github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/openstack/resource_openstack_fw_rule_v1_test.go (about) 1 package openstack 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 "time" 8 9 "github.com/gophercloud/gophercloud" 10 "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/fwaas/rules" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccFWRuleV1_basic(t *testing.T) { 16 rule1 := &rules.Rule{ 17 Name: "rule_1", 18 Protocol: "udp", 19 Action: "deny", 20 IPVersion: 4, 21 Enabled: true, 22 } 23 24 rule2 := &rules.Rule{ 25 Name: "rule_1", 26 Protocol: "udp", 27 Action: "deny", 28 Description: "Terraform accept test", 29 IPVersion: 4, 30 SourceIPAddress: "1.2.3.4", 31 DestinationIPAddress: "4.3.2.0/24", 32 SourcePort: "444", 33 DestinationPort: "555", 34 Enabled: true, 35 } 36 37 rule3 := &rules.Rule{ 38 Name: "rule_1", 39 Protocol: "tcp", 40 Action: "allow", 41 Description: "Terraform accept test updated", 42 IPVersion: 4, 43 SourceIPAddress: "1.2.3.0/24", 44 DestinationIPAddress: "4.3.2.8", 45 SourcePort: "666", 46 DestinationPort: "777", 47 Enabled: false, 48 } 49 50 resource.Test(t, resource.TestCase{ 51 PreCheck: func() { testAccPreCheck(t) }, 52 Providers: testAccProviders, 53 CheckDestroy: testAccCheckFWRuleV1Destroy, 54 Steps: []resource.TestStep{ 55 resource.TestStep{ 56 Config: testAccFWRuleV1_basic_1, 57 Check: resource.ComposeTestCheckFunc( 58 testAccCheckFWRuleV1Exists("openstack_fw_rule_v1.rule_1", rule1), 59 ), 60 }, 61 resource.TestStep{ 62 Config: testAccFWRuleV1_basic_2, 63 Check: resource.ComposeTestCheckFunc( 64 testAccCheckFWRuleV1Exists("openstack_fw_rule_v1.rule_1", rule2), 65 ), 66 }, 67 resource.TestStep{ 68 Config: testAccFWRuleV1_basic_3, 69 Check: resource.ComposeTestCheckFunc( 70 testAccCheckFWRuleV1Exists("openstack_fw_rule_v1.rule_1", rule3), 71 ), 72 }, 73 }, 74 }) 75 } 76 77 func TestAccFWRuleV1_anyProtocol(t *testing.T) { 78 rule := &rules.Rule{ 79 Name: "rule_1", 80 Description: "Allow any protocol", 81 Protocol: "", 82 Action: "allow", 83 IPVersion: 4, 84 SourceIPAddress: "192.168.199.0/24", 85 Enabled: true, 86 } 87 88 resource.Test(t, resource.TestCase{ 89 PreCheck: func() { testAccPreCheck(t) }, 90 Providers: testAccProviders, 91 CheckDestroy: testAccCheckFWRuleV1Destroy, 92 Steps: []resource.TestStep{ 93 resource.TestStep{ 94 Config: testAccFWRuleV1_anyProtocol, 95 Check: resource.ComposeTestCheckFunc( 96 testAccCheckFWRuleV1Exists("openstack_fw_rule_v1.rule_1", rule), 97 ), 98 }, 99 }, 100 }) 101 } 102 103 func testAccCheckFWRuleV1Destroy(s *terraform.State) error { 104 config := testAccProvider.Meta().(*Config) 105 networkingClient, err := config.networkingV2Client(OS_REGION_NAME) 106 if err != nil { 107 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 108 } 109 110 for _, rs := range s.RootModule().Resources { 111 if rs.Type != "openstack_firewall_rule" { 112 continue 113 } 114 _, err = rules.Get(networkingClient, rs.Primary.ID).Extract() 115 if err == nil { 116 return fmt.Errorf("Firewall rule (%s) still exists.", rs.Primary.ID) 117 } 118 if _, ok := err.(gophercloud.ErrDefault404); !ok { 119 return err 120 } 121 } 122 return nil 123 } 124 125 func testAccCheckFWRuleV1Exists(n string, expected *rules.Rule) resource.TestCheckFunc { 126 return func(s *terraform.State) error { 127 rs, ok := s.RootModule().Resources[n] 128 if !ok { 129 return fmt.Errorf("Not found: %s", n) 130 } 131 132 if rs.Primary.ID == "" { 133 return fmt.Errorf("No ID is set") 134 } 135 136 config := testAccProvider.Meta().(*Config) 137 networkingClient, err := config.networkingV2Client(OS_REGION_NAME) 138 if err != nil { 139 return fmt.Errorf("Error creating OpenStack networking client: %s", err) 140 } 141 142 var found *rules.Rule 143 for i := 0; i < 5; i++ { 144 // Firewall rule creation is asynchronous. Retry some times 145 // if we get a 404 error. Fail on any other error. 146 found, err = rules.Get(networkingClient, rs.Primary.ID).Extract() 147 if err != nil { 148 if _, ok := err.(gophercloud.ErrDefault404); ok { 149 time.Sleep(time.Second) 150 continue 151 } 152 return err 153 } 154 break 155 } 156 157 expected.ID = found.ID 158 // Erase the tenant id because we don't want to compare 159 // it as long it is not present in the expected 160 found.TenantID = "" 161 162 if !reflect.DeepEqual(expected, found) { 163 return fmt.Errorf("Expected:\n%#v\nFound:\n%#v", expected, found) 164 } 165 166 return nil 167 } 168 } 169 170 const testAccFWRuleV1_basic_1 = ` 171 resource "openstack_fw_rule_v1" "rule_1" { 172 name = "rule_1" 173 protocol = "udp" 174 action = "deny" 175 } 176 ` 177 178 const testAccFWRuleV1_basic_2 = ` 179 resource "openstack_fw_rule_v1" "rule_1" { 180 name = "rule_1" 181 description = "Terraform accept test" 182 protocol = "udp" 183 action = "deny" 184 ip_version = 4 185 source_ip_address = "1.2.3.4" 186 destination_ip_address = "4.3.2.0/24" 187 source_port = "444" 188 destination_port = "555" 189 enabled = true 190 } 191 ` 192 193 const testAccFWRuleV1_basic_3 = ` 194 resource "openstack_fw_rule_v1" "rule_1" { 195 name = "rule_1" 196 description = "Terraform accept test updated" 197 protocol = "tcp" 198 action = "allow" 199 ip_version = 4 200 source_ip_address = "1.2.3.0/24" 201 destination_ip_address = "4.3.2.8" 202 source_port = "666" 203 destination_port = "777" 204 enabled = false 205 } 206 ` 207 208 const testAccFWRuleV1_anyProtocol = ` 209 resource "openstack_fw_rule_v1" "rule_1" { 210 name = "rule_1" 211 description = "Allow any protocol" 212 protocol = "any" 213 action = "allow" 214 ip_version = 4 215 source_ip_address = "192.168.199.0/24" 216 enabled = true 217 } 218 `