github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_opsworks_stack_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/hashicorp/terraform/helper/acctest" 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 11 "github.com/aws/aws-sdk-go/aws" 12 "github.com/aws/aws-sdk-go/aws/awserr" 13 "github.com/aws/aws-sdk-go/service/opsworks" 14 ) 15 16 /////////////////////////////// 17 //// Tests for the No-VPC case 18 /////////////////////////////// 19 20 func TestAccAWSOpsworksStackNoVpc(t *testing.T) { 21 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 22 var opsstack opsworks.Stack 23 resource.Test(t, resource.TestCase{ 24 PreCheck: func() { testAccPreCheck(t) }, 25 Providers: testAccProviders, 26 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 27 Steps: []resource.TestStep{ 28 { 29 Config: testAccAwsOpsworksStackConfigNoVpcCreate(stackName), 30 Check: resource.ComposeTestCheckFunc( 31 testAccCheckAWSOpsworksStackExists( 32 "aws_opsworks_stack.tf-acc", false, &opsstack), 33 testAccCheckAWSOpsworksCreateStackAttributes( 34 &opsstack, "us-east-1a", stackName), 35 testAccAwsOpsworksStackCheckResourceAttrsCreate( 36 "us-east-1a", stackName), 37 ), 38 }, 39 }, 40 }) 41 } 42 43 func TestAccAWSOpsworksStackNoVpcChangeServiceRoleForceNew(t *testing.T) { 44 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 45 var before, after opsworks.Stack 46 resource.Test(t, resource.TestCase{ 47 PreCheck: func() { testAccPreCheck(t) }, 48 Providers: testAccProviders, 49 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 50 Steps: []resource.TestStep{ 51 { 52 Config: testAccAwsOpsworksStackConfigNoVpcCreate(stackName), 53 Check: resource.ComposeTestCheckFunc( 54 testAccCheckAWSOpsworksStackExists( 55 "aws_opsworks_stack.tf-acc", false, &before), 56 ), 57 }, 58 { 59 Config: testAccAwsOpsworksStackConfigNoVpcCreateUpdateServiceRole(stackName), 60 Check: resource.ComposeTestCheckFunc( 61 testAccCheckAWSOpsworksStackExists( 62 "aws_opsworks_stack.tf-acc", false, &after), 63 testAccCheckAWSOpsworksStackRecreated(t, &before, &after), 64 ), 65 }, 66 }, 67 }) 68 } 69 70 func TestAccAWSOpsworksStackVpc(t *testing.T) { 71 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 72 var opsstack opsworks.Stack 73 resource.Test(t, resource.TestCase{ 74 PreCheck: func() { testAccPreCheck(t) }, 75 Providers: testAccProviders, 76 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 77 Steps: []resource.TestStep{ 78 { 79 Config: testAccAwsOpsworksStackConfigVpcCreate(stackName), 80 Check: resource.ComposeTestCheckFunc( 81 testAccCheckAWSOpsworksStackExists( 82 "aws_opsworks_stack.tf-acc", true, &opsstack), 83 testAccCheckAWSOpsworksCreateStackAttributes( 84 &opsstack, "us-west-2a", stackName), 85 testAccAwsOpsworksStackCheckResourceAttrsCreate( 86 "us-west-2a", stackName), 87 ), 88 }, 89 { 90 Config: testAccAWSOpsworksStackConfigVpcUpdate(stackName), 91 Check: resource.ComposeTestCheckFunc( 92 testAccCheckAWSOpsworksStackExists( 93 "aws_opsworks_stack.tf-acc", true, &opsstack), 94 testAccCheckAWSOpsworksUpdateStackAttributes( 95 &opsstack, "us-west-2a", stackName), 96 testAccAwsOpsworksStackCheckResourceAttrsUpdate( 97 "us-west-2a", stackName), 98 ), 99 }, 100 }, 101 }) 102 } 103 104 // Tests the addition of regional endpoints and supporting the classic link used 105 // to create Stack's prior to v0.9.0. 