merge

.github/PULL_REQUEST_TEMPLATE.md

@@ -23,6 +23,11 @@ If change is not user facing, just write "NONE" in the release-note block below.
 
 Output from acceptance testing:
 
+<!--
+Replace TestAccXXX with a pattern that matches the tests affected by this PR.
+
+For more information on the `-run` flag, see the `go test` documentation at https://tip.golang.org/cmd/go/#hdr-Testing_flags.
+-->
 ```
 $ make testacc TESTARGS='-run=TestAccXXX'
 

.hashibot.hcl

@@ -11,6 +11,21 @@ poll "closed_issue_locker" "locker" {
   EOF
 }
 
+poll "stale_issue_closer" "closer" {
+    schedule = "0 10 3 * * *"
+    no_reply_in_last = "2160h" # 90 days
+    max_issues = 500
+    sleep_between_issues = "5s"
+    created_after = "2019-06-01"
+    exclude_labels = ["needs-triage", "technical-debt"]
+    extra_search_params = "reactions:<20 no:milestone no:assignee"
+    message = <<-EOF
+    I'm going to close this issue due to inactivity (_90 days_ without response ⏳ ). This helps our maintainers find and focus on the active issues.
+
+    If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
+    EOF
+}
+
 behavior "deprecated_import_commenter" "hashicorp_terraform" {
   import_regexp = "github.com/hashicorp/terraform/"
   marker_label  = "terraform-plugin-sdk-migration"

CHANGELOG.md

@@ -1,29 +1,43 @@
-## 2.37.0 (Unreleased)
+## 2.39.0 (Unreleased)
+
+BUGS:
+
+* Fixes issue where `terraform apply` continuously suggests applying changes to `ssh_key` or `password` in `custom_cookbooks_source` property for `aws_opsworks_stack` [GH-10175]
+* Fixes issue where `terraform apply` continuously suggests applying changes to `ssh_key` or `password` in `app_source` property for `aws_opsworks_application` [GH-10175]
+
+## 2.38.0 (November 18, 2019)
+
+FEATURES:
+
+* **New Resource:** `aws_eks_node_group` ([#10916](https://github.com/terraform-providers/terraform-provider-aws/issues/10916))
+
+## 2.37.0 (November 18, 2019)
 
 ENHANCEMENTS:
 
-* resource/aws_api_gateway_rest_api: Add `tags` argument and `arn` attribute [GH-10581]
-* resource/aws_db_instance: Add `ca_cert_identifier` argument [GH-10490]
-* resource/aws_dlm_lifecycle_policy: Add `tags` argument and `arn` attribute [GH-10864]
-* resource/aws_efs_file_system: Add `AFTER_7_DAYS` as a valid `lifecycle_policy` configuratio block `transition_to_ia` argument value [GH-10825]
-* resource/aws_glue_crawler: Add `tags` argument [GH-10805]
-* resource/aws_s3_bucket_inventory: Add `IntelligentTieringAccessTier` as valid value for `optional_fields` argument [GH-10746]
-* resource/aws_waf_geo_match_set: Support resource import and add `arn` attribute [GH-10480]
-* resource/aws_waf_regex_match_set: Support resource import and add `arn` attribute [GH-10481]
-* resource/aws_waf_regex_pattern_set: Support resource import and add `arn` attribute [GH-10482]
-* resource/aws_waf_size_constraint_set: Support resource import and add `arn` attribute [GH-10484]
-* resource/aws_waf_xss_match_set: Support resource import and add `arn` attribute [GH-10485]
-* resource/aws_wafregional_rate_based_rule: Add `tags` argument and `arn` attribute [GH-10897]
-* resource/aws_wafregional_rule_group: Add `tags` argument and `arn` attribute [GH-10896]
-* resource/aws_wafregional_rule: Add `tags` argument and `arn` attribute [GH-10895]
-* resource/aws_wafregional_web_acl: Add `tags` argument [GH-10889]
-* resource/aws_wafregional_web_acl_association: Support resource import [GH-10538]
+* resource/aws_api_gateway_rest_api: Add `tags` argument and `arn` attribute ([#10581](https://github.com/terraform-providers/terraform-provider-aws/issues/10581))
+* resource/aws_db_instance: Add `ca_cert_identifier` argument ([#10490](https://github.com/terraform-providers/terraform-provider-aws/issues/10490))
+* resource/aws_dlm_lifecycle_policy: Add `tags` argument and `arn` attribute ([#10864](https://github.com/terraform-providers/terraform-provider-aws/issues/10864))
+* resource/aws_efs_file_system: Add `AFTER_7_DAYS` as a valid `lifecycle_policy` configuratio block `transition_to_ia` argument value ([#10825](https://github.com/terraform-providers/terraform-provider-aws/issues/10825))
