Merge branch 'v1.27.0' into coveo-master

.travis.yml

@@ -6,6 +6,9 @@ language: go
 go:
 - 1.9.1
 
+git:
+  depth: 1
+
 before_install:
 - if [ ${TRAVIS_TAG::1} = v ];
   then

CHANGELOG.md

@@ -1,3 +1,44 @@
+## 1.27.0 (July 11, 2018)
+
+NOTES:
+
+* resource/aws_codebuild_project: The `service_role` argument is now required to match the API behavior and provide plan time validation. Additional details from AWS Support can be found in: https://github.com/terraform-providers/terraform-provider-aws/pull/4826
+* resource/aws_wafregional_byte_match_set: The `byte_match_tuple` argument name has been deprecated in preference of a new  `byte_match_tuples` argument name, for consistency with the `aws_waf_byte_match_set` resource to reduce any confusion working between the two resources and to denote its multiple value support. Its behavior is exactly the same as the old argument. Simply changing the argument name (adding the `s`) to configurations should upgrade without other changes.
+
+FEATURES:
+
+* **New Resource:** `aws_appsync_api_key` ([#3827](https://github.com/terraform-providers/terraform-provider-aws/issues/3827))
+* **New Resource:** `aws_swf_domain` ([#2803](https://github.com/terraform-providers/terraform-provider-aws/issues/2803))
+
+ENHANCEMENTS:
+
+* data-source/aws_region: Add `description` attribute ([#5077](https://github.com/terraform-providers/terraform-provider-aws/issues/5077))
+* data-source/aws_vpc: Add `cidr_block_associations` attribute ([#5098](https://github.com/terraform-providers/terraform-provider-aws/issues/5098))
+* resource/aws_cloudwatch_metric_alarm: Add `datapoints_to_alarm` and `evaluation_period` plan time validation ([#5095](https://github.com/terraform-providers/terraform-provider-aws/issues/5095))
+* resource/aws_db_parameter_group: Clarify naming validation error messages ([#5090](https://github.com/terraform-providers/terraform-provider-aws/issues/5090))
+* resource/aws_glue_connection: Add `physical_connection_requirements` argument `availability_zone` (currently required by the API) ([#5039](https://github.com/terraform-providers/terraform-provider-aws/issues/5039))
+* resource/aws_instance: Ignore `credit_specifications` when not using T2 `instance_type` ([#5114](https://github.com/terraform-providers/terraform-provider-aws/issues/5114))
+* resource/aws_instance: Allow AWS GovCloud (US) to perform tagging on creation ([#5106](https://github.com/terraform-providers/terraform-provider-aws/issues/5106))
+* resource/aws_lambda_function: Support `dotnetcore2.1` in `runtime` validation ([#5150](https://github.com/terraform-providers/terraform-provider-aws/issues/5150))
+* resource/aws_route_table: Ignore propagated routes during resource import ([#5100](https://github.com/terraform-providers/terraform-provider-aws/issues/5100))
+* resource/aws_security_group: Authorize and revoke only changed individual `ingress`/`egress` rules despite their configuration grouping (e.g. replacing an individual element in a multiple element `cidr_blocks` list) ([#4726](https://github.com/terraform-providers/terraform-provider-aws/issues/4726))
+* resource/aws_ses_receipt_rule: Add plan time validation for `s3_action` argument `position` ([#5092](https://github.com/terraform-providers/terraform-provider-aws/issues/5092))
+* resource/aws_vpc_ipv4_cidr_block_association: Support resource import ([#5069](https://github.com/terraform-providers/terraform-provider-aws/issues/5069))
+* resource/aws_waf_web_acl: Add `rules` `override_action` argument and support `GROUP` type ([#5053](https://github.com/terraform-providers/terraform-provider-aws/issues/5053))
+* resource/aws_wafregional_web_acl: Add `rules` `override_action` argument and support `GROUP` type ([#5053](https://github.com/terraform-providers/terraform-provider-aws/issues/5053))
+
+BUG FIXES:
+
+* resource/aws_codebuild_project: Prevent panic when empty `vpc_config` block is configured ([#5070](https://github.com/terraform-providers/terraform-provider-aws/issues/5070))
+* resource/aws_codebuild_project: Mark `service_role` as required ([#4826](https://github.com/terraform-providers/terraform-provider-aws/issues/4826))
+* resource/aws_glue_catalog_database: Properly return error when missing colon during import ([#5123](https://github.com/terraform-providers/terraform-provider-aws/issues/5123))
+* resource/aws_glue_catalog_database: Prevent error when deleted outside Terraform ([#5141](https://github.com/terraform-providers/terraform-provider-aws/issues/5141))
+* resource/aws_instance: Allow AWS China to perform volume tagging post-creation on first apply ([#5106](https://github.com/terraform-providers/terraform-provider-aws/issues/5106))
+* resource/aws_kms_grant: Properly return error when listing KMS grants ([#5063](https://github.com/terraform-providers/terraform-provider-aws/issues/5063))
+* resource/aws_rds_cluster_instance: Support `configuring-log-exports` status ([#5124](https://github.com/terraform-providers/terraform-provider-aws/issues/5124))
+* resource/aws_s3_bucket: Prevent extraneous ACL update during resource creation ([#5107](https://github.com/terraform-providers/terraform-provider-aws/issues/5107))
+* resource/aws_wafregional_byte_match_set: Deprecate `byte_match_tuple` argument for `byte_match_tuples` ([#5043](https://github.com/terraform-providers/terraform-provider-aws/issues/5043))
+
 ## 1.26.0 (July 04, 2018)
 