106 // See https://github.com/hashicorp/terraform/issues/12842 107 func TestAccAWSOpsWorksStack_classic_endpoints(t *testing.T) { 108 stackName := fmt.Sprintf("tf-opsworks-acc-%d", acctest.RandInt()) 109 rInt := acctest.RandInt() 110 var opsstack opsworks.Stack 111 resource.Test(t, resource.TestCase{ 112 PreCheck: func() { testAccPreCheck(t) }, 113 Providers: testAccProviders, 114 CheckDestroy: testAccCheckAwsOpsworksStackDestroy, 115 Steps: []resource.TestStep{ 116 { 117 Config: testAccAwsOpsWorksStack_classic_endpoint(stackName, rInt), 118 Check: resource.ComposeTestCheckFunc( 119 testAccCheckAWSOpsworksStackExists( 120 "aws_opsworks_stack.main", false, &opsstack), 121 ), 122 }, 123 // Ensure that changing to us-west-2 region results in no plan 124 { 125 Config: testAccAwsOpsWorksStack_regional_endpoint(stackName, rInt), 126 PlanOnly: true, 127 }, 128 }, 129 }) 130 131 } 132 133 func testAccCheckAWSOpsworksStackRecreated(t *testing.T, 134 before, after *opsworks.Stack) resource.TestCheckFunc { 135 return func(s *terraform.State) error { 136 if *before.StackId == *after.StackId { 137 t.Fatalf("Expected change of Opsworks StackIds, but both were %v", before.StackId) 138 } 139 return nil 140 } 141 } 142 143 func testAccAwsOpsWorksStack_classic_endpoint(rName string, rInt int) string { 144 return fmt.Sprintf(` 145 provider "aws" { 146 region = "us-east-1" 147 } 148 149 resource "aws_opsworks_stack" "main" { 150 name = "%s" 151 region = "us-west-2" 152 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 153 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 154 155 configuration_manager_version = "12" 156 default_availability_zone = "us-west-2b" 157 } 158 159 resource "aws_iam_role" "opsworks_service" { 160 name = "tf_opsworks_service_%d" 161 162 assume_role_policy = <<EOT 163 { 164 "Version": "2008-10-17", 165 "Statement": [ 166 { 167 "Sid": "", 168 "Effect": "Allow", 169 "Principal": { 170 "Service": "opsworks.amazonaws.com" 171 }, 172 "Action": "sts:AssumeRole" 173 } 174 ] 175 } 176 EOT 177 } 178 179 resource "aws_iam_role_policy" "opsworks_service" { 180 name = "tf_opsworks_service_%d" 181 role = "${aws_iam_role.opsworks_service.id}" 182 183 policy = <<EOT 184 { 185 "Statement": [ 186 { 187 "Action": [ 188 "ec2:*", 189 "iam:PassRole", 190 "cloudwatch:GetMetricStatistics", 191 "elasticloadbalancing:*", 192 "rds:*" 193 ], 194 "Effect": "Allow", 195 "Resource": ["*"] 196 } 197 ] 198 } 199 EOT 200 } 201 202 resource "aws_iam_role" "opsworks_instance" { 203 name = "tf_opsworks_instance_%d" 204 205 assume_role_policy = <<EOT 206 { 207 "Version": "2008-10-17", 208 "Statement": [ 209 { 210 "Sid": "", 211 "Effect": "Allow", 212 "Principal": { 213 "Service": "ec2.amazonaws.com" 214 }, 215 "Action": "sts:AssumeRole" 216 } 217 ] 218 } 219 EOT 220 } 221 222 resource "aws_iam_instance_profile" "opsworks_instance" { 223 name = "%s_profile" 224 roles = ["${aws_iam_role.opsworks_instance.name}"] 225 }`, rName, rInt, rInt, rInt, rName) 