Merge branch 'master' into update_vmware-govcd

* master: (34 commits)
  Update CHANGELOG.md
  provider/aws: Delete access keys before deleting IAM user (hashicorp#7766)
  Fix broken link to Consul demo (hashicorp#7789)
  provider/aws: `aws_redshift_cluster` `number_of_nodes` was having the (hashicorp#7771)
  provider/aws: Restore lost client.simpledbconn initialization
  Update vendored atlas client
  Make using `ssl_verify_mode` more robust (hashicorp#7769)
  Update CHANGELOG.md
  provider/aws: Rename the ECS Container Data Source test
  docs/azure: Small changes to remove the use of double
  Update docs to centralize on ARM-based Azure provider (hashicorp#7767)
  Update CHANGELOG.md
  Update CHANGELOG.md
  Add support for Kinesis streams shard-level metrics (hashicorp#7684)
  Update CHANGELOG.md
  Implementing aws_ami_launch_permission. (hashicorp#7365)
  Update CHANGELOG.md
  Add VersionString
  provider/aws: Set `storage_encrypted` to state in (hashicorp#7751)
  provider/fastly: Update go-fastly SDK (hashicorp#7747)
  ...

CHANGELOG.md

@@ -22,8 +22,9 @@ BACKWARDS INCOMPATIBILITIES / NOTES:
  * `azurerm_virtual_machine` computer_name now Required
  * `aws_db_instance` now defaults `publicly_accessible` to false
  * `openstack_fw_policy_v1` now correctly applies rules in the order they are specified. Upon the next apply, current rules might be re-ordered.
- * `atlas_artifact` resource has be depracated. Please use the new `atlas_artifact` Data Source
+ * `atlas_artifact` resource has be deprecated. Please use the new `atlas_artifact` Data Source
  * The `member` attribute of `openstack_lb_pool_v1` has been deprecated. Please ue the new `openstack_lb_member_v1` resource.
+ * All deprecated parameters are removed from all `CloudStack` resources
 
 FEATURES:
 
