It’s now also possible to don’t give any rules, when the firewall is
configured with `managed = true`. This will in effect mean; make sure
no rules exist at all for the firewall.
These fixes are needed to make the provider work with master again.
These are still some issues, but they seem not to be related to the
provider, but the changes in `helper/schema`.
This goes for the normal firewall, the egress firewall and the network
ACL.
USE WITH CAUTION! When setting `managed = true` in your config, it
means it will delete all firewall rules that are not in your config, so
unknown to TF.
Also adding the new `cloudstack_egress_firewall` resource with this
commit and updating go-cloudstack to the latest API version (v4.4)
- 5.6.17 is no longer a valid mysql engine version, bumping to 5.6.21
- updating security_group_names assertion to match new set structure
introduce in #663
When DeleteInternetGateway is successful it returns a nil error value.
However, for a nil error value, the RetryFunc returns an error yielding a
unnecessary second call to DeleteInternetGateway in the retry logic.
The logic works because DeleteInternetGateway eventually returns an ec2.Error
with error code InvalidInternetGatewayID.NotFound since the internet gateway
has been deleted in the previous call. The return value of nil breaks the
retry logic and the deletion is deemed successful.
Fix the unnecessary second call to DeleteInternetGateway by short circuiting
with a nil error value when deletion of the internet gateway is successful on
the first try.
Add an acceptance test for internet gateway deletion and remove unreachable
code while here.
Update the Google Compute Engine provider to add support for service
accounts on `google_compute_instance`. Both gcloud shorthand (`compute-ro`,
`storage-ro`, etc.) and OAuth2 API endpoints are supported.
This feature is currently limited to a single service account (supporting
multiple scopes) and an automatically-generated service account email.
If not suppling the `availability_zones`, they will be computed
(meaning an update/refresh will retrieve the info and update the values
to the state file).
So without the `Computed = true` the diff will always flag this as a
change, even when it’s not.
Some instance types have a block device by default. So when selecting
such an instance type, you will not set a config for the block device,
but the update/refresh func will notice one and update the state
nonetheless.
So in those cases the `block_device` becomes a `computed` field.
1. The schema contained a few fields that where not marked as
`computed`, while they were updated inside the resource.
2. While updating the `volume_size` it was doing so with a `string`,
but in the schema this field is set as `int`.
3. The set func for calculating the hashes for the `block` set items,
also used computed values to calculate the hash. As these values will
not be in the config, but only in the state, this will always show as a
diff. The solution is to only use the fields that aren’t computed in
order to get consistent hashes.
These where all issues before, but weren’t visible as such. All should
be good again now.
For now this only supports importing a key pair (by specifying a
public_key) property. In the future it'd be fairly trivial to support
key pair creation, with the private key returned as a computed property.
In real world usage you'd probably want to provide that public_key
property via a variable rather than hard-coding it into a terraform
config that'd end up in source control.
Evan Krall