac
z<L2eOPEG>sGrysl^j@~}Ox^0HqDs{~Yx-S$y~A^`G)G?jn0KK3q1$aaX*Oi!X7O_Q
zGO00%G36?fJYNO~Exr5tTt8fOUgx?@N*vVgwaYUC(|(>gnfZ3-;DH_>$P}{Dm$2yt
z<pO3q`$Nqjo?Vw8n;G0KP9GN?)2x284{oZF+ZQTW{-AMwn5PTCbY$g2t)RTY4Z7j_
zz_jhGfV)p>NxN_>;t3xNZ@T(pi{0oNCtyg)HO0Da$2QcAh<&hjtpK~-DCJ+WYy%Uj
zUTp^6t~sE4y)HB-t<G_Iyn{9Uwu1r{8pWG~;qFVNWRqsLLq>Um6=RO}Yk#nQ0K8`f
z2;7wK#gfMBI`VoqTRZ`Iyf<TSg6PN4+}ye@kB-vob0#r~P$$lFk@IpCt(sp|BY{3o
zw}?023<j>djlXH$tCb73@t-3N%)6w2fx2XK-i)UklX+Onz8aN%S(59Zq&ZLB>cfv!
zJ2dW>U43G^M1FksxA-*z+tK?rz_vx32Ikk^RSLJeE*wX=JzEP#GfSTzp|(}|eQmf3
z@}i;KXBV5$k1n51odgW)hnzd}A>@6~pwf?29cvf6iQXObvWKbT!G>8=DSyAEQz*-A
zCd2wbmLp=#r+Zzxlr82D@)iNr+XQ?b>)DXr;?(vI_(|i|p4P~1FJ;_ceuzxe>G|^O
zQy$%YKjf6(WYv^HBQs=^ocKpIKr&xk`hl8pPgZg~_~WL$ZO}V;JVvVZp6d!a6av|H
zmu~r$9n|VNv9Dv^V78O{G=3=o;GP<YGnpw`uv}d)*g*t5)_BEH>BZ((noO*Xt9jv#
z{M?}<i9wM=R!{C-1-3&q+}t+SZ)KI!KVcoSvFg;&>z{=W(Fp-fVdPzrxT8A9y6}u{
zNcUM?zGen8POhv{$aP*}?j2@qeW;r+!x+TI_RJBFZQkhzzO78@lLJF}9&zp)yE!5{
zB5!}$IY#8Yix|lMe;V~Bjp5L*y!))Y`j@_LeuYp<vaHsYEiWk2e_0<=zuk2KFfNk2
z-1_nyKT!T$Ydk6A-!Qy0)lJdeufuW=aJ4^;^&WbU5@6)2Zl9(_Nq<=c6Vg>7+-mt|
zYZ+gVSy=scIWK4j?w`lH1c1W2J()l*wrec4)Q%n2>o_o|rWZfFgU+WYsx&6$V+B=A
zMAY;`9X2ck&$m`KwhFu|`MNwsX5BD{0~Fs;zPKM|gFyQ;mFG>yLlwl{yKsUu@~2g3
z<2NxGa#*}Jk2%i`@SFvvL1Sk>92`!zII}lvTbBC>KPZ~W4XUBQjk;c)d}A+Dn)#CN
zYrk6FumD{R^J6EtV+gj~2fB9Zftd$+L5cn&#z|)o$}93mUaF~3Ij{`<4{KT<2dP9j
zE8l9APLFWbLnl4Ixf_GGQNeaD-cRoO`@3xkYI+BmkqU>>i?K4mk6NK0Swe&FHM!dc
z<dv8Bny(a?b=}&x)qPA55acTv1g4;HW$tg9;J}fMCi6ZZbIMYQk}8Frvw=PPmp=c{
znh9y{hBPfvn#?x827)5Sf+~h8h2EpqOrv#f4^7%+-9EYWBBvVQZS1dra)a%)Qe<L8
zs`^iC0B+5N$~yaWb*b|3`O3Q;c`CqA<h|%3kmFpOC+cNK&SePq)yjan0MlT1=@^kp
z7fu+>Ub=ivty=1nvkurCdr_2HUT1es+i=yA4#5bz#7&W;nTL6-pcrZ#Y>46RwGsd^
zr}iiyT^<*pC%*TXQ{x7E_?$n4r7LZ0=x{9E>_^TUx7-n?^e-plP2UKt2O1k0QMCxZ
z<#si1YnFSh7ch11i`|Kiz8`Pf0t1owaVn;fky+&L#({G6)a^TB;oToNBM<tz!WrIv
z(XxXDQ5grVR|7_<3+!8*O1>n5G*3+mw0=}#b(ek@g}V}s(8WYK>m_GEI3Xu(z3#Na
zJi2xK(LrD=vO?bzQulv5|2+oe5hVXW4BbY?-aRyw`KoTWrT8g2fm+vRL?bfu#!p++
zP+&ZIFp`ngo^NRew26!u9YB|DXgVkRfZNO92MX6&pH)f5(4TuxmzqRpN|dNvb}k0>
z7y15`o`6)HpfCAA4nr<_5h(lD;~{Y!w63nI%1wDWt@ZXGb_xL}3-|e)V;cBz?DGnc
z50KpD^r{tKgtN~Nb>V1Q+8k9=`g}`Q6e@cAy%DV=kwayU0-%H-=c&=_ljQ&o-9s%U
z{YOKqzNmu{x-M@5g=e_T=ejQf)mzQh!V~qUo(O$<Ktp6ySWB{hor~x)GFQLouL7-k
z;)f=H73f@LLRy@_+f^Py_-lhkmfnlZkn7QfrPsy2BQg3Te76wF)2&H@6JgvSve`{g
zgCKjorSlNV9LF5*^XIKCO+u8wLlT&W3cly1FJTrp17aGMhu&>Db~b03KZsyRa*p-)
zJ!&BSRG6a>YcFZyE2(N+q4Ee-2IxU+y<35TC>sy^L2GuIkTzHYx!d&s<t}EV@yV6+
z8}}6H{1|kk+5@$axwMo*Uk0u<1t%aC{?>!&h~mf55xJH$ah3MuR5uL6DKA}f2?t@y
zO;y{^VX0(K<mfQ^Sd5Aw>tXbKoBemc0w&9=8&=B9a$XGeO4qu4fTNAfLkAUqVm<1u
z6Z8nYU4g2)z7lYmujjfeIAW-K<R}D`u8l>3VYfCgk5xVrhGEiU+_K;RFKITy?Hy(6
zTykg3lS2RuoWCZ2g%)@m-Bh3|_yEe>A>BKErdlcd9MjkYNQk#v|I~yqi)$(0Yt#&$
zUz1XUO0V*Hn-TA+#gccX3QsBk(S~Zcz69_}zBn;t&AZ*oOAVT~_|>fIM>aqiKIa&I
zbmcqSL>GjiC<8Zv=(AOhKp(x<EgC*LWKeWei5VdmIO;}bLgRuDAAS)rCjVjWDBCi4
z%A`h00y;BXVDY+Ar{Ah9blgQ?CHR$_1?t<?v(<XP^=H<s(`7e7GF)*BIIK~pn@NUO
z)~#tGOaMCJ+IL$ZLhkPyxP)_T_ksSyvM{g|YjzcZ5=3hasHz-4ziAqO(Umwhl>}ml
z0IN&pD((X$$kuOtLtx0KW(5jdcd*SL7aTfp56H-KqnmeB3&c74RtT~jIV4svEFxn~
z&x5+sU?oU?WL^4~J@KGqI0URSVzYacMe%^!jXb$5cSlYDB&&LGXIqN2gyb}PVukjk
zf9WwOcMz&z)on53ggg6un2_3p60^_aqv{qV0}59FtRAb&`bu=Hr`;DXeiYcnh$tq?
zvG#5r>DTf=iAkMXTQ`(FRKC@(3uPGy$~jIi20|_bcfyjzVqv9sQ>Mo(P)-gEgXAXb
z+MQ{u;PgW^D}V2K{R`pGuGuhwKsJ7?E9=yb5vd5;4+f!Yh9dyeYxMxsK=*R=DV|+w
z+M$_UFD||W<3Bz5rcO4_O)e_5e*0<odYQ4BhIL6Mi69=+Hyc?<2E!v<%;L4TPF$7W
zT~NU_ZFb+~!qrwCrmhz`ECke2>(lLE9rPvBik<+-kKjgV%7qv~gGU+sN%vZtD!(wT
z0)4_+vR%A2-(-PI!%YU@@{IMg@}O1w8c;nre-_TaHn?}1x;+&EG1B?_!bu;ZZbN2&
zMEbcdJr(kC5$MVt7!<H4_*9TUUb-wu9+{uJ<gceIcHf;U6no$zd2*;a8su0thbz8s
zYSjV(g0+54t8%a{SLw3hFTad70)mcCwymKrvz6Rd(`9!stW7V#Wq>psKAsztx~^^)
z34BN4w{H=M`{D*%uyB*N6IWZqZ*Ux!*_P?Qa9%ytiOIIA4_JD=enko=-Me}g&>-(p
zRkG^dS}g(R9#rx%>BVhL?ow?{cswHWRsKx0stie;DiZfxFlX8pj)pSspl*dnczwOv
zZbj;q{@xBC&}wj-{D^|BpOu?-O>l%cpikepxd4fBRV4)_OU1@LZz?~_p;47`qUyGP
ziq`88P;oV%UEVKUR^(j^<Kr-hkL0AzvWm_xR#T&k;avca>&1e*E$4p>XF*#hOT+;S
z7`o7W4=9}4+{EF2{Y+nhy51&`HOH^Z%E&mB$lRu92q;txu%sdc!y_`1-OX-_7A?q#
znDW9`0<C#MfYKRQU*&vpfLVvGJp=)sJ5RSyAl*mD`7YESb)&`WlB%Wc$}sJ@$88ZC
z8(R(L<A;?(qcTW68q-n)h|T-I3OiANAs|$~_b?Wipk)pC=u&l?D<;n*bei9hJwO0~
z?U$B_Q{YF>>q(eTQHEm$lZ+b<&{h1P8#xLf1^f5zN&jLRulZ&-#)qqqZr|qWt*vM&
z0Du48#(nV-6x0FdLq^SKuqf7>mpvoT^3B0%a=2clozTH6rC(H!@l58!1h<9-4}JSp
zb_*-7qXi9$oWnSA1}|pkv|6f#Pjv-~Hjg)YzF{t$5L8R}W2Qyj_x?6lO5=2it!=@C
z6Ew0dD6viQROSt!r#pJ+_N`qHUI{_psM~1dk6OI$*XazPiTe=buBt{E1Ca9Q8@UI4
zr~rrnyDeVF>11MNMcqOK4>U5^R;w!IUrE2Z#TQFZ<@cxE^-XS5!<G<iDA}IZv?XM4
zNwWZFG{d6fh2ldyA>86M7sxnKv@>u}C-v@C!!3a)0H_|!W@$L0X{bSP7RKeIGjhqR
zvFRw!4KP2BfB6Vwn9QZ7r2pL6pTQ72Z|p(O7k7njqYR4`&?xge<_$1Vl>b>=QAWUb
zi<}SA6tx3Cn8Zr0uL;HqtGbBO@>6%v$saK4XVaNTR@x_kp2;0b&owBm*G(6)t0Dz6
zMvsSJ8k?>N=j5Q(UI5looepvZeXAA3waI)KXw#lc60caqlrPXtX5d*#_!N{>{{D7U
ziWW_shFsH`?hVA1GoT|fDp0+)6%Q9(|INVMeG(V?b-4Tdi1Ew4F(``LwBf$#WRp2w
zVpz2MgGq4pT67WtNS)g=o!c=xTpPclf!q8H#Hl6kYB--Zor$5(I-ouPZA@E9!5dh$
zKW5cA8qhYTB_d>~Wk22@ERJ~%D$tmI3A_gPAe0>T$1n^xq+~v5NcL~iK~x8=R%*He
z2QFjbhb#}4u}m6@f)Ah$OFpJPEtHVLc&?&!sP^w~Yp1v=(=2XQ`WL78>B?^R#;q<F
zIKYv3Wwe?A1RU9pU1*dxn;zMIe8#2B(Vi?N)mLa*+zC&jiMS1lsQKnPCZeNA!_NT*
zaVp#sw~(&=B2J+nS-kKJOHDsJ%en50+tjd34&Ay44g8dnI6<-7EMDk`S|4S*?Nb9X
z$!8@NVW}-ux1(at2al*>)N(U`6J$M{T2P0#;jHA|gjRLz4LY3%uvo$rb4n3~c+#H=
z2izka^Sg~c8{EOIX(-$;_X>j=jP)t*k#0w!uP;8c9%FduzMq`W;Peumm1Y2ZRq_X1
zxz23(-5peJ8>f~;h{qRPM@>n7xz`3y;TeY#3S>{|HeQQG&`InY?#DIN`z@R0YK;V3
zNCM5U92EExllq~D;+qd(=_da$P?Ow#R`@N6qw01|is-ai9%aEw+#Wk&>03t&u=1VV
z@zZO6iYiS_VefCtq$FbGDEaTfVoCMwsf-xD!j&|B9olYA04$6^tIdRopONu;bm72E
zB>1^5>^zSHLvlY&)7Ydj*vYup6~Jhbr^G9OT1ogii`ShxlG9AUW)6;F1zZ)iG#16G
z7Loy|b5g9PO>-#sWpU$u$#SJFB|{MpSMu)~43eh9xC%Z|3AAhaB5;M&8J~AmaG_a<
zR`N{Zo(Fq$6L<;{j03;!$dNETO`JA1GoI8BJ)~CP6$1A|m^ghn4Dbk(A0sGsXWQwi
z{n@Lq_)JcT0RhSK&P%Xr3|jmBZr-u$(-MlT24*ni!(a*%kwLPC>pY-=iHF>E`*qXI
zmmOcUHrx!VO`VCW_waHn^yBkj%*WBwu|MQp=Y-K(h*|+tP&LhV!;_%B`A;(%Y6ZRk
z#;&U!o_QT#iXrENX`@NPblkb|a4M_OaIw&brlg;lSMOaxMV`!w1el4y&peMn&0L-I
z`eGsa>j3cam8aHD6Y~YWSZ!mI{nDceEAq(spiX$64d10l-%RXqDOI5lOVcXE@Sf26
zQ&X!qN;JL#%f55CqF0)h5oa4OKC@wJphI4?VlF`e@U^Az()?id13%X#oob8dxd8Tu
zK2i&Wh6>c31Fm8&$Ne94x#^S5Yj~w?m<&~EO{4B%dZ*rUD%;}5cqaFV_RGC$FM<K)
z@rZyCnvtl&1sDf(wg;Fs+@HOzd%6j7=iqhTuEQ{w)3PFWr1G2Hs9#K$^I8KIoyn`v
zt485%wnpgBv!fWZa`PST4M2HfxAD+FI~LYj(-oP9M~Q(W+Tp`^q-U*NYla1v$!wg!
z4b?erG90lma81`sZxk-zd0K?M9|yzGw77$WZCi?3ZpFHWi_hw4F_Zg=>6;j^UQFMp
zXYjQ4V<#S-JRg7zWlu{vzryldUMp`rRfFW3W^u>|Mi!*aloXc~GBY$=P&Vh;vK`-j
z!lRe<mXnu1wY}87t@OROxlOgGwf|!Op4P`=<*U#CKo;+DGckF*IN{IEEV4U(Ik0M{
zeL$}=K8GNm)A6Eb4txs5uf)k_#geS=M6JW(N+5W<QVAoBHe-b?MNyMw?t}r2@Y4Mf
z1O2+wCRs=*T;Bvu_FgQhhXafE6$0LJ^3yURr5{g3>uwqAaN-r$iCdh7vPojo0ub3h
z1S>^kGdK%3B;gONuGpl6RsWM@q;!_;MnCe<{N|$&fn?cdu(My@G;VK87v<r{f_;fb
z4TWnu2bp*>;W=vW*t@oTKUNB*RmhcJo^Aq`G$v@4{ZY6`T(}#r0Vc6amceIgJO{mu
zf@|z)_zvlQ`3e^4r?kfIqiB$$tkRg}9Q5qzQ}p*V@ZRRzHPfHqN<EKr(G`UI*H+_I
zXxN`j))Bw#P0`0|@9_C*td+Ubs}iIK*KKVOXJNc5Rz;I!gt4jJWRiSmMA2ak`C@0}
zZO6QcRHs?<Tx_~$@ts+VWujD0Y`$NyWW9%*z7l3Slc-W&;;yYgo20CiEU#QVH6S9c
z!B_=CEu;|?1O#oh@r&@2D7yZK_uNJ6xx@5=zRI-F*1H8y#STgm!t?Q&#@YQ|_YLZO
zF`g$8MZ(Tv!c*ndSmSaNap_+Q_YFLs+zmYrbHIg9pmDGVyaZL>U^+}=_}YTwV%qq%
zJE!Hl<n1`4+B8+hf!7B<ld_vSaP3Cisl93A+RmTuNp3jcp%M55UlhDic7Dz4sb*=|
za~Fd_g|<plgqi8&VUyi)-rNu4mQxeK{llr0fvC8dja<g9cBD>DWx7`W5X2`@<bovs
zVecGFr;~@K!gYT5g*$EPHz72Cz}a|mA9zeI#A^{6L4(riw(a>43vgQx;lW*Qzr>rq
zj_FV8Wrq*q1nsPjm(dX##V`>pIKdxi%`*b0xB<o~?=|T6)I;{)#&=GuBy4mr6vHpZ
z?jldz#4KRk7_%Z8LHNI{9H!w4iFw$(gW9CVdWVr$d*X0!-Axnd6a#YXIJt#1awnmo
zYEKW7%{YcD!|`P-{mooc4F=(Xmpec^kp;tj1THe*@Mo?W1Cn^;713JKZrL~R2qUKw
zxHR$MRPU!8#%z}CM>9q1#|x$p?~f0^3U{X7Y|g?pN%N=299tSWMVRiE(1e$gobD~(
z@vci_<_$<Y?R^L3L&$BKHC0K|ZTuw;x-P9m$Ss-fGB(R`Wy@F7T){C8Yy_RssGBkK
zCe44ut>ttK&&m4!;9ZjTtFU@-(iyUBxF&5hFErvggIa1PFsTcANUp?DXY>1$o~flE
zp5(gS!R&6*DZw{zM8SI`g_Dvn9g-dHO|L!<;kyAgt7?W1d*YgJXk{=yo*3Eg7<0F!
z-^GT^Re`DQGIrXe@u_Jz1{Yysl#@S+{zl0u-94!jb{K_2zg(cGLW~m&3=~g|8gOA}
zYF~0CUR1Hsj9DQ;xZ+F*yktq&Ea2mrLEBsi3Ii;E^cqdK5t2MM#~=qPNyN{i*`5*f
zr0H`mvNP^UQa}N%_V_dSNA7~>>rQFm3b^pf5!_}@=kfB{_2YDlQiYd~K@0bQDgGB8
zKU@#N(qlTPzv-50c#h(U3~`ZIJk6h~@NFm2pn4NeQVtEp<~N37k<-=cjGL9zEwt#O
zDM0@b_Y0?E;APcQS_i&XTD9*;xXdEV-MdN|NQS4r@Yyiy(ux-ssU_2y#bb|b3TL4l
zt&*htdc<8kBQJECVTHS4*iz;~Y=4Sk{#2X8KntOG&#O=r5qwt6g6HkYVp-t3I)X`F
z_rq$|s;FS4WU|3}55-T*;U!?YR^^BJmh2|nVr*>Gr-dKVc|80y>$NV!3rF_7`0kNO
z<f;O2Vh=bA1%69!M1(%>tUQWdMt(KgSbU`HVBl4Q_@v?nf020Esr494vQHSm)QH1$
z0jB>y;oK9rIiq+LErZ1?8xk$}Ml-OgAGo7>roWNIt%L_({+lE`ast7L@vrxAqGc~~
zp%Mu0*?5GR)V(SU$BGQILldsieUj5{YI9*0>Xn8CYOKw<_@W#6Vc-=6v1pSnAAI;y
zT1BoWGSGjV`?N#N%U?5L81-No7y04zg5`%)OaI<{R(eB?UX5{@yl=fnACj#}^C>En
zo_ujkU+!*$rJM73Slz{MR+W(|vhE5pMV+(U!_pPrw}H@~+xzKpbkfB0=5pT=w*I3d
zQy%h26~VROme6<YIVSVVJH|pvN1bmYWR<MaGa+p+A2wtg%kk#+ndkU#A2#>;(b!j;
ztXfQe9j-zbiztRFYOLPBGXqb9#!RGl?eHEanfIrQS$x0P?k{&epEq_&w5X!|)Oh7C
zpB|35tf&+8*KfmL;7suXXDoCoz%$t)xa2e5kuMCM#9b_3+wFG6BQiGMO~!{;zhJN?
zihJ$$hLuY>F1z@YjEF{HlUbS)Z5%P~sCU#@TXtCB(?-ho2=3x{cffnV+LL>Vb{%Pq
zRP|#~DQ@Bl;>fKLo>19ekUds!8R0^sg8k12Hw=NMaDQungD-8`EPEB0c>B$|2OEkv
za<)Ew+R~HM8P;v3@8afVq}CujvHkUvZ29=eM>goWzbS^}n<N#?@0qW`mX~DjU7drR
zNU<*3Wz=Yv+|Y1kX2(W%A1k-)9Jg*KkRraT#%ue18=P-S&ll+>o>MpuNWAH%z4|Y>
zYWGYeZU2$L%=Nqn`rWR~{1~<2d2UR%Rj5m&im8j~>&B6{V@-W-DuKUQf(ImZJc@Aa
zmpIt><JcnfSDUSxF|R;+IFVc@*ZKMW=AON4D0%x#T{^iM7yF+vNE<%$sWF0+&VI?+
zc=qnOYb?aELJ#Z|gYA&jh8f86c0Jo+>$1+L=Nv@XsgjL4X)-ZZ3XKPb&@Qw;<U4qx
z=*fIdo8<-91F1GYclXY*i&NHgoMp3l)ZSdZp<ZtA`#wRJpK{F>K9A_llgA5lVMkBS
z!pAlwY@%LO1jtm?p0{muPHy<QfJIeX%(p9o+r!ECj6u9ZftVmY4Ojfqy5mDw+u&;x
z<Vq!pyDcl_6%kcQuYR)D>m*YdC*M@3&+?<^V;Ykkg+6W^-fu?}2K}FM3ODZ+8Z6&w
z87f@@?4FhSE>a%LQ{+VQ*GO^-ic;`1=3ZK`w6mdS{*<{Eevz@)i*r}OlWo1p_}WeM
zbznNO_v=32m+jHzK?;hKuA|J1r*Q5X)pyew*G-hUjU^cxM`!Vr?bz_xMipB|swxGr
z1XB!(j@dRI;6(WD80?Z!kq<R~B38A6tC(&>B@#Y}%L3L4QfZT1WbiP!KVl6N<yL*`
zk+vi389AqH5uUw+%UzD;wJNwxY!|*ue_IkM4!2!%4Hg?(#!Qz4i0tc?FOPk)v3zV5
zJGs*F{?Vjym#4{reHo7}X#$}CpICrJ$=*vSAgphn>Z0GPZeP3*u_2i{H5w;3B<yBV
zH5j#b?jHdeUmz*z9lfQ}QiqCO3oUV4oCG_h*{Ml#B~Q;~E(N<wCpU@_?j!ruSo?oR
zyed$b2574+Lb?tg3C#pie#PO*CxK%g?9CU*2*{<uHTcv{RSz(lybiy({O62A_~u&;
zI3?0@a(;*YME(de3R&fce!XuSkm^r&cto2mP@it1)u5`Uz;(*r9hpU7*RUEVeRm`Z
zpLRZmR*gqS(s`JauLBjbj9Z7c80L(v0(W^#ZnTn^)D|(R%1M_2%cDI5+Myo|b8;3=
z0gQAW*YX3M7TTJYg*8C9vE3zf)G$ZSdrH+8?uM;fk^CdL{UA3e1J}iYU0C;q$(hV@
zp3D(A9<;}nT(ZFox|BA94wrZ#fKX>O^}m^2*RXf0^n>THNp7|f%t&}~eZm9Qub>EY
zeBs`AZOPQN9a@%ekGB65ehlT|#BJbtj?aeWB;f`|x>jn3kFd5#yqvbMS|J2A@+z#Q
zoMoC6rTD5@_L?G9-sG_ytQHNo1)gTpBVF!_S~A@bNCo~jllE(zyS68#<7eCw-Gh*Z
zM9NPmHyoRWZ5EELr*PlVD;TnYf<@wfGmsBqPHXWR>(3~GJy@-Mc88ZyU=0^m0g_e&
z7ofTWT-By7mVLvrB)J;aRJ!=8$nsM{GstDxrIITd_(j@FY)acswhs-(0(5xFS^=c}
zQBO-bG7Y6~I7)Cq^$)Bk0IX-rGCwDhdOU^xaE~5+Y&$p;9;9h{-Ir5!z^B9~5^-H`
zZ7HD5u796M*4l<GT8Lz9;E4qr??F?R;bbC3jc=*#o^~nlL?$-ZtJu5VV~_r79HeID
z-AKi<X^3vcuV5v>dF`MkmSQXBK>?<1>L9aYNstux2>2!KN?U>i;G`2@;`_}r($0+q
z!?aQX+LCm*)LsGP#PrP(E7A9*AmnN^%?n`F`U%gDkK2)N_+sB5y5SG8SYI&@F3i#*
zMI7rMq(XPPbO*6Hhh@sEGpn$|=7jJ4IfyRpD&TLrBz!$L{5xEj%EzaEy5<5i$kn5M
z=Au(Bx{<B05}))ChNuKQC?sqKP{iGx<$UMqx#3+?oxA~?l#nC!TCx^kbH}vX?###u
zpE^0oX_f`|4vuekaj>b|dwZ5)fX<tc+`+@ST+7X78_(97Z8p1lx1rT+*89E}e3^Wi
zF7IuMFbVOvW|%ogT_=J1wyb-(vHZ|5)8*T&E59_&t`gB01_ScP*GC3DJ`Y}r1)Hdf
zRpriEWN*95fx<&m#6xbdqPH0EKdO&B@?onWdIHtBR1kT>T_E!_*>_5`Cv$nA;c3D9
z$oLq{32joAE<%o88jIwU-h`h1=TC1Sc0c2#J9TNobzC_02g@F?ENC)0vXQ<F2OBm@
zuv=SqzP1eXO~7AwDcX2&2Dw*Dd3%@XAHo=$BD)6Q!4<P()xJ0{-xCFqIp2mO`OZz_
zMH1(HuT|ya(+0jM337>F-DY(r{xpW%o8#DAsw}bFhB0r*35305FLX+9>Jng&1X`z)
zg{n=Dy+(;655@g~Dl{uOT&79tg8`!<mU;4UM$!SaKjp+5!2H+zubw^Am=EJduOpCV
zhM+M85#KO>F7j;4-Spd26;$vH12NXGE={y<9nQ9f8DKlr>W7ioRKDGdtQR2%LyMhn
zULXPRMg)0F`re6h_sAnVzDSpr3@Kw?${lifCUReH^Uvg4OyqfIO)Y^o$lhm#POXCk
zeShT4)aY>J?N4Pz?$;~luD-g}QjmIZ>%>HKmE{rjWymu}g=5;J>*Kr#xBRXF^4n8C
z?w_gLxh6|_LY0Z?|3svQNpBev+vbMNqh7pbzJ#RIA3#WKfo_h0j*cKci@r}h+Ajue
zAbf92sC~i=sbXLy-#7%3olbU^Oug2_dLi>P9Fy#Mbbcw%C975^ZbZWM-S0qX$;(@$
z6N=BlcVdEeP06ZKZ5COzJJ78b*A)2H{^SoMgAAbNoktWA<b94W!hiQ76L^b_3}$7~
zhpZ~&Ps6umqAm7ZfaAyt`~zZ9tq9&}scBVtU^Wt6`E{j}%mL)mJ3z-?60?fs_NK~^
zcfiYG-2=#i7m;5*^L{5W)u>3m3{w}a8T@yBXCkTz&4_%@E9NVv;LW{NrMNn8Ll-jt
zGrVhxAIlt?@<Hh`iafUqsoU(&gv6%#0p2|$`9hB)<ZR$<U{sQnU67e+=UtoyJ;1`V
zY&sV54$UCjSP6nNzDSFdoQs%A5(2iSx*eDP_4nS;LfUZlE>=J8-=Td%I%)<A^G`bf
zkssd%+nZfyQzz_tS$UA>hS=S=ny)Ma{l5h*LI)Rj29_I}>4$!Re|CbmPA(|koOu$s
zRMq|QqoKavycZ$&&n`kpteDHHdLP0fS$Mz!L^ZuFl5gv8hvL5heBIPV1A~s*wh5U?
zy*?9Ja1nE`;A2*mv8QWr2Yb>YU8;#hH|qYb{N}v&E@U#!I`@JXiM8FxL=qZS-Yy4>
zLIU$Q$`NqJT6SH`X|@CZjQ)5({*QZ-_P<Qs&aw>Hj1q#h`9c->;=J=<yxUlHK90oQ
zxd=qESW94aCBKFL9$fazRU0rLRKK>Zi;0@61^l$He&Ax$1tt<dPC`0M+57Q%O^j*T
zBl`gcI3R$|9Lv>!?aIeiK-v8$&@}Xf@zW3CF#|zX)l2>CMemM48F>DFpfK^Y573((
zc<o_u=>cE?TjwJDOEI0xde=ubf67$>;H|b3>im?(&XnKeDbx93`zmlcpW!MdQab34
zH>$wtHOQP6b*nq6Lx>G8*mbZo%lgMB#o5S}78$hH$cZfF)W-=R^8UAt{aIazf<pIL
z<;yy4gVa+$j3(}M-fylss{LzN&%fvVSeaBq-}|VSo}y+^J_f&B^{ag+)`Ee?{Xrbl
z_&S=`#PwT+wwr%ev`DXH`KtULnbUmE_zDMjP>)^HS;_C+oa7VIz>MT@AlTW}nUQpt
zWj8a!#!sm>4y8?;6>qG~but<n%1b&gWz%C?+c^H-P6y<3at(<6(RVyqXhu$beAe{5
zFBAW@p!&#rZS_plT?tU!(NdQbgv^g63hJ(q+0m}xrO45g<}WXA=6?Iy-<)s#!)RS;
z(qM<-+aZ<2g>85Em<RPex<n3zxvPP-8N;*n^Ji4S7q;U~wAjq}3NL95Q0UsSvok23
zvU&4cQh`kYbjbm~)+6AF)AiDUB8J>jQZ8Q;lQ~_k@4UD2Li-%yef+Zj9o{E?cBX$B
zQcNl%7n3${g2#?+TYu4|;=likt1FM^DtrIuLzrS{vsAW`lB^$1QHZ8dgcdCr+b6<Q
zBxIM*r|Da=6k5<IT9lM5DcRl0Rwyk*Ws6V<*|YwhbMO6V=6C<-WtyCO&a=Fq_wzjG
zoa>g?IQ>e*=o@c*Qddp+JJW(j(=!WCI8dZ1FAH#?KBF==ZvWfM27Unw(|&<d)tzpI
zmg%GIJ)QdN@!aY|s{P(HfosrD+pFffx=RM^nf8pO=$VC6G@PVM-LnwMmv^o}h8HPL
z*kfWYwzosD1`#9H<wKR<jywo<bkQvKShsNGCSSm}%=Y~wb-xw7J34N;2w2PhZ<cPU
zJcR9CF3JH|-d!`=&Pe=pM=8vp>EU5T#Ohu>7oGQzPPo(y2LG!iiEhMpA>-})z)qJP
zP0&@Yv~m`ytW6!bU2xv<kJD<(_cPh5b#abtl{zb-&J*@9e<Q7nh}GB7X&Ug$Y&Z<x
z(e%*ETx`lyw&A2e<hj)o9n*&pE3?(pj9s8>#v`lvXby^0H6|HH{Uyhaus4Vpw02^v
zJnt6oXf%8hAv6;-G&mzNl0{uN691fTBg6Y79tVXqu^o|N*+FwLXAq+i16l1hLXj6g
zjD<gpW}w%OlqRe+l~uk+EJVa|YiG7ytj~(MYQq;w{lj|FO8wm~g30@O0eX&{qoj*9
zp?<{6DMVWT(A}Q>b62DE{l$ZZ=Pn_`(CV!yQj4DLDZslH0oBa?`)%1BrU43b^VF5!
zPJF0Nwy{)x5Pa(AsiDeYVLUowJ?S01{fH_!;?cLH6xF3Fg;jqWxC%<vs#Fd^99LUs
zhGF^f4!<N6sYAcvZmRP3RxRM05`mU~*Qr%mRsOSa$@Eog_Hd?4k)hkSS_|@kDRD97
zhiZ-PtbyM)^QgI0`ebSxrHex7Gs-zry~RfZ>AzPdX({Ui;31J{`S;cbt<CT5X{8oU
znoK-5)76{<vvq0ujfYd<@e9{QQMes^A=AdPp{#QGT6BJwqsZttUbJjsLfCkB_lbqb
z=v)47B*CDk{CBEy^kp?8UZMs>t@3=3<G7_=+jv;)UGZPR7h*N%;ZfB!g375Z4F2QI
zuJTE9e$Ig_Bh@2t_1u<us6G}DGtpY4`hPrVp);+)SC>lnOFC~u#OFq55#zz}V8yiK
z&*BwB*v)lte_-Xu&Sry=^qpyXD&+A<S;wiL{|5`EAL2mGWzcPMvVF7$TqWS;$P8<<
zn9E5_0q1v5r>KPMmzitFWO-5eYp-?6FP250`RCKmB8!V8ZqIo1=mc2YHZRTJ1zmxb
zT^&#rItx}yKk8Coc*h*St+y@Q%`3ZPFPIH-2|c`8|Bv3xkCr=-{x~i3w$rD6NrDC3
z8PeQ%KQp-0Pt${_E@dm2yANfCCPav|=`3-IvV?m?Q2+9cYK$Hc&H31N@IwrxXmFKk
z)by}$bS_fsul3x747biGKh$1=Sd#QhmVsjR2YNGugXPoK*omDGUot(B9Q>t7XTtHi
zt)AHLc(in%f!j9s@K5CP<~7?5aNvWlUn0N0#@(KeIq<?kzi9z|f1Sa_XiEuIb6t1H
z;wO)kIY|CXWov%W!FaWb;%K3n<2FKidexc1al6M8ZZ=wgfK2uUZrrek!E&>v*a3dW
zg<3t%B<ZMmsme|uFGB{Z_Fl=*H&bm}^AeH_xWb6cf6@;^fRj}e>-<M)X<>LR`|?QD
zZ?Lt1)%yR1Zb`dm>@6YGf2=rjW78@|<VA2ui5RvKekF1HnByz8ne-lBG-6kz)u+>O
zyy;;u^Aewb|M>VRf2K1tb1b2#JTNq8FV5XKQhC6!=;yYg+xxtpkJ5Y4Yxk85lzooJ
zqy&EZ5zJGSp63D^OUbf~Jv?aSeP>mxj^Ptc!Qm!n5lyKkB@BIp@V`Cs9w2wcCUY@Z
zX#cOpnS<LeBExMe3>02nMEWgjb2L)`46`YxO1f~!JxcTIRmsTs{U6&CjMajdS&XZ-
z6z+yeN?hIyAob*a^K6ntJZv}3>#b;AXDgk|hzwtyX~KizJ*S3xbT|*OZGZb7L)vNn
z9&@owt?8R{z;dU{5+j&J@Ox*Hb%!L%_K)@D*xeY_W3o%E?}5FAmso@MAN{clIMPpc
zz5bzd!On<*B78`l4c;z@VxY3lW|DfQGmPh=mfFU0>yjbCthXLS_RnF=iMaXZHkLzS
zEAQ?XuE9Rv!be#sDPn)Gk$&a5qbZEUHswsApOEw|h(nTFw;}mkKw!(h*pUPGFD#Bh
z+b<!Gxu?|NFHX^#u8t?9O?FKButhz^Jhk#=0{8L3a2)49fF;t;C({7&@>2jx$?^!*
znR23XtK+gD5|llotl0LDBAobdI9`<$+dO#t>Zo0h#E~sLE06f<X@$fTl?I0A>?Oxk
z$d2L;i6lUjv-<ONFVG2Z+XLV+rYnlVW2um#V+A43<DA0^#Bxq`*a)+bfGMt++pqg=
z`skv}@XMt$fij-S^T7E!#TKIc!s*d%t7l(O@NwhY!z<8vGqBv$7_@v3tf!3*U1}L%
zms!0VJ9Iim^AC11AITHDOD4(;s^n~^#Rd=h+F{{x+-!b0TVS#03iR5e;ZmtJKN?G3
z195#|z1#a`fD-wX4q7a8AKYoxGUGv69qT$GVlA5<?yb5cPZ$r`%?bNb^i(_S`+U#)
zFj<7`a(>8R4BiUKl~IPoPblabXsqMAA7CovHtv}ehAMPdw5p$j`z+E$W0-w|x4*`8
z-nZ|SXRJ$R+l3@MbbQlmF1v!Q4C!N-q@Vt?A2-$s!umZlbYy;lQ`ePFjMpA<n)jPc
z8N^eXig*s$AuY(t*WI<VAGT_GC}>xYyjL{2y=Cs5nO-!g*kLOQ!*QPF{&3^5b2#*^
zKeHZ;bsEC0rDPx1@e*jY8JUX(zbgjQXlWmJ+$-ZSon&V(>bZPw|I+c%gxKlMNy{o3
z=Ht6Cvi7<dY~&=ikn;{ya(jPIOBIuXPF@C~2c<vxBy7Fal%>Vro%yTb1bDpMl*e5W
zW@i4u7^bv|P|vC9sZ~y*YnC-7rS1jYd6zUxBim+}Dg6*4H84`UskxZv64c^G(z1BX
zuW%WpdJqLZ{eRk6Ry_!YB>+<@3;Z0jyR;^{lQH4qo6zNU&QCj^O$J%}Am`ck>7*gM
z$Wn3?9IVvyFW9(#snlrJ-ERLwPuPBmC&WJ;%c8(8*QSSIA6NduIZ!h3HkUn9AszkY
zsuI?l`nEdKH_6Es?KB3ibs<$**b#9^0kmhad!t~cKhrZ^1v72cf)p$MQ+K=H;q{!0
zKUWUj_5E(;gb%PIqQ2pWKqsHzurGN)jGsZoIDanK4dgILgbyvUr%WZ{5zuMr`*y0s
zdF_6LMCru)vyT659lUwnY$a9>=4Z4Xn7{HRKEs`WvL;wk@JyOv5X5+5*A-(l^;Rt=
zH0M08#F|Rro*dIJ6|Fn@IOhLKpnd=M2cD0YV@4!{6Oy?{Ojf0nqUvw<(=*xyj;c32
zJdnR^Jx4KvyxxM7Gpk8BHK*qGe#5x{%C(6-UXHKq1Vm^XGzp`p1=t*>1>};`ms_P=
z%{zAC|E=mm`gsV6Nf2-<5b--Uv-Wjv?{P3vnIY4Cj-3T~|IACZYOC=Zd}>E85i{l5
zGqJws_9y>Yd#Ti8Ovn8$c4nf<>IYEjm`M%VEdk7NjK0RB&Ls5&g%U-;a+W_06T!I;
zEDlVMi6Fa7ortq%*ugLMuy|(Tn-7Ro4vjB6v~Qyomh0@3m{#PIGRtZ|_qjcWy9g9*
zXAscZs#7pu-5Jt3ISF{a?A)_{37TJ@@aS@qLPnq8o1R)@Tlic$I*Lnr$Z;dH{;dQ6
zb;AlsSb*6PLl#ty;`6hezxF;JPDpo5=kcd;-eR7=2oQtA#)iR;{(Zrt=CjkoKP>#U
z!KZs8lk@P35hC^+bKF(xer=Av8IUG|oAX2{1BgHAb=X)|HF*1eJF34j-SISN{lWZ6
z_59}l&Mh9#Ex)_MekCtjv<v4Q-T4R8Ab&defWkxe=L-7;<rz>2tnsT-c6;wwbyX65
zU@9wKbrdl+R>2o@AYTK&H>rDPXBmG7s!Zzv4#I8B#RjW9fy!rs)NWT&PFm;;@oUks
zC4&Hgm!L_N_o}FQ#Mrpaafa`cr@`zf_=ne#nqN&N69AyLK{Q`<6o>9!2UVEf7kYX{
zU%1nI>RR<7|DbsB^9`uSVrKe-8uM#&L}u`<+y5D{rwHa{w7#pN^>=<$wmQ`_*gg9#
zBe7l1?LFq8xwP3>fepo;nTXXJxP7%Wr5*VmpPFzls`=G6=&5w{6%gT@^vECM%IX&D
z=JxXO8XCham%mkesU69n%#co2T4uln&j4RXD_eAK+r>XV&%>H2nedb<*Xg*q^v6K(
zQ^517Ty)T{?oz1<Kibj-b)iIS$jp}WB9l1E+X7ude#?E941x=-?$|EOnW`<?Q9hKg
zD`;6$5r)m#r(W;T9P|t<j^&d3Ah!J576|!(%!o#|q*P@wcS$7%Vc1w62xhk+Gn!Xc
z>RaLQH%097%2DRy(Akmj4?Pk22m4yJpd_W}yb!gF^Ak#W6f>dI54GrpNZoA8RCA3T
z0EAV3gk1?U;`<%UO=lm%7J@C8iG&+i*9o@)wvs8dJ{@(&^(NJD#>k1vIp-Ir=_=}}
zAfP`!J~|ldm_Mo8VfLS$W}Lbh&958ISyA}J>0XM`{sbkwq@#Hg5QHtCHg-5PJskXa
zdKucXvZ*=EUhLaIaev`|_P-F_11+AMhmt;y%nJ-ol-32ns~CXFr*KCIWfQU4v*NNY
z8>$?PHiN7(zq!u6%6{X$|A@W+ZdYso;FA5v`RLiQ_**`S;Gc))B90n05)13^W%JI#
zjc)G^s?JKHHw*eEe3%N~23)J|%gu@k|BzSL+%3u_gT$~9aQx>a860~;IumCuxGw3Q
z^1Ytmo_}c8A`=U1fw%5e4jYs4tbnaIpPQYY?V%OmLc+kE4j|dR?o!$m55z`cM~RH}
z{)If$TOMQXqZ^WQftNGwKmQH;h2JvI`;Z#_c!*x0h?jC63(BsI-!w<R0!R7X0M3EW
zshNdzRoIJ_L)F}{CMnhr(r+`=e?NO;3Q(wl|7Y{sk8pT!0~@VG`ZttM@)=fk<{xxB
z0JjcN9E&)nvI5C&ddzf#NrmA_C4?L{n91oJjXk{f$CThF?^d}ETYgTWh5j6UkK6}Z
zA#H}V(Kl0w!TJkcQ|f+q4hs3ccujSjw+bJM5Uo3VFV-)A^8eYYce`mojIQ!)@CpSo
zcIn%bTn6*HB@8sfB4a4=E1ujhqol-^9r>HVQ3yM1IJ5pUXp{8qnU?Dc+({BEp*RTk
zUlk&R5^wyQ(Dmz5ZfOFAv8iH_9nfW1kl+BBrmZ1^FfJWFfWhJdIUsvY40k+Ke-ZGy
zH5;nj*efF=fq;C%>TISec*M}ygQZ9@I|2tPBaGcH+t@ZCU-ZNaq*66!N5Mb1*s6eS
zKplV?!{GeB2M1{#l5=zVGRRoK`V9nH1vbo@vB8n0Ad-jU8q!_0;hbfa^MBQ_4wxmy
z8d~4|j(Q5nA`o3FBO<7<r>-&;QzLu;u_BIF0r+?>=R+UF>f-WZrz>B{XlRo6%)eRp
zqyAa{7mig|ydB+F@uGlKY%-4_?l>Y8MCJFKgBa>|G?q;Q*)*Gnyj4>5yd(!H6XAsX
z{e!2u{DZ{=OH5D0*6?jR&V{DtqyF8r4t|H?BxaZC!7m&-Km|q&;&4d!OH-2~!#=Eo
zbkD<ce+aKEsmM*~oH3^VkZY&zMlP7N^{=4^D+dr7sXAU2oPY3MtoC|TFW_$4Rir-U
zoxL49rb(&wY)obu15TXBg|FZE(a0X`tS@vOgwdENRhwD~Im-pDb5Ns<ur9~J{T5<1
zmkb}2Dp&3>!&I3iCk$C5{bcRWP8iz<Yr`uA_xhZ+qnC{gjq&7^=*bmdhKxFDhu@nK
z!J#9Gh-Fvm)urmRKuzy1IX6i8*Wj##d^jp3ctfQ!SOcXylfH0O^XngQcda=EZ4x<L
zkd!7(?tXhJl3$)`RjJh^T*rh#ILx?zslf;=&I5+2huU0~M)ezBL+CW17A8Fy-fuZV
zcvV4g7F0xrrq)Go-xY8Eq*jY(v&98uO+V>B15}rMvxKDrE8=u7MAgS++Aez{;wEit
z_B4y<n0v?TD!<G-&%@bM>ecgOrQtPDc%UCv7*`A6r9B~-(_0T!cS8>5D@5s`>?{0h
z+jpQ*B|ETS<<`Hm!rP8l6=3%yo>r~kj)bySxV;b4Izls;wEIe7)BeY3zJ?;G1eq}O
za&(XVz7S$pQqhTa$dL~#B8j+<PS2;W57ZsPV=dSCmmfU%7iUZBAsGVHt5@)%ehW&e
z;pU<^4N7a#aOxElLgALyokv<NO0M8ArRJ@`AZ&f1e@H*+jx<St`xzXW)eU_p@^9cs
z#BN%0wg4;r^ETpY%eNL!v?Z;msdUe`0TFQc76UyiyJVCub2_eacDyXmR-D!g?uwrd
z4nZa_;|b;T{>Ak4c5=OI^Hhu&R2sUCosr3Q>zRG-`BJIDcwUNBFe0Z|&*jhVa=a){
ztS+Hg%lagGZ3b(G4)g4wyCLjrA6u6B6yhTfCpomcWkZ1P)5%9zCHhY&iz3I%I+QKm
zO?yTEym3B%s9VW9!f*HQq2~t(Or|ret>Xrp1_58eFS=U&eHU$=x!jXU4tV2V1A70%
zTg!Mo0O|Q<Fqe98D5D(7_#&8_JU!qJJU5ScP1hp*zU}jn?@K#zhwZKHTQO*I=1BcW
zX?parM<{FXu$=$H*s7^?jW`1;3WL%O@@@e(2HPZBCR#V-gtu*`OizE?>1EG<XksPQ
z0B1F!eZWr%3c7$9fSB>PU;yuS$B0=uZlDj*-o}W5^fUuA+@dV;p4A9<MF!DiVMxjh
z|3S`;<_@e6t^S@8<;l281;!pvQG1R%B&{5k+_RQI4SwN6I@_%^(^_N8tx0|)Z~vnn
zpY96Cof$k4!!X<mvVlkxSdKkEhxYuCROP!`!T@u|<E46o`xgK-&vBp1e<m%xamEtk
zoGe3d7JxZYmfIk4X@j~fz>*`_t9-kMZ=o<EGHDx@o^BB#vaZ09$J+%LAd^ojI#+f@
zsBSL|#5wK_r364*`e6yE+V?^~CbUzMk-oNgN(h(qNb6WgE0gFKn1LpKIv=Fc`^2EP
z<up`Rt2Mn7!$-ZR0>obW`LM2`IPf}fKR~#nR~f9Mm^XX{7o@5IgcgQnKAF=7dWhgJ
z9rmiVbG`%<DuRx2y1CeoakL-cSSMg(xd)ba(Ea%OAEZr<LJ<Ad$$w-xD%sW2VxMcx
z5aBIU_pUj(TNNfk6#Bg(a|wD<tPdcA(6&FgP$`ITTY=!GBo(=l-7mnpFmA9>P;dyb
zCQip`i(fYI$KwQT_)$iykHT3L9vJF#>r(La5~zx*uObDIui<D0aXQfQn$HS8)Khk}
z@oFh$1wEHR&)m6eRecZ~a20w+;4?1U%*7PkB^9X}IBOAQ35KzHW4!5`rds1K^ZBFn
z0QaeaFbC2=iHG-Bpn7eJHF8IE`EWF%7S~SK<6;QREs>@P<2J%5eF3Gx#QSif;OEcc
zBg&`ajG;8!Un^HoO~Pyd{B!P8A9agcdgH`!x$Jo}@Ku*kkQh860|IQc?vq9)oGTpp
zjjem`i<{U6bDR*@F9P|{51|Uqa6z|WLP&oDP-_-1Si^ao57#fIMb$2N0Oi*JMaISy
zA9C395_UjfZc?Hk_0JVI&d<7ZeH4lPkn{qcs_nt~x@UDNFIq>{hB?Qew$jhjS^SqY
zVu}1*_XT(8)vqU<NZW(zt-vw3PhO;^t5kUbRb+0-`43T!J3!J}eIUwEVcp5Yaee>`
zTsXh3dzvvU0|hL6;c^_rc@6GpNE^fwdGQTdMQgbXt2C^D^4sAhP?Vxrx2!1$MCXkH
z7?rG)dt>UFFx)NW)IBDLBgY|a3MZ>A$s|Kh0mqqa;z#v#uX16V$TZ3)Ammm<{{PSd
zi|BvW;3|*L1sCm|ZPvQ%ZF;EbZoQfjxw!fPB8GWcOCgwZOsRk(tBaAqGf+aTAECJq
z3`GzpB>Mtlr2&QKKHiB?zEIo>9nb@)B?M~=ko$hX2?pmZcM!aoD6mI$9<eW2H)%aJ
z#ircf=h#T}-pa*EE&gZwfX#cg>4Uq~fcQU9DTDrR*k7H~L9Sa$<N%4c^a9B!_>VNO
zqG_@lK`I&wGj$+x?ht>#%zSx3psfEvhJsinz4E9&pq!jGcPif3a3u!x-mf%U9a92n
zxKe~(b^(^gBFk$6Xt`4qu4eX!g0Sd^<60RvvhrLtZfStSY)wBVDyuTe6vuO*5KMmq
zUPd`KkCg<ujL)zPd0cP&an&T;PX;R)YF?uY+rwl+x=Z#ueOax4NEJgdTqi0<JHf}w
z{Yd9Dmgz58rs^6;t^qDs0{xub(8F=9h#QgP=K92rq3Snep@m!#ZD$PV*s%Nc%y>9<
zSh_2plGB3xfOBj}GX=|!ezeKLuMda?v@Gxfo2*yULvy@1+Wwb<fXDc-fS-^8me;Gx
z4dItn0TE~WNpZ&^*$GZ1`tPSIcev;80=<(HqHKj#4ctxwr@>=$VJH+v*?qd?5qrG(
zihSxrA=#x0D_}8!7z~YaMgz6s)@KR?>)G)4lO;K7u-VOyH2j}n2VCUEld*sNh+CDQ
zIWltq&KkI&?i8@3Wx$dEuX_HX@M@wDNNdnFyKCmpaGH)Kv(N{&2zfxxm+>!*i3US+
zZy-I$l&9tJ6i)#!R5M!RnTVx8Psjn})&|`dP9K)?*!BHUO?W?{;Y-+1WHi2m>=V+f
zBgFiUYU}@TF7H9?Gei&`dpQs3f>yd9g~vUb5Oi7sl;P&FAjKft&w9J#l^96hJ{6Sm
z_O4P`&g^bDA{v}XzI^ZkdJ1*jlG%b*9vxAGw4<PrWNifot@F0u^P~Y8xl|=ftdBv~
z$Vblzf+(a5j=h(73{5fl5J1mzs6tjfoo0<dL3{5=f8-`K*1Exoq^`vfBLGYz&pd(^
zYIikPs({ncPZo(70>z#eQS6<M(|_&8)hI0Z^R(c*f9FAk1D!ktP(e!sx^#VMP(1$K
z`YcW6kG-xO)5<t+sq*_2Dj$^s6zct%7kO7uTum3ULgjO?mrgx9VtodP-8c1P=NSXi
zaVPq~@pfr_t+)Y=Li(xyiwt1W@kw)tU$5d&fw$>EL2GteUtn7Npx#qzi-DC4Ll_JI
zMp{3ZV8xISAT5;~isPF7v|%}4<Wj+lXeHimGuwBmUu%r*8I54_eKH7+Zwnz}CALs~
zIoL2LaW*I_KA2o7Inc5-4a>bSA%aaI!j34mX`%?5`t!KAeb$I`mFqFUaU<H!!frPa
z2#6?d-DF?}kSmU^_i_etXVUFI#>M}mobraLyhE3&B@#0kK6*y3H@kU)Z65bZIxT%-
zed{l&7AZpbrRAo;eJ^`OOA2^O=GpI?pZS-5@~`KX99nF#srTN=aqrPD+kac=(47gJ
zp;X%AXC|MleGoOo!}Xxz-P;iH$?t?MPPUeg8~D#aYR@?V&D(UJ)c0~}P_d$)b=QmZ
zx@-aUtK?CCt_X1r0yD~^3r79chDhDN4zDilzFza#WB7kUF99YCjvXXnm>eX16Hwgq
z9<Rl|!*=SMyRgH@r5t$+2*n+T^U$D4<)yY65343O?5AxIZe7m|p6lK63Ocb!A{Hz)
zpb~pI^{{qFGk4%rXC;G}9@Nq0$dhxTT_+vS>Ch+>HX{)0h6MxNfQqv8-@-<bM@OQX
zY^tt<iBJy_QPI`m-pc4h$vH=VRwPzk#Dx2odvW+zQ)$Mn46Yqsx4Y_LktM_?@xHBn
zjxe4q8KV@K_p+Ww+~SUhf}X%`okU3!9f!HBwBgaYSCk-lC!|5clFpCy9~#(hk5?Pu
zVFhB4@V=`jlJmJ59E|l-XA<fu!V|Rmv|EuoB1a~w_W1_k$C$aRLbj^}Mab=7q3OmH
z;0TqUnuBicb@K9r1Tx)t>gSu_u}I=fz+ANDqin}<t50kGH5M6sZ)QDB(m*};0rC>9
zoxKL31T{OFzSXB-cc_cAE>2&qeQw4N(;6==Bu#^HwD@NtJKr@dzl-ey*A7!pzrAJS
z9(P|{4+9sSNKzT-9iGB<N(dt;k1lztV})$1vusobt2&)nbZ|%$CRv{Wq2Q+HyMpP*
z20^R&W=FgV!RoxnJF)NAg-}4!MSu<w%f=M=O>ep!yB~`5tiayPTt!D1Zq<w3PVU*T
zACV*F4_Vg5?JKLphPM4!bRV=gWY^=#-BcN9)4Bqzd~re&T*XgY@VQ3@K@!2xq~Fr6
z=(L&_K2YO``|9vn4+sD^z2<w?ihX}Db9@7LeuTNBSLV553~iT<;F^3XxT#zo=0Q-<
z)(9GsxHO~uva+jV*F3~}IzD(QY<d!wm*uL$AU<F9(Gz(um#}RX+wuw0WOBAIW~Gtl
z_dc^9zL-EYB3Pr_K#`8owa>2#A^mx+`Hs4Nwtz_}PfMJSb24_+HA>B1xScyUxZ3_+
zoTH>PZfYtr^vB=J_1RYA7H7q8JczZ5j(FF>WZRD3m_z(I8C`1%{vUZ>i)~r@u^ECw
zIxl$e%Ya3mbz<N5%;S#RqD1LL@8n$0!%NslHr|VaCe!RRAFIj(M1Dv);side7&;hh
zAeoB2u2OmhYT0qlzUi?+VfgxsvtedT0CfLM5scZqNNCsu>_r*NkS=~Ut_B&NN(w1W
zhW%Q(r-)G)G~K`lh>6Gxhqta#F=pI}AvTC+gD~W<^0&ZJ4tj#=yw+XhrU-hZD;7P5
zR-ek<wRZ8a7T>mP)TuxyF-0#yQK4FVGY{YcI5`mmQT35QVd(lxKPGqqqEMnF*v2os
z`u?rM6Y9dY#f;YvhD>x2>rYycQbj`o62WX|ueSZo@U5cH)rYsO0J}a9Xcbs&Srwf1
z^xkyG?1^I5rw6%~Wgj=eVzHi+1EQN?LxK_PbVfpFspy&qpqxIMnwjgK0V_5ik27S$
z0TGVMm4K#XxY5_9Eaih-0@OC>=YM#PSHOFedG$T4i$x-%14es!&}NGD5yC^_E>~AE
z((8H^R0p8^xM!bcqu&cKT;%dk!5ozTa#PiZtfzU7{^B0o5s5o0z*M$_?QD22r+3vi
z8a7=9+VUVFI{fE-JaHUNd{w+%MOk-s^M{SVzz8MiWfMLdLjAyORy(bp<%8in*a@SL
zz*VrSD@<UzI*wku;Wvb$=oLdSNUw9UY;1tP?8%(oVrJY5wMo~F&b%#Kua@Tb#eBJ1
zF}vWK<aSa3FykfYw3=<2h(i2YsPRD>&bmYE<N?>Xn{r=t-3BTsaZ;-fjN2SE<7)t*
z*`Jx~=r02iZoIi}R^8CUni#^hOmMgJFCh@&t|!DS&UL!gGI1Ni$Nh;|D2oxX2fWrq
zU;se*Sk*319jmrhlH>u4k+nxhR$5lYIdyQ3;S<=smDu3ql?hZvVl_oDviiW^3x*c&
zb^_?-L+Y<bb0L%gkpmfkl22RSo|Rr3?qXj74qXfw^s6wrBkMe%JKlW=Pu3lkfnqHP
zG3hZ*(w~1u;d_e=p?d;l0KC&Zt!32F|K9Y<ApB49!>S${)wO|ubP*zb+8g9jwR@i?
zW;v16rk->gaaiN6W#Z5qa}e*`T&XpAdk!RoEU2-keOB%`USv|;H^kKiYX%TrzWtiY
zfEhpMV@O>mkaXbL7a<%GFS!FsXA7jWrR^b{qv=dTH?iOV>>ugcP$vKD$mOQItfzI-
z`Li{YiRJg=YD;u?pk%O?{&68<3%mktruLi?-d8a-sYp2@?Fbjgw@t3<FoKL>-BW<w
ztS_rN?y3xw$NE)W2N<EA$b6WJ(fY$-lNS7(e*mgyIR|&d=!XVD*LjGh?`!YHfgBL~
z%;3!<|2(sv3&Z-J%Q0hcq_oa_U(vDK>eJpT$mY2N!>4~Pfa6{^M(UETQ9Ig>;-)A7
zBxf<j7}9b3t0!h6<wyr8cGBjGf=cUA*zJdw9aF=F-6ez9RR;E&D9-9RamBs3@@Ip<
zZ(h5<BIDjkk|PDD90?TTLGsj=AkJ4vby;j3KN|rwcKd;z8)(|p0{jkLDFyhNmdHG_
zJ{sOaJ?AqZ>?sN?svbcS|C@gQ-I!`CqeQyfs`6)8;0C|KRf3!;_3ADs6<$QdlzxBR
z_Q?;^HkT(5{DcfgCuTI6G9TpZ%6!T1<dQ=RSp$v?-x<Y}1o)RM1~YuUkKrlGr9XT;
z;fE&LR^E$)T_&hmtkaaXq-E)ld!N`4fk9$}(*jRr5H$4&MNgE#CNqj3YMWzz*lX#B
zi!OU;kxF5a1}B9G=0Yd6PN!oN=ssx6K20T2B$0hHmYQYhMP~2=?wG_iWrga|aNfvs
z;6QnA#Qa8u3YLQq9z?=aL#U~yrKk+N39*~z?FrMk7q=D6)HYR*y&6X@-rg0^wRC2h
zGrIxCV}GbWJz%O}JH$YvoIk@Rck*+tlF+sprUKKwNKLnY9K*#a;JDFX0f9x+trg7|
zp~;{CJJ$5=h3!=xARsoW)WnrbR?eEg_9LvZ#^G3T4di0So|?#kmwd|+K#`J^zuVdY
zE)T@#$Md4ehkjKjLAsN3;C~su+f}88)l?LAxm2=ZcEAsp{!JaX&+3T|HfeX*EsY@y
z(KDsYTt6ssw3H8b?uPAJ)S&g^jb3xy95zB+3|CaC;UXpHK9C*5ie11_m!Pav%+BiK
zV+2ql_Cs6-^ZEtmcmyIH1ls<=*8D@F!PL@UC@@&fSIVtTr!DSuZs3jw-)#Cff&75=
zlp8SXP!y2#=Ylxp@8^BH4%1}a>|lz3RQpdtTE>d-f}OtD_;*|0nf0f%yXRqEF|JWE
z6)1fzP(LHTr(I5%=*ZEMj1hRxNW71O7(e1X|5BZX1NYb_pcv{r0?e32g2P-hYFSH1
zM4}s@L`&Ei%)Yc!66rsn0*>zrfB=PRkt|+WQ%zvF08aJ!TGfA)e#9Jii~$7{iOYIw
zH4~DV;ffBzx48Jpk%^hr&PoQS&I(O;DB^f!c!{>nPKXl+yu^7g!eaC9Qu+=|0^Stf
z;8(S`DoIbJMmw61JI|n}B#nGzu<;V3r55Z{-tltn^P9jL@6r?1-3_sAtq-&=iSDlI
z$4<cZ`guE}qM5uzX0v$LahI@3RVSzG;QiE-4}M-5a(FkxtgUGe$Gk?&Z%HsO*MV@Q
z9iFsn>{Zx?jB=lMm6gI@SiNjM;E%Dc`5<H|lcqjrpL}>W_*(&VKAlzzQUilWK#~pZ
z;E7IcM*jvJay=3#hFd|;RSM5_FU&A~crZ-?{Blef1le*Am}E)5Ti7J?cIbbESp@!x
zX$#Q-jBRP~8tyc&($j1M;mA+@UHcrWOq{PFgK6bjRp8|<+IYvKn)iIqC7z;#$$-jL
zDeP>nir{K%Hv2nd@0h*#imrhv4J^(C6Ex%w>#!P1PSOu@FIU1$kGo4}ouOz!|73>M
zjnPD?bVX*yK4t>juq)rg6lVs%=1M@_9ux_iw^G>`87$B7!xaTtJc(S5b<tcV9Wpg{
zC|i^13({T-jZ>&nod@K5zpKizDlc}2YgC%O6ZZoYFt++iFu}Hdn#ruYYjv#?b_E~A
z9J7a)vi)_Ke|%~<;FSr+#`0+m>`@giQe*(Vg!%*Ltag~+G8~`EV^`k>#?CFuaTeUc
ze(wid8qlc<Gr5M5>O&xlcuK@^ny|}5amOO@qYNZeny;q^U(9i{1nH)A$#!UTtj1B)
zhZz=2Ut14z?Ma3JjdOr8Ki8;)vX8&hS>ps9p?*FTHhHvF4smL#GIK4lgah1dN3`6F
z7lO*Pee&Zh2qE;L#zyelN}T5=IP7C)PVb+MDUtcpO}7t&Awa*G=vE|t(xsSZk033F
zZtO4(&R&_3AP241NtY$TR^YO}CqOglYn+(?eh+a}?TP7<n*AP${u442dMW0o$V)_o
z)x9bX>Fi`A-Ug-AD^Mx9%iBFLFceGB(RhBqiG2&<D?*YbS9Zk5U?&Td+U+HBD`O9L
z&lcw*s3NrZBxPn}U+P}r5+#mO{~7Q=!;mJpuDZH=ytg<7srYmWAuCmCU1n{nT+2mN
zSzYPhArn|rr@%9L5kemnrO5D}zJs=^$gHOru>Rs@jm582ZGuA@@TF4dPN11Pc7>DI
zAnwQCBApxCY9j7Bt&jhOr=J(H*6ljlBC=~iK13nCkH!-tvjfy9uw#7;9eh+C5(nF0
z$FkrbLEM^!QHhl4LQ)%M+fd8!BGw%6n&bmeZli-y+!`>SxgtzK@b%MaMMnp1L6L>_
zfFbgI3DI3D4q)X2ctZF|=k47pU|6}y>J!vy)Wp-`f-iJ-XH)&x^oVJ59056JF9VJE
zpWi;s2n_^N6dSaKB^I(^#Gb1+gI?s#Ksg|3+IiZ>r>d*0noSN2f7tHbr|IJw)m$#K
zqXrpnS)Z|IPD_BDCc`jn&<3&8rXom&rI!Z8K}&KKL*4f=#4im<ehQi|mnmOlnU4qG
zXkG>GB>qCY&OICEGV+Iy?v}?p`(kjm&OT>ZTIHZ>FT8>qrdvd_(}W>knDV@ad@qv<
z`_h-p2mQbqVDSLfTcCOp`M(^v^UDKLU-#^;nZVdu)8u*DuWdMNRZzQKdMMshzok7T
zVdl@Ue5<<wbqV4r4U2&vkPpEROekzfI1$$4qjv}lw+_O@+2SZLIm~NDYG(i+K&%S@
zb@}@?kZibL!!@c}0V=9Zj*||TG<trUc{zyh6KD~P2CMt*CFrH5P@Qlv2%-kl>D}=c
z@AO(`akJ1Eq`s&wnJ2O1hRVR^C8+Qq-tG!2|F(n=x?Hp&h6AGVyQwlzzDbdCUkrOJ
zN%^%yj2N!$q5fu|5bMq7py|p@Ro_2-_k2MLFDJ~h<RY_tA@^1NJdmWFe{G}Z`wK4-
zGhAnufb$!i4<^vm;R2ZLU8L??L}g)x-={m&okZFBlNCi(a=PAfFFK_a#9&Kmzas<~
zj+<79-y#SF85jT^s~R53P$C3UbRp$PZ|l)Cp!!Y=QQ%&nVtBg`=Qv&Cs*Zzd_Mbbj
z0k?GL!krnNw-!08jm20cmTy1c_2z1wE;b51yw^G~>16C+tQ{_jOt0^NeLK6$B#lY4
zf|n5`1zjk4{lT!wJ^UOsD1<;WXP+jf!vB3!7?}uh)Vkf~Se9Q2EH8p4h&Pl7!Huzv
zr!yLz6W#1n?Kfr_6rQsztFpg6>ptN-_G#{wjK^gm!0{rWHFC4LWxWptVw3q;Io(hS
zg_cFX<J8FnbEbe^zuRNOi2L1c8w$X#IWrq}SZnW?gKRgAa?T7woa_4_HzS!DYI#f~
z5>gRJBgu!g7(?c3n>L?SyhJl*p|=9gHEo01Vl%CyMdOZ(kWd}$9UJQk_*+A`PeBhp
z-sL0qB|{KqfyM-|YE-ns{1y$Wb~spl>h4|hI@Yo(dG<EPfP=s~&2j^hjF+J4mtx=D
zCGn=6(CX!Iww5ZSwRD<5O(_L3s@0&NghvKVHu64?uFq(N4b|V(s<tZqxDVbm9X7fG
z5vq~^srhHW!$6&}d#iLh<T`fB(Tm|cgz8^>cEViQwJ^2m8$f{Z_HaUiCjJ-?g`&eO
z87+e2r+nPjP0AdOlKudvRp3YlR0LIpaT}ZWsMw$}6~3Fj5)#TT{tMgWlL2rQw*skj
zL}Tpu@;Q;w-Biw7MpqaUJaN|52=)wAWE%3`;@<twzm->-kEf-Bc0vXV_WCp>fj!NX
zcK(Hk`BzQi^<oM_@p2rhU>g-<wv2x8Y1i%0;tO=-sm@%PTUU%39zOXLPG@s^Pd8T~
zepfK8$*;Oq?vnd1bOx_2S_xvi4P^w77=(ZQdAR~Ruar+N94u5BsAl3YA2vN`O^Xbj
zhU^d$o8#5N8Yo*$MwUs}bIa&JF9Xzp6?tT;Rfb&78?6RYTlR^jK0pJd)_gaqV2I*q
z?9F=n$G`U(&4tagjh&C(?3+phaWI9`T*C?9xL}$dfbjsTXyKN?RNS@jsTEH!9wrs8
zTFOnq3KB7vLUB&56@asTfc?n8Uuy<R`{oc&Q9#QoINarmi+6hEDfS)AH?f;TxGTw0
zx)<jqd4%#DqFWZt^$W#`PB@)U>h*#{{euH8BpW)1!}7z6^PY`}f1Y|Fr)z7&Zu{~G
z-Y^*wcM`n0*5=-Tan%IoaLuL4xz&F;oNMR8T74*8eFQQukzodOLYd0ZBo<NRC5RJt
z1MwfmTA7)MUM+0SJC<M{CH;aI+R*FZpKvk&$kzBxE01A!0VGrI*uy3EoadEYxAXQ5
z<3c2`lrpFyX$TA8Y#uf>sjs8`UqWOluS7glboXf>b#F+eMvS{v1%~vX3uC+Yia=`H
z(feRxQ{O*2V0oY|pZ~wudIue5<+knywt!9;r4ofluDF2?=2Ulez%@NA7b+HvF?R#p
zIKz4z>hzG`+9hv!3Yskwg9kT3nd=~Cr|c`GU|$=#G*VCmAC4xUvHjqHm`9c+;-Gv5
zA3eoYC<z)}9I#7PxRMFFMCLS4M{noHNHzN`!wB<5ohQ4stZ|1HZ`kLs-yT0bxw6Bi
zsvHVajh$Ic$C>qOxVmqC*<5+-CRrlnM3LpBq>umy*kDgp2wSuv^N_>|5<f=a<?Mv>
zPv|xL2CTvcM??|W=II-9Gqy7JUaW{~lwO%K(3;(T+&2{7p<UnZDGJ||-y~J`&tYl(
zKcc4!pc;IW-UL00<IE}`9ncYBrM#DeC@eT+_Q!~8lysWh3qhb9a6p}d4-0Vm-X4D&
zC_T82%Z@#N(6Q;rT2r6<T{P+3a>MGHk1VggSqGS>1Kp{jUIfk~aSytoweruyVpLwY
zJ;HVRYq%swIDtkqzB?pCM@<exB-g%JB@LB;T7yuCbwpcOIPxE%2z)r5+BWwAL;fcl
z%1+=W4mE1m^0rM@0(PAZ8!XP#f_6R9zp`v&*~cy5xo5Q@A_MHd0Ty^kT9q3n!%ZNA
z^iYoG8TrHNQ={j=cJN7jutptU(EtJs1pgILP!&QF=fM`jza2NK(wO$mQLsC2;GcgQ
z000dEk3spl%`sgzB$6~9?>(H%T|;``gIvGxVsKZS`;A<2ybcFhDyVugKF|+OVRiBx
zbn;tE%rpu&EvgR?^(=I@``f_ZWzQ7_?-{noJ$T23&K3Tc&A8O=s%rn#XFTl0OfBF#
z`3Q9E;Q#}u&=HO7nlTCGmgvIi^s?D`HG^PPtw1c3aRI^R(kne*Vtg0awPh3?T=ys5
zfC%l3?eXGYAlhpe!FTNGyzSO3dnYzR*+Vo~07LpVIQYZMlGTyngUgAyD*!cY@+FtW
z$@nZIm;bkp-k-i|>@1(Y$E}?c@0-`fEo|P=cw@0<0uOqLA(UkyZ2v+bx{JGpiDKS9
zDBQgj`<@|0NW-@D$ct9hA7Db{F8h`Mzn$WQdUgonyaHkxUL5>vaPz6rT4iV+u|MSh
zMXEtCIsx!QLV4CWIW>EMBb47zWTid)H%+C-EFBN_kb<s;XJc`y$}3)$a^L3MIJMM~
z$;wG{sAm_s+HRgH7=|<kEz(@bK#3)0+;}Ie2m&kni1!Nu3$d+3_16We8^9%L3Rmg(
z6U<h5BJL;HMfJ$Q)-+ybetvb37gNTnB>>2D=P85^X3i#VhX3FMQW6@v6{zQ=uda4@
zF+S{w8TF45KZ_CSSc3^(;tJ&{D<{||27t~5rDp!z_&f=lMz~e}Om<i?>|a9xAB~NN
zD`FkEfWWaiTCiIGywgGyz~vdJn!-!p956m@p9^H(HL~}yzMAm8*vti!CTde>Gk^Y8
zFd`9*D|sdjJ0X`%3$nZGLvmU#6UQGW&Wl4ORdXez(-$w6Rf$g$K>c(Uo8J%uZ|J<u
zKqLFuCrkb3^y&6GY-6{%yu(}kS7I*<FU3}!2G>d8(#8N6#?t;=GAIvVq8!h2{;kb&
zZNI`GG0w3)Fr7)dkSz|i=es<_i$+Mk&oel>LDjFOu4vbfCUi32j9s4o>~_^Pv@Zt&
zE#w;#Q-1qLZ9icsc=bhk-T;Q@q^zfXuqOI~R!CforiSlg@9`k3=lV}@NogRm_G~ru
zsi*0tV$6DA8Thz&dIY#!TYu1l8Ns1=dsXF^4#61r<^xMbTlx;XR;vX@>{+$iNxE%Z
zmR=NVQG+-n)xFYvf=f7yNu-C4F-esA%_+pm4-Y=T=y^-^RC?liujjjGFD<Sfh&?!|
zV>e;tY~DKIM*1S!!nV!sX}$?uzwd>8PzaZpz17<TMoT^|c?Y~a#c{U;S1%0r;A8`4
zjwWdURfAwa9Ql4q4;thu1BV7CcQ!GzKf6uxc7nu&HUSPIyQA|xG4_*md2ljT;|D;u
zoNB<d@<P^AU59ywyI^oLXgQK4;50fMpPpt|C~QMLaBKrj3`sA?8I$C*n8`HY1JfN#
zUi!5|2L#>hybi{mU-RnI_rb|~G?THv{hD3{vO8aEy4GE0k^UjDVMR!3><0qxE1@rU
z;J3!KX%PAfAaphN8Cj#4fOb-wR*L<LEdwiN?iIZg;s2#jMy4$tnp&)(&QslFY#>B%
zl15R@%2>;p?|St6hy)BA?GJFu$@w2nH1Jjqva>_?kRAj5tH))ho|Dk{<ZJY~&?(S!
z?w?0|{z5gRSxZCe2!X8}*nd4VDQ<`6^veSIBp+7mMnBHtORy3s{QC|BO2JC{*W*l|
z=KiipQ1q{&Ist|@qeO$&F}*j!uoNG`p>6Czp<RJ)K${>g5TC0B?`i2^TEmaaH~C@T
zYjEFGtnK}B`ehPu2#X;PX>-f)JdQag<o&ekkF67Vz*CPes!L2&8SogGBpNc{6v$)!
zh&kBDTJq;Z1JGLxRKMBkQv`GGsP@U&%?G(__!Z}39`Lq3{IZN&xH|NLDuT0V5PU3U
z1l2EKREf|VIr2+S?U}+)6S2ufey3IM#r5h80s-f|vVwX65e;4Q?eT2qeyE$~LF;X{
zvX@?j?JLoYhxHV1Ku8j%V>1y$Gcr-gZuX-3%T!_``*C#9Udg8L&&EM#E{}gV{S7-}
znMzYpN*mcV(>}TovL%S;GI`C4CDtX9+qk8!05Y+NNp0uhPlZHGag^F8GDi1D3wyC?
z0Upa5G@348`aq7f;P|^8OmVT#QL!LDWD+Pm7ZJTuCh_c~epO5@@5Ne%caz7sL0~Ms
z?1;Ity0_*K^GT1#RpnMs_&~NB9g4bj!soFxp{!x~4Cx;l7kKZjSG;}8kR#~(_P5N5
z7d}War0?A<j(yY+7J=+fUAFP0X;WDsfS^?7nVd*IS~st2n#)Oo3C?1hfa*EDIXaNf
zqQVzcYb6afm9aDd1|t8CQhnK7rTlU^X1=frX;{TksnYxq+*#|4bu?Mxsf<q+;0JGb
zCG$xjl|nnQuSZk6Ao{&%rqqamKI0-Zua1eNT-AXizY_0aroq!!H#6jen!d|JYw+{l
z7lKghEy0ZkAjf@>7bQKQUVw;nN3S=H<#hX;^UIfn!{jk;3|N8mL0`KT#%`qTNyV#$
z{(U>Q$IDn~XN8?*Khlq=DIM)^E8%g*5te+-8zbD$!bNjsd({Ip*Wmnf_eTYq7hsXp
zH{LeT?@F%(Hzo3RL5poQ*j>;Oo3s7KMK8LXdbK&a&<#bL7F~!3irS%o9^g9Vy`$nx
z$ExeU((6!{p!0~+fI_{OeF6XEO9xGWywklcHLQS%c(S)eyz~;e`c?e1&AI-{qL75T
zTYWqu27!9brLeyP93(+JHE&cKl$|ahyt2BeC_5B;xQ3J155@GH>)y*azh@f~D#6us
zol@U;Ak~7ji#WoPT<idSH`l4WoX{KTUHRBm*@jo$-Mw?fWb@(e^GAelNR?=-ALetv
zFI%Xzs&<}9+O;d9zuRtdnJ>9j+M{MfxVL=W?(d$hdb{2(NDvr1+VJx+^Kn;Wxtqm<
zWe=W~!EuI5e)T86k{=LC1?AS8xj9USes2)_?r3+%*={i{m3-ley|C{E4C}fCr>-W!
z{bRvTvMRNSM~;+$<h8buTsY|Y{#~fsJOmojZ)H~Jop~qoab_}A-_7Zyv{e_r<G5t%
z#f_p-a2?m$<3+DTyN(|U3tY0se70rR{ie^nAQ~rE3s72$(#sDEa5f?bOp5;0(kOV#
z-|y5>`jNT|xjBpB#;d>t^$wnb53!s1{9W#iHQJVW;LC?KaE_%e9l-2+&?h)7T*^%n
zPiES|mT$L-!8^#d5<aE~R3X6uupVEw3@goUhS+=9Ia3cUy9eoT^p1C0m05W_1(%=u
zh3n%|ZEI6fo@zdBuP-0GwX-iF>#3Xl>Qme@xq9q2NI`e8`0_)uo;qjr81oRv;UvsD
z>Q>#OMQ{o8Tl{r7mm3gvf|qXJD*4aH#3QOxD_i^*BhG@$VPKpKK7_2VSj=VCgzQQ$
z&qbA&<$+{`qW)=KVtGT^arO$RvL{j379TBwk0ZS8vNzK-X2R}~+>`qqz8@}GFu5S%
zm0;1_@Dss17-(#ZkD9L%)V+7kN}4zMcOdCkVG9itbuaGI&U@FmaXV`0<3%oO!F}Kv
zjSEGr`>WyVbm;1pFgxF6Yc8HypS&#LRrvE9DC&I{jP5)S6Yg8Z?Fw^5FV{Smi#}`w
zXtS8na$JBT;JZ!~wJf3THg4!U3p3qjITtOvsq`|;alxQ>3G<3+SJ`cyEeb(>dEKwA
zj9@!*qwbwg@8=`bo3xYL8?k+{CJ+*@HxRCbh^10t;Pc`aaxFulS^b3?dlGz=R}rPu
z1{*atoMCW&&Xvgye<$NEWOKsy%i|LZcK1UE^zF=5M|=ypZ{%;>T);Peb;mx~#Ifs7
zz7zwiPni}Y@=!Lw%ZuMio*5ykZ_6PIr4=iX%m0EFeUn=@x}{Z#&%b3H6vp;r!D#Uv
z<-Zm9Rh_V)J*CANEc2NT<i39c1+f9~`W7v~+^TJ3v+hPjtf5S8?DEMt^tKYx#{Ar@
zr<E2PoqU4x&eiU%s&eCXsB_y^fHB?OH9NfB1OT*OxzR_p&mOno_sr^W^lvPQ#=<+B
znP_uY<%S46cd$TIO?`f;#aZ|;k41tA%x3|dorL&&!D9PX>CNU6>jra#X3U0!fV3!p
zcX7l&R2GVL*_26^n{Zu)s5kBE(1?bssO8%&=5R)rprD;0z$?Df0(V)>!+Er8I}dU1
zP*{Fw`_xkh_*!A=ZZNh}+2((gdEn2=T3nurEwbM@ddlCiDwQiAi3||$`3KEn-%m(z
z7?<Rr{2V-Oxd#MkL`!_c0Hv?1FoIrd<Ng$8*x0u}KkW)se3>_7#jq<q+?vlm4(A^`
ze}{#tpE;87_FxqoHmOCdUkq;~pXHw{S8|5n!@&~26~%bK_X3Q-*ipX*1yY5O9Ke>w
z!-M<HG&Su}i)iYEkAr1Ne$*E46n&8(qmNMPnGqc|t+aR{4>9MY|FXdyR-ZJPd#g?W
z-60=|lhc<2sx{z}jdZq?6ss1{O1^zVZ+9cy9g-hOh3P(1yo$mh0oK=XUh^2{#OtTi
zu{EYE_>UIMgG0Pm&cH}-?G-v!VZKordm%QNE1-H0PZ;mkht6ZG_*s|6r_Q^rp!KRo
z>oowbLQgph-&%bOW#3+Zc2uM8MRjks(#w<0VReQ+1^!SdN8{baj>^v1Lm#~l^OG6O
zQ5i5WS(2$FMlT}kIY5s?P9&i1IRlhpp$P5ZDg%&{2Q4Q}Q3mlxU~J9vvl7T6rgvv8
z*yy~W4bI=z_gok9l`O4>xZaJm(0{0@<Vu<H2RUd$%h6$)Rk;Uiw(z(K5lZU#awdd`
zeVZv2k7B0^JM|NcoAtEwUE}q;4WjR&?KxX9QW8b2L5G%L%tI}Ezm`bivP`~GjdsZ8
zP?{rgYD}SG-M$Z(Wnk*R!EWV@9wVsnUINFReTVSxC|#_=5MBg3cPyHWT8mOOMC^&(
zDqswR$aeS>fJhrQv{iLxJ*{@w7DWptG8=rzXg!1`b0K0Lm=Wx40kk;-?cueQ@ehqZ
zH`G3lBpM+8McX6R=kAHv%CT>TOMMcG;08OP!UcRfwljZ!mjyKx=4`Pp8(?ESoCPxe
zP-P$vNb;;H8NP&g@C;Uw|GU+vHx^BXJj9eXA}nZ-sQAYSb-Szbpwl&O^KDCdjN6Ki
zIBbLK@?7w@B>PYLvC}{%F7a1meV7UF<%(c$i8t4S_2;eh$_#J+4WzVQ4B&VU>lmOp
zN})a@$4SFF5Cp6jx~(#hDmkIC``W01d6#-z&GTEUh+!p!?!Ah+SdEj&WoZ+IpMQ0F
zC+1hnrW&6hs<_mJfNCSqR|{eIo-o5A>rPn1hgb%bkOJYmU_?vmr7@&_5sGl&Vm*d!
zcEKA1K03CpeHh-p4Pb5Zn$oL0QHZ?q*C%?RbPTQ#16*ttE9!s0kejSAv4>%{I~4hz
zJF>%}BU}hJ0)UyO(;r1D+%O+rBPIu1)Thc?*cx#si-yY+j|7hV)eR2CKY!FpGegoC
zLihPh8PBDeU`nAG&U8zZWBN%y2(Cy0R8`_{Swgz;Av4Vwdw?z#Dhk@Y``;Y(d~nG0
zL#|OiA}6nIYt?3N@4CH^HzmAo5nMF&r7tfP%gE?`$a<39$=#j>qGgF7A`kE`9f&QY
za%B~_^)V1X^#O+#rDb!`>BsXK=pJl&J7OZLS9qb!=fz4dhhnLeo%y%HJ8=*g?T^%k
z4t&}NP4D+&-%YFX^)7O^W7vWZM`r|LABM^A_>?2hd3dbz+?6n}Rr>2O2YlL>nSrU6
zl2nbDm-bPdx%KtfcJpiIp$z^EcsbGw4M^`jktApYezC7U#7`V!#bE4ZF5LMVfM1=b
zxnKF`>Z(;3kUTq~_9H|)^i|#kNC;CK?2L`W6LL;=OPh1x`;e*5P*@WsgUo%Z3{e@|
zHl4nd_BD$*qsC*^Yix|cd2jv1+1j;D)29T8368+0uT#~-7r@C*TAe|h7_)1m#^%g5
zOis5YfTx?8X5*t)3==G+ucecsZ!Ue=%iPWN;`A+e(gSa$m$yWL1|l!sGitO3#=w%G
z;H}rh0IA=xf=z$@X3$T6XA@F;?$^SZD`zj4I)6R8ily~!sg;w@DJY~IO}H>U4Hi?s
zy>WE+R%Qb1gDjB@1;yZpv-S=UsVio4h(6dxI=`|In3{$-Wb{WVFKAc~=6UUf0fKw{
z`23SD^AyM^zC1bn2f#mPV(3<-^j}b+clTX{V@zeQc1o-bcLD1E3ySCxptw{&2R>Z^
zH;naGD>0$6LsJtefh7!~!|=7?cp$5*^ORn;1=!6SQZ-<t9tIx&lTAp|BMA`BuOkog
z`qFbX3LwUCRVqP%u8iJ6g=?n}alCcvx^~}-fI0eqV1N*!K1fH9Iz5Dkzx!cwnWwa#
zv{9RF`Me=kLF-x{Re+r!&jQ~?l_6LG$Gq*E$^(yJ=Mtw=PR^xSHV6cQP&>xwuWb+A
zSdReM{Ylephs_M)XsUu&CNTLOuS7pP`m9KCyXBsy*E;xUA#Z*t335tP1%Dsj0wut-
zo4B?F2OUc3AVY*|rON=F2Mh{jWCx!&g@brno1r{SeUc1r-VY00$;a7rH4JeSY;Vex
zcr3|OI~y={Uth$w_BYU=4pE!}Mjsao48pGLVk@On)N%^sAYY!zNBE2n_FlQkXbF-;
z92x2pJFxE`rqyq8{Dkf3y9|Z10at;-@-Au_7lR|%Vxz7$%*kdzdjvwy-#&q*KC9CH
zJwU}mFrmY7%hwJWzISbiFbBAih^JVCa$E>v?Zo3tfKg@yhQ5m`E7)k#b$c;yeyXoj
zZXqAsC9>WANGZHv2vj=Cw5u4p%?-M6wio8@n8Xf}zNWpyK{FaYlaehWfLfd>n@19_
zsf>--42<bq`<{hG(<WyXOVP46ERD(SGov@k@!W&bFEn2Iavbz&#@&WaIGA=hEvS4%
zXCgr;G6g&7TM7X5qo4nd)MFu{`x^S_|EbJ2YK_T-yvhELqgMry{vWLyQ}del!bUAL
zS+Q&6kx8GvBrR*5zj!C%stJfe$r7BS%8&wM%7MRm(@pt5;`{;;n}8-j;WE$oMydG~
zQ)CEi*&vQM2mA<8AoPZ#Ht(PsEY4ixP7m9^Y_Iod!!PKI)&fSjRgvaVpn=aC*>J{b
zB_)doJ&=v?dn)pv-Z!M-?Qy&H&A9QTOQuodn9ix67o}C6g5=lt(<29;9iupYBkAiO
z%13sQcO>Gs6lo;K#aX<-SXey$&YzXP4g2VZ-lE0;UX&6=Dil!cwJVQBD4Y|9+R=RD
z(IpvbXPZ}xe*R}m9){kCUn6qFApZ3mR*)Gq3_Es}<j0FVSMf{0nvyakxy<G*<(TS+
zgqQG0)PTk&TbJffgx5!vxlJ*X<2(TuZQzDE@lhYmjEi`}@rJXL)dOdAREBQ}8&+ie
z#CnLQngneT!k_X)I2DAA?mm@?%o~y(=uAAann{%9EylAH9rX*d*oZ$L<IC^J&2}gM
zR0VDIz_}Ayeu-O{0DM<Zj=Ker!=0%2Ix&XOR>)6hU=N>s^ll@a&n{+~(zYjmRsJ2^
zZqX&?W3YW7{<G7xyW%`@3-$|H%u!c`HgVYl1-u(j4&pKO1$CnSD`chfA799Y?3aL+
zy>01$?Lv{Rc|+Tn`b%4f{TEeU0zC3<U7Hx(1a*d(S^HJ@m@2IC#Mw-`ibto-KiL;C
zKlN&G%d6u@zI>!na58YtJAd8~`dl&SomZ^gR=)h8&K;#zvqY2{0GR3lbi^JgGtdv7
zS%sCkl5&8Uz$k+qlLwW7ueWSmhB(2LY|G$-e4I_NV)Y|ar<-~QTh9I}T_gJWIb`<B
z=NXc0EdFMA4yHlra<iju`4hrhrl~mASjbPTUuQMeO?|R9yfGE*7veYJ3zikxC~ExG
zxNVcoLHNGW(MCZ;oGH<5(HLw2=8*0W7;!f?SqnsspDova5VtMY7XyiVaRv50^!rm0
z%OR<Tmn9J+hp_dDWagPAOC8iPJRvQwYFmVb;M@D?lTI`y3y4=M^m_`vU=u&A2_WSa
zz43eJ$V%P%iIoR?YYJYBa#PYYDrNzx^u90j6YI+O+5DLUU}uMKa|E;gY6T`0e=je>
z`%hrZ>KD}<{S}ybt<<=v{tq0<Jr3xJxD;S3`|{$s6_D|kVG578K=8Y~m=eXRw6xBQ
zE8ALMO+zwjRgAYwIfqO<aa2~o?!Z5?(J6U$x`&?wD}cbAeigz;*}#^CsP`VMjxIEz
zl)o1);6xq7x$RYX>HA7A@0B1c2Z)9!Ua40kFZiA+&JKlK6!Mhb<N>Q(Om90UMgYDv
zGG#<%*OtqnG&i*FiK_{&*VIwpf|JMuf8YmbW68glYd-s>X*447+n<oT@zxb#Mz4_<
z@NynV^UnZg5(GO3r&%#9C0UsBjIhgnl5HoDnHjRBKD5oM!hF8Ks8Kl)rB6ZOGc_r1
zbn^H?o%fc3+oi)8S-s;vmlbtDZtZm!dx4>Fyt*oe@V2ls>*v#R*MGm#Yqw*(JDeg{
z<f#V-^hxW6J^&m!1(H%nC7+11H+La}80i*yonN*1vu-I6%WX{JZ7v21wO2CM1Dh6t
zZ~t8o0;Ntr(M%=!j3_5@{TRe*yrZcUSwVdWDk3Yr+HjlVXNnF>WM2LW?K=W_=-0Qf
z$-Gj|Y3tI6x0kA<Lm63rn`S`f@|#cfaa_h~5tS^3bW?8ukP!UnKfrM>X)(hkxNz~{
zSqM=#!r{7*&D?-}>0&T)$tcwC`xSDW#Wp9J0EIMfpt^rR;M!9KHy3)tn2(M%GYZ`x
z(|qFzM{39?G8V+?0BIa_isd->-Q@u98p=p^y=F2Eq92s&Fk-Yr`e6aJG${F%Nd{&H
z<wQ3IwCDxBN^4|H+T^@>kWksVIJY$6R%rXv8KoVsU89vC0Ib5ZW36bF_E<35!Y+^K
zO9TPtpYIKL%5H5+oGARJ)w_FAigsH44R>P!D-FwRA=d@)YvGw2R_E>`{q#C4)}z-%
z7LG4a;Zh<~7m5Q{PQF3$Q1D5Wb&GBkZTHHYc`{R>**rNp63l+<H51?X{D$_m8BKQT
zk<4Bl5Xv49O4aon>cWkOb(_@q80z6R3()fXLY;HnmG9<FAAzN|tjO(KrZ;TRtRNgh
zi3imO+RWWOBb2;mFM7SJY}Koi54|XoR{`u2#ZlA%T;8Lb_?1)MUHK*VY<i~4)H3_g
z@h=s_P2~x<lme}WJf-_OE8V8U8;d$$PA6f}e75#0nj=wi;wMf<lljQ#C+TaTXxk5Y
zz0$W}Nru(?fu)j9Tw17~8hoYzjw1(-w=ZGK8iCIlR-E!Y0cW==XMkh_wSsekQu#vZ
z{_EiGl0d24WpAX^{iJ6G^q5J^t?#;J&NNRA=KWRxb*l1&z6aWK)_^#y*(O~b)<P}*
z5X|E5u~GN$*rrc^F5EGBZ${dECD*3U?hC<(ihq(do$~X3(T<KbLrG1LGP|-vux(Wd
zvO8ib*EEf}cQU)GH*~P+$e2vdhielXGk1-ypT2?%LK3%bfhk$s$}YN6PB{<%mqNYC
z`s1TZ97O1yC<OoCfGW{zsB}QS`~SH5@<1xL@9zhdx(U&sl1@@xDq}?%n>8s)QsyCz
zlzHxSE206FBtjYpMJZ)IH$oH|DVa(rW0@n~&wieB-0$z*e-zGn_OtieYxu0S_g-r^
z^kBNna#4!YIB=Y=GV^3Z+WD;dyrCM;zIVc#j|Hs`aN<{5sMs{dZ=1#MG5hosUryk^
z&g!1vw{lhdYRhf%4=&kvE?Xbzp`sFCz4`K~cHgLk`;E#yHycE!lpkj*;!tW~C&y4D
z_mhiPCYibq9NOKHcP-)KqlmX`0oFEk=xKL8m)+#96gy<baIZ&m;+uNj4(!)=sB#oq
zQh%6#21~xauUGmocI8b_jjNMeohE&cE_KvZZ~`TD-LGlVi2ShRhsV;!662cRE3?b;
z;Bx8J@9FaWVz~#3F!GM&pL@y0rn{Y1FpEwV+}xjOT6tj;wHAr#V^uV|R6_Y!a`2_8
zf<mT%6jl1gd7h@uhu;Y%!~5K8ZcBfBIuTXOY(_l#V<6iK-NsIH(#R1^YM#sN56M1;
z_RlhcVSh=pSSo}vJ|!;Zp(-<2a)%~Rv5qZ=p{0%~)9xt6c2e6!H6$e$d+g5a{1p~Z
z?~y)ZT=SB^w9GL6@%HnHpqy$ctrxwdK=<FPl;mR`x>=U#9L6_<Vy#>>fhFu?D8Ha|
zI^R*;=;jzpAnrv`4F~7)ag1lnP>%16zOCDxH@7#}&*h%3tJH#V&3szZiH-h|azPp2
zoVQ$ZeD`Ma(5iZeyN=whv#!5Q4Z;;@LY1K${!VGBXD*I7(#%ntLHAB^R<xq)w?^Nj
z4-ckjC4|fu=w{bCksYxx$Bc2Na?n3(>r8k1=g1iu@cO*Fo}V4RWiTPhmVInuZrpTB
zFC2Z|xg6qfE{v%<MMa+ETdlL)FTyx)rhVXVuiasRHisl)o`muBi_mPcG49Z7vf)Wh
zzUtTWBuCE8@>K)3dv~98Rc+5)ck;939*?Q(o5D^#1oS4MKyx75#B?)tbeG?FKI7&@
zM=cM@;BNi%Nj{1?BK-n>xQWsE<=L_W;%T!$a<;Be-;cJz1e48}18JQLK8R6kzhxvB
zhYKklL^w3|*X{k8<f`0PTc%DI)npMY8l06Q*Ye^kmAz=$!`}L(NmN~~L<)9M7tNGP
zBe{I2Gx<xC%6trk^ST>H$((Rxw}>*e)^-WsxgF-AXH!5p(a`m<kjGTG9AdZVQ@hz%
zmM!6{-mZq9M>qU(v1UtkPPzcPb-vN7eIdV4cqzL7;y9IX-~HRns44f^af5nKu!OcB
zjlP{0Qrz@-45h!quf?h&A8T$$k39H#j+~tw75V<&7@cR)vlX5ld{z>4(8fU`#;Any
zJ_(tnviy!-U+LY8i?~?PW+(H|!IZ|)6%9O(KEw4i6p(abWo|o89O)k*L}!Yhu_a&0
zP-=-@6WCKG33NY8i+Fk>^hLu5O0!PAmGJiCQ!VdJE46TD0X@qlng1`%9|oq)it@<7
zVOzOH6D*t$g6eN|f#-agl2lZuiQg&e#lS0?+^QN=(k}D$3;S)sN+txRRh??X;U0=*
z5Ivai*?(CW*96zCJ0e4!DGv2I$aFZmj0`cb*I}zWK6r{icmH|o-DhLlhH{1brD(Pj
zNPO{?<qqDEm~=d%y2mj6BCpHmhx0sxp)uOyPK1E7W~4zo#adm}pmbz}=xsp9N5NEG
zQm+_wS5YUZRzhmb-kC9wPaPq>isX`jlgNw3cHf%!d#`zDo?>=5&y#I($*6Tsgmheq
zQxRo9G1?3rX#G^U<^>KF337F+`~8z+bp8@5|ElVDLIA@R3LKjg5wRb*Gp{VxzuuFa
zK4&>rSQ1{|1R9fe)Rib9<?9lk$2ve88&}rIg5j`=)K5ho!>yS8QYiSJ>U>I5>OFKt
zSvLz0JJdUC4q_h~J?7P$=XM*WPik4sGhJP3*C*i+iq6hmVw{M?`P3ObB+%5+;1Zx=
z`)qdCicQq5nB?MpR&1#tttm&Igz~vBIH`uQs?=wsO{k*v=LGlZA99k5iK|REJFK{9
z=;ppMPK3%!F_ygQx~gj2*%B3DL|XFId`c|>G-!ot_HWA;8>1aHjs%Q!-aYGS>pa?y
zYj%_lzkJ^B!S5Xz+&(qleqT|H(~GglK;&>UxwyX1AprxQiJ5&t{V@7lWyciwL{oF*
z!Yl`q#{9eWwd<i7Y?Y52VYSB#o$PM6!I#8-rV}$Vng}K89#pYh$6!KMFkj7DWU1VF
z0on-PJad+-*)$5x_*uK+@}|z3e^o=cJkb`tu;$nA>C-xVHs!)W{1)(3_)x9UH>BpJ
z8{6(9rhk18zq@Ii(?+DeIGPPttb}VhD7MLwylch5*_kOgO>LKU34ElaHtEeQzs(x)
zST7l?{#hLgK87pnc$^v#n5KTJ4VgXT-4{p=)$nz?AR`lsPEbFU=#?*e4FzGBdWkxt
zZywr`Vk#SwZON|rvUEEc&BZDAz4|T{t|I=r>_DZ_H?1W2Nle@JhPKc-a?_PLi3wQ!
z;twlUW5029q)CzXLL*6Qd!?T3$@n?ReJ*S@C2{HKpUjC>SP6=qZ*qE>&>IysF7wx^
zPd!p`sx6-3r<Uf#hr(4T#}a=Sn&r%;|0U;Ydsi!1hrd6yv&MFc4Gm)RT~|A9x#gff
zVN|8Ox$D5F-#a+mfz~F|i}X7o@&%O~i`;K=ZtJR6h>Ji`@U)5zSS*pszm;6<QhEP!
zQO&ch4xB~q#H>A-P?6V?QvElfZL_s`sF(jKu1tA{!LBvG6XTTpNOY7+I|Sx>7=rhk
zF`XKJPyDrdEIU<c%9t~4sdbAFM~4>G2*O+%eW{%Z4_ek_dWHB&L~PhgO$i<L>T>(-
zY@$~TRSEU)&Sy`5f<rfQc^>Y20h7Kkh9@`z$6f8L{~j+IaemClS>u|QDPyV}ZK+1u
z;OLewP0H;vOuxcofrzEVkUdN;zAe<L{H&v5UFFaPzI@xgkE%&_nxCT!)&LDRzDj-m
zLsw#HiiIIZio4<jpG{-N>Fm><=;*bwoH#9LZ0+rjs+S+$zzCJXK8YArf}x;js4x4t
zBDKvWm^xFm=bt1Pf`c=t=rH(>BSZUwqt<Lg2RpMT9;z_<X2RqA<by;{XTmlqbI$HY
zh0xHd*fwFzEuUM|lZyJm;uAedL^N}k^xh{>Q<!&$I`}_F-D5k@m+rgw4ab6OMukb6
zz(@#_T5^tD)1^YMQtGHC#A(s!oZsD>U-Y56;g~3yQl}t{i2o5KC8R*4bSsu7nM1{l
z;(=OvT~IC{K1qhkHKM}3##f}$lEfJ8qF1Z=*{LgZQQ-kvy(xFm{D;nxS|ihsxG9W9
z=ib+e80jp~>NEU!$_0sF>Bcz@%Xy~wQF8H~acV(teQXKLE#xOjD`-1{#E)2q$-6fP
z->&D3+~y;a*xBZ*LPp54?a2GoW4HpzTj^Fe0u4K{N*^NxTN)pazC$nu(aAHpol&ff
