github.com/chalford/terraform@v0.3.7-0.20150113080010-a78c69a8c81f/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 "github.com/mitchellh/goamz/ec2" 11 ) 12 13 func TestAccAWSSecurityGroup_normal(t *testing.T) { 14 var group ec2.SecurityGroupInfo 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 Providers: testAccProviders, 19 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 20 Steps: []resource.TestStep{ 21 resource.TestStep{ 22 Config: testAccAWSSecurityGroupConfig, 23 Check: resource.ComposeTestCheckFunc( 24 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 25 testAccCheckAWSSecurityGroupAttributes(&group), 26 resource.TestCheckResourceAttr( 27 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 28 resource.TestCheckResourceAttr( 29 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 30 resource.TestCheckResourceAttr( 31 "aws_security_group.web", "ingress.332851786.protocol", "tcp"), 32 resource.TestCheckResourceAttr( 33 "aws_security_group.web", "ingress.332851786.from_port", "80"), 34 resource.TestCheckResourceAttr( 35 "aws_security_group.web", "ingress.332851786.to_port", "8000"), 36 resource.TestCheckResourceAttr( 37 "aws_security_group.web", "ingress.332851786.cidr_blocks.#", "1"), 38 resource.TestCheckResourceAttr( 39 "aws_security_group.web", "ingress.332851786.cidr_blocks.0", "10.0.0.0/8"), 40 ), 41 }, 42 }, 43 }) 44 } 45 46 func TestAccAWSSecurityGroup_self(t *testing.T) { 47 var group ec2.SecurityGroupInfo 48 49 checkSelf := func(s *terraform.State) (err error) { 50 defer func() { 51 if e := recover(); e != nil { 52 err = fmt.Errorf("bad: %#v", group) 53 } 54 }() 55 56 if group.IPPerms[0].SourceGroups[0].Id != group.Id { 57 return fmt.Errorf("bad: %#v", group) 58 } 59 60 return nil 61 } 62 63 resource.Test(t, resource.TestCase{ 64 PreCheck: func() { testAccPreCheck(t) }, 65 Providers: testAccProviders, 66 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 67 Steps: []resource.TestStep{ 68 resource.TestStep{ 69 Config: testAccAWSSecurityGroupConfigSelf, 70 Check: resource.ComposeTestCheckFunc( 71 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 72 resource.TestCheckResourceAttr( 73 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 74 resource.TestCheckResourceAttr( 75 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 76 resource.TestCheckResourceAttr( 77 "aws_security_group.web", "ingress.3128515109.protocol", "tcp"), 78 resource.TestCheckResourceAttr( 79 "aws_security_group.web", "ingress.3128515109.from_port", "80"), 80 resource.TestCheckResourceAttr( 81 "aws_security_group.web", "ingress.3128515109.to_port", "8000"), 82 resource.TestCheckResourceAttr( 83 "aws_security_group.web", "ingress.3128515109.self", "true"), 84 checkSelf, 85 ), 86 }, 87 }, 88 }) 89 } 90 91 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 92 var group ec2.SecurityGroupInfo 93 94 testCheck := func(*terraform.State) error { 95 if group.VpcId == "" { 96 return fmt.Errorf("should have vpc ID") 97 } 98 99 return nil 100 } 101 102 resource.Test(t, resource.TestCase{ 103 PreCheck: func() { testAccPreCheck(t) }, 104 Providers: testAccProviders, 105 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 106 Steps: []resource.TestStep{ 107 resource.TestStep{ 108 Config: testAccAWSSecurityGroupConfigVpc, 109 Check: resource.ComposeTestCheckFunc( 110 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 111 testAccCheckAWSSecurityGroupAttributes(&group), 112 resource.TestCheckResourceAttr( 113 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 114 resource.TestCheckResourceAttr( 115 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 116 resource.TestCheckResourceAttr( 117 "aws_security_group.web", "ingress.332851786.protocol", "tcp"), 118 resource.TestCheckResourceAttr( 119 "aws_security_group.web", "ingress.332851786.from_port", "80"), 120 resource.TestCheckResourceAttr( 121 "aws_security_group.web", "ingress.332851786.to_port", "8000"), 122 resource.TestCheckResourceAttr( 123 "aws_security_group.web", "ingress.332851786.cidr_blocks.