github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_flow_log_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ec2" 9 "github.com/hashicorp/terraform/helper/acctest" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSFlowLog_basic(t *testing.T) { 15 var flowLog ec2.FlowLog 16 17 fln := fmt.Sprintf("tf-test-fl-%d", acctest.RandInt()) 18 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 IDRefreshName: "aws_flow_log.test_flow_log", 22 Providers: testAccProviders, 23 CheckDestroy: testAccCheckFlowLogDestroy, 24 Steps: []resource.TestStep{ 25 resource.TestStep{ 26 Config: testAccFlowLogConfig_basic(fln), 27 Check: resource.ComposeTestCheckFunc( 28 testAccCheckFlowLogExists("aws_flow_log.test_flow_log", &flowLog), 29 testAccCheckAWSFlowLogAttributes(&flowLog), 30 ), 31 }, 32 }, 33 }) 34 } 35 36 func TestAccAWSFlowLog_subnet(t *testing.T) { 37 var flowLog ec2.FlowLog 38 39 fln := fmt.Sprintf("tf-test-fl-%d", acctest.RandInt()) 40 41 resource.Test(t, resource.TestCase{ 42 PreCheck: func() { testAccPreCheck(t) }, 43 IDRefreshName: "aws_flow_log.test_flow_log_subnet", 44 Providers: testAccProviders, 45 CheckDestroy: testAccCheckFlowLogDestroy, 46 Steps: []resource.TestStep{ 47 resource.TestStep{ 48 Config: testAccFlowLogConfig_subnet(fln), 49 Check: resource.ComposeTestCheckFunc( 50 testAccCheckFlowLogExists("aws_flow_log.test_flow_log_subnet", &flowLog), 51 testAccCheckAWSFlowLogAttributes(&flowLog), 52 ), 53 }, 54 }, 55 }) 56 } 57 58 func testAccCheckFlowLogExists(n string, flowLog *ec2.FlowLog) resource.TestCheckFunc { 59 return func(s *terraform.State) error { 60 rs, ok := s.RootModule().Resources[n] 61 if !ok { 62 return fmt.Errorf("Not found: %s", n) 63 } 64 65 if rs.Primary.ID == "" { 66 return fmt.Errorf("No Flow Log ID is set") 67 } 68 69 conn := testAccProvider.Meta().(*AWSClient).ec2conn 70 describeOpts := &ec2.DescribeFlowLogsInput{ 71 FlowLogIds: []*string{aws.String(rs.Primary.ID)}, 72 } 73 resp, err := conn.DescribeFlowLogs(describeOpts) 74 if err != nil { 75 return err 76 } 77 78 if len(resp.FlowLogs) > 0 { 79 *flowLog = *resp.FlowLogs[0] 80 return nil 81 } 82 return fmt.Errorf("No Flow Logs found for id (%s)", rs.Primary.ID) 83 } 84 } 85 86 func testAccCheckAWSFlowLogAttributes(flowLog *ec2.FlowLog) resource.TestCheckFunc { 87 return func(s *terraform.State) error { 88 if flowLog.FlowLogStatus != nil && *flowLog.FlowLogStatus == "ACTIVE" { 89 return nil 90 } 91 if flowLog.FlowLogStatus == nil { 92 return fmt.Errorf("Flow Log status is not ACTIVE, is nil") 93 } else { 94 return fmt.Errorf("Flow Log status is not ACTIVE, got: %s", *flowLog.FlowLogStatus) 95 } 96 } 97 } 98 99 func testAccCheckFlowLogDestroy(s *terraform.State) error { 100 for _, rs := range s.RootModule().Resources { 101 if rs.Type != "aws_flow_log" { 102 continue 103 } 104 105 return nil 106 } 107 108 return nil 109 } 110 111 func testAccFlowLogConfig_basic(fln string) string { 112 return fmt.Sprintf(` 113 resource "aws_vpc" "default" { 114 cidr_block = "10.0.0.0/16" 115 tags { 116 Name = "tf-flow-log-test" 117 } 118 } 119 120 resource "aws_subnet" "test_subnet" { 121 vpc_id = "${aws_vpc.default.id}" 122 cidr_block = "10.0.1.0/24" 123 124 tags { 125 Name = "tf-flow-test" 126 } 127 } 128 129 resource "aws_iam_role" "test_role" { 130 name = "test_role" 131 assume_role_policy = <<EOF 132 { 133 "Version": "2012-10-17", 134 "Statement": [ 135 { 136 "Effect": "Allow", 137 "Principal": { 138 "Service": [ 139 "ec2.amazonaws.com" 140 ] 141 }, 142 "Action": [ 143 "sts:AssumeRole" 144 ] 145 } 146 ] 147 } 148 EOF 149 } 150 151 resource "aws_cloudwatch_log_group" "foobar" { 152 name = "%s" 153 } 154 resource "aws_flow_log" "test_flow_log" { 155 # log_group_name needs to exist before hand 156 # until we have a CloudWatch Log Group Resource 157 log_group_name = "tf-test-log-group" 158 iam_role_arn = "${aws_iam_role.test_role.arn}" 159 vpc_id = "${aws_vpc.default.id}" 160 traffic_type = "ALL" 161 } 162 163 resource "aws_flow_log" "test_flow_log_subnet" { 164 # log_group_name needs to exist before hand 165 # until we have a CloudWatch Log Group Resource 166 log_group_name = "${aws_cloudwatch_log_group.foobar.name}" 167 iam_role_arn = "${aws_iam_role.test_role.arn}" 168 subnet_id = "${aws_subnet.test_subnet.id}" 169 traffic_type = "ALL" 170 } 171 `, fln) 172 } 173 174 func testAccFlowLogConfig_subnet(fln string) string { 175 return fmt.Sprintf(` 176 resource "aws_vpc" "default" { 177 cidr_block = "10.0.0.0/16" 178 tags { 179 Name = "tf-flow-log-test" 180 } 181 } 182 183 resource "aws_subnet" "test_subnet" { 184 vpc_id = "${aws_vpc.default.id}" 185 cidr_block = "10.0.1.0/24" 186 187 tags { 188 Name = "tf-flow-test" 189 } 190 } 191 192 resource "aws_iam_role" "test_role" { 193 name = "tf_test_%s" 194 assume_role_policy = <<EOF 195 { 196 "Version": "2012-10-17", 197 "Statement": [ 198 { 199 "Effect": "Allow", 200 "Principal": { 201 "Service": [ 202 "ec2.amazonaws.com" 203 ] 204 }, 205 "Action": [ 206 "sts:AssumeRole" 207 ] 208 } 209 ] 210 } 211 EOF 212 } 213 resource "aws_cloudwatch_log_group" "foobar" { 214 name = "%s" 215 } 216 217 resource "aws_flow_log" "test_flow_log_subnet" { 218 # log_group_name needs to exist before hand 219 # until we have a CloudWatch Log Group Resource 220 log_group_name = "${aws_cloudwatch_log_group.foobar.name}" 221 iam_role_arn = "${aws_iam_role.test_role.arn}" 222 subnet_id = "${aws_subnet.test_subnet.id}" 223 traffic_type = "ALL" 224 } 225 `, fln, fln) 226 }