zace}9LyJlkbsUbZ>?e29`i0|KzSH0;AoDMxiALAsxHZM6V{(66lN?n>v*D9<RkNYo
zbh*VsDUJ8pV>m^ipurI~(V-fqPw(3=7>8rz)b|L#o<ruLk9pc+glLP|Cv)q<LDExg
z1{0`?WT1>mJfkKi5Xe?)N&H1{{==@hLn8<1dRrPnG||@kg7uJCf^Hn`_PN<2RZ#N~
z5Gr>A6}}=W>ckl2Sm25?6&wo{w$m?ZsJU@D9#NY^%h@^a_QZ!1T2}MeZR0%X>pMP%
zACx(7Bim;Im9krQQB=(ZTG!~<OFH73zyIwq#_6)3?CF<BhB2e@TNCU`&ytKMebFcT
z>1j8)qtT{j5GbTuGO~$$XtNKgwme`qrMiwsTW$*O$=#NB!>{9VQ9)RzgD>4_);Y^y
zGcZg^^m{xY=C;g3@|KbRp&Qv;y{J?0LA>t*e|`gyXu6kK-A3$LueDV>)XWk<RD6_6
zw1S3m9om-sb9l-8q5{+1k0IGq=R=`4Ae!>8vQ?fF{jqaJw;5G_k0%_G8>_R_Z<WPk
zq0TnH!Te{gce&>9jWt(xsk=&R73L(ywzb=`hq?_{L~CfBTCq>111l;^3rJDX(eVw6
zx(@wbHuJdApWul4kFRp%{8xE)yr<3-C=XTn)DL*|%M<kMC=~6I24TL%bFe6bF1>#a
z3$1zNs;qNG{#gb|(r3n_@G4JjkqVtrB8Pw4f|;IqaWuC?Icfc0{Z2lHr3;V;;>`In
zxO4%(=RoU_rn}BObmG*94=<Bn%qkAJ=hLQU3k>*jq9jQp%Q=TsE{=V8k;*ZK)pjO0
z;EfG$;<CoN!J$NtAwW2Tq{y;qgytubPMVJ2a-vQXuo^<0TM0sS-0`S-6~c2%xlR(L
zvuT=G!|miv9mL(t;-k6mWtJ+DS<;HimnR9%U|tV2W?LyAN}bt6<TPVcPUlyM+1Syk
zp|d72&tnR`mZm%_(Gasga}elMllt<&`S`@4yGWE5FPYc#9ao{)&Z7engS5p5-zL{1
zs7_bClij}KTUG%qu>_1P+a#BAH-T+zK!lxl#08$!i9nxBgbm;tvm=a1r7KwoP%KlG
z3El-{rOnJ=yJn^=VI<u{adckmU%UFJR1;q&6t0*6Yc4^U2YA|XC;S_m8F#M4ZT3eh
zDvDDD!O><osZd++`>R`oHfYM_1X$G17&<M~naQIsu~giih~<!oZOSGisR^bfa-ZKS
z&%qqIKjiKMX}Wt}yS~c*bAx&S6M7srrqfHw5IzMN&v&kig<f9Dbk-21;?S~G*Wu}|
z+#UF(h;uaNO)2O~H<kb%(f5E>#9$og!7Tn{j|6!-JpD|uriO{x9Ku;a__G^cyY^Y`
z-9k&<FN<Jq<R$ndI(dzeYyj6jLs@N|ogXmJhJU${1}fGq!#LF2V+4Iz*g&^;?4p-w
zl>0Zr8B{!G{<qHIU1IE7LAI{usmGyw6iZ}O;r$anrsg<CU||AEST1>1GHV&gBqTw&
zm$X~<MA^y1B`BswkmOY~w5`)S7BuzX;(z9A?n>*b-dhfC1n;v1MqmFz?vwp2u7+c|
z!IjMw+yMr$I-^eMtRLmrvBIqGVM5J$yB<}`9iBr(Q29R^JS0(otd>N_1p?tXq$e7h
z8Qazik!;B0QNiHo+*Kd$kQL<g0}5`D68x?i50c3Iw;F~FAz4OoUQcmO`%E$MnX{P4
z2QvdIEATBV`*}WDK$g#cQ;_}CE}Eu5M>g2!?h%vQ`MG`<Waa;R`Wi+>0I%CY^cO&z
zS<<nt{wV!)?4OnW0fcH57==(C43y@Mz}=93?TmpYRyGeU>-+^|;YWkpgA<C%VSVKU
zxLh!*4$0$n@24JdoAW^<D@z}w)ct%^^le&l@kCjsYxY_i$pK!d%qV)f2?YH-?T8za
zPO!9joIrok;m-cdm4~&7?=I6WmqY^(@_~*tQC)>PN)KNfee?e1UN(*TxnBl6&x6<W
z)0_yb_v|zgONRO{M`d9GP_jQ<YyvNWC$E{u_vM%9eU(`NroTpYC+VTHQBNeDs~rvu
z7P2()4bs?S$nb4H8QCroxI0n1iH-!ZTQ&nQax0(1v^))C9TNTkwq>scnh~j5oTN@z
z`IKpo;m0DTA1XiTf1-EVP1Lz^!Ux`?TJNu3F?S+N?4?sc&9rs9Rmo~j@NyWHNb008
zA}7^G-?oes`(J2N#EVGLZ{oy5={`%yE7?XrKWp6gd&GYuP5J}DGXe#=yLj=Nsd*py
zC}mzuflP!mNEH69xc!;+d{5^*^JD;OQ;r-qmFUKnn0iE2<EzI_XoQ0kI=d!ubS3j#
zzR_$sI+<>8PGaz~4iXuap(oyGS$&r*?GJPn1`(oL2o0WT9BCl#dtc#MFY;bgz(34?
zJ}O{8S*z08;d&ucIM{4_m2?uVCe|*4UgAy63dT&H6sKQ{{QeV&Uq`%pipO8Uf!Skf
zNFqX(Dd7e~|FGzH_)To-Bm(8P{6&w2Vy#9fHP-Pxz~neFYc&}ilN_uB7?tAUJ*4<r
zb&%;tU|rQD|D++&4=3Rk=~zL3RprPj@Qi_U>h-5j#97P7T?jcx<9-t8BWhe|RPjs|
zoba$4z6dc9RB%{qo2zBSX_q+Iw&1G>;M8Aa#zehV(`@<faGg44+-vADS0Ess_^e7M
z8#4UHP<3<u>&|OJRtFx@(elgN_3WB|m^Mx9M!>K2Tzkn<Ceu@%bVyd<0W{jQG(xW1
zaQ@iGM;!|paPN+}n`_+ARguYS*TfVbuIZhNc!9|a?x6Bx_h<T4wnLW%4(`xhMZk!V
zC5~H|Gvjgmx*p;Y-KSfE)QPw*yFYWm;j;l9{$vS<5Yk5061wTE6<Upmv!QvY(~L7F
z#G2caXfn3wxFae$uMK>4>&U_reFRq)?Rf1<;6pae0H>A;%Ms0uCjD?y%c^n2#bND2
zcsXwr7xph1UAh-~|0I2$dc<x!0oR=hd2VAZ-`9Wh4-nW*L~cvoCqiGYf1~Ic*QAB`
zYV5C?Y}vI*#QQEhTKyD(QFiSptuD99bo!D3OhE+T$m9<wo=rz^J{6N8p{=!o`b9MG
z%vSTz)D%>Z<n%}*)G%mHKpM6Y{;}SDUWii(9)qPm;_h*8{j{N6;-~hnK|CgJc}Jq7
zdrJFFJfqWa-@hf|=)F{4C{H34K4w(k*fXU^w*}r<p5N~@QOAVf!TxPrp6{IEAKUgp
znVR?bx_kTrL6NwVonT}t=b(fl)TsThes=Xv>?X0S=H&If(lTjUYCy(>Hm_ofM#n_a
zOC^YrU>LVp(j*p}J|TKpJEW~ndsM^^`pxw`erfL6z8OXDzVk(ns5Xui<j7T64z^Z9
zue~<ea5%52dm#VBVvK)idE6>bFP=eoAouD1_e4i=Gd<w#^|L?djk6NfvU{gxN3D$`
z{8-ziO$;hp@I}niGINKt2Q#f&+y0urlh(Npkg{Vs`F<y({Z`da|8M97gY~s<oXd<E
zPz|7m%H<g=+;-$sbeuKeqU+*MrL=yj+ZdR(*S}4{ayD^eq+MoQ$qgqgi)P*AVb1P<
zC#LAi#XszpHNe}9&JT|8nn0CW$)P*piQU8Gk)azf!j=*KJ*23V&aL|p7sUVQcFypB
zAZGuHv2`z{7L-opr|K4Q<s}vQF<96Vn3Q+P;j-=r*ac8J-LE6~*-WX(;g*J<t298C
zO1OfKbGa<9XcaYK?3of<Y_ZIcNbKzLn4E@-z43>)HLb$wmX1*_-MLIm=6f2m1we7q
zA>Wf=ofL>^m<*O*L4y6HN!)zvbBzg$aL!CxBNeAit$lvf1sqe%)x=Q<G@bs7b9E|l
z*RPAcKy4GW$h`zTP7*OV{#VN?!cfwAC$^KY4{7Yl*w)|%M-&Zcf6C}lwHXvrPQj>t
zPYYqm7QQ{YmVAG@{-f$npEnvwdx`lxW730&*jKtM91UIuI~;d~{Q#`vUh{PmX8SaE
zDk3_(jSUKr@BV};{Q#RJVlF5%;A#JqY4zXYQl!Wxz4Xrqm;qP!a4LoR_W89j0V|7B
zyNHc<U+zHs_v5^=MIDsq6AgGgW}{k^pEOyMtiaf|<(CROo;lF$@}LdTGOl*DI0f;G
zb;S0C!MK7i&gPe+H?oWF3!G*2nKt8}1|tGY*?r|KVf_{N@1YIzW0?Z4?ne-!c(&(M
zSTxKntb|1Rf!(7dd;rI<fA5_pAHFXSFR~|N%WbPIgCVJ$(_E*Y1ifrty!v=7Q+?7J
zbU?X_gPBBHU*%;OVnPz>Ef7p)LKC!k^d@D!*5z=abEllv08t>O22YUJ9U>y{SM#%`
zt*bh+P*^P}JR<yr1olRtyM;vBPCp*6pnbY025L&t3Og2&qdfkS1Qy*tM61H0N*^}j
z*%pV<)k#0<<QfT!`s5PdnR1jbpmd?m^Z4ZR6a(qio?Jy+IA)NFc>O4Bt7{TvcXW&1
zADIch>fgoFa65%R^2ZuHs@6KJEju~XKcF5424Qak5)Mr^^S!3w>yK4eTpngQ3V_z%
zAyL)01kAWEs&8^o``Qfe>;51H!(b>Kdq54fh(#0F<L~9IEEX*rTqdcjARu~|c-BNj
zk33sGvE?j8oHO31HPKO)Cyp3z+k&W`v1hg};qx6vd<w>v>X%~1YK%2Z=Ep^xXhHuQ
z#f#?09`#yziuhR;@BBI<pUw0$7;^cteL8;kz6Ka!!_WW)MY?WM$I>D73j`eUXUwIJ
z%_tRG2|UT^<86Q}geAYvFB%csmIe<fK;LV8;uXF#{Z7BOz?2o0efNs1_j0P$1RboE
zCnbjPggt~TmV`|~A|9X2Yy<6IiKK<2Axk6-WEr$z&-L7g1fo22@^LGZ(usn77CEFQ
zS*KuGjT3~Z&yK+7D4MfY{OmA;>`TTP^cjASoMHB-Nsn>xYk&@^93D*7DBQx&S|8_s
zNK#ZyPqqHf0UJuXX)cR_9N4lOmDu$$$AY=4L{XafwBdS@uQ`iWR=0E$oah0ZT1M*;
z)`ktx$NLuWi6+*wx>9_$TkULrw&w*UV}V>G$QSa--YH{!e=G*kS>Si_CE+8|*h=_B
z)x-P#6t=tCL`vI%^4>~t<2Fk=suFyYh^y0FY_P<(T|+!w=`Rt02F-MOlTLRdQ7>2O
zzlm7Ro{EQR%Kw)Z^BxdRGa?wZF7zF=%eRtFNo;vj8jR552me{KPBc$FV&vbZ7ohq?
zsN=cWIM(EeU>o+xPQckDWA_2;-6DY)r^780m&fQyvlx>m-nWxKf8TsQ1%Rpl0x{G!
zo~)JC>nveSJsYsf)8TvG(KA^@=jjL&Q+Gt_!*rrrRTZzR#S=||CUFAcvV}ni*qkYR
zn7pa!Rp%QzW*}7IcE1g}M484=Y{_cuN-sCU{ckl*n^eHU^G1EL-3~UCm=iK2Q=Q9b
zCFU2VeaZy~*OAz?17RE<7COfvp7fSH$Jz-Bces0bbs56&f4C<A_ABsl2D%MBZtw^5
zpX{#5-`d>1fSdth?S)`HyLLKEThE(Bq_gf9;A$b=ID28>)dU++@)5|dZtQzv9|(SE
z;z>u-wawJ6FWoV(tiEu5RVWIPoh$>K16YlY>bzjcgkcM5Flhu_yo4vq{InnN&0~)l
zia+Y?^iw%SL!T8~v|X1jFGCqv1=l2EOCBSs(-sn$7?q<kFgI!MI=tSf^Yw{+{|)he
zxcmL-tmTi#L}K5xWOUaYmDaedi!G*7SeoE#wL)()cYJNtl86zMu_s})PDwKPnfI4y
zacOEvv<hkL$#8+s6eE13U{m*!Sg&tt8WRcHDdTRp(7cP3nYtmXJQc9>R8fSOgaAm#
zF^<gH5boc@<t>E<1O@59E4t;(sse<<)<fxSvPfhjZ?+(%<2yQYXo0(OpW1zYsp)pC
zKW{ff*kj}@pQp}(Mra4BN!eR_>WAOX_v+Q<K$hD{dj8un3(~RzXdp+zS&QH^jtPED
zKu#$ym=skKEXq0%ce1#p^Vf!DQ4RL}$JgzD8pdCQyTRz`v)@Tey;}W0wqMvdm{d1(
z$MOhIN7n4-#W;#M;k2CXQw!S&QQ`K@QU?ilVrL(r;sw$308i&82`<a|xOMm0`d~L%
z_BoSHWO$becw4d{sCEY}%cafN*Sw+!PO+ctd}ONfQ&K_a@WBc0_Yo(Ko@Xb4ohYIx
znnt%_8>uC%>2W7srl#b?|1``K*mQhS_K%eIZ<O+H6AdGL)qPT4-%iU{&q_qZ{hy=j
zCUQi8ZdnhAY-Dv15s$jd-Rf(z#Y9bbbe9C((<S_#oqjB&puJUc`>>ZE-^tYS{foxd
zIVoY;N`QP;m?A&#Pt&Pj8}Bfjtw0BKt3jNB-3$S_i_OH-ZF`_Nk064@<vt^#I1eu1
z3x)~ti%4(0RCwc<hSZzk3QJC%;{NTztQ|;!ghP<ay{C(R@ch+p`ez%_NM(;!&L$>?
zw9X&cW7?vTIZ-rX4}a9ZqU+gDh3tfmkO@R`0j^6hd!(#pw#?)64wL4%y7frf-I`mv
z`}RLcl-<~;MxwT3qf`HBNvd;kwQ!}>71h}W2kiZ>{VSYvv!Ks4Lw%#bzYm8$bnUz@
z=H6M;*tAnRS9c{R@!{ez61RHSN4g#`@g5l5UwQUgm4E8C*wYg~vu{KY+P0RshMReH
z^;cb;xDHd8zB14lwv%qHuMvm3C8@ej>(Ys)KyB5pA@k3n2Fl?MYvSWoFa-pVyVX*f
zPtm6B*VC)L9nZEYi3t3DoorQ;CSvDyY!<uA3a;&(hY2<Lmv0u@dR7p!D0JSC{e>DY
zbmM3}>T4^gClzTgi*@q1{dzu+WHv>JkzK)Ln^4>dc{Y0=Fort*`SM${hGhW*8Y^3E
zJ=^jsY75KM56vlVzb@DxtwL5Hr&9iHL_t``hAU*Js_Y5&dFfVpGZbgyRyYKDOAC}O
z4a23qC&q@g1SA|vrT5Au5@0!#6J>wxm`V-1s}1<PwCaAkrDMm-YQ8`2)0H|t`6m}9
zWmi$hSImiuN0;6DgCm6x$Z=u!6RCGdsR6pNHH}F&egpofgM&%2;>ZO-&%`u^dlaKW
zIRvFHs%$+=K&--`o6d8#*U0k?Np>ywy`tP$kU6o=8?vigR(s_;4IMQ8jg|fNfJ-W!
z3PQ(vV0uC-A+X%VU!u`(cLB5VN=vPIjQ-zW--L7rZDTE}1TW{FA6WWhWKHoLD|stl
zhcK#OahmEZzD}PVgj!P$hkf7rr6g!xNjH9*qb}vK8-hVviZ=X^i;kbCAcO75g5k(>
zUlrk*H>pt6eq;K$n9zI3ixD!WaB}xgfBk&%6A{_ts-7nCZdI2?vU*Q^A2E$oy&!8X
zpM8ib1;AwIT{i3~Rz~EuZbD;~|1Pe=b3W)5op?x+?~TDGj`*XA-4|?dKGOio%=Mcp
zqr=_jU-6?f*6ez(dThU4x=&r5vwB-?oZal9g^yGx-Fq@Jsip0>2&JG3i-t&U<`$$l
zx>Ho5CU14Y5bwx&qm`84)45TWD}*V6Z5@k7w&6@@<g#^IFA_ZGjnyWVUt}wWj|fs0
zVT<XFS-;|cMA;QhH!>&%jM_(1{z;erogysSrPp5#vR}A<vh`Y6*024i^L={9$~%8*
z(*s7bAOE0|+fiN$JGV6JX?M=mTC`Y$;=Z`@<a^|Yz}>_r0wd*92Amsw$FiqrBZ$K(
zW%9xZ8D!qNCF?ksGBfrHx%PYumF!yjNj~>b(=YSk_9J1f=bzNp9G?D*ue{Bp^X^~Z
z+Z!o_`T8&PcCF&U>+;)eDpvAeN<<D)GB+iSV+(^uys6*|{%wC?Xj4>ji4Mn;iymr>
ziLq{bnC*JvyDRDo9hCxqb;^B;m}R}-=eNSE#5`McYAq#6!s#cd%9FJ891P65d?NR(
z_VlkI&!19SK^T24ck~|-{zxwUg{}5TL6}#`;5Oy#UZ=9bklF|QDD|*JhUtjPxMJ9|
zQW!BcQi<ibJSF^$UTvmk51i3U-{xXdR|J+xO{Yy@zttU@H7$xtuSrK2bNgsL@q7|>
z;6SoUcoC=eCCPnixa&O$RdcIzvFE}(cmB}BJ1y9y<jsCx97?+H!@FhwYfN+=X{~fg
z?8P#5x#+r}e)j|_IuG30!DWHNsJ+#4C~#;e7BF%I>nfRsDH(eYEN@&52VUY_YMa14
zrYCCUCBvRSMLmJk-EeT#l@oN)q|eWrQixV)<`$!)veNF3L2UC3xjD*-u{F#Nklhee
z(w&p95s&T#9SD>mEk$rM5xprYmrmR%T6nBK2G=(MU8r)VRvUZnUX-{Hzj6kH9U{(<
zMOsOB<Iit0ja@}VzSL~&wvx1<Ov?ZRZzU<Rbc;>+SIgqQ>Hl;E-F4)@eqtUb<OCV#
zpZi)Bq~w->F|NWfT&A`DOR`HwE?w7dX0nM4F4VARJ=Q3Lsimc80|o8+g>e741_DLc
z4kZbmQ&j>Kjt8ah!lZ?Zjdzez0CZztFfGt1BDXll<h`FVuvoZ|q)_?gNKq@9q=JgO
zjSU@8zjKmE5kF<YYRZn2!-GSaNeK$pcYb~wqzzS_#bUCuq>(xPX+DOE6yL8B`dg;Z
zW1JqHiO3#RKA%n@#lGPcjB<W=K*+i*kd2-ESao~B<)7cGt}4vSO&*H`;@9yokK>yw
z$&4kRzqFBvBCCLESDdCLkhjU)-ZDebo8Eko$wL8SsJ&>|vtXZ;xt^6)!RNam!HZGi
zIm;&g==D%~f?3+m{g)Mrj8k^xO0X$ocqq1M%9b&>#&(s6XQv~~5;BS|_}SK>RDo5{
zar|G_cRq|IG`L`Dt*lF@W!m4-cM)8DpR1Fru~U3~zk*3*5yo{Ru&er*S4|@5&uJ-2
z_^rHerg_f!^fMmY!P2Dg2h*AjcD+vwIW!5Es5dD}ZVh?T@x<!^a=BatjeK}!%M@v{
zDR!4B9*LTl_+#sq8Dyr<>6vD`eV8(^7TiEuj5V<vzhK`V2r=bJuxu4rh7=Jd{mvQ`
zVC0lWqB{;Bl2qaYbu#0{P(8dECy#22m1&phs$BlbvcEP;mR_bh2mZncn2fL%%?LtN
zh7+MutHqS+>}(BvX1w(kMvBAvjjLeDny-sg`I~da%2^uYCiSL>By^}y*>7tS9~0vF
zFj-$EG5`S7o!(3t*p0ae_jnr-Mz((}k{NKo;ZAhE_qlXKyv6f*UNSvXQ2icBHFS({
zwy+sl7x~nL91@r3_4ufF?pZmi^&NJ{DdF=GPI#_2F<Vw;-&CiWwK+lQWFb6n91iqe
z%=M|tLwh}+scDehqz3;$I6MZ2rAU2XtTokoiMeuq^EHaDs3Q?Nz;QbMY2CEzealtl
z9B=Wi0}Xw-An3NXykt^LhcxyDdXO+*3za342v2|BXXrBz?;GUSf7<^DoNPzSg$9ue
z(~^YWTKi_G1US?dnh?$8r4+{WMbSdha9K<;s?9MUd9J*p5W;R^cm!#O*`_NGFmn+s
zcr^>pXcA?A=bS=qzIR~y4or5X6AdVs?#e@x5>$^pH6VAp#|YB7nWe1cZK2U>86Av{
zEh@;sj{bd3+Rb+&0^Mhl5<0A}C|&CB^?7+(4#FKk%m--<;{mV?Z1KyR+|i^aT(blB
zebf5PUx3we7y&^sH_rX7^YMoP$TBqu#lamPv$(E}NdSO6(%rWKKl$Ul1oC1Y-TrB;
z=LThnuq^n=hp7t3#)@Pv$4anCrYV?yQ$~0{otEkV+>*KsUNBPqk9q`6M*>ZU)LT3?
zLw=+R27>C$VT>p}y6Z5z*v(<TJ5qLN8`)=96KXpjrDVHh(4)ipWhmy{c~I-=zVY}3
zt+^6?VnuF2K;DLUrSN(CVo9byWFT!82n_!FOjNQkhj1Yc!{qM#@hPafiWJNVpv1Na
zIzo-koNWh%!WS{q6*XCi<bVFXW=MpMTs}+|KB;Py;o3ov<54rLhEDBck@5iJ{4HOq
zP$gGMq!_)Oy^Qsu+iaW!K#g(&jo(b|s8tgt3}cVcg)yV6dyVR1>dR>A)s4fsV>Tb~
z*z6qzk5qe(pG!9YyF}ggDGIOUiW_zP1#}n}I<N-%I&{Y&;W5@SW*fsU?#|FGdXGi&
zS3-%icRn9zy``CKh)G*qeVAbO{85QE(y0Z~LL7CAP?ogjtEWY&11qX(3O8SCB)I@r
zCjKC&fx5Z5nuCarA!#%zwP=ipW!ttjR;lFb+x}kDmtj}cZJ~BDOEnv~0G(Nm-T7By
z?vR=syI?ag!2TJG>eJW*!|g=Kr&~#ugvx<@Y<;P*Ppo!W%4u>}40;(_L->m{A|4$Z
zf-1WCf-e~Gcg&*H`$VI|2-YuG<@T2mhFq1UcmvCl^h)(d5ffQ_^_cgdQsX8l!2am}
zPdwfM&#zhe<<G(7>mxD16<4rY<r|pp&JDZA)Sv&0%B+A4VXk5tLDviFbxFrj(4B@`
z2Gv7U=aHH>F)pncbIBO-<7Q*S<gZ8LNQ#LGS>{l7$c;$-=H^1vPVby-(MLo$m?h$Z
zKI=XLWQ-iVQB!qwo6-|7jN*2p+ep(X#9(B;(E@l8Du*R&1Q=k0R|GNZ+y53G$MsZi
ze81@d9uU&=x^&>B@*SV}lcxcxgkF2>Xb|Vgt}s!17oH!Uus_gyroS~<PYbM9!L8;P
zZI9B?>EKO*lUP%${L?c6pc2_e)}*kFz;YtYq%}jg_8oh=9V!YwUZHY#l&wFqQlBl`
z5JuL4o6~dXyBR-QZwpz6xl)aPK?+K}t#8yY?4h<@Dhd-P&G`szyw|t4wLRuy3c7SM
z)yz#6JpAYi6(ddvB9nifY`{8OWo~znBC7Z~;anVP5g;0l=Q`^cftoYYr=i-0(*)0Z
z#8$%k{?{D}iRmoV1H1(s(5Zdy(Lxs{!oVN*-p~XWyZ&2L6+&nyDJ-&rYl1R}$(3zO
zJ)mdX%oP6wQbk0Zt;N6<i$tICH~ylo6F{KDzYj}Gr8u;mPnh<Dk2<O|G|ZiA^Cw$U
zdJ5&w%C&(hDuyLda$(A5q-JR5<`o_;J~@srquvr5%W4jIif#A1banP2TS!OI>t1rV
zi*DC}TztEq>WZ+PUtW`*Q&O%@1D~^HYsg89W^R7a;U8oPA~Uy7#z_>i5>!lb&Yt)R
zUtb^bF31ADDz+UXrW+STt-r7IJ#-Y?v1l;dOoVUfJz!MnOBvG1HED-3qadO!SYx@$
zy)3nDb#^VPb4b18qhkC^BQPquU#!>s#2*nPRX72+*~q3G90|vXy2Z`OpZiIdDxX1g
z>Cqgp36*>}b9;yKopT4KUwSmLCnx{&T^v3O>Nn+Tlk&&3*JU5*Ew{#D_rdYOSI+iI
zAvi+mo?xKBaX9-iDosR&t))H_##>b>k8)v9$jJ9&Z4W(YQ8pycg=Wn=0rYs_;?JSL
zET1_SNRE0Uum+Y)<|QzcSt3<_{Z5gl&_qO2qT(__h+v$AhqDz4yqD(q%;M6sw=U~{
zA`^wXi13~~w8irV;UBlC#0fYm$rao<^$FBUYx0KD9U!oU2nk~(p(Igm{^s05lXF9*
z$e+>vKbC_K&fuRvKoer4RhmYtrfq|>u~Ov_gEV~9x50v-0wXaFcg}_9KS3I_!p}JJ
zz!3)0W}0bnf~PpC4{%XAOy@Wi)jGG)07Nn1Rsz<p#<GOp3>gc)>DJxRklN-UhX;jr
zA?Sc21<>_dUlv|H`}*toN3gzoxB^9Y?R=PI=e`gD=QKr?X3Uofzsb(+Xx~R<sOHOL
zxzw}?lSdtNh&*qM5_DhPzx%*~>~#U(jrCRKN}qE=_5yj5{}Y$0SM^;(24cEwAW_r7
zGZ`a1{2gjg?>b-vfeBHaF*w&u^`8LBR_Y>SJ%X_&h6w(}hm>YK-O7>Ly_hffO7Fl@
z@fj<z=@@*uDk(v8vpB_WV4z2*YMa2wPO3R_9ca*Mx}(8X61;)&#=$0wrv`>UKlk-^
zAK|I@IOZP!68y*WganS8CS<&wGH`%kblpJPdT6j0Ov)06%u7_v4q{>IvZkO%u`pn+
zeUsm6Db~|e4XOPXH@vKUH}EJRN5gcI3|4kk9Bq=htHs5uPY6ZdadmxVnA)7#PnvEM
z(Wadot$kB>6m0o&8~ndsY9*5BYBR_WpSR|5qnYh1F9{#+$ow#qwIr-9TSFPN<yL&l
zLGfLkCKEM5_&WM{L~T1{KA+^@2d8#eLqZc!GS<DRO3;BQ3N+^hi9brzJ`<2`@Q>c3
zKGQibK;6?s=($zQ9T1EtPbYS`cR$%?qnsBe{%}FP5XchIO;!yj*5d3GDceOiZmfkw
zD)UOyJ1|JVL}CY7hK!x|u7aa-UHt%J6JWHAv~1(XwZuqQ1`%+)i$KK{e~!G2L-_!~
z)9}bG$yq_tQb>gql)Xq%uWA~3+A)*UG!q*19HUEWgAE_!r$LmI#N@Z*>k?^zkFXNP
zFV)OERew9(h5Y&>*D&1|u_2z1Lk_*A3{=8&%&Fm~xmp!TWRxT)DZb)edk>@RQe2FA
zLnWa7UIgWseC5X<F@@})0ZFHO!W8FUwS&-Z+@)s%A8*X;42nB{$F{gPAZPPkgi|RU
zZmF~W9D3&VfuB!1gO2+K6+ghT<DIhsLae7L?I79Vg#%ms$m=kT(#I9Io^vD1tw}8*
zutyK3K-DxbJkjZ+id4+&2;eH!#y{-1he+FAXTgXBI%qxnTpZvKszy355imLUatla8
z_+=#{i#ZM`)@()~J&{Gzswg*4iA8u&Qi6=+qDyQ2J~9ySW>gZvBc~mb<7Iyxkh~B|
zb*><b$4#f)2Mt8)56U^lG{z0NbkWChx)0j1AYC-?8O0*E$9VD!RhoKVFn)oq=Q0jh
zoqF1IRV}2vpY8;1I9fwkqV<{Tl^@w>2c|eJbG(kP<`Cb9ZoM|N;(~^;?e}<nOwu1Z
zr+)}cI>?1cL1akN3z<-oh0z!9uBF1rb&JLmi8cY&aOTbq=|;V|6ciHAi)clxwk70H
z0fl%%%sh?`fEZP`ovUW74^5zY?|>cHv$5%j=3Qb$ve|FU>P8ZBq7T8bu86{i|3y9}
zgagFaCE=qu<)Nj0rUJLVK|v6NF8LR;2EMJ(huH%NsuI85tg2VzZJrTX&4mXX7SnaK
zKKUO;(&IT@D;oD;q(-PC!?emvhBQWbK(#Mix~`_i$tP)yj$`y*jMrj_=5vk+I3>m0
z_9ZbF2+XP!f`>4u&F~E8`1iODmrwD?G;zqd-g`*oA{068D3H#vsZrs-Y@P26bKmU(
ztQo2OnO<4h1z}C_u5^n{ha%i$vBdrjMr4tw90j8Cq%KpH<nkA#R)&A5-|~<aQj%pK
z#O3^eX5;3Uk5^+y!w~@rUa-Yt8w`WYx4-u-$m=?i{Cb5Ea4G?SYD*az9Lj{L>}`C?
zY_?=wQOnghpNBe(7@s_eKc=4xFWh478xU4o2zUt>9mNy<30kMyV6dUfU{d&A+HBUX
zBQdp9Op?8Zw&cje2ta6&i$9}cvi(0q=6m5LxS)8@G?jp`nt~xIgkcE9bLq$y>9h4U
zi9jHZ=qs0(N&;cu@C3b>*J{Bguww*Lw^krrF<t&M*1_(%$G4}Nxx{s)noqWM<bFyY
z>Nr&8@3zHS?}=0F6!;Ic=Yx;gng^3x4o?3*dm~@)xq%{srwbvs(+Kpx_>dlUH;IHH
zc_;KT`wtcZkvk#{N1Fkn1B_8#sZA_fRjI>TtI!02Efl!RM`&l%q44<+hkC=OSe$o>
z9>2U+T#_vYD*A_En4rfZ@rWAF&CxIruyAOkE7iH5?jnN2wmCc}|4~ipoU{@fy(cQw
zQl@Xg#j(96cJp}(aAC<+5oLtNKM((TC2}}<gBDgay=)-{8SG1QZQVxVxg_3XHk{n=
zszpaWC!uTTKo?jEl#HE*QbfnHhEM?u(sU>k9)r>-zlS9yR5iVNDm9U{#A$*vzuI=1
zS$5`b#Pd|AOv_c38B}jVcE3FtkoGYx((lpWG?7CY1Ha+1Z2Q{T^RyiazF*Pnfe$Up
zcFn6W<Ga-W7CW%({UKT3c!K_>|8%G#Cw3*d#jK+miHNEn3z5d&-vb|utXWfufUbJ5
zTZB@h+Sa^UaLg<<gsd@IrGHX_(bf=!uO;)AQ5W?Kl5G3a`rYnzcg$pB*GG%E?modo
zzi&vU>jLvPK|7;aJdmP-Z+$PyGbg{{6@T_TAJWEl;!gx5J)l1gymt^Eto=*vBeIz<
z`OuuO0M+jX;(b9uOis<?>9Tq@SkSv^O+oZM2UIC^ePH%d?vBsyqNR;t?gJ?NgV;$0
zPJlvN(s4M_MP(|$7U~Q2$F=!X*wL|G%+bG{*~W@GJljcLfK&782`Iab*jNx;qs=N?
z?X&lvPrWy0#8rhCJgS|OIF@Ry9HnkFa57{?^P%&2)_k~Ri&y<|old>^De6S4k9J0V
zL=gpO_BZ2(aB@FJsb+)|hN_$TNaUZu^m7Q%Ah?RWq6ELmTiJ*5Q)VB3x`vamH5x|?
z8d`Ug*Q*y>{Eq(({j|wTq>x^{3`Qp1AG*9eZbMaO-hBO4`ZBr7J#_YC?+`XYpv5a|
z&Slq>jv#1tK2N66S>5g+AEkXmGrAHkC*4{%!|S+H6gICfk?+>6bLp4s^@r4V{dN;#
zt=J6ylHg~wcvL$kQS&z)is<Z!R3XgJx(b#gHy6=mo9-rq?2*z3dyo}u%Lb|a(8i>-
znrCvpXhUGWW@Y;>gC?1B{3@~1RsE_jyA)7Nozy)>i~2k9$KahJhp#2#%c$OVwP8K^
zuN{q{n2GmhuN<{sqOSN7yQWf$ed~JeVh-GnmDtHto$)8#q(fH;2T)P6foYm4Ghq>e
zuPN_S>K;%0+FEzlnJB)5&lRUIN>`)oRnch{<?}#7)6528ty*O|02ng@*Q(I+PtPHk
z)b&A|d+yxS4r@s_6QKNB=wJ|DU{T8~_*C<#L?|&wn*g&Cp9-Y5K9hbK_~HiF(0hDP
znqxyXpGN$m1hQfPR(h<qE%JiK&e`aMW!#o`=Sz9%@0N-PX$S1@(l4t@4w@>!&Z`(6
zw#)QJn3pt*=w0(bAcHqr(fbgIvY0;kd71Wwyq9yvvL9)=<>#9ADgW=ZfW5K}E=VaT
z108ci^lBQ$hEFPvJn9M)41cuQWqr`Zo=*pI?ZaAU%Z{T2Z~y7@S;A9o+uFqL+$rk#
zQesV{`ogel+jkB&d`*ld245j=iV!#8R#vWc?w;%~|B#8Rso!6cd|3O2{$%00Gy4NJ
zl_6JXLWNI!%`0Jf_cyit98uwCKiaxM>M!n#y7S~38J577!LIiaCx(Zdj*r2Xm1f=X
zRPfv1T$bqA*YNK_%IBekrk2b^)PM2vB_UM~$JVggtoB$JF1RlF5Mdv*a1)=7vL3A@
z@Uf@WG6XMK%er1uVK0s(Uw6q~tm7H23Q}(8>gSIi#HeoGZdYa0^gZ4pq+8X;XM3yw
z&0ijPsqpg`%DJIpxSJfGj>BvQJK{S~Ay0rVZx*(kr*t>0D3A7PzbB|$yvD1H<RuZ}
zRzNMoS=bo2X@uV#nVXqqB#4c8{n_yR%?|5>&i2556>8wrTJ|v>@GlpKsG*+66pt0R
z=BWAB9Fx>?Z{cIi;#_VtHvE%+++C_%ox6D`abImtWPUxVa!;2~f8SU2-1F?!16u~E
z5I3bcv@0}*@)}itFwR|e?Zj*Q-ZVC*X>kjxwgvmrK26=aPlB=6i>UHNXF~*Skreii
zH@1m^r%cJF{!`kt#N8~c-4<mZv|$rAhj4m<Y2CV+bzeqokk<<M?-Gb3FyPTt<H){c
zBGO#@H`Ml7Mt!@7VD~xODa~g)7E0i4O^O(SvuGrSS^*cHc40{1V)M&;tI6gm?V{id
zJ`ZsPf5pk&i=X(6D|_%{7E6{^N?f~Twh!*0!V(!+K`Fu=6!u1FZ@BQ$L|>Gcro9+Z
zoOgyK7D86&<`YaG8DK~;CdR-0OV@L9l|v|$akLatv4UaTO+7`)W5X3%!9ypppa?!}
z9Aqb5B}K4jc5Nm$d<P0?kh2`p|0y6cVA%~@L&E%r1PaPjrPBN0$Nhzv5WTMq`&zEm
ze7M1KALWBW@!-oVbkD*6BqcalT~SKqA?@cyE`L*<J4eA&PEmrVrem9k&cQ~(;jYjc
zD|Q1s7RrKWY|{yaouP{1bF%ZEXm+TRd!9H!LU1JF8CADE9jttV2E?2aMJeyMBw$XO
zPT67@m*R~(8vMN{6@T6<ghac&HT;NSNpQ=rnAwBI4m6Ex1j!?^h~#KBD({nes}=d&
zK$Gf^3mEOpgxNSgX|fbCYHS?Wn6Yos!))ea0(zJ(Y1#2206tTjyx#U^ZKGLOIP|tB
z)wy*cO%1%o=Z#sDil@mfL7kQRwuS_WbT-LlKSt85Lme}4m5F_W33k?<rVrfUY*Ni0
zFx1g<B6tuz8Pqo80EE#S)8sFjUkAp)Qw$8B{YK>7lmQvxrkXv>&?rXV_<lf4v1X+`
zPEa5c(wXmJ=Cz|ZobFBNquZ4qKIhWUr0*Ed7FZra`a^35!#jK-IamxD1$(<L*BBsJ
zQ!oi9)BmSOv%R_mqM3{bgW*Vis%gR#lssSX^Gy{wsX_+;)L8#9PeYC>`w`%`mS#+J
zT=x}znQyV#f;zCKT+3p2Z$8!h7~DKv8Q|!GTJEB%E)81w)fIvghr@onvMTubCKLLr
z;s+J1#*74Ppp|jXBbbjR`)%%!=+=<3_3gRibYJ}#Np*AEc*J_|EVj>js%cZ0T7}$H
zn=$3{IGX&ICqGj8$2F)<ZJwIdxP9YFg<^JQ6ozG-oZ-EBVZx@2T<4YS<Bz^I-QAOY
zjDLMkg52Z%X}w|qRNl;)W6msR|MSluhK%9Fyh5hGspQh`?;Lwl+k?1aD8hU5ioTKl
zNTBxbWk25L*8nw*-hEe8Lus3>Ik?Ennyor-McBUfUHme(;@a9t&+)Li1bw`z)AbNi
zR)2btzg`=OLYjYPs3?)HIaMg^8hCBP*00|(<3;q{^vmAxS=8yRcXS6!lcuPJM5!`y
zTL!*V;Z%v^_vPrC90BiV?uW3S>^+OKHNG9HLwr<l{4i^09(~%}LXcDvOo-j5Up;bm
zaQ=@S@7AxRgx(=xF5TESzW3JW|1w5q;P6aesyB%y1#^UzQ*{rSDo>HGUQ9c;ax!fP
zTg`T<w#0k9TWXeb_P2z~!Wq=KeBM<Oi+GX_@f!*^C7w#ob)Lv~(J|uvt4rj_=pyDG
zSk2#w5rw;#BZYldM84``eoFFQ^Vd73+6!s&R_59}Y<Z`AaGJu%?4CpKj=W2Crqp6~
z5IjiQn#(BX_29`k)-v0`>DALb+^QGa&(Sf!J1I`|44Swpvq4-L%ek=XGKSLRA$A_h
z-pU@FYPjAd?`+KmpTJMLf^5x9GELGHE$AGdsPJ*%p9<3q7iyyiY8Ea5<MyjCLr$|^
z!q1j5Nn2+Yh%2+RU+0>-_(Vd1L4~<L%t#O7E?JPi$VEO25#+*T+PK5Aq^`k^j7p@^
z6)&?8=trq8YCVUh6}xSB0L7Yt`T*O&8Nuf^(RxVH8|<@w$xZnM=7K+bt_V@;jtj8B
zq*=sgWG@x>vP0-&forzY6CsvtnYi699Ds7;PJAq$ef|p>BW0Wg_kSESo(g6oFR{2_
z4Cz6~F=s}++f+i<xj*!jsl&*3Kiz=t8DTuEIa0AA8R_k#H;!G8yVQ;9Ym%9U$M-=#
zJEt=@C=QqHffI7|$vQ1a1m|dvh=YVLtr-GZq`HF=Vlz(K3cVAsh!~x}UqY3Nc*%N_
zaaugR)P7rIK-E|rHvliy4GO&`tW+8G80l4CAK`y=V+>_cc|}~rfsBX~?`;=TQy4G!
zg6iBfeUzMZ(*OHl{RKy_J3aY}C5s}ypU;A%Im`_NcAN28*stn4&lf?SgtpbjRqN8k
zD@dFZ|K!|{ajfhJiFiRy$<}q;c?+4$Cp+A0a-O0nj!#&Vy*PF)@jiAga~+p+#aYnn
zIV~D@*Md`Yms4ceoXIbKH2#b@;n{Ih3pv6BINDbOxjjlev^U?f*bSL;H?8PwiO5_B
zZo0510D~NkqHhXORgb4Jv^GD39Tc@#?G~xeYGL&1OU4o1(y0H|ePHvuwuX{_5oR|U
z<^2iq$o77@UE|tEQH90#Tb5o4-#aGwLzw_p{r~olwRCKxbDdI0-T$1NMd!<<sOw4g
zAN0R9lmy=r(T~2(&rvPKl;|de(y-MYOJ|XEt6JqPKgKm*f2v7sG$xbseaW!vlHwnY
zT375y638lv{g)<CC{wvm3SktqVd=z(xOllAazr64J(eOtAs6vPS^6_vpQguM0vSLa
z@$|g{!I#T0WJuCz-)(y#3M(p(gqUL@bw__A>P8zcPLQ+z__eQY-ud~fB3}J2CHeUO
z5+iceq@<SU=UQ%isUdPX)tXVmoL-`|ZY3;n^oPSJS&EFcXo#y3?fTrmBX;=AC*84i
z%_e8KBb3NMd23Se0Q<}p0-RYIg=Ku9L}l?*iVsmK-xnXmZWsFx61z_>NtYqdvMZW}
zXPn)$78=_>zRZA6ZDt&gTgCJ-C)tI_q`u~9@Y4(SK`+nm<&PPGd!wXGAE2-($yk$a
z<$?MM7kwSh4y}eL4T}G%aJITi8-tYj#??FZjegc=##hDL-KEZ5%hqCst0RW;UxhGF
zWVC#oMN0@bYcm%t+10xt0>;au;J+G8b&;lhS&Imw|K+~s9e7t5AW%dV{2-S@NYhyz
zX-5TLq1Wc=h4j7HXvnnJ&LmTBVoX)atVNi5VpZ1uuPllqwYGLy%Ws8^^uw7K-@n=c
zRXtNdd#%rvzc}%u^wiZQVkOxvc`dCd*=mK;EUNntq=$QJtW^i*V|NsCmy@zbJ22Z;
zz3#nn;<Ju}B@k&VMtzlxK#}9&5_bd@r!C|W)F1?}TZ}vRx|=>~Pxndb=$Hm}755q0
z1j==GaTUsSqEOz?zW;a%bd;W<xc@bNGFZXj_pdVM-08FbvR#?ofTY#DYsRd(MESqb
z6wy@AS8ez2tA09``t1V*$yNQXc9_a7Qz$)gblBVD^8s1t$uQSI9+VOyF~;DGQLelT
z!!euIc;RzC_KmIUp$$_Bmz3&+i;@qX{X7>@;Jxqqj5afbTw{4vO6S+8+7wF_B?_WS
zI#-R;w`83NSrdm0vL?3NNrnthzlxBs?x&4A=Yu2f?OA)BXaJ0QW?naS5yel)FR&_C
z4d10oU}LhjNflhX{O6YCItQ5{aZScvvbr4^wL8b--pM+1m#HNV7wJd+UMgzRKj0r%
zS%`Ol(*f+pplE}0P;K&*6*>mXU&BF$xK8B`YDsR<7zzJ_Wf2m5)cUxNI5}o=cl%2e
zv(*DAp${N5-PmKmvB8%w#edYw(I>S@?ynP$$%SB8GZ%X~!nQ6>b4pT?UAW?iRZ>1y
zcfr|s1|m^+zx#i85v&~&>oMjr29;%aT>jNbd|kQrZJ+GANx_lCn0BsY%vNg+e!F?J
zdfLDiFp5G&pMLH}nkRIP35-eX?_Be4y)<=FX_RX5Fi{sBYo-mnm&(~Ddyt%JbLo<S
zD7nvO@PI4q4f|(2>KG79Sk^KaM+(Y7#q73m+40<Qa?gf$scR|W_ANXyi_LI4(5lU+
zyE(l?)d36fU=9!rp+{X0mwMUY+x1^<tkmS7s1W}jOZros2}QYX$pUk~@6{W*ec_1H
zkKULqk(Q{z7y<C$)<5htS%3(_pFKnnJh`*poooDhl`-}8*vDz<ul%4O=Kj88ytsl{
z-2ypau=w_o)5BtqL&kF~Q9fio{YFH1^e2KP;yyo*NJH4|n?V-W4%9F=a@l_XTP$`?
zgRX}8s_W<xIk1!I^TH}Z&I8{4{!7W&N$WSp_zM_hxv)0}ay}oFcb~;jv6rAK{T1Pr
zPm#53TSATly((&$^I|KHIX$dN?Ch1JYm$OR+_(blcTlinZ{Rd?!-6q;ym4t3{b)S)
z#bPo0!3t1#F2rIax#N;NISUJK<0dhz@?Y|T^vlHfD$inyOuGwZbFI>jKlqwsgaa~v
z_xUcg8jDK;gnwMQl-vdl@OmJ7$uEK`yr=%rchmXa!JRWPoHxcB>5IJKc8G)!C>fwz
zycLYSB*$FV0A&?XNLPVyk2-hWM5P=X9t4Bkg;Wo#>U6v-!_i7Ka~HvRYfbb0kLwCp
z#I@FP#n|8pGL}0QAIaLNeXheGlKSn2U6}RU(QQOk_Xme%_!L(z)F(D;IIgO}YXPnI
z+1e$fY{p=~pEXpbBLFeoShjyYE{!IYBOEt(q>9ehF^Iak%L*E;O_8xnxkC@dEg}id
z0=81y_gW<M!Dj|X)eQpeMtjfr<vd#Vn98}ygO1tXCVgqyW*r_N#*$4;vX9Eg>#DdO
zl`oLE#Jv&l8CIrFV%?mj=WS&tknynRv<PoL^Fugu;BUB}Ov?#<zjZ1D9Bcb~s-vEX
zEAh)bAHark$~x|}^>?ZEi6hcqkc9FMJCVkC@}8|4ku<?N-#*OvF0AK1r)Tjb_PwW5
zxKvaWBbwe3dZ2rfx%TwAItEg|RlpwXB}@_?i;-Pqj9u}lBEhysQKW|*C+Xq1pBU~u
zb>Q8}QMPWzWOVfgt|{QvR$o>eVZT$ehUlenk<uR(Y+Ze}M}_C-;JlN~Ui%&lk&1Mf
zYXxwlY=Zijrd^l|(`;P2BucJBc^TyVYH5rW&@FcAZXpY4k;zpJslaUyG&b{Fyt~3k
zokVK0+nonov2)K%vM=7PwTZv3=Xb3+cdqAF5vvu65*0ZO6TftkMG@ACM!dL?$+^JJ
zBU1cMFXMR2;47fKn{WG8B<6I`Pg_g`yeJ^az>}Br#7}XYF-j$M93d4Iew~i4omAeH
zv>cIXX~H&`E~Zkah~Y})rpCh@b97y1d6i-IXep+^F%PnWJg?9^iNA346A6$dphKa5
z=yVZIbgxK^*Z|?;^fG4YD9Xw^uj!U_9;@gJR7iR{x3OE*cCjiWc9rKL&erMID$RLH
z@#ss8MYnX@brraAhKudK@at|Ox~7twCs3Hk+|ABt->=e?&ac?y^sDZjbT(RxCb;VE
zp{R>MH}(Ul5!ov^U5b6OUrl_9LS?U`jfiwqGtyCa6w_3TJ>JCx27({vM1S|aq8UO@
zj?<2;Z=F`7aA4jJ9tPC@eQG$oZI(VC<FHq94T-Q!VuXDsTi`x*VU6m3;&ZZ&RhK=m
z!wb<W>GXs2kJJSemTw_mv+kyWf?PohciN1%GsxoTZkTb&^Id60L`BI4;)Hd{Z5jH(
z-ZEYmCW?JC4SK{t9)dkw*U==+kIiBz4|;Np2-KyJ$;qn%wBoM@Z~7FtrV_J$LmVH{
z)aa5Jsr@y`kK{YGB;1|q{)(kDVgyriJ2axGrr=&a$*>W80piXY>r?yiGQCoq`ks^B
z`z})bdyS---l&2F02jOMi9Ryk+Ynbf&}Fa`)uFnZ*6~x6I+GrXQ$O(hZ_ZC+#`RRR
z`Ezncby?CvM(0ZS5&1wJGH!<)eYk4ylLlHpJ~>_<z07IeOv*<M`rM8?LNme&Z;v>e
z^qf3^+dBtmyKvQ|<qJ~T?-D~e^mYMtv|Dyd5vCt7Hw%;I)1~cKr6!}tg_CM;Jw=e{
z^@^Z9@Ma`XST!++kw6PJQ9%{ymqrKm`luG4&K?5l`Wszj#egYnUAq1T*YJAtvn0cE
z2K&Mj-~_KdZs6(@$P8s%@;OgY9{D-?&82Z3(@1UFYE+Jje(tzHn0-sa3d+-qxe3cr
zgauODliPRlAP%hDKTdtkWyD4z2U>Z7`MB>ZBq!CK9pzH%_Z?G>H<DARaDp|L-2NMT
z+5y8}Bmh#$q)w*Bu@WN&3HPb(f!HeKL$4Xs25~iz?uOis{qhsoBP*u!RITG?V2E!v
zzifkQAOB5tSA#$L{zOx))msg|?iy6JsMt{^xo_q(liUBy<_KE|rkqSU*?W9!o7>nk
zQy+PaRa&%vhunE<znRZl>$10PZ~87%JzHz&Mo>#aM$1*>AJc;`RQ(!Y>f1D5NC$3O
zq}lm&f8fyWDcEn!*J?=dG52KA#)R$rA|d14H$X{l^IMYm!*(&Sb91POG_G(EL!Y9)
zshfP9VZ8u&Wb^4|U1=O_FxY+iQz+f2%P8t>m)Z1c(cQ5Bby|<^50_z&;Sf<<?M&5$
zW?UdJdZ3{TO|56u2nljM{Gojf{YdlO-Wb0_3?jxKgv?f6s@n*gkusHpLoA*!<!_uf
zBVhDe{ZQa%xJ#7*uC>QV$yg|#VQdXdE*T;0q_`clC2i>ExgyUm=P<rXzrx<|!|2AJ
z+f9kd80r-EMdL7rG}+!+72;z(>1Wococ9m|Cn@S2;&yU?gqKpv0GH-6wSCIx;<%I5
zz~TwiGyk+o(BbPRpMrY~0sU|Sb*J31dGw&rA-n!yS$sN)T^xS7V~Z@!&CEVTwF-FQ
zUe%o<VgnBwv?}OXhcl>~oR>!i`i%nX6J&p_k)?-)u(LjiH7ws3W!OVdY>F3mNfw4S
zYX<PKcYT}&9?IIAnY=q+QkND5i*h(j>x-SpNoF+8-!_J(dXf70EJ9fveAw#G91*;L
zGlrTT@^1v#GE+Y<p7NcK>X<qhkQcyDyEkloY)woi_Ltkn-6MD*s|x3gHj}0G<u2_4
z%*%Vx)asX2Ur=4iXh#gaouIgBREiMKC2-%u9Gu~Ehc<~ZCm$y0&G!ttNY%~Spfquv
zC+-9L?1*ubW_a@_UOn}HUhQ|+N2|e144P`+HYF$W@?q}F<>%bt?{vG{zaF>HI`@2A
zdjf~$@bT`^I2NV2Uj+-wiFlQoU<TAi^)e-oblg02CbK&>j#VR|CTxG8M%yg9b`V%V
zkF4|mXedQnL(QOX`sDo!O1*JsOp_@cU9R88w+j+er!N0#wIuM`!M=$`T!oU&vzrJZ
zGKBl&!y_D5K-0p<;{fR*GWnpt%ju=7OC)mgnH0vPn?=ed44&-+fYr^EE@RtAoTb>&
z+mVHGXiclg9UlJ<z2~`96h-d*%3UeLNZ8Z80)3om_G2n_QM1Y2peyPdsZR00ZlouA
zo>RB-3g$ps-CkqEGHVaUAmMk8MW{6X8??i&$Sf}Rs)Bn*q^EwbhL2NlZ%KJ3&PtP}
zy`8Wr-3TA+*}c;s2b|4ph!i!CW1gPf#J7$zYqs7SDL|bIX84RUi{ar=T+bvgWFL2l
zHtZp>i}Fbfv;RgtEK1>MBC?_uY+#lcMUAAoJ4q>5y0QPg7Jwgy4N1_yS(tg<AB>4T
z-2kMT7fa{D0DC%a=iy6^4))M4eA6S#x@Ox02YG_Zs+n><F@ogkilYMVzw3gt&at^;
zt+9|t|8!%oTC@&7XfGuq<$RVAso}rZ;hyi`5Gg*c9B}s9khhTPOH3n+BYkDVMv&Ky
zo~=DoF}z&d*f8vY#zx%kCW|X@i#uXBIr191aamd0yEMUbK2%EcH10f6gq&?e<|)9N
z=cL_dcu!fBGd!dW9y-Ac(>FW-Nmg{%c_PH5lPk;co`pE(T=47fQIcBX`1WjC3hTB7
zJ=hjSq$h(bJwcdN;5Ue5*1tG327RET&Fdy_8rG2VY$Um&(2_AY=$s&&*>7Q#aQ8MW
zQcd$F5Vm{U=iE3R3m^Wl8jt9dMKYXJ_YLF8N6;SL@)~+siKao*ykzJyqXb~Yecn1x
zs(fCX&mck^q*bPz=Au<dode;#tDmvRM6Wwv;!Yjp<fxMslG@)<!If5vx1ZLqqGT{X
zx+(7O3b0#?YY2ofotZ*jY+o=K+ilZ2?8dLrr*!(b5^Etypgz+i?ql2gQj;|Fr$l05
z<#d7usA{IbSd2f9qiVh{CfdqbH$$QDmclI_*{W!=(H%)-K{HS(bFjo2o9GJyI>*5(
z76N(;AhR*zp9X(QH?IDFWPNuamERx#gF+E0aVw)#q>M|2tZqXkp^}}QP%=U`w{J-y
znuv@~p@Gao)-9_t(;%D5B?_5E{NCqz9@X#nJAYJe?s?96&)0jL^AK`8$Uu&o7-f<A
z9zJ_NBUuYOic?I1q}VNzV$JlUNqLUY!ORcSck=he5gvmsOvoUbhRTENC3P3HW@X?S
zL0ari)kIE43cTS990lY1lgZBaq_M?RK%x&UCf9)7qekG4bRE1K7}l>#tiKek|2&U)
zy@pTJT?iTMxyA&(`9mxR<Lo!{f44C1({l&*R{2G4;yD-CdfFsuFSC$s^ov}8t-iU~
zPaV2Er59t(k0$~Oqvv@M_(2Ri)`U+A)g&t<0DF&bf<OB>NKHWo=xO&;=**;GmMSf*
z#jT{f!zNBivRdxXestChx5OZH;q$hb&gT_!8%h7Koy2bHL8vYvhu}y`KjXxc$tDPm
z&}d*G5d{1@Y%gNNUdwp>C(I<!00}|^xXZv;JHFD_`-}?{V>)Tt!8Flx1MdAWWoz`M
zL<!YuoT$U#j&Q>OFKBgBSO;2si4bM0jS?b<7Fhb$Ss%I9k+l))I^D9XrDC2d@bsdJ
z%Y-^8+(nYiHUTXX=oOv~qJ&um?E2M1%1sk;2mM{wY@yc|SkvS%lmKs2DMDMp`b0QD
z4~P*~jXX^A5UkCNu#%Qa05mMCd8`GruUUjbdz<+8*r@*5m2T^ajXZ-U{Xe(WW0i1#
zSzij$D;NV)tEfS;_4_W7S6S1-!9TQtg%O!7Rt(4pEh8ax`ir(yLd&$o{PXd@X@WP!
z07}q%N$H%Q!RQ36WFOp}U|uN{!ivpGwoBOjBu$x5*Umrk_34`axGHXasZ<0|XmbRR
zpe*Ix$eL+mC>NUYGD3p|t3UGGu_n7%7d8vOB%1cu1}h_2O1U}>!eI@*YL?I(sw!wr
z=57hOYUtP0U|}>rnJlyQg$5{moE<p40HZo;UlY~BZH%Q2GRc;K&;T_UOE9xr(gxB(
z3?AWfKR97v!jFaN`-&bb7t$o9al#scc1jVva2O58z0lofqz*WN&f*pF`!w?KeG-I>
zv%#4mpC8a-ffb%@<uCAEirrg2S!(=@S0_Hy7JocG1^VL`Zs8`LfG<)fl#G%Brl<J^
z>Kv4-x(n}6?+Ngv<Xnm>B@D%%Z=x;<W)^bs^mw-kV98iCu@4q-8Y`-y7?vp^A@^|q
z&@q0DTfdE|^Y*t)??J+3jkWFi!;gE(E`X=h3!Uqc4e%kX9m54-Gk@hvKc7hcSbZ3y
zZgmYT4F954bL~%}$<j`TU`eJc;zuSrBs!siYbWm4FCmXR_^~SGB~vc=E|xgd_**I^
zEGn;Yeh2ipQPoZ82gb!eFkq~~X3!3N8S;sE5tf1=S|2?$n$V5JjF#zUvEBp3Hn0ZG
z%>*|<(=?IF4%$G@%%2DrsFt|a!qFEVcpWD+k6+n{^~L4~n(4%Ijp=|bz(?GZ`BFP$
z0G1K0bPvLfSxL0D-^7a@EvG=T6L+gCXsAbQ=U<5VFP%&qi~p)ubB>?|<pGE>!ytVR
zmMO;sKEP;RW%mx0Tp|GwFDicgB5W{Y_?DcmHOwVr9jSdy<q{vg?!e^3XxpM04Pryw
zZU1p%mcByo2=35yk*YCfSHO(hNYR2rL_R&c&9P_9jlEiWpA~_!r+Q}Hg{#GS_mEV<
zmjK^ucw+aiO%vop#4GIgz%ej8RBpoTR3gKy{MAP9^C)tqna=$I{Cbtut<h|k$uDEH
z`y>dkOhthUO%yGK-c6F0bsnD!d+_C)44DBL8`NqGZe%g7j^6A*%mMvldob+0=NjM(
zeD&L_N6P;7_<Q`^k0D-BNR0Ri6*q(<dA1>0yS))>ev&_zG^u4_9X`(^a!p~;Lo;kx
zgDvul<?vY<X#>}{@cM%7qE-C{Cd>DNXLU4fa}Ku=82LfwMJZXxqhkKuEA`M^^z_&&
zRF<ZP<H)Xzw1LOKmL_uOSeHQO@w&y>(+%IZG-XLi@UVkw<AbigodC*=2>@U5s)7)(
z(VA2%13Vy;gi%N=xUMmv&lhm3PY=*HG};E}E9q*nJxtT0<Jpz%R|$Ur^Nqm^hw*8j
zIw3bX2nPh|W+Z*p)n^ta>eeAK0kck@44HmqE0r3}MUa*uI(If;(?ZLQ0BH6@L95${
zke61toJ2m71Ds%k93HxR5za2`puzi5BM~4`giv`KA;%n8#;xz7av*!}It+>3*{Pog
z9WDZ#2&2mvq#i`|J3Iq9-irk6WGF#gN8>dsPm2*N1!a(3F?nUwC{oUlP-}YNA$9oW
zv05_rdI|?T<Rc}}iumvqMUyK!G<~(_9vo-;?|if_v`yIv^>Q+Jlc)F8NSV*Ba$8Sm
z^_0w)<@nOzkD2{QW|X_urhW}V3F!HWnvO2O#+o&1AYear7#sF<4a`3{c{$o*UUu#c
zgZxph;QR+7*WeyB3Z`mJB0OJFFRqhSJl0OJ=mqwnZ1j9lp~|F5WpI52U5DL3ui34o
zVWNn!J6HMfHKDEPOHE#fwL~;}U&do%7t&}wOndb9oZJ>ojEdPIf8@M}g=+39njdbv
z!fh?#nZ4xTgjMEh9)X3;X<$Fl7(9r!IAPxr9}9xPeUmWfu38&>z-U-vJl0@>;$M#m
zg|Sk_T-$eq8<$tNP6Xgz#fsVx(4dPb3*g*iIN=!wU8n%g)_@jbWdw$_EC+V#`cb(V
znMrISrKov*J3j{_GkL&YsyccLDP9Ah08$GrX^~<W{qRTtF8-Ez$YEx3@EYs;szVnm
zyAE#Zv4?wxAXmg)6O1f0082`Ien~==RO`TRbhr;jmv*=Y#{Cl7bEunujA%4J#L+b`
zNZV5a&oN%w>c{bfkFdyLyWROmAHtc1nk*&km+WI^Fp|-2y?cnS4$I(k_<SWrz7Sk3
z5olWm$K!b|dN+|8pj|&OhWt6rtXwKqEFpw7v9w1yV0rbXdGC?QR|Q->j<|Yj9mxUQ
zFr6)!t9jIta}Mk!D`79Ab48cduV-P<0UN*(m=$g^JoMT9P2Z5|ZZ@ySNlvd-5@4aO
zfdm*M-%A9S5zD;nNAXp7Ja@MI<0Y7H88P3~CjUb-P_$+LzOlCnImoIWtnYEYj%el0
z{%68&V#I2i^Kq$FJB#o$FgFf`y9}N-J0hM6JC6$pHVc@NKpQqLe50m%pWhyBT+c&y
z(rjWH8T?Vq+EXFNK7u$mcy<u*e9#<8+n@?q9ql7{a~cC>`lt$`q}8#U>+$hhnR7Cu
zo`Z0a^z_3DEZnt67Pz+oH_2(nAkRqRAZecve>;SOD7=KTnt}U&+-X&iz@pr~7Y(pd
zP>$JyH5cd4#-|LpfaNidB1rd5S&)Ug{@Z9ogKdZii^9+zLhpR>#M`tssF)sMH-<eG
zk+xc1sIv|@9pWeACdEVlrq$FMEpHy+kWq%ngfX0O&(&9$^0Gb||0MHoR>c(0zl9OW
z0@NGyb-X;d3JYu1sBs26WX)5-lIh+5Yt@!3QQ*lg6BB;VO*kLFpOvyScnd4TD=rlO
z)Kd12HmH}vA9j#)mPn{Qm;&DJ{T>yqzsVckv!1!#Rl8WHsVSOQZl02HDzITHfEW6t
zB0k$79xXnl8E=7*<toWouywFHxG*Z|%>AQ3avil2Ft2;=!f=YZy7lr8Rs4(1_uY`R
zu(^s8LehS!J_S#ltsbLH*AyUA=||FT9igkk!N7~7vq=YeyF7ZHd5h#kt41+}H3^bW
zd_T5;!AJwu{d6l{_c}f&!<>L25Y&2Q%%PYPqYpvmvYp?1Q{yxwv!~uR$rr~OIrjt<
zEM4UM=6jBg%51{zfU2lj=aKNv(NUumIXlunI6*3$8o68(W6J@d3TyGMLA^yV3U8I1
z>g50V>GMyODM$yI<KE&9x$-R!+cw-<AbbhJ3NhhLKTqj>p3Ks@)jz`ikd`q}VI4fH
zI3n<R6rU&YZ5?QdZ`Lvv#)o4%@d<|b7Az+lKW-JR0O3&aCsQ|+`*Wa?uoY1}2^(O<
zhfS3nU3%;Fn80ZVeujPWfaNohl!2c4XwLn8GAEtIB!n)4%9E$yAovaeJTf53Q-a7d
zFZi)X?@odYOi9}MFzhAk@!zAHLk$8?Zqp}~#qh;87lWf<KJf%6(j_cnW3gQjelv_n
zcVGdJ{Eb|pHtWTQCfP_%5&*Hu*2s0>Q86}mq`|O*Vpkb(Dnq!oRB97;S@xQUfgki4
z6*cGC`tY1!Vb}1+6SLS@WWCI}oe(2Hml35Hf-PPk3ye%(V|`g0X!%0d3EzaK-o2!S
zpMztk9#VRm7$Y_L%tP?j8P<<0SjKLX0@$a9l$~+aj8qF}{siEkfakaE!SL}V!XtKR
zKw=%wYZkpaT=NaYC3^QY%>Rvfp26}j-uUwyOd&X{IwQ8olCIjsiTQbeVTM63zD-~?
zLmaCSv0~RYfNFHlpZ5;Rir?zjzSYlScI&aOoZ@Nkj?=!s@$X^3297L%Gq`(bqJY(|
zvNArv{Xzkoa9>7mhmr-JcZa;Q&)6}**H_7jEB>srbtm|=&R8*7n{W+Q_npr~lCRgl
z8r^wARDzT=%Z-mg(y%bb74W<;CQcv~925nE+C&=EQ-~-EUpMvUAtMjAZ({A^9rqu;
z+hP_WUcVuM;|O8?toA3cm7|>}3W!0&sO!q1b3FeaQ)G`K&D&3E#3o>tHL7knwrSL4
z;5-rTVIAD%Tde6jBYT5+L>FI^r5CZr@|`u1WJiNorFj<|vV8)d(DxAH;*3DJW9{LZ
z(+4-bjja$0UC^9#v~lGY?c}&`<Gly*I1Li{i`T;?d|(x)Vo88E0VxFn;0?>(lm+Px
zB)6W5CupF!Wtqxj9dP+4oNV$AJ1>3C^YXw;?}IDhe!QPlZ<%j|)nQNjedmoGE8{8z
zQP@oF;Ud9jq;7Q})6*p(0<Z-&Wlj;{Ddz04jumb|3q{~D!`jK3M}xI!&olERw*Raf
z%kGs{9@AWi?{@DO6EJ7#8nlQu=svdtsX?PT7RMi`KyN-jA>3lO2_@wjI>HrxVLyu{
zf5`V9ThEv*AMf63CedTtlGj;zXFoA(WwPXtPexFy;5LSWf+U=DbLAhp{CJ*a-)?V3
zu&_&o03=w+xCQRehk4#cS4XoQhFfyXl0l8-KFDiN2eDcv_4v3@sy$Q=5EhJ%C$H8i
z#HsGEScI0#_<l<cRo%Os=W{N813U1Ybfvf4jlT^v&Iq?wFQ0)!DyqFE>!~s$o`EYN
zp6j$x*WvHOWelr#+JkYo6>~yf2fumXk0L+`QWH$q%oR5-kla8b0Acth^WIa-<;2=u
z_}p6ge=4syS#c+1!9~g0k_fmHB6Vs+ujbZKv^Y2s2a!Pd7aGjLc-fw0mtKy4oGG~Y
z2=MCzS*yYViC~)U3D#D)`pSB^8l%xF`r)Agtxe4#uAJQ5v>9R1r-AkT=NdXeUbbH+
z+`_PMJd>r8VWm73x3H@-i76@Ei2p~XC~^=}7we%fgg!*dT%oPL8J<4xOFEi4F4voP
zv}lD}Tu6R7>+c2uW^!q(_so><^rW8{ab%%uAK37ODODCq@Dt8q6)pzXvGVC8lzo6P
z2zQ{6xMuiWydgYnn3n)=%{N!`VKip)d3k4>0NtQti^mfS8~@Xm`|`O!N%nWUIVmJw
z|2^cSUjtu(dHvTo3i1Gh1T?#Vmv)3AXY!$f4^rf@y_-HCdB7q3<B5{&3E>?9AqCeL
z<6jzHrF|`->Wugz%k>7pb@RS8Cy0w}=<O%#@1a@|qpue92Ag>qsDZx0U~ez?<730d
z>NHgHw66umtBUe(sej}ny{b9>X+Fqxkr{6iD?WG8+oKB@myo+JdI2ZR-ljb&COX}k
z)8%{5gMHXLpq}~_b^Oppe@5VTuK8x#qo^#DSMd230d^crq(ylf#7zqo)~#Sx9IHyo
ze%;wxnwL7C*6oS|GDmzlxQt<>bTnAR<Pv5%q@FtzhcBQRuX0bEhaYwjVK`kowh{&B
z>}!QHe*zCt9xNwXFN-mdR2uvAs{AdTK<T=|tAu!DT0!iz?#D(}tm{f|d=Mx!Xm{Lv
zmYT6qts)>3oFF#5WsYbUioGdv?BGHbJTqW<NT=oJhVSDKsh%BmV&CUZjW8@KIw8<z
z$~mZACyaWg_B`?TAmVrQtw}jJbWe2-|KH3l{ZcVpATMD$$P;&U5>CW&b>sQarscM4
zG3wEN>~`we#&dTjZ_KUuDqT@Vspxz@^0|OI<kzD`064~Xh^WJApoNg3a;F?G0>dT-
zA-&k&d0bSY?k;q1;P#3hcn^<Q=~uKY#Nd*YRkF^>EYLjqL1)u4-<aGWAF%qxx4bBK
zr_6TTQ5Ed<m#!O47Dg1oEM;TFbQ28kXtGjn-{Kth<zlEv5<N4`=|>ZP90p?E8~ONg
zH^`0_xrfc*2xG-c<CPM*u*%*wy^rGDEt#J_7aSUjuvX)!Z7}S-+3O#-{2@L+CM>s{
zg}Q4qUxQ*l?Lo@Rg)9xyA!GP|oxOht%}8mTg+{C{3jz+nISjc{u;+Wf+5c!dQXKrs
z?V)*$t+LR;J?_^U39=;e!tGr;@jGs?QDUJtj=tnDq*GyJvh{ab!op&6J5@L^%LWmf
zIYoq;hRM*XIVSCqpa`TgXM2<4EE;*U4888mJUQwtDK@b-Krlk0-q!p6@?-*X(0Bn7
zP{0_`ul?|2!7?@by|ZkK>Yt4XtwWDu7~ERUYyj@scEY2F#Ypvk>QG}_b8aJ;9i<r6
zz&G6yvMO6OX198)_c_V^w8-i(Ip}CI^Egg-)-c+$WtOZ~j=gg1xh-Uwq^d=WP}5Pp
zhc)Q;|0)77tUR&G%@sWjb2LXRxAH&1j#2%Pb)!d-cFh2M>B$gP;pXw3t1t#v(r)$o
zmY+6r4FP=Ca^5mcTFE|KawDroRBj&lQ6gQVa*ePX4RD|p?8b&gmPy~i0j7)dELhl=
zJ;wd%zE}Ntps~Jg1@0L#SM&?Tphhc7T7Cb_PGtRLiGmqDUCTnmIb_DCrvWa9Io&AI
z146LI-b6&aKG`Q#(==1iH~h&1d)_d$-zWHc2{*GFPzpt^9_ZCN@t?oIx0dI4f?_VA
zxNy7EYSX5LVZJBpAFjOEBNQaR<*Lqtv+RwR8OnS{D*rRsXQ{;cmT&8d=P8SWT=jN`
z$*g!@eCoDkY^1d5jx|9E%!j{x{<HPW8^3;(O)S@({$YicOxeLbEEu(U6v}<{eMH#L
z`0v<-pHl2t;s)pI&R^_Bdn~@H7HTQL5#Hl^kMj;xpIrOMYH@_8)XP}$PQhNu)3_hR
z*fZ*Ks>`Rv82Qp*LWLNbszaBWEFFx^E`w-68cf*1IDJ4hHn<F>NVw}xD|N=Aq?p%Y
zBG47u<F~u8E@$BQ==sl3t*1KFZJXWR$;lLTEznj-_6em99M8GkAwNqGdihLN_2T_k
zDN?d^PnCwQ97nUmsf$OWQY99U8-@1{@1fNvlzvZM*caht(IeVzGH7O0|2F%K2yU<&
z!c!4oV;rhSSRtMSZ^7;&z0SZmj<anwo~y5JTj-nh+0!&FuO<A76OV){&%RfAXNuY{
zi^lFJj9QmU5GQuCulpw#<9Wq2Z<I%TMeXe4#%z;N+<<odY|IYnbSqvI><n2n>PGlw
zxFLv?#pmVnG0OF`!aO^m9?^H{bXG@eJFmh*-@I2kS>`{|9c4{g7BF3RMP_l!3VhLy
z{TSI>@t*f7zD-Q^h~9^;-z(_OL+xysP~-ZKGg9T=`RauSs~;^TkWOg1ua!C&21}~?
z#|RK2FEU3gWKwi)M70J=Z1ivyr{2$YrOo``+Bc|F_`FK7ADSK66uF3Z!_8rDXRYC<
zI)P`>)}XFW;G2d=eB8w^#n8c8F0KN70ilyC0>U(Wtn^cGV>0YFdOU}>b`NB0&L6r2
zU-<L9qisbgbvdCfQ^ufiSh?uy=E%V~)v?%^7sctZ)VCsjPKMp}#k1{9LVg$l@4e67
zg!?Nj2TT@>wLwAn{D0_@axi%dW7O=euXWts3dNNng*%<n<?yL0(Ex<;$VjJp$Jx2A
zTWu?aF(}0&OsK`|Q+YT#ICr_*wlVwHjw6ZHF9v3|N(E}N?)_H!J5dUoIdaYM^-662
zbpS0w?1?sKtH*lATlL$fjHMbL53f>LTrE}OkfT#}>a;k*IrNUg0|;wye<^~d(k^2%
zfH0{mn?YT4#F#2ju9tc7!(bUUX9QtJ-vgtR$+bH9k<<JiyiE+;vKViJni{rBx$4}|
zw(3apzS2JDzwf|ir1HO{rBiL=?3%iVQTd_R0H>l1p%z6UxoHL-@xN6*&RkWRe^lnZ
zx}5x-GosLF8NN*Im(D9LhSHsiMNJ-gR#!B9G}<^#q=xSeD{t3U2=dN}yRG^|G@{gV
zEdn<5j?K%^#QqbK(wiqW;OX^5R+HZ3zM>bG4)P(E@Qi!M^>U%J&p<4(-um2;skx#x
zQ2(4wE1y<cJWeT$%PvxC{S-B;O7`@y?5}?GU{vb+&MnX_OOrJN*oJv6BDWEfoA$vY
z-t0nIedGKt=z-<dK{j%jpKdod+(9_WH7-#5q*H9xG02PZzu~rc@z^s(AB#OKIzL4p
zKt9-#8ghJ84G{CMFO~lO$j_32v3|1cwv5q1Wuf>#^*wr4>S)^jHZ8W{EqQ=B*u?}w
z;<hc%U~|5%{jj6y@S}ZELCgUMxBNnpAn(z|fp>22LuzYDeN0eCEdp$o7ay^9_vhZx
zw$Yb2&aa!2s$5@pBV`W@T{LYEgLX_}u^Y=&N9>6X#iol{N1Y4ea?=FFdX~O$b6ypx
zl*R9CddRaS%}h0rtg$WyJNQ*~RDBf`=-PttioBO3Nu_7Kdn;32rocs!BkXXT-F+*l
z0n<59B`B=?>CvII0`suyr$)~2?+B*%)LUN)scM$23bh_-JN(1{u=z0wwV8L~-EJz2
zGlHJ%L(*%xGz1wrT0%{+A*gIFkuJvKu13BGsbh8z8~uHpCMZ(QuY&bhfCE%&Ez6%)
z_`C`3HIbKTvg%2>(E7jPjC+>O`7uLlg}(Xqxih_D{5DsI4p0L2O7vz8*PuoBmFA{}
zDAzxJ(TxkU3rvG0k{wWe*GH*=sF;Tjde(zc#~4Qi-#iuyBO@J1S$_TAayhKw`nNf~
zj*h|)Vb!PIc%DdqY>n4DU7s2WbkoS6JT=?TR_a&EEvs1~`@HqHe~H~Nm7rePvQQ&+
zXy{5Def%~Xb?jpHWO`S5oph>3oL$0;Ze&7;L3yTJ-*e*UX!(gLtaQbY+)Y-t|I#?=
zySF=u`%E)D`X^jW^Yfk@2#}KNkpATRGBot(i-dl=FK0^SwMAqe`G&l;o7ocLYS9U`
z6By@@tVhu1*O?Bm2Mwf4bFbBi_Pl)MIr&74l9@tt=Igz(6$=>H3t#hnVwx|gRw(3j
zKbn^Z@AH7_;Qs29`pl0}E>q|TL7azRUF%|mCr<yA<wNr{YydLc(1z9<a&TW~RijIo
zUZ%64<D7}x2!wU<{!$3)Mz;a?RS9d=u-(CUg;fDGo{(erJsK~VvT(WeC|J%t(dd`4
z5dMpP4ptz7I^;2T{74sFfl#x=)Vi{^zs&pZP$I{$BYGM=7%z`tR3+r)l>3#XQ}JkL
z{(CoK6klenpXWMbDfGD@)$&q@s~eY+tkVOV$MA+7Q+bFD^rhvd$&{V>(~64yI(SZm
zQJrM_<T@*xk9tNjkm3=MK)IOg9WfQU9v=Ng=Fa^U0K>2r(x^R#9P#{q{gYw86?iUZ
z<^?KY0oUA-bTaMW*~8=}-+~Lj_(d0XPmBgdk9cj=+a>#ipM}jGQYQ2d1iYstf}UH!
zp;C-y#}76Jn;;d--{p4xL!4RgAzkF*sFYKeNN56oA4?I0DBKN@_{Y+3zw<r|*-iL`
zozEbPOOx=^tUig_;VeZ-etA0>S6tauw_$z*G|_k76Eaev)a4G4kwpDc3}=$?`w`*q
zph5syqoSJw6Zs-{{QYtiI9HL#dI%`#23se2Uo?2Z<w3bxc;<?MCEGsXsYWHnqDQSR
z<_ahn$dn}+aif~*iD-(C#L%y*n_v8ZrlIr#K6u_RCsBCgHbBRZm^QE|vVfPU2$T%|
zatv}B#Bc}Ovd>DOdl(uh(jf<Y&IBApqCQ@q!MOEI3_>&8pcA9(JwZ%OBB@q<J@UP(
zl*J$Mp$We87EpAE*q|%Xh}p+2Q@eN)ct|%O*hhH^^#Hh1MHZB#93DGJ^vhwt`c!M;
zAOa_bmo`9};4eF@!js{`LtKQbqW|#YIfR0>FbTVDCG4hylnYPTjYKSJiX(<ne!iq{
zw3tx9O?JjCNaa=5_*TFqjf7y8y&K%N1ridBo$b%+7r~i|1%#ZB9WgN&sjQSGQW-E)
z*VV78p{uiH%kF5hS!O_f3FaW%8?Dd<2J}%`5DBsd-C)PG`i{1R55`(pGGFA}h3%2-
zj1FlH2BRGr0DY1nhVUe{&#Qr_LI)9Vx|Wi1W%~aZkU{M@ySG$;X>hKOXYXZ^-FZkJ
zQ&H&}0-7R3P@(esClYpmtQM1X!3^-Yyw!p*IWaPM!MCrE6}u0zDTEhYyCjLnaa*+6
z_3A)y>}v=rjw$gIgy4Se-NU|b{_7@3nIE^-hzZT|oe<-rm!Sw_A$y&h5SD0mL%BX2
z-!k>spLI{W4a@=~x~`Ht@~vGG&iq5t#3cx4*sesq92q@G*%(_$J@JZyO*N;YEn&e#
z?V7$5H+TPVq~NP+Y>@GVvK=oDu4f%S87amXg|28jva7%aR`KGD^dg`|K9?SN8%!xF
z@G{y6on<?3&H+bDq||6ImIHtIBde)H$t(?vURO}g!x2!-L=jJ-FgEgA>A=1ko&h%e
zehT=*^R;vj{<T9}ou8HdIaq>4fH&|qGC+zeV|<Cum-&$&qfL|CDFI)biSkH^9{7P9
z9<p+A9<)YGDiG9(7<3DO!-&EG+*_`3((Kwm;g_-P7K~@2)N3wLrC@j=&9i@h#Wx0a
z)09YLO4dH(cH2C^C+vIbsN<>>&fvhH?Jy5hY7gU58|*$&|1X~wqm{S>fG-(KAc}D8
z64I$2Mt?0C!=R0(cCf9jdx&bcjHNFvnRD0=-fX?_@1_iJM@8HG{RQ4(S44JRbA$SX
zX3m)Yu_>QE++><vEYpvkgn5eaAWM*BlnDCCL{7K*B!cK&+sK?uW@Gj<Zj?JEM<vtT
zyCawiNf>tv69X<us#yFGhJA|#RRYBmYRumB;tX7LNEgJf6B#xkM2_nIuO?D?pq%0J
z4Hq>oJdFr-dh~en&)^GD(SY7WCgygY>bO}7=|*BOGT(bEEOEO9g{i(Rt4F%F^Zo&~
zl&D?sTXpy0yR&52*p+O%LUCW=9}mtLe&?;grFWsMw5&+?CX;3C<E{l^HMn<){bS8s
zLA+N)BJuW$EOb%VM-uC$O_+8{sOLZSgv#v^U(A)m89cYhO`MOu)94cY8iEv-vLs(_
z;VZfaD+(Z2v=Iy+4|!Dr2!Y#UFlKHdy+?(xnFCXS6^Elksj0(x31yJ<x1>77`2M!s
zs>)=+Ccw%70T`E(kQGS>Uc?VV?hZ~*Oh*CL!0Lp0mD$AE1zs$hY$PZ}uk(6aV+cX^
z7x5bTnoTugBAW#;N?wZnxM~exI`&g*S@(WDF$t&W=>`W;po3ABHKKW~VY9gd5JAB|
zFms|w5mIsTH4fG}q=)XyZnrMZSRDfti*gJZ7kHI&%=uR2`&~z|vK1v0x@A9PYBZv4
z;Cy@hsBh%~2i3pI7bk`g{qVa{2_T6fnVUZhZrltsR%s@Jgqn$l;#N8_KOaHJ)&?O>
z@wf6b#mV{DuhfFPb&<^CTkMPnN)dK7^}hl7V!34R;7g$FqtQV<CDj}3;OE;fj^0N_
zUYZ~&#_l~AZ$nh*tTeNm1n&*LRkbsEx$kZcv|ljZ(D{1&gM+bj`N9V6?o*ypwXJn~
z#Gr#x@w4&ebJt9uqL%1^H1>tZMK@_64c%1|4}2ojQ0lsm^j2Y@ZicnJr@+(VgTB+}
zZO!j9#jPj}v|mAEp@r6jV-lB(SNFgVDJf>{#yU1iUI8a1D;c;rAr>&?fO@(x`UuG2
zVWx4B?ih+RN{?QG5Bo@r9A+%_#&m;%6(A1ut8&|&dXG<@*M8pNk*${|81d=iCNVa9
z-6@~dLru-$z6x0LnU30MNe>P<x<+`CPY}2A0_9Zuv`h>(!$0Qxdg*V#kF-11Ohl24
zpno=nOv^Wpm@~zN$MqiNo!t9egt0Ct<KDhkDb%5@hwpGO%I=tMF&SyeE|^#VzK8In
zVMneZqEEH|1hYf4BN^~6=E}ZV?qIO(_`)&OH3I5!>pKrjl(a~0&*#a}fv21>LuOW(
zy0?4alhjB4-U@H%kqP)Den$oGNzZk}`wi$Lmxp#Vc~3|R#Y3BH7e`*Vp93mRBx;ei
z#s_j}Ae}MIxlo}-!z=!D0iH72;G1V<uw(TGU&f&e8J=%5?<gz}9Th*q(zQrHjGpmj
zPy)o>{ua>#HL?lkFmId$tk^w-u*}VuR_9AEkIg4H@lDyOH(35c%JCtYk41(BC3)gV
zhB(~c6gL*V?Hv%pRHH`Cn~!m^VhxWGnsYGT-URXjttnn}5K87<o(9kHee)jp$o&fO
zg#9HQGx;FNszL$t2ZUW{H$Iy_hYeWRADFlsdtC29=E>fKyT$n}7^OLHc-%hH@%4|V
zskO<N{o7p&hR0V8rGp7IQFN<C%cPn_;pwd|(S)7=U!>R12y=pMZOo1VI@&4u$&!Rh
z+}*Kt;8lG<mSk(8HYC{I+%-0AjR2-BT{leWKJ|L*M@Jbl+w1F|&cAB5Ab<@^^e3!i
z<tdTgO*JU5WwAmGJ!U_FNC)><f4y6m^Y(MA_)Yj24S$!mgJZk9_4RTE+k=c1s!~6j
z9^O6E-1K8vkS|qahh$A?s`fohX+1N3_}edTj6MP73K&!!022eMp&CA@wPU~2?=;Yx
z27Ti3UHh1?PS}XVz94zCdwC~EJ0#F%1{DYSziTw9RE2VcN4e&#e6!0lsA>H0k8~;L
zmNbd$EQxHrV)R-MNcdwD)`Wx|Cel}q^{Br<nMBrYHzMC><N3M6qzPfXj8k=)v6@u;
z#y`}4(Rf=`mXUKFr}am_!Bhx!dV<adHCeaus|xhSiN`|jXT)ZCKi06*b0k1bj?px5
zZ@hSy8-!kDM`?MC+Ht2B-K!no@E;ES`Zf^?JG>kMQIu1}6TyfMm}-mb7E@=@Usom<
zi+#U7#5MU{a9AVMH?R~mc*B{>^+ir8DE&I^CbbsxIkA>?s?OtwzxQ^?vMU0v*%&DR
zZTsM;av#4y?HcgX^dbvTAotsZ2zt>>445AAwZvlZ2M)ep|1(RfCxE3hczUj(SgfQ^
z{3HMHH<OvqrFkcNOOi!-nA^&)6qU)JnmyZc(7h!sr`LlO+bu81;#UPIjuB8kl#VAM
zK^#Yl`;C&Avzsx?w8hA$m=Uoj7Vyn1+O}u!e*A&Z9qu)HBO*@qi^cE_>ykc&pWglE
z{Gl?DrBjBp-<$IIr<TyXX3LipM4VO6H4PWkzTv#kdmpc=9gC$D=<-m;qU)m7<t&)j
zc7llO1cs_pN2LV%<G^N6{%dtn&qXJQ8*EA85rl9BMSMIvv<S-z)CrIE-oIHxke7c-
z?XzJ;Ks_Iq%FQW%i!+mjot{!MnAg)-ufTXpSFqa|;35fA`^>~)M*2uR2eKM51VN{+
z<fiq4_gTr)IX^o+e9A1VQ!nlkKiuXP#M#AhARYWX9Jqzu(_OXjoQ6k_`gY9n7>ViJ
z+X>i=1;|RLLg+`_K!Fp>yrxpsMHitlh~R>VXWj+y!FX8%i5*ll=u;+T$?N_<2nLdw
zXYWgKi@0xwi135<S5*~sW(s-<lWq0aPh5eceqRvGpotPToW2jlOE?mB4v~XyXL<<}
z$%XibVNQe$G?db&T#n66i$td87mct1sylHYngP&-99_nsbsQh_7h{$?2)n%$B|u#|
z5Lcv0u3UzqfFir!HCO~WR6$0)n$fC!$@^*M;|t5K@5?5kIT}+Vpd%K~RIR!4Cx*qk
z-Z%k|Ls>*}p`ZHCa_>Rfhw9>nf6;&bi~kjD?}GT3bc68ZuEUG@7_um`o%f=Cw<7iV
z@T3phSyYEj)Fn2-*n&XkrUKN`G{5B6#}*7{LORz9^~li%#69AL@w5<qFT|Oai75Go
ze(qaN@`x2Bo_^|q_aw)#R-OX$+`fOoW#VC=vr9Z87MUyT3Ie3gS^eZ667O{5W86c$
z`)AefH{r<v?iw?tddYHlz!>Rx?5hf?d5CAkpeJnFgGFTHtR(;<BOFAEJ_@gzqc;)Y
z4Ksn1sPadCxQvHX8u)IBTWsX}BizFq%{N0?3Tm`yK8T@f%TQckNqf8pekPB#V)mLj
z&+CK!S+WWjALCP!?U!*@II2cSL4F3}(b6VhG`?OUdyd&3HZjmJn*9?SKre!g46E05
zQ?MzyPDhv@ui?CJ#t8+v8*KO)!6I7q|4XPf1zOdBBUNh&x%#u@^cO#%O@&quXfg&z
zlNP_V7BHGo3{rh`86f5y7m+m!pE<>$4L6t$y(n)QhH}yTpvW!s8Fmk);;5oM4Y~eb
z4kpZx4=H^QY)uSK!SPAi6;^eysj(S91Yl4v?D|*U2!_K2JG&Q*F+8I6<Y+r8M9)B-
zK%ie5McDJRGxkfqIe*_24>(f9FuJ*l*3H-kv$?p9j_h=E(A2}skEfMX0Yo(D;enny
zk&D25A=U*yHj3Ao=4T6QFf%bYFxJ(NIu4pcQLhrTx?E1B20{ST_aBiT8de4qaiF9<
zbZOJQ1R>`*)gB9P!4vSNywuOF{>gJfRY$xc;7Urup<xpnoo4lzA4|)+Il!lpgDSsx
ztZOAG;s<YWPH^l*wy4Vv&$u^qj#8i({r*O0(=aFjI8O{G#ID~F`7KU$nAsv?9&9WT
z`=eN2Xrb>Pp>58AtS1yn|M86g6QF9|^|L2M94Gwy^-fMvk?-Mb6%5CUA;I?m9kUdn
zf+CyOty-z(gGry9SkewoT45mRQ{dpY;uL33^@xnQg#A##bro>+C|!V=5!Gpo=abmS
zB9@80_+<E&!WeN&e7ZDxQZ^uIZ4nGCvBN<;_8pH9XmfQI@Xl)G`lq(ut+%=R-l{l>
zM-KSgt9Kfu<?WBLE(SvxzYudLa#)xW9WVQUuh*APQ>-M31_sEEzwdc<b2MBENm|R{
z^8hhC;@dBjDFPPq=>gHz-7?%*RCOuY$F8<q_51Z&HU5#3A)`lmKcraZ!+AQ}N6ALh
z^&zlSa!{TEWE4Xgp23Qv3($vv%-<kb(7=|^Q*zcCn<`eW?+DsZ=a4OV?Ne;N?AO*4
z*HexK@SPB;?yX>B{6{(mHV`>u=0}a5i<<Lu!)5CqDi;mQk8C^2yuAiFNkX-Fqaia`
z3<V;3IAGslH!z4BIuDF?6jb_NSFA1K-QKaS=~dPtXPH&lL_d+`!Gdvv8>sb1{^{qk
z53}ZeLUn<3vJ9^aNL8n(a|!0&d0NTY_!3K(FAC8i;@6Lku&P_O&_`CzL4HQ)j9Haq
z*`1Ju^QX43j5X4!)tP?R@%`hgXM>>2Bnv#nzxJBr81hghtPPO8t9@~-;(8tg>&q*=
zr?aKsO>aJ4yx48!iA@4n3+YG9>ouZRqX3H-)HQhy#*(xDJL@IQf(=$3#2+?ua5NzA
zw<SiG0ZN1!ql|A|S@}TT+y(E1jddzXpQxfQW`sq~Yxqg+VVy7F(G5X`m8I@mIn75?
z;IwJ5I1|*Z^G8B9cTBQl&%WyA1PU|Y9Zm{MmS;2>SgBw1UU$pTbD3!9aDLj0W0n7d
zrr2R2(&4VyrYKg#<@WbBD~uh^zT593u>~n1GrRmcTg|BuT?5dsgqrnR>c~K6r&UMr
z?fuDa;bnfDqk*4nR&eoZurl;W@i2^xd@m2K0(S?9AhZOt`zWcFJB{b_2Z*Fe*IF?1
z%NK5g^S^BuMsEgD=vnr!M|+xzOJCg4Oj7Kz8Ta%W>>ZKg=fEOJJENRfAlV)GC*ck6
zbXy@t|A2Zb8c5VLQ-{DkQvwV2%upTLBUU`Fpnh>A>u3rGV~AW{IMiY}s}uf08@Ngw
z<<fA`YA8X$8}1wN_2K!<#C2^69Nh6gik^o=B+IK|0c4oqzTd<^(CX*<MI_rnIZwoc
z{oy87Gw%^gkzeZLoMf_`PgZr_3I+9)9(W}>0p9xJjgmaqflDBVPtsDBT!4K>cRk@&
zVEPBrYDPh}ZQ0O!7U-DVz-kE<f0Jmhc9`v0kIipSzrix0%WQNq2y;JZVla?-2c0CJ
zAAP~CU_z|v#dsaeg9zS-Il))Z4bR?)yfqz6e}1XL0Xkl~JFV*0%bSd3S!}Cc_@_tP
z{g7Ugr%10384SU+?#I@$Hm4$IV?t_r1S)4Tesa=OzN-2PMjCPd+PP}Mjj3at^`S;7
zo||~+BSdBl69)D6bAzM;(Q$>=NXr907DMYE<X#BzoJxnx6rSlEKF}lL4#%JT4T(f}
z0FRp#-}lS)mrGx`9T!R1+=Ed>2{hGUrG2gAAB55OK(;pJ9Aj1r$;Y$5eC0#9r0BYs
zbm|idT|ISlQ2t{Zhqu_0fKR9W9$#RFsTr~CCF5rIV>t5I_ZOhKAA*f%oLHBJ$_Kgl
z(K@)y6|%VA=prYqh}E`)<_xfbYkBpk`i0y3FYF7czqR9qn;qW?pn>ZYk;O}#w!UWW
zx11_e67`q$!mh230-S>uZTou>m^E1uXh1p`k^jI!LBB`v8NeS0xM`vgzihvI>VeU-
zl9t={S)&8h!{dIx%V)yD6D%>kU%P6@)89}26I>o&KG@?X`T71)0n08D5$Pt`db}yR
z?IBL)0f73-iA!08YQ$W5B{5nn;0qXC*KjZGGBwIeH-89u?MUxvMYfqSr|a699YC(P
z1v=Fy3nJzY={?J9{@KuTuE^%Ld5z!GEmdr<RRtE#@~PK*TB#Yza8ZvD{7l@}n62#G
zK~aVNhxw6_hMo&Z6HAW;YYSkr>eA|QNK<SOD!IjuxnQ2%GxwIVHAr;F^s7o4zDk)&
zo3seNQR^S;8rgm7$K88PkFv^T>-?CmN(U4sci&OivYKJDY|_H4l4&$`hiQHqD<fJO
zv0qHHZ0{}K;Dqk{@Y-O}BYw`BUS_ZGB`h}kU=j<~u!;~PRSi6;#pBt*(!izdU@BFw
zGB9#K%QPm>{&l~P<jlt=m4xaExfbd70|OqXivlOyrjE^WCwvMr6k%kNHYWbE^8w&d
z3|vDo|HQ6welhxa)Ab5pKEw6ximy(uUb2dQ*rGPR#meDCt@Z8g=eA2^o?(59{-~DV
z^k>~I!Rhh8LyA`y2aQWe7u?XHz7_U3p?bSnKyzl)`_VIoBkNZUw)G({r5G(v+*PhL
zmo9{!<!5Ma5ZmrIvDCceIsn4VC!F-P`@cA9DAah!efr%l9_~__C;aobqtwEp-vgr?
zgz`oQq3hC*KAA7t=#$3m9(v{}z#3LY`r@)1v##Gag-JNfZv$({4$fCfq$GME^!?5W
z;u;teC>FGDzH(%ZCFj}EkDGi09=q;e=#!;1)I<$f+|=Sg5wwwQn3fpXK0KDETNXGg
zRLQ(qd#HT7XY6Z?g~CEmo_fgJxcy?Syxu>Sp>Q!DP2wpC<pU^a;*ZLLGl*T&>@Hu=
zjv5yk_%E`Nr{}G%?zYx!tAD8EoSrroSmB{PXYj!D))Jd5Z<Qtkc-=-C4=<polMk`9
zSn-c*GL>p%6W(8cMIBX&3`om(#M@ZyM12r!P1}pJQ&GVh`*l(=AucFuiR=#Uu5aeS
zBU+p43isDr{`l?NVe}wx@h7Pn<}}rbefa5)i`xq>yS?RGKq0%7s4o3g`KV!^9El4J
z9S+kHSL5V6Ns<rceTUW9l(rTAl$tFmS@KCcqO(_zlJH_mQa07CA}N^b;|eP&o5+uD
zw`cSsI={CnDV7PvDWAd0h*BN4cg-y0CfRh09+c=E#F?mvKZ87i;QOlj<Z1<U5zs1N
zR^Pph#bf4^W73trxs%-i-=xB-so#a4w0u7|RAv+u^>(lzF*9Sb%+;wQrC>3GL5lS?
zba4$iXl36Ut?4w+JLfTMJZ7*rXA6#hGVebDuM%Un*`M{7y<$RoHq%Z}Le0<D^P`)0
z$JX>J&E307A|58X#HeNXwp7U%EA7j(s*6{##>ivR*xvQOT|77Zb*ZZ?`DlGc<_39I
zqu^-iCaBj3Fi<>7D3w@XHc^YmN{;{D+z|T3d+v7B`(57V)7HIeGH*lO#wWLWvQRil
zw#$1Pr^{>j%r75%H}G6+c>}?Qza;u9ms7%p9ZHz;>)6XpOMq>K4i?Zd44bN{9ru3}
zrQdt^v)DDEdaMLAd;Wwub=N<x_JQ$Q*1jw0oEUbJyo;D)Bdqux90X0&MH1WjGku?P
zzof5BeQafq!oCL<jdI2pMkIw(OQx>(%42F|yuEkRihi?yAn+=qB#vJ;D0?$cfs!BD
zEf;Iy^do&0zZmvQ>{fX3z#G$FLKlA&&33NaanW^Ugg(Vk&F9n*K(YCHBPCD2*GlUT
z5yIV82r4XP8{4fU>Ri@~4r)9hTCo`aeE^*c|NK)mQPIaB(Q|pFZucthZsqMl4-Y!8
zFrU3MZYO;dsQG8PQooz?YW~4|F8Nw~v>`{>`k~lYPU<Rfg)|I~OQo%FsTroUYb|Rc
zug}p$!J(`UrtK5%PaW4*rnn3`l^I=#DxLUTVth@67C~Si`n7-T0fX<cG>xS=7b?ZH
zbOBf*<TfoF%%ZLU8Q9b=3@ta6!^{Q_pX>0TymdJ(C3Nden_@-|(@x&WXZS3l199vb
zQ)2mtXG+j_(xCOPvIPGqRE9I^3#dkFk`2C#KSdR#)xB-G9kyR7WztHjta`HF$Wv0F
z|L4rYzLkW0xrmi)YV^JO*SpEO+=zN_z}>LJb?3EAJRNkJ^sP(5%AE)(WW#u%wWqJq
zN!`@8U9itASZ>Lr!Rmd-$0qAX+?@F;wX2-J?2ehn#x4+sPiZaOwxRm3DIR76C2zuw
zV=Z!{(2ZaP$J#7)4IRvs=sHQuvSfuzuUM2l8EzXNcE4cbFIp)N$6`lJf8O2Cn@C2N
zjLWa8zbZIJ-u~Obft7q)E1SBDyWtd06A}wmH6Q<Q1~QlTE(rG3z@ksI3-qa77;!T<
zcpN0LNocxSiKFpY-vOyc70<2MGg6FouKqJ^K-ZB44bI-ir<49~sR({q{Z-C!F#sxA
