* Revert "Merge pull request #1434 from terraform-providers/paddy_revert_beta"
This reverts commit 118cd71201, reversing
changes made to d59fcbbc59.
* add ConvertSelfLinkToV1 calls to places where beta links are stored
Fix a panic in our test that is caused by a ListPolicy being nil. I
assume, but cannot verify, that this is an API change in that it may now
send back a nil listpolicy if a default is used.
Add the `enable_flow_logs` field to our subnetwork resource, so we can
specify whether [flow logs][1] should be enabled in Terraform configs.
Note that this behavior isn't explicitly documented yet, but it has made
it into the beta API client.
[1]: https://cloud.google.com/vpc/docs/using-flow-logs
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
This PR does a few things to the User-Agent header:
1. It puts Terraform/(version) first, since that's the way the RFC
expects it
2. It removes the goos and goarch data, although I could be convinced to
put it back in, I don't see what value it's providing
3. Moves directly to consuming the version package (which is the comment
above the function previously being called)
This simply adds the specification for operation timeouts, and sets
sane defaults. In testing against specific regions, creation of SQL
databases would fluctuate between 7-14 minutes against us-east1. As
such, a 15m creation threshold is recommended for this. Update and
Delete operations will adhere to 10m timeouts.
This follows a similar format as #1309.
* escape the folder name (in case of spaces, etc)
* add test case for folder with space
* add missing args
* make separate tests for each folder test, get folder name length under API limits
* further abstract out the resource name to prevent test collisions
* workaround multiple results returning for a given query by looping over return
* split test cases into separate funcs
* adding google folder data source with get by id, search by fields and lookup organization functionality
* removing search functionality
* creating folders for each test and updating documentation with default values
* Add support for regional GKE clusters in google_container_cluster:
* implement operation wait for v1beta1 api
* implement container clusters get for regional clusters
* implement container clusters delete for regional cluster
* implement container clusters update for regional cluster
* simplify logic by using generic 'location' instead of 'zone' and 'region'
* implement a method to generate the update function and refactor
* rebase and fix
* reorder container_operation fns
* cleanup
* add import support and docs
* additional locations cleanup
* Updates the default GKE legacy ABAC setting to false
* Updates docs for container_cluster
* Update test comments
* Format fix
* Adds ImportState test step to default legacy ABAC test
* Add time partitioning field to google_bigquery_table resource
* Fix flatten time partitioning field to google_bigquery_table resource
* Add resource bigquery table time partitioning field test
* Move resource bigquery table time partitioning field test to basic
* Add step to check that all the fields match
* Mark resource bigquery table time partitioning field as ForceNew
* Add time partitioning field test to testAccBigQueryTable config
* Updated google.golang.org/api/container/v1beta1
* Added support for private_cluster and master_ipv4_cidr
This is to implement #1174. See
https://groups.google.com/forum/#!topic/google-cloud-sdk-announce/GGW3SQSANIc
* Added simple test for private_cluster and master_ipv4_cidr
* Review replies
* Added some documentation for private_cluster
This updates the organization policy tests to be run sequentially,
instead of in parallel, as they share a resource that they're modifying.
It also updates them to use a separate organization than the one all our
other tests are running in, which prevents other tests from failing
because they're run in parallel to the organization policy changing
under them.
* add util for handling wrapped/raw google api errors
* add 404 error handling to shared iam files
* fix errwrap calls in iam files
* fix import
* remove newlines, clear ID for removed state in iam binding
* move setid calls back
* Revert "move setid calls back"
This reverts commit 0c7b2dbf92aff33dac8c5beb95568c2bc86dd7de.
* add update support for pod security policy
* update test
* add comment about updates
PR #1217 mistakenly updated the Set logic when flattening backends,
which caused some cascading errors and wasn't strictly necessary to
resolve the issue at hand. This backs out those changes, and instead
makes the smallest possible change to resolve the initial error, by
separating the logic for flattening regional backends from the logic for
flattening global backends.
We had several calls to `d.Set` that returned errors we weren't
catching, that turning on the panic flag for the tests caught. This PR
addresses them, and fixes the one test that was not safe to run in
parallel because it relied on a hardcoded name being unique.
This is largely just removing calls to `d.Set` for fields that don't
exist in the Schema, fixing how Sets get set, correcting typos, and
converting types.
We have a set of constraints we apply to our organization as part of a
test for the organization policy functionality. This can get stuck from
quota issues, or it can run in parallel to other tests. The policy
currently limits the projects that images can be used from to the
project running the test, but a lot of our tests use images from the
debian-cloud project. This just updates the policy to allow debian-cloud
images to be used, too, so even if the policy doesn't properly get
cleaned up or if it runs in parallel with other tests, our tests are
still within the policy.
The real fix for this is to set up a separate org for testing, so we're
not modifying the test environment under running tests, but that'll take
a bit more time, so this is the patchfix until that can happen.
Managed zone tests are failing because we're attempting to use the naked
domain as the managed zone, when it's already being managed by GCP. By
making a subdomain the managed zone, we avoid this problem.