 FEATURES:

aws/aws_vpc_ipv4_cidr_block_association.go

@@ -21,6 +21,9 @@ func resourceAwsVpcIpv4CidrBlockAssociation() *schema.Resource {
 		Create: resourceAwsVpcIpv4CidrBlockAssociationCreate,
 		Read:   resourceAwsVpcIpv4CidrBlockAssociationRead,
 		Delete: resourceAwsVpcIpv4CidrBlockAssociationDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"vpc_id": {
@@ -78,18 +81,44 @@ func resourceAwsVpcIpv4CidrBlockAssociationCreate(d *schema.ResourceData, meta i
 func resourceAwsVpcIpv4CidrBlockAssociationRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ec2conn
 
-	assocRaw, state, err := vpcIpv4CidrBlockAssociationStateRefresh(conn, d.Get("vpc_id").(string), d.Id())()
+	input := &ec2.DescribeVpcsInput{
+		Filters: buildEC2AttributeFilterList(
+			map[string]string{
+				"cidr-block-association.association-id": d.Id(),
+			},
+		),
+	}
+
+	log.Printf("[DEBUG] Describing VPCs: %s", input)
+	output, err := conn.DescribeVpcs(input)
 	if err != nil {
-		return fmt.Errorf("Error reading IPv4 CIDR block association: %s", err)
+		return fmt.Errorf("error describing VPCs: %s", err)
+	}
+
+	if output == nil || len(output.Vpcs) == 0 || output.Vpcs[0] == nil {
+		log.Printf("[WARN] IPv4 CIDR block association (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
 	}
-	if state == VpcCidrBlockStateCodeDeleted {
+
+	vpc := output.Vpcs[0]
+
+	var vpcCidrBlockAssociation *ec2.VpcCidrBlockAssociation
+	for _, cidrBlockAssociation := range vpc.CidrBlockAssociationSet {
+		if aws.StringValue(cidrBlockAssociation.AssociationId) == d.Id() {
+			vpcCidrBlockAssociation = cidrBlockAssociation
+			break
+		}
+	}
+
+	if vpcCidrBlockAssociation == nil {
 		log.Printf("[WARN] IPv4 CIDR block association (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil
 	}
 
-	assoc := assocRaw.(*ec2.VpcCidrBlockAssociation)
-	d.Set("cidr_block", assoc.CidrBlock)
+	d.Set("cidr_block", vpcCidrBlockAssociation.CidrBlock)
+	d.Set("vpc_id", vpc.VpcId)
 
 	return nil
 }

aws/aws_vpc_ipv4_cidr_block_association_test.go

@@ -28,6 +28,16 @@ func TestAccAwsVpcIpv4CidrBlockAssociation_basic(t *testing.T) {
 					testAccCheckAdditionalAwsVpcIpv4CidrBlock(&associationTertiary, "170.2.0.0/16"),
 				),
 			},
+			{
+				ResourceName:      "aws_vpc_ipv4_cidr_block_association.secondary_cidr",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				ResourceName:      "aws_vpc_ipv4_cidr_block_association.tertiary_cidr",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }

aws/config.go

@@ -90,6 +90,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/sqs"
 	"github.com/aws/aws-sdk-go/service/ssm"
 	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/aws/aws-sdk-go/service/swf"
 	"github.com/aws/aws-sdk-go/service/waf"
 	"github.com/aws/aws-sdk-go/service/wafregional"
 	"github.com/davecgh/go-spew/spew"
@@ -221,6 +222,7 @@ type AWSClient struct {
 	sdconn                *servicediscovery.ServiceDiscovery
 	sfnconn               *sfn.SFN
 	ssmconn               *ssm.SSM
+	swfconn               *swf.SWF
 	wafconn               *waf.WAF
 	wafregionalconn       *wafregional.WAFRegional
 	iotconn               *iot.IoT
@@ -521,6 +523,7 @@ func (c *Config) Client() (interface{}, error) {
 	client.snsconn = sns.New(awsSnsSess)
 	client.sqsconn = sqs.New(awsSqsSess)
 	client.ssmconn = ssm.New(awsSsmSess)
+	client.swfconn = swf.New(sess)
 	client.wafconn = waf.New(sess)
 	client.wafregionalconn = wafregional.New(sess)
 	client.batchconn = batch.New(sess)

aws/data_source_aws_ebs_volume_test.go

@@ -61,8 +61,10 @@ func testAccCheckAwsEbsVolumeDataSourceID(n string) resource.TestCheckFunc {
 }
 
 const testAccCheckAwsEbsVolumeDataSourceConfig = `
+data "aws_availability_zones" "available" {}
+
 resource "aws_ebs_volume" "example" {
-  availability_zone = "us-west-2a"
+  availability_zone = "${data.aws_availability_zones.available.names[0]}"
   type = "gp2"
   size = 40
   tags {
@@ -84,8 +86,10 @@ data "aws_ebs_volume" "ebs_volume" {
 `
 
 const testAccCheckAwsEbsVolumeDataSourceConfigWithMultipleFilters = `
+data "aws_availability_zones" "available" {}
+
 resource "aws_ebs_volume" "external1" {
-  availability_zone = "us-west-2a"
+  availability_zone = "${data.aws_availability_zones.available.names[0]}"
   type = "gp2"
   size = 10
   tags {

aws/data_source_aws_region.go

@@ -31,6 +31,11 @@ func dataSourceAwsRegion() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -81,6 +86,8 @@ func dataSourceAwsRegionRead(d *schema.ResourceData, meta interface{}) error {
 
 	d.Set("name", region.ID())
 
+	d.Set("description", region.Description())
+
 	return nil
 }
 

aws/data_source_aws_region_test.go

@@ -93,6 +93,7 @@ func TestAccDataSourceAwsRegion_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "true"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", "ec2.us-east-1.amazonaws.com"),
 					resource.TestCheckResourceAttr(resourceName, "name", "us-east-1"),
+					resource.TestCheckResourceAttr(resourceName, "description", "US East (N. Virginia)"),
 				),
 			},
 		},
@@ -109,6 +110,8 @@ func TestAccDataSourceAwsRegion_endpoint(t *testing.T) {
 	endpoint2 := "ec2.us-east-2.amazonaws.com"
 	name1 := "us-east-1"
 	name2 := "us-east-2"
+	description1 := "US East (N. Virginia)"
+	description2 := "US East (Ohio)"
 	resourceName := "data.aws_region.test"
 
 	resource.Test(t, resource.TestCase{
@@ -122,6 +125,7 @@ func TestAccDataSourceAwsRegion_endpoint(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "true"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint1),
 					resource.TestCheckResourceAttr(resourceName, "name", name1),
+					resource.TestCheckResourceAttr(resourceName, "description", description1),
 				),
 			},
 			resource.TestStep{
@@ -131,6 +135,7 @@ func TestAccDataSourceAwsRegion_endpoint(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "false"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint2),
 					resource.TestCheckResourceAttr(resourceName, "name", name2),
+					resource.TestCheckResourceAttr(resourceName, "description", description2),
 				),
 			},
 			resource.TestStep{
@@ -151,6 +156,8 @@ func TestAccDataSourceAwsRegion_endpointAndName(t *testing.T) {
 	endpoint2 := "ec2.us-east-2.amazonaws.com"
 	name1 := "us-east-1"
 	name2 := "us-east-2"
+	description1 := "US East (N. Virginia)"
+	description2 := "US East (Ohio)"
 	resourceName := "data.aws_region.test"
 
