Commit Graph

39 Commits

Author SHA1 Message Date
Brian Flad ba081aa10a
backend/s3: Updates for Terraform v0.13.0 (#25134)
* deps: Update github.com/hashicorp/aws-sdk-go-base@v0.5.0

Updated via:

```
$ go get github.com/hashicorp/aws-sdk-go-base@v0.5.0
$ go mod tidy
$ go mod vendor
```

* backend/s3: Updates for Terraform v0.13.0

Reference: https://github.com/hashicorp/terraform/issues/13410
Reference: https://github.com/hashicorp/terraform/issues/18774
Reference: https://github.com/hashicorp/terraform/issues/19482
Reference: https://github.com/hashicorp/terraform/issues/20062
Reference: https://github.com/hashicorp/terraform/issues/20599
Reference: https://github.com/hashicorp/terraform/issues/22103
Reference: https://github.com/hashicorp/terraform/issues/22161
Reference: https://github.com/hashicorp/terraform/issues/22601
Reference: https://github.com/hashicorp/terraform/issues/22992
Reference: https://github.com/hashicorp/terraform/issues/24252
Reference: https://github.com/hashicorp/terraform/issues/24253
Reference: https://github.com/hashicorp/terraform/issues/24480
Reference: https://github.com/hashicorp/terraform/issues/25056

Changes:

```
NOTES

* backend/s3: Deprecated `lock_table`, `skip_get_ec2_platforms`, `skip_requesting_account_id` arguments have been removed
* backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata)
* The `AWS_METADATA_TIMEOUT` environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries

ENHANCEMENTS

* backend/s3: Always enable shared configuration file support (no longer require `AWS_SDK_LOAD_CONFIG` environment variable)
* backend/s3: Automatically expand `~` prefix for home directories in `shared_credentials_file` argument
* backend/s3: Add `assume_role_duration_seconds`, `assume_role_policy_arns`, `assume_role_tags`, and `assume_role_transitive_tag_keys` arguments

BUG FIXES

* backend/s3: Ensure configured profile is used
* backend/s3: Ensure configured STS endpoint is used during AssumeRole API calls
* backend/s3: Prefer AWS shared configuration over EC2 metadata credentials
* backend/s3: Prefer ECS credentials over EC2 metadata credentials
* backend/s3: Remove hardcoded AWS Provider messaging
```

Output from acceptance testing:

```
--- PASS: TestBackend (16.32s)
--- PASS: TestBackendConfig (0.58s)
--- PASS: TestBackendConfig_AssumeRole (0.02s)
--- PASS: TestBackendConfig_conflictingEncryptionSchema (0.00s)
--- PASS: TestBackendConfig_invalidKey (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyEncoding (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyLength (0.00s)
--- PASS: TestBackendExtraPaths (13.21s)
--- PASS: TestBackendLocked (28.98s)
--- PASS: TestBackendPrefixInWorkspace (5.65s)
--- PASS: TestBackendSSECustomerKey (17.60s)
--- PASS: TestBackend_impl (0.00s)
--- PASS: TestForceUnlock (17.50s)
--- PASS: TestKeyEnv (50.25s)
--- PASS: TestRemoteClient (4.78s)
--- PASS: TestRemoteClientLocks (16.85s)
--- PASS: TestRemoteClient_clientMD5 (12.08s)
--- PASS: TestRemoteClient_impl (0.00s)
--- PASS: TestRemoteClient_stateChecksum (17.92s)
```
2020-06-05 16:41:32 -04:00
Brian Flad 2681ccf87f
deps: github.com/aws/aws-sdk-go@v1.30.12 [master] (#24745)
* update github.com/aws/aws-sdk-go to v1.30.9

* deps: github.com/aws/aws-sdk-go@v1.30.12

Reference: https://github.com/hashicorp/terraform/issues/24710
Reference: https://github.com/hashicorp/terraform/issues/24741

Changes:

```
NOTES:

* backend/s3: Region validation now automatically supports the new `af-south-1` (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the [AWS Documentation](https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable). When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. `error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid`).

ENHANCEMENTS:

* backend/s3: Support automatic region validation for `af-south-1`
```

Updated via:

```console
$ go get github.com/aws/aws-sdk-go@v1.30.12
$ go mod tidy
$ go mod vendor
```

Output from acceptance testing:

```console
$ TF_ACC=1 go test -v ./backend/remote-state/s3 | grep '^--- '
--- PASS: TestBackend_impl (0.00s)
--- PASS: TestBackendConfig (1.68s)
--- PASS: TestBackendConfig_invalidKey (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyLength (0.00s)
--- PASS: TestBackendConfig_invalidSSECustomerKeyEncoding (0.00s)
--- PASS: TestBackendConfig_conflictingEncryptionSchema (0.00s)
--- PASS: TestBackend (15.07s)
--- PASS: TestBackendLocked (26.40s)
--- PASS: TestBackendSSECustomerKey (16.99s)
--- PASS: TestBackendExtraPaths (12.05s)
--- PASS: TestBackendPrefixInWorkspace (5.55s)
--- PASS: TestKeyEnv (45.07s)
--- PASS: TestRemoteClient_impl (0.00s)
--- PASS: TestRemoteClient (5.39s)
--- PASS: TestRemoteClientLocks (14.30s)
--- PASS: TestForceUnlock (20.08s)
--- PASS: TestRemoteClient_clientMD5 (16.43s)
--- PASS: TestRemoteClient_stateChecksum (24.58s)
```

Co-authored-by: Nicola Senno <nicola.senno@workday.com>
2020-04-24 12:20:04 -04:00
Stas Alekseev 6656104f8f deps: github.com/hashicorp/aws-sdk-go-base@v0.4.0 (#22994) 2019-10-11 12:50:12 -04:00
Brian Flad d780cd0f1b
deps: github.com/aws/aws-sdk-go@v1.20.4
Relevant changes:

* backend/s3: Support for chaining assume IAM role from AWS shared configuration files
* backend/s3: Fix AWS shared configuration file credential source not assuming a role with environment and ECS credentials

References:

* https://github.com/aws/aws-sdk-go/releases/tag/v1.20.0
* https://github.com/aws/aws-sdk-go/pull/2579
* https://github.com/aws/aws-sdk-go/issues/2385

Updated via:

```console
$ go get github.com/aws/aws-sdk-go@v1.20.4
$ go mod tidy
$ go mod vendor
```
2019-06-20 00:04:44 -04:00
Brian Flad f1d7196d10
deps: github.com/aws/aws-sdk-go@v1.19.18
Enables automatic validation for the new `ap-east-1` region. See also: https://github.com/terraform-providers/terraform-provider-aws/pull/8440#pullrequestreview-230896877

Updated via:

```console
$ go get github.com/aws/aws-sdk-go@v1.19.18
$ go mod tidy
$ go mod vendor
```
2019-04-25 18:01:11 -04:00
Brian Flad 1aaac172b0
backend/s3: Switch from github.com/terraform-providers/terraform-provider-aws to github.com/hashicorp/aws-sdk-go-base
Output from acceptance testing (no new failures):

```
--- PASS: TestBackend_impl (0.00s)
--- PASS: TestBackendConfig (0.37s)
--- PASS: TestBackendConfig_invalidKey (0.00s)
--- PASS: TestBackend (3.26s)
--- PASS: TestBackendLocked (6.80s)
--- FAIL: TestBackendExtraPaths (2.32s)
--- PASS: TestBackendPrefixInWorkspace (2.06s)
--- PASS: TestKeyEnv (8.20s)
--- PASS: TestRemoteClient_impl (0.00s)
--- PASS: TestRemoteClient (2.42s)
--- PASS: TestRemoteClientLocks (6.33s)
--- PASS: TestForceUnlock (13.31s)
--- PASS: TestRemoteClient_clientMD5 (11.75s)
--- PASS: TestRemoteClient_stateChecksum (10.07s)
```
2019-02-18 02:30:30 -05:00
Brian Flad 2979c42c68
deps: github.com/aws/aws-sdk-go@v1.16.4 and github.com/terraform-providers/terraform-provider-aws@v1.52.0
Notable changes:

* backend/s3: Automatic validation of `eu-north-1` region
* backend/s3: Support for `credential_process` handling in AWS configuration file

Updated via:

```
go get github.com/aws/aws-sdk-go@v1.16.4
go get github.com/terraform-providers/terraform-provider-aws@v1.52.0
go mod tidy
go mod vendor
```
2018-12-13 20:30:43 -05:00
Martin Atkins fd77765154 vendor: make some transitive dependencies line up better
After a bunch of recent changes/rebasing our vendored dependencies got a
little out of sync w.r.t transitive dependencies through codebases that
are not themselves Go Modules yet.
2018-10-16 19:14:54 -07:00
Brian Flad bbeabcc055 vendor: terraform-providers/terraform-provider-aws@v1.29.0 and aws/aws-sdk-go@v1.14.31 2018-07-30 18:07:29 -04:00
Anthony Stanton ab6d52a9f8 Bump terraform-provider-aws and aws-sdk-go 2018-04-20 09:47:00 +02:00
James Nugent 0a9608c900 deps: Bump AWS provider to add eu-west-3 for state
Also updates github.com/aws/aws-sdk-go and adds github.com/beevik/etree.

Fixes terraform-providers/terraform-provider-aws#3129.
2018-01-25 11:52:20 +00:00
Gauthier Wallet 474c592569 backend/s3: allow named credentials profiles to be used
Here we upgrade the AWS Go SDK to 1.12.27 and AWS provider to include terraform-providers/terraform-provider-aws#1608. 

This includes the capability to use named credentials profiles from the `~/.aws/credentials` file to authenticate to the backend.
2017-12-12 15:27:05 -08:00
stack72 c9ef9942c6 provider/aws: Bump vendor package to 1.8.21 2017-05-11 15:14:43 +03:00
Paul Stack fa9fc4bfac provider/aws: Bump AWS SDK to 1.8.16 (#13953) 2017-04-27 02:24:20 +12:00
Paul Stack 98623ecaed provider/aws: Bump SDK version to 1.8.8 (#13354) 2017-04-05 08:45:27 +01:00
Paul Stack 0491638343 provider/aws: Bump SDK to 1.7.5 (#12535) 2017-03-08 21:15:05 +02:00
Paul Stack bfbd5ad4e6 provider/aws: Bump SDK version to 1.6.19 (#11775) 2017-02-08 13:02:41 +00:00
Paul Stack 4887844302 Bump AWS SDK to 1.6.14 (#11316) 2017-01-23 21:22:31 +00:00
James Bardin a0b70b0ec7 Sync the vendor folder with the manifest
A number of PRs have come through which modified the vendor folder
without recording the proper information. This resets everything back to
the recorded version.
2017-01-19 14:10:52 -05:00
clint shryock 87bb691800 Revert "New provider arukas (#10862)"
This reverts commit 9176bd4861.
This provider includes a dependency that at time of writing requires a
*nix system, and will not build on Windows.
2017-01-11 09:04:32 -06:00
Kazumichi Yamamoto 9176bd4861 New provider arukas (#10862)
* Add a Arukas provider

* Add dependencies for the Arukas provider

* Add documents for the Arukas
2017-01-09 17:14:33 +00:00
Paul Stack d9088d8cc0 provider/aws: Bump SDK version to 1.6.9 (#10993)
There is 1 breaking change. The OpsWorks Update API no longer supports
`tenancy` as an update. So that has to be marked as ForceNew: true

```
% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSOpsworksInstance'
% 2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2017/01/02 17:11:29 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSOpsworksInstance -timeout 120m
=== RUN   TestAccAWSOpsworksInstance
--- PASS: TestAccAWSOpsworksInstance (99.89s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws99.911s
```
2017-01-02 20:35:31 +00:00
Paul Stack b215e7e9e6 provider/aws: Bump AWS SDK to 1.6.3 (#10757) 2016-12-15 15:18:11 +00:00
Paul Stack 19c370506e provider/aws: Bump SDK to 1.6.2 (#10724) 2016-12-15 14:48:01 +00:00
clint shryock 7266be9ce9 provider/aws: Bump sdk to v1.5.12 2016-11-30 16:18:04 -06:00
Ninir 72a2be756a Bumped AWS to 1.5.8 2016-11-19 19:47:50 +01:00
clint shryock 3faaccd2a5 update aws sdk to 1.4.18 2016-10-18 08:42:03 -05:00
stack72 109152bd7d
Bump AWS SDK version to 1.4.7 2016-09-08 15:24:31 +01:00
James Nugent c38884912d deps: github.com/aws/aws-sdk-go/... to v1.4.1 2016-08-11 13:01:51 -04:00
stack72 37b7a22db9
provider/aws: Bump SDK package version to v1.2.10 2016-07-29 09:11:56 +01:00
Paul Stack f262566f77 provider/aws: Bump the SDK version to v1.2.5 (#7638)
This will allow for new changes to the ECS
2016-07-15 14:49:02 +01:00
Martin Häger 32abd937f1 SimpleDB domain resource (#7600) 2016-07-12 12:55:58 +01:00
Kraig Amador e04e87361f vendor: Updated github.com/aws/aws-sdk-go to v1.1.23 The new STS library includes GetCallerIdentity which can be used to build ARNs for RDS resources when using IAM roles 2016-05-05 07:02:10 -07:00
James Nugent 43341e41ff deps: Update github.com/aws/aws-sdk-go 2016-03-24 15:52:51 -07:00
stack72 12ac0761b7 provider/aws: Modify `aws_redshift_cluster` now allows
`publicly_accessible` to be changed

Also updated the AWS Go SDK from 1.1.9 -> 1.1.12 as this was required to
allow the new behavior for the Redshift API
2016-03-19 01:05:09 +05:30
Paul Hinze 1d74bfd467 deps: Update vendored aws-sdk-go to v1.1.9
We had actually caught mismatched deps versions between the `kms`
package and others, so `godep restore` was not working on master.

Fixing it requires a `godep update` so I figured we might as well update
to the latest release.
2016-03-10 18:27:37 -06:00
vince rosso 97af014d81 updated aws-sdk-go to 1.1.2 2016-02-16 10:39:40 -08:00
Paul Hinze 8209b40526 vendor: Recapture deps w/ latest godep
The original contents of `vendor` were inadvertently captured with an
older version of `godep`. Here, we recapture dependencies by running the
following:

```
godep restore -v
cat Godeps/Godeps.json | jq -r '.Deps[].ImportPath' | xargs godep update -v
```

The newer godep makes the following changes as it captures dependencies:

 * Skips test files
 * Copies `LICENSE` / `PATENTS` files

There is also an additional diff in `golang.org/x/sys/unix` that looks
very similar to the diff between `master..c65f27f` in that repo, so I'm
guessing that dependency was accidentally captured from master instead
of the commit saved to `Godeps.json`.

All in all, these changes should all be "more correct" and result in
smaller diffs for any future updates made to dependencies.
2016-02-10 10:45:16 -06:00
Paul Hinze 6fe2703665 Vendor all dependencies w/ Godep
* Remove `make updatedeps` from Travis build. We'll follow up with more
   specific plans around dependency updating in subsequent PRs.
 * Update all `make` targets to set `GO15VENDOREXPERIMENT=1` and to
   filter out `/vendor/` from `./...` where appropriate.
 * Temporarily remove `vet` from the `make test` target until we can
   figure out how to get it to not vet `vendor/`. (Initial
   experimentation failed to yield the proper incantation.)

Everything is pinned to current master, with the exception of:

 * Azure/azure-sdk-for-go which is pinned before the breaking change today
 * aws/aws-sdk-go which is pinned to the most recent tag

The documentation still needs to be updated, which we can do in a follow
up PR. The goal here is to unblock release.
2016-01-29 15:08:48 -06:00