* move setid calls back
* add support for pod security policy
* pod security policy docs
* Revert "move setid calls back"
This reverts commit 0c7b2dbf92aff33dac8c5beb95568c2bc86dd7de.
* cleanup
* remove comments about disabling update
* add extra wait for storage bucket object deletion
* make timeout for object deletion 5 minutes, make it succeed 3 times
* delete the cluster before deleting the bucket
* deprecate delete_autogen_bucket
* improve deprecation message
Exposes existing `google_compute_backend_service` as data sources.
This addresses #149 .
This allows, for instance, to collect a backend service's self_link and
use it from an other workspace/tfstate, sharing most of the
loadbalancers definition.
* add import helpers for generated code
* Updates to backend bucket and transport.go from MM
* add generated http(s)_health_check resources
* name is required; transport import style
* update docs with new fields/timeouts
* fixes
* Support `distributionPolicy` when creating regional instance group managers.
* Better match the API structure of distributionPolicy.
* Switch to "distribution_policy_zones".
This approach lets us more simply allow a list of zones to use, while
providing a deprecation path for implementing the distribution policy
field more holistically, avoiding backwards-incompatible changes.
* fix typo
* use slice instead of Set for flattenDP
* vendor container/v1beta1
* revendor container/v1beta1
* add beta scaffolding for gke resources
* fix json unmarshal error
* fix issues with trying to convert interface instead of struct
* same fixes but for node pool
* move setid calls back
* Expose first ip address on sql db instance.
Signed-off-by: Desmond Pompa Alarcon Rawls <captaingrover@gmail.com>
* Use the ip_address key on the first map in ip_address list.
Signed-off-by: Genevieve LEsperance <glesperance@pivotal.io>
* Run first_ip_address test check if there is an ip address.
Signed-off-by: Desmond Pompa Alarcon Rawls <captaingrover@gmail.com>
* Add first_ip_address to sql db instance scheme.
Signed-off-by: Genevieve LEsperance <glesperance@pivotal.io>
The GCP backend apparently lowercases the values, no matter what you
enter, so we consider uppercase and lowercase values to be equivalent.
This fixes#862.
* add json omitted fields back when converting
* for testing: don't use json in convert
* try a combination of structs and mapstructure libraries
* Revert "try a combination of structs and mapstructure libraries"
This reverts commit eab11aa95d3abb74b240988e5c99d6e9525db96c.
* Revert "for testing: don't use json in convert"
This reverts commit 96af067b29dd147fcedb55995ebc8a17c6a9d1b2.
* Add Set method to TerraformResourceData and ResourceDataMock
* Add Id() and SetId() to ResourceDataMock and TerraformResourceData
* Keep only name when reading region or zone field to handle api that returns self_link
* Remove bad test in testAccContainerCluster_withIPAllocationPolicy
One step was expecting the test to fail if the subnetwork defines
secondary ip ranges that the cluster doesn't use. However, it is
perfectly fine to do so and we don't expect an error.
* Revert "Remove bad test in testAccContainerCluster_withIPAllocationPolicy"
This reverts commit af2f369907181a107cfc0ed9fa2ff0e288f02f66.
* Fail if use_ip_aliases is true and no range names is provided
* make fmt
* don't introduce new field for now. Wait until we want to support new feature in allocation policy
* Storage Default Object ACL resource
* Fixed the doc
* Renamed the resource id. Log change
* Complying with go vet
* Changes for review
* link to default object acl docs in sidebar
* Support for GCS notifications
* docs for storage notification
* docs for storage notification
* Clarified the doc
* Doc modifications
* Addressing requested changes from review
* Addressing requested changes from review
* Using ImportStatePassthrough
* Storage Default Object ACL resource
* Fixed the doc
* Renamed the resource id. Log change
* Complying with go vet
* Changes for review
* link to default object acl docs in sidebar
* Import google_compute_shared_vpc_host_project/google_compute_shared_vpc_service_project resources.
* Incorporate testing of resource import into main acceptance tests.
* Add update support for compute instance fields that require the machine to be stopped
* add warnings in docs about stopping the instance before updating
* add allow_stopping_for_update field
* Update sqladmin api
Pull in updates to the generated sqladmin api and update callers for
the change in the StorageAutoResize setting
* Add support for availability_type setting
Allow specifying ZONAL or REGIONAL to allow for PostgreSQL HA
setup.
* vendor: update sqladmin/v1beta4
* Test setting AvailabilityType for PostgreSQL
Add tests that cover the creation of a Postgres database with
AvailabilityType set to REGIONAL, and correct some small issues that
were preventing compilation.
* Fix breaking change w/ disk_autoresize in cloudsql
95e5582766
The cloudsql admin client changed the way it handles StorageAutoResize
as a parameter, in order to be more explicit about when the server has
ommitted the field. This changed the type from being bool to *bool, and
we need to modify provider code so that we supply the right value to the
api client.
