Merge remote-tracking branch 'upstream/master' into 9869_validate_cre…

…dentials * upstream/master: (79 commits) update CHANGELOG Update panicwrap to pass through all interrupt signals Gracefully stops on SIGTERM website: update website for conditionals vendor: update HIL with conditionals Keep a consistent provider order. Update CHANGELOG.md provider/aws: Forces the api gateway domain name certificates to recreate the resource (hashicorp#10588) Update CHANGELOG.md provider/aws: FIxed the api_gw_domain_name replace operation (hashicorp#10179) Fixed note formatting Explicitly say `count` is not supported by modules (hashicorp#10553) docs/aws: Fix the discrepencies of the emr_cluster documentation (hashicorp#10578) Update CHANGELOG.md Service role is not updated on AWS for a CodeDeploy deployment group (hashicorp#9866) Update CHANGELOG.md provider/datadog hashicorp#9375: Refactor tags to a list instead of a map. (hashicorp#10570) Update the Vagrantfile to resolve package update/installation issue. (hashicorp#9783) docs/aws: Add iam_server_certificate data source to nav bar (hashicorp#10576) Update CHANGELOG.md ...
atlassian · Dec 8, 2016 · 62513c4 · 62513c4
2 parents 27070d9 + 134b438
commit 62513c4
Show file tree

Hide file tree

Showing 506 changed files with 72,300 additions and 4,883 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -2,6 +2,7 @@ sudo: false
 language: go
 go:
 - 1.7.4
+- 1.8beta1
 install:
 # This script is used by the Travis build to install a cookie for
 # go.googlesource.com so rate limits are higher when using `go get` to fetch

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,11 +1,41 @@
 ## 0.8.0-rc3 (unreleased)
 
+FEATURES:
+
+ * **New Provider:** `external` [GH-8768]
+ * **New Provider:** `Rancher` [GH-9173]
+ * **New Data Source:** `aws_iam_server_certificate` [GH-10558]
+ * **New Data Source:** `pagerduty_user` [GH-10541]
+ * **New Resource:** `aws_opsworks_rds_db_instance` [GH-10294]
+ * **New Resource:** `aws_vpc_endpoint_route_table_association` [GH-10137]
+
+
 IMPROVEMENTS:
+
+ * core: SIGTERM also triggers graceful shutdown in addition to SIGINT [GH-10534]
+ * provider/aws: Add support for termination protection and autotermination to EMR [GH-10252]
+ * provider/azurerm: make DiskSizeGB optional for azurerm_virtual_machine data_disks [GH-10232]
+ * provider/azurerm support `license_type` virtual_machine property [GH-10539]
+ * provider/datadog: Make monitor thresholds optional. [GH-10526]
+ * provider/datadog: Improve datadog timeboard support [GH-10027]
+ * provider/docker: Upload files into container before first start [GH-9520]
+ * provider/fastly: add ssl_hostname option [GH-9629]
  * provider/openstack: Detect Region for Importing Resources [GH-10509]
+ * provider/google: Instances and templates now both support `metadata_startup_script` and `metadata.startup-script`. [GH-10537]
 
 BUG FIXES:
 
+  * core: Fix a diff mismatch error that could happen when a resource depends on a count resource being decreased. [GH-10522]
   * core: On Unix machines if `getent` is not available, fall back to shell to find home dir. [GH-10515]
+  * communicator/ssh: Avoid race that could cause parallel remote execs on the same host to overwrite each other [GH-10549]
+  * provider/aws: cloudfront distribution 404 should mark as gone [GH-10281]
+  * provider/aws: Assign correct number of core instances (n-1) to aws-emr-cluster on update [GH-10529]
+  * provider/aws: Allow update of Service role on a CodeDeploy deployment group [GH-9866]
+  * provider/aws: fixed the api_gw_domain_name replace operation [GH-10179]
+  * provider/aws: Forces the API GW domain name certificates to recreate the resource [GH-10588]
+  * provider/azurem: azurerm_availability_set not is ForceNew for UpdateDomain and FaultDomain [GH-10545]
+  * provider/datadog: Refactor monitor tags to a list instead of a map. [GH-10570]
+  * provider/openstack: Fix Ordering of Port Allowed Address Pairs [GH-10250]
 
 ## 0.8.0-rc2 (December 2, 2016)
 
@@ -169,6 +199,7 @@ BUG FIXES:
 
 BUG FIXES:
  * provider/azurerm: set ForceNew for storage image and OS disk of virtual_machine ([#10340](https://github.com/hashicorp/terraform/issues/10340))
+ * provider/aws: Fix issue removing Lambda environment variables [GH-10492]
 
 
 