z_oxs5W3z9E>5tcIbeR?K*mNuJk709F?{J?|2yxfJ8rG8ZzWa}`4KLyKHeO*(-<c1-
zfp%Id1hIi3heX)V8T;jkY<I0fnC3p`Zas4Y=EF-uvr@^tHY=HX_c^bP=W2C#f(r!5
zd0+fHFRxSsTUizow$lWDa>*=8`(D-ycl0xO%eQrcXK4B0dd|FP;`g%eu`<GoN?dh?
znU&LNu}=<zmvKKx<V5c%fvU_8zYXeI2A5da%l>Bqmh(1VO{cFzb(8>05Se=vI!{`e
zSNrn-(HBM+PbDyge?F$}>roq*A2@OPT~oghR51ulh5a+>jP2=jB9w5Kk`B9iE@(D%
z!7KjIfw9+Qxbv4ZbgFLbV=>8#g*Mz?GmgR%E}Lr~3NJ*p8CDg@YrEY)J=9phN~<RJ
z2#4(cnt7KWJ)<@PedoH-0rNxw;>izogWu{}{heQv<#cPUU3KQq^z&w&7qYmUiudh1
z=byBFIrFrjhEHj-8#`Tq&|+*h_^%|;Z#;c^Xd(A?5Nx{7K>!T5@dTbyBUI?=LyKsl
zNu7*Bugc*~vYQwB2uan&Q3YIOJTj-Xl{{0zS!urHI_LhcDftst=FoV#51AXZ*0{kT
zQ4eESF@Q>&&$b?-3X0(PW_u<5bT^h`xl#gs+9n-#QVph;<72*OeL8lsaKH0)4?Xoo
zF4^;QNBq0ooVx0-hq<Xn0s{a<$mZ&=nILS#ib0%og>St%)tTOJe>kn^J6sqZGG-p^
z_Oe)wMph}YIdsJwIT)`l)nER(Z<gwa>y|Zf_&)qr)O&G9xNa5mtJva0I|U?>cT|5`
zWV+C2t9ODh)1XzuN3^kE0j-Q&US|?ql}C=Q^=YHoKKyLlEht0sgt!=v9s^DRyB-VT
zT7l(Sfd+WE?6^ydsPupf!Zexu*b*`v^NadtqlZK5FQ!*uWsxD&42Wi2wh~J5E*bK&
zUA`<0Z?-Y@L#Oo;_nlJS*cdw{#9<##7^kk_f7B-IgYqqBma;tPf@8c9FZ?-(Zl4F^
zv{^QFIuo^7-YL32T$~8d{$jh|SrG+i)3#(*wP*RA;cky>#ftO#+gKCV5|Tz2{3lGL
zDvx+)KA~7{#Z6uXVe;NVz>H0)uVGDG0#8c&a;h$lRZZEQk7*g3!0Z=dOJtd!=^r;j
z-4q27FNCFX?Vb8b<3g_gLH{sO48~4gn`ec@Y4F(_G$=PBCsrir9}Bs|Gn6O#R>*On
z;G<>=MKDp0oVfTOluro?E=rTCWBY`<HoNQzJb7qcX)PP0{}~98IXCSs&fJctxrO;W
zU%WTTov%yU?iK$ePvL8;%i}mLk;H)cdH=z4lp-xY#>Ug&PF-?Q)D2>I7<6!04NH{7
zw>?mMWamczYrQ@4r<_l}6N_`h-jVqLm!<#MiSy%Eqx9FZQxbA1F9AAW;Y0$9-tyUY
zoT6ZO9i!h^p76Hy5{vzF4N8VdOVe~N&xW!7l4*rFj?>W>TqQl|KBPkPOz2<h_<J)r
z#{Oy70_sV$xN!N8wRU#aXqAb3;R6P92dy1;y%j_{x3J#ZxZvp<EeEFnCkIc_7X^7Y
zm1+K@Sntz>>-VVNAsQn`gRdg^i*oE<uMh{O)IqX*gKX;QX1Ht?(>bt~)pAc$OreW~
z+gc}|fFWUKpSD(E;Z3E#Q&uDA@~?ZNmlX1|gqfNfOy0IrX2HVA<4DiaAx|LjNm;Fo
zts$C_OOxjJdJ{z-)<a8POpdni^1A1@@>#x)h=OLp__{Q74Dqt4?c#_D@e%sCc)4Kj
z#}F2sU3`_!Km(;_BG>vZ?d8lx4($F|0dGU@(~xKNpG<D}|0?qw{V1jqclXD)9YrPI
zTIKpfb7f9SHBR5V;zk`j^~nemBJOs=4z2!&i^XTxvMQ~Ntzo?b*P4_1uAJ;){P;z+
zXCqvy;>(#Z4e3bj#ghUfx4R6b2fw=Ir=0esJU6B|>wI<z{OuVqbCRdLR+}<u)pnx3
z!pGFEDq*s-^=ke7jM0-X*ZT&j&mH-SRsAHg6?Eka4u!H4D=VLDMH|G2&pH`vS6OzY
zCH;P-P_$z_Cpg$}0pLG_sm724tSfc3(9z1!)7#i=e^Hb5b91SabJAfuUbIbRP_56k
z*;1<Yc*JYky~5j`WTu9?>#(|z%{8=dkR72gyT9D}`#j~zn@@6#*c)V#fbl3~y+rN%
zm<KRd;glU;AeIP+j_4OFtP3@{rj0NAT(!>Xs2VIdIwTh+7B;%PR&2IicgfJY_|V1f
zEa7C#WPi}yAobv1(@blU!R_dsJLt%LcsAG-7)vtq)v>UqTXy4gaj^3_g9Ups91@N!
zQYsVR>gWg>@!j;!G+0jU)(-WWZm@2!;UOJKL%KK-GGVKd{~GE<J%B03bY7i9CRYbc
z0Bm!RJ)_GNtk9X%y$_eNG-MhjDmr+HBC3V>xc3zOTv}NQLZT4%MRMj%|Mp+80%yP6
zVNv=YVRsW<0TdR4B9p@eI#loEA~oS4`t<0}zSxdOtD(E3KK)p#&V;&OOm=L2T{d%B
zaY}lUnve5~sZSSPkF`X<9oiMCr^nSrCC!h)XIuT_A%ByIE$%jlMU+l=uUabDiSp-+
zodo_)Tzd*G8mafBt5vWTYnDw<-Hdvl{y?|V!qz8NPLL6_-CvY>maFjD)?|!_%*WW*
z8fy3mz-4OWu!r}Q&@z#`*hz}frK1O2A^%CalK<FbEjw=Gq<m%GoNC;ivUKcd@sdxS
zR`F)xQ|dGFwIkxitKC+vrQINHNIG2MS^Y0tZ>WE<^^j#>lk;E+#`sU%VeKyTSo{BV
zj=%{31>6tVAChW_-CE4slzn5;RWYGGJfG9)eIrD^@$-`+LHoynG~5iXvG%21k8ee{
zum2&%B7mW{pBQ46QmPpoTTj0qo|_YIyXRPba9BCaC@F7MtEfQll!D{qSarkQXYEq>
z7y;z`ar?Ql%LDiO{Y}TyP0YY1Z)ES<Ebx^TQwk&a9fL9j>_al?57`?o9X&DesJs2x
z{+Nt|FQ%6Dc2E-3itX1H-jZC9Nv1?;c0aP8@y6Pw{3C=ighidv2LC}nPZWG<=Mh#;
zU}8HO-20nu$sa1|E^|`fTsg*(yzS5q-kCcKDZ&I4pxytG?NbvUI`;T)LBb{X7AL(_
ztNxUa!E$uzAw=eoalM)AH3wmtWoG<~X7DGkozz21jZ2-p6r-;9s&rgQ-!EJH^FI6B
zT*j^w%oH9*HR)EA1qDwmS~vUBjl3)qrlOzsKfpD}GIImTwJ)hNZy^D|usq$f>ZCQc
z%KZ&c`gKlK5#vF~SfkyfPZv{$@qko8pLMdS`pxKGQF1UkM6!G5<aSUk!M8L%0Ww6z
z{z+go+$@5|VQ&y{?(23F^va~pN1fa9L%l@r_Ju~R(!XZ@i`)5!`Hc3<Qzu)nB9bkM
zhCi}Hb|jTRU;F$s%nfkKnmUIs8k#3y&@Tear#~-%h|7SRcHTg{GuUe)TCGB?_%Oe0
zN<pXl%E#9az=g)pI|*Y<$J{`pd1hJVjlX6vpifygHJw5iL`j8AMS>?=0jOY<JG%fL
z8hqc~_g^P?r89dbdvw{<gIV_OCSs5VE!gaf6Sw~X6;tt3VUSK{XyFLC2@rB~HQ}tb
zz8dm^Lo2%7qlJLdZnpb9<&14w^1WwMdoW{d2z6imUKiQf=xwIr+ZSz*i<QB4Omwnl
zLQ>P=c>gMTj*5@W_{QLr$^}+Mte;lgEc)Mz%^Tk@UX`BMuvn&r#pJn$%2ly-Re~35
zl7!pbY92m5WBhcy?A(lZ{H5iZURS#eHD|9%l<F?W(|w6quOF32pS?2n4=5OZVC+K|
z?RwY?GV2vdTyv*HM?k}M^_tr!%;yf47rltRtKxRpZEnZbH*8+4+PE2`?|u7M54vKV
zUO)Q4&E*xD*=ZD1f!?~Nn?jK4<1PJSskSOM`ctYi?@MXBPw4|Lzq177GRCUUZoT8)
zWiq2K^;n+iei9D1sgqMzhAKwBxWp@D@wY#sD<_zmVhtBeua$)Zt}2Hc5DKQVp|E7t
z(B4tWHTS>SQ&#sCznT*0<?UHDp_NlJup{Ro=9eIjM~k#mH}%z)gpzN{LK4BhCCH0z
zXvAN50vx|;tr0G5LJW|wF0UnH=5-fMW3wL_ik;ByaNJks&^ou=L1$K5tMn}vmq-f1
zCR_c4;0kn{g&b;U4GqSRfeZxszw|ef0?<EvJf;s>=Bs9#+5(}Q-##tarO5me%S$P{
zGU?HXk9o%XW<|G04DE2<SEd)cn33l|h-<D+4DH9-Fpj^eVzsR+STZ@bfH_e8NF&zz
z64u&a6r;;xe0pD*tI?hOjzo=)3*XMROw8?h<QkJx(tlffVOQ%c)RJH%UU~h<9DY&L
ztAP8{6_9vh(Btzrrv5VEW}FK0f90dHs^dZwYBn9-O<bPp!fC57n|H4}<&f?|EXIB<
z>zW*gN)L;mfh)dzrLSwxbuhPv<w?K(Qnaq><y7F*wztpf@9e|;V&|z|vFlLl8>;$+
zqD?IxH~vOh8@|7O6n~ke`JVTGKum_7J-%(m+KOqfQfRzd_2pR_+<8N<sgr-~E7{Ss
zsOsFS|2o}NR#i?4-RHAV%<BHtY9zSz1IIVU6R*eOKFd4T(4D961JVGYP}rRMOFhhM
z_t5;+qfiqIR=Xg#f-O_mR=?`55~?=MG`u>yRTW;l1%m^j6D4)F-`T=TI5bMw9b&gy
zT#Z~5n5Rz}rKVVwpZ;u?m0J9>Av40K<6K&km1~s4xNFC&+tRDLTnYAKaZ8=Q237p6
zm(jyxZt44PW?xe^s{zc?l_&1{3qE8p?w@rE(iB_I_v$g$es;{X75xx5P|<qS*X_{Y
zS7-Gx%W1VFjY<z)$LCnYTl{DQ))$uj$j)lyp?%#I;=%>AOaFYyR391kHNlyI#{9kJ
zte9#LL35!-B*OXJW3S5t!tRIEHtGGYRf_6<%p%%<TxFGx^3reF$(^orgZasC9(`$h
zWMeNbBZwOAyYFyqTfuhq_TD(S=tF@3Zox+k#y3g9i#zCh0U|5WHB-i&UW`|yd#U(-
z%ja3A&{%kqQMG+wSG-0^$^~bT7lr}X@HSGN>ogS|fUdE+XnK4EpNSW#<ajBm@WvO~
z2^pSO@IF<>xmx&ppXX^F(W|Xs94=I7ro5Nk(B|K5v`sp^bH8)rH6=lLRwXHNUY$*;
zze<|h*F1yT3^^K(WKGrW;-)z{bR_SB#?8+AgsuiZg?$Lcr95S<Jt+UUwT%(K|H_zC
z_!M8q+4Zk&wMqxD^kh=2jk6N9o?V-a{o^O-ksp!pxX_UD`8EBOo8V=q?q8_5wH{(q
zg>J8+Wo$0kr-K9jnW6)6Ia8iHKE#4jYjQlUXsU3M3FKKGyOGfZ1{AGSIV0_>w~?Pz
zxYw4yI&nMYAw`6-GwH7AVi#7-uamS$&BuV9O5E-p>)-kq-u)J}b<Xc>c|^l4?-kYX
zupHqfx~Csv7LBB+z`LM7X+O}UK<F|*R(-#l2KU0y*F|53FuIUfLRTVk1@E+2=r&+O
zU!Dflnr@J|ZBTmCMK)ud&GP2pb;Z9E*U3Ew1+?D0aOyg#(9TJk|J|TE{S7L&zB4m^
z59Nxgr4u^_GV>9ZRa}Bw7Y1Jqu#>}6-(b9$LT97c9h*E*RQ#l`Yr>D(Eo3RVj$ZbL
zT=gxbwHv}Ty}Tv=6jBqdL|!N@XLC7@6aB`n6KFR=yQMnj*05tr4<J5ad*vbOqh~N~
zQWS2(q0o2eqT=ljDp}sFeww7Si+cS?oi|iBXwltyO3>U6u1LkgrN0F~Mz(n)AxBF2
z*^h=o&DN>GyQi!_Jp@XjsapclI-9QLRk)r!UDAIjEH%=f$zq~KPMrs)^g_k@FgRjM
z4*I%6sZ^8aDv6S~BYpQ*O7?Y$h+s<JS=-0daRwHf@@@U0!q1H7F6SDSAVt}HbE<Mj
z^Xg#Nb$=+(wI6Jxx*%Hvzg0r+rkeBx*wnmx&ON#gy@}y!`)&%C92T4@yu_^|@B{6N
zK1bfb?$<wsS2e4$%qEfY>}#vv87#L*R`xH(6f%;^cN1q%Jcp9#UN=d*f!_9VwO#(h
z1|a*I^T#&pT*>dI=oAho>}RqS#C+6s6vqNdF@qPg{Zf@u7bv`Ybe;fMFjYF$N18p+
zp|PYNy~faDB>~fHHm3R<eh|uv6*!o12{kIc^>N;#m3YnCZHv$)fi7LrfX-+bzpu`O
zq{v^;z9y%7tKFi+hbLf>Q?E&Fcmu}mYAuM|Djt^Ln**~s{wv=UbFP{;TlMc`+A$3I
zMW0Mo%`c87t_Z$5l*K+fGr=SnsVr7Pdhx2QaCBFxjy29T#-TW-Z)Z-a){w>@#$Y0c
z!D3VFy1zL8Rj7%<wP7If(x^$3A*l28UN?IG9%LsjW<LV&0B4Dt3zagQCE2?eXSOw(
zgbGZEneIN|ri;z<gy9Kbgg2D8!s!gx{1O@J2SFo&-RuuJnaOB@RKjQM%LUUl*xp#A
zp1AqNtmB4-|GUg-{@W~s$zE{sT8uC2Rl;{-!)*QH!)wA&BRn}W#vZ19g&L0Zmd!s_
zu&`kE>w+Mg4eN}_ek2$)?FpAjgLVby3NHc0FTN(T@9FpEIf<sWIfO*Q38}zzk;|go
z82)kO4>cKFX34wGV(H76hc8y3gST_r2rsb@S=qtb|HIdp$3wmS|G&o?#UzCgtwf5-
zGBTJpCB#j#WlLq>WnZQRMW`gQyJXE)Bv~W0VM-w}wiqHyV~zN|-eYt>-~0Laoj>j)
z*KywGyq4!{Ij?h$hCce7(H1lRI^nu{k7iCG?N*~-^N93a`jAa9B%t5AzJKl?s5;mY
zsiU}wk#wQp7Hk$m_#}3bw(n4Yngnln$<&c4LVegM<iV>BmM$^kInpw6bUy@5<S7-n
z_8)kc(4G8RcaWibE6@`g@(@U=q-}{l(nd@X&-U8F1HL&?*LzL<XQ-0m)DI#4u*9ti
zkvrirtijq>)=)^kwRe;0iDgA6@`4v#a}$d<IYq;5lzOvQRjrknN!FRBZD`UjIO2z;
z$MRi;VYUzjI^vlPZ0=Z<+kDs%w`It;^!aa3PGsxBWj#lXlOKPl=Fjrg{gdk>p6~%X
z1|dvPTnOOvQ@RVD_9QFHtN^k>Wl#rQb$8u?9QVBj*M{zri$lJe<SsR5Hf;PeOWjl4
zr~0lp{Ra&ed!Iap%a@7!*yf9L^v=WHCt-O-{OE(`9tGgqwqAgvKOnn1CCEZUKNQ^0
zH+bZZx3sY5rz`_UmC!2zL$g;wiT?o{OszCE8r(fEhY<hfTUKxuG-)Py0<#EgJ;h!w
zr`+rPbrJE9r7wAU_onh+|GD6#;?e5pV9a0^O<T6HAxV@vP;pp$+sE=!c-*S$sa>^`
z>o%6|o8%Cp@7J)v0-=GgJN#~Z4O8*97-o3A!W_jt*<Si1LN_Y@se_qpJjxdVaDE))
z+JV0fl|MwGWj}|Q77f%*u!GgV05_=4b6utI#Ey<D9-O~@(<;AIJy=V}0|L(_oxGap
z8&SM}6rM;X5wL@yg?S1Pl9J3tzkV2pmm;AF8tQ+}&ToU<X~HGggS~#9ck--tQt_dm
z^?Gw^_^;rm)6wlB*gy#hrH!S%dg$MwjZm!dE~^40p4Tj~cwGqUlPbzCYdpt(fF%5v
zE6Zwhv8(0i*AI>cBm8agf^#X47i8eJ6FO}V00lPjT$lQf{6YMbm`nu2AbRQJKWnFP
zNDea?4zkLx5?8sXTst8!sOajm?|1oL&aJ}q;W(2Xf1j6XtbW&3?Qw_ZOrtY(eS1m&
zGuRp5jnn>M;UPss(q>#vOE48YQ`I{U)gFG9%@ZQZh--(NwBU{XYb9IF7CP>Pf1WZQ
z&e@CoXZ#G*?NP6O4u=it&9z!b|1;$R;<c|ayn|LVy)6HhchC@YVuNMH56eO0gH4^6
zFZ7jJ@fGNIE(J^^N}cAP<dVr??yjW=H^dsyAz6t!h&6a_&*{*_3H<`e03=qk7MV0^
z<0aSkO7!$EfhG@b4&XqeGD~o*b%D0r#;6GSz$q{SV_a~OZ}n8mH=={w>922ap&}*}
zyXvV7fUdG=I)0r1XL!y{`nKGBFYfLiG8Mix;?v%bjHF(RYwhVrub=Vywlj_~zAml$
zZ*(e2+Xl=Q;J}^7Cs;Ay<M@%KJ=YwJgBYqperq$KJ&=0twRJaYx8An-gW&|5S1exK
z8XJ&`0~~#a*FjPJZJMi0xGupyGXmR4^{S905)w4Qc<iM!F-(HzBh=88E#yeC!ELF_
zEoNWi#0R*Sg3GE42RBKO4lWBOiEk*O^UMZhJW>O9I`<VK{mOvJ^;Jii7h+6zb%=pr
zzKutO;wt{(ne;stFGP9$^xcB36tq@Ah;HcvAA*Vr3SS)nnBB{Ks5|*YeXF*=J<*5m
z^;+KXII3{F?c^B!H6EB6X}7;LsdN)_6;`9!j~hwCE+avb>c@^i1waB`NQ)B7V*-Yo
z<`Wi78aOboPtuW@1wO*VGsez+W+n5P#3l_legx)Mo)4;3hw}%TyYHi7M&L$G$kLV1
zDIlPZYvg*`zQ5ommeUPLQu3LXIjVe7|0sLPp=KbI=NYH_=sSCgjt~@r0HFibNYr>h
zxZ(p=j>K)w<%moeP~oYDkr29EaGXO;<pfJlkd!PO09kIt>+@#;7uO+@2lj3pV1ie1
zmQ$wuyILf~AQc0zZO9HF42sU%88}UO!g7i)w5^qA*hmMC!Xq(6ZsCjy+Dd2x3aZ;C
z6|ZN6D@v;4;G$ndk&as$s2{Tt>^aBORtAH?tjFJ#jBPlbA4@kpWgb+d%Z9;rayNS)
zzHCA7`OqInv&1TiHJ{bY<i)xWbj4fbmW{av_||rMa9)Zi6jJo!0VD>$%hsQQ&@R*R
z&9{BGsR@f+U9(iiZ*+4(c$a$N!1W`CX<G^COkW>oR3!e62`u1(ns~G2YywFO@|h&_
zcYx5KlegzvzpWP-)DYCgygp24D^IW-wg$IWQaNy9D-C1Nq1psECXs20O&Sm3rh!4J
z<7;Tjn<~wE#BKvrlfk`x9!17-B(M}E12;O_3K6#zi7P;@=>9eT;R=ph^ABP!ZkW!?
zUWT&2{(*DpPvBfmlEAry#6G`7tCF>Z!L%oSuU7{_a=$RsA0uwCkF2#0)iAJX$I$tq
zt@}7g-)o5x3ya#^BzCCr7CVMQ13??4kJu+n==)}UDy@fi-r2}9iI>CR85XhJLg&gM
zh|ew+l)iNPCrj(W11sjFNZe-K4;-Pp@}VF|ha~KGVhG`{O2pLmBOFoLS08w{j?^4~
z{s7-h7<+m+ZHgSs^T#jXyd}4}COR-mxVr7+GQz-&{7wR27*8=DO1}qzsO44$boTtH
z>*94Wa|lafDB-t^4}PHgd~Kf*F0Ap`gbBYk!$o>FkH8A)JaIR<ulxRqCc0AL#vHC2
zzGF|M>bc+%q~p!#h?b9~m3t3wKqg<QGZEH)vz{Iz%SdwN@k&+~_2F(CI{9qVHGdmv
ziCJOQU<L?94Gt@*e52qWP+idVdA$@5a8n;KfFpyU8C)N*%>5T7YmmXK%YIDEKJ%0(
zG(XHNp-2378{R=A_(VA`hG0xrBiHj_sHIqX`UCz1Y~3!5<*Ien+z7r?za4HvcD;J!
z20Cx)P7ned86$lvch1H9!_OObV+U?0Lbl49F#jA}#n(lndZK5m5e53tlgIQwKh5{x
zt^4QP+n^XQkALSTBY8NuM%u>Cg_4-0H?-JM1kY&XLk7?ga`<=8yTo*s4jA^z^rXYo
zqCImx$yg5O_^1C7$V{G;SlpyimigPTr|yqp{eB__qGlPFZ(>YKIT6FOZo(@M2r&&!
zjMvK(>+~!P^1NH|1LpdlEed*U`DS`O?m@=JD-F{vN!N_Q<R@8_+R=gOe?r*7tEEzP
zpd8ZLZOTp6y|AZ7U|mO(Z$boceO(A({a{AP8sY<e7+=H-?-kb(7MOm)@|F7=7Y@W9
z&E!ENXhLUB^9{y+;Nbr;#I9#;ljI<3G~S4W%4*EpLYhu{dDgPvoDex*+`3W(#U$^=
zo4vY%ADk$2Qk=Cd8MunGz|5|ttBF@GsEOXX>gWG};T9LrCRP%=m5CylN4V)MWI2CI
z5Rf<qvj^2HBpqrE2GBZIhVP~1+r@?SsCFecUugA^3NmD4T%hL)5GCFOwjJd63+wCR
z|7i3eG5bkY6H4mv{HCzuhZ~`yq_9m@{BN4`5(+NeAqmJM5Q1#0C*Vz~q(_ti?89@)
z52U)r=iQ_WeHYqx_Pvn#z&IO1KY>bAzOPfx9x?&01IN^5vz05Vfpa`Bz{-lS5T|ds
zY=+6EkN@<C3`^lz3F%_m(Ncs%4%=q|SC(-Be(vRowJLAQC#xPBv+&<HogdaL<!4u2
z0NK&g5b?}d{2q1R9TeJusi4CKVgi}MiY**b0c?3FgV0vklnycA1;jG%xo~)`e)T)_
z5thO`%Z5za7_{Yw<#RU4u9J*JPT-GafzI8$TSD{YVKG0<6?+V9wFE2c`o3P!wQ>F~
z={-J1%CW>$OlmFz_Bgy~*=iOS@PA;380fvG?>Z=Q=lW?%b3VLxjF67dy~qtNU=%Q|
z1;!8fh&=B;YYl^g9#;GHWb*~Nncr=GY+qkLRIYD5vM;?h_k(F{1@%v^4(S3Wh~GZ!
z;Yoj~1y;sy&0V*%@d_6+A^laag!=`k{a4{Sg08v!0$`kA6B4%1;%Lq-kJxl@b}zJ^
z%;T#60D3*HD?jLNvCEh!Nl(F7ML>|gHYBn7IT~IpXi0pUkEMnANcYwYE{~kRO8kus
zJ~+Gk@&+`TBl0XKvxw(T&h+I1Mu*r{PuPN3^i%qWFX*Q447zngVBS5vKJOii&;1A~
zLA6S^2NMpJ8zifu=sMZ`rdMNHN~EX1etTDg8$jq&z2_6#<K(c_(Lt@P+i4yJ@$rRi
z#j4`pSqQ9FsjML0|0J6B7J%UnGe=Gozbzyu9{+0j^zY3wTe|E|)ByQ-MIN?z?=T?d
zt*q`TO{Jaqcmw_hOdJn_lQV*iQ5ODl#hEUbQF0-#2f!|6qAcT`o+>s&-#17)PWR6^
zAne}MVA&2;h7hcfxU$dhA%_JHkY#4PBpR<L%6{ux5VhUI?H}3H^$<tt(@6W=b&9Xs
zhK`xz+b7a&tT{J0{4`R7A~m7XwS7m$Kb9`ed%EboKelYCyr<UJrAxar6BAC>DkuZ;
zThfCbOKuJj$dv3!yfT6J@qt`J?s672mmQJ<Kb;;xWcJBq*RcC#;Nzc_X1@~IX7)<J
zci9ROg>Er>`LCta^hs}<Fr>Vn=qXTeqLH@B_*EB06t+8#VMxkWOL<VtKw_bb==P8c
za-xh#yW0Z8;0?W|yw|$*n%w0Bv6~t)G+cUTV`db%D~8o37<@FA{TR5GM3#fie7*7F
zxoEz%a4O3vaQ{h;p9vSl5721qQKZMWby3NG4?A)3ROsYBNJmO{ET^~%Arm%ZmV8GU
zv3qh$ChryEs-FA19oYQoWZqos#pXbtxWt-iXL4)h@!3jjb*~-Jwyhl_M9*|1-jOjk
z0VL6!_?C^LDdlS^<rFK1UhSp`^Zh2r1!+s|?$3RjC8SK5@kCziAwS*w9s-aU`qbMm
zgFhu$jD%T7I(5bj%AC*AaQSd2oC=sWGF%oE*R`o(7*j#_*O2LbJbTuf^BY&}ann$N
zAm@jyna?^(Nrd#!_^!)l_?sJO%T4&99RnG_rN}T2ekh*MxblxvZJ25yItJ>Z28ivd
z)yQHPGg#F3!nP%8_{niiieemOjo+T*9LLd(z-y7ycS1E(s^5jz<_>{_Rj6U><<8Y;
z!)jJ${lv;v*63UO?&Y$2BX0k6f7p*ZvJt_nKyo*!hc3I92H@>5=G>1@=aKk(({?5N
z8S%C!j)qRQo3-C*nt0~Wdb3Ai1I4rKP2n#MYh!HH4!U}7Ep4;iDZ2$Ssli502SGir
z>sjuXZHoOd(c!_xBlkBmx>TZYaAi6cznilv+!FLtnjSM2HayYdWg-rMh0YK6zMJV0
zE7_1(Y5BT-?vX_UZ_~kC?@PlhvnweRT=XZOi(0$SF(QPgwSSk5T}ZB#8a?>fUmVa3
z+H5X3(4r6h(pi(POT(cUe(Pl?u6<|2XT4JlM3&OE^>8&Jk@KCW(jpbz=5pGT+i<xy
zcTs~|qT21?pz5T>-rx3&g$c`ej|iTPlZp-gyl_^UG9ZB<$6}?FQvWV1-rRHx(wW=r
zmp}UUD4*~<NJujyO_2j4s4r%DhaRgZgD>V7$AAkv8?lpuf1Y{YaK~bf5dXOR>0lvg
zBDm$vll~1o+kA>qYsg9GBrez^LP=JXO;UMda0`^;op-A4PIvS>w8s2O(#-7$s@(EU
zC~+y6dZJE<leIfi#Oyp2_E@f29>6mGNtQ!RFYGl-Ydv0T8n%tZntgj%iPym<x1q&s
zzs>7<&(bX%rR3LcF;1Oun%Iw?0Yk#XWyRQbDDf?3k^pOnHNg?zB&%;WP<dFDuoaT(
z63cv4K3_MtW9YCyB+EP`Wp7(0qj0e9pJ1Vo1b(74>40K7mUKlvHnRLnSfIsr`yj`T
zkgrFyW8#+hpT(>4x^OP#>8+*uHoEW`9;}+7gD+u6YTB*|mJ7BQexgCnfe>bH^Zn#6
z1tM>QW<t3;a(|0KUh%7x5*$0Ii^l=^y>>Nn&FP(+DuE~WL_;SLBFkn7wL#jRsmc&O
zEh0%)Ak$vXN)`KlDmmDUx|OO6xcWXry|XRvaTNF7ZJ+rVx)tbhoV5P}^<LYnon?X>
zORs%_$_EEIvxSXoMbcDL>Ul&zc*1@CgGH02-3MgV*X-cAv*4bb3632>_*K_Pz0exg
zt-R<20+-`w;xjmCNMtF2E!T7Fh}4O4k4o4>1u~o!wrIZ-?y^B8ePAhltXeWR2NOn5
zDIol!n;OCzj`@ji%!livl`m`~V|(x}AMXr!`p3=JH64J%oycsjpsF?$Ef7abE!!QY
z;YDH<FNDBI_ea${r@4^&UBtdOof)<wz0)_FjDl*f9924PTkSzk_DFx&TA9zxxUiD2
zkv=DJ{{eej8DJFbL3Wn_MyUsQ=yE8I#czsv37dLjKJ<^lkqZBlm7$DPhf(bn{6dH1
zzaG#1l`(}O9K>&&i&e!)Px#<1nhQ-JdrJ72b3mj1mB_53t#VExmTM84Zg%(Swr-=@
zeO>LY7(aEoJ>ZulFNA1lR=>jru)!7Ecnyi_d9k<?oEK^$d3?w&{s*9{!80|JtU1w<
z*S6^;8NL2Hso(-vkkj)AhPN1qN7X_n(PLFOdijOrQ^=25R!{6!(iUN<nwuqOUir9v
zNDpU6I$@9|;%diJ$taqei3y`uejo-rc>Yprm{j5khAXhfp9e|pJ3}oy9@}^&#Hg7U
z5~Ke6ioz&<1#8^!SPALRknFaMnf>}Z-Lb(f?Is6Oe}8nF4N8!9Ro37-)P#_<hlFB1
z=McfK=a~qaP4!U^o9fd?EsC9EpWB1xH4m7(wokjr-8<iAjY&|U6Tv`~T%}Q)Z@yn3
z!VZJnRFZ32y8{5UXmZIhVNn>)kyh`}m|EOYS1+}%=6M9fG;puwjs2&YKO^0PANPwb
z8V`~s5XY1BT*3wLg&mK{O?d9#k2Kal#fklt<1$}LJMQvbauMuH`rd{Kyf3SB2|Gn<
zMpl=YPTy=KwwwycXAQUvWg))P$EjtqnnG%cz5|-<Nd6M_vD5>zxFD_&ZR;$sB945O
z0mJ#XdSwu4jfHY436TI0!m6I-4HrV}-eVBiuP0c{Twem^XWU<WB1`iiFd(MbPJlge
zrtoza!P(x1+2ar$@hr>R)brXD&kDt+@3w}dh_LPiKL1Apb<xdUK(wlJwwVFBs7U#E
z7Pf@9=6Tpn?fX5zfrM@h(=M*fy_?X*gdrZ~g9r~*`<0E1?lnSZ?8Jx_iQy)f{9+%b
z8WtNp4(@dMpy9Zo?#U&tg!HEPcN#J2>{Z+=&?A~!-TL&xjAIE(fKDD!_r;BkOKDb5
zEL!8{;arhmSQ`9)#QO?YUJibogCIcD0}@>i(6?xDi-@b6|14DR2;MBYa@ow5|EE4V
z(9V(^Nc#9}QJ5lyH2l3B2_o@-KZN_B)320!l7%US1zLTNl;xm`y|JDqVICD8<&*mw
zzQDokla;J>U6?$GK`zpRmK+{R8*hVEBSP?pUF7jOAD>M;au2&MZyRc{<DD_v4`lvz
z1tK1U^_>#bUvfPTee+D?>U95-q#6TWhU+QG7|L%AeAE<SGeE~ed8RSn(we1(<hI|V
z9y_)H8GE-INp=P^5T6Clq=a-j_#udV92EON78e@H8I><Wt76t(gmi;CF|*f-SZ9*T
z5~2|^|J?TH!p*|arF(OBm!GK<DfC(j;^}6%Nj~ZGuQvQxC8fa3$(|b&X=JWld~uYo
z?ih+^N%g%lq*7@}I2cH7X;$JH*vx=<(sR1+XadDq<#b<X%S?#Cys^+1*~?~5ttgJx
zJ$dQWa4>Hvxo63rSV!N6B^r~^@9B7b#g92q@}17aiGcb3fphnMoJn>tJJ0JE0?zac
zQDe%&gWRk3wHQKF>U?3ucK?EHNRt1uIY|2ak(vOt>fMN}6(=iV5_8FTDHh@(ZkIh8
z0+ae=IVT17L^v``zU&w4`PkFSg~@|nriBb{YM6w8OM_aLrvWKel2T@-u@9+7;&$`6
z<`}!i6j0dyW~)q}M*}?3`a)dhR;Y$OS~)QCfk5-|UD0AI92xeG^glZ-J%6(xOMztk
z)*mf)0#4+<<JXlw`d7P2+rJHBOWdV2toUw0c4E${NgpYr$EnEVJyeK8|MnyoHyO4b
ze<~sdRs2t=FTPgFe4ZD(tvPg_#^)sF-m>8Ep%<6;aw0GGHSCYO5ryV^r!Pt{pp0&Z
zyn>DyCmxvt`j2a%g<}Q6_CKZ!I%G%rC+|MU^fc0L+<W>!<q4m#1@eP6;|Es6%mx)R
z!N>tmO$CckO16+VY%R3NlMmfKeu!6SqrdFu5ayDxov>DE^|EuDZwyC0+6~VdJ1!_l
zx>a^QG+cv}JrF^)4RNi7z4wc*Inzj0ajk`R$b!sCG8B(w78;5zcE%j&n$Y+_47_b-
zs08uo!ODi~HkXL4bT~tTm1BnjoD4?T$(CmrkUJ;hCO5_ME*VnGEYRanNu`S)&%#MJ
zJv_C`%tyj4RNNk&kf5sV&)@ruvOC}j)rwQcgG7ef)*$0&{&8=XdDDmpejY)__Pd9d
z`a*6&ku*JVR$2JzHuLsCtdsqI>U-v@Vfywn;vW&LgJnl0VtOci!1Ma2vbI-wl=zff
zS}F-CmtQKynm^>%f%4iDvlQ%5+%J)M6EHO2Hss0sg=kbXADu)<-b2wiwmvA_s@g+W
zim#6-M?2*hw+3nWq(K&4882#bqt<AkSe~s$sU-eueOa4gNXN#4ZG8m;Y7!rx#mz5V
zvVX_uv65Tu7FcXiA5+;5f$E0X4NK=N6N<6TN1kqk7Yc$yBb()~*k-x&FAf<UYOOd;
z=>%5HuU{L-fq%t;n1sxf)<pA^$_I>gG9Z%l?3NK4WN(fxT{G@VVf6@~fr#_`ryS|M
zF$bF_zVWr*G5Z?2dBKNR9P_0EF&;C4??NMvg)~f7Unqc$_S#XEe(y{)pJ3a&UyX8R
zgi<!C6c<rP{m=y&RRT`Aj3Wf6q%6qaxQW$lzv>R2E}uQSz-QTPAKW?iYtLVB_^fum
z8@9O?Ws7$&fWqRN=*o0B&K#^>pGzvd1X3l0it=NZpEy>$yGEJ5N1~2bT9Imt+4;5&
z6(zopwYf{2w3W1dI1l;d9xc~(iXJGFv)+Rl30f9MWc*mBR>w}6=GefAkh4&Vut8LB
zpZfS)x6_9-BQ|cjz=U*<QG$mr%p?s`TqYdJ9tJ*N&W@Gehn1ed-*6gr_l3J7_15oh
z*cBHrkquT-lz-V><$M@0p?m=jRYLd)wGLHJ)oW%e-;X(MsN3EcW%JSRkfOH2Q#K#D
zluLRN-oLs`((Go|x7H#fFO>mb(ALBa!oHtF(x1IAt8LSL(6`cIs4k?Y-a1nH1%2(4
zD0~aMqn7o2HBOT<v~-g)Vs<{2>RxFBnm+N%v>Tn-!%2bjW&ZO8<K6<uxb(6vlXew|
zU7f#(jJyL#YKq{0V<gm_Lk`>@g|ma|8j4kH!(Lg$SXIyzErCTRLgWpOU_EoN{BXe@
z2@7XQgmj`Hb6m5hZ1DZ7-0Sf{b#amq(pRZ9?y8A?M4dqav3mA?<FMQY29Ug)p+)|u
zT3Kg$;Yu*J`er>r*Y$Ofhb0Q*z>i43fR3NE_G4MZqn$|G^-u$Nx><G)r}oll6yWkE
zIgJO;KA2#~&rK+}?{gylUcmulvC|`=0sX;7Tyc7i1_f3~5<G~R+jb1c(-vPhP`zFL
zxqk932wU?uHugKz=%rGB9iC1151J@wld(HD4%d^tpzOPi%`BKU5Jd8ot%Q1Z!WN>V
zBriO*xg6#V-a*4WJO-EWspFScL)pOB4<tngelfe)phM}=kH&-$?-j#8qAGsv>B-tO
z^JJ^zX&7Set%hsn&E1D>w?D2Lb!t)!snNK=j3k|)JcRSVxNzpm8X6?j=8n%?NuGsQ
zRtrB<x@KzR7jd^Eamdz0$H$?}dLp&Co<HEW2Y*#NK^tLWtae4QOYNin;Y=}wJp|*!
zxIOt#uGQ#Yjofrh|M0g>OnF-`FthU3PKoZLaGtAb{b9BFAu;su#|7_%tX!@(&To+f
zMMcFicr0ljKRXBqLK2v_prpSn+K(jI=fb5>F;VGVDW!v+Gx)H+ED7U`Lw5H}BI@U4
zUf79x=IurVb}kp7AkVhS#R%00Dc4UNhK-&uHGy4A@zvK{EXN<+E4<JskG&R)LE09}
zT<+Qr-0YJIbLD=MtrcXm#3ii&Li9}Sa9d?g%S<FA;<iJEU8ARH$X8DWAu8MkU4q{y
zaG}MqKBP*-bcaYXS-HYa^5~XxEOyRuCb6ZCsU1kH=*l#9%hf!*@uI-h`libxaVU6A
zmFiB^#yPUHoeMknq<|BiB!-HicY?XT_XVylZLI&QmFJ&!$HFEFR?cY^mQYPiJB2|S
zUXRtlN>pJAG7j`9sLmv|pWv)AXESGRBf5@JIQ`Rw&R*KDd!>DAB@fnZvfodwe3#A^
zQ|gUDT5hR|^IP4=W}NXWtbb_V5gmm1;FO&Bqq-N$kEBcmiVc*T@C{86aY)OEmftqN
z+p1je$ssMnqB)!-7HxRl5jOjBq_O^yl)<RCFrQPcu6-vD%jXU=AbXBXqBI$dEIZM!
zw+r#Oq4{ewV(V(J#8FzBPBqfuIgxcb;-}4cCnsgEwhn6>=Qf&YMe@you~eMOM9){8
zQq~%Tw84t|Tb|hX5%bQ*hs@g=K-x~)uTyGz*^$XMsF`ex)d;QDJhFuh`=hok;&{o1
z8gwQ<?g^xqu}}TtL!@k*vY&V)(+WT)-=Bp?UvE6z0B?Kl92pgA?8<%;y<1-6bzXUw
z`@&P^st0T6a1l6?7%$n2TX)4gPWf8h2ZV6&jCN<SSljl1^Se)oQX<91$4>&zTT<g>
z@`BPpOW4Q45*OveOsMj2M0Ef(PN*HmI|NWLg!xA^-wTy^gcs%7B-bEEXH?i|WQizq
z=s&g#nZ;O*y(&0>*!tM}@w*8)|F+QK2@-GG*WcQasIYLavOjSz^6c2n<s-Dx5^{B_
z$)YJ*a-l6!{7Bog5S(8~pN@T2sn)&5Cb4D?24VEmoDF80+IQTQL{&A8_y_mdDe0;<
za7%NsB18wn07_^Mm61^VYGzbFV`i<N76-y7u}t~N59irnKJ`HUsJBSIr)PNkzN5Jm
z9sTE=ji<l0w(o0F*6eNibhaP!Y#1nrHiE)84I`?S0}Ee$-_9_1@TY9G+PkBVz(e34
z)Wo9Y8+Ih_VTP+uBU(@Jdip$YxTqg0-Rhfj1`^nwIsW1}Eb?M+UXVuCljtC?u5L9Q
z4Ds-0F`88RMvNNeyxksf<#|09F(_ILQ*~}jT|vi(1-x(Q@$d1xO>0j_CfL21*&^xY
zLH6AA-R}-!`=yem0^lKv%9MtfZxCMGSnuF;K7$<@KWTNaB?xC+J6EemG|r>kdDndz
zKJ!baUQvT0<s?`;Are+TJ5-!(eDF8l<5&hnN<s`jW@kKX0?EnAqvSpCuu)8FWH21M
zDf<gWAH>TVKnGtXx=juFy2-!EIIuI&Kj+%yd91}A{xu{uk&;9#Vkkmab^{5!BR9=s
zV!tgYd<sp*AVR&`uphJkR8N`gMUKmhIF4(_Kv8Dm-0!xkW2rBOvbFN!(?t42#hDNS
zmaU1Ah<V-WrF}gLn}tEHCs}PpC*Uii&484dAcZxHU*??f3k5ZjVkg6MEO!&e!WRxQ
zRdJ3OnV4iVNKLAaNehv)!H3-IdM}2&n-Os|)Zt0-i2gQl1^`e-*D19@_v!DaRPBDg
z5g#W(tUvVK<7Au<L1@*$tD(!$(sgsQ20Ador0`^Lk#;j9>(nX+Vq<FcTN#Lc^I{1z
zCgL@w10Kyu#carAr(x?Axc@^(Kh^WY)l-OLcs7)59odYy9Xg?@Xz5lWymzW{^RRDC
zpmC)J)1Yr~o{8BVL}5}AlnENq{)@7LN!|WX^Nq?2?im7*S*n>93p45CtCg>QB~tye
ziI;a`{4jLp8;_fn4)at}_KK)E)>SvrrInX%oB?9F_d$!hNv-EdvPw20rEbM}CpItD
z7ts}GK*}F|;YUB>E29gf(?km2;zryg4cHY70UytKC2X$<<g6KGoc!4IHu*c_$b<C|
z|3Mqf2kP{F!bvLmY^rxSOtnDx?iKck%Y6JTA9N&@cvJ1tHU;(=2xY2xOD1L|SnuBM
zP4^4#>q<7(Row3n&*hnA%Pi^2uk*^>i4fXZ*JD$(^33!r8HkHqw3I19vVZuzmkHvS
z2wFAb6PEDn!)^D4OWK29x^(o_@r-yCzaI;m+ys)M1Ye{xn$FO1n}AIX$#GJ5p;A80
z&ZT4_1P9;XzE+${$=%V+dye%BQg){CS-|!VWs9&rTwZoqp9h!nZ}CsV+5R^U=|Rro
z+1`MjRIRwX<9INto?C4Azu$?+qGUP%aS1dpTM+S%o>#`I#LM3nr7LB}A1!T6tq%{*
zdzdoWZq==}#P5HOCjmq3^iG5CKqE<JPPpI&buZnGQPS)^$$QNtYaQZhVEwlOylktD
zQ<jp9tCjCD^YKUmK8z>HyB_K~)#ou)f=fT$@TN6rP6k0@9l7eI8x*yr!kpnWKtyY<
z2uPCrE4*Gh16-AyLi^5S8$N92EmE}w+yUu}OCvtUk+nD_pW;5r_-m7O6T_PLwLY3Y
zIqwBLLPdl>Hr=#9k~S|JBP1!^Ii*~mzvP1pd$Za$@g^Ns<WQfvAXV_*+VHyr#3gOm
zh4F~<P;%qPrVl5+le?9}I$VAZ(z`-~JHsAc@khD~oTJIOyuUQAODQ6QPwvuikfb~G
z;+zi8kkA*Cvy8-%Q&Jp+Jp<n(aJs?)onwmLyp^LN9&z6mJ;oy!e&IM9MndphKi81x
zu!~3`B_F6e6?5Ni-=ZCz&`^hvPV**nR>yyxtQQ%$>a;j>!e>_aGw4QW!&Bage7&VO
zQxMFGzM~m6)YFmhR`ZQAm0gfmc=6-W@@!nFNqNkONhNr>oSCeh+ea3aUc36`pY$Cc
z$+0l<(MX+l)+QQrdy6UcC$b^@h3>w-IqX#=(b{GYk31LxHYov9^fn_zyUe#2HhvFz
zcH$++EJ7;G)^hlj@bz0g&w#IFui55$m(K`a8m_WUo0+IG(A&2aq{{U5$Mz+OPc}<x
z{UBkP;vqHonS9>$$cuhE&iY47)FLa=S0?2B4>-t~As%wckz*~feb2lY#z02b;R&y5
zyG`P?$uLFkRIOUAF@M|dMY!O+TD2x7!qbFhy8tf&k<UKZ$KRCo<RnL&cC@i|>W=fw
zh#SQ`BbL(ssa}@i8|7KkZ30M%D8z@rGz%8xUxH_GeOxR|KMvc75-hT8tQ%({kiZgp
z5|gw?<rFHrgr<f*kGyrr^_jnjLWI(9#yk78x)@7_D_n+#e{ZT>beNcr_L2?UQ^9gZ
z_|=m1WWP3%tOq?6=pF;|@p53ZM|5hvj=tbPePzZvxP+B5P~s%`^;j(@#XD2KS9MwL
zNrN3eTuj3lWb$*6RuCm#oEeUb3Vu^)GV`)}4yDvTWa;W>F9e#dRVj>+4p@zOUq9^i
zW`1ExwEA4oE~T*)50Ily%~E!f%MvR=ZDkG>_ZZIgZVPx^cC%h5DM95B#7n$AA~=Uk
zLFt_h!;6|wlageFe%rO(`nSIj<qGO571kPnNDHOE6e1v&*#*loWHFS`o+Y95DroF1
zqiOy=XXPD8yS#<wVXw^AjxG-0wN?&>zl21{l7ZV4TazoWeV*650ue>xgJnnq)De@L
zjSYHnw{dp|(|4<ubqF?spOV(#=@Oe}`DS5Xr|q<%&#W;he9{zk=J<03J%^3<*QTVE
zSP{$9)*~`aR9Q$fzNJPMfSOt6EUTFmLfv`{YdSavFI4HZTbzrm&70^+gvp4h|Hu=p
z^1VOb_2J;eobO!<bEWh`&O#RNM#B7x8DyhMTW(+jk0l;FyYNWZmx>k4kbBej2#mUJ
zZncIZ`G~ybkdM8U5UZ4glkt;ucBDMME01BSrQQX4w*`mbE+<#8bf@_sNfAF6E3HVW
z8xeyVncpwp*L)OIci=__i;G8hV36mD^ZXc=A3AsoV{t};=)jK%()l~&Q|-md1?2Y9
z))uo2#>tq9B^l<y2E`r752`xNAB14?uG}My=GPoCqE4wH&9V}VQfITf%lc-OJRb|X
z5@ITU=YR`K@}0m>N(-HCRgMx!?&55D>bDjd$7S0fE^<ALi0_@5B@O4B?{<czkbJcH
z5x&CN3jDKCRJ^N@_r0@5n-LaD3b1MPWX}b_)gTR)p-0}^mcqK~gFNuTUCoay(n^2+
z&K>d@kK*xBV3<S<)akD0xMj&<7wf-Wc4}dXSGnR&L{S_=aPISb?FBC(@87l%=f4^I
z&WHR<AJ6K+^<ApmNibz$w#XWTbPQ`}IDAraYgUAq+mpk}Ao6$&HC55S*|bX-k?uJ~
zTRq=R&-H(^N*z163o0}oFb(Y*>&4yfdUv<`sr{)Yql_65C5M;AI|$gM{^{JjJRJ<*
zFQ!8p30=!x%@cn&rE_3rLzuo}NZQw^gUvp68?j>R=Sr-RNt3wJkxT|;CQjgXjYbC9
z8V4Inf#0`(YQ<cZKg)ucY5|VS|31?k!}u8?=E$>6RpdzXv}|ROX^mki*MMSAa@|}f
zxG%`4Ze%U~(_ubjUCnX4u8<fb!GbborK}%QQ{3ZM<C>!wFcj}~`OrlB=Ac6-XRfTR
zi2o#MJyOI-@@t}drEP^i1vr^z`3)JYgnG8dlsszDCHuG3QfuH&QWFPHv2xVW;;s(<
z7B>vB!g&j9D!ij6_mwH#pI*{9qQJiuL(nyPRj@{0S`+FOq4{ujqeK%#iI!WKC=ryr
z_Xu_VHD~Xv$%3EKjYH~V9}j*~@*L|aJWlZiULLwQ_Uo6yCStN?M)SpA<$!vmBckB!
zn_mJ?_*jw<vL)GU-_e-FN1=XsIt)o&y>XW{Hz93Rb2Ye6SG`hv@LHRYq#C8bSR0Ie
z5-aljs1A?hk@8ka=I<rB>yWMo4Aj$9y&H$5n_?J;U9xF7|7$d-`y!;%vfp0VJQ;)V
z1t*@D#0=I7Ds`$oU(>)kl#^OP5X-nS;F~6scek)r>c>IbW*H}p7qaD#S{S|Ijc5)S
zP05l_Nw&{F$i_c{kjg$)iO9T*|GMz1Dz)TG*ISern)W}7^p?&WQ#8y4?HQ&Y&oCf%
zQ(|GB8F|dl^@Wgbg`aUl)CDoQBd1!UniDE1S&UUxk5p_-s(&8Y5?y?j2c@XT9V<b9
zP}(uyd|mD&;WNSsW&RRV{Z=*Q*R7Te*lpB&N6y?Ke|q}qcF}lQ3Mtn&V2FITpkxi9
z_z%iVOBe2W2;R-P)6-3j^)Rz_FAb86W0n^F-j0l%Y#+ZbJGf<Sqj|SWfhWF9n~k^_
z>=Li2gP7J+Huq_<et&dVC_VO@G`z<dlh59$(DEK;KIGgSTi7ZoQ|_6w9a;BE^|hI2
zGUxlJU3co=r=%T5fv2?CDfhV+3&eNtT4Nu)Bws)%ZxC0feTly&1q(+EOK+O<)StI(
zKW(zsZe5d_Qr-Ru1E~Al=0&{qEHn-5eH3`QrgvImMs8C-3|JttVs@?uObyOG(+f6M
zWM+~HI8T-zO6p_rDsvu52aqbBHH~oD{?#mrkG~psVq0S|gCT{v`D+-cZ3`V%{FAaE
zzucVQ;SqH7-}m*zpF$>Ej^j^&&JgDo!i)kAsXK@e>};BRz5F#_dPa~M6|W2Tx+qVm
zV_YNFD^}h3s-g`soEjhxVYVzVYT#IqXW3bJAqPTBx48Oh5xM8?jWV}_ltD-n!9<dN
zQt$qiadfI~E;`T=4h5cIgV|YX>F`+jckK*AJu*(!VYc)h5h;h{owiOD(i~o~2%(D&
zB7KjfED7?fnx(T0NyUo-O?NHcBBWt?U-mQe<&V0^S*@f`<;()!74^wv;kE&(Ns~UR
z;*2fE73fv<>YrIw?JaruQ(Q}v`w}u5!T(jFH@e<sSi7Id+Em0dpojd1)Dtl*AtiNy
zF9k>bc2}tK+-Afyv>Okpmdv-k$1`ST9*L;7I3t$aS3RW_HR-^Ey7>!4ps_*xuqyI9
z;#!Exgy7s6F~mzbT{!5_<5AC$%7zH78Q~c3I=|VuA8(DTq-Xes_cN1xR}g0~xMSAw
zfl5V{66e(MX;+`jBgpkg*@JtJlo!}1|FsWq(EfZ@8MGg1-`Z8^8q+jWxjvT_JfQv0
zA>TkUC}AVxLqYF)(r$(Q_C-eSRnd+!TULIO>(#u3491&-rq<lat)+PX{<ygKjNIjZ
zM`b~&d9EH0fKlC2u`OuF=_BPcW1jCSI}4RB+KysKSnt->)+}V5?*XOIpc!#Up|4#r
z$lYc?F9%EepW-EB&oU*=d=yDLo)P;^Xb-Ec?P(c~+(d@S({YkN0L&S2iCi$x->#dS
zEsaTfkePh?v%O*Gr}=rX0Qss6)WNqtmi!|PuvOx1qXf~vqmF*r&7ez`{t*2t4_NdZ
zL$1elrQdn6<ofNa#{9a0<O*f8p)bQDixtYfRQGRR7zeSaa+Lg04&sTo0%^_Xze@?r
zbYcc8KJ9epa!xrPOES%-W@uAIiGJYrR8=*(s3dcK5}=s#vqB~$$BpazFs7bAlmVFx
zCnzEb-8(y&2KMF%kP75U(t~ykh%cH9>}I_pVaZ4wo8Q<J+O?ap%9Ju=rQC*h-LqSP
z`FqZ&5pGKxRfcm)s3P}ApPFKZ$i&>CX>C@LB<Q55j%*A(xnvCgL}Yi$sTwnXe>8Dk
z2YKOSFX-$@CdtMeu5n41cKD^X3;A^v)TzUB^dS3{Bywz#Ie$wyCTX*9O@qwUN6vs!
z*I|YgW{Of{pM;KhNsT>RHhwf2Oe#y9K{Z6qFO*W}atYyE5L6C`Eg$VJ_UHQU&HwS_
zjLiAz@siC!vBo||W#I>Y?2;e(>cU9SxGB_q<Lw_^u6l6x(%k|5Y^S8{NX~><hpmWV
zTRu~0V-(K-i1#)ih2LzPrQmnda_Mv1yz_Ke5Lxj~(**l4%~r-RNVpO^QblD3A2PvF
zoTJX0z9*F(f6n&aP<*Xo+_3s}vIs(QN9iE+vivquem8gS_T)`uYZEm+dA{|8uJ0YC
zF{{CL<G@+L)cNhre3XeNeNFZLeJ)beX27=<ec_AoIcUH?bYv;S(dDi(M}s@W72AEb
z#1x<1U>T~KA?K{53zpZ^a@5B1frFr7j#zlL#_I$ZQAoLe65Lf@pL>n^;1uKmUf@rt
zYuI0w*K!d2u2pVwmNiN4%=MDV`9(F$1eGk*(nxuru51!E%xDH<x~oD|J^Kl+k@`D#
z+SR*!vAljM(N*(R)Nf8FiM}O@l|aRZ+49huhVn26FSoGB=@|9)Gd9RGi)C|ucvzKR
z9szBj`$5Fc4Oy)DI!CBUhSa~U9QSTY;_WT70ZVQ=OwsBazmjikVADckBql4c$>W+h
z-a&E8aUC8pb=q8`#2H8ruUu`?=sU9IL9x~b7Nx|8Eb|kn9~1)?6@MCfx(=0`f&ijv
zI+($+$;Y4nmv4^rl(s>jSNN;`_Wicj4Y;n-=-c+8a*E1PzxFa8_$9``#{&8kAu6B&
zZnq?wZQQ%{EVf(q#=zkj%8?<;ImRQzFm6bOgeK^QR=2+N>hmdVft$X4+2vZ9XuP+}
zc)LC4>FuLiGTcFYLJeiEtJyFl9;Hg33{ap*EoYwM!HN-2WWBw>gI)TIjoA3{AQy40
zVXiqL&y#Oj@k;jZP1p}Jj%8zwdwZh?b(p0jR@mO{ho(Fy9OHtt6p0SpF|5B2-s*Ee
zanU2LOzB=-?{p$t8)Fh{#f^c0UoWa2-Gdq|JNam_&`;_zIR&ZU?B*w8O?l5mJh`-}
zxZsKAR-nleZVC~K8zR9fzwxdhpS|R?F}zvoJ@I*zr(<O{F06OBwu8ZxNOx!pJ*w}Y
zen8LDt#EQW`|b9Iujl#*$Ke%chcIt(X{?t*>%;mQg-CGuaGGDWnUTSclD6GzV0yl1
zQWjjPzqYSwfVav5e#X4@u(LeGG>+pn+q+w`O?XXgbUIy69Qw*U(R_HgHu&OdL!S|n
zqV9yxY`_6HlkBoIS#kGT;naS!PGKkY&U6N;^MA->^|Qe)<TC`gscCh6_>bnH9z><*
z>?U$`M!VV8)%_(H<b+4{gV_1H;bya5$Kq23hUs%BLXRSCJ6o9{j}}*!cA&{z@$8tC
zu+a?5^Q8sl-<(DU%LjG&?;VjI31A*fD1p;$JDg9pr;3MoDq%fx#IL(;sQ=5yC{CQY
zD*wlFPSbK?rxibT49#`(9D;<Q@E)kVoatA=XPcJ07J3Q{UeoMJlW)unRgs#VQ)mA;
zZ?p?}A=cPGeHMeTxGX*s%8Ck0DVjJFfXoJl+{t4@oz^RmFz`wj4=FT$(*7<gaB73;
z?sI0IRua15F6M_!<*0X799k`FDE)%G$ma8vn86qzoJZz51mA-<-GJ4mFkFuqHB;^J
ztUrYz{G>;A$g@2T(`tS1YJYXywh;Uth_@;`Czf<L^Kc`IE$Q-{`JiO|q3LKTC-Otd
zU(M!F$U={@{nmFj&BfQJ&(%}J*GTbY*Ug1Ea>r0!K&SGkn!lT))5Ei$@CC&B`V0-m
z;7F{Z$>id)_moAoP&G7zP7I5#pD^AG>8)2+b|VSm6;Y{FqNff|vj?7i)M>bMV}e{m
zlLF#{0x#N<Fg6VyO5mt}PW2FkP~13cV?J}SKwm<8^g29gXV{V$FpA*bUo>>lsWnme
z(*8!QgE00iHmUgxb>Z{Wo93b!=)hN4W^uXV*KCVYg_GZ7F>aDdwlDGBRtefS2E)-P
zkF*N{7E^6-kJCYtW*($$RnH6mXdI>Ql@Q55ETwzWmh$=?#~~HbK8Pmx9)q;j?9#)w
zAy+-C(kP-<HADVjkqmnU9Rb*g9Pzwi)SA!xa}4uZo^(d9A#sXHIc)wpg}LepUZ}K=
z{^RM<oVu%7h(cjIqsI%kio|J*u{ejT{ptP7zF>K%%M^$|l=<oK)K83uoI(o8$MIP3
zSP{cRk|$@f*_wyn#BKX@b?D%{5!~xwaf(JW$kfeUTiPDpG`glmpmxHbh^XbjXTSn;
zbkpdIW{On@MzC1reEHg&tK6i~-+X9#u;pap(+3>+o-o1BCzsBef}>??oM7QE)0+GC
zf?x$i^rIO3=XBh;`M@ZvHC?pNuvnv+AlLpG8N~MZXt`_-K-~AO<*I^`I%(QxBp+M(
z>}%Kz!Atq@u#FDFvNr+I=<E5v@m=>eXYGW)o?E?jNfIa7WSX6}ZY)|SFD>b?$k0|>
z)+Z&jc!rHQdefyAViCl^`Sio;N%A*r{oHe*GRkEYV(FvUAkCWAtDb6?;O*&Yy|pa@
z%-*xaQX>#Qe=CXJ=kLwp2}>0Al`R0XHpt}u6<K?rO`DzMraa_?sS0c276I?bJBL39
z6k4K@I}ErjJh7r9FUE2OMzTPjUu<i_bx2bRFibCY$<!JJ3f_+rvWaFaG$lI;QZ`#P
z{~hQLL|GV=zw|=Y@2>LsjwyGh9~j1B>$F6_6Z?+(8kr`89+CV!M;AXYl#7Q<X#qSx
z!yLUk{rP-g9wYU%3>RP#KzqKY;8-LksYvPhG;>vM?M#Aef>a*xAUpy`&OBw4>TPz$
zlC16^fe4|I2-*mmKVVa^Mq{>xx0s*0ruDj;9`@b*!qaTAeI(}y94)<uv=yFU`jNvh
z-J&cyyT!89|2*%Sm?40tv2TF{E5ST}B{^sQ{sJ$F^Vk>1wP@p3O~1dkUXdspy9X-m
z-zYxhfvo@0&iS1j-gz+-VohrYrr#suXX$>kfzlf%Cnh+JwSs#{>Ajk%GZ8(~*ewCE
zN#zjN3Pi{*N*wLPiH53~c@lysoXy<^dkCVh<S7Z_2*Rl7z9qmbM`1Ii?-%9956stR
zWUVd~{JLXD*R-n5&lzX0E9@=v+sxFD(ezGCWSRegTK^Y3Ymj{Tm3XeOG2LTvUS%_4
z`321mn0W;qt}L`G4erB1j+Hx3oE3@vgMKGlWOqumD4Rqcw|*5ND-~9)k#GDfZlKz+
zI7CbCovN~$3IE`$#DYg35ygXRr$jzRor1{_1o~x4E-gAbb#)mUvSNEKbKo~qQUa%{
ziY+q$OKe~HhE8Wc(aX`jO?4_tY?|`&h|#p6Oqzrpk)*N8zzkKH!Ve%`ma%26=6A=q
z6yEpoMt+IbaU?rEo+@xg@;Oj{5pA<+9o;SfYQ8&6CATDI3n{wY3m>vLswE`VCVwPu
zt$J@wr4C>lF*mU<F!suLZSkT#o>wTqOA)V+?J)HBNy;Ma;r|XjLW3#7>2p2GjYnHR
z0IpAO80KDI4Q^`Ll6BiK)Te@6+FSX<PJvbY%p+^0uuh!7inMzP-5s5aPIuY^?&9Q8
z?~(Zm2o2qi(1i{OpUxqcU(7k&g!8w)vhm4@ubp4k%Wa_!3lYcrRSLr=dL*-eU{!?1
zfT(2q!gz^_nVCLMs>hF-c_G7tL6_sdrJ%($1d7idQ%QZp*yp|*p9Hyp3kI#-o~M2c
zLSBBC)*fUqc#2Ry>7>JxEmiKivBkIelZy@4_wKR)AeGt*soG*#r3du`MndgFk3|SQ
z>)-xKBUe|$rJ_v5j*RiRpQ7ck@$(2&1|#+*MFY=g$z7mP8|_=(H2<25EmAhl$;?|E
zDPpgY1K=1&vPFKq!|!X&Meo9#Y-w+Q1u$7@jx{;ZSU+ho%|N=(O<Cs9bvZ0dp#36j
zGr4}IZFi<R-5=}X4?3hJxh3eu3Gt~OgU2e5KYZN7OiWwJg(vODT3vk7l4?<|KmLm%
z&35_Hrm!f9pA%|Y2}C?Gr#w-zZ~n@Qp`LPUm~K^b)6<%ULl({pcl?W=J*YTf?Cqm)
zyQ%$<k^7TrkGtW+$_nWd7DHzqLf?w9tKPFMtvo6{iDuq!u3G=RPMI2}{4{AClj);v
zoSE+W!I=HF_o&b8X&Hon=0g!4@p8?*OKu+Uyiuf8F8xs{vx4j%IsGH`_k|FxF7Lkb
zEyNbEj4(DZD!bGAql?4S?lP`R_m#`W3hJsloi{ln#?PMjP4pk-m&fE!%?w-lNGeS#
zt%d%f@v&XTqDJ`1F0%EF$^#Ws6T3Se7v-h;Q_oL%{vG1jETzoc)#+|TkOHtF9Q`@h
z)|>2KDIPM>9yA=@Y)~Dt&}Lk*sMkd)_Oq{C$1n!G0C0Rkv(zkLsgv^TgTC+b#D0S8
zkCUM5pubg7BIO+^Wi9a;>anAZAo(qH_dDS^x#F0q4*Lyw_9fdjK1m;yM|xYR&ZU^q
zAK^0ZFoU@%xJ5|Qf*<(6o4-d=h}s3NdimzXx4Rcy$`v<vQ4_fuTlb0<D^-+_`p-|f
z4%Hcg&iRE<d_%k&*~WAtYj^vU`#E}t_DnBU+*w*w+tk(Wxu`rn-QTq9U6}<`?m~Ok
z;CGNXVASz~a~*g|UGo)QOW@KJ1z8mpTm61M?45khx7;54yA&DRiH0F)Ti3EBRyy4O
zTUVZ)b&1`^QTsJ<9WxFUm$-X;6RR~CV}tYp=Z~_DSrg~yx-4%qN{!5Xo+Zz2Q}RjY
zhrgCm|H^ryR5aD0a~8Ao@UQ3o97{?@Y}4L@MZ`<96E;Zo7<6ijDI2r>eg4Ws^ireT
z^yIESjvU@Xv-s|BT$JByDZkKJAg-ijI2mIPB0laJuKj{?nQQdRSJ!&-qlqp4KMdz%
zM}Lj^T}cc#HG~87w7`${SO4`N%YZD2u)ZGNNW}8Jj$n!)Ke}UTI6>cD|F7;z99d61
zxR~G&@ekO{f?t1Ksag1USK>3=Sq5UAMkM@#Xt%=pfA=C7g8Esup!<hsAZd=Y$*z$3
z-#w*s#Y12#A6zYIYufhl2pGYCcUu0ry;}>mDX$dxyZNDxAoBm~c@lb}l@SQyc6<dv
z|2=9b2;N34n&aND>+~KrcMzh{%D&aV`x2T(P9da>J}3cDLnA^{T{I{1zZ$9V7BJ8n
z-ExOi*=lRy*M_}nA>%A2f;pNYhC&+vpM7X9@_)4?RqkDg<tHdw0#X(&`*;7VA7V;D
z`G|doOUPy+?AQk*pP-GL`&(^!d+ERa%JQ|@dN_)mnh8!eLSkB#O_%;=LPAS|`(Qg5
z%AHo_ksGk{FT7v|tZQJofCzAbdsSN9*nzH#=KNU(uSTmFslPzteA=KQ1oCO{9?@z{
zsyeN6Y5%Ptia3T84e=wa=Z|*75C5l)v>yWrp;|#uK`RN9R$Wa>6o6B^g*YM1*bguW
z0g}~<5&S;`!VhhafQZrq7hp`-2!T>L$b9{~&+^X-;1h><;LfrU>)z88Np=PH|J}bT
zSH0H*Mhkr&Y@UV=T6lFeGP(7mLhn)r>H(4H|F7pWU{Z~T2h29~A*5ar#BL?}`}gOG
zMz}L5?K@Uzzk1Icnl`bbw5L^tkwjLd(=!^KngJZp9W}^zuO@Z25Qj<jqB{rDmucWo
z7`oc(pAFGg58$Ari&~d<mDPxEh!P*ox~aO*_!+vIbms4kz$NTqB<#rTjYgwh#BQZ{
z^uNetCy$aza4a!?SwvUw847l216C3R9c|j@b5{L42XwG}Uk{M;2x3x%bZ%9GW@Jf-
zOpKq|h43GwVP5;ncJ03>ip095f*#AG)m4xLhb66w^P!O25L`ybWjg&>b)u@YiPi!?
z&(rv+uqr=~>G1S<;Iu&Q)oF6SZ&kTZgAOPz3qno@DhGjI|FstMe-K51o`P7K*nNQs
zEK`bkRZ87JMQ_>AxCX2yO9_y4a#{v4C8!cuW~tGtI+7l<2SZ3nI|b7rM6I};|DJ94
z2dHj*RilO)<bPPYYqg1b1pmiGR~34pN8%x>_%akn;?P3X`=|}eT@@a&;Ef)~zXvG$
z%MS}=C8@6Z`P(Tp(Kkm;2wEipFSc%=yLta!SrwMHdj-cpEE{PSYEb<D@PB-1q_e?J
zKvgKn>@M4#;zOrg_H9gE_kP{Cb&uD5TYu>KC6?yfruSdo;c6qKj7=8UpJP&#vH8*H
zRWE#x)lt`78LKth)pgVe4fpA-N=>HU?jpk15JZ|nt055eNUl|UhJ?N89y*QX8;}%h
zRNGA7-d@FQk8gmRI#awP93)YB)4sf#yji>v8-45fh^Z=LI(b-`W?b)YUd3#8mrQR!
zW<!8_-H8WQqn>;J#<900=NL@S!fJ#sp_BZ6u0|>Y{_#Irm2UsW;{LdIUo$XLStdtX
z6PN#>1+{knqm6HA2*4;33%0C7mo3GsLJxKS-E}rAu2)BX<`i<<UJ^PYE@rE(-@$4Z
z!q+M0`r8{-_2{)b=<f5sNA&sY^u!hUy!!~B5fsC~h)?(f4>SL}*YeLw5!xLOs1;>u
zGKk6*cB9G&_yeN6zS{rpUBxTS%QA^r=SRWsi6#0RHA%E^>%V(1MQWFcQR0F5^Xp$M
zo<hySz-4%i_<yz~3rP%N6F=%EMW=k0S||QLdm-Zv^0meN3u<h{558-R{CA<!;!^nF
ze|IJ-qui1{g`9oq4{};%yQ-upxBrwqfZQJ4@9IkfJeNzWF(4$aci7oJ63M8B%cEgI
z?^m&NRn_oqUY1zIdSXx$mTo$_n&^}6yF(evra$r=x7sZA^5c4Q<GgnvS>t+SV;VUd
zSNr-AbmfJxa&zGqiz%p*zK>r;Ns0Z|Z%glElK4Rb5k%tZYTcOMg6fs%G9>YXrdXij
zr^m3G_^m}ns#zSP6{&(!39hC8->z8IPw9T6w}@8g(ZOF&(OF6atonIW^U=?XhtlSG
zYqgF6uf^=&d1^t&Kl9wM+C1NVcu;&7vod7pYC|%=79&TxWHS+TIFpB)P;Ve#dNp0X
zybpyuV>aUVSvbRj=<QtX+te8?vI+|^EAB{ZWfZD%yH*1!DRcSSv^X1JeDg{8cGa1j
zKr^lXtw*MT&cUV5en6%}>7*$I8ke$)P=fuBMx`l!5)&bkrgwS=R-Ni68kx``Ptb;3
zwdcVIZ6CwNoDGPM^-lPr>Coy}D#a~d8|zFK!)QIy9{d$g<9?^X|Hcxc=L%B|Xxukl
zMLkVVxBuLC3CZ{f2>BPPAyTX0zSLTjq=rD!&nQWe#K)_Xw0ec41}h}(j#!PP&5<aU
z0!cs9NZKvAnwX^h&_lUz9e<>iW_5^_e5;tT=#01vhK)r)QX7<{#HQ8oAv!6p*GS&s
zK9bSCvi#Y&)kON%8!_^IYW4=?^YW;bhN}X3)v<3YMo+6~g;nG3HmiiRX+2hiF%L5W
z)|7pj2JcowKK1&FGMmjvmOHzVKk7Rn6|15t)3=RX52z|^L{&=~5%N}_E}_;rIPcw@
z2K2=R<aWJ5*=tg~iit=vMupH|7b22!7wuSKC$sK4JNmExZkyf$u*gRh|HWv!;dJt_
zJBkBU#W|>B^FLZfQ!|k~QB4%8x-X5o2URnx@hwB!kX*D5iE#QuhNe~El5oj6*iOFq
z6rz5LX4UcGtFbru8@M%|DNI$V058h|M%llLE@<6K$CR5yBGGX)u=c1}-TdB`NcYfg
zQ~+{Oz@(o>HO!-8HC^cQ;wLGHW297RDm#8)HC0f#uiatn!%sq;D)|-6?!L5|)ZBgr
zH2o$+qv^ZVXv+6;Y2BbvHhlcgfc>iu*w;g2)AEqvtC49uqJQI8XJavpl>VPF>sM3S
z*<1gwy=#xFG5h*YF1ZzrUy~@wxD{PQ)Q~#l7BNkTB$8W_O3_`O8Ka0qrJ7QmL7|dd
zlae#jBnlmq+`1jp)wOh_j*@rn{hY|yd)`0Z&-?kjpU->tKTgg*`|@3Deb?H1uV+6A
z@^34(pl(?06s#y=lPT~wMW_mU#_ZWC^?*&)ol5Mr?5wS$iXIxT8hmAl_a)`lK7IZQ
z<rNBI``%UvGWz-HZ1-n<S03cQ>KhaynAHE$$*4{9=32F8ScKNTi(dcc!gF8N?BI=(
zk_L(G&sonOQj|$B5c+l6GbeW+qTZ%yH1S;4$)BjB0LM7LpGbS2_21NWn!#@k9?Z;h
zJM8uyip_EoXd0?(0Q+9!;nwMT49^RiBp>zY>BpRDKE$=>5=3iHaWb?wt-7ndjYka^
z9Va^zK@ggFeDL{{KDg_;qYGf9gpx5-9&)cY>mX`!d0<guNC`@F!Xe1F@q^0<HPM`1
z9-O8)+_UQ-dHPZiR^2+<gnfFW3GaYAxF9ncwzW)XUirFq{zPpgn9>z!qK^(HP`cHR
zcD!<@7@Xb8XK-l)-kr)AeiDs>P;w5yWFDwtNXphx{H&-q>bJ5T-mropeD@ZyGNH6x
zQZ_d;%al}}k`p?wLmtB+n`Va{fB5m-VjE{EvNrxOdrLg~^d%HG6L=dQ``Dz@9Ez4;
z>?^8u_0$e3>L^D`ma7hM1NAE0YAy|`s+EHp7K!6e%L)DV2mA-cIu1sQDGcAXGURFU
zM9{i1$Gf!7^<T7ZWyso?M6*bEFU=>-drj56aK{*BG~|t=k@CI#7v+oZ67IBG5H7e=
z7;>f`MY#4+jt%vjFvfR>;ssu|H{ODTU;U#9mjQ6Vi@fDKbyEHC&hN|BKaeeozdu2t
z0fA-#Z*hSB&1jHa9h*P#cJWEv>@|J3yc5~W%V3I4^OsmFM09lg){D1Ew>fk@RAoOr
zv-rn2rGIXp8S-0VVp)LOeWu}}g>9)P24WXY*Um&cs@Bw-=MI>{Oxr5us+SKbcFT)P
zQcV|ot^wNMYt7xTtQf1@hiRK*=k_L!hJVCb;dn<!;$UX|pbg6gaU+NHVPd(s2#wq#
zH`AHPm>P+y4BSlvWSO<X?v8+)-oME+TfE_lc07<gcbW)Qw1eU}-EVsW*X_eQEYvA1
z5BF~x91x2)<xYls^8elmcPV1Ke%e48wE6{P*CU$kPs<6ax{NT-gEA2JG;4)uNtQm4
zM$=B9e2z5M(mbttl5(DwSz>d1s+_=Er+E>^FRvtm2p?lSRy!y#&{cfx$DVAWD!dN^
zEvA@(#dN-&H!|P-*Tg}RyQPe1oN4s3op^g$J()r^?7Bmas<rh?Af#p2pf?UMOmONr
z)XCSy{ie0T2PB~+d8XLCi^Gjq(bzV4e7<{pqAhB=p5xr$I~0HIeh6E`xGH$C!K5Vn
z6N)swQV&<o+W@%OpOO;{_#`5lxw~s2l?@n=MC9?wi$0xB)p3WjNEgfNvaNfvRZZ{`
z3m#%t<AJo9wnsW%xmCOq&9ur0tNFos6gqJjfj}&;^FJ=noc#=<2CeDrDAaTsP_f{J
zA|h+H`Y(#IJUW8?(VjOZ%+zYQvV1b43DFfA55Jrh@^q}(1>h?t?%YkIC?xcQKhTC9
zhlj0lL(Du%gNtr41&P||E+OMvuusP+eD7p=M(yn<2p7-j2i<&K*hLEs6hcaUDvu0f
zTz<F0_Pm;gNn9k-*<6H)S3nnmtDmL#J;B%$s(ND2IB>qqWhd-&)Qu={hamNY>U+u1
z`gS;Zhll-(QW9>Vu@=zuwyDfo!ASCJ&Gh9xSzWudkGC<1w1ufC|Fc>RAKGQj2dn7T
zTpW&kT4duI;7@ZP#Wj#i4H=w5iU#-`RL)xzI2IYdL&03+Cwcy~C_Zp}{=}QbTXQE&
zfg5F7;f+vS)3n{$wsfRi#{)isNzAZK`-m^fTKOl%o|{6I^Cp@_1Z;wF&+D={UN&7_
znxd8ScAOhloNWcox398kNkYN6(3GYw%6a@1q4kIsdm4lzOrG4L3}yQY<bt;4?n;pp
z$e|lEapdVVj-mm=nJ?bt+<SjlSx&_2JlJK51gcBhF`b58zHwF7Fh-pZju~4V|Jvf%
z<R8ftI!!a*JtEO!t;rxZucgZ<oH8kzD|FQkdeLz}j2zKV9D}~vM2T8g7W!x~^U(e7
zOOV;~KTx6rcqxObyd+EaK)sy1iHc+{a)mr2ijuHVE5hnS#n+bgWJgVgE5mU}vptWh
zuYzwTC-e~<_U~FPY^SlH@nRqnr+vTmg5HI?6u&LHc>+R{$%U<R6`6zO1?N*v;=yLp
z20QAUMzLBw;%t=_%Ber1_v-N1QD6}K1S91w4DGV;3eUd`L;J%ozAo;pwL+fblmzc|
zc}7>9mG*og1~`rqhYFs~H+U<aeA{R|KrCF1gGN4WT_BK~545LW?Yk+25jr-)XbRB)
zDrgG#PAlKtHZ4e8nIgyQ1M2x2so8MaiPAew6p=Qk-)H#dpF%rVy4!p7ld}2s6^iwt
z&G8d@@CxAlTRU}85KE(*%M-ZKxHiXY_u$QgmjOVDq9Go2LN!QYiwJ&uIWTK34rNx*
z_J!4e<7+l8O}ilmQ)K@hSv4EEV9{Yp^!SKX&dY$IgQ>u4=Axv5lFxdIwFE8+S$in)
zM<AT(aL;w_n{(2oqhJY57kgv>r=0pUXTlst6s(f(?1CQX6iuN0V5qgi!+d9Bx9`CP
z_GLQ$x{~(%SHx+8s(9+^Jz!qQS}PE5ly`bx#-yzNe2PAbf|=Ztl#ndoF!+c1u~k}C
zd%k0u?1B*GGiHwDS+jTjCmqeqF@nd@Q*+>YUVO|Vnn#hB&{jLB;Asv-?t-}{HEP&9
zbR3|-Kdttbdu20{ROqlS@Y{w`DE4B)QxoRVzA$Nw&jjXEsQXNWW5bX&bH$ZfJs7*p
zn?`sa)n_2B*;xQyz|gzd*1Z@nXLvCRUJi@Cr?N479KyES#S^P`<PMm_IOxBI8|ZKp
z<daSzWcB^X2^!@)8@fpn;4wk}OIkL&FC)y0DK^ONhWJg#X18xqwpA}?U?FTXaaypD
z>I>r|9anS~eLteP!feJU&5YK>J2TG>yPdtd>eum%`ytbMNa;d6$mo+vf?d48K&Qae
z^h1q)R*{ii)x{N|FYX-KeWt@?V2D19WBT&m%)viC))e2w%b<U2W>tN?nSMv2Zga(1
zx9?9G-7$i9izRF2G}OCUslua=>ssL*rW!av>YxZ^yETe2ceysX`9`~4&aJ&!>9MMD
z_2#x0^{*zG6=mxksFUNVndp3UDNgjRw??zNew?i8!*^soy<S!NzH>r;MnF{0Q5PI%
zq%98^`Y2AK%RkfH+6lo!k-z%g>F~VL$_-9Dl+xj&NY<1L`}!B{m4eFpfTA~tpS_Qc
zZp=x0?*G_WMdI)KePpZ8Ly6u}IoPL(Haoi*o8Ri{6Pt&9i$?d)(r{EcFSsM;d(o~x
zg99!!mc!!G^ZM?W&+6-*IaD^MLo<tQYt-6IkY~xUA;;F!Qg(?x2EdRup3s50nbzAK
zj4uE9DjwoPaaqxp+Qthn9H&GYX(`mnF%!&tqC;`PSi1H^IIcK&*ZyML$G^>UZQr~S
zu7=lD-uGsH2vkYmUusp^tZ^M>F}1~oNjz&pF(Hj5J5+vzwL)k9(K&CjK!ZMbJLt!y
zSJ^_0vu~yNLuGMs?fa-TYlhrtX4rZ=9kb~*#lfE1Ff?`%`B;iKZs<M#!`Us<?W+FT
z{^2g-{|3$6lYR1?RU5ZyHNLrK-G}i>+Er5=Faj-!nW+>~h)46=zth^WS|db%l>dbh
zJMCdREoI2AV$*|v>)M~KDma`oGuQJ7!|F<6%&u45M2)#vQ=mVk|GUl6A!}}wrw6_r
zlBB9}eN|2NuI4qm*AvVn#U<m`6vH^(mZX&fE6X=&Tpu@LUUNd{`{svt1GdO9{^vV#
zreaQdbTJ}%^HS8)KMUICF_K7@>^t6?)#kU|?OEsa>o#e-w%UyfDEckCb8_HLNz0z9
zsf=iEhnsEbe^6w>E+Vgbd422`2>Vy5oyZRF4VVADR>0{dWwd<>c*V3%vm(~t%M>i_
z4G%$ofld%^;|)m%JF+hj&gt0?TwOL0WCDk01jP@4`&W?!VR|YfGa{>ZH5@w4HPDlW
zlNnnn9+Y9O0N>!9_KX4KIt`J^dA#26ctzoNRd6{0?9MHx%wP(h!30=};QbjUo8luO
zWc)nMm*M1TUadn%xot&VojxRY3gg*clF>!@>Eu1}wq5UD*PS{ydO%*&_UWuw*3s<c
zT7UbomV#gQ_YukY@O&8!woj?X{KJP|Xh*FKT`%W3r9!;q-kd3BJt|BjCf|&^+qpw@
zd`dh-(oLDckww?ANgGg18rL&)HLBD^ah<yk8CLk}$)ppjE@L?skda~^pnU~io`$s^
z=SK=?u@=Ku469b;+M?*hMi&+FVvysosh@hK)Qs9b7~;`W`r6TFaf?f6r{#?1<$^cq
zm`ai<85+8_Xa>9QTI<<iyE{#0E<i)+;f}%$I3H)?7&2r|7RYTW+MZk`?ehjXrqO){
zK{EfF>^JhbOKn>C%P18u>*{h2rOR7rOV?188Ck^f_)@Zl!T9&CGpgjm4oX59zh7K_
z&JuX=PF_Jf8t1(UXf?k@s@BUp+9L}G@G;ZKP8ND?@mFu0g{+b<PnkhJx`(RA^o3b2
zn5Uen!sNR?)Q&!aRGX(uHa20%V${~kE&(`G)Yb+mkkW0}9K2R%pO6g&IyzM{r?55-
zce$0;CE8T&TQjoO11DBljiN%a!&lwy5L&C9qNEf4QKnND4^cudk0_7Fg;0^XUr5oQ
z2GAhQy)Pn*aMl@rBN<z0;dzr?VJ%n5i(JX+cO-!EnQGkN_6o>dLcsA>Q9IfVTiiEf
z#Q43DUMzjNu&@@dD>VC)!MMnWy(@OXnS$(agvVam4iY0Ue04(&OcMtc^C=Se8A;%j
zaE{belxSH_4ExM?epWdKb~c%)SmD(Dz9#{WBVDrEOOe369iT#1zg~ze!Vep1jwjC)
zW>>Q9R}b4;@PV04;j@M))Yd*AZfwK6?PNhg3kMsw<;=v^)SFyqZ#qJ@|Is8VaqE)l
zjJF*L%CdZe6f+@3P|#(8_>f1|VI(FeN=Di-xF&#M_xVY++lh{UwQ-k~uOuJ5vKdnR
z|FfeDw2L>%`gj-#VB*X{+R<v5MQy0W*Jje?dUVN$sJ!*)>6Mt6E@ARFkii8EObb3i
zM&Z2K4=lh`W|t?ea$OHUpd@JVT(AHHemMis=$Sy;mL4Oje)-7+Xw}%8=sZ$%Q_os&
z0&cFefD9Upte`F2BMW6*!&`!{o6MMT8g>8A!ZQX}pjHKkxr}K31MO&R&8%5FT!la=
zKR*XH63zFj*2N6oW<a%t;2mAe*0hd{@m^<i0pmRPUp*xFNLC;wTRjXz{f2#E?ObFH
zY$8RlOA*Qe$69=bVA|@KLLS-dQY5o+k3)?h^sq)Vq}7D48ZV3x+TB8xXc<3yQy_Ji
z{lPt6>K;Xu%p9fCeQ0<YVEEXrF=r`O;XZZ0#1cXy(?@=s`Lhox6P|qywaBmVF)!SJ
zu0&=8)VveMC;kIliCqJmNj|CMam^h9KZ8R`#*M6|?B0!Fj7@S72QJ4z=TP#tzC)po
z;I}gcYU>ezK4uho++PSIm;229OeHO2j1d&S>hsnH_o`0Go%!xLvJRf!5^0pGevll}
ze>V+M<k+597G{;>6^{D~vX1uMa3Q7`R(c}lLA5<s(}!GhZ!*#Z?<b*|mRT-IXv)Ua
zY!{{q5`3UW(@$iLS6YNp=NsJ<q~4@y8>QYIOR&<)25`dIHL+ooJt8Oc`z94&P>zF4
zDXC1yo+0>-Jdnok0hDbX2+NARs^h`)U<;yEn_YrrJ3(iOUKQ4XHWLbTb+cg_s~b#e
z&*LCL<VhxY%>#EFO;OZ3<mzInb8nJRkg-4r>bpbO$~9?Bt_MQUwGHzgiIzu#H{?)9
zGaRMI2mZY+2OI)tY1Ep(f=!yB=vxjwMZ#87Y<DyQ!sl)v&ke6K1aBx4=6V*H)HcKA
zRnXpMvX6(aX1^OF4NC>v|7{wb#lWOEN@q7ym|*lcWZ}UrKJqX~h8auo$|GSB_bY_3
z9c#__pL9M(gJS0QkSaJCRXX6UI)|%Nas2qQ&)X;n{*_VRB@}(u^6SSivEFb150xC=
zlN(dY2kT&y<4>+~-GCa4F{O+Roq_W0y}9W=C!dJ2T$dL|2su7GMN9Ny_%>U5;wM>J
zDEKNP;$CDMmWlV0_@)%2_#2FZ-T3l`U9!~7?o&K{DXb+X!**pX2M6DS(jXrQia)en
z?i%NTTBvK$`+t|?C%1W&Lq(;TU|c*OXbCT*ndcN&(HFUjU%a+rDQQx;WHwp^YNls*
zImT@i?fn^ykUjLSr{8Y0Mq|#AtHC$PPSOs?Qp7C;Ra7eU%fUy^i~+^;e*O=r*dJ}J
z>}sje^DOBx)FtrRE&*_*9i#b6g-<+Z{Eq_BgNa`iwy*`kk^!N`Fd^cdy;O(i?(%V{
z(9Qxya7u|}N9OzxW@9yl)3{KI#=Sy<Sh^JwD4->w3K^IC=m8wwwYy!e^CD#z@zM+M
z5vTqN<TY|W=N(lNrg0n)L1c*eUdRxZWf^kAno1egYh(w`pMq?sI5H3^muzou8V}Q4
zXT~?eo|+|Bbbf#kLy4(SI-<#yzzdEVilrl(PBy1gwqOK;6VggQkSWOO0&)lu8?Xhi
zBghuVyMumg8G*rK5-5}xi?qh_Zr3WphZ5Mpz^%YYieRw{+zhXEq{NxAXia4q#PzwF
zvMQg_o{fgjaW*@I?98B(oM34?6qQ-_M5k^cFx0`jm{*vy<kc~><THSiOAciL>Wsp7
zcSDY<eI`>>CIwc;A}s~HVcw)imLGW2=t)@f1lbh*w1KrEyX%~HAESP~)~W{G+35dh
zl;^n7Q4^CKEW9*_Z=Pz`%cy~u<vVfawvAqaJ_$8jL|a5j+8h=kN|a|{nDlS3V)0eU
zs&{OG9xT9TaVm3c?hqu!e-@?tH+nNn>F{LV$JvM-*l>AbJ^0E@iR-ODxwk*Qe|`D!
z05HRT7%i(%+G?^Xo|E0OeYoORBl^(;e8RUquvIM`M|?hjH~SWhI-l!F_zShC@mMUp
z3CCevUzfgG+2F@wqBpOuEJxq+ChR8G0~J^+?dmAGt8c~tXdQ9fyi&>X(mWOlt-E>!
z4#qG#%png7b+)R9pKolm_i{9-jHusXs$ZAc9_3pvK(DUfadR9p8^>5*R}^(h$F4}0
z+c68!lD3Gjvoi)@c?kF4BX-y;Vig2)TcX+333atKm=gR9u6*4e{-4+392WM&>`66v
z6CXn#%Rg(K#?JnN$_n+9=U#48O;~u&D0_9tj5(VpUHL_%<Sy?aZ!K@!GxDcMxk6^y
z^2Yq|;j`UcJr6BBe>N;^wD{g+vB|QJ&JL3FM;|DeHE?keWGTZy_)cUKc8Wy_MIRe(
zaHCFov5+|GyjAl7f`w~lS$g6f6D@o4=^$9$#jR4RmVZWWYe`zc@qK`z*(1e<MYAjy
zYNH;VLMZtIjBtKxAvZY1`_ZJq!E2lsz~C|qoFRxljJ90ZWO7<KZ@0o2@Vl=ka0F?%
zVhyTIC{72;luB^Y8xxyGK3rFv1gqbMjI$h#I_=H{7)iw{M}K58eoO`~3nA-a?0PLZ
zMrcqL5TR6Jjn(VPF-oT%BcbL<xB>t_V88MdTA`7Oa(z2nIhSjTa;y@Xp%FHAJfuQx
zQ*(?hM2+z5T1Jx^13(?irE2u*J@~w@i%`iNcs{Cquw!fy`j%Hl@dw&L@O#}$cZ~WO
z=q90>`~fu86+AYnOI747lXip@0$W17qVmSh>R)0KPT=+yl1B(jr&~J*7}(!Jm3Tw`
zb$D;a{Aq|!YS?s2xUmG;gJJp9s?mR5jKnIZM?Qgu&gQkoxN+GP3^~FPGB4gZ9fLcg
z9Wo_jM<$2jWt-Kqoe(^eipVK9C}!g%^p$|}z`r3%2j;K6EHMp^QL)A~!^kiT86-G)
z-`mU8Fi)^+s1ZuAXPnz$N561vGl6Hws;4*+%)*I1J2Dv`o-s}SWZnU?FLn{{9B816
zrN-`hNX*Y=<y99jjPi4XHQa)PsZ6Kz>kgJ-#s6fsK8Z9wX>wh|MKywgx4;Hp7yf!q
z99D;x<ra@jPQv17GN7c@GNMJV#ibkzh>9sKx+9Q#l>ZWwz5(^eno(AJf1z~syH0V9
zo_jZs?2W3b&!rJ<TT*ZUm)gR(uORD+RyoA|A_do3mJc~~c}iA$7}1cjfJAf40ho(L
z#$;Wwx&ppJu+QXWr$5IAZ1r<8#Xr>pB3UdN`{#C?49TcdR$lPBOqU~W!yH%6$2@lO
z9$5*j&lDVA*&7l*J|lgRY~@xNKfw?W2PhicS&xw}A*(a*7Ba=)cQL5*1-SEiO6Nb9
z0%P@gt6K%nnW83-E~j~om9BBn+|>wdAa^M%(lMzZ;!dGCQZ1>a%acR!NEc1maP0HR
z*m<^O`mjPz-wWoM)WrqGL}6p+`BG}0N71<Vdlkp4ct?*ZBrlXeAEvITh2}W!;60}3
z1Dq5rO@*b)y{)-VIB*Qj$>8*#0%<dCpkyUVCGpsxgz992(uxEpDe`_TR^+IkC#Kkx
z6+CAw(036p3av--<9X7Y7k}jE#xAq~`d=45ZtTL=+|%$N2o$GaGJ7aHgGdfl)T?p3
z4(z)Ivi|=D`13Niei~al`FTjbRrFwnx9M|xUSxZM*^Rs`NrwDyDEtbFG-5ev#EW&S
zgq$=kuAxW+B{5A~*Uj=O$oa}_4<HQI^~$X-@8C*_>3(wV2XAcGXtv+erGl-rEe+Aq
z%aU|+%gLB(Xj$G?#~@wEDZU-)3m3*TQ1&(=oj@cPZ=^g4tLIz^<3+(o6U;<7&`9FU
zMSp@V6w(wX^<sohgCxl#lgHsfvWYa>6j|9w(q~zEW2<96o*+kUV{F6bUFr{k?B~9(
zQ*c}>4+?SIqy}t{3ul;0N+wPc+NZjcQRw|`7vuO0qVPyETy_w0`Hm4pKMOI{1^hw|
zMByCd`P8Z%d!Je0$We5hLL;#t9Id<NmqrxZam3xBP3d|g2uFF{vR4J-Iu4^?N{-22
zpf0SqtS;`A-k%o_qZJEdOt~s0vJNsZj8n@3mU9Ndt|M>RL3qTCk>huDN&;TUIgK#q
zZy8aIM(PKj%30jZl_@h12lwJWDK+3B#PpcP1lnZX;G^RSQQKw7#*xWeI4$xdA3X3Z
zz;;AVof^fdu<4}sJ(@b}Nt==|FjJBaPf4I!WB#o{zE`y`j8dw>)?{nskA@sSk*2i0
zd`hru0bmFceQ$!QNquD`CCy_@RwNv|t~W~X9^U2CBWZUM@jQnXV>u6_?8(nrfz76A
zqg2c{D8thRn-N@}lz^|jHKd%%EkH*SosYNXW^oM9SENWd1a!O2Ec;E)3#F0>EMlG=
z89av33X?W=>0cU~22nwjo2v=FG0%yz-4^KxhBCZmr-_@2<CB|Mx)&)IG@+TW>9)1m
z0}bvZAvIvGQnntGu0+BM2YhaV;aA`daArI0SrE45${nLY(qNpqO1XDsQzkYQr_)<=
zeRFMrCg62aP$;&)7N(?oq0l?N@sml5DAzeHfCCKn@|9v3sg%UqD7gob{3uwi08cD$
zf0Hu~8w(Ri3AG@51A?O3>;VQ_Yw$pQ)F?y6jb?R2fOga#=>U`3V^<ru47v|h$E}W_
z1oMMIZTL$wO9PGFxL97WmaItpUJwSL)rKuFY8fYe+F?4wq&UYl>Q(8$x)WQE$cL<Z
z?lv#poU)N)C;QzrD)t`IrB&_$<n@?wCNSI4M=4JR)!#9<{J{gy>}V9lPw)p^mb^~+
z0B>i+8o-LlbS21IG#W?k6?<Z&{2%!{c^{DxP8}qvD-ASp8-?wd7VNsa!cxkZEqK1c
zxRFyo)`QHzqVlN{8;RZtMij5W@ui_~SLgc|`ml-qburFv@iDwzTqAiN5S_v_4G6-q
z7Bh^(UUOE4&D-s4mTYu-bx@0`c2A*&^ar%ZJ43<Cc$xcE1-E!LCXI*tJQCf0913ql
zgW@!ttd)jO{7hn(nhktmf2xOYep!HbX_0&7+`;H4tQUm~Q(<pyW=r*{gtaqRk25Lt
zPjevN=G3%;oGHpa@Sl>_`d;sdobmo(K-Eo~!=Dnr@h?26zBk$|?|H$tYd;h+>i5T2
z9rGJ{w+vq=zz8Xc>7pZmZrZy%zX)ful+5;k(+Yy@^5yMMb1IxFtvM1|O<t%mZm><2
zJLq}ok!>^B#2Gg2_j0n8N;tJ+0x6!OL$2D7H}6by#WLt(&fd+V`XSI5H_B?~pu-Fe
z#ncb{${I;Uh3opph-ti@ujYzXN{gH-BVZv5B>=5T2*vmuOzd=^`UAC^_Op|CGc{62
z%o9%y$2Hxx$fm|ug8c=f<V>|vH5>VNY>D5g)pNyBb2)`GrkuD6nX~fm0yUnLRqUB1
zn4XqWe=es&4cswaYtn)cc&IaMUY@hrsa8Ly#`boLkqv2ETTG%_1BxK3MvvmbW&`CJ
z;OzoGllP`6Mjg+*uG^3Ab*9O0qFd{0d2zye?40<N`|jW^LzS+UX9GK@`39~T)M$UI
z*Bskr#pb@HfrgE@9JovW7J&onET|lQBKeyjIaLk6pElN?e?2E$?f&sHwH1F}v-7^C
z7&|f~c0nxfeR6Vf&k>V9nrYUIYKI;FuL`@|SLMlc#g~g(y{oqNtE|X#KTx~1pnm-|
z+m!=w<%gE!=lXn>XG>hBspt9a{~&(rs?fCalD4tfPRGrse_e&0BK~P2<rt@Ft(W+*
z<43>ACiyLMOP;Eht0h*sg#1ubP<>!+j=7H8bX&Km2b@?w&L;PMr9bq3;AO?ju#%@H
z7rlK(T(5efGNNIvale}Q+s@}J%k8-9b@##^1)(H9ay7L(s(v!h;Ih%Q4`Xu+wtNUU
zY7msUb82fu%f=0yqBd>%4xb}^_50$Nbr+twYm}>v^7qz18vH?$`pW){xw_j?a|O5T
z#I@%ub<Xs~KdKBSQ?+2t`M6@0A?f-Ri-N^YRllpg$i8&T$XE5?H#zsb%=#2Xw3e>F
zmX$dPH{wJ->S9*?RuM3DxL$DUz#B|eg<7D;n?W76>x8Z?f3()_$$qu|+T-_OxB>RX
zNa8`5bY8r={X{;Oer@#)?F123&>Z!zP0uAuk87GeKt@N}@lY~fNWYy#kq!6tdfI^&
z{`w|GE4betl1*5OG5$v;;qGWKJef*&$3ter-O*qe8EJiihm57afJ5e%zJNpKhrfVB
z7I=IChb-{;0uEW=@dX^Rz~c)zWP!(*aL59WFYx%E2OfdvybJJ_%<hgeo6e;|Rt&kY
zq5rz%|Nr*wq8=Gv;ucQckmA71I4t}2vs%f}_>2YQa?5n18yqq;x`83njqYH`(2$|=
z1p?jwknx5LjqV6^|18rD85-RY=>A!z8!|MyBhdY`OgCg`bVs23XPIvNFQQ@P@2!KH
zpLny%PbGT+muH6ilkGxvhh2t-42|vxbpI^V4H+8U5$OI|rW-Oex+Bp2vrIQ+Xmm%Q
q`)8SM$k6DHK=;ow-S|I&#-jDso*%!pou`XNV=-s(?DSa<KmQjY4Ah$d

literal 0
HcmV?d00001

diff --git a/website/source/downloads.html.erb b/website/source/downloads.html.erb
index 1eb63cc22a..a979e2772d 100644
--- a/website/source/downloads.html.erb
+++ b/website/source/downloads.html.erb
@@ -9,46 +9,50 @@ description: |-
 <h1>Download Terraform</h1>
 
 <section class="downloads">
-	<div class="description row">
-		<div class="col-md-12">
-			<p>
-			Below are all available downloads for the latest version of Terraform
-			(<%= latest_version %>). Please download the proper package for your
-			operating system and architecture. You can find SHA256 checksums
-			for packages <a href="https://dl.bintray.com/mitchellh/terraform/terraform_<%= latest_version %>_SHA256SUMS?direct">here</a>.
-			</p>
+  <div class="description row">
+    <div class="col-md-12">
+      <p>
+        Below are the available downloads for the latest version of Terraform
+        (<%= latest_version %>). Please download the proper package for your
+        operating system and architecture.
+      </p>
+      <p>
+        You can find the
+        <a href="https://releases.hashicorp.com/terraform/<%= latest_version %>/terraform_<%= latest_version %>_SHA256SUMS">
+          SHA256 checksums for Terraform <%= latest_version %>
+        </a>
+        online and you can
+        <a href="https://releases.hashicorp.com/terraform/<%= latest_version %>/terraform_<%= latest_version %>_SHA256SUMS.sig">
+          verify the checksums signature file
+        </a>
+        which has been signed using <a href="https://hashicorp.com/security.html" target="_TOP">HashiCorp's GPG key</a>.
+        You can also <a href="https://releases.hashicorp.com/terraform" target="_TOP">download older versions of Terraform</a> from the releases service.
+      </p>
+    </div>
+  </div>
 
-			<p>
-			Each release archive is a <code>zip</code> file containing the Terraform binary
-			executables at the top level. These executables are meant to be extracted
-			to a location where they can be found by your shell.
-			</p>
-		</div>
-	</div>
-	<% product_versions.each do |os, versions| %>
-		<div class="row">
-		<div class="col-md-12 download">
-			<div class="icon pull-left"><%= system_icon(os) %>
-		</div>
-			<div class="details">
-				<h2 class="os-name"><%= os %></h2>
-				<ul>
-					<% versions.each do |url| %>
-						<li><a href="<%= url %>"><%= arch_for_filename(url) %></a></li>
-					<% end %>
-				</ul>
-				<div class="clearfix">
-				</div>
-			</div>
-		</div>
-	</div>
-<% end %>
+  <% product_versions.each do |os, arches| %>
+    <div class="row">
+      <div class="col-md-12 download">
+        <div class="icon pull-left"><%= system_icon(os) %></div>
+        <div class="details">
+          <h2 class="os-name"><%= pretty_os(os) %></h2>
+          <ul>
+            <% arches.each do |arch, url| %>
+              <li><a href="<%= url %>"><%= pretty_arch(arch) %></a></li>
+            <% end %>
+          </ul>
+          <div class="clearfix"></div>
+        </div>
+      </div>
+    </div>
+  <% end %>
 
-	<div class="row">
-		<div class="col-md-12 poweredby">
-			<a href='http://www.bintray.com'>
-				<img src='https://www.bintray.com/docs/images/poweredByBintray_ColorTransparent.png'>
-			</a>
-		</div>
-	</div>
+  <div class="row">
+    <div class="col-md-12 poweredby">
+      <a href="https://www.fastly.com?utm_source=hashicorp" target="_TOP">
+        <%= image_tag "fastly_logo.png" %>
+      </a>
+    </div>
+  </div>
 </section>

From 74d1486a4da631729c5f54ed3fff31c21d71dd6c Mon Sep 17 00:00:00 2001
From: Seth Vargo <sethvargo@gmail.com>
Date: Mon, 26 Oct 2015 11:53:42 -0400
Subject: [PATCH 321/335] Use vendored fastly logo

---
 website/Gemfile.lock                         |   2 +-
 website/source/assets/images/fastly_logo.png | Bin 182835 -> 0 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 website/source/assets/images/fastly_logo.png

