github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/cloudstack/resource_cloudstack_security_group_rule_test.go (about) 1 package cloudstack 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 "github.com/xanzy/go-cloudstack/cloudstack" 11 ) 12 13 func TestAccCloudStackSecurityGroupRule_basic(t *testing.T) { 14 resource.Test(t, resource.TestCase{ 15 PreCheck: func() { testAccPreCheck(t) }, 16 Providers: testAccProviders, 17 CheckDestroy: testAccCheckCloudStackSecurityGroupRuleDestroy, 18 Steps: []resource.TestStep{ 19 resource.TestStep{ 20 Config: testAccCloudStackSecurityGroupRule_basic, 21 Check: resource.ComposeTestCheckFunc( 22 testAccCheckCloudStackSecurityGroupRulesExist("cloudstack_security_group.foo"), 23 resource.TestCheckResourceAttr( 24 "cloudstack_security_group_rule.foo", "rule.#", "2"), 25 resource.TestCheckResourceAttr( 26 "cloudstack_security_group_rule.foo", "rule.1322309156.cidr_list.3056857544", "172.18.100.0/24"), 27 resource.TestCheckResourceAttr( 28 "cloudstack_security_group_rule.foo", "rule.1322309156.protocol", "tcp"), 29 resource.TestCheckResourceAttr( 30 "cloudstack_security_group_rule.foo", "rule.1322309156.ports.#", "1"), 31 resource.TestCheckResourceAttr( 32 "cloudstack_security_group_rule.foo", "rule.1322309156.ports.1889509032", "80"), 33 resource.TestCheckResourceAttr( 34 "cloudstack_security_group_rule.foo", "rule.1322309156.traffic_type", "ingress"), 35 resource.TestCheckResourceAttr( 36 "cloudstack_security_group_rule.foo", "rule.3666289950.protocol", "tcp"), 37 resource.TestCheckResourceAttr( 38 "cloudstack_security_group_rule.foo", "rule.3666289950.ports.1889509032", "80"), 39 resource.TestCheckResourceAttr( 40 "cloudstack_security_group_rule.foo", "rule.3666289950.ports.3638101695", "443"), 41 resource.TestCheckResourceAttr( 42 "cloudstack_security_group_rule.foo", "rule.3666289950.traffic_type", "egress"), 43 resource.TestCheckResourceAttr( 44 "cloudstack_security_group_rule.foo", "rule.3666289950.user_security_group_list.1089118859", "terraform-security-group-bar"), 45 ), 46 }, 47 }, 48 }) 49 } 50 51 func TestAccCloudStackSecurityGroupRule_update(t *testing.T) { 52 resource.Test(t, resource.TestCase{ 53 PreCheck: func() { testAccPreCheck(t) }, 54 Providers: testAccProviders, 55 CheckDestroy: testAccCheckCloudStackSecurityGroupRuleDestroy, 56 Steps: []resource.TestStep{ 57 resource.TestStep{ 58 Config: testAccCloudStackSecurityGroupRule_basic, 59 Check: resource.ComposeTestCheckFunc( 60 testAccCheckCloudStackSecurityGroupRulesExist("cloudstack_security_group.foo"), 61 resource.TestCheckResourceAttr( 62 "cloudstack_security_group_rule.foo", "rule.#", "2"), 63 resource.TestCheckResourceAttr( 64 "cloudstack_security_group_rule.foo", "rule.1322309156.cidr_list.3056857544", "172.18.100.0/24"), 65 resource.TestCheckResourceAttr( 66 "cloudstack_security_group_rule.foo", "rule.1322309156.protocol", "tcp"), 67 resource.TestCheckResourceAttr( 68 "cloudstack_security_group_rule.foo", "rule.1322309156.ports.