Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resource/aws_rds_cluster_parameter_group and resource/aws_db_parameter_group: Restore ability to change parameter values #12112

Conversation

camlow325
Copy link
Contributor

@camlow325 camlow325 commented Feb 21, 2020

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #11846
Closes #13551

Release note for CHANGELOG:

* resource/aws_rds_cluster_parameter_group and resource/aws_db_parameter_group: Restore ability to change parameter values ([#11846](https://github.com/terraform-providers/terraform-provider-aws/issues/11846))

In #11540, support was added to the rds parameter group resources for resetting parameter values to AWS defaults when parameters are removed from config. A side-effect of these changes, however, was that parameters which remain in the config but whose values have been changed would also be reset to AWS defaults. This commit restores the ability for parameter values to be updated in the config while retaining the ability for parameters being removed from the config to be reset to AWS defaults.

Output from acceptance testing:

$  make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_'
...
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (18.01s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (23.28s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (23.40s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (23.42s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (23.77s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (23.79s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (23.89s)
--- PASS: TestAccAWSDBClusterParameterGroup_basic (86.64s)
$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBParameterGroup_'
...
--- PASS: TestAccAWSDBParameterGroup_Disappears (18.18s)
--- PASS: TestAccAWSDBParameterGroup_generatedName (22.40s)
--- PASS: TestAccAWSDBParameterGroup_namePrefix (22.69s)
--- PASS: TestAccAWSDBParameterGroup_Only (23.40s)
--- PASS: TestAccAWSDBParameterGroup_MatchDefault (24.19s)
--- PASS: TestAccAWSDBParameterGroup_withApplyMethod (25.23s)
--- PASS: TestAccAWSDBParameterGroup_limit (45.08s)
--- PASS: TestAccAWSDBParameterGroup_basic (75.38s)

@camlow325 camlow325 requested a review from a team February 21, 2020 00:16
@ghost ghost added needs-triage Waiting for first response or review from a maintainer. size/M Managed by automation to categorize the size of a PR. service/rds Issues and PRs that pertain to the rds service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Feb 21, 2020
@camlow325 camlow325 force-pushed the restore_ability_to_change_db_parameter_values branch 2 times, most recently from 20826f1 to 157ccef Compare February 22, 2020 16:12
@deiga
Copy link

deiga commented May 27, 2020

@lachlancooper Could this PR get a review? This is a very annoying bug

@lachlancooper
Copy link
Contributor

@lachlancooper Could this PR get a review? This is a very annoying bug

Agreed, the bug has a rather high potential for disastrous impact on production systems. This fix looks sensible to me, but I'm not a maintainer. The contributing docs say a maintainer will review it, but not how to request a review.

@bflad: would you mind taking a look at this (since you reviewed the original PR)?

@mikkoc
Copy link

mikkoc commented Jul 10, 2020

Any news on this? We're looking at adding parameter groups, but I'm very hesitant now given what I read.

@olliepop
Copy link

olliepop commented Jul 13, 2020

Any news on this? We're looking at adding parameter groups, but I'm very hesitant now given what I read.

@mikkoc I recommend holding off on adding parameter groups until this is merged. Parameter values are reset to the default value on each apply, no matter what you specify. Until this PR is merged you must update the parameter value after applying a Terraform plan within the RDS console or with aws-cli.

The effect on production systems can be disastrous if you have a large number of parameter values which are not the RDS default.

@ghost ghost added size/XXL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/acm Issues and PRs that pertain to the acm service. service/apigateway Issues and PRs that pertain to the apigateway service. service/ec2 Issues and PRs that pertain to the ec2 service. service/elasticsearch Issues and PRs that pertain to the elasticsearch service. service/iam Issues and PRs that pertain to the iam service. service/s3 Issues and PRs that pertain to the s3 service. and removed size/M Managed by automation to categorize the size of a PR. labels Jul 14, 2020
@camlow325 camlow325 force-pushed the restore_ability_to_change_db_parameter_values branch from 2c438d6 to 7c3930f Compare July 14, 2020 15:07
@ghost ghost added size/M Managed by automation to categorize the size of a PR. and removed size/XXL Managed by automation to categorize the size of a PR. labels Jul 14, 2020
@bflad bflad removed needs-triage Waiting for first response or review from a maintainer. service/acm Issues and PRs that pertain to the acm service. service/apigateway Issues and PRs that pertain to the apigateway service. labels Jul 15, 2020
Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @camlow325, thank you for providing this bug fix! I've left a couple comments related to the acceptance testing as that has changed in the provider recently. Overall, I would just recommend creating a new test with each of the new configs to test the new "update" behavior so we ensure we are not introducing a regression and we can attempt to keep the basic test as one that should only test for the minimum required fields, though understandably over time it has expanded quite a bit.

With regard to the code additions in both the db_parameter_group and rds_cluster_parameter_group resources, since the debug logs show that the ordering of the Update behavior transitions from Modifying then to Reset of the parameters, we could instead flip around that existing logic and that should allow a user to modify a param as intended without resetting soon after. This wouldn't require additional logic then what is already present in our codebase, just a shift in the ordering, but if you have any additional feedback or questions please let me know!

aws/resource_aws_rds_cluster_parameter_group_test.go Outdated Show resolved Hide resolved
aws/resource_aws_db_parameter_group_test.go Outdated Show resolved Hide resolved
@anGie44 anGie44 added the waiting-response Maintainers are waiting on response from community or contributor. label Aug 18, 2020
@camlow325 camlow325 force-pushed the restore_ability_to_change_db_parameter_values branch from 7c3930f to 976247e Compare August 19, 2020 06:13
@camlow325
Copy link
Contributor Author

Thanks for all of the review comments, @anGie44.

Overall, I would just recommend creating a new test with each of the new configs to test the new "update" behavior so we ensure we are not introducing a regression and we can attempt to keep the basic test as one that should only test for the minimum required fields, though understandably over time it has expanded quite a bit.

Sorry, just saw this comment after I reworked my previous test updates to use the TestCheckTypeSetElemNestedAttrs helper.Update had seemed like a part of Basic functionality for the resource but I agree that this test has a fair amount of other assertions that it's doing already. I can split this out into a new test.

With regard to the code additions in both the db_parameter_group and rds_cluster_parameter_group resources, since the debug logs show that the ordering of the Update behavior transitions from Modifying then to Reset of the parameters, we could instead flip around that existing logic and that should allow a user to modify a param as intended without resetting soon after. This wouldn't require additional logic then what is already present in our codebase, just a shift in the ordering, but if you have any additional feedback or questions please let me know!

This would be less turmoil than what I had added for the PR. @lachlancooper mentioned in #11846 (comment):

Assuming we want to keep the functionality of resetting parameters that are being removed, one extremely simple fix would be to swap the order of the modify and reset operations so that modify always "wins". That's still not ideal as the operations would happen non-atomically, meaning every changing parameter would get the wrong value for a brief period.

I agree with this comment and this is the reason why I had gone with the approach of ensuring that parameters that have changed are only updated once during an apply. I worry that by just flipping the logic that the initial reset of a parameter to its default value rather than the intended new value could have negative repercussions - especially for "apply immediately" parameters or if a network issue were to happen between the "reset" and "modify" that could indefinitely leave one or more parameters unintentionally reset to their default values.

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Aug 19, 2020
@camlow325 camlow325 force-pushed the restore_ability_to_change_db_parameter_values branch from 976247e to 31e7b8f Compare August 19, 2020 15:18
@ghost ghost added size/L Managed by automation to categorize the size of a PR. and removed size/M Managed by automation to categorize the size of a PR. labels Aug 19, 2020
@camlow325
Copy link
Contributor Author

Overall, I would just recommend creating a new test with each of the new configs to test the new "update" behavior so we ensure we are not introducing a regression and we can attempt to keep the basic test as one that should only test for the minimum required fields, though understandably over time it has expanded quite a bit.

In 31e7b8f, I moved the new TestStep entries out into new test funcs - TestAccAWSDBParameterGroup_updateParameters TestAccAWSDBClusterParameterGroup_updateParameters - with separate configs for each.