@@ -2649,4 +2680,4 @@ IMPROVEMENTS:
   * providers/google: Add `size` option to disk blocks for instances. ([#1284](https://github.com/hashicorp/terraform/issues/1284))
   * providers/aws: Improve support for tagging resources.
   * providers/aws: Add a short syntax for Route 53 Record names, e.g.
-      `www` 
+      `www`
diff --git a/Vagrantfile b/Vagrantfile
@@ -16,7 +16,7 @@ ARCH="$(uname -m | sed 's|i686|386|' | sed 's|x86_64|amd64|')"
 export DEBIAN_PRIORITY=critical
 export DEBIAN_FRONTEND=noninteractive
 export DEBCONF_NONINTERACTIVE_SEEN=true
-APT_OPTS="--yes --force-yes --no-install-suggests --no-install-recommends"
+APT_OPTS="--assume-yes --no-install-suggests --no-install-recommends -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\""
 echo "Upgrading packages ..."
 apt-get update ${APT_OPTS} >/dev/null
 apt-get upgrade ${APT_OPTS} >/dev/null

diff --git a/builtin/bins/provider-external/main.go b/builtin/bins/provider-external/main.go
@@ -0,0 +1,12 @@
+package main
+
+import (
+	"github.com/hashicorp/terraform/builtin/providers/external"
+	"github.com/hashicorp/terraform/plugin"
+)
+
+func main() {
+	plugin.Serve(&plugin.ServeOpts{
+		ProviderFunc: external.Provider,
+	})
+}
diff --git a/builtin/bins/provider-rancher/main.go b/builtin/bins/provider-rancher/main.go
@@ -0,0 +1,15 @@
+package main
+
+import (
+	"github.com/hashicorp/terraform/builtin/providers/rancher"
+	"github.com/hashicorp/terraform/plugin"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func main() {
+	plugin.Serve(&plugin.ServeOpts{
+		ProviderFunc: func() terraform.ResourceProvider {
+			return rancher.Provider()
+		},
+	})
+}
diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
@@ -45,6 +45,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/kinesis"
 	"github.com/aws/aws-sdk-go/service/kms"
 	"github.com/aws/aws-sdk-go/service/lambda"
+	"github.com/aws/aws-sdk-go/service/lightsail"
 	"github.com/aws/aws-sdk-go/service/opsworks"
 	"github.com/aws/aws-sdk-go/service/rds"
 	"github.com/aws/aws-sdk-go/service/redshift"
@@ -135,6 +136,7 @@ type AWSClient struct {
 	elasticbeanstalkconn  *elasticbeanstalk.ElasticBeanstalk
 	elastictranscoderconn *elastictranscoder.ElasticTranscoder
 	lambdaconn            *lambda.Lambda
+	lightsailconn         *lightsail.Lightsail
 	opsworksconn          *opsworks.OpsWorks
 	glacierconn           *glacier.Glacier
 	codedeployconn        *codedeploy.CodeDeploy
@@ -282,6 +284,7 @@ func (c *Config) Client() (interface{}, error) {
 	client.kinesisconn = kinesis.New(kinesisSess)
 	client.kmsconn = kms.New(sess)
 	client.lambdaconn = lambda.New(sess)
+	client.lightsailconn = lightsail.New(usEast1Sess)
 	client.opsworksconn = opsworks.New(usEast1Sess)
 	client.r53conn = route53.New(usEast1Sess)
 	client.rdsconn = rds.New(sess)