diff --git a/website/Gemfile.lock b/website/Gemfile.lock
index 59b9283951..7034f311e8 100644
--- a/website/Gemfile.lock
+++ b/website/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/hashicorp/middleman-hashicorp
-  revision: f21146d03182b7236b85ee8bc430fd613125d5bb
+  revision: 15cbda0cf1d963fa71292dee921229e7ee618272
   specs:
     middleman-hashicorp (0.2.0)
       bootstrap-sass (~> 3.3)
diff --git a/website/source/assets/images/fastly_logo.png b/website/source/assets/images/fastly_logo.png
deleted file mode 100644
index 0c4619e964742b43dad160839a7e4f4433b53790..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 182835
zcmeFa2~<tr8$Wy!GBg;XkV-^olm=9;S(4JMXjBo6q)}a86opI;nhnjfCe4>*C=HZ~
zrb`-BD$OZ+_de%bx^<7=f35d@*Sp@e?6u_Fd-r+v^L(Ch@3YT2S5*(~W1F{p9)cij
ziu-q~A;^li2*OI9GaG!<6c(`;{5RKT|B*8YBDxy>V{(kxehz%O?Cc($v+CAnXB~{}
zOpzVOt&L6j6)la-P1Q_|jyu`DHkCtWyrwAb-l5_6v8!PR6T**N5>Iz;OP!S@GGo@0
zI(9&VsBwnQB>D+_uW@kTFTcJDXlEk+`KH8MX5wG@O&+ii|4MqXn}hgQ^0lkH#J?iT
z7R&$T*G+4k|MKhce*#ZN=bwfrqk;T0X*xLm`7j+E|AH1B9RH#;9UTAC5<MLM@-Q79
z{|XN}IQ|tLba4DDJm}!~S9s9D@vrcpgX3S}K?ldb!h;@;|7Q!2u)J-rPOk87mhCR;
zGHNq@oEdM&Y{z_Kx65OX6^|b0awzpYV_SRA$%==0*2jAWD@I%&MGf=3X$|9EKYw7>
zB*w_x3;(uiVZ8fq3o%y~{&lHk?_U>F{tY}y4dCz})bx1#GcI~O`2V>R9U%WA7abh`
z0>~6NkbeP$9+7_mgdUH70fZipe-+3SJpKg`dO-dK5PCfR1rT~X{soXJc>Mn}fCLm=
z19DK?*ep|>Tle{o*$+NTGVmSKH_0;amRwO@=w_+^#C-UoONObub6)q41QotXV!LPe
zxw9B3&!GA@ygyd3X*N<e;PSNX=ebjhkb<s~UoKD0P4M32;azZjU_{&_<KDi`(0L6a
zC4o88Pi1l(Tk5UcKIa7&oHdYV?_T-YHRtu9Ty17tj$5<kj7dXHIwT9jRSar8t7U57
zQPH?cYJ=SEb*{s<!o{(TeZR_$T{+&LJZ`NQ;xSr%r$4g$M@S0677<F_Rk*jLptM4|
zq=WnE*jpzf-I+%<qCVw0UFtbEG`iAf_`O7i!<<gb(5*Gc3M7mtF){gY0bCgQWwNX8
zXm@6uol~t?iIe6~;o!PEpI08yh`RqW$UOA=_Yu{V&CYcl+|)6*#2h!v_{jt&9p`Eb
zfUP5xI5tbkz2E&zOD{TcMa~r4Dz~nt#r5Z#RB7I*r+J0>8{6zZWZKtQU+0{3>ZC*R
z83DNSW!&UMki-=kw&sLlH_M&9dU9O#IU#a6&EFHdOio*CmuWT(o_a{IHHWIQ3X<S^
zRUsYM!Tma@JM17!S)+PN-uDlDKEq?_32QIp<=KCbv9Ia5ws6wWlMcxfL07;Yn%vd9
z>aH2(njWdtX}mo5sb{88CpEGw^G?Ak&u@Bz)=*WmhtC0Nt}U2!GVSn}S<ek+<kEd1
zuk1Y@3v4gNhpv3SO3m!z0*(Ev9$mR^bEyA^!T1m~l~lNVMfL2<P`IC~5Wsb8_6Wtz
z+I3Xkve<6VU|^NCY}prA8r3QPU(;Z!%?W!beOuv1p*p9-*T{!Y9PF>M@-yFIx<s1Y
zUP@;5W365mf5osx?W=;q5Sw{#hL-VDVQIt8^0Vdr8umYJd{x2<+ef4zWGnrQWvxT^
z_VG^eZe-@E2zOdu>yj%IWL@1nk=0cHq5srzf^A3SC98q%E0|vNk&AQ9kN2!97)`Ca
zv9v^M>lAkJkK`ZAfaQ_p4@d-WR@vng6;!aU7?JOnO&tDOBx7fv-&!Nx#L*>xZE4B9
z(~Kz~_TrG^ZMTheu7AmMWj00JEOMR9#qwj~`V)@$bfk+lx~AzU><4`qHPzXW;pACK
ztgRt2Gm`BumJSbg`S$d7)VF0WuN-qYVV$N^cAUWb+LywUdv~n&xYK%4xF=U4fTd!I
zPgAo>dHx45x|4K#=IGc{3c)5UiV-)IUFH#YS<s+PW3x@8&Jywi*1$nZ;|K4au?|<u
zP`1t%8NHt_X*wB?33iZmdB8~GxVA|AboE82xXk5mwyDnww`eYP8E<Sl?Z%<irqsVV
zIWs%XHt*hXMgV~C3SL4R&jUI?8M?P$%Q}7@vf@tZ*g%(qiG99wlTT+tHwq!#f5)Kp
zN<$O|yxz(o8HNygH<NrRl|tt@8NG(L#vcw4o%S4#swo-BLg8f#987L(e$rUlnt8&$
zdqp##$FNO6U6VA`SPNUn-sWE2fSe`U5-bOk*&tV(VnsF|<5~Je1EVeoAVN>|nw|S!
z%IFI7eIba<7KR|mlRrP=_9(49(b&PJ!4$s9r`g%R+-(8~_0ZWemA5)baq^1vBu4MP
zfFkYL4~_YulergCvFl>%$)i2rhiw6norm*|q%NynA>wx?Ytl)R4#|m|pnT>L+=u$J
zEUF8gO!gpDO`yvyiNghNjkov`7;*b@DC^k+UPe*@!y~i3CXu8&Bptg3vW1O}M?Ye?
zu5}UJZ+|`<I}RbZC?3p$Y^yo&=X<)Nv$vq#4ZX18MY_sQqy)#&{rcwv*6-YgBAd{1
zO%quTWaz6mLAWMq!&qS0sm8i)^r%edr`!|)B-tV1@4YtyTQHLk%v@d`Bs2qIk@EjD
zG~H4A1_;r(A7`PHg7)aKSSBRI2&QvJtz8)Qb=C3u^ymmjTSBAGLZm%di@;#Q;~=KJ
zR_i^y&E$iJ71@yXM4&2d0)NH%(C{*<jrZ(N>|e2Q1`;y7hlqFyN<5ac@MJ1)S&jxX
z;<brT!c8dG>xyiA%R541n2<ddf{dgC-(|mnb{h97*GQqJ)LG6teh$KExt4(A3e&wH
zDLD%l+1xJQT;M$p%!{-{cP?YnWKl_A!4<pKdsMn6_Ctm{Ht7oME%|Hj)$2X_T_Z;!
z&zjkU;%$ZE$s5XXAkGhc8Ph}B(N0U0B#ySEI=|>g!ubdpO@xf9-sddbqmVgz{XIg~
zzo$q*^=t^Rb+Q+T)BX2a9U^BV18N(Iz_N#6ZGc?rEEDldfSZ^ZG*S&Tbs=D3o5Si}
zIPxMDn}><qQ4q#F)o{*2MTN?7(f0@<O(@eMm{5fFdl?0k+q=nFAc$Dn->F{VEVPib
z4s0T^A=D+3L^?&uwm*Tc;{c&T+#V1qK<EO5>IO*XU(N(It&>8?nILy-5yZ>znGmh5
zAbGuM+gh*!^mZWBztCk!nO#vLxb2L8lMY~*nGgpxh(kLWLY6stUX2+UnMD{z*56oz
zAhPkCh4u>lFUY(|Z>Jd%W)ZS}pgI#*V~rZEN9~|Dh?oT)U`@&H>pe~?xXa8QK*&wQ
zmLQF9VqgsLE0naMJ4(7m<}fo-dpnCL@F_x$YkfEiH-{ChV0K0*=b$k$Y+iQ4ObEpa
z%_pa>wJ{+%Z;1l>-7ouRAmj!`iKA`(4kjcHq&DO)9DvADo6lJ&9#)RJZC3!y28>#`
z&^`d?X>G4h0$~{v;Vej3W9D1qQGNo3RTn`o*Sl-{q_nMkd^Rv)7jdG9AXJ(HASwVE
z{&soW_*&Q(W-f+JsO%Q(3xea@c$U+wAYzYI6Cwe#IK_IuM15<&xf?UEO6CA1hEx&c
zZmSMJ%|}Uswf`QfH(7ot0Ha2-g?bwafNo?70hW!oepuAEgP=SL-wb_2fggr*gHg6B
z1YtidN)UBaAD95&Z3NQ!mq#o@Nc*7uGi+WEAu8K?4<m(C6tb1?2w`Z42EnH!5!@<i
z4H0XQB-8{f2FQG%?rD=Ov5udORP2DvGiqc3XsnKVygqFRE9hGh&4iq-_^Uw(Ks?1B
zaa;9|?wX5)7ZR2&5nG{mDtdhq4O0>XF$l(YhK;iX=$F)A?${_EmNTvZvJPiBVLbB%
zl7$aTGdp8&T_(1K4ggnpIRr{@xrm?S5{6?VWHl(i^F~mXa#t`T#r>K@ssH#(;5g?8
zPLr&|XCtZsg!RX9=wRoeK?&6#BqRp(LDq-<r$H?1Jt(UTl)(1{QR#5N3>Z-RED&}`
zB741C4iZK7<8Z)^WkAFYeS{*Og`Hy2PL+gaSO&DEnt;Zd>r8+_Ucx-}4niB7wyYwk
zMMjGmiQZ3?rBz{>K(Y^IYgYz-wc&q^{qP6`H@X5;xiO5Dirht+^yMr(hIXygCQ7Bt
zp=ZXXEUU=Tn1MuV5HiRN8C;^qs*Q?lMJO^#&nt6T#TaxBJHjl-b`5BC5A@|TaWjz$
z=D&9=I)KG9RRChcU&OAWK;5i?#!&7`<U-LfaffSUjw&AqWh7zcfOV6F3DY0gg8ZgC
z1XyDog+RUSYIPS-G$V|P^C5^5a5_=Ho(UOHB}5zTxDd=FTou}6fY9whf2rWH@i}pM
z+6iYf$`JApf8!^`ZE8R_QG}&JAhe0CB1JZV<q05o`;-#-o`o^=Jy5E^xCL{gJak5e
zE!qo$USicB^a@PPj}l707(%ozf;+J<3m9a3&fny|3Q3+p;oQK4RJh(^I5L7nUxyvN
z0hBkHknod)(wIPL?!q$WDu`ecgpsuh=HrTGa7qCcKH?9^Gi>2oVLTDd0+vJFMrh%d
zs9tUw2ee8ao`Fzb|7G%uj%;J|d*m`MLcfNgC!2Z*WXuV|*l7WiuWa;hi6w~gX*A5I
zR712H6ate=bnePXWRfow#`EktP~~x?0~8rHDY&Y@v)k*_Rut(ZxB@|xo|Z#FhD1R{
zZXP=m5Is+*WtbVM3%dJO01NBgb%qETU6dd?|6d18!7Y|BPC$Z&P2HeKa;zjwWLi+g
zd5RJT`<DTu?u{f&i&)3~AdqE&K2*zxMUOQJ%BN^_WCN>yRFp^;B2faNDCb1sQU<89
zkRHO)sS3`olR4A@p~eJ4d11OWj8bFe8Vv^Fsh2p&W8;1UVvsqA-3i8m+Iw&wV*+q)
z1nZU=8yK1cf=I#IsB1TzCu+<EM6(DD5zc%KwZSq4RPri9pZW&PP|x3(Te=gRfG9)~
z3XKxv(qeXIUIzM|CR%h*-39^^MGH(^0tW$>2p{1>R259U$(EJlvp0b?oB9(er!@(r
zwlIeX1;SY&%rN7(2^FmXr`)G2K|~}Q5Ka>Y;8fQTtUrO(Di9BQO9%rzMy|vc&Ol5V
zNjx5wmy>15Q}Rr_i}le;|LRbFuVn$t(l(v&q%K&yS#!4Vf_ek7tW?Pp&T{gi{u65s
z$dP-_^HQl@O*0jsum|9xrEFbQRo!R<FeMwmH3XKfIs?KgD96@r36il+SIY7iYY1iv
zSl1(wk&XKDK0v$4N5zPU&Vxj=tlH{;k=US1;*2yvl7L3imJOrxX+@$!l@t1RQDkI(
zNE3`_=AA_8;{aT~lYJQiK;<G_$rFOB<A%3lVsb`*s)8tR+ULEv0^pKiyZa1UQWZ+^
zE#ZU@u3FnXj)`&TA5#Lp<BeW@U__6z2$Fk_lDh+f8pCz~rgYiYsOEqX*+}F8c^Ea4
zB1A9hV|nH+CWLAXKQL^2B!KA#cWejP9eraWb&Ugf1;Zu?JMvgsbXd7T-#U7bP`%5c
zde>V4MLZD#hYTCZ7IL)jUZC@~f&$?DPofD;5G9v_l6#_0WCn2ZOEzgx1O{ab4jDG`
zXIMDpZ<ex`DL4hV6YT)z%mTs+qegxQJKwMcNrO@}2+(2J1YxFhwXo>;Ha-MF35L;(
zQ48M>8BD?*>B$p9Y2oyhq79|h*+Ymh+Q}2RT4~Q-U{fV=9^b<WkWoeZnxh1Z2#qBM
zY9lNQD8g_Fp{r>?5ge428_Ie>=pt+K5E`i|Fw&7%F#5+S5<wS%LU$a<NU^w0WW*?6
z)(4e;ZVrbF`;@J*Msm@N@CD!9Ee8J68wzENBTP_2Fo{y-p@~!zI~h!kj;0nJQA~N)
z0snDZ_7jZ>6L)VEI_3c)Nd;l{9DfaZQnCppeGN4*Ap>m_4%r#=7nQ<=drHp`=oa5W
z=n?2#xd~PvI@-4h*cXD?m0A!PY1M|p8_P~4Lj)?rDX6UuLK(iIGC;j1=Mx$@oJv#P
zS5;vV*6`SSab67q_71=V?D!5ib#gXQ?nU63<tP@Spd-Tuvz_CRKQxSOM4E(sykw*X
z^=BdE1w?*=Ko5wEgH`(iA~!)$`Q8J)kOwsjYl*INq2ozQ4PwzWz8iAKu$2P=Ngtqq
zm-Z8BM-FPov~vxD%ppufz0g$eCV*_pe~Bncktbk~zZ@8t9n=H^3!#u?bAUwn(GbA2
zM66L4Q3d4)9jW*|(943)gaV2|0kf<i^S8hshRqRX?0Fz^N6kP;0Yo-W=7L-ugj^Xx
zvtZc9;q35k48-9ekzY{Z5`<9Y_5URv%9SL}l>w1<a#0j2Aqs1WOtd!;j;I3WWq%Q`
z1|sEzA_eEd3>%dLV!*Gi?f{DUON22A;|Wek7DO$70gRquBcmf8**X_No{bZNB?2s7
z)ep`##0ee88U!Np&V$N%L1>v~L=;01w4)uo40UNMk+1gpL9q5gun5ZriXOy)2j(E#
zSfhgg42CTirmAAw)e!eELIsusli@V9=r{y|gDR2ZlZT;<n^4w?afhVtJ_UbB@fQJa
z3|kNC&ahBiu#wPU6d>vze1PZYF&+{z3<-fb80>a4D<)>!5(L@#6D)@?Y*Z6~7QZ`0
z>pr1s_#j)O@Xue^l7QoF2Y-+h!ertKL(!KW&;LEzvY^0hFbn6`lDeiyWTQS1_FS0g
zt_-RZR6*qOKb?HnFoXas6v684RS@_?)*)2#BtrH#2?$ZoKs43W)veny!IBZb2BGVq
z9Su;}dE<-@ZXzJ)3g@g};$Y0uASwzesITUq0|s#kreKE6W+qfm5{!_<dNx4yoDCLo
z{?}+8pacb$w*a!ouu&GmkQItD<s9$veFwqCD{>OlkDNVZz5~?044do?sGmxheN_R#
zjN1*kX4aR6LPZF>EYyz*3cE9iZ4BED7-Ba`N)4WKTLC!Q2@Q;4lf4buQUMbMQuIp;
zZocCTdx2}lDEs9o`-E}wC5rtA;Pne&Im@t7=0Z^2;PSyvK|=On?bMeFD*C@D@jFTg
zO(-x9GHg_M&7FTWFlLbD=M3twHD6?9*bzZc=AGb*)13E2^I;n}oxACeS|AvmF{R*F
z(B4h|9^g+x=Jin&2<K<PFxh`Gg}Mp0;N~F80$8^Q2-X`y)kHznIDG&~i8zhh!0Ptq
zRXp6TB#Jb$u<k|>vMFJ#MF$&g2L$F2#w!|?S$~-nVGQ}8$(eA+h%hwuz7!}vVM%1T
z3`&L(Vj(g*KUhAF*8UZu<ZIAfC{<N(uM2SyDgo1PvfOE4OIOs{ns>}%Y$#+?Xau}y
zd?B3k8E%2BdqR^Vt~*N500hUIbA~9c<AhK!2@^yMX4S!jrCu_cW_CfFy!IEH6h<95
z8Ajpfgf`g*0dK0Ws)9SFo~<F$OBqyfegVojq4Lm9V6DyZe~e}TIS(M3-%*@^{FLEL
zXiR&huH^wGGi(^=VZav1+y#Vw0)HR*h59(La1bcKw=6N=&~uxb&}kc^#6fni&AAw?
zbpc_eq&m9fn5=i%*~Qj%SbnDuC5MU4$Vchi;B1Z=yLn@D)lY978oT}a;Ox@_=2sei
zLdoJu;Gv1ndkzEZ(tdk|p{#&8y8~##D!Zv+zn;jJOMWh7LY~K!rY3MAR5PAzTe;@^
zUlYR@pFD8QC!mWBZn=5}(oNBmDK2XK{=D%KtHIq5f||#kFW(zveo`hPtp4$~l+0tU
z*6lSaH>xu?3lPxK@mvIhQlhE8N2c)8jb@!DYVRYS9O`_0@>$zut0IT(simp;8rIwD
z0{y!qKINq)HMu{jY!6XnOpfd;1RVH@<sO7`-H~lqO5NsGK_^qS_xlz$Bz_;|OilP4
z7k0A$^oEZ?T)h#^?ZcsNM-E~bF`%dQ0I2wL27pKV?3`U&^cOZN^#wkPUGcU)tUIe*
zsbz?-L1tr}QlZP!#xySVx1nbUp3IrNND!_^3g>y;=eJ&7`aqnm>|EIgz=n*dfB%_-
z?gUj6(smdakZqk8LY`kbzu(L4Q0xz(rHL`y&J;ZnK6H#vX-K-+A?)O#obQei2H&Y*
zMV(=b-v=!PDl0!mjCtcToj`vL`_+rA8sd*z7vxsAe$a@|oWET=xlNvcfX*$bA#&3<
z5!ND;J=@o5p68rfpy&`;VtYh5DM2S$`@nLB10#m=09t;lm^p~-rv)CLbAQGgvUZno
z&2q`<bx+aX9=d%*sAnPLQz>3|L4>X61$vAYD|4B<%T|9i`^eGZP|jw%?M>GG!fd<l
zH=dJriDG;@qV))RC%?Y6kx-e7Vr(`i%TX)g`(681u`xb@9CjZ)LBYLHHF#KnD17is
zPs}vzakHwEeJ0K>`Crdl%Nwo77KAT4`kzwxHk%D|Dw&kRw}x+c70bN*Vph_P>{~03
zvk9`_Rjn>)P~j=<NBD-a9l2^dRlryq>|NZ3Ue7~Hvv{oT*?m<e03WG302!k``R1v2
zzTj?284qIt5YjjFnIbptfNh$LTdyd%35S%|x)yQF6!p}LJnF2@xFfh`cpVflRi~_G
zkR95bpCqmKPgqaTl{}2`_YLqDc~mQspc~S-4b~pyOna$%ftJUT1i=WYm;t&)*Ib^9
z#AfgTT#no$m|7txu0j?&t7anae@H``QiL=E7cT~EUCQR^z5{knGHw;I9BaWZbNcrc
zo1P??E+FBi;FclPr1^^xjTWV1Q%k~r_Gmu?WkmJzPn$4x(GVi|5L9WA1M=a+>;EDG
zB?J}W;7+i^hjF7K5V(qOqaR|HAU8q@<)kn{)}nw2Jn3RH2riQ#h$ni#*0s*eyColq
z>TX)6woNUMHxbNI5K18`;fwDgEsw<sJC#Gr3;~uYyJ75;LJ*NJP;F7>v*sc<iUnHU
z{k<Q8B%SfK`w&1#>?F#WzSZ{nXM`fEtOFq!>9z9)p7-}o_FJWxC_y;~vQEEYtRX-~
zj)r}1%ugGGQo??&pdW&iXCBBJFeB>ZsDL_D+Xs$JV(?3@z`2fGdClM07h8?Wcvfb;
ze>%ZsDFo3!1j10qW*H!(P9PCaRC@qv_#r-JWI^}ZmdDbB`tHQ|D*Xt`7sf3K1OCZR
zn~jo;dw|>BLO}>XD9zIA{X>Wuhrt%1+A6^qz_4B0h4yGmR2R)7B=Z8^qvx9?zda{;
z1}Qq7sN_XnKrjclNHLKDe%h=cWc}JcbWEe5zbU2}eGZgk?F&Mbnis+40ol`GcEpd2
z;=YHXWJK)ji_zOEWe-A@7&gNhs6nzkI*Pgs!#->Iq2O8KOq4H)2O0JNUy8HAC{-Ra
z7g<|#kEoO3a&)wbObH^_rEEs|=+066i-QDspmLuNA=FhQYWOw==0rJ${1vs+`oHkH
zl@AKrTc}(dAp=y=>r>aCI@%kcH^WeFy?+^_I-)`vbzFCQm~VcWNYwY3A>8l9;HRmL
zoDmWLzN3035X&G4VZRrI7;ZvQn@R%xym&DvihsOOM#Qh*RWc{aljM_V(67&uCd7RJ
z!+n4ev*<_xm`jHIg<;gOZBYAX$Sgk@)f<1yyCXz=7&@b}rhd3ih>J0*xi@Bc|FZ|N
zeb8uZBMcqSQO^k|%^(Ei3VLs^c+lYg=&@O><((dpy!@ysS7cig6G2Tm&5GERWg%pw
z&cASqMlNVc8h;TO#2NAr*Ue0n=>I_p`9EOBnHX3!o(1~ZeNA9!B;d;h#3lrOC5xl-
zmLw_@p07k0?<Sppju>+2c}UvnQ-sk&hu9;*2$xV1bu%Q1v`#|rz7IFmBSr}g|3m`v
zUxSWB*o>erlg%QIZrw=K=lTC_`b3nGIhetA5LW=-iE|C0ik(kHp7i&pAU;Eb1JTI~
z_Cmurp-JpZj{gUWC8GX+q7|ZZ|DTXLp@T3xFF;ErqQNnbBKj3KXQH3~zm}SaFHF}&
zzy1?>Dl%Bmn))s6^FJ-qkf8mK23gvNY5)Jf9>k`Nh=1{a&#>RH;2BBog#1zMr!K#~
zsxw_IDVWe>G~7OAJk3&>*896T4!ryon%QQqu(bEs_VLWEl8jDy+5Mbw#sm8ACZ6kn
zUoji(<#KU2Qz!da+AwXYgLTi7yF)Wqne&@cUx%-|$o_QI!8uKAPwy~=TwwjrW$5;{
zEf;;Hg!SKA<kU5o_z#|8R~1qmVioT>+vz!@gD5+bPyaPPy+V@+BkACG|4yEU%s;@U
zLh{c@rXqs;Gm@#0{4<iNi2O5>X^8wYl4+3qizHJa`DY|k5&0KMrXlkGTO;{pLN}#o
zi%2RCGRko)Ov)b|b~}FO)AkspPRWUooChZ}f1RbT`6&hHlJ##aZXP!9EiuyLl^cI&
z^7hoNoRQj&|6XJ$+@5f-9!-xj`YD{DJwY}99@dc8`{c^xhj;=C=IFI1loT~&P%~>;
z#&tzx{FMFMv~&q@6WQ^wG5=3aUESh#4kP_a-VF<%X^uDzSpN)i|D`|nws5{r(SjzW
zw|PAZ=A&Ko%lIU#KWkDw){^ntOb|z|bg;Xk_wbL{dLGx%FyTUlOY8o7x!zHv*kSCM
ziG$eqF<IC4^{#x>&Ub;XTwfPA(_gNmCeTfA$f*_DEy~;v9p0J^J^Y%%&zoDSIim0;
z)2*=SX`v@Cdv{H0o#(>*#1kLOrtGg2y-2qXX;TFldK6TW_Ta08k({i40q5s!S9;|=
zB+|H^4L{9uKBwnOe;tZC6TL3+8~?BeNyXfh97PA2lRm>q7iD>mW)~JrWTw_Ru#^i{
zmPRG}e9K$jxG^w8TL1Ss@PJ&7uGs$m&h<+E2LHmLcZ*&zD?EFjT%9^5<}qycHm}|2
zT+X2}IZEcnz;mb4es@O?dgvF8M?|(?`BIcFzKS|C-XKffJu%42ZH1P<)yw2Y(T2pz
z#wE&i%huCTpukJrlfFsni0d<}P4rAx<gk4A)AuXFWwvnWLWPq}kJV7{mIhZ=ljCBE
zmd>Z=^?dV+Y*@Z-(y72+Uel?F`V3eUPsS5zBi1hskH+R#GL4AzSG0edU!GH0%2za$
z{ov%bhjea$l-;7!%~1e}jM25`BB{%LT5FkmPc|;EbJ;&OF~j8~I{a$-;VtNgzc!%h
zwDJY1k@I!X(B-d4aQxs?1^31<tNf)OJG~;mO?l|3?AkvT3&`3$0A_LNypXl7_F86}
zTW(7~y38{%6pL+h0lx8lGGqv{g@$2pa{h*9qgPEH>Edip9BaOBxqsqg!ePi{a2QbT
zCnq5>(Hak?ktGt3ow+~eC?!c&_Q<iH;(Afrn3{LuW5`1Kwfmkuw6%)e1DaWLoA19W
zNlQ|m6)?J7d+V2>Ro6T}{z|<x2+1Gv?tF^4KG6JFBbKXBq<oy-Vja0?qU}3zj?|Z?
z6**)4Kl^}{RvY8NB?H7J_bA6~>hoNw$J$Yz&H4RPb`aX^r*Uy-P;<+69;d}TH(6b;
zg<T%(017mLERV?k=Y$+37rtsd=FE1jPMy2pPCI*b29W429a0oi+FHr0=%iv(N8UGj
zLGyaAvKKm6eoD93Wlw-XWJLMAW?9m#`K?T(IohA7Iafb)n$`2ZYjD>2K6cgpKbJj~
z=k`Lj|FkyRr57qQu(-M99E$n@^K72Cde$^Xw57aE=IAVnZmfovE|JjAIJ;#pPEjfc
zsp&BYMNE&ctFrTS{paB&67kwB7vR>vKTUQ%4Y!_0NyVMXJ}pHJt6o#K=tK+(%GbzW
zKCh7^3fx)%oI!mzpt<E3%Z-hVU}(fOTJxj((%Q~<AD1fUNJ{^q2##d+X+#TRAO>#x
z`-(Nl^KF*AV76$^R`RS=xYTAO@A(emYW@%mE3VJn_$Xa^3D}IXeO^~lkND@|rFCiN
z_Ec8yolQqMjJ94*z0Ur?$yVgxEGnP6M$akdd{@@>(K7LtZ_`4+=0OCB64=u(otnN0
zkUXNU10Hy+%a>_g*s*h7=jHF)u9rD1rz3mQ2lq+J#vie{0Nn%mo0gDejzmc98T`B>
zZ7_|8G#{M6a|c+sk^4$neXgaY%;f&e{inRT8X|^g*}BXz(XkHFy4GoVot2Jqqd!iW
zWM`vlcXYlwlOxyn(E%l0z_mixL+5Q^lOTfFeU0mLuKhJ9aTYTo7WB+HGj*85*1O62
ztkJmJ>TZcd?G;>fRL6PY1#Qr%##dXJTmwg3$D|TQT*tYGcI3G<L-`xky;?2JPMK~1
z&nwe;lpdN_ex<H5Ipd^#<+leX9j2g~1TI#i<U|h`_`1(z5oG2G($qDmG)m<#y4KOa
zrJN%LFKbb?q3Jc-QyrCS(+v^o>SLEB;xiQ-w+kfF8|!wsF#)#V^!yFh&whn}NxzB&
zU-}yUA?GaRw0!*76D|;?p#$4MAK^}7wtkllR7JgWwUgeNIB1uR%t7_gnY>+SOE>$0
z*|L`3oyMgTM&u?$x-L2ozktm9uRk`w@zT#h>g5;&S@${piT*hIqZL{qLm)kVd;*#I
z-DJ_nP=k+@*T7X453vX)9h^yxFJk^)@Ip#%;^mmT=XdcBW5Dwvl;r;R+AW)|)%@42
z8#D*8F<W{v!Mw-)^HT7@>knSGc?q_39NTo@0h)ZLQoF^zc3=NzH=qQrPU(aKj~Y+M
zD_uX6K}_kn4(<9-Q?HY|n~0;40797+_!+8wzpV?m7MIzDJfNi)boB-$2EFnPPupqW
zD`O-lG+J(yaBwD>>pAoBf)~E*K0mhsg9`Z$1^d22q0+!pB0#37KM_2Mi@K*XE&olU
zlKf?fXl+l<T9{@vK)*kYXEn{DPJjrw@;1-#<*P`qw^gNA(s~~w){cg4!b?H#8zsG2
z=a;?cq`0%6G6g}QKxFons3(mB`WvmjyWAf6xu5F=MgLmow`<T{em8RY8r&dwuIFz^
zDs)us<1Ehs3U7S9AtC3}V5=VYMQ2cu4ey1T9AyhDw|>T5S~v5P976WV2+V8CR_b~A
zd06n+{=<3V9)nvSLZA8F__=7Ts{{LF9kXftxEpz8C=s7z%a*iD1u(CCI1hv6Wx(bB
zU;D$#nUE1V@3iXF;ZwkK*T>4lLnDd)O%Wc9%)w(A>D<@wFUs5;O8WQaAYttmItK5&
zk`B9ja=u?&1=uCKTaU!Ayy#?W`5$=VEoHrqXHTKCj}c#W-8_0*?&YOfhOnA!Pq{d+
zUsw2X<i>kT-3kByob3SuA#cIBlseY17#SmX`H|w?K-G;K62!j#)UVIKd|oGs-Q=jX
zIlbO;eew9xYjmj}k+oG<?MeD1_06_+V#Q3DHmQ3OS(w4&3ijxJ&$*j35UQ#}mp92W
zG}mwRy?C2RRz1$>=MwBhcaSj=D&>?>p6H`!eeOc%ki&m0y?3Ikq5SZ2T}~Ei<%KSt
z&!I-i%<q`aAuCU?oP5f@dF4&^<cqSbE=L|$vfFj%_>+4~`wmtK^`4hBFZ*@6yWrj!
zKyCqU6S)CCVB}3RAiJ`<PD>T8J9EidnjZ%`@KsK3JYlXf$}Od8o&U9=sP8Ggl5Th}
zz~i9LoHAyzd)Mrah8NPR<@=HVEuL#~{pXBV1j}q%2sYETKl--O;o_jyVdg=%OPx;E
ze`JBfp58eC{sY=H*W>sRb$I)MeAcH<NUwEJxqi}_((%CaOHuY}O`P&YhMz{PjRd#H
zujou)Zhqcs?C?{#b?{GPIY?89Qs<6>JC+|UP6!~q!p&NOsy#|o;(7N{K;PcCEn9{*
z*O^xJ=7wGcA8)uVjd$RxGt65QD<ea<0fPK<4PKm#_$&=}XtX#Ds0rLr%gR?U6Wige
z4NwU}DIV^spX=Y7dmoa!z^14CQ9mPXQM`<gWpbzk_aF9vkn;RAibnG7*8lY%2nm>j
z<i<YEu$nQbmBLn)BLmZ8<E~JZ?WRE<+l;{Doa@%=Sf`eYe3K5H-Py2$ZhHjfr2tOu
zM!j>zcJFWNUdu0LA{RV}&*F-(6Ui@e^Ofop_2YofP0=epb7EabNU!OW#lX63uIpM3
zJ&ikY!TIg8!Q7I`Od`2rt1w(`E}c_Q6qVY%5OLHt70DO%JvC6%CDTx3XC@3z$c>ac
z<L2eOPEG>sGrysl^j@~}Ox^0HqDs{~Yx-S$y~A^`G)G?jn0KK3q1$aaX*Oi!X7O_Q
zGO00%G36?fJYNO~Exr5tTt8fOUgx?@N*vVgwaYUC(|(>gnfZ3-;DH_>$P}{Dm$2yt
z<pO3q`$Nqjo?Vw8n;G0KP9GN?)2x284{oZF+ZQTW{-AMwn5PTCbY$g2t)RTY4Z7j_
zz_jhGfV)p>NxN_>;t3xNZ@T(pi{0oNCtyg)HO0Da$2QcAh<&hjtpK~-DCJ+WYy%Uj
zUTp^6t~sE4y)HB-t<G_Iyn{9Uwu1r{8pWG~;qFVNWRqsLLq>Um6=RO}Yk#nQ0K8`f
z2;7wK#gfMBI`VoqTRZ`Iyf<TSg6PN4+}ye@kB-vob0#r~P$$lFk@IpCt(sp|BY{3o
zw}?023<j>djlXH$tCb73@t-3N%)6w2fx2XK-i)UklX+Onz8aN%S(59Zq&ZLB>cfv!
zJ2dW>U43G^M1FksxA-*z+tK?rz_vx32Ikk^RSLJeE*wX=JzEP#GfSTzp|(}|eQmf3
z@}i;KXBV5$k1n51odgW)hnzd}A>@6~pwf?29cvf6iQXObvWKbT!G>8=DSyAEQz*-A
zCd2wbmLp=#r+Zzxlr82D@)iNr+XQ?b>)DXr;?(vI_(|i|p4P~1FJ;_ceuzxe>G|^O
zQy$%YKjf6(WYv^HBQs=^ocKpIKr&xk`hl8pPgZg~_~WL$ZO}V;JVvVZp6d!a6av|H
zmu~r$9n|VNv9Dv^V78O{G=3=o;GP<YGnpw`uv}d)*g*t5)_BEH>BZ((noO*Xt9jv#
z{M?}<i9wM=R!{C-1-3&q+}t+SZ)KI!KVcoSvFg;&>z{=W(Fp-fVdPzrxT8A9y6}u{
zNcUM?zGen8POhv{$aP*}?j2@qeW;r+!x+TI_RJBFZQkhzzO78@lLJF}9&zp)yE!5{
zB5!}$IY#8Yix|lMe;V~Bjp5L*y!))Y`j@_LeuYp<vaHsYEiWk2e_0<=zuk2KFfNk2
z-1_nyKT!T$Ydk6A-!Qy0)lJdeufuW=aJ4^;^&WbU5@6)2Zl9(_Nq<=c6Vg>7+-mt|
zYZ+gVSy=scIWK4j?w`lH1c1W2J()l*wrec4)Q%n2>o_o|rWZfFgU+WYsx&6$V+B=A
zMAY;`9X2ck&$m`KwhFu|`MNwsX5BD{0~Fs;zPKM|gFyQ;mFG>yLlwl{yKsUu@~2g3
z<2NxGa#*}Jk2%i`@SFvvL1Sk>92`!zII}lvTbBC>KPZ~W4XUBQjk;c)d}A+Dn)#CN
zYrk6FumD{R^J6EtV+gj~2fB9Zftd$+L5cn&#z|)o$}93mUaF~3Ij{`<4{KT<2dP9j
zE8l9APLFWbLnl4Ixf_GGQNeaD-cRoO`@3xkYI+BmkqU>>i?K4mk6NK0Swe&FHM!dc
z<dv8Bny(a?b=}&x)qPA55acTv1g4;HW$tg9;J}fMCi6ZZbIMYQk}8Frvw=PPmp=c{
znh9y{hBPfvn#?x827)5Sf+~h8h2EpqOrv#f4^7%+-9EYWBBvVQZS1dra)a%)Qe<L8
zs`^iC0B+5N$~yaWb*b|3`O3Q;c`CqA<h|%3kmFpOC+cNK&SePq)yjan0MlT1=@^kp
z7fu+>Ub=ivty=1nvkurCdr_2HUT1es+i=yA4#5bz#7&W;nTL6-pcrZ#Y>46RwGsd^
zr}iiyT^<*pC%*TXQ{x7E_?$n4r7LZ0=x{9E>_^TUx7-n?^e-plP2UKt2O1k0QMCxZ
z<#si1YnFSh7ch11i`|Kiz8`Pf0t1owaVn;fky+&L#({G6)a^TB;oToNBM<tz!WrIv
z(XxXDQ5grVR|7_<3+!8*O1>n5G*3+mw0=}#b(ek@g}V}s(8WYK>m_GEI3Xu(z3#Na
zJi2xK(LrD=vO?bzQulv5|2+oe5hVXW4BbY?-aRyw`KoTWrT8g2fm+vRL?bfu#!p++
zP+&ZIFp`ngo^NRew26!u9YB|DXgVkRfZNO92MX6&pH)f5(4TuxmzqRpN|dNvb}k0>
z7y15`o`6)HpfCAA4nr<_5h(lD;~{Y!w63nI%1wDWt@ZXGb_xL}3-|e)V;cBz?DGnc
z50KpD^r{tKgtN~Nb>V1Q+8k9=`g}`Q6e@cAy%DV=kwayU0-%H-=c&=_ljQ&o-9s%U
z{YOKqzNmu{x-M@5g=e_T=ejQf)mzQh!V~qUo(O$<Ktp6ySWB{hor~x)GFQLouL7-k
z;)f=H73f@LLRy@_+f^Py_-lhkmfnlZkn7QfrPsy2BQg3Te76wF)2&H@6JgvSve`{g
zgCKjorSlNV9LF5*^XIKCO+u8wLlT&W3cly1FJTrp17aGMhu&>Db~b03KZsyRa*p-)
zJ!&BSRG6a>YcFZyE2(N+q4Ee-2IxU+y<35TC>sy^L2GuIkTzHYx!d&s<t}EV@yV6+
z8}}6H{1|kk+5@$axwMo*Uk0u<1t%aC{?>!&h~mf55xJH$ah3MuR5uL6DKA}f2?t@y
zO;y{^VX0(K<mfQ^Sd5Aw>tXbKoBemc0w&9=8&=B9a$XGeO4qu4fTNAfLkAUqVm<1u
z6Z8nYU4g2)z7lYmujjfeIAW-K<R}D`u8l>3VYfCgk5xVrhGEiU+_K;RFKITy?Hy(6
zTykg3lS2RuoWCZ2g%)@m-Bh3|_yEe>A>BKErdlcd9MjkYNQk#v|I~yqi)$(0Yt#&$
zUz1XUO0V*Hn-TA+#gccX3QsBk(S~Zcz69_}zBn;t&AZ*oOAVT~_|>fIM>aqiKIa&I
zbmcqSL>GjiC<8Zv=(AOhKp(x<EgC*LWKeWei5VdmIO;}bLgRuDAAS)rCjVjWDBCi4
z%A`h00y;BXVDY+Ar{Ah9blgQ?CHR$_1?t<?v(<XP^=H<s(`7e7GF)*BIIK~pn@NUO
z)~#tGOaMCJ+IL$ZLhkPyxP)_T_ksSyvM{g|YjzcZ5=3hasHz-4ziAqO(Umwhl>}ml
z0IN&pD((X$$kuOtLtx0KW(5jdcd*SL7aTfp56H-KqnmeB3&c74RtT~jIV4svEFxn~
z&x5+sU?oU?WL^4~J@KGqI0URSVzYacMe%^!jXb$5cSlYDB&&LGXIqN2gyb}PVukjk
zf9WwOcMz&z)on53ggg6un2_3p60^_aqv{qV0}59FtRAb&`bu=Hr`;DXeiYcnh$tq?
zvG#5r>DTf=iAkMXTQ`(FRKC@(3uPGy$~jIi20|_bcfyjzVqv9sQ>Mo(P)-gEgXAXb
z+MQ{u;PgW^D}V2K{R`pGuGuhwKsJ7?E9=yb5vd5;4+f!Yh9dyeYxMxsK=*R=DV|+w
z+M$_UFD||W<3Bz5rcO4_O)e_5e*0<odYQ4BhIL6Mi69=+Hyc?<2E!v<%;L4TPF$7W
zT~NU_ZFb+~!qrwCrmhz`ECke2>(lLE9rPvBik<+-kKjgV%7qv~gGU+sN%vZtD!(wT
z0)4_+vR%A2-(-PI!%YU@@{IMg@}O1w8c;nre-_TaHn?}1x;+&EG1B?_!bu;ZZbN2&
zMEbcdJr(kC5$MVt7!<H4_*9TUUb-wu9+{uJ<gceIcHf;U6no$zd2*;a8su0thbz8s
zYSjV(g0+54t8%a{SLw3hFTad70)mcCwymKrvz6Rd(`9!stW7V#Wq>psKAsztx~^^)
z34BN4w{H=M`{D*%uyB*N6IWZqZ*Ux!*_P?Qa9%ytiOIIA4_JD=enko=-Me}g&>-(p
zRkG^dS}g(R9#rx%>BVhL?ow?{cswHWRsKx0stie;DiZfxFlX8pj)pSspl*dnczwOv
zZbj;q{@xBC&}wj-{D^|BpOu?-O>l%cpikepxd4fBRV4)_OU1@LZz?~_p;47`qUyGP
ziq`88P;oV%UEVKUR^(j^<Kr-hkL0AzvWm_xR#T&k;avca>&1e*E$4p>XF*#hOT+;S
z7`o7W4=9}4+{EF2{Y+nhy51&`HOH^Z%E&mB$lRu92q;txu%sdc!y_`1-OX-_7A?q#
znDW9`0<C#MfYKRQU*&vpfLVvGJp=)sJ5RSyAl*mD`7YESb)&`WlB%Wc$}sJ@$88ZC
z8(R(L<A;?(qcTW68q-n)h|T-I3OiANAs|$~_b?Wipk)pC=u&l?D<;n*bei9hJwO0~
z?U$B_Q{YF>>q(eTQHEm$lZ+b<&{h1P8#xLf1^f5zN&jLRulZ&-#)qqqZr|qWt*vM&
z0Du48#(nV-6x0FdLq^SKuqf7>mpvoT^3B0%a=2clozTH6rC(H!@l58!1h<9-4}JSp
zb_*-7qXi9$oWnSA1}|pkv|6f#Pjv-~Hjg)YzF{t$5L8R}W2Qyj_x?6lO5=2it!=@C
z6Ew0dD6viQROSt!r#pJ+_N`qHUI{_psM~1dk6OI$*XazPiTe=buBt{E1Ca9Q8@UI4
zr~rrnyDeVF>11MNMcqOK4>U5^R;w!IUrE2Z#TQFZ<@cxE^-XS5!<G<iDA}IZv?XM4
zNwWZFG{d6fh2ldyA>86M7sxnKv@>u}C-v@C!!3a)0H_|!W@$L0X{bSP7RKeIGjhqR
zvFRw!4KP2BfB6Vwn9QZ7r2pL6pTQ72Z|p(O7k7njqYR4`&?xge<_$1Vl>b>=QAWUb
zi<}SA6tx3Cn8Zr0uL;HqtGbBO@>6%v$saK4XVaNTR@x_kp2;0b&owBm*G(6)t0Dz6
zMvsSJ8k?>N=j5Q(UI5looepvZeXAA3waI)KXw#lc60caqlrPXtX5d*#_!N{>{{D7U
ziWW_shFsH`?hVA1GoT|fDp0+)6%Q9(|INVMeG(V?b-4Tdi1Ew4F(``LwBf$#WRp2w
zVpz2MgGq4pT67WtNS)g=o!c=xTpPclf!q8H#Hl6kYB--Zor$5(I-ouPZA@E9!5dh$
zKW5cA8qhYTB_d>~Wk22@ERJ~%D$tmI3A_gPAe0>T$1n^xq+~v5NcL~iK~x8=R%*He
z2QFjbhb#}4u}m6@f)Ah$OFpJPEtHVLc&?&!sP^w~Yp1v=(=2XQ`WL78>B?^R#;q<F
zIKYv3Wwe?A1RU9pU1*dxn;zMIe8#2B(Vi?N)mLa*+zC&jiMS1lsQKnPCZeNA!_NT*
zaVp#sw~(&=B2J+nS-kKJOHDsJ%en50+tjd34&Ay44g8dnI6<-7EMDk`S|4S*?Nb9X
z$!8@NVW}-ux1(at2al*>)N(U`6J$M{T2P0#;jHA|gjRLz4LY3%uvo$rb4n3~c+#H=
z2izka^Sg~c8{EOIX(-$;_X>j=jP)t*k#0w!uP;8c9%FduzMq`W;Peumm1Y2ZRq_X1
zxz23(-5peJ8>f~;h{qRPM@>n7xz`3y;TeY#3S>{|HeQQG&`InY?#DIN`z@R0YK;V3
zNCM5U92EExllq~D;+qd(=_da$P?Ow#R`@N6qw01|is-ai9%aEw+#Wk&>03t&u=1VV
z@zZO6iYiS_VefCtq$FbGDEaTfVoCMwsf-xD!j&|B9olYA04$6^tIdRopONu;bm72E
zB>1^5>^zSHLvlY&)7Ydj*vYup6~Jhbr^G9OT1ogii`ShxlG9AUW)6;F1zZ)iG#16G
z7Loy|b5g9PO>-#sWpU$u$#SJFB|{MpSMu)~43eh9xC%Z|3AAhaB5;M&8J~AmaG_a<
zR`N{Zo(Fq$6L<;{j03;!$dNETO`JA1GoI8BJ)~CP6$1A|m^ghn4Dbk(A0sGsXWQwi
z{n@Lq_)JcT0RhSK&P%Xr3|jmBZr-u$(-MlT24*ni!(a*%kwLPC>pY-=iHF>E`*qXI
zmmOcUHrx!VO`VCW_waHn^yBkj%*WBwu|MQp=Y-K(h*|+tP&LhV!;_%B`A;(%Y6ZRk
z#;&U!o_QT#iXrENX`@NPblkb|a4M_OaIw&brlg;lSMOaxMV`!w1el4y&peMn&0L-I
z`eGsa>j3cam8aHD6Y~YWSZ!mI{nDceEAq(spiX$64d10l-%RXqDOI5lOVcXE@Sf26
zQ&X!qN;JL#%f55CqF0)h5oa4OKC@wJphI4?VlF`e@U^Az()?id13%X#oob8dxd8Tu
zK2i&Wh6>c31Fm8&$Ne94x#^S5Yj~w?m<&~EO{4B%dZ*rUD%;}5cqaFV_RGC$FM<K)
z@rZyCnvtl&1sDf(wg;Fs+@HOzd%6j7=iqhTuEQ{w)3PFWr1G2Hs9#K$^I8KIoyn`v
zt485%wnpgBv!fWZa`PST4M2HfxAD+FI~LYj(-oP9M~Q(W+Tp`^q-U*NYla1v$!wg!
z4b?erG90lma81`sZxk-zd0K?M9|yzGw77$WZCi?3ZpFHWi_hw4F_Zg=>6;j^UQFMp
zXYjQ4V<#S-JRg7zWlu{vzryldUMp`rRfFW3W^u>|Mi!*aloXc~GBY$=P&Vh;vK`-j
z!lRe<mXnu1wY}87t@OROxlOgGwf|!Op4P`=<*U#CKo;+DGckF*IN{IEEV4U(Ik0M{
zeL$}=K8GNm)A6Eb4txs5uf)k_#geS=M6JW(N+5W<QVAoBHe-b?MNyMw?t}r2@Y4Mf
z1O2+wCRs=*T;Bvu_FgQhhXafE6$0LJ^3yURr5{g3>uwqAaN-r$iCdh7vPojo0ub3h
z1S>^kGdK%3B;gONuGpl6RsWM@q;!_;MnCe<{N|$&fn?cdu(My@G;VK87v<r{f_;fb
z4TWnu2bp*>;W=vW*t@oTKUNB*RmhcJo^Aq`G$v@4{ZY6`T(}#r0Vc6amceIgJO{mu
zf@|z)_zvlQ`3e^4r?kfIqiB$$tkRg}9Q5qzQ}p*V@ZRRzHPfHqN<EKr(G`UI*H+_I
zXxN`j))Bw#P0`0|@9_C*td+Ubs}iIK*KKVOXJNc5Rz;I!gt4jJWRiSmMA2ak`C@0}
zZO6QcRHs?<Tx_~$@ts+VWujD0Y`$NyWW9%*z7l3Slc-W&;;yYgo20CiEU#QVH6S9c
z!B_=CEu;|?1O#oh@r&@2D7yZK_uNJ6xx@5=zRI-F*1H8y#STgm!t?Q&#@YQ|_YLZO
zF`g$8MZ(Tv!c*ndSmSaNap_+Q_YFLs+zmYrbHIg9pmDGVyaZL>U^+}=_}YTwV%qq%
zJE!Hl<n1`4+B8+hf!7B<ld_vSaP3Cisl93A+RmTuNp3jcp%M55UlhDic7Dz4sb*=|
za~Fd_g|<plgqi8&VUyi)-rNu4mQxeK{llr0fvC8dja<g9cBD>DWx7`W5X2`@<bovs
zVecGFr;~@K!gYT5g*$EPHz72Cz}a|mA9zeI#A^{6L4(riw(a>43vgQx;lW*Qzr>rq
zj_FV8Wrq*q1nsPjm(dX##V`>pIKdxi%`*b0xB<o~?=|T6)I;{)#&=GuBy4mr6vHpZ
z?jldz#4KRk7_%Z8LHNI{9H!w4iFw$(gW9CVdWVr$d*X0!-Axnd6a#YXIJt#1awnmo
zYEKW7%{YcD!|`P-{mooc4F=(Xmpec^kp;tj1THe*@Mo?W1Cn^;713JKZrL~R2qUKw
zxHR$MRPU!8#%z}CM>9q1#|x$p?~f0^3U{X7Y|g?pN%N=299tSWMVRiE(1e$gobD~(
z@vci_<_$<Y?R^L3L&$BKHC0K|ZTuw;x-P9m$Ss-fGB(R`Wy@F7T){C8Yy_RssGBkK
zCe44ut>ttK&&m4!;9ZjTtFU@-(iyUBxF&5hFErvggIa1PFsTcANUp?DXY>1$o~flE
zp5(gS!R&6*DZw{zM8SI`g_Dvn9g-dHO|L!<;kyAgt7?W1d*YgJXk{=yo*3Eg7<0F!
z-^GT^Re`DQGIrXe@u_Jz1{Yysl#@S+{zl0u-94!jb{K_2zg(cGLW~m&3=~g|8gOA}
zYF~0CUR1Hsj9DQ;xZ+F*yktq&Ea2mrLEBsi3Ii;E^cqdK5t2MM#~=qPNyN{i*`5*f
zr0H`mvNP^UQa}N%_V_dSNA7~>>rQFm3b^pf5!_}@=kfB{_2YDlQiYd~K@0bQDgGB8
zKU@#N(qlTPzv-50c#h(U3~`ZIJk6h~@NFm2pn4NeQVtEp<~N37k<-=cjGL9zEwt#O
zDM0@b_Y0?E;APcQS_i&XTD9*;xXdEV-MdN|NQS4r@Yyiy(ux-ssU_2y#bb|b3TL4l
zt&*htdc<8kBQJECVTHS4*iz;~Y=4Sk{#2X8KntOG&#O=r5qwt6g6HkYVp-t3I)X`F
z_rq$|s;FS4WU|3}55-T*;U!?YR^^BJmh2|nVr*>Gr-dKVc|80y>$NV!3rF_7`0kNO
z<f;O2Vh=bA1%69!M1(%>tUQWdMt(KgSbU`HVBl4Q_@v?nf020Esr494vQHSm)QH1$
z0jB>y;oK9rIiq+LErZ1?8xk$}Ml-OgAGo7>roWNIt%L_({+lE`ast7L@vrxAqGc~~
zp%Mu0*?5GR)V(SU$BGQILldsieUj5{YI9*0>Xn8CYOKw<_@W#6Vc-=6v1pSnAAI;y
zT1BoWGSGjV`?N#N%U?5L81-No7y04zg5`%)OaI<{R(eB?UX5{@yl=fnACj#}^C>En
zo_ujkU+!*$rJM73Slz{MR+W(|vhE5pMV+(U!_pPrw}H@~+xzKpbkfB0=5pT=w*I3d
zQy%h26~VROme6<YIVSVVJH|pvN1bmYWR<MaGa+p+A2wtg%kk#+ndkU#A2#>;(b!j;
ztXfQe9j-zbiztRFYOLPBGXqb9#!RGl?eHEanfIrQS$x0P?k{&epEq_&w5X!|)Oh7C
zpB|35tf&+8*KfmL;7suXXDoCoz%$t)xa2e5kuMCM#9b_3+wFG6BQiGMO~!{;zhJN?
zihJ$$hLuY>F1z@YjEF{HlUbS)Z5%P~sCU#@TXtCB(?-ho2=3x{cffnV+LL>Vb{%Pq
zRP|#~DQ@Bl;>fKLo>19ekUds!8R0^sg8k12Hw=NMaDQungD-8`EPEB0c>B$|2OEkv
za<)Ew+R~HM8P;v3@8afVq}CujvHkUvZ29=eM>goWzbS^}n<N#?@0qW`mX~DjU7drR
zNU<*3Wz=Yv+|Y1kX2(W%A1k-)9Jg*KkRraT#%ue18=P-S&ll+>o>MpuNWAH%z4|Y>
zYWGYeZU2$L%=Nqn`rWR~{1~<2d2UR%Rj5m&im8j~>&B6{V@-W-DuKUQf(ImZJc@Aa
zmpIt><JcnfSDUSxF|R;+IFVc@*ZKMW=AON4D0%x#T{^iM7yF+vNE<%$sWF0+&VI?+
zc=qnOYb?aELJ#Z|gYA&jh8f86c0Jo+>$1+L=Nv@XsgjL4X)-ZZ3XKPb&@Qw;<U4qx
z=*fIdo8<-91F1GYclXY*i&NHgoMp3l)ZSdZp<ZtA`#wRJpK{F>K9A_llgA5lVMkBS
z!pAlwY@%LO1jtm?p0{muPHy<QfJIeX%(p9o+r!ECj6u9ZftVmY4Ojfqy5mDw+u&;x
z<Vq!pyDcl_6%kcQuYR)D>m*YdC*M@3&+?<^V;Ykkg+6W^-fu?}2K}FM3ODZ+8Z6&w
z87f@@?4FhSE>a%LQ{+VQ*GO^-ic;`1=3ZK`w6mdS{*<{Eevz@)i*r}OlWo1p_}WeM
zbznNO_v=32m+jHzK?;hKuA|J1r*Q5X)pyew*G-hUjU^cxM`!Vr?bz_xMipB|swxGr
z1XB!(j@dRI;6(WD80?Z!kq<R~B38A6tC(&>B@#Y}%L3L4QfZT1WbiP!KVl6N<yL*`
zk+vi389AqH5uUw+%UzD;wJNwxY!|*ue_IkM4!2!%4Hg?(#!Qz4i0tc?FOPk)v3zV5
zJGs*F{?Vjym#4{reHo7}X#$}CpICrJ$=*vSAgphn>Z0GPZeP3*u_2i{H5w;3B<yBV
zH5j#b?jHdeUmz*z9lfQ}QiqCO3oUV4oCG_h*{Ml#B~Q;~E(N<wCpU@_?j!ruSo?oR
zyed$b2574+Lb?tg3C#pie#PO*CxK%g?9CU*2*{<uHTcv{RSz(lybiy({O62A_~u&;
zI3?0@a(;*YME(de3R&fce!XuSkm^r&cto2mP@it1)u5`Uz;(*r9hpU7*RUEVeRm`Z
zpLRZmR*gqS(s`JauLBjbj9Z7c80L(v0(W^#ZnTn^)D|(R%1M_2%cDI5+Myo|b8;3=
z0gQAW*YX3M7TTJYg*8C9vE3zf)G$ZSdrH+8?uM;fk^CdL{UA3e1J}iYU0C;q$(hV@
zp3D(A9<;}nT(ZFox|BA94wrZ#fKX>O^}m^2*RXf0^n>THNp7|f%t&}~eZm9Qub>EY
zeBs`AZOPQN9a@%ekGB65ehlT|#BJbtj?aeWB;f`|x>jn3kFd5#yqvbMS|J2A@+z#Q
zoMoC6rTD5@_L?G9-sG_ytQHNo1)gTpBVF!_S~A@bNCo~jllE(zyS68#<7eCw-Gh*Z
zM9NPmHyoRWZ5EELr*PlVD;TnYf<@wfGmsBqPHXWR>(3~GJy@-Mc88ZyU=0^m0g_e&
z7ofTWT-By7mVLvrB)J;aRJ!=8$nsM{GstDxrIITd_(j@FY)acswhs-(0(5xFS^=c}
zQBO-bG7Y6~I7)Cq^$)Bk0IX-rGCwDhdOU^xaE~5+Y&$p;9;9h{-Ir5!z^B9~5^-H`
zZ7HD5u796M*4l<GT8Lz9;E4qr??F?R;bbC3jc=*#o^~nlL?$-ZtJu5VV~_r79HeID
z-AKi<X^3vcuV5v>dF`MkmSQXBK>?<1>L9aYNstux2>2!KN?U>i;G`2@;`_}r($0+q
z!?aQX+LCm*)LsGP#PrP(E7A9*AmnN^%?n`F`U%gDkK2)N_+sB5y5SG8SYI&@F3i#*
zMI7rMq(XPPbO*6Hhh@sEGpn$|=7jJ4IfyRpD&TLrBz!$L{5xEj%EzaEy5<5i$kn5M
z=Au(Bx{<B05}))ChNuKQC?sqKP{iGx<$UMqx#3+?oxA~?l#nC!TCx^kbH}vX?###u
zpE^0oX_f`|4vuekaj>b|dwZ5)fX<tc+`+@ST+7X78_(97Z8p1lx1rT+*89E}e3^Wi
zF7IuMFbVOvW|%ogT_=J1wyb-(vHZ|5)8*T&E59_&t`gB01_ScP*GC3DJ`Y}r1)Hdf
zRpriEWN*95fx<&m#6xbdqPH0EKdO&B@?onWdIHtBR1kT>T_E!_*>_5`Cv$nA;c3D9
z$oLq{32joAE<%o88jIwU-h`h1=TC1Sc0c2#J9TNobzC_02g@F?ENC)0vXQ<F2OBm@
zuv=SqzP1eXO~7AwDcX2&2Dw*Dd3%@XAHo=$BD)6Q!4<P()xJ0{-xCFqIp2mO`OZz_
zMH1(HuT|ya(+0jM337>F-DY(r{xpW%o8#DAsw}bFhB0r*35305FLX+9>Jng&1X`z)
zg{n=Dy+(;655@g~Dl{uOT&79tg8`!<mU;4UM$!SaKjp+5!2H+zubw^Am=EJduOpCV
zhM+M85#KO>F7j;4-Spd26;$vH12NXGE={y<9nQ9f8DKlr>W7ioRKDGdtQR2%LyMhn
zULXPRMg)0F`re6h_sAnVzDSpr3@Kw?${lifCUReH^Uvg4OyqfIO)Y^o$lhm#POXCk
zeShT4)aY>J?N4Pz?$;~luD-g}QjmIZ>%>HKmE{rjWymu}g=5;J>*Kr#xBRXF^4n8C
z?w_gLxh6|_LY0Z?|3svQNpBev+vbMNqh7pbzJ#RIA3#WKfo_h0j*cKci@r}h+Ajue
zAbf92sC~i=sbXLy-#7%3olbU^Oug2_dLi>P9Fy#Mbbcw%C975^ZbZWM-S0qX$;(@$
z6N=BlcVdEeP06ZKZ5COzJJ78b*A)2H{^SoMgAAbNoktWA<b94W!hiQ76L^b_3}$7~
zhpZ~&Ps6umqAm7ZfaAyt`~zZ9tq9&}scBVtU^Wt6`E{j}%mL)mJ3z-?60?fs_NK~^
zcfiYG-2=#i7m;5*^L{5W)u>3m3{w}a8T@yBXCkTz&4_%@E9NVv;LW{NrMNn8Ll-jt
zGrVhxAIlt?@<Hh`iafUqsoU(&gv6%#0p2|$`9hB)<ZR$<U{sQnU67e+=UtoyJ;1`V
zY&sV54$UCjSP6nNzDSFdoQs%A5(2iSx*eDP_4nS;LfUZlE>=J8-=Td%I%)<A^G`bf
zkssd%+nZfyQzz_tS$UA>hS=S=ny)Ma{l5h*LI)Rj29_I}>4$!Re|CbmPA(|koOu$s
zRMq|QqoKavycZ$&&n`kpteDHHdLP0fS$Mz!L^ZuFl5gv8hvL5heBIPV1A~s*wh5U?
zy*?9Ja1nE`;A2*mv8QWr2Yb>YU8;#hH|qYb{N}v&E@U#!I`@JXiM8FxL=qZS-Yy4>
zLIU$Q$`NqJT6SH`X|@CZjQ)5({*QZ-_P<Qs&aw>Hj1q#h`9c->;=J=<yxUlHK90oQ
zxd=qESW94aCBKFL9$fazRU0rLRKK>Zi;0@61^l$He&Ax$1tt<dPC`0M+57Q%O^j*T
zBl`gcI3R$|9Lv>!?aIeiK-v8$&@}Xf@zW3CF#|zX)l2>CMemM48F>DFpfK^Y573((
zc<o_u=>cE?TjwJDOEI0xde=ubf67$>;H|b3>im?(&XnKeDbx93`zmlcpW!MdQab34
zH>$wtHOQP6b*nq6Lx>G8*mbZo%lgMB#o5S}78$hH$cZfF)W-=R^8UAt{aIazf<pIL
z<;yy4gVa+$j3(}M-fylss{LzN&%fvVSeaBq-}|VSo}y+^J_f&B^{ag+)`Ee?{Xrbl
z_&S=`#PwT+wwr%ev`DXH`KtULnbUmE_zDMjP>)^HS;_C+oa7VIz>MT@AlTW}nUQpt
zWj8a!#!sm>4y8?;6>qG~but<n%1b&gWz%C?+c^H-P6y<3at(<6(RVyqXhu$beAe{5
zFBAW@p!&#rZS_plT?tU!(NdQbgv^g63hJ(q+0m}xrO45g<}WXA=6?Iy-<)s#!)RS;
z(qM<-+aZ<2g>85Em<RPex<n3zxvPP-8N;*n^Ji4S7q;U~wAjq}3NL95Q0UsSvok23
zvU&4cQh`kYbjbm~)+6AF)AiDUB8J>jQZ8Q;lQ~_k@4UD2Li-%yef+Zj9o{E?cBX$B
zQcNl%7n3${g2#?+TYu4|;=likt1FM^DtrIuLzrS{vsAW`lB^$1QHZ8dgcdCr+b6<Q
zBxIM*r|Da=6k5<IT9lM5DcRl0Rwyk*Ws6V<*|YwhbMO6V=6C<-WtyCO&a=Fq_wzjG
zoa>g?IQ>e*=o@c*Qddp+JJW(j(=!WCI8dZ1FAH#?KBF==ZvWfM27Unw(|&<d)tzpI
zmg%GIJ)QdN@!aY|s{P(HfosrD+pFffx=RM^nf8pO=$VC6G@PVM-LnwMmv^o}h8HPL
z*kfWYwzosD1`#9H<wKR<jywo<bkQvKShsNGCSSm}%=Y~wb-xw7J34N;2w2PhZ<cPU
zJcR9CF3JH|-d!`=&Pe=pM=8vp>EU5T#Ohu>7oGQzPPo(y2LG!iiEhMpA>-})z)qJP
zP0&@Yv~m`ytW6!bU2xv<kJD<(_cPh5b#abtl{zb-&J*@9e<Q7nh}GB7X&Ug$Y&Z<x
z(e%*ETx`lyw&A2e<hj)o9n*&pE3?(pj9s8>#v`lvXby^0H6|HH{Uyhaus4Vpw02^v
zJnt6oXf%8hAv6;-G&mzNl0{uN691fTBg6Y79tVXqu^o|N*+FwLXAq+i16l1hLXj6g
zjD<gpW}w%OlqRe+l~uk+EJVa|YiG7ytj~(MYQq;w{lj|FO8wm~g30@O0eX&{qoj*9
zp?<{6DMVWT(A}Q>b62DE{l$ZZ=Pn_`(CV!yQj4DLDZslH0oBa?`)%1BrU43b^VF5!
zPJF0Nwy{)x5Pa(AsiDeYVLUowJ?S01{fH_!;?cLH6xF3Fg;jqWxC%<vs#Fd^99LUs
zhGF^f4!<N6sYAcvZmRP3RxRM05`mU~*Qr%mRsOSa$@Eog_Hd?4k)hkSS_|@kDRD97
zhiZ-PtbyM)^QgI0`ebSxrHex7Gs-zry~RfZ>AzPdX({Ui;31J{`S;cbt<CT5X{8oU
znoK-5)76{<vvq0ujfYd<@e9{QQMes^A=AdPp{#QGT6BJwqsZttUbJjsLfCkB_lbqb
z=v)47B*CDk{CBEy^kp?8UZMs>t@3=3<G7_=+jv;)UGZPR7h*N%;ZfB!g375Z4F2QI
zuJTE9e$Ig_Bh@2t_1u<us6G}DGtpY4`hPrVp);+)SC>lnOFC~u#OFq55#zz}V8yiK
z&*BwB*v)lte_-Xu&Sry=^qpyXD&+A<S;wiL{|5`EAL2mGWzcPMvVF7$TqWS;$P8<<
zn9E5_0q1v5r>KPMmzitFWO-5eYp-?6FP250`RCKmB8!V8ZqIo1=mc2YHZRTJ1zmxb
zT^&#rItx}yKk8Coc*h*St+y@Q%`3ZPFPIH-2|c`8|Bv3xkCr=-{x~i3w$rD6NrDC3
z8PeQ%KQp-0Pt${_E@dm2yANfCCPav|=`3-IvV?m?Q2+9cYK$Hc&H31N@IwrxXmFKk
z)by}$bS_fsul3x747biGKh$1=Sd#QhmVsjR2YNGugXPoK*omDGUot(B9Q>t7XTtHi
zt)AHLc(in%f!j9s@K5CP<~7?5aNvWlUn0N0#@(KeIq<?kzi9z|f1Sa_XiEuIb6t1H
z;wO)kIY|CXWov%W!FaWb;%K3n<2FKidexc1al6M8ZZ=wgfK2uUZrrek!E&>v*a3dW
zg<3t%B<ZMmsme|uFGB{Z_Fl=*H&bm}^AeH_xWb6cf6@;^fRj}e>-<M)X<>LR`|?QD
zZ?Lt1)%yR1Zb`dm>@6YGf2=rjW78@|<VA2ui5RvKekF1HnByz8ne-lBG-6kz)u+>O
zyy;;u^Aewb|M>VRf2K1tb1b2#JTNq8FV5XKQhC6!=;yYg+xxtpkJ5Y4Yxk85lzooJ
zqy&EZ5zJGSp63D^OUbf~Jv?aSeP>mxj^Ptc!Qm!n5lyKkB@BIp@V`Cs9w2wcCUY@Z
zX#cOpnS<LeBExMe3>02nMEWgjb2L)`46`YxO1f~!JxcTIRmsTs{U6&CjMajdS&XZ-
z6z+yeN?hIyAob*a^K6ntJZv}3>#b;AXDgk|hzwtyX~KizJ*S3xbT|*OZGZb7L)vNn
z9&@owt?8R{z;dU{5+j&J@Ox*Hb%!L%_K)@D*xeY_W3o%E?}5FAmso@MAN{clIMPpc
zz5bzd!On<*B78`l4c;z@VxY3lW|DfQGmPh=mfFU0>yjbCthXLS_RnF=iMaXZHkLzS
zEAQ?XuE9Rv!be#sDPn)Gk$&a5qbZEUHswsApOEw|h(nTFw;}mkKw!(h*pUPGFD#Bh
z+b<!Gxu?|NFHX^#u8t?9O?FKButhz^Jhk#=0{8L3a2)49fF;t;C({7&@>2jx$?^!*
znR23XtK+gD5|llotl0LDBAobdI9`<$+dO#t>Zo0h#E~sLE06f<X@$fTl?I0A>?Oxk
z$d2L;i6lUjv-<ONFVG2Z+XLV+rYnlVW2um#V+A43<DA0^#Bxq`*a)+bfGMt++pqg=
z`skv}@XMt$fij-S^T7E!#TKIc!s*d%t7l(O@NwhY!z<8vGqBv$7_@v3tf!3*U1}L%
zms!0VJ9Iim^AC11AITHDOD4(;s^n~^#Rd=h+F{{x+-!b0TVS#03iR5e;ZmtJKN?G3
z195#|z1#a`fD-wX4q7a8AKYoxGUGv69qT$GVlA5<?yb5cPZ$r`%?bNb^i(_S`+U#)
zFj<7`a(>8R4BiUKl~IPoPblabXsqMAA7CovHtv}ehAMPdw5p$j`z+E$W0-w|x4*`8
z-nZ|SXRJ$R+l3@MbbQlmF1v!Q4C!N-q@Vt?A2-$s!umZlbYy;lQ`ePFjMpA<n)jPc
z8N^eXig*s$AuY(t*WI<VAGT_GC}>xYyjL{2y=Cs5nO-!g*kLOQ!*QPF{&3^5b2#*^
zKeHZ;bsEC0rDPx1@e*jY8JUX(zbgjQXlWmJ+$-ZSon&V(>bZPw|I+c%gxKlMNy{o3
z=Ht6Cvi7<dY~&=ikn;{ya(jPIOBIuXPF@C~2c<vxBy7Fal%>Vro%yTb1bDpMl*e5W
zW@i4u7^bv|P|vC9sZ~y*YnC-7rS1jYd6zUxBim+}Dg6*4H84`UskxZv64c^G(z1BX
zuW%WpdJqLZ{eRk6Ry_!YB>+<@3;Z0jyR;^{lQH4qo6zNU&QCj^O$J%}Am`ck>7*gM
z$Wn3?9IVvyFW9(#snlrJ-ERLwPuPBmC&WJ;%c8(8*QSSIA6NduIZ!h3HkUn9AszkY
zsuI?l`nEdKH_6Es?KB3ibs<$**b#9^0kmhad!t~cKhrZ^1v72cf)p$MQ+K=H;q{!0
zKUWUj_5E(;gb%PIqQ2pWKqsHzurGN)jGsZoIDanK4dgILgbyvUr%WZ{5zuMr`*y0s
zdF_6LMCru)vyT659lUwnY$a9>=4Z4Xn7{HRKEs`WvL;wk@JyOv5X5+5*A-(l^;Rt=
zH0M08#F|Rro*dIJ6|Fn@IOhLKpnd=M2cD0YV@4!{6Oy?{Ojf0nqUvw<(=*xyj;c32
zJdnR^Jx4KvyxxM7Gpk8BHK*qGe#5x{%C(6-UXHKq1Vm^XGzp`p1=t*>1>};`ms_P=
z%{zAC|E=mm`gsV6Nf2-<5b--Uv-Wjv?{P3vnIY4Cj-3T~|IACZYOC=Zd}>E85i{l5
zGqJws_9y>Yd#Ti8Ovn8$c4nf<>IYEjm`M%VEdk7NjK0RB&Ls5&g%U-;a+W_06T!I;
zEDlVMi6Fa7ortq%*ugLMuy|(Tn-7Ro4vjB6v~Qyomh0@3m{#PIGRtZ|_qjcWy9g9*
zXAscZs#7pu-5Jt3ISF{a?A)_{37TJ@@aS@qLPnq8o1R)@Tlic$I*Lnr$Z;dH{;dQ6
zb;AlsSb*6PLl#ty;`6hezxF;JPDpo5=kcd;-eR7=2oQtA#)iR;{(Zrt=CjkoKP>#U
z!KZs8lk@P35hC^+bKF(xer=Av8IUG|oAX2{1BgHAb=X)|HF*1eJF34j-SISN{lWZ6
z_59}l&Mh9#Ex)_MekCtjv<v4Q-T4R8Ab&defWkxe=L-7;<rz>2tnsT-c6;wwbyX65
zU@9wKbrdl+R>2o@AYTK&H>rDPXBmG7s!Zzv4#I8B#RjW9fy!rs)NWT&PFm;;@oUks
zC4&Hgm!L_N_o}FQ#Mrpaafa`cr@`zf_=ne#nqN&N69AyLK{Q`<6o>9!2UVEf7kYX{
zU%1nI>RR<7|DbsB^9`uSVrKe-8uM#&L}u`<+y5D{rwHa{w7#pN^>=<$wmQ`_*gg9#
zBe7l1?LFq8xwP3>fepo;nTXXJxP7%Wr5*VmpPFzls`=G6=&5w{6%gT@^vECM%IX&D
z=JxXO8XCham%mkesU69n%#co2T4uln&j4RXD_eAK+r>XV&%>H2nedb<*Xg*q^v6K(
zQ^517Ty)T{?oz1<Kibj-b)iIS$jp}WB9l1E+X7ude#?E941x=-?$|EOnW`<?Q9hKg
zD`;6$5r)m#r(W;T9P|t<j^&d3Ah!J576|!(%!o#|q*P@wcS$7%Vc1w62xhk+Gn!Xc
z>RaLQH%097%2DRy(Akmj4?Pk22m4yJpd_W}yb!gF^Ak#W6f>dI54GrpNZoA8RCA3T
z0EAV3gk1?U;`<%UO=lm%7J@C8iG&+i*9o@)wvs8dJ{@(&^(NJD#>k1vIp-Ir=_=}}
zAfP`!J~|ldm_Mo8VfLS$W}Lbh&958ISyA}J>0XM`{sbkwq@#Hg5QHtCHg-5PJskXa
zdKucXvZ*=EUhLaIaev`|_P-F_11+AMhmt;y%nJ-ol-32ns~CXFr*KCIWfQU4v*NNY
z8>$?PHiN7(zq!u6%6{X$|A@W+ZdYso;FA5v`RLiQ_**`S;Gc))B90n05)13^W%JI#
zjc)G^s?JKHHw*eEe3%N~23)J|%gu@k|BzSL+%3u_gT$~9aQx>a860~;IumCuxGw3Q
z^1Ytmo_}c8A`=U1fw%5e4jYs4tbnaIpPQYY?V%OmLc+kE4j|dR?o!$m55z`cM~RH}
z{)If$TOMQXqZ^WQftNGwKmQH;h2JvI`;Z#_c!*x0h?jC63(BsI-!w<R0!R7X0M3EW
zshNdzRoIJ_L)F}{CMnhr(r+`=e?NO;3Q(wl|7Y{sk8pT!0~@VG`ZttM@)=fk<{xxB
z0JjcN9E&)nvI5C&ddzf#NrmA_C4?L{n91oJjXk{f$CThF?^d}ETYgTWh5j6UkK6}Z
zA#H}V(Kl0w!TJkcQ|f+q4hs3ccujSjw+bJM5Uo3VFV-)A^8eYYce`mojIQ!)@CpSo
zcIn%bTn6*HB@8sfB4a4=E1ujhqol-^9r>HVQ3yM1IJ5pUXp{8qnU?Dc+({BEp*RTk
zUlk&R5^wyQ(Dmz5ZfOFAv8iH_9nfW1kl+BBrmZ1^FfJWFfWhJdIUsvY40k+Ke-ZGy
zH5;nj*efF=fq;C%>TISec*M}ygQZ9@I|2tPBaGcH+t@ZCU-ZNaq*66!N5Mb1*s6eS
zKplV?!{GeB2M1{#l5=zVGRRoK`V9nH1vbo@vB8n0Ad-jU8q!_0;hbfa^MBQ_4wxmy
z8d~4|j(Q5nA`o3FBO<7<r>-&;QzLu;u_BIF0r+?>=R+UF>f-WZrz>B{XlRo6%)eRp
zqyAa{7mig|ydB+F@uGlKY%-4_?l>Y8MCJFKgBa>|G?q;Q*)*Gnyj4>5yd(!H6XAsX
z{e!2u{DZ{=OH5D0*6?jR&V{DtqyF8r4t|H?BxaZC!7m&-Km|q&;&4d!OH-2~!#=Eo
zbkD<ce+aKEsmM*~oH3^VkZY&zMlP7N^{=4^D+dr7sXAU2oPY3MtoC|TFW_$4Rir-U
zoxL49rb(&wY)obu15TXBg|FZE(a0X`tS@vOgwdENRhwD~Im-pDb5Ns<ur9~J{T5<1
zmkb}2Dp&3>!&I3iCk$C5{bcRWP8iz<Yr`uA_xhZ+qnC{gjq&7^=*bmdhKxFDhu@nK
z!J#9Gh-Fvm)urmRKuzy1IX6i8*Wj##d^jp3ctfQ!SOcXylfH0O^XngQcda=EZ4x<L
zkd!7(?tXhJl3$)`RjJh^T*rh#ILx?zslf;=&I5+2huU0~M)ezBL+CW17A8Fy-fuZV
zcvV4g7F0xrrq)Go-xY8Eq*jY(v&98uO+V>B15}rMvxKDrE8=u7MAgS++Aez{;wEit
z_B4y<n0v?TD!<G-&%@bM>ecgOrQtPDc%UCv7*`A6r9B~-(_0T!cS8>5D@5s`>?{0h
z+jpQ*B|ETS<<`Hm!rP8l6=3%yo>r~kj)bySxV;b4Izls;wEIe7)BeY3zJ?;G1eq}O
za&(XVz7S$pQqhTa$dL~#B8j+<PS2;W57ZsPV=dSCmmfU%7iUZBAsGVHt5@)%ehW&e
z;pU<^4N7a#aOxElLgALyokv<NO0M8ArRJ@`AZ&f1e@H*+jx<St`xzXW)eU_p@^9cs
z#BN%0wg4;r^ETpY%eNL!v?Z;msdUe`0TFQc76UyiyJVCub2_eacDyXmR-D!g?uwrd
z4nZa_;|b;T{>Ak4c5=OI^Hhu&R2sUCosr3Q>zRG-`BJIDcwUNBFe0Z|&*jhVa=a){
ztS+Hg%lagGZ3b(G4)g4wyCLjrA6u6B6yhTfCpomcWkZ1P)5%9zCHhY&iz3I%I+QKm
zO?yTEym3B%s9VW9!f*HQq2~t(Or|ret>Xrp1_58eFS=U&eHU$=x!jXU4tV2V1A70%
zTg!Mo0O|Q<Fqe98D5D(7_#&8_JU!qJJU5ScP1hp*zU}jn?@K#zhwZKHTQO*I=1BcW
zX?parM<{FXu$=$H*s7^?jW`1;3WL%O@@@e(2HPZBCR#V-gtu*`OizE?>1EG<XksPQ
z0B1F!eZWr%3c7$9fSB>PU;yuS$B0=uZlDj*-o}W5^fUuA+@dV;p4A9<MF!DiVMxjh
z|3S`;<_@e6t^S@8<;l281;!pvQG1R%B&{5k+_RQI4SwN6I@_%^(^_N8tx0|)Z~vnn
zpY96Cof$k4!!X<mvVlkxSdKkEhxYuCROP!`!T@u|<E46o`xgK-&vBp1e<m%xamEtk
zoGe3d7JxZYmfIk4X@j~fz>*`_t9-kMZ=o<EGHDx@o^BB#vaZ09$J+%LAd^ojI#+f@
zsBSL|#5wK_r364*`e6yE+V?^~CbUzMk-oNgN(h(qNb6WgE0gFKn1LpKIv=Fc`^2EP
z<up`Rt2Mn7!$-ZR0>obW`LM2`IPf}fKR~#nR~f9Mm^XX{7o@5IgcgQnKAF=7dWhgJ
z9rmiVbG`%<DuRx2y1CeoakL-cSSMg(xd)ba(Ea%OAEZr<LJ<Ad$$w-xD%sW2VxMcx
z5aBIU_pUj(TNNfk6#Bg(a|wD<tPdcA(6&FgP$`ITTY=!GBo(=l-7mnpFmA9>P;dyb
zCQip`i(fYI$KwQT_)$iykHT3L9vJF#>r(La5~zx*uObDIui<D0aXQfQn$HS8)Khk}
z@oFh$1wEHR&)m6eRecZ~a20w+;4?1U%*7PkB^9X}IBOAQ35KzHW4!5`rds1K^ZBFn
z0QaeaFbC2=iHG-Bpn7eJHF8IE`EWF%7S~SK<6;QREs>@P<2J%5eF3Gx#QSif;OEcc
zBg&`ajG;8!Un^HoO~Pyd{B!P8A9agcdgH`!x$Jo}@Ku*kkQh860|IQc?vq9)oGTpp
zjjem`i<{U6bDR*@F9P|{51|Uqa6z|WLP&oDP-_-1Si^ao57#fIMb$2N0Oi*JMaISy
zA9C395_UjfZc?Hk_0JVI&d<7ZeH4lPkn{qcs_nt~x@UDNFIq>{hB?Qew$jhjS^SqY
zVu}1*_XT(8)vqU<NZW(zt-vw3PhO;^t5kUbRb+0-`43T!J3!J}eIUwEVcp5Yaee>`
zTsXh3dzvvU0|hL6;c^_rc@6GpNE^fwdGQTdMQgbXt2C^D^4sAhP?Vxrx2!1$MCXkH
z7?rG)dt>UFFx)NW)IBDLBgY|a3MZ>A$s|Kh0mqqa;z#v#uX16V$TZ3)Ammm<{{PSd
zi|BvW;3|*L1sCm|ZPvQ%ZF;EbZoQfjxw!fPB8GWcOCgwZOsRk(tBaAqGf+aTAECJq
z3`GzpB>Mtlr2&QKKHiB?zEIo>9nb@)B?M~=ko$hX2?pmZcM!aoD6mI$9<eW2H)%aJ
z#ircf=h#T}-pa*EE&gZwfX#cg>4Uq~fcQU9DTDrR*k7H~L9Sa$<N%4c^a9B!_>VNO
zqG_@lK`I&wGj$+x?ht>#%zSx3psfEvhJsinz4E9&pq!jGcPif3a3u!x-mf%U9a92n
zxKe~(b^(^gBFk$6Xt`4qu4eX!g0Sd^<60RvvhrLtZfStSY)wBVDyuTe6vuO*5KMmq
zUPd`KkCg<ujL)zPd0cP&an&T;PX;R)YF?uY+rwl+x=Z#ueOax4NEJgdTqi0<JHf}w
z{Yd9Dmgz58rs^6;t^qDs0{xub(8F=9h#QgP=K92rq3Snep@m!#ZD$PV*s%Nc%y>9<
zSh_2plGB3xfOBj}GX=|!ezeKLuMda?v@Gxfo2*yULvy@1+Wwb<fXDc-fS-^8me;Gx
z4dItn0TE~WNpZ&^*$GZ1`tPSIcev;80=<(HqHKj#4ctxwr@>=$VJH+v*?qd?5qrG(
zihSxrA=#x0D_}8!7z~YaMgz6s)@KR?>)G)4lO;K7u-VOyH2j}n2VCUEld*sNh+CDQ
zIWltq&KkI&?i8@3Wx$dEuX_HX@M@wDNNdnFyKCmpaGH)Kv(N{&2zfxxm+>!*i3US+
zZy-I$l&9tJ6i)#!R5M!RnTVx8Psjn})&|`dP9K)?*!BHUO?W?{;Y-+1WHi2m>=V+f
zBgFiUYU}@TF7H9?Gei&`dpQs3f>yd9g~vUb5Oi7sl;P&FAjKft&w9J#l^96hJ{6Sm
z_O4P`&g^bDA{v}XzI^ZkdJ1*jlG%b*9vxAGw4<PrWNifot@F0u^P~Y8xl|=ftdBv~
z$Vblzf+(a5j=h(73{5fl5J1mzs6tjfoo0<dL3{5=f8-`K*1Exoq^`vfBLGYz&pd(^
zYIikPs({ncPZo(70>z#eQS6<M(|_&8)hI0Z^R(c*f9FAk1D!ktP(e!sx^#VMP(1$K
z`YcW6kG-xO)5<t+sq*_2Dj$^s6zct%7kO7uTum3ULgjO?mrgx9VtodP-8c1P=NSXi
zaVPq~@pfr_t+)Y=Li(xyiwt1W@kw)tU$5d&fw$>EL2GteUtn7Npx#qzi-DC4Ll_JI
zMp{3ZV8xISAT5;~isPF7v|%}4<Wj+lXeHimGuwBmUu%r*8I54_eKH7+Zwnz}CALs~
zIoL2LaW*I_KA2o7Inc5-4a>bSA%aaI!j34mX`%?5`t!KAeb$I`mFqFUaU<H!!frPa
z2#6?d-DF?}kSmU^_i_etXVUFI#>M}mobraLyhE3&B@#0kK6*y3H@kU)Z65bZIxT%-
zed{l&7AZpbrRAo;eJ^`OOA2^O=GpI?pZS-5@~`KX99nF#srTN=aqrPD+kac=(47gJ
zp;X%AXC|MleGoOo!}Xxz-P;iH$?t?MPPUeg8~D#aYR@?V&D(UJ)c0~}P_d$)b=QmZ
zx@-aUtK?CCt_X1r0yD~^3r79chDhDN4zDilzFza#WB7kUF99YCjvXXnm>eX16Hwgq
z9<Rl|!*=SMyRgH@r5t$+2*n+T^U$D4<)yY65343O?5AxIZe7m|p6lK63Ocb!A{Hz)
zpb~pI^{{qFGk4%rXC;G}9@Nq0$dhxTT_+vS>Ch+>HX{)0h6MxNfQqv8-@-<bM@OQX
zY^tt<iBJy_QPI`m-pc4h$vH=VRwPzk#Dx2odvW+zQ)$Mn46Yqsx4Y_LktM_?@xHBn
zjxe4q8KV@K_p+Ww+~SUhf}X%`okU3!9f!HBwBgaYSCk-lC!|5clFpCy9~#(hk5?Pu
zVFhB4@V=`jlJmJ59E|l-XA<fu!V|Rmv|EuoB1a~w_W1_k$C$aRLbj^}Mab=7q3OmH
z;0TqUnuBicb@K9r1Tx)t>gSu_u}I=fz+ANDqin}<t50kGH5M6sZ)QDB(m*};0rC>9
zoxKL31T{OFzSXB-cc_cAE>2&qeQw4N(;6==Bu#^HwD@NtJKr@dzl-ey*A7!pzrAJS
z9(P|{4+9sSNKzT-9iGB<N(dt;k1lztV})$1vusobt2&)nbZ|%$CRv{Wq2Q+HyMpP*
z20^R&W=FgV!RoxnJF)NAg-}4!MSu<w%f=M=O>ep!yB~`5tiayPTt!D1Zq<w3PVU*T
zACV*F4_Vg5?JKLphPM4!bRV=gWY^=#-BcN9)4Bqzd~re&T*XgY@VQ3@K@!2xq~Fr6
z=(L&_K2YO``|9vn4+sD^z2<w?ihX}Db9@7LeuTNBSLV553~iT<;F^3XxT#zo=0Q-<
z)(9GsxHO~uva+jV*F3~}IzD(QY<d!wm*uL$AU<F9(Gz(um#}RX+wuw0WOBAIW~Gtl
z_dc^9zL-EYB3Pr_K#`8owa>2#A^mx+`Hs4Nwtz_}PfMJSb24_+HA>B1xScyUxZ3_+
zoTH>PZfYtr^vB=J_1RYA7H7q8JczZ5j(FF>WZRD3m_z(I8C`1%{vUZ>i)~r@u^ECw
zIxl$e%Ya3mbz<N5%;S#RqD1LL@8n$0!%NslHr|VaCe!RRAFIj(M1Dv);side7&;hh
zAeoB2u2OmhYT0qlzUi?+VfgxsvtedT0CfLM5scZqNNCsu>_r*NkS=~Ut_B&NN(w1W
zhW%Q(r-)G)G~K`lh>6Gxhqta#F=pI}AvTC+gD~W<^0&ZJ4tj#=yw+XhrU-hZD;7P5
zR-ek<wRZ8a7T>mP)TuxyF-0#yQK4FVGY{YcI5`mmQT35QVd(lxKPGqqqEMnF*v2os
z`u?rM6Y9dY#f;YvhD>x2>rYycQbj`o62WX|ueSZo@U5cH)rYsO0J}a9Xcbs&Srwf1
z^xkyG?1^I5rw6%~Wgj=eVzHi+1EQN?LxK_PbVfpFspy&qpqxIMnwjgK0V_5ik27S$
z0TGVMm4K#XxY5_9Eaih-0@OC>=YM#PSHOFedG$T4i$x-%14es!&}NGD5yC^_E>~AE
z((8H^R0p8^xM!bcqu&cKT;%dk!5ozTa#PiZtfzU7{^B0o5s5o0z*M$_?QD22r+3vi
z8a7=9+VUVFI{fE-JaHUNd{w+%MOk-s^M{SVzz8MiWfMLdLjAyORy(bp<%8in*a@SL
zz*VrSD@<UzI*wku;Wvb$=oLdSNUw9UY;1tP?8%(oVrJY5wMo~F&b%#Kua@Tb#eBJ1
zF}vWK<aSa3FykfYw3=<2h(i2YsPRD>&bmYE<N?>Xn{r=t-3BTsaZ;-fjN2SE<7)t*
z*`Jx~=r02iZoIi}R^8CUni#^hOmMgJFCh@&t|!DS&UL!gGI1Ni$Nh;|D2oxX2fWrq
zU;se*Sk*319jmrhlH>u4k+nxhR$5lYIdyQ3;S<=smDu3ql?hZvVl_oDviiW^3x*c&
zb^_?-L+Y<bb0L%gkpmfkl22RSo|Rr3?qXj74qXfw^s6wrBkMe%JKlW=Pu3lkfnqHP
zG3hZ*(w~1u;d_e=p?d;l0KC&Zt!32F|K9Y<ApB49!>S${)wO|ubP*zb+8g9jwR@i?
zW;v16rk->gaaiN6W#Z5qa}e*`T&XpAdk!RoEU2-keOB%`USv|;H^kKiYX%TrzWtiY
zfEhpMV@O>mkaXbL7a<%GFS!FsXA7jWrR^b{qv=dTH?iOV>>ugcP$vKD$mOQItfzI-
z`Li{YiRJg=YD;u?pk%O?{&68<3%mktruLi?-d8a-sYp2@?Fbjgw@t3<FoKL>-BW<w
ztS_rN?y3xw$NE)W2N<EA$b6WJ(fY$-lNS7(e*mgyIR|&d=!XVD*LjGh?`!YHfgBL~
z%;3!<|2(sv3&Z-J%Q0hcq_oa_U(vDK>eJpT$mY2N!>4~Pfa6{^M(UETQ9Ig>;-)A7
zBxf<j7}9b3t0!h6<wyr8cGBjGf=cUA*zJdw9aF=F-6ez9RR;E&D9-9RamBs3@@Ip<
zZ(h5<BIDjkk|PDD90?TTLGsj=AkJ4vby;j3KN|rwcKd;z8)(|p0{jkLDFyhNmdHG_
zJ{sOaJ?AqZ>?sN?svbcS|C@gQ-I!`CqeQyfs`6)8;0C|KRf3!;_3ADs6<$QdlzxBR
z_Q?;^HkT(5{DcfgCuTI6G9TpZ%6!T1<dQ=RSp$v?-x<Y}1o)RM1~YuUkKrlGr9XT;
z;fE&LR^E$)T_&hmtkaaXq-E)ld!N`4fk9$}(*jRr5H$4&MNgE#CNqj3YMWzz*lX#B
zi!OU;kxF5a1}B9G=0Yd6PN!oN=ssx6K20T2B$0hHmYQYhMP~2=?wG_iWrga|aNfvs
z;6QnA#Qa8u3YLQq9z?=aL#U~yrKk+N39*~z?FrMk7q=D6)HYR*y&6X@-rg0^wRC2h
zGrIxCV}GbWJz%O}JH$YvoIk@Rck*+tlF+sprUKKwNKLnY9K*#a;JDFX0f9x+trg7|
zp~;{CJJ$5=h3!=xARsoW)WnrbR?eEg_9LvZ#^G3T4di0So|?#kmwd|+K#`J^zuVdY
zE)T@#$Md4ehkjKjLAsN3;C~su+f}88)l?LAxm2=ZcEAsp{!JaX&+3T|HfeX*EsY@y
z(KDsYTt6ssw3H8b?uPAJ)S&g^jb3xy95zB+3|CaC;UXpHK9C*5ie11_m!Pav%+BiK
zV+2ql_Cs6-^ZEtmcmyIH1ls<=*8D@F!PL@UC@@&fSIVtTr!DSuZs3jw-)#Cff&75=
zlp8SXP!y2#=Ylxp@8^BH4%1}a>|lz3RQpdtTE>d-f}OtD_;*|0nf0f%yXRqEF|JWE
z6)1fzP(LHTr(I5%=*ZEMj1hRxNW71O7(e1X|5BZX1NYb_pcv{r0?e32g2P-hYFSH1
zM4}s@L`&Ei%)Yc!66rsn0*>zrfB=PRkt|+WQ%zvF08aJ!TGfA)e#9Jii~$7{iOYIw
zH4~DV;ffBzx48Jpk%^hr&PoQS&I(O;DB^f!c!{>nPKXl+yu^7g!eaC9Qu+=|0^Stf
z;8(S`DoIbJMmw61JI|n}B#nGzu<;V3r55Z{-tltn^P9jL@6r?1-3_sAtq-&=iSDlI
z$4<cZ`guE}qM5uzX0v$LahI@3RVSzG;QiE-4}M-5a(FkxtgUGe$Gk?&Z%HsO*MV@Q
z9iFsn>{Zx?jB=lMm6gI@SiNjM;E%Dc`5<H|lcqjrpL}>W_*(&VKAlzzQUilWK#~pZ
z;E7IcM*jvJay=3#hFd|;RSM5_FU&A~crZ-?{Blef1le*Am}E)5Ti7J?cIbbESp@!x
zX$#Q-jBRP~8tyc&($j1M;mA+@UHcrWOq{PFgK6bjRp8|<+IYvKn)iIqC7z;#$$-jL
zDeP>nir{K%Hv2nd@0h*#imrhv4J^(C6Ex%w>#!P1PSOu@FIU1$kGo4}ouOz!|73>M
zjnPD?bVX*yK4t>juq)rg6lVs%=1M@_9ux_iw^G>`87$B7!xaTtJc(S5b<tcV9Wpg{
zC|i^13({T-jZ>&nod@K5zpKizDlc}2YgC%O6ZZoYFt++iFu}Hdn#ruYYjv#?b_E~A
z9J7a)vi)_Ke|%~<;FSr+#`0+m>`@giQe*(Vg!%*Ltag~+G8~`EV^`k>#?CFuaTeUc
ze(wid8qlc<Gr5M5>O&xlcuK@^ny|}5amOO@qYNZeny;q^U(9i{1nH)A$#!UTtj1B)
zhZz=2Ut14z?Ma3JjdOr8Ki8;)vX8&hS>ps9p?*FTHhHvF4smL#GIK4lgah1dN3`6F
z7lO*Pee&Zh2qE;L#zyelN}T5=IP7C)PVb+MDUtcpO}7t&Awa*G=vE|t(xsSZk033F
zZtO4(&R&_3AP241NtY$TR^YO}CqOglYn+(?eh+a}?TP7<n*AP${u442dMW0o$V)_o
z)x9bX>Fi`A-Ug-AD^Mx9%iBFLFceGB(RhBqiG2&<D?*YbS9Zk5U?&Td+U+HBD`O9L
z&lcw*s3NrZBxPn}U+P}r5+#mO{~7Q=!;mJpuDZH=ytg<7srYmWAuCmCU1n{nT+2mN
zSzYPhArn|rr@%9L5kemnrO5D}zJs=^$gHOru>Rs@jm582ZGuA@@TF4dPN11Pc7>DI
zAnwQCBApxCY9j7Bt&jhOr=J(H*6ljlBC=~iK13nCkH!-tvjfy9uw#7;9eh+C5(nF0
z$FkrbLEM^!QHhl4LQ)%M+fd8!BGw%6n&bmeZli-y+!`>SxgtzK@b%MaMMnp1L6L>_
zfFbgI3DI3D4q)X2ctZF|=k47pU|6}y>J!vy)Wp-`f-iJ-XH)&x^oVJ59056JF9VJE
zpWi;s2n_^N6dSaKB^I(^#Gb1+gI?s#Ksg|3+IiZ>r>d*0noSN2f7tHbr|IJw)m$#K
zqXrpnS)Z|IPD_BDCc`jn&<3&8rXom&rI!Z8K}&KKL*4f=#4im<ehQi|mnmOlnU4qG
zXkG>GB>qCY&OICEGV+Iy?v}?p`(kjm&OT>ZTIHZ>FT8>qrdvd_(}W>knDV@ad@qv<
z`_h-p2mQbqVDSLfTcCOp`M(^v^UDKLU-#^;nZVdu)8u*DuWdMNRZzQKdMMshzok7T
zVdl@Ue5<<wbqV4r4U2&vkPpEROekzfI1$$4qjv}lw+_O@+2SZLIm~NDYG(i+K&%S@
zb@}@?kZibL!!@c}0V=9Zj*||TG<trUc{zyh6KD~P2CMt*CFrH5P@Qlv2%-kl>D}=c
z@AO(`akJ1Eq`s&wnJ2O1hRVR^C8+Qq-tG!2|F(n=x?Hp&h6AGVyQwlzzDbdCUkrOJ
zN%^%yj2N!$q5fu|5bMq7py|p@Ro_2-_k2MLFDJ~h<RY_tA@^1NJdmWFe{G}Z`wK4-
zGhAnufb$!i4<^vm;R2ZLU8L??L}g)x-={m&okZFBlNCi(a=PAfFFK_a#9&Kmzas<~
zj+<79-y#SF85jT^s~R53P$C3UbRp$PZ|l)Cp!!Y=QQ%&nVtBg`=Qv&Cs*Zzd_Mbbj
z0k?GL!krnNw-!08jm20cmTy1c_2z1wE;b51yw^G~>16C+tQ{_jOt0^NeLK6$B#lY4
zf|n5`1zjk4{lT!wJ^UOsD1<;WXP+jf!vB3!7?}uh)Vkf~Se9Q2EH8p4h&Pl7!Huzv
zr!yLz6W#1n?Kfr_6rQsztFpg6>ptN-_G#{wjK^gm!0{rWHFC4LWxWptVw3q;Io(hS
zg_cFX<J8FnbEbe^zuRNOi2L1c8w$X#IWrq}SZnW?gKRgAa?T7woa_4_HzS!DYI#f~
z5>gRJBgu!g7(?c3n>L?SyhJl*p|=9gHEo01Vl%CyMdOZ(kWd}$9UJQk_*+A`PeBhp
z-sL0qB|{KqfyM-|YE-ns{1y$Wb~spl>h4|hI@Yo(dG<EPfP=s~&2j^hjF+J4mtx=D
zCGn=6(CX!Iww5ZSwRD<5O(_L3s@0&NghvKVHu64?uFq(N4b|V(s<tZqxDVbm9X7fG
z5vq~^srhHW!$6&}d#iLh<T`fB(Tm|cgz8^>cEViQwJ^2m8$f{Z_HaUiCjJ-?g`&eO
z87+e2r+nPjP0AdOlKudvRp3YlR0LIpaT}ZWsMw$}6~3Fj5)#TT{tMgWlL2rQw*skj
zL}Tpu@;Q;w-Biw7MpqaUJaN|52=)wAWE%3`;@<twzm->-kEf-Bc0vXV_WCp>fj!NX
zcK(Hk`BzQi^<oM_@p2rhU>g-<wv2x8Y1i%0;tO=-sm@%PTUU%39zOXLPG@s^Pd8T~
zepfK8$*;Oq?vnd1bOx_2S_xvi4P^w77=(ZQdAR~Ruar+N94u5BsAl3YA2vN`O^Xbj
zhU^d$o8#5N8Yo*$MwUs}bIa&JF9Xzp6?tT;Rfb&78?6RYTlR^jK0pJd)_gaqV2I*q
z?9F=n$G`U(&4tagjh&C(?3+phaWI9`T*C?9xL}$dfbjsTXyKN?RNS@jsTEH!9wrs8
zTFOnq3KB7vLUB&56@asTfc?n8Uuy<R`{oc&Q9#QoINarmi+6hEDfS)AH?f;TxGTw0
zx)<jqd4%#DqFWZt^$W#`PB@)U>h*#{{euH8BpW)1!}7z6^PY`}f1Y|Fr)z7&Zu{~G
z-Y^*wcM`n0*5=-Tan%IoaLuL4xz&F;oNMR8T74*8eFQQukzodOLYd0ZBo<NRC5RJt
z1MwfmTA7)MUM+0SJC<M{CH;aI+R*FZpKvk&$kzBxE01A!0VGrI*uy3EoadEYxAXQ5
z<3c2`lrpFyX$TA8Y#uf>sjs8`UqWOluS7glboXf>b#F+eMvS{v1%~vX3uC+Yia=`H
z(feRxQ{O*2V0oY|pZ~wudIue5<+knywt!9;r4ofluDF2?=2Ulez%@NA7b+HvF?R#p
zIKz4z>hzG`+9hv!3Yskwg9kT3nd=~Cr|c`GU|$=#G*VCmAC4xUvHjqHm`9c+;-Gv5
zA3eoYC<z)}9I#7PxRMFFMCLS4M{noHNHzN`!wB<5ohQ4stZ|1HZ`kLs-yT0bxw6Bi
zsvHVajh$Ic$C>qOxVmqC*<5+-CRrlnM3LpBq>umy*kDgp2wSuv^N_>|5<f=a<?Mv>
zPv|xL2CTvcM??|W=II-9Gqy7JUaW{~lwO%K(3;(T+&2{7p<UnZDGJ||-y~J`&tYl(
zKcc4!pc;IW-UL00<IE}`9ncYBrM#DeC@eT+_Q!~8lysWh3qhb9a6p}d4-0Vm-X4D&
zC_T82%Z@#N(6Q;rT2r6<T{P+3a>MGHk1VggSqGS>1Kp{jUIfk~aSytoweruyVpLwY
zJ;HVRYq%swIDtkqzB?pCM@<exB-g%JB@LB;T7yuCbwpcOIPxE%2z)r5+BWwAL;fcl
z%1+=W4mE1m^0rM@0(PAZ8!XP#f_6R9zp`v&*~cy5xo5Q@A_MHd0Ty^kT9q3n!%ZNA
z^iYoG8TrHNQ={j=cJN7jutptU(EtJs1pgILP!&QF=fM`jza2NK(wO$mQLsC2;GcgQ
z000dEk3spl%`sgzB$6~9?>(H%T|;``gIvGxVsKZS`;A<2ybcFhDyVugKF|+OVRiBx
zbn;tE%rpu&EvgR?^(=I@``f_ZWzQ7_?-{noJ$T23&K3Tc&A8O=s%rn#XFTl0OfBF#
z`3Q9E;Q#}u&=HO7nlTCGmgvIi^s?D`HG^PPtw1c3aRI^R(kne*Vtg0awPh3?T=ys5
zfC%l3?eXGYAlhpe!FTNGyzSO3dnYzR*+Vo~07LpVIQYZMlGTyngUgAyD*!cY@+FtW
z$@nZIm;bkp-k-i|>@1(Y$E}?c@0-`fEo|P=cw@0<0uOqLA(UkyZ2v+bx{JGpiDKS9
zDBQgj`<@|0NW-@D$ct9hA7Db{F8h`Mzn$WQdUgonyaHkxUL5>vaPz6rT4iV+u|MSh
zMXEtCIsx!QLV4CWIW>EMBb47zWTid)H%+C-EFBN_kb<s;XJc`y$}3)$a^L3MIJMM~
z$;wG{sAm_s+HRgH7=|<kEz(@bK#3)0+;}Ie2m&kni1!Nu3$d+3_16We8^9%L3Rmg(
z6U<h5BJL;HMfJ$Q)-+ybetvb37gNTnB>>2D=P85^X3i#VhX3FMQW6@v6{zQ=uda4@
zF+S{w8TF45KZ_CSSc3^(;tJ&{D<{||27t~5rDp!z_&f=lMz~e}Om<i?>|a9xAB~NN
zD`FkEfWWaiTCiIGywgGyz~vdJn!-!p956m@p9^H(HL~}yzMAm8*vti!CTde>Gk^Y8
zFd`9*D|sdjJ0X`%3$nZGLvmU#6UQGW&Wl4ORdXez(-$w6Rf$g$K>c(Uo8J%uZ|J<u
zKqLFuCrkb3^y&6GY-6{%yu(}kS7I*<FU3}!2G>d8(#8N6#?t;=GAIvVq8!h2{;kb&
zZNI`GG0w3)Fr7)dkSz|i=es<_i$+Mk&oel>LDjFOu4vbfCUi32j9s4o>~_^Pv@Zt&
zE#w;#Q-1qLZ9icsc=bhk-T;Q@q^zfXuqOI~R!CforiSlg@9`k3=lV}@NogRm_G~ru
zsi*0tV$6DA8Thz&dIY#!TYu1l8Ns1=dsXF^4#61r<^xMbTlx;XR;vX@>{+$iNxE%Z
zmR=NVQG+-n)xFYvf=f7yNu-C4F-esA%_+pm4-Y=T=y^-^RC?liujjjGFD<Sfh&?!|
zV>e;tY~DKIM*1S!!nV!sX}$?uzwd>8PzaZpz17<TMoT^|c?Y~a#c{U;S1%0r;A8`4
zjwWdURfAwa9Ql4q4;thu1BV7CcQ!GzKf6uxc7nu&HUSPIyQA|xG4_*md2ljT;|D;u
zoNB<d@<P^AU59ywyI^oLXgQK4;50fMpPpt|C~QMLaBKrj3`sA?8I$C*n8`HY1JfN#
zUi!5|2L#>hybi{mU-RnI_rb|~G?THv{hD3{vO8aEy4GE0k^UjDVMR!3><0qxE1@rU
z;J3!KX%PAfAaphN8Cj#4fOb-wR*L<LEdwiN?iIZg;s2#jMy4$tnp&)(&QslFY#>B%
zl15R@%2>;p?|St6hy)BA?GJFu$@w2nH1Jjqva>_?kRAj5tH))ho|Dk{<ZJY~&?(S!
z?w?0|{z5gRSxZCe2!X8}*nd4VDQ<`6^veSIBp+7mMnBHtORy3s{QC|BO2JC{*W*l|
z=KiipQ1q{&Ist|@qeO$&F}*j!uoNG`p>6Czp<RJ)K${>g5TC0B?`i2^TEmaaH~C@T
zYjEFGtnK}B`ehPu2#X;PX>-f)JdQag<o&ekkF67Vz*CPes!L2&8SogGBpNc{6v$)!
zh&kBDTJq;Z1JGLxRKMBkQv`GGsP@U&%?G(__!Z}39`Lq3{IZN&xH|NLDuT0V5PU3U
z1l2EKREf|VIr2+S?U}+)6S2ufey3IM#r5h80s-f|vVwX65e;4Q?eT2qeyE$~LF;X{
zvX@?j?JLoYhxHV1Ku8j%V>1y$Gcr-gZuX-3%T!_``*C#9Udg8L&&EM#E{}gV{S7-}
znMzYpN*mcV(>}TovL%S;GI`C4CDtX9+qk8!05Y+NNp0uhPlZHGag^F8GDi1D3wyC?
z0Upa5G@348`aq7f;P|^8OmVT#QL!LDWD+Pm7ZJTuCh_c~epO5@@5Ne%caz7sL0~Ms
z?1;Ity0_*K^GT1#RpnMs_&~NB9g4bj!soFxp{!x~4Cx;l7kKZjSG;}8kR#~(_P5N5
z7d}War0?A<j(yY+7J=+fUAFP0X;WDsfS^?7nVd*IS~st2n#)Oo3C?1hfa*EDIXaNf
zqQVzcYb6afm9aDd1|t8CQhnK7rTlU^X1=frX;{TksnYxq+*#|4bu?Mxsf<q+;0JGb
zCG$xjl|nnQuSZk6Ao{&%rqqamKI0-Zua1eNT-AXizY_0aroq!!H#6jen!d|JYw+{l
z7lKghEy0ZkAjf@>7bQKQUVw;nN3S=H<#hX;^UIfn!{jk;3|N8mL0`KT#%`qTNyV#$
z{(U>Q$IDn~XN8?*Khlq=DIM)^E8%g*5te+-8zbD$!bNjsd({Ip*Wmnf_eTYq7hsXp
zH{LeT?@F%(Hzo3RL5poQ*j>;Oo3s7KMK8LXdbK&a&<#bL7F~!3irS%o9^g9Vy`$nx
z$ExeU((6!{p!0~+fI_{OeF6XEO9xGWywklcHLQS%c(S)eyz~;e`c?e1&AI-{qL75T
zTYWqu27!9brLeyP93(+JHE&cKl$|ahyt2BeC_5B;xQ3J155@GH>)y*azh@f~D#6us
zol@U;Ak~7ji#WoPT<idSH`l4WoX{KTUHRBm*@jo$-Mw?fWb@(e^GAelNR?=-ALetv
zFI%Xzs&<}9+O;d9zuRtdnJ>9j+M{MfxVL=W?(d$hdb{2(NDvr1+VJx+^Kn;Wxtqm<
zWe=W~!EuI5e)T86k{=LC1?AS8xj9USes2)_?r3+%*={i{m3-ley|C{E4C}fCr>-W!
z{bRvTvMRNSM~;+$<h8buTsY|Y{#~fsJOmojZ)H~Jop~qoab_}A-_7Zyv{e_r<G5t%
z#f_p-a2?m$<3+DTyN(|U3tY0se70rR{ie^nAQ~rE3s72$(#sDEa5f?bOp5;0(kOV#
z-|y5>`jNT|xjBpB#;d>t^$wnb53!s1{9W#iHQJVW;LC?KaE_%e9l-2+&?h)7T*^%n
zPiES|mT$L-!8^#d5<aE~R3X6uupVEw3@goUhS+=9Ia3cUy9eoT^p1C0m05W_1(%=u
zh3n%|ZEI6fo@zdBuP-0GwX-iF>#3Xl>Qme@xq9q2NI`e8`0_)uo;qjr81oRv;UvsD