#", "1"), 69 resource.TestCheckResourceAttr( 70 "cloudstack_security_group_rule.foo", "rule.1322309156.ports.1889509032", "80"), 71 resource.TestCheckResourceAttr( 72 "cloudstack_security_group_rule.foo", "rule.1322309156.traffic_type", "ingress"), 73 resource.TestCheckResourceAttr( 74 "cloudstack_security_group_rule.foo", "rule.3666289950.protocol", "tcp"), 75 resource.TestCheckResourceAttr( 76 "cloudstack_security_group_rule.foo", "rule.3666289950.ports.1889509032", "80"), 77 resource.TestCheckResourceAttr( 78 "cloudstack_security_group_rule.foo", "rule.3666289950.ports.3638101695", "443"), 79 resource.TestCheckResourceAttr( 80 "cloudstack_security_group_rule.foo", "rule.3666289950.traffic_type", "egress"), 81 resource.TestCheckResourceAttr( 82 "cloudstack_security_group_rule.foo", "rule.3666289950.user_security_group_list.1089118859", "terraform-security-group-bar"), 83 ), 84 }, 85 86 resource.TestStep{ 87 Config: testAccCloudStackSecurityGroupRule_update, 88 Check: resource.ComposeTestCheckFunc( 89 testAccCheckCloudStackSecurityGroupRulesExist("cloudstack_security_group.foo"), 90 resource.TestCheckResourceAttr( 91 "cloudstack_security_group_rule.foo", "rule.#", "3"), 92 resource.TestCheckResourceAttr( 93 "cloudstack_security_group_rule.foo", "rule.3156342770.cidr_list.3056857544", "172.18.100.0/24"), 94 resource.TestCheckResourceAttr( 95 "cloudstack_security_group_rule.foo", "rule.3156342770.cidr_list.951907883", "172.18.200.0/24"), 96 resource.TestCheckResourceAttr( 97 "cloudstack_security_group_rule.foo", "rule.3156342770.protocol", "tcp"), 98 resource.TestCheckResourceAttr( 99 "cloudstack_security_group_rule.foo", "rule.3156342770.ports.1889509032", "80"), 100 resource.TestCheckResourceAttr( 101 "cloudstack_security_group_rule.foo", "rule.3156342770.ports.3638101695", "443"), 102 resource.TestCheckResourceAttr( 103 "cloudstack_security_group_rule.foo", "rule.3839437815.cidr_list.#", "1"), 104 resource.TestCheckResourceAttr( 105 "cloudstack_security_group_rule.foo", "rule.3839437815.cidr_list.3056857544", "172.18.100.0/24"), 106 resource.TestCheckResourceAttr( 107 "cloudstack_security_group_rule.foo", "rule.3839437815.icmp_code", "-1"), 108 resource.TestCheckResourceAttr( 109 "cloudstack_security_group_rule.foo", "rule.3839437815.icmp_type", "-1"), 110 resource.TestCheckResourceAttr( 111 "cloudstack_security_group_rule.foo", "rule.1804489748.protocol", "tcp"), 112 resource.TestCheckResourceAttr( 113 "cloudstack_security_group_rule.foo", "rule.1804489748.ports.#", "1"), 114 resource.TestCheckResourceAttr( 115 "cloudstack_security_group_rule.foo", "rule.1804489748.ports.1889509032", "80"), 116 resource.TestCheckResourceAttr( 117 "cloudstack_security_group_rule.foo", "rule.1804489748.traffic_type", "egress"), 118 resource.TestCheckResourceAttr( 119 "cloudstack_security_group_rule.foo", "rule.1804489748.user_security_group_list.1089118859", "terraform-security-group-bar"), 120 ), 121 }, 122 }, 123 }) 124 } 125 126 func testAccCheckCloudStackSecurityGroupRulesExist(n string) resource.TestCheckFunc { 127 return func(s *terraform.State) error { 128 rs, ok := s.RootModule().Resources[n] 129 if !ok { 130 return fmt.Errorf("Not found: %s", n) 131 } 132 133 if rs.Primary.ID == "" { 134 return fmt.Errorf("No security group rule ID is set") 135 } 136 137 cs := testAccProvider.Meta().(*cloudstack.CloudStackClient) 138 sg, count, err := cs.SecurityGroup.GetSecurityGroupByID(rs.Primary.ID) 139 if err != nil { 140 if count == 0 { 141 return fmt.Errorf("Security group %s not found", rs.Primary.ID) 142 } 143 return err 144 } 145 146 // Make a map of all the rule indexes so we can easily find a rule 147 sgRules := append(sg.Ingressrule, sg.Egressrule...) 