diff --git a/CHANGELOG.md b/CHANGELOG.md index d164de699..4748909f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -140,7 +140,7 @@ IMPROVEMENTS: * provider/heroku: Set App buildpacks from config ([#13910](https://github.com/hashicorp/terraform/issues/13910)) * provider/heroku: Create Heroku app in a private space ([#13862](https://github.com/hashicorp/terraform/issues/13862)) * provider/vault: `vault_generic_secret` resource can now optionally detect drift if it has appropriate access ([#11776](https://github.com/hashicorp/terraform/issues/11776)) - + BUG FIXES: * core: Prevent resource.Retry from adding untracked resources after the timeout: ([#13778](https://github.com/hashicorp/terraform/issues/13778)) @@ -170,7 +170,7 @@ BUG FIXES: * provider/azurerm: Locking route table on subnet create/delete ([#13791](https://github.com/hashicorp/terraform/issues/13791)) * provider/azurerm: VM's - fixes a bug where ssh_keys could contain a null entry ([#13755](https://github.com/hashicorp/terraform/issues/13755)) * provider/azurerm: VM's - ignoring the case on the `create_option` field during Diff's ([#13933](https://github.com/hashicorp/terraform/issues/13933)) - * provider/azurerm: fixing a bug refreshing the `azurerm_redis_cache` [[#13899](https://github.com/hashicorp/terraform/issues/13899)] + * provider/azurerm: fixing a bug refreshing the `azurerm_redis_cache` [[#13899](https://github.com/hashicorp/terraform/issues/13899)] * provider/fastly: Fix issue with using 0 for `default_ttl` ([#13648](https://github.com/hashicorp/terraform/issues/13648)) * provider/google: Fix panic in GKE provisioning with addons ([#13954](https://github.com/hashicorp/terraform/issues/13954)) * provider/fastly: Add ability to associate a healthcheck to a backend ([#13539](https://github.com/hashicorp/terraform/issues/13539)) @@ -188,7 +188,7 @@ BUG FIXES: ## 0.9.3 (April 12, 2017) BACKWARDS INCOMPATIBILITIES / NOTES: - * provider/aws: Fix a critical bug in `aws_emr_cluster` in order to preserve the ordering + * provider/aws: Fix a critical bug in `aws_emr_cluster` in order to preserve the ordering of any arguments in `bootstrap_action`. Terraform will now enforce the ordering from the configuration. As a result, `aws_emr_cluster` resources may need to be recreated, as there is no API to update them in-place ([#13580](https://github.com/hashicorp/terraform/issues/13580)) @@ -208,7 +208,7 @@ FEATURES: * **New Data Source:** `aws_iam_role` ([#13213](https://github.com/hashicorp/terraform/issues/13213)) IMPROVEMENTS: - + * core: add `-lock-timeout` option, which will block and retry locks for the given duration ([#13262](https://github.com/hashicorp/terraform/issues/13262)) * core: new `chomp` interpolation function which returns the given string with any trailing newline characters removed ([#13419](https://github.com/hashicorp/terraform/issues/13419)) * backend/remote-state: Add support for assume role extensions to s3 backend ([#13236](https://github.com/hashicorp/terraform/issues/13236)) @@ -249,8 +249,8 @@ IMPROVEMENTS: * provider/statuscake: Add support for StatusCake TriggerRate field ([#13340](https://github.com/hashicorp/terraform/issues/13340)) * provider/triton: Move to joyent/triton-go ([#13225](https://github.com/hashicorp/terraform/issues/13225)) * provisioner/chef: Make sure we add new Chef-Vault clients as clients ([#13525](https://github.com/hashicorp/terraform/issues/13525)) - -BUG FIXES: + +BUG FIXES: * core: Escaped interpolation-like sequences (like `$${foo}`) now permitted in variable defaults ([#13137](https://github.com/hashicorp/terraform/issues/13137)) * core: Fix strange issues with computed values in provider configuration that were worked around with `-input=false` ([#11264](https://github.com/hashicorp/terraform/issues/11264)], [[#13264](https://github.com/hashicorp/terraform/issues/13264)) @@ -350,8 +350,8 @@ IMPROVEMENTS: * provider/pagerduty: Validate credentials ([#12854](https://github.com/hashicorp/terraform/issues/12854)) * provider/openstack: Adding all_metadata attribute ([#13061](https://github.com/hashicorp/terraform/issues/13061)) * provider/profitbricks: Handling missing resources ([#13053](https://github.com/hashicorp/terraform/issues/13053)) - -BUG FIXES: + +BUG