* skip guest accelerators if count is 0.
Instances in instance groups in google will fail to provision, despite
requesting 0 GPUs. This came up for me when trying to provision
a similar instance group in all available regions, but only asking for
GPU's in those that support them by parameterizing the `count` and
setting it to 0.
This might be a violation of some terraform principles. For example,
testing locally with this change `terraform` did not recognize that
indeed my infra needed to be re-deployed (from it's pov, I assume it
believes this because inputs hadn't changed). Additionally, there may be
valid reasons for creating an instance template with 0 gpu's that can be
tuned upwards.
* Add guest accelerator skip test for instances.
* do not leave empty pointers to guest accelerators.
* attempt to clear guest accelerator diff
* conditionally customize diff for guest accels
* read boot disk initialization param from API
* make fmt
* Mark the initialize_params list as computed to support boot source
* Ensure private family test follow naming pattern
* Improve docs
* Add import support to google_dns_record_set
* Add import test to NS record
* Minimize diff change
* Improve docs
* Make error message more helpful
* Add note about trailing dot at the end of the record name
Add support for Google Dataflow jobs
Note: A dataflow job exists when it is in a nonterminal state, and does not exist if it
is in a terminal state (or a non-running state which can only transition into terminal
states). See doc for more detail.
* Initial commit
* Adding google_cloudfunction_function resource
* Some FMT updates
* Working Cloud Function Create/Delete/Get
Create is limited to gs:// source now.
* Fixed tests import
* Terraform now is able to apply and destroy function
* Fully working Basic test
* Added:
1. Allowed region check
2. readTimeout helper
* Found better solution for conflicting values
* Adding description
* Adding full basic test
* dded Update functionality
* Made few more optional params
* Added test for Labels
* Added update tests
* Added storage_* members and made function source deploy from storage bucket object
* Adding comments
* Adding tests for PubSub
* Adding tests for Bucket
* Adding Data provider
* Fixing bug which allowed to miss error
* Amending Operation retrieval
* Fixing vet errors and vendoring cloudfunctions/v1
* Fixing according to comments
* Fixing according to comments round #2
* Fixing tabs to space
* Fixing tabs to space and some comments #3
* Re-done update to include labels in one update with others
* Adding back default values. In case of such scenario, when user creates function with some values for "timeout" or "available_memory_mb", and then disables those attributes. Terraform plan then gives:
No changes. Infrastructure is up-to-date.
This is an error. By adding const we would avoid this error.
* Fixed MixedCase and more tabs
* Add internalIpOnly support for Dataproc clusters
* Add internal_ip_only to dataproc cluster docs
* Add default/basic dataproc internal ip test case
* Add test for dataproc internal_ip_only=true
* fixup cluster_config.gce_cluster_config to include .0.
* Remove redundant depends_on
* Add %s rnd to network and subnetwork
* Use variable for subnet CIDR and reference via source_ranges
* Add depends_on back to dataproc cluster test
* Fix cluster attribute refs (.0. again)
* Add 'google_organization' data source.
* Use 'GetResourceNameFromSelfLink'.
* Remove 'resourcemanager_helpers'.
* Use 'ConflictsWith' in schema.
* Add 'organization' argument and make 'name' an output-only attribute.
* Add 'google_billing_account' data source.
* Use 'GetResourceNameFromSelfLink'.
* Use 'ConflictsWith' in schema.
* Use pagination for List() API call.
* Add ability to filter by 'open' attribute.
* Don't use 'ForceNew' for data sources.
* Add 'billing_account' argument and make 'name' an output-only attribute.
* Correct error message.
* Add google_kubernetes_cluster datasource
Add documentation for google_kubernetes_cluster datasource
Rename datasource to google_container_cluster
To be consistent with the equivalent resource.
Rename datasource in docs.
google_kubernetes_cluster -> google_container_cluster.
Also add reference in google.erb file.
WIP
Datasource read needs to set an ID, then call resource read func
Add additional cluster attributes to datasource schema
* Generate datasource schema from resource
Datasource documentation also updated.
* add test for datasourceSchemaFromResourceSchema
* Code review changes
* Add IAM support for pubsub topic
* Fix resource name
* Add update test for iam_policy resource
* Standardize policy conversion function
* Standardize policy conversion function all resources
* Create google_kms_secret datasource
* Create google_kms_secret datasource documentation
* Remove duplicated code
* Create acceptance test
* Fix indentation
* Add documentation to sidebar
* Update Cloud SDK link in docs
* Oxford comma
* Rename variable to make it clear which resource is under test
* Update test to use utils from provider_test
* Add new data source: compute region instance group manager's groups.
* Add documentation for wait_for_instances and for the timeout mechanism in resourceComputeRegionInstanceGroupManagerCreate.
* Bugfix: add read back in to the KMS crypto key read method.
Impact of this bug: if a user deleted a crypto key outside terraform and then reran `apply`, the old key would stay in the plan.
* Fix panic in validate method.
