github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_group_membership_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/iam" 11 "github.com/hashicorp/terraform/helper/acctest" 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSGroupMembership_basic(t *testing.T) { 17 var group iam.GetGroupOutput 18 19 rString := acctest.RandStringFromCharSet(10, acctest.CharSetAlpha) 20 configBase := fmt.Sprintf(testAccAWSGroupMemberConfig, rString, rString, rString) 21 configUpdate := fmt.Sprintf(testAccAWSGroupMemberConfigUpdate, rString, rString, rString, rString, rString) 22 configUpdateDown := fmt.Sprintf(testAccAWSGroupMemberConfigUpdateDown, rString, rString, rString) 23 24 testUser := fmt.Sprintf("test-user-%s", rString) 25 testUserTwo := fmt.Sprintf("test-user-two-%s", rString) 26 testUserThree := fmt.Sprintf("test-user-three-%s", rString) 27 28 resource.Test(t, resource.TestCase{ 29 PreCheck: func() { testAccPreCheck(t) }, 30 Providers: testAccProviders, 31 CheckDestroy: testAccCheckAWSGroupMembershipDestroy, 32 Steps: []resource.TestStep{ 33 resource.TestStep{ 34 Config: configBase, 35 Check: resource.ComposeTestCheckFunc( 36 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 37 testAccCheckAWSGroupMembershipAttributes(&group, []string{testUser}), 38 ), 39 }, 40 41 resource.TestStep{ 42 Config: configUpdate, 43 Check: resource.ComposeTestCheckFunc( 44 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 45 testAccCheckAWSGroupMembershipAttributes(&group, []string{testUserTwo, testUserThree}), 46 ), 47 }, 48 49 resource.TestStep{ 50 Config: configUpdateDown, 51 Check: resource.ComposeTestCheckFunc( 52 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 53 testAccCheckAWSGroupMembershipAttributes(&group, []string{testUserThree}), 54 ), 55 }, 56 }, 57 }) 58 } 59 60 func TestAccAWSGroupMembership_paginatedUserList(t *testing.T) { 61 var group iam.GetGroupOutput 62 63 resource.Test(t, resource.TestCase{ 64 PreCheck: func() { testAccPreCheck(t) }, 65 Providers: testAccProviders, 66 CheckDestroy: testAccCheckAWSGroupMembershipDestroy, 67 Steps: []resource.TestStep{ 68 resource.TestStep{ 69 Config: testAccAWSGroupMemberConfigPaginatedUserList, 70 Check: resource.ComposeTestCheckFunc( 71 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 72 resource.TestCheckResourceAttr( 73 "aws_iam_group_membership.team", "users.#", "101"), 74 ), 75 }, 76 }, 77 }) 78 } 79 80 func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { 81 conn := testAccProvider.Meta().(*AWSClient).iamconn 82 83 for _, rs := range s.RootModule().Resources { 84 if rs.Type != "aws_iam_group_membership" { 85 continue 86 } 87 88 group := rs.Primary.Attributes["group"] 89 90 _, err := conn.GetGroup(&iam.GetGroupInput{ 91 GroupName: aws.String(group), 92 }) 93 if err != nil { 94 // Verify the error is what we want 95 if ae, ok := err.(awserr.Error); ok && ae.Code() == "NoSuchEntity" { 96 continue 97 } 98 return err 99 } 100 101 return fmt.Errorf("still exists") 102 } 103 104 return nil 105 } 106 107 func testAccCheckAWSGroupMembershipExists(n string, g *iam.GetGroupOutput) resource.TestCheckFunc { 108 return func(s *terraform.State) error { 109 rs, ok := s.RootModule().Resources[n] 110 if !ok { 111 return fmt.Errorf("Not found: %s", n) 112 } 113 114 if rs.Primary.ID == "" { 115 return fmt.Errorf("No User name is set") 116 } 117 118 conn := testAccProvider.Meta().(*AWSClient).iamconn 119 gn := rs.Primary.Attributes["group"] 120 121 resp, err := conn.GetGroup(&iam.GetGroupInput{ 122 GroupName: aws.String(gn), 123 }) 124 125 if err != nil { 126 return fmt.Errorf("Error: Group (%s) not found", gn) 127 } 128 129 *g = *resp 130 131 return nil 132 } 133 } 134 135 func testAccCheckAWSGroupMembershipAttributes(group *iam.GetGroupOutput, users []string) resource.TestCheckFunc { 136 return func(s *terraform.State) error { 137 if !strings.Contains(*group.Group.GroupName, "test-group") { 138 return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group", *group.Group.GroupName) 139 } 140 141 uc := len(users) 142 for _, u := range users { 143 for _, gu := range group.Users { 144 if u == *gu.UserName { 145 uc-- 146 } 147 } 148 } 149 150 if uc > 0 { 151 return fmt.Errorf("Bad group membership count, expected (%d), but only (%d) found", len(users), uc) 152 } 153 return nil 154 } 155 } 156 157 const testAccAWSGroupMemberConfig = ` 158 resource "aws_iam_group" "group" { 159 name = "test-group-%s" 160 } 161 162 resource "aws_iam_user" "user" { 163 name = "test-user-%s" 164 } 165 166 resource "aws_iam_group_membership" "team" { 167 name = "tf-testing-group-membership-%s" 168 users = ["${aws_iam_user.user.name}"] 169 group = "${aws_iam_group.group.name}" 170 } 171 ` 172 173 const testAccAWSGroupMemberConfigUpdate = ` 174 resource "aws_iam_group" "group" { 175 name = "test-group-%s" 176 } 177 178 resource "aws_iam_user" "user" { 179 name = "test-user-%s" 180 } 181 182 resource "aws_iam_user" "user_two" { 183 name = "test-user-two-%s" 184 } 185 186 resource "aws_iam_user" "user_three" { 187 name = "test-user-three-%s" 188 } 189 190 resource "aws_iam_group_membership" "team" { 191 name = "tf-testing-group-membership-%s" 192 users = [ 193 "${aws_iam_user.user_two.name}", 194 "${aws_iam_user.user_three.name}", 195 ] 196 group = "${aws_iam_group.group.name}" 197 } 198 ` 199 200 const testAccAWSGroupMemberConfigUpdateDown = ` 201 resource "aws_iam_group" "group" { 202 name = "test-group-%s" 203 } 204 205 resource "aws_iam_user" "user_three" { 206 name = "test-user-three-%s" 207 } 208 209 resource "aws_iam_group_membership" "team" { 210 name = "tf-testing-group-membership-%s" 211 users = [ 212 "${aws_iam_user.user_three.name}", 213 ] 214 group = "${aws_iam_group.group.name}" 215 } 216 ` 217 218 const testAccAWSGroupMemberConfigPaginatedUserList = ` 219 resource "aws_iam_group" "group" { 220 name = "test-paginated-group" 221 } 222 223 resource "aws_iam_group_membership" "team" { 224 name = "tf-testing-paginated-group-membership" 225 users = ["${aws_iam_user.user.*.name}"] 226 group = "${aws_iam_group.group.name}" 227 } 228 229 resource "aws_iam_user" "user" { 230 count = 101 231 name = "${format("paged-test-user-%d", count.index + 1)}" 232 } 233 `