github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_vpc_endpoint_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"strconv"
     6  	"strings"
     7  	"testing"
     8  
     9  	"github.com/aws/aws-sdk-go/aws"
    10  	"github.com/aws/aws-sdk-go/aws/awserr"
    11  	"github.com/aws/aws-sdk-go/service/ec2"
    12  
    13  	"github.com/hashicorp/terraform/helper/resource"
    14  	"github.com/hashicorp/terraform/terraform"
    15  )
    16  
    17  func TestAccAWSVpcEndpoint_basic(t *testing.T) {
    18  	var endpoint ec2.VpcEndpoint
    19  
    20  	resource.Test(t, resource.TestCase{
    21  		PreCheck:      func() { testAccPreCheck(t) },
    22  		IDRefreshName: "aws_vpc_endpoint.second-private-s3",
    23  		Providers:     testAccProviders,
    24  		CheckDestroy:  testAccCheckVpcEndpointDestroy,
    25  		Steps: []resource.TestStep{
    26  			resource.TestStep{
    27  				Config: testAccVpcEndpointWithRouteTableAndPolicyConfig,
    28  				Check: resource.ComposeTestCheckFunc(
    29  					testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint),
    30  					testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"),
    31  				),
    32  			},
    33  		},
    34  	})
    35  }
    36  
    37  func TestAccAWSVpcEndpoint_withRouteTableAndPolicy(t *testing.T) {
    38  	var endpoint ec2.VpcEndpoint
    39  	var routeTable ec2.RouteTable
    40  
    41  	resource.Test(t, resource.TestCase{
    42  		PreCheck:      func() { testAccPreCheck(t) },
    43  		IDRefreshName: "aws_vpc_endpoint.second-private-s3",
    44  		Providers:     testAccProviders,
    45  		CheckDestroy:  testAccCheckVpcEndpointDestroy,
    46  		Steps: []resource.TestStep{
    47  			resource.TestStep{
    48  				Config: testAccVpcEndpointWithRouteTableAndPolicyConfig,
    49  				Check: resource.ComposeTestCheckFunc(
    50  					testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint),
    51  					testAccCheckRouteTableExists("aws_route_table.default", &routeTable),
    52  				),
    53  			},
    54  			resource.TestStep{
    55  				Config: testAccVpcEndpointWithRouteTableAndPolicyConfigModified,
    56  				Check: resource.ComposeTestCheckFunc(
    57  					testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint),
    58  					testAccCheckRouteTableExists("aws_route_table.default", &routeTable),
    59  				),
    60  			},
    61  		},
    62  	})
    63  }
    64  
    65  func TestAccAWSVpcEndpoint_WithoutRouteTableOrPolicyConfig(t *testing.T) {
    66  	var endpoint ec2.VpcEndpoint
    67  
    68  	resource.Test(t, resource.TestCase{
    69  		PreCheck:      func() { testAccPreCheck(t) },
    70  		IDRefreshName: "aws_vpc_endpoint.second-private-s3",
    71  		Providers:     testAccProviders,
    72  		CheckDestroy:  testAccCheckVpcEndpointDestroy,
    73  		Steps: []resource.TestStep{
    74  			resource.TestStep{
    75  				Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig,
    76  				Check: resource.ComposeTestCheckFunc(
    77  					testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint),
    78  					testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"),
    79  				),
    80  			},
    81  		},
    82  	})
    83  }
    84  
    85  func TestAccAWSVpcEndpoint_removed(t *testing.T) {
    86  	var endpoint ec2.VpcEndpoint
    87  
    88  	// reach out and DELETE the VPC Endpoint outside of Terraform
