github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_user_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSIAMUserPolicy_basic(t *testing.T) { 16 rInt := acctest.RandInt() 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckIAMUserPolicyDestroy, 22 Steps: []resource.TestStep{ 23 { 24 Config: testAccIAMUserPolicyConfig(rInt), 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckIAMUserPolicy( 27 "aws_iam_user.user", 28 "aws_iam_user_policy.foo", 29 ), 30 ), 31 }, 32 { 33 Config: testAccIAMUserPolicyConfigUpdate(rInt), 34 Check: resource.ComposeTestCheckFunc( 35 testAccCheckIAMUserPolicy( 36 "aws_iam_user.user", 37 "aws_iam_user_policy.bar", 38 ), 39 ), 40 }, 41 }, 42 }) 43 } 44 45 func TestAccAWSIAMUserPolicy_namePrefix(t *testing.T) { 46 rInt := acctest.RandInt() 47 48 resource.Test(t, resource.TestCase{ 49 PreCheck: func() { testAccPreCheck(t) }, 50 IDRefreshName: "aws_iam_user_policy.test", 51 Providers: testAccProviders, 52 CheckDestroy: testAccCheckIAMUserPolicyDestroy, 53 Steps: []resource.TestStep{ 54 { 55 Config: testAccIAMUserPolicyConfig_namePrefix(rInt), 56 Check: resource.ComposeTestCheckFunc( 57 testAccCheckIAMUserPolicy( 58 "aws_iam_user.test", 59 "aws_iam_user_policy.test", 60 ), 61 ), 62 }, 63 }, 64 }) 65 } 66 67 func TestAccAWSIAMUserPolicy_generatedName(t *testing.T) { 68 rInt := acctest.RandInt() 69 70 resource.Test(t, resource.TestCase{ 71 PreCheck: func() { testAccPreCheck(t) }, 72 IDRefreshName: "aws_iam_user_policy.test", 73 Providers: testAccProviders, 74 CheckDestroy: testAccCheckIAMUserPolicyDestroy, 75 Steps: []resource.TestStep{ 76 { 77 Config: testAccIAMUserPolicyConfig_generatedName(rInt), 78 Check: resource.ComposeTestCheckFunc( 79 testAccCheckIAMUserPolicy( 80 "aws_iam_user.test", 81 "aws_iam_user_policy.test", 82 ), 83 ), 84 }, 85 }, 86 }) 87 } 88 89 func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error { 90 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 91 92 for _, rs := range s.RootModule().Resources { 93 if rs.Type != "aws_iam_user_policy" { 94 continue 95 } 96 97 role, name := resourceAwsIamUserPolicyParseId(rs.Primary.ID) 98 99 request := &iam.GetRolePolicyInput{ 100 PolicyName: aws.String(name), 101 RoleName: aws.String(role), 102 } 103 104 var err error 105 getResp, err := iamconn.GetRolePolicy(request) 106 if err != nil { 107 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 108 // none found, that's good 109 return nil 110 } 111 return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) 112 } 113 114 if getResp != nil { 115 return fmt.Errorf("Found IAM Role, expected none: %s", getResp) 116 } 117 } 118 119 return nil 120 } 121 122 func testAccCheckIAMUserPolicy( 123 iamUserResource string, 124 iamUserPolicyResource string) resource.TestCheckFunc { 125 return func(s *terraform.State) error { 126 rs, ok := s.RootModule().Resources[iamUserResource] 127 if !ok { 128 return fmt.Errorf("Not Found: %s", iamUserResource) 129 } 130 131 if rs.Primary.ID == "" { 132 return fmt.Errorf("No ID is set") 133 } 134 135 policy, ok := s.RootModule().Resources[iamUserPolicyResource] 136 if !ok { 137 return fmt.Errorf("Not Found: %s", iamUserPolicyResource) 138 } 139 140 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 141 username, name := resourceAwsIamUserPolicyParseId(policy.Primary.ID) 142 _, err := iamconn.GetUserPolicy(&iam.GetUserPolicyInput{ 143 UserName: aws.String(username), 144 PolicyName: aws.String(name), 145 }) 146 147 if err != nil { 148 return err 149 } 150 151 return nil 152 } 153 } 154 155 func testAccIAMUserPolicyConfig(rInt int) string { 156 return fmt.Sprintf(` 157 resource "aws_iam_user" "user" { 158 name = "test_user_%d" 159 path = "/" 160 } 161 162 resource "aws_iam_user_policy" "foo" { 163 name = "foo_policy_%d" 164 user = "${aws_iam_user.user.name}" 165 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 166 }`, rInt, rInt) 167 } 168 169 func testAccIAMUserPolicyConfig_namePrefix(rInt int) string { 170 return fmt.Sprintf(` 171 resource "aws_iam_user" "test" { 172 name = "test_user_%d" 173 path = "/" 174 } 175 176 resource "aws_iam_user_policy" "test" { 177 name_prefix = "test-%d" 178 user = "${aws_iam_user.test.name}" 179 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 180 }`, rInt, rInt) 181 } 182 183 func testAccIAMUserPolicyConfig_generatedName(rInt int) string { 184 return fmt.Sprintf(` 185 resource "aws_iam_user" "test" { 186 name = "test_user_%d" 187 path = "/" 188 } 189 190 resource "aws_iam_user_policy" "test" { 191 user = "${aws_iam_user.test.name}" 192 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 193 }`, rInt) 194 } 195 196 func testAccIAMUserPolicyConfigUpdate(rInt int) string { 197 return fmt.Sprintf(` 198 resource "aws_iam_user" "user" { 199 name = "test_user_%d" 200 path = "/" 201 } 202 203 resource "aws_iam_user_policy" "foo" { 204 name = "foo_policy_%d" 205 user = "${aws_iam_user.user.name}" 206 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 207 } 208 209 resource "aws_iam_user_policy" "bar" { 210 name = "bar_policy_%d" 211 user = "${aws_iam_user.user.name}" 212 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 213 }`, rInt, rInt, rInt) 214 }