github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/test/azure/terraform_azure_nsg_example_test.go

github.com/darmach/terratest@v0.34.8-0.20210517103231-80931f95e3ff/test/azure/terraform_azure_nsg_example_test.go (about)

     1  // +build azure
     2  
     3  // NOTE: We use build tags to differentiate azure testing because we currently do not have azure access setup for
     4  // CircleCI.
     5  
     6  package test
     7  
     8  import (
     9  	"testing"
    10  
    11  	"github.com/gruntwork-io/terratest/modules/azure"
    12  	"github.com/gruntwork-io/terratest/modules/random"
    13  	"github.com/gruntwork-io/terratest/modules/terraform"
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  func TestTerraformAzureNsgExample(t *testing.T) {
    18  	t.Parallel()
    19  
    20  	randomPostfixValue := random.UniqueId()
    21  
    22  	// Construct options for TF apply
    23  	terraformOptions := &terraform.Options{
    24  		// The path to where our Terraform code is located
    25  		TerraformDir: "../../examples/azure/terraform-azure-nsg-example",
    26  		Vars: map[string]interface{}{
    27  			"postfix": randomPostfixValue,
    28  		},
    29  	}
    30  
    31  	defer terraform.Destroy(t, terraformOptions)
    32  	terraform.InitAndApply(t, terraformOptions)
    33  
    34  	resourceGroupName := terraform.Output(t, terraformOptions, "resource_group_name")
    35  	nsgName := terraform.Output(t, terraformOptions, "nsg_name")
    36  	sshRuleName := terraform.Output(t, terraformOptions, "ssh_rule_name")
    37  	httpRuleName := terraform.Output(t, terraformOptions, "http_rule_name")
    38  
    39  	// A default NSG has 6 rules, and we have two custom rules for a total of 8
    40  	rules, err := azure.GetAllNSGRulesE(resourceGroupName, nsgName, "")
    41  	assert.NoError(t, err)
    42  	assert.Equal(t, 8, len(rules.SummarizedRules))
    43  
    44  	// We should have a rule for allowing ssh
    45  	sshRule := rules.FindRuleByName(sshRuleName)
    46  
    47  	// That rule should allow port 22 inbound
    48  	assert.True(t, sshRule.AllowsDestinationPort(t, "22"))
    49  
    50  	// But should not allow 80 inbound
    51  	assert.False(t, sshRule.AllowsDestinationPort(t, "80"))
    52  
    53  	// SSh is allowed from any port
    54  	assert.True(t, sshRule.AllowsSourcePort(t, "*"))
    55  
    56  	// We should have a rule for blocking HTTP
    57  	httpRule := rules.FindRuleByName(httpRuleName)
    58  
    59  	// This rule should BLOCK port 80 inbound
    60  	assert.False(t, httpRule.AllowsDestinationPort(t, "80"))
    61  }