    89  	testDestroy := func(*terraform.State) error {
    90  		conn := testAccProvider.Meta().(*AWSClient).ec2conn
    91  		input := &ec2.DeleteVpcEndpointsInput{
    92  			VpcEndpointIds: []*string{endpoint.VpcEndpointId},
    93  		}
    94  
    95  		_, err := conn.DeleteVpcEndpoints(input)
    96  		if err != nil {
    97  			return err
    98  		}
    99  		return nil
   100  	}
   101  
   102  	resource.Test(t, resource.TestCase{
   103  		PreCheck:     func() { testAccPreCheck(t) },
   104  		Providers:    testAccProviders,
   105  		CheckDestroy: testAccCheckVpcEndpointDestroy,
   106  		Steps: []resource.TestStep{
   107  			resource.TestStep{
   108  				Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig,
   109  				Check: resource.ComposeTestCheckFunc(
   110  					testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint),
   111  					testDestroy,
   112  				),
   113  				ExpectNonEmptyPlan: true,
   114  			},
   115  		},
   116  	})
   117  }
   118  
   119  func testAccCheckVpcEndpointDestroy(s *terraform.State) error {
   120  	conn := testAccProvider.Meta().(*AWSClient).ec2conn
   121  
   122  	for _, rs := range s.RootModule().Resources {
   123  		if rs.Type != "aws_vpc_endpoint" {
   124  			continue
   125  		}
   126  
   127  		// Try to find the VPC
   128  		input := &ec2.DescribeVpcEndpointsInput{
   129  			VpcEndpointIds: []*string{aws.String(rs.Primary.ID)},
   130  		}
   131  		resp, err := conn.DescribeVpcEndpoints(input)
   132  		if err != nil {
   133  			// Verify the error is what we want
   134  			if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidVpcEndpointId.NotFound" {
   135  				continue
   136  			}
   137  			return err
   138  		}
   139  		if len(resp.VpcEndpoints) > 0 {
   140  			return fmt.Errorf("VPC Endpoints still exist.")
   141  		}
   142  
   143  		return err
   144  	}
   145  
   146  	return nil
   147  }
   148  
   149  func testAccCheckVpcEndpointExists(n string, endpoint *ec2.VpcEndpoint) resource.TestCheckFunc {
   150  	return func(s *terraform.State) error {
   151  		rs, ok := s.RootModule().Resources[n]
   152  		if !ok {
   153  			return fmt.Errorf("Not found: %s", n)
   154  		}
   155  
   156  		if rs.Primary.ID == "" {
   157  			return fmt.Errorf("No VPC Endpoint ID is set")
   158  		}
   159  
   160  		conn := testAccProvider.Meta().(*AWSClient).ec2conn
   161  		input := &ec2.DescribeVpcEndpointsInput{
   162  			VpcEndpointIds: []*string{aws.String(rs.Primary.ID)},
   163  		}
   164  		resp, err := conn.DescribeVpcEndpoints(input)
   165  		if err != nil {
   166  			return err
   167  		}
   168  		if len(resp.VpcEndpoints) == 0 {
   169  			return fmt.Errorf("VPC Endpoint not found")
   170  		}
   171  
   172  		*endpoint = *resp.VpcEndpoints[0]
   173  
   174  		return nil
   175  	}
   176  }
   177  
   178  func testAccCheckVpcEndpointPrefixListAvailable(n string) resource.TestCheckFunc {
   179  	return func(s *terraform.State) error {
   180  		rs, ok := s.RootModule().Resources[n]
   181  		if !ok {
   182  			return fmt.Errorf("Not found: %s", n)
   183  		}
   184  
   185  		prefixListID := rs.Primary.Attributes["prefix_list_id"]
   186  		if prefixListID == "" {
   187  			return fmt.Errorf("Prefix list ID not available")
   188  		}
   189  		if !strings.HasPrefix(prefixListID, "pl") {
