Merge branch 'master' into td-aws_dx_gateway_association-timeouts-and…

…-deprecations

.hashibot.hcl

@@ -250,7 +250,7 @@ behavior "regexp_issue_labeler_v2" "service_labels" {
       "aws_eks_",
     ],
     "service/elastic-transcoder" = [
-      "aws_elastic_transcoder_",
+      "aws_elastictranscoder_",
     ],
     "service/elasticache" = [
       "aws_elasticache_",

CHANGELOG.md

@@ -2,16 +2,38 @@
 
 BREAKING CHANGES
 
+* provider: New versions of the provider can only be automatically installed on Terraform 0.12 and later [GH-14143]
 * provider: All "removed" attributes are cut, using them would result in a Terraform Core level error [GH-14001]
 * provider: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) to static, environment, shared credentials, default AWS Go SDK (shared configuration, web identity, ECS, EC2 Metadata) [GH-14077]
 * provider: The `AWS_METADATA_TIMEOUT` environment variable no longer has any effect as we now depend on the default AWS Go SDK EC2 Metadata client timeout of one second with two retries [GH-14077]
+* data-source/aws_availability_zones: Remove deprecated `blacklisted_names` and `blacklisted_zone_ids` arguments [GH-14134]
+* data-source/aws_directory_service_directory: Return an error when a single result is not found [GH-14006]
+* data-source/aws_efs_file_system: Return an error when a single result is not found [GH-14005]
+* resource/aws_acm_certificate: `certificate_body`, `certificate_chain`, and `private_key` attributes are no longer stored in the Terraform state with hash values [GH-9685]
+* resource/aws_autoscaling_group: `availability_zones` and `vpc_zone_identifier` argument conflict now reported at plan-time [GH-12927]
+* resource/aws_autoscaling_group: Remove `Computed` property from `load_balancers` and `target_group_arns` arguments, enabling drift detection [GH-14064]
 * resource/aws_dx_gateway: Remove automatic `aws_dx_gateway_association` resource import [GH-14124]
+* resource/aws_elastic_transcoder_preset: Remove `video` configuration block `max_frame_rate` argument default value [GH-7141]
+* resource/aws_emr_cluster: Remove deprecated `instance_group` configuration block, `core_instance_count`, `core_instance_type`, and `master_instance_type` arguments [GH-14137]
+* resource/aws_lambda_alias: Resource import no longer converts Lambda Function name to ARN [GH-12876]
+* resource/aws_launch_template: `network_interfaces` `delete_on_termination` argument changed from `bool` to `string` type [GH-8612]
+* resource/aws_msk_cluster: Update `encryption_info` `encryption_in_transit` `client_broker` argument default to match API default of `TLS` [GH-14132]
 * resource/aws_s3_bucket: Remove automatic `aws_s3_bucket_policy` resource import [GH-14121]
+* resource/aws_s3_bucket: Convert `region` to read-only attribute [GH-14127]
+* resource/aws_security_group: Remove automatic `aws_security_group_rule` resource import [GH-12616]
+* resource/aws_sns_platform_application: `platform_credential` and `platform_principal` attributes are no longer stored in the Terraform state with hash values [GH-3894]
+* resource/aws_spot_fleet_request: Remove 24 hour default for `valid_until` argument [GH-9718]
+
+FEATURES
+
+* **New Data Source:** aws_workspaces_directory [GH-13529]
 
 ENHANCEMENTS
 
 * provider: Always enable shared configuration file support (no longer require `AWS_SDK_LOAD_CONFIG` environment variable) [GH-14077]
 * provider: Add `assume_role` configuration block `duration_seconds`, `policy_arns`, `tags`, and `transitive_tag_keys` arguments [GH-14077]
+* data-source/aws_instance: Add `secondary_private_ips` attribute [GH-14079]
+* resource/aws_instance: Add `secondary_private_ips` argument (conflicts with `network_interface` configuration block) [GH-14079]
 
 BUG FIXES
 

GNUmakefile

@@ -23,7 +23,17 @@ test: fmtcheck
 	go test $(TEST) $(TESTARGS) -timeout=120s -parallel=4
 
 testacc: fmtcheck
-	TF_ACC=1 go test $(TEST) -v -count $(TEST_COUNT) -parallel 20 $(TESTARGS) -timeout 120m
+	@if [ "$(TESTARGS)" = "-run=TestAccXXX" ]; then \
+		echo ""; \
+		echo "Error: Skipping example acceptance testing pattern. Update TESTARGS to match the test naming in the relevant *_test.go file."; \
+		echo ""; \
+		echo "For example if updating aws/resource_aws_acm_certificate.go, use the test names in aws/resource_aws_acm_certificate_test.go starting with TestAcc and up to the underscore:"; \
+		echo "make testacc TESTARGS='-run=TestAccAWSAcmCertificate_'"; \
+		echo ""; \
+		echo "See the contributing guide for more information: https://github.com/terraform-providers/terraform-provider-aws/blob/master/docs/contributing/running-and-writing-acceptance-tests.md"; \
+		exit 1; \
+	fi
+	TF_ACC=1 go test ./$(PKG_NAME) -v -count $(TEST_COUNT) -parallel 20 $(TESTARGS) -timeout 120m
 
 fmt:
 	@echo "==> Fixing source code with gofmt..."

aws/data_source_aws_availability_zones.go

@@ -21,19 +21,15 @@ func dataSourceAwsAvailabilityZones() *schema.Resource {
 				Type:     schema.TypeBool,
 				Optional: true,
 			},
-			"blacklisted_names": {
-				Type:          schema.TypeSet,
-				Optional:      true,
-				ConflictsWith: []string{"exclude_names"},
-				Deprecated:    "use `exclude_names` instead",
-				Elem:          &schema.Schema{Type: schema.TypeString},
+			"exclude_names": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
-			"blacklisted_zone_ids": {
-				Type:          schema.TypeSet,
-				Optional:      true,
-				ConflictsWith: []string{"exclude_zone_ids"},
-				Deprecated:    "use `exclude_zone_ids` instead",
-				Elem:          &schema.Schema{Type: schema.TypeString},
+			"exclude_zone_ids": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 			"filter": ec2CustomFiltersSchema(),
 			"group_names": {
@@ -46,18 +42,6 @@ func dataSourceAwsAvailabilityZones() *schema.Resource {
 				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
-			"exclude_names": {
-				Type:          schema.TypeSet,
-				Optional:      true,
-				ConflictsWith: []string{"blacklisted_names"},
-				Elem:          &schema.Schema{Type: schema.TypeString},
-			},
-			"exclude_zone_ids": {
-				Type:          schema.TypeSet,
-				Optional:      true,
-				ConflictsWith: []string{"blacklisted_zone_ids"},
-				Elem:          &schema.Schema{Type: schema.TypeString},
-			},
 			"state": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -119,8 +103,6 @@ func dataSourceAwsAvailabilityZonesRead(d *schema.ResourceData, meta interface{}
 		return aws.StringValue(resp.AvailabilityZones[i].ZoneName) < aws.StringValue(resp.AvailabilityZones[j].ZoneName)
 	})
 
-	blacklistedNames := d.Get("blacklisted_names").(*schema.Set)
-	blacklistedZoneIDs := d.Get("blacklisted_zone_ids").(*schema.Set)
 	excludeNames := d.Get("exclude_names").(*schema.Set)
 	excludeZoneIDs := d.Get("exclude_zone_ids").(*schema.Set)
 
@@ -132,11 +114,11 @@ func dataSourceAwsAvailabilityZonesRead(d *schema.ResourceData, meta interface{}
 		name := aws.StringValue(v.ZoneName)
 		zoneID := aws.StringValue(v.ZoneId)
 
-		if blacklistedNames.Contains(name) || excludeNames.Contains(name) {
+		if excludeNames.Contains(name) {
 			continue
 		}
 
-		if blacklistedZoneIDs.Contains(zoneID) || excludeZoneIDs.Contains(zoneID) {
+		if excludeZoneIDs.Contains(zoneID) {
 			continue
 		}
 

aws/data_source_aws_availability_zones_test.go

@@ -105,42 +105,6 @@ func TestAccAWSAvailabilityZones_AllAvailabilityZones(t *testing.T) {
 	})
 }
 
-func TestAccAWSAvailabilityZones_BlacklistedNames(t *testing.T) {
-	allDataSourceName := "data.aws_availability_zones.all"
-	excludeDataSourceName := "data.aws_availability_zones.test"
-
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
-		Steps: []resource.TestStep{
-			{
-				Config: testAccCheckAwsAvailabilityZonesConfigBlacklistedNames(),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAwsAvailabilityZonesExcluded(allDataSourceName, excludeDataSourceName),
-				),
-			},
-		},
-	})
-}
-
-func TestAccAWSAvailabilityZones_BlacklistedZoneIds(t *testing.T) {
-	allDataSourceName := "data.aws_availability_zones.all"
-	excludeDataSourceName := "data.aws_availability_zones.test"
-
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:  func() { testAccPreCheck(t) },
-		Providers: testAccProviders,
-		Steps: []resource.TestStep{
-			{
-				Config: testAccCheckAwsAvailabilityZonesConfigBlacklistedZoneIds(),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAwsAvailabilityZonesExcluded(allDataSourceName, excludeDataSourceName),
-				),
-			},
-		},
-	})
-}
-
 func TestAccAWSAvailabilityZones_Filter(t *testing.T) {
 	dataSourceName := "data.aws_availability_zones.test"
 
@@ -343,26 +307,6 @@ data "aws_availability_zones" "test" {
 `)
 }
 
-func testAccCheckAwsAvailabilityZonesConfigBlacklistedNames() string {
-	return fmt.Sprintf(`
-data "aws_availability_zones" "all" {}
-
-data "aws_availability_zones" "test" {
-  blacklisted_names = ["${data.aws_availability_zones.all.names[0]}"]
-}
-`)
-}
-
-func testAccCheckAwsAvailabilityZonesConfigBlacklistedZoneIds() string {
-	return fmt.Sprintf(`
-data "aws_availability_zones" "all" {}
-
-data "aws_availability_zones" "test" {
-  blacklisted_zone_ids = ["${data.aws_availability_zones.all.zone_ids[0]}"]
-}
-`)
-}
-
 func testAccCheckAwsAvailabilityZonesConfigFilter() string {
 	return fmt.Sprintf(`
 data "aws_availability_zones" "test" {

aws/data_source_aws_cur_report_definition_test.go

@@ -20,15 +20,14 @@ func TestAccDataSourceAwsCurReportDefinition_basic(t *testing.T) {
 
 	reportName := acctest.RandomWithPrefix("tf_acc_test")
 	bucketName := fmt.Sprintf("tf-test-bucket-%d", acctest.RandInt())
-	bucketRegion := "us-east-1"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSCur(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAwsCurReportDefinitionDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccDataSourceAwsCurReportDefinitionConfig_basic(reportName, bucketName, bucketRegion),
+				Config: testAccDataSourceAwsCurReportDefinitionConfig_basic(reportName, bucketName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccDataSourceAwsCurReportDefinitionCheckExists(datasourceName, resourceName),
 					resource.TestCheckResourceAttrPair(datasourceName, "report_name", resourceName, "report_name"),
@@ -60,7 +59,7 @@ func testAccDataSourceAwsCurReportDefinitionCheckExists(datasourceName, resource
 }
 
 // note: cur report definitions are currently only supported in us-east-1
-func testAccDataSourceAwsCurReportDefinitionConfig_basic(reportName string, bucketName string, bucketRegion string) string {
+func testAccDataSourceAwsCurReportDefinitionConfig_basic(reportName string, bucketName string) string {
 	return fmt.Sprintf(`
 provider "aws" {
   region = "us-east-1"
@@ -72,7 +71,6 @@ resource "aws_s3_bucket" "test" {
   bucket        = "%[2]s"
   acl           = "private"
   force_destroy = true
-  region        = "%[3]s"
 }
 
 resource "aws_s3_bucket_policy" "test" {
@@ -124,5 +122,5 @@ resource "aws_cur_report_definition" "test" {
 data "aws_cur_report_definition" "test" {
   report_name = "${aws_cur_report_definition.test.report_name}"
 }
-`, reportName, bucketName, bucketRegion)
+`, reportName, bucketName)
 }

aws/data_source_aws_directory_service_directory.go

@@ -50,7 +50,6 @@ func dataSourceAwsDirectoryServiceDirectory() *schema.Resource {
 							Type:     schema.TypeSet,
 							Computed: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
-							Set:      schema.HashString,
 						},
 						"vpc_id": {
 							Type:     schema.TypeString,
@@ -73,7 +72,6 @@ func dataSourceAwsDirectoryServiceDirectory() *schema.Resource {
 							Type:     schema.TypeSet,
 							Computed: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
-							Set:      schema.HashString,
 						},
 						"customer_username": {
 							Type:     schema.TypeString,
@@ -83,13 +81,11 @@ func dataSourceAwsDirectoryServiceDirectory() *schema.Resource {
 							Type:     schema.TypeSet,
 							Computed: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
-							Set:      schema.HashString,
 						},
 						"subnet_ids": {
 							Type:     schema.TypeSet,
 							Computed: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
-							Set:      schema.HashString,
 						},
 						"vpc_id": {
 							Type:     schema.TypeString,
@@ -114,7 +110,6 @@ func dataSourceAwsDirectoryServiceDirectory() *schema.Resource {
 			"dns_ip_addresses": {
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set:      schema.HashString,
 				Computed: true,
 			},
 			"security_group_id": {
@@ -142,13 +137,14 @@ func dataSourceAwsDirectoryServiceDirectoryRead(d *schema.ResourceData, meta int
 		DirectoryIds: []*string{aws.String(directoryID)},
 	})
 	if err != nil {
-		return err
+		if isAWSErr(err, directoryservice.ErrCodeEntityDoesNotExistException, "") {
+			return fmt.Errorf("DirectoryService Directory (%s) not found", directoryID)
+		}
+		return fmt.Errorf("error reading DirectoryService Directory: %w", err)
 	}
 
-	if len(out.DirectoryDescriptions) == 0 {
-		log.Printf("[WARN] Directory %s not found", d.Id())
-		d.SetId("")
-		return nil
+	if out == nil || len(out.DirectoryDescriptions) == 0 {
+		return fmt.Errorf("error reading DirectoryService Directory (%s): empty output", directoryID)
 	}
 
 	d.SetId(directoryID)
@@ -160,40 +156,47 @@ func dataSourceAwsDirectoryServiceDirectoryRead(d *schema.ResourceData, meta int
 	d.Set("alias", dir.Alias)
 	d.Set("description", dir.Description)
 
-	if *dir.Type == directoryservice.DirectoryTypeAdconnector {
-		d.Set("dns_ip_addresses", schema.NewSet(schema.HashString, flattenStringList(dir.ConnectSettings.ConnectIps)))
+	var addresses []interface{}
+	if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeAdconnector {
+		addresses = flattenStringList(dir.ConnectSettings.ConnectIps)
 	} else {
-		d.Set("dns_ip_addresses", schema.NewSet(schema.HashString, flattenStringList(dir.DnsIpAddrs)))
+		addresses = flattenStringList(dir.DnsIpAddrs)
+	}
+	if err := d.Set("dns_ip_addresses", addresses); err != nil {
+		return fmt.Errorf("error setting dns_ip_addresses: %w", err)
 	}
+
 	d.Set("name", dir.Name)
 	d.Set("short_name", dir.ShortName)
 	d.Set("size", dir.Size)
 	d.Set("edition", dir.Edition)
 	d.Set("type", dir.Type)
 
 	if err := d.Set("vpc_settings", flattenDSVpcSettings(dir.VpcSettings)); err != nil {
-		return fmt.Errorf("error setting VPC settings: %s", err)
+		return fmt.Errorf("error setting VPC settings: %w", err)
 	}
 
 	if err := d.Set("connect_settings", flattenDSConnectSettings(dir.DnsIpAddrs, dir.ConnectSettings)); err != nil {
-		return fmt.Errorf("error setting connect settings: %s", err)
+		return fmt.Errorf("error setting connect settings: %w", err)
 	}
 
 	d.Set("enable_sso", dir.SsoEnabled)
 
+	var securityGroupId *string
 	if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeAdconnector {
-		d.Set("security_group_id", aws.StringValue(dir.ConnectSettings.SecurityGroupId))
+		securityGroupId = dir.ConnectSettings.SecurityGroupId
 	} else {
-		d.Set("security_group_id", aws.StringValue(dir.VpcSettings.SecurityGroupId))
+		securityGroupId = dir.VpcSettings.SecurityGroupId
 	}
+	d.Set("security_group_id", aws.StringValue(securityGroupId))
 
 	tags, err := keyvaluetags.DirectoryserviceListTags(conn, d.Id())
 	if err != nil {
-		return fmt.Errorf("error listing tags for Directory Service Directory (%s): %s", d.Id(), err)
+		return fmt.Errorf("error listing tags for Directory Service Directory (%s): %w", d.Id(), err)
 	}
 
 	if err := d.Set("tags", tags.IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
-		return fmt.Errorf("error setting tags: %s", err)
+		return fmt.Errorf("error setting tags: %w", err)
 	}
 
 	return nil