754bcd8307
Increase subnet & security group deletion timeout (2 -> 5 mins)
...
- this should prevent DependencyViolation errors while waiting for larger ASGs to shut down
2015-05-09 22:18:04 +01:00
eaf96d9d6f
provider/aws: Document AWS ElastiCache cluster
...
- ElastiCache subnet group name is computed
2015-05-08 14:33:41 -05:00
ce8351ddef
provider/aws: Add FQDN as output to route53_record
2015-05-08 20:19:40 +01:00
870b48b1c0
Merge pull request #1865 from justincampbell/s3-region-zone
...
providers/aws: Add hosted_zone_id and region to attributes
2015-05-08 14:49:12 -04:00
a28267b886
provider/aws: SG description should be ForceNew
...
Description cannot be handled in Update (there is no ModifySecurityGroup
API call), so we have to recreate to change the description.
Closes #1870
2015-05-08 12:16:54 -05:00
73651e2c70
providers/aws: Extract normalizeRegion
2015-05-08 10:49:21 -04:00
445f92e48a
providers/aws: Move HostedZoneIDForRegion into TF
2015-05-08 10:49:20 -04:00
64d2b495c3
providers/aws: Add region to S3 attrs
2015-05-08 10:02:16 -04:00
839688d477
providers/aws: Add hosted_zone_id to S3 attrs
2015-05-08 10:02:16 -04:00
d7c9d8702c
providers/aws: Extract website endpoint logic
2015-05-08 10:02:16 -04:00
60c3ca0430
typo
2015-05-07 23:21:47 +01:00
44461f49fd
update structure test
2015-05-07 17:18:47 -05:00
70984526a4
Merge remote-tracking branch 'ctiwald/ct/fix-protocol-problem'
...
* ctiwald/ct/fix-protocol-problem:
aws: Document the odd protocol = "-1" behavior in security groups.
aws: Fixup structure_test to handle new expandIPPerms behavior.
aws: Add security group acceptance tests for protocol -1 fixes.
aws: error on expndIPPerms(...) if our ports and protocol conflict.
2015-05-07 17:13:21 -05:00
4874179e9a
Merge pull request #1843 from ctiwald/ct/fix-network-acls
...
Fix a number of issues in AWS network ACLs
2015-05-07 16:39:10 -05:00
1594cb3dbe
provider/aws: remove names from LCs in ASG tests
...
Makes the tests a little more durable if your account happens to end up
with a dangling LC.
2015-05-07 10:14:49 -05:00
20ebb38b8f
update s3bucket website tests
2015-05-07 10:13:08 -05:00
fed42fe1b3
update tests so go vet is happy
2015-05-07 10:03:28 -05:00
e7b101dba4
provider/aws: elasticache_cluster engine_version is computed
...
fixes the TestAccAWSElasticacheCluster test
2015-05-07 08:47:52 -05:00
9e8aefcd40
aws: Fix network ACL acceptance tests and add -1 protocol rule.
2015-05-06 23:54:14 -04:00
5b0d61727e
aws: Only store protocol numbers for ingress/egress rules on ACLs.
...
Users can input a limited number of protocol names (e.g. "tcp") as
inputs to network ACL rules, but the API only supports valid protocol
number:
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Preserve the convenience of protocol names and simultaneously support
numbers by only writing numbers to the state file. Also use numbers
when hashing the rules, to keep everything consistent.
2015-05-06 23:54:12 -04:00
8056b5f8f7
aws: Force users to use valid network masks on ACL ingress/egress
...
AWS will accept any overly-specific IP/mask combination, such as
10.1.2.2/24, but will store it by its implied network: 10.1.2.0/24.
This results in hashing errors, because the remote API will return
hashing results out of sync with the local configuration file.
Enforce a stricter API rule than AWS. Force users to use valid masks,
and run a quick calculation on their input to discover their intent.
2015-05-06 23:53:34 -04:00
b888b31e08
aws: Force users to use from_port, to_port = 0 on network ACLs with -1 protocol
...
AWS doesn't store ports for -1 protocol rules, thus the read from the
API will always come up with a different hash. Force the user to make a
deliberate port choice when enabling -1 protocol rules. All from_port
and to_port's on these rules must be 0.
2015-05-06 23:51:23 -04:00
d14049c8ad
aws: Don't try to modify or delete the untouchable network_acl rules.
...
AWS includes default rules with all network ACL resources which cannot
be modified by the user. Don't attempt to store them locally or change
them remotely if they are already stored -- it'll consistently result
in hashing problems.
2015-05-06 23:03:25 -04:00
03ee059da3
aws: Write ingress/egress rules into a map so they can be set.
...
resourceAwsNetworkAclRead swallowed these errors resulting in rules
that never properly updated. Implement an entry-to-maplist function
that'll allow us to write something that Set knows how to read.
2015-05-06 23:03:24 -04:00
a9678bd252
Merge pull request #1840 from hashicorp/f-aws-asg-handle-scaling-activity-in-progress-errors
...
provider/aws: handle in progress errs from ASG deletes
2015-05-06 19:39:23 -05:00
90907c8be5
Merge pull request #1738 from justincampbell/s3-website
...
providers/aws: S3 bucket website support
2015-05-06 19:37:29 -05:00
03530d1285
provider/aws: handle in progress errs from ASG deletes
...
If an AutoScalingGroup is in the middle of performing a Scaling
Activity, it cannot be deleted, and yields a ScalingActivityInProgress
error.
Retry the delete for up to 5m so we don't choke on this error. It's
telling us something's in progress, so we'll keep trying until the
scaling activity completed.
2015-05-06 18:54:59 -05:00
761523e8f9
Merge pull request #1839 from hashicorp/f-aws-asg-wait-for-capacity
...
provider/aws: wait for ASG capacity on creation
2015-05-06 18:40:13 -05:00
063454e9b8
provider/aws: wait for ASG capacity on creation
...
On ASG creation, waits for up to 10m for desired_capacity or min_size
healthy nodes to show up in the group before continuing.
With CBD and proper HealthCheck tuning, this allows us guarantee safe
ASG replacement.
2015-05-06 18:34:20 -05:00
c44ba73a2a
Merge pull request #1837 from hashicorp/b-fix-aws-sg-vpcid
...
provider/aws: fix issue with reading VPC id in AWS Security Group
2015-05-06 17:01:20 -05:00
8705f0f78f
provider/aws: fix issue with reading VPC id in AWS Security Group
2015-05-06 16:54:43 -05:00
4a61d0abc9
provider/aws: do connection draining stuff totally separate
2015-05-06 11:47:06 -07:00
acbca8101c
provider/aws: Update Elasticache Subnet test
2015-05-06 13:44:24 -05:00
5378d904a2
provider/aws: remove debug
2015-05-06 11:43:36 -07:00
74665f27c8
provider/aws: must set connection draining timeout separate frrom
...
enabled
2015-05-06 11:43:18 -07:00
5d12c79d90
provider/aws: retry VGW connection a bit due to eventual consistency
2015-05-06 11:09:51 -07:00
f2ddb53c8f
provider/aws: only include network in hash if instance is not set
2015-05-06 10:32:17 -07:00
7311019efe
provider/aws: fix incorrect test
2015-05-06 10:20:19 -07:00
4db68cee89
providers/aws: eip network interface is computed
2015-05-06 10:04:38 -07:00
37c56d0084
provider/aws: fix alias test
2015-05-06 09:55:14 -07:00
4e717829f8
Merge branch 'master' of github.com:hashicorp/terraform
...
* 'master' of github.com:hashicorp/terraform:
provider/aws: detach VPN gateway with proper ID
update CHANGELOG
provider/aws: Update ARN in instanceProfileReadResult
provider/aws: remove placement_group from acctest
core: module targeting
Added support for more complexly images repos such as images on a private registry that are stored as namespace/name
2015-05-06 11:45:35 -05:00
b184e283b9
provider/aws: detach VPN gateway with proper ID
2015-05-06 09:45:08 -07:00
cd90648d4e
provider/aws: Fix acceptance issue with Network Acls
2015-05-06 11:44:09 -05:00
5be4ecdcdb
provider/aws: Update ARN in instanceProfileReadResult
2015-05-07 00:26:57 +09:00
010a39a58e
provider/aws: remove placement_group from acctest
...
Depends on there being an existing placement group in the account called
"terraform-placement-group" - we'll need to circle back around to cover
this with AccTests after TF gets an `aws_placement_group` resource.
2015-05-06 10:13:24 -05:00
34609c6c22
provider/aws: Change Route 53 record test name, so it can be ran individually
2015-05-06 09:48:15 -05:00
66fa633b80
provider/aws: move EBS test into us-west-2
2015-05-06 09:22:34 -05:00
bcb4067cb3
provider/aws: update test name
2015-05-06 09:20:40 -05:00
7303568469
providers/aws: update test name
2015-05-06 09:18:41 -05:00
b91796368f
provider/aws: update test name
2015-05-06 09:18:00 -05:00
2745adba56
providers/aws: Test S3 website endpoint attr
2015-05-06 09:41:02 -04:00
87e6d3d17f
providers/aws: Fix S3 website error doc
2015-05-06 09:41:02 -04:00
0b78a71ed5
providers/aws: Test S3 website removal
2015-05-06 09:41:02 -04:00
eeb65b8d4c
providers/aws: Read S3 website config
2015-05-06 09:41:02 -04:00
6c6eafa232
provider/aws: removing stray "Ecache" in tests
2015-05-06 08:33:05 -05:00
20e531ae0d
providers/aws: Check that S3 website sets docs
2015-05-06 08:15:56 -04:00
be84cf8a8c
providers/aws: Add note for us-east-1 empty location
2015-05-06 08:15:56 -04:00
348942d3fb
providers/aws: Use GetOk instead of Get + cast
2015-05-06 08:15:56 -04:00
562bd6541b
providers/aws: Use explicit returns in websiteEndpoint
2015-05-06 08:15:56 -04:00
30f737c781
providers/aws: Change S3 website to block
2015-05-06 08:15:56 -04:00
38e04b3765
providers/aws: Add website_endpoint to S3 output
2015-05-06 08:15:55 -04:00
b7a9ef5ef6
providers/aws: Add S3 error_document
...
Also fix when index/error document is empty
2015-05-06 08:15:55 -04:00
e6d9dcfb1a
providers/aws: Initial S3 bucket website support
2015-05-06 08:15:55 -04:00
1a2bac7645
provider/aws: main route table refresh handles VPC being gone [GH-1806]
2015-05-05 18:07:22 -07:00
885efa0837
provider/aws: Add Security Group Rule as a top level resource
...
- document conflict with sg rules and sg in-line rules
- for this to work, ingress rules need to be computed
2015-05-05 16:56:39 -05:00
a4000941c2
Merge pull request #1765 from hashicorp/f-aws-security-group-remove-default-egress
...
provider/aws: Remove default egress rule from Security Group on creation
2015-05-05 16:47:23 -05:00
fb4ac42c65
Merge pull request #1516 from henrikhodne/aws-propagating-vgws
...
provider/aws: add propagating_vgws to route tables
2015-05-05 14:42:45 -07:00
eb7c1bb218
fix go formatting
2015-05-05 16:42:08 -05:00
e9b08cf31f
revert the required part
2015-05-05 16:23:26 -05:00
1ed81da9a9
update ENI test for SG egress constraint
2015-05-05 16:23:26 -05:00
85b1756c27
revise tests and check for vpc_id
2015-05-05 16:23:26 -05:00
8ded3c2d1b
Move block for deleing default rule into the create method; only invoke once
2015-05-05 16:23:26 -05:00
ee65684abe
Add spec for removing default egress rule
2015-05-05 16:23:26 -05:00
b145ce88b7
Document Egress+VPC change, update link
2015-05-05 16:23:26 -05:00
1558fd1c3e
provider/aws: Remove default egress rule from Security Group on creation
2015-05-05 16:23:25 -05:00
412a2dca0b
Merge pull request #1575 from freshbooks/aws-eni-route
...
provider/aws: Add Elastic Network Interfaces as route destination
2015-05-05 13:28:48 -07:00
1c2d5fbd0a
Merge branch 'f-aws-associate-eip-to-eni' of https://github.com/jstremick/terraform into jstremick-f-aws-associate-eip-to-eni
2015-05-05 13:24:50 -07:00
18b43b78cb
Merge pull request #939 from bitglue/iam
...
Implement a subset of IAM resources
2015-05-05 15:05:05 -05:00
7b082d007e
Merge commit '33183c0'
...
* commit '33183c0':
Implement a hash function for string sets
2015-05-05 15:01:02 -05:00
7a5499d4f7
providers/aws: chain credentials
2015-05-05 10:44:19 -07:00
6ee17a8e9e
Add acceptance tests
2015-05-05 12:47:20 -04:00
b082117e92
Implement AWS IAM resources
...
- Users
- Groups
- Roles
- Inline policies for the above three
- Instance profiles
- Managed policies
- Access keys
This is most of the data types provided by IAM. There are a few things
missing, but the functionality here is probably sufficient for 95% of
the cases. Makes a dent in #28 .
2015-05-05 12:47:20 -04:00
33183c078b
Implement a hash function for string sets
...
Sets of strings are pretty common. Let's not duplicate the function
necessary to create a set of strings in so many places.
2015-05-05 12:47:18 -04:00
272415303d
provider/aws: Shorting retry timeout for Subnets to 2 minutes, from 5
2015-05-05 11:20:29 -05:00
3ce3b7c516
provider/aws: Shorting retry timeout for Security Groups to 2 minutes, from 5
2015-05-05 11:07:16 -05:00
4b160dd28e
minor cleanups
2015-05-05 10:45:30 -05:00
c50bcf2930
renaming function according to the aws struct
2015-05-05 10:39:25 -05:00
e9215c0676
move accept block to the update func
2015-05-05 10:38:20 -05:00
5658fd6122
clean code
2015-05-05 10:37:13 -05:00
11ba9b1042
add the auto_accecpt option
2015-05-05 10:37:13 -05:00
7274de3c1d
Small fix needed to be inline with the updated AWS SDK again...
...
Executed a couple of AWS ACC test as well to make sure everything works
properly again after this fix…
2015-05-05 12:26:26 +02:00
69e981c0b0
aws: Fixup structure_test to handle new expandIPPerms behavior.
2015-05-04 23:56:54 -04:00
362a6124e3
aws: Add security group acceptance tests for protocol -1 fixes.
...
These only test ingress rules as egress rules are broken by the
default "0.0.0.0/0" rule Amazon includes with every egressed security
group.
2015-05-04 23:55:32 -04:00
89bacc0b15
aws: error on expndIPPerms(...) if our ports and protocol conflict.
...
Ingress and egress rules given a "-1" protocol don't have ports when
Read out of AWS. This results in hashing problems, as a local
config file might contain port declarations AWS can't ever return.
Rather than making ports optional fields, which carries with it a huge
headache trying to distinguish between zero-value attributes (e.g.
'to_port = 0') and attributes that are simply omitted, simply force the
user to opt-in when using the "-1" protocol. If they choose to use it,
they must now specify "0" for both to_port and from_port. Any other
configuration will error.
2015-05-04 23:43:31 -04:00
81422123e8
provider/aws: Add a regression check for Route 53 records
2015-05-04 17:05:49 -05:00
9ed909c8fe
Merge pull request #1749 from nabeken/aws-proxy-protocol-policy
...
provider/aws: Add proxy protocol support in ELB
2015-05-04 14:04:53 -07:00
8633c88723
Merge pull request #1775 from TimeIncOSS/r53-alias-record
...
aws: Add support for Alias records into AWS Route 53
2015-05-04 14:03:29 -07:00
c8c0b02790
Merge pull request #1787 from koendc/f-aws-max-retries
...
aws: make MaxRetries for API calls configurable
2015-05-04 14:00:37 -07:00
2c90d3a637
Merge pull request #1793 from ctiwald/ct/add-vpn-connection-route
...
provider/aws: add support for VPN connection routes
2015-05-04 13:58:17 -07:00
9617761eb4
Merge pull request #1776 from TimeIncOSS/eip-without-igw
...
[bugfix] aws/eip: Don't save instance ID if association fails
2015-05-04 11:19:32 -07:00
cf6fa89f46
Merge pull request #1785 from koendc/f-aws-security-token
...
aws: re-introduce support for AWS_SECURITY_TOKEN
2015-05-04 11:18:28 -07:00
2c21f248ad
aws: Add acceptance tests for VPN connection routes.
2015-05-04 12:55:55 -04:00
e7f8883929
aws: Add support for VPN connection routes.
2015-05-04 12:20:42 -04:00
4727260987
aws: fix VPN connection acceptance test.
...
This corrects syntactical errors and uses distinct IP addresses for
each configuration.
2015-05-04 11:34:35 -04:00
47305c9c5d
aws: Fix customer gateway acceptance test.
...
This test contained a few syntactical errors.
2015-05-04 11:34:35 -04:00
f31466a60e
aws: Fix app cookie stickiness policy acceptance test.
...
This used the wrong AZ and contained a few syntactical errors in
configuration.
2015-05-04 11:34:35 -04:00
14ea3a33a4
aws: Fix LB cookie stickiness policy acceptance test.
...
This needs to run in us-west-2 and contained a few syntactical errors
that prevented it from working.
2015-05-04 11:34:34 -04:00
398c22adcd
aws: make MaxRetries for API calls configurable
...
- Make it configurable in the AWS provider by add an option
'max_retries'.
- Set the default from 3 to 11 retries.
2015-05-03 15:35:51 +02:00
c8f32a2711
aws: re-introduce support for AWS_SECURITY_TOKEN
2015-05-03 10:26:58 +02:00
fb37b3515d
Merge pull request #1712 from hashicorp/f-rename-elasticache-cluster
...
providers/aws: add _cluster to aws_elasticache
2015-05-01 20:07:19 -05:00
795d53e706
[bugfix] Don't save instance ID if association fails
...
- typically happens when no internet GW is available in VPC
2015-05-01 23:55:08 +01:00
3d665ddfcf
provider/aws: Add support for alias record to Route53
2015-05-01 22:43:04 +01:00
f255fd8c42
aws: Add acceptance tests for aws_vpn_connection resources.
2015-05-01 12:23:16 -04:00
814403f45c
aws: Add support for AWS VPN connections
2015-05-01 12:23:08 -04:00
bafabf17be
provider/aws: Expose zone_id from elb
2015-05-01 08:07:33 +01:00
338ae601bc
providers/aws: Implements DHCP Options Set support.
2015-04-30 17:52:04 -04:00
15b9bde1fe
providers/aws: add _cluster to aws_elasticache
...
This AWS calls the actual resources "Cache Clusters" so it seems like
this name makes more sense.
Verified all Elasticache acc tests pass.
2015-04-30 16:12:08 -05:00
a9de720a4e
Merge pull request #1708 from hashicorp/f-elb-source-security-group
...
providers/aws: add source_security_group to elb
2015-04-30 16:10:02 -05:00
76e897fedb
Merge pull request #1753 from hashicorp/f-aws-db-subnet-name
...
provider/aws: Fix refresh/plan issue with DB Param. Group name
2015-04-30 13:42:06 -05:00
b99611fa44
provider/aws: allow key_pair name to be generated
...
As a module author, I'd like to be able to create a module that includes
a key_pair. I don't care about the name, I only know I don't want it to
collide with anything else in the account.
This allows my module to be used multiple times in the same account
without having to do anything funky like adding a user-specified unique
name parameter.
2015-04-30 10:33:14 -05:00
c006af9efe
provider/aws: Fix refresh/plan issue with DB Param. Group name
...
Check against AWS with lowercase, but store in state unmodified.
2015-04-30 09:25:50 -05:00
53a7da379c
provider/aws: Add acceptance tests for aws_proxy_protocol_policy
2015-04-30 17:56:46 +09:00
9df2bf68cb
providers/aws: use isLoadBalancerNotFound
2015-04-30 17:56:46 +09:00
5c1dabdb69
provider/aws: Add ProxyProtocol support via aws_proxy_protocol_policy
2015-04-30 17:56:46 +09:00
eb03f08454
aws: Add acceptance test for aws_customer_gateway.
2015-04-29 21:32:59 -04:00
2794a1c5ab
aws: Add support for aws_customer_gateway
2015-04-29 21:32:51 -04:00
daeaba5cd4
Merge pull request #1618 from hashicorp/b-aws-fix-vpc-security-id-update
...
provider/aws: Fix issue with updating VPC Security Group IDs for an Instance
2015-04-29 10:39:14 -05:00
950bd92837
Merge pull request #1633 from Banno/route53-zone-back-to-list
...
changing route53_zone.name_servers back to list
2015-04-29 10:38:59 -05:00
036d199dd6
provider/aws: Fix issue with updating VPC Security Group IDs for an Instance
...
Currently, we weren't correctly setting the ids, and are setting both
`security_groups` and `vpc_security_group_ids`. As a result, we really only use
the former.
We also don't actually update the latter in the `update` method.
This PR fixes both issues, correctly reading `security_groups` vs.
`vpc_security_group_ids` and allows users to update the latter without
destroying the Instance when in a VPC.
2015-04-29 10:03:57 -05:00
e586d05a7d
Remove some unecessary debug output I added
2015-04-29 10:21:28 -04:00
244639cf3d
Remove some domain checking duplication
2015-04-29 10:21:28 -04:00
b29e9d3b6f
Allow assocation of EIP to ENI
2015-04-29 10:21:08 -04:00
d66012969a
Merge pull request #1658 from bitglue/ebs
...
provider/aws: Implement aws_ebs_volume
2015-04-28 20:37:26 -07:00
77f6945ae7
Merge pull request #1662 from jgjay/elb-sgs-update
...
provider/aws: update elb security groups in-place
2015-04-28 20:30:00 -07:00
b45cd2830f
Merge pull request #1682 from mzupan/master
...
provider/aws: Don't re-do a ASG on a grace healthcheck grace period change
2015-04-28 20:26:00 -07:00
d354cae524
Merge pull request #1685 from ctiwald/master
...
provider/aws: Implement support for various AWS ELB cookie stickiness policies
2015-04-28 20:24:11 -07:00
57af67b314
Merge pull request #1718 from ravenac95/encrypted-ebs-volume-fix
...
provider/aws: Fix connecting encrypted ebs volumes to aws_instances
2015-04-28 20:21:12 -07:00
e8e42decc9
Added docs about m3.medium to tests
2015-04-28 15:19:31 -07:00
25ab54b4e3
Added tests to check for encrypted flag
2015-04-28 15:07:23 -07:00
4ef6d468e9
Actually sends ebs encrypted flag
2015-04-28 10:54:30 -07:00
dcebff7108
Implement aws_ebs_volume
...
This resource allows the management of EBS volumes not associated with
any EC2 instance.
2015-04-28 12:54:02 -04:00
fc26f7a119
Merge pull request #1331 from tmtk75/dev/aws_ecache
...
provider/aws: resource ElastiCache
2015-04-28 10:00:25 -05:00
e4e6ac5d91
providers/aws: add source_security_group to elb
2015-04-28 09:40:19 -05:00
c748ce9c9e
Merge pull request #1695 from aznashwan/commfix
...
Fixed/added docstrings in aws provider package.
2015-04-28 08:51:20 -05:00
120cfdce59
provider/aws: fix EIPs on new upstream sdk
...
As we've seen elsewhere, the SDK now wants nils instead of empty arrays
for collections
fixes #1696
thanks @jstremick for pointing me in the right direction
2015-04-27 19:55:26 -05:00
d64dd99d4d
Fixed/added docstrings in aws provider package.
2015-04-27 21:06:49 +03:00
99ce8cf25e
aws: Add acceptance test of aws_app_cookie_stickiness_policy.
2015-04-26 18:56:56 -04:00
0533d60195
aws: Add support for aws_app_cookie_stickiness_policy.
...
This resource represents a session stickiness policy in AWS, and can be
applied to an ELB's client-facing listeners.
2015-04-26 18:56:07 -04:00
448fb4895f
aws: Add acceptance test of aws_lb_cookie_stickiness_policy.
2015-04-26 18:05:40 -04:00
0120899f2a
aws: Add support for aws_lb_cookie_stickiness_policy.
...
This resource represents a session stickiness policy in AWS, and can be
applied to an ELB's client-facing listeners.
2015-04-26 18:05:37 -04:00
Radek Simko