github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go (about) 1 package cloudstack 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 "github.com/xanzy/go-cloudstack/cloudstack" 11 ) 12 13 func TestAccCloudStackNetworkACLRule_basic(t *testing.T) { 14 resource.Test(t, resource.TestCase{ 15 PreCheck: func() { testAccPreCheck(t) }, 16 Providers: testAccProviders, 17 CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy, 18 Steps: []resource.TestStep{ 19 resource.TestStep{ 20 Config: testAccCloudStackNetworkACLRule_basic, 21 Check: resource.ComposeTestCheckFunc( 22 testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.foo"), 23 resource.TestCheckResourceAttr( 24 "cloudstack_network_acl_rule.foo", "rule.#", "3"), 25 resource.TestCheckResourceAttr( 26 "cloudstack_network_acl_rule.foo", "rule.2898748868.action", "allow"), 27 resource.TestCheckResourceAttr( 28 "cloudstack_network_acl_rule.foo", "rule.2898748868.cidr_list.2835005819", "172.16.100.0/24"), 29 resource.TestCheckResourceAttr( 30 "cloudstack_network_acl_rule.foo", "rule.2898748868.protocol", "tcp"), 31 resource.TestCheckResourceAttr( 32 "cloudstack_network_acl_rule.foo", "rule.2898748868.ports.#", "2"), 33 resource.TestCheckResourceAttr( 34 "cloudstack_network_acl_rule.foo", "rule.2898748868.ports.1889509032", "80"), 35 resource.TestCheckResourceAttr( 36 "cloudstack_network_acl_rule.foo", "rule.2898748868.ports.3638101695", "443"), 37 resource.TestCheckResourceAttr( 38 "cloudstack_network_acl_rule.foo", "rule.2898748868.traffic_type", "ingress"), 39 resource.TestCheckResourceAttr( 40 "cloudstack_network_acl_rule.foo", "rule.1480917538.action", "allow"), 41 resource.TestCheckResourceAttr( 42 "cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.#", "1"), 43 resource.TestCheckResourceAttr( 44 "cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.3056857544", "172.18.100.0/24"), 45 resource.TestCheckResourceAttr( 46 "cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_code", "-1"), 47 resource.TestCheckResourceAttr( 48 "cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_type", "-1"), 49 resource.TestCheckResourceAttr( 50 "cloudstack_network_acl_rule.foo", "rule.1480917538.traffic_type", "ingress"), 51 ), 52 }, 53 }, 54 }) 55 } 56 57 func TestAccCloudStackNetworkACLRule_update(t *testing.T) { 58 resource.Test(t, resource.TestCase{ 59 PreCheck: func() { testAccPreCheck(t) }, 60 Providers: testAccProviders, 61 CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy, 62 Steps: []resource.TestStep{ 63 resource.TestStep{ 64 Config: testAccCloudStackNetworkACLRule_basic, 65 Check: resource.ComposeTestCheckFunc( 66 testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.foo"), 67 resource.TestCheckResourceAttr( 68 "cloudstack_network_acl_rule.foo", "rule.#", "3"), 69 resource.TestCheckResourceAttr( 70 "cloudstack_network_acl_rule.foo", "rule.2898748868.action", "allow"), 71 resource.TestCheckResourceAttr( 72 "cloudstack_network_acl_rule.foo", "rule.2898748868.cidr_list.2835005819", "172.16.100.0/24"), 73 resource.TestCheckResourceAttr( 74 "cloudstack_network_acl_rule.foo", "rule.2898748868.protocol", "tcp"), 75 resource.TestCheckResourceAttr( 76 "cloudstack_network_acl_rule.foo", "rule.2898748868.ports.#", "2"), 77 resource.TestCheckResourceAttr( 78 "cloudstack_network_acl_rule.foo", "rule.2898748868.ports.1889509032", "80"), 79 resource.TestCheckResourceAttr( 80 "cloudstack_network_acl_rule.foo", "rule.2898748868.ports.3638101695", "443"), 81 resource.TestCheckResourceAttr( 82 "cloudstack_network_acl_rule.foo", "rule.2898748868.traffic_type", "ingress"), 83 resource.TestCheckResourceAttr( 84 "cloudstack_network_acl_rule.foo", "rule.1480917538.action", "allow"), 85 resource.TestCheckResourceAttr( 86 "cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.