github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_api_gateway_authorizer_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "regexp" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/apigateway" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSAPIGatewayAuthorizer_basic(t *testing.T) { 16 var conf apigateway.Authorizer 17 18 expectedAuthUri := regexp.MustCompile("arn:aws:apigateway:region:lambda:path/2015-03-31/functions/" + 19 "arn:aws:lambda:[a-z0-9-]+:[0-9]{12}:function:tf_acc_api_gateway_authorizer/invocations") 20 expectedCreds := regexp.MustCompile("arn:aws:iam::[0-9]{12}:role/tf_acc_api_gateway_auth_invocation_role") 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckAWSAPIGatewayAuthorizerDestroy, 26 Steps: []resource.TestStep{ 27 resource.TestStep{ 28 Config: testAccAWSAPIGatewayAuthorizerConfig, 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckAWSAPIGatewayAuthorizerExists("aws_api_gateway_authorizer.test", &conf), 31 testAccCheckAWSAPIGatewayAuthorizerAuthorizerUri(&conf, expectedAuthUri), 32 resource.TestMatchResourceAttr("aws_api_gateway_authorizer.test", "authorizer_uri", expectedAuthUri), 33 testAccCheckAWSAPIGatewayAuthorizerIdentitySource(&conf, "method.request.header.Authorization"), 34 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "identity_source", "method.request.header.Authorization"), 35 testAccCheckAWSAPIGatewayAuthorizerName(&conf, "tf-acc-test-authorizer"), 36 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "name", "tf-acc-test-authorizer"), 37 testAccCheckAWSAPIGatewayAuthorizerType(&conf, "TOKEN"), 38 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "type", "TOKEN"), 39 testAccCheckAWSAPIGatewayAuthorizerAuthorizerCredentials(&conf, expectedCreds), 40 resource.TestMatchResourceAttr("aws_api_gateway_authorizer.test", "authorizer_credentials", expectedCreds), 41 testAccCheckAWSAPIGatewayAuthorizerAuthorizerResultTtlInSeconds(&conf, nil), 42 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "authorizer_result_ttl_in_seconds", "0"), 43 testAccCheckAWSAPIGatewayAuthorizerIdentityValidationExpression(&conf, nil), 44 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "identity_validation_expression", ""), 45 ), 46 }, 47 resource.TestStep{ 48 Config: testAccAWSAPIGatewayAuthorizerUpdatedConfig, 49 Check: resource.ComposeTestCheckFunc( 50 testAccCheckAWSAPIGatewayAuthorizerExists("aws_api_gateway_authorizer.test", &conf), 51 testAccCheckAWSAPIGatewayAuthorizerAuthorizerUri(&conf, expectedAuthUri), 52 resource.TestMatchResourceAttr("aws_api_gateway_authorizer.test", "authorizer_uri", expectedAuthUri), 53 testAccCheckAWSAPIGatewayAuthorizerIdentitySource(&conf, "method.request.header.Authorization"), 54 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "identity_source", "method.request.header.Authorization"), 55 testAccCheckAWSAPIGatewayAuthorizerName(&conf, "tf-acc-test-authorizer_modified"), 56 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "name", "tf-acc-test-authorizer_modified"), 57 testAccCheckAWSAPIGatewayAuthorizerType(&conf, "TOKEN"), 58 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "type", "TOKEN"), 59 testAccCheckAWSAPIGatewayAuthorizerAuthorizerCredentials(&conf, expectedCreds), 60 resource.TestMatchResourceAttr("aws_api_gateway_authorizer.test", "authorizer_credentials", expectedCreds), 61 testAccCheckAWSAPIGatewayAuthorizerAuthorizerResultTtlInSeconds(&conf, aws.Int64(360)), 62 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "authorizer_result_ttl_in_seconds", "360"), 63 testAccCheckAWSAPIGatewayAuthorizerIdentityValidationExpression(&conf, aws.String(".*")), 64 resource.TestCheckResourceAttr("aws_api_gateway_authorizer.test", "identity_validation_expression", ".