github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_user_policy_attachment_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSUserPolicyAttachment_basic(t *testing.T) { 16 var out iam.ListAttachedUserPoliciesOutput 17 rName := acctest.RandString(10) 18 policyName1 := fmt.Sprintf("test-policy-%s", acctest.RandString(10)) 19 policyName2 := fmt.Sprintf("test-policy-%s", acctest.RandString(10)) 20 policyName3 := fmt.Sprintf("test-policy-%s", acctest.RandString(10)) 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckAWSUserPolicyAttachmentDestroy, 26 Steps: []resource.TestStep{ 27 { 28 Config: testAccAWSUserPolicyAttachConfig(rName, policyName1), 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckAWSUserPolicyAttachmentExists("aws_iam_user_policy_attachment.test-attach", 1, &out), 31 testAccCheckAWSUserPolicyAttachmentAttributes([]string{policyName1}, &out), 32 ), 33 }, 34 { 35 Config: testAccAWSUserPolicyAttachConfigUpdate(rName, policyName1, policyName2, policyName3), 36 Check: resource.ComposeTestCheckFunc( 37 testAccCheckAWSUserPolicyAttachmentExists("aws_iam_user_policy_attachment.test-attach", 2, &out), 38 testAccCheckAWSUserPolicyAttachmentAttributes([]string{policyName2, policyName3}, &out), 39 ), 40 }, 41 }, 42 }) 43 } 44 func testAccCheckAWSUserPolicyAttachmentDestroy(s *terraform.State) error { 45 return nil 46 } 47 48 func testAccCheckAWSUserPolicyAttachmentExists(n string, c int, out *iam.ListAttachedUserPoliciesOutput) resource.TestCheckFunc { 49 return func(s *terraform.State) error { 50 rs, ok := s.RootModule().Resources[n] 51 if !ok { 52 return fmt.Errorf("Not found: %s", n) 53 } 54 55 if rs.Primary.ID == "" { 56 return fmt.Errorf("No policy name is set") 57 } 58 59 conn := testAccProvider.Meta().(*AWSClient).iamconn 60 user := rs.Primary.Attributes["user"] 61 62 attachedPolicies, err := conn.ListAttachedUserPolicies(&iam.ListAttachedUserPoliciesInput{ 63 UserName: aws.String(user), 64 }) 65 if err != nil { 66 return fmt.Errorf("Error: Failed to get attached policies for user %s (%s)", user, n) 67 } 68 if c != len(attachedPolicies.AttachedPolicies) { 69 return fmt.Errorf("Error: User (%s) has wrong number of policies attached on initial creation", n) 70 } 71 72 *out = *attachedPolicies 73 return nil 74 } 75 } 76 func testAccCheckAWSUserPolicyAttachmentAttributes(policies []string, out *iam.ListAttachedUserPoliciesOutput) resource.TestCheckFunc { 77 return func(s *terraform.State) error { 78 matched := 0 79 80 for _, p := range policies { 81 for _, ap := range out.AttachedPolicies { 82 // *ap.PolicyArn like arn:aws:iam::111111111111:policy/test-policy 83 parts := strings.Split(*ap.PolicyArn, "/") 84 if len(parts) == 2 && p == parts[1] { 85 matched++ 86 } 87 } 88 } 89 if matched != len(policies) || matched != len(out.AttachedPolicies) { 90 return fmt.Errorf("Error: Number of attached policies was incorrect: expected %d matched policies, matched %d of %d", len(policies), matched, len(out.AttachedPolicies)) 91 } 92 return nil 93 } 94 } 95 96 func testAccAWSUserPolicyAttachConfig(rName, policyName string) string { 97 return fmt.Sprintf(` 98 resource "aws_iam_user" "user" { 99 name = "test-user-%s" 100 } 101 102 resource "aws_iam_policy" "policy" { 103 name = "%s" 104 description = "A test policy" 105 policy = <<EOF 106 { 107 "Version": "2012-10-17", 108 "Statement": [ 109 { 110 "Action": [ 111 "iam:ChangePassword" 112 ], 113 "Resource": "*", 114 "Effect": "Allow" 115 } 116 ] 117 } 118 EOF 119 } 120 121 resource "aws_iam_user_policy_attachment" "test-attach" { 122 user = "${aws_iam_user.user.name}" 123 policy_arn = "${aws_iam_policy.policy.arn}" 124 }`, rName, policyName) 125 } 126 127 func testAccAWSUserPolicyAttachConfigUpdate(rName, policyName1, policyName2, policyName3 string) string { 128 return fmt.Sprintf(` 129 resource "aws_iam_user" "user" { 130 name = "test-user-%s" 131 } 132 133 resource "aws_iam_policy" "policy" { 134 name = "%s" 135 description = "A test policy" 136 policy = <<EOF 137 { 138 "Version": "2012-10-17", 139 "Statement": [ 140 { 141 "Action": [ 142 "iam:ChangePassword" 143 ], 144 "Resource": "*", 145 "Effect": "Allow" 146 } 147 ] 148 } 149 EOF 150 } 151 152 resource "aws_iam_policy" "policy2" { 153 name = "%s" 154 description = "A test policy" 155 policy = <<EOF 156 { 157 "Version": "2012-10-17", 158 "Statement": [ 159 { 160 "Action": [ 161 "iam:ChangePassword" 162 ], 163 "Resource": "*", 164 "Effect": "Allow" 165 } 166 ] 167 } 168 EOF 169 } 170 171 resource "aws_iam_policy" "policy3" { 172 name = "%s" 173 description = "A test policy" 174 policy = <<EOF 175 { 176 "Version": "2012-10-17", 177 "Statement": [ 178 { 179 "Action": [ 180 "iam:ChangePassword" 181 ], 182 "Resource": "*", 183 "Effect": "Allow" 184 } 185 ] 186 } 187 EOF 188 } 189 190 resource "aws_iam_user_policy_attachment" "test-attach" { 191 user = "${aws_iam_user.user.name}" 192 policy_arn = "${aws_iam_policy.policy2.arn}" 193 } 194 195 resource "aws_iam_user_policy_attachment" "test-attach2" { 196 user = "${aws_iam_user.user.name}" 197 policy_arn = "${aws_iam_policy.policy3.arn}" 198 }`, rName, policyName1, policyName2, policyName3) 199 }