z>Q>#OMQ{o8Tl{r7mm3gvf|qXJD*4aH#3QOxD_i^*BhG@$VPKpKK7_2VSj=VCgzQQ$
z&qbA&<$+{`qW)=KVtGT^arO$RvL{j379TBwk0ZS8vNzK-X2R}~+>`qqz8@}GFu5S%
zm0;1_@Dss17-(#ZkD9L%)V+7kN}4zMcOdCkVG9itbuaGI&U@FmaXV`0<3%oO!F}Kv
zjSEGr`>WyVbm;1pFgxF6Yc8HypS&#LRrvE9DC&I{jP5)S6Yg8Z?Fw^5FV{Smi#}`w
zXtS8na$JBT;JZ!~wJf3THg4!U3p3qjITtOvsq`|;alxQ>3G<3+SJ`cyEeb(>dEKwA
zj9@!*qwbwg@8=`bo3xYL8?k+{CJ+*@HxRCbh^10t;Pc`aaxFulS^b3?dlGz=R}rPu
z1{*atoMCW&&Xvgye<$NEWOKsy%i|LZcK1UE^zF=5M|=ypZ{%;>T);Peb;mx~#Ifs7
zz7zwiPni}Y@=!Lw%ZuMio*5ykZ_6PIr4=iX%m0EFeUn=@x}{Z#&%b3H6vp;r!D#Uv
z<-Zm9Rh_V)J*CANEc2NT<i39c1+f9~`W7v~+^TJ3v+hPjtf5S8?DEMt^tKYx#{Ar@
zr<E2PoqU4x&eiU%s&eCXsB_y^fHB?OH9NfB1OT*OxzR_p&mOno_sr^W^lvPQ#=<+B
znP_uY<%S46cd$TIO?`f;#aZ|;k41tA%x3|dorL&&!D9PX>CNU6>jra#X3U0!fV3!p
zcX7l&R2GVL*_26^n{Zu)s5kBE(1?bssO8%&=5R)rprD;0z$?Df0(V)>!+Er8I}dU1
zP*{Fw`_xkh_*!A=ZZNh}+2((gdEn2=T3nurEwbM@ddlCiDwQiAi3||$`3KEn-%m(z
z7?<Rr{2V-Oxd#MkL`!_c0Hv?1FoIrd<Ng$8*x0u}KkW)se3>_7#jq<q+?vlm4(A^`
ze}{#tpE;87_FxqoHmOCdUkq;~pXHw{S8|5n!@&~26~%bK_X3Q-*ipX*1yY5O9Ke>w
z!-M<HG&Su}i)iYEkAr1Ne$*E46n&8(qmNMPnGqc|t+aR{4>9MY|FXdyR-ZJPd#g?W
z-60=|lhc<2sx{z}jdZq?6ss1{O1^zVZ+9cy9g-hOh3P(1yo$mh0oK=XUh^2{#OtTi
zu{EYE_>UIMgG0Pm&cH}-?G-v!VZKordm%QNE1-H0PZ;mkht6ZG_*s|6r_Q^rp!KRo
z>oowbLQgph-&%bOW#3+Zc2uM8MRjks(#w<0VReQ+1^!SdN8{baj>^v1Lm#~l^OG6O
zQ5i5WS(2$FMlT}kIY5s?P9&i1IRlhpp$P5ZDg%&{2Q4Q}Q3mlxU~J9vvl7T6rgvv8
z*yy~W4bI=z_gok9l`O4>xZaJm(0{0@<Vu<H2RUd$%h6$)Rk;Uiw(z(K5lZU#awdd`
zeVZv2k7B0^JM|NcoAtEwUE}q;4WjR&?KxX9QW8b2L5G%L%tI}Ezm`bivP`~GjdsZ8
zP?{rgYD}SG-M$Z(Wnk*R!EWV@9wVsnUINFReTVSxC|#_=5MBg3cPyHWT8mOOMC^&(
zDqswR$aeS>fJhrQv{iLxJ*{@w7DWptG8=rzXg!1`b0K0Lm=Wx40kk;-?cueQ@ehqZ
zH`G3lBpM+8McX6R=kAHv%CT>TOMMcG;08OP!UcRfwljZ!mjyKx=4`Pp8(?ESoCPxe
zP-P$vNb;;H8NP&g@C;Uw|GU+vHx^BXJj9eXA}nZ-sQAYSb-Szbpwl&O^KDCdjN6Ki
zIBbLK@?7w@B>PYLvC}{%F7a1meV7UF<%(c$i8t4S_2;eh$_#J+4WzVQ4B&VU>lmOp
zN})a@$4SFF5Cp6jx~(#hDmkIC``W01d6#-z&GTEUh+!p!?!Ah+SdEj&WoZ+IpMQ0F
zC+1hnrW&6hs<_mJfNCSqR|{eIo-o5A>rPn1hgb%bkOJYmU_?vmr7@&_5sGl&Vm*d!
zcEKA1K03CpeHh-p4Pb5Zn$oL0QHZ?q*C%?RbPTQ#16*ttE9!s0kejSAv4>%{I~4hz
zJF>%}BU}hJ0)UyO(;r1D+%O+rBPIu1)Thc?*cx#si-yY+j|7hV)eR2CKY!FpGegoC
zLihPh8PBDeU`nAG&U8zZWBN%y2(Cy0R8`_{Swgz;Av4Vwdw?z#Dhk@Y``;Y(d~nG0
zL#|OiA}6nIYt?3N@4CH^HzmAo5nMF&r7tfP%gE?`$a<39$=#j>qGgF7A`kE`9f&QY
za%B~_^)V1X^#O+#rDb!`>BsXK=pJl&J7OZLS9qb!=fz4dhhnLeo%y%HJ8=*g?T^%k
z4t&}NP4D+&-%YFX^)7O^W7vWZM`r|LABM^A_>?2hd3dbz+?6n}Rr>2O2YlL>nSrU6
zl2nbDm-bPdx%KtfcJpiIp$z^EcsbGw4M^`jktApYezC7U#7`V!#bE4ZF5LMVfM1=b
zxnKF`>Z(;3kUTq~_9H|)^i|#kNC;CK?2L`W6LL;=OPh1x`;e*5P*@WsgUo%Z3{e@|
zHl4nd_BD$*qsC*^Yix|cd2jv1+1j;D)29T8368+0uT#~-7r@C*TAe|h7_)1m#^%g5
zOis5YfTx?8X5*t)3==G+ucecsZ!Ue=%iPWN;`A+e(gSa$m$yWL1|l!sGitO3#=w%G
z;H}rh0IA=xf=z$@X3$T6XA@F;?$^SZD`zj4I)6R8ily~!sg;w@DJY~IO}H>U4Hi?s
zy>WE+R%Qb1gDjB@1;yZpv-S=UsVio4h(6dxI=`|In3{$-Wb{WVFKAc~=6UUf0fKw{
z`23SD^AyM^zC1bn2f#mPV(3<-^j}b+clTX{V@zeQc1o-bcLD1E3ySCxptw{&2R>Z^
zH;naGD>0$6LsJtefh7!~!|=7?cp$5*^ORn;1=!6SQZ-<t9tIx&lTAp|BMA`BuOkog
z`qFbX3LwUCRVqP%u8iJ6g=?n}alCcvx^~}-fI0eqV1N*!K1fH9Iz5Dkzx!cwnWwa#
zv{9RF`Me=kLF-x{Re+r!&jQ~?l_6LG$Gq*E$^(yJ=Mtw=PR^xSHV6cQP&>xwuWb+A
zSdReM{Ylephs_M)XsUu&CNTLOuS7pP`m9KCyXBsy*E;xUA#Z*t335tP1%Dsj0wut-
zo4B?F2OUc3AVY*|rON=F2Mh{jWCx!&g@brno1r{SeUc1r-VY00$;a7rH4JeSY;Vex
zcr3|OI~y={Uth$w_BYU=4pE!}Mjsao48pGLVk@On)N%^sAYY!zNBE2n_FlQkXbF-;
z92x2pJFxE`rqyq8{Dkf3y9|Z10at;-@-Au_7lR|%Vxz7$%*kdzdjvwy-#&q*KC9CH
zJwU}mFrmY7%hwJWzISbiFbBAih^JVCa$E>v?Zo3tfKg@yhQ5m`E7)k#b$c;yeyXoj
zZXqAsC9>WANGZHv2vj=Cw5u4p%?-M6wio8@n8Xf}zNWpyK{FaYlaehWfLfd>n@19_
zsf>--42<bq`<{hG(<WyXOVP46ERD(SGov@k@!W&bFEn2Iavbz&#@&WaIGA=hEvS4%
zXCgr;G6g&7TM7X5qo4nd)MFu{`x^S_|EbJ2YK_T-yvhELqgMry{vWLyQ}del!bUAL
zS+Q&6kx8GvBrR*5zj!C%stJfe$r7BS%8&wM%7MRm(@pt5;`{;;n}8-j;WE$oMydG~
zQ)CEi*&vQM2mA<8AoPZ#Ht(PsEY4ixP7m9^Y_Iod!!PKI)&fSjRgvaVpn=aC*>J{b
zB_)doJ&=v?dn)pv-Z!M-?Qy&H&A9QTOQuodn9ix67o}C6g5=lt(<29;9iupYBkAiO
z%13sQcO>Gs6lo;K#aX<-SXey$&YzXP4g2VZ-lE0;UX&6=Dil!cwJVQBD4Y|9+R=RD
z(IpvbXPZ}xe*R}m9){kCUn6qFApZ3mR*)Gq3_Es}<j0FVSMf{0nvyakxy<G*<(TS+
zgqQG0)PTk&TbJffgx5!vxlJ*X<2(TuZQzDE@lhYmjEi`}@rJXL)dOdAREBQ}8&+ie
z#CnLQngneT!k_X)I2DAA?mm@?%o~y(=uAAann{%9EylAH9rX*d*oZ$L<IC^J&2}gM
zR0VDIz_}Ayeu-O{0DM<Zj=Ker!=0%2Ix&XOR>)6hU=N>s^ll@a&n{+~(zYjmRsJ2^
zZqX&?W3YW7{<G7xyW%`@3-$|H%u!c`HgVYl1-u(j4&pKO1$CnSD`chfA799Y?3aL+
zy>01$?Lv{Rc|+Tn`b%4f{TEeU0zC3<U7Hx(1a*d(S^HJ@m@2IC#Mw-`ibto-KiL;C
zKlN&G%d6u@zI>!na58YtJAd8~`dl&SomZ^gR=)h8&K;#zvqY2{0GR3lbi^JgGtdv7
zS%sCkl5&8Uz$k+qlLwW7ueWSmhB(2LY|G$-e4I_NV)Y|ar<-~QTh9I}T_gJWIb`<B
z=NXc0EdFMA4yHlra<iju`4hrhrl~mASjbPTUuQMeO?|R9yfGE*7veYJ3zikxC~ExG
zxNVcoLHNGW(MCZ;oGH<5(HLw2=8*0W7;!f?SqnsspDova5VtMY7XyiVaRv50^!rm0
z%OR<Tmn9J+hp_dDWagPAOC8iPJRvQwYFmVb;M@D?lTI`y3y4=M^m_`vU=u&A2_WSa
zz43eJ$V%P%iIoR?YYJYBa#PYYDrNzx^u90j6YI+O+5DLUU}uMKa|E;gY6T`0e=je>
z`%hrZ>KD}<{S}ybt<<=v{tq0<Jr3xJxD;S3`|{$s6_D|kVG578K=8Y~m=eXRw6xBQ
zE8ALMO+zwjRgAYwIfqO<aa2~o?!Z5?(J6U$x`&?wD}cbAeigz;*}#^CsP`VMjxIEz
zl)o1);6xq7x$RYX>HA7A@0B1c2Z)9!Ua40kFZiA+&JKlK6!Mhb<N>Q(Om90UMgYDv
zGG#<%*OtqnG&i*FiK_{&*VIwpf|JMuf8YmbW68glYd-s>X*447+n<oT@zxb#Mz4_<
z@NynV^UnZg5(GO3r&%#9C0UsBjIhgnl5HoDnHjRBKD5oM!hF8Ks8Kl)rB6ZOGc_r1
zbn^H?o%fc3+oi)8S-s;vmlbtDZtZm!dx4>Fyt*oe@V2ls>*v#R*MGm#Yqw*(JDeg{
z<f#V-^hxW6J^&m!1(H%nC7+11H+La}80i*yonN*1vu-I6%WX{JZ7v21wO2CM1Dh6t
zZ~t8o0;Ntr(M%=!j3_5@{TRe*yrZcUSwVdWDk3Yr+HjlVXNnF>WM2LW?K=W_=-0Qf
z$-Gj|Y3tI6x0kA<Lm63rn`S`f@|#cfaa_h~5tS^3bW?8ukP!UnKfrM>X)(hkxNz~{
zSqM=#!r{7*&D?-}>0&T)$tcwC`xSDW#Wp9J0EIMfpt^rR;M!9KHy3)tn2(M%GYZ`x
z(|qFzM{39?G8V+?0BIa_isd->-Q@u98p=p^y=F2Eq92s&Fk-Yr`e6aJG${F%Nd{&H
z<wQ3IwCDxBN^4|H+T^@>kWksVIJY$6R%rXv8KoVsU89vC0Ib5ZW36bF_E<35!Y+^K
zO9TPtpYIKL%5H5+oGARJ)w_FAigsH44R>P!D-FwRA=d@)YvGw2R_E>`{q#C4)}z-%
z7LG4a;Zh<~7m5Q{PQF3$Q1D5Wb&GBkZTHHYc`{R>**rNp63l+<H51?X{D$_m8BKQT
zk<4Bl5Xv49O4aon>cWkOb(_@q80z6R3()fXLY;HnmG9<FAAzN|tjO(KrZ;TRtRNgh
zi3imO+RWWOBb2;mFM7SJY}Koi54|XoR{`u2#ZlA%T;8Lb_?1)MUHK*VY<i~4)H3_g
z@h=s_P2~x<lme}WJf-_OE8V8U8;d$$PA6f}e75#0nj=wi;wMf<lljQ#C+TaTXxk5Y
zz0$W}Nru(?fu)j9Tw17~8hoYzjw1(-w=ZGK8iCIlR-E!Y0cW==XMkh_wSsekQu#vZ
z{_EiGl0d24WpAX^{iJ6G^q5J^t?#;J&NNRA=KWRxb*l1&z6aWK)_^#y*(O~b)<P}*
z5X|E5u~GN$*rrc^F5EGBZ${dECD*3U?hC<(ihq(do$~X3(T<KbLrG1LGP|-vux(Wd
zvO8ib*EEf}cQU)GH*~P+$e2vdhielXGk1-ypT2?%LK3%bfhk$s$}YN6PB{<%mqNYC
z`s1TZ97O1yC<OoCfGW{zsB}QS`~SH5@<1xL@9zhdx(U&sl1@@xDq}?%n>8s)QsyCz
zlzHxSE206FBtjYpMJZ)IH$oH|DVa(rW0@n~&wieB-0$z*e-zGn_OtieYxu0S_g-r^
z^kBNna#4!YIB=Y=GV^3Z+WD;dyrCM;zIVc#j|Hs`aN<{5sMs{dZ=1#MG5hosUryk^
z&g!1vw{lhdYRhf%4=&kvE?Xbzp`sFCz4`K~cHgLk`;E#yHycE!lpkj*;!tW~C&y4D
z_mhiPCYibq9NOKHcP-)KqlmX`0oFEk=xKL8m)+#96gy<baIZ&m;+uNj4(!)=sB#oq
zQh%6#21~xauUGmocI8b_jjNMeohE&cE_KvZZ~`TD-LGlVi2ShRhsV;!662cRE3?b;
z;Bx8J@9FaWVz~#3F!GM&pL@y0rn{Y1FpEwV+}xjOT6tj;wHAr#V^uV|R6_Y!a`2_8
zf<mT%6jl1gd7h@uhu;Y%!~5K8ZcBfBIuTXOY(_l#V<6iK-NsIH(#R1^YM#sN56M1;
z_RlhcVSh=pSSo}vJ|!;Zp(-<2a)%~Rv5qZ=p{0%~)9xt6c2e6!H6$e$d+g5a{1p~Z
z?~y)ZT=SB^w9GL6@%HnHpqy$ctrxwdK=<FPl;mR`x>=U#9L6_<Vy#>>fhFu?D8Ha|
zI^R*;=;jzpAnrv`4F~7)ag1lnP>%16zOCDxH@7#}&*h%3tJH#V&3szZiH-h|azPp2
zoVQ$ZeD`Ma(5iZeyN=whv#!5Q4Z;;@LY1K${!VGBXD*I7(#%ntLHAB^R<xq)w?^Nj
z4-ckjC4|fu=w{bCksYxx$Bc2Na?n3(>r8k1=g1iu@cO*Fo}V4RWiTPhmVInuZrpTB
zFC2Z|xg6qfE{v%<MMa+ETdlL)FTyx)rhVXVuiasRHisl)o`muBi_mPcG49Z7vf)Wh
zzUtTWBuCE8@>K)3dv~98Rc+5)ck;939*?Q(o5D^#1oS4MKyx75#B?)tbeG?FKI7&@
zM=cM@;BNi%Nj{1?BK-n>xQWsE<=L_W;%T!$a<;Be-;cJz1e48}18JQLK8R6kzhxvB
zhYKklL^w3|*X{k8<f`0PTc%DI)npMY8l06Q*Ye^kmAz=$!`}L(NmN~~L<)9M7tNGP
zBe{I2Gx<xC%6trk^ST>H$((Rxw}>*e)^-WsxgF-AXH!5p(a`m<kjGTG9AdZVQ@hz%
zmM!6{-mZq9M>qU(v1UtkPPzcPb-vN7eIdV4cqzL7;y9IX-~HRns44f^af5nKu!OcB
zjlP{0Qrz@-45h!quf?h&A8T$$k39H#j+~tw75V<&7@cR)vlX5ld{z>4(8fU`#;Any
zJ_(tnviy!-U+LY8i?~?PW+(H|!IZ|)6%9O(KEw4i6p(abWo|o89O)k*L}!Yhu_a&0
zP-=-@6WCKG33NY8i+Fk>^hLu5O0!PAmGJiCQ!VdJE46TD0X@qlng1`%9|oq)it@<7
zVOzOH6D*t$g6eN|f#-agl2lZuiQg&e#lS0?+^QN=(k}D$3;S)sN+txRRh??X;U0=*
z5Ivai*?(CW*96zCJ0e4!DGv2I$aFZmj0`cb*I}zWK6r{icmH|o-DhLlhH{1brD(Pj
zNPO{?<qqDEm~=d%y2mj6BCpHmhx0sxp)uOyPK1E7W~4zo#adm}pmbz}=xsp9N5NEG
zQm+_wS5YUZRzhmb-kC9wPaPq>isX`jlgNw3cHf%!d#`zDo?>=5&y#I($*6Tsgmheq
zQxRo9G1?3rX#G^U<^>KF337F+`~8z+bp8@5|ElVDLIA@R3LKjg5wRb*Gp{VxzuuFa
zK4&>rSQ1{|1R9fe)Rib9<?9lk$2ve88&}rIg5j`=)K5ho!>yS8QYiSJ>U>I5>OFKt
zSvLz0JJdUC4q_h~J?7P$=XM*WPik4sGhJP3*C*i+iq6hmVw{M?`P3ObB+%5+;1Zx=
z`)qdCicQq5nB?MpR&1#tttm&Igz~vBIH`uQs?=wsO{k*v=LGlZA99k5iK|REJFK{9
z=;ppMPK3%!F_ygQx~gj2*%B3DL|XFId`c|>G-!ot_HWA;8>1aHjs%Q!-aYGS>pa?y
zYj%_lzkJ^B!S5Xz+&(qleqT|H(~GglK;&>UxwyX1AprxQiJ5&t{V@7lWyciwL{oF*
z!Yl`q#{9eWwd<i7Y?Y52VYSB#o$PM6!I#8-rV}$Vng}K89#pYh$6!KMFkj7DWU1VF
z0on-PJad+-*)$5x_*uK+@}|z3e^o=cJkb`tu;$nA>C-xVHs!)W{1)(3_)x9UH>BpJ
z8{6(9rhk18zq@Ii(?+DeIGPPttb}VhD7MLwylch5*_kOgO>LKU34ElaHtEeQzs(x)
zST7l?{#hLgK87pnc$^v#n5KTJ4VgXT-4{p=)$nz?AR`lsPEbFU=#?*e4FzGBdWkxt
zZywr`Vk#SwZON|rvUEEc&BZDAz4|T{t|I=r>_DZ_H?1W2Nle@JhPKc-a?_PLi3wQ!
z;twlUW5029q)CzXLL*6Qd!?T3$@n?ReJ*S@C2{HKpUjC>SP6=qZ*qE>&>IysF7wx^
zPd!p`sx6-3r<Uf#hr(4T#}a=Sn&r%;|0U;Ydsi!1hrd6yv&MFc4Gm)RT~|A9x#gff
zVN|8Ox$D5F-#a+mfz~F|i}X7o@&%O~i`;K=ZtJR6h>Ji`@U)5zSS*pszm;6<QhEP!
zQO&ch4xB~q#H>A-P?6V?QvElfZL_s`sF(jKu1tA{!LBvG6XTTpNOY7+I|Sx>7=rhk
zF`XKJPyDrdEIU<c%9t~4sdbAFM~4>G2*O+%eW{%Z4_ek_dWHB&L~PhgO$i<L>T>(-
zY@$~TRSEU)&Sy`5f<rfQc^>Y20h7Kkh9@`z$6f8L{~j+IaemClS>u|QDPyV}ZK+1u
z;OLewP0H;vOuxcofrzEVkUdN;zAe<L{H&v5UFFaPzI@xgkE%&_nxCT!)&LDRzDj-m
zLsw#HiiIIZio4<jpG{-N>Fm><=;*bwoH#9LZ0+rjs+S+$zzCJXK8YArf}x;js4x4t
zBDKvWm^xFm=bt1Pf`c=t=rH(>BSZUwqt<Lg2RpMT9;z_<X2RqA<by;{XTmlqbI$HY
zh0xHd*fwFzEuUM|lZyJm;uAedL^N}k^xh{>Q<!&$I`}_F-D5k@m+rgw4ab6OMukb6
zz(@#_T5^tD)1^YMQtGHC#A(s!oZsD>U-Y56;g~3yQl}t{i2o5KC8R*4bSsu7nM1{l
z;(=OvT~IC{K1qhkHKM}3##f}$lEfJ8qF1Z=*{LgZQQ-kvy(xFm{D;nxS|ihsxG9W9
z=ib+e80jp~>NEU!$_0sF>Bcz@%Xy~wQF8H~acV(teQXKLE#xOjD`-1{#E)2q$-6fP
z->&D3+~y;a*xBZ*LPp54?a2GoW4HpzTj^Fe0u4K{N*^NxTN)pazC$nu(aAHpol&ff
zace}9LyJlkbsUbZ>?e29`i0|KzSH0;AoDMxiALAsxHZM6V{(66lN?n>v*D9<RkNYo
zbh*VsDUJ8pV>m^ipurI~(V-fqPw(3=7>8rz)b|L#o<ruLk9pc+glLP|Cv)q<LDExg
z1{0`?WT1>mJfkKi5Xe?)N&H1{{==@hLn8<1dRrPnG||@kg7uJCf^Hn`_PN<2RZ#N~
z5Gr>A6}}=W>ckl2Sm25?6&wo{w$m?ZsJU@D9#NY^%h@^a_QZ!1T2}MeZR0%X>pMP%
zACx(7Bim;Im9krQQB=(ZTG!~<OFH73zyIwq#_6)3?CF<BhB2e@TNCU`&ytKMebFcT
z>1j8)qtT{j5GbTuGO~$$XtNKgwme`qrMiwsTW$*O$=#NB!>{9VQ9)RzgD>4_);Y^y
zGcZg^^m{xY=C;g3@|KbRp&Qv;y{J?0LA>t*e|`gyXu6kK-A3$LueDV>)XWk<RD6_6
zw1S3m9om-sb9l-8q5{+1k0IGq=R=`4Ae!>8vQ?fF{jqaJw;5G_k0%_G8>_R_Z<WPk
zq0TnH!Te{gce&>9jWt(xsk=&R73L(ywzb=`hq?_{L~CfBTCq>111l;^3rJDX(eVw6
zx(@wbHuJdApWul4kFRp%{8xE)yr<3-C=XTn)DL*|%M<kMC=~6I24TL%bFe6bF1>#a
z3$1zNs;qNG{#gb|(r3n_@G4JjkqVtrB8Pw4f|;IqaWuC?Icfc0{Z2lHr3;V;;>`In
zxO4%(=RoU_rn}BObmG*94=<Bn%qkAJ=hLQU3k>*jq9jQp%Q=TsE{=V8k;*ZK)pjO0
z;EfG$;<CoN!J$NtAwW2Tq{y;qgytubPMVJ2a-vQXuo^<0TM0sS-0`S-6~c2%xlR(L
zvuT=G!|miv9mL(t;-k6mWtJ+DS<;HimnR9%U|tV2W?LyAN}bt6<TPVcPUlyM+1Syk
zp|d72&tnR`mZm%_(Gasga}elMllt<&`S`@4yGWE5FPYc#9ao{)&Z7engS5p5-zL{1
zs7_bClij}KTUG%qu>_1P+a#BAH-T+zK!lxl#08$!i9nxBgbm;tvm=a1r7KwoP%KlG
z3El-{rOnJ=yJn^=VI<u{adckmU%UFJR1;q&6t0*6Yc4^U2YA|XC;S_m8F#M4ZT3eh
zDvDDD!O><osZd++`>R`oHfYM_1X$G17&<M~naQIsu~giih~<!oZOSGisR^bfa-ZKS
z&%qqIKjiKMX}Wt}yS~c*bAx&S6M7srrqfHw5IzMN&v&kig<f9Dbk-21;?S~G*Wu}|
z+#UF(h;uaNO)2O~H<kb%(f5E>#9$og!7Tn{j|6!-JpD|uriO{x9Ku;a__G^cyY^Y`
z-9k&<FN<Jq<R$ndI(dzeYyj6jLs@N|ogXmJhJU${1}fGq!#LF2V+4Iz*g&^;?4p-w
zl>0Zr8B{!G{<qHIU1IE7LAI{usmGyw6iZ}O;r$anrsg<CU||AEST1>1GHV&gBqTw&
zm$X~<MA^y1B`BswkmOY~w5`)S7BuzX;(z9A?n>*b-dhfC1n;v1MqmFz?vwp2u7+c|
z!IjMw+yMr$I-^eMtRLmrvBIqGVM5J$yB<}`9iBr(Q29R^JS0(otd>N_1p?tXq$e7h
z8Qazik!;B0QNiHo+*Kd$kQL<g0}5`D68x?i50c3Iw;F~FAz4OoUQcmO`%E$MnX{P4
z2QvdIEATBV`*}WDK$g#cQ;_}CE}Eu5M>g2!?h%vQ`MG`<Waa;R`Wi+>0I%CY^cO&z
zS<<nt{wV!)?4OnW0fcH57==(C43y@Mz}=93?TmpYRyGeU>-+^|;YWkpgA<C%VSVKU
zxLh!*4$0$n@24JdoAW^<D@z}w)ct%^^le&l@kCjsYxY_i$pK!d%qV)f2?YH-?T8za
zPO!9joIrok;m-cdm4~&7?=I6WmqY^(@_~*tQC)>PN)KNfee?e1UN(*TxnBl6&x6<W
z)0_yb_v|zgONRO{M`d9GP_jQ<YyvNWC$E{u_vM%9eU(`NroTpYC+VTHQBNeDs~rvu
z7P2()4bs?S$nb4H8QCroxI0n1iH-!ZTQ&nQax0(1v^))C9TNTkwq>scnh~j5oTN@z
z`IKpo;m0DTA1XiTf1-EVP1Lz^!Ux`?TJNu3F?S+N?4?sc&9rs9Rmo~j@NyWHNb008
zA}7^G-?oes`(J2N#EVGLZ{oy5={`%yE7?XrKWp6gd&GYuP5J}DGXe#=yLj=Nsd*py
zC}mzuflP!mNEH69xc!;+d{5^*^JD;OQ;r-qmFUKnn0iE2<EzI_XoQ0kI=d!ubS3j#
zzR_$sI+<>8PGaz~4iXuap(oyGS$&r*?GJPn1`(oL2o0WT9BCl#dtc#MFY;bgz(34?
zJ}O{8S*z08;d&ucIM{4_m2?uVCe|*4UgAy63dT&H6sKQ{{QeV&Uq`%pipO8Uf!Skf
zNFqX(Dd7e~|FGzH_)To-Bm(8P{6&w2Vy#9fHP-Pxz~neFYc&}ilN_uB7?tAUJ*4<r
zb&%;tU|rQD|D++&4=3Rk=~zL3RprPj@Qi_U>h-5j#97P7T?jcx<9-t8BWhe|RPjs|
zoba$4z6dc9RB%{qo2zBSX_q+Iw&1G>;M8Aa#zehV(`@<faGg44+-vADS0Ess_^e7M
z8#4UHP<3<u>&|OJRtFx@(elgN_3WB|m^Mx9M!>K2Tzkn<Ceu@%bVyd<0W{jQG(xW1
zaQ@iGM;!|paPN+}n`_+ARguYS*TfVbuIZhNc!9|a?x6Bx_h<T4wnLW%4(`xhMZk!V
zC5~H|Gvjgmx*p;Y-KSfE)QPw*yFYWm;j;l9{$vS<5Yk5061wTE6<Upmv!QvY(~L7F
z#G2caXfn3wxFae$uMK>4>&U_reFRq)?Rf1<;6pae0H>A;%Ms0uCjD?y%c^n2#bND2
zcsXwr7xph1UAh-~|0I2$dc<x!0oR=hd2VAZ-`9Wh4-nW*L~cvoCqiGYf1~Ic*QAB`
zYV5C?Y}vI*#QQEhTKyD(QFiSptuD99bo!D3OhE+T$m9<wo=rz^J{6N8p{=!o`b9MG
z%vSTz)D%>Z<n%}*)G%mHKpM6Y{;}SDUWii(9)qPm;_h*8{j{N6;-~hnK|CgJc}Jq7
zdrJFFJfqWa-@hf|=)F{4C{H34K4w(k*fXU^w*}r<p5N~@QOAVf!TxPrp6{IEAKUgp
znVR?bx_kTrL6NwVonT}t=b(fl)TsThes=Xv>?X0S=H&If(lTjUYCy(>Hm_ofM#n_a
zOC^YrU>LVp(j*p}J|TKpJEW~ndsM^^`pxw`erfL6z8OXDzVk(ns5Xui<j7T64z^Z9
zue~<ea5%52dm#VBVvK)idE6>bFP=eoAouD1_e4i=Gd<w#^|L?djk6NfvU{gxN3D$`
z{8-ziO$;hp@I}niGINKt2Q#f&+y0urlh(Npkg{Vs`F<y({Z`da|8M97gY~s<oXd<E
zPz|7m%H<g=+;-$sbeuKeqU+*MrL=yj+ZdR(*S}4{ayD^eq+MoQ$qgqgi)P*AVb1P<
zC#LAi#XszpHNe}9&JT|8nn0CW$)P*piQU8Gk)azf!j=*KJ*23V&aL|p7sUVQcFypB
zAZGuHv2`z{7L-opr|K4Q<s}vQF<96Vn3Q+P;j-=r*ac8J-LE6~*-WX(;g*J<t298C
zO1OfKbGa<9XcaYK?3of<Y_ZIcNbKzLn4E@-z43>)HLb$wmX1*_-MLIm=6f2m1we7q
zA>Wf=ofL>^m<*O*L4y6HN!)zvbBzg$aL!CxBNeAit$lvf1sqe%)x=Q<G@bs7b9E|l
z*RPAcKy4GW$h`zTP7*OV{#VN?!cfwAC$^KY4{7Yl*w)|%M-&Zcf6C}lwHXvrPQj>t
zPYYqm7QQ{YmVAG@{-f$npEnvwdx`lxW730&*jKtM91UIuI~;d~{Q#`vUh{PmX8SaE
zDk3_(jSUKr@BV};{Q#RJVlF5%;A#JqY4zXYQl!Wxz4Xrqm;qP!a4LoR_W89j0V|7B
zyNHc<U+zHs_v5^=MIDsq6AgGgW}{k^pEOyMtiaf|<(CROo;lF$@}LdTGOl*DI0f;G
zb;S0C!MK7i&gPe+H?oWF3!G*2nKt8}1|tGY*?r|KVf_{N@1YIzW0?Z4?ne-!c(&(M
zSTxKntb|1Rf!(7dd;rI<fA5_pAHFXSFR~|N%WbPIgCVJ$(_E*Y1ifrty!v=7Q+?7J
zbU?X_gPBBHU*%;OVnPz>Ef7p)LKC!k^d@D!*5z=abEllv08t>O22YUJ9U>y{SM#%`
zt*bh+P*^P}JR<yr1olRtyM;vBPCp*6pnbY025L&t3Og2&qdfkS1Qy*tM61H0N*^}j
z*%pV<)k#0<<QfT!`s5PdnR1jbpmd?m^Z4ZR6a(qio?Jy+IA)NFc>O4Bt7{TvcXW&1
zADIch>fgoFa65%R^2ZuHs@6KJEju~XKcF5424Qak5)Mr^^S!3w>yK4eTpngQ3V_z%
zAyL)01kAWEs&8^o``Qfe>;51H!(b>Kdq54fh(#0F<L~9IEEX*rTqdcjARu~|c-BNj
zk33sGvE?j8oHO31HPKO)Cyp3z+k&W`v1hg};qx6vd<w>v>X%~1YK%2Z=Ep^xXhHuQ
z#f#?09`#yziuhR;@BBI<pUw0$7;^cteL8;kz6Ka!!_WW)MY?WM$I>D73j`eUXUwIJ
z%_tRG2|UT^<86Q}geAYvFB%csmIe<fK;LV8;uXF#{Z7BOz?2o0efNs1_j0P$1RboE
zCnbjPggt~TmV`|~A|9X2Yy<6IiKK<2Axk6-WEr$z&-L7g1fo22@^LGZ(usn77CEFQ
zS*KuGjT3~Z&yK+7D4MfY{OmA;>`TTP^cjASoMHB-Nsn>xYk&@^93D*7DBQx&S|8_s
zNK#ZyPqqHf0UJuXX)cR_9N4lOmDu$$$AY=4L{XafwBdS@uQ`iWR=0E$oah0ZT1M*;
z)`ktx$NLuWi6+*wx>9_$TkULrw&w*UV}V>G$QSa--YH{!e=G*kS>Si_CE+8|*h=_B
z)x-P#6t=tCL`vI%^4>~t<2Fk=suFyYh^y0FY_P<(T|+!w=`Rt02F-MOlTLRdQ7>2O
zzlm7Ro{EQR%Kw)Z^BxdRGa?wZF7zF=%eRtFNo;vj8jR552me{KPBc$FV&vbZ7ohq?
zsN=cWIM(EeU>o+xPQckDWA_2;-6DY)r^780m&fQyvlx>m-nWxKf8TsQ1%Rpl0x{G!
zo~)JC>nveSJsYsf)8TvG(KA^@=jjL&Q+Gt_!*rrrRTZzR#S=||CUFAcvV}ni*qkYR
zn7pa!Rp%QzW*}7IcE1g}M484=Y{_cuN-sCU{ckl*n^eHU^G1EL-3~UCm=iK2Q=Q9b
zCFU2VeaZy~*OAz?17RE<7COfvp7fSH$Jz-Bces0bbs56&f4C<A_ABsl2D%MBZtw^5
zpX{#5-`d>1fSdth?S)`HyLLKEThE(Bq_gf9;A$b=ID28>)dU++@)5|dZtQzv9|(SE
z;z>u-wawJ6FWoV(tiEu5RVWIPoh$>K16YlY>bzjcgkcM5Flhu_yo4vq{InnN&0~)l
zia+Y?^iw%SL!T8~v|X1jFGCqv1=l2EOCBSs(-sn$7?q<kFgI!MI=tSf^Yw{+{|)he
zxcmL-tmTi#L}K5xWOUaYmDaedi!G*7SeoE#wL)()cYJNtl86zMu_s})PDwKPnfI4y
zacOEvv<hkL$#8+s6eE13U{m*!Sg&tt8WRcHDdTRp(7cP3nYtmXJQc9>R8fSOgaAm#
zF^<gH5boc@<t>E<1O@59E4t;(sse<<)<fxSvPfhjZ?+(%<2yQYXo0(OpW1zYsp)pC
zKW{ff*kj}@pQp}(Mra4BN!eR_>WAOX_v+Q<K$hD{dj8un3(~RzXdp+zS&QH^jtPED
zKu#$ym=skKEXq0%ce1#p^Vf!DQ4RL}$JgzD8pdCQyTRz`v)@Tey;}W0wqMvdm{d1(
z$MOhIN7n4-#W;#M;k2CXQw!S&QQ`K@QU?ilVrL(r;sw$308i&82`<a|xOMm0`d~L%
z_BoSHWO$becw4d{sCEY}%cafN*Sw+!PO+ctd}ONfQ&K_a@WBc0_Yo(Ko@Xb4ohYIx
znnt%_8>uC%>2W7srl#b?|1``K*mQhS_K%eIZ<O+H6AdGL)qPT4-%iU{&q_qZ{hy=j
zCUQi8ZdnhAY-Dv15s$jd-Rf(z#Y9bbbe9C((<S_#oqjB&puJUc`>>ZE-^tYS{foxd
zIVoY;N`QP;m?A&#Pt&Pj8}Bfjtw0BKt3jNB-3$S_i_OH-ZF`_Nk064@<vt^#I1eu1
z3x)~ti%4(0RCwc<hSZzk3QJC%;{NTztQ|;!ghP<ay{C(R@ch+p`ez%_NM(;!&L$>?
zw9X&cW7?vTIZ-rX4}a9ZqU+gDh3tfmkO@R`0j^6hd!(#pw#?)64wL4%y7frf-I`mv
z`}RLcl-<~;MxwT3qf`HBNvd;kwQ!}>71h}W2kiZ>{VSYvv!Ks4Lw%#bzYm8$bnUz@
z=H6M;*tAnRS9c{R@!{ez61RHSN4g#`@g5l5UwQUgm4E8C*wYg~vu{KY+P0RshMReH
z^;cb;xDHd8zB14lwv%qHuMvm3C8@ej>(Ys)KyB5pA@k3n2Fl?MYvSWoFa-pVyVX*f
zPtm6B*VC)L9nZEYi3t3DoorQ;CSvDyY!<uA3a;&(hY2<Lmv0u@dR7p!D0JSC{e>DY
zbmM3}>T4^gClzTgi*@q1{dzu+WHv>JkzK)Ln^4>dc{Y0=Fort*`SM${hGhW*8Y^3E
zJ=^jsY75KM56vlVzb@DxtwL5Hr&9iHL_t``hAU*Js_Y5&dFfVpGZbgyRyYKDOAC}O
z4a23qC&q@g1SA|vrT5Au5@0!#6J>wxm`V-1s}1<PwCaAkrDMm-YQ8`2)0H|t`6m}9
zWmi$hSImiuN0;6DgCm6x$Z=u!6RCGdsR6pNHH}F&egpofgM&%2;>ZO-&%`u^dlaKW
zIRvFHs%$+=K&--`o6d8#*U0k?Np>ywy`tP$kU6o=8?vigR(s_;4IMQ8jg|fNfJ-W!
z3PQ(vV0uC-A+X%VU!u`(cLB5VN=vPIjQ-zW--L7rZDTE}1TW{FA6WWhWKHoLD|stl
zhcK#OahmEZzD}PVgj!P$hkf7rr6g!xNjH9*qb}vK8-hVviZ=X^i;kbCAcO75g5k(>
zUlrk*H>pt6eq;K$n9zI3ixD!WaB}xgfBk&%6A{_ts-7nCZdI2?vU*Q^A2E$oy&!8X
zpM8ib1;AwIT{i3~Rz~EuZbD;~|1Pe=b3W)5op?x+?~TDGj`*XA-4|?dKGOio%=Mcp
zqr=_jU-6?f*6ez(dThU4x=&r5vwB-?oZal9g^yGx-Fq@Jsip0>2&JG3i-t&U<`$$l
zx>Ho5CU14Y5bwx&qm`84)45TWD}*V6Z5@k7w&6@@<g#^IFA_ZGjnyWVUt}wWj|fs0
zVT<XFS-;|cMA;QhH!>&%jM_(1{z;erogysSrPp5#vR}A<vh`Y6*024i^L={9$~%8*
z(*s7bAOE0|+fiN$JGV6JX?M=mTC`Y$;=Z`@<a^|Yz}>_r0wd*92Amsw$FiqrBZ$K(
zW%9xZ8D!qNCF?ksGBfrHx%PYumF!yjNj~>b(=YSk_9J1f=bzNp9G?D*ue{Bp^X^~Z
z+Z!o_`T8&PcCF&U>+;)eDpvAeN<<D)GB+iSV+(^uys6*|{%wC?Xj4>ji4Mn;iymr>
ziLq{bnC*JvyDRDo9hCxqb;^B;m}R}-=eNSE#5`McYAq#6!s#cd%9FJ891P65d?NR(
z_VlkI&!19SK^T24ck~|-{zxwUg{}5TL6}#`;5Oy#UZ=9bklF|QDD|*JhUtjPxMJ9|
zQW!BcQi<ibJSF^$UTvmk51i3U-{xXdR|J+xO{Yy@zttU@H7$xtuSrK2bNgsL@q7|>
z;6SoUcoC=eCCPnixa&O$RdcIzvFE}(cmB}BJ1y9y<jsCx97?+H!@FhwYfN+=X{~fg
z?8P#5x#+r}e)j|_IuG30!DWHNsJ+#4C~#;e7BF%I>nfRsDH(eYEN@&52VUY_YMa14
zrYCCUCBvRSMLmJk-EeT#l@oN)q|eWrQixV)<`$!)veNF3L2UC3xjD*-u{F#Nklhee
z(w&p95s&T#9SD>mEk$rM5xprYmrmR%T6nBK2G=(MU8r)VRvUZnUX-{Hzj6kH9U{(<
zMOsOB<Iit0ja@}VzSL~&wvx1<Ov?ZRZzU<Rbc;>+SIgqQ>Hl;E-F4)@eqtUb<OCV#
zpZi)Bq~w->F|NWfT&A`DOR`HwE?w7dX0nM4F4VARJ=Q3Lsimc80|o8+g>e741_DLc
z4kZbmQ&j>Kjt8ah!lZ?Zjdzez0CZztFfGt1BDXll<h`FVuvoZ|q)_?gNKq@9q=JgO
zjSU@8zjKmE5kF<YYRZn2!-GSaNeK$pcYb~wqzzS_#bUCuq>(xPX+DOE6yL8B`dg;Z
zW1JqHiO3#RKA%n@#lGPcjB<W=K*+i*kd2-ESao~B<)7cGt}4vSO&*H`;@9yokK>yw
z$&4kRzqFBvBCCLESDdCLkhjU)-ZDebo8Eko$wL8SsJ&>|vtXZ;xt^6)!RNam!HZGi
zIm;&g==D%~f?3+m{g)Mrj8k^xO0X$ocqq1M%9b&>#&(s6XQv~~5;BS|_}SK>RDo5{
zar|G_cRq|IG`L`Dt*lF@W!m4-cM)8DpR1Fru~U3~zk*3*5yo{Ru&er*S4|@5&uJ-2
z_^rHerg_f!^fMmY!P2Dg2h*AjcD+vwIW!5Es5dD}ZVh?T@x<!^a=BatjeK}!%M@v{
zDR!4B9*LTl_+#sq8Dyr<>6vD`eV8(^7TiEuj5V<vzhK`V2r=bJuxu4rh7=Jd{mvQ`
zVC0lWqB{;Bl2qaYbu#0{P(8dECy#22m1&phs$BlbvcEP;mR_bh2mZncn2fL%%?LtN
zh7+MutHqS+>}(BvX1w(kMvBAvjjLeDny-sg`I~da%2^uYCiSL>By^}y*>7tS9~0vF
zFj-$EG5`S7o!(3t*p0ae_jnr-Mz((}k{NKo;ZAhE_qlXKyv6f*UNSvXQ2icBHFS({
zwy+sl7x~nL91@r3_4ufF?pZmi^&NJ{DdF=GPI#_2F<Vw;-&CiWwK+lQWFb6n91iqe
z%=M|tLwh}+scDehqz3;$I6MZ2rAU2XtTokoiMeuq^EHaDs3Q?Nz;QbMY2CEzealtl
z9B=Wi0}Xw-An3NXykt^LhcxyDdXO+*3za342v2|BXXrBz?;GUSf7<^DoNPzSg$9ue
z(~^YWTKi_G1US?dnh?$8r4+{WMbSdha9K<;s?9MUd9J*p5W;R^cm!#O*`_NGFmn+s
zcr^>pXcA?A=bS=qzIR~y4or5X6AdVs?#e@x5>$^pH6VAp#|YB7nWe1cZK2U>86Av{
zEh@;sj{bd3+Rb+&0^Mhl5<0A}C|&CB^?7+(4#FKk%m--<;{mV?Z1KyR+|i^aT(blB
zebf5PUx3we7y&^sH_rX7^YMoP$TBqu#lamPv$(E}NdSO6(%rWKKl$Ul1oC1Y-TrB;
z=LThnuq^n=hp7t3#)@Pv$4anCrYV?yQ$~0{otEkV+>*KsUNBPqk9q`6M*>ZU)LT3?
zLw=+R27>C$VT>p}y6Z5z*v(<TJ5qLN8`)=96KXpjrDVHh(4)ipWhmy{c~I-=zVY}3
zt+^6?VnuF2K;DLUrSN(CVo9byWFT!82n_!FOjNQkhj1Yc!{qM#@hPafiWJNVpv1Na
zIzo-koNWh%!WS{q6*XCi<bVFXW=MpMTs}+|KB;Py;o3ov<54rLhEDBck@5iJ{4HOq
zP$gGMq!_)Oy^Qsu+iaW!K#g(&jo(b|s8tgt3}cVcg)yV6dyVR1>dR>A)s4fsV>Tb~
z*z6qzk5qe(pG!9YyF}ggDGIOUiW_zP1#}n}I<N-%I&{Y&;W5@SW*fsU?#|FGdXGi&
zS3-%icRn9zy``CKh)G*qeVAbO{85QE(y0Z~LL7CAP?ogjtEWY&11qX(3O8SCB)I@r
zCjKC&fx5Z5nuCarA!#%zwP=ipW!ttjR;lFb+x}kDmtj}cZJ~BDOEnv~0G(Nm-T7By
z?vR=syI?ag!2TJG>eJW*!|g=Kr&~#ugvx<@Y<;P*Ppo!W%4u>}40;(_L->m{A|4$Z
zf-1WCf-e~Gcg&*H`$VI|2-YuG<@T2mhFq1UcmvCl^h)(d5ffQ_^_cgdQsX8l!2am}
zPdwfM&#zhe<<G(7>mxD16<4rY<r|pp&JDZA)Sv&0%B+A4VXk5tLDviFbxFrj(4B@`
z2Gv7U=aHH>F)pncbIBO-<7Q*S<gZ8LNQ#LGS>{l7$c;$-=H^1vPVby-(MLo$m?h$Z
zKI=XLWQ-iVQB!qwo6-|7jN*2p+ep(X#9(B;(E@l8Du*R&1Q=k0R|GNZ+y53G$MsZi
ze81@d9uU&=x^&>B@*SV}lcxcxgkF2>Xb|Vgt}s!17oH!Uus_gyroS~<PYbM9!L8;P
zZI9B?>EKO*lUP%${L?c6pc2_e)}*kFz;YtYq%}jg_8oh=9V!YwUZHY#l&wFqQlBl`
z5JuL4o6~dXyBR-QZwpz6xl)aPK?+K}t#8yY?4h<@Dhd-P&G`szyw|t4wLRuy3c7SM
z)yz#6JpAYi6(ddvB9nifY`{8OWo~znBC7Z~;anVP5g;0l=Q`^cftoYYr=i-0(*)0Z
z#8$%k{?{D}iRmoV1H1(s(5Zdy(Lxs{!oVN*-p~XWyZ&2L6+&nyDJ-&rYl1R}$(3zO
zJ)mdX%oP6wQbk0Zt;N6<i$tICH~ylo6F{KDzYj}Gr8u;mPnh<Dk2<O|G|ZiA^Cw$U
zdJ5&w%C&(hDuyLda$(A5q-JR5<`o_;J~@srquvr5%W4jIif#A1banP2TS!OI>t1rV
zi*DC}TztEq>WZ+PUtW`*Q&O%@1D~^HYsg89W^R7a;U8oPA~Uy7#z_>i5>!lb&Yt)R
zUtb^bF31ADDz+UXrW+STt-r7IJ#-Y?v1l;dOoVUfJz!MnOBvG1HED-3qadO!SYx@$
zy)3nDb#^VPb4b18qhkC^BQPquU#!>s#2*nPRX72+*~q3G90|vXy2Z`OpZiIdDxX1g
z>Cqgp36*>}b9;yKopT4KUwSmLCnx{&T^v3O>Nn+Tlk&&3*JU5*Ew{#D_rdYOSI+iI
zAvi+mo?xKBaX9-iDosR&t))H_##>b>k8)v9$jJ9&Z4W(YQ8pycg=Wn=0rYs_;?JSL
zET1_SNRE0Uum+Y)<|QzcSt3<_{Z5gl&_qO2qT(__h+v$AhqDz4yqD(q%;M6sw=U~{
zA`^wXi13~~w8irV;UBlC#0fYm$rao<^$FBUYx0KD9U!oU2nk~(p(Igm{^s05lXF9*
z$e+>vKbC_K&fuRvKoer4RhmYtrfq|>u~Ov_gEV~9x50v-0wXaFcg}_9KS3I_!p}JJ
zz!3)0W}0bnf~PpC4{%XAOy@Wi)jGG)07Nn1Rsz<p#<GOp3>gc)>DJxRklN-UhX;jr
zA?Sc21<>_dUlv|H`}*toN3gzoxB^9Y?R=PI=e`gD=QKr?X3Uofzsb(+Xx~R<sOHOL
zxzw}?lSdtNh&*qM5_DhPzx%*~>~#U(jrCRKN}qE=_5yj5{}Y$0SM^;(24cEwAW_r7
zGZ`a1{2gjg?>b-vfeBHaF*w&u^`8LBR_Y>SJ%X_&h6w(}hm>YK-O7>Ly_hffO7Fl@
z@fj<z=@@*uDk(v8vpB_WV4z2*YMa2wPO3R_9ca*Mx}(8X61;)&#=$0wrv`>UKlk-^
zAK|I@IOZP!68y*WganS8CS<&wGH`%kblpJPdT6j0Ov)06%u7_v4q{>IvZkO%u`pn+
zeUsm6Db~|e4XOPXH@vKUH}EJRN5gcI3|4kk9Bq=htHs5uPY6ZdadmxVnA)7#PnvEM
z(Wadot$kB>6m0o&8~ndsY9*5BYBR_WpSR|5qnYh1F9{#+$ow#qwIr-9TSFPN<yL&l
zLGfLkCKEM5_&WM{L~T1{KA+^@2d8#eLqZc!GS<DRO3;BQ3N+^hi9brzJ`<2`@Q>c3
zKGQibK;6?s=($zQ9T1EtPbYS`cR$%?qnsBe{%}FP5XchIO;!yj*5d3GDceOiZmfkw
zD)UOyJ1|JVL}CY7hK!x|u7aa-UHt%J6JWHAv~1(XwZuqQ1`%+)i$KK{e~!G2L-_!~
z)9}bG$yq_tQb>gql)Xq%uWA~3+A)*UG!q*19HUEWgAE_!r$LmI#N@Z*>k?^zkFXNP
zFV)OERew9(h5Y&>*D&1|u_2z1Lk_*A3{=8&%&Fm~xmp!TWRxT)DZb)edk>@RQe2FA
zLnWa7UIgWseC5X<F@@})0ZFHO!W8FUwS&-Z+@)s%A8*X;42nB{$F{gPAZPPkgi|RU
zZmF~W9D3&VfuB!1gO2+K6+ghT<DIhsLae7L?I79Vg#%ms$m=kT(#I9Io^vD1tw}8*
zutyK3K-DxbJkjZ+id4+&2;eH!#y{-1he+FAXTgXBI%qxnTpZvKszy355imLUatla8
z_+=#{i#ZM`)@()~J&{Gzswg*4iA8u&Qi6=+qDyQ2J~9ySW>gZvBc~mb<7Iyxkh~B|
zb*><b$4#f)2Mt8)56U^lG{z0NbkWChx)0j1AYC-?8O0*E$9VD!RhoKVFn)oq=Q0jh
zoqF1IRV}2vpY8;1I9fwkqV<{Tl^@w>2c|eJbG(kP<`Cb9ZoM|N;(~^;?e}<nOwu1Z
zr+)}cI>?1cL1akN3z<-oh0z!9uBF1rb&JLmi8cY&aOTbq=|;V|6ciHAi)clxwk70H
z0fl%%%sh?`fEZP`ovUW74^5zY?|>cHv$5%j=3Qb$ve|FU>P8ZBq7T8bu86{i|3y9}
zgagFaCE=qu<)Nj0rUJLVK|v6NF8LR;2EMJ(huH%NsuI85tg2VzZJrTX&4mXX7SnaK
zKKUO;(&IT@D;oD;q(-PC!?emvhBQWbK(#Mix~`_i$tP)yj$`y*jMrj_=5vk+I3>m0
z_9ZbF2+XP!f`>4u&F~E8`1iODmrwD?G;zqd-g`*oA{068D3H#vsZrs-Y@P26bKmU(
ztQo2OnO<4h1z}C_u5^n{ha%i$vBdrjMr4tw90j8Cq%KpH<nkA#R)&A5-|~<aQj%pK
z#O3^eX5;3Uk5^+y!w~@rUa-Yt8w`WYx4-u-$m=?i{Cb5Ea4G?SYD*az9Lj{L>}`C?
zY_?=wQOnghpNBe(7@s_eKc=4xFWh478xU4o2zUt>9mNy<30kMyV6dUfU{d&A+HBUX
zBQdp9Op?8Zw&cje2ta6&i$9}cvi(0q=6m5LxS)8@G?jp`nt~xIgkcE9bLq$y>9h4U
zi9jHZ=qs0(N&;cu@C3b>*J{Bguww*Lw^krrF<t&M*1_(%$G4}Nxx{s)noqWM<bFyY
z>Nr&8@3zHS?}=0F6!;Ic=Yx;gng^3x4o?3*dm~@)xq%{srwbvs(+Kpx_>dlUH;IHH
zc_;KT`wtcZkvk#{N1Fkn1B_8#sZA_fRjI>TtI!02Efl!RM`&l%q44<+hkC=OSe$o>
z9>2U+T#_vYD*A_En4rfZ@rWAF&CxIruyAOkE7iH5?jnN2wmCc}|4~ipoU{@fy(cQw
zQl@Xg#j(96cJp}(aAC<+5oLtNKM((TC2}}<gBDgay=)-{8SG1QZQVxVxg_3XHk{n=
zszpaWC!uTTKo?jEl#HE*QbfnHhEM?u(sU>k9)r>-zlS9yR5iVNDm9U{#A$*vzuI=1
zS$5`b#Pd|AOv_c38B}jVcE3FtkoGYx((lpWG?7CY1Ha+1Z2Q{T^RyiazF*Pnfe$Up
zcFn6W<Ga-W7CW%({UKT3c!K_>|8%G#Cw3*d#jK+miHNEn3z5d&-vb|utXWfufUbJ5
zTZB@h+Sa^UaLg<<gsd@IrGHX_(bf=!uO;)AQ5W?Kl5G3a`rYnzcg$pB*GG%E?modo
zzi&vU>jLvPK|7;aJdmP-Z+$PyGbg{{6@T_TAJWEl;!gx5J)l1gymt^Eto=*vBeIz<
z`OuuO0M+jX;(b9uOis<?>9Tq@SkSv^O+oZM2UIC^ePH%d?vBsyqNR;t?gJ?NgV;$0
zPJlvN(s4M_MP(|$7U~Q2$F=!X*wL|G%+bG{*~W@GJljcLfK&782`Iab*jNx;qs=N?
z?X&lvPrWy0#8rhCJgS|OIF@Ry9HnkFa57{?^P%&2)_k~Ri&y<|old>^De6S4k9J0V
zL=gpO_BZ2(aB@FJsb+)|hN_$TNaUZu^m7Q%Ah?RWq6ELmTiJ*5Q)VB3x`vamH5x|?
z8d`Ug*Q*y>{Eq(({j|wTq>x^{3`Qp1AG*9eZbMaO-hBO4`ZBr7J#_YC?+`XYpv5a|
z&Slq>jv#1tK2N66S>5g+AEkXmGrAHkC*4{%!|S+H6gICfk?+>6bLp4s^@r4V{dN;#
zt=J6ylHg~wcvL$kQS&z)is<Z!R3XgJx(b#gHy6=mo9-rq?2*z3dyo}u%Lb|a(8i>-
znrCvpXhUGWW@Y;>gC?1B{3@~1RsE_jyA)7Nozy)>i~2k9$KahJhp#2#%c$OVwP8K^
zuN{q{n2GmhuN<{sqOSN7yQWf$ed~JeVh-GnmDtHto$)8#q(fH;2T)P6foYm4Ghq>e
zuPN_S>K;%0+FEzlnJB)5&lRUIN>`)oRnch{<?}#7)6528ty*O|02ng@*Q(I+PtPHk
z)b&A|d+yxS4r@s_6QKNB=wJ|DU{T8~_*C<#L?|&wn*g&Cp9-Y5K9hbK_~HiF(0hDP
znqxyXpGN$m1hQfPR(h<qE%JiK&e`aMW!#o`=Sz9%@0N-PX$S1@(l4t@4w@>!&Z`(6
zw#)QJn3pt*=w0(bAcHqr(fbgIvY0;kd71Wwyq9yvvL9)=<>#9ADgW=ZfW5K}E=VaT
z108ci^lBQ$hEFPvJn9M)41cuQWqr`Zo=*pI?ZaAU%Z{T2Z~y7@S;A9o+uFqL+$rk#
zQesV{`ogel+jkB&d`*ld245j=iV!#8R#vWc?w;%~|B#8Rso!6cd|3O2{$%00Gy4NJ
zl_6JXLWNI!%`0Jf_cyit98uwCKiaxM>M!n#y7S~38J577!LIiaCx(Zdj*r2Xm1f=X
zRPfv1T$bqA*YNK_%IBekrk2b^)PM2vB_UM~$JVggtoB$JF1RlF5Mdv*a1)=7vL3A@
z@Uf@WG6XMK%er1uVK0s(Uw6q~tm7H23Q}(8>gSIi#HeoGZdYa0^gZ4pq+8X;XM3yw
z&0ijPsqpg`%DJIpxSJfGj>BvQJK{S~Ay0rVZx*(kr*t>0D3A7PzbB|$yvD1H<RuZ}
zRzNMoS=bo2X@uV#nVXqqB#4c8{n_yR%?|5>&i2556>8wrTJ|v>@GlpKsG*+66pt0R
z=BWAB9Fx>?Z{cIi;#_VtHvE%+++C_%ox6D`abImtWPUxVa!;2~f8SU2-1F?!16u~E
z5I3bcv@0}*@)}itFwR|e?Zj*Q-ZVC*X>kjxwgvmrK26=aPlB=6i>UHNXF~*Skreii
zH@1m^r%cJF{!`kt#N8~c-4<mZv|$rAhj4m<Y2CV+bzeqokk<<M?-Gb3FyPTt<H){c
zBGO#@H`Ml7Mt!@7VD~xODa~g)7E0i4O^O(SvuGrSS^*cHc40{1V)M&;tI6gm?V{id
zJ`ZsPf5pk&i=X(6D|_%{7E6{^N?f~Twh!*0!V(!+K`Fu=6!u1FZ@BQ$L|>Gcro9+Z
zoOgyK7D86&<`YaG8DK~;CdR-0OV@L9l|v|$akLatv4UaTO+7`)W5X3%!9ypppa?!}
z9Aqb5B}K4jc5Nm$d<P0?kh2`p|0y6cVA%~@L&E%r1PaPjrPBN0$Nhzv5WTMq`&zEm
ze7M1KALWBW@!-oVbkD*6BqcalT~SKqA?@cyE`L*<J4eA&PEmrVrem9k&cQ~(;jYjc
zD|Q1s7RrKWY|{yaouP{1bF%ZEXm+TRd!9H!LU1JF8CADE9jttV2E?2aMJeyMBw$XO
zPT67@m*R~(8vMN{6@T6<ghac&HT;NSNpQ=rnAwBI4m6Ex1j!?^h~#KBD({nes}=d&
zK$Gf^3mEOpgxNSgX|fbCYHS?Wn6Yos!))ea0(zJ(Y1#2206tTjyx#U^ZKGLOIP|tB
z)wy*cO%1%o=Z#sDil@mfL7kQRwuS_WbT-LlKSt85Lme}4m5F_W33k?<rVrfUY*Ni0
zFx1g<B6tuz8Pqo80EE#S)8sFjUkAp)Qw$8B{YK>7lmQvxrkXv>&?rXV_<lf4v1X+`
zPEa5c(wXmJ=Cz|ZobFBNquZ4qKIhWUr0*Ed7FZra`a^35!#jK-IamxD1$(<L*BBsJ
zQ!oi9)BmSOv%R_mqM3{bgW*Vis%gR#lssSX^Gy{wsX_+;)L8#9PeYC>`w`%`mS#+J
zT=x}znQyV#f;zCKT+3p2Z$8!h7~DKv8Q|!GTJEB%E)81w)fIvghr@onvMTubCKLLr
z;s+J1#*74Ppp|jXBbbjR`)%%!=+=<3_3gRibYJ}#Np*AEc*J_|EVj>js%cZ0T7}$H
zn=$3{IGX&ICqGj8$2F)<ZJwIdxP9YFg<^JQ6ozG-oZ-EBVZx@2T<4YS<Bz^I-QAOY
zjDLMkg52Z%X}w|qRNl;)W6msR|MSluhK%9Fyh5hGspQh`?;Lwl+k?1aD8hU5ioTKl
zNTBxbWk25L*8nw*-hEe8Lus3>Ik?Ennyor-McBUfUHme(;@a9t&+)Li1bw`z)AbNi
zR)2btzg`=OLYjYPs3?)HIaMg^8hCBP*00|(<3;q{^vmAxS=8yRcXS6!lcuPJM5!`y
zTL!*V;Z%v^_vPrC90BiV?uW3S>^+OKHNG9HLwr<l{4i^09(~%}LXcDvOo-j5Up;bm
zaQ=@S@7AxRgx(=xF5TESzW3JW|1w5q;P6aesyB%y1#^UzQ*{rSDo>HGUQ9c;ax!fP
zTg`T<w#0k9TWXeb_P2z~!Wq=KeBM<Oi+GX_@f!*^C7w#ob)Lv~(J|uvt4rj_=pyDG
zSk2#w5rw;#BZYldM84``eoFFQ^Vd73+6!s&R_59}Y<Z`AaGJu%?4CpKj=W2Crqp6~
z5IjiQn#(BX_29`k)-v0`>DALb+^QGa&(Sf!J1I`|44Swpvq4-L%ek=XGKSLRA$A_h
z-pU@FYPjAd?`+KmpTJMLf^5x9GELGHE$AGdsPJ*%p9<3q7iyyiY8Ea5<MyjCLr$|^
z!q1j5Nn2+Yh%2+RU+0>-_(Vd1L4~<L%t#O7E?JPi$VEO25#+*T+PK5Aq^`k^j7p@^
z6)&?8=trq8YCVUh6}xSB0L7Yt`T*O&8Nuf^(RxVH8|<@w$xZnM=7K+bt_V@;jtj8B
zq*=sgWG@x>vP0-&forzY6CsvtnYi699Ds7;PJAq$ef|p>BW0Wg_kSESo(g6oFR{2_
z4Cz6~F=s}++f+i<xj*!jsl&*3Kiz=t8DTuEIa0AA8R_k#H;!G8yVQ;9Ym%9U$M-=#
zJEt=@C=QqHffI7|$vQ1a1m|dvh=YVLtr-GZq`HF=Vlz(K3cVAsh!~x}UqY3Nc*%N_
zaaugR)P7rIK-E|rHvliy4GO&`tW+8G80l4CAK`y=V+>_cc|}~rfsBX~?`;=TQy4G!
zg6iBfeUzMZ(*OHl{RKy_J3aY}C5s}ypU;A%Im`_NcAN28*stn4&lf?SgtpbjRqN8k
zD@dFZ|K!|{ajfhJiFiRy$<}q;c?+4$Cp+A0a-O0nj!#&Vy*PF)@jiAga~+p+#aYnn
zIV~D@*Md`Yms4ceoXIbKH2#b@;n{Ih3pv6BINDbOxjjlev^U?f*bSL;H?8PwiO5_B
zZo0510D~NkqHhXORgb4Jv^GD39Tc@#?G~xeYGL&1OU4o1(y0H|ePHvuwuX{_5oR|U
z<^2iq$o77@UE|tEQH90#Tb5o4-#aGwLzw_p{r~olwRCKxbDdI0-T$1NMd!<<sOw4g
zAN0R9lmy=r(T~2(&rvPKl;|de(y-MYOJ|XEt6JqPKgKm*f2v7sG$xbseaW!vlHwnY
zT375y638lv{g)<CC{wvm3SktqVd=z(xOllAazr64J(eOtAs6vPS^6_vpQguM0vSLa
z@$|g{!I#T0WJuCz-)(y#3M(p(gqUL@bw__A>P8zcPLQ+z__eQY-ud~fB3}J2CHeUO
z5+iceq@<SU=UQ%isUdPX)tXVmoL-`|ZY3;n^oPSJS&EFcXo#y3?fTrmBX;=AC*84i
z%_e8KBb3NMd23Se0Q<}p0-RYIg=Ku9L}l?*iVsmK-xnXmZWsFx61z_>NtYqdvMZW}
zXPn)$78=_>zRZA6ZDt&gTgCJ-C)tI_q`u~9@Y4(SK`+nm<&PPGd!wXGAE2-($yk$a
z<$?MM7kwSh4y}eL4T}G%aJITi8-tYj#??FZjegc=##hDL-KEZ5%hqCst0RW;UxhGF
zWVC#oMN0@bYcm%t+10xt0>;au;J+G8b&;lhS&Imw|K+~s9e7t5AW%dV{2-S@NYhyz
zX-5TLq1Wc=h4j7HXvnnJ&LmTBVoX)atVNi5VpZ1uuPllqwYGLy%Ws8^^uw7K-@n=c
zRXtNdd#%rvzc}%u^wiZQVkOxvc`dCd*=mK;EUNntq=$QJtW^i*V|NsCmy@zbJ22Z;
zz3#nn;<Ju}B@k&VMtzlxK#}9&5_bd@r!C|W)F1?}TZ}vRx|=>~Pxndb=$Hm}755q0
z1j==GaTUsSqEOz?zW;a%bd;W<xc@bNGFZXj_pdVM-08FbvR#?ofTY#DYsRd(MESqb
z6wy@AS8ez2tA09``t1V*$yNQXc9_a7Qz$)gblBVD^8s1t$uQSI9+VOyF~;DGQLelT
z!!euIc;RzC_KmIUp$$_Bmz3&+i;@qX{X7>@;Jxqqj5afbTw{4vO6S+8+7wF_B?_WS
zI#-R;w`83NSrdm0vL?3NNrnthzlxBs?x&4A=Yu2f?OA)BXaJ0QW?naS5yel)FR&_C
z4d10oU}LhjNflhX{O6YCItQ5{aZScvvbr4^wL8b--pM+1m#HNV7wJd+UMgzRKj0r%
zS%`Ol(*f+pplE}0P;K&*6*>mXU&BF$xK8B`YDsR<7zzJ_Wf2m5)cUxNI5}o=cl%2e
zv(*DAp${N5-PmKmvB8%w#edYw(I>S@?ynP$$%SB8GZ%X~!nQ6>b4pT?UAW?iRZ>1y
zcfr|s1|m^+zx#i85v&~&>oMjr29;%aT>jNbd|kQrZJ+GANx_lCn0BsY%vNg+e!F?J
zdfLDiFp5G&pMLH}nkRIP35-eX?_Be4y)<=FX_RX5Fi{sBYo-mnm&(~Ddyt%JbLo<S
zD7nvO@PI4q4f|(2>KG79Sk^KaM+(Y7#q73m+40<Qa?gf$scR|W_ANXyi_LI4(5lU+
zyE(l?)d36fU=9!rp+{X0mwMUY+x1^<tkmS7s1W}jOZros2}QYX$pUk~@6{W*ec_1H
zkKULqk(Q{z7y<C$)<5htS%3(_pFKnnJh`*poooDhl`-}8*vDz<ul%4O=Kj88ytsl{
z-2ypau=w_o)5BtqL&kF~Q9fio{YFH1^e2KP;yyo*NJH4|n?V-W4%9F=a@l_XTP$`?
zgRX}8s_W<xIk1!I^TH}Z&I8{4{!7W&N$WSp_zM_hxv)0}ay}oFcb~;jv6rAK{T1Pr
zPm#53TSATly((&$^I|KHIX$dN?Ch1JYm$OR+_(blcTlinZ{Rd?!-6q;ym4t3{b)S)
z#bPo0!3t1#F2rIax#N;NISUJK<0dhz@?Y|T^vlHfD$inyOuGwZbFI>jKlqwsgaa~v
z_xUcg8jDK;gnwMQl-vdl@OmJ7$uEK`yr=%rchmXa!JRWPoHxcB>5IJKc8G)!C>fwz
zycLYSB*$FV0A&?XNLPVyk2-hWM5P=X9t4Bkg;Wo#>U6v-!_i7Ka~HvRYfbb0kLwCp
z#I@FP#n|8pGL}0QAIaLNeXheGlKSn2U6}RU(QQOk_Xme%_!L(z)F(D;IIgO}YXPnI
z+1e$fY{p=~pEXpbBLFeoShjyYE{!IYBOEt(q>9ehF^Iak%L*E;O_8xnxkC@dEg}id
z0=81y_gW<M!Dj|X)eQpeMtjfr<vd#Vn98}ygO1tXCVgqyW*r_N#*$4;vX9Eg>#DdO
zl`oLE#Jv&l8CIrFV%?mj=WS&tknynRv<PoL^Fugu;BUB}Ov?#<zjZ1D9Bcb~s-vEX
zEAh)bAHark$~x|}^>?ZEi6hcqkc9FMJCVkC@}8|4ku<?N-#*OvF0AK1r)Tjb_PwW5
zxKvaWBbwe3dZ2rfx%TwAItEg|RlpwXB}@_?i;-Pqj9u}lBEhysQKW|*C+Xq1pBU~u
zb>Q8}QMPWzWOVfgt|{QvR$o>eVZT$ehUlenk<uR(Y+Ze}M}_C-;JlN~Ui%&lk&1Mf
zYXxwlY=Zijrd^l|(`;P2BucJBc^TyVYH5rW&@FcAZXpY4k;zpJslaUyG&b{Fyt~3k
zokVK0+nonov2)K%vM=7PwTZv3=Xb3+cdqAF5vvu65*0ZO6TftkMG@ACM!dL?$+^JJ
zBU1cMFXMR2;47fKn{WG8B<6I`Pg_g`yeJ^az>}Br#7}XYF-j$M93d4Iew~i4omAeH
zv>cIXX~H&`E~Zkah~Y})rpCh@b97y1d6i-IXep+^F%PnWJg?9^iNA346A6$dphKa5
z=yVZIbgxK^*Z|?;^fG4YD9Xw^uj!U_9;@gJR7iR{x3OE*cCjiWc9rKL&erMID$RLH
z@#ss8MYnX@brraAhKudK@at|Ox~7twCs3Hk+|ABt->=e?&ac?y^sDZjbT(RxCb;VE
zp{R>MH}(Ul5!ov^U5b6OUrl_9LS?U`jfiwqGtyCa6w_3TJ>JCx27({vM1S|aq8UO@
zj?<2;Z=F`7aA4jJ9tPC@eQG$oZI(VC<FHq94T-Q!VuXDsTi`x*VU6m3;&ZZ&RhK=m
z!wb<W>GXs2kJJSemTw_mv+kyWf?PohciN1%GsxoTZkTb&^Id60L`BI4;)Hd{Z5jH(
z-ZEYmCW?JC4SK{t9)dkw*U==+kIiBz4|;Np2-KyJ$;qn%wBoM@Z~7FtrV_J$LmVH{
z)aa5Jsr@y`kK{YGB;1|q{)(kDVgyriJ2axGrr=&a$*>W80piXY>r?yiGQCoq`ks^B
z`z})bdyS---l&2F02jOMi9Ryk+Ynbf&}Fa`)uFnZ*6~x6I+GrXQ$O(hZ_ZC+#`RRR
z`Ezncby?CvM(0ZS5&1wJGH!<)eYk4ylLlHpJ~>_<z07IeOv*<M`rM8?LNme&Z;v>e
z^qf3^+dBtmyKvQ|<qJ~T?-D~e^mYMtv|Dyd5vCt7Hw%;I)1~cKr6!}tg_CM;Jw=e{
z^@^Z9@Ma`XST!++kw6PJQ9%{ymqrKm`luG4&K?5l`Wszj#egYnUAq1T*YJAtvn0cE
z2K&Mj-~_KdZs6(@$P8s%@;OgY9{D-?&82Z3(@1UFYE+Jje(tzHn0-sa3d+-qxe3cr
zgauODliPRlAP%hDKTdtkWyD4z2U>Z7`MB>ZBq!CK9pzH%_Z?G>H<DARaDp|L-2NMT
z+5y8}Bmh#$q)w*Bu@WN&3HPb(f!HeKL$4Xs25~iz?uOis{qhsoBP*u!RITG?V2E!v
zzifkQAOB5tSA#$L{zOx))msg|?iy6JsMt{^xo_q(liUBy<_KE|rkqSU*?W9!o7>nk
zQy+PaRa&%vhunE<znRZl>$10PZ~87%JzHz&Mo>#aM$1*>AJc;`RQ(!Y>f1D5NC$3O
zq}lm&f8fyWDcEn!*J?=dG52KA#)R$rA|d14H$X{l^IMYm!*(&Sb91POG_G(EL!Y9)
zshfP9VZ8u&Wb^4|U1=O_FxY+iQz+f2%P8t>m)Z1c(cQ5Bby|<^50_z&;Sf<<?M&5$
zW?UdJdZ3{TO|56u2nljM{Gojf{YdlO-Wb0_3?jxKgv?f6s@n*gkusHpLoA*!<!_uf
zBVhDe{ZQa%xJ#7*uC>QV$yg|#VQdXdE*T;0q_`clC2i>ExgyUm=P<rXzrx<|!|2AJ
z+f9kd80r-EMdL7rG}+!+72;z(>1Wococ9m|Cn@S2;&yU?gqKpv0GH-6wSCIx;<%I5
zz~TwiGyk+o(BbPRpMrY~0sU|Sb*J31dGw&rA-n!yS$sN)T^xS7V~Z@!&CEVTwF-FQ
zUe%o<VgnBwv?}OXhcl>~oR>!i`i%nX6J&p_k)?-)u(LjiH7ws3W!OVdY>F3mNfw4S
zYX<PKcYT}&9?IIAnY=q+QkND5i*h(j>x-SpNoF+8-!_J(dXf70EJ9fveAw#G91*;L
zGlrTT@^1v#GE+Y<p7NcK>X<qhkQcyDyEkloY)woi_Ltkn-6MD*s|x3gHj}0G<u2_4
z%*%Vx)asX2Ur=4iXh#gaouIgBREiMKC2-%u9Gu~Ehc<~ZCm$y0&G!ttNY%~Spfquv
zC+-9L?1*ubW_a@_UOn}HUhQ|+N2|e144P`+HYF$W@?q}F<>%bt?{vG{zaF>HI`@2A
zdjf~$@bT`^I2NV2Uj+-wiFlQoU<TAi^)e-oblg02CbK&>j#VR|CTxG8M%yg9b`V%V
zkF4|mXedQnL(QOX`sDo!O1*JsOp_@cU9R88w+j+er!N0#wIuM`!M=$`T!oU&vzrJZ
zGKBl&!y_D5K-0p<;{fR*GWnpt%ju=7OC)mgnH0vPn?=ed44&-+fYr^EE@RtAoTb>&
z+mVHGXiclg9UlJ<z2~`96h-d*%3UeLNZ8Z80)3om_G2n_QM1Y2peyPdsZR00ZlouA
zo>RB-3g$ps-CkqEGHVaUAmMk8MW{6X8??i&$Sf}Rs)Bn*q^EwbhL2NlZ%KJ3&PtP}
zy`8Wr-3TA+*}c;s2b|4ph!i!CW1gPf#J7$zYqs7SDL|bIX84RUi{ar=T+bvgWFL2l
zHtZp>i}Fbfv;RgtEK1>MBC?_uY+#lcMUAAoJ4q>5y0QPg7Jwgy4N1_yS(tg<AB>4T
z-2kMT7fa{D0DC%a=iy6^4))M4eA6S#x@Ox02YG_Zs+n><F@ogkilYMVzw3gt&at^;
zt+9|t|8!%oTC@&7XfGuq<$RVAso}rZ;hyi`5Gg*c9B}s9khhTPOH3n+BYkDVMv&Ky
zo~=DoF}z&d*f8vY#zx%kCW|X@i#uXBIr191aamd0yEMUbK2%EcH10f6gq&?e<|)9N
z=cL_dcu!fBGd!dW9y-Ac(>FW-Nmg{%c_PH5lPk;co`pE(T=47fQIcBX`1WjC3hTB7
zJ=hjSq$h(bJwcdN;5Ue5*1tG327RET&Fdy_8rG2VY$Um&(2_AY=$s&&*>7Q#aQ8MW
zQcd$F5Vm{U=iE3R3m^Wl8jt9dMKYXJ_YLF8N6;SL@)~+siKao*ykzJyqXb~Yecn1x
zs(fCX&mck^q*bPz=Au<dode;#tDmvRM6Wwv;!Yjp<fxMslG@)<!If5vx1ZLqqGT{X
zx+(7O3b0#?YY2ofotZ*jY+o=K+ilZ2?8dLrr*!(b5^Etypgz+i?ql2gQj;|Fr$l05
z<#d7usA{IbSd2f9qiVh{CfdqbH$$QDmclI_*{W!=(H%)-K{HS(bFjo2o9GJyI>*5(
z76N(;AhR*zp9X(QH?IDFWPNuamERx#gF+E0aVw)#q>M|2tZqXkp^}}QP%=U`w{J-y
znuv@~p@Gao)-9_t(;%D5B?_5E{NCqz9@X#nJAYJe?s?96&)0jL^AK`8$Uu&o7-f<A
z9zJ_NBUuYOic?I1q}VNzV$JlUNqLUY!ORcSck=he5gvmsOvoUbhRTENC3P3HW@X?S
zL0ari)kIE43cTS990lY1lgZBaq_M?RK%x&UCf9)7qekG4bRE1K7}l>#tiKek|2&U)
zy@pTJT?iTMxyA&(`9mxR<Lo!{f44C1({l&*R{2G4;yD-CdfFsuFSC$s^ov}8t-iU~
zPaV2Er59t(k0$~Oqvv@M_(2Ri)`U+A)g&t<0DF&bf<OB>NKHWo=xO&;=**;GmMSf*
z#jT{f!zNBivRdxXestChx5OZH;q$hb&gT_!8%h7Koy2bHL8vYvhu}y`KjXxc$tDPm
z&}d*G5d{1@Y%gNNUdwp>C(I<!00}|^xXZv;JHFD_`-}?{V>)Tt!8Flx1MdAWWoz`M
zL<!YuoT$U#j&Q>OFKBgBSO;2si4bM0jS?b<7Fhb$Ss%I9k+l))I^D9XrDC2d@bsdJ
z%Y-^8+(nYiHUTXX=oOv~qJ&um?E2M1%1sk;2mM{wY@yc|SkvS%lmKs2DMDMp`b0QD
z4~P*~jXX^A5UkCNu#%Qa05mMCd8`GruUUjbdz<+8*r@*5m2T^ajXZ-U{Xe(WW0i1#
zSzij$D;NV)tEfS;_4_W7S6S1-!9TQtg%O!7Rt(4pEh8ax`ir(yLd&$o{PXd@X@WP!
z07}q%N$H%Q!RQ36WFOp}U|uN{!ivpGwoBOjBu$x5*Umrk_34`axGHXasZ<0|XmbRR
zpe*Ix$eL+mC>NUYGD3p|t3UGGu_n7%7d8vOB%1cu1}h_2O1U}>!eI@*YL?I(sw!wr
z=57hOYUtP0U|}>rnJlyQg$5{moE<p40HZo;UlY~BZH%Q2GRc;K&;T_UOE9xr(gxB(
z3?AWfKR97v!jFaN`-&bb7t$o9al#scc1jVva2O58z0lofqz*WN&f*pF`!w?KeG-I>
zv%#4mpC8a-ffb%@<uCAEirrg2S!(=@S0_Hy7JocG1^VL`Zs8`LfG<)fl#G%Brl<J^
z>Kv4-x(n}6?+Ngv<Xnm>B@D%%Z=x;<W)^bs^mw-kV98iCu@4q-8Y`-y7?vp^A@^|q
z&@q0DTfdE|^Y*t)??J+3jkWFi!;gE(E`X=h3!Uqc4e%kX9m54-Gk@hvKc7hcSbZ3y
zZgmYT4F954bL~%}$<j`TU`eJc;zuSrBs!siYbWm4FCmXR_^~SGB~vc=E|xgd_**I^
zEGn;Yeh2ipQPoZ82gb!eFkq~~X3!3N8S;sE5tf1=S|2?$n$V5JjF#zUvEBp3Hn0ZG
z%>*|<(=?IF4%$G@%%2DrsFt|a!qFEVcpWD+k6+n{^~L4~n(4%Ijp=|bz(?GZ`BFP$
z0G1K0bPvLfSxL0D-^7a@EvG=T6L+gCXsAbQ=U<5VFP%&qi~p)ubB>?|<pGE>!ytVR
zmMO;sKEP;RW%mx0Tp|GwFDicgB5W{Y_?DcmHOwVr9jSdy<q{vg?!e^3XxpM04Pryw
zZU1p%mcByo2=35yk*YCfSHO(hNYR2rL_R&c&9P_9jlEiWpA~_!r+Q}Hg{#GS_mEV<
zmjK^ucw+aiO%vop#4GIgz%ej8RBpoTR3gKy{MAP9^C)tqna=$I{Cbtut<h|k$uDEH
z`y>dkOhthUO%yGK-c6F0bsnD!d+_C)44DBL8`NqGZe%g7j^6A*%mMvldob+0=NjM(
zeD&L_N6P;7_<Q`^k0D-BNR0Ri6*q(<dA1>0yS))>ev&_zG^u4_9X`(^a!p~;Lo;kx
zgDvul<?vY<X#>}{@cM%7qE-C{Cd>DNXLU4fa}Ku=82LfwMJZXxqhkKuEA`M^^z_&&
zRF<ZP<H)Xzw1LOKmL_uOSeHQO@w&y>(+%IZG-XLi@UVkw<AbigodC*=2>@U5s)7)(
z(VA2%13Vy;gi%N=xUMmv&lhm3PY=*HG};E}E9q*nJxtT0<Jpz%R|$Ur^Nqm^hw*8j
zIw3bX2nPh|W+Z*p)n^ta>eeAK0kck@44HmqE0r3}MUa*uI(If;(?ZLQ0BH6@L95${
zke61toJ2m71Ds%k93HxR5za2`puzi5BM~4`giv`KA;%n8#;xz7av*!}It+>3*{Pog
z9WDZ#2&2mvq#i`|J3Iq9-irk6WGF#gN8>dsPm2*N1!a(3F?nUwC{oUlP-}YNA$9oW
zv05_rdI|?T<Rc}}iumvqMUyK!G<~(_9vo-;?|if_v`yIv^>Q+Jlc)F8NSV*Ba$8Sm
z^_0w)<@nOzkD2{QW|X_urhW}V3F!HWnvO2O#+o&1AYear7#sF<4a`3{c{$o*UUu#c
zgZxph;QR+7*WeyB3Z`mJB0OJFFRqhSJl0OJ=mqwnZ1j9lp~|F5WpI52U5DL3ui34o
zVWNn!J6HMfHKDEPOHE#fwL~;}U&do%7t&}wOndb9oZJ>ojEdPIf8@M}g=+39njdbv
z!fh?#nZ4xTgjMEh9)X3;X<$Fl7(9r!IAPxr9}9xPeUmWfu38&>z-U-vJl0@>;$M#m
zg|Sk_T-$eq8<$tNP6Xgz#fsVx(4dPb3*g*iIN=!wU8n%g)_@jbWdw$_EC+V#`cb(V
znMrISrKov*J3j{_GkL&YsyccLDP9Ah08$GrX^~<W{qRTtF8-Ez$YEx3@EYs;szVnm
zyAE#Zv4?wxAXmg)6O1f0082`Ien~==RO`TRbhr;jmv*=Y#{Cl7bEunujA%4J#L+b`
zNZV5a&oN%w>c{bfkFdyLyWROmAHtc1nk*&km+WI^Fp|-2y?cnS4$I(k_<SWrz7Sk3
z5olWm$K!b|dN+|8pj|&OhWt6rtXwKqEFpw7v9w1yV0rbXdGC?QR|Q->j<|Yj9mxUQ
zFr6)!t9jIta}Mk!D`79Ab48cduV-P<0UN*(m=$g^JoMT9P2Z5|ZZ@ySNlvd-5@4aO
zfdm*M-%A9S5zD;nNAXp7Ja@MI<0Y7H88P3~CjUb-P_$+LzOlCnImoIWtnYEYj%el0
z{%68&V#I2i^Kq$FJB#o$FgFf`y9}N-J0hM6JC6$pHVc@NKpQqLe50m%pWhyBT+c&y
z(rjWH8T?Vq+EXFNK7u$mcy<u*e9#<8+n@?q9ql7{a~cC>`lt$`q}8#U>+$hhnR7Cu
zo`Z0a^z_3DEZnt67Pz+oH_2(nAkRqRAZecve>;SOD7=KTnt}U&+-X&iz@pr~7Y(pd
zP>$JyH5cd4#-|LpfaNidB1rd5S&)Ug{@Z9ogKdZii^9+zLhpR>#M`tssF)sMH-<eG
zk+xc1sIv|@9pWeACdEVlrq$FMEpHy+kWq%ngfX0O&(&9$^0Gb||0MHoR>c(0zl9OW
z0@NGyb-X;d3JYu1sBs26WX)5-lIh+5Yt@!3QQ*lg6BB;VO*kLFpOvyScnd4TD=rlO
z)Kd12HmH}vA9j#)mPn{Qm;&DJ{T>yqzsVckv!1!#Rl8WHsVSOQZl02HDzITHfEW6t
zB0k$79xXnl8E=7*<toWouywFHxG*Z|%>AQ3avil2Ft2;=!f=YZy7lr8Rs4(1_uY`R
zu(^s8LehS!J_S#ltsbLH*AyUA=||FT9igkk!N7~7vq=YeyF7ZHd5h#kt41+}H3^bW
zd_T5;!AJwu{d6l{_c}f&!<>L25Y&2Q%%PYPqYpvmvYp?1Q{yxwv!~uR$rr~OIrjt<
zEM4UM=6jBg%51{zfU2lj=aKNv(NUumIXlunI6*3$8o68(W6J@d3TyGMLA^yV3U8I1
z>g50V>GMyODM$yI<KE&9x$-R!+cw-<AbbhJ3NhhLKTqj>p3Ks@)jz`ikd`q}VI4fH
zI3n<R6rU&YZ5?QdZ`Lvv#)o4%@d<|b7Az+lKW-JR0O3&aCsQ|+`*Wa?uoY1}2^(O<
zhfS3nU3%;Fn80ZVeujPWfaNohl!2c4XwLn8GAEtIB!n)4%9E$yAovaeJTf53Q-a7d
zFZi)X?@odYOi9}MFzhAk@!zAHLk$8?Zqp}~#qh;87lWf<KJf%6(j_cnW3gQjelv_n
zcVGdJ{Eb|pHtWTQCfP_%5&*Hu*2s0>Q86}mq`|O*Vpkb(Dnq!oRB97;S@xQUfgki4
z6*cGC`tY1!Vb}1+6SLS@WWCI}oe(2Hml35Hf-PPk3ye%(V|`g0X!%0d3EzaK-o2!S
zpMztk9#VRm7$Y_L%tP?j8P<<0SjKLX0@$a9l$~+aj8qF}{siEkfakaE!SL}V!XtKR
zKw=%wYZkpaT=NaYC3^QY%>Rvfp26}j-uUwyOd&X{IwQ8olCIjsiTQbeVTM63zD-~?
zLmaCSv0~RYfNFHlpZ5;Rir?zjzSYlScI&aOoZ@Nkj?=!s@$X^3297L%Gq`(bqJY(|
zvNArv{Xzkoa9>7mhmr-JcZa;Q&)6}**H_7jEB>srbtm|=&R8*7n{W+Q_npr~lCRgl
z8r^wARDzT=%Z-mg(y%bb74W<;CQcv~925nE+C&=EQ-~-EUpMvUAtMjAZ({A^9rqu;
z+hP_WUcVuM;|O8?toA3cm7|>}3W!0&sO!q1b3FeaQ)G`K&D&3E#3o>tHL7knwrSL4
z;5-rTVIAD%Tde6jBYT5+L>FI^r5CZr@|`u1WJiNorFj<|vV8)d(DxAH;*3DJW9{LZ
z(+4-bjja$0UC^9#v~lGY?c}&`<Gly*I1Li{i`T;?d|(x)Vo88E0VxFn;0?>(lm+Px
zB)6W5CupF!Wtqxj9dP+4oNV$AJ1>3C^YXw;?}IDhe!QPlZ<%j|)nQNjedmoGE8{8z
zQP@oF;Ud9jq;7Q})6*p(0<Z-&Wlj;{Ddz04jumb|3q{~D!`jK3M}xI!&olERw*Raf
z%kGs{9@AWi?{@DO6EJ7#8nlQu=svdtsX?PT7RMi`KyN-jA>3lO2_@wjI>HrxVLyu{
zf5`V9ThEv*AMf63CedTtlGj;zXFoA(WwPXtPexFy;5LSWf+U=DbLAhp{CJ*a-)?V3
zu&_&o03=w+xCQRehk4#cS4XoQhFfyXl0l8-KFDiN2eDcv_4v3@sy$Q=5EhJ%C$H8i
z#HsGEScI0#_<l<cRo%Os=W{N813U1Ybfvf4jlT^v&Iq?wFQ0)!DyqFE>!~s$o`EYN
zp6j$x*WvHOWelr#+JkYo6>~yf2fumXk0L+`QWH$q%oR5-kla8b0Acth^WIa-<;2=u
z_}p6ge=4syS#c+1!9~g0k_fmHB6Vs+ujbZKv^Y2s2a!Pd7aGjLc-fw0mtKy4oGG~Y
z2=MCzS*yYViC~)U3D#D)`pSB^8l%xF`r)Agtxe4#uAJQ5v>9R1r-AkT=NdXeUbbH+
z+`_PMJd>r8VWm73x3H@-i76@Ei2p~XC~^=}7we%fgg!*dT%oPL8J<4xOFEi4F4voP
zv}lD}Tu6R7>+c2uW^!q(_so><^rW8{ab%%uAK37ODODCq@Dt8q6)pzXvGVC8lzo6P
z2zQ{6xMuiWydgYnn3n)=%{N!`VKip)d3k4>0NtQti^mfS8~@Xm`|`O!N%nWUIVmJw
z|2^cSUjtu(dHvTo3i1Gh1T?#Vmv)3AXY!$f4^rf@y_-HCdB7q3<B5{&3E>?9AqCeL
z<6jzHrF|`->Wugz%k>7pb@RS8Cy0w}=<O%#@1a@|qpue92Ag>qsDZx0U~ez?<730d
z>NHgHw66umtBUe(sej}ny{b9>X+Fqxkr{6iD?WG8+oKB@myo+JdI2ZR-ljb&COX}k
z)8%{5gMHXLpq}~_b^Oppe@5VTuK8x#qo^#DSMd230d^crq(ylf#7zqo)~#Sx9IHyo
ze%;wxnwL7C*6oS|GDmzlxQt<>bTnAR<Pv5%q@FtzhcBQRuX0bEhaYwjVK`kowh{&B
z>}!QHe*zCt9xNwXFN-mdR2uvAs{AdTK<T=|tAu!DT0!iz?#D(}tm{f|d=Mx!Xm{Lv
zmYT6qts)>3oFF#5WsYbUioGdv?BGHbJTqW<NT=oJhVSDKsh%BmV&CUZjW8@KIw8<z
z$~mZACyaWg_B`?TAmVrQtw}jJbWe2-|KH3l{ZcVpATMD$$P;&U5>CW&b>sQarscM4
zG3wEN>~`we#&dTjZ_KUuDqT@Vspxz@^0|OI<kzD`064~Xh^WJApoNg3a;F?G0>dT-
zA-&k&d0bSY?k;q1;P#3hcn^<Q=~uKY#Nd*YRkF^>EYLjqL1)u4-<aGWAF%qxx4bBK
zr_6TTQ5Ed<m#!O47Dg1oEM;TFbQ28kXtGjn-{Kth<zlEv5<N4`=|>ZP90p?E8~ONg
zH^`0_xrfc*2xG-c<CPM*u*%*wy^rGDEt#J_7aSUjuvX)!Z7}S-+3O#-{2@L+CM>s{
zg}Q4qUxQ*l?Lo@Rg)9xyA!GP|oxOht%}8mTg+{C{3jz+nISjc{u;+Wf+5c!dQXKrs
z?V)*$t+LR;J?_^U39=;e!tGr;@jGs?QDUJtj=tnDq*GyJvh{ab!op&6J5@L^%LWmf
zIYoq;hRM*XIVSCqpa`TgXM2<4EE;*U4888mJUQwtDK@b-Krlk0-q!p6@?-*X(0Bn7
zP{0_`ul?|2!7?@by|ZkK>Yt4XtwWDu7~ERUYyj@scEY2F#Ypvk>QG}_b8aJ;9i<r6
zz&G6yvMO6OX198)_c_V^w8-i(Ip}CI^Egg-)-c+$WtOZ~j=gg1xh-Uwq^d=WP}5Pp
zhc)Q;|0)77tUR&G%@sWjb2LXRxAH&1j#2%Pb)!d-cFh2M>B$gP;pXw3t1t#v(r)$o
zmY+6r4FP=Ca^5mcTFE|KawDroRBj&lQ6gQVa*ePX4RD|p?8b&gmPy~i0j7)dELhl=
zJ;wd%zE}Ntps~Jg1@0L#SM&?Tphhc7T7Cb_PGtRLiGmqDUCTnmIb_DCrvWa9Io&AI
z146LI-b6&aKG`Q#(==1iH~h&1d)_d$-zWHc2{*GFPzpt^9_ZCN@t?oIx0dI4f?_VA
zxNy7EYSX5LVZJBpAFjOEBNQaR<*Lqtv+RwR8OnS{D*rRsXQ{;cmT&8d=P8SWT=jN`
z$*g!@eCoDkY^1d5jx|9E%!j{x{<HPW8^3;(O)S@({$YicOxeLbEEu(U6v}<{eMH#L
z`0v<-pHl2t;s)pI&R^_Bdn~@H7HTQL5#Hl^kMj;xpIrOMYH@_8)XP}$PQhNu)3_hR
z*fZ*Ks>`Rv82Qp*LWLNbszaBWEFFx^E`w-68cf*1IDJ4hHn<F>NVw}xD|N=Aq?p%Y
zBG47u<F~u8E@$BQ==sl3t*1KFZJXWR$;lLTEznj-_6em99M8GkAwNqGdihLN_2T_k
zDN?d^PnCwQ97nUmsf$OWQY99U8-@1{@1fNvlzvZM*caht(IeVzGH7O0|2F%K2yU<&
z!c!4oV;rhSSRtMSZ^7;&z0SZmj<anwo~y5JTj-nh+0!&FuO<A76OV){&%RfAXNuY{
zi^lFJj9QmU5GQuCulpw#<9Wq2Z<I%TMeXe4#%z;N+<<odY|IYnbSqvI><n2n>PGlw
zxFLv?#pmVnG0OF`!aO^m9?^H{bXG@eJFmh*-@I2kS>`{|9c4{g7BF3RMP_l!3VhLy
z{TSI>@t*f7zD-Q^h~9^;-z(_OL+xysP~-ZKGg9T=`RauSs~;^TkWOg1ua!C&21}~?
z#|RK2FEU3gWKwi)M70J=Z1ivyr{2$YrOo``+Bc|F_`FK7ADSK66uF3Z!_8rDXRYC<
zI)P`>)}XFW;G2d=eB8w^#n8c8F0KN70ilyC0>U(Wtn^cGV>0YFdOU}>b`NB0&L6r2
zU-<L9qisbgbvdCfQ^ufiSh?uy=E%V~)v?%^7sctZ)VCsjPKMp}#k1{9LVg$l@4e67
zg!?Nj2TT@>wLwAn{D0_@axi%dW7O=euXWts3dNNng*%<n<?yL0(Ex<;$VjJp$Jx2A
zTWu?aF(}0&OsK`|Q+YT#ICr_*wlVwHjw6ZHF9v3|N(E}N?)_H!J5dUoIdaYM^-662
zbpS0w?1?sKtH*lATlL$fjHMbL53f>LTrE}OkfT#}>a;k*IrNUg0|;wye<^~d(k^2%
zfH0{mn?YT4#F#2ju9tc7!(bUUX9QtJ-vgtR$+bH9k<<JiyiE+;vKViJni{rBx$4}|
zw(3apzS2JDzwf|ir1HO{rBiL=?3%iVQTd_R0H>l1p%z6UxoHL-@xN6*&RkWRe^lnZ
zx}5x-GosLF8NN*Im(D9LhSHsiMNJ-gR#!B9G}<^#q=xSeD{t3U2=dN}yRG^|G@{gV
zEdn<5j?K%^#QqbK(wiqW;OX^5R+HZ3zM>bG4)P(E@Qi!M^>U%J&p<4(-um2;skx#x
zQ2(4wE1y<cJWeT$%PvxC{S-B;O7`@y?5}?GU{vb+&MnX_OOrJN*oJv6BDWEfoA$vY
z-t0nIedGKt=z-<dK{j%jpKdod+(9_WH7-#5q*H9xG02PZzu~rc@z^s(AB#OKIzL4p
zKt9-#8ghJ84G{CMFO~lO$j_32v3|1cwv5q1Wuf>#^*wr4>S)^jHZ8W{EqQ=B*u?}w
z;<hc%U~|5%{jj6y@S}ZELCgUMxBNnpAn(z|fp>22LuzYDeN0eCEdp$o7ay^9_vhZx
zw$Yb2&aa!2s$5@pBV`W@T{LYEgLX_}u^Y=&N9>6X#iol{N1Y4ea?=FFdX~O$b6ypx
zl*R9CddRaS%}h0rtg$WyJNQ*~RDBf`=-PttioBO3Nu_7Kdn;32rocs!BkXXT-F+*l
z0n<59B`B=?>CvII0`suyr$)~2?+B*%)LUN)scM$23bh_-JN(1{u=z0wwV8L~-EJz2
zGlHJ%L(*%xGz1wrT0%{+A*gIFkuJvKu13BGsbh8z8~uHpCMZ(QuY&bhfCE%&Ez6%)
z_`C`3HIbKTvg%2>(E7jPjC+>O`7uLlg}(Xqxih_D{5DsI4p0L2O7vz8*PuoBmFA{}
zDAzxJ(TxkU3rvG0k{wWe*GH*=sF;Tjde(zc#~4Qi-#iuyBO@J1S$_TAayhKw`nNf~
zj*h|)Vb!PIc%DdqY>n4DU7s2WbkoS6JT=?TR_a&EEvs1~`@HqHe~H~Nm7rePvQQ&+
zXy{5Def%~Xb?jpHWO`S5oph>3oL$0;Ze&7;L3yTJ-*e*UX!(gLtaQbY+)Y-t|I#?=
zySF=u`%E)D`X^jW^Yfk@2#}KNkpATRGBot(i-dl=FK0^SwMAqe`G&l;o7ocLYS9U`
z6By@@tVhu1*O?Bm2Mwf4bFbBi_Pl)MIr&74l9@tt=Igz(6$=>H3t#hnVwx|gRw(3j
zKbn^Z@AH7_;Qs29`pl0}E>q|TL7azRUF%|mCr<yA<wNr{YydLc(1z9<a&TW~RijIo
zUZ%64<D7}x2!wU<{!$3)Mz;a?RS9d=u-(CUg;fDGo{(erJsK~VvT(WeC|J%t(dd`4
z5dMpP4ptz7I^;2T{74sFfl#x=)Vi{^zs&pZP$I{$BYGM=7%z`tR3+r)l>3#XQ}JkL
z{(CoK6klenpXWMbDfGD@)$&q@s~eY+tkVOV$MA+7Q+bFD^rhvd$&{V>(~64yI(SZm
zQJrM_<T@*xk9tNjkm3=MK)IOg9WfQU9v=Ng=Fa^U0K>2r(x^R#9P#{q{gYw86?iUZ
z<^?KY0oUA-bTaMW*~8=}-+~Lj_(d0XPmBgdk9cj=+a>#ipM}jGQYQ2d1iYstf}UH!
zp;C-y#}76Jn;;d--{p4xL!4RgAzkF*sFYKeNN56oA4?I0DBKN@_{Y+3zw<r|*-iL`
zozEbPOOx=^tUig_;VeZ-etA0>S6tauw_$z*G|_k76Eaev)a4G4kwpDc3}=$?`w`*q
zph5syqoSJw6Zs-{{QYtiI9HL#dI%`#23se2Uo?2Z<w3bxc;<?MCEGsXsYWHnqDQSR
z<_ahn$dn}+aif~*iD-(C#L%y*n_v8ZrlIr#K6u_RCsBCgHbBRZm^QE|vVfPU2$T%|
zatv}B#Bc}Ovd>DOdl(uh(jf<Y&IBApqCQ@q!MOEI3_>&8pcA9(JwZ%OBB@q<J@UP(
zl*J$Mp$We87EpAE*q|%Xh}p+2Q@eN)ct|%O*hhH^^#Hh1MHZB#93DGJ^vhwt`c!M;
zAOa_bmo`9};4eF@!js{`LtKQbqW|#YIfR0>FbTVDCG4hylnYPTjYKSJiX(<ne!iq{
zw3tx9O?JjCNaa=5_*TFqjf7y8y&K%N1ridBo$b%+7r~i|1%#ZB9WgN&sjQSGQW-E)
z*VV78p{uiH%kF5hS!O_f3FaW%8?Dd<2J}%`5DBsd-C)PG`i{1R55`(pGGFA}h3%2-
zj1FlH2BRGr0DY1nhVUe{&#Qr_LI)9Vx|Wi1W%~aZkU{M@ySG$;X>hKOXYXZ^-FZkJ
zQ&H&}0-7R3P@(esClYpmtQM1X!3^-Yyw!p*IWaPM!MCrE6}u0zDTEhYyCjLnaa*+6
z_3A)y>}v=rjw$gIgy4Se-NU|b{_7@3nIE^-hzZT|oe<-rm!Sw_A$y&h5SD0mL%BX2
z-!k>spLI{W4a@=~x~`Ht@~vGG&iq5t#3cx4*sesq92q@G*%(_$J@JZyO*N;YEn&e#
z?V7$5H+TPVq~NP+Y>@GVvK=oDu4f%S87amXg|28jva7%aR`KGD^dg`|K9?SN8%!xF
z@G{y6on<?3&H+bDq||6ImIHtIBde)H$t(?vURO}g!x2!-L=jJ-FgEgA>A=1ko&h%e
zehT=*^R;vj{<T9}ou8HdIaq>4fH&|qGC+zeV|<Cum-&$&qfL|CDFI)biSkH^9{7P9
z9<p+A9<)YGDiG9(7<3DO!-&EG+*_`3((Kwm;g_-P7K~@2)N3wLrC@j=&9i@h#Wx0a
z)09YLO4dH(cH2C^C+vIbsN<>>&fvhH?Jy5hY7gU58|*$&|1X~wqm{S>fG-(KAc}D8
z64I$2Mt?0C!=R0(cCf9jdx&bcjHNFvnRD0=-fX?_@1_iJM@8HG{RQ4(S44JRbA$SX
zX3m)Yu_>QE++><vEYpvkgn5eaAWM*BlnDCCL{7K*B!cK&+sK?uW@Gj<Zj?JEM<vtT
zyCawiNf>tv69X<us#yFGhJA|#RRYBmYRumB;tX7LNEgJf6B#xkM2_nIuO?D?pq%0J
z4Hq>oJdFr-dh~en&)^GD(SY7WCgygY>bO}7=|*BOGT(bEEOEO9g{i(Rt4F%F^Zo&~
zl&D?sTXpy0yR&52*p+O%LUCW=9}mtLe&?;grFWsMw5&+?CX;3C<E{l^HMn<){bS8s
zLA+N)BJuW$EOb%VM-uC$O_+8{sOLZSgv#v^U(A)m89cYhO`MOu)94cY8iEv-vLs(_
z;VZfaD+(Z2v=Iy+4|!Dr2!Y#UFlKHdy+?(xnFCXS6^Elksj0(x31yJ<x1>77`2M!s
zs>)=+Ccw%70T`E(kQGS>Uc?VV?hZ~*Oh*CL!0Lp0mD$AE1zs$hY$PZ}uk(6aV+cX^
z7x5bTnoTugBAW#;N?wZnxM~exI`&g*S@(WDF$t&W=>`W;po3ABHKKW~VY9gd5JAB|
zFms|w5mIsTH4fG}q=)XyZnrMZSRDfti*gJZ7kHI&%=uR2`&~z|vK1v0x@A9PYBZv4
z;Cy@hsBh%~2i3pI7bk`g{qVa{2_T6fnVUZhZrltsR%s@Jgqn$l;#N8_KOaHJ)&?O>
z@wf6b#mV{DuhfFPb&<^CTkMPnN)dK7^}hl7V!34R;7g$FqtQV<CDj}3;OE;fj^0N_
zUYZ~&#_l~AZ$nh*tTeNm1n&*LRkbsEx$kZcv|ljZ(D{1&gM+bj`N9V6?o*ypwXJn~
z#Gr#x@w4&ebJt9uqL%1^H1>tZMK@_64c%1|4}2ojQ0lsm^j2Y@ZicnJr@+(VgTB+}
zZO!j9#jPj}v|mAEp@r6jV-lB(SNFgVDJf>{#yU1iUI8a1D;c;rAr>&?fO@(x`UuG2
zVWx4B?ih+RN{?QG5Bo@r9A+%_#&m;%6(A1ut8&|&dXG<@*M8pNk*${|81d=iCNVa9
z-6@~dLru-$z6x0LnU30MNe>P<x<+`CPY}2A0_9Zuv`h>(!$0Qxdg*V#kF-11Ohl24
zpno=nOv^Wpm@~zN$MqiNo!t9egt0Ct<KDhkDb%5@hwpGO%I=tMF&SyeE|^#VzK8In
zVMneZqEEH|1hYf4BN^~6=E}ZV?qIO(_`)&OH3I5!>pKrjl(a~0&*#a}fv21>LuOW(
zy0?4alhjB4-U@H%kqP)Den$oGNzZk}`wi$Lmxp#Vc~3|R#Y3BH7e`*Vp93mRBx;ei
z#s_j}Ae}MIxlo}-!z=!D0iH72;G1V<uw(TGU&f&e8J=%5?<gz}9Th*q(zQrHjGpmj
zPy)o>{ua>#HL?lkFmId$tk^w-u*}VuR_9AEkIg4H@lDyOH(35c%JCtYk41(BC3)gV
zhB(~c6gL*V?Hv%pRHH`Cn~!m^VhxWGnsYGT-URXjttnn}5K87<o(9kHee)jp$o&fO
zg#9HQGx;FNszL$t2ZUW{H$Iy_hYeWRADFlsdtC29=E>fKyT$n}7^OLHc-%hH@%4|V
zskO<N{o7p&hR0V8rGp7IQFN<C%cPn_;pwd|(S)7=U!>R12y=pMZOo1VI@&4u$&!Rh
z+}*Kt;8lG<mSk(8HYC{I+%-0AjR2-BT{leWKJ|L*M@Jbl+w1F|&cAB5Ab<@^^e3!i
z<tdTgO*JU5WwAmGJ!U_FNC)><f4y6m^Y(MA_)Yj24S$!mgJZk9_4RTE+k=c1s!~6j
z9^O6E-1K8vkS|qahh$A?s`fohX+1N3_}edTj6MP73K&!!022eMp&CA@wPU~2?=;Yx
z27Ti3UHh1?PS}XVz94zCdwC~EJ0#F%1{DYSziTw9RE2VcN4e&#e6!0lsA>H0k8~;L
zmNbd$EQxHrV)R-MNcdwD)`Wx|Cel}q^{Br<nMBrYHzMC><N3M6qzPfXj8k=)v6@u;
z#y`}4(Rf=`mXUKFr}am_!Bhx!dV<adHCeaus|xhSiN`|jXT)ZCKi06*b0k1bj?px5
zZ@hSy8-!kDM`?MC+Ht2B-K!no@E;ES`Zf^?JG>kMQIu1}6TyfMm}-mb7E@=@Usom<
zi+#U7#5MU{a9AVMH?R~mc*B{>^+ir8DE&I^CbbsxIkA>?s?OtwzxQ^?vMU0v*%&DR
zZTsM;av#4y?HcgX^dbvTAotsZ2zt>>445AAwZvlZ2M)ep|1(RfCxE3hczUj(SgfQ^
z{3HMHH<OvqrFkcNOOi!-nA^&)6qU)JnmyZc(7h!sr`LlO+bu81;#UPIjuB8kl#VAM
zK^#Yl`;C&Avzsx?w8hA$m=Uoj7Vyn1+O}u!e*A&Z9qu)HBO*@qi^cE_>ykc&pWglE
z{Gl?DrBjBp-<$IIr<TyXX3LipM4VO6H4PWkzTv#kdmpc=9gC$D=<-m;qU)m7<t&)j
zc7llO1cs_pN2LV%<G^N6{%dtn&qXJQ8*EA85rl9BMSMIvv<S-z)CrIE-oIHxke7c-
z?XzJ;Ks_Iq%FQW%i!+mjot{!MnAg)-ufTXpSFqa|;35fA`^>~)M*2uR2eKM51VN{+
z<fiq4_gTr)IX^o+e9A1VQ!nlkKiuXP#M#AhARYWX9Jqzu(_OXjoQ6k_`gY9n7>ViJ
z+X>i=1;|RLLg+`_K!Fp>yrxpsMHitlh~R>VXWj+y!FX8%i5*ll=u;+T$?N_<2nLdw
zXYWgKi@0xwi135<S5*~sW(s-<lWq0aPh5eceqRvGpotPToW2jlOE?mB4v~XyXL<<}
z$%XibVNQe$G?db&T#n66i$td87mct1sylHYngP&-99_nsbsQh_7h{$?2)n%$B|u#|
z5Lcv0u3UzqfFir!HCO~WR6$0)n$fC!$@^*M;|t5K@5?5kIT}+Vpd%K~RIR!4Cx*qk
z-Z%k|Ls>*}p`ZHCa_>Rfhw9>nf6;&bi~kjD?}GT3bc68ZuEUG@7_um`o%f=Cw<7iV
z@T3phSyYEj)Fn2-*n&XkrUKN`G{5B6#}*7{LORz9^~li%#69AL@w5<qFT|Oai75Go
ze(qaN@`x2Bo_^|q_aw)#R-OX$+`fOoW#VC=vr9Z87MUyT3Ie3gS^eZ667O{5W86c$
z`)AefH{r<v?iw?tddYHlz!>Rx?5hf?d5CAkpeJnFgGFTHtR(;<BOFAEJ_@gzqc;)Y
z4Ksn1sPadCxQvHX8u)IBTWsX}BizFq%{N0?3Tm`yK8T@f%TQckNqf8pekPB#V)mLj
