github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_group_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSIAMGroupPolicy_basic(t *testing.T) { 16 rInt := acctest.RandInt() 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckIAMGroupPolicyDestroy, 21 Steps: []resource.TestStep{ 22 { 23 Config: testAccIAMGroupPolicyConfig(rInt), 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckIAMGroupPolicy( 26 "aws_iam_group.group", 27 "aws_iam_group_policy.foo", 28 ), 29 ), 30 }, 31 { 32 Config: testAccIAMGroupPolicyConfigUpdate(rInt), 33 Check: resource.ComposeTestCheckFunc( 34 testAccCheckIAMGroupPolicy( 35 "aws_iam_group.group", 36 "aws_iam_group_policy.bar", 37 ), 38 ), 39 }, 40 }, 41 }) 42 } 43 44 func TestAccAWSIAMGroupPolicy_namePrefix(t *testing.T) { 45 rInt := acctest.RandInt() 46 resource.Test(t, resource.TestCase{ 47 PreCheck: func() { testAccPreCheck(t) }, 48 IDRefreshName: "aws_iam_group_policy.test", 49 Providers: testAccProviders, 50 CheckDestroy: testAccCheckIAMGroupPolicyDestroy, 51 Steps: []resource.TestStep{ 52 { 53 Config: testAccIAMGroupPolicyConfig_namePrefix(rInt), 54 Check: resource.ComposeTestCheckFunc( 55 testAccCheckIAMGroupPolicy( 56 "aws_iam_group.test", 57 "aws_iam_group_policy.test", 58 ), 59 ), 60 }, 61 }, 62 }) 63 } 64 65 func TestAccAWSIAMGroupPolicy_generatedName(t *testing.T) { 66 rInt := acctest.RandInt() 67 resource.Test(t, resource.TestCase{ 68 PreCheck: func() { testAccPreCheck(t) }, 69 IDRefreshName: "aws_iam_group_policy.test", 70 Providers: testAccProviders, 71 CheckDestroy: testAccCheckIAMGroupPolicyDestroy, 72 Steps: []resource.TestStep{ 73 { 74 Config: testAccIAMGroupPolicyConfig_generatedName(rInt), 75 Check: resource.ComposeTestCheckFunc( 76 testAccCheckIAMGroupPolicy( 77 "aws_iam_group.test", 78 "aws_iam_group_policy.test", 79 ), 80 ), 81 }, 82 }, 83 }) 84 } 85 86 func testAccCheckIAMGroupPolicyDestroy(s *terraform.State) error { 87 conn := testAccProvider.Meta().(*AWSClient).iamconn 88 89 for _, rs := range s.RootModule().Resources { 90 if rs.Type != "aws_iam_group_policy" { 91 continue 92 } 93 94 group, name := resourceAwsIamGroupPolicyParseId(rs.Primary.ID) 95 96 request := &iam.GetGroupPolicyInput{ 97 PolicyName: aws.String(name), 98 GroupName: aws.String(group), 99 } 100 101 _, err := conn.GetGroupPolicy(request) 102 if err != nil { 103 // Verify the error is what we want 104 if ae, ok := err.(awserr.Error); ok && ae.Code() == "NoSuchEntity" { 105 continue 106 } 107 return err 108 } 109 110 return fmt.Errorf("still exists") 111 } 112 113 return nil 114 } 115 116 func testAccCheckIAMGroupPolicy( 117 iamGroupResource string, 118 iamGroupPolicyResource string) resource.TestCheckFunc { 119 return func(s *terraform.State) error { 120 rs, ok := s.RootModule().Resources[iamGroupResource] 121 if !ok { 122 return fmt.Errorf("Not Found: %s", iamGroupResource) 123 } 124 125 if rs.Primary.ID == "" { 126 return fmt.Errorf("No ID is set") 127 } 128 129 policy, ok := s.RootModule().Resources[iamGroupPolicyResource] 130 if !ok { 131 return fmt.Errorf("Not Found: %s", iamGroupPolicyResource) 132 } 133 134 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 135 group, name := resourceAwsIamGroupPolicyParseId(policy.Primary.ID) 136 _, err := iamconn.GetGroupPolicy(&iam.GetGroupPolicyInput{ 137 GroupName: aws.String(group), 138 PolicyName: aws.String(name), 139 }) 140 141 if err != nil { 142 return err 143 } 144 145 return nil 146 } 147 } 148 149 func testAccIAMGroupPolicyConfig(rInt int) string { 150 return fmt.Sprintf(` 151 resource "aws_iam_group" "group" { 152 name = "test_group_%d" 153 path = "/" 154 } 155 156 resource "aws_iam_group_policy" "foo" { 157 name = "foo_policy_%d" 158 group = "${aws_iam_group.group.name}" 159 policy = <<EOF 160 { 161 "Version": "2012-10-17", 162 "Statement": { 163 "Effect": "Allow", 164 "Action": "*", 165 "Resource": "*" 166 } 167 } 168 EOF 169 }`, rInt, rInt) 170 } 171 172 func testAccIAMGroupPolicyConfig_namePrefix(rInt int) string { 173 return fmt.Sprintf(` 174 resource "aws_iam_group" "test" { 175 name = "test_group_%d" 176 path = "/" 177 } 178 179 resource "aws_iam_group_policy" "test" { 180 name_prefix = "test-%d" 181 group = "${aws_iam_group.test.name}" 182 policy = <<EOF 183 { 184 "Version": "2012-10-17", 185 "Statement": { 186 "Effect": "Allow", 187 "Action": "*", 188 "Resource": "*" 189 } 190 } 191 EOF 192 }`, rInt, rInt) 193 } 194 195 func testAccIAMGroupPolicyConfig_generatedName(rInt int) string { 196 return fmt.Sprintf(` 197 resource "aws_iam_group" "test" { 198 name = "test_group_%d" 199 path = "/" 200 } 201 202 resource "aws_iam_group_policy" "test" { 203 group = "${aws_iam_group.test.name}" 204 policy = <<EOF 205 { 206 "Version": "2012-10-17", 207 "Statement": { 208 "Effect": "Allow", 209 "Action": "*", 210 "Resource": "*" 211 } 212 } 213 EOF 214 }`, rInt) 215 } 216 217 func testAccIAMGroupPolicyConfigUpdate(rInt int) string { 218 return fmt.Sprintf(` 219 resource "aws_iam_group" "group" { 220 name = "test_group_%d" 221 path = "/" 222 } 223 224 resource "aws_iam_group_policy" "foo" { 225 name = "foo_policy_%d" 226 group = "${aws_iam_group.group.name}" 227 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 228 } 229 230 resource "aws_iam_group_policy" "bar" { 231 name = "bar_policy_%d" 232 group = "${aws_iam_group.group.name}" 233 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 234 }`, rInt, rInt, rInt) 235 }