* Make import test confirm validity of reads.
Remove all instances of GOOGLE_XPN_HOST_PROJECT environment variable.
Instead of GOOGLE_XPN_HOST_PROJECT being required to run some tests, I added the ability to create and tear down the necessary project structure.
This allows us to remove one environment variable, and use two others which are already widely-required: org and billing ID.
Add consistency for for IAM imports.
- Adds imports for projects, folders, crypto keys, organizations, and key rings.
- Anything else with IAM can implement a simple method and begin working immediately.
- Add tests for all the IAM imports.
- Import documentation for IAM resources.
Previously, provider credentials were _supposed_ to be able to be
specified as the file contents or the path to the file. We even had a
test for the code for this!
Then we updated the validation for the provider, and forgot to validate
filepaths as ok. So provider validation failed. And because our test
only tested the config validation, and not the provider validation, our
tests thought this was just fine still.
This fixes that oversight, accepting filepaths as valid. It also adds
tests to ensure that provider validation allows both file paths and
contents.
- Fetch Zone attribute any place where it *was* being fetched from the schema by
combination schema / provider-level attribute.
- Allow region to be unspecified if zone is specified.
- Switch one example to using provider-level zone as an example.
- Make provider-level zone optional. (Individual resources will fail if they can't find a zone.)
- Add tests for getZone and getRegion.
It's getting hung up on a database replica instance that's not running,
so it can't stop it.
To resolve, we're only trying to stop replica instances that are in a
running state. Also, I noticed a bug that we'd try to delete replicas
twice, so I fixed that, as well.
We introduced special handling for NS records in 1.2.0 under the
assumption that ALL NS records can't be deleted. This isn't actually
true. Only NS records for the naked domain of the managed zone can't be
removed; all other NS records can be. Because of this, 1.2.0 contains a
bug where all NS records are removed.
This update fixes the situation to only use special handling on NS
records that are for the naked root domain of the managed zone, and
treat all subdomain NS records as normal records. It also adds a test to
ensure this functionality.
Fixes#729.
We removed ipv4_range, but the API still exists, it's just deprecated.
This breaks configs for users that haven't migrated off yet. I added it
back, added some tests to use it, included it in the docs, and basically
tried to put things back the way they were. The main difference now is
that the auto_create_subnetworks field defaults to true, and we want to
keep that behaviour to avoid a breaking change. So now if users want to
use the lagacy API, they need to set auto_create_subnetworks to false
explicitly.
* Detect changes to local file or changes made outside of Terraform to the file stored on the server.
* Add comment about why the detect_md5hash field is optional and not computed
* Move AliasIpRange helpers into utils
To reflect the fact they'll be used by multiple resources.
* Pass Config to build helpers, not meta
It's the only thing meta is used for.
* Refactor getNetwork util methods to return early for the happy path.
* Update compute APIs
compute.Instance.MinCpuPlatform is now GA.
* Fix panic in TestComputeInstanceMigrateState
This seemed to be a pre-existing issue, i.e. I could repro it in master.
--- FAIL: TestComputeInstanceMigrateState (0.00s)
panic: interface conversion: interface {} is nil, not *google.Config [recovered]
panic: interface conversion: interface {} is nil, not *google.Config
goroutine 85 [running]:
testing.tRunner.func1(0xc4205d60f0)
/usr/local/Cellar/go/1.9.1/libexec/src/testing/testing.go:711 +0x2d2
panic(0x203acc0, 0xc4205d2080)
/usr/local/Cellar/go/1.9.1/libexec/src/runtime/panic.go:491 +0x283
github.com/terraform-providers/terraform-provider-google/google.migrateStateV3toV4(0xc4205f2000, 0x0, 0x0, 0x0, 0x48, 0xc4205f2000)
/Users/negz/control/go/src/github.com/terraform-providers/terraform-provider-google/google/resource_compute_instance_migrate.go:182 +0x2405
github.com/terraform-providers/terraform-provider-google/google.resourceComputeInstanceMigrateState(0x2, 0xc4205f2000, 0x0, 0x0, 0x0, 0x0, 0xe0000000000)
/Users/negz/control/go/src/github.com/terraform-providers/terraform-provider-google/google/resource_compute_instance_migrate.go:48 +0x21a
github.com/terraform-providers/terraform-provider-google/google.runInstanceMigrateTest(0xc4205d60f0, 0x2260816, 0x8, 0x227d23a, 0x20, 0x2, 0xc4205ec0f0, 0xc4205ec120, 0x0,
0x0)
/Users/negz/control/go/src/github.com/terraform-providers/terraform-provider-google/google/resource_compute_instance_migrate_test.go:803 +0xc1
github.com/terraform-providers/terraform-provider-google/google.TestComputeInstanceMigrateState(0xc4205d60f0)
/Users/negz/control/go/src/github.com/terraform-providers/terraform-provider-google/google/resource_compute_instance_migrate_test.go:71 +0xc84
testing.tRunner(0xc4205d60f0, 0x22d81c0)
/usr/local/Cellar/go/1.9.1/libexec/src/testing/testing.go:746 +0xd0
created by testing.(*T).Run
/usr/local/Cellar/go/1.9.1/libexec/src/testing/testing.go:789 +0x2de
FAIL github.com/terraform-providers/terraform-provider-google/google 0.035s
* Use only the v1 API for resource_compute_instance
Alias IP ranges, Accelerators, and min CPU platform are now GA.
