github.com/gabrielperezs/terraform@v0.7.0-rc2.0.20160715084931-f7da2612946f/builtin/providers/aws/resource_aws_iam_role_policy_test.go

github.com/gabrielperezs/terraform@v0.7.0-rc2.0.20160715084931-f7da2612946f/builtin/providers/aws/resource_aws_iam_role_policy_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/acctest"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/terraform"
    13  )
    14  
    15  func TestAccAWSIAMRolePolicy_basic(t *testing.T) {
    16  	role := acctest.RandString(10)
    17  	policy1 := acctest.RandString(10)
    18  	policy2 := acctest.RandString(10)
    19  
    20  	resource.Test(t, resource.TestCase{
    21  		PreCheck:     func() { testAccPreCheck(t) },
    22  		Providers:    testAccProviders,
    23  		CheckDestroy: testAccCheckIAMRolePolicyDestroy,
    24  		Steps: []resource.TestStep{
    25  			resource.TestStep{
    26  				Config: testAccIAMRolePolicyConfig(role, policy1),
    27  				Check: resource.ComposeTestCheckFunc(
    28  					testAccCheckIAMRolePolicy(
    29  						"aws_iam_role.role",
    30  						"aws_iam_role_policy.foo",
    31  					),
    32  				),
    33  			},
    34  			resource.TestStep{
    35  				Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2),
    36  				Check: resource.ComposeTestCheckFunc(
    37  					testAccCheckIAMRolePolicy(
    38  						"aws_iam_role.role",
    39  						"aws_iam_role_policy.bar",
    40  					),
    41  				),
    42  			},
    43  		},
    44  	})
    45  }
    46  
    47  func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error {
    48  	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    49  
    50  	for _, rs := range s.RootModule().Resources {
    51  		if rs.Type != "aws_iam_role_policy" {
    52  			continue
    53  		}
    54  
    55  		role, name := resourceAwsIamRolePolicyParseId(rs.Primary.ID)
    56  
    57  		request := &iam.GetRolePolicyInput{
    58  			PolicyName: aws.String(name),
    59  			RoleName:   aws.String(role),
    60  		}
    61  
    62  		var err error
    63  		getResp, err := iamconn.GetRolePolicy(request)
    64  		if err != nil {
    65  			if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
    66  				// none found, that's good
    67  				return nil
    68  			}
    69  			return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err)
    70  		}
    71  
    72  		if getResp != nil {
    73  			return fmt.Errorf("Found IAM Role, expected none: %s", getResp)
    74  		}
    75  	}
    76  
    77  	return nil
    78  }
    79  
    80  func testAccCheckIAMRolePolicy(
    81  	iamRoleResource string,
    82  	iamRolePolicyResource string) resource.TestCheckFunc {
    83  	return func(s *terraform.State) error {
    84  		rs, ok := s.RootModule().Resources[iamRoleResource]
    85  		if !ok {
    86  			return fmt.Errorf("Not Found: %s", iamRoleResource)
    87  		}
    88  
    89  		if rs.Primary.ID == "" {
    90  			return fmt.Errorf("No ID is set")
    91  		}
    92  
    93  		policy, ok := s.RootModule().Resources[iamRolePolicyResource]
    94  		if !ok {
    95  			return fmt.Errorf("Not Found: %s", iamRolePolicyResource)
    96  		}
    97  
    98  		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    99  		role, name := resourceAwsIamRolePolicyParseId(policy.Primary.ID)
   100  		_, err := iamconn.GetRolePolicy(&iam.GetRolePolicyInput{
   101  			RoleName:   aws.String(role),
   102  			PolicyName: aws.String(name),
   103  		})
   104  
   105  		if err != nil {
   106  			return err
   107  		}
   108  
   109  		return nil
   110  	}
   111  }
   112  
   113  func testAccIAMRolePolicyConfig(role, policy1 string) string {
   114  	return fmt.Sprintf(`
   115  resource "aws_iam_role" "role" {
   116  	name = "tf_test_role_%s"
   117  	path = "/"
   118  	assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Effect\":\"Allow\",\"Sid\":\"\"}]}"
   119  }
   120  
   121  resource "aws_iam_role_policy" "foo" {
   122  	name = "tf_test_policy_%s"
   123  	role = "${aws_iam_role.role.name}"
   124  	policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
   125  }
   126  `, role, policy1)
   127  }
   128  
   129  func testAccIAMRolePolicyConfigUpdate(role, policy1, policy2 string) string {
   130  	return fmt.Sprintf(`
   131  resource "aws_iam_role" "role" {
   132  	name = "tf_test_role_%s"
   133  	path = "/"
   134  	assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Effect\":\"Allow\",\"Sid\":\"\"}]}"
   135  }
   136  
   137  resource "aws_iam_role_policy" "foo" {
   138  	name = "tf_test_policy_%s"
   139  	role = "${aws_iam_role.role.name}"
   140  	policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
   141  }
   142  
   143  resource "aws_iam_role_policy" "bar" {
   144  	name = "tf_test_policy_2_%s"
   145  	role = "${aws_iam_role.role.name}"
   146  	policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
   147  }
   148  `, role, policy1, policy2)
   149  }