github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_cloudwatch_log_destination_policy_test.go

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_cloudwatch_log_destination_policy_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
     8  	"github.com/hashicorp/terraform/helper/acctest"
     9  	"github.com/hashicorp/terraform/helper/resource"
    10  	"github.com/hashicorp/terraform/terraform"
    11  )
    12  
    13  func TestAccAWSCloudwatchLogDestinationPolicy_basic(t *testing.T) {
    14  	var destination cloudwatchlogs.Destination
    15  
    16  	rstring := acctest.RandString(5)
    17  
    18  	resource.Test(t, resource.TestCase{
    19  		PreCheck:     func() { testAccPreCheck(t) },
    20  		Providers:    testAccProviders,
    21  		CheckDestroy: testAccCheckAWSCloudwatchLogDestinationPolicyDestroy,
    22  		Steps: []resource.TestStep{
    23  			{
    24  				Config: testAccAWSCloudwatchLogDestinationPolicyConfig(rstring),
    25  				Check: resource.ComposeTestCheckFunc(
    26  					testAccCheckAWSCloudwatchLogDestinationPolicyExists("aws_cloudwatch_log_destination_policy.test", &destination),
    27  				),
    28  			},
    29  		},
    30  	})
    31  }
    32  
    33  func testAccCheckAWSCloudwatchLogDestinationPolicyDestroy(s *terraform.State) error {
    34  	conn := testAccProvider.Meta().(*AWSClient).cloudwatchlogsconn
    35  
    36  	for _, rs := range s.RootModule().Resources {
    37  		if rs.Type != "aws_cloudwatch_log_destination_policy" {
    38  			continue
    39  		}
    40  		_, exists, err := lookupCloudWatchLogDestination(conn, rs.Primary.ID, nil)
    41  		if err != nil {
    42  			return nil
    43  		}
    44  
    45  		if exists {
    46  			return fmt.Errorf("Bad: Destination Policy still exists: %q", rs.Primary.ID)
    47  		}
    48  	}
    49  
    50  	return nil
    51  
    52  }
    53  
    54  func testAccCheckAWSCloudwatchLogDestinationPolicyExists(n string, d *cloudwatchlogs.Destination) resource.TestCheckFunc {
    55  	return func(s *terraform.State) error {
    56  		rs, ok := s.RootModule().Resources[n]
    57  		if !ok {
    58  			return fmt.Errorf("Not found: %s", n)
    59  		}
    60  
    61  		conn := testAccProvider.Meta().(*AWSClient).cloudwatchlogsconn
    62  		destination, exists, err := lookupCloudWatchLogDestination(conn, rs.Primary.ID, nil)
    63  		if err != nil {
    64  			return err
    65  		}
    66  		if !exists || destination.AccessPolicy == nil {
    67  			return fmt.Errorf("Bad: Destination Policy %q does not exist", rs.Primary.ID)
    68  		}
    69  
    70  		*d = *destination
    71  
    72  		return nil
    73  	}
    74  }
    75  
    76  func testAccAWSCloudwatchLogDestinationPolicyConfig(rstring string) string {
    77  	return fmt.Sprintf(`
    78  resource "aws_kinesis_stream" "test" {
    79    name = "RootAccess_%s"
    80    shard_count = 1
    81  }
    82  
    83  data "aws_region" "current" {
    84    current = true
    85  }
    86  
    87  data "aws_iam_policy_document" "role" {
    88    statement {
    89      effect = "Allow"
    90      principals = {
    91        type = "Service"
    92        identifiers = [
    93          "logs.${data.aws_region.current.name}.amazonaws.com"
    94        ]
    95      }
    96      actions = [
    97        "sts:AssumeRole",
    98      ]
    99    }
   100  }
   101  
   102  resource "aws_iam_role" "test" {
   103    name = "CWLtoKinesisRole_%s"
   104    assume_role_policy = "${data.aws_iam_policy_document.role.json}"
   105  }
   106  
   107  data "aws_iam_policy_document" "policy" {
   108    statement {
   109      effect = "Allow"
   110      actions = [
   111        "kinesis:PutRecord",
   112      ]
   113      resources = [
   114        "${aws_kinesis_stream.test.arn}"
   115      ]
   116    }
   117    statement {
   118      effect = "Allow"
   119      actions = [
   120        "iam:PassRole"
   121      ]
   122      resources = [
   123        "${aws_iam_role.test.arn}"
   124      ]
   125    }
   126  }
   127  
   128  resource "aws_iam_role_policy" "test" {
   129    name = "Permissions-Policy-For-CWL_%s"
   130    role = "${aws_iam_role.test.id}"
   131    policy = "${data.aws_iam_policy_document.policy.json}"
   132  }
   133  
   134  resource "aws_cloudwatch_log_destination" "test" {
   135    name = "testDestination_%s"
   136    target_arn = "${aws_kinesis_stream.test.arn}"
   137    role_arn = "${aws_iam_role.test.arn}"
   138    depends_on = ["aws_iam_role_policy.test"]
   139  }
   140  
   141  data "aws_iam_policy_document" "access" {
   142    statement {
   143      effect = "Allow"
   144      principals = {
   145        type = "AWS"
   146        identifiers = [
   147          "000000000000"
   148        ]
   149      }
   150      actions = [
   151        "logs:PutSubscriptionFilter"
   152      ]
   153      resources = [
   154        "${aws_cloudwatch_log_destination.test.arn}"
   155      ]
   156    }
   157  }
   158  
   159  resource "aws_cloudwatch_log_destination_policy" "test" {
   160    destination_name = "${aws_cloudwatch_log_destination.test.name}"
   161    access_policy = "${data.aws_iam_policy_document.access.json}"
   162  }
   163  `, rstring, rstring, rstring, rstring)
   164  }