   190  			return fmt.Errorf("Prefix list ID does not appear to be a valid value: '%s'", prefixListID)
   191  		}
   192  
   193  		var (
   194  			cidrBlockSize int
   195  			err           error
   196  		)
   197  
   198  		if cidrBlockSize, err = strconv.Atoi(rs.Primary.Attributes["cidr_blocks.#"]); err != nil {
   199  			return err
   200  		}
   201  		if cidrBlockSize < 1 {
   202  			return fmt.Errorf("cidr_blocks seem suspiciously low: %d", cidrBlockSize)
   203  		}
   204  
   205  		return nil
   206  	}
   207  }
   208  
   209  const testAccVpcEndpointWithRouteTableAndPolicyConfig = `
   210  resource "aws_vpc" "foo" {
   211      cidr_block = "10.0.0.0/16"
   212  }
   213  
   214  resource "aws_subnet" "foo" {
   215  	vpc_id = "${aws_vpc.foo.id}"
   216      cidr_block = "10.0.1.0/24"
   217  }
   218  
   219  resource "aws_vpc_endpoint" "second-private-s3" {
   220      vpc_id = "${aws_vpc.foo.id}"
   221      service_name = "com.amazonaws.us-west-2.s3"
   222      route_table_ids = ["${aws_route_table.default.id}"]
   223      policy = <<POLICY
   224  {
   225  	"Version": "2012-10-17",
   226  	"Statement": [
   227  		{
   228  			"Sid":"AllowAll",
   229  			"Effect":"Allow",
   230  			"Principal":"*",
   231  			"Action":"*",
   232  			"Resource":"*"
   233  		}
   234  	]
   235  }
   236  POLICY
   237  }
   238  
   239  resource "aws_route_table" "default" {
   240      vpc_id = "${aws_vpc.foo.id}"
   241  }
   242  
   243  resource "aws_route_table_association" "main" {
   244      subnet_id = "${aws_subnet.foo.id}"
   245      route_table_id = "${aws_route_table.default.id}"
   246  }
   247  `
   248  
   249  const testAccVpcEndpointWithRouteTableAndPolicyConfigModified = `
   250  resource "aws_vpc" "foo" {
   251      cidr_block = "10.0.0.0/16"
   252  }
   253  
   254  resource "aws_subnet" "foo" {
   255  	vpc_id = "${aws_vpc.foo.id}"
   256      cidr_block = "10.0.1.0/24"
   257  }
   258  
   259  resource "aws_vpc_endpoint" "second-private-s3" {
   260      vpc_id = "${aws_vpc.foo.id}"
   261      service_name = "com.amazonaws.us-west-2.s3"
   262      route_table_ids = ["${aws_route_table.default.id}"]
   263      policy = <<POLICY
   264  {
   265  	"Version": "2012-10-17",
   266  	"Statement": [
   267  		{
   268  			"Sid":"AllowAll",
   269  			"Effect":"Allow",
   270  			"Principal":"*",
   271  			"Action":"*",
   272  			"Resource":"*"
   273  		}
   274  	]
   275  }
   276  POLICY
   277  }
   278  
   279  resource "aws_internet_gateway" "gw" {
   280      vpc_id = "${aws_vpc.foo.id}"
   281  }
   282  
   283  resource "aws_route_table" "default" {
   284      vpc_id = "${aws_vpc.foo.id}"
   285  
   286      route {
   287          cidr_block = "0.0.0.0/0"
   288          gateway_id = "${aws_internet_gateway.gw.id}"
   289      }
   290  }
   291  
   292  resource "aws_route_table_association" "main" {
   293      subnet_id = "${aws_subnet.foo.id}"
   294      route_table_id = "${aws_route_table.default.id}"
   295  }
   296  `
   297  
   298  const testAccVpcEndpointWithoutRouteTableOrPolicyConfig = `
   299  resource "aws_vpc" "foo" {
   300      cidr_block = "10.0.0.0/16"
   301  }
   302  
   303  resource "aws_vpc_endpoint" "second-private-s3" {
   304      vpc_id = "${aws_vpc.foo.id}"
   305      service_name = "com.amazonaws.us-west-2.s3"
   306  }
   307  `