* Move common instance code into utils.go
Methods used by both resource_compute_instance and
resource_compute_instance_template are currently spread between their respective
files, and utils.go.
This commit moves them all into utils.go for the sake of consistency. It may be
worth considering an instance_common.go file or similar.
* Unify compute_instance and compute_instance_template network_interface and service_account code
This has the side effect of enabling Alias IP range support for
compute_instance_templates.
* Add tests for compute instance template Alias IP ranges
* Mark instance template region as computed
We compute it from the subnet its network interfaces are in. Note this
is not new behaviour - I believe it was erroneously missing the computed
flag.
* Support guest accelerators for instance templates
Since most of the code is already there.
* Add a test for using 'address' rather than 'network_ip' for instance templates
* Don't mark assigned_nat_ip as deprecated
* Remove network_interface schema fields that don't make sense for a compute instance template
* Add newline after count in instance template docs
* Don't try to dedupe guest accelerator expansion code
The API calls to Google to create guest accelerators take different values
for instances and instance templates. Instance templates don't have a zone
and can thus *only* be passed a guest accelerator name.
* Use ParseNetworkFieldValue instead of getNetworkLink
* Add support for parsing regional fields, and subnetworks specifically
Currently unused because subnetworks may have a separate project from that
of the instance using them, which complicates looking up the project field.
* Fall back to provider region when parsing regional field values
Also slightly refactors getXFromSchema field helper functions for readability.
* Revert to assigned_nat_ip in compute instance docs
* Add beta scaffolding to compute instance and compute instance template
Note these resources don't currently use beta features - this is futureproofing.
* Fix indentation in comment about instance template alias IP ranges
* Consolidate metadata helper functions in metadata.go
* Move compute instance (and template) related helpers into their own file
* add support for ip aliasing in `google_container_cluster`
* [review] cleanup galore, infer feature enablement from `ip_allocation_policy`
* [review] cleanup, round 2
* add nil check back (when reading ip allocation policy from API)
* Add IAM bindings and member resources for KMS KeyRings
* Add IAM bindings and member resources for KMS CryptoKeys
* Docs for key ring and crypto key IAM resources
* Exctract KMS policy conversions to helper functions
* Split iam_binding and iam_member tests for KMS
* Docs for kms IAM member resources
* Run KMS IAM tests in own project
* add support for `google_container_node_pool` management (sans-tests)
* [review] add tests, docs, general cleanup
* add docs
* [review] amend test to check updates and terraform fmt
* test updates, make nested management fields non-computed
* Refactor project iam binding and member resources to improve reusability
* Use default mask when updating project iam policy
* Add a doc comment for the ResourceIamUpdater interface
* Add the "compute_global_address" datasource
* Add a basic test for the "compute_global_address" datasource
* Include the "compute_global_address" in the provider
* Add docs for the "compute_global_address" datasource
Since this variable is only used for 3 tests, it doesn't make sense
to declare it as mandatory in the test config. Therefore, concerned tests
are now skipped if the variable is absent.
* Remove import support for org policy
* Add ForceNew to org_id field
* Revert "Remove import support for org policy"
This reverts commit f65d9fb347d6b0998be55ef823c5726e876c53ae.
* Add import documentation for google_organization_policy
* Add the "compute_address" datasource
* Add a basic test for the "compute_address" datasource
* Include the "compute_address" datasource in the provider
* Add the documentation for the "compute_address" datasource
* Adds support for creating KMS CryptoKeys resources
* Destroy extant CryptoKeyVersions on CryptoKey destroy
* Inherit project, location etc from KeyRing in CryptoKey
* Add function to calculate next rotation
* Implement RotationPeriod parameter on CryptoKey
* Import CryptoKey state
* Uncommit my local acceptance test hacks
* Docs for google_kms_crypto_key
* Clear id at the end of CryptoKey deletion
Also add more detail to warning message.
* Fix parseCryptoKeyId error messages
* Use correct naming in CryptoKeyIdParsing test
* Check RotationPeriod is present in acceptance test
* Rename variable in test function for consistency
* Fix wrong resource name in cryptokey docs
* Add KeyRing to CryptoKey doc example
* Run test CryptoKey configs through terraform fmt
* Don't set CryptoKey purpose in terraform state on import
* Fix indentation in CryptoKey test
* Parallelise CryptoKey tests
* Set rotation_key on CryptoKey read
* Move RotationPeriod validation to planning phase
* Use import state passthrough for CryptoKey
* Correct casing issues in test case names
* Remove redundant CheckDestroy calls in CryptoKey tests
* Add explanatory comment about extra test steps
* More explicit error handling in CryptoKey tests
* Explicit dependency on project services in test keyring configs
* Clean up comments in cryptokey resource
* Do not repeat in cryptokey id regexes
* Relax diff on maintenance_policy.daily_maintenance_window.start_time
If the maintenance window has been set outside of Terraform to a time with a
single-digit hour (such as 1:00), and the terraform definition is set to the
same hour but with a leading zero as per validation (i.e. 01:00), do not
consider the time to be changed (as we currently don't support update on this
property).
Fixes#719
* Generalise rfc3339TimeDiffSuppress and add more test cases
Because of weirdness in our test runner, our CI tries to run every test
that matches the TestAcc* prefix, _even if it's commented out_. This
leads to failed tests in CI for tests that aren't even running, which is
annoying.
This PR just lowercases the first letter of the test so it doesn't match
the prefix anymore and the CI won't try to run it.
- Accepts self_link in addition of health check name
- Removes the need for an API call to generate the self link
- Improves the documentation to mention that only the legacy google_compute_http_health_check is supported. This will prevent our user from being stuck like mentioned here: #300.
- Adds a MaxItems:1 in the schema. You can't have more than one. The API will fail. The official docs also says so.
- Adds a check to the acceptance test to ensure the health checks are properly setup.
* Add support for maintenance window on google_container_cluster (#526)
* Address review comments
- Set ForceNew: true on the schema element daily_maintenance_window
- Correct resource name in acceptance test
- Correct documentation of resource attribute maintenance_policy.0.daily_maintenance_window.0.duration
* Add support for Kubernetes alpha features
* Add tests for support of Kubernetes alpha features
* Fix dodgy copy and paste operations
* Add documentation
* initial work on adding IAP support for backend services
* readback of IAP
* flatten IAP + static set id
* expandIap function
* removed enabled flag/state rework
Removed the enabled flag for IAP
IAP is now enabled when the client id and secret are set
IAP now correctly disables when IAP stanza is removed
Client secret is now correctly hashed against the secret hash stored on the server
* Tests for IAP
* added comments, fixed tabs.
* testing for IAP disabled
Rename all ID fields to {resource_noun}_id instead of removing them
outright. This means people can still get at the info.
Leave project's id deleted. It has been marked as Removed for months.
I'm fine with cleaning it up before 1.0.0.
Also, update website docs.
Right now we can't create subscription on a topic in a different gcp
project since it assume the project from the subscription. The provider
always create the full topic name string
projects/{project}/topics/{topic} with the received topic property.
Using a regexp we validate if the string is already in
the format projects/{project}/topics/{topic} and if it's the case
we don't wrap it again and take it directly. The original functionality
is maintained but it's possible to specify a different project for the
topic.
* Instantiate the cloudkms client
* Implement Create and Read for the kms key ring resource
* Expose the kms key ring resource
* Create acceptance test for creating a KeyRing, fix read to use KeyRing ID
* Add cloudkms library to vendor
* Address style comments
* Use fully-qualified keyring name in read operation
* Remove call to SetId during read operation
* Set ID as entire resource string
* Spin up a new project for acceptance test
* Use Getenv for billing and org environment variables
* And test and logs around removal from state
* Add comments
* Fixes formatting
* Log warning instead of info
* Use a single line for cloudkms client actions
* Add resource import test
* Add ability to import resource, update helper functions to use keyRingId struct
* Use shorter terraform ID for easier import
* Update import test to use the same config as the basic test
* Update KeyRing name regex to be consistent with API docs
* Add documentation page for resource
* Add KeyRing documentation to sidebar
* Adds unit tests around parsing the KeyRing import id
* Allow for project in id to be autopopulated from config
* Throw error in import if project provider is not provided for location/name format
* Consistent variable names
* Use tabs in resource config instead of spaces
* Remove "-x" suffix for docs
* Set project attribute on import if different from the project config
* Initial support for google service account keys
* Add vendor for vault and encryption
* Add change for PR comment
* Add doc and improvement fo public key management
* adding waiter for compatibility with issue google/google-api-go-client#234
* improvement
* Add test with pgp_key
* Perform doc anf format
* remove test if public_key exists
* Add link on doc
* correct pr
* Make google_service_account resource importable
* Add google_service_account testcase with default project
* Mark google_service_account.project as computed to ensure the project id is always stored in the state, defined in configuration or not. Add corresponding test cases
* Inline variables with single usage
* Replace tabs with spaces in configuration strings
* Ensure service account is not recreated when the default project is explicitely added to the configuration
* camelcase
* disk cleanup
* fix attached disk test
* allow disk sources from name or url
* parse disk source better on read
* update docs
* fix boot disk source url
* Reorder fields in schema for style consistency
* Add reusable ZonalFieldValue
* Fix import and read state from API for compute route
* Generate network link without calling the API
This reverts commit 8ab9d96d25 and revives
the original commit that adds t.Parallel to all acceptance tests. It
turns out test failures were unrelated to this change (rather, they were
related to quota issues).
This reverts commit 42de44592f. It appears
there might be thread-safety issues as panics have started occuring when
parallism is ramped up. Reverting for now while investigating.
`compute_instance`'s StateVersion was set to 2. Then we released a
migration to v3, but never updated the StateVersion to 3, meaning the
migration was never run. When we added the migration for disks, we
bumped to 4, bypassing 3 altogher. In theory, this is fine, and is
expected; after all, some people may have state in version 0 and need to
upgrade all the way to 4, so our schema migration function is supposed
to support this.
Unfortunately, for migrations to v2, v3, and v4 of our schema, the
migration _returned_ after each migration, instead of falling through.
This meant that (in this case), version 2 would see it needs to be
version 4, run the state migration to version 3, then _return_, setting
its StateVersion to _4_, which means the migration from 3->4 got skipped
entirely.
This PR bumps the version to 5, and adds a migration from 4->5 such that
if there are still disks in state after 4, re-run 4. This will fix
things for people that upgraded to 1.0.0 and had their StateVersion
updated without the migration running.
I also updated the tests @danawillow wrote to start from state version 2
instead of state version 3, as the state would never be in version 3.
I also duplicated those tests, but started them from state version 4
(assuming the migration hadn't run) and verifying that the migration
from 4->5 would correct that.
* Add state migration from disk to boot_disk/scratch_disk/attached_disk
* get rid of test for now
* update schema version
* add tests for migration
* fix travis errors
* actually fix travis errors
* fix logic when project is set, also remove some log statements
* add tests for reading based on encryption key and image
* use as much of the image URL as we can for matching on image
* read project from config if it wasn't set in the attribute
* update resolveImage call
+ Make the org_id optional when creating a project. Closes#131
+ Mark org_id as computed to allow for GCP automatically assigning the org.
+ Add an acceptance test for project creation without an organization.
+ Skip TestAccGoogleProject_createWithoutOrg if GOOGLE_ORG is set.
+ Add a folder_id to the google_project resource, optionally
specifying the ID of the GCP folder in which the GCP project should
live.
+ Document how one can provision a project into a folder, and added a
sample configuration to create a project into an existing folder.
* Skip test without org if service account is used
* Support folders/* or id only for the folder id field
The `predefined_acl` test for `storage_object_acl` was failing. This is
because we removed the state-setting portion of the `predefined_acl`
field from `storage_bucket_acl`, and due to what I can only assume is a
copy/paste error, `storage_object_acl` was calling the Read function of
`storage_bucket_acl` instead of its own when using `predefined_acl`.
Updating to use `storage_object_acl`'s Read function makes the tests
pass.
Because we were instantiating a client outside of resource.TestCase, it
was being instantiated even for unit tests, which have no credentials,
causing the unit tests to fail. Sadly, this is the only way I could
figure out how to get a client inside resource.TestCase, which is very
sad making, but works.
When GCS buckets are created, they're created with a set of default
ACLs:
* `OWNER:project-owners-{project_number}`
* `OWNER:project-editors-{project_number}`
* `READER:project-viewers-{project_number}`
Normally, this would be fine, or a minor inconvenience. Terraform could
either delete them itself, or the first apply of a user would overwrite
them.
However, trying to remove the `OWNER:project-owners-{project_number}`
ACL yields an API error that the bucket owner must maintain OWNER access
to the bucket. This breaks things like `terraform destroy`, but also
means any config without that line in it will fail to apply, not just
overwrite the value.
To make matters worse, trying to *add* the
`OWNER:project-owners-{project_number}` ACL to any bucket that already
has it _also_ yields the same error about not being able to remove it.
To get around this, the storage_bucket_acl resource has been updated to
largely ignore _just this_ ACL. It will not try to add it if it already
exists, will not try to remove it at all. This does mean that Terraform
is incapable of removing this ACL from a bucket, but I'm not sure it's
possible to do that with the API, anyways.
Tests were also updated to keep the default ACLs as part of the config,
and to change the email addresses to addresses we actually own. I tried
changing to non-existant hashicorp.com email addresses, but was
rejected; only email addresses that are backed by actual Google accounts
can be used, sadly.
* Vendor cloud logging api
* Add logging sink support
* Remove typo
* Set Filter simpler
* Rename typ, typName to resourceType, resourceId
* Handle notFoundError
* Use # instead of // for hcl comments
* Cleanup test code
* Change testAccCheckLoggingProjectSink to take a provided api object
* Fix whitespace change after merge conflict
* Fix bug with CSEK where the key stored in state might be associated with the wrong disk
* preserve original order of attached disks
* use the disk index to figure out the raw key
* Add preemptible as an option to node config
* Check for preemptible in test matching functions
* Move flattenClusterNodeConfig to node_config
* Handle bools properly when comparing in cluster and node pool tests
* Use a supported image_type in cluster tests
* Support views in Terraform.BigQuery
* Add tests for Table with view, and fix existing Table test
* Remove dead code
* run gofmt
* Address comments
* Address review comments and add support for use_legacy_sql
* Force transmission/storage of UseLegacySQL
* Trying to fix tests
* add tests for useLegacySQL
Cloud DNS requires every managed zone to have an NS record at all times.
