github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_group_policy_attachment_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSIamGroupPolicyAttachment_basic(t *testing.T) { 15 var out iam.ListAttachedGroupPoliciesOutput 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckAWSGroupPolicyAttachmentDestroy, 21 Steps: []resource.TestStep{ 22 resource.TestStep{ 23 Config: testAccAWSGroupPolicyAttachConfig, 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckAWSGroupPolicyAttachmentExists("aws_iam_group_policy_attachment.test-attach", 1, &out), 26 testAccCheckAWSGroupPolicyAttachmentAttributes([]string{"test-policy"}, &out), 27 ), 28 }, 29 resource.TestStep{ 30 Config: testAccAWSGroupPolicyAttachConfigUpdate, 31 Check: resource.ComposeTestCheckFunc( 32 testAccCheckAWSGroupPolicyAttachmentExists("aws_iam_group_policy_attachment.test-attach", 2, &out), 33 testAccCheckAWSGroupPolicyAttachmentAttributes([]string{"test-policy2", "test-policy3"}, &out), 34 ), 35 }, 36 }, 37 }) 38 } 39 func testAccCheckAWSGroupPolicyAttachmentDestroy(s *terraform.State) error { 40 return nil 41 } 42 43 func testAccCheckAWSGroupPolicyAttachmentExists(n string, c int, out *iam.ListAttachedGroupPoliciesOutput) resource.TestCheckFunc { 44 return func(s *terraform.State) error { 45 rs, ok := s.RootModule().Resources[n] 46 if !ok { 47 return fmt.Errorf("Not found: %s", n) 48 } 49 50 if rs.Primary.ID == "" { 51 return fmt.Errorf("No policy name is set") 52 } 53 54 conn := testAccProvider.Meta().(*AWSClient).iamconn 55 group := rs.Primary.Attributes["group"] 56 57 attachedPolicies, err := conn.ListAttachedGroupPolicies(&iam.ListAttachedGroupPoliciesInput{ 58 GroupName: aws.String(group), 59 }) 60 if err != nil { 61 return fmt.Errorf("Error: Failed to get attached policies for group %s (%s)", group, n) 62 } 63 if c != len(attachedPolicies.AttachedPolicies) { 64 return fmt.Errorf("Error: Group (%s) has wrong number of policies attached on initial creation", n) 65 } 66 67 *out = *attachedPolicies 68 return nil 69 } 70 } 71 func testAccCheckAWSGroupPolicyAttachmentAttributes(policies []string, out *iam.ListAttachedGroupPoliciesOutput) resource.TestCheckFunc { 72 return func(s *terraform.State) error { 73 matched := 0 74 75 for _, p := range policies { 76 for _, ap := range out.AttachedPolicies { 77 // *ap.PolicyArn like arn:aws:iam::111111111111:policy/test-policy 78 parts := strings.Split(*ap.PolicyArn, "/") 79 if len(parts) == 2 && p == parts[1] { 80 matched++ 81 } 82 } 83 } 84 if matched != len(policies) || matched != len(out.AttachedPolicies) { 85 return fmt.Errorf("Error: Number of attached policies was incorrect: expected %d matched policies, matched %d of %d", len(policies), matched, len(out.AttachedPolicies)) 86 } 87 return nil 88 } 89 } 90 91 const testAccAWSGroupPolicyAttachConfig = ` 92 resource "aws_iam_group" "group" { 93 name = "test-group" 94 } 95 96 resource "aws_iam_policy" "policy" { 97 name = "test-policy" 98 description = "A test policy" 99 policy = <<EOF 100 { 101 "Version": "2012-10-17", 102 "Statement": [ 103 { 104 "Action": [ 105 "iam:ChangePassword" 106 ], 107 "Resource": "*", 108 "Effect": "Allow" 109 } 110 ] 111 } 112 EOF 113 } 114 115 resource "aws_iam_group_policy_attachment" "test-attach" { 116 group = "${aws_iam_group.group.name}" 117 policy_arn = "${aws_iam_policy.policy.arn}" 118 } 119 ` 120 121 const testAccAWSGroupPolicyAttachConfigUpdate = ` 122 resource "aws_iam_group" "group" { 123 name = "test-group" 124 } 125 126 resource "aws_iam_policy" "policy" { 127 name = "test-policy" 128 description = "A test policy" 129 policy = <<EOF 130 { 131 "Version": "2012-10-17", 132 "Statement": [ 133 { 134 "Action": [ 135 "iam:ChangePassword" 136 ], 137 "Resource": "*", 138 "Effect": "Allow" 139 } 140 ] 141 } 142 EOF 143 } 144 145 resource "aws_iam_policy" "policy2" { 146 name = "test-policy2" 147 description = "A test policy" 148 policy = <<EOF 149 { 150 "Version": "2012-10-17", 151 "Statement": [ 152 { 153 "Action": [ 154 "iam:ChangePassword" 155 ], 156 "Resource": "*", 157 "Effect": "Allow" 158 } 159 ] 160 } 161 EOF 162 } 163 164 resource "aws_iam_policy" "policy3" { 165 name = "test-policy3" 166 description = "A test policy" 167 policy = <<EOF 168 { 169 "Version": "2012-10-17", 170 "Statement": [ 171 { 172 "Action": [ 173 "iam:ChangePassword" 174 ], 175 "Resource": "*", 176 "Effect": "Allow" 177 } 178 ] 179 } 180 EOF 181 } 182 183 resource "aws_iam_group_policy_attachment" "test-attach" { 184 group = "${aws_iam_group.group.name}" 185 policy_arn = "${aws_iam_policy.policy2.arn}" 186 } 187 188 resource "aws_iam_group_policy_attachment" "test-attach2" { 189 group = "${aws_iam_group.group.name}" 190 policy_arn = "${aws_iam_policy.policy3.arn}" 191 } 192 `