FIXES: * core: Remove legacy remote state configuration on state migration. This fixes errors when saving plans. ([#12888](https://github.com/hashicorp/terraform/issues/12888)) * provider/arukas: Default timeout for launching container increased to 15mins (was 10mins) ([#12849](https://github.com/hashicorp/terraform/issues/12849)) @@ -417,7 +417,7 @@ BUG FIXES: * provider/aws: Stop setting weight property on route53_record read ([#12756](https://github.com/hashicorp/terraform/issues/12756)) * provider/google: Fix the Google provider asking for account_file input on every run ([#12729](https://github.com/hashicorp/terraform/issues/12729)) * provider/profitbricks: Prevent panic on profitbricks volume ([#12819](https://github.com/hashicorp/terraform/issues/12819)) - + ## 0.9.0 (March 15, 2017) @@ -565,7 +565,7 @@ BUG FIXES: * provider/google: Correct the incorrect instance group manager URL returned from GKE ([#4336](https://github.com/hashicorp/terraform/issues/4336)) * provider/google: Fix a plan/apply cycle in IAM policies ([#12387](https://github.com/hashicorp/terraform/issues/12387)) * provider/google: Fix a plan/apply cycle in forwarding rules when only a single port is specified ([#12662](https://github.com/hashicorp/terraform/issues/12662)) - + ## 0.9.0-beta2 (March 2, 2017) BACKWARDS INCOMPATIBILITIES / NOTES: diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go index 327090130..3efe53706 100644 --- a/builtin/providers/aws/config.go +++ b/builtin/providers/aws/config.go @@ -89,13 +89,21 @@ type Config struct { AllowedAccountIds []interface{} ForbiddenAccountIds []interface{} - DynamoDBEndpoint string - KinesisEndpoint string - Ec2Endpoint string - IamEndpoint string - ElbEndpoint string - S3Endpoint string - Insecure bool + CloudFormationEndpoint string + CloudWatchEndpoint string + CloudWatchEventsEndpoint string + CloudWatchLogsEndpoint string + DynamoDBEndpoint string + Ec2Endpoint string + ElbEndpoint string + IamEndpoint string + KinesisEndpoint string + KmsEndpoint string + RdsEndpoint string + S3Endpoint string + SnsEndpoint string + SqsEndpoint string + Insecure bool SkipCredsValidation bool SkipGetEC2Platforms bool @@ -264,12 +272,20 @@ func (c *Config) Client() (interface{}, error) { usEast1Sess := sess.Copy(&aws.Config{Region: aws.String("us-east-1")}) // Some services have user-configurable endpoints + awsCfSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.CloudFormationEndpoint)}) + awsCwSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.CloudWatchEndpoint)}) + awsCweSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.CloudWatchEventsEndpoint)}) + awsCwlSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.CloudWatchLogsEndpoint)}) + awsDynamoSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.DynamoDBEndpoint)}) awsEc2Sess := sess.Copy(&aws.Config{Endpoint: aws.String(c.Ec2Endpoint)}) awsElbSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.ElbEndpoint)}) awsIamSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.IamEndpoint)}) + awsKinesisSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.KinesisEndpoint)}) + awsKmsSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.KmsEndpoint)}) + awsRdsSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.RdsEndpoint)}) awsS3Sess := sess.Copy(&aws.Config{Endpoint: aws.String(c.S3Endpoint)}) - dynamoSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.DynamoDBEndpoint)}) - kinesisSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.KinesisEndpoint)}) + awsSnsSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.SnsEndpoint)}) + awsSqsSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.SqsEndpoint)}) // These two services need to be set up early so we can check on AccountID client.iamconn = iam.New(awsIamSess) @@ -312,12 +328,12 @@ func (c *Config) Client() (interface{}, error) { client.apigateway = apigateway.New(sess) client.appautoscalingconn = applicationautoscaling.New(sess) client.autoscalingconn = autoscaling.New(sess) - client.cfconn = cloudformation.New(sess) + client.cfconn = cloudformation.New(awsCfSess) client.cloudfrontconn = cloudfront.New(sess) client.cloudtrailconn = cloudtrail.New(sess) - client.cloudwatchconn = cloudwatch.New(sess) - client.cloudwatcheventsconn = cloudwatchevents.New(sess) - client.cloudwatchlogsconn = cloudwatchlogs.New(sess) + client.cloudwatchconn = cloudwatch.New(awsCwSess) + client.cloudwatcheventsconn = cloudwatchevents.New(awsCweSess) + client.cloudwatchlogsconn = cloudwatchlogs.New(awsCwlSess) client.codecommitconn = codecommit.New(sess) client.codebuildconn = codebuild.New(sess) client.codedeployconn = codedeploy.New(sess) @@ -326,7 +342,7 @@ func (c *Config) Client() (interface{}, error) { client.dmsconn = databasemigrationservice.New(sess) client.codepipelineconn = codepipeline.New(sess) client.dsconn = directoryservice.New(sess) - client.dynamodbconn = dynamodb.New(dynamoSess) + client.dynamodbconn = dynamodb.New(awsDynamoSess) client.ecrconn = ecr.New(sess) client.ecsconn = ecs.New(sess) client.efsconn = efs.New(sess) @@ -340,20 +356,20 @@ func (c *Config) Client() (interface{}, error) { client.firehoseconn = firehose.New(sess) client.inspectorconn = inspector.New(sess) client.glacierconn = glacier.New(sess) - client.kinesisconn = kinesis.New(kinesisSess) - client.kmsconn = kms.New(sess) + client.kinesisconn = kinesis.New(awsKinesisSess) + client.kmsconn = kms.New(awsKmsSess) client.lambdaconn = lambda.New(sess) client.lightsailconn = lightsail.New(usEast1Sess) client.opsworksconn = opsworks.New(sess) client.r53conn = route53.New(usEast1Sess) - client.rdsconn = rds.New(sess) + client.rdsconn = rds.New(awsRdsSess) client.redshiftconn = redshift.New(sess) client.simpledbconn = simpledb.New(sess) client.s3conn = s3.New(awsS3Sess) client.sesConn = ses.New(sess) client.sfnconn = sfn.New(sess) - client.snsconn = sns.New(sess) - client.sqsconn = sqs.New(sess) + client.snsconn = sns.New(awsSnsSess) + client.sqsconn = sqs.New(awsSqsSess) client.ssmconn = ssm.New(sess) client.wafconn = waf.New(sess) diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index d9905ef47..957614d7b 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -487,20 +487,36 @@ func init() { "being executed. If the API request still fails, an error is\n" + "thrown.", + "cloudformation_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "cloudwatch_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "cloudwatchevents_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "cloudwatchlogs_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + "dynamodb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + "It's typically used to connect to dynamodb-local.", "kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + "It's typically used to connect to kinesalite.", + "kms_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + "iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", "ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", "elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + "rds_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + "s3_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + "sns_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + + "sqs_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", + "insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," + "default value is `false`", @@ -577,12 +593,20 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { for _, endpointsSetI := range endpointsSet.List() { endpoints := endpointsSetI.(map[string]interface{}) + config.CloudFormationEndpoint = endpoints["cloudformation"].(string) + config.CloudWatchEndpoint = endpoints["cloudwatch"].(string) + config.CloudWatchEventsEndpoint = endpoints["cloudwatchevents"].(string) + config.CloudWatchLogsEndpoint = endpoints["cloudwatchlogs"].(string) config.DynamoDBEndpoint = endpoints["dynamodb"].(string) - config.IamEndpoint = endpoints["iam"].(string) config.Ec2Endpoint = endpoints["ec2"].(string) config.ElbEndpoint = endpoints["elb"].(string) + config.IamEndpoint = endpoints["iam"].(string) config.KinesisEndpoint = endpoints["kinesis"].(string) + config.KmsEndpoint = endpoints["kms"].(string) + config.RdsEndpoint = endpoints["rds"].(string) config.S3Endpoint = endpoints["s3"].(string) + config.SnsEndpoint = endpoints["sns"].(string) + config.SqsEndpoint = endpoints["sqs"].