+* resource/aws_glue_crawler: Add `tags` argument ([#10805](https://github.com/terraform-providers/terraform-provider-aws/issues/10805))
+* resource/aws_s3_bucket_inventory: Add `IntelligentTieringAccessTier` as valid value for `optional_fields` argument ([#10746](https://github.com/terraform-providers/terraform-provider-aws/issues/10746))
+* resource/aws_waf_geo_match_set: Support resource import and add `arn` attribute ([#10480](https://github.com/terraform-providers/terraform-provider-aws/issues/10480))
+* resource/aws_waf_regex_match_set: Support resource import and add `arn` attribute ([#10481](https://github.com/terraform-providers/terraform-provider-aws/issues/10481))
+* resource/aws_waf_regex_pattern_set: Support resource import and add `arn` attribute ([#10482](https://github.com/terraform-providers/terraform-provider-aws/issues/10482))
+* resource/aws_waf_size_constraint_set: Support resource import and add `arn` attribute ([#10484](https://github.com/terraform-providers/terraform-provider-aws/issues/10484))
+* resource/aws_waf_xss_match_set: Support resource import and add `arn` attribute ([#10485](https://github.com/terraform-providers/terraform-provider-aws/issues/10485))
+* resource/aws_wafregional_rate_based_rule: Add `tags` argument and `arn` attribute ([#10897](https://github.com/terraform-providers/terraform-provider-aws/issues/10897))
+* resource/aws_wafregional_rule_group: Add `tags` argument and `arn` attribute ([#10896](https://github.com/terraform-providers/terraform-provider-aws/issues/10896))
+* resource/aws_wafregional_rule: Add `tags` argument and `arn` attribute ([#10895](https://github.com/terraform-providers/terraform-provider-aws/issues/10895))
+* resource/aws_wafregional_web_acl: Add `tags` argument ([#10889](https://github.com/terraform-providers/terraform-provider-aws/issues/10889))
+* resource/aws_wafregional_web_acl_association: Support resource import ([#10538](https://github.com/terraform-providers/terraform-provider-aws/issues/10538))
+* resource/aws_cloudtrail: support Tag on create ([#10818](https://github.com/terraform-providers/terraform-provider-aws/issues/10818))
 
 BUG FIXES:
 
-* data-source/aws_iam_policy_document: Prevent panic when combining single principal identifier with multiple principal identifiers [GH-10780]
-* data-source/aws_iam_policy_document: Prevent losing identifier elements when combining single and multiple principals identifiers [GH-10844]
-* resource/aws_servicequotas_service_quota: Remove resource from Terraform state on `NoSuchResourceException` error [GH-10735]
+* data-source/aws_iam_policy_document: Prevent panic when combining single principal identifier with multiple principal identifiers ([#10780](https://github.com/terraform-providers/terraform-provider-aws/issues/10780))
+* data-source/aws_iam_policy_document: Prevent losing identifier elements when combining single and multiple principals identifiers ([#10844](https://github.com/terraform-providers/terraform-provider-aws/issues/10844))
+* resource/aws_servicequotas_service_quota: Remove resource from Terraform state on `NoSuchResourceException` error ([#10735](https://github.com/terraform-providers/terraform-provider-aws/issues/10735))
 
 ## 2.36.0 (November 14, 2019)
 

aws/internal/keyvaluetags/generators/listtags/main.go

@@ -26,6 +26,7 @@ var serviceNames = []string{
 	"athena",
 	"backup",
 	"cloudhsmv2",
+	"cloudtrail",
 	"cloudwatch",
 	"cloudwatchevents",
 	"cloudwatchlogs",
@@ -197,6 +198,8 @@ func ServiceListTagsFunction(serviceName string) string {
 		return "ListTags"
 	case "cloudhsmv2":
 		return "ListTags"
+	case "cloudtrail":
+		return "ListTags"
 	case "cloudwatchlogs":
 		return "ListTagsLogGroup"
 	case "dax":
@@ -247,6 +250,8 @@ func ServiceListTagsInputIdentifierField(serviceName string) string {
 		return "ResourceARN"
 	case "cloudhsmv2":
 		return "ResourceId"
+	case "cloudtrail":
+		return "ResourceIdList"
 	case "cloudwatch":
 		return "ResourceARN"
 	case "cloudwatchevents":
@@ -315,6 +320,8 @@ func ServiceListTagsInputIdentifierField(serviceName string) string {
 // ServiceTagInputIdentifierRequiresSlice determines if the service tagging resource field requires a slice.