148 ruleIndex := make(map[string]int, len(sgRules)) 149 for idx, r := range sgRules { 150 ruleIndex[r.Ruleid] = idx 151 } 152 153 for k, id := range rs.Primary.Attributes { 154 if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") { 155 continue 156 } 157 158 if _, ok := ruleIndex[id]; !ok { 159 return fmt.Errorf("Security group rule %s not found", id) 160 } 161 } 162 163 return nil 164 } 165 } 166 167 func testAccCheckCloudStackSecurityGroupRuleDestroy(s *terraform.State) error { 168 cs := testAccProvider.Meta().(*cloudstack.CloudStackClient) 169 170 for _, rs := range s.RootModule().Resources { 171 if rs.Type != "cloudstack_security_group_rule" { 172 continue 173 } 174 175 if rs.Primary.ID == "" { 176 return fmt.Errorf("No security group rule ID is set") 177 } 178 179 sg, count, err := cs.SecurityGroup.GetSecurityGroupByID(rs.Primary.ID) 180 if err != nil { 181 if count == 0 { 182 continue 183 } 184 return err 185 } 186 187 // Make a map of all the rule indexes so we can easily find a rule 188 sgRules := append(sg.Ingressrule, sg.Egressrule...) 189 ruleIndex := make(map[string]int, len(sgRules)) 190 for idx, r := range sgRules { 191 ruleIndex[r.Ruleid] = idx 192 } 193 194 for k, id := range rs.Primary.Attributes { 195 if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") { 196 continue 197 } 198 199 if _, ok := ruleIndex[id]; ok { 200 return fmt.Errorf("Security group rule %s still exists", rs.Primary.ID) 201 } 202 } 203 } 204 205 return nil 206 } 207 208 var testAccCloudStackSecurityGroupRule_basic = fmt.Sprintf(` 209 resource "cloudstack_security_group" "foo" { 210 name = "terraform-security-group-foo" 211 description = "terraform-security-group-text" 212 } 213 214 resource "cloudstack_security_group" "bar" { 215 name = "terraform-security-group-bar" 216 description = "terraform-security-group-text" 217 } 218 219 resource "cloudstack_security_group_rule" "foo" { 220 security_group_id = "${cloudstack_security_group.foo.id}" 221 222 rule { 223 cidr_list = ["172.18.100.0/24"] 224 protocol = "tcp" 225 ports = ["80"] 226 } 227 228 rule { 229 protocol = "tcp" 230 ports = ["80", "443"] 231 traffic_type = "egress" 232 user_security_group_list = ["terraform-security-group-bar"] 233 } 234 235 depends_on = ["cloudstack_security_group.bar"] 236 }`) 237 238 var testAccCloudStackSecurityGroupRule_update = fmt.Sprintf(` 239 resource "cloudstack_security_group" "foo" { 240 name = "terraform-security-group-foo" 241 description = "terraform-security-group-text" 242 } 243 244 resource "cloudstack_security_group" "bar" { 245 name = "terraform-security-group-bar" 246 description = "terraform-security-group-text" 247 } 248 249 resource "cloudstack_security_group_rule" "foo" { 250 security_group_id = "${cloudstack_security_group.foo.id}" 251 252 rule { 253 cidr_list = ["172.18.100.0/24", "172.18.200.0/24"] 254 protocol = "tcp" 255 ports = ["80", "443"] 256 } 257 258 rule { 259 cidr_list = ["172.18.100.0/24"] 260 protocol = "icmp" 261 icmp_type = "-1" 262 icmp_code = "-1" 263 traffic_type = "ingress" 264 } 265 266 rule { 267 protocol = "tcp" 268 ports = ["80"] 269 traffic_type = "egress" 270 user_security_group_list = ["terraform-security-group-bar"] 271 } 272 273 depends_on = ["cloudstack_security_group.bar"] 274 }`)