github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_default_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/ec2" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSDefaultSecurityGroup_basic(t *testing.T) { 15 var group ec2.SecurityGroup 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 IDRefreshName: "aws_default_security_group.web", 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAWSDefaultSecurityGroupConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSDefaultSecurityGroupExists("aws_default_security_group.web", &group), 27 testAccCheckAWSDefaultSecurityGroupAttributes(&group), 28 resource.TestCheckResourceAttr( 29 "aws_default_security_group.web", "name", "default"), 30 resource.TestCheckResourceAttr( 31 "aws_default_security_group.web", "ingress.3629188364.protocol", "tcp"), 32 resource.TestCheckResourceAttr( 33 "aws_default_security_group.web", "ingress.3629188364.from_port", "80"), 34 resource.TestCheckResourceAttr( 35 "aws_default_security_group.web", "ingress.3629188364.to_port", "8000"), 36 resource.TestCheckResourceAttr( 37 "aws_default_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 38 resource.TestCheckResourceAttr( 39 "aws_default_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 40 ), 41 }, 42 }, 43 }) 44 } 45 46 func TestAccAWSDefaultSecurityGroup_classic(t *testing.T) { 47 var group ec2.SecurityGroup 48 49 resource.Test(t, resource.TestCase{ 50 PreCheck: func() { testAccPreCheck(t) }, 51 IDRefreshName: "aws_default_security_group.web", 52 Providers: testAccProviders, 53 CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy, 54 Steps: []resource.TestStep{ 55 resource.TestStep{ 56 Config: testAccAWSDefaultSecurityGroupConfig_classic, 57 Check: resource.ComposeTestCheckFunc( 58 testAccCheckAWSDefaultSecurityGroupExists("aws_default_security_group.web", &group), 59 testAccCheckAWSDefaultSecurityGroupAttributes(&group), 60 resource.TestCheckResourceAttr( 61 "aws_default_security_group.web", "name", "default"), 62 resource.TestCheckResourceAttr( 63 "aws_default_security_group.web", "ingress.3629188364.protocol", "tcp"), 64 resource.TestCheckResourceAttr( 65 "aws_default_security_group.web", "ingress.3629188364.from_port", "80"), 66 resource.TestCheckResourceAttr( 67 "aws_default_security_group.web", "ingress.3629188364.to_port", "8000"), 68 resource.TestCheckResourceAttr( 69 "aws_default_security_group.web", "ingress.3629188364.cidr_blocks.#", "1"), 70 resource.TestCheckResourceAttr( 71 "aws_default_security_group.web", "ingress.3629188364.cidr_blocks.0", "10.0.0.0/8"), 72 ), 73 }, 74 }, 75 }) 76 } 77 78 func testAccCheckAWSDefaultSecurityGroupDestroy(s *terraform.State) error { 79 // We expect Security Group to still exist 80 return nil 81 } 82 83 func testAccCheckAWSDefaultSecurityGroupExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { 84 return func(s *terraform.State) error { 85 rs, ok := s.RootModule().Resources[n] 86 if !ok { 87 return fmt.Errorf("Not found: %s", n) 88 } 89 90 if rs.Primary.ID == "" { 91 return fmt.Errorf("No Security Group is set") 92 } 93 94 conn := testAccProvider.Meta().(*AWSClient).ec2conn 95 req := &ec2.DescribeSecurityGroupsInput{ 96 GroupIds: []*string{aws.String(rs.Primary.ID)}, 97 } 98 resp, err := conn.DescribeSecurityGroups(req) 99 if err != nil { 100 return err 101 } 102 103 if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID { 104 *group = *resp.SecurityGroups[0] 105 return nil 106 } 107 108 return fmt.Errorf("Security Group not found") 109 } 110 } 111 112 func testAccCheckAWSDefaultSecurityGroupAttributes(group *ec2.SecurityGroup) resource.TestCheckFunc { 113 return func(s *terraform.State) error { 114 p := &ec2.IpPermission{ 115 FromPort: aws.Int64(80), 116 ToPort: aws.Int64(8000), 117 IpProtocol: aws.String("tcp"), 118 IpRanges: []*ec2.IpRange{&ec2.IpRange{CidrIp: aws.String("10.0.0.0/8")}}, 119 } 120 121 if *group.GroupName != "default" { 122 return fmt.Errorf("Bad name: %s", *group.GroupName) 123 } 124 125 if len(group.IpPermissions) == 0 { 126 return fmt.Errorf("No IPPerms") 127 } 128 129 // Compare our ingress 130 if !reflect.DeepEqual(group.IpPermissions[0], p) { 131 return fmt.Errorf( 132 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 133 group.IpPermissions[0], 134 p) 135 } 136 137 return nil 138 } 139 } 140 141 const testAccAWSDefaultSecurityGroupConfig = ` 142 resource "aws_vpc" "foo" { 143 cidr_block = "10.1.0.0/16" 144 } 145 146 resource "aws_default_security_group" "web" { 147 vpc_id = "${aws_vpc.foo.id}" 148 149 ingress { 150 protocol = "6" 151 from_port = 80 152 to_port = 8000 153 cidr_blocks = ["10.0.0.0/8"] 154 } 155 156 egress { 157 protocol = "tcp" 158 from_port = 80 159 to_port = 8000 160 cidr_blocks = ["10.0.0.0/8"] 161 } 162 163 tags { 164 Name = "tf-acc-test" 165 } 166 } 167 ` 168 169 const testAccAWSDefaultSecurityGroupConfig_classic = ` 170 provider "aws" { 171 region = "us-east-1" 172 } 173 174 resource "aws_default_security_group" "web" { 175 ingress { 176 protocol = "6" 177 from_port = 80 178 to_port = 8000 179 cidr_blocks = ["10.0.0.0/8"] 180 } 181 182 tags { 183 Name = "tf-acc-test" 184 } 185 }`