 	resource.Test(t, resource.TestCase{
@@ -164,6 +171,7 @@ func TestAccDataSourceAwsRegion_endpointAndName(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "true"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint1),
 					resource.TestCheckResourceAttr(resourceName, "name", name1),
+					resource.TestCheckResourceAttr(resourceName, "description", description1),
 				),
 			},
 			resource.TestStep{
@@ -173,6 +181,7 @@ func TestAccDataSourceAwsRegion_endpointAndName(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "false"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint2),
 					resource.TestCheckResourceAttr(resourceName, "name", name2),
+					resource.TestCheckResourceAttr(resourceName, "description", description2),
 				),
 			},
 			resource.TestStep{
@@ -182,6 +191,7 @@ func TestAccDataSourceAwsRegion_endpointAndName(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "true"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint1),
 					resource.TestCheckResourceAttr(resourceName, "name", name1),
+					resource.TestCheckResourceAttr(resourceName, "description", description1),
 				),
 			},
 			resource.TestStep{
@@ -206,6 +216,8 @@ func TestAccDataSourceAwsRegion_name(t *testing.T) {
 	endpoint2 := "ec2.us-east-2.amazonaws.com"
 	name1 := "us-east-1"
 	name2 := "us-east-2"
+	description1 := "US East (N. Virginia)"
+	description2 := "US East (Ohio)"
 	resourceName := "data.aws_region.test"
 
 	resource.Test(t, resource.TestCase{
@@ -219,6 +231,7 @@ func TestAccDataSourceAwsRegion_name(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "true"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint1),
 					resource.TestCheckResourceAttr(resourceName, "name", name1),
+					resource.TestCheckResourceAttr(resourceName, "description", description1),
 				),
 			},
 			resource.TestStep{
@@ -228,6 +241,7 @@ func TestAccDataSourceAwsRegion_name(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "current", "false"),
 					resource.TestCheckResourceAttr(resourceName, "endpoint", endpoint2),
 					resource.TestCheckResourceAttr(resourceName, "name", name2),
+					resource.TestCheckResourceAttr(resourceName, "description", description2),
 				),
 			},
 			resource.TestStep{

aws/data_source_aws_vpc.go

@@ -20,6 +20,27 @@ func dataSourceAwsVpc() *schema.Resource {
 				Computed: true,
 			},
 
+			"cidr_block_associations": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"association_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"cidr_block": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"state": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+
 			"dhcp_options_id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -141,6 +162,19 @@ func dataSourceAwsVpcRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("state", vpc.State)
 	d.Set("tags", tagsToMap(vpc.Tags))
 
+	cidrAssociations := []interface{}{}
+	for _, associationSet := range vpc.CidrBlockAssociationSet {
+		association := map[string]interface{}{
+			"association_id": aws.StringValue(associationSet.AssociationId),
+			"cidr_block":     aws.StringValue(associationSet.CidrBlock),
+			"state":          aws.StringValue(associationSet.CidrBlockState.State),
+		}
+		cidrAssociations = append(cidrAssociations, association)
+	}
+	if err := d.Set("cidr_block_associations", cidrAssociations); err != nil {
+		return fmt.Errorf("error setting cidr_block_associations: %s", err)
+	}
+
 	if vpc.Ipv6CidrBlockAssociationSet != nil {
 		d.Set("ipv6_association_id", vpc.Ipv6CidrBlockAssociationSet[0].AssociationId)
 		d.Set("ipv6_cidr_block", vpc.Ipv6CidrBlockAssociationSet[0].Ipv6CidrBlock)

aws/data_source_aws_vpc_test.go

@@ -59,6 +59,25 @@ func TestAccDataSourceAwsVpc_ipv6Associated(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceAwsVpc_multipleCidr(t *testing.T) {
+	rInt := rand.Intn(16)
+	rName := "data.aws_vpc.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckVpcDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsVpcConfigMultipleCidr(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(rName, "cidr_block_associations.#", "2"),
+				),
+			},
+		},
+	})
+}
+
 func testAccDataSourceAwsVpcCheck(name, cidr, tag string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[name]
@@ -147,3 +166,23 @@ data "aws_vpc" "by_filter" {
   }
 }`, cidr, tag)
 }
+
+func testAccDataSourceAwsVpcConfigMultipleCidr(octet int) string {
+	return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+  cidr_block = "10.%d.0.0/16"
+}
+
+resource "aws_vpc_ipv4_cidr_block_association" "test" {
+  vpc_id = "${aws_vpc.test.id}"
+  cidr_block = "172.%d.0.0/16"
+}
+
+data "aws_vpc" "test" {
+  filter {
+    name = "cidr-block-association.cidr-block"
+    values = ["${aws_vpc_ipv4_cidr_block_association.test.cidr_block}"]
+  }
+}
+`, octet, octet)
+}