github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/google/resource_google_service_account_test.go (about) 1 package google 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/hashicorp/terraform/helper/acctest" 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 ) 11 12 var ( 13 projectId = multiEnvSearch([]string{ 14 "GOOGLE_PROJECT", 15 "GCLOUD_PROJECT", 16 "CLOUDSDK_CORE_PROJECT", 17 }) 18 ) 19 20 // Test that a service account resource can be created, updated, and destroyed 21 func TestAccGoogleServiceAccount_basic(t *testing.T) { 22 accountId := "a" + acctest.RandString(10) 23 displayName := "Terraform Test" 24 displayName2 := "Terraform Test Update" 25 resource.Test(t, resource.TestCase{ 26 PreCheck: func() { testAccPreCheck(t) }, 27 Providers: testAccProviders, 28 Steps: []resource.TestStep{ 29 // The first step creates a basic service account 30 resource.TestStep{ 31 Config: testAccGoogleServiceAccountBasic(accountId, displayName), 32 Check: resource.ComposeTestCheckFunc( 33 testAccCheckGoogleServiceAccountExists("google_service_account.acceptance"), 34 ), 35 }, 36 // The second step updates the service account 37 resource.TestStep{ 38 Config: testAccGoogleServiceAccountBasic(accountId, displayName2), 39 Check: resource.ComposeTestCheckFunc( 40 testAccCheckGoogleServiceAccountNameModified("google_service_account.acceptance", displayName2), 41 ), 42 }, 43 }, 44 }) 45 } 46 47 // Test that a service account resource can be created with a policy, updated, 48 // and destroyed. 49 func TestAccGoogleServiceAccount_createPolicy(t *testing.T) { 50 accountId := "a" + acctest.RandString(10) 51 displayName := "Terraform Test" 52 resource.Test(t, resource.TestCase{ 53 PreCheck: func() { testAccPreCheck(t) }, 54 Providers: testAccProviders, 55 Steps: []resource.TestStep{ 56 // The first step creates a basic service account with an IAM policy 57 resource.TestStep{ 58 Config: testAccGoogleServiceAccountPolicy(accountId, projectId), 59 Check: resource.ComposeTestCheckFunc( 60 testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1), 61 ), 62 }, 63 // The second step updates the service account with no IAM policy 64 resource.TestStep{ 65 Config: testAccGoogleServiceAccountBasic(accountId, displayName), 66 Check: resource.ComposeTestCheckFunc( 67 testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 0), 68 ), 69 }, 70 // The final step re-applies the IAM policy 71 resource.TestStep{ 72 Config: testAccGoogleServiceAccountPolicy(accountId, projectId), 73 Check: resource.ComposeTestCheckFunc( 74 testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1), 75 ), 76 }, 77 }, 78 }) 79 } 80 81 func testAccCheckGoogleServiceAccountPolicyCount(r string, n int) resource.TestCheckFunc { 82 return func(s *terraform.State) error { 83 c := testAccProvider.Meta().(*Config) 84 p, err := getServiceAccountIamPolicy(s.RootModule().Resources[r].Primary.ID, c) 85 if err != nil { 86 return fmt.Errorf("Failed to retrieve IAM Policy for service account: %s", err) 87 } 88 if len(p.Bindings) != n { 89 return fmt.Errorf("The service account has %v bindings but %v were expected", len(p.Bindings), n) 90 } 91 return nil 92 } 93 } 94 95 func testAccCheckGoogleServiceAccountExists(r string) resource.TestCheckFunc { 96 return func(s *terraform.State) error { 97 rs, ok := s.RootModule().Resources[r] 98 if !ok { 99 return fmt.Errorf("Not found: %s", r) 100 } 101 102 if rs.Primary.ID == "" { 103 return fmt.Errorf("No ID is set") 104 } 105 106 return nil 107 } 108 } 109 110 func testAccCheckGoogleServiceAccountNameModified(r, n string) resource.TestCheckFunc { 111 return func(s *terraform.State) error { 112 rs, ok := s.RootModule().Resources[r] 113 if !ok { 114 return fmt.Errorf("Not found: %s", r) 115 } 116 117 if rs.Primary.Attributes["display_name"] != n { 118 return fmt.Errorf("display_name is %q expected %q", rs.Primary.Attributes["display_name"], n) 119 } 120 121 return nil 122 } 123 } 124 125 func testAccGoogleServiceAccountBasic(account, name string) string { 126 t := `resource "google_service_account" "acceptance" { 127 account_id = "%v" 128 display_name = "%v" 129 }` 130 return fmt.Sprintf(t, account, name) 131 } 132 133 func testAccGoogleServiceAccountPolicy(account, name string) string { 134 135 t := `resource "google_service_account" "acceptance" { 136 account_id = "%v" 137 display_name = "%v" 138 policy_data = "${data.google_iam_policy.service_account.policy_data}" 139 } 140 141 data "google_iam_policy" "service_account" { 142 binding { 143 role = "roles/iam.serviceAccountActor" 144 members = [ 145 "serviceAccount:%v@%v.iam.gserviceaccount.com", 146 ] 147 } 148 }` 149 150 return fmt.Sprintf(t, account, name, account, projectId) 151 }