@@ -38,6 +39,7 @@ FEATURES:
  * **New Data Source:** `aws_availability_zones` [GH-6805]
  * **New Data Source:** `aws_iam_policy_document` [GH-6881]
  * **New Data Source:** `aws_s3_bucket_object` [GH-6946]
+ * **New Data Source:** `aws_ecs_container_definition` [GH-7230]
  * **New Data Source:** `atlas_artifact` [GH-7419]
  * **New Interpolation Function:** `sort` [GH-7128]
  * **New Interpolation Function:** `distinct` [GH-7174]
@@ -62,6 +64,7 @@ FEATURES:
  * **New Resource:** `aws_simpledb_domain` [GH-7600]
  * **New Resource:** `aws_opsworks_user_profile` [GH-6304]
  * **New Resource:** `aws_opsworks_permission` [GH-6304]
+ * **New Resource:** `aws_ami_launch_permission` [GH-7365]
  * **New Resource:** `openstack_blockstorage_volume_v2` [GH-6693]
  * **New Resource:** `openstack_lb_loadbalancer_v2` [GH-7012]
  * **New Resource:** `openstack_lb_listener_v2` [GH-7012]
@@ -85,6 +88,7 @@ IMPROVEMENTS:
  * core: Support `.` in map keys [GH-7654]
  * command: Remove second DefaultDataDirectory const [GH-7666]
  * provider/aws: Add `dns_name` to `aws_efs_mount_target` [GH-7428]
+ * provider/aws: Add `force_destroy` to `aws_iam_user` for force-deleting access keys assigned to the user [GH-7766]
  * provider/aws: Add `option_settings` to `aws_db_option_group` [GH-6560]
  * provider/aws: Add more explicit support for Skipping Final Snapshot in RDS Cluster [GH-6795]
  * provider/aws: Add support for S3 Bucket Acceleration [GH-6628]
@@ -118,6 +122,8 @@ IMPROVEMENTS:
  * provider/aws: Support `task_role_arn` on `aws_ecs_task_definition [GH-7653]
  * provider/aws: Support Tags on `aws_rds_cluster` [GH-7695]
  * provider/aws: Support kms_key_id for `aws_rds_cluster` [GH-7662]
+ * provider/aws: Allow setting a `poll_interval` on `aws_elastic_beanstalk_environment` [GH-7523]
+ * provider/aws: Add support for Kinesis streams shard-level metrics [GH-7684]
  * provider/azurerm: Add support for EnableIPForwarding to `azurerm_network_interface` [GH-6807]
  * provider/azurerm: Add support for exporting the `azurerm_storage_account` access keys [GH-6742]
  * provider/azurerm: The Azure SDK now exposes better error messages [GH-6976]
@@ -128,6 +134,11 @@ IMPROVEMENTS:
  * provider/cloudstack: Add support for affinity groups to `cloudstack_instance` [GH-6898]
  * provider/cloudstack: Enable swapping of ACLs without having to rebuild the network tier [GH-6741]
  * provider/cloudstack: Improve ACL swapping [GH-7315]
+ * provider/cloudstack: Add project support to `cloudstack_network_acl` and `cloudstack_network_acl_rule` [GH-7612]
+ * provider/cloudstack: Add option to set `root_disk_size` to `cloudstack_instance` [GH-7070]
+ * provider/cloudstack: Do no longer force a new `cloudstack_instance` resource when updating `user_data` [GH-7074]
+ * provider/cloudstack: Add option to set `security_group_names` to `cloudstack_instance` [GH-7240]
+ * provider/cloudstack: Add option to set `affinity_group_names` to `cloudstack_instance` [GH-7242]
  * provider/datadog: Add support for 'require full window' and 'locked' [GH-6738]
  * provider/docker: Docker Container DNS Setting Enhancements [GH-7392]
  * provider/docker: Add `destroy_grace_seconds` option to stop container before delete [GH-7513]
@@ -225,6 +236,9 @@ BUG FIXES:
  * provider/azurerm: `azurerm_virtual_machine` computer_name now Required [GH-7308]
  * provider/cloudflare: Fix issue upgrading CloudFlare Records created before v0.6.15 [GH-6969]
  * provider/cloudstack: Fix using `cloudstack_network_acl` within a project [GH-6743]
+ * provider/cloudstack: Fix refresing `cloudstack_network_acl_rule` when the associated ACL is deleted [GH-7612]
+ * provider/cloudstack: Fix refresing `cloudstack_port_forward` when the associated IP address is no longer associated [GH-7612]
+ * provider/cloudstack: Fix creating `cloudstack_network` with offerings that do not support specifying IP ranges [GH-7612]
  * provider/digitalocean: Stop `digitocean_droplet` forcing new resource on uppercase region [GH-7044]
  * provider/digitalocean: Reassign Floating IP when droplet changes [GH-7411]
  * provider/google: Fix a bug causing an error attempting to delete an already-deleted `google_compute_disk` [GH-6689]

builtin/providers/atlas/provider.go

@@ -52,6 +52,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 			return nil, err
 		}
 	}
+	client.DefaultHeader.Set(terraform.VersionHeader, terraform.VersionString())
 	client.Token = d.Get("token").(string)
 
 	return client, nil

builtin/providers/aws/config.go

@@ -243,6 +243,7 @@ func (c *Config) Client() (interface{}, error) {
 		client.r53conn = route53.New(usEast1Sess)
 		client.rdsconn = rds.New(sess)
 		client.redshiftconn = redshift.New(sess)
+		client.simpledbconn = simpledb.New(sess)
 		client.s3conn = s3.New(sess)
 		client.sesConn = ses.New(sess)
 		client.snsconn = sns.New(sess)
@@ -323,7 +324,7 @@ func (c *Config) ValidateAccountId(accountId string) error {
 var addTerraformVersionToUserAgent = request.NamedHandler{
 	Name: "terraform.TerraformVersionUserAgentHandler",
 	Fn: request.MakeAddToUserAgentHandler(
-		"terraform", terraform.Version, terraform.VersionPrerelease),
+		"terraform", terraform.VersionString()),
 }
 