#", "1"), 87 resource.TestCheckResourceAttr( 88 "cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.3056857544", "172.18.100.0/24"), 89 resource.TestCheckResourceAttr( 90 "cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_code", "-1"), 91 resource.TestCheckResourceAttr( 92 "cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_type", "-1"), 93 resource.TestCheckResourceAttr( 94 "cloudstack_network_acl_rule.foo", "rule.1480917538.traffic_type", "ingress"), 95 ), 96 }, 97 98 resource.TestStep{ 99 Config: testAccCloudStackNetworkACLRule_update, 100 Check: resource.ComposeTestCheckFunc( 101 testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.foo"), 102 resource.TestCheckResourceAttr( 103 "cloudstack_network_acl_rule.foo", "rule.#", "4"), 104 resource.TestCheckResourceAttr( 105 "cloudstack_network_acl_rule.foo", "rule.1724235854.action", "deny"), 106 resource.TestCheckResourceAttr( 107 "cloudstack_network_acl_rule.foo", "rule.1724235854.cidr_list.3482919157", "10.0.0.0/24"), 108 resource.TestCheckResourceAttr( 109 "cloudstack_network_acl_rule.foo", "rule.1724235854.protocol", "tcp"), 110 resource.TestCheckResourceAttr( 111 "cloudstack_network_acl_rule.foo", "rule.1724235854.ports.#", "2"), 112 resource.TestCheckResourceAttr( 113 "cloudstack_network_acl_rule.foo", "rule.1724235854.ports.1209010669", "1000-2000"), 114 resource.TestCheckResourceAttr( 115 "cloudstack_network_acl_rule.foo", "rule.1724235854.ports.1889509032", "80"), 116 resource.TestCheckResourceAttr( 117 "cloudstack_network_acl_rule.foo", "rule.1724235854.traffic_type", "egress"), 118 resource.TestCheckResourceAttr( 119 "cloudstack_network_acl_rule.foo", "rule.2090315355.action", "deny"), 120 resource.TestCheckResourceAttr( 121 "cloudstack_network_acl_rule.foo", "rule.2090315355.cidr_list.#", "2"), 122 resource.TestCheckResourceAttr( 123 "cloudstack_network_acl_rule.foo", "rule.2090315355.cidr_list.2104435309", "172.18.101.0/24"), 124 resource.TestCheckResourceAttr( 125 "cloudstack_network_acl_rule.foo", "rule.2090315355.cidr_list.3056857544", "172.18.100.0/24"), 126 resource.TestCheckResourceAttr( 127 "cloudstack_network_acl_rule.foo", "rule.2090315355.icmp_code", "-1"), 128 resource.TestCheckResourceAttr( 129 "cloudstack_network_acl_rule.foo", "rule.2090315355.icmp_type", "-1"), 130 resource.TestCheckResourceAttr( 131 "cloudstack_network_acl_rule.foo", "rule.2090315355.traffic_type", "ingress"), 132 resource.TestCheckResourceAttr( 133 "cloudstack_network_acl_rule.foo", "rule.2576683033.action", "allow"), 134 resource.TestCheckResourceAttr( 135 "cloudstack_network_acl_rule.foo", "rule.2576683033.cidr_list.3056857544", "172.18.100.0/24"), 136 resource.TestCheckResourceAttr( 137 "cloudstack_network_acl_rule.foo", "rule.2576683033.protocol", "tcp"), 138 resource.TestCheckResourceAttr( 139 "cloudstack_network_acl_rule.foo", "rule.2576683033.ports.