226 } 227 228 func testAccAwsOpsWorksStack_regional_endpoint(rName string, rInt int) string { 229 return fmt.Sprintf(` 230 provider "aws" { 231 region = "us-west-2" 232 } 233 234 resource "aws_opsworks_stack" "main" { 235 name = "%s" 236 region = "us-west-2" 237 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 238 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 239 240 configuration_manager_version = "12" 241 default_availability_zone = "us-west-2b" 242 } 243 244 resource "aws_iam_role" "opsworks_service" { 245 name = "tf_opsworks_service_%d" 246 247 assume_role_policy = <<EOT 248 { 249 "Version": "2008-10-17", 250 "Statement": [ 251 { 252 "Sid": "", 253 "Effect": "Allow", 254 "Principal": { 255 "Service": "opsworks.amazonaws.com" 256 }, 257 "Action": "sts:AssumeRole" 258 } 259 ] 260 } 261 EOT 262 } 263 264 resource "aws_iam_role_policy" "opsworks_service" { 265 name = "tf_opsworks_service_%d" 266 role = "${aws_iam_role.opsworks_service.id}" 267 268 policy = <<EOT 269 { 270 "Statement": [ 271 { 272 "Action": [ 273 "ec2:*", 274 "iam:PassRole", 275 "cloudwatch:GetMetricStatistics", 276 "elasticloadbalancing:*", 277 "rds:*" 278 ], 279 "Effect": "Allow", 280 "Resource": ["*"] 281 } 282 ] 283 } 284 EOT 285 } 286 287 resource "aws_iam_role" "opsworks_instance" { 288 name = "tf_opsworks_instance_%d" 289 290 assume_role_policy = <<EOT 291 { 292 "Version": "2008-10-17", 293 "Statement": [ 294 { 295 "Sid": "", 296 "Effect": "Allow", 297 "Principal": { 298 "Service": "ec2.amazonaws.com" 299 }, 300 "Action": "sts:AssumeRole" 301 } 302 ] 303 } 304 EOT 305 } 306 307 resource "aws_iam_instance_profile" "opsworks_instance" { 308 name = "%s_profile" 309 roles = ["${aws_iam_role.opsworks_instance.name}"] 310 }`, rName, rInt, rInt, rInt, rName) 311 } 312 313 //////////////////////////// 314 //// Checkers and Utilities 315 //////////////////////////// 316 317 func testAccAwsOpsworksStackCheckResourceAttrsCreate(zone, stackName string) resource.TestCheckFunc { 318 return resource.ComposeTestCheckFunc( 319 resource.TestCheckResourceAttr( 320 "aws_opsworks_stack.tf-acc", 321 "name", 322 stackName, 323 ), 324 resource.TestCheckResourceAttr( 325 "aws_opsworks_stack.tf-acc", 326 "default_availability_zone", 327 zone, 328 ), 329 resource.TestCheckResourceAttr( 330 "aws_opsworks_stack.tf-acc", 331 "default_os", 332 "Amazon Linux 2016.09", 333 ), 334 resource.TestCheckResourceAttr( 335 "aws_opsworks_stack.tf-acc", 336 "default_root_device_type", 337 "ebs", 338 ), 339 resource.TestCheckResourceAttr( 340 "aws_opsworks_stack.tf-acc", 341 "custom_json", 342 `{"key": "value"}`, 343 ), 344 resource.TestCheckResourceAttr( 345 "aws_opsworks_stack.tf-acc", 346 "configuration_manager_version", 347 "11.10", 348 ), 349 resource.TestCheckResourceAttr( 350 "aws_opsworks_stack.tf-acc", 351 "use_opsworks_security_groups", 352 "false", 353 ), 354 ) 355 } 356 357 func testAccAwsOpsworksStackCheckResourceAttrsUpdate(zone, stackName string) resource.TestCheckFunc { 358 return resource.ComposeTestCheckFunc( 359 resource.TestCheckResourceAttr( 360 "aws_opsworks_stack.tf-acc", 361 "name", 362 stackName, 363 ), 364 resource.TestCheckResourceAttr( 