github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_waf_ipset_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 11 "github.com/aws/aws-sdk-go/aws" 12 "github.com/aws/aws-sdk-go/aws/awserr" 13 "github.com/aws/aws-sdk-go/service/waf" 14 "github.com/hashicorp/terraform/helper/acctest" 15 ) 16 17 func TestAccAWSWafIPSet_basic(t *testing.T) { 18 var v waf.IPSet 19 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 20 21 resource.Test(t, resource.TestCase{ 22 PreCheck: func() { testAccPreCheck(t) }, 23 Providers: testAccProviders, 24 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 25 Steps: []resource.TestStep{ 26 resource.TestStep{ 27 Config: testAccAWSWafIPSetConfig(ipsetName), 28 Check: resource.ComposeTestCheckFunc( 29 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &v), 30 resource.TestCheckResourceAttr( 31 "aws_waf_ipset.ipset", "name", ipsetName), 32 resource.TestCheckResourceAttr( 33 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), 34 resource.TestCheckResourceAttr( 35 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), 36 ), 37 }, 38 }, 39 }) 40 } 41 42 func TestAccAWSWafIPSet_disappears(t *testing.T) { 43 var v waf.IPSet 44 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 45 resource.Test(t, resource.TestCase{ 46 PreCheck: func() { testAccPreCheck(t) }, 47 Providers: testAccProviders, 48 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 49 Steps: []resource.TestStep{ 50 { 51 Config: testAccAWSWafIPSetConfig(ipsetName), 52 Check: resource.ComposeTestCheckFunc( 53 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &v), 54 testAccCheckAWSWafIPSetDisappears(&v), 55 ), 56 ExpectNonEmptyPlan: true, 57 }, 58 }, 59 }) 60 } 61 62 func TestAccAWSWafIPSet_changeNameForceNew(t *testing.T) { 63 var before, after waf.IPSet 64 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 65 ipsetNewName := fmt.Sprintf("ip-set-new-%s", acctest.RandString(5)) 66 67 resource.Test(t, resource.TestCase{ 68 PreCheck: func() { testAccPreCheck(t) }, 69 Providers: testAccProviders, 70 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 71 Steps: []resource.TestStep{ 72 { 73 Config: testAccAWSWafIPSetConfig(ipsetName), 74 Check: resource.ComposeAggregateTestCheckFunc( 75 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &before), 76 resource.TestCheckResourceAttr( 77 "aws_waf_ipset.ipset", "name", ipsetName), 78 resource.TestCheckResourceAttr( 79 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), 80 resource.TestCheckResourceAttr( 81 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), 82 ), 83 }, 84 { 85 Config: testAccAWSWafIPSetConfigChangeName(ipsetNewName), 86 Check: resource.ComposeAggregateTestCheckFunc( 87 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &after), 88 resource.TestCheckResourceAttr( 89 "aws_waf_ipset.ipset", "name", ipsetNewName), 90 resource.TestCheckResourceAttr( 91 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), 92 resource.TestCheckResourceAttr( 93 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), 94 ), 95 }, 96 }, 97 }) 98 } 99 100 func TestAccAWSWafIPSet_changeDescriptors(t *testing.T) { 101 var before, after waf.IPSet 102 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 103 104 resource.Test(t, resource.TestCase{ 105 PreCheck: func() { testAccPreCheck(t) }, 106 Providers: testAccProviders, 107 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 108 Steps: []resource.TestStep{ 109 { 110 Config: testAccAWSWafIPSetConfig(ipsetName), 111 Check: resource.ComposeAggregateTestCheckFunc( 112 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &before), 113 resource.TestCheckResourceAttr( 114 "aws_waf_ipset.ipset", "name", ipsetName), 115 resource.TestCheckResourceAttr( 116 "aws_waf_ipset.ipset", "ip_set_descriptors.