@anGie44
Copy link
Contributor

anGie44 commented Aug 19, 2020

by just flipping the logic that the initial reset of a parameter to its default value rather than the intended new value could have negative repercussions

I think this is a great point @camlow325 ! and definitely well illustrated in @lachlancooper's comment. I'd go ahead with @dooferlad's #12112 (comment) . I would just nitpick on the use of *p.ParameterName , to avoid any unwanted panics (not very likely from the API response, but we have had cases in the past where struct fields can be nil) we can use the AWS SDK Go method aws.StringValue() to safely get the pointer's value.

@anGie44 anGie44 added the waiting-response Maintainers are waiting on response from community or contributor. label Aug 19, 2020
…re ability to change parameter values

References:
* hashicorp#11846
* hashicorp#11540

In hashicorp#11540, support was added to the rds parameter group resources for
resetting parameter values to AWS defaults when parameters are removed
from config. A side-effect of these changes, however, was that
parameters which remain in the config but whose values have been changed
would also be reset to AWS defaults. This commit restores the ability
for parameter values to be updated in the config while retaining the
ability for parameters being removed from the config to be reset to AWS
defaults.

Output from acceptance testing:

```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_'
...
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (18.01s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (23.28s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (23.40s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (23.42s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (23.77s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (23.79s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (23.89s)
--- PASS: TestAccAWSDBClusterParameterGroup_basic (86.64s)
--- PASS: TestAccAWSDBClusterParameterGroup_updateParameters (24.48s)
```

```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBParameterGroup_'
...
--- PASS: TestAccAWSDBParameterGroup_Disappears (18.18s)
--- PASS: TestAccAWSDBParameterGroup_generatedName (22.40s)
--- PASS: TestAccAWSDBParameterGroup_namePrefix (22.69s)
--- PASS: TestAccAWSDBParameterGroup_Only (23.40s)
--- PASS: TestAccAWSDBParameterGroup_MatchDefault (24.19s)
--- PASS: TestAccAWSDBParameterGroup_withApplyMethod (25.23s)
--- PASS: TestAccAWSDBParameterGroup_limit (45.08s)
--- PASS: TestAccAWSDBParameterGroup_basic (75.38s)
--- PASS: TestAccAWSDBParameterGroup_updateParameters (30.10s)
```
@camlow325 camlow325 force-pushed the restore_ability_to_change_db_parameter_values branch from 31e7b8f to 1296450 Compare August 19, 2020 19:41
for _, v := range toRemove {
resetParameters = append(resetParameters, v)
}
if len(resetParameters) > 0 {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes from here on down in this file just rename the parameters variable to resetParameters in order to avoid conflicting with the previously defined parameters variable and make this code look more like the code in the resource_aws_db_parameter_group.go file.

@camlow325
Copy link
Contributor Author

I'd go ahead with @dooferlad's #12112 (comment) . I would just nitpick on the use of *p.ParameterName , to avoid any unwanted panics (not very likely from the API response, but we have had cases in the past where struct fields can be nil) we can use the AWS SDK Go method aws.StringValue() to safely get the pointer's value.

I swapped in the new implementation in 1296450. For the p.ParameterName references, I just wrapped them with some nil checks to avoid adding an entry to or referencing an entry in the map for a nil value. That seemed a little better than just using a potential empty string key from aws.StringValue with the map. In any event, a nil value for p.ParameterValue would seem to be a sign of something bad/unintended.

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Aug 19, 2020
Comment on lines +282 to +292
for _, p := range expandParameters(os.List()) {
if p.ParameterName != nil {
toRemove[*p.ParameterName] = p
}
}

for _, p := range expandParameters(ns.List()) {
if p.ParameterName != nil {
delete(toRemove, *p.ParameterName)
}
}
Copy link
Contributor

@anGie44 anGie44 Aug 19, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice 👍 I forgot since technically we're expanding user input here (same in the rds cluster resource) and the "name" field within the parameter block is Required, we shouldn't ever come across a nil (as well i see the expandParameters actually skips for cases when "name" is an empty string) but i prefer erring on the side of caution when it comes to pointers.

Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @camlow325 🚀 Thanks again!

Output of acceptance tests:

--- PASS: TestAccAWSDBParameterGroup_Disappears (38.53s)
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (41.33s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (52.13s)
--- PASS: TestAccAWSDBParameterGroup_namePrefix (52.66s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (56.72s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (57.32s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (57.48s)
--- PASS: TestAccAWSDBParameterGroup_generatedName (58.02s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (58.37s)
--- PASS: TestAccAWSDBParameterGroup_MatchDefault (58.84s)
--- PASS: TestAccAWSDBParameterGroup_withApplyMethod (60.38s)
--- PASS: TestAccAWSDBParameterGroup_Only (60.96s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (71.76s)
--- PASS: TestAccAWSDBParameterGroup_updateParameters (78.54s)
--- PASS: TestAccAWSDBClusterParameterGroup_updateParameters (80.51s)
--- PASS: TestAccAWSDBParameterGroup_basic (80.41s)
--- PASS: TestAccAWSDBClusterParameterGroup_basic (88.65s)
--- PASS: TestAccAWSDBParameterGroup_limit (93.96s)

@anGie44 anGie44 added this to the v3.3.0 milestone Aug 19, 2020
@anGie44 anGie44 merged commit 366dd84 into hashicorp:master Aug 19, 2020
anGie44 added a commit that referenced this pull request Aug 19, 2020
@ghost
Copy link

ghost commented Aug 20, 2020

This has been released in version 3.3.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

Avolynsk added a commit to Avolynsk/terraform-provider-aws that referenced this pull request Aug 30, 2020
* Update CHANGELOG for #14650

* refactor: renaming CloudFormationTemplate to JsonOrYaml

* v3.2.0

* Cleanup after v3.2.0 release

* resource/aws_lb_ssl_negotiation_policy: Fix parsing of resource ID. (#14644)

* resource/aws_apigatewayv2_stage: Set 'execution_arn' attribute for HTTP APIs. (#14638)

* Update CHANGELOG for #14638

* Update module aws/aws-sdk-go to v1.34.4 (#14523)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* provider: Remove website and website-test Makefile targets (#14503)

Since the provider has been migrated to the Terraform Registry documentation, the provider website portions for terraform.io in the terraform-website repository will be removed soon. There is currently no replacement for fully emulating the whole provider documentation, but there is existing functionality for parts of this today. In the future, full emulation might be possible again but there are no timelines for that implementation.

* Link checking handled via GitHub Actions and `markdown-link-check` (see `.github/workflows/website.yml`)
* Terraform Registry documentation preview rendering (single source code page): https://registry.terraform.io/tools/doc-preview

At some point, we can also remove the legacy `website/aws.erb` side navigation file, however doing so will break open contributions modifying the file.

* docs/provider: Document requirement of Terraform CLI v0.12.26+ for acceptance tests. (#14659)

* resource/aws_dms_replication_instance: Add `allow_major_version_upgrade` argument (#14550)

* r/aws_dms_replication_instance: Support allow_major_version_upgrade attribute

* Stop setting AllowMajorVersionUpgrade

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Optionally include allow_major_version_upgrade

Co-authored-by: Brian Flad <bflad417@gmail.com>

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14550

* Update module bflad/tfproviderlint to v0.18.0 (#14654)

* Update module bflad/tfproviderlint to v0.18.0

* deps: go mod tidy for github.com/bflad/tfproviderlint@v0.18.0

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Brian Flad <bflad417@gmail.com>

* expect config additional opts to be set in aws-sdk-go-base

* Update website/docs/index.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

* update db cluster snapshot create with retry logic

* add forwarded_ip_config attribute to geo and rate_based statements

* docs/provider: Fix broken link in Contribution Checklist (#14466)

* Fix broken link in Contribution Checklist

* Actually fix the link.

* Documentation: Replace aws_ec2_instance_spot_price by aws_ec2_spot_price (#14680)

Co-authored-by: ktalhi <katia.talhi@alterway.fr>

* tests/provider: Update resource testing to 0.12 syntax (K Resources)

* Remove quoted deprecated syntax

* tests/provider: Update resource testing to 0.12 syntax (I Resources)

* AWS Lambda support for Java 8 (Corretto) and custom runtimes on Amazon Linux 2.

