github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/google/resource_google_service_account_test.go (about)

     1  package google
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/hashicorp/terraform/helper/acctest"
     8  	"github.com/hashicorp/terraform/helper/resource"
     9  	"github.com/hashicorp/terraform/terraform"
    10  )
    11  
    12  var (
    13  	projectId = multiEnvSearch([]string{
    14  		"GOOGLE_PROJECT",
    15  		"GCLOUD_PROJECT",
    16  		"CLOUDSDK_CORE_PROJECT",
    17  	})
    18  )
    19  
    20  // Test that a service account resource can be created, updated, and destroyed
    21  func TestAccGoogleServiceAccount_basic(t *testing.T) {
    22  	accountId := "a" + acctest.RandString(10)
    23  	displayName := "Terraform Test"
    24  	displayName2 := "Terraform Test Update"
    25  	resource.Test(t, resource.TestCase{
    26  		PreCheck:  func() { testAccPreCheck(t) },
    27  		Providers: testAccProviders,
    28  		Steps: []resource.TestStep{
    29  			// The first step creates a basic service account
    30  			resource.TestStep{
    31  				Config: testAccGoogleServiceAccountBasic(accountId, displayName),
    32  				Check: resource.ComposeTestCheckFunc(
    33  					testAccCheckGoogleServiceAccountExists("google_service_account.acceptance"),
    34  				),
    35  			},
    36  			// The second step updates the service account
    37  			resource.TestStep{
    38  				Config: testAccGoogleServiceAccountBasic(accountId, displayName2),
    39  				Check: resource.ComposeTestCheckFunc(
    40  					testAccCheckGoogleServiceAccountNameModified("google_service_account.acceptance", displayName2),
    41  				),
    42  			},
    43  		},
    44  	})
    45  }
    46  
    47  // Test that a service account resource can be created with a policy, updated,
    48  // and destroyed.
    49  func TestAccGoogleServiceAccount_createPolicy(t *testing.T) {
    50  	accountId := "a" + acctest.RandString(10)
    51  	displayName := "Terraform Test"
    52  	resource.Test(t, resource.TestCase{
    53  		PreCheck:  func() { testAccPreCheck(t) },
    54  		Providers: testAccProviders,
    55  		Steps: []resource.TestStep{
    56  			// The first step creates a basic service account with an IAM policy
    57  			resource.TestStep{
    58  				Config: testAccGoogleServiceAccountPolicy(accountId, projectId),
    59  				Check: resource.ComposeTestCheckFunc(
    60  					testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1),
    61  				),
    62  			},
    63  			// The second step updates the service account with no IAM policy
    64  			resource.TestStep{
    65  				Config: testAccGoogleServiceAccountBasic(accountId, displayName),
    66  				Check: resource.ComposeTestCheckFunc(
    67  					testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 0),
    68  				),
    69  			},
    70  			// The final step re-applies the IAM policy
    71  			resource.TestStep{
    72  				Config: testAccGoogleServiceAccountPolicy(accountId, projectId),
    73  				Check: resource.ComposeTestCheckFunc(
    74  					testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1),
    75  				),
    76  			},
    77  		},
    78  	})
    79  }
    80  
    81  func testAccCheckGoogleServiceAccountPolicyCount(r string, n int) resource.TestCheckFunc {
    82  	return func(s *terraform.State) error {
    83  		c := testAccProvider.Meta().(*Config)
    84  		p, err := getServiceAccountIamPolicy(s.RootModule().Resources[r].Primary.ID, c)
    85  		if err != nil {
    86  			return fmt.Errorf("Failed to retrieve IAM Policy for service account: %s", err)
    87  		}
    88  		if len(p.Bindings) != n {
    89  			return fmt.Errorf("The service account has %v bindings but %v were expected", len(p.Bindings), n)
    90  		}
    91  		return nil
    92  	}
    93  }
    94  
    95  func testAccCheckGoogleServiceAccountExists(r string) resource.TestCheckFunc {
    96  	return func(s *terraform.State) error {
    97  		rs, ok := s.RootModule().Resources[r]
    98  		if !ok {
    99  			return fmt.Errorf("Not found: %s", r)
   100  		}
   101  
   102  		if rs.Primary.ID == "" {
   103  			return fmt.Errorf("No ID is set")
   104  		}
   105  
   106  		return nil
   107  	}
   108  }
   109  
   110  func testAccCheckGoogleServiceAccountNameModified(r, n string) resource.TestCheckFunc {
   111  	return func(s *terraform.State) error {
   112  		rs, ok := s.RootModule().Resources[r]
   113  		if !ok {
   114  			return fmt.Errorf("Not found: %s", r)
   115  		}
   116  
   117  		if rs.Primary.Attributes["display_name"] != n {
   118  			return fmt.Errorf("display_name is %q expected %q", rs.Primary.Attributes["display_name"], n)
   119  		}
   120  
   121  		return nil
   122  	}
   123  }
   124  
   125  func testAccGoogleServiceAccountBasic(account, name string) string {
   126  	t := `resource "google_service_account" "acceptance" {
   127      account_id = "%v"
   128  	display_name = "%v"
   129   }`
   130  	return fmt.Sprintf(t, account, name)
   131  }
   132  
   133  func testAccGoogleServiceAccountPolicy(account, name string) string {
   134  
   135  	t := `resource "google_service_account" "acceptance" {
   136      account_id = "%v"
   137      display_name = "%v"
   138      policy_data = "${data.google_iam_policy.service_account.policy_data}"
   139  }
   140  
   141  data "google_iam_policy" "service_account" {
   142    binding {
   143      role = "roles/iam.serviceAccountActor"
   144      members = [
   145        "serviceAccount:%v@%v.iam.gserviceaccount.com",
   146      ]
   147    }
   148  }`
   149  
   150  	return fmt.Sprintf(t, account, name, account, projectId)
   151  }