365 "aws_opsworks_stack.tf-acc", 366 "default_availability_zone", 367 zone, 368 ), 369 resource.TestCheckResourceAttr( 370 "aws_opsworks_stack.tf-acc", 371 "default_os", 372 "Amazon Linux 2015.09", 373 ), 374 resource.TestCheckResourceAttr( 375 "aws_opsworks_stack.tf-acc", 376 "default_root_device_type", 377 "ebs", 378 ), 379 resource.TestCheckResourceAttr( 380 "aws_opsworks_stack.tf-acc", 381 "custom_json", 382 `{"key": "value"}`, 383 ), 384 resource.TestCheckResourceAttr( 385 "aws_opsworks_stack.tf-acc", 386 "configuration_manager_version", 387 "11.10", 388 ), 389 resource.TestCheckResourceAttr( 390 "aws_opsworks_stack.tf-acc", 391 "use_opsworks_security_groups", 392 "false", 393 ), 394 resource.TestCheckResourceAttr( 395 "aws_opsworks_stack.tf-acc", 396 "use_custom_cookbooks", 397 "true", 398 ), 399 resource.TestCheckResourceAttr( 400 "aws_opsworks_stack.tf-acc", 401 "manage_berkshelf", 402 "true", 403 ), 404 resource.TestCheckResourceAttr( 405 "aws_opsworks_stack.tf-acc", 406 "custom_cookbooks_source.0.type", 407 "git", 408 ), 409 resource.TestCheckResourceAttr( 410 "aws_opsworks_stack.tf-acc", 411 "custom_cookbooks_source.0.revision", 412 "master", 413 ), 414 resource.TestCheckResourceAttr( 415 "aws_opsworks_stack.tf-acc", 416 "custom_cookbooks_source.0.url", 417 "https://github.com/aws/opsworks-example-cookbooks.git", 418 ), 419 ) 420 } 421 422 func testAccCheckAWSOpsworksStackExists( 423 n string, vpc bool, opsstack *opsworks.Stack) resource.TestCheckFunc { 424 return func(s *terraform.State) error { 425 rs, ok := s.RootModule().Resources[n] 426 if !ok { 427 return fmt.Errorf("Not found: %s", n) 428 } 429 430 if rs.Primary.ID == "" { 431 return fmt.Errorf("No ID is set") 432 } 433 434 conn := testAccProvider.Meta().(*AWSClient).opsworksconn 435 436 params := &opsworks.DescribeStacksInput{ 437 StackIds: []*string{aws.String(rs.Primary.ID)}, 438 } 439 resp, err := conn.DescribeStacks(params) 440 441 if err != nil { 442 return err 443 } 444 445 if v := len(resp.Stacks); v != 1 { 446 return fmt.Errorf("Expected 1 response returned, got %d", v) 447 } 448 449 *opsstack = *resp.Stacks[0] 450 451 if vpc { 452 if rs.Primary.Attributes["vpc_id"] != *opsstack.VpcId { 453 return fmt.Errorf("VPCID Got %s, expected %s", *opsstack.VpcId, rs.Primary.Attributes["vpc_id"]) 454 } 455 if rs.Primary.Attributes["default_subnet_id"] != *opsstack.DefaultSubnetId { 456 return fmt.Errorf("Default subnet Id Got %s, expected %s", *opsstack.DefaultSubnetId, rs.Primary.Attributes["default_subnet_id"]) 457 } 458 } 459 460 return nil 461 } 462 } 463 464 func testAccCheckAWSOpsworksCreateStackAttributes( 465 opsstack *opsworks.Stack, zone, stackName string) resource.TestCheckFunc { 466 return func(s *terraform.State) error { 467 if *opsstack.Name != stackName { 468 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.Name) 469 } 470 471 if *opsstack.DefaultAvailabilityZone != zone { 472 return fmt.Errorf("Unnexpected DefaultAvailabilityZone: %s", *opsstack.DefaultAvailabilityZone) 473 } 474 475 if *opsstack.DefaultOs != "Amazon Linux 2016.09" { 476 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.DefaultOs) 477 } 478 479 