github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/azure/resource_azure_security_group_rule_test.go (about) 1 package azure 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/Azure/azure-sdk-for-go/management" 8 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/helper/schema" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 var ( 15 testAcctestingSecurityGroup1 = fmt.Sprintf("%s-%d", testAccSecurityGroupName, 1) 16 testAccTestingSecurityGroupHash1 = fmt.Sprintf("%d", schema.HashString(testAcctestingSecurityGroup1)) 17 18 testAcctestingSecurityGroup2 = fmt.Sprintf("%s-%d", testAccSecurityGroupName, 2) 19 testAccTestingSecurityGroupHash2 = fmt.Sprintf("%d", schema.HashString(testAcctestingSecurityGroup2)) 20 ) 21 22 func TestAccAzureSecurityGroupRuleBasic(t *testing.T) { 23 name := "azure_security_group_rule.foo" 24 25 resource.Test(t, resource.TestCase{ 26 PreCheck: func() { testAccPreCheck(t) }, 27 Providers: testAccProviders, 28 CheckDestroy: testAccCheckAzureSecurityGroupRuleDeleted([]string{testAccSecurityGroupName}), 29 Steps: []resource.TestStep{ 30 resource.TestStep{ 31 Config: testAccAzureSecurityGroupRuleBasicConfig, 32 Check: resource.ComposeTestCheckFunc( 33 testAccCheckAzureSecurityGroupRuleExists(name, testAccSecurityGroupName), 34 resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"), 35 resource.TestCheckResourceAttr(name, 36 fmt.Sprintf("security_group_names.%d", schema.HashString(testAccSecurityGroupName)), 37 testAccSecurityGroupName), 38 resource.TestCheckResourceAttr(name, "type", "Inbound"), 39 resource.TestCheckResourceAttr(name, "action", "Deny"), 40 resource.TestCheckResourceAttr(name, "priority", "200"), 41 resource.TestCheckResourceAttr(name, "source_address_prefix", "100.0.0.0/32"), 42 resource.TestCheckResourceAttr(name, "source_port_range", "1000"), 43 resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"), 44 resource.TestCheckResourceAttr(name, "destination_port_range", "1000"), 45 resource.TestCheckResourceAttr(name, "protocol", "TCP"), 46 ), 47 }, 48 }, 49 }) 50 } 51 52 func TestAccAzureSecurityGroupRuleAdvanced(t *testing.T) { 53 name := "azure_security_group_rule.foo" 54 55 resource.Test(t, resource.TestCase{ 56 PreCheck: func() { testAccPreCheck(t) }, 57 Providers: testAccProviders, 58 CheckDestroy: testAccCheckAzureSecurityGroupRuleDeleted( 59 []string{ 60 testAcctestingSecurityGroup1, 61 testAcctestingSecurityGroup2, 62 }, 63 ), 64 Steps: []resource.TestStep{ 65 resource.TestStep{ 66 Config: testAccAzureSecurityGroupRuleAdvancedConfig, 67 Check: resource.ComposeTestCheckFunc( 68 testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup1), 69 testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup2), 70 resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"), 71 resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s", 72 testAccTestingSecurityGroupHash1), testAcctestingSecurityGroup1), 73 resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s", 74 testAccTestingSecurityGroupHash2), testAcctestingSecurityGroup2), 75 resource.TestCheckResourceAttr(name, "type", "Inbound"), 76 resource.TestCheckResourceAttr(name, "action", "Deny"), 77 resource.TestCheckResourceAttr(name, "priority", "200"), 78 resource.TestCheckResourceAttr(name, "source_address_prefix", "100.0.0.0/32"), 79 resource.TestCheckResourceAttr(name, "source_port_range", "1000"), 80 resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"), 81 resource.TestCheckResourceAttr(name, "destination_port_range", "1000"), 82 resource.TestCheckResourceAttr(name, "protocol", "TCP"), 83 ), 84 }, 85 }, 86 }) 87 } 88 89 func TestAccAzureSecurityGroupRuleUpdate(t *testing.T) { 90 name := "azure_security_group_rule.foo" 91 92 resource.Test(t, resource.TestCase{ 93 PreCheck: func() { testAccPreCheck(t) }, 94 Providers: testAccProviders, 95 CheckDestroy: testAccCheckAzureSecurityGroupRuleDeleted( 96 []string{ 97 testAcctestingSecurityGroup1, 98 testAcctestingSecurityGroup2, 99 }, 100 ), 101 Steps: []resource.TestStep{ 102 resource.TestStep{ 103 Config: testAccAzureSecurityGroupRuleAdvancedConfig, 104 Check: resource.ComposeTestCheckFunc( 105 testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup1), 106 testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup2), 107 resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"), 108 resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s", 109 testAccTestingSecurityGroupHash1), testAcctestingSecurityGroup1), 110 resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s", 111 testAccTestingSecurityGroupHash2), testAcctestingSecurityGroup2), 112 resource.TestCheckResourceAttr(name, "type", "Inbound"), 113 resource.TestCheckResourceAttr(name, "action", "Deny"), 114 resource.TestCheckResourceAttr(name, "priority", "200"), 115 resource.TestCheckResourceAttr(name, "source_address_prefix", "100.0.0.0/32"), 116 