* tests/provider: Update resource testing to 0.12 syntax (IAM Resources)

* Simplify aws_lambda_function runtime acceptance tests.

* Update documentation references to latest Lambda Node.js runtime (nodejs12.x).

* Don't attempt to validate EOL runtimes.

* tests/provider: Update resource testing to 0.12 syntax (Q Resources)

* tests/provider: Update resource testing to 0.12 syntax (Ra/RD/Re Resources)

* add test for regex matching in typesets

* tests/provider: Update resource testing to 0.12 syntax (Ss-Sw Resources)

* tests/provider: Update resource testing to 0.12 syntax (W Resources)

* tests/provider: Update resource testing to 0.12 syntax (WAFReg Resources)

* tests/provider: Update resource testing to 0.12 syntax (Ro Resources)

* Update CHANGELOG for #12567

* tests/provider: Update resource testing to 0.12 syntax (S3/Sa Resources)

* tests/provider: Update resource testing to 0.12 syntax (Sec/Ser Resources)

* tests/provider: Update resource testing to 0.12 syntax (Ses Resources)

* Update CHANGELOG for #14663

* tests/provider: Update resource testing to 0.12 syntax (Si-Sq Resources)

* tests/provider: Update resource testing to 0.12 syntax (T Resources)

* Remove extra whitespace with HEREDOCs

* Add note on how to use aws_wafv2_web_acl_association with Cloudfront

The existing docs mention that this resource should only be used with an ALB or API Gateway, but doesn't mention how to get the association to work in Cloudfronts case. This PR ammends that.

* tests/provider: Update hardcoded AZs (lb)

* resource/aws_launch_template: add support for "spot-instances-request" and "elastic-gpu" tag spec (#14662)

* add support for more tagging types

* Update website/docs/r/launch_template.html.markdown

Co-authored-by: Kit Ewbank <Kit_Ewbank@hotmail.com>

Co-authored-by: Kit Ewbank <Kit_Ewbank@hotmail.com>

* Update CHANGELOG for #14662

* tests/provider: Update hardcoded AZs (VPC Endpoint)

* docs/provider: Remove mention of side navigation file in Contributing Guide (#14713)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14712

The `website/aws.erb` file no longer has any effect and will be removed in the future.

* docs/provider: Re-add Release Process section to maintaining guide (#14652)

* infrastructure/repository: Sync recent new AWS service labels (#14641)

Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.34.4
Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.33.6
Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.32.9

* resource/aws_ssm_parameter: Handle data_type retries after creation for asynchronous validation process (#14514)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14513

Previously (depending on relative distance and asynchronous validation timing of SSM API):

```
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
    TestAccAWSSSMParameter_DataType_AwsEc2Image: testing.go:684: Step 0 error: errors during apply:

        Error: error reading SSM Parameter (tf-acc-test-7552804317262985734) after creation: this can indicate that the provided parameter value could not be validated by SSM
```

Now consistently:

```console
$ TF_ACC=1 go test ./aws -v -count 10 -timeout 120m -parallel 20 -run='TestAccAWSSSMParameter_DataType_AwsEc2Image'
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.37s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.66s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (10.05s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.75s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (9.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.31s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.14s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.25s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.64s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	85.316s
```

Output from acceptance testing:

```
--- PASS: TestAccAWSSSMParameter_disappears (5.12s)
--- PASS: TestAccAWSSSMParameter_basic (7.31s)
--- PASS: TestAccAWSSSMParameter_secure (8.34s)
--- PASS: TestAccAWSSSMParameter_changeNameForcesNew (12.40s)
--- PASS: TestAccAWSSSMParameter_updateDescription (12.63s)
--- PASS: TestAccAWSSSMParameter_overwrite (13.83s)
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (15.06s)
--- PASS: TestAccAWSSSMParameter_fullPath (17.87s)
--- PASS: TestAccAWSSSMParameter_Tier (18.01s)
--- PASS: TestAccAWSSSMParameter_secure_keyUpdate (19.02s)
--- PASS: TestAccAWSSSMParameter_secure_with_key (22.61s)
--- PASS: TestAccAWSSSMParameter_updateType (24.92s)
--- PASS: TestAccAWSSSMParameter_tags (38.88s)
```

* Update CHANGELOG for #14514

* Update module hashicorp/aws-sdk-go-base to v0.6.0

* use error method migrated to tfawserr package

* tests/provider: Update hardcoded AZs (Data subnet ids)

* Update CHANGELOG for #14555

* add webacl geo-match tests

* docs/resource/aws_s3_bucket_inventory: Clarify bucket argument (#14726)

Co-authored-by: ktalhi <katia.talhi@alterway.fr>

* resource/aws_eks_node_group: Support `AL2_ARM_64` value for `ami_type` argument plan-time validation (#14729)

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_AmiType (1539.32s)
```

* Update CHANGELOG for #14729

* resource/aws_user_pool_domain: Remove from state when deleted + move waiters to their own package (#14732)

Output from acceptance testing:

```
--- PASS: TestAccAWSCognitoUserPoolDomain_disappears (15.35s)
--- PASS: TestAccAWSCognitoUserPoolDomain_basic (17.98s)
```

* Update CHANGELOG for #14732

* docs/provider: Remove legacy side navigation file (#14734)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14712

* service/ec2: Support additional tag on create resources (#14501)

* vpc resource tags on create + align test with contrib guide

* customer gateway resource tags on create

* vpn connection resource tags on create

* vpn gateway resource tags on create

* spot instance request resource tags on create + test

* dhcp options resource tags on create

* route table resource tags on create + tags test

* security group resource tags on create + test

* vpc basic check for empty tags

* network acl resource tags on create + test

* route table empty tag test

* IGW resource tags on create + test

* Egress Only IGW resource tags on create + test

* vpc peering connection resource tags on create + test

* spot instance resource tags on create + test

* ENI resource tags on create + test

* subent tag on create + test

* subent tag on create + test

* use `testAccAvailableAZsNoOptInConfig()``

* docs for spot instance tags

* Update aws/resource_aws_subnet_test.go

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update website/docs/r/spot_instance_request.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14501

* r/aws_rds_cluster_parameter_group and r/aws_db_parameter_group: Restore ability to change parameter values

References:
* https://github.com/terraform-providers/terraform-provider-aws/issues/11846
* https://github.com/terraform-providers/terraform-provider-aws/pull/11540

In #11540, support was added to the rds parameter group resources for
resetting parameter values to AWS defaults when parameters are removed
from config. A side-effect of these changes, however, was that
parameters which remain in the config but whose values have been changed
would also be reset to AWS defaults. This commit restores the ability
for parameter values to be updated in the config while retaining the
ability for parameters being removed from the config to be reset to AWS
defaults.

Output from acceptance testing:

```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBClusterParameterGroup_'
...
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (18.01s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (23.28s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (23.40s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (23.42s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (23.77s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (23.79s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (23.89s)
--- PASS: TestAccAWSDBClusterParameterGroup_basic (86.64s)
--- PASS: TestAccAWSDBClusterParameterGroup_updateParameters (24.48s)
```

```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSDBParameterGroup_'
...
--- PASS: TestAccAWSDBParameterGroup_Disappears (18.18s)
--- PASS: TestAccAWSDBParameterGroup_generatedName (22.40s)
--- PASS: TestAccAWSDBParameterGroup_namePrefix (22.69s)
--- PASS: TestAccAWSDBParameterGroup_Only (23.40s)
--- PASS: TestAccAWSDBParameterGroup_MatchDefault (24.19s)
--- PASS: TestAccAWSDBParameterGroup_withApplyMethod (25.23s)
--- PASS: TestAccAWSDBParameterGroup_limit (45.08s)
--- PASS: TestAccAWSDBParameterGroup_basic (75.38s)
--- PASS: TestAccAWSDBParameterGroup_updateParameters (30.10s)
```

* Update CHANGELOG for #12112

* wafv2_web_acl_logging_configuration docs: inspect -> redact

The word `Redact` seemed to make it more clear than `inspect` in regards to what will actually happen with that field.

* Check for null regexp in 'testCheckTypeSetElemNestedAttrsInState'.

* resource/aws_eks_node_group: Add launch_template configuration block (#14639)

Reference: https://github.com/aws/aws-sdk-go/releases/tag/v1.34.4
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14523

Output from acceptance testing:

```
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MinSize (1167.16s)
--- PASS: TestAccAWSEksNodeGroup_AmiType (1173.29s)
--- PASS: TestAccAWSEksNodeGroup_disappears (1179.53s)
--- PASS: TestAccAWSEksNodeGroup_basic (1204.59s)
--- PASS: TestAccAWSEksNodeGroup_DiskSize (1217.40s)
--- PASS: TestAccAWSEksNodeGroup_LaunchTemplate_Version (1217.81s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_Ec2SshKey (1218.04s)
--- PASS: TestAccAWSEksNodeGroup_Tags (1222.27s)
--- PASS: TestAccAWSEksNodeGroup_RemoteAccess_SourceSecurityGroupIds (1228.60s)
--- PASS: TestAccAWSEksNodeGroup_InstanceTypes (1235.81s)
--- PASS: TestAccAWSEksNodeGroup_Labels (1288.05s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_DesiredSize (1293.11s)
--- PASS: TestAccAWSEksNodeGroup_ScalingConfig_MaxSize (1322.00s)
--- PASS: TestAccAWSEksNodeGroup_LaunchTemplate_Id (1569.19s)
--- PASS: TestAccAWSEksNodeGroup_LaunchTemplate_Name (1632.97s)
--- PASS: TestAccAWSEksNodeGroup_ReleaseVersion (3301.17s)
--- PASS: TestAccAWSEksNodeGroup_ForceUpdateVersion (3331.88s)
--- PASS: TestAccAWSEksNodeGroup_Version (3503.58s)
```

* Update CHANGELOG for #14639

* tests/provider: Update hardcoded AZs (Redshift)

* Update CHANGELOG for #14685

* docs/resource/aws_cloudtrail: Update CloudWatch Log group argument reference (#14751)

Co-authored-by: ktalhi <katia.talhi@alterway.fr>

* resource/aws_ec2_client_vpn_network_association: Support resource import and additional security groups (#14146)

Output from acceptance testing:

```
--- PASS: TestAccAwsEc2ClientVpn_serial (4.84s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_basic (39.99s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_disappears (36.20s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_groups (76.62s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/AuthorizationRule_Subnets (56.20s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_basic (16.91s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_disappears (14.36s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_msAD (1700.14s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_mutualAuthAndMsAD (1842.62s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_splitTunnel (28.99s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_tags (41.65s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_withDNSServers (27.10s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Endpoint_withLogGroup (29.64s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/NetworkAssociation_basic (552.68s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/NetworkAssociation_disappears (538.30s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/NetworkAssociation_securityGroups (570.08s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Route_basic (575.22s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Route_description (564.03s)
    --- PASS: TestAccAwsEc2ClientVpn_serial/Route_disappears (596.19s)
```

* Update CHANGELOG for #14146

* update to using AWS SDK defined values arrays

* resource/aws_api_gateway_vpc_link: Remove customizable timeout and increase previous hardcoded timeouts to 20 minutes

Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/10407/files#r463739571

Output from acceptance testing:

```
--- PASS: TestAccAWSAPIGatewayVpcLink_basic (696.12s)
--- PASS: TestAccAWSAPIGatewayVpcLink_tags (717.57s)
--- PASS: TestAccAWSAPIGatewayVpcLink_disappears (717.60s)
```

* Update CHANGELOG for #10407

* awsproviderlint: Add AWSV001 check, switch fmtsprintfcallexpr pass to upstream (#14681)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14601
Reference: https://github.com/bflad/tfproviderlint/releases/tag/v0.17.0

* resource/aws_storagegatway_smb_file_share: Add audit_destination_arn and smb_acl_enabled arguments (#13572)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewaySmbFileShare_KMSEncrypted (236.89s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_Authentication_GuestAccess (242.87s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_Tags (361.66s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_audit (370.31s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_ReadOnly (375.13s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_RequesterPays (400.47s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_ObjectACL (401.00s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_KMSKeyArn (408.98s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_DefaultStorageClass (409.85s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_GuessMIMETypeEnabled (419.67s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_Authentication_ActiveDirectory (828.73s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_InvalidUserList (872.04s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_smb_acl (898.73s)
--- PASS: TestAccAWSStorageGatewaySmbFileShare_ValidUserList (912.84s)
```

* Update CHANGELOG for #13572

* resource/aws_subnet: Fix removing ipv6 cidr block from subnet (#12303)

Output from acceptance testing:

```
--- PASS: TestAccAWSSubnet_disappears (24.88s)
--- PASS: TestAccAWSSubnet_basic (29.51s)
--- PASS: TestAccAWSSubnet_availabilityZoneId (31.44s)
--- PASS: TestAccAWSSubnet_ignoreTags (43.52s)
--- PASS: TestAccAWSSubnet_tags (60.81s)
--- PASS: TestAccAWSSubnet_enableIpv6 (61.10s)
--- PASS: TestAccAWSSubnet_ipv6 (63.05s)
```

* Update CHANGELOG for #12303

* resource/aws_storagegateway_nfs_file_share: Skip UpdateSMBFileShare API call when only tags change and remove extraneous ListTagsForResource API call during read (#13590)

* Update CHANGELOG for #13590

* v3.3.0

* Address review comments

* Add Security Hub custom action resource

* docs/resource/aws_cloudfront_distribution: Clarified arguments requirement for default_cache_behavior (#14760)

* docs/resource/aws_instance: Update volume_type default to gp2 (#14767)

Per https://aws.amazon.com/about-aws/whats-new/2019/07/ebs-default-volume-type-updated-to-gp2/ we are updating the default to the correct type

* tests/resource/aws_cloudtrail: fix testAccAWSCloudTrail_cloudwatch (#14762)

Output from acceptance testing:

```
--- PASS: TestAccAWSCloudTrail_serial (314.43s)
    --- PASS: TestAccAWSCloudTrail_serial/Trail (314.43s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/tags (38.95s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/eventSelector (71.74s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/cloudwatch (45.68s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/includeGlobalServiceEvents (15.43s)
        --- SKIP: TestAccAWSCloudTrail_serial/Trail/isOrganization (1.01s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/logValidation (26.69s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/basic (26.08s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/enableLogging (36.95s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/isMultiRegion (36.16s)
        --- PASS: TestAccAWSCloudTrail_serial/Trail/kmsKey (15.73s)
```

* Add 'ewbankkit' as maintainer of select services. (#14246)

* resource/aws_storagegateway_cached_iscsi_volume: Add kms_encrypted and kms_key arguments (#12066)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_kms (179.65s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_Tags (226.14s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_SnapshotId (229.53s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_basic (230.15s)
--- PASS: TestAccAWSStorageGatewayCachedIscsiVolume_disappears (287.92s)
```

* Update CHANGELOG for #12066

* resource/aws_storagegateway_gateway: Add `smb_security_strategy` argument (#13563)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Cached (186.23s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_FileS3 (186.34s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Vtl (199.67s)
--- PASS: TestAccAWSStorageGatewayGateway_disappears (201.12s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbGuestPassword (207.36s)
--- PASS: TestAccAWSStorageGatewayGateway_CloudWatchLogs (208.89s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Stored (214.16s)
--- PASS: TestAccAWSStorageGatewayGateway_SMBSecurityStrategy (227.07s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayTimezone (230.14s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayName (232.70s)
--- PASS: TestAccAWSStorageGatewayGateway_tags (254.53s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayVpcEndpoint (303.37s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbActiveDirectorySettings (793.66s)
```

* Update CHANGELOG for #13563

* resource/aws_appmesh_virtual_node: Disallow empty 'backend' blocks. (#14074)

* Update CHANGELOG for #14074

* update iam related tests with formatting change and regex to catch trailing resources

