github.com/erriapo/terraform@v0.6.12-0.20160203182612-0340ea72354f/builtin/providers/aws/resource_aws_vpc_endpoint_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/ec2" 10 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSVpcEndpoint_basic(t *testing.T) { 16 var endpoint ec2.VpcEndpoint 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckVpcEndpointDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 27 ), 28 }, 29 }, 30 }) 31 } 32 33 func TestAccAWSVpcEndpoint_withRouteTableAndPolicy(t *testing.T) { 34 var endpoint ec2.VpcEndpoint 35 var routeTable ec2.RouteTable 36 37 resource.Test(t, resource.TestCase{ 38 PreCheck: func() { testAccPreCheck(t) }, 39 Providers: testAccProviders, 40 CheckDestroy: testAccCheckVpcEndpointDestroy, 41 Steps: []resource.TestStep{ 42 resource.TestStep{ 43 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 44 Check: resource.ComposeTestCheckFunc( 45 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 46 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 47 ), 48 }, 49 resource.TestStep{ 50 Config: testAccVpcEndpointWithRouteTableAndPolicyConfigModified, 51 Check: resource.ComposeTestCheckFunc( 52 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 53 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 54 ), 55 }, 56 }, 57 }) 58 } 59 60 func testAccCheckVpcEndpointDestroy(s *terraform.State) error { 61 conn := testAccProvider.Meta().(*AWSClient).ec2conn 62 63 for _, rs := range s.RootModule().Resources { 64 if rs.Type != "aws_vpc_endpoint" { 65 continue 66 } 67 68 // Try to find the VPC 69 input := &ec2.DescribeVpcEndpointsInput{ 70 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 71 } 72 resp, err := conn.DescribeVpcEndpoints(input) 73 if err != nil { 74 // Verify the error is what we want 75 if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidVpcEndpointId.NotFound" { 76 continue 77 } 78 return err 79 } 80 if len(resp.VpcEndpoints) > 0 { 81 return fmt.Errorf("VPC Endpoints still exist.") 82 } 83 84 return err 85 } 86 87 return nil 88 } 89 90 func testAccCheckVpcEndpointExists(n string, endpoint *ec2.VpcEndpoint) resource.TestCheckFunc { 91 return func(s *terraform.State) error { 92 rs, ok := s.RootModule().Resources[n] 93 if !ok { 94 return fmt.Errorf("Not found: %s", n) 95 } 96 97 if rs.Primary.ID == "" { 98 return fmt.Errorf("No VPC Endpoint ID is set") 99 } 100 101 conn := testAccProvider.Meta().(*AWSClient).ec2conn 102 input := &ec2.DescribeVpcEndpointsInput{ 103 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 104 } 105 resp, err := conn.DescribeVpcEndpoints(input) 106 if err != nil { 107 return err 108 } 109 if len(resp.VpcEndpoints) == 0 { 110 return fmt.Errorf("VPC Endpoint not found") 111 } 112 113 *endpoint = *resp.VpcEndpoints[0] 114 115 return nil 116 } 117 } 118 119 const testAccVpcEndpointWithRouteTableAndPolicyConfig = ` 120 resource "aws_vpc" "foo" { 121 cidr_block = "10.0.0.0/16" 122 } 123 124 resource "aws_subnet" "foo" { 125 vpc_id = "${aws_vpc.foo.id}" 126 cidr_block = "10.0.1.0/24" 127 } 128 129 resource "aws_vpc_endpoint" "second-private-s3" { 130 vpc_id = "${aws_vpc.foo.id}" 131 service_name = "com.amazonaws.us-west-2.s3" 132 route_table_ids = ["${aws_route_table.default.id}"] 133 policy = <<POLICY 134 { 135 "Version": "2012-10-17", 136 "Statement": [ 137 { 138 "Sid":"AllowAll", 139 "Effect":"Allow", 140 "Principal":"*", 141 "Action":"*", 142 "Resource":"*" 143 } 144 ] 145 } 146 POLICY 147 } 148 149 resource "aws_route_table" "default" { 150 vpc_id = "${aws_vpc.foo.id}" 151 } 152 153 resource "aws_route_table_association" "main" { 154 subnet_id = "${aws_subnet.foo.id}" 155 route_table_id = "${aws_route_table.default.id}" 156 } 157 ` 158 159 const testAccVpcEndpointWithRouteTableAndPolicyConfigModified = ` 160 resource "aws_vpc" "foo" { 161 cidr_block = "10.0.0.0/16" 162 } 163 164 resource "aws_subnet" "foo" { 165 vpc_id = "${aws_vpc.foo.id}" 166 cidr_block = "10.0.1.0/24" 167 } 168 169 resource "aws_vpc_endpoint" "second-private-s3" { 170 vpc_id = "${aws_vpc.foo.id}" 171 service_name = "com.amazonaws.us-west-2.s3" 172 route_table_ids = ["${aws_route_table.default.id}"] 173 policy = <<POLICY 174 { 175 "Version": "2012-10-17", 176 "Statement": [ 177 { 178 "Sid":"AllowAll", 179 "Effect":"Allow", 180 "Principal":"*", 181 "Action":"*", 182 "Resource":"*" 183 } 184 ] 185 } 186 POLICY 187 } 188 189 resource "aws_internet_gateway" "gw" { 190 vpc_id = "${aws_vpc.foo.id}" 191 } 192 193 resource "aws_route_table" "default" { 194 vpc_id = "${aws_vpc.foo.id}" 195 196 route { 197 cidr_block = "0.0.0.0/0" 198 gateway_id = "${aws_internet_gateway.gw.id}" 199 } 200 } 201 202 resource "aws_route_table_association" "main" { 203 subnet_id = "${aws_subnet.foo.id}" 204 route_table_id = "${aws_route_table.default.id}" 205 } 206 `