github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_vpn_connection_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 12 "github.com/hashicorp/terraform/helper/acctest" 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/terraform" 15 ) 16 17 func TestAccAWSVpnConnection_basic(t *testing.T) { 18 rInt := acctest.RandInt() 19 rBgpAsn := acctest.RandIntRange(64512, 65534) 20 var vpn ec2.VpnConnection 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 IDRefreshName: "aws_vpn_connection.foo", 25 Providers: testAccProviders, 26 CheckDestroy: testAccAwsVpnConnectionDestroy, 27 Steps: []resource.TestStep{ 28 { 29 Config: testAccAwsVpnConnectionConfig(rBgpAsn), 30 Check: resource.ComposeTestCheckFunc( 31 testAccAwsVpnConnection( 32 "aws_vpc.vpc", 33 "aws_vpn_gateway.vpn_gateway", 34 "aws_customer_gateway.customer_gateway", 35 "aws_vpn_connection.foo", 36 &vpn, 37 ), 38 ), 39 }, 40 { 41 Config: testAccAwsVpnConnectionConfigUpdate(rInt, rBgpAsn), 42 Check: resource.ComposeTestCheckFunc( 43 testAccAwsVpnConnection( 44 "aws_vpc.vpc", 45 "aws_vpn_gateway.vpn_gateway", 46 "aws_customer_gateway.customer_gateway", 47 "aws_vpn_connection.foo", 48 &vpn, 49 ), 50 ), 51 }, 52 }, 53 }) 54 } 55 56 func TestAccAWSVpnConnection_withoutStaticRoutes(t *testing.T) { 57 rInt := acctest.RandInt() 58 rBgpAsn := acctest.RandIntRange(64512, 65534) 59 var vpn ec2.VpnConnection 60 resource.Test(t, resource.TestCase{ 61 PreCheck: func() { testAccPreCheck(t) }, 62 IDRefreshName: "aws_vpn_connection.foo", 63 Providers: testAccProviders, 64 CheckDestroy: testAccAwsVpnConnectionDestroy, 65 Steps: []resource.TestStep{ 66 { 67 Config: testAccAwsVpnConnectionConfigUpdate(rInt, rBgpAsn), 68 Check: resource.ComposeTestCheckFunc( 69 testAccAwsVpnConnection( 70 "aws_vpc.vpc", 71 "aws_vpn_gateway.vpn_gateway", 72 "aws_customer_gateway.customer_gateway", 73 "aws_vpn_connection.foo", 74 &vpn, 75 ), 76 resource.TestCheckResourceAttr("aws_vpn_connection.foo", "static_routes_only", "false"), 77 ), 78 }, 79 }, 80 }) 81 } 82 83 func TestAccAWSVpnConnection_disappears(t *testing.T) { 84 rBgpAsn := acctest.RandIntRange(64512, 65534) 85 var vpn ec2.VpnConnection 86 87 resource.Test(t, resource.TestCase{ 88 PreCheck: func() { testAccPreCheck(t) }, 89 Providers: testAccProviders, 90 CheckDestroy: testAccAwsVpnConnectionDestroy, 91 Steps: []resource.TestStep{ 92 { 93 Config: testAccAwsVpnConnectionConfig(rBgpAsn), 94 Check: resource.ComposeTestCheckFunc( 95 testAccAwsVpnConnection( 96 "aws_vpc.vpc", 97 "aws_vpn_gateway.vpn_gateway", 98 "aws_customer_gateway.customer_gateway", 99 "aws_vpn_connection.foo", 100 &vpn, 101 ), 102 testAccAWSVpnConnectionDisappears(&vpn), 103 ), 104 ExpectNonEmptyPlan: true, 105 }, 106 }, 107 }) 108 } 109 110 func testAccAWSVpnConnectionDisappears(connection *ec2.VpnConnection) resource.TestCheckFunc { 111 return func(s *terraform.State) error { 112 conn := testAccProvider.Meta().(*AWSClient).ec2conn 113 114 _, err := conn.DeleteVpnConnection(&ec2.DeleteVpnConnectionInput{ 115 VpnConnectionId: connection.VpnConnectionId, 116 }) 117 if err != nil { 118 if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnConnectionID.NotFound" { 119 return nil 120 } 121 if err != nil { 122 return err 123 } 124 } 125 126 return resource.Retry(40*time.Minute, func() *resource.RetryError { 127 opts := &ec2.DescribeVpnConnectionsInput{ 128 VpnConnectionIds: []*string{connection.VpnConnectionId}, 129 } 130 resp, err := conn.DescribeVpnConnections(opts) 131 if err != nil { 132 cgw, ok := err.(awserr.Error) 133 if ok && cgw.Code() == "InvalidVpnConnectionID.NotFound" { 134 return nil 135 } 136 if ok && cgw.Code() == "IncorrectState" { 137 return resource.RetryableError(fmt.Errorf( 138 "Waiting for VPN Connection to be in the correct state: %v", connection.VpnConnectionId)) 139 } 140 return resource.NonRetryableError( 141 fmt.Errorf("Error retrieving VPN Connection: %s", err)) 142 } 143 if *resp.VpnConnections[0].State == "deleted" { 144 return nil 145 } 146 return resource.RetryableError(fmt.Errorf( 147 "Waiting for VPN Connection: %v", connection.VpnConnectionId)) 148 }) 149 } 150 } 151 152 func testAccAwsVpnConnectionDestroy(s *terraform.State) error { 153 conn := testAccProvider.Meta().