This means if people want to manage their own NS records, we need to add
their new record and remove the old one in the same call. It also means
we can't delete NS records, as we wouldn't know what to replace it with.
So deleting of NS records short-circuits. For the case of `terraform
destroy`, this prevents the error. It does mean if the user explicitly
tries to remove their NS zone from their project, it silently does
nothing, but that's unavoidable unless we want to A) restore a default
value (and it looks like the default values change from zone to zone?
And that is arguably just as unexpected?) or B) let the (arguably more
reasonable) `terraform destroy` case be impossible.
Storage bucket ACLs inherited the behaviour of only updating the fields
that were set in the config file. Terraform should track all the fields
in the resource, whether the user has specified a value for them or not,
and correct any drift that may occur.
This has manifested in an issue and unexpected behaviour in #50, and
this PR restores the expected behaviour.
* Vendor runtimeconfig
* Add support for RuntimeConfig config and variable resources
This allows users to create/manage Google RuntimeConfig resources and
variables. More information here:
https://cloud.google.com/deployment-manager/runtime-configurator/Closes#236
* Remove typo
* Use top-level declaration rather than init()
* Cleanup testing-related code by using ConflictsWith
Also adds better comments around how update works
* govendor fetch cloud.google.com/go/bigtable
* Vendor the rest of the stuff.
* Add support for instance_type to google_bigtable_instance.
* Revendored some packages.
* Removed bad packages from vendor.json
Import tests for compute_instance_template fail without this change as
they expect a value of true for automatic_restart. As this value was
removed, we're no longer setting it (and therefore it looks like it has
a value of false, which is different from the default).
* Fix bug where scheduling.automatic_restart false is never used
* Remove deprecated automatic_restart value in favor of scheduling.automatic_restart
* Remove deprecated on_host_maintenance
* Correct bad var name
* Re-add removed schema values and marked as Removed
* Fix var to snake case
* Migrate empty scheduling blocks in compute_instance_template
* Shorten error message
* Use only one return value instead of two
* Mark google_sql_database.{charset,collation} as computed instead of having defaults.
This change is required to avoid the following scenario:
When upgrading from a previous version of the Google provider, TF will change
the charset/collation of existing (TF-managed) databases to utf8/utf8_general_ci
(if the user hasn't added different config values before running TF apply),
potentially overriding any non-default settings that the user my have applied
through the Cloud SQL admin API. This violates POLA.
* Remove charset/collation defaults from the documentation, too.
* Add links to MySQL's and PostgreSQL's documentation about supported charset and collation values.
* Use version 5.7's docs instead of 5.6, since that's the most up to date version of MySQL that we support.
* Add a note that only UTF8 / en_US.UTF8 are currently supported for Cloud SQL PostgreSQL databases.
* Add versioned Beta support to google_compute_firewall.
* Add Beta support for deny to google_compute_firewall.
* remove extra line:
* make fmt
* Add missing ForceNew fields.
* Respond to review comments testing functionality + reducing network GET to v1
* Make google_compute_global_address a versioned resource with Beta support.
* Added Beta support for ip_version in google_compute_global_address.
* Move checks to TestCheckFuncs, add a regression test for IPV4 on v1 resources.
* Consolidated TestCheckFuncs to a single function.
* Add missing return statement.
* Fix IPV4 test
* Clarified comment.
Prior to this change it was possible for Terraform to error during plan / apply with the following:
Error 404: The resource "node pool \"foo\" not found"
* Add versioned Beta support to google_compute_global_forwarding_rule.
* Add Beta support for ip_version in google_compute_global_forwarding_rule.
* Temporary commit with compute_shared_operation.go changes.
* Added a test to see if v1 GFR is still IPV4, moved to a TestCheckFunc
* This API returns the original self links, but let's make sure we don't diff.
* Add support for auto_healing_policies to google_compute_instance_group_manager.
* Add a test for self link stability when a v1 resource uses a versioned resource.
* Add a comment about what the stable self link test does.
* make fmt
* Fixed formatting on new tests.
* Address review comments.
* Fix make vet
* Fix disk type’Malformed URL’ error
The API expects the disk type to be a SelfLink URL, but the disk type
name was being used (e.g. “pd-ssd”).
* Add ACC Tests for boot disk type
* Fix acceptance test & fmt test config
The Instance data does not contain the actual disk type, just "PERSISTENT". This commit uses the computeClient to pull the disk data from the API, allowing checking of the disk type.
Also fmt'd the test configuration.
* Add support node config for GKE node pool
* Review fixes:
- Set max items in node config schema
- Fill missing node config fields
- Put test helpers above than test vars
* Update checks in node pool tests
* Fix node pool check match