if *opsstack.DefaultRootDeviceType != "ebs" { 480 return fmt.Errorf("Unnexpected DefaultRootDeviceType: %s", *opsstack.DefaultRootDeviceType) 481 } 482 483 if *opsstack.CustomJson != `{"key": "value"}` { 484 return fmt.Errorf("Unnexpected CustomJson: %s", *opsstack.CustomJson) 485 } 486 487 if *opsstack.ConfigurationManager.Version != "11.10" { 488 return fmt.Errorf("Unnexpected Version: %s", *opsstack.ConfigurationManager.Version) 489 } 490 491 if *opsstack.UseOpsworksSecurityGroups { 492 return fmt.Errorf("Unnexpected UseOpsworksSecurityGroups: %t", *opsstack.UseOpsworksSecurityGroups) 493 } 494 495 return nil 496 } 497 } 498 499 func testAccCheckAWSOpsworksUpdateStackAttributes( 500 opsstack *opsworks.Stack, zone, stackName string) resource.TestCheckFunc { 501 return func(s *terraform.State) error { 502 if *opsstack.Name != stackName { 503 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.Name) 504 } 505 506 if *opsstack.DefaultAvailabilityZone != zone { 507 return fmt.Errorf("Unnexpected DefaultAvailabilityZone: %s", *opsstack.DefaultAvailabilityZone) 508 } 509 510 if *opsstack.DefaultOs != "Amazon Linux 2015.09" { 511 return fmt.Errorf("Unnexpected stackName: %s", *opsstack.DefaultOs) 512 } 513 514 if *opsstack.DefaultRootDeviceType != "ebs" { 515 return fmt.Errorf("Unnexpected DefaultRootDeviceType: %s", *opsstack.DefaultRootDeviceType) 516 } 517 518 if *opsstack.CustomJson != `{"key": "value"}` { 519 return fmt.Errorf("Unnexpected CustomJson: %s", *opsstack.CustomJson) 520 } 521 522 if *opsstack.ConfigurationManager.Version != "11.10" { 523 return fmt.Errorf("Unnexpected Version: %s", *opsstack.ConfigurationManager.Version) 524 } 525 526 if !*opsstack.UseCustomCookbooks { 527 return fmt.Errorf("Unnexpected UseCustomCookbooks: %t", *opsstack.UseCustomCookbooks) 528 } 529 530 if !*opsstack.ChefConfiguration.ManageBerkshelf { 531 return fmt.Errorf("Unnexpected ManageBerkshelf: %t", *opsstack.ChefConfiguration.ManageBerkshelf) 532 } 533 534 if *opsstack.CustomCookbooksSource.Type != "git" { 535 return fmt.Errorf("Unnexpected *opsstack.CustomCookbooksSource.Type: %s", *opsstack.CustomCookbooksSource.Type) 536 } 537 538 if *opsstack.CustomCookbooksSource.Revision != "master" { 539 return fmt.Errorf("Unnexpected *opsstack.CustomCookbooksSource.Type: %s", *opsstack.CustomCookbooksSource.Revision) 540 } 541 542 if *opsstack.CustomCookbooksSource.Url != "https://github.com/aws/opsworks-example-cookbooks.git" { 543 return fmt.Errorf("Unnexpected *opsstack.CustomCookbooksSource.Type: %s", *opsstack.CustomCookbooksSource.Url) 544 } 545 546 return nil 547 } 548 } 549 550 func testAccCheckAwsOpsworksStackDestroy(s *terraform.State) error { 551 opsworksconn := testAccProvider.Meta().(*AWSClient).opsworksconn 552 for _, rs := range s.RootModule().Resources { 553 if rs.Type != "aws_opsworks_stack" { 554 continue 555 } 556 557 req := &opsworks.DescribeStacksInput{ 558 StackIds: []*string{ 559 aws.String(rs.Primary.ID), 560 }, 561 } 562 563 _, err := opsworksconn.DescribeStacks(req) 564 if err != nil { 565 if awserr, ok := err.