github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/alicloud/resource_alicloud_security_group_rule_test.go (about) 1 package alicloud 2 3 import ( 4 "fmt" 5 "github.com/denverdino/aliyungo/common" 6 "github.com/denverdino/aliyungo/ecs" 7 "github.com/hashicorp/terraform/helper/resource" 8 "github.com/hashicorp/terraform/terraform" 9 "log" 10 "regexp" 11 "strings" 12 "testing" 13 ) 14 15 func TestAccAlicloudSecurityGroupRule_Ingress(t *testing.T) { 16 var pt ecs.PermissionType 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { 20 testAccPreCheck(t) 21 }, 22 23 // module name 24 IDRefreshName: "alicloud_security_group_rule.ingress", 25 Providers: testAccProviders, 26 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 27 Steps: []resource.TestStep{ 28 resource.TestStep{ 29 Config: testAccSecurityGroupRuleIngress, 30 Check: resource.ComposeTestCheckFunc( 31 testAccCheckSecurityGroupRuleExists( 32 "alicloud_security_group_rule.ingress", &pt), 33 resource.TestCheckResourceAttr( 34 "alicloud_security_group_rule.ingress", 35 "priority", 36 "1"), 37 resource.TestCheckResourceAttr( 38 "alicloud_security_group_rule.ingress", 39 "nic_type", 40 "internet"), 41 resource.TestCheckResourceAttr( 42 "alicloud_security_group_rule.ingress", 43 "ip_protocol", 44 "tcp"), 45 ), 46 }, 47 }, 48 }) 49 50 } 51 52 func TestAccAlicloudSecurityGroupRule_Egress(t *testing.T) { 53 var pt ecs.PermissionType 54 55 resource.Test(t, resource.TestCase{ 56 PreCheck: func() { 57 testAccPreCheck(t) 58 }, 59 60 // module name 61 IDRefreshName: "alicloud_security_group_rule.egress", 62 Providers: testAccProviders, 63 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 64 Steps: []resource.TestStep{ 65 resource.TestStep{ 66 Config: testAccSecurityGroupRuleEgress, 67 Check: resource.ComposeTestCheckFunc( 68 testAccCheckSecurityGroupRuleExists( 69 "alicloud_security_group_rule.egress", &pt), 70 resource.TestCheckResourceAttr( 71 "alicloud_security_group_rule.egress", 72 "port_range", 73 "80/80"), 74 resource.TestCheckResourceAttr( 75 "alicloud_security_group_rule.egress", 76 "ip_protocol", 77 "udp"), 78 ), 79 }, 80 }, 81 }) 82 83 } 84 85 func TestAccAlicloudSecurityGroupRule_EgressDefaultNicType(t *testing.T) { 86 var pt ecs.PermissionType 87 88 resource.Test(t, resource.TestCase{ 89 PreCheck: func() { 90 testAccPreCheck(t) 91 }, 92 93 // module name 94 IDRefreshName: "alicloud_security_group_rule.egress", 95 Providers: testAccProviders, 96 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 97 Steps: []resource.TestStep{ 98 resource.TestStep{ 99 Config: testAccSecurityGroupRuleEgress_emptyNicType, 100 Check: resource.ComposeTestCheckFunc( 101 testAccCheckSecurityGroupRuleExists( 102 "alicloud_security_group_rule.egress", &pt), 103 resource.TestCheckResourceAttr( 104 "alicloud_security_group_rule.egress", 105 "port_range", 106 "80/80"), 107 resource.TestCheckResourceAttr( 108 "alicloud_security_group_rule.egress", 109 "nic_type", 110 "internet"), 111 ), 112 }, 113 }, 114 }) 115 116 } 117 118 func TestAccAlicloudSecurityGroupRule_Vpc_Ingress(t *testing.T) { 119 var pt ecs.PermissionType 120 121 resource.Test(t, resource.TestCase{ 122 PreCheck: func() { 123 testAccPreCheck(t) 124 }, 125 126 // module name 127 IDRefreshName: "alicloud_security_group_rule.ingress", 128 Providers: testAccProviders, 129 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 130 Steps: []resource.TestStep{ 131 resource.TestStep{ 132 Config: testAccSecurityGroupRuleVpcIngress, 133 Check: resource.ComposeTestCheckFunc( 134 testAccCheckSecurityGroupRuleExists( 135 "alicloud_security_group_rule.ingress", &pt), 136 resource.TestCheckResourceAttr( 137 "alicloud_security_group_rule.ingress", 138 "port_range", 139 "1/200"), 140 resource.TestCheckResourceAttr( 141 "alicloud_security_group_rule.ingress", 142 "ip_protocol", 143 "udp"), 144 ), 145 }, 146 }, 147 }) 148 149 } 150 151 func TestAccAlicloudSecurityGroupRule_MissParameterSourceCidrIp(t *testing.T) { 152 var pt ecs.PermissionType 153 154 resource.Test(t, resource.TestCase{ 155 PreCheck: func() { 156 testAccPreCheck(t) 157 }, 158 159 // module name 160 IDRefreshName: "alicloud_security_group_rule.egress", 161 Providers: testAccProviders, 162 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 163 Steps: []resource.TestStep{ 164 resource.TestStep{ 165 Config: testAccSecurityGroupRule_missingSourceCidrIp, 166 Check: resource.ComposeTestCheckFunc( 167 testAccCheckSecurityGroupRuleExists( 168 "alicloud_security_group_rule.egress", &pt), 169 resource.TestCheckResourceAttr( 170 "alicloud_security_group_rule.egress", 171 "port_range", 172 "80/80"), 173 resource.TestCheckResourceAttr( 174 "alicloud_security_group_rule.egress", 175 "nic_type", 176 "internet"), 177 resource.TestCheckResourceAttr( 178 "alicloud_security_group_rule.egress", 179 "ip_protocol", 180 "udp"), 181 ), 182 }, 183 }, 184 }) 185 186 } 187 188 func TestAccAlicloudSecurityGroupRule_SourceSecurityGroup(t *testing.T) { 189 var pt ecs.PermissionType 190 191 resource.Test(t, resource.TestCase{ 192 PreCheck: func() { 193 testAccPreCheck(t) 194 }, 195 196 // module name 197 IDRefreshName: "alicloud_security_group_rule.ingress", 198 Providers: testAccProviders, 199 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 200 Steps: []resource.TestStep{ 201 resource.TestStep{ 202 Config: testAccSecurityGroupRuleSourceSecurityGroup, 203 Check: resource.ComposeTestCheckFunc( 204 testAccCheckSecurityGroupRuleExists( 205 "alicloud_security_group_rule.ingress", &pt), 206 resource.TestCheckResourceAttr( 207 "alicloud_security_group_rule.ingress", 208 "port_range", 209 "3306/3306"), 210 resource.TestMatchResourceAttr( 211 "alicloud_security_group_rule.ingress", 212 "source_security_group_id", 213 regexp.MustCompile("^sg-[a-zA-Z0-9_]+")), 214 resource.TestCheckResourceAttr( 215 "alicloud_security_group_rule.ingress", 216 "cidr_ip", 217 ""), 218 ), 219 }, 220 }, 221 }) 222 223 } 224 225 func testAccCheckSecurityGroupRuleExists(n string, m *ecs.PermissionType) resource.TestCheckFunc { 226 return func(s *terraform.State) error { 227 rs, ok := s.RootModule().Resources[n] 228 if !ok { 229 return fmt.Errorf("Not found: %s", n) 230 } 231 232 if rs.Primary.ID == "" { 233 return fmt.Errorf("No SecurityGroup Rule ID is set") 234 } 235 236 client := testAccProvider.Meta().(*AliyunClient) 237 log.Printf("[WARN]get sg rule %s", rs.Primary.ID) 238 parts := strings.Split(rs.Primary.ID, ":") 239 // securityGroupId, direction, nicType, ipProtocol, portRange 240 rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[4], parts[2], parts[3]) 241 242 if err != nil { 243 return err 244 } 245 246 if rule == nil { 247 return fmt.Errorf("SecurityGroup not found") 248 } 249 250 *m = *rule 251 return nil 252 } 253 } 254 255 func testAccCheckSecurityGroupRuleDestroy(s *terraform.State) error { 256 client := testAccProvider.Meta().(*AliyunClient) 257 258 for _, rs := range s.RootModule().Resources { 259 if rs.Type != "alicloud_security_group_rule" { 260 continue 261 } 262 263 parts := strings.Split(rs.Primary.ID, ":") 264 rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[4], parts[2], parts[3]) 265 266 if rule != nil { 267 return fmt.Errorf("Error SecurityGroup Rule still exist") 268 } 269 270 // Verify the error is what we want 271 if err != nil { 272 // Verify the error is what we want 273 e, _ := err.