* resource/aws_storagegateway_nfs_file_share: Add cache_attributes configuration block and support S3 Intelligent Tiering (#14759)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayNfsFileShare_disappears (211.77s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_KMSEncrypted (223.93s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_basic (228.23s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_Squash (267.47s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_DefaultStorageClass (271.02s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_ReadOnly (271.44s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_tags (272.90s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_RequesterPays (286.51s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_GuessMIMETypeEnabled (288.90s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_ObjectACL (299.74s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_NFSFileShareDefaults (317.19s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_ClientList (329.73s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_cacheAttributes (334.51s)
--- PASS: TestAccAWSStorageGatewayNfsFileShare_KMSKeyArn (366.22s)
```

* Update CHANGELOG for #14759

* service/acmpca: Add activation of ACMPCA CA to acceptance tests (#13684)

* r/aws_acmpca_certificate_authority: Test CA activation.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority_Enabled'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 20 -run=TestAccAwsAcmpcaCertificateAuthority_Enabled -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthority_Enabled
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_Enabled
=== CONT  TestAccAwsAcmpcaCertificateAuthority_Enabled
--- PASS: TestAccAwsAcmpcaCertificateAuthority_Enabled (69.95s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	69.989s

Add 'TestAccAwsAcmpcaCertificateAuthority_disappears'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsAcmpcaCertificateAuthority_disappears'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 20 -run=TestAccAwsAcmpcaCertificateAuthority_disappears -timeout 120m
=== RUN   TestAccAwsAcmpcaCertificateAuthority_disappears
=== PAUSE TestAccAwsAcmpcaCertificateAuthority_disappears
=== CONT  TestAccAwsAcmpcaCertificateAuthority_disappears
--- PASS: TestAccAwsAcmpcaCertificateAuthority_disappears (25.10s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	25.138s

* r/aws_acmpca_certificate_authority: Remove CAs with DELETED status.

* Update CHANGELOG for #13684

* CODEOWNERS- Add @drfaust92 as services maintainer (#14051)

* Update CODEOWNERS

* add docs

* update list of services to maintain

to include sageamker, glue, codeartifact and storagegateway

* provider: Alphabetize services in CODEOWNERS

Also ensures HashiCorp maintainers are still pinged on reviews for now.

* service/globalaccelerator: Support Client IP address preservation, increase default accelerator creation timeout, remove health_check_path default (#14486)

* Add client_ip_preservation_enabled to global accelerator

* commit test

* r/aws_globalaccelerator_endpoint_group: Use 'tfawsresource.TestCheckTypeSetElemNestedAttrs'.

* r/aws_globalaccelerator_endpoint: Increase deployment wait time (#14161).

* r/aws_globalaccelerator_endpoint_group: Make 'client_ip_preservation_enabled' computed.

* r/aws_globalaccelerator_endpoint_group: Delete security group created by Global Accelerator service in acceptance tests.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP (650.27s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	650.320s

* r/aws_globalaccelerator_endpoint_group: Document 'client_ip_preservation_enabled'.

* r/aws_globalaccelerator_endpoint_group: Add 'TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint
    testing.go:684: Step 0 error: errors during apply:

        Error: Error creating Global Accelerator endpoint group: InvalidArgumentException: Client IP Preservation cannot be set to false for EC2 instances

          on /tmp/tf-test004466997/main.tf line 86:
          (source code not available)

--- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint (133.29s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	133.338s
FAIL
GNUmakefile:26: recipe for target 'testacc' failed
make: *** [testacc] Error 1

* r/aws_globalaccelerator_endpoint_group: Simplify 'TestAccAwsGlobalAcceleratorEndpointGroup_basic'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_basic
    testing.go:684: Step 0 error: After applying this step, the plan was not empty:

        DIFF:

        UPDATE: aws_globalaccelerator_endpoint_group.test
          endpoint_configuration.#:      "0" => "0"
          endpoint_group_region:         "us-west-2" => "us-west-2"
          health_check_interval_seconds: "30" => "30"
          health_check_path:             "" => "/"
          health_check_port:             "80" => ""
          health_check_protocol:         "TCP" => "TCP"
          id:                            "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005"
          listener_arn:                  "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59"
          threshold_count:               "3" => "3"
          traffic_dial_percentage:       "100" => "100"

        STATE:

        aws_globalaccelerator_accelerator.test:
          ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0
          provider = provider.aws
          attributes.# = 1
          attributes.0.flow_logs_enabled = false
          attributes.0.flow_logs_s3_bucket =
          attributes.0.flow_logs_s3_prefix =
          dns_name = a9225ffbbaaf25cce.awsglobalaccelerator.com
          enabled = false
          hosted_zone_id = Z2BJ6XQ5FK7U4H
          ip_address_type = IPV4
          ip_sets.# = 1
          ip_sets.0.ip_addresses.# = 2
          ip_sets.0.ip_addresses.0 = 75.2.20.133
          ip_sets.0.ip_addresses.1 = 99.83.169.50
          ip_sets.0.ip_family = IPv4
          name = tf-acc-test-809980946792323534
        aws_globalaccelerator_endpoint_group.test:
          ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005
          provider = provider.aws
          endpoint_group_region = us-west-2
          health_check_interval_seconds = 30
          health_check_path =
          health_check_port = 80
          health_check_protocol = TCP
          listener_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59
          threshold_count = 3
          traffic_dial_percentage = 100

          Dependencies:
            aws_globalaccelerator_listener.test
        aws_globalaccelerator_listener.test:
          ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59
          provider = provider.aws
          accelerator_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0
          client_affinity = NONE
          port_range.# = 1
          port_range.0.from_port = 80
          port_range.0.to_port = 80
          protocol = TCP

          Dependencies:
            aws_globalaccelerator_accelerator.test
--- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_basic (179.82s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	179.872s
FAIL
GNUmakefile:26: recipe for target 'testacc' failed
make: *** [testacc] Error 1

* Fix health_check_path for GA TCP endpoint group

- Set `health_check_path` to Computed without Default
- Update documentation

* Update website/docs/r/globalaccelerator_endpoint_group.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

* r/aws_globalaccelerator_endpoint_group: Change 'health_check_port' to Computed (#12882).

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_basic
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_basic (183.26s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	183.312s
$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_update'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_update -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_update
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_update
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_update
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_update (241.78s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	241.856s

* r/aws_globalaccelerator_endpoint_group: Add '_disappears' acceptance test (#13527, #13826).

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears -timeout 120m
=== RUN   TestAccAwsGlobalAcceleratorEndpointGroup_disappears
=== PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_disappears
=== CONT  TestAccAwsGlobalAcceleratorEndpointGroup_disappears
--- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_disappears (191.83s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	191.883s

* r/aws_globalaccelerator_endpoint_group: Set 'client_ip_preservation_enabled' to 'true' for EC2 instance endpoint test.

Co-authored-by: Zuhaib Siddique <zuhaib@launchdarkly.com>
Co-authored-by: LOU Xun <aquarhead@ela.build>
Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14486

* resource/aws_service_discovery_http_namespace: Correct name validation (#14749)

* Update elasticache_replication_group.html.markdown

* allow removing schedule

* refactor disappears test

* Update CHANGELOG for #14792

* service/appmesh: Update AppMesh resource acceptance tests to 0.12 syntax (#14795)

* r/aws_appmesh_mesh: Update resource testing to 0.12 syntax.

* r/aws_appmesh_route: Update resource testing to 0.12 syntax.

* r/aws_appmesh_virtual_node: Update resource testing to 0.12 syntax.

* r/aws_appmesh_virtual_router: Update resource testing to 0.12 syntax.

* r/aws_appmesh_virtual_service: Update resource testing to 0.12 syntax.

* resource/aws_storagegateway_smb_file_share: Support cache attributes and case sensitivity, remove errant docs (#14790)

* remove smb file share defaults as it doesnt exist

* plan time validation refactor

* add cache attributes

* disappears test

* use %w for errors

* use %#v for structs

* support case sensitivity

* Update CHANGELOG for #14790

* update tf syntax

* resource/aws_storagegateway_gateway: Add support for bandwidth values (#13568)

Output from acceptance testing:

```
--- PASS: TestAccAWSStorageGatewayGateway_disappears (182.38s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Stored (206.84s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbGuestPassword (210.94s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_FileS3 (227.23s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayName (233.03s)
--- PASS: TestAccAWSStorageGatewayGateway_CloudWatchLogs (238.19s)
--- PASS: TestAccAWSStorageGatewayGateway_tags (244.80s)
--- PASS: TestAccAWSStorageGatewayGateway_bandwidthUpload (244.86s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Vtl (248.04s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayType_Cached (248.57s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayTimezone (262.73s)
--- PASS: TestAccAWSStorageGatewayGateway_SMBSecurityStrategy (262.76s)
--- PASS: TestAccAWSStorageGatewayGateway_bandwidthDownload (281.07s)
--- PASS: TestAccAWSStorageGatewayGateway_GatewayVpcEndpoint (297.35s)
--- PASS: TestAccAWSStorageGatewayGateway_bandwidthAll (300.14s)
--- PASS: TestAccAWSStorageGatewayGateway_SmbActiveDirectorySettings (744.76s)
```

* update test description

* Update CHANGELOG for #13568

* docs/resource/aws_cloudwatch_log_group: Add information about 0 value for retention_in_days argument (#14791)

* Update module aws/aws-sdk-go to v1.34.10 (#14665)

Co-authored-by: Renovate Bot <bot@renovateapp.com>

* New Resource: aws_emr_managed_scaling_policy (#13965)

Output from acceptance testing:

```
--- PASS: TestAccAwsEmrManagedScalingPolicy_ComputeLimits_MaximumOndemandCapacityUnits (469.63s)
--- PASS: TestAccAwsEmrManagedScalingPolicy_basic (475.17s)
--- PASS: TestAccAwsEmrManagedScalingPolicy_ComputeLimits_MaximumCoreCapacityUnits (483.48s)
--- PASS: TestAccAwsEmrManagedScalingPolicy_disappears (493.32s)
```

* Update CHANGELOG for #13965

* tests/resource/aws_codepipeline: Fix TestAccAWSCodePipeline_deployWithServiceRole (#14830)

* resource/aws_xray_sampling_rule: Add tags argument (#14831)

Output from acceptance testing:

```
--- PASS: TestAccAWSXraySamplingRule_basic (13.93s)
--- PASS: TestAccAWSXraySamplingRule_disappears (19.04s)
--- PASS: TestAccAWSXraySamplingRule_update (22.61s)
--- PASS: TestAccAWSXraySamplingRule_tags (53.74s)
```

* Update CHANGELOG for #14831

* Updates Terraform syntax for data source acceptance tests

* tests/resource/aws_redshift_subnet_group: Implement sweeper and disappears test (#14828)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13826
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14574

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSRedshiftSubnetGroup_disappears (26.83s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSRedshiftSubnetGroup_disappears (30.85s)
```

Output from sweeper in AWS Commercial (aws_redshift_cluster failures unrelated):

```
2020/08/25 10:13:32 [DEBUG] Running Sweepers for region (us-west-2):
2020/08/25 10:13:32 [DEBUG] Running Sweeper (aws_redshift_cluster) in region (us-west-2)
2020/08/25 10:13:34 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-2045223997271387682): InvalidClusterState: Unable to delete the cluster tf-redshift-cluster-2045223997271387682. You can only delete clusters with ACTIVE, INCOMPATIBLE_NETWORK, INCOMPATIBLE_HSM, INCOMPATIBLE_RESTORE, INSUFFICIENT_CAPACITY, or HARDWARE_FAILURE lifecycle.
	status code: 400, request id: fda93346-21d9-46ae-b70a-637edb91777d
2020/08/25 10:13:34 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-8644196052749068490): InvalidClusterState: Unable to delete the cluster tf-redshift-cluster-8644196052749068490. You can only delete clusters with ACTIVE, INCOMPATIBLE_NETWORK, INCOMPATIBLE_HSM, INCOMPATIBLE_RESTORE, INSUFFICIENT_CAPACITY, or HARDWARE_FAILURE lifecycle.
	status code: 400, request id: 980f1a92-52d8-41d0-b942-608b8a28d2b0
2020/08/25 10:13:34 [DEBUG] Running Sweeper (aws_redshift_subnet_group) in region (us-west-2)
2020/08/25 10:13:34 [INFO] Deleting Redshift Cluster Subnet Group: foo-1532990571165558666
2020/08/25 10:13:35 [INFO] Deleting Redshift Cluster Subnet Group: foo-2826273713642737832
2020/08/25 10:13:35 [INFO] Deleting Redshift Cluster Subnet Group: foo-2972341912917468064
2020/08/25 10:13:35 [INFO] Deleting Redshift Cluster Subnet Group: foo-548170896135551408
2020/08/25 10:13:36 [INFO] Deleting Redshift Cluster Subnet Group: foo-6210951272445705940
2020/08/25 10:13:36 [INFO] Deleting Redshift Cluster Subnet Group: foo-6650827170013194054
2020/08/25 10:13:37 [INFO] Deleting Redshift Cluster Subnet Group: foo-8947122441846412195
2020/08/25 10:13:37 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-1033431615102227004
2020/08/25 10:13:37 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-3356016725088449244
2020/08/25 10:13:38 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-366062263239024705
2020/08/25 10:13:38 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-4635827958397283374
2020/08/25 10:13:38 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-1676492653723899859
2020/08/25 10:13:39 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-1799088798996484452
2020/08/25 10:13:39 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-3024108242023612112
2020/08/25 10:13:40 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-3299406627706074951
2020/08/25 10:13:40 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-5403800648237234931
2020/08/25 10:13:40 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-625135235143178083
2020/08/25 10:13:41 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-8306727858374757773
2020/08/25 10:13:41 [INFO] Deleting Redshift Cluster Subnet Group: tf-redshift-subnet-group-8365684838675699564
2020/08/25 10:13:41 Sweeper Tests ran successfully:
	- aws_redshift_cluster
	- aws_redshift_subnet_group
2020/08/25 10:13:41 [DEBUG] Running Sweepers for region (us-east-1):
2020/08/25 10:13:41 [DEBUG] Running Sweeper (aws_redshift_cluster) in region (us-east-1)
2020/08/25 10:13:42 [DEBUG] No Redshift clusters to sweep
2020/08/25 10:13:42 [DEBUG] Running Sweeper (aws_redshift_subnet_group) in region (us-east-1)
2020/08/25 10:13:42 Sweeper Tests ran successfully:
	- aws_redshift_subnet_group
	- aws_redshift_cluster
ok  	github.com/terraform-providers/terraform-provider-aws/aws	12.691s
```

Output from sweeper in AWS GovCloud (US) (aws_redshift_cluster failures unrelated):

```
2020/08/25 10:13:40 [DEBUG] Running Sweepers for region (us-gov-west-1):
2020/08/25 10:13:40 [DEBUG] Running Sweeper (aws_redshift_cluster) in region (us-gov-west-1)
2020/08/25 10:13:43 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-1216426925668034673): InvalidClusterState: Unable to delete the cluster tf-redshift-cluster-1216426925668034673. You can only delete clusters with ACTIVE, INCOMPATIBLE_NETWORK, INCOMPATIBLE_HSM, INCOMPATIBLE_RESTORE, INSUFFICIENT_CAPACITY, or HARDWARE_FAILURE lifecycle.
	status code: 400, request id: 7b5f4c9e-959f-4e80-b01a-65f2cd066f71
2020/08/25 10:13:44 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-219584981761242852): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 1c672709-d60b-43b0-aadd-1bdf6a5f4797
2020/08/25 10:13:44 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-2558072814228197965): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: cc46c761-1a19-4f3e-844d-6c5514eedbf1
2020/08/25 10:13:45 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-6093122516016678979): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 24d63cb2-7635-4448-878e-2ccde8e03478
2020/08/25 10:13:45 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-6534318059499305980): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 28e83e42-6e20-4366-9c86-25f04d5138ad
2020/08/25 10:13:46 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-7172132402108784395): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 1f2cef04-05ef-42dc-bc2c-ce937032db61
2020/08/25 10:13:46 [ERROR] Failed deleting Redshift cluster (tf-redshift-cluster-8068671586261296151): InvalidClusterState: There is an operation running on the Cluster. Please try to delete it at a later time.
	status code: 400, request id: 7abeafb4-268c-4b4d-abae-91e1bcab4e01
2020/08/25 10:13:46 [DEBUG] Running Sweeper (aws_redshift_subnet_group) in region (us-gov-west-1)
2020/08/25 10:13:47 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-2418503084750398980
2020/08/25 10:13:48 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-2939943196500636311
2020/08/25 10:13:48 [INFO] Deleting Redshift Cluster Subnet Group: tf-acc-test-8506717930441343050
2020/08/25 10:13:49 Sweeper Tests ran successfully:
	- aws_redshift_cluster
	- aws_redshift_subnet_group
ok  	github.com/terraform-providers/terraform-provider-aws/aws	10.018s
```