 type awsLogger struct{}

builtin/providers/aws/data_source_aws_ecs_container_definition.go

@@ -0,0 +1,98 @@
+package aws
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ecs"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceAwsEcsContainerDefinition() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsEcsContainerDefinitionRead,
+
+		Schema: map[string]*schema.Schema{
+			"task_definition": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"container_name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			// Computed values.
+			"image": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"image_digest": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"cpu": &schema.Schema{
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"memory": &schema.Schema{
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"disable_networking": &schema.Schema{
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"docker_labels": &schema.Schema{
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
+			"environment": &schema.Schema{
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
+		},
+	}
+}
+
+func dataSourceAwsEcsContainerDefinitionRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ecsconn
+
+	desc, err := conn.DescribeTaskDefinition(&ecs.DescribeTaskDefinitionInput{
+		TaskDefinition: aws.String(d.Get("task_definition").(string)),
+	})
+	if err != nil {
+		return err
+	}
+
+	taskDefinition := *desc.TaskDefinition
+	for _, def := range taskDefinition.ContainerDefinitions {
+		if aws.StringValue(def.Name) != d.Get("container_name").(string) {
+			continue
+		}
+
+		d.SetId(fmt.Sprintf("%s/%s", aws.StringValue(taskDefinition.TaskDefinitionArn), d.Get("container_name").(string)))
+		d.Set("image", aws.StringValue(def.Image))
+		d.Set("image_digest", strings.Split(aws.StringValue(def.Image), ":")[1])
+		d.Set("cpu", aws.Int64Value(def.Cpu))
+		d.Set("memory", aws.Int64Value(def.Memory))
+		d.Set("disable_networking", aws.BoolValue(def.DisableNetworking))
+		d.Set("docker_labels", aws.StringValueMap(def.DockerLabels))
+
+		var environment = map[string]string{}
+		for _, keyValuePair := range def.Environment {
+			environment[aws.StringValue(keyValuePair.Name)] = aws.StringValue(keyValuePair.Value)
+		}
+		d.Set("environment", environment)
+	}
+
+	if d.Id() == "" {
+		return fmt.Errorf("container with name %q not found in task definition %q", d.Get("container_name").(string), d.Get("task_definition").(string))
+	}
+
+	return nil
+}

builtin/providers/aws/data_source_aws_ecs_container_definition_test.go

@@ -0,0 +1,62 @@
+package aws
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccAWSEcsDataSource_ecsContainerDefinition(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCheckAwsEcsContainerDefinitionDataSourceConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.aws_ecs_container_definition.mongo", "image", "mongo:latest"),
+					resource.TestCheckResourceAttr("data.aws_ecs_container_definition.mongo", "memory", "128"),
+					resource.TestCheckResourceAttr("data.aws_ecs_container_definition.mongo", "cpu", "128"),
+					resource.TestCheckResourceAttr("data.aws_ecs_container_definition.mongo", "environment.SECRET", "KEY"),
+				),
+			},
+		},
+	})
+}
+
+const testAccCheckAwsEcsContainerDefinitionDataSourceConfig = `
+resource "aws_ecs_cluster" "default" {
+  name = "terraformecstest1"
+}
+
+resource "aws_ecs_task_definition" "mongo" {
+  family = "mongodb"
+  container_definitions = <<DEFINITION
+[
+  {
+    "cpu": 128,
+    "environment": [{
+      "name": "SECRET",
+      "value": "KEY"
+    }],
+    "essential": true,
+    "image": "mongo:latest",
+    "memory": 128,
+    "name": "mongodb"
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "mongo" {
+  name = "mongodb"
+  cluster = "${aws_ecs_cluster.default.id}"
+  task_definition = "${aws_ecs_task_definition.mongo.arn}"
+  desired_count = 1
+}
+
+data "aws_ecs_container_definition" "mongo" {
+  task_definition = "${aws_ecs_task_definition.mongo.id}"
+  container_name = "mongodb"
+}
+`