#", "1"), 117 resource.TestCheckResourceAttr( 118 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.type", "IPV4"), 119 resource.TestCheckResourceAttr( 120 "aws_waf_ipset.ipset", "ip_set_descriptors.4037960608.value", "192.0.7.0/24"), 121 ), 122 }, 123 { 124 Config: testAccAWSWafIPSetConfigChangeIPSetDescriptors(ipsetName), 125 Check: resource.ComposeAggregateTestCheckFunc( 126 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &after), 127 resource.TestCheckResourceAttr( 128 "aws_waf_ipset.ipset", "name", ipsetName), 129 resource.TestCheckResourceAttr( 130 "aws_waf_ipset.ipset", "ip_set_descriptors.#", "1"), 131 resource.TestCheckResourceAttr( 132 "aws_waf_ipset.ipset", "ip_set_descriptors.115741513.type", "IPV4"), 133 resource.TestCheckResourceAttr( 134 "aws_waf_ipset.ipset", "ip_set_descriptors.115741513.value", "192.0.8.0/24"), 135 ), 136 }, 137 }, 138 }) 139 } 140 141 func TestAccAWSWafIPSet_noDescriptors(t *testing.T) { 142 var ipset waf.IPSet 143 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 144 145 resource.Test(t, resource.TestCase{ 146 PreCheck: func() { testAccPreCheck(t) }, 147 Providers: testAccProviders, 148 CheckDestroy: testAccCheckAWSWafIPSetDestroy, 149 Steps: []resource.TestStep{ 150 { 151 Config: testAccAWSWafIPSetConfig_noDescriptors(ipsetName), 152 Check: resource.ComposeAggregateTestCheckFunc( 153 testAccCheckAWSWafIPSetExists("aws_waf_ipset.ipset", &ipset), 154 resource.TestCheckResourceAttr( 155 "aws_waf_ipset.ipset", "name", ipsetName), 156 resource.TestCheckResourceAttr( 157 "aws_waf_ipset.ipset", "ip_set_descriptors.#", "0"), 158 ), 159 }, 160 }, 161 }) 162 } 163 164 func TestDiffWafIpSetDescriptors(t *testing.T) { 165 testCases := []struct { 166 Old []interface{} 167 New []interface{} 168 ExpectedUpdates []*waf.IPSetUpdate 169 }{ 170 { 171 // Change 172 Old: []interface{}{ 173 map[string]interface{}{"type": "IPV4", "value": "192.0.7.0/24"}, 174 }, 175 New: []interface{}{ 176 map[string]interface{}{"type": "IPV4", "value": "192.0.8.0/24"}, 177 }, 178 ExpectedUpdates: []*waf.IPSetUpdate{ 179 &waf.IPSetUpdate{ 180 Action: aws.String(waf.ChangeActionDelete), 181 IPSetDescriptor: &waf.IPSetDescriptor{ 182 Type: aws.String("IPV4"), 183 Value: aws.String("192.0.7.0/24"), 184 }, 185 }, 186 &waf.IPSetUpdate{ 187 Action: aws.String(waf.ChangeActionInsert), 188 IPSetDescriptor: &waf.IPSetDescriptor{ 189 Type: aws.String("IPV4"), 190 Value: aws.String("192.0.8.0/24"), 191 }, 192 }, 193 }, 194 }, 195 { 196 // Fresh IPSet 197 Old: []interface{}{}, 198 New: []interface{}{ 199 map[string]interface{}{"type": "IPV4", "value": "10.0.1.0/24"}, 200 map[string]interface{}{"type": "IPV4", "value": "10.0.2.0/24"}, 201 map[string]interface{}{"type": "IPV4", "value": "10.0.3.0/24"}, 202 }, 203 ExpectedUpdates: []*waf.IPSetUpdate{ 204 &waf.IPSetUpdate{ 205 Action: aws.String(waf.ChangeActionInsert), 206 IPSetDescriptor: &waf.IPSetDescriptor{ 207 Type: aws.String("IPV4"), 208 Value: aws.String("10.0.1.0/24"), 209 }, 210 }, 211 &waf.IPSetUpdate{ 212 Action: aws.String(waf.ChangeActionInsert), 213 IPSetDescriptor: &waf.IPSetDescriptor{ 214 Type: aws.String("IPV4"), 215 Value: aws.String("10.0.2.0/24"), 216 }, 217 }, 218 &waf.IPSetUpdate{ 219 Action: aws.String(waf.ChangeActionInsert), 220 IPSetDescriptor: &waf.IPSetDescriptor{ 221 Type: aws.String("IPV4"), 222 Value: aws.String("10.0.3.0/24"), 223 }, 224 }, 225 }, 226 }, 227 { 228 // Deletion 229 Old: []interface{}{ 230 map[string]interface{}{"type": "IPV4", "value": "192.0.7.0/24"}, 231 map[string]interface{}{"type": "IPV4", "value": "192.0.8.0/24"}, 232 }, 233 New: []interface{}{}, 234 ExpectedUpdates: []*waf.IPSetUpdate{ 235 &waf.IPSetUpdate{ 236 Action: aws.String(waf.ChangeActionDelete), 237 IPSetDescriptor: &waf.IPSetDescriptor{ 238 Type: aws.String("IPV4"), 239 Value: aws.String("192.0.7.0/24"), 240 }, 241 }, 242 &waf.IPSetUpdate{ 243 Action: aws.String(waf.ChangeActionDelete), 244 IPSetDescriptor: &waf.IPSetDescriptor{ 245 Type: aws.String("IPV4"), 246 Value: aws.String("192.0.8.0/24"), 247 }, 248 }, 249 }, 250 }, 251 } 252 for i, tc := range testCases { 253 t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { 254 updates := diffWafIpSetDescriptors(tc.Old, tc.New) 255 if !reflect.DeepEqual(updates, tc.ExpectedUpdates) { 256 t.Fatalf("IPSet updates don't match.