github.com/jgadling/terraform@v0.3.8-0.20150227214559-abd68c2c87bc/builtin/providers/aws/resource_aws_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 "github.com/mitchellh/goamz/ec2" 11 ) 12 13 func TestAccAWSSecurityGroup_normal(t *testing.T) { 14 var group ec2.SecurityGroupInfo 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 Providers: testAccProviders, 19 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 20 Steps: []resource.TestStep{ 21 resource.TestStep{ 22 Config: testAccAWSSecurityGroupConfig, 23 Check: resource.ComposeTestCheckFunc( 24 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 25 testAccCheckAWSSecurityGroupAttributes(&group), 26 resource.TestCheckResourceAttr( 27 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 28 resource.TestCheckResourceAttr( 29 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 30 resource.TestCheckResourceAttr( 31 "aws_security_group.web", "ingress.332851786.protocol", "tcp"), 32 resource.TestCheckResourceAttr( 33 "aws_security_group.web", "ingress.332851786.from_port", "80"), 34 resource.TestCheckResourceAttr( 35 "aws_security_group.web", "ingress.332851786.to_port", "8000"), 36 resource.TestCheckResourceAttr( 37 "aws_security_group.web", "ingress.332851786.cidr_blocks.#", "1"), 38 resource.TestCheckResourceAttr( 39 "aws_security_group.web", "ingress.332851786.cidr_blocks.0", "10.0.0.0/8"), 40 ), 41 }, 42 }, 43 }) 44 } 45 46 func TestAccAWSSecurityGroup_self(t *testing.T) { 47 var group ec2.SecurityGroupInfo 48 49 checkSelf := func(s *terraform.State) (err error) { 50 defer func() { 51 if e := recover(); e != nil { 52 err = fmt.Errorf("bad: %#v", group) 53 } 54 }() 55 56 if group.IPPerms[0].SourceGroups[0].Id != group.Id { 57 return fmt.Errorf("bad: %#v", group) 58 } 59 60 return nil 61 } 62 63 resource.Test(t, resource.TestCase{ 64 PreCheck: func() { testAccPreCheck(t) }, 65 Providers: testAccProviders, 66 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 67 Steps: []resource.TestStep{ 68 resource.TestStep{ 69 Config: testAccAWSSecurityGroupConfigSelf, 70 Check: resource.ComposeTestCheckFunc( 71 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 72 resource.TestCheckResourceAttr( 73 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 74 resource.TestCheckResourceAttr( 75 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 76 resource.TestCheckResourceAttr( 77 "aws_security_group.web", "ingress.3128515109.protocol", "tcp"), 78 resource.TestCheckResourceAttr( 79 "aws_security_group.web", "ingress.3128515109.from_port", "80"), 80 resource.TestCheckResourceAttr( 81 "aws_security_group.web", "ingress.3128515109.to_port", "8000"), 82 resource.TestCheckResourceAttr( 83 "aws_security_group.web", "ingress.3128515109.self", "true"), 84 checkSelf, 85 ), 86 }, 87 }, 88 }) 89 } 90 91 func TestAccAWSSecurityGroup_vpc(t *testing.T) { 92 var group ec2.SecurityGroupInfo 93 94 testCheck := func(*terraform.State) error { 95 if group.VpcId == "" { 96 return fmt.Errorf("should have vpc ID") 97 } 98 99 return nil 100 } 101 102 resource.Test(t, resource.TestCase{ 103 PreCheck: func() { testAccPreCheck(t) }, 104 Providers: testAccProviders, 105 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 106 Steps: []resource.TestStep{ 107 resource.TestStep{ 108 Config: testAccAWSSecurityGroupConfigVpc, 109 Check: resource.ComposeTestCheckFunc( 110 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 111 testAccCheckAWSSecurityGroupAttributes(&group), 112 resource.TestCheckResourceAttr( 113 "aws_security_group.web", "name", "terraform_acceptance_test_example"), 114 resource.TestCheckResourceAttr( 115 "aws_security_group.web", "description", "Used in the terraform acceptance tests"), 116 resource.TestCheckResourceAttr( 117 "aws_security_group.web", "ingress.332851786.protocol", "tcp"), 118 resource.TestCheckResourceAttr( 119 "aws_security_group.web", "ingress.332851786.from_port", "80"), 120 resource.TestCheckResourceAttr( 121 "aws_security_group.web", "ingress.332851786.to_port", "8000"), 122 resource.TestCheckResourceAttr( 123 "aws_security_group.web", "ingress.332851786.cidr_blocks.#", "1"), 124 resource.TestCheckResourceAttr( 125 "aws_security_group.web", "ingress.332851786.cidr_blocks.0", "10.0.0.0/8"), 126 resource.TestCheckResourceAttr( 127 "aws_security_group.web", "egress.332851786.protocol", "tcp"), 128 resource.TestCheckResourceAttr( 129 "aws_security_group.web", "egress.332851786.from_port", "80"), 130 resource.TestCheckResourceAttr( 131 "aws_security_group.web", "egress.332851786.to_port", "8000"), 132 resource.TestCheckResourceAttr( 133 "aws_security_group.web", "egress.332851786.cidr_blocks.#", "1"), 134 resource.TestCheckResourceAttr( 135 "aws_security_group.web", "egress.332851786.cidr_blocks.0", "10.0.0.0/8"), 136 testCheck, 137 ), 138 }, 139 }, 140 }) 141 } 142 143 func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) { 144 var group ec2.SecurityGroupInfo 145 146 resource.Test(t, resource.TestCase{ 147 PreCheck: func() { testAccPreCheck(t) }, 148 Providers: testAccProviders, 149 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 150 Steps: []resource.TestStep{ 151 resource.TestStep{ 152 Config: testAccAWSSecurityGroupConfigMultiIngress, 153 Check: resource.ComposeTestCheckFunc( 154 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 155 ), 156 }, 157 }, 158 }) 159 } 160 161 func TestAccAWSSecurityGroup_Change(t *testing.T) { 162 var group ec2.SecurityGroupInfo 163 164 resource.Test(t, resource.TestCase{ 165 PreCheck: func() { testAccPreCheck(t) }, 166 Providers: testAccProviders, 167 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 168 Steps: []resource.TestStep{ 169 resource.TestStep{ 170 Config: testAccAWSSecurityGroupConfig, 171 Check: resource.ComposeTestCheckFunc( 172 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 173 ), 174 }, 175 resource.TestStep{ 176 Config: testAccAWSSecurityGroupConfigChange, 177 Check: resource.ComposeTestCheckFunc( 178 testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group), 179 testAccCheckAWSