Fixes#10042Fixes#9989
Another panic was found with this resource. IT essentially was causing a
panic when no certificates were found. This was due to the casting of
status to []string
There are times when there are no statuses passed in. Made the error
message a lot more generic now rather than having something like this
```
No certificate with statuses [] for domain mytestdomain.com found in this region.
```
This now becomes:
```
No certificate for domain mytestdomain.com found in this region.
```
Also, added a test to show that the panic is gone
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAwsAcmCertificateDataSource_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/11 15:11:33 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAwsAcmCertificateDataSource_ -timeout 120m
=== RUN TestAccAwsAcmCertificateDataSource_noMatchReturnsError
--- PASS: TestAccAwsAcmCertificateDataSource_noMatchReturnsError (6.07s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws6.094s
```
* provider/azurerm: allow updating of lb_rule resource
* check if rule is being updated rather than assuming created
* added test to cover guard against multiple rules with the same name
TF_ACC=1 go test ./builtin/providers/azurerm -v -run "TestAccAzureRMLoadBalancerRule_" -timeout 120m
=== RUN TestAccAzureRMLoadBalancerRule_basic
--- PASS: TestAccAzureRMLoadBalancerRule_basic (157.45s)
=== RUN TestAccAzureRMLoadBalancerRule_removal
--- PASS: TestAccAzureRMLoadBalancerRule_removal (163.67s)
=== RUN TestAccAzureRMLoadBalancerRule_inconsistentReads
--- PASS: TestAccAzureRMLoadBalancerRule_inconsistentReads (150.00s)
=== RUN TestAccAzureRMLoadBalancerRule_update
--- PASS: TestAccAzureRMLoadBalancerRule_update (164.20s)
=== RUN TestAccAzureRMLoadBalancerRule_duplicateRules
--- PASS: TestAccAzureRMLoadBalancerRule_duplicateRules (137.51s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 772.846s
* provider/azurerm: allow updating of lb_nat_rule resource
* check if NAT rule is being updated rather than assuming created
* added test to cover guard against multiple NAT rules with the same name
TF_ACC=1 go test ./builtin/providers/azurerm -v -run "TestAccAzureRMLoadBalancerNatRule" -timeout 120m
=== RUN TestAccAzureRMLoadBalancerNatRule_basic
--- PASS: TestAccAzureRMLoadBalancerNatRule_basic (148.48s)
=== RUN TestAccAzureRMLoadBalancerNatRule_removal
--- PASS: TestAccAzureRMLoadBalancerNatRule_removal (163.48s)
=== RUN TestAccAzureRMLoadBalancerNatRule_update
--- PASS: TestAccAzureRMLoadBalancerNatRule_update (176.97s)
=== RUN TestAccAzureRMLoadBalancerNatRule_duplicate
--- PASS: TestAccAzureRMLoadBalancerNatRule_duplicate (136.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 625.301s
* provider/azurerm: allow updating of lb_probe resource
* check if probe is being updated rather than assuming created
* added test to cover guard against multiple probes with the same name
TF_ACC=1 go test ./builtin/providers/azurerm -v -run "TestAccAzureRMLoadBalancerProbe" -timeout 120m
=== RUN TestAccAzureRMLoadBalancerProbe_basic
--- PASS: TestAccAzureRMLoadBalancerProbe_basic (134.53s)
=== RUN TestAccAzureRMLoadBalancerProbe_removal
--- PASS: TestAccAzureRMLoadBalancerProbe_removal (168.06s)
=== RUN TestAccAzureRMLoadBalancerProbe_update
--- PASS: TestAccAzureRMLoadBalancerProbe_update (175.99s)
=== RUN TestAccAzureRMLoadBalancerProbe_duplicate
--- PASS: TestAccAzureRMLoadBalancerProbe_duplicate (139.01s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 617.598s
* provider/azurerm: allow updating of lb_nat_pool resource
* check if NAT pool is being updated rather than assuming created
* added test to cover guard against multiple NAT pools with the same name
TF_ACC=1 go test ./builtin/providers/azurerm -v -run "TestAccAzureRMLoadBalancerNatPool" -timeout 120m
=== RUN TestAccAzureRMLoadBalancerNatPool_basic
--- PASS: TestAccAzureRMLoadBalancerNatPool_basic (146.52s)
=== RUN TestAccAzureRMLoadBalancerNatPool_removal
--- PASS: TestAccAzureRMLoadBalancerNatPool_removal (158.34s)
=== RUN TestAccAzureRMLoadBalancerNatPool_update
--- PASS: TestAccAzureRMLoadBalancerNatPool_update (174.05s)
=== RUN TestAccAzureRMLoadBalancerNatPool_duplicate
--- PASS: TestAccAzureRMLoadBalancerNatPool_duplicate (136.94s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 615.866s
* allow underscore in database_name [redshift]
Fixes#10009
* Added Test Cases To Validate Redshift DBName
* Remove Old Test Cases Regarding Redshift DBName Validation
* Added More Test Cases For Redshift DBName
Also added a test to prove that the computed value gets set
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_basic'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/10 06:26:22 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSDBInstance_basic -timeout 120m
=== RUN TestAccAWSDBInstance_basic
--- PASS: TestAccAWSDBInstance_basic (634.33s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws634.347s
```
Fixes#9989
When passing a list of statuses to the acm_certificate data source, we
were trying to cast a schema.TypeList directly to []string
We need to do it via an []interface{} and then cast to string when
ranging over the results. Without this, we get a panic
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMDnsARecord_basic -timeout 120m
=== RUN TestAccAzureRMDnsARecord_basic
--- PASS: TestAccAzureRMDnsARecord_basic (91.92s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 91.994s
* Added key_name_prefix to aws_key_pair resource schema.
* Added logic to prefix the aws_key_pair name on create.
* Added aws_key_pair test config for key_name_prefix case.
* Copied test cases from testAccAWSSecurityGroup namespace.
* Modified copied test case to suit aws_key_pair resource.
* Changed required flag to optional on key_name argument for aws_key_pair resource.
* Added documentation for key_name_prefix argument.
* Code style fix.
* Fixed undefined variable error in test.
Picked up from where #6548 left off
settings and protected_settings take JSON objects as strings to make extension
generic
TF_ACC=1 go test ./builtin/providers/azurerm -v -run "TestAccAzureRMVirtualMachineExtension" -timeout 120m
=== RUN TestAccAzureRMVirtualMachineExtension_importBasic
--- PASS: TestAccAzureRMVirtualMachineExtension_importBasic (697.55s)
=== RUN TestAccAzureRMVirtualMachineExtension_basic
--- PASS: TestAccAzureRMVirtualMachineExtension_basic (824.17s)
=== RUN TestAccAzureRMVirtualMachineExtension_concurrent
--- PASS: TestAccAzureRMVirtualMachineExtension_concurrent (929.74s)
=== RUN TestAccAzureRMVirtualMachineExtension_linuxDiagnostics
--- PASS: TestAccAzureRMVirtualMachineExtension_linuxDiagnostics (803.19s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 3254.663s
this PR fixes a flakyness in the `scaleway_volume_attachment` resource, as
described below:
when attaching/ detaching a volume from a `scaleway_server`, the server needs to
be stopped. even though the code already waits for the server to be stopped, the
`PatchServer` calls gets a `400 server is being stopped or rebooted` error
response.
If the API returns the `400` we bail, leaving terraform in a broken state.
Assuming this is the only error that the API might return to us, as the payload
itself is correct, this retry behaviour should fix the issue.
\cc @stack72 PTAL
When configuring an instance's attached disk, if the attached disk has
both the disk and type attributes set, it would previously cause
terraform to crash with a nil pointer exception. The root cause was that
we only instantiate the InitializeParams property of the disk if its
disk attribute isn't set, and we try to write to the InitializeParams
property when the type attribute is set. So setting both caused the
InitializeParams property to not be initialized, then written to.
Now we throw an error explaining that the configuration can't have both
the disk and the type set.
Fixes#6495.
Fixes#9895
The replication_group_id should allow length to be max of 20 not 16
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestResourceAWSElastiCacheReplicationGroupIdValidation'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 16:17:52 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestResourceAWSElastiCacheReplicationGroupIdValidation -timeout
120m
=== RUN TestResourceAWSElastiCacheReplicationGroupIdValidation
--- PASS: TestResourceAWSElastiCacheReplicationGroupIdValidation (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws0.032s
```
The work to add the arn_suffix in #9734 skipped adding the targetgroup/
part of the arn
This PR adds it
//cc @firthh
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALBTargetGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/07 12:19:16 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALBTargetGroup_ -timeout 120m
=== RUN TestAccAWSALBTargetGroup_basic
--- PASS: TestAccAWSALBTargetGroup_basic (47.23s)
=== RUN TestAccAWSALBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSALBTargetGroup_changeNameForceNew (80.09s)
=== RUN TestAccAWSALBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSALBTargetGroup_changeProtocolForceNew (87.45s)
=== RUN TestAccAWSALBTargetGroup_changePortForceNew
--- PASS: TestAccAWSALBTargetGroup_changePortForceNew (78.47s)
=== RUN TestAccAWSALBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSALBTargetGroup_changeVpcForceNew (73.53s)
=== RUN TestAccAWSALBTargetGroup_tags
--- PASS: TestAccAWSALBTargetGroup_tags (75.60s)
=== RUN TestAccAWSALBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSALBTargetGroup_updateHealthCheck (76.40s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 518.777s
```
fixes#9110
An error was found where, static_routes_only was not set on a vpn
connection import. This commit introduces setting the static_routes_only
to false when no Options are found. This follows the AWS convention as follows:
```
- options (structure)
Indicates whether the VPN connection requires static routes. If you are creating a VPN connection for a device that does not support BGP, you must specify true .
Default: false
```
So we take it that `static_options_only` is false by default
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpnConnection_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 10:38:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpnConnection_ -timeout 120m
=== RUN TestAccAWSVpnConnection_importBasic
--- PASS: TestAccAWSVpnConnection_importBasic (178.29s)
=== RUN TestAccAWSVpnConnection_basic
--- PASS: TestAccAWSVpnConnection_basic (336.81s)
=== RUN TestAccAWSVpnConnection_withoutStaticRoutes
--- PASS: TestAccAWSVpnConnection_withoutStaticRoutes (195.45s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 710.572s
```
* Implemented EventHubs
* Missing the sidebar link
* Fixing the type
* Fixing the docs for Namespace
* Removing premium tests
* Checking the correct status code on delete
* Added a test case for the import
* Documentation for importing
* Fixing a typo
We now generate the read operation which sets the various encodings of
the random value such that adding new ones does not require generating a
new random value.
We also verify that these are set correctly via the acceptance tests.
This commit makes three related changes to the `random_id` resource:
1. Deprecate the `b64` attribute
2. Introduce a new `b64_url` attribute which functions in the same
manner as the original `b64` attribute
3. Introduce a new `b64_std` attribute which uses standard base64
encoding for the value rather than URL encoding.
Resource identifiers continue to use URL encoded base 64.
The reason for adding standard encoding of the base 64 value is to allow
the use of generated values as a Serf Encryption Key for separating
Consul clusters - these rely on standard encoding and do not permit some
characters which are allowed by URL encoding. `b64_url` is introduced
in order that there is consistency in specifying the desired encoding
during interpolation.
This dep was meant as a stopgap for a patch in the stdlib of Go which I
wrote.
The patch was released in Go 1.7. We can now remove my fork and go back
to the stdlib
Use this data source to get the ARN of a certificate in AWS Certificate
Manager (ACM). The process of requesting and verifying a certificate in ACM
requires some manual steps, which means that Terraform cannot automate the
creation of ACM certificates. But using this data source, you can reference
them by domain without having to hard code the ARNs as input.
The acceptance test included requires an ACM certificate be pre-created
in and information about it passed in via environment variables. It's a
bit sad but there's really no other way to do it.
When computing the set key for an EBS block device, we were using
the wrong function; we had hashEphemeralBlockDevice instead of
hashEbsBlockDevice. This caused a panic by trying to access the
virtual_name attribute that will never be set for EBS block
devices.
To fix this, I switched to the hashEbsBlockDevice function, which
is already being used to compute a Set key in the Schema. But in
the default case, where the snapshot_id attribute isn't specified,
this also caused a panic. I updated the way the string to hash is
generated to check for the existence of the device_name and
snapshot_id attributes before we use them, to avoid panics when
these optional attributes aren't set.
Spot fleet requests can have EBS volumes attached to them, and at
the moment we're getting reports that crashes can be experienced
with them. This adds an acceptance test that exercises creating
a Spot Fleet request that has a non-instance EBS volume attached.
This successfully reproduces the panic.
* GH-8755 - Adding in support to attach ASG to ELB as independent action
* GH-8755 - Adding in docs
* GH-8755 - Adjusting attribute name and responding to other PR feedback
In #8502 it was requested that we add support for the EnableSNI
parameter of Route53's health checks; this enables customers to
manually specify whether or not the health check will use SNI when
communicating with the endpoint.
The customer originally requested we default to `false`. While
implementing the issue, I discovered that when creating health
checks with a Type set to HTTP, Amazon's default value for EnableSNI
is `false`. However, when creating health checks with a Type set to
HTTPS, Amazon's default value is `true`. So rather than setting a
default value, I made the attribute computed.
Fixes#9658Fixes#8728
Originally, this would ForceNew as follows:
```
-/+ aws_alb.alb_test
arn: "arn:aws:elasticloadbalancing:us-west-2:187416307283:loadbalancer/app/test-alb-9658/3459cd2446b76901" => "<computed>"
arn_suffix: "app/test-alb-9658/3459cd2446b76901" => "<computed>"
dns_name: "test-alb-9658-1463108301.us-west-2.elb.amazonaws.com" => "<computed>"
enable_deletion_protection: "false" => "false"
idle_timeout: "30" => "30"
internal: "false" => "false"
name: "test-alb-9658" => "test-alb-9658"
security_groups.#: "2" => "1" (forces new resource)
security_groups.1631253634: "sg-3256274b" => "" (forces new resource)
security_groups.3505955000: "sg-1e572667" => "sg-1e572667" (forces new resource)
subnets.#: "2" => "2"
subnets.2407170741: "subnet-ee536498" => "subnet-ee536498"
subnets.2414619308: "subnet-f1a7b595" => "subnet-f1a7b595"
tags.%: "1" => "1"
tags.TestName: "TestAccAWSALB_basic" => "TestAccAWSALB_basic"
vpc_id: "vpc-dd0ff9ba" => "<computed>"
zone_id: "Z1H1FL5HABSF5" => "<computed>"
Plan: 1 to add, 0 to change, 1 to destroy.
```
When the ALB was ForceNew, the ARN changed. The test has been updated to include a check to make sure that the ARNs are the same after the update
After this change, it looks as follows:
```
~ aws_alb.alb_test
security_groups.#: "1" => "2"
security_groups.1631253634: "" => "sg-3256274b"
security_groups.3505955000: "sg-1e572667" => "sg-1e572667"
Plan: 0 to add, 1 to change, 0 to destroy.
```
Test Results:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSALB_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 12:20:58 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSALB_ -timeout 120m
=== RUN TestAccAWSALB_basic
--- PASS: TestAccAWSALB_basic (64.25s)
=== RUN TestAccAWSALB_generatedName
--- PASS: TestAccAWSALB_generatedName (65.04s)
=== RUN TestAccAWSALB_namePrefix
--- PASS: TestAccAWSALB_namePrefix (67.02s)
=== RUN TestAccAWSALB_tags
--- PASS: TestAccAWSALB_tags (96.06s)
=== RUN TestAccAWSALB_updatedSecurityGroups
--- PASS: TestAccAWSALB_updatedSecurityGroups (101.61s)
=== RUN TestAccAWSALB_noSecurityGroup
--- PASS: TestAccAWSALB_noSecurityGroup (59.83s)
=== RUN TestAccAWSALB_accesslogs
--- PASS: TestAccAWSALB_accesslogs (162.65s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 616.489s
```
* provider/aws: Provide the option to skip_destroy on
aws_volume_attachment
When you want to attach and detach pre-existing EBS volumes to an
instance, we would do that as follows:
```
resource "aws_instance" "web" {
ami = "ami-21f78e11"
availability_zone = "us-west-2a"
instance_type = "t1.micro"
tags {
Name = "HelloWorld"
}
}
data "aws_ebs_volume" "ebs_volume" {
filter {
name = "size"
values = ["${aws_ebs_volume.example.size}"]
}
filter {
name = "availability-zone"
values = ["${aws_ebs_volume.example.availability_zone}"]
}
filter {
name = "tag:Name"
values = ["TestVolume"]
}
}
resource "aws_volume_attachment" "ebs_att" {
device_name = "/dev/sdh"
volume_id = "${data.aws_ebs_volume.ebs_volume.id}"
instance_id = "${aws_instance.web.id}"
skip_destroy = true
}
```
The issue here is that when we run a terraform destroy command, the volume tries to get detached from a running instance and goes into a non-responsive state. We would have to force_destroy the volume at that point and risk losing any data on it.
This PR introduces the idea of `skip_destroy` on a volume attachment. tl;dr:
We want the volume to be detached from the instane when the instance itself has been destroyed. This way the normal shut procedures will happen and protect the disk for attachment to another instance
Volume Attachment Tests:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVolumeAttachment_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 00:47:27 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVolumeAttachment_ -timeout 120m
=== RUN TestAccAWSVolumeAttachment_basic
--- PASS: TestAccAWSVolumeAttachment_basic (133.49s)
=== RUN TestAccAWSVolumeAttachment_skipDestroy
--- PASS: TestAccAWSVolumeAttachment_skipDestroy (119.64s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 253.158s
```
EBS Volume Tests:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEBSVolume_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/02 01:00:18 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEBSVolume_ -timeout 120m
=== RUN TestAccAWSEBSVolume_importBasic
--- PASS: TestAccAWSEBSVolume_importBasic (26.38s)
=== RUN TestAccAWSEBSVolume_basic
--- PASS: TestAccAWSEBSVolume_basic (26.86s)
=== RUN TestAccAWSEBSVolume_NoIops
--- PASS: TestAccAWSEBSVolume_NoIops (27.89s)
=== RUN TestAccAWSEBSVolume_withTags
--- PASS: TestAccAWSEBSVolume_withTags (26.88s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 108.032s
```
* Update volume_attachment.html.markdown
There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:
- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}
The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.
This fixes#9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.
This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
This will allows us to filter a specific ebs_volume for attachment to an
aws_instance
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEbsVolumeDataSource_'✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/01 12:39:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSEbsVolumeDataSource_ -timeout 120m
=== RUN TestAccAWSEbsVolumeDataSource_basic
--- PASS: TestAccAWSEbsVolumeDataSource_basic (28.74s)
=== RUN TestAccAWSEbsVolumeDataSource_multipleFilters
--- PASS: TestAccAWSEbsVolumeDataSource_multipleFilters (28.37s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws57.145s
```
tags were not being set in the read function
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMSqlDatabase_basic -timeout 120m
=== RUN TestAccAzureRMSqlDatabase_basic
--- PASS: TestAccAzureRMSqlDatabase_basic (190.60s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 190.719s
* Allow `active` state while waiting for the VPC Peering Connection.
This commit adds `active` as one of the valid states in which the VPC Peering
Connection can be when it being created.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Add more valid states.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
Fixes#9628Fixes#9298
When a route53_record alias is updated in the console, AWS prepends
`dualstack.` to the name. This is there incase IPV6 is wanted. It is
exactly the same without it as it is with it
In order to stop perpetual diffs, I introduced a normalizeFunc that will
that tke alias name and strip known issues:
* dualstack
* trailing dot
This normalize fun will continue to grow I'm sure
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53Record_' ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/29 00:28:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53Record_ -timeout 120m
=== RUN TestAccAWSRoute53Record_basic
--- PASS: TestAccAWSRoute53Record_basic (124.64s)
=== RUN TestAccAWSRoute53Record_basic_fqdn
--- PASS: TestAccAWSRoute53Record_basic_fqdn (132.07s)
=== RUN TestAccAWSRoute53Record_txtSupport
--- PASS: TestAccAWSRoute53Record_txtSupport (134.07s)
=== RUN TestAccAWSRoute53Record_spfSupport
--- PASS: TestAccAWSRoute53Record_spfSupport (113.36s)
=== RUN TestAccAWSRoute53Record_generatesSuffix
--- PASS: TestAccAWSRoute53Record_generatesSuffix (112.62s)
=== RUN TestAccAWSRoute53Record_wildcard
--- PASS: TestAccAWSRoute53Record_wildcard (162.84s)
=== RUN TestAccAWSRoute53Record_failover
--- PASS: TestAccAWSRoute53Record_failover (126.18s)
=== RUN TestAccAWSRoute53Record_weighted_basic
--- PASS: TestAccAWSRoute53Record_weighted_basic (121.10s)
=== RUN TestAccAWSRoute53Record_alias
--- PASS: TestAccAWSRoute53Record_alias (118.14s)
=== RUN TestAccAWSRoute53Record_s3_alias
--- PASS: TestAccAWSRoute53Record_s3_alias (155.07s)
=== RUN TestAccAWSRoute53Record_weighted_alias
--- PASS: TestAccAWSRoute53Record_weighted_alias (235.41s)
=== RUN TestAccAWSRoute53Record_geolocation_basic
^[[C--- PASS: TestAccAWSRoute53Record_geolocation_basic (125.32s)
=== RUN TestAccAWSRoute53Record_latency_basic
--- PASS: TestAccAWSRoute53Record_latency_basic (122.23s)
=== RUN TestAccAWSRoute53Record_TypeChange
--- PASS: TestAccAWSRoute53Record_TypeChange (231.98s)
=== RUN TestAccAWSRoute53Record_empty
--- PASS: TestAccAWSRoute53Record_empty (116.48s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 2131.526s
```
Before this fix, I was getting the following by recreating the code in
```
~ aws_route53_record.alias
alias.1563903989.evaluate_target_health: "true" => "false"
alias.1563903989.name: "9828-recreation-106795730.us-west-2.elb.amazonaws.com." => ""
alias.1563903989.zone_id: "Z1H1FL5HABSF5" => ""
alias.318754017.evaluate_target_health: "" => "true"
alias.318754017.name: "" => "9828-recreation-106795730.us-west-2.elb.amazonaws.com"
alias.318754017.zone_id: "" => "Z1H1FL5HABSF5"
Plan: 0 to add, 1 to change, 0 to destroy.
```
After this fix:
```
No changes. Infrastructure is up-to-date. This means that Terraform
could not detect any differences between your configuration and
the real physical resources that exist. As a result, Terraform
doesn't need to do anything.
When creating a CloudWatch Metric for an Application Load Balancer Target Group it is
neccessary to use the suffix of the ARN as the reference to the load
balancer TG . This commit exposes that as an attribute on the `aws_alb_target_group`
resource to prevent the need to use regular expression substitution to
make the reference.
Fixes#9410
When importing an azurerm_virtual_network that has no DNSServers,
terraform was throwing a panic as it was trying to dereference that list
of servers to set to state
This commit adds a simple check to make sure there are DNSServers before
dereferencing them
```
make testacc TEST=./builtin/providers/azurerm TESTARGS='-run=TestAccAzureRMVirtualNetwork_' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 11:20:36 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/azurerm -v
-run=TestAccAzureRMVirtualNetwork_ -timeout 120m
=== RUN TestAccAzureRMVirtualNetwork_importBasic
--- PASS: TestAccAzureRMVirtualNetwork_importBasic (150.63s)
=== RUN TestAccAzureRMVirtualNetwork_basic
--- PASS: TestAccAzureRMVirtualNetwork_basic (122.90s)
=== RUN TestAccAzureRMVirtualNetwork_disappears
--- PASS: TestAccAzureRMVirtualNetwork_disappears (113.07s)
=== RUN TestAccAzureRMVirtualNetwork_withTags
--- PASS: TestAccAzureRMVirtualNetwork_withTags (139.56s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm526.168
```
Fixes#8679
The CallerReference attribute we passed to AWS in route53_health_checks
was `time.Now().Format(time.RFC3339Nano)`
When creating multiple resources with the Count meta-parameter, this was
causing issues as follows:
```
* aws_route53_health_check.healthstate.0: HealthCheckAlreadyExists: A different health check has already been created with the specified caller reference.
```
We have now exposed a new attribute called `reference_name` that can be set to pass multiple resources to the request
```
make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSRoute53HealthCheck_' 130 ↵ ✹
==> Cecking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 10:41:07 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSRoute53HealthCheck_ -timeout 120m
=== RUN TestAccAWSRoute53HealthCheck_importBasic
--- PASS: TestAccAWSRoute53HealthCheck_importBasic (17.08s)
=== RUN TestAccAWSRoute53HealthCheck_basic
--- PASS: TestAccAWSRoute53HealthCheck_basic (28.17s)
=== RUN TestAccAWSRoute53HealthCheck_withSearchString
--- PASS: TestAccAWSRoute53HealthCheck_withSearchString (28.07s)
=== RUN TestAccAWSRoute53HealthCheck_withChildHealthChecks
--- PASS: TestAccAWSRoute53HealthCheck_withChildHealthChecks (20.71s)
=== RUN TestAccAWSRoute53HealthCheck_IpConfig
--- PASS: TestAccAWSRoute53HealthCheck_IpConfig (16.09s)
=== RUN TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck
--- PASS: TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck (22.42s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 132.568s
```
The update of the test was causing a test failure - it was setting
desired_count to 1 when miz_size was set to 2 - this was causing a
perpetual diff in the test
Was failing due to using IAM user `test-name` as it was being used in
more than 1 place - this has been replaced by a random user and random
policy names now
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUserPolicyAttachment_basic' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/31 08:39:08 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUserPolicyAttachment_basic -timeout 120m
=== RUN TestAccAWSUserPolicyAttachment_basic
--- PASS: TestAccAWSUserPolicyAttachment_basic (32.04s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 32.053s
```
Previously this resource (and, by extension, the aws_ami_copy and
aws_ami_from_instance resources that share much of its implementation)
was handling correctly the case where an AMI had been recently
deregistered, and was thus still returned from the API, but not correctly
dealing with the situation where the AMI has been removed altogether.
Now we additionally handle the NotFound error returned by the API when
we request a non-existent AMI, and remove the AMI from the state in the
same way we do for deregistered AMIs.
This resource allows writing a generic secret, and indeed anything else
that obeys the expected create/update/delete lifecycle, into vault via
writes to its logical path namespace.
To reduce the risk of secret exposure via Terraform state and log output,
we default to creating a relatively-short-lived token (20 minutes) such
that Vault can, where possible, automatically revoke any retrieved
secrets shortly after Terraform has finished running.
This has some implications for usage of this provider that will be spelled
out in more detail in the docs that will be added in a later commit, but
the most significant implication is that a plan created by "terraform plan"
that includes secrets leased from Vault must be *applied* before the
lease period expires to ensure that the issued secrets remain valid.
No resources yet. They will follow in subsequent commits.
* provider/google Document MySQL versions for second generation instances
Google Cloud SQL has first-gen and second-gen instances with different
supported versions of MySQL.
* provider/google Increase SQL Admin operation timeout to 10 minutes
Creating SQL instances for MySQL 5.7 can take over 7 minutes,
so the timeout needs to be increased to allow the
google_sql_database_instance resource to successfully create.
This commit adds an ability to modify the `AutoMinorVersionUpgrade` property of the
Replication Group (which is enabled by default) accordingly.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Adding private gateway and static route resource to cloudstack provider
Testing the private gateway and static route resource requires a ROOT
account in Cloudstack
* changes requested by reviewer
Fixes#9654
Before the fix, I created an ASG with a schedule on it. Went to the AWS
console and deleted the schedule. A terraform plan looked as follows:
```
% terraform plan
See https://www.terraform.io/docs/internals/internal-plugins.html
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID:
terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID:
terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
Error refreshing state: 1 error(s) occurred:
* aws_autoscaling_schedule.foobar: Unable to find Autoscaling
* Scheduled Action: []*autoscaling.ScheduledUpdateGroupAction(nil)
```
After the fix:
```
terraform plan 1 ↵
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but
will not be persisted to local or remote state storage.
aws_launch_configuration.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_group.foobar: Refreshing state... (ID: terraform-test-foobar5)
aws_autoscaling_schedule.foobar: Refreshing state... (ID: foobar)
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed. Cyan entries are data sources to be read.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_autoscaling_schedule.foobar
arn: "<computed>"
autoscaling_group_name: "terraform-test-foobar5"
desired_capacity: "0"
end_time: "2018-01-16T13:00:00Z"
max_size: "0"
min_size: "0"
recurrence: "<computed>"
scheduled_action_name: "foobar"
start_time: "2018-01-16T07:00:00Z"
Plan: 1 to add, 0 to change, 0 to destroy.
```
Tests run as expected:
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAutoscalingSchedule_' 2 ↵ ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/27 17:45:19 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAutoscalingSchedule_ -timeout 120m
=== RUN TestAccAWSAutoscalingSchedule_basic
--- PASS: TestAccAWSAutoscalingSchedule_basic (140.94s)
=== RUN TestAccAWSAutoscalingSchedule_disappears
--- PASS: TestAccAWSAutoscalingSchedule_disappears (179.17s)
=== RUN TestAccAWSAutoscalingSchedule_recurrence
--- PASS: TestAccAWSAutoscalingSchedule_recurrence (186.72s)
=== RUN TestAccAWSAutoscalingSchedule_zeroValues
--- PASS: TestAccAWSAutoscalingSchedule_zeroValues (167.73s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 674.530s
```
* provider/aws: data source for AWS Security Group
* provider/aws: add documentation for data source for AWS Security Group
* provider/aws: data source for AWS Security Group (improve if condition and syntax)
* fix fmt
* provider/scaleway: fix scaleway_volume_attachment with count > 1
since scaleway requires servers to be powered off to attach volumes to, we need
to make sure that we don't power down a server twice, or power up a server while
it's supposed to be modified.
sadly terraform doesn't seem to sport serialization primitives for usecases like
this, but putting the code in question behind a `sync.Mutex` does the trick, too
fixes#9417
* provider/scaleway: use mutexkv to lock per-resource
following @dcharbonnier suggestion. thanks!
* provider/scaleway: cleanup waitForServerState signature
* provider/scaleway: store serverID in var
* provider/scaleway: correct imports
* provider/scaleway: increase timeouts
* Improve messaging when storage account isn't found.
* Add client for finding resources when you don't know it's resource group.
* Add function to find Storage Account resource group name.
* Use the storage account resource group, not the virtual machine's resource group when deleting VHDs.
* Add description of storage account ID for clarity.
* Improve VHD deletion test when storage account is in different resource group.
* Use common function for ID parsing of storage account.
* Add AWS Prefix List data source.
AWS Prefix List data source acceptance test.
AWS Prefix List data source documentation.
* Improve error message when PL not matched.
* provider/scaleway speedup server deletion
using `terminate` instead of `poweroff` leads to a faster shutdown
fixes#9430
* provider/scaleway: extract server shutdown code
This test was previously passing but the limit appears to have been reduced
since.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusTopic_enableParti -timeout 120m
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioning
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioning (377.14s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 377.235s
* Updated docker container documentation
Feedback from ticket #9350 indicated that documentation was out of date
renamed `hosts_entry` to `host`
added correct type information to *Extra Hosts* section.
Refs: 9350
* Fixes for docker_container host object
Feedback from ticket #9350 updated codebase so it reflects the requirements from docker in regards to `host` which is `Required` and not optional.
It now accurately reflects the docker requirements and the terraform documentation.
Test results
> Bear in mind the failure it is because my laptop doesnt support memory swap. So this test will always fail.
Changing the Schema from `optional` to `required` made no difference to the tests.
make testacc TEST=./builtin/providers/docker/
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/14 15:04:40 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/docker/ -v -timeout 120m
=== RUN TestAccDockerRegistryImage_basic
--- PASS: TestAccDockerRegistryImage_basic (4.57s)
=== RUN TestAccDockerRegistryImage_private
--- PASS: TestAccDockerRegistryImage_private (6.22s)
=== RUN TestProvider
--- PASS: TestProvider (0.00s)
=== RUN TestProvider_impl
--- PASS: TestProvider_impl (0.00s)
=== RUN TestAccDockerContainer_basic
--- PASS: TestAccDockerContainer_basic (7.16s)
=== RUN TestAccDockerContainer_volume
--- PASS: TestAccDockerContainer_volume (7.37s)
=== RUN TestAccDockerContainer_customized
--- FAIL: TestAccDockerContainer_customized (18.99s)
testing.go:265: Step 0 error: Check failed: Check 2/2 error: Container has wrong memory swap setting: -1
Please check that you machine supports memory swap (you can do that by running 'docker info' command).
=== RUN TestAccDockerImage_basic
--- PASS: TestAccDockerImage_basic (2.58s)
=== RUN TestAccDockerImage_private
--- PASS: TestAccDockerImage_private (2.70s)
=== RUN TestAccDockerImage_destroy
--- PASS: TestAccDockerImage_destroy (30.00s)
=== RUN TestAccDockerImage_data
--- PASS: TestAccDockerImage_data (5.93s)
=== RUN TestAccDockerNetwork_basic
--- PASS: TestAccDockerNetwork_basic (0.24s)
=== RUN TestAccDockerVolume_basic
--- PASS: TestAccDockerVolume_basic (0.05s)
FAIL
exit status 1
FAIL github.com/hashicorp/terraform/builtin/providers/docker 85.816s
Makefile:47: recipe for target 'testacc' failed
make: *** [testacc] Error 1
Refs: 9350
* govendor: update go-cloudstack dependency
* Separate security groups and rules
This commit separates the creation and management of security groups and security group rules.
It extends the `icmp` options so you can supply `icmp_type` and `icmp_code` to enbale more specific configs.
And it adds lifecycle management of security group rules, so that security groups do not have to be recreated when rules are added or removed.
This is particulary helpful since the `cloudstack_instance` cannot update a security group without having to recreate the instance.
In CloudStack >= 4.9.0 it is possible to update security groups of existing instances, but as that is just added to the latest version it seems a bit too soon to start using this (causing backwards incompatibility issues for people or service providers running older versions).
* Add and update documentation
* Add acceptance tests
Added `service_id` in place of `id` for resource.
modified created, read, update to use `service_id`
modified tests to include `service_id`.
modified documentation for consul_service to include new value.
Tests results
CONSUL_HTTP_ADDR=localhost:8500 make testacc TEST=./builtin/providers/consul/
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/14 14:43:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/consul/ -v -timeout 120m
=== RUN TestAccDataConsulKeys_basic
--- PASS: TestAccDataConsulKeys_basic (0.05s)
=== RUN TestAccConsulAgentService_basic
--- PASS: TestAccConsulAgentService_basic (0.05s)
=== RUN TestAccConsulCatalogEntry_basic
--- PASS: TestAccConsulCatalogEntry_basic (0.06s)
=== RUN TestAccConsulKeyPrefix_basic
--- PASS: TestAccConsulKeyPrefix_basic (0.19s)
=== RUN TestConsulKeysMigrateState
--- PASS: TestConsulKeysMigrateState (0.00s)
=== RUN TestConsulKeysMigrateState_empty
--- PASS: TestConsulKeysMigrateState_empty (0.00s)
=== RUN TestAccConsulKeys_basic
--- PASS: TestAccConsulKeys_basic (0.13s)
=== RUN TestAccConsulNode_basic
--- PASS: TestAccConsulNode_basic (0.05s)
=== RUN TestAccConsulPreparedQuery_basic
--- PASS: TestAccConsulPreparedQuery_basic (0.12s)
=== RUN TestAccConsulService_basic
--- PASS: TestAccConsulService_basic (0.05s)
=== RUN TestResourceProvider
--- PASS: TestResourceProvider (0.00s)
=== RUN TestResourceProvider_impl
--- PASS: TestResourceProvider_impl (0.00s)
=== RUN TestResourceProvider_Configure
--- PASS: TestResourceProvider_Configure (0.00s)
=== RUN TestResourceProvider_ConfigureTLS
--- PASS: TestResourceProvider_ConfigureTLS (0.00s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/consul 0.708s
Refs: #9352
* Clean-up for Go 1.7+ version.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
* Validate regular expression passed via the `name_regex` attribute.
This commit adds a simple ValidateFunc to check whether the regular
expression that was passed down via the `name_regex` attribute is valid.
Signed-off-by: Krzysztof Wilczynski <krzysztof.wilczynski@linux.com>
This is a fix for issue https://github.com/hashicorp/terraform/issues/9596.
Changes:
- Adds new output attribute `configuration_endpoint_address`. Only
used in Redis when in cluster mode.
- Read the `snapshot_window` and `snapshot_retention_limit` from
the
replication group description instead of the cache cluster
description.
- Adds acceptance test and modifies an existing acceptance test to
make sure that everything is still good in non-cluster mode
- Updates docs to describe new output attribute
This reverts commit c3a4cff133, reversing
changes made to 791a02e6e4.
This change requires plugin recompilation and we should hold off until a
minor release for that.
This commit introduces an `aws_iam_user_login_profile` resource which
creates a password for an IAM user, and encrypts it using a PGP key
specified in the configuration or obtained from Keybase.
For example:
```
resource "aws_iam_user" "u" {
name = "auser"
path = "/"
force_destroy = true
}
resource "aws_iam_user_login_profile" "u" {
user = "${aws_iam_user.u.name}"
pgp_key = "keybase:some_person_that_exists"
}
output "password" {
value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
```
The resulting attribute "encrypted_password" can be decrypted using
PGP or Keybase - for example:
```
terraform output password | base64 --decode | keybase pgp decrypt
```
Optionally the user can retain the password rather than the default of
being forced to change it at first login. Generated passwords are
currently 20 characters long.
TF_ACC=1 go test ./builtin/providers/azurerm -v -run=TestAccAzureRMVirtualMachine_basicLinuxMachine -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_basicLinuxMachine
--- PASS: TestAccAzureRMVirtualMachine_basicLinuxMachine (540.83s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 540.841s
TF_ACC=1 go test ./builtin/providers/azurerm -v -run=TestAccAzureRMVirtualMachine_withDataDisk -timeout 120m
=== RUN TestAccAzureRMVirtualMachine_withDataDisk
--- PASS: TestAccAzureRMVirtualMachine_withDataDisk (431.19s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 431.203s
enable_partitioning set to ForceNew
requires_duplicate_detection set to ForceNew
max_size_in_megabytes would cause a loop if enable_partitioning was true as this
causes the value to be multiplied by 16 for it's effective value, this computed
value is then returned by the ARM API in the same field which caused Terraform
to always detect a change
```
TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMServiceBusTopic -timeout 120m
=== RUN TestAccAzureRMServiceBusTopic_importBasic
--- PASS: TestAccAzureRMServiceBusTopic_importBasic (345.08s)
=== RUN TestAccAzureRMServiceBusTopic_basic
--- PASS: TestAccAzureRMServiceBusTopic_basic (342.23s)
=== RUN TestAccAzureRMServiceBusTopic_update
--- PASS: TestAccAzureRMServiceBusTopic_update (359.56s)
=== RUN TestAccAzureRMServiceBusTopic_enablePartitioning
--- PASS: TestAccAzureRMServiceBusTopic_enablePartitioning (362.80s)
=== RUN TestAccAzureRMServiceBusTopic_enableDuplicateDetection
--- PASS: TestAccAzureRMServiceBusTopic_enableDuplicateDetection (364.97s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/azurerm 1774.657s
```
* Converting archive_file to datasource.
* Ratcheting back new dir perms.
* Ratcheting back new dir perms.
* goimports
* Adding output_base64sha256 attribute to archive_file.
Updating docs.
* Dropping CheckDestroy since this is a data source.
* Correcting data source attribute checks.
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...
Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html
Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws37.121s
```
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s
```
When force_Destroy was specified on an iam_user, only Access Keys were
destroyed. Therefore, if a password was manually added via the AWS
console, it was causing an error as follows:
```
* aws_iam_user.user: Error deleting IAM User test-user-for-profile-delete: DeleteConflict: Cannot delete entity, must delete login profile first.
status code: 409, request id: acd67e40-9aa8-11e6-8533-4db80bad7ea8
```
We now *try* to delete the LoginProfile and ignore a NoSuchEntity error
if it doesn't exist
```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 12:53:05 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_
-timeout 120m
=== RUN TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.83s)
=== RUN TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (24.78s)
PASS
ok github.com/hashicorp/terraform/builtin/providers/aws39.624s
```
Paul Stack