 func ServiceListTagsInputIdentifierRequiresSlice(serviceName string) string {
 	switch serviceName {
+	case "cloudtrail":
+		return "yes"
 	case "elbv2":
 		return "yes"
 	default:
@@ -337,6 +344,8 @@ func ServiceListTagsOutputTagsField(serviceName string) string {
 	switch serviceName {
 	case "cloudhsmv2":
 		return "TagList"
+	case "cloudtrail":
+		return "ResourceTagList[0].TagsList"
 	case "databasemigrationservice":
 		return "TagList"
 	case "docdb":

aws/internal/keyvaluetags/generators/updatetags/main.go

@@ -28,6 +28,7 @@ var serviceNames = []string{
 	"athena",
 	"backup",
 	"cloudhsmv2",
+	"cloudtrail",
 	"cloudwatch",
 	"cloudwatchevents",
 	"cloudwatchlogs",
@@ -237,6 +238,8 @@ func ServiceTagFunction(serviceName string) string {
 		return "AddTagsToCertificate"
 	case "acmpca":
 		return "TagCertificateAuthority"
+	case "cloudtrail":
+		return "AddTags"
 	case "cloudwatchlogs":
 		return "TagLogGroup"
 	case "databasemigrationservice":
@@ -299,6 +302,8 @@ func ServiceTagInputIdentifierField(serviceName string) string {
 		return "ResourceARN"
 	case "cloudhsmv2":
 		return "ResourceId"
+	case "cloudtrail":
+		return "ResourceId"
 	case "cloudwatch":
 		return "ResourceARN"
 	case "cloudwatchevents":
@@ -395,6 +400,8 @@ func ServiceTagInputTagsField(serviceName string) string {
 	switch serviceName {
 	case "cloudhsmv2":
 		return "TagList"
+	case "cloudtrail":
+		return "TagsList"
 	case "elasticsearchservice":
 		return "TagList"
 	case "glue":
@@ -421,6 +428,8 @@ func ServiceUntagFunction(serviceName string) string {
 		return "RemoveTagsFromCertificate"
 	case "acmpca":
 		return "UntagCertificateAuthority"
+	case "cloudtrail":
+		return "RemoveTags"
 	case "cloudwatchlogs":
 		return "UntagLogGroup"
 	case "databasemigrationservice":
@@ -479,6 +488,8 @@ func ServiceUntagInputRequiresTagType(serviceName string) string {
 		return "yes"
 	case "acmpca":
 		return "yes"
+	case "cloudtrail":
+		return "yes"
 	case "ec2":
 		return "yes"
 	default:
@@ -497,6 +508,8 @@ func ServiceUntagInputTagsField(serviceName string) string {
 		return "TagKeyList"
 	case "cloudhsmv2":
 		return "TagKeyList"
+	case "cloudtrail":
+		return "TagsList"
 	case "cloudwatchlogs":
 		return "Tags"
 	case "datasync":

aws/internal/keyvaluetags/service_generation_customizations.go

@@ -18,6 +18,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/backup"
 	"github.com/aws/aws-sdk-go/service/cloudfront"
 	"github.com/aws/aws-sdk-go/service/cloudhsmv2"
+	"github.com/aws/aws-sdk-go/service/cloudtrail"
 	"github.com/aws/aws-sdk-go/service/cloudwatch"
 	"github.com/aws/aws-sdk-go/service/cloudwatchevents"
 	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
@@ -124,6 +125,8 @@ func ServiceClientType(serviceName string) string {
 		funcType = reflect.TypeOf(cloudfront.New)
 	case "cloudhsmv2":
 		funcType = reflect.TypeOf(cloudhsmv2.New)
+	case "cloudtrail":
+		funcType = reflect.TypeOf(cloudtrail.New)
 	case "cloudwatch":
 		funcType = reflect.TypeOf(cloudwatch.New)
 	case "cloudwatchevents":

aws/provider.go

@@ -499,6 +499,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_eip":                                                 resourceAwsEip(),