(*AWSClient).ec2conn 154 for _, rs := range s.RootModule().Resources { 155 if rs.Type != "aws_vpn_connection" { 156 continue 157 } 158 159 resp, err := conn.DescribeVpnConnections(&ec2.DescribeVpnConnectionsInput{ 160 VpnConnectionIds: []*string{aws.String(rs.Primary.ID)}, 161 }) 162 163 if err != nil { 164 if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnConnectionID.NotFound" { 165 // not found 166 return nil 167 } 168 return err 169 } 170 171 var vpn *ec2.VpnConnection 172 for _, v := range resp.VpnConnections { 173 if v.VpnConnectionId != nil && *v.VpnConnectionId == rs.Primary.ID { 174 vpn = v 175 } 176 } 177 178 if vpn == nil { 179 // vpn connection not found 180 return nil 181 } 182 183 if vpn.State != nil && *vpn.State == "deleted" { 184 return nil 185 } 186 187 } 188 189 return nil 190 } 191 192 func testAccAwsVpnConnection( 193 vpcResource string, 194 vpnGatewayResource string, 195 customerGatewayResource string, 196 vpnConnectionResource string, 197 vpnConnection *ec2.VpnConnection) resource.TestCheckFunc { 198 return func(s *terraform.State) error { 199 rs, ok := s.RootModule().Resources[vpnConnectionResource] 200 if !ok { 201 return fmt.Errorf("Not found: %s", vpnConnectionResource) 202 } 203 204 if rs.Primary.ID == "" { 205 return fmt.Errorf("No ID is set") 206 } 207 connection, ok := s.RootModule().Resources[vpnConnectionResource] 208 if !ok { 209 return fmt.Errorf("Not found: %s", vpnConnectionResource) 210 } 211 212 ec2conn := testAccProvider.Meta().(*AWSClient).ec2conn 213 214 resp, err := ec2conn.DescribeVpnConnections(&ec2.DescribeVpnConnectionsInput{ 215 VpnConnectionIds: []*string{aws.String(connection.Primary.ID)}, 216 }) 217 218 if err != nil { 219 return err 220 } 221 222 *vpnConnection = *resp.VpnConnections[0] 223 224 return nil 225 } 226 } 227 228 func TestAWSVpnConnection_xmlconfig(t *testing.T) { 229 tunnelInfo, err := xmlConfigToTunnelInfo(testAccAwsVpnTunnelInfoXML) 230 if err != nil { 231 t.Fatalf("Error unmarshalling XML: %s", err) 232 } 233 if tunnelInfo.Tunnel1Address != "FIRST_ADDRESS" { 234 t.Fatalf("First address from tunnel XML was incorrect.") 235 } 236 if tunnelInfo.Tunnel1PreSharedKey != "FIRST_KEY" { 237 t.Fatalf("First key from tunnel XML was incorrect.") 238 } 239 if tunnelInfo.Tunnel2Address != "SECOND_ADDRESS" { 240 t.Fatalf("Second address from tunnel XML was incorrect.") 241 } 242 if tunnelInfo.Tunnel2PreSharedKey != "SECOND_KEY" { 243 t.Fatalf("Second key from tunnel XML was incorrect.") 244 } 245 } 246 247 func testAccAwsVpnConnectionConfig(rBgpAsn int) string { 248 return fmt.Sprintf(` 249 resource "aws_vpn_gateway" "vpn_gateway" { 250 tags { 251 Name = "vpn_gateway" 252 } 253 } 254 255 resource "aws_customer_gateway" "customer_gateway" { 256 bgp_asn = %d 257 ip_address = "178.0.0.1" 258 type = "ipsec.1" 259 tags { 260 Name = "main-customer-gateway" 261 } 262 } 263 264 resource "aws_vpn_connection" "foo" { 265 vpn_gateway_id = "${aws_vpn_gateway.vpn_gateway.id}" 266 customer_gateway_id = "${aws_customer_gateway.customer_gateway.id}" 267 type = "ipsec.1" 268 static_routes_only = true 269 } 270 `, rBgpAsn) 271 } 272 273 // Change static_routes_only to be false, forcing a refresh. 274 func testAccAwsVpnConnectionConfigUpdate(rInt, rBgpAsn int) string { 275 return fmt.Sprintf(` 276 resource "aws_vpn_gateway" "vpn_gateway" { 277 tags { 278 Name = "vpn_gateway" 279 } 280 } 281 282 resource "aws_customer_gateway" "customer_gateway" { 283 bgp_asn = %d 284 ip_address = "178.0.0.1" 285 type = "ipsec.1" 286 tags { 287 Name = "main-customer-gateway-%d" 288 } 289 } 290 291 resource "aws_vpn_connection" "foo" { 292 vpn_gateway_id = "${aws_vpn_gateway.vpn_gateway.id}" 293 customer_gateway_id = "${aws_customer_gateway.customer_gateway.id}" 294 type = "ipsec.1" 295 static_routes_only = false 296 } 297 `, rBgpAsn, rInt) 298 } 299 300 // Test our VPN tunnel config XML parsing 301 const testAccAwsVpnTunnelInfoXML = ` 302 <vpn_connection id="vpn-abc123"> 303 <ipsec_tunnel> 304 <vpn_gateway> 305 <tunnel_outside_address> 306 <ip_address>SECOND_ADDRESS</ip_address> 307 </tunnel_outside_address> 308 </vpn_gateway> 309 <ike> 310 <pre_shared_key>SECOND_KEY</pre_shared_key> 311 </ike> 312 </ipsec_tunnel> 313 <ipsec_tunnel> 314 <vpn_gateway> 315 <tunnel_outside_address> 316 <ip_address>FIRST_ADDRESS</ip_address> 317 </tunnel_outside_address> 318 </vpn_gateway> 319 <ike> 320 <pre_shared_key>FIRST_KEY</pre_shared_key> 321 </ike> 322 </ipsec_tunnel> 323 </vpn_connection> 324 `