Merge branch 'master' of https://github.com/terraform-providers/terra…

…form-provider-aws into fix_5458

CHANGELOG.md

@@ -1,4 +1,19 @@
-## 1.35.0 (Unreleased)
+## 1.36.0 (Unreleased)
+## 1.35.0 (September 06, 2018)
+
+ENHANCEMENTS:
+
+* data-source/aws_eks_cluster: Add `platform_version` attribute ([#5797](https://github.com/terraform-providers/terraform-provider-aws/issues/5797))
+* resource/aws_eks_cluster: Add `platform_version` attribute ([#5797](https://github.com/terraform-providers/terraform-provider-aws/issues/5797))
+* resource/aws_lambda_function: Allow empty lists for `vpc_config` `security_group_ids` and `subnet_ids` arguments to unconfigure VPC ([#1341](https://github.com/terraform-providers/terraform-provider-aws/issues/1341))
+* resource/aws_iam_role: Allow empty string (`""`) value for `permissions_boundary` argument ([#5740](https://github.com/terraform-providers/terraform-provider-aws/issues/5740))
+
+BUG FIXES:
+
+* resource/aws_ecr_repository: Use `RepositoryUri` instead of our building our own URI for the `repository_url` attribute (AWS China fix) ([#5748](https://github.com/terraform-providers/terraform-provider-aws/issues/5748))
+* resource/aws_lambda_function: Properly handle `vpc_config` removal ([#5798](https://github.com/terraform-providers/terraform-provider-aws/issues/5798))
+* resource/aws_redshift_cluster: Properly force new resource when updating `availability_zone` argument ([#5758](https://github.com/terraform-providers/terraform-provider-aws/issues/5758))
+
 ## 1.34.0 (August 30, 2018)
 
 NOTES:

aws/config.go

@@ -448,10 +448,20 @@ func (c *Config) Client() (interface{}, error) {
 		var err error
 		client.accountid, client.partition, err = GetAccountIDAndPartition(client.iamconn, client.stsconn, cp.ProviderName)
 		if err != nil {
-			return nil, fmt.Errorf("Failed getting account information via all available methods. Errors: %s", err)
+			// DEPRECATED: Next major version of the provider should return the error instead of logging
+			//             if skip_request_account_id is not enabled.
+			log.Printf("[WARN] %s", fmt.Sprintf(
+				"AWS account ID not previously found and failed retrieving via all available methods. "+
+					"This will return an error in the next major version of the AWS provider. "+
+					"See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications. "+
+					"Errors: %s", err))
 		}
 	}
 
+	if client.accountid == "" {
+		log.Printf("[WARN] AWS account ID not found for provider. See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for implications.")
+	}
+
 	authErr := c.ValidateAccountId(client.accountid)
 	if authErr != nil {
 		return nil, authErr

aws/data_source_aws_eks_cluster.go

@@ -46,6 +46,10 @@ func dataSourceAwsEksCluster() *schema.Resource {
 				ForceNew:     true,
 				ValidateFunc: validation.NoZeroValues,
 			},
+			"platform_version": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"role_arn": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -110,6 +114,7 @@ func dataSourceAwsEksClusterRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("created_at", aws.TimeValue(cluster.CreatedAt).String())
 	d.Set("endpoint", cluster.Endpoint)
 	d.Set("name", cluster.Name)
+	d.Set("platform_version", cluster.PlatformVersion)
 	d.Set("role_arn", cluster.RoleArn)
 	d.Set("version", cluster.Version)
 

aws/data_source_aws_eks_cluster_test.go

@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform/helper/acctest"
@@ -26,6 +27,7 @@ func TestAccAWSEksClusterDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(resourceName, "certificate_authority.0.data", dataSourceResourceName, "certificate_authority.0.data"),
 					resource.TestCheckResourceAttrPair(resourceName, "created_at", dataSourceResourceName, "created_at"),
 					resource.TestCheckResourceAttrPair(resourceName, "endpoint", dataSourceResourceName, "endpoint"),
+					resource.TestMatchResourceAttr(resourceName, "platform_version", regexp.MustCompile(`^eks\.\d+$`)),
 					resource.TestCheckResourceAttrPair(resourceName, "role_arn", dataSourceResourceName, "role_arn"),
 					resource.TestCheckResourceAttrPair(resourceName, "version", dataSourceResourceName, "version"),
 					resource.TestCheckResourceAttr(dataSourceResourceName, "vpc_config.#", "1"),

aws/provider_test.go

@@ -4,10 +4,12 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"strings"
 	"testing"
 