builtin/providers/aws/provider.go

@@ -111,16 +111,18 @@ func Provider() terraform.ResourceProvider {
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
-			"aws_ami":                 dataSourceAwsAmi(),
-			"aws_availability_zones":  dataSourceAwsAvailabilityZones(),
-			"aws_iam_policy_document": dataSourceAwsIamPolicyDocument(),
-			"aws_s3_bucket_object":    dataSourceAwsS3BucketObject(),
+			"aws_ami":                      dataSourceAwsAmi(),
+			"aws_availability_zones":       dataSourceAwsAvailabilityZones(),
+			"aws_iam_policy_document":      dataSourceAwsIamPolicyDocument(),
+			"aws_s3_bucket_object":         dataSourceAwsS3BucketObject(),
+			"aws_ecs_container_definition": dataSourceAwsEcsContainerDefinition(),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
 			"aws_ami":                                      resourceAwsAmi(),
 			"aws_ami_copy":                                 resourceAwsAmiCopy(),
 			"aws_ami_from_instance":                        resourceAwsAmiFromInstance(),
+			"aws_ami_launch_permission":                    resourceAwsAmiLaunchPermission(),
 			"aws_api_gateway_account":                      resourceAwsApiGatewayAccount(),
 			"aws_api_gateway_api_key":                      resourceAwsApiGatewayApiKey(),
 			"aws_api_gateway_authorizer":                   resourceAwsApiGatewayAuthorizer(),

builtin/providers/aws/resource_aws_ami_launch_permission.go

@@ -0,0 +1,104 @@
+package aws
+
+import (
+	"fmt"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsAmiLaunchPermission() *schema.Resource {
+	return &schema.Resource{
+		Exists: resourceAwsAmiLaunchPermissionExists,
+		Create: resourceAwsAmiLaunchPermissionCreate,
+		Read:   resourceAwsAmiLaunchPermissionRead,
+		Delete: resourceAwsAmiLaunchPermissionDelete,
+
+		Schema: map[string]*schema.Schema{
+			"image_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"account_id": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceAwsAmiLaunchPermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	conn := meta.(*AWSClient).ec2conn
+
+	image_id := d.Get("image_id").(string)
+	account_id := d.Get("account_id").(string)
+	return hasLaunchPermission(conn, image_id, account_id)
+}
+
+func resourceAwsAmiLaunchPermissionCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+
+	image_id := d.Get("image_id").(string)
+	account_id := d.Get("account_id").(string)
+
+	_, err := conn.ModifyImageAttribute(&ec2.ModifyImageAttributeInput{
+		ImageId:   aws.String(image_id),
+		Attribute: aws.String("launchPermission"),
+		LaunchPermission: &ec2.LaunchPermissionModifications{
+			Add: []*ec2.LaunchPermission{
+				&ec2.LaunchPermission{UserId: aws.String(account_id)},
+			},
+		},
+	})
+	if err != nil {
+		return fmt.Errorf("error creating ami launch permission: %s", err)
+	}
+
+	d.SetId(fmt.Sprintf("%s-%s", image_id, account_id))
+	return nil
+}
+
+func resourceAwsAmiLaunchPermissionRead(d *schema.ResourceData, meta interface{}) error {
+	return nil
+}
+
+func resourceAwsAmiLaunchPermissionDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+
+	image_id := d.Get("image_id").(string)
+	account_id := d.Get("account_id").(string)
+
+	_, err := conn.ModifyImageAttribute(&ec2.ModifyImageAttributeInput{
+		ImageId:   aws.String(image_id),
+		Attribute: aws.String("launchPermission"),
+		LaunchPermission: &ec2.LaunchPermissionModifications{
+			Remove: []*ec2.LaunchPermission{
+				&ec2.LaunchPermission{UserId: aws.String(account_id)},
+			},
+		},
+	})
+	if err != nil {
+		return fmt.Errorf("error removing ami launch permission: %s", err)
+	}
+
+	return nil
+}
+
+func hasLaunchPermission(conn *ec2.EC2, image_id string, account_id string) (bool, error) {
+	attrs, err := conn.DescribeImageAttribute(&ec2.DescribeImageAttributeInput{
+		ImageId:   aws.String(image_id),
+		Attribute: aws.String("launchPermission"),
+	})
+	if err != nil {
+		return false, err
+	}
+
+	for _, lp := range attrs.LaunchPermissions {
+		if *lp.UserId == account_id {
+			return true, nil
+		}
+	}
+	return false, nil
+}