#", "2"), 140 resource.TestCheckResourceAttr( 141 "cloudstack_network_acl_rule.foo", "rule.2576683033.ports.1889509032", "80"), 142 resource.TestCheckResourceAttr( 143 "cloudstack_network_acl_rule.foo", "rule.2576683033.ports.3638101695", "443"), 144 resource.TestCheckResourceAttr( 145 "cloudstack_network_acl_rule.foo", "rule.2576683033.traffic_type", "ingress"), 146 ), 147 }, 148 }, 149 }) 150 } 151 152 func testAccCheckCloudStackNetworkACLRulesExist(n string) resource.TestCheckFunc { 153 return func(s *terraform.State) error { 154 rs, ok := s.RootModule().Resources[n] 155 if !ok { 156 return fmt.Errorf("Not found: %s", n) 157 } 158 159 if rs.Primary.ID == "" { 160 return fmt.Errorf("No network ACL rule ID is set") 161 } 162 163 for k, id := range rs.Primary.Attributes { 164 if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") { 165 continue 166 } 167 168 cs := testAccProvider.Meta().(*cloudstack.CloudStackClient) 169 _, count, err := cs.NetworkACL.GetNetworkACLByID(id) 170 171 if err != nil { 172 return err 173 } 174 175 if count == 0 { 176 return fmt.Errorf("Network ACL rule %s not found", k) 177 } 178 } 179 180 return nil 181 } 182 } 183 184 func testAccCheckCloudStackNetworkACLRuleDestroy(s *terraform.State) error { 185 cs := testAccProvider.Meta().(*cloudstack.CloudStackClient) 186 187 for _, rs := range s.RootModule().Resources { 188 if rs.Type != "cloudstack_network_acl_rule" { 189 continue 190 } 191 192 if rs.Primary.ID == "" { 193 return fmt.Errorf("No network ACL rule ID is set") 194 } 195 196 for k, id := range rs.Primary.Attributes { 197 if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") { 198 continue 199 } 200 201 _, _, err := cs.NetworkACL.GetNetworkACLByID(id) 202 if err == nil { 203 return fmt.Errorf("Network ACL rule %s still exists", rs.Primary.ID) 204 } 205 } 206 } 207 208 return nil 209 } 210 211 var testAccCloudStackNetworkACLRule_basic = fmt.Sprintf(` 212 resource "cloudstack_vpc" "foobar" { 213 name = "terraform-vpc" 214 cidr = "%s" 215 vpc_offering = "%s" 216 zone = "%s" 217 } 218 219 resource "cloudstack_network_acl" "foo" { 220 name = "terraform-acl" 221 description = "terraform-acl-text" 222 vpc_id = "${cloudstack_vpc.foobar.id}" 223 } 224 225 resource "cloudstack_network_acl_rule" "foo" { 226 acl_id = "${cloudstack_network_acl.foo.id}" 227 228 rule { 229 action = "allow" 230 cidr_list = ["172.18.100.0/24"] 231 protocol = "all" 232 traffic_type = "ingress" 233 } 234 235 rule { 236 action = "allow" 237 cidr_list = ["172.18.100.0/24"] 238 protocol = "icmp" 239 icmp_type = "-1" 240 icmp_code = "-1" 241 traffic_type = "ingress" 242 } 243 244 rule { 245 cidr_list = ["172.16.100.0/24"] 246 protocol = "tcp" 247 ports = ["80", "443"] 248 traffic_type = "ingress" 249 } 250 }`, 251 CLOUDSTACK_VPC_CIDR_1, 252 CLOUDSTACK_VPC_OFFERING, 253 CLOUDSTACK_ZONE) 254 255 var testAccCloudStackNetworkACLRule_update = fmt.Sprintf(` 256 resource "cloudstack_vpc" "foobar" { 257 name = "terraform-vpc" 258 cidr = "%s" 259 vpc_offering = "%s" 260 zone = "%s" 261 } 262 263 resource "cloudstack_network_acl" "foo" { 264 name = "terraform-acl" 265 description = "terraform-acl-text" 266 vpc_id = "${cloudstack_vpc.foobar.id}" 267 } 268 269 resource "cloudstack_network_acl_rule" "foo" { 270 acl_id = "${cloudstack_network_acl.foo.id}" 271 272 rule { 273 action = "deny" 274 cidr_list = ["172.18.100.0/24"] 275 protocol = "all" 276 traffic_type = "ingress" 277 } 278 279 rule { 280 action = "deny" 281 cidr_list = ["172.18.100.0/24", "172.18.101.0/24"] 282 protocol = "icmp" 283 icmp_type = "-1" 284 icmp_code = "-1" 285 traffic_type = "ingress" 286 } 287 288 rule { 289 action = "allow" 290 cidr_list = ["172.18.100.0/24"] 291 protocol = "tcp" 292 ports = ["80", "443"] 293 traffic_type = "ingress" 294 } 295 296 rule { 297 action = "deny" 298 cidr_list = ["10.0.0.0/24"] 299 protocol = "tcp" 300 ports = ["80", "1000-2000"] 301 traffic_type = "egress" 302 } 303 }`, 304 CLOUDSTACK_VPC_CIDR_1, 305 CLOUDSTACK_VPC_OFFERING, 306 CLOUDSTACK_ZONE)