github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSRolePolicyAttachment_basic(t *testing.T) { 16 var out iam.ListAttachedRolePoliciesOutput 17 rInt := acctest.RandInt() 18 testPolicy := fmt.Sprintf("tf-acctest-%d", rInt) 19 testPolicy2 := fmt.Sprintf("tf-acctest2-%d", rInt) 20 testPolicy3 := fmt.Sprintf("tf-acctest3-%d", rInt) 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckAWSRolePolicyAttachmentDestroy, 26 Steps: []resource.TestStep{ 27 { 28 Config: testAccAWSRolePolicyAttachConfig(rInt), 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckAWSRolePolicyAttachmentExists("aws_iam_role_policy_attachment.test-attach", 1, &out), 31 testAccCheckAWSRolePolicyAttachmentAttributes([]string{testPolicy}, &out), 32 ), 33 }, 34 { 35 Config: testAccAWSRolePolicyAttachConfigUpdate(rInt), 36 Check: resource.ComposeTestCheckFunc( 37 testAccCheckAWSRolePolicyAttachmentExists("aws_iam_role_policy_attachment.test-attach", 2, &out), 38 testAccCheckAWSRolePolicyAttachmentAttributes([]string{testPolicy2, testPolicy3}, &out), 39 ), 40 }, 41 }, 42 }) 43 } 44 func testAccCheckAWSRolePolicyAttachmentDestroy(s *terraform.State) error { 45 return nil 46 } 47 48 func testAccCheckAWSRolePolicyAttachmentExists(n string, c int, out *iam.ListAttachedRolePoliciesOutput) resource.TestCheckFunc { 49 return func(s *terraform.State) error { 50 rs, ok := s.RootModule().Resources[n] 51 if !ok { 52 return fmt.Errorf("Not found: %s", n) 53 } 54 55 if rs.Primary.ID == "" { 56 return fmt.Errorf("No policy name is set") 57 } 58 59 conn := testAccProvider.Meta().(*AWSClient).iamconn 60 role := rs.Primary.Attributes["role"] 61 62 attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{ 63 RoleName: aws.String(role), 64 }) 65 if err != nil { 66 return fmt.Errorf("Error: Failed to get attached policies for role %s (%s)", role, n) 67 } 68 if c != len(attachedPolicies.AttachedPolicies) { 69 return fmt.Errorf("Error: Role (%s) has wrong number of policies attached on initial creation", n) 70 } 71 72 *out = *attachedPolicies 73 return nil 74 } 75 } 76 func testAccCheckAWSRolePolicyAttachmentAttributes(policies []string, out *iam.ListAttachedRolePoliciesOutput) resource.TestCheckFunc { 77 return func(s *terraform.State) error { 78 matched := 0 79 80 for _, p := range policies { 81 for _, ap := range out.AttachedPolicies { 82 // *ap.PolicyArn like arn:aws:iam::111111111111:policy/test-policy 83 parts := strings.Split(*ap.PolicyArn, "/") 84 if len(parts) == 2 && p == parts[1] { 85 matched++ 86 } 87 } 88 } 89 if matched != len(policies) || matched != len(out.AttachedPolicies) { 90 return fmt.Errorf("Error: Number of attached policies was incorrect: expected %d matched policies, matched %d of %d", len(policies), matched, len(out.AttachedPolicies)) 91 } 92 return nil 93 } 94 } 95 96 func testAccAWSRolePolicyAttachConfig(rInt int) string { 97 return fmt.Sprintf(` 98 resource "aws_iam_role" "role" { 99 name = "test-role-%d" 100 assume_role_policy = <<EOF 101 { 102 "Version": "2012-10-17", 103 "Statement": [ 104 { 105 "Action": "sts:AssumeRole", 106 "Principal": { 107 "Service": "ec2.amazonaws.com" 108 }, 109 "Effect": "Allow", 110 "Sid": "" 111 } 112 ] 113 } 114 EOF 115 } 116 117 resource "aws_iam_policy" "policy" { 118 name = "tf-acctest-%d" 119 description = "A test policy" 120 policy = <<EOF 121 { 122 "Version": "2012-10-17", 123 "Statement": [ 124 { 125 "Action": [ 126 "iam:ChangePassword" 127 ], 128 "Resource": "*", 129 "Effect": "Allow" 130 } 131 ] 132 } 133 EOF 134 } 135 136 resource "aws_iam_role_policy_attachment" "test-attach" { 137 role = "${aws_iam_role.role.name}" 138 policy_arn = "${aws_iam_policy.policy.arn}" 139 }`, rInt, rInt) 140 } 141 142 func testAccAWSRolePolicyAttachConfigUpdate(rInt int) string { 143 return fmt.Sprintf(` 144 resource "aws_iam_role" "role" { 145 name = "test-role-%d" 146 assume_role_policy = <<EOF 147 { 148 "Version": "2012-10-17", 149 "Statement": [ 150 { 151 "Action": "sts:AssumeRole", 152 "Principal": { 153 "Service": "ec2.amazonaws.com" 154 }, 155 "Effect": "Allow", 156 "Sid": "" 157 } 158 ] 159 } 160 EOF 161 } 162 163 resource "aws_iam_policy" "policy" { 164 name = "tf-acctest-%d" 165 description = "A test policy" 166 policy = <<EOF 167 { 168 "Version": "2012-10-17", 169 "Statement": [ 170 { 171 "Action": [ 172 "iam:ChangePassword" 173 ], 174 "Resource": "*", 175 "Effect": "Allow" 176 } 177 ] 178 } 179 EOF 180 } 181 182 resource "aws_iam_policy" "policy2" { 183 name = "tf-acctest2-%d" 184 description = "A test policy" 185 policy = <<EOF 186 { 187 "Version": "2012-10-17", 188 "Statement": [ 189 { 190 "Action": [ 191 "iam:ChangePassword" 192 ], 193 "Resource": "*", 194 "Effect": "Allow" 195 } 196 ] 197 } 198 EOF 199 } 200 201 resource "aws_iam_policy" "policy3" { 202 name = "tf-acctest3-%d" 203 description = "A test policy" 204 policy = <<EOF 205 { 206 "Version": "2012-10-17", 207 "Statement": [ 208 { 209 "Action": [ 210 "iam:ChangePassword" 211 ], 212 "Resource": "*", 213 "Effect": "Allow" 214 } 215 ] 216 } 217 EOF 218 } 219 220 resource "aws_iam_role_policy_attachment" "test-attach" { 221 role = "${aws_iam_role.role.name}" 222 policy_arn = "${aws_iam_policy.policy2.arn}" 223 } 224 225 resource "aws_iam_role_policy_attachment" "test-attach2" { 226 role = "${aws_iam_role.role.name}" 227 policy_arn = "${aws_iam_policy.policy3.arn}" 228 }`, rInt, rInt, rInt, rInt) 229 }