github.com/hobbeswalsh/terraform@v0.3.7-0.20150619183303-ad17cf55a0fa/builtin/providers/aws/resource_aws_iam_group_membership_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/iam" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 func TestAccAWSGroupMembership_basic(t *testing.T) { 14 var group iam.GetGroupOutput 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 Providers: testAccProviders, 19 CheckDestroy: testAccCheckAWSGroupMembershipDestroy, 20 Steps: []resource.TestStep{ 21 resource.TestStep{ 22 Config: testAccAWSGroupMemberConfig, 23 Check: resource.ComposeTestCheckFunc( 24 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 25 testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user"}), 26 ), 27 }, 28 29 resource.TestStep{ 30 Config: testAccAWSGroupMemberConfigUpdate, 31 Check: resource.ComposeTestCheckFunc( 32 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 33 testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-two", "test-user-three"}), 34 ), 35 }, 36 }, 37 }) 38 } 39 40 func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { 41 conn := testAccProvider.Meta().(*AWSClient).iamconn 42 43 for _, rs := range s.RootModule().Resources { 44 if rs.Type != "aws_iam_group_membership" { 45 continue 46 } 47 48 group := rs.Primary.Attributes["group"] 49 50 resp, err := conn.GetGroup(&iam.GetGroupInput{ 51 GroupName: aws.String(group), 52 }) 53 if err != nil { 54 // might error here 55 return err 56 } 57 58 users := []string{"test-user", "test-user-two", "test-user-three"} 59 for _, u := range resp.Users { 60 for _, i := range users { 61 if i == *u.UserName { 62 return fmt.Errorf("Error: User (%s) still a member of Group (%s)", i, *resp.Group.GroupName) 63 } 64 } 65 } 66 67 } 68 69 return nil 70 } 71 72 func testAccCheckAWSGroupMembershipExists(n string, g *iam.GetGroupOutput) resource.TestCheckFunc { 73 return func(s *terraform.State) error { 74 rs, ok := s.RootModule().Resources[n] 75 if !ok { 76 return fmt.Errorf("Not found: %s", n) 77 } 78 79 if rs.Primary.ID == "" { 80 return fmt.Errorf("No User name is set") 81 } 82 83 conn := testAccProvider.Meta().(*AWSClient).iamconn 84 gn := rs.Primary.Attributes["group"] 85 86 resp, err := conn.GetGroup(&iam.GetGroupInput{ 87 GroupName: aws.String(gn), 88 }) 89 90 if err != nil { 91 return fmt.Errorf("Error: Group (%s) not found", gn) 92 } 93 94 *g = *resp 95 96 return nil 97 } 98 } 99 100 func testAccCheckAWSGroupMembershipAttributes(group *iam.GetGroupOutput, users []string) resource.TestCheckFunc { 101 return func(s *terraform.State) error { 102 if *group.Group.GroupName != "test-group" { 103 return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group", *group.Group.GroupName) 104 } 105 106 uc := len(users) 107 for _, u := range users { 108 for _, gu := range group.Users { 109 if u == *gu.UserName { 110 uc-- 111 } 112 } 113 } 114 115 if uc > 0 { 116 return fmt.Errorf("Bad group membership count, expected (%d), but only (%d) found", len(users), uc) 117 } 118 return nil 119 } 120 } 121 122 const testAccAWSGroupMemberConfig = ` 123 resource "aws_iam_group" "group" { 124 name = "test-group" 125 path = "/" 126 } 127 128 resource "aws_iam_user" "user" { 129 name = "test-user" 130 path = "/" 131 } 132 133 resource "aws_iam_group_membership" "team" { 134 name = "tf-testing-group-membership" 135 users = ["${aws_iam_user.user.name}"] 136 group = "${aws_iam_group.group.name}" 137 } 138 ` 139 140 const testAccAWSGroupMemberConfigUpdate = ` 141 resource "aws_iam_group" "group" { 142 name = "test-group" 143 path = "/" 144 } 145 146 resource "aws_iam_user" "user" { 147 name = "test-user" 148 path = "/" 149 } 150 151 resource "aws_iam_user" "user_two" { 152 name = "test-user-two" 153 path = "/" 154 } 155 156 resource "aws_iam_user" "user_three" { 157 name = "test-user-three" 158 path = "/" 159 } 160 161 resource "aws_iam_group_membership" "team" { 162 name = "tf-testing-group-membership" 163 users = [ 164 "${aws_iam_user.user_two.name}", 165 "${aws_iam_user.user_three.name}", 166 ] 167 group = "${aws_iam_group.group.name}" 168 } 169 `