github.com/anuaimi/terraform@v0.6.4-0.20150904235404-2bf9aec61da8/builtin/providers/aws/resource_aws_flow_log_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "os" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/ec2" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSFlowLog_basic(t *testing.T) { 15 var flowLog ec2.FlowLog 16 lgn := os.Getenv("LOG_GROUP_NAME") 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckFlowLogDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: fmt.Sprintf(testAccFlowLogConfig_basic, lgn), 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckFlowLogExists("aws_flow_log.test_flow_log", &flowLog), 27 testAccCheckAWSFlowLogAttributes(&flowLog), 28 ), 29 }, 30 }, 31 }) 32 } 33 34 func TestAccAWSFlowLog_subnet(t *testing.T) { 35 var flowLog ec2.FlowLog 36 lgn := os.Getenv("LOG_GROUP_NAME") 37 38 resource.Test(t, resource.TestCase{ 39 PreCheck: func() { testAccPreCheck(t) }, 40 Providers: testAccProviders, 41 CheckDestroy: testAccCheckFlowLogDestroy, 42 Steps: []resource.TestStep{ 43 resource.TestStep{ 44 Config: fmt.Sprintf(testAccFlowLogConfig_subnet, lgn), 45 Check: resource.ComposeTestCheckFunc( 46 testAccCheckFlowLogExists("aws_flow_log.test_flow_log_subnet", &flowLog), 47 testAccCheckAWSFlowLogAttributes(&flowLog), 48 ), 49 }, 50 }, 51 }) 52 } 53 54 func testAccCheckFlowLogExists(n string, flowLog *ec2.FlowLog) resource.TestCheckFunc { 55 return func(s *terraform.State) error { 56 rs, ok := s.RootModule().Resources[n] 57 if !ok { 58 return fmt.Errorf("Not found: %s", n) 59 } 60 61 if rs.Primary.ID == "" { 62 return fmt.Errorf("No Flow Log ID is set") 63 } 64 65 conn := testAccProvider.Meta().(*AWSClient).ec2conn 66 describeOpts := &ec2.DescribeFlowLogsInput{ 67 FlowLogIds: []*string{aws.String(rs.Primary.ID)}, 68 } 69 resp, err := conn.DescribeFlowLogs(describeOpts) 70 if err != nil { 71 return err 72 } 73 74 if len(resp.FlowLogs) > 0 { 75 *flowLog = *resp.FlowLogs[0] 76 return nil 77 } 78 return fmt.Errorf("No Flow Logs found for id (%s)", rs.Primary.ID) 79 } 80 } 81 82 func testAccCheckAWSFlowLogAttributes(flowLog *ec2.FlowLog) resource.TestCheckFunc { 83 return func(s *terraform.State) error { 84 if flowLog.FlowLogStatus != nil && *flowLog.FlowLogStatus == "ACTIVE" { 85 return nil 86 } 87 if flowLog.FlowLogStatus == nil { 88 return fmt.Errorf("Flow Log status is not ACTIVE, is nil") 89 } else { 90 return fmt.Errorf("Flow Log status is not ACTIVE, got: %s", *flowLog.FlowLogStatus) 91 } 92 } 93 } 94 95 func testAccCheckFlowLogDestroy(s *terraform.State) error { 96 for _, rs := range s.RootModule().Resources { 97 if rs.Type != "aws_flow_log" { 98 continue 99 } 100 101 return nil 102 } 103 104 return nil 105 } 106 107 var testAccFlowLogConfig_basic = ` 108 resource "aws_vpc" "default" { 109 cidr_block = "10.0.0.0/16" 110 tags { 111 Name = "tf-flow-log-test" 112 } 113 } 114 115 resource "aws_subnet" "test_subnet" { 116 vpc_id = "${aws_vpc.default.id}" 117 cidr_block = "10.0.1.0/24" 118 119 tags { 120 Name = "tf-flow-test" 121 } 122 } 123 124 resource "aws_iam_role" "test_role" { 125 name = "test_role" 126 assume_role_policy = <<EOF 127 { 128 "Version": "2012-10-17", 129 "Statement": [ 130 { 131 "Effect": "Allow", 132 "Principal": { 133 "Service": [ 134 "ec2.amazonaws.com" 135 ] 136 }, 137 "Action": [ 138 "sts:AssumeRole" 139 ] 140 } 141 ] 142 } 143 EOF 144 } 145 146 resource "aws_flow_log" "test_flow_log" { 147 # log_group_name needs to exist before hand 148 # until we have a CloudWatch Log Group Resource 149 log_group_name = "tf-test-log-group" 150 iam_role_arn = "${aws_iam_role.test_role.arn}" 151 vpc_id = "${aws_vpc.default.id}" 152 traffic_type = "ALL" 153 } 154 155 resource "aws_flow_log" "test_flow_log_subnet" { 156 # log_group_name needs to exist before hand 157 # until we have a CloudWatch Log Group Resource 158 log_group_name = "%s" 159 iam_role_arn = "${aws_iam_role.test_role.arn}" 160 subnet_id = "${aws_subnet.test_subnet.id}" 161 traffic_type = "ALL" 162 } 163 ` 164 165 var testAccFlowLogConfig_subnet = ` 166 resource "aws_vpc" "default" { 167 cidr_block = "10.0.0.0/16" 168 tags { 169 Name = "tf-flow-log-test" 170 } 171 } 172 173 resource "aws_subnet" "test_subnet" { 174 vpc_id = "${aws_vpc.default.id}" 175 cidr_block = "10.0.1.0/24" 176 177 tags { 178 Name = "tf-flow-test" 179 } 180 } 181 182 resource "aws_iam_role" "test_role" { 183 name = "test_role" 184 assume_role_policy = <<EOF 185 { 186 "Version": "2012-10-17", 187 "Statement": [ 188 { 189 "Effect": "Allow", 190 "Principal": { 191 "Service": [ 192 "ec2.amazonaws.com" 193 ] 194 }, 195 "Action": [ 196 "sts:AssumeRole" 197 ] 198 } 199 ] 200 } 201 EOF 202 } 203 204 resource "aws_flow_log" "test_flow_log_subnet" { 205 # log_group_name needs to exist before hand 206 # until we have a CloudWatch Log Group Resource 207 log_group_name = "%s" 208 iam_role_arn = "${aws_iam_role.test_role.arn}" 209 subnet_id = "${aws_subnet.test_subnet.id}" 210 traffic_type = "ALL" 211 } 212 `