(*common.Error) 274 if e.ErrorResponse.Code == InvalidSecurityGroupIdNotFound { 275 continue 276 } 277 return err 278 } 279 } 280 281 return nil 282 } 283 284 const testAccSecurityGroupRuleIngress = ` 285 resource "alicloud_security_group" "foo" { 286 name = "sg_foo" 287 } 288 289 resource "alicloud_security_group_rule" "ingress" { 290 type = "ingress" 291 ip_protocol = "tcp" 292 nic_type = "internet" 293 policy = "accept" 294 port_range = "1/200" 295 priority = 1 296 security_group_id = "${alicloud_security_group.foo.id}" 297 cidr_ip = "10.159.6.18/12" 298 } 299 300 301 ` 302 303 const testAccSecurityGroupRuleEgress = ` 304 resource "alicloud_security_group" "foo" { 305 name = "sg_foo" 306 } 307 308 309 resource "alicloud_security_group_rule" "egress" { 310 type = "egress" 311 ip_protocol = "udp" 312 nic_type = "internet" 313 policy = "accept" 314 port_range = "80/80" 315 priority = 1 316 security_group_id = "${alicloud_security_group.foo.id}" 317 cidr_ip = "10.159.6.18/12" 318 } 319 320 ` 321 322 const testAccSecurityGroupRuleEgress_emptyNicType = ` 323 resource "alicloud_security_group" "foo" { 324 name = "sg_foo" 325 } 326 327 resource "alicloud_security_group_rule" "egress" { 328 type = "egress" 329 ip_protocol = "udp" 330 policy = "accept" 331 port_range = "80/80" 332 priority = 1 333 security_group_id = "${alicloud_security_group.foo.id}" 334 cidr_ip = "10.159.6.18/12" 335 } 336 337 ` 338 339 const testAccSecurityGroupRuleVpcIngress = ` 340 resource "alicloud_security_group" "foo" { 341 vpc_id = "${alicloud_vpc.vpc.id}" 342 name = "sg_foo" 343 } 344 345 resource "alicloud_vpc" "vpc" { 346 cidr_block = "10.1.0.0/21" 347 } 348 349 resource "alicloud_security_group_rule" "ingress" { 350 type = "ingress" 351 ip_protocol = "udp" 352 nic_type = "intranet" 353 policy = "accept" 354 port_range = "1/200" 355 priority = 1 356 security_group_id = "${alicloud_security_group.foo.id}" 357 cidr_ip = "10.159.6.18/12" 358 } 359 360 ` 361 const testAccSecurityGroupRule_missingSourceCidrIp = ` 362 resource "alicloud_security_group" "foo" { 363 name = "sg_foo" 364 } 365 366 resource "alicloud_security_group_rule" "egress" { 367 security_group_id = "${alicloud_security_group.foo.id}" 368 type = "egress" 369 cidr_ip= "0.0.0.0/0" 370 policy = "accept" 371 ip_protocol= "udp" 372 port_range= "80/80" 373 priority= 1 374 } 375 376 ` 377 378 const testAccSecurityGroupRuleMultiIngress = ` 379 resource "alicloud_security_group" "foo" { 380 name = "sg_foo" 381 } 382 383 resource "alicloud_security_group_rule" "ingress1" { 384 type = "ingress" 385 ip_protocol = "tcp" 386 nic_type = "internet" 387 policy = "accept" 388 port_range = "1/200" 389 priority = 1 390 security_group_id = "${alicloud_security_group.foo.id}" 391 cidr_ip = "10.159.6.18/12" 392 } 393 394 resource "alicloud_security_group_rule" "ingress2" { 395 type = "ingress" 396 ip_protocol = "gre" 397 nic_type = "internet" 398 policy = "accept" 399 port_range = "-1/-1" 400 priority = 1 401 security_group_id = "${alicloud_security_group.foo.id}" 402 cidr_ip = "127.0.1.18/16" 403 } 404 405 ` 406 407 const testAccSecurityGroupRuleSourceSecurityGroup = ` 408 resource "alicloud_security_group" "foo" { 409 name = "sg_foo" 410 } 411 412 resource "alicloud_security_group" "bar" { 413 name = "sg_bar" 414 } 415 416 resource "alicloud_security_group_rule" "ingress" { 417 type = "ingress" 418 ip_protocol = "tcp" 419 nic_type = "intranet" 420 policy = "accept" 421 port_range = "3306/3306" 422 priority = 50 423 security_group_id = "${alicloud_security_group.bar.id}" 424 source_security_group_id = "${alicloud_security_group.foo.id}" 425 } 426 427 428 `