z&+CK!S+WWjALCP!?U!*@II2cSL4F3}(b6VhG`?OUdyd&3HZjmJn*9?SKre!g46E05
zQ?MzyPDhv@ui?CJ#t8+v8*KO)!6I7q|4XPf1zOdBBUNh&x%#u@^cO#%O@&quXfg&z
zlNP_V7BHGo3{rh`86f5y7m+m!pE<>$4L6t$y(n)QhH}yTpvW!s8Fmk);;5oM4Y~eb
z4kpZx4=H^QY)uSK!SPAi6;^eysj(S91Yl4v?D|*U2!_K2JG&Q*F+8I6<Y+r8M9)B-
zK%ie5McDJRGxkfqIe*_24>(f9FuJ*l*3H-kv$?p9j_h=E(A2}skEfMX0Yo(D;enny
zk&D25A=U*yHj3Ao=4T6QFf%bYFxJ(NIu4pcQLhrTx?E1B20{ST_aBiT8de4qaiF9<
zbZOJQ1R>`*)gB9P!4vSNywuOF{>gJfRY$xc;7Urup<xpnoo4lzA4|)+Il!lpgDSsx
ztZOAG;s<YWPH^l*wy4Vv&$u^qj#8i({r*O0(=aFjI8O{G#ID~F`7KU$nAsv?9&9WT
z`=eN2Xrb>Pp>58AtS1yn|M86g6QF9|^|L2M94Gwy^-fMvk?-Mb6%5CUA;I?m9kUdn
zf+CyOty-z(gGry9SkewoT45mRQ{dpY;uL33^@xnQg#A##bro>+C|!V=5!Gpo=abmS
zB9@80_+<E&!WeN&e7ZDxQZ^uIZ4nGCvBN<;_8pH9XmfQI@Xl)G`lq(ut+%=R-l{l>
zM-KSgt9Kfu<?WBLE(SvxzYudLa#)xW9WVQUuh*APQ>-M31_sEEzwdc<b2MBENm|R{
z^8hhC;@dBjDFPPq=>gHz-7?%*RCOuY$F8<q_51Z&HU5#3A)`lmKcraZ!+AQ}N6ALh
z^&zlSa!{TEWE4Xgp23Qv3($vv%-<kb(7=|^Q*zcCn<`eW?+DsZ=a4OV?Ne;N?AO*4
z*HexK@SPB;?yX>B{6{(mHV`>u=0}a5i<<Lu!)5CqDi;mQk8C^2yuAiFNkX-Fqaia`
z3<V;3IAGslH!z4BIuDF?6jb_NSFA1K-QKaS=~dPtXPH&lL_d+`!Gdvv8>sb1{^{qk
z53}ZeLUn<3vJ9^aNL8n(a|!0&d0NTY_!3K(FAC8i;@6Lku&P_O&_`CzL4HQ)j9Haq
z*`1Ju^QX43j5X4!)tP?R@%`hgXM>>2Bnv#nzxJBr81hghtPPO8t9@~-;(8tg>&q*=
zr?aKsO>aJ4yx48!iA@4n3+YG9>ouZRqX3H-)HQhy#*(xDJL@IQf(=$3#2+?ua5NzA
zw<SiG0ZN1!ql|A|S@}TT+y(E1jddzXpQxfQW`sq~Yxqg+VVy7F(G5X`m8I@mIn75?
z;IwJ5I1|*Z^G8B9cTBQl&%WyA1PU|Y9Zm{MmS;2>SgBw1UU$pTbD3!9aDLj0W0n7d
zrr2R2(&4VyrYKg#<@WbBD~uh^zT593u>~n1GrRmcTg|BuT?5dsgqrnR>c~K6r&UMr
z?fuDa;bnfDqk*4nR&eoZurl;W@i2^xd@m2K0(S?9AhZOt`zWcFJB{b_2Z*Fe*IF?1
z%NK5g^S^BuMsEgD=vnr!M|+xzOJCg4Oj7Kz8Ta%W>>ZKg=fEOJJENRfAlV)GC*ck6
zbXy@t|A2Zb8c5VLQ-{DkQvwV2%upTLBUU`Fpnh>A>u3rGV~AW{IMiY}s}uf08@Ngw
z<<fA`YA8X$8}1wN_2K!<#C2^69Nh6gik^o=B+IK|0c4oqzTd<^(CX*<MI_rnIZwoc
z{oy87Gw%^gkzeZLoMf_`PgZr_3I+9)9(W}>0p9xJjgmaqflDBVPtsDBT!4K>cRk@&
zVEPBrYDPh}ZQ0O!7U-DVz-kE<f0Jmhc9`v0kIipSzrix0%WQNq2y;JZVla?-2c0CJ
zAAP~CU_z|v#dsaeg9zS-Il))Z4bR?)yfqz6e}1XL0Xkl~JFV*0%bSd3S!}Cc_@_tP
z{g7Ugr%10384SU+?#I@$Hm4$IV?t_r1S)4Tesa=OzN-2PMjCPd+PP}Mjj3at^`S;7
zo||~+BSdBl69)D6bAzM;(Q$>=NXr907DMYE<X#BzoJxnx6rSlEKF}lL4#%JT4T(f}
z0FRp#-}lS)mrGx`9T!R1+=Ed>2{hGUrG2gAAB55OK(;pJ9Aj1r$;Y$5eC0#9r0BYs
zbm|idT|ISlQ2t{Zhqu_0fKR9W9$#RFsTr~CCF5rIV>t5I_ZOhKAA*f%oLHBJ$_Kgl
z(K@)y6|%VA=prYqh}E`)<_xfbYkBpk`i0y3FYF7czqR9qn;qW?pn>ZYk;O}#w!UWW
zx11_e67`q$!mh230-S>uZTou>m^E1uXh1p`k^jI!LBB`v8NeS0xM`vgzihvI>VeU-
zl9t={S)&8h!{dIx%V)yD6D%>kU%P6@)89}26I>o&KG@?X`T71)0n08D5$Pt`db}yR
z?IBL)0f73-iA!08YQ$W5B{5nn;0qXC*KjZGGBwIeH-89u?MUxvMYfqSr|a699YC(P
z1v=Fy3nJzY={?J9{@KuTuE^%Ld5z!GEmdr<RRtE#@~PK*TB#Yza8ZvD{7l@}n62#G
zK~aVNhxw6_hMo&Z6HAW;YYSkr>eA|QNK<SOD!IjuxnQ2%GxwIVHAr;F^s7o4zDk)&
zo3seNQR^S;8rgm7$K88PkFv^T>-?CmN(U4sci&OivYKJDY|_H4l4&$`hiQHqD<fJO
zv0qHHZ0{}K;Dqk{@Y-O}BYw`BUS_ZGB`h}kU=j<~u!;~PRSi6;#pBt*(!izdU@BFw
zGB9#K%QPm>{&l~P<jlt=m4xaExfbd70|OqXivlOyrjE^WCwvMr6k%kNHYWbE^8w&d
z3|vDo|HQ6welhxa)Ab5pKEw6ximy(uUb2dQ*rGPR#meDCt@Z8g=eA2^o?(59{-~DV
z^k>~I!Rhh8LyA`y2aQWe7u?XHz7_U3p?bSnKyzl)`_VIoBkNZUw)G({r5G(v+*PhL
zmo9{!<!5Ma5ZmrIvDCceIsn4VC!F-P`@cA9DAah!efr%l9_~__C;aobqtwEp-vgr?
zgz`oQq3hC*KAA7t=#$3m9(v{}z#3LY`r@)1v##Gag-JNfZv$({4$fCfq$GME^!?5W
z;u;teC>FGDzH(%ZCFj}EkDGi09=q;e=#!;1)I<$f+|=Sg5wwwQn3fpXK0KDETNXGg
zRLQ(qd#HT7XY6Z?g~CEmo_fgJxcy?Syxu>Sp>Q!DP2wpC<pU^a;*ZLLGl*T&>@Hu=
zjv5yk_%E`Nr{}G%?zYx!tAD8EoSrroSmB{PXYj!D))Jd5Z<Qtkc-=-C4=<polMk`9
zSn-c*GL>p%6W(8cMIBX&3`om(#M@ZyM12r!P1}pJQ&GVh`*l(=AucFuiR=#Uu5aeS
zBU+p43isDr{`l?NVe}wx@h7Pn<}}rbefa5)i`xq>yS?RGKq0%7s4o3g`KV!^9El4J
z9S+kHSL5V6Ns<rceTUW9l(rTAl$tFmS@KCcqO(_zlJH_mQa07CA}N^b;|eP&o5+uD
zw`cSsI={CnDV7PvDWAd0h*BN4cg-y0CfRh09+c=E#F?mvKZ87i;QOlj<Z1<U5zs1N
zR^Pph#bf4^W73trxs%-i-=xB-so#a4w0u7|RAv+u^>(lzF*9Sb%+;wQrC>3GL5lS?
zba4$iXl36Ut?4w+JLfTMJZ7*rXA6#hGVebDuM%Un*`M{7y<$RoHq%Z}Le0<D^P`)0
z$JX>J&E307A|58X#HeNXwp7U%EA7j(s*6{##>ivR*xvQOT|77Zb*ZZ?`DlGc<_39I
zqu^-iCaBj3Fi<>7D3w@XHc^YmN{;{D+z|T3d+v7B`(57V)7HIeGH*lO#wWLWvQRil
zw#$1Pr^{>j%r75%H}G6+c>}?Qza;u9ms7%p9ZHz;>)6XpOMq>K4i?Zd44bN{9ru3}
zrQdt^v)DDEdaMLAd;Wwub=N<x_JQ$Q*1jw0oEUbJyo;D)Bdqux90X0&MH1WjGku?P
zzof5BeQafq!oCL<jdI2pMkIw(OQx>(%42F|yuEkRihi?yAn+=qB#vJ;D0?$cfs!BD
zEf;Iy^do&0zZmvQ>{fX3z#G$FLKlA&&33NaanW^Ugg(Vk&F9n*K(YCHBPCD2*GlUT
z5yIV82r4XP8{4fU>Ri@~4r)9hTCo`aeE^*c|NK)mQPIaB(Q|pFZucthZsqMl4-Y!8
zFrU3MZYO;dsQG8PQooz?YW~4|F8Nw~v>`{>`k~lYPU<Rfg)|I~OQo%FsTroUYb|Rc
zug}p$!J(`UrtK5%PaW4*rnn3`l^I=#DxLUTVth@67C~Si`n7-T0fX<cG>xS=7b?ZH
zbOBf*<TfoF%%ZLU8Q9b=3@ta6!^{Q_pX>0TymdJ(C3Nden_@-|(@x&WXZS3l199vb
zQ)2mtXG+j_(xCOPvIPGqRE9I^3#dkFk`2C#KSdR#)xB-G9kyR7WztHjta`HF$Wv0F
z|L4rYzLkW0xrmi)YV^JO*SpEO+=zN_z}>LJb?3EAJRNkJ^sP(5%AE)(WW#u%wWqJq
zN!`@8U9itASZ>Lr!Rmd-$0qAX+?@F;wX2-J?2ehn#x4+sPiZaOwxRm3DIR76C2zuw
zV=Z!{(2ZaP$J#7)4IRvs=sHQuvSfuzuUM2l8EzXNcE4cbFIp)N$6`lJf8O2Cn@C2N
zjLWa8zbZIJ-u~Obft7q)E1SBDyWtd06A}wmH6Q<Q1~QlTE(rG3z@ksI3-qa77;!T<
zcpN0LNocxSiKFpY-vOyc70<2MGg6FouKqJ^K-ZB44bI-ir<49~sR({q{Z-C!F#sxA
z_oxs5W3z9E>5tcIbeR?K*mNuJk709F?{J?|2yxfJ8rG8ZzWa}`4KLyKHeO*(-<c1-
zfp%Id1hIi3heX)V8T;jkY<I0fnC3p`Zas4Y=EF-uvr@^tHY=HX_c^bP=W2C#f(r!5
zd0+fHFRxSsTUizow$lWDa>*=8`(D-ycl0xO%eQrcXK4B0dd|FP;`g%eu`<GoN?dh?
znU&LNu}=<zmvKKx<V5c%fvU_8zYXeI2A5da%l>Bqmh(1VO{cFzb(8>05Se=vI!{`e
zSNrn-(HBM+PbDyge?F$}>roq*A2@OPT~oghR51ulh5a+>jP2=jB9w5Kk`B9iE@(D%
z!7KjIfw9+Qxbv4ZbgFLbV=>8#g*Mz?GmgR%E}Lr~3NJ*p8CDg@YrEY)J=9phN~<RJ
z2#4(cnt7KWJ)<@PedoH-0rNxw;>izogWu{}{heQv<#cPUU3KQq^z&w&7qYmUiudh1
z=byBFIrFrjhEHj-8#`Tq&|+*h_^%|;Z#;c^Xd(A?5Nx{7K>!T5@dTbyBUI?=LyKsl
zNu7*Bugc*~vYQwB2uan&Q3YIOJTj-Xl{{0zS!urHI_LhcDftst=FoV#51AXZ*0{kT
zQ4eESF@Q>&&$b?-3X0(PW_u<5bT^h`xl#gs+9n-#QVph;<72*OeL8lsaKH0)4?Xoo
zF4^;QNBq0ooVx0-hq<Xn0s{a<$mZ&=nILS#ib0%og>St%)tTOJe>kn^J6sqZGG-p^
z_Oe)wMph}YIdsJwIT)`l)nER(Z<gwa>y|Zf_&)qr)O&G9xNa5mtJva0I|U?>cT|5`
zWV+C2t9ODh)1XzuN3^kE0j-Q&US|?ql}C=Q^=YHoKKyLlEht0sgt!=v9s^DRyB-VT
zT7l(Sfd+WE?6^ydsPupf!Zexu*b*`v^NadtqlZK5FQ!*uWsxD&42Wi2wh~J5E*bK&
zUA`<0Z?-Y@L#Oo;_nlJS*cdw{#9<##7^kk_f7B-IgYqqBma;tPf@8c9FZ?-(Zl4F^
zv{^QFIuo^7-YL32T$~8d{$jh|SrG+i)3#(*wP*RA;cky>#ftO#+gKCV5|Tz2{3lGL
zDvx+)KA~7{#Z6uXVe;NVz>H0)uVGDG0#8c&a;h$lRZZEQk7*g3!0Z=dOJtd!=^r;j
z-4q27FNCFX?Vb8b<3g_gLH{sO48~4gn`ec@Y4F(_G$=PBCsrir9}Bs|Gn6O#R>*On
z;G<>=MKDp0oVfTOluro?E=rTCWBY`<HoNQzJb7qcX)PP0{}~98IXCSs&fJctxrO;W
zU%WTTov%yU?iK$ePvL8;%i}mLk;H)cdH=z4lp-xY#>Ug&PF-?Q)D2>I7<6!04NH{7
zw>?mMWamczYrQ@4r<_l}6N_`h-jVqLm!<#MiSy%Eqx9FZQxbA1F9AAW;Y0$9-tyUY
zoT6ZO9i!h^p76Hy5{vzF4N8VdOVe~N&xW!7l4*rFj?>W>TqQl|KBPkPOz2<h_<J)r
z#{Oy70_sV$xN!N8wRU#aXqAb3;R6P92dy1;y%j_{x3J#ZxZvp<EeEFnCkIc_7X^7Y
zm1+K@Sntz>>-VVNAsQn`gRdg^i*oE<uMh{O)IqX*gKX;QX1Ht?(>bt~)pAc$OreW~
z+gc}|fFWUKpSD(E;Z3E#Q&uDA@~?ZNmlX1|gqfNfOy0IrX2HVA<4DiaAx|LjNm;Fo
zts$C_OOxjJdJ{z-)<a8POpdni^1A1@@>#x)h=OLp__{Q74Dqt4?c#_D@e%sCc)4Kj
z#}F2sU3`_!Km(;_BG>vZ?d8lx4($F|0dGU@(~xKNpG<D}|0?qw{V1jqclXD)9YrPI
zTIKpfb7f9SHBR5V;zk`j^~nemBJOs=4z2!&i^XTxvMQ~Ntzo?b*P4_1uAJ;){P;z+
zXCqvy;>(#Z4e3bj#ghUfx4R6b2fw=Ir=0esJU6B|>wI<z{OuVqbCRdLR+}<u)pnx3
z!pGFEDq*s-^=ke7jM0-X*ZT&j&mH-SRsAHg6?Eka4u!H4D=VLDMH|G2&pH`vS6OzY
zCH;P-P_$z_Cpg$}0pLG_sm724tSfc3(9z1!)7#i=e^Hb5b91SabJAfuUbIbRP_56k
z*;1<Yc*JYky~5j`WTu9?>#(|z%{8=dkR72gyT9D}`#j~zn@@6#*c)V#fbl3~y+rN%
zm<KRd;glU;AeIP+j_4OFtP3@{rj0NAT(!>Xs2VIdIwTh+7B;%PR&2IicgfJY_|V1f
zEa7C#WPi}yAobv1(@blU!R_dsJLt%LcsAG-7)vtq)v>UqTXy4gaj^3_g9Ups91@N!
zQYsVR>gWg>@!j;!G+0jU)(-WWZm@2!;UOJKL%KK-GGVKd{~GE<J%B03bY7i9CRYbc
z0Bm!RJ)_GNtk9X%y$_eNG-MhjDmr+HBC3V>xc3zOTv}NQLZT4%MRMj%|Mp+80%yP6
zVNv=YVRsW<0TdR4B9p@eI#loEA~oS4`t<0}zSxdOtD(E3KK)p#&V;&OOm=L2T{d%B
zaY}lUnve5~sZSSPkF`X<9oiMCr^nSrCC!h)XIuT_A%ByIE$%jlMU+l=uUabDiSp-+
zodo_)Tzd*G8mafBt5vWTYnDw<-Hdvl{y?|V!qz8NPLL6_-CvY>maFjD)?|!_%*WW*
z8fy3mz-4OWu!r}Q&@z#`*hz}frK1O2A^%CalK<FbEjw=Gq<m%GoNC;ivUKcd@sdxS
zR`F)xQ|dGFwIkxitKC+vrQINHNIG2MS^Y0tZ>WE<^^j#>lk;E+#`sU%VeKyTSo{BV
zj=%{31>6tVAChW_-CE4slzn5;RWYGGJfG9)eIrD^@$-`+LHoynG~5iXvG%21k8ee{
zum2&%B7mW{pBQ46QmPpoTTj0qo|_YIyXRPba9BCaC@F7MtEfQll!D{qSarkQXYEq>
z7y;z`ar?Ql%LDiO{Y}TyP0YY1Z)ES<Ebx^TQwk&a9fL9j>_al?57`?o9X&DesJs2x
z{+Nt|FQ%6Dc2E-3itX1H-jZC9Nv1?;c0aP8@y6Pw{3C=ighidv2LC}nPZWG<=Mh#;
zU}8HO-20nu$sa1|E^|`fTsg*(yzS5q-kCcKDZ&I4pxytG?NbvUI`;T)LBb{X7AL(_
ztNxUa!E$uzAw=eoalM)AH3wmtWoG<~X7DGkozz21jZ2-p6r-;9s&rgQ-!EJH^FI6B
zT*j^w%oH9*HR)EA1qDwmS~vUBjl3)qrlOzsKfpD}GIImTwJ)hNZy^D|usq$f>ZCQc
z%KZ&c`gKlK5#vF~SfkyfPZv{$@qko8pLMdS`pxKGQF1UkM6!G5<aSUk!M8L%0Ww6z
z{z+go+$@5|VQ&y{?(23F^va~pN1fa9L%l@r_Ju~R(!XZ@i`)5!`Hc3<Qzu)nB9bkM
zhCi}Hb|jTRU;F$s%nfkKnmUIs8k#3y&@Tear#~-%h|7SRcHTg{GuUe)TCGB?_%Oe0
zN<pXl%E#9az=g)pI|*Y<$J{`pd1hJVjlX6vpifygHJw5iL`j8AMS>?=0jOY<JG%fL
z8hqc~_g^P?r89dbdvw{<gIV_OCSs5VE!gaf6Sw~X6;tt3VUSK{XyFLC2@rB~HQ}tb
zz8dm^Lo2%7qlJLdZnpb9<&14w^1WwMdoW{d2z6imUKiQf=xwIr+ZSz*i<QB4Omwnl
zLQ>P=c>gMTj*5@W_{QLr$^}+Mte;lgEc)Mz%^Tk@UX`BMuvn&r#pJn$%2ly-Re~35
zl7!pbY92m5WBhcy?A(lZ{H5iZURS#eHD|9%l<F?W(|w6quOF32pS?2n4=5OZVC+K|
z?RwY?GV2vdTyv*HM?k}M^_tr!%;yf47rltRtKxRpZEnZbH*8+4+PE2`?|u7M54vKV
zUO)Q4&E*xD*=ZD1f!?~Nn?jK4<1PJSskSOM`ctYi?@MXBPw4|Lzq177GRCUUZoT8)
zWiq2K^;n+iei9D1sgqMzhAKwBxWp@D@wY#sD<_zmVhtBeua$)Zt}2Hc5DKQVp|E7t
z(B4tWHTS>SQ&#sCznT*0<?UHDp_NlJup{Ro=9eIjM~k#mH}%z)gpzN{LK4BhCCH0z
zXvAN50vx|;tr0G5LJW|wF0UnH=5-fMW3wL_ik;ByaNJks&^ou=L1$K5tMn}vmq-f1
zCR_c4;0kn{g&b;U4GqSRfeZxszw|ef0?<EvJf;s>=Bs9#+5(}Q-##tarO5me%S$P{
zGU?HXk9o%XW<|G04DE2<SEd)cn33l|h-<D+4DH9-Fpj^eVzsR+STZ@bfH_e8NF&zz
z64u&a6r;;xe0pD*tI?hOjzo=)3*XMROw8?h<QkJx(tlffVOQ%c)RJH%UU~h<9DY&L
ztAP8{6_9vh(Btzrrv5VEW}FK0f90dHs^dZwYBn9-O<bPp!fC57n|H4}<&f?|EXIB<
z>zW*gN)L;mfh)dzrLSwxbuhPv<w?K(Qnaq><y7F*wztpf@9e|;V&|z|vFlLl8>;$+
zqD?IxH~vOh8@|7O6n~ke`JVTGKum_7J-%(m+KOqfQfRzd_2pR_+<8N<sgr-~E7{Ss
zsOsFS|2o}NR#i?4-RHAV%<BHtY9zSz1IIVU6R*eOKFd4T(4D961JVGYP}rRMOFhhM
z_t5;+qfiqIR=Xg#f-O_mR=?`55~?=MG`u>yRTW;l1%m^j6D4)F-`T=TI5bMw9b&gy
zT#Z~5n5Rz}rKVVwpZ;u?m0J9>Av40K<6K&km1~s4xNFC&+tRDLTnYAKaZ8=Q237p6
zm(jyxZt44PW?xe^s{zc?l_&1{3qE8p?w@rE(iB_I_v$g$es;{X75xx5P|<qS*X_{Y
zS7-Gx%W1VFjY<z)$LCnYTl{DQ))$uj$j)lyp?%#I;=%>AOaFYyR391kHNlyI#{9kJ
zte9#LL35!-B*OXJW3S5t!tRIEHtGGYRf_6<%p%%<TxFGx^3reF$(^orgZasC9(`$h
zWMeNbBZwOAyYFyqTfuhq_TD(S=tF@3Zox+k#y3g9i#zCh0U|5WHB-i&UW`|yd#U(-
z%ja3A&{%kqQMG+wSG-0^$^~bT7lr}X@HSGN>ogS|fUdE+XnK4EpNSW#<ajBm@WvO~
z2^pSO@IF<>xmx&ppXX^F(W|Xs94=I7ro5Nk(B|K5v`sp^bH8)rH6=lLRwXHNUY$*;
zze<|h*F1yT3^^K(WKGrW;-)z{bR_SB#?8+AgsuiZg?$Lcr95S<Jt+UUwT%(K|H_zC
z_!M8q+4Zk&wMqxD^kh=2jk6N9o?V-a{o^O-ksp!pxX_UD`8EBOo8V=q?q8_5wH{(q
zg>J8+Wo$0kr-K9jnW6)6Ia8iHKE#4jYjQlUXsU3M3FKKGyOGfZ1{AGSIV0_>w~?Pz
zxYw4yI&nMYAw`6-GwH7AVi#7-uamS$&BuV9O5E-p>)-kq-u)J}b<Xc>c|^l4?-kYX
zupHqfx~Csv7LBB+z`LM7X+O}UK<F|*R(-#l2KU0y*F|53FuIUfLRTVk1@E+2=r&+O
zU!Dflnr@J|ZBTmCMK)ud&GP2pb;Z9E*U3Ew1+?D0aOyg#(9TJk|J|TE{S7L&zB4m^
z59Nxgr4u^_GV>9ZRa}Bw7Y1Jqu#>}6-(b9$LT97c9h*E*RQ#l`Yr>D(Eo3RVj$ZbL
zT=gxbwHv}Ty}Tv=6jBqdL|!N@XLC7@6aB`n6KFR=yQMnj*05tr4<J5ad*vbOqh~N~
zQWS2(q0o2eqT=ljDp}sFeww7Si+cS?oi|iBXwltyO3>U6u1LkgrN0F~Mz(n)AxBF2
z*^h=o&DN>GyQi!_Jp@XjsapclI-9QLRk)r!UDAIjEH%=f$zq~KPMrs)^g_k@FgRjM
z4*I%6sZ^8aDv6S~BYpQ*O7?Y$h+s<JS=-0daRwHf@@@U0!q1H7F6SDSAVt}HbE<Mj
z^Xg#Nb$=+(wI6Jxx*%Hvzg0r+rkeBx*wnmx&ON#gy@}y!`)&%C92T4@yu_^|@B{6N
zK1bfb?$<wsS2e4$%qEfY>}#vv87#L*R`xH(6f%;^cN1q%Jcp9#UN=d*f!_9VwO#(h
z1|a*I^T#&pT*>dI=oAho>}RqS#C+6s6vqNdF@qPg{Zf@u7bv`Ybe;fMFjYF$N18p+
zp|PYNy~faDB>~fHHm3R<eh|uv6*!o12{kIc^>N;#m3YnCZHv$)fi7LrfX-+bzpu`O
zq{v^;z9y%7tKFi+hbLf>Q?E&Fcmu}mYAuM|Djt^Ln**~s{wv=UbFP{;TlMc`+A$3I
zMW0Mo%`c87t_Z$5l*K+fGr=SnsVr7Pdhx2QaCBFxjy29T#-TW-Z)Z-a){w>@#$Y0c
z!D3VFy1zL8Rj7%<wP7If(x^$3A*l28UN?IG9%LsjW<LV&0B4Dt3zagQCE2?eXSOw(
zgbGZEneIN|ri;z<gy9Kbgg2D8!s!gx{1O@J2SFo&-RuuJnaOB@RKjQM%LUUl*xp#A
zp1AqNtmB4-|GUg-{@W~s$zE{sT8uC2Rl;{-!)*QH!)wA&BRn}W#vZ19g&L0Zmd!s_
zu&`kE>w+Mg4eN}_ek2$)?FpAjgLVby3NHc0FTN(T@9FpEIf<sWIfO*Q38}zzk;|go
z82)kO4>cKFX34wGV(H76hc8y3gST_r2rsb@S=qtb|HIdp$3wmS|G&o?#UzCgtwf5-
zGBTJpCB#j#WlLq>WnZQRMW`gQyJXE)Bv~W0VM-w}wiqHyV~zN|-eYt>-~0Laoj>j)
z*KywGyq4!{Ij?h$hCce7(H1lRI^nu{k7iCG?N*~-^N93a`jAa9B%t5AzJKl?s5;mY
zsiU}wk#wQp7Hk$m_#}3bw(n4Yngnln$<&c4LVegM<iV>BmM$^kInpw6bUy@5<S7-n
z_8)kc(4G8RcaWibE6@`g@(@U=q-}{l(nd@X&-U8F1HL&?*LzL<XQ-0m)DI#4u*9ti
zkvrirtijq>)=)^kwRe;0iDgA6@`4v#a}$d<IYq;5lzOvQRjrknN!FRBZD`UjIO2z;
z$MRi;VYUzjI^vlPZ0=Z<+kDs%w`It;^!aa3PGsxBWj#lXlOKPl=Fjrg{gdk>p6~%X
z1|dvPTnOOvQ@RVD_9QFHtN^k>Wl#rQb$8u?9QVBj*M{zri$lJe<SsR5Hf;PeOWjl4
zr~0lp{Ra&ed!Iap%a@7!*yf9L^v=WHCt-O-{OE(`9tGgqwqAgvKOnn1CCEZUKNQ^0
zH+bZZx3sY5rz`_UmC!2zL$g;wiT?o{OszCE8r(fEhY<hfTUKxuG-)Py0<#EgJ;h!w
zr`+rPbrJE9r7wAU_onh+|GD6#;?e5pV9a0^O<T6HAxV@vP;pp$+sE=!c-*S$sa>^`
z>o%6|o8%Cp@7J)v0-=GgJN#~Z4O8*97-o3A!W_jt*<Si1LN_Y@se_qpJjxdVaDE))
z+JV0fl|MwGWj}|Q77f%*u!GgV05_=4b6utI#Ey<D9-O~@(<;AIJy=V}0|L(_oxGap
z8&SM}6rM;X5wL@yg?S1Pl9J3tzkV2pmm;AF8tQ+}&ToU<X~HGggS~#9ck--tQt_dm
z^?Gw^_^;rm)6wlB*gy#hrH!S%dg$MwjZm!dE~^40p4Tj~cwGqUlPbzCYdpt(fF%5v
zE6Zwhv8(0i*AI>cBm8agf^#X47i8eJ6FO}V00lPjT$lQf{6YMbm`nu2AbRQJKWnFP
zNDea?4zkLx5?8sXTst8!sOajm?|1oL&aJ}q;W(2Xf1j6XtbW&3?Qw_ZOrtY(eS1m&
zGuRp5jnn>M;UPss(q>#vOE48YQ`I{U)gFG9%@ZQZh--(NwBU{XYb9IF7CP>Pf1WZQ
z&e@CoXZ#G*?NP6O4u=it&9z!b|1;$R;<c|ayn|LVy)6HhchC@YVuNMH56eO0gH4^6
zFZ7jJ@fGNIE(J^^N}cAP<dVr??yjW=H^dsyAz6t!h&6a_&*{*_3H<`e03=qk7MV0^
z<0aSkO7!$EfhG@b4&XqeGD~o*b%D0r#;6GSz$q{SV_a~OZ}n8mH=={w>922ap&}*}
zyXvV7fUdG=I)0r1XL!y{`nKGBFYfLiG8Mix;?v%bjHF(RYwhVrub=Vywlj_~zAml$
zZ*(e2+Xl=Q;J}^7Cs;Ay<M@%KJ=YwJgBYqperq$KJ&=0twRJaYx8An-gW&|5S1exK
z8XJ&`0~~#a*FjPJZJMi0xGupyGXmR4^{S905)w4Qc<iM!F-(HzBh=88E#yeC!ELF_
zEoNWi#0R*Sg3GE42RBKO4lWBOiEk*O^UMZhJW>O9I`<VK{mOvJ^;Jii7h+6zb%=pr
zzKutO;wt{(ne;stFGP9$^xcB36tq@Ah;HcvAA*Vr3SS)nnBB{Ks5|*YeXF*=J<*5m
z^;+KXII3{F?c^B!H6EB6X}7;LsdN)_6;`9!j~hwCE+avb>c@^i1waB`NQ)B7V*-Yo
z<`Wi78aOboPtuW@1wO*VGsez+W+n5P#3l_legx)Mo)4;3hw}%TyYHi7M&L$G$kLV1
zDIlPZYvg*`zQ5ommeUPLQu3LXIjVe7|0sLPp=KbI=NYH_=sSCgjt~@r0HFibNYr>h
zxZ(p=j>K)w<%moeP~oYDkr29EaGXO;<pfJlkd!PO09kIt>+@#;7uO+@2lj3pV1ie1
zmQ$wuyILf~AQc0zZO9HF42sU%88}UO!g7i)w5^qA*hmMC!Xq(6ZsCjy+Dd2x3aZ;C
z6|ZN6D@v;4;G$ndk&as$s2{Tt>^aBORtAH?tjFJ#jBPlbA4@kpWgb+d%Z9;rayNS)
zzHCA7`OqInv&1TiHJ{bY<i)xWbj4fbmW{av_||rMa9)Zi6jJo!0VD>$%hsQQ&@R*R
z&9{BGsR@f+U9(iiZ*+4(c$a$N!1W`CX<G^COkW>oR3!e62`u1(ns~G2YywFO@|h&_
zcYx5KlegzvzpWP-)DYCgygp24D^IW-wg$IWQaNy9D-C1Nq1psECXs20O&Sm3rh!4J
z<7;Tjn<~wE#BKvrlfk`x9!17-B(M}E12;O_3K6#zi7P;@=>9eT;R=ph^ABP!ZkW!?
zUWT&2{(*DpPvBfmlEAry#6G`7tCF>Z!L%oSuU7{_a=$RsA0uwCkF2#0)iAJX$I$tq
zt@}7g-)o5x3ya#^BzCCr7CVMQ13??4kJu+n==)}UDy@fi-r2}9iI>CR85XhJLg&gM
zh|ew+l)iNPCrj(W11sjFNZe-K4;-Pp@}VF|ha~KGVhG`{O2pLmBOFoLS08w{j?^4~
z{s7-h7<+m+ZHgSs^T#jXyd}4}COR-mxVr7+GQz-&{7wR27*8=DO1}qzsO44$boTtH
z>*94Wa|lafDB-t^4}PHgd~Kf*F0Ap`gbBYk!$o>FkH8A)JaIR<ulxRqCc0AL#vHC2
zzGF|M>bc+%q~p!#h?b9~m3t3wKqg<QGZEH)vz{Iz%SdwN@k&+~_2F(CI{9qVHGdmv
ziCJOQU<L?94Gt@*e52qWP+idVdA$@5a8n;KfFpyU8C)N*%>5T7YmmXK%YIDEKJ%0(
zG(XHNp-2378{R=A_(VA`hG0xrBiHj_sHIqX`UCz1Y~3!5<*Ien+z7r?za4HvcD;J!
z20Cx)P7ned86$lvch1H9!_OObV+U?0Lbl49F#jA}#n(lndZK5m5e53tlgIQwKh5{x
zt^4QP+n^XQkALSTBY8NuM%u>Cg_4-0H?-JM1kY&XLk7?ga`<=8yTo*s4jA^z^rXYo
zqCImx$yg5O_^1C7$V{G;SlpyimigPTr|yqp{eB__qGlPFZ(>YKIT6FOZo(@M2r&&!
zjMvK(>+~!P^1NH|1LpdlEed*U`DS`O?m@=JD-F{vN!N_Q<R@8_+R=gOe?r*7tEEzP
zpd8ZLZOTp6y|AZ7U|mO(Z$boceO(A({a{AP8sY<e7+=H-?-kb(7MOm)@|F7=7Y@W9
z&E!ENXhLUB^9{y+;Nbr;#I9#;ljI<3G~S4W%4*EpLYhu{dDgPvoDex*+`3W(#U$^=
zo4vY%ADk$2Qk=Cd8MunGz|5|ttBF@GsEOXX>gWG};T9LrCRP%=m5CylN4V)MWI2CI
z5Rf<qvj^2HBpqrE2GBZIhVP~1+r@?SsCFecUugA^3NmD4T%hL)5GCFOwjJd63+wCR
z|7i3eG5bkY6H4mv{HCzuhZ~`yq_9m@{BN4`5(+NeAqmJM5Q1#0C*Vz~q(_ti?89@)
z52U)r=iQ_WeHYqx_Pvn#z&IO1KY>bAzOPfx9x?&01IN^5vz05Vfpa`Bz{-lS5T|ds
zY=+6EkN@<C3`^lz3F%_m(Ncs%4%=q|SC(-Be(vRowJLAQC#xPBv+&<HogdaL<!4u2
z0NK&g5b?}d{2q1R9TeJusi4CKVgi}MiY**b0c?3FgV0vklnycA1;jG%xo~)`e)T)_
z5thO`%Z5za7_{Yw<#RU4u9J*JPT-GafzI8$TSD{YVKG0<6?+V9wFE2c`o3P!wQ>F~
z={-J1%CW>$OlmFz_Bgy~*=iOS@PA;380fvG?>Z=Q=lW?%b3VLxjF67dy~qtNU=%Q|
z1;!8fh&=B;YYl^g9#;GHWb*~Nncr=GY+qkLRIYD5vM;?h_k(F{1@%v^4(S3Wh~GZ!
z;Yoj~1y;sy&0V*%@d_6+A^laag!=`k{a4{Sg08v!0$`kA6B4%1;%Lq-kJxl@b}zJ^
z%;T#60D3*HD?jLNvCEh!Nl(F7ML>|gHYBn7IT~IpXi0pUkEMnANcYwYE{~kRO8kus
zJ~+Gk@&+`TBl0XKvxw(T&h+I1Mu*r{PuPN3^i%qWFX*Q447zngVBS5vKJOii&;1A~
zLA6S^2NMpJ8zifu=sMZ`rdMNHN~EX1etTDg8$jq&z2_6#<K(c_(Lt@P+i4yJ@$rRi
z#j4`pSqQ9FsjML0|0J6B7J%UnGe=Gozbzyu9{+0j^zY3wTe|E|)ByQ-MIN?z?=T?d
zt*q`TO{Jaqcmw_hOdJn_lQV*iQ5ODl#hEUbQF0-#2f!|6qAcT`o+>s&-#17)PWR6^
zAne}MVA&2;h7hcfxU$dhA%_JHkY#4PBpR<L%6{ux5VhUI?H}3H^$<tt(@6W=b&9Xs
zhK`xz+b7a&tT{J0{4`R7A~m7XwS7m$Kb9`ed%EboKelYCyr<UJrAxar6BAC>DkuZ;
zThfCbOKuJj$dv3!yfT6J@qt`J?s672mmQJ<Kb;;xWcJBq*RcC#;Nzc_X1@~IX7)<J
zci9ROg>Er>`LCta^hs}<Fr>Vn=qXTeqLH@B_*EB06t+8#VMxkWOL<VtKw_bb==P8c
za-xh#yW0Z8;0?W|yw|$*n%w0Bv6~t)G+cUTV`db%D~8o37<@FA{TR5GM3#fie7*7F
zxoEz%a4O3vaQ{h;p9vSl5721qQKZMWby3NG4?A)3ROsYBNJmO{ET^~%Arm%ZmV8GU
zv3qh$ChryEs-FA19oYQoWZqos#pXbtxWt-iXL4)h@!3jjb*~-Jwyhl_M9*|1-jOjk
z0VL6!_?C^LDdlS^<rFK1UhSp`^Zh2r1!+s|?$3RjC8SK5@kCziAwS*w9s-aU`qbMm
zgFhu$jD%T7I(5bj%AC*AaQSd2oC=sWGF%oE*R`o(7*j#_*O2LbJbTuf^BY&}ann$N
zAm@jyna?^(Nrd#!_^!)l_?sJO%T4&99RnG_rN}T2ekh*MxblxvZJ25yItJ>Z28ivd
z)yQHPGg#F3!nP%8_{niiieemOjo+T*9LLd(z-y7ycS1E(s^5jz<_>{_Rj6U><<8Y;
z!)jJ${lv;v*63UO?&Y$2BX0k6f7p*ZvJt_nKyo*!hc3I92H@>5=G>1@=aKk(({?5N
z8S%C!j)qRQo3-C*nt0~Wdb3Ai1I4rKP2n#MYh!HH4!U}7Ep4;iDZ2$Ssli502SGir
z>sjuXZHoOd(c!_xBlkBmx>TZYaAi6cznilv+!FLtnjSM2HayYdWg-rMh0YK6zMJV0
zE7_1(Y5BT-?vX_UZ_~kC?@PlhvnweRT=XZOi(0$SF(QPgwSSk5T}ZB#8a?>fUmVa3
z+H5X3(4r6h(pi(POT(cUe(Pl?u6<|2XT4JlM3&OE^>8&Jk@KCW(jpbz=5pGT+i<xy
zcTs~|qT21?pz5T>-rx3&g$c`ej|iTPlZp-gyl_^UG9ZB<$6}?FQvWV1-rRHx(wW=r
zmp}UUD4*~<NJujyO_2j4s4r%DhaRgZgD>V7$AAkv8?lpuf1Y{YaK~bf5dXOR>0lvg
zBDm$vll~1o+kA>qYsg9GBrez^LP=JXO;UMda0`^;op-A4PIvS>w8s2O(#-7$s@(EU
zC~+y6dZJE<leIfi#Oyp2_E@f29>6mGNtQ!RFYGl-Ydv0T8n%tZntgj%iPym<x1q&s
zzs>7<&(bX%rR3LcF;1Oun%Iw?0Yk#XWyRQbDDf?3k^pOnHNg?zB&%;WP<dFDuoaT(
z63cv4K3_MtW9YCyB+EP`Wp7(0qj0e9pJ1Vo1b(74>40K7mUKlvHnRLnSfIsr`yj`T
zkgrFyW8#+hpT(>4x^OP#>8+*uHoEW`9;}+7gD+u6YTB*|mJ7BQexgCnfe>bH^Zn#6
z1tM>QW<t3;a(|0KUh%7x5*$0Ii^l=^y>>Nn&FP(+DuE~WL_;SLBFkn7wL#jRsmc&O
zEh0%)Ak$vXN)`KlDmmDUx|OO6xcWXry|XRvaTNF7ZJ+rVx)tbhoV5P}^<LYnon?X>
zORs%_$_EEIvxSXoMbcDL>Ul&zc*1@CgGH02-3MgV*X-cAv*4bb3632>_*K_Pz0exg
zt-R<20+-`w;xjmCNMtF2E!T7Fh}4O4k4o4>1u~o!wrIZ-?y^B8ePAhltXeWR2NOn5
zDIol!n;OCzj`@ji%!livl`m`~V|(x}AMXr!`p3=JH64J%oycsjpsF?$Ef7abE!!QY
z;YDH<FNDBI_ea${r@4^&UBtdOof)<wz0)_FjDl*f9924PTkSzk_DFx&TA9zxxUiD2
zkv=DJ{{eej8DJFbL3Wn_MyUsQ=yE8I#czsv37dLjKJ<^lkqZBlm7$DPhf(bn{6dH1
zzaG#1l`(}O9K>&&i&e!)Px#<1nhQ-JdrJ72b3mj1mB_53t#VExmTM84Zg%(Swr-=@
zeO>LY7(aEoJ>ZulFNA1lR=>jru)!7Ecnyi_d9k<?oEK^$d3?w&{s*9{!80|JtU1w<
z*S6^;8NL2Hso(-vkkj)AhPN1qN7X_n(PLFOdijOrQ^=25R!{6!(iUN<nwuqOUir9v
zNDpU6I$@9|;%diJ$taqei3y`uejo-rc>Yprm{j5khAXhfp9e|pJ3}oy9@}^&#Hg7U
z5~Ke6ioz&<1#8^!SPALRknFaMnf>}Z-Lb(f?Is6Oe}8nF4N8!9Ro37-)P#_<hlFB1
z=McfK=a~qaP4!U^o9fd?EsC9EpWB1xH4m7(wokjr-8<iAjY&|U6Tv`~T%}Q)Z@yn3
z!VZJnRFZ32y8{5UXmZIhVNn>)kyh`}m|EOYS1+}%=6M9fG;puwjs2&YKO^0PANPwb
z8V`~s5XY1BT*3wLg&mK{O?d9#k2Kal#fklt<1$}LJMQvbauMuH`rd{Kyf3SB2|Gn<
zMpl=YPTy=KwwwycXAQUvWg))P$EjtqnnG%cz5|-<Nd6M_vD5>zxFD_&ZR;$sB945O
z0mJ#XdSwu4jfHY436TI0!m6I-4HrV}-eVBiuP0c{Twem^XWU<WB1`iiFd(MbPJlge
zrtoza!P(x1+2ar$@hr>R)brXD&kDt+@3w}dh_LPiKL1Apb<xdUK(wlJwwVFBs7U#E
z7Pf@9=6Tpn?fX5zfrM@h(=M*fy_?X*gdrZ~g9r~*`<0E1?lnSZ?8Jx_iQy)f{9+%b
z8WtNp4(@dMpy9Zo?#U&tg!HEPcN#J2>{Z+=&?A~!-TL&xjAIE(fKDD!_r;BkOKDb5
zEL!8{;arhmSQ`9)#QO?YUJibogCIcD0}@>i(6?xDi-@b6|14DR2;MBYa@ow5|EE4V
z(9V(^Nc#9}QJ5lyH2l3B2_o@-KZN_B)320!l7%US1zLTNl;xm`y|JDqVICD8<&*mw
zzQDokla;J>U6?$GK`zpRmK+{R8*hVEBSP?pUF7jOAD>M;au2&MZyRc{<DD_v4`lvz
z1tK1U^_>#bUvfPTee+D?>U95-q#6TWhU+QG7|L%AeAE<SGeE~ed8RSn(we1(<hI|V
z9y_)H8GE-INp=P^5T6Clq=a-j_#udV92EON78e@H8I><Wt76t(gmi;CF|*f-SZ9*T
z5~2|^|J?TH!p*|arF(OBm!GK<DfC(j;^}6%Nj~ZGuQvQxC8fa3$(|b&X=JWld~uYo
z?ih+^N%g%lq*7@}I2cH7X;$JH*vx=<(sR1+XadDq<#b<X%S?#Cys^+1*~?~5ttgJx
zJ$dQWa4>Hvxo63rSV!N6B^r~^@9B7b#g92q@}17aiGcb3fphnMoJn>tJJ0JE0?zac
zQDe%&gWRk3wHQKF>U?3ucK?EHNRt1uIY|2ak(vOt>fMN}6(=iV5_8FTDHh@(ZkIh8
z0+ae=IVT17L^v``zU&w4`PkFSg~@|nriBb{YM6w8OM_aLrvWKel2T@-u@9+7;&$`6
z<`}!i6j0dyW~)q}M*}?3`a)dhR;Y$OS~)QCfk5-|UD0AI92xeG^glZ-J%6(xOMztk
z)*mf)0#4+<<JXlw`d7P2+rJHBOWdV2toUw0c4E${NgpYr$EnEVJyeK8|MnyoHyO4b
ze<~sdRs2t=FTPgFe4ZD(tvPg_#^)sF-m>8Ep%<6;aw0GGHSCYO5ryV^r!Pt{pp0&Z
zyn>DyCmxvt`j2a%g<}Q6_CKZ!I%G%rC+|MU^fc0L+<W>!<q4m#1@eP6;|Es6%mx)R
z!N>tmO$CckO16+VY%R3NlMmfKeu!6SqrdFu5ayDxov>DE^|EuDZwyC0+6~VdJ1!_l
zx>a^QG+cv}JrF^)4RNi7z4wc*Inzj0ajk`R$b!sCG8B(w78;5zcE%j&n$Y+_47_b-
zs08uo!ODi~HkXL4bT~tTm1BnjoD4?T$(CmrkUJ;hCO5_ME*VnGEYRanNu`S)&%#MJ
zJv_C`%tyj4RNNk&kf5sV&)@ruvOC}j)rwQcgG7ef)*$0&{&8=XdDDmpejY)__Pd9d
z`a*6&ku*JVR$2JzHuLsCtdsqI>U-v@Vfywn;vW&LgJnl0VtOci!1Ma2vbI-wl=zff
zS}F-CmtQKynm^>%f%4iDvlQ%5+%J)M6EHO2Hss0sg=kbXADu)<-b2wiwmvA_s@g+W
zim#6-M?2*hw+3nWq(K&4882#bqt<AkSe~s$sU-eueOa4gNXN#4ZG8m;Y7!rx#mz5V
zvVX_uv65Tu7FcXiA5+;5f$E0X4NK=N6N<6TN1kqk7Yc$yBb()~*k-x&FAf<UYOOd;
z=>%5HuU{L-fq%t;n1sxf)<pA^$_I>gG9Z%l?3NK4WN(fxT{G@VVf6@~fr#_`ryS|M
zF$bF_zVWr*G5Z?2dBKNR9P_0EF&;C4??NMvg)~f7Unqc$_S#XEe(y{)pJ3a&UyX8R
zgi<!C6c<rP{m=y&RRT`Aj3Wf6q%6qaxQW$lzv>R2E}uQSz-QTPAKW?iYtLVB_^fum
z8@9O?Ws7$&fWqRN=*o0B&K#^>pGzvd1X3l0it=NZpEy>$yGEJ5N1~2bT9Imt+4;5&
z6(zopwYf{2w3W1dI1l;d9xc~(iXJGFv)+Rl30f9MWc*mBR>w}6=GefAkh4&Vut8LB
zpZfS)x6_9-BQ|cjz=U*<QG$mr%p?s`TqYdJ9tJ*N&W@Gehn1ed-*6gr_l3J7_15oh
z*cBHrkquT-lz-V><$M@0p?m=jRYLd)wGLHJ)oW%e-;X(MsN3EcW%JSRkfOH2Q#K#D
zluLRN-oLs`((Go|x7H#fFO>mb(ALBa!oHtF(x1IAt8LSL(6`cIs4k?Y-a1nH1%2(4
zD0~aMqn7o2HBOT<v~-g)Vs<{2>RxFBnm+N%v>Tn-!%2bjW&ZO8<K6<uxb(6vlXew|
zU7f#(jJyL#YKq{0V<gm_Lk`>@g|ma|8j4kH!(Lg$SXIyzErCTRLgWpOU_EoN{BXe@
z2@7XQgmj`Hb6m5hZ1DZ7-0Sf{b#amq(pRZ9?y8A?M4dqav3mA?<FMQY29Ug)p+)|u
zT3Kg$;Yu*J`er>r*Y$Ofhb0Q*z>i43fR3NE_G4MZqn$|G^-u$Nx><G)r}oll6yWkE
zIgJO;KA2#~&rK+}?{gylUcmulvC|`=0sX;7Tyc7i1_f3~5<G~R+jb1c(-vPhP`zFL
zxqk932wU?uHugKz=%rGB9iC1151J@wld(HD4%d^tpzOPi%`BKU5Jd8ot%Q1Z!WN>V
zBriO*xg6#V-a*4WJO-EWspFScL)pOB4<tngelfe)phM}=kH&-$?-j#8qAGsv>B-tO
z^JJ^zX&7Set%hsn&E1D>w?D2Lb!t)!snNK=j3k|)JcRSVxNzpm8X6?j=8n%?NuGsQ
zRtrB<x@KzR7jd^Eamdz0$H$?}dLp&Co<HEW2Y*#NK^tLWtae4QOYNin;Y=}wJp|*!
zxIOt#uGQ#Yjofrh|M0g>OnF-`FthU3PKoZLaGtAb{b9BFAu;su#|7_%tX!@(&To+f
zMMcFicr0ljKRXBqLK2v_prpSn+K(jI=fb5>F;VGVDW!v+Gx)H+ED7U`Lw5H}BI@U4
zUf79x=IurVb}kp7AkVhS#R%00Dc4UNhK-&uHGy4A@zvK{EXN<+E4<JskG&R)LE09}
zT<+Qr-0YJIbLD=MtrcXm#3ii&Li9}Sa9d?g%S<FA;<iJEU8ARH$X8DWAu8MkU4q{y
zaG}MqKBP*-bcaYXS-HYa^5~XxEOyRuCb6ZCsU1kH=*l#9%hf!*@uI-h`libxaVU6A
zmFiB^#yPUHoeMknq<|BiB!-HicY?XT_XVylZLI&QmFJ&!$HFEFR?cY^mQYPiJB2|S
zUXRtlN>pJAG7j`9sLmv|pWv)AXESGRBf5@JIQ`Rw&R*KDd!>DAB@fnZvfodwe3#A^
zQ|gUDT5hR|^IP4=W}NXWtbb_V5gmm1;FO&Bqq-N$kEBcmiVc*T@C{86aY)OEmftqN
z+p1je$ssMnqB)!-7HxRl5jOjBq_O^yl)<RCFrQPcu6-vD%jXU=AbXBXqBI$dEIZM!
zw+r#Oq4{ewV(V(J#8FzBPBqfuIgxcb;-}4cCnsgEwhn6>=Qf&YMe@you~eMOM9){8
zQq~%Tw84t|Tb|hX5%bQ*hs@g=K-x~)uTyGz*^$XMsF`ex)d;QDJhFuh`=hok;&{o1
z8gwQ<?g^xqu}}TtL!@k*vY&V)(+WT)-=Bp?UvE6z0B?Kl92pgA?8<%;y<1-6bzXUw
z`@&P^st0T6a1l6?7%$n2TX)4gPWf8h2ZV6&jCN<SSljl1^Se)oQX<91$4>&zTT<g>
z@`BPpOW4Q45*OveOsMj2M0Ef(PN*HmI|NWLg!xA^-wTy^gcs%7B-bEEXH?i|WQizq
z=s&g#nZ;O*y(&0>*!tM}@w*8)|F+QK2@-GG*WcQasIYLavOjSz^6c2n<s-Dx5^{B_
z$)YJ*a-l6!{7Bog5S(8~pN@T2sn)&5Cb4D?24VEmoDF80+IQTQL{&A8_y_mdDe0;<
za7%NsB18wn07_^Mm61^VYGzbFV`i<N76-y7u}t~N59irnKJ`HUsJBSIr)PNkzN5Jm
z9sTE=ji<l0w(o0F*6eNibhaP!Y#1nrHiE)84I`?S0}Ee$-_9_1@TY9G+PkBVz(e34
z)Wo9Y8+Ih_VTP+uBU(@Jdip$YxTqg0-Rhfj1`^nwIsW1}Eb?M+UXVuCljtC?u5L9Q
z4Ds-0F`88RMvNNeyxksf<#|09F(_ILQ*~}jT|vi(1-x(Q@$d1xO>0j_CfL21*&^xY
zLH6AA-R}-!`=yem0^lKv%9MtfZxCMGSnuF;K7$<@KWTNaB?xC+J6EemG|r>kdDndz
zKJ!baUQvT0<s?`;Are+TJ5-!(eDF8l<5&hnN<s`jW@kKX0?EnAqvSpCuu)8FWH21M
zDf<gWAH>TVKnGtXx=juFy2-!EIIuI&Kj+%yd91}A{xu{uk&;9#Vkkmab^{5!BR9=s
zV!tgYd<sp*AVR&`uphJkR8N`gMUKmhIF4(_Kv8Dm-0!xkW2rBOvbFN!(?t42#hDNS
zmaU1Ah<V-WrF}gLn}tEHCs}PpC*Uii&484dAcZxHU*??f3k5ZjVkg6MEO!&e!WRxQ
zRdJ3OnV4iVNKLAaNehv)!H3-IdM}2&n-Os|)Zt0-i2gQl1^`e-*D19@_v!DaRPBDg
z5g#W(tUvVK<7Au<L1@*$tD(!$(sgsQ20Ador0`^Lk#;j9>(nX+Vq<FcTN#Lc^I{1z
zCgL@w10Kyu#carAr(x?Axc@^(Kh^WY)l-OLcs7)59odYy9Xg?@Xz5lWymzW{^RRDC
zpmC)J)1Yr~o{8BVL}5}AlnENq{)@7LN!|WX^Nq?2?im7*S*n>93p45CtCg>QB~tye
ziI;a`{4jLp8;_fn4)at}_KK)E)>SvrrInX%oB?9F_d$!hNv-EdvPw20rEbM}CpItD
z7ts}GK*}F|;YUB>E29gf(?km2;zryg4cHY70UytKC2X$<<g6KGoc!4IHu*c_$b<C|
z|3Mqf2kP{F!bvLmY^rxSOtnDx?iKck%Y6JTA9N&@cvJ1tHU;(=2xY2xOD1L|SnuBM
zP4^4#>q<7(Row3n&*hnA%Pi^2uk*^>i4fXZ*JD$(^33!r8HkHqw3I19vVZuzmkHvS
z2wFAb6PEDn!)^D4OWK29x^(o_@r-yCzaI;m+ys)M1Ye{xn$FO1n}AIX$#GJ5p;A80
z&ZT4_1P9;XzE+${$=%V+dye%BQg){CS-|!VWs9&rTwZoqp9h!nZ}CsV+5R^U=|Rro
z+1`MjRIRwX<9INto?C4Azu$?+qGUP%aS1dpTM+S%o>#`I#LM3nr7LB}A1!T6tq%{*
zdzdoWZq==}#P5HOCjmq3^iG5CKqE<JPPpI&buZnGQPS)^$$QNtYaQZhVEwlOylktD
zQ<jp9tCjCD^YKUmK8z>HyB_K~)#ou)f=fT$@TN6rP6k0@9l7eI8x*yr!kpnWKtyY<
z2uPCrE4*Gh16-AyLi^5S8$N92EmE}w+yUu}OCvtUk+nD_pW;5r_-m7O6T_PLwLY3Y
zIqwBLLPdl>Hr=#9k~S|JBP1!^Ii*~mzvP1pd$Za$@g^Ns<WQfvAXV_*+VHyr#3gOm
zh4F~<P;%qPrVl5+le?9}I$VAZ(z`-~JHsAc@khD~oTJIOyuUQAODQ6QPwvuikfb~G
z;+zi8kkA*Cvy8-%Q&Jp+Jp<n(aJs?)onwmLyp^LN9&z6mJ;oy!e&IM9MndphKi81x
zu!~3`B_F6e6?5Ni-=ZCz&`^hvPV**nR>yyxtQQ%$>a;j>!e>_aGw4QW!&Bage7&VO
zQxMFGzM~m6)YFmhR`ZQAm0gfmc=6-W@@!nFNqNkONhNr>oSCeh+ea3aUc36`pY$Cc
z$+0l<(MX+l)+QQrdy6UcC$b^@h3>w-IqX#=(b{GYk31LxHYov9^fn_zyUe#2HhvFz
zcH$++EJ7;G)^hlj@bz0g&w#IFui55$m(K`a8m_WUo0+IG(A&2aq{{U5$Mz+OPc}<x
z{UBkP;vqHonS9>$$cuhE&iY47)FLa=S0?2B4>-t~As%wckz*~feb2lY#z02b;R&y5
zyG`P?$uLFkRIOUAF@M|dMY!O+TD2x7!qbFhy8tf&k<UKZ$KRCo<RnL&cC@i|>W=fw
zh#SQ`BbL(ssa}@i8|7KkZ30M%D8z@rGz%8xUxH_GeOxR|KMvc75-hT8tQ%({kiZgp
z5|gw?<rFHrgr<f*kGyrr^_jnjLWI(9#yk78x)@7_D_n+#e{ZT>beNcr_L2?UQ^9gZ
z_|=m1WWP3%tOq?6=pF;|@p53ZM|5hvj=tbPePzZvxP+B5P~s%`^;j(@#XD2KS9MwL
zNrN3eTuj3lWb$*6RuCm#oEeUb3Vu^)GV`)}4yDvTWa;W>F9e#dRVj>+4p@zOUq9^i
zW`1ExwEA4oE~T*)50Ily%~E!f%MvR=ZDkG>_ZZIgZVPx^cC%h5DM95B#7n$AA~=Uk
zLFt_h!;6|wlageFe%rO(`nSIj<qGO571kPnNDHOE6e1v&*#*loWHFS`o+Y95DroF1
zqiOy=XXPD8yS#<wVXw^AjxG-0wN?&>zl21{l7ZV4TazoWeV*650ue>xgJnnq)De@L
zjSYHnw{dp|(|4<ubqF?spOV(#=@Oe}`DS5Xr|q<%&#W;he9{zk=J<03J%^3<*QTVE
zSP{$9)*~`aR9Q$fzNJPMfSOt6EUTFmLfv`{YdSavFI4HZTbzrm&70^+gvp4h|Hu=p
z^1VOb_2J;eobO!<bEWh`&O#RNM#B7x8DyhMTW(+jk0l;FyYNWZmx>k4kbBej2#mUJ
zZncIZ`G~ybkdM8U5UZ4glkt;ucBDMME01BSrQQX4w*`mbE+<#8bf@_sNfAF6E3HVW
z8xeyVncpwp*L)OIci=__i;G8hV36mD^ZXc=A3AsoV{t};=)jK%()l~&Q|-md1?2Y9
z))uo2#>tq9B^l<y2E`r752`xNAB14?uG}My=GPoCqE4wH&9V}VQfITf%lc-OJRb|X
z5@ITU=YR`K@}0m>N(-HCRgMx!?&55D>bDjd$7S0fE^<ALi0_@5B@O4B?{<czkbJcH
z5x&CN3jDKCRJ^N@_r0@5n-LaD3b1MPWX}b_)gTR)p-0}^mcqK~gFNuTUCoay(n^2+
z&K>d@kK*xBV3<S<)akD0xMj&<7wf-Wc4}dXSGnR&L{S_=aPISb?FBC(@87l%=f4^I
z&WHR<AJ6K+^<ApmNibz$w#XWTbPQ`}IDAraYgUAq+mpk}Ao6$&HC55S*|bX-k?uJ~
zTRq=R&-H(^N*z163o0}oFb(Y*>&4yfdUv<`sr{)Yql_65C5M;AI|$gM{^{JjJRJ<*
zFQ!8p30=!x%@cn&rE_3rLzuo}NZQw^gUvp68?j>R=Sr-RNt3wJkxT|;CQjgXjYbC9
z8V4Inf#0`(YQ<cZKg)ucY5|VS|31?k!}u8?=E$>6RpdzXv}|ROX^mki*MMSAa@|}f
zxG%`4Ze%U~(_ubjUCnX4u8<fb!GbborK}%QQ{3ZM<C>!wFcj}~`OrlB=Ac6-XRfTR
zi2o#MJyOI-@@t}drEP^i1vr^z`3)JYgnG8dlsszDCHuG3QfuH&QWFPHv2xVW;;s(<
z7B>vB!g&j9D!ij6_mwH#pI*{9qQJiuL(nyPRj@{0S`+FOq4{ujqeK%#iI!WKC=ryr
z_Xu_VHD~Xv$%3EKjYH~V9}j*~@*L|aJWlZiULLwQ_Uo6yCStN?M)SpA<$!vmBckB!
zn_mJ?_*jw<vL)GU-_e-FN1=XsIt)o&y>XW{Hz93Rb2Ye6SG`hv@LHRYq#C8bSR0Ie
z5-aljs1A?hk@8ka=I<rB>yWMo4Aj$9y&H$5n_?J;U9xF7|7$d-`y!;%vfp0VJQ;)V
z1t*@D#0=I7Ds`$oU(>)kl#^OP5X-nS;F~6scek)r>c>IbW*H}p7qaD#S{S|Ijc5)S
zP05l_Nw&{F$i_c{kjg$)iO9T*|GMz1Dz)TG*ISern)W}7^p?&WQ#8y4?HQ&Y&oCf%
zQ(|GB8F|dl^@Wgbg`aUl)CDoQBd1!UniDE1S&UUxk5p_-s(&8Y5?y?j2c@XT9V<b9
zP}(uyd|mD&;WNSsW&RRV{Z=*Q*R7Te*lpB&N6y?Ke|q}qcF}lQ3Mtn&V2FITpkxi9
z_z%iVOBe2W2;R-P)6-3j^)Rz_FAb86W0n^F-j0l%Y#+ZbJGf<Sqj|SWfhWF9n~k^_
z>=Li2gP7J+Huq_<et&dVC_VO@G`z<dlh59$(DEK;KIGgSTi7ZoQ|_6w9a;BE^|hI2
zGUxlJU3co=r=%T5fv2?CDfhV+3&eNtT4Nu)Bws)%ZxC0feTly&1q(+EOK+O<)StI(
zKW(zsZe5d_Qr-Ru1E~Al=0&{qEHn-5eH3`QrgvImMs8C-3|JttVs@?uObyOG(+f6M
zWM+~HI8T-zO6p_rDsvu52aqbBHH~oD{?#mrkG~psVq0S|gCT{v`D+-cZ3`V%{FAaE
zzucVQ;SqH7-}m*zpF$>Ej^j^&&JgDo!i)kAsXK@e>};BRz5F#_dPa~M6|W2Tx+qVm
zV_YNFD^}h3s-g`soEjhxVYVzVYT#IqXW3bJAqPTBx48Oh5xM8?jWV}_ltD-n!9<dN
zQt$qiadfI~E;`T=4h5cIgV|YX>F`+jckK*AJu*(!VYc)h5h;h{owiOD(i~o~2%(D&
zB7KjfED7?fnx(T0NyUo-O?NHcBBWt?U-mQe<&V0^S*@f`<;()!74^wv;kE&(Ns~UR
z;*2fE73fv<>YrIw?JaruQ(Q}v`w}u5!T(jFH@e<sSi7Id+Em0dpojd1)Dtl*AtiNy
zF9k>bc2}tK+-Afyv>Okpmdv-k$1`ST9*L;7I3t$aS3RW_HR-^Ey7>!4ps_*xuqyI9
z;#!Exgy7s6F~mzbT{!5_<5AC$%7zH78Q~c3I=|VuA8(DTq-Xes_cN1xR}g0~xMSAw
zfl5V{66e(MX;+`jBgpkg*@JtJlo!}1|FsWq(EfZ@8MGg1-`Z8^8q+jWxjvT_JfQv0
zA>TkUC}AVxLqYF)(r$(Q_C-eSRnd+!TULIO>(#u3491&-rq<lat)+PX{<ygKjNIjZ
zM`b~&d9EH0fKlC2u`OuF=_BPcW1jCSI}4RB+KysKSnt->)+}V5?*XOIpc!#Up|4#r
z$lYc?F9%EepW-EB&oU*=d=yDLo)P;^Xb-Ec?P(c~+(d@S({YkN0L&S2iCi$x->#dS
zEsaTfkePh?v%O*Gr}=rX0Qss6)WNqtmi!|PuvOx1qXf~vqmF*r&7ez`{t*2t4_NdZ
zL$1elrQdn6<ofNa#{9a0<O*f8p)bQDixtYfRQGRR7zeSaa+Lg04&sTo0%^_Xze@?r
zbYcc8KJ9epa!xrPOES%-W@uAIiGJYrR8=*(s3dcK5}=s#vqB~$$BpazFs7bAlmVFx
zCnzEb-8(y&2KMF%kP75U(t~ykh%cH9>}I_pVaZ4wo8Q<J+O?ap%9Ju=rQC*h-LqSP
z`FqZ&5pGKxRfcm)s3P}ApPFKZ$i&>CX>C@LB<Q55j%*A(xnvCgL}Yi$sTwnXe>8Dk
z2YKOSFX-$@CdtMeu5n41cKD^X3;A^v)TzUB^dS3{Bywz#Ie$wyCTX*9O@qwUN6vs!
z*I|YgW{Of{pM;KhNsT>RHhwf2Oe#y9K{Z6qFO*W}atYyE5L6C`Eg$VJ_UHQU&HwS_
zjLiAz@siC!vBo||W#I>Y?2;e(>cU9SxGB_q<Lw_^u6l6x(%k|5Y^S8{NX~><hpmWV
zTRu~0V-(K-i1#)ih2LzPrQmnda_Mv1yz_Ke5Lxj~(**l4%~r-RNVpO^QblD3A2PvF
zoTJX0z9*F(f6n&aP<*Xo+_3s}vIs(QN9iE+vivquem8gS_T)`uYZEm+dA{|8uJ0YC
zF{{CL<G@+L)cNhre3XeNeNFZLeJ)beX27=<ec_AoIcUH?bYv;S(dDi(M}s@W72AEb
z#1x<1U>T~KA?K{53zpZ^a@5B1frFr7j#zlL#_I$ZQAoLe65Lf@pL>n^;1uKmUf@rt
zYuI0w*K!d2u2pVwmNiN4%=MDV`9(F$1eGk*(nxuru51!E%xDH<x~oD|J^Kl+k@`D#
z+SR*!vAljM(N*(R)Nf8FiM}O@l|aRZ+49huhVn26FSoGB=@|9)Gd9RGi)C|ucvzKR
z9szBj`$5Fc4Oy)DI!CBUhSa~U9QSTY;_WT70ZVQ=OwsBazmjikVADckBql4c$>W+h
z-a&E8aUC8pb=q8`#2H8ruUu`?=sU9IL9x~b7Nx|8Eb|kn9~1)?6@MCfx(=0`f&ijv
zI+($+$;Y4nmv4^rl(s>jSNN;`_Wicj4Y;n-=-c+8a*E1PzxFa8_$9``#{&8kAu6B&
zZnq?wZQQ%{EVf(q#=zkj%8?<;ImRQzFm6bOgeK^QR=2+N>hmdVft$X4+2vZ9XuP+}
zc)LC4>FuLiGTcFYLJeiEtJyFl9;Hg33{ap*EoYwM!HN-2WWBw>gI)TIjoA3{AQy40
zVXiqL&y#Oj@k;jZP1p}Jj%8zwdwZh?b(p0jR@mO{ho(Fy9OHtt6p0SpF|5B2-s*Ee
zanU2LOzB=-?{p$t8)Fh{#f^c0UoWa2-Gdq|JNam_&`;_zIR&ZU?B*w8O?l5mJh`-}
zxZsKAR-nleZVC~K8zR9fzwxdhpS|R?F}zvoJ@I*zr(<O{F06OBwu8ZxNOx!pJ*w}Y
zen8LDt#EQW`|b9Iujl#*$Ke%chcIt(X{?t*>%;mQg-CGuaGGDWnUTSclD6GzV0yl1
zQWjjPzqYSwfVav5e#X4@u(LeGG>+pn+q+w`O?XXgbUIy69Qw*U(R_HgHu&OdL!S|n
zqV9yxY`_6HlkBoIS#kGT;naS!PGKkY&U6N;^MA->^|Qe)<TC`gscCh6_>bnH9z><*
z>?U$`M!VV8)%_(H<b+4{gV_1H;bya5$Kq23hUs%BLXRSCJ6o9{j}}*!cA&{z@$8tC
zu+a?5^Q8sl-<(DU%LjG&?;VjI31A*fD1p;$JDg9pr;3MoDq%fx#IL(;sQ=5yC{CQY
zD*wlFPSbK?rxibT49#`(9D;<Q@E)kVoatA=XPcJ07J3Q{UeoMJlW)unRgs#VQ)mA;
zZ?p?}A=cPGeHMeTxGX*s%8Ck0DVjJFfXoJl+{t4@oz^RmFz`wj4=FT$(*7<gaB73;
z?sI0IRua15F6M_!<*0X799k`FDE)%G$ma8vn86qzoJZz51mA-<-GJ4mFkFuqHB;^J
ztUrYz{G>;A$g@2T(`tS1YJYXywh;Uth_@;`Czf<L^Kc`IE$Q-{`JiO|q3LKTC-Otd
zU(M!F$U={@{nmFj&BfQJ&(%}J*GTbY*Ug1Ea>r0!K&SGkn!lT))5Ei$@CC&B`V0-m
z;7F{Z$>id)_moAoP&G7zP7I5#pD^AG>8)2+b|VSm6;Y{FqNff|vj?7i)M>bMV}e{m
zlLF#{0x#N<Fg6VyO5mt}PW2FkP~13cV?J}SKwm<8^g29gXV{V$FpA*bUo>>lsWnme
z(*8!QgE00iHmUgxb>Z{Wo93b!=)hN4W^uXV*KCVYg_GZ7F>aDdwlDGBRtefS2E)-P
zkF*N{7E^6-kJCYtW*($$RnH6mXdI>Ql@Q55ETwzWmh$=?#~~HbK8Pmx9)q;j?9#)w
zAy+-C(kP-<HADVjkqmnU9Rb*g9Pzwi)SA!xa}4uZo^(d9A#sXHIc)wpg}LepUZ}K=
z{^RM<oVu%7h(cjIqsI%kio|J*u{ejT{ptP7zF>K%%M^$|l=<oK)K83uoI(o8$MIP3
zSP{cRk|$@f*_wyn#BKX@b?D%{5!~xwaf(JW$kfeUTiPDpG`glmpmxHbh^XbjXTSn;
zbkpdIW{On@MzC1reEHg&tK6i~-+X9#u;pap(+3>+o-o1BCzsBef}>??oM7QE)0+GC
zf?x$i^rIO3=XBh;`M@ZvHC?pNuvnv+AlLpG8N~MZXt`_-K-~AO<*I^`I%(QxBp+M(
z>}%Kz!Atq@u#FDFvNr+I=<E5v@m=>eXYGW)o?E?jNfIa7WSX6}ZY)|SFD>b?$k0|>
z)+Z&jc!rHQdefyAViCl^`Sio;N%A*r{oHe*GRkEYV(FvUAkCWAtDb6?;O*&Yy|pa@
z%-*xaQX>#Qe=CXJ=kLwp2}>0Al`R0XHpt}u6<K?rO`DzMraa_?sS0c276I?bJBL39
z6k4K@I}ErjJh7r9FUE2OMzTPjUu<i_bx2bRFibCY$<!JJ3f_+rvWaFaG$lI;QZ`#P
z{~hQLL|GV=zw|=Y@2>LsjwyGh9~j1B>$F6_6Z?+(8kr`89+CV!M;AXYl#7Q<X#qSx
z!yLUk{rP-g9wYU%3>RP#KzqKY;8-LksYvPhG;>vM?M#Aef>a*xAUpy`&OBw4>TPz$
zlC16^fe4|I2-*mmKVVa^Mq{>xx0s*0ruDj;9`@b*!qaTAeI(}y94)<uv=yFU`jNvh
z-J&cyyT!89|2*%Sm?40tv2TF{E5ST}B{^sQ{sJ$F^Vk>1wP@p3O~1dkUXdspy9X-m
z-zYxhfvo@0&iS1j-gz+-VohrYrr#suXX$>kfzlf%Cnh+JwSs#{>Ajk%GZ8(~*ewCE
zN#zjN3Pi{*N*wLPiH53~c@lysoXy<^dkCVh<S7Z_2*Rl7z9qmbM`1Ii?-%9956stR
zWUVd~{JLXD*R-n5&lzX0E9@=v+sxFD(ezGCWSRegTK^Y3Ymj{Tm3XeOG2LTvUS%_4
z`321mn0W;qt}L`G4erB1j+Hx3oE3@vgMKGlWOqumD4Rqcw|*5ND-~9)k#GDfZlKz+
zI7CbCovN~$3IE`$#DYg35ygXRr$jzRor1{_1o~x4E-gAbb#)mUvSNEKbKo~qQUa%{
ziY+q$OKe~HhE8Wc(aX`jO?4_tY?|`&h|#p6Oqzrpk)*N8zzkKH!Ve%`ma%26=6A=q
z6yEpoMt+IbaU?rEo+@xg@;Oj{5pA<+9o;SfYQ8&6CATDI3n{wY3m>vLswE`VCVwPu
zt$J@wr4C>lF*mU<F!suLZSkT#o>wTqOA)V+?J)HBNy;Ma;r|XjLW3#7>2p2GjYnHR
z0IpAO80KDI4Q^`Ll6BiK)Te@6+FSX<PJvbY%p+^0uuh!7inMzP-5s5aPIuY^?&9Q8
z?~(Zm2o2qi(1i{OpUxqcU(7k&g!8w)vhm4@ubp4k%Wa_!3lYcrRSLr=dL*-eU{!?1
zfT(2q!gz^_nVCLMs>hF-c_G7tL6_sdrJ%($1d7idQ%QZp*yp|*p9Hyp3kI#-o~M2c
zLSBBC)*fUqc#2Ry>7>JxEmiKivBkIelZy@4_wKR)AeGt*soG*#r3du`MndgFk3|SQ
z>)-xKBUe|$rJ_v5j*RiRpQ7ck@$(2&1|#+*MFY=g$z7mP8|_=(H2<25EmAhl$;?|E
zDPpgY1K=1&vPFKq!|!X&Meo9#Y-w+Q1u$7@jx{;ZSU+ho%|N=(O<Cs9bvZ0dp#36j
zGr4}IZFi<R-5=}X4?3hJxh3eu3Gt~OgU2e5KYZN7OiWwJg(vODT3vk7l4?<|KmLm%
z&35_Hrm!f9pA%|Y2}C?Gr#w-zZ~n@Qp`LPUm~K^b)6<%ULl({pcl?W=J*YTf?Cqm)
zyQ%$<k^7TrkGtW+$_nWd7DHzqLf?w9tKPFMtvo6{iDuq!u3G=RPMI2}{4{AClj);v
zoSE+W!I=HF_o&b8X&Hon=0g!4@p8?*OKu+Uyiuf8F8xs{vx4j%IsGH`_k|FxF7Lkb
zEyNbEj4(DZD!bGAql?4S?lP`R_m#`W3hJsloi{ln#?PMjP4pk-m&fE!%?w-lNGeS#
zt%d%f@v&XTqDJ`1F0%EF$^#Ws6T3Se7v-h;Q_oL%{vG1jETzoc)#+|TkOHtF9Q`@h
z)|>2KDIPM>9yA=@Y)~Dt&}Lk*sMkd)_Oq{C$1n!G0C0Rkv(zkLsgv^TgTC+b#D0S8
zkCUM5pubg7BIO+^Wi9a;>anAZAo(qH_dDS^x#F0q4*Lyw_9fdjK1m;yM|xYR&ZU^q
zAK^0ZFoU@%xJ5|Qf*<(6o4-d=h}s3NdimzXx4Rcy$`v<vQ4_fuTlb0<D^-+_`p-|f
z4%Hcg&iRE<d_%k&*~WAtYj^vU`#E}t_DnBU+*w*w+tk(Wxu`rn-QTq9U6}<`?m~Ok
z;CGNXVASz~a~*g|UGo)QOW@KJ1z8mpTm61M?45khx7;54yA&DRiH0F)Ti3EBRyy4O
zTUVZ)b&1`^QTsJ<9WxFUm$-X;6RR~CV}tYp=Z~_DSrg~yx-4%qN{!5Xo+Zz2Q}RjY
zhrgCm|H^ryR5aD0a~8Ao@UQ3o97{?@Y}4L@MZ`<96E;Zo7<6ijDI2r>eg4Ws^ireT
z^yIESjvU@Xv-s|BT$JByDZkKJAg-ijI2mIPB0laJuKj{?nQQdRSJ!&-qlqp4KMdz%
zM}Lj^T}cc#HG~87w7`${SO4`N%YZD2u)ZGNNW}8Jj$n!)Ke}UTI6>cD|F7;z99d61
zxR~G&@ekO{f?t1Ksag1USK>3=Sq5UAMkM@#Xt%=pfA=C7g8Esup!<hsAZd=Y$*z$3
z-#w*s#Y12#A6zYIYufhl2pGYCcUu0ry;}>mDX$dxyZNDxAoBm~c@lb}l@SQyc6<dv
z|2=9b2;N34n&aND>+~KrcMzh{%D&aV`x2T(P9da>J}3cDLnA^{T{I{1zZ$9V7BJ8n
z-ExOi*=lRy*M_}nA>%A2f;pNYhC&+vpM7X9@_)4?RqkDg<tHdw0#X(&`*;7VA7V;D
z`G|doOUPy+?AQk*pP-GL`&(^!d+ERa%JQ|@dN_)mnh8!eLSkB#O_%;=LPAS|`(Qg5
z%AHo_ksGk{FT7v|tZQJofCzAbdsSN9*nzH#=KNU(uSTmFslPzteA=KQ1oCO{9?@z{
zsyeN6Y5%Ptia3T84e=wa=Z|*75C5l)v>yWrp;|#uK`RN9R$Wa>6o6B^g*YM1*bguW
z0g}~<5&S;`!VhhafQZrq7hp`-2!T>L$b9{~&+^X-;1h><;LfrU>)z88Np=PH|J}bT
zSH0H*Mhkr&Y@UV=T6lFeGP(7mLhn)r>H(4H|F7pWU{Z~T2h29~A*5ar#BL?}`}gOG
zMz}L5?K@Uzzk1Icnl`bbw5L^tkwjLd(=!^KngJZp9W}^zuO@Z25Qj<jqB{rDmucWo
z7`oc(pAFGg58$Ari&~d<mDPxEh!P*ox~aO*_!+vIbms4kz$NTqB<#rTjYgwh#BQZ{
z^uNetCy$aza4a!?SwvUw847l216C3R9c|j@b5{L42XwG}Uk{M;2x3x%bZ%9GW@Jf-
zOpKq|h43GwVP5;ncJ03>ip095f*#AG)m4xLhb66w^P!O25L`ybWjg&>b)u@YiPi!?
z&(rv+uqr=~>G1S<;Iu&Q)oF6SZ&kTZgAOPz3qno@DhGjI|FstMe-K51o`P7K*nNQs
zEK`bkRZ87JMQ_>AxCX2yO9_y4a#{v4C8!cuW~tGtI+7l<2SZ3nI|b7rM6I};|DJ94
z2dHj*RilO)<bPPYYqg1b1pmiGR~34pN8%x>_%akn;?P3X`=|}eT@@a&;Ef)~zXvG$
z%MS}=C8@6Z`P(Tp(Kkm;2wEipFSc%=yLta!SrwMHdj-cpEE{PSYEb<D@PB-1q_e?J
zKvgKn>@M4#;zOrg_H9gE_kP{Cb&uD5TYu>KC6?yfruSdo;c6qKj7=8UpJP&#vH8*H
zRWE#x)lt`78LKth)pgVe4fpA-N=>HU?jpk15JZ|nt055eNUl|UhJ?N89y*QX8;}%h
zRNGA7-d@FQk8gmRI#awP93)YB)4sf#yji>v8-45fh^Z=LI(b-`W?b)YUd3#8mrQR!
zW<!8_-H8WQqn>;J#<900=NL@S!fJ#sp_BZ6u0|>Y{_#Irm2UsW;{LdIUo$XLStdtX
z6PN#>1+{knqm6HA2*4;33%0C7mo3GsLJxKS-E}rAu2)BX<`i<<UJ^PYE@rE(-@$4Z
z!q+M0`r8{-_2{)b=<f5sNA&sY^u!hUy!!~B5fsC~h)?(f4>SL}*YeLw5!xLOs1;>u
zGKk6*cB9G&_yeN6zS{rpUBxTS%QA^r=SRWsi6#0RHA%E^>%V(1MQWFcQR0F5^Xp$M
zo<hySz-4%i_<yz~3rP%N6F=%EMW=k0S||QLdm-Zv^0meN3u<h{558-R{CA<!;!^nF
ze|IJ-qui1{g`9oq4{};%yQ-upxBrwqfZQJ4@9IkfJeNzWF(4$aci7oJ63M8B%cEgI
z?^m&NRn_oqUY1zIdSXx$mTo$_n&^}6yF(evra$r=x7sZA^5c4Q<GgnvS>t+SV;VUd
zSNr-AbmfJxa&zGqiz%p*zK>r;Ns0Z|Z%glElK4Rb5k%tZYTcOMg6fs%G9>YXrdXij
zr^m3G_^m}ns#zSP6{&(!39hC8->z8IPw9T6w}@8g(ZOF&(OF6atonIW^U=?XhtlSG
zYqgF6uf^=&d1^t&Kl9wM+C1NVcu;&7vod7pYC|%=79&TxWHS+TIFpB)P;Ve#dNp0X
zybpyuV>aUVSvbRj=<QtX+te8?vI+|^EAB{ZWfZD%yH*1!DRcSSv^X1JeDg{8cGa1j
zKr^lXtw*MT&cUV5en6%}>7*$I8ke$)P=fuBMx`l!5)&bkrgwS=R-Ni68kx``Ptb;3
zwdcVIZ6CwNoDGPM^-lPr>Coy}D#a~d8|zFK!)QIy9{d$g<9?^X|Hcxc=L%B|Xxukl
zMLkVVxBuLC3CZ{f2>BPPAyTX0zSLTjq=rD!&nQWe#K)_Xw0ec41}h}(j#!PP&5<aU
z0!cs9NZKvAnwX^h&_lUz9e<>iW_5^_e5;tT=#01vhK)r)QX7<{#HQ8oAv!6p*GS&s
zK9bSCvi#Y&)kON%8!_^IYW4=?^YW;bhN}X3)v<3YMo+6~g;nG3HmiiRX+2hiF%L5W
z)|7pj2JcowKK1&FGMmjvmOHzVKk7Rn6|15t)3=RX52z|^L{&=~5%N}_E}_;rIPcw@
z2K2=R<aWJ5*=tg~iit=vMupH|7b22!7wuSKC$sK4JNmExZkyf$u*gRh|HWv!;dJt_
zJBkBU#W|>B^FLZfQ!|k~QB4%8x-X5o2URnx@hwB!kX*D5iE#QuhNe~El5oj6*iOFq
z6rz5LX4UcGtFbru8@M%|DNI$V058h|M%llLE@<6K$CR5yBGGX)u=c1}-TdB`NcYfg
zQ~+{Oz@(o>HO!-8HC^cQ;wLGHW297RDm#8)HC0f#uiatn!%sq;D)|-6?!L5|)ZBgr
zH2o$+qv^ZVXv+6;Y2BbvHhlcgfc>iu*w;g2)AEqvtC49uqJQI8XJavpl>VPF>sM3S
z*<1gwy=#xFG5h*YF1ZzrUy~@wxD{PQ)Q~#l7BNkTB$8W_O3_`O8Ka0qrJ7QmL7|dd
zlae#jBnlmq+`1jp)wOh_j*@rn{hY|yd)`0Z&-?kjpU->tKTgg*`|@3Deb?H1uV+6A
z@^34(pl(?06s#y=lPT~wMW_mU#_ZWC^?*&)ol5Mr?5wS$iXIxT8hmAl_a)`lK7IZQ
z<rNBI``%UvGWz-HZ1-n<S03cQ>KhaynAHE$$*4{9=32F8ScKNTi(dcc!gF8N?BI=(
zk_L(G&sonOQj|$B5c+l6GbeW+qTZ%yH1S;4$)BjB0LM7LpGbS2_21NWn!#@k9?Z;h
zJM8uyip_EoXd0?(0Q+9!;nwMT49^RiBp>zY>BpRDKE$=>5=3iHaWb?wt-7ndjYka^
z9Va^zK@ggFeDL{{KDg_;qYGf9gpx5-9&)cY>mX`!d0<guNC`@F!Xe1F@q^0<HPM`1
z9-O8)+_UQ-dHPZiR^2+<gnfFW3GaYAxF9ncwzW)XUirFq{zPpgn9>z!qK^(HP`cHR
zcD!<@7@Xb8XK-l)-kr)AeiDs>P;w5yWFDwtNXphx{H&-q>bJ5T-mropeD@ZyGNH6x
zQZ_d;%al}}k`p?wLmtB+n`Va{fB5m-VjE{EvNrxOdrLg~^d%HG6L=dQ``Dz@9Ez4;
z>?^8u_0$e3>L^D`ma7hM1NAE0YAy|`s+EHp7K!6e%L)DV2mA-cIu1sQDGcAXGURFU
zM9{i1$Gf!7^<T7ZWyso?M6*bEFU=>-drj56aK{*BG~|t=k@CI#7v+oZ67IBG5H7e=
z7;>f`MY#4+jt%vjFvfR>;ssu|H{ODTU;U#9mjQ6Vi@fDKbyEHC&hN|BKaeeozdu2t
z0fA-#Z*hSB&1jHa9h*P#cJWEv>@|J3yc5~W%V3I4^OsmFM09lg){D1Ew>fk@RAoOr
zv-rn2rGIXp8S-0VVp)LOeWu}}g>9)P24WXY*Um&cs@Bw-=MI>{Oxr5us+SKbcFT)P
zQcV|ot^wNMYt7xTtQf1@hiRK*=k_L!hJVCb;dn<!;$UX|pbg6gaU+NHVPd(s2#wq#
zH`AHPm>P+y4BSlvWSO<X?v8+)-oME+TfE_lc07<gcbW)Qw1eU}-EVsW*X_eQEYvA1
z5BF~x91x2)<xYls^8elmcPV1Ke%e48wE6{P*CU$kPs<6ax{NT-gEA2JG;4)uNtQm4
zM$=B9e2z5M(mbttl5(DwSz>d1s+_=Er+E>^FRvtm2p?lSRy!y#&{cfx$DVAWD!dN^
zEvA@(#dN-&H!|P-*Tg}RyQPe1oN4s3op^g$J()r^?7Bmas<rh?Af#p2pf?UMOmONr
z)XCSy{ie0T2PB~+d8XLCi^Gjq(bzV4e7<{pqAhB=p5xr$I~0HIeh6E`xGH$C!K5Vn
z6N)swQV&<o+W@%OpOO;{_#`5lxw~s2l?@n=MC9?wi$0xB)p3WjNEgfNvaNfvRZZ{`
z3m#%t<AJo9wnsW%xmCOq&9ur0tNFos6gqJjfj}&;^FJ=noc#=<2CeDrDAaTsP_f{J
zA|h+H`Y(#IJUW8?(VjOZ%+zYQvV1b43DFfA55Jrh@^q}(1>h?t?%YkIC?xcQKhTC9
zhlj0lL(Du%gNtr41&P||E+OMvuusP+eD7p=M(yn<2p7-j2i<&K*hLEs6hcaUDvu0f
zTz<F0_Pm;gNn9k-*<6H)S3nnmtDmL#J;B%$s(ND2IB>qqWhd-&)Qu={hamNY>U+u1
z`gS;Zhll-(QW9>Vu@=zuwyDfo!ASCJ&Gh9xSzWudkGC<1w1ufC|Fc>RAKGQj2dn7T
zTpW&kT4duI;7@ZP#Wj#i4H=w5iU#-`RL)xzI2IYdL&03+Cwcy~C_Zp}{=}QbTXQE&
zfg5F7;f+vS)3n{$wsfRi#{)isNzAZK`-m^fTKOl%o|{6I^Cp@_1Z;wF&+D={UN&7_
znxd8ScAOhloNWcox398kNkYN6(3GYw%6a@1q4kIsdm4lzOrG4L3}yQY<bt;4?n;pp
z$e|lEapdVVj-mm=nJ?bt+<SjlSx&_2JlJK51gcBhF`b58zHwF7Fh-pZju~4V|Jvf%
z<R8ftI!!a*JtEO!t;rxZucgZ<oH8kzD|FQkdeLz}j2zKV9D}~vM2T8g7W!x~^U(e7
zOOV;~KTx6rcqxObyd+EaK)sy1iHc+{a)mr2ijuHVE5hnS#n+bgWJgVgE5mU}vptWh
zuYzwTC-e~<_U~FPY^SlH@nRqnr+vTmg5HI?6u&LHc>+R{$%U<R6`6zO1?N*v;=yLp
z20QAUMzLBw;%t=_%Ber1_v-N1QD6}K1S91w4DGV;3eUd`L;J%ozAo;pwL+fblmzc|
zc}7>9mG*og1~`rqhYFs~H+U<aeA{R|KrCF1gGN4WT_BK~545LW?Yk+25jr-)XbRB)
zDrgG#PAlKtHZ4e8nIgyQ1M2x2so8MaiPAew6p=Qk-)H#dpF%rVy4!p7ld}2s6^iwt
z&G8d@@CxAlTRU}85KE(*%M-ZKxHiXY_u$QgmjOVDq9Go2LN!QYiwJ&uIWTK34rNx*
z_J!4e<7+l8O}ilmQ)K@hSv4EEV9{Yp^!SKX&dY$IgQ>u4=Axv5lFxdIwFE8+S$in)
zM<AT(aL;w_n{(2oqhJY57kgv>r=0pUXTlst6s(f(?1CQX6iuN0V5qgi!+d9Bx9`CP
z_GLQ$x{~(%SHx+8s(9+^Jz!qQS}PE5ly`bx#-yzNe2PAbf|=Ztl#ndoF!+c1u~k}C
zd%k0u?1B*GGiHwDS+jTjCmqeqF@nd@Q*+>YUVO|Vnn#hB&{jLB;Asv-?t-}{HEP&9
zbR3|-Kdttbdu20{ROqlS@Y{w`DE4B)QxoRVzA$Nw&jjXEsQXNWW5bX&bH$ZfJs7*p
zn?`sa)n_2B*;xQyz|gzd*1Z@nXLvCRUJi@Cr?N479KyES#S^P`<PMm_IOxBI8|ZKp
z<daSzWcB^X2^!@)8@fpn;4wk}OIkL&FC)y0DK^ONhWJg#X18xqwpA}?U?FTXaaypD
z>I>r|9anS~eLteP!feJU&5YK>J2TG>yPdtd>eum%`ytbMNa;d6$mo+vf?d48K&Qae
z^h1q)R*{ii)x{N|FYX-KeWt@?V2D19WBT&m%)viC))e2w%b<U2W>tN?nSMv2Zga(1
zx9?9G-7$i9izRF2G}OCUslua=>ssL*rW!av>YxZ^yETe2ceysX`9`~4&aJ&!>9MMD
z_2#x0^{*zG6=mxksFUNVndp3UDNgjRw??zNew?i8!*^soy<S!NzH>r;MnF{0Q5PI%
zq%98^`Y2AK%RkfH+6lo!k-z%g>F~VL$_-9Dl+xj&NY<1L`}!B{m4eFpfTA~tpS_Qc
zZp=x0?*G_WMdI)KePpZ8Ly6u}IoPL(Haoi*o8Ri{6Pt&9i$?d)(r{EcFSsM;d(o~x
zg99!!mc!!G^ZM?W&+6-*IaD^MLo<tQYt-6IkY~xUA;;F!Qg(?x2EdRup3s50nbzAK
zj4uE9DjwoPaaqxp+Qthn9H&GYX(`mnF%!&tqC;`PSi1H^IIcK&*ZyML$G^>UZQr~S
zu7=lD-uGsH2vkYmUusp^tZ^M>F}1~oNjz&pF(Hj5J5+vzwL)k9(K&CjK!ZMbJLt!y
zSJ^_0vu~yNLuGMs?fa-TYlhrtX4rZ=9kb~*#lfE1Ff?`%`B;iKZs<M#!`Us<?W+FT
z{^2g-{|3$6lYR1?RU5ZyHNLrK-G}i>+Er5=Faj-!nW+>~h)46=zth^WS|db%l>dbh
zJMCdREoI2AV$*|v>)M~KDma`oGuQJ7!|F<6%&u45M2)#vQ=mVk|GUl6A!}}wrw6_r
zlBB9}eN|2NuI4qm*AvVn#U<m`6vH^(mZX&fE6X=&Tpu@LUUNd{`{svt1GdO9{^vV#
zreaQdbTJ}%^HS8)KMUICF_K7@>^t6?)#kU|?OEsa>o#e-w%UyfDEckCb8_HLNz0z9
zsf=iEhnsEbe^6w>E+Vgbd422`2>Vy5oyZRF4VVADR>0{dWwd<>c*V3%vm(~t%M>i_
z4G%$ofld%^;|)m%JF+hj&gt0?TwOL0WCDk01jP@4`&W?!VR|YfGa{>ZH5@w4HPDlW
zlNnnn9+Y9O0N>!9_KX4KIt`J^dA#26ctzoNRd6{0?9MHx%wP(h!30=};QbjUo8luO
zWc)nMm*M1TUadn%xot&VojxRY3gg*clF>!@>Eu1}wq5UD*PS{ydO%*&_UWuw*3s<c
zT7UbomV#gQ_YukY@O&8!woj?X{KJP|Xh*FKT`%W3r9!;q-kd3BJt|BjCf|&^+qpw@
zd`dh-(oLDckww?ANgGg18rL&)HLBD^ah<yk8CLk}$)ppjE@L?skda~^pnU~io`$s^
z=SK=?u@=Ku469b;+M?*hMi&+FVvysosh@hK)Qs9b7~;`W`r6TFaf?f6r{#?1<$^cq
zm`ai<85+8_Xa>9QTI<<iyE{#0E<i)+;f}%$I3H)?7&2r|7RYTW+MZk`?ehjXrqO){
zK{EfF>^JhbOKn>C%P18u>*{h2rOR7rOV?188Ck^f_)@Zl!T9&CGpgjm4oX59zh7K_
z&JuX=PF_Jf8t1(UXf?k@s@BUp+9L}G@G;ZKP8ND?@mFu0g{+b<PnkhJx`(RA^o3b2
zn5Uen!sNR?)Q&!aRGX(uHa20%V${~kE&(`G)Yb+mkkW0}9K2R%pO6g&IyzM{r?55-
zce$0;CE8T&TQjoO11DBljiN%a!&lwy5L&C9qNEf4QKnND4^cudk0_7Fg;0^XUr5oQ
z2GAhQy)Pn*aMl@rBN<z0;dzr?VJ%n5i(JX+cO-!EnQGkN_6o>dLcsA>Q9IfVTiiEf
z#Q43DUMzjNu&@@dD>VC)!MMnWy(@OXnS$(agvVam4iY0Ue04(&OcMtc^C=Se8A;%j
zaE{belxSH_4ExM?epWdKb~c%)SmD(Dz9#{WBVDrEOOe369iT#1zg~ze!Vep1jwjC)
zW>>Q9R}b4;@PV04;j@M))Yd*AZfwK6?PNhg3kMsw<;=v^)SFyqZ#qJ@|Is8VaqE)l
zjJF*L%CdZe6f+@3P|#(8_>f1|VI(FeN=Di-xF&#M_xVY++lh{UwQ-k~uOuJ5vKdnR
z|FfeDw2L>%`gj-#VB*X{+R<v5MQy0W*Jje?dUVN$sJ!*)>6Mt6E@ARFkii8EObb3i
zM&Z2K4=lh`W|t?ea$OHUpd@JVT(AHHemMis=$Sy;mL4Oje)-7+Xw}%8=sZ$%Q_os&
z0&cFefD9Upte`F2BMW6*!&`!{o6MMT8g>8A!ZQX}pjHKkxr}K31MO&R&8%5FT!la=
zKR*XH63zFj*2N6oW<a%t;2mAe*0hd{@m^<i0pmRPUp*xFNLC;wTRjXz{f2#E?ObFH
zY$8RlOA*Qe$69=bVA|@KLLS-dQY5o+k3)?h^sq)Vq}7D48ZV3x+TB8xXc<3yQy_Ji
z{lPt6>K;Xu%p9fCeQ0<YVEEXrF=r`O;XZZ0#1cXy(?@=s`Lhox6P|qywaBmVF)!SJ
zu0&=8)VveMC;kIliCqJmNj|CMam^h9KZ8R`#*M6|?B0!Fj7@S72QJ4z=TP#tzC)po
z;I}gcYU>ezK4uho++PSIm;229OeHO2j1d&S>hsnH_o`0Go%!xLvJRf!5^0pGevll}
ze>V+M<k+597G{;>6^{D~vX1uMa3Q7`R(c}lLA5<s(}!GhZ!*#Z?<b*|mRT-IXv)Ua
zY!{{q5`3UW(@$iLS6YNp=NsJ<q~4@y8>QYIOR&<)25`dIHL+ooJt8Oc`z94&P>zF4
zDXC1yo+0>-Jdnok0hDbX2+NARs^h`)U<;yEn_YrrJ3(iOUKQ4XHWLbTb+cg_s~b#e
z&*LCL<VhxY%>#EFO;OZ3<mzInb8nJRkg-4r>bpbO$~9?Bt_MQUwGHzgiIzu#H{?)9
zGaRMI2mZY+2OI)tY1Ep(f=!yB=vxjwMZ#87Y<DyQ!sl)v&ke6K1aBx4=6V*H)HcKA
zRnXpMvX6(aX1^OF4NC>v|7{wb#lWOEN@q7ym|*lcWZ}UrKJqX~h8auo$|GSB_bY_3
z9c#__pL9M(gJS0QkSaJCRXX6UI)|%Nas2qQ&)X;n{*_VRB@}(u^6SSivEFb150xC=
zlN(dY2kT&y<4>+~-GCa4F{O+Roq_W0y}9W=C!dJ2T$dL|2su7GMN9Ny_%>U5;wM>J
zDEKNP;$CDMmWlV0_@)%2_#2FZ-T3l`U9!~7?o&K{DXb+X!**pX2M6DS(jXrQia)en
z?i%NTTBvK$`+t|?C%1W&Lq(;TU|c*OXbCT*ndcN&(HFUjU%a+rDQQx;WHwp^YNls*
zImT@i?fn^ykUjLSr{8Y0Mq|#AtHC$PPSOs?Qp7C;Ra7eU%fUy^i~+^;e*O=r*dJ}J
z>}sje^DOBx)FtrRE&*_*9i#b6g-<+Z{Eq_BgNa`iwy*`kk^!N`Fd^cdy;O(i?(%V{
z(9Qxya7u|}N9OzxW@9yl)3{KI#=Sy<Sh^JwD4->w3K^IC=m8wwwYy!e^CD#z@zM+M
z5vTqN<TY|W=N(lNrg0n)L1c*eUdRxZWf^kAno1egYh(w`pMq?sI5H3^muzou8V}Q4
zXT~?eo|+|Bbbf#kLy4(SI-<#yzzdEVilrl(PBy1gwqOK;6VggQkSWOO0&)lu8?Xhi
zBghuVyMumg8G*rK5-5}xi?qh_Zr3WphZ5Mpz^%YYieRw{+zhXEq{NxAXia4q#PzwF
zvMQg_o{fgjaW*@I?98B(oM34?6qQ-_M5k^cFx0`jm{*vy<kc~><THSiOAciL>Wsp7
zcSDY<eI`>>CIwc;A}s~HVcw)imLGW2=t)@f1lbh*w1KrEyX%~HAESP~)~W{G+35dh
zl;^n7Q4^CKEW9*_Z=Pz`%cy~u<vVfawvAqaJ_$8jL|a5j+8h=kN|a|{nDlS3V)0eU
zs&{OG9xT9TaVm3c?hqu!e-@?tH+nNn>F{LV$JvM-*l>AbJ^0E@iR-ODxwk*Qe|`D!
z05HRT7%i(%+G?^Xo|E0OeYoORBl^(;e8RUquvIM`M|?hjH~SWhI-l!F_zShC@mMUp
z3CCevUzfgG+2F@wqBpOuEJxq+ChR8G0~J^+?dmAGt8c~tXdQ9fyi&>X(mWOlt-E>!
z4#qG#%png7b+)R9pKolm_i{9-jHusXs$ZAc9_3pvK(DUfadR9p8^>5*R}^(h$F4}0
z+c68!lD3Gjvoi)@c?kF4BX-y;Vig2)TcX+333atKm=gR9u6*4e{-4+392WM&>`66v
z6CXn#%Rg(K#?JnN$_n+9=U#48O;~u&D0_9tj5(VpUHL_%<Sy?aZ!K@!GxDcMxk6^y
z^2Yq|;j`UcJr6BBe>N;^wD{g+vB|QJ&JL3FM;|DeHE?keWGTZy_)cUKc8Wy_MIRe(
zaHCFov5+|GyjAl7f`w~lS$g6f6D@o4=^$9$#jR4RmVZWWYe`zc@qK`z*(1e<MYAjy
zYNH;VLMZtIjBtKxAvZY1`_ZJq!E2lsz~C|qoFRxljJ90ZWO7<KZ@0o2@Vl=ka0F?%
zVhyTIC{72;luB^Y8xxyGK3rFv1gqbMjI$h#I_=H{7)iw{M}K58eoO`~3nA-a?0PLZ
zMrcqL5TR6Jjn(VPF-oT%BcbL<xB>t_V88MdTA`7Oa(z2nIhSjTa;y@Xp%FHAJfuQx
zQ*(?hM2+z5T1Jx^13(?irE2u*J@~w@i%`iNcs{Cquw!fy`j%Hl@dw&L@O#}$cZ~WO
z=q90>`~fu86+AYnOI747lXip@0$W17qVmSh>R)0KPT=+yl1B(jr&~J*7}(!Jm3Tw`
zb$D;a{Aq|!YS?s2xUmG;gJJp9s?mR5jKnIZM?Qgu&gQkoxN+GP3^~FPGB4gZ9fLcg
z9Wo_jM<$2jWt-Kqoe(^eipVK9C}!g%^p$|}z`r3%2j;K6EHMp^QL)A~!^kiT86-G)
z-`mU8Fi)^+s1ZuAXPnz$N561vGl6Hws;4*+%)*I1J2Dv`o-s}SWZnU?FLn{{9B816
zrN-`hNX*Y=<y99jjPi4XHQa)PsZ6Kz>kgJ-#s6fsK8Z9wX>wh|MKywgx4;Hp7yf!q
z99D;x<ra@jPQv17GN7c@GNMJV#ibkzh>9sKx+9Q#l>ZWwz5(^eno(AJf1z~syH0V9
zo_jZs?2W3b&!rJ<TT*ZUm)gR(uORD+RyoA|A_do3mJc~~c}iA$7}1cjfJAf40ho(L
z#$;Wwx&ppJu+QXWr$5IAZ1r<8#Xr>pB3UdN`{#C?49TcdR$lPBOqU~W!yH%6$2@lO
z9$5*j&lDVA*&7l*J|lgRY~@xNKfw?W2PhicS&xw}A*(a*7Ba=)cQL5*1-SEiO6Nb9
z0%P@gt6K%nnW83-E~j~om9BBn+|>wdAa^M%(lMzZ;!dGCQZ1>a%acR!NEc1maP0HR
z*m<^O`mjPz-wWoM)WrqGL}6p+`BG}0N71<Vdlkp4ct?*ZBrlXeAEvITh2}W!;60}3
z1Dq5rO@*b)y{)-VIB*Qj$>8*#0%<dCpkyUVCGpsxgz992(uxEpDe`_TR^+IkC#Kkx
z6+CAw(036p3av--<9X7Y7k}jE#xAq~`d=45ZtTL=+|%$N2o$GaGJ7aHgGdfl)T?p3
z4(z)Ivi|=D`13Niei~al`FTjbRrFwnx9M|xUSxZM*^Rs`NrwDyDEtbFG-5ev#EW&S
zgq$=kuAxW+B{5A~*Uj=O$oa}_4<HQI^~$X-@8C*_>3(wV2XAcGXtv+erGl-rEe+Aq
z%aU|+%gLB(Xj$G?#~@wEDZU-)3m3*TQ1&(=oj@cPZ=^g4tLIz^<3+(o6U;<7&`9FU
zMSp@V6w(wX^<sohgCxl#lgHsfvWYa>6j|9w(q~zEW2<96o*+kUV{F6bUFr{k?B~9(
zQ*c}>4+?SIqy}t{3ul;0N+wPc+NZjcQRw|`7vuO0qVPyETy_w0`Hm4pKMOI{1^hw|
zMByCd`P8Z%d!Je0$We5hLL;#t9Id<NmqrxZam3xBP3d|g2uFF{vR4J-Iu4^?N{-22
zpf0SqtS;`A-k%o_qZJEdOt~s0vJNsZj8n@3mU9Ndt|M>RL3qTCk>huDN&;TUIgK#q
zZy8aIM(PKj%30jZl_@h12lwJWDK+3B#PpcP1lnZX;G^RSQQKw7#*xWeI4$xdA3X3Z
zz;;AVof^fdu<4}sJ(@b}Nt==|FjJBaPf4I!WB#o{zE`y`j8dw>)?{nskA@sSk*2i0
zd`hru0bmFceQ$!QNquD`CCy_@RwNv|t~W~X9^U2CBWZUM@jQnXV>u6_?8(nrfz76A
zqg2c{D8thRn-N@}lz^|jHKd%%EkH*SosYNXW^oM9SENWd1a!O2Ec;E)3#F0>EMlG=
z89av33X?W=>0cU~22nwjo2v=FG0%yz-4^KxhBCZmr-_@2<CB|Mx)&)IG@+TW>9)1m
z0}bvZAvIvGQnntGu0+BM2YhaV;aA`daArI0SrE45${nLY(qNpqO1XDsQzkYQr_)<=
zeRFMrCg62aP$;&)7N(?oq0l?N@sml5DAzeHfCCKn@|9v3sg%UqD7gob{3uwi08cD$
zf0Hu~8w(Ri3AG@51A?O3>;VQ_Yw$pQ)F?y6jb?R2fOga#=>U`3V^<ru47v|h$E}W_
z1oMMIZTL$wO9PGFxL97WmaItpUJwSL)rKuFY8fYe+F?4wq&UYl>Q(8$x)WQE$cL<Z
z?lv#poU)N)C;QzrD)t`IrB&_$<n@?wCNSI4M=4JR)!#9<{J{gy>}V9lPw)p^mb^~+
z0B>i+8o-LlbS21IG#W?k6?<Z&{2%!{c^{DxP8}qvD-ASp8-?wd7VNsa!cxkZEqK1c
zxRFyo)`QHzqVlN{8;RZtMij5W@ui_~SLgc|`ml-qburFv@iDwzTqAiN5S_v_4G6-q
z7Bh^(UUOE4&D-s4mTYu-bx@0`c2A*&^ar%ZJ43<Cc$xcE1-E!LCXI*tJQCf0913ql
zgW@!ttd)jO{7hn(nhktmf2xOYep!HbX_0&7+`;H4tQUm~Q(<pyW=r*{gtaqRk25Lt
zPjevN=G3%;oGHpa@Sl>_`d;sdobmo(K-Eo~!=Dnr@h?26zBk$|?|H$tYd;h+>i5T2
z9rGJ{w+vq=zz8Xc>7pZmZrZy%zX)ful+5;k(+Yy@^5yMMb1IxFtvM1|O<t%mZm><2
zJLq}ok!>^B#2Gg2_j0n8N;tJ+0x6!OL$2D7H}6by#WLt(&fd+V`XSI5H_B?~pu-Fe
z#ncb{${I;Uh3opph-ti@ujYzXN{gH-BVZv5B>=5T2*vmuOzd=^`UAC^_Op|CGc{62
z%o9%y$2Hxx$fm|ug8c=f<V>|vH5>VNY>D5g)pNyBb2)`GrkuD6nX~fm0yUnLRqUB1
zn4XqWe=es&4cswaYtn)cc&IaMUY@hrsa8Ly#`boLkqv2ETTG%_1BxK3MvvmbW&`CJ
z;OzoGllP`6Mjg+*uG^3Ab*9O0qFd{0d2zye?40<N`|jW^LzS+UX9GK@`39~T)M$UI
z*Bskr#pb@HfrgE@9JovW7J&onET|lQBKeyjIaLk6pElN?e?2E$?f&sHwH1F}v-7^C
z7&|f~c0nxfeR6Vf&k>V9nrYUIYKI;FuL`@|SLMlc#g~g(y{oqNtE|X#KTx~1pnm-|
z+m!=w<%gE!=lXn>XG>hBspt9a{~&(rs?fCalD4tfPRGrse_e&0BK~P2<rt@Ft(W+*
z<43>ACiyLMOP;Eht0h*sg#1ubP<>!+j=7H8bX&Km2b@?w&L;PMr9bq3;AO?ju#%@H
z7rlK(T(5efGNNIvale}Q+s@}J%k8-9b@##^1)(H9ay7L(s(v!h;Ih%Q4`Xu+wtNUU
zY7msUb82fu%f=0yqBd>%4xb}^_50$Nbr+twYm}>v^7qz18vH?$`pW){xw_j?a|O5T
z#I@%ub<Xs~KdKBSQ?+2t`M6@0A?f-Ri-N^YRllpg$i8&T$XE5?H#zsb%=#2Xw3e>F
zmX$dPH{wJ->S9*?RuM3DxL$DUz#B|eg<7D;n?W76>x8Z?f3()_$$qu|+T-_OxB>RX
zNa8`5bY8r={X{;Oer@#)?F123&>Z!zP0uAuk87GeKt@N}@lY~fNWYy#kq!6tdfI^&
z{`w|GE4betl1*5OG5$v;;qGWKJef*&$3ter-O*qe8EJiihm57afJ5e%zJNpKhrfVB
z7I=IChb-{;0uEW=@dX^Rz~c)zWP!(*aL59WFYx%E2OfdvybJJ_%<hgeo6e;|Rt&kY
zq5rz%|Nr*wq8=Gv;ucQckmA71I4t}2vs%f}_>2YQa?5n18yqq;x`83njqYH`(2$|=
z1p?jwknx5LjqV6^|18rD85-RY=>A!z8!|MyBhdY`OgCg`bVs23XPIvNFQQ@P@2!KH
zpLny%PbGT+muH6ilkGxvhh2t-42|vxbpI^V4H+8U5$OI|rW-Oex+Bp2vrIQ+Xmm%Q
q`)8SM$k6DHK=;ow-S|I&#-jDso*%!pou`XNV=-s(?DSa<KmQjY4Ah$d