(awserr.Error); ok { 566 if awserr.Code() == "ResourceNotFoundException" { 567 // not found, all good 568 return nil 569 } 570 } 571 return err 572 } 573 } 574 return fmt.Errorf("Fall through error for OpsWorks stack test") 575 } 576 577 ////////////////////////////////////////////////// 578 //// Helper configs for the necessary IAM objects 579 ////////////////////////////////////////////////// 580 581 func testAccAwsOpsworksStackConfigNoVpcCreate(name string) string { 582 return fmt.Sprintf(` 583 provider "aws" { 584 region = "us-east-1" 585 } 586 resource "aws_opsworks_stack" "tf-acc" { 587 name = "%s" 588 region = "us-east-1" 589 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 590 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 591 default_availability_zone = "us-east-1a" 592 default_os = "Amazon Linux 2016.09" 593 default_root_device_type = "ebs" 594 custom_json = "{\"key\": \"value\"}" 595 configuration_manager_version = "11.10" 596 use_opsworks_security_groups = false 597 } 598 599 resource "aws_iam_role" "opsworks_service" { 600 name = "%s_opsworks_service" 601 assume_role_policy = <<EOT 602 { 603 "Version": "2008-10-17", 604 "Statement": [ 605 { 606 "Sid": "", 607 "Effect": "Allow", 608 "Principal": { 609 "Service": "opsworks.amazonaws.com" 610 }, 611 "Action": "sts:AssumeRole" 612 } 613 ] 614 } 615 EOT 616 } 617 618 resource "aws_iam_role_policy" "opsworks_service" { 619 name = "%s_opsworks_service" 620 role = "${aws_iam_role.opsworks_service.id}" 621 policy = <<EOT 622 { 623 "Statement": [ 624 { 625 "Action": [ 626 "ec2:*", 627 "iam:PassRole", 628 "cloudwatch:GetMetricStatistics", 629 "elasticloadbalancing:*", 630 "rds:*" 631 ], 632 "Effect": "Allow", 633 "Resource": ["*"] 634 } 635 ] 636 } 637 EOT 638 } 639 640 resource "aws_iam_role" "opsworks_instance" { 641 name = "%s_opsworks_instance" 642 assume_role_policy = <<EOT 643 { 644 "Version": "2008-10-17", 645 "Statement": [ 646 { 647 "Sid": "", 648 "Effect": "Allow", 649 "Principal": { 650 "Service": "ec2.amazonaws.com" 651 }, 652 "Action": "sts:AssumeRole" 653 } 654 ] 655 } 656 EOT 657 } 658 659 resource "aws_iam_instance_profile" "opsworks_instance" { 660 name = "%s_opsworks_instance" 661 roles = ["${aws_iam_role.opsworks_instance.name}"] 662 }`, name, name, name, name, name) 663 } 664 665 func testAccAwsOpsworksStackConfigNoVpcCreateUpdateServiceRole(name string) string { 666 return fmt.Sprintf(` 667 provider "aws" { 668 region = "us-east-1" 669 } 670 resource "aws_opsworks_stack" "tf-acc" { 671 name = "%s" 672 region = "us-east-1" 673 service_role_arn = "${aws_iam_role.opsworks_service_new.arn}" 674 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 675 default_availability_zone = "us-east-1a" 676 default_os = "Amazon Linux 2016.09" 677 default_root_device_type = "ebs" 678 custom_json = "{\"key\": \"value\"}" 679 configuration_manager_version = "11.10" 680 use_opsworks_security_groups = false 681 } 682 683 resource "aws_iam_role" "opsworks_service" { 684 name = "%s_opsworks_service" 685 assume_role_policy = <<EOT 686 { 687 "Version": "2008-10-17", 688 "Statement": [ 689 { 690 "Sid": "", 691 "Effect": "Allow", 692 "Principal": { 693 "Service": "opsworks.amazonaws.com" 694 }, 695 "Action": "sts:AssumeRole" 696 } 