 			"aws_eip_association":                                     resourceAwsEipAssociation(),
 			"aws_eks_cluster":                                         resourceAwsEksCluster(),
+			"aws_eks_node_group":                                      resourceAwsEksNodeGroup(),
 			"aws_elasticache_cluster":                                 resourceAwsElasticacheCluster(),
 			"aws_elasticache_parameter_group":                         resourceAwsElasticacheParameterGroup(),
 			"aws_elasticache_replication_group":                       resourceAwsElasticacheReplicationGroup(),

aws/resource_aws_cloudtrail.go

@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func resourceAwsCloudTrail() *schema.Resource {
@@ -138,12 +139,17 @@ func resourceAwsCloudTrail() *schema.Resource {
 
 func resourceAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).cloudtrailconn
+	tags := keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().CloudtrailTags()
 
 	input := cloudtrail.CreateTrailInput{
 		Name:         aws.String(d.Get("name").(string)),
 		S3BucketName: aws.String(d.Get("s3_bucket_name").(string)),
 	}
 
+	if len(tags) > 0 {
+		input.TagsList = tags
+	}
+
 	if v, ok := d.GetOk("cloud_watch_logs_group_arn"); ok {
 		input.CloudWatchLogsLogGroupArn = aws.String(v.(string))
 	}
@@ -196,7 +202,6 @@ func resourceAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error
 
 	log.Printf("[DEBUG] CloudTrail created: %s", t)
 
-	d.Set("arn", t.TrailARN)
 	d.SetId(*t.Name)
 
 	// AWS CloudTrail sets newly-created trails to false.
@@ -214,7 +219,7 @@ func resourceAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
-	return resourceAwsCloudTrailUpdate(d, meta)
+	return resourceAwsCloudTrailRead(d, meta)
 }
 
 func resourceAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error {
@@ -266,24 +271,14 @@ func resourceAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("arn", trail.TrailARN)
 	d.Set("home_region", trail.HomeRegion)
 
-	// Get tags
-	req := &cloudtrail.ListTagsInput{
-		ResourceIdList: []*string{trail.TrailARN},
-	}
+	tags, err := keyvaluetags.CloudtrailListTags(conn, *trail.TrailARN)
 
-	tagsOut, err := conn.ListTags(req)
 	if err != nil {
-		return err
+		return fmt.Errorf("error listing tags for Cloudtrail (%s): %s", *trail.TrailARN, err)
 	}
-	log.Printf("[DEBUG] Received CloudTrail tags: %s", tagsOut)
 
-	var tags []*cloudtrail.Tag
-	if tagsOut.ResourceTagList != nil && len(tagsOut.ResourceTagList) > 0 {
-		tags = tagsOut.ResourceTagList[0].TagsList
-	}
-
-	if err := d.Set("tags", tagsToMapCloudtrail(tags)); err != nil {
-		return err
+	if err := d.Set("tags", tags.IgnoreAws().Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
 	}
 
 	logstatus, err := cloudTrailGetLoggingStatus(conn, trail.Name)
@@ -369,9 +364,10 @@ func resourceAwsCloudTrailUpdate(d *schema.ResourceData, meta interface{}) error
 	}
 
 	if d.HasChange("tags") {
-		err := setTagsCloudtrail(conn, d)
-		if err != nil {
-			return err
+		o, n := d.GetChange("tags")
+
+		if err := keyvaluetags.CloudtrailUpdateTags(conn, d.Get("arn").(string), o, n); err != nil {
+			return fmt.Errorf("error updating ECR Repository (%s) tags: %s", d.Get("arn").(string), err)
 		}
 	}