diff --git a/builtin/providers/aws/data_source_aws_iam_server_certificate.go b/builtin/providers/aws/data_source_aws_iam_server_certificate.go
@@ -0,0 +1,134 @@
+package aws
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceAwsIAMServerCertificate() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsIAMServerCertificateRead,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ForceNew:      true,
+				ConflictsWith: []string{"name_prefix"},
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if len(value) > 128 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be longer than 128 characters", k))
+					}
+					return
+				},
+			},
+
+			"name_prefix": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if len(value) > 30 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be longer than 30 characters, name is limited to 128", k))
+					}
+					return
+				},
+			},
+
+			"latest": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Default:  false,
+			},
+
+			"arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"path": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"expiration_date": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+type certificateByExpiration []*iam.ServerCertificateMetadata
+
+func (m certificateByExpiration) Len() int {
+	return len(m)
+}
+
+func (m certificateByExpiration) Swap(i, j int) {
+	m[i], m[j] = m[j], m[i]
+}
+
+func (m certificateByExpiration) Less(i, j int) bool {
+	return m[i].Expiration.After(*m[j].Expiration)
+}
+
+func dataSourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	var matcher = func(cert *iam.ServerCertificateMetadata) bool {
+		return strings.HasPrefix(aws.StringValue(cert.ServerCertificateName), d.Get("name_prefix").(string))
+	}
+	if v, ok := d.GetOk("name"); ok {
+		matcher = func(cert *iam.ServerCertificateMetadata) bool {
+			return aws.StringValue(cert.ServerCertificateName) == v.(string)
+		}
+	}
+
+	var metadatas = []*iam.ServerCertificateMetadata{}
+	err := iamconn.ListServerCertificatesPages(&iam.ListServerCertificatesInput{}, func(p *iam.ListServerCertificatesOutput, lastPage bool) bool {
+		for _, cert := range p.ServerCertificateMetadataList {
+			if matcher(cert) {
+				metadatas = append(metadatas, cert)
+			}
+		}
+		return true
+	})
+	if err != nil {
+		return errwrap.Wrapf("Error describing certificates: {{err}}", err)
+	}
+
+	if len(metadatas) == 0 {
+		return fmt.Errorf("Search for AWS IAM server certificate returned no results")
+	}
+	if len(metadatas) > 1 {
+		if !d.Get("latest").(bool) {
+			return fmt.Errorf("Search for AWS IAM server certificate returned too many results")
+		}
+
+		sort.Sort(certificateByExpiration(metadatas))
+	}
+
+	metadata := metadatas[0]
+	d.SetId(*metadata.ServerCertificateId)
+	d.Set("arn", *metadata.Arn)
+	d.Set("path", *metadata.Path)
+	d.Set("name", *metadata.ServerCertificateName)
+	if metadata.Expiration != nil {
+		d.Set("expiration_date", metadata.Expiration.Format("2006-01-02T15:04:05"))
+	}
+
+	return nil
+}
diff --git a/builtin/providers/aws/data_source_aws_iam_server_certificate_test.go b/builtin/providers/aws/data_source_aws_iam_server_certificate_test.go
@@ -0,0 +1,63 @@
+package aws
+
+import (
+	"fmt"
+	"sort"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func timePtr(t time.Time) *time.Time {
+	return &t
+}
+
+func TestResourceSortByExpirationDate(t *testing.T) {
+	certs := []*iam.ServerCertificateMetadata{
+		&iam.ServerCertificateMetadata{
+			ServerCertificateName: aws.String("oldest"),
+			Expiration:            timePtr(time.Now()),
+		},
+		&iam.ServerCertificateMetadata{
+			ServerCertificateName: aws.String("latest"),
+			Expiration:            timePtr(time.Now().Add(3 * time.Hour)),
+		},
+		&iam.ServerCertificateMetadata{
+			ServerCertificateName: aws.String("in between"),
+			Expiration:            timePtr(time.Now().Add(2 * time.Hour)),
+		},
+	}
+	sort.Sort(certificateByExpiration(certs))
+	if *certs[0].ServerCertificateName != "latest" {
+		t.Fatalf("Expected first item to be %q, but was %q", "latest", *certs[0].ServerCertificateName)
+	}
+}
+
+func TestAccAWSDataSourceIAMServerCertificate_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsDataIAMServerCertConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("aws_iam_server_certificate.test_cert", "arn"),
+					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "arn"),
+					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "name"),
+					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "path"),
+				),
+			},
+		},
+	})
+}
+
+var testAccAwsDataIAMServerCertConfig = fmt.Sprintf(`%s
+data "aws_iam_server_certificate" "test" {
+  name = "${aws_iam_server_certificate.test_cert.name}"
+  latest = true
+}
+`, testAccIAMServerCertConfig)
diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go
@@ -157,6 +157,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_ecs_container_definition": dataSourceAwsEcsContainerDefinition(),
 			"aws_elb_service_account":      dataSourceAwsElbServiceAccount(),
 			"aws_iam_policy_document":      dataSourceAwsIamPolicyDocument(),
+			"aws_iam_server_certificate":   dataSourceAwsIAMServerCertificate(),
 			"aws_ip_ranges":                dataSourceAwsIPRanges(),
 			"aws_prefix_list":              dataSourceAwsPrefixList(),
 			"aws_redshift_service_account": dataSourceAwsRedshiftServiceAccount(),
@@ -284,6 +285,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_lambda_alias":                             resourceAwsLambdaAlias(),
 			"aws_lambda_permission":                        resourceAwsLambdaPermission(),
 			"aws_launch_configuration":                     resourceAwsLaunchConfiguration(),
+			"aws_lightsail_instance":                       resourceAwsLightsailInstance(),
 			"aws_lb_cookie_stickiness_policy":              resourceAwsLBCookieStickinessPolicy(),
 			"aws_load_balancer_policy":                     resourceAwsLoadBalancerPolicy(),
 			"aws_load_balancer_backend_server_policy":      resourceAwsLoadBalancerBackendServerPolicies(),
@@ -311,6 +313,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_opsworks_instance":                        resourceAwsOpsworksInstance(),
 			"aws_opsworks_user_profile":                    resourceAwsOpsworksUserProfile(),
 			"aws_opsworks_permission":                      resourceAwsOpsworksPermission(),
+			"aws_opsworks_rds_db_instance":                 resourceAwsOpsworksRdsDbInstance(),
 			"aws_placement_group":                          resourceAwsPlacementGroup(),
 			"aws_proxy_protocol_policy":                    resourceAwsProxyProtocolPolicy(),
 			"aws_rds_cluster":                              resourceAwsRDSCluster(),
@@ -358,6 +361,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_vpc_peering_connection":                   resourceAwsVpcPeeringConnection(),
 			"aws_vpc":                                      resourceAwsVpc(),
 			"aws_vpc_endpoint":                             resourceAwsVpcEndpoint(),
+			"aws_vpc_endpoint_route_table_association":     resourceAwsVpcEndpointRouteTableAssociation(),
 			"aws_vpn_connection":                           resourceAwsVpnConnection(),
 			"aws_vpn_connection_route":                     resourceAwsVpnConnectionRoute(),
 			"aws_vpn_gateway":                              resourceAwsVpnGateway(),