*"), 65 ), 66 }, 67 }, 68 }) 69 } 70 71 func testAccCheckAWSAPIGatewayAuthorizerAuthorizerUri(conf *apigateway.Authorizer, expectedUri *regexp.Regexp) resource.TestCheckFunc { 72 return func(s *terraform.State) error { 73 if conf.AuthorizerUri == nil { 74 return fmt.Errorf("Empty AuthorizerUri, expected: %q", expectedUri) 75 } 76 77 if !expectedUri.MatchString(*conf.AuthorizerUri) { 78 return fmt.Errorf("AuthorizerUri didn't match. Expected: %q, Given: %q", expectedUri, *conf.AuthorizerUri) 79 } 80 return nil 81 } 82 } 83 84 func testAccCheckAWSAPIGatewayAuthorizerIdentitySource(conf *apigateway.Authorizer, expectedSource string) resource.TestCheckFunc { 85 return func(s *terraform.State) error { 86 if conf.IdentitySource == nil { 87 return fmt.Errorf("Empty IdentitySource, expected: %q", expectedSource) 88 } 89 if *conf.IdentitySource != expectedSource { 90 return fmt.Errorf("IdentitySource didn't match. Expected: %q, Given: %q", expectedSource, *conf.IdentitySource) 91 } 92 return nil 93 } 94 } 95 96 func testAccCheckAWSAPIGatewayAuthorizerName(conf *apigateway.Authorizer, expectedName string) resource.TestCheckFunc { 97 return func(s *terraform.State) error { 98 if conf.Name == nil { 99 return fmt.Errorf("Empty Name, expected: %q", expectedName) 100 } 101 if *conf.Name != expectedName { 102 return fmt.Errorf("Name didn't match. Expected: %q, Given: %q", expectedName, *conf.Name) 103 } 104 return nil 105 } 106 } 107 108 func testAccCheckAWSAPIGatewayAuthorizerType(conf *apigateway.Authorizer, expectedType string) resource.TestCheckFunc { 109 return func(s *terraform.State) error { 110 if conf.Type == nil { 111 return fmt.Errorf("Empty Type, expected: %q", expectedType) 112 } 113 if *conf.Type != expectedType { 114 return fmt.Errorf("Type didn't match. Expected: %q, Given: %q", expectedType, *conf.Type) 115 } 116 return nil 117 } 118 } 119 120 func testAccCheckAWSAPIGatewayAuthorizerAuthorizerCredentials(conf *apigateway.Authorizer, expectedCreds *regexp.Regexp) resource.TestCheckFunc { 121 return func(s *terraform.State) error { 122 if conf.AuthorizerCredentials == nil { 123 return fmt.Errorf("Empty AuthorizerCredentials, expected: %q", expectedCreds) 124 } 125 if !expectedCreds.MatchString(*conf.AuthorizerCredentials) { 126 return fmt.Errorf("AuthorizerCredentials didn't match. Expected: %q, Given: %q", 127 expectedCreds, *conf.AuthorizerCredentials) 128 } 129 return nil 130 } 131 } 132 133 func testAccCheckAWSAPIGatewayAuthorizerAuthorizerResultTtlInSeconds(conf *apigateway.Authorizer, expectedTtl *int64) resource.TestCheckFunc { 134 return func(s *terraform.State) error { 135 if expectedTtl == conf.AuthorizerResultTtlInSeconds { 136 return nil 137 } 138 if expectedTtl == nil && conf.AuthorizerResultTtlInSeconds != nil { 139 return fmt.Errorf("Expected empty AuthorizerResultTtlInSeconds, given: %d", *conf.AuthorizerResultTtlInSeconds) 140 } 141 if conf.AuthorizerResultTtlInSeconds == nil { 142 return fmt.Errorf("Empty AuthorizerResultTtlInSeconds, expected: %d", expectedTtl) 143 } 144 if *conf.AuthorizerResultTtlInSeconds != *expectedTtl { 145 return fmt.Errorf("AuthorizerResultTtlInSeconds didn't match. Expected: %d, Given: %d", 146 *expectedTtl, *conf.AuthorizerResultTtlInSeconds) 147 } 148 return nil 149 } 150 } 151 152 func testAccCheckAWSAPIGatewayAuthorizerIdentityValidationExpression(conf *apigateway.Authorizer, expectedExpression *string) resource.TestCheckFunc { 153 return func(s *terraform.State) error { 154 if expectedExpression == conf.IdentityValidationExpression { 155 return nil 156 } 157 if expectedExpression == nil && conf.IdentityValidationExpression != nil { 158 return fmt.Errorf("Expected empty IdentityValidationExpression, given: %q", *conf.IdentityValidationExpression) 159 } 160 if conf.IdentityValidationExpression == nil { 161 return fmt.Errorf("Empty IdentityValidationExpression, expected: %q", *expectedExpression) 162 } 163 if *conf.IdentityValidationExpression != *expectedExpression { 164 return fmt.Errorf("IdentityValidationExpression didn't match. Expected: %q, Given: %q", 165 *expectedExpression, *conf.IdentityValidationExpression) 166 } 167 return nil 168 } 169 } 170 171 func testAccCheckAWSAPIGatewayAuthorizerExists(n string, res *apigateway.Authorizer) resource.TestCheckFunc { 172 return func(s *terraform.State) error { 173 rs, ok := s.RootModule().Resources[n] 174 if !ok { 175 return fmt.Errorf("Not found: %s", n) 176 } 177 178 if rs.Primary.ID == "" { 179 return fmt.Errorf("No API Gateway Authorizer ID is set") 180 } 181 182 conn := testAccProvider.Meta().