#", "1"), 124 resource.TestCheckResourceAttr( 125 "aws_security_group.web", "ingress.332851786.cidr_blocks.0", "10.0.0.0/8"), 126 testCheck, 127 ), 128 }, 129 }, 130 }) 131 } 132 133 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 134 var group ec2.SecurityGroupInfo 135 136 resource.Test(t, resource.TestCase{ 137 PreCheck: func() { testAccPreCheck(t) }, 138 Providers: testAccProviders, 139 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 140 Steps: []resource.TestStep{ 141 resource.TestStep{ 142 Config: testAccAWSSecurityGroupConfigMultiIngress, 143 Check: resource.ComposeTestCheckFunc( 144 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 145 ), 146 }, 147 }, 148 }) 149 } 150 151 func TestAccAWSSecurityGroup_Change(t *testing.T) { 152 var group ec2.SecurityGroupInfo 153 154 resource.Test(t, resource.TestCase{ 155 PreCheck: func() { testAccPreCheck(t) }, 156 Providers: testAccProviders, 157 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 158 Steps: []resource.TestStep{ 159 resource.TestStep{ 160 Config: testAccAWSSecurityGroupConfig, 161 Check: resource.ComposeTestCheckFunc( 162 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 163 ), 164 }, 165 resource.TestStep{ 166 Config: testAccAWSSecurityGroupConfigChange, 167 Check: resource.ComposeTestCheckFunc( 168 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 169 testAccCheckAWSSecurityGroupAttributesChanged(&group), 170 ), 171 }, 172 }, 173 }) 174 } 175 176 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 177 conn := testAccProvider.Meta().(*AWSClient).ec2conn 178 179 for _, rs := range s.RootModule().Resources { 180 if rs.Type != "aws_security_group" { 181 continue 182 } 183 184 sgs := []ec2.SecurityGroup{ 185 ec2.SecurityGroup{ 186 Id: rs.Primary.ID, 187 }, 188 } 189 190 // Retrieve our group 191 resp, err := conn.SecurityGroups(sgs, nil) 192 if err == nil { 193 if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { 194 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 195 } 196 197 return nil 198 } 199 200 ec2err, ok := err.(*ec2.Error) 201 if !ok { 202 return err 203 } 204 // Confirm error code is what we want 205 if ec2err.Code != "InvalidGroup.NotFound" { 206 return err 207 } 208 } 209 210 return nil 211 } 212 213 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 214 return func(s *terraform.State) error { 215 rs, ok := s.RootModule().Resources[n] 216 if !ok { 217 return fmt.Errorf("Not found: %s", n) 218 } 219 220 if rs.Primary.ID == "" { 221 return fmt.Errorf("No Security Group is set") 222 } 223 224 conn := testAccProvider.Meta().(*AWSClient).ec2conn 225 sgs := []ec2.SecurityGroup{ 226 ec2.SecurityGroup{ 227 Id: rs.Primary.ID, 228 }, 229 } 230 resp, err := conn.SecurityGroups(sgs, nil) 231 if err != nil { 232 return err 233 } 234 235 if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { 236 237 *group = resp.Groups[0] 238 239 return nil 240 } 241 242 return fmt.Errorf("Security Group not found") 243 } 244 } 245 246 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 247 return func(s *terraform.State) error { 248 p := ec2.IPPerm{ 249 FromPort: 80, 250 ToPort: 8000, 251 Protocol: "tcp", 252 SourceIPs: []string{"10.0.0.0/8"}, 253 } 254 255 if group.Name != "terraform_acceptance_test_example" { 256 return fmt.Errorf("Bad name: %s", group.Name) 257 } 258 259 if group.Description != "Used in the terraform acceptance tests" { 260 return fmt.Errorf("Bad description: %s", group.Description) 261 } 262 263 if len(group.IPPerms) == 0 { 264 return fmt.Errorf("No IPPerms") 265 } 266 267 // Compare our ingress 268 if !reflect.DeepEqual(group.IPPerms[0], p) { 269 return fmt.Errorf( 270 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 271 group.IPPerms[0], 272 p) 273 } 274 275 return nil 276 } 277 } 278 279 func TestAccAWSSecurityGroup_tags(t *testing.T) { 280 var group ec2.SecurityGroupInfo 281 282 resource.Test(t, resource.TestCase{ 283 PreCheck: func() { testAccPreCheck(t) }, 284 Providers: testAccProviders, 285 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 286 Steps: []resource.TestStep{ 287 resource.TestStep{ 288 Config: testAccAWSSecurityGroupConfigTags, 289 Check: resource.ComposeTestCheckFunc( 290 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 291 testAccCheckTags(&group.Tags, "foo", "bar"), 292 ), 293 }, 294 295 resource.TestStep{ 296 Config: testAccAWSSecurityGroupConfigTagsUpdate, 297 Check: resource.ComposeTestCheckFunc( 298 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 299 testAccCheckTags(&group.Tags, "foo", ""), 300 testAccCheckTags(&group.Tags, "bar", "baz"), 301 ), 302 }, 303 }, 304 }) 305 } 306 307 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 308 return func(s *terraform.State) error { 309 p := []ec2.IPPerm{ 310 ec2.IPPerm{ 311 FromPort: 80, 312 ToPort: 9000, 313 Protocol: "tcp", 314 SourceIPs: []string{"10.0.0.0/8"}, 315 }, 316 ec2.IPPerm{ 317 FromPort: 80, 318 ToPort: 8000, 319 Protocol: "tcp", 320 SourceIPs: []string{"0.0.0.0/0", "10.0.0.0/8"}, 321 }, 322 } 323 324 if group.Name != "terraform_acceptance_test_example" { 325 return fmt.Errorf("Bad name: %s", group.Name) 326 } 327 328 if group.Description != "Used in the terraform acceptance tests" { 329 return fmt.Errorf("Bad description: %s", group.Description) 330 } 331 332 // Compare our ingress 333 if len(group.IPPerms) != 2 { 334 return fmt.Errorf( 335 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 336 group.IPPerms, 337 p) 338 } 339 340 if group.IPPerms[0].ToPort == 8000 { 341 group.IPPerms[1], group.IPPerms[0] = 342 group.IPPerms[0], group.IPPerms[1] 343 } 344 345 if !reflect.DeepEqual(group.IPPerms, p) { 346 return fmt.Errorf( 347 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 348 group.IPPerms, 349 p) 350 } 351 352 return nil 353 } 354 } 355 356 const testAccAWSSecurityGroupConfig = ` 357 resource "aws_security_group" "web" { 358 name = "terraform_acceptance_test_example" 359 description = "Used in the terraform acceptance tests" 360 361 ingress { 362 protocol = "tcp" 363 from_port = 80 364 to_port = 8000 365 cidr_blocks = ["10.0.0.0/8"] 366 } 367 } 368 ` 369 370 const testAccAWSSecurityGroupConfigChange = ` 371 resource "aws_security_group" "web" { 372 name = "terraform_acceptance_test_example" 373 description = "Used in the terraform acceptance tests" 374 375 ingress { 376 protocol = "tcp" 377 from_port = 80 378 to_port = 9000 379 cidr_blocks = ["10.0.0.0/8"] 380 } 381 382 ingress { 383 protocol = "tcp" 384 from_port = 80 385 to_port = 8000 386 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 387 } 388 } 389 ` 390 391 const testAccAWSSecurityGroupConfigSelf = ` 392 resource "aws_security_group" "web" { 393 name = "terraform_acceptance_test_example" 394 description = "Used in the terraform acceptance tests" 395 396 ingress { 397 protocol = "tcp" 398 from_port = 80 399 to_port = 8000 400 self = true 401 } 402 } 403 ` 404 405 const testAccAWSSecurityGroupConfigVpc = ` 406 resource "aws_vpc" "foo" { 407 cidr_block = "10.1.0.0/16" 408 } 409 410 resource "aws_security_group" "web" { 411 name = "terraform_acceptance_test_example" 412 description = "Used in the terraform acceptance tests" 413 vpc_id = "${aws_vpc.foo.id}" 414 415 ingress { 416 protocol = "tcp" 417 from_port = 80 418 to_port = 8000 419 cidr_blocks = ["10.0.0.0/8"] 420 } 421 } 422 ` 423 424 const testAccAWSSecurityGroupConfigMultiIngress = ` 425 resource "aws_security_group" "worker" { 426 name = "terraform_acceptance_test_example_1" 427 description = "Used in the terraform acceptance tests" 428 429 ingress { 430 protocol = "tcp" 431 from_port = 80 432 to_port = 8000 433 cidr_blocks = ["10.0.0.0/8"] 434 } 435 } 436 437 resource "aws_security_group" "web" { 438 name = "terraform_acceptance_test_example_2" 439 description = "Used in the terraform acceptance tests" 440 441 ingress { 442 protocol = "tcp" 443 from_port = 22 444 to_port = 22 445 cidr_blocks = ["10.0.0.0/8"] 446 } 447 448 ingress { 449 protocol = "tcp" 450 from_port = 800 451 to_port = 800 452 cidr_blocks = ["10.0.0.0/8"] 453 } 454 455 ingress { 456 protocol = "tcp" 457 from_port = 80 458 to_port = 8000 459 security_groups = ["${aws_security_group.worker.id}"] 460 } 461 } 462 ` 463 464 const testAccAWSSecurityGroupConfigTags = ` 465 resource "aws_security_group" "foo" { 466 name = "terraform_acceptance_test_example" 467 description = "Used in the terraform acceptance tests" 468 469 ingress { 470 protocol = "tcp" 471 from_port = 80 472 to_port = 8000 473 cidr_blocks = ["10.0.0.0/8"] 474 } 475 476 tags { 477 foo = "bar" 478 } 479 } 480 ` 481 482 const testAccAWSSecurityGroupConfigTagsUpdate = ` 483 resource "aws_security_group" "foo" { 484 name = "terraform_acceptance_test_example" 485 description = "Used in the terraform acceptance tests" 486 487 ingress { 488 protocol = "tcp" 489 from_port = 80 490 to_port = 8000 491 cidr_blocks = ["10.0.0.0/8"] 492 } 493 494 tags { 495 bar = "baz" 496 } 497 } 498 `