From 5a311dbd11cb9d26aecb4b570fed3bed6667f2d6 Mon Sep 17 00:00:00 2001
From: Lars Wander <lars.wander@gmail.com>
Date: Mon, 26 Oct 2015 16:16:06 -0400
Subject: [PATCH 322/335] provider/google: Added scheduling block to
 compute_instance

---
 .../google/resource_compute_instance.go       | 71 +++++++++++++++++++
 .../google/resource_compute_instance_test.go  | 37 ++++++++++
 .../google/r/compute_instance.html.markdown   | 11 +++
 3 files changed, 119 insertions(+)

diff --git a/builtin/providers/google/resource_compute_instance.go b/builtin/providers/google/resource_compute_instance.go
index 68b8aed357..e3f002404d 100644
--- a/builtin/providers/google/resource_compute_instance.go
+++ b/builtin/providers/google/resource_compute_instance.go
@@ -231,6 +231,29 @@ func resourceComputeInstance() *schema.Resource {
 				},
 			},
 
+			"scheduling": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"on_host_maintenance": &schema.Schema{
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						"automatic_restart": &schema.Schema{
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+
+						"preemptible": &schema.Schema{
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+					},
+				},
+			},
+
 			"tags": &schema.Schema{
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -466,6 +489,21 @@ func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) err
 		serviceAccounts = append(serviceAccounts, serviceAccount)
 	}
 
+	prefix := "scheduling.0"
+	scheduling := &compute.Scheduling{}
+
+	if val, ok := d.GetOk(prefix + ".automatic_restart"); ok {
+		scheduling.AutomaticRestart = val.(bool)
+	}
+
+	if val, ok := d.GetOk(prefix + ".preemptible"); ok {
+		scheduling.Preemptible = val.(bool)
+	}
+
+	if val, ok := d.GetOk(prefix + ".on_host_maintenance"); ok {
+		scheduling.OnHostMaintenance = val.(string)
+	}
+
 	metadata, err := resourceInstanceMetadata(d)
 	if err != nil {
 		return fmt.Errorf("Error creating metadata: %s", err)
@@ -482,6 +520,7 @@ func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) err
 		NetworkInterfaces: networkInterfaces,
 		Tags:              resourceInstanceTags(d),
 		ServiceAccounts:   serviceAccounts,
+		Scheduling:        scheduling,
 	}
 
 	log.Printf("[INFO] Requesting instance creation")
@@ -720,6 +759,38 @@ func resourceComputeInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 		d.SetPartial("tags")
 	}
 
+	if d.HasChange("scheduling") {
+		prefix := "scheduling.0"
+		scheduling := &compute.Scheduling{}
+
+		if val, ok := d.GetOk(prefix + ".automatic_restart"); ok {
+			scheduling.AutomaticRestart = val.(bool)
+		}
+
+		if val, ok := d.GetOk(prefix + ".preemptible"); ok {
+			scheduling.Preemptible = val.(bool)
+		}
+
+		if val, ok := d.GetOk(prefix + ".on_host_maintenance"); ok {
+			scheduling.OnHostMaintenance = val.(string)
+		}
+
+		op, err := config.clientCompute.Instances.SetScheduling(config.Project, 
+			zone, d.Id(), scheduling).Do()
+
+		if err != nil {
+			return fmt.Errorf("Error updating scheduling policy: %s", err)
+		}
+
+		opErr := computeOperationWaitZone(config, op, zone,
+			"scheduling policy update")
+		if opErr != nil {
+			return opErr
+		}
+
+		d.SetPartial("scheduling");
+	}
+
 	networkInterfacesCount := d.Get("network_interface.#").(int)
 	if networkInterfacesCount > 0 {
 		// Sanity check
diff --git a/builtin/providers/google/resource_compute_instance_test.go b/builtin/providers/google/resource_compute_instance_test.go
index f59da73ef9..4cee16a51b 100644
--- a/builtin/providers/google/resource_compute_instance_test.go
+++ b/builtin/providers/google/resource_compute_instance_test.go
@@ -272,6 +272,25 @@ func TestAccComputeInstance_service_account(t *testing.T) {
 	})
 }
 
+func TestAccComputeInstance_scheduling(t *testing.T) {
+	var instance compute.Instance
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeInstanceDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeInstance_scheduling,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeInstanceExists(
+						"google_compute_instance.foobar", &instance),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckComputeInstanceDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 
@@ -672,3 +691,21 @@ resource "google_compute_instance" "foobar" {
 		]
 	}
 }`
+
+const testAccComputeInstance_scheduling = `
+resource "google_compute_instance" "foobar" {
+	name = "terraform-test"
+	machine_type = "n1-standard-1"
+	zone = "us-central1-a"
+
+	disk {
+		image = "debian-7-wheezy-v20140814"
+	}
+
+	network_interface {
+		network = "default"
+	}
+
+	scheduling {
+	}
+}`
diff --git a/website/source/docs/providers/google/r/compute_instance.html.markdown b/website/source/docs/providers/google/r/compute_instance.html.markdown
index 938bc71dff..7426d700cb 100644
--- a/website/source/docs/providers/google/r/compute_instance.html.markdown
+++ b/website/source/docs/providers/google/r/compute_instance.html.markdown
@@ -145,6 +145,17 @@ The `service_account` block supports:
 * `scopes` - (Required) A list of service scopes. Both OAuth2 URLs and gcloud
     short names are supported.
 
+The `scheduling` block supports:
+
+* `preemptible` - (Optional) Is the instance preemptible.
+
+* `on_host_maintenance` - (Optional) Describes maintenance behavior for 
+    the instance. Can be MIGRATE or TERMINATE, for more info, read
+    [here](https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options)
+
+* `automatic_restart` - (Optional) Specifies if the instance should be
+    restarted if it was terminated by Compute Engine (not a user).
+
 ## Attributes Reference
 
 The following attributes are exported:

From e98ab725c2c8a0f2c0007bda964bf00a20b3fd15 Mon Sep 17 00:00:00 2001
From: Seth Vargo <sethvargo@gmail.com>
Date: Mon, 26 Oct 2015 17:20:48 -0400
Subject: [PATCH 323/335] Use hc-releases

---
 scripts/dist.sh | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/scripts/dist.sh b/scripts/dist.sh
index 00038e3acd..1488d1b71c 100755
--- a/scripts/dist.sh
+++ b/scripts/dist.sh
@@ -36,14 +36,6 @@ shasum -a256 * > ./terraform_${VERSION}_SHA256SUMS
 popd
 
 # Upload
-for ARCHIVE in ./pkg/dist/*; do
-    ARCHIVE_NAME=$(basename ${ARCHIVE})
-
-    echo Uploading: $ARCHIVE_NAME
-    curl \
-        -T ${ARCHIVE} \
-        -umitchellh:${BINTRAY_API_KEY} \
-        "https://api.bintray.com/content/mitchellh/terraform/terraform/${VERSION}/${ARCHIVE_NAME}"
-done
+hc-releases -upload=./pkg/dist
 
 exit 0

From 03a770e96a793a5a00cba74c9b99468c7090b84f Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Mon, 26 Oct 2015 16:44:39 -0500
Subject: [PATCH 324/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fa81334aaa..d92ab74bc8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,9 @@
 BUG FIXES:
 
   * `terraform remote config`: update `--help` output [GH-3632]
-  * Google provider: Timeout when deleting large instance_group_manager [GH-3591]
+  * provider/google: Timeout when deleting large instance_group_manager [GH-3591]
+  * provider/aws: Fix issue with order of Termincation Policies in AutoScaling Groups. 
+      This will introduce plans on upgrade to this version, in order to correct the ordering [GH-2890]
 
 IMPROVEMENTS:
 

From f1c6673e1b81233e8e1a3ebec915f8b7b58e0bc6 Mon Sep 17 00:00:00 2001
From: Dave Cunningham <sparkprime@gmail.com>
Date: Mon, 26 Oct 2015 19:37:35 -0400
Subject: [PATCH 325/335] Update CHANGELOG.md

---
 CHANGELOG.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d92ab74bc8..07adeeca6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,8 +9,9 @@ BUG FIXES:
 
 IMPROVEMENTS:
 
-  * Google provider: Accurate Terraform Version [GH-3554]
-  * Google provider: Simplified auth (DefaultClient support) [GH-3553]
+  * provider/google: Accurate Terraform Version [GH-3554]
+  * provider/google: Simplified auth (DefaultClient support) [GH-3553]
+  * provider/google: automatic_restart, preemptible, on_host_maintenance options [GH-3643]
 
 ## 0.6.6 (October 23, 2015)
 

From 62758e99b5e6d18d15e9163e474366ec12d88d61 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <xmitchx@gmail.com>
Date: Tue, 27 Oct 2015 08:49:41 -0700
Subject: [PATCH 326/335] Update CHANGELOG.md

---
 CHANGELOG.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 07adeeca6c..f36e70dbee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,18 +1,19 @@
 ## 0.6.7 (Unreleased)
 
-BUG FIXES:
-
-  * `terraform remote config`: update `--help` output [GH-3632]
-  * provider/google: Timeout when deleting large instance_group_manager [GH-3591]
-  * provider/aws: Fix issue with order of Termincation Policies in AutoScaling Groups. 
-      This will introduce plans on upgrade to this version, in order to correct the ordering [GH-2890]
-
 IMPROVEMENTS:
 
   * provider/google: Accurate Terraform Version [GH-3554]
   * provider/google: Simplified auth (DefaultClient support) [GH-3553]
   * provider/google: automatic_restart, preemptible, on_host_maintenance options [GH-3643]
 
+BUG FIXES:
+
+  * `terraform remote config`: update `--help` output [GH-3632]
+  * core: modules on Git branches now update properly [GH-1568]
+  * provider/google: Timeout when deleting large instance_group_manager [GH-3591]
+  * provider/aws: Fix issue with order of Termincation Policies in AutoScaling Groups. 
+      This will introduce plans on upgrade to this version, in order to correct the ordering [GH-2890]
+
 ## 0.6.6 (October 23, 2015)
 
 FEATURES:

From 05794199af41da9bec821f2ecf6cfa95d6b61609 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Tue, 27 Oct 2015 11:58:34 -0700
Subject: [PATCH 327/335] dag: use hashcodes to as map key to edge sets

---
 dag/graph.go      | 30 ++++++++++++++++--------------
 dag/graph_test.go | 31 +++++++++++++++++++++++++++++++
 dag/set.go        | 23 ++++++++++++-----------
 3 files changed, 59 insertions(+), 25 deletions(-)

diff --git a/dag/graph.go b/dag/graph.go
index 41d766f40a..2572096eda 100644
--- a/dag/graph.go
+++ b/dag/graph.go
@@ -11,8 +11,8 @@ import (
 type Graph struct {
 	vertices  *Set
 	edges     *Set
-	downEdges map[Vertex]*Set
-	upEdges   map[Vertex]*Set
+	downEdges map[interface{}]*Set
+	upEdges   map[interface{}]*Set
 	once      sync.Once
 }
 
@@ -110,10 +110,10 @@ func (g *Graph) RemoveEdge(edge Edge) {
 	g.edges.Delete(edge)
 
 	// Delete the up/down edges
-	if s, ok := g.downEdges[edge.Source()]; ok {
+	if s, ok := g.downEdges[hashcode(edge.Source())]; ok {
 		s.Delete(edge.Target())
 	}
-	if s, ok := g.upEdges[edge.Target()]; ok {
+	if s, ok := g.upEdges[hashcode(edge.Target())]; ok {
 		s.Delete(edge.Source())
 	}
 }
@@ -121,13 +121,13 @@ func (g *Graph) RemoveEdge(edge Edge) {
 // DownEdges returns the outward edges from the source Vertex v.
 func (g *Graph) DownEdges(v Vertex) *Set {
 	g.once.Do(g.init)
-	return g.downEdges[v]
+	return g.downEdges[hashcode(v)]
 }
 
 // UpEdges returns the inward edges to the destination Vertex v.
 func (g *Graph) UpEdges(v Vertex) *Set {
 	g.once.Do(g.init)
-	return g.upEdges[v]
+	return g.upEdges[hashcode(v)]
 }
 
 // Connect adds an edge with the given source and target. This is safe to
@@ -139,9 +139,11 @@ func (g *Graph) Connect(edge Edge) {
 
 	source := edge.Source()
 	target := edge.Target()
+	sourceCode := hashcode(source)
+	targetCode := hashcode(target)
 
 	// Do we have this already? If so, don't add it again.
-	if s, ok := g.downEdges[source]; ok && s.Include(target) {
+	if s, ok := g.downEdges[sourceCode]; ok && s.Include(target) {
 		return
 	}
 
@@ -149,18 +151,18 @@ func (g *Graph) Connect(edge Edge) {
 	g.edges.Add(edge)
 
 	// Add the down edge
-	s, ok := g.downEdges[source]
+	s, ok := g.downEdges[sourceCode]
 	if !ok {
 		s = new(Set)
-		g.downEdges[source] = s
+		g.downEdges[sourceCode] = s
 	}
 	s.Add(target)
 
 	// Add the up edge
-	s, ok = g.upEdges[target]
+	s, ok = g.upEdges[targetCode]
 	if !ok {
 		s = new(Set)
-		g.upEdges[target] = s
+		g.upEdges[targetCode] = s
 	}
 	s.Add(source)
 }
@@ -184,7 +186,7 @@ func (g *Graph) String() string {
 	// Write each node in order...
 	for _, name := range names {
 		v := mapping[name]
-		targets := g.downEdges[v]
+		targets := g.downEdges[hashcode(v)]
 
 		buf.WriteString(fmt.Sprintf("%s\n", name))
 
@@ -207,8 +209,8 @@ func (g *Graph) String() string {
 func (g *Graph) init() {
 	g.vertices = new(Set)
 	g.edges = new(Set)
-	g.downEdges = make(map[Vertex]*Set)
-	g.upEdges = make(map[Vertex]*Set)
+	g.downEdges = make(map[interface{}]*Set)
+	g.upEdges = make(map[interface{}]*Set)
 }
 
 // VertexName returns the name of a vertex.
diff --git a/dag/graph_test.go b/dag/graph_test.go
index 8dd05e95e4..eb3e40b3af 100644
--- a/dag/graph_test.go
+++ b/dag/graph_test.go
@@ -1,6 +1,7 @@
 package dag
 
 import (
+	"fmt"
 	"strings"
 	"testing"
 )
@@ -79,6 +80,36 @@ func TestGraph_replaceSelf(t *testing.T) {
 	}
 }
 
+// This tests that connecting edges works based on custom Hashcode
+// implementations for uniqueness.
+func TestGraph_hashcode(t *testing.T) {
+	var g Graph
+	g.Add(&hashVertex{code: 1})
+	g.Add(&hashVertex{code: 2})
+	g.Add(&hashVertex{code: 3})
+	g.Connect(BasicEdge(
+		&hashVertex{code: 1},
+		&hashVertex{code: 3}))
+
+	actual := strings.TrimSpace(g.String())
+	expected := strings.TrimSpace(testGraphBasicStr)
+	if actual != expected {
+		t.Fatalf("bad: %s", actual)
+	}
+}
+
+type hashVertex struct {
+	code interface{}
+}
+
+func (v *hashVertex) Hashcode() interface{} {
+	return v.code
+}
+
+func (v *hashVertex) Name() string {
+	return fmt.Sprintf("%#v", v.code)
+}
+
 const testGraphBasicStr = `
 1
   3
diff --git a/dag/set.go b/dag/set.go
index 9cc0d98e2e..d4b29226bf 100644
--- a/dag/set.go
+++ b/dag/set.go
@@ -17,22 +17,31 @@ type Hashable interface {
 	Hashcode() interface{}
 }
 
+// hashcode returns the hashcode used for set elements.
+func hashcode(v interface{}) interface{} {
+	if h, ok := v.(Hashable); ok {
+		return h.Hashcode()
+	}
+
+	return v
+}
+
 // Add adds an item to the set
 func (s *Set) Add(v interface{}) {
 	s.once.Do(s.init)
-	s.m[s.code(v)] = v
+	s.m[hashcode(v)] = v
 }
 
 // Delete removes an item from the set.
 func (s *Set) Delete(v interface{}) {
 	s.once.Do(s.init)
-	delete(s.m, s.code(v))
+	delete(s.m, hashcode(v))
 }
 
 // Include returns true/false of whether a value is in the set.
 func (s *Set) Include(v interface{}) bool {
 	s.once.Do(s.init)
-	_, ok := s.m[s.code(v)]
+	_, ok := s.m[hashcode(v)]
 	return ok
 }
 
@@ -73,14 +82,6 @@ func (s *Set) List() []interface{} {
 	return r
 }
 
-func (s *Set) code(v interface{}) interface{} {
-	if h, ok := v.(Hashable); ok {
-		return h.Hashcode()
-	}
-
-	return v
-}
-
 func (s *Set) init() {
 	s.m = make(map[interface{}]interface{})
 }

From 7f800f34982599b58944fcf3e3e3e573eff5e765 Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 27 Oct 2015 15:28:37 -0500
Subject: [PATCH 328/335] website: docs for null_resource

---
 .../provisioners/null_resource.html.markdown  | 60 +++++++++++++++++++
 website/source/layouts/docs.erb               |  4 ++
 2 files changed, 64 insertions(+)
 create mode 100644 website/source/docs/provisioners/null_resource.html.markdown

diff --git a/website/source/docs/provisioners/null_resource.html.markdown b/website/source/docs/provisioners/null_resource.html.markdown
new file mode 100644
index 0000000000..51a409042a
--- /dev/null
+++ b/website/source/docs/provisioners/null_resource.html.markdown
@@ -0,0 +1,60 @@
+---
+layout: "docs"
+page_title: "Provisioners: null_resource"
+sidebar_current: "docs-provisioners-null-resource"
+description: |-
+  The `null_resource` is a resource allows you to configure provisioners that
+  are not directly associated with a single exiting resource.
+---
+
+# null\_resource
+
+The `null_resource` is a resource that allows you to configure provisioners
+that are not directly associated with a single existing resource.
+
+A `null_resource` behaves exactly like any other resource, so you configure
+[provisioners](/docs/provisioners/index.html), [connection
+details](/docs/provisioners/connection.html), and other meta-parameters in the
+same way you would on any other resource.
+
+This allows fine-grained control over when provisioners run in the dependency
+graph.
+
+## Example usage
+
+```
+# Bootstrap a cluster after all its instances are up
+resource "aws_instance" "cluster" {
+  count = 3
+  // ...
+}
+
+resource "null_resource" "cluster" {
+  # Changes to any instance of the cluster requires re-provisioning
+  triggers {
+    cluster_instance_ids = "${join(",", aws_instance.cluster.*.id)}"
+  }
+
+  # Bootstrap script can run on any instance of the cluster
+  # So we just choose the first in this case
+  connection {
+    host = "${element(aws_instance.cluster.*.public_ip, 0)}"
+  }
+
+  provisioner "remote-exec" {
+    # Bootstrap script called with private_ip of each node in the clutser
+    inline = [
+      "bootstrap-cluster.sh ${join(" ", aws_instance.cluster.*.private_ip}"
+    ]
+  }
+}
+```
+
+## Argument Reference
+
+In addition to all the resource configuration available, `null_resource` supports the following specific configuration options:
+
+ * `triggers` - A mapping of values which should trigger a rerun of this set of
+   provisioners. Values are meant to be interpolated references to variables or
+   attributes of other resources.
+
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 937c120de4..8dfffb70ab 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -217,6 +217,10 @@
 					<li<%= sidebar_current("docs-provisioners-remote") %>>
 					<a href="/docs/provisioners/remote-exec.html">remote-exec</a>
 					</li>
+
+					<li<%= sidebar_current("docs-provisioners-null-resource") %>>
+					<a href="/docs/provisioners/null_resource.html">null_resource</a>
+					</li>
 				</ul>
 				</li>
 

From ed951639847c310357778e9316b6ae1c51af54aa Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Tue, 27 Oct 2015 16:17:19 -0500
Subject: [PATCH 329/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f36e70dbee..885774c90a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ IMPROVEMENTS:
   * provider/google: Accurate Terraform Version [GH-3554]
   * provider/google: Simplified auth (DefaultClient support) [GH-3553]
   * provider/google: automatic_restart, preemptible, on_host_maintenance options [GH-3643]
+  * null_resource: enhance and document [GH-3244, GH-3659]
 
 BUG FIXES:
 

From 122790d32bd23fbe0c91e9bb1dd0bce19f1ec8b5 Mon Sep 17 00:00:00 2001
From: Kazunori Kojima <kjm.kznr@gmail.com>
Date: Wed, 28 Oct 2015 09:19:37 +0900
Subject: [PATCH 330/335] Add check errors on reading CORS rules

---
 builtin/providers/aws/resource_aws_s3_bucket.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go
index 93105ec510..3c284370f5 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket.go
@@ -276,7 +276,9 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 			rule["max_age_seconds"] = ruleObject.MaxAgeSeconds
 			rules = append(rules, rule)
 		}
-		d.Set("cors_rule", rules)
+		if err := d.Set("cors_rule", rules); err != nil {
+			return fmt.Errorf("error reading S3 bucket \"%s\" CORS rules: %s", d.Id(), err)
+		}
 	}
 
 	// Read the website configuration

From 89fb16ada0ca5d9f8fc368c46799881d753ede9b Mon Sep 17 00:00:00 2001
From: Clint <catsby@users.noreply.github.com>
Date: Wed, 28 Oct 2015 10:10:06 -0500
Subject: [PATCH 331/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 885774c90a..47a446aa9d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ IMPROVEMENTS:
   * provider/google: Simplified auth (DefaultClient support) [GH-3553]
   * provider/google: automatic_restart, preemptible, on_host_maintenance options [GH-3643]
   * null_resource: enhance and document [GH-3244, GH-3659]
+  * provider/aws: Add CORS settings to S3 bucket [GH-3387]
 
 BUG FIXES:
 

From 784aadd5056ac05b53cec1583b5f2e4beeb4106a Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Wed, 28 Oct 2015 14:54:53 +0000
Subject: [PATCH 332/335] Allow cluster name, not only ARN for aws_ecs_service

---
 .../providers/aws/resource_aws_ecs_service.go | 18 +++++--
 .../aws/resource_aws_ecs_service_test.go      | 48 +++++++++++++++++++
 2 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_ecs_service.go b/builtin/providers/aws/resource_aws_ecs_service.go
index 9d3a36ab2d..ab8562acb9 100644
--- a/builtin/providers/aws/resource_aws_ecs_service.go
+++ b/builtin/providers/aws/resource_aws_ecs_service.go
@@ -137,7 +137,6 @@ func resourceAwsEcsServiceCreate(d *schema.ResourceData, meta interface{}) error
 
 	log.Printf("[DEBUG] ECS service created: %s", *service.ServiceArn)
 	d.SetId(*service.ServiceArn)
-	d.Set("cluster", *service.ClusterArn)
 
 	return resourceAwsEcsServiceUpdate(d, meta)
 }
@@ -175,14 +174,21 @@ func resourceAwsEcsServiceRead(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	d.Set("desired_count", *service.DesiredCount)
-	d.Set("cluster", *service.ClusterArn)
+
+	// Save cluster in the same format
+	if strings.HasPrefix(d.Get("cluster").(string), "arn:aws:ecs:") {
+		d.Set("cluster", *service.ClusterArn)
+	} else {
+		clusterARN := getNameFromARN(*service.ClusterArn)
+		d.Set("cluster", clusterARN)
+	}
 
 	// Save IAM role in the same format
 	if service.RoleArn != nil {
 		if strings.HasPrefix(d.Get("iam_role").(string), "arn:aws:iam:") {
 			d.Set("iam_role", *service.RoleArn)
 		} else {
-			roleARN := buildIamRoleNameFromARN(*service.RoleArn)
+			roleARN := getNameFromARN(*service.RoleArn)
 			d.Set("iam_role", roleARN)
 		}
 	}
@@ -306,8 +312,10 @@ func buildFamilyAndRevisionFromARN(arn string) string {
 	return strings.Split(arn, "/")[1]
 }
 
-func buildIamRoleNameFromARN(arn string) string {
-	// arn:aws:iam::0123456789:role/EcsService
+// Expects the following ARNs:
+// arn:aws:iam::0123456789:role/EcsService
+// arn:aws:ecs:us-west-2:0123456789:cluster/radek-cluster
+func getNameFromARN(arn string) string {
 	return strings.Split(arn, "/")[1]
 }
 
diff --git a/builtin/providers/aws/resource_aws_ecs_service_test.go b/builtin/providers/aws/resource_aws_ecs_service_test.go
index 2f9b8fedbf..7f88f1536d 100644
--- a/builtin/providers/aws/resource_aws_ecs_service_test.go
+++ b/builtin/providers/aws/resource_aws_ecs_service_test.go
@@ -178,6 +178,26 @@ func TestAccAWSEcsService_withIamRole(t *testing.T) {
 	})
 }
 
+// Regression for https://github.com/hashicorp/terraform/issues/3361
+func TestAccAWSEcsService_withEcsClusterName(t *testing.T) {
+	clusterName := regexp.MustCompile("^terraformecstestcluster$")
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSEcsServiceDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSEcsServiceWithEcsClusterName,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSEcsServiceExists("aws_ecs_service.jenkins"),
+					resource.TestMatchResourceAttr(
+						"aws_ecs_service.jenkins", "cluster", clusterName),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSEcsServiceDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ecsconn
 
@@ -471,3 +491,31 @@ resource "aws_ecs_service" "ghost" {
   desired_count = 1
 }
 `
+
+var testAccAWSEcsServiceWithEcsClusterName = `
+resource "aws_ecs_cluster" "default" {
+	name = "terraformecstestcluster"
+}
+
+resource "aws_ecs_task_definition" "jenkins" {
+  family = "jenkins"
+  container_definitions = <<DEFINITION
+[
+  {
+    "cpu": 128,
+    "essential": true,
+    "image": "jenkins:latest",
+    "memory": 128,
+    "name": "jenkins"
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "jenkins" {
+  name = "jenkins"
+  cluster = "${aws_ecs_cluster.default.name}"
+  task_definition = "${aws_ecs_task_definition.jenkins.arn}"
+  desired_count = 1
+}
+`

From 192111074a20e80d865c2b1dc41209e859d152b0 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 28 Oct 2015 16:17:20 +0000
Subject: [PATCH 333/335] Update CHANGELOG.md

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47a446aa9d..bf27fb1c33 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## 0.6.7 (Unreleased)
 
+FEATURES:
+
+  * **New resources: `aws_cloudformation_stack`** [GH-2636]
+
 IMPROVEMENTS:
 
   * provider/google: Accurate Terraform Version [GH-3554]

From af04321723200d4cb4158e7e9a6b1f8b9f6aaf1b Mon Sep 17 00:00:00 2001
From: Paul Hinze <phinze@phinze.com>
Date: Wed, 28 Oct 2015 12:17:14 -0400
Subject: [PATCH 334/335] config: return to the go1.5 generated lang/y.go

It has improvements to error messaging that we want.

We'll use this occasion begin developing / building with Go 1.5 from
here on out. Build times will be slower, but we have core development
plans that will help mitigate that.

/cc @hashicorp/terraform-committers
---
 config/lang/y.go | 272 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 204 insertions(+), 68 deletions(-)

diff --git a/config/lang/y.go b/config/lang/y.go
index e7dd185ae1..fd0693f151 100644
--- a/config/lang/y.go
+++ b/config/lang/y.go
@@ -30,7 +30,10 @@ const INTEGER = 57355
 const FLOAT = 57356
 const STRING = 57357
 
-var parserToknames = []string{
+var parserToknames = [...]string{
+	"$end",
+	"error",
+	"$unk",
 	"PROGRAM_BRACKET_LEFT",
 	"PROGRAM_BRACKET_RIGHT",
 	"PROGRAM_STRING_START",
@@ -44,7 +47,7 @@ var parserToknames = []string{
 	"FLOAT",
 	"STRING",
 }
-var parserStatenames = []string{}
+var parserStatenames = [...]string{}
 
 const parserEofCode = 1
 const parserErrCode = 2
@@ -53,7 +56,7 @@ const parserMaxDepth = 200
 //line lang.y:165
 
 //line yacctab:1
-var parserExca = []int{
+var parserExca = [...]int{
 	-1, 1,
 	1, -1,
 	-2, 0,
@@ -67,75 +70,103 @@ var parserStates []string
 
 const parserLast = 30
 
-var parserAct = []int{
+var parserAct = [...]int{
 
 	9, 20, 16, 16, 7, 7, 3, 18, 10, 8,
 	1, 17, 14, 12, 13, 6, 6, 19, 8, 22,
 	15, 23, 24, 11, 2, 25, 16, 21, 4, 5,
 }
-var parserPact = []int{
+var parserPact = [...]int{
 
 	1, -1000, 1, -1000, -1000, -1000, -1000, 0, -1000, 15,
 	0, 1, -1000, -1000, -1, -1000, 0, -8, 0, -1000,
 	-1000, 12, -9, -1000, 0, -9,
 }
-var parserPgo = []int{
+var parserPgo = [...]int{
 
 	0, 0, 29, 28, 23, 6, 27, 10,
 }
-var parserR1 = []int{
+var parserR1 = [...]int{
 
 	0, 7, 7, 4, 4, 5, 5, 2, 1, 1,
 	1, 1, 1, 1, 1, 6, 6, 6, 3,
 }
-var parserR2 = []int{
+var parserR2 = [...]int{
 
 	0, 0, 1, 1, 2, 1, 1, 3, 3, 1,
 	1, 1, 3, 1, 4, 0, 3, 1, 1,
 }
-var parserChk = []int{
+var parserChk = [...]int{
 
 	-1000, -7, -4, -5, -3, -2, 15, 4, -5, -1,
 	8, -4, 13, 14, 12, 5, 11, -1, 8, -1,
 	9, -6, -1, 9, 10, -1,
 }
-var parserDef = []int{
+var parserDef = [...]int{
 
 	1, -2, 2, 3, 5, 6, 18, 0, 4, 0,
 	0, 9, 10, 11, 13, 7, 0, 0, 15, 12,
 	8, 0, 17, 14, 0, 16,
 }
-var parserTok1 = []int{
+var parserTok1 = [...]int{
 
 	1,
 }
-var parserTok2 = []int{
+var parserTok2 = [...]int{
 
 	2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
 	12, 13, 14, 15,
 }
-var parserTok3 = []int{
+var parserTok3 = [...]int{
 	0,
 }
 
+var parserErrorMessages = [...]struct {
+	state int
+	token int
+	msg   string
+}{}
+
 //line yaccpar:1
 
 /*	parser for yacc output	*/
 
-var parserDebug = 0
+var (
+	parserDebug        = 0
+	parserErrorVerbose = false
+)
 
 type parserLexer interface {
 	Lex(lval *parserSymType) int
 	Error(s string)
 }
 
+type parserParser interface {
+	Parse(parserLexer) int
+	Lookahead() int
+}
+
+type parserParserImpl struct {
+	lookahead func() int
+}
+
+func (p *parserParserImpl) Lookahead() int {
+	return p.lookahead()
+}
+
+func parserNewParser() parserParser {
+	p := &parserParserImpl{
+		lookahead: func() int { return -1 },
+	}
+	return p
+}
+
 const parserFlag = -1000
 
 func parserTokname(c int) string {
-	// 4 is TOKSTART above
-	if c >= 4 && c-4 < len(parserToknames) {
-		if parserToknames[c-4] != "" {
-			return parserToknames[c-4]
+	if c >= 1 && c-1 < len(parserToknames) {
+		if parserToknames[c-1] != "" {
+			return parserToknames[c-1]
 		}
 	}
 	return __yyfmt__.Sprintf("tok-%v", c)
@@ -150,51 +181,129 @@ func parserStatname(s int) string {
 	return __yyfmt__.Sprintf("state-%v", s)
 }
 
-func parserlex1(lex parserLexer, lval *parserSymType) int {
-	c := 0
-	char := lex.Lex(lval)
+func parserErrorMessage(state, lookAhead int) string {
+	const TOKSTART = 4
+
+	if !parserErrorVerbose {
+		return "syntax error"
+	}
+
+	for _, e := range parserErrorMessages {
+		if e.state == state && e.token == lookAhead {
+			return "syntax error: " + e.msg
+		}
+	}
+
+	res := "syntax error: unexpected " + parserTokname(lookAhead)
+
+	// To match Bison, suggest at most four expected tokens.
+	expected := make([]int, 0, 4)
+
+	// Look for shiftable tokens.
+	base := parserPact[state]
+	for tok := TOKSTART; tok-1 < len(parserToknames); tok++ {
+		if n := base + tok; n >= 0 && n < parserLast && parserChk[parserAct[n]] == tok {
+			if len(expected) == cap(expected) {
+				return res
+			}
+			expected = append(expected, tok)
+		}
+	}
+
+	if parserDef[state] == -2 {
+		i := 0
+		for parserExca[i] != -1 || parserExca[i+1] != state {
+			i += 2
+		}
+
+		// Look for tokens that we accept or reduce.
+		for i += 2; parserExca[i] >= 0; i += 2 {
+			tok := parserExca[i]
+			if tok < TOKSTART || parserExca[i+1] == 0 {
+				continue
+			}
+			if len(expected) == cap(expected) {
+				return res
+			}
+			expected = append(expected, tok)
+		}
+
+		// If the default action is to accept or reduce, give up.
+		if parserExca[i+1] != 0 {
+			return res
+		}
+	}
+
+	for i, tok := range expected {
+		if i == 0 {
+			res += ", expecting "
+		} else {
+			res += " or "
+		}
+		res += parserTokname(tok)
+	}
+	return res
+}
+
+func parserlex1(lex parserLexer, lval *parserSymType) (char, token int) {
+	token = 0
+	char = lex.Lex(lval)
 	if char <= 0 {
-		c = parserTok1[0]
+		token = parserTok1[0]
 		goto out
 	}
 	if char < len(parserTok1) {
-		c = parserTok1[char]
+		token = parserTok1[char]
 		goto out
 	}
 	if char >= parserPrivate {
 		if char < parserPrivate+len(parserTok2) {
-			c = parserTok2[char-parserPrivate]
+			token = parserTok2[char-parserPrivate]
 			goto out
 		}
 	}
 	for i := 0; i < len(parserTok3); i += 2 {
-		c = parserTok3[i+0]
-		if c == char {
-			c = parserTok3[i+1]
+		token = parserTok3[i+0]
+		if token == char {
+			token = parserTok3[i+1]
 			goto out
 		}
 	}
 
 out:
-	if c == 0 {
-		c = parserTok2[1] /* unknown char */
+	if token == 0 {
+		token = parserTok2[1] /* unknown char */
 	}
 	if parserDebug >= 3 {
-		__yyfmt__.Printf("lex %s(%d)\n", parserTokname(c), uint(char))
+		__yyfmt__.Printf("lex %s(%d)\n", parserTokname(token), uint(char))
 	}
-	return c
+	return char, token
 }
 
 func parserParse(parserlex parserLexer) int {
+	return parserNewParser().Parse(parserlex)
+}
+
+func (parserrcvr *parserParserImpl) Parse(parserlex parserLexer) int {
 	var parsern int
 	var parserlval parserSymType
 	var parserVAL parserSymType
+	var parserDollar []parserSymType
+	_ = parserDollar // silence set and not used
 	parserS := make([]parserSymType, parserMaxDepth)
 
 	Nerrs := 0   /* number of errors */
 	Errflag := 0 /* error recovery flag */
 	parserstate := 0
 	parserchar := -1
+	parsertoken := -1 // parserchar translated into internal numbering
+	parserrcvr.lookahead = func() int { return parserchar }
+	defer func() {
+		// Make sure we report no lookahead when not parsing.
+		parserstate = -1
+		parserchar = -1
+		parsertoken = -1
+	}()
 	parserp := -1
 	goto parserstack
 
@@ -207,7 +316,7 @@ ret1:
 parserstack:
 	/* put a state and value onto the stack */
 	if parserDebug >= 4 {
-		__yyfmt__.Printf("char %v in %v\n", parserTokname(parserchar), parserStatname(parserstate))
+		__yyfmt__.Printf("char %v in %v\n", parserTokname(parsertoken), parserStatname(parserstate))
 	}
 
 	parserp++
@@ -225,15 +334,16 @@ parsernewstate:
 		goto parserdefault /* simple state */
 	}
 	if parserchar < 0 {
-		parserchar = parserlex1(parserlex, &parserlval)
+		parserchar, parsertoken = parserlex1(parserlex, &parserlval)
 	}
-	parsern += parserchar
+	parsern += parsertoken
 	if parsern < 0 || parsern >= parserLast {
 		goto parserdefault
 	}
 	parsern = parserAct[parsern]
-	if parserChk[parsern] == parserchar { /* valid shift */
+	if parserChk[parsern] == parsertoken { /* valid shift */
 		parserchar = -1
+		parsertoken = -1
 		parserVAL = parserlval
 		parserstate = parsern
 		if Errflag > 0 {
@@ -247,7 +357,7 @@ parserdefault:
 	parsern = parserDef[parserstate]
 	if parsern == -2 {
 		if parserchar < 0 {
-			parserchar = parserlex1(parserlex, &parserlval)
+			parserchar, parsertoken = parserlex1(parserlex, &parserlval)
 		}
 
 		/* look through exception table */
@@ -260,7 +370,7 @@ parserdefault:
 		}
 		for xi += 2; ; xi += 2 {
 			parsern = parserExca[xi+0]
-			if parsern < 0 || parsern == parserchar {
+			if parsern < 0 || parsern == parsertoken {
 				break
 			}
 		}
@@ -273,11 +383,11 @@ parserdefault:
 		/* error ... attempt to resume parsing */
 		switch Errflag {
 		case 0: /* brand new error */
-			parserlex.Error("syntax error")
+			parserlex.Error(parserErrorMessage(parserstate, parsertoken))
 			Nerrs++
 			if parserDebug >= 1 {
 				__yyfmt__.Printf("%s", parserStatname(parserstate))
-				__yyfmt__.Printf(" saw %s\n", parserTokname(parserchar))
+				__yyfmt__.Printf(" saw %s\n", parserTokname(parsertoken))
 			}
 			fallthrough
 
@@ -305,12 +415,13 @@ parserdefault:
 
 		case 3: /* no shift yet; clobber input char */
 			if parserDebug >= 2 {
-				__yyfmt__.Printf("error recovery discards %s\n", parserTokname(parserchar))
+				__yyfmt__.Printf("error recovery discards %s\n", parserTokname(parsertoken))
 			}
-			if parserchar == parserEofCode {
+			if parsertoken == parserEofCode {
 				goto ret1
 			}
 			parserchar = -1
+			parsertoken = -1
 			goto parsernewstate /* try again in the same state */
 		}
 	}
@@ -325,6 +436,13 @@ parserdefault:
 	_ = parserpt // guard against "declared and not used"
 
 	parserp -= parserR2[parsern]
+	// parserp is now the index of $0. Perform the default action. Iff the
+	// reduced production is ε, $1 is possibly out of range.
+	if parserp+1 >= len(parserS) {
+		nyys := make([]parserSymType, len(parserS)*2)
+		copy(nyys, parserS)
+		parserS = nyys
+	}
 	parserVAL = parserS[parserp+1]
 
 	/* consult goto table to find next state */
@@ -344,6 +462,7 @@ parserdefault:
 	switch parsernt {
 
 	case 1:
+		parserDollar = parserS[parserpt-0 : parserpt+1]
 		//line lang.y:35
 		{
 			parserResult = &ast.LiteralNode{
@@ -353,9 +472,10 @@ parserdefault:
 			}
 		}
 	case 2:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:43
 		{
-			parserResult = parserS[parserpt-0].node
+			parserResult = parserDollar[1].node
 
 			// We want to make sure that the top value is always a Concat
 			// so that the return value is always a string type from an
@@ -365,28 +485,30 @@ parserdefault:
 			// because functionally the AST is the same, but we do that because
 			// it makes for an easy literal check later (to check if a string
 			// has any interpolations).
-			if _, ok := parserS[parserpt-0].node.(*ast.Concat); !ok {
-				if n, ok := parserS[parserpt-0].node.(*ast.LiteralNode); !ok || n.Typex != ast.TypeString {
+			if _, ok := parserDollar[1].node.(*ast.Concat); !ok {
+				if n, ok := parserDollar[1].node.(*ast.LiteralNode); !ok || n.Typex != ast.TypeString {
 					parserResult = &ast.Concat{
-						Exprs: []ast.Node{parserS[parserpt-0].node},
-						Posx:  parserS[parserpt-0].node.Pos(),
+						Exprs: []ast.Node{parserDollar[1].node},
+						Posx:  parserDollar[1].node.Pos(),
 					}
 				}
 			}
 		}
 	case 3:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:66
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 4:
+		parserDollar = parserS[parserpt-2 : parserpt+1]
 		//line lang.y:70
 		{
 			var result []ast.Node
-			if c, ok := parserS[parserpt-1].node.(*ast.Concat); ok {
-				result = append(c.Exprs, parserS[parserpt-0].node)
+			if c, ok := parserDollar[1].node.(*ast.Concat); ok {
+				result = append(c.Exprs, parserDollar[2].node)
 			} else {
-				result = []ast.Node{parserS[parserpt-1].node, parserS[parserpt-0].node}
+				result = []ast.Node{parserDollar[1].node, parserDollar[2].node}
 			}
 
 			parserVAL.node = &ast.Concat{
@@ -395,89 +517,103 @@ parserdefault:
 			}
 		}
 	case 5:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:86
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 6:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:90
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 7:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:96
 		{
-			parserVAL.node = parserS[parserpt-1].node
+			parserVAL.node = parserDollar[2].node
 		}
 	case 8:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:102
 		{
-			parserVAL.node = parserS[parserpt-1].node
+			parserVAL.node = parserDollar[2].node
 		}
 	case 9:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:106
 		{
-			parserVAL.node = parserS[parserpt-0].node
+			parserVAL.node = parserDollar[1].node
 		}
 	case 10:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:110
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserS[parserpt-0].token.Value.(int),
+				Value: parserDollar[1].token.Value.(int),
 				Typex: ast.TypeInt,
-				Posx:  parserS[parserpt-0].token.Pos,
+				Posx:  parserDollar[1].token.Pos,
 			}
 		}
 	case 11:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:118
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserS[parserpt-0].token.Value.(float64),
+				Value: parserDollar[1].token.Value.(float64),
 				Typex: ast.TypeFloat,
-				Posx:  parserS[parserpt-0].token.Pos,
+				Posx:  parserDollar[1].token.Pos,
 			}
 		}
 	case 12:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:126
 		{
 			parserVAL.node = &ast.Arithmetic{
-				Op:    parserS[parserpt-1].token.Value.(ast.ArithmeticOp),
-				Exprs: []ast.Node{parserS[parserpt-2].node, parserS[parserpt-0].node},
-				Posx:  parserS[parserpt-2].node.Pos(),
+				Op:    parserDollar[2].token.Value.(ast.ArithmeticOp),
+				Exprs: []ast.Node{parserDollar[1].node, parserDollar[3].node},
+				Posx:  parserDollar[1].node.Pos(),
 			}
 		}
 	case 13:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:134
 		{
-			parserVAL.node = &ast.VariableAccess{Name: parserS[parserpt-0].token.Value.(string), Posx: parserS[parserpt-0].token.Pos}
+			parserVAL.node = &ast.VariableAccess{Name: parserDollar[1].token.Value.(string), Posx: parserDollar[1].token.Pos}
 		}
 	case 14:
+		parserDollar = parserS[parserpt-4 : parserpt+1]
 		//line lang.y:138
 		{
-			parserVAL.node = &ast.Call{Func: parserS[parserpt-3].token.Value.(string), Args: parserS[parserpt-1].nodeList, Posx: parserS[parserpt-3].token.Pos}
+			parserVAL.node = &ast.Call{Func: parserDollar[1].token.Value.(string), Args: parserDollar[3].nodeList, Posx: parserDollar[1].token.Pos}
 		}
 	case 15:
+		parserDollar = parserS[parserpt-0 : parserpt+1]
 		//line lang.y:143
 		{
 			parserVAL.nodeList = nil
 		}
 	case 16:
+		parserDollar = parserS[parserpt-3 : parserpt+1]
 		//line lang.y:147
 		{
-			parserVAL.nodeList = append(parserS[parserpt-2].nodeList, parserS[parserpt-0].node)
+			parserVAL.nodeList = append(parserDollar[1].nodeList, parserDollar[3].node)
 		}
 	case 17:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:151
 		{
-			parserVAL.nodeList = append(parserVAL.nodeList, parserS[parserpt-0].node)
+			parserVAL.nodeList = append(parserVAL.nodeList, parserDollar[1].node)
 		}
 	case 18:
+		parserDollar = parserS[parserpt-1 : parserpt+1]
 		//line lang.y:157
 		{
 			parserVAL.node = &ast.LiteralNode{
-				Value: parserS[parserpt-0].token.Value.(string),
+				Value: parserDollar[1].token.Value.(string),
 				Typex: ast.TypeString,
-				Posx:  parserS[parserpt-0].token.Pos,
+				Posx:  parserDollar[1].token.Pos,
 			}
 		}
 	}

From 22ec52396adef10449fa55c81f3aada69fa008cb Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Wed, 28 Oct 2015 16:30:03 +0000
Subject: [PATCH 335/335] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bf27fb1c33..075cb0f442 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ BUG FIXES:
   * provider/google: Timeout when deleting large instance_group_manager [GH-3591]
   * provider/aws: Fix issue with order of Termincation Policies in AutoScaling Groups. 
       This will introduce plans on upgrade to this version, in order to correct the ordering [GH-2890]
+  * provider/aws: Allow cluster name, not only ARN for `aws_ecs_service` [GH-3668]
 
 ## 0.6.6 (October 23, 2015)