697 ] 698 } 699 EOT 700 } 701 702 resource "aws_iam_role" "opsworks_service_new" { 703 name = "%s_opsworks_service_new" 704 assume_role_policy = <<EOT 705 { 706 "Version": "2008-10-17", 707 "Statement": [ 708 { 709 "Sid": "", 710 "Effect": "Allow", 711 "Principal": { 712 "Service": "opsworks.amazonaws.com" 713 }, 714 "Action": "sts:AssumeRole" 715 } 716 ] 717 } 718 EOT 719 } 720 721 resource "aws_iam_role_policy" "opsworks_service_new" { 722 name = "%s_opsworks_service_new" 723 role = "${aws_iam_role.opsworks_service_new.id}" 724 policy = <<EOT 725 { 726 "Statement": [ 727 { 728 "Action": [ 729 "ec2:*", 730 "iam:PassRole", 731 "cloudwatch:*", 732 "elasticloadbalancing:*", 733 "rds:*" 734 ], 735 "Effect": "Allow", 736 "Resource": ["*"] 737 } 738 ] 739 } 740 EOT 741 } 742 743 resource "aws_iam_role_policy" "opsworks_service" { 744 name = "%s_opsworks_service" 745 role = "${aws_iam_role.opsworks_service.id}" 746 policy = <<EOT 747 { 748 "Statement": [ 749 { 750 "Action": [ 751 "ec2:*", 752 "iam:PassRole", 753 "cloudwatch:GetMetricStatistics", 754 "elasticloadbalancing:*", 755 "rds:*" 756 ], 757 "Effect": "Allow", 758 "Resource": ["*"] 759 } 760 ] 761 } 762 EOT 763 } 764 765 resource "aws_iam_role" "opsworks_instance" { 766 name = "%s_opsworks_instance" 767 assume_role_policy = <<EOT 768 { 769 "Version": "2008-10-17", 770 "Statement": [ 771 { 772 "Sid": "", 773 "Effect": "Allow", 774 "Principal": { 775 "Service": "ec2.amazonaws.com" 776 }, 777 "Action": "sts:AssumeRole" 778 } 779 ] 780 } 781 EOT 782 } 783 784 resource "aws_iam_instance_profile" "opsworks_instance" { 785 name = "%s_opsworks_instance" 786 roles = ["${aws_iam_role.opsworks_instance.name}"] 787 }`, name, name, name, name, name, name, name) 788 } 789 790 //////////////////////////// 791 //// Tests for the VPC case 792 //////////////////////////// 793 794 func testAccAwsOpsworksStackConfigVpcCreate(name string) string { 795 return fmt.Sprintf(` 796 resource "aws_vpc" "tf-acc" { 797 cidr_block = "10.3.5.0/24" 798 } 799 resource "aws_subnet" "tf-acc" { 800 vpc_id = "${aws_vpc.tf-acc.id}" 801 cidr_block = "${aws_vpc.tf-acc.cidr_block}" 802 availability_zone = "us-west-2a" 803 } 804 resource "aws_opsworks_stack" "tf-acc" { 805 name = "%s" 806 region = "us-west-2" 807 vpc_id = "${aws_vpc.tf-acc.id}" 808 default_subnet_id = "${aws_subnet.tf-acc.id}" 809 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 810 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 811 default_os = "Amazon Linux 2016.09" 812 default_root_device_type = "ebs" 813 custom_json = "{\"key\": \"value\"}" 814 configuration_manager_version = "11.10" 815 use_opsworks_security_groups = false 816 } 817 818 resource "aws_iam_role" "opsworks_service" { 819 name = "%s_opsworks_service" 820 assume_role_policy = <<EOT 821 { 822 "Version": "2008-10-17", 823 "Statement": [ 824 { 825 "Sid": "", 826 "Effect": "Allow", 827 "Principal": { 828 "Service": "opsworks.amazonaws.com" 829 }, 830 "Action": "sts:AssumeRole" 831 } 832 ] 833 } 834 EOT 835 } 836 837 resource "aws_iam_role_policy" "opsworks_service" { 838 name = "%s_opsworks_service" 839 role = "${aws_iam_role.opsworks_service.id}" 840 policy = <<EOT 841 { 842 "Statement": [ 843 { 844 "Action": [ 845 "ec2:*", 846 "iam:PassRole", 847 "cloudwatch:GetMetricStatistics", 848 "elasticloadbalancing:*", 849 "rds:*" 850 ], 851 "Effect": "Allow", 852 "Resource": ["*"] 853 } 854 ] 855 } 856 EOT 857 } 858 859 resource "aws_iam_role" "opsworks_instance" { 860 name = "%s_opsworks_instance" 861 assume_role_policy = <<EOT 862 { 863 "Version": "2008-10-17", 864 "Statement": [ 865 { 866 "Sid": "", 867 "Effect": "Allow", 868 "Principal": { 869 "Service": "ec2.amazonaws.com" 870 }, 871 "Action": "sts:AssumeRole" 872 } 873 ] 874 } 875 EOT 876 } 877 878 resource "aws_iam_instance_profile" "opsworks_instance" { 879 name = "%s_opsworks_instance" 880 roles = ["${aws_iam_role.opsworks_instance.name}"] 881 } 882 `, name, name, name, name, name) 883 } 884 885 func testAccAWSOpsworksStackConfigVpcUpdate(name string) string { 886 return fmt.Sprintf(` 887 resource "aws_vpc" "tf-acc" { 888 cidr_block = "10.3.5.0/24" 889 } 890 resource "aws_subnet" "tf-acc" { 891 vpc_id = "${aws_vpc.tf-acc.id}" 892 cidr_block = "${aws_vpc.tf-acc.cidr_block}" 893 availability_zone = "us-west-2a" 894 } 895 resource "aws_opsworks_stack" "tf-acc" { 896 name = "%s" 897 region = "us-west-2" 898 vpc_id = "${aws_vpc.tf-acc.id}" 899 default_subnet_id = "${aws_subnet.tf-acc.id}" 900 service_role_arn = "${aws_iam_role.opsworks_service.arn}" 901 default_instance_profile_arn = "${aws_iam_instance_profile.opsworks_instance.arn}" 902 default_os = "Amazon Linux 2015.09" 903 default_root_device_type = "ebs" 904 custom_json = "{\"key\": \"value\"}" 905 configuration_manager_version = "11.10" 906 use_opsworks_security_groups = false 907 use_custom_cookbooks = true 908 manage_berkshelf = true 909 custom_cookbooks_source { 910 type = "git" 911 revision = "master" 912 url = "https://github.com/aws/opsworks-example-cookbooks.git" 913 } 914 } 915 916 resource "aws_iam_role" "opsworks_service" { 917 name = "%s_opsworks_service" 918 assume_role_policy = <<EOT 919 { 920 "Version": "2008-10-17", 921 "Statement": [ 922 { 923 "Sid": "", 924 "Effect": "Allow", 925 "Principal": { 926 "Service": "opsworks.amazonaws.com" 927 }, 928 "Action": "sts:AssumeRole" 929 } 930 ] 931 } 932 EOT 933 } 934 935 resource "aws_iam_role_policy" "opsworks_service" { 936 name = "%s_opsworks_service" 937 role = "${aws_iam_role.opsworks_service.id}" 938 policy = <<EOT 939 { 940 "Statement": [ 941 { 942 "Action": [ 943 "ec2:*", 944 "iam:PassRole", 945 "cloudwatch:GetMetricStatistics", 946 "elasticloadbalancing:*", 947 "rds:*" 948 ], 949 "Effect": "Allow", 950 "Resource": ["*"] 951 } 952 ] 953 } 954 EOT 955 } 956 957 resource "aws_iam_role" "opsworks_instance" { 958 name = "%s_opsworks_instance" 959 assume_role_policy = <<EOT 960 { 961 "Version": "2008-10-17", 962 "Statement": [ 963 { 964 "Sid": "", 965 "Effect": "Allow", 966 "Principal": { 967 "Service": "ec2.amazonaws.com" 968 }, 969 "Action": "sts:AssumeRole" 970 } 971 ] 972 } 973 EOT 974 } 975 976 resource "aws_iam_instance_profile" "opsworks_instance" { 977 name = "%s_opsworks_instance" 978 roles = ["${aws_iam_role.opsworks_instance.name}"] 979 } 980 981 `, name, name, name, name, name) 982 }