github.com/bengesoff/terraform@v0.3.1-0.20141018223233-b25a53629922/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 "github.com/mitchellh/goamz/ec2" 11 ) 12 13 func TestAccAWSSecurityGroup_normal(t *testing.T) { 14 var group ec2.SecurityGroupInfo 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 Providers: testAccProviders, 19 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 20 Steps: []resource.TestStep{ 21 resource.TestStep{ 22 Config: testAccAWSSecurityGroupConfig, 23 Check: resource.ComposeTestCheckFunc( 24 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 25 testAccCheckAWSSecurityGroupAttributes(&group), 26 resource.TestCheckResourceAttr( 27 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 28 resource.TestCheckResourceAttr( 29 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 30 resource.TestCheckResourceAttr( 31 "aws_security_group.web", "ingress.0.protocol", "tcp"), 32 resource.TestCheckResourceAttr( 33 "aws_security_group.web", "ingress.0.from_port", "80"), 34 resource.TestCheckResourceAttr( 35 "aws_security_group.web", "ingress.0.to_port", "8000"), 36 resource.TestCheckResourceAttr( 37 "aws_security_group.web", "ingress.0.cidr_blocks.#", "1"), 38 resource.TestCheckResourceAttr( 39 "aws_security_group.web", "ingress.0.cidr_blocks.0", "10.0.0.0/8"), 40 ), 41 }, 42 }, 43 }) 44 } 45 46 func TestAccAWSSecurityGroup_self(t *testing.T) { 47 var group ec2.SecurityGroupInfo 48 49 checkSelf := func(s *terraform.State) (err error) { 50 defer func() { 51 if e := recover(); e != nil { 52 err = fmt.Errorf("bad: %#v", group) 53 } 54 }() 55 56 if group.IPPerms[0].SourceGroups[0].Id != group.Id { 57 return fmt.Errorf("bad: %#v", group) 58 } 59 60 return nil 61 } 62 63 resource.Test(t, resource.TestCase{ 64 PreCheck: func() { testAccPreCheck(t) }, 65 Providers: testAccProviders, 66 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 67 Steps: []resource.TestStep{ 68 resource.TestStep{ 69 Config: testAccAWSSecurityGroupConfigSelf, 70 Check: resource.ComposeTestCheckFunc( 71 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 72 resource.TestCheckResourceAttr( 73 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 74 resource.TestCheckResourceAttr( 75 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 76 resource.TestCheckResourceAttr( 77 "aws_security_group.web", "ingress.0.protocol", "tcp"), 78 resource.TestCheckResourceAttr( 79 "aws_security_group.web", "ingress.0.from_port", "80"), 80 resource.TestCheckResourceAttr( 81 "aws_security_group.web", "ingress.0.to_port", "8000"), 82 resource.TestCheckResourceAttr( 83 "aws_security_group.web", "ingress.0.self", "true"), 84 checkSelf, 85 ), 86 }, 87 }, 88 }) 89 } 90 91 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 92 var group ec2.SecurityGroupInfo 93 94 testCheck := func(*terraform.State) error { 95 if group.VpcId == "" { 96 return fmt.Errorf("should have vpc ID") 97 } 98 99 return nil 100 } 101 102 resource.Test(t, resource.TestCase{ 103 PreCheck: func() { testAccPreCheck(t) }, 104 Providers: testAccProviders, 105 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 106 Steps: []resource.TestStep{ 107 resource.TestStep{ 108 Config: testAccAWSSecurityGroupConfigVpc, 109 Check: resource.ComposeTestCheckFunc( 110 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 111 testAccCheckAWSSecurityGroupAttributes(&group), 112 resource.TestCheckResourceAttr( 113 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 114 resource.TestCheckResourceAttr( 115 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 116 resource.TestCheckResourceAttr( 117 "aws_security_group.web", "ingress.0.protocol", "tcp"), 118 resource.TestCheckResourceAttr( 119 "aws_security_group.web", "ingress.0.from_port", "80"), 120 resource.TestCheckResourceAttr( 121 "aws_security_group.web", "ingress.0.to_port", "8000"), 122 resource.TestCheckResourceAttr( 123 "aws_security_group.web", "ingress.0.cidr_blocks.