(string) } if v, ok := d.GetOk("allowed_account_ids"); ok { @@ -651,6 +675,30 @@ func endpointsSchema() *schema.Schema { Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "cloudwatch": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["cloudwatch_endpoint"], + }, + "cloudwatchevents": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["cloudwatchevents_endpoint"], + }, + "cloudwatchlogs": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["cloudwatchlogs_endpoint"], + }, + "cloudformation": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["cloudformation_endpoint"], + }, "dynamodb": { Type: schema.TypeString, Optional: true, @@ -683,12 +731,36 @@ func endpointsSchema() *schema.Schema { Default: "", Description: descriptions["kinesis_endpoint"], }, + "kms": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["kms_endpoint"], + }, + "rds": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["rds_endpoint"], + }, "s3": { Type: schema.TypeString, Optional: true, Default: "", Description: descriptions["s3_endpoint"], }, + "sns": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["sns_endpoint"], + }, + "sqs": { + Type: schema.TypeString, + Optional: true, + Default: "", + Description: descriptions["sqs_endpoint"], + }, }, }, Set: endpointsToHash, @@ -698,12 +770,20 @@ func endpointsSchema() *schema.Schema { func endpointsToHash(v interface{}) int { var buf bytes.Buffer m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["cloudwatch"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["cloudwatchevents"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["cloudwatchlogs"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["cloudformation"].(string))) buf.WriteString(fmt.Sprintf("%s-", m["dynamodb"].(string))) buf.WriteString(fmt.Sprintf("%s-", m["iam"].(string))) buf.WriteString(fmt.Sprintf("%s-", m["ec2"].(string))) buf.WriteString(fmt.Sprintf("%s-", m["elb"].(string))) buf.WriteString(fmt.Sprintf("%s-", m["kinesis"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["kms"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["rds"].(string))) buf.WriteString(fmt.Sprintf("%s-", m["s3"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["sns"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["sqs"].(string))) return hashcode.String(buf.String()) } diff --git a/website/source/docs/providers/aws/index.html.markdown b/website/source/docs/providers/aws/index.html.markdown index 429039d5a..75104bdc4 100644 --- a/website/source/docs/providers/aws/index.html.markdown +++ b/website/source/docs/providers/aws/index.html.markdown @@ -234,6 +234,22 @@ in excess of those allowed by the access policy of the role that is being assume Nested `endpoints` block supports the following: +* `cloudwatch` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom CloudWatch endpoints. + +* `cloudwatchevents` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom CloudWatchEvents endpoints. + +* `cloudwatchlogs` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom CloudWatchLogs endpoints. + +* `cloudformation` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom CloudFormation endpoints. + * `dynamodb` - (Optional) Use this to override the default endpoint URL constructed from the `region`. It's typically used to connect to `dynamodb-local`. @@ -242,6 +258,10 @@ Nested `endpoints` block supports the following: URL constructed from the `region`. It's typically used to connect to `kinesalite`. +* `kms` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom KMS endpoints. + * `iam` - (Optional) Use this to override the default endpoint URL constructed from the `region`. It's typically used to connect to custom IAM endpoints. @@ -254,10 +274,22 @@ Nested `endpoints` block supports the following: URL constructed from the `region`. It's typically used to connect to custom ELB endpoints. +* `rds` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom RDS endpoints. + * `s3` - (Optional) Use this to override the default endpoint URL constructed from the `region`. It's typically used to connect to custom S3 endpoints. +* `sns` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom SNS endpoints. + +* `sqs` - (Optional) Use this to override the default endpoint + URL constructed from the `region`. It's typically used to connect to + custom SQS endpoints. + ## Getting the Account ID If you use either `allowed_account_ids` or `forbidden_account_ids`,