resource.TestCheckResourceAttr(name, "source_port_range", "1000"), 117 resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"), 118 resource.TestCheckResourceAttr(name, "destination_port_range", "1000"), 119 resource.TestCheckResourceAttr(name, "protocol", "TCP"), 120 ), 121 }, 122 123 resource.TestStep{ 124 Config: testAccAzureSecurityGroupRuleUpdateConfig, 125 Check: resource.ComposeTestCheckFunc( 126 testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup2), 127 resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"), 128 resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s", 129 testAccTestingSecurityGroupHash2), testAcctestingSecurityGroup2), 130 resource.TestCheckResourceAttr(name, "type", "Outbound"), 131 resource.TestCheckResourceAttr(name, "action", "Allow"), 132 resource.TestCheckResourceAttr(name, "priority", "100"), 133 resource.TestCheckResourceAttr(name, "source_address_prefix", "101.0.0.0/32"), 134 resource.TestCheckResourceAttr(name, "source_port_range", "1000"), 135 resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"), 136 resource.TestCheckResourceAttr(name, "destination_port_range", "1001"), 137 resource.TestCheckResourceAttr(name, "protocol", "UDP"), 138 ), 139 }, 140 }, 141 }) 142 } 143 144 func testAccCheckAzureSecurityGroupRuleExists(name, groupName string) resource.TestCheckFunc { 145 return func(s *terraform.State) error { 146 resource, ok := s.RootModule().Resources[name] 147 if !ok { 148 return fmt.Errorf("Azure security group rule not found: %s", name) 149 } 150 151 if resource.Primary.ID == "" { 152 return fmt.Errorf("Azure network security group rule ID not set: %s", name) 153 } 154 155 secGroupClient := testAccProvider.Meta().(*Client).secGroupClient 156 157 secGroup, err := secGroupClient.GetNetworkSecurityGroup(groupName) 158 if err != nil { 159 return fmt.Errorf("Failed getting network security group details for %q: %s", groupName, err) 160 } 161 162 for _, rule := range secGroup.Rules { 163 if rule.Name == resource.Primary.ID { 164 return nil 165 } 166 } 167 168 return fmt.Errorf("Azure security group rule doesn't exist: %s", name) 169 } 170 } 171 172 func testAccCheckAzureSecurityGroupRuleDeleted(groups []string) resource.TestCheckFunc { 173 return func(s *terraform.State) error { 174 for _, resource := range s.RootModule().Resources { 175 if resource.Type != "azure_security_group_rule" { 176 continue 177 } 178 179 if resource.Primary.ID == "" { 180 return fmt.Errorf("Azure network security group ID not set.") 181 } 182 183 secGroupClient := testAccProvider.Meta().(*Client).secGroupClient 184 185 for _, groupName := range groups { 186 secGroup, err := secGroupClient.GetNetworkSecurityGroup(groupName) 187 if err != nil { 188 if !management.IsResourceNotFoundError(err) { 189 return fmt.Errorf("Failed getting network security group details for %q: %s", groupName, err) 190 } 191 } 192 193 for _, rule := range secGroup.Rules { 194 if rule.Name == resource.Primary.ID { 195 return fmt.Errorf("Azure network security group rule still exists!") 196 } 197 } 198 } 199 } 200 201 return nil 202 } 203 } 204 205 var testAccAzureSecurityGroupRuleBasicConfig = testAccAzureSecurityGroupConfig + ` 206 resource "azure_security_group_rule" "foo" { 207 name = "terraform-secgroup-rule" 208 security_group_names = ["${azure_security_group.foo.name}"] 209 type = "Inbound" 210 action = "Deny" 211 priority = 200 212 source_address_prefix = "100.0.0.0/32" 213 source_port_range = "1000" 214 destination_address_prefix = "10.0.0.0/32" 215 destination_port_range = "1000" 216 protocol = "TCP" 217 } 218 ` 219 var testAccAzureSecurityGroupRuleAdvancedConfig = fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "foo", testAcctestingSecurityGroup1) + 220 fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "bar", testAcctestingSecurityGroup2) + ` 221 resource "azure_security_group_rule" "foo" { 222 name = "terraform-secgroup-rule" 223 security_group_names = ["${azure_security_group.foo.name}", "${azure_security_group.bar.name}"] 224 type = "Inbound" 225 action = "Deny" 226 priority = 200 227 source_address_prefix = "100.0.0.0/32" 228 source_port_range = "1000" 229 destination_address_prefix = "10.0.0.0/32" 230 destination_port_range = "1000" 231 protocol = "TCP" 232 } 233 ` 234 235 var testAccAzureSecurityGroupRuleUpdateConfig = fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "foo", testAcctestingSecurityGroup1) + 236 fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "bar", testAcctestingSecurityGroup2) + ` 237 resource "azure_security_group_rule" "foo" { 238 name = "terraform-secgroup-rule" 239 security_group_names = ["${azure_security_group.bar.name}"] 240 type = "Outbound" 241 action = "Allow" 242 priority = 100 243 source_address_prefix = "101.0.0.0/32" 244 source_port_range = "1000" 245 destination_address_prefix = "10.0.0.0/32" 246 destination_port_range = "1001" 247 protocol = "UDP" 248 } 249 `