(*AWSClient).apigateway 183 184 req := &apigateway.GetAuthorizerInput{ 185 AuthorizerId: aws.String(rs.Primary.ID), 186 RestApiId: aws.String(rs.Primary.Attributes["rest_api_id"]), 187 } 188 describe, err := conn.GetAuthorizer(req) 189 if err != nil { 190 return err 191 } 192 193 *res = *describe 194 195 return nil 196 } 197 } 198 199 func testAccCheckAWSAPIGatewayAuthorizerDestroy(s *terraform.State) error { 200 conn := testAccProvider.Meta().(*AWSClient).apigateway 201 202 for _, rs := range s.RootModule().Resources { 203 if rs.Type != "aws_api_gateway_authorizer" { 204 continue 205 } 206 207 req := &apigateway.GetAuthorizerInput{ 208 AuthorizerId: aws.String(rs.Primary.ID), 209 RestApiId: aws.String(rs.Primary.Attributes["rest_api_id"]), 210 } 211 _, err := conn.GetAuthorizer(req) 212 213 if err == nil { 214 return fmt.Errorf("API Gateway Authorizer still exists") 215 } 216 217 aws2err, ok := err.(awserr.Error) 218 if !ok { 219 return err 220 } 221 if aws2err.Code() != "NotFoundException" { 222 return err 223 } 224 225 return nil 226 } 227 228 return nil 229 } 230 231 const testAccAWSAPIGatewayAuthorizerConfig_base = ` 232 resource "aws_api_gateway_rest_api" "test" { 233 name = "tf-auth-test" 234 } 235 236 resource "aws_iam_role" "invocation_role" { 237 name = "tf_acc_api_gateway_auth_invocation_role" 238 path = "/" 239 assume_role_policy = <<EOF 240 { 241 "Version": "2012-10-17", 242 "Statement": [ 243 { 244 "Action": "sts:AssumeRole", 245 "Principal": { 246 "Service": "apigateway.amazonaws.com" 247 }, 248 "Effect": "Allow", 249 "Sid": "" 250 } 251 ] 252 } 253 EOF 254 } 255 256 resource "aws_iam_role_policy" "invocation_policy" { 257 name = "default" 258 role = "${aws_iam_role.invocation_role.id}" 259 policy = <<EOF 260 { 261 "Version": "2012-10-17", 262 "Statement": [ 263 { 264 "Action": "lambda:InvokeFunction", 265 "Effect": "Allow", 266 "Resource": "${aws_lambda_function.authorizer.arn}" 267 } 268 ] 269 } 270 EOF 271 } 272 273 resource "aws_iam_role" "iam_for_lambda" { 274 name = "tf_acc_iam_for_lambda_api_gateway_authorizer" 275 assume_role_policy = <<EOF 276 { 277 "Version": "2012-10-17", 278 "Statement": [ 279 { 280 "Action": "sts:AssumeRole", 281 "Principal": { 282 "Service": "lambda.amazonaws.com" 283 }, 284 "Effect": "Allow", 285 "Sid": "" 286 } 287 ] 288 } 289 EOF 290 } 291 292 resource "aws_lambda_function" "authorizer" { 293 filename = "test-fixtures/lambdatest.zip" 294 source_code_hash = "${base64sha256(file("test-fixtures/lambdatest.zip"))}" 295 function_name = "tf_acc_api_gateway_authorizer" 296 role = "${aws_iam_role.iam_for_lambda.arn}" 297 handler = "exports.example" 298 runtime = "nodejs4.3" 299 } 300 ` 301 302 const testAccAWSAPIGatewayAuthorizerConfig = testAccAWSAPIGatewayAuthorizerConfig_base + ` 303 resource "aws_api_gateway_authorizer" "test" { 304 name = "tf-acc-test-authorizer" 305 rest_api_id = "${aws_api_gateway_rest_api.test.id}" 306 authorizer_uri = "arn:aws:apigateway:region:lambda:path/2015-03-31/functions/${aws_lambda_function.authorizer.arn}/invocations" 307 authorizer_credentials = "${aws_iam_role.invocation_role.arn}" 308 } 309 ` 310 311 const testAccAWSAPIGatewayAuthorizerUpdatedConfig = testAccAWSAPIGatewayAuthorizerConfig_base + ` 312 resource "aws_api_gateway_authorizer" "test" { 313 name = "tf-acc-test-authorizer_modified" 314 rest_api_id = "${aws_api_gateway_rest_api.test.id}" 315 authorizer_uri = "arn:aws:apigateway:region:lambda:path/2015-03-31/functions/${aws_lambda_function.authorizer.arn}/invocations" 316 authorizer_credentials = "${aws_iam_role.invocation_role.arn}" 317 authorizer_result_ttl_in_seconds = 360 318 identity_validation_expression = ".*" 319 } 320 `