Add support for aws autoscaling lifecycle hooks.

[xetorthio]

This PR adds the ability to manage AWS Autoscaling Group Lifecycle Hooks.
It adds a new resource aws_autoscaling_lifecycle_hook which has a few attributes the can be set, like:

resource "aws_autoscaling_lifecycle_hook" "foobar" {
    name = "foobar"
    default_result = "CONTINUE"
    heartbeat_timeout = 2000
    lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING"
    notification_metadata = <<EOF
{
  "foo": "bar"
}
EOF
    notification_target_arn = "arn:aws:sqs:us-east-1:444455556666:queue1*"
    role_arn = "arn:aws:iam::123456789012:role/S3Access"
}

[stack72]

@xetorthio I can't see where you tell the LifeCycle Hook which ASG to attach to?

I can see in your code the following:

func getAwsAutoscalingPutLifecycleHookInput(d *schema.ResourceData) autoscaling.PutLifecycleHookInput {
    var params = autoscaling.PutLifecycleHookInput{
        AutoScalingGroupName: aws.String(d.Get("autoscaling_group_name").(string)),
        LifecycleHookName:    aws.String(d.Get("name").(string)),
    }

But autoscaling_group_name is not in the schema for this resource. Wouldn't the schema have to be as follows:

Schema: map[string]*schema.Schema{
            "name": &schema.Schema{
                Type:     schema.TypeString,
                Required: true,
                ForceNew: true,
            },
                        "autoscaling_group_name": &schema.Schema{
                Type:     schema.TypeString,
                Required: true,
            },
            "default_result": &schema.Schema{
                Type:     schema.TypeString,
                Optional: true,
            },
            "heartbeat_timeout": &schema.Schema{
                Type:     schema.TypeInt,
                Optional: true,
            },
            "lifecycle_transition": &schema.Schema{
                Type:     schema.TypeString,
                Required: true,
            },
            "notification_metadata": &schema.Schema{
                Type:     schema.TypeString,
                Optional: true,
            },
            "notification_target_arn": &schema.Schema{
                Type:     schema.TypeString,
                Required: true,
            },
            "role_arn": &schema.Schema{
                Type:     schema.TypeString,
                Required: true,
            },
        },

[xetorthio]

@stack72 you are right! I forgot to add the autoscaling_group_name attribute to the lifecycle_hook resource, which is actually required and extremely important. Thanks for noticing it and letting me know. I just updated the PR adding this.

[stack72]

nice one :) FYI i added some docs for this ( #3403 )

[stack72]

@xetorthio I have a little bit more feedback on this. Right now (since you updated the PR), the tests do not pass:

terraform [lifecycle_hooks●●] % make testacc TEST=./builtin/providers/aws TESTARGS='-run=LifecycleHook' 2>~/tf.log
go generate ./...
TF_ACC=1 go test ./builtin/providers/aws -v -run=LifecycleHook -timeout 90m
=== RUN   TestAccAWSAutoscalingLifecycleHook_basic
--- FAIL: TestAccAWSAutoscalingLifecycleHook_basic (0.11s)
    testing.go:136: Step 0 error: Configuration is invalid.

        Warnings: []string(nil)

        Errors: []string{"aws_autoscaling_lifecycle_hook.foobar: Provider doesn't support resource: aws_autoscaling_lifecycle_hook"}
FAIL
exit status 1
FAIL    github.com/hashicorp/terraform/builtin/providers/aws    0.130s

To make these pass, you need to register the new resource with the provider.go (/builtin/providers/aws/provider.go)

"aws_autoscaling_lifecycle_hook":   resourceAwsAutoscalingLifecycleHook(),

[xetorthio]

I think the reason why I didn't get this error is because I am not running acceptance tests. Am I correct?

Btw, I just added the missing line

[stack72]

@xetorthio excellent. The acceptance tests are not run on build. I always run them as a sanity check on whether the resource actually works

These should work now.

[xetorthio]

@stack72 @apparentlymart Merged the docs into this PR

[stack72]

@xetorthio looks like you still have a merge conflict. This is because of builtin/providers/aws/provider.go

[xetorthio]

@stack72 @apparentlymart I just rebased this PR and fixed the conflict. Please let me know if anything else is missing!

[apparentlymart]

It looks like this is the only real difference between Create and Update here. It's harmless to call d.SetId within Update, if you'd like to just combine Create and Update into a single resourceAwsAutoscalingLifecycleHookPut function.

[xetorthio]

Makes lots of sense! Thanks for finding this!

[apparentlymart]

@xetorthio thanks for working on this! I left one minor comment inline.

When I ran the acceptance tests I got this error:

--- FAIL: TestAccAWSAutoscalingLifecycleHook_basic (167.90s)
    testing.go:136: Step 0 error: Error applying: 1 error(s) occurred:

        * aws_autoscaling_lifecycle_hook.foobar: Error putting lifecycle hook: AccessDenied: Cross-account pass role is not allowed.
            status code: 403, request id: 2194f468-6de0-11e5-9922-a32b736bfda6

Any idea what's causing that? Could it be that the role and notification target ARNs contain account ids that differ from my account? If so it might work better to create an IAM role and/or a notification target as part of the test configuration and interpolate the ARNs, so that they will point at resources that are valid for the account running the test.

[xetorthio]

@apparentlymart I made the change you recommended and also changed the test so it creates the necessary iam role, policy and sqs queue so we don't depend on anything external. Hopefully I didn't miss anything since it is hard to test locally.

[apparentlymart]

@xetorthio Thanks for the follow-up commit.

This new version seems to cause a different acceptance test failure:

        * aws_autoscaling_lifecycle_hook.foobar: Error putting lifecycle hook: ValidationError: Unable to publish test message to notification target arn:aws:sqs:us-west-2:(account-id):foobar using IAM role arn:aws:iam::(account-id):role/foobar. Please check your target and role configuration and try to put lifecycle hook again.
            status code: 400, request id: aa727474-6f81-11e5-8623-c38a724b8d92

I tried to fix this myself by adding the sns:Publish action to the policy in the test, but that didn't work. My knowledge of SNS, SQS and auto-scaling groups is limited so I'm not sure what to try next. Any ideas?

I also did some other fixups which I was just going to include in the merge, but since this test failure blocked me from merging I'll just note them here:

• In your commit 98936e7 you seem to have accidentally deleted config/lang/y.go, which breaks the build.
• There a few remaining references to the plural resource aws_autoscaling_lifecycle_hooks in the docs, including the filename of the doc file.

If we can figure out what is the right config to get the acceptance tests working, along with those minor things above, then I think this is ready to merge. Thanks again for all your work on this!

[xetorthio]

@apparentlymart I fixed all the things you mentioned and also the acceptance test. At the end the best was to run it on my own account and make sure it works before pushing, which is what I should've done in the first place (sorry about that).

If you think this PR is ready to merge, let me know before doing so, I want to squash all commits, so history is nicer and not so messy.

[apparentlymart]

@xetorthio this looks good to me now.

As you squash, please retain @stack72's documentation commit as a separate one so he'll be properly attributed in the history.

Thanks again for all your effort in doing this, and for your patience in responding to all of the feedback!

[xetorthio]

@apparentlymart all my commits were squashed and of course I kept @stack72's commit
hopefully it is ready to be merged :)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.