 	"github.com/aws/aws-sdk-go/service/organizations"
 
+	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 
 	"github.com/hashicorp/terraform/helper/resource"
@@ -78,6 +80,44 @@ func testAccPreCheck(t *testing.T) {
 	}
 }
 
+// testAccAwsProviderAccountID returns the account ID of an AWS provider
+func testAccAwsProviderAccountID(provider *schema.Provider) string {
+	if provider == nil {
+		log.Print("[DEBUG] Unable to read account ID from test provider: empty provider")
+		return ""
+	}
+	if provider.Meta() == nil {
+		log.Print("[DEBUG] Unable to read account ID from test provider: unconfigured provider")
+		return ""
+	}
+	client, ok := provider.Meta().(*AWSClient)
+	if !ok {
+		log.Print("[DEBUG] Unable to read account ID from test provider: non-AWS or unconfigured AWS provider")
+		return ""
+	}
+	return client.accountid
+}
+
+// testAccCheckResourceAttrRegionalARN ensures the Terraform state exactly matches a formatted ARN with region
+func testAccCheckResourceAttrRegionalARN(resourceName, attributeName, arnService, arnResource string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		attributeValue := arn.ARN{
+			AccountID: testAccGetAccountID(),
+			Partition: testAccGetPartition(),
+			Region:    testAccGetRegion(),
+			Resource:  arnResource,
+			Service:   arnService,
+		}.String()
+		return resource.TestCheckResourceAttr(resourceName, attributeName, attributeValue)(s)
+	}
+}
+
+// testAccGetAccountID returns the account ID of testAccProvider
+// Must be used returned within a resource.TestCheckFunc
+func testAccGetAccountID() string {
+	return testAccAwsProviderAccountID(testAccProvider)
+}
+
 func testAccGetRegion() string {
 	v := os.Getenv("AWS_DEFAULT_REGION")
 	if v == "" {
@@ -93,6 +133,14 @@ func testAccGetPartition() string {
 	return "aws"
 }
 
+func testAccGetServiceEndpoint(service string) string {
+	endpoint, err := endpoints.DefaultResolver().EndpointFor(service, testAccGetRegion())
+	if err != nil {
+		return ""
+	}
+	return strings.TrimPrefix(endpoint.URL, "https://")
+}
+
 func testAccEC2ClassicPreCheck(t *testing.T) {
 	client := testAccProvider.Meta().(*AWSClient)
 	platforms := client.supportedplatforms

aws/resource_aws_ecr_repository.go

@@ -85,24 +85,14 @@ func resourceAwsEcrRepositoryRead(d *schema.ResourceData, meta interface{}) erro
 
 	repository := out.Repositories[0]
 
-	log.Printf("[DEBUG] Received repository %s", out)
-
-	d.SetId(*repository.RepositoryName)
 	d.Set("arn", repository.RepositoryArn)
-	d.Set("registry_id", repository.RegistryId)
 	d.Set("name", repository.RepositoryName)
-
-	repositoryUrl := buildRepositoryUrl(repository, meta.(*AWSClient).region)
-	log.Printf("[INFO] Setting the repository url to be %s", repositoryUrl)
-	d.Set("repository_url", repositoryUrl)
+	d.Set("registry_id", repository.RegistryId)
+	d.Set("repository_url", repository.RepositoryUri)
 
 	return nil
 }
 
-func buildRepositoryUrl(repo *ecr.Repository, region string) string {
-	return fmt.Sprintf("%s.dkr.ecr.%s.amazonaws.com/%s", *repo.RegistryId, region, *repo.RepositoryName)
-}
-
 func resourceAwsEcrRepositoryDelete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ecrconn
 

aws/resource_aws_ecr_repository_test.go

@@ -5,27 +5,36 @@ import (
 	"testing"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/ecr"
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 )
 
 func TestAccAWSEcrRepository_basic(t *testing.T) {
-	randString := acctest.RandString(10)
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_ecr_repository.default"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSEcrRepositoryDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSEcrRepository(randString),
+				Config: testAccAWSEcrRepositoryConfig(rName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSEcrRepositoryExists("aws_ecr_repository.default"),
+					testAccCheckAWSEcrRepositoryExists(resourceName),
+					testAccCheckResourceAttrRegionalARN(resourceName, "arn", "ecr", fmt.Sprintf("repository/%s", rName)),
+					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					testAccCheckAWSEcrRepositoryRegistryID(resourceName),
+					testAccCheckAWSEcrRepositoryRepositoryURL(resourceName, rName),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -44,16 +53,17 @@ func testAccCheckAWSEcrRepositoryDestroy(s *terraform.State) error {
 
 		out, err := conn.DescribeRepositories(&input)
 
+		if isAWSErr(err, ecr.ErrCodeRepositoryNotFoundException, "") {
+			return nil
+		}
+
 		if err != nil {
-			if ecrerr, ok := err.(awserr.Error); ok && ecrerr.Code() == "RepositoryNotFoundException" {
-				return nil
-			}
 			return err
 		}
 
 		for _, repository := range out.Repositories {
-			if repository.RepositoryName == aws.String(rs.Primary.Attributes["name"]) {
-				return fmt.Errorf("ECR repository still exists:\n%#v", repository)
+			if aws.StringValue(repository.RepositoryName) == rs.Primary.Attributes["name"] {
+				return fmt.Errorf("ECR repository still exists: %s", rs.Primary.Attributes["name"])
 			}
 		}
 	}
@@ -72,10 +82,24 @@ func testAccCheckAWSEcrRepositoryExists(name string) resource.TestCheckFunc {
 	}
 }
 
-func testAccAWSEcrRepository(randString string) string {
+func testAccCheckAWSEcrRepositoryRegistryID(resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		attributeValue := testAccGetAccountID()
+		return resource.TestCheckResourceAttr(resourceName, "registry_id", attributeValue)(s)
+	}
+}
+
+func testAccCheckAWSEcrRepositoryRepositoryURL(resourceName, repositoryName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		attributeValue := fmt.Sprintf("%s.dkr.%s/%s", testAccGetAccountID(), testAccGetServiceEndpoint("ecr"), repositoryName)
+		return resource.TestCheckResourceAttr(resourceName, "repository_url", attributeValue)(s)
+	}
+}
+
+func testAccAWSEcrRepositoryConfig(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_ecr_repository" "default" {
-	name = "tf-acc-test-ecr-%s"
+	name = %q
 }
-`, randString)
+`, rName)
 }

aws/resource_aws_eks_cluster.go

@@ -59,6 +59,10 @@ func resourceAwsEksCluster() *schema.Resource {
 				ForceNew:     true,
 				ValidateFunc: validation.NoZeroValues,
 			},
+			"platform_version": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"role_arn": {
 				Type:         schema.TypeString,
 				Required:     true,
@@ -195,6 +199,7 @@ func resourceAwsEksClusterRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("created_at", aws.TimeValue(cluster.CreatedAt).String())
 	d.Set("endpoint", cluster.Endpoint)
 	d.Set("name", cluster.Name)
+	d.Set("platform_version", cluster.PlatformVersion)
 	d.Set("role_arn", cluster.RoleArn)
 	d.Set("version", cluster.Version)
 

aws/resource_aws_eks_cluster_test.go

@@ -91,6 +91,7 @@ func TestAccAWSEksCluster_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(resourceName, "certificate_authority.0.data"),
 					resource.TestMatchResourceAttr(resourceName, "endpoint", regexp.MustCompile(`^https://`)),
 					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					resource.TestMatchResourceAttr(resourceName, "platform_version", regexp.MustCompile(`^eks\.\d+$`)),
 					resource.TestMatchResourceAttr(resourceName, "role_arn", regexp.MustCompile(fmt.Sprintf("%s$", rName))),
 					resource.TestMatchResourceAttr(resourceName, "version", regexp.MustCompile(`^\d+\.\d+$`)),
 					resource.TestCheckResourceAttr(resourceName, "vpc_config.#", "1"),

aws/resource_aws_iam_role.go

@@ -87,7 +87,7 @@ func resourceAwsIamRole() *schema.Resource {
 			"permissions_boundary": {
 				Type:         schema.TypeString,
 				Optional:     true,
-				ValidateFunc: validation.StringLenBetween(20, 2048),
+				ValidateFunc: validateMaxLength(2048),
 			},
 
 			"description": {