provider/aws: Implementing aws_ami_launch_permission resource

[BSick7]

Overview

There is currently no way to manage AMI Launch Permissions in terraform.
This PR introduces aws_ami_launch_permission which allows a user to provision launch permissions to other aws accounts.

Syntax

provider "aws" {
    //...
}

resource "aws_ami_launch_permission" {
    image_id = "${var.image_id}"
    account_id = "${var.aws_account_id}"
}

Checklist

• Implement aws_ami_launch_permission.
• Add resource to provider.
• Test aws_ami_launch_permission.
• Add resource to website docs.

[BSick7]

@stack72 ready for review

[stack72]

Hi @BSick7

Unfortunately, when running the tests, I get the following:

make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMILaunchPermission'
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /vendor/)
2016/06/28 02:04:48 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMILaunchPermission -timeout 120m
=== RUN   TestAccAWSAMILaunchPermission_Basic
--- FAIL: TestAccAWSAMILaunchPermission_Basic (0.00s)
panic: interface conversion: interface {} is nil, not *aws.AWSClient [recovered]
    panic: interface conversion: interface {} is nil, not *aws.AWSClient

goroutine 6 [running]:
panic(0x13fa6c0, 0xc8200f2f00)
    /opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:481 +0x3e6
testing.tRunner.func1(0xc820084fc0)
    /opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/testing/testing.go:467 +0x192
panic(0x13fa6c0, 0xc8200f2f00)
    /opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/runtime/panic.go:443 +0x4e9
github.com/hashicorp/terraform/builtin/providers/aws.TestAccAWSAMILaunchPermission_Basic.func1()
    /Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_ami_launch_permission_test.go:21 +0x262
github.com/hashicorp/terraform/helper/resource.Test(0x2b18f18, 0xc820084fc0, 0x0, 0xc820144880, 0xc8202430b0, 0x0, 0x0, 0xc82019f3a0, 0xc820274000, 0x1, ...)
    /Users/stacko/Code/go/src/github.com/hashicorp/terraform/helper/resource/testing.go:216 +0x6aa
github.com/hashicorp/terraform/builtin/providers/aws.TestAccAWSAMILaunchPermission_Basic(0xc820084fc0)
    /Users/stacko/Code/go/src/github.com/hashicorp/terraform/builtin/providers/aws/resource_aws_ami_launch_permission_test.go:39 +0x35c
testing.tRunner(0xc820084fc0, 0x2446128)
    /opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/testing/testing.go:473 +0x98
created by testing.RunTests
    /opt/boxen/homebrew/Cellar/go/1.6.2/libexec/src/testing/testing.go:582 +0x892
exit status 2
FAIL    github.com/hashicorp/terraform/builtin/providers/aws    0.020s
make: *** [testacc] Error 1

[BSick7]

@stack72 That's odd that the travis build succeeded, but yours didn't
Looking into fix now.

[stack72]

@BSick7 the travis build doesn't run the acceptance tests :) The cmd i ran does. So there may be someone missed

P.

[BSick7]

Ahh right on. Thanks! Fixing.

[BSick7]

@stack72 I found the issue. I thought I could rely on the aws provider being "ready" to issue aws calls in my test. The only reason I am doing this is to use the account id from the current aws caller identity to verify this resource. Any thoughts on other ways to get the account id?

[stack72]

Hey @BSick7

Tests still fail for me I'm afraid

make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMILaunchPermission'                                  1 ↵
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /vendor/)
2016/06/28 14:58:03 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMILaunchPermission -timeout 120m
=== RUN   TestAccAWSAMILaunchPermission_Basic
--- FAIL: TestAccAWSAMILaunchPermission_Basic (157.96s)
    testing.go:255: Step 1 error: Error applying: 1 error(s) occurred:

        * aws_ami_launch_permission.self-test: error creating ami launch permission: InvalidAMIAttributeItemValue: Invalid attribute item value " " for userId item type.
            status code: 400, request id: d026f5eb-939a-45ec-8b0c-75bda1177e32
    testing.go:318: Error destroying resource! WARNING: Dangling resources
        may exist. The full state and error is shown below.

        Error: Check failed: MissingParameter: The request must contain the parameter ImageId
            status code: 400, request id: 3afbc378-b56d-40cd-9ae8-13cc1b7dfb83

        State: <no state>
FAIL
exit status 1
FAIL    github.com/hashicorp/terraform/builtin/providers/aws    157.988s

Is there something missing here?

P.

[BSick7]

@stack72 Ya, I still haven't fixed it. The resource relies on an "account_id". I suppose I could use the env vars to retrieve the account id without the use of a provider.

[stack72]

@BSick7 some of the other code we have already has an Env Var for Account Id. Therefore, there is a chance that we could effectively add our own AccountID to this resource and share the AMI with ourselves :)

[BSick7]

@stack72 I was looking for that! Can you point me to that account id?

[stack72]

@BSick7 look for resource_aws_vpc_peering_connection.go

[BSick7]

@stack72 Finally got my tests running the way I intended. It's annoying when it takes almost 5-10 minutes to run the test.

[BSick7]

TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMILaunchPermission -timeout 120m
=== RUN   TestAccAWSAMILaunchPermission_Basic
--- PASS: TestAccAWSAMILaunchPermission_Basic (355.01s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    355.019s

[stack72]

Hi @BSick7

So I am slightly confused here, in the test, you are doing the following:

account_id := os.Getenv("AWS_ACCOUNT_ID")

AWS_ACCOUNT_ID is being used already in Terraform to denote the account you are running terraform against. This test therefore seems to suggest sharing the AMI with the same account it was created with

Thoughts?

Paul

[BSick7]

@stack72 The acceptance test is really just ensuring that communication with aws is configured properly. I believe a better acceptance test would share with another account and build an instance using that account; however, I didn't think terraform acceptance tests were in a position to do that.

[stack72]

we don't need to worry about specifying the provider block and region here :)

We only specify it if we need to run it against a particular env

[BSick7]

Thanks! Dropping. I originally was using an AMI in us-east-1, but upon massive changes yesterday, forgot to remove that block.

[steve-jansen]

@stack72 do you think this PR will make the 0.7 release?

[stack72]

Hi @BSick7

This is looking good now :)

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSAMILaunchPermission'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSAMILaunchPermission -timeout 120m
=== RUN   TestAccAWSAMILaunchPermission_Basic
--- PASS: TestAccAWSAMILaunchPermission_Basic (344.70s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    344.719s

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.