\nGiven: %s\nExpected: %s", 257 updates, tc.ExpectedUpdates) 258 } 259 }) 260 } 261 } 262 263 func testAccCheckAWSWafIPSetDisappears(v *waf.IPSet) resource.TestCheckFunc { 264 return func(s *terraform.State) error { 265 conn := testAccProvider.Meta().(*AWSClient).wafconn 266 267 wr := newWafRetryer(conn, "global") 268 _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 269 req := &waf.UpdateIPSetInput{ 270 ChangeToken: token, 271 IPSetId: v.IPSetId, 272 } 273 274 for _, IPSetDescriptor := range v.IPSetDescriptors { 275 IPSetUpdate := &waf.IPSetUpdate{ 276 Action: aws.String("DELETE"), 277 IPSetDescriptor: &waf.IPSetDescriptor{ 278 Type: IPSetDescriptor.Type, 279 Value: IPSetDescriptor.Value, 280 }, 281 } 282 req.Updates = append(req.Updates, IPSetUpdate) 283 } 284 285 return conn.UpdateIPSet(req) 286 }) 287 if err != nil { 288 return fmt.Errorf("Error Updating WAF IPSet: %s", err) 289 } 290 291 _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { 292 opts := &waf.DeleteIPSetInput{ 293 ChangeToken: token, 294 IPSetId: v.IPSetId, 295 } 296 return conn.DeleteIPSet(opts) 297 }) 298 if err != nil { 299 return fmt.Errorf("Error Deleting WAF IPSet: %s", err) 300 } 301 return nil 302 } 303 } 304 305 func testAccCheckAWSWafIPSetDestroy(s *terraform.State) error { 306 for _, rs := range s.RootModule().Resources { 307 if rs.Type != "aws_waf_ipset" { 308 continue 309 } 310 311 conn := testAccProvider.Meta().(*AWSClient).wafconn 312 resp, err := conn.GetIPSet( 313 &waf.GetIPSetInput{ 314 IPSetId: aws.String(rs.Primary.ID), 315 }) 316 317 if err == nil { 318 if *resp.IPSet.IPSetId == rs.Primary.ID { 319 return fmt.Errorf("WAF IPSet %s still exists", rs.Primary.ID) 320 } 321 } 322 323 // Return nil if the IPSet is already destroyed 324 if awsErr, ok := err.(awserr.Error); ok { 325 if awsErr.Code() == "WAFNonexistentItemException" { 326 return nil 327 } 328 } 329 330 return err 331 } 332 333 return nil 334 } 335 336 func testAccCheckAWSWafIPSetExists(n string, v *waf.IPSet) resource.TestCheckFunc { 337 return func(s *terraform.State) error { 338 rs, ok := s.RootModule().Resources[n] 339 if !ok { 340 return fmt.Errorf("Not found: %s", n) 341 } 342 343 if rs.Primary.ID == "" { 344 return fmt.Errorf("No WAF IPSet ID is set") 345 } 346 347 conn := testAccProvider.Meta().(*AWSClient).wafconn 348 resp, err := conn.GetIPSet(&waf.GetIPSetInput{ 349 IPSetId: aws.String(rs.Primary.ID), 350 }) 351 352 if err != nil { 353 return err 354 } 355 356 if *resp.IPSet.IPSetId == rs.Primary.ID { 357 *v = *resp.IPSet 358 return nil 359 } 360 361 return fmt.Errorf("WAF IPSet (%s) not found", rs.Primary.ID) 362 } 363 } 364 365 func testAccAWSWafIPSetConfig(name string) string { 366 return fmt.Sprintf(` 367 resource "aws_waf_ipset" "ipset" { 368 name = "%s" 369 ip_set_descriptors { 370 type = "IPV4" 371 value = "192.0.7.0/24" 372 } 373 }`, name) 374 } 375 376 func testAccAWSWafIPSetConfigChangeName(name string) string { 377 return fmt.Sprintf(`resource "aws_waf_ipset" "ipset" { 378 name = "%s" 379 ip_set_descriptors { 380 type = "IPV4" 381 value = "192.0.7.0/24" 382 } 383 }`, name) 384 } 385 386 func testAccAWSWafIPSetConfigChangeIPSetDescriptors(name string) string { 387 return fmt.Sprintf(`resource "aws_waf_ipset" "ipset" { 388 name = "%s" 389 ip_set_descriptors { 390 type = "IPV4" 391 value = "192.0.8.0/24" 392 } 393 }`, name) 394 } 395 396 func testAccAWSWafIPSetConfig_noDescriptors(name string) string { 397 return fmt.Sprintf(`resource "aws_waf_ipset" "ipset" { 398 name = "%s" 399 }`, name) 400 }