#", "1"), 124 resource.TestCheckResourceAttr( 125 "aws_security_group.web", "ingress.0.cidr_blocks.0", "10.0.0.0/8"), 126 testCheck, 127 ), 128 }, 129 }, 130 }) 131 } 132 133 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 134 var group ec2.SecurityGroupInfo 135 136 resource.Test(t, resource.TestCase{ 137 PreCheck: func() { testAccPreCheck(t) }, 138 Providers: testAccProviders, 139 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 140 Steps: []resource.TestStep{ 141 resource.TestStep{ 142 Config: testAccAWSSecurityGroupConfigMultiIngress, 143 Check: resource.ComposeTestCheckFunc( 144 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 145 ), 146 }, 147 }, 148 }) 149 } 150 151 func TestAccAWSSecurityGroup_Change(t *testing.T) { 152 var group ec2.SecurityGroupInfo 153 154 resource.Test(t, resource.TestCase{ 155 PreCheck: func() { testAccPreCheck(t) }, 156 Providers: testAccProviders, 157 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 158 Steps: []resource.TestStep{ 159 resource.TestStep{ 160 Config: testAccAWSSecurityGroupConfig, 161 Check: resource.ComposeTestCheckFunc( 162 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 163 ), 164 }, 165 resource.TestStep{ 166 Config: testAccAWSSecurityGroupConfigChange, 167 Check: resource.ComposeTestCheckFunc( 168 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 169 testAccCheckAWSSecurityGroupAttributesChanged(&group), 170 ), 171 }, 172 }, 173 }) 174 } 175 176 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 177 conn := testAccProvider.ec2conn 178 179 for _, rs := range s.RootModule().Resources { 180 if rs.Type != "aws_security_group" { 181 continue 182 } 183 184 sgs := []ec2.SecurityGroup{ 185 ec2.SecurityGroup{ 186 Id: rs.Primary.ID, 187 }, 188 } 189 190 // Retrieve our group 191 resp, err := conn.SecurityGroups(sgs, nil) 192 if err == nil { 193 if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { 194 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 195 } 196 197 return nil 198 } 199 200 ec2err, ok := err.(*ec2.Error) 201 if !ok { 202 return err 203 } 204 // Confirm error code is what we want 205 if ec2err.Code != "InvalidGroup.NotFound" { 206 return err 207 } 208 } 209 210 return nil 211 } 212 213 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 214 return func(s *terraform.State) error { 215 rs, ok := s.RootModule().Resources[n] 216 if !ok { 217 return fmt.Errorf("Not found: %s", n) 218 } 219 220 if rs.Primary.ID == "" { 221 return fmt.Errorf("No Security Group is set") 222 } 223 224 conn := testAccProvider.ec2conn 225 sgs := []ec2.SecurityGroup{ 226 ec2.SecurityGroup{ 227 Id: rs.Primary.ID, 228 }, 229 } 230 resp, err := conn.SecurityGroups(sgs, nil) 231 if err != nil { 232 return err 233 } 234 235 if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { 236 237 *group = resp.Groups[0] 238 239 return nil 240 } 241 242 return fmt.Errorf("Security Group not found") 243 } 244 } 245 246 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 247 return func(s *terraform.State) error { 248 p := ec2.IPPerm{ 249 FromPort: 80, 250 ToPort: 8000, 251 Protocol: "tcp", 252 SourceIPs: []string{"10.0.0.0/8"}, 253 } 254 255 if group.Name != "terraform_acceptance_test_example" { 256 return fmt.Errorf("Bad name: %s", group.Name) 257 } 258 259 if group.Description != "Used in the terraform acceptance tests" { 260 return fmt.Errorf("Bad description: %s", group.Description) 261 } 262 263 if len(group.IPPerms) == 0 { 264 return fmt.Errorf("No IPPerms") 265 } 266 267 // Compare our ingress 268 if !reflect.DeepEqual(group.IPPerms[0], p) { 269 return fmt.Errorf( 270 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 271 group.IPPerms[0], 272 p) 273 } 274 275 return nil 276 } 277 } 278 279 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 280 return func(s *terraform.State) error { 281 p := []ec2.IPPerm{ 282 ec2.IPPerm{ 283 FromPort: 80, 284 ToPort: 9000, 285 Protocol: "tcp", 286 SourceIPs: []string{"10.0.0.0/8"}, 287 }, 288 ec2.IPPerm{ 289 FromPort: 80, 290 ToPort: 8000, 291 Protocol: "tcp", 292 SourceIPs: []string{"0.0.0.0/0", "10.0.0.0/8"}, 293 }, 294 } 295 296 if group.Name != "terraform_acceptance_test_example" { 297 return fmt.Errorf("Bad name: %s", group.Name) 298 } 299 300 if group.Description != "Used in the terraform acceptance tests" { 301 return fmt.Errorf("Bad description: %s", group.Description) 302 } 303 304 // Compare our ingress 305 if len(group.IPPerms) != 2 { 306 return fmt.Errorf( 307 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 308 group.IPPerms, 309 p) 310 } 311 312 if group.IPPerms[0].ToPort == 8000 { 313 group.IPPerms[1], group.IPPerms[0] = 314 group.IPPerms[0], group.IPPerms[1] 315 } 316 317 if !reflect.DeepEqual(group.IPPerms, p) { 318 return fmt.Errorf( 319 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 320 group.IPPerms, 321 p) 322 } 323 324 return nil 325 } 326 } 327 328 const testAccAWSSecurityGroupConfig = ` 329 resource "aws_security_group" "web" { 330 name = "terraform_acceptance_test_example" 331 description = "Used in the terraform acceptance tests" 332 333 ingress { 334 protocol = "tcp" 335 from_port = 80 336 to_port = 8000 337 cidr_blocks = ["10.0.0.0/8"] 338 } 339 } 340 ` 341 342 const testAccAWSSecurityGroupConfigChange = ` 343 resource "aws_security_group" "web" { 344 name = "terraform_acceptance_test_example" 345 description = "Used in the terraform acceptance tests" 346 347 ingress { 348 protocol = "tcp" 349 from_port = 80 350 to_port = 9000 351 cidr_blocks = ["10.0.0.0/8"] 352 } 353 354 ingress { 355 protocol = "tcp" 356 from_port = 80 357 to_port = 8000 358 cidr_blocks = ["10.0.0.0/8", "0.0.0.0/0"] 359 } 360 } 361 ` 362 363 const testAccAWSSecurityGroupConfigSelf = ` 364 resource "aws_security_group" "web" { 365 name = "terraform_acceptance_test_example" 366 description = "Used in the terraform acceptance tests" 367 368 ingress { 369 protocol = "tcp" 370 from_port = 80 371 to_port = 8000 372 self = true 373 } 374 } 375 ` 376 377 const testAccAWSSecurityGroupConfigVpc = ` 378 resource "aws_vpc" "foo" { 379 cidr_block = "10.1.0.0/16" 380 } 381 382 resource "aws_security_group" "web" { 383 name = "terraform_acceptance_test_example" 384 description = "Used in the terraform acceptance tests" 385 vpc_id = "${aws_vpc.foo.id}" 386 387 ingress { 388 protocol = "tcp" 389 from_port = 80 390 to_port = 8000 391 cidr_blocks = ["10.0.0.0/8"] 392 } 393 } 394 ` 395 396 const testAccAWSSecurityGroupConfigMultiIngress = ` 397 resource "aws_security_group" "worker" { 398 name = "terraform_acceptance_test_example_1" 399 description = "Used in the terraform acceptance tests" 400 401 ingress { 402 protocol = "tcp" 403 from_port = 80 404 to_port = 8000 405 cidr_blocks = ["10.0.0.0/8"] 406 } 407 } 408 409 resource "aws_security_group" "web" { 410 name = "terraform_acceptance_test_example_2" 411 description = "Used in the terraform acceptance tests" 412 413 ingress { 414 protocol = "tcp" 415 from_port = 22 416 to_port = 22 417 cidr_blocks = ["10.0.0.0/8"] 418 } 419 420 ingress { 421 protocol = "tcp" 422 from_port = 800 423 to_port = 800 424 cidr_blocks = ["10.0.0.0/8"] 425 } 426 427 ingress { 428 protocol = "tcp" 429 from_port = 80 430 to_port = 8000 431 security_groups = ["${aws_security_group.worker.id}"] 432 } 433 } 434 `