* Small syntax fixes

* update test configs to fix failing tests

* update to using data source instance types

* docs/resource/aws_autoscaling_policy: Add missing min_adjustment_magnitude argument (#14807)

* missing min_adjustment_magnitude argument in the docs

* Update website/docs/r/autoscaling_policy.html.markdown

Co-authored-by: Brian Flad <bflad417@gmail.com>

Co-authored-by: Brian Flad <bflad417@gmail.com>

* New Resource: aws_guardduty_publishing_destination (#13894)

* Implementation of resource new resource type for GuardDuty S3 Export (#10920)

* Added tests and documentation

* Fixed test namings

* Fixed linter issues and removed explicit import test case

* Fixed HCL formatting in documentation

* Fixed some namings and sidebar link

* Update/refactor publishing destination (#1)

* Merged latest master changes and resolved conflicts

* Merged from Upstream master and squashed commits

* Delete defaults.go

* Removed changes from vendor subdirectory and synched with master.

* Refactor GuardDuty to waiter pattern

* Remove unused constant

* Small refactor based on PR review

* Add disappears test and refactor based on PR review

* Refactor based on PR review

* Refactor according to PR review

* Additional fix wrt tf 0.12

Co-authored-by: Sebastian Häpe <Sebastian.Haepe@nordcloud.com>
Co-authored-by: shaepe <44882151+shaepe@users.noreply.github.com>

* Update CHANGELOG for #13894

* resource/aws_guardduty_publishing_destination: Minor adjustments for initial resource

Output from acceptance testing:

```
    --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination (59.25s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/basic (30.31s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/disappears (28.94s)
```

* internal/service/guardduty/waiter: Refactor Publishing Destination status handling

Output from acceptance testing:

```
    --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination (64.97s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/disappears (31.59s)
        --- PASS: TestAccAWSGuardDuty_serial/PublishingDestination/basic (33.39s)
```

* r/aws_cloudfront_distribution: Avoid raw pointer dereferences (#12992).

* r/aws_cloudfront_distribution: Fix 'TestAccAWSCloudFrontDistribution_OriginGroups'.

* resource/aws_securityhub_action_target: Finishing touches for initial resource

Output from acceptance testing:

```
    --- PASS: TestAccAWSSecurityHub_serial/ActionTarget (73.84s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/Description (24.16s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/Name (23.25s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/basic (14.02s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/disappears (12.41s)
```

* Update CHANGELOG for #10493

* deps: Allow dependabot to upgrade GitHub action versions (#14835)

* Allow dependabot to upgrad GitHub action versions

* Add dependencies section to hashibot w/ dependabot

* Fix aws_ecs_task_definition docs markdown links

It looks like these were broken due to line wrapping.

* remove aws webite ref

* Update CHANGELOG for #14844

* tests/provider: Update hardcoded AZs (Default Subnet)

* New Resource: aws_xray_group (#13597)

Output from acceptance testing:

```
--- PASS: TestAccAWSXrayGroup_disappears (12.57s)
--- PASS: TestAccAWSXrayGroup_basic (28.65s)
--- PASS: TestAccAWSXrayGroup_tags (39.39s)
```

* Update CHANGELOG for #13597

* tests/resource/aws_elb: Fix TestAccAWSELB_swap_subnets (#14865)

Output from acceptance testing:

```
--- PASS: TestAccAWSELB_swap_subnets (45.08s)
```

* Update website/docs/r/elasticache_replication_group.html.markdown

Co-authored-by: angie pinilla <angelinepinilla@gmail.com>

* New Resource: aws_xray_encryption_config (#13600)

Output from acceptance testing:

```
--- PASS: TestAccAWSXrayEncryptionConfig_basic (941.85s)
```

* Update CHANGELOG for #13600

* resource/aws_apigatewayv2_integration: AWS service integrations for HTTP APIs. (#14860)

Output from acceptance testing:

```
--- PASS: TestAccAWSAPIGatewayV2Integration_disappears (29.00s)
--- PASS: TestAccAWSAPIGatewayV2Integration_basicHttp (30.37s)
--- PASS: TestAccAWSAPIGatewayV2IntegrationResponse_basic (32.64s)
--- PASS: TestAccAWSAPIGatewayV2Integration_basicWebSocket (32.81s)
--- PASS: TestAccAWSAPIGatewayV2Integration_AwsServiceIntegration (33.16s)
--- PASS: TestAccAWSAPIGatewayV2IntegrationResponse_disappears (36.85s)
--- PASS: TestAccAWSAPIGatewayV2Integration_IntegrationTypeHttp (41.16s)
--- PASS: TestAccAWSAPIGatewayV2IntegrationResponse_AllAttributes (42.63s)
--- PASS: TestAccAWSAPIGatewayV2Integration_LambdaHttp (46.09s)
--- PASS: TestAccAWSAPIGatewayV2Integration_LambdaWebSocket (52.54s)
--- PASS: TestAccAWSAPIGatewayV2Integration_VpcLinkHttp (417.62s)
--- PASS: TestAccAWSAPIGatewayV2Integration_VpcLinkWebSocket (687.74s)
```

* Update CHANGELOG for #14860

* Update CHANGELOG for #12974

* tests/provider: Ensure GitHub Actions workflow for markdown-lint checks out code and can fetch latest v1 (#14849)

* tests/provider: Ensure GitHub Actions workflow for markdown-lint checks out code and can fetch latest v1

Previously in GitHub Actions production it was exiting immediately with the help message and not failing the step (will need to report upstream):

```
/usr/bin/docker run --name b3ac6370f976814a74da68d2a7f92df15b742_274a0b --label 3b3ac6 --workdir /github/workspace --rm -e GO_VERSION -e GO111MODULE -e TFLINT_VERSION -e INPUT_CONFIG -e INPUT_ARGS -e INPUT_RULES -e INPUT_FIX -e INPUT_OUTPUT -e INPUT_IGNORE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/terraform-provider-aws/terraform-provider-aws":"/github/workspace" 3b3ac6:370f976814a74da68d2a7f92df15b742  "website/docs"

  Usage: markdownlint [options] <files|directories|globs>

  MarkdownLint Command Line Interface

  Options:

    -h, --help                                  output usage information
    -V, --version                               output the version number
    -f, --fix                                   fix basic errors (does not work with STDIN)
    -s, --stdin                                 read from STDIN (does not work with files)
    -o, --output [outputFile]                   write issues to file (no console)
    -c, --config [configFile]                   configuration file (JSON, JSONC, JS, or YAML)
    -i, --ignore [file|directory|glob]          file(s) to ignore/exclude
    -p, --ignore-path [file]                    path to file with ignore pattern(s)
    -r, --rules  [file|directory|glob|package]  custom rule files
```

