Commit Graph

12496 Commits

Author SHA1 Message Date
James Nugent
94ca84e772 Merge pull request #8638 from hashicorp/f-aws-assume-role
provider/aws: Add support for AssumeRole prior to operations
2016-09-03 13:04:03 -07:00
James Nugent
e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Paul Stack
03afd4ef72 Update CHANGELOG.md 2016-09-03 20:50:56 +03:00
Paul Stack
3ad4cfe117 Merge pull request #8645 from hashicorp/aws-vpn-gateway-za
provider/aws: Do not set empty string to state for `aws_vpn_gateway` availability zone
2016-09-03 20:50:31 +03:00
stack72
feaabb6ca1
provider/aws: Do not set empty string to state for aws_vpn_gateway
availability zone

Fixes #4752

According to the AWS Documentation, when `describing-vpn-gateways`

```
AvailabilityZone -> (string)
The Availability Zone where the virtual private gateway was created, if applicable. This field may be empty or not returned.
```

Therefore, if we pass an availability zone as part of vpn gateway, then it may come back as an empty string. If we set this empty string back to state, then the next plan will look as follows:

```
-/+ aws_vpn_gateway.vpn_gateway
    availability_zone: "" => "us-west-2a" (forces new resource)
    tags.%:            "1" => "1"
    tags.Name:         "vpn-us-west-2" => "vpn-us-west-2"
    vpc_id:            "vpc-1e9da47a" => "vpc-1e9da47a"

Plan: 1 to add, 0 to change, 1 to destroy.
```

If the availability_zone comes back from AWS as an empty string, then we should not set it to state to avoid forcing a new resource for the user

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:10:57 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- FAIL: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (36.11s)
       	testing.go:265: Step 0 error: Check failed: Check 2/2 error: aws_vpn_gateway.foo: Attribute 'availability_zone' expected "us-west-2a", got ""
FAIL
exit status 1
FAIL   	github.com/hashicorp/terraform/builtin/providers/aws   	36.130s
make: *** [testacc] Error 1
[stacko@Pauls-MacBook-Pro:~/Code/go/src/github.com/hashicorp/terraform on master]
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState'                                                                                       2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/03 17:12:25 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnGateway_withAvailabilityZoneSetToState -timeout 120m
=== RUN   TestAccAWSVpnGateway_withAvailabilityZoneSetToState
--- PASS: TestAccAWSVpnGateway_withAvailabilityZoneSetToState (46.50s)
PASS
ok     	github.com/hashicorp/terraform/builtin/providers/aws   	46.517s
```
2016-09-03 17:14:42 +03:00
Radek Simko
e6993a324e Update CHANGELOG.md 2016-09-03 14:57:34 +01:00
Paul Stack
eaa48681d4 provider/aws: Refresh aws_elasticsearch_domain from state when ResourceNotFoundException (#8643)
* provider/aws: Refresh `aws_elasticsearch_domain` from state when
RecordNotFoundException

Fixes #3967

When an ElasticSearch domain has been deleted outside of Terraform, the
next Terraform operation would return the following:

```
* aws_elasticsearch_domain.curvelogic_es: ResourceNotFoundException:
* Domain not found: curvelogic-es
    status code: 409, request id: 6e4b2371-8e1a-11e5-bd07-7741b705d65c
```

We now refresh the resource from state when it is no longer found

* Update resource_aws_elasticsearch_domain.go
2016-09-03 14:55:29 +01:00
Paul Stack
ef85146722 Merge pull request #8642 from kwilczynski/feature/add-unit-test-aws_network_acl_rule
provider/aws: Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
2016-09-03 16:51:34 +03:00
Paul Stack
401d976cbb Merge pull request #8644 from kwilczynski/feature/add-unit-test-data_source_availability_zones
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
2016-09-03 16:50:59 +03:00
Krzysztof Wilczynski
814b1d7489
provider/aws: Add missing unit test for validateStateType to data_source_availability_zones.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 14:04:35 +01:00
Krzysztof Wilczynski
18b5de26d8
Add missing unit test for validateICMPArgumentValue to aws_network_acl_rule.
This commit adds missing unit test of a helper function.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 13:49:39 +01:00
Paul Stack
10bf48a35a Merge pull request #8641 from kwilczynski/feature/update-aws_efs_file_system
provider/aws: Maintenance and clean-up for aws_efs_file_system.
2016-09-03 15:35:45 +03:00
Krzysztof Wilczynski
fceb3ac381
Maintenance and clean-up for aws_efs_file_system.
This commit is purely a maintenance and clean-up of the resource.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-03 11:40:24 +01:00
Paul Stack
251a0e73ab Update CHANGELOG.md 2016-09-03 00:24:24 +03:00
Paul Stack
42711dbc1f Merge pull request #8636 from kwilczynski/fix/increase-wait-time-aws_vpn_gateway_attachment
provider/aws: Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
2016-09-03 00:23:37 +03:00
Paul Stack
74c83751e4 Update CHANGELOG.md 2016-09-02 23:35:20 +03:00
Paul Stack
18ea8ef264 Merge pull request #8603 from hashicorp/aws-db-parameter-apply_method
provider/aws: Set `apply_method` to state in `aws_db_parameter_group`
2016-09-02 23:34:45 +03:00
Krzysztof Wilczynski
a6de64a445
Fix. Adjust create and destroy timeout in aws_vpn_gateway_attachment.
This commit increases the timeout, delay and minimum timeout values in
order to resolve a timeout potentially occurring when the VPC gateway
is being attached.

Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
2016-09-02 21:28:55 +01:00
Paul Hinze
e991ea5741 Merge pull request #8634 from hashicorp/revert-8590-b-template-floats
Revert "providers/template: template_file supports floating point math"
2016-09-02 15:28:32 -05:00
Paul Hinze
c5647dc046 Revert "providers/template: template_file supports floating point math" 2016-09-02 15:20:03 -05:00
James Nugent
afd17e166d Merge pull request #8630 from supergibbs/patch-1
Update ami.html.markdown
2016-09-02 10:50:16 -07:00
James Nugent
d444d122bf provider/aws: Clean up AWS provider schema defns
Remove unnecessary &schema.Schema from the AWS provider schema
definition.
2016-09-02 10:36:52 -07:00
Ian Duffy
767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
Jesse Mandel
f168c90afa Update ami.html.markdown
typo `i368` to `i386`
2016-09-02 10:22:18 -07:00
Mitchell Hashimoto
f4a7740beb Merge pull request #8629 from ProcessOut/scaleway-security_group_rule-port-documentation
provider/scaleway: Document ports in security group rules properly
2016-09-02 10:06:45 -07:00
Mitchell Hashimoto
652b141755 Update CHANGELOG.md 2016-09-02 10:03:51 -07:00
Mitchell Hashimoto
fad1ce9915 Merge pull request #8620 from hashicorp/b-var-input
command: more resilient HCL check for inputs
2016-09-02 10:02:23 -07:00
Mitchell Hashimoto
c84f699158
update HCL vendor 2016-09-02 09:58:05 -07:00
James Nugent
0cf43411f9 Update CHANGELOG.md 2016-09-02 09:55:42 -07:00
James Nugent
bb3a896cee Merge pull request #8615 from hashicorp/f-aws-s3-bucket-policy
provider/aws: Add aws_s3_bucket_policy resource
2016-09-02 11:54:19 -05:00
Louis-Paul Dareau
7adcac2d6c
provider/scaleway: Fix a documentation typo 2016-09-02 12:16:42 -04:00
Louis-Paul Dareau
ab36c4299f
provider/scaleway: Document ports in security group rules properly 2016-09-02 12:10:52 -04:00
James Nugent
93f31fce17 provider/aws: Add aws_s3_bucket_policy resource
This commit adds a new "attachment" style resource for setting the
policy of an AWS S3 bucket. This is desirable such that the ARN of the
bucket can be referenced in an IAM Policy Document.

In addition, we now suppress diffs on the (now-computed) policy in the
S3 bucket for structurally equivalent policies, which prevents flapping
because of whitespace and map ordering changes made by the S3 endpoint.
2016-09-02 09:07:54 -07:00
James Nugent
1f04942292 deps: Vendor github.com/jen20/awspolicyequivalence 2016-09-02 09:07:54 -07:00
Paul Stack
4e7edb5431 Update CHANGELOG.md 2016-09-02 17:51:23 +03:00
Joe Topjian
20b25043b6 Merge pull request #8625 from Fodoj/provider-openstack-lb2-better-docs
provider/openstack: Fix documentation of openstack LBaaS resources
2016-09-02 08:39:45 -06:00
Paul Stack
d5b869732b Merge pull request #8628 from hashicorp/b-aws-alb-computed
provider/aws: Making `aws_alb_listener` ssl_policy to be Computed
2016-09-02 17:33:02 +03:00
Clint
740b8bb9cb provider/aws: Run errcheck in tests (#8579)
* provider/aws: Add errcheck to Makefile, error on unchecked errors

* more exceptions

* updates for errcheck to pass

* reformat and spilt out the ignore statements

* narrow down ignores

* fix typo, only ignore Close and Write, instead of close or write
2016-09-02 09:24:17 -05:00
stack72
d236a305ea
provider/aws: Making aws_alb_listener ssl_policy to be Computed
Fixes #8612

The SSL Policy is optional - if you don't add it and create a HTTPS Alb
Listener, AWS will add the policy for you. Without being computed, we
would get a diff

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBListener_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 17:16:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBListener_
-timeout 120m
=== RUN   TestAccAWSALBListener_basic
--- PASS: TestAccAWSALBListener_basic (70.45s)
=== RUN   TestAccAWSALBListener_https
--- PASS: TestAccAWSALBListener_https (63.20s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    133.667s
```
2016-09-02 17:21:02 +03:00
stack72
04a77b343b
Merge branch 'master' of github.com:hashicorp/terraform 2016-09-02 17:09:08 +03:00
stack72
651eba7d97
Merge branch 'liamjbennett-aws_ssm_association' 2016-09-02 17:08:33 +03:00
stack72
f9183da2e3
provider/aws: Changing the tests for aws_ssm_association to align with
us-west-2

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSSSMAssociation_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/09/02 16:56:09 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSSSMAssociation_ -timeout 120m
=== RUN   TestAccAWSSSMAssociation_basic
--- PASS: TestAccAWSSSMAssociation_basic (136.23s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    136.246s
```
2016-09-02 17:04:43 +03:00
liamjbennett
e98e5fb017
provider/aws: add aws_ssm_association resource 2016-09-02 16:46:05 +03:00
Sander van Harmelen
0ea4777257 Update CHANGELOG.md 2016-09-02 15:45:44 +02:00
Sander van Harmelen
5163554a9e Update CHANGELOG.md 2016-09-02 15:45:27 +02:00
Sander van Harmelen
47dd1ad153 Add wildcard (match all) support to ignore_changes (#8599) 2016-09-02 15:44:35 +02:00
Paul Stack
370be7df67 Update CHANGELOG.md 2016-09-02 16:26:37 +03:00
Paul Stack
7ed729507c Merge pull request #8623 from qivers/master
Increase aws_rds_cluster timeout to 40 minutes
2016-09-02 14:25:42 +01:00
Kirill Shirinkin
b4ac5bcf17 provider/openstack: Fix the list of available LB methods for LB pool 2016-09-02 07:54:29 -05:00
Kirill Shirinkin
52f130cb64 provider/openstack: Fix documentaion for whole LBaaS v2 group 2016-09-02 07:51:44 -05:00