Which could also be seen with GitHub Actions testing in `act`:

```console
$ act push -j markdown-lint
[Website Checks/markdown-lint      ] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Website Checks/markdown-lint      ]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Documentation Checks/markdown-lint] ⭐  Run avto-dev/markdown-lint@v1.3.0
[Documentation Checks/markdown-lint]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1.3.0
[Website Checks/markdown-lint      ] ⭐  Run avto-dev/markdown-lint@v1.3.0
[Website Checks/markdown-lint      ]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1.3.0
[Documentation Checks/markdown-lint]   🐳  docker build -t act-avto-dev-markdown-lint-v1-3-0:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1.3.0
[Documentation Checks/markdown-lint]   🐳  docker run image=act-avto-dev-markdown-lint-v1-3-0:latest entrypoint=[] cmd=["docs"]
[Website Checks/markdown-lint      ]   🐳  docker build -t act-avto-dev-markdown-lint-v1-3-0:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1.3.0
[Website Checks/markdown-lint      ]   🐳  docker run image=act-avto-dev-markdown-lint-v1-3-0:latest entrypoint=[] cmd=["website/docs"]
|
|   Usage: markdownlint [options] <files|directories|globs>
|
|   MarkdownLint Command Line Interface
|
|   Options:
|
|     -h, --help                                  output usage information
|     -V, --version                               output the version number
|     -f, --fix                                   fix basic errors (does not work with STDIN)
|     -s, --stdin                                 read from STDIN (does not work with files)
|     -o, --output [outputFile]                   write issues to file (no console)
|     -c, --config [configFile]                   configuration file (JSON, JSONC, JS, or YAML)
|     -i, --ignore [file|directory|glob]          file(s) to ignore/exclude
|     -p, --ignore-path [file]                    path to file with ignore pattern(s)
|     -r, --rules  [file|directory|glob|package]  custom rule files
|
[Documentation Checks/markdown-lint]   ✅  Success - avto-dev/markdown-lint@v1.3.0
|
|   Usage: markdownlint [options] <files|directories|globs>
|
|   MarkdownLint Command Line Interface
|
|   Options:
|
|     -h, --help                                  output usage information
|     -V, --version                               output the version number
|     -f, --fix                                   fix basic errors (does not work with STDIN)
|     -s, --stdin                                 read from STDIN (does not work with files)
|     -o, --output [outputFile]                   write issues to file (no console)
|     -c, --config [configFile]                   configuration file (JSON, JSONC, JS, or YAML)
|     -i, --ignore [file|directory|glob]          file(s) to ignore/exclude
|     -p, --ignore-path [file]                    path to file with ignore pattern(s)
|     -r, --rules  [file|directory|glob|package]  custom rule files
|
[Website Checks/markdown-lint      ]   ✅  Success - avto-dev/markdown-lint@v1.3.0
```

Now with GitHub Actions testing in `act`:

```console
$ act push -j markdown-lint
[Website Checks/markdown-lint      ] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint] 🚀  Start image=nektos/act-environments-ubuntu:18.04
[Documentation Checks/markdown-lint]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Website Checks/markdown-lint      ]   🐳  docker run image=nektos/act-environments-ubuntu:18.04 entrypoint=["/usr/bin/tail" "-f" "/dev/null"] cmd=[]
[Website Checks/markdown-lint      ]   🐳  docker cp src=/Users/bflad/src/github.com/terraform-providers/terraform-provider-aws/. dst=/github/workspace
[Documentation Checks/markdown-lint]   🐳  docker cp src=/Users/bflad/src/github.com/terraform-providers/terraform-provider-aws/. dst=/github/workspace
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Documentation Checks/markdown-lint] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] Unable to copy link vendor --> ../../../../../../vendor
[Website Checks/markdown-lint      ] ⭐  Run actions/checkout@v2
[Website Checks/markdown-lint      ]   ✅  Success - actions/checkout@v2
[Website Checks/markdown-lint      ] ⭐  Run avto-dev/markdown-lint@v1
[Website Checks/markdown-lint      ]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1
[Documentation Checks/markdown-lint] ⭐  Run actions/checkout@v2
[Documentation Checks/markdown-lint]   ✅  Success - actions/checkout@v2
[Documentation Checks/markdown-lint] ⭐  Run avto-dev/markdown-lint@v1
[Documentation Checks/markdown-lint]   ☁  git clone 'https://github.com/avto-dev/markdown-lint' # ref=v1
[Website Checks/markdown-lint      ]   🐳  docker build -t act-avto-dev-markdown-lint-v1:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1
[Documentation Checks/markdown-lint]   🐳  docker build -t act-avto-dev-markdown-lint-v1:latest /Users/bflad/.cache/act/avto-dev-markdown-lint@v1
[Website Checks/markdown-lint      ]   🐳  docker run image=act-avto-dev-markdown-lint-v1:latest entrypoint=[] cmd=["website/docs"]
[Documentation Checks/markdown-lint]   🐳  docker run image=act-avto-dev-markdown-lint-v1:latest entrypoint=[] cmd=["docs"]
[Documentation Checks/markdown-lint]   ✅  Success - avto-dev/markdown-lint@v1
| website/docs/r/emr_managed_scaling_policy.html.markdown:60 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "```console"]
| website/docs/r/spot_instance_request.html.markdown:69 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "* `tags` - (Optional) A map of..."]
[Website Checks/markdown-lint      ]   ❌  Failure - avto-dev/markdown-lint@v1
Error: exit with `FAILURE`: 1
```

These failures will be addressed separately.

* docs/provider: Fix markdown-lint reports

Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14849

* resource/aws_emr_instance_group: Extend instance group timeout by 50% (#13077)

* Update CHANGELOG for #13077

* resource/aws_emr_instance_group: Increase creation and update timeouts to 30 minutes (#14106)

Co-authored-by: Brian Flad <bflad417@gmail.com>

* Update CHANGELOG for #14106

* Update CHANGELOG for #9525

* add create timeout for rds_cluster_endpoint resource

* v3.4.0

* Cleanup after v3.4.0 release

* add diffsupressfunc for json field

* refactor opsworks_slack tests and update enumerated values

* add "other" to source type values

Co-authored-by: Brian Flad <bflad417@gmail.com>

* resource/aws_acm_certificate: Provide additional plan-time validation for subject_alternative_names values (#14782)

Previously:

```
    TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString: resource_aws_acm_certificate_test.go:315: Step 1/1, expected an error with pattern, no match on: terraform failed: exit status 1

        stderr:

        Error: Error requesting certificate: ValidationException: 1 validation error detected: Value '[]' at 'subjectAlternativeNames' failed to satisfy constraint: Member must satisfy constraint: [Member must have length less than or equal to 253, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: ^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$]
        	status code: 400, request id: c82c20fc-931d-4e04-b79f-d9795db14fa9
```

The intention of this change was test and prevent against panic in Terraform 0.11, however since the provider no longer supports 0.11 and earlier, this is now merely an enhancement. We could also attempt the same regular expression validation, however that seems more likely to change in the future, should ACM support additional characters in domain naming so its omitted for now.

Output from acceptance testing (unrelated failures due to testing account quota issues):

```
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (2.66s)
--- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (2.94s)
--- FAIL: TestAccAWSAcmCertificate_imported_DomainName (6.59s)
--- FAIL: TestAccAWSAcmCertificate_imported_IpAddress (6.22s)
--- PASS: TestAccAWSAcmCertificate_root (19.80s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (20.68s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (21.38s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (21.73s)
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (21.82s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (22.66s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (23.00s)
--- PASS: TestAccAWSAcmCertificate_wildcard (23.41s)
--- PASS: TestAccAWSAcmCertificate_privateCert (23.68s)
--- PASS: TestAccAWSAcmCertificate_san_single (24.92s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (35.64s)
--- PASS: TestAccAWSAcmCertificate_tags (54.65s)
```

* Update CHANGELOG for #14782

* resource/aws_msk_configuration: Implement Update and Delete support (#14826)

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14822

Fixes consistent test failures like the following, since the deletion API did not exist previously:

```
=== CONT  TestAccAWSMskConfigurationDataSource_Name
TestAccAWSMskConfigurationDataSource_Name: data_source_aws_msk_configuration_test.go:16: Step 1/1 error: terraform failed: exit status 1
stderr:
Error: error creating MSK Configuration: LimitExceededException:
  status code: 429, request id: 2d1a5f7b-9810-4721-8aba-5873760578f7
--- FAIL: TestAccAWSMskConfigurationDataSource_Name (3942.7…
@jamesmharvey
Copy link

@anGie44 I know it's a long shot, but is there any chance of getting this released as a pointfix in a v2.70.0? There are a significant number of breaking changes in v3.0.0, and we're still working through them.

@ghost
Copy link

ghost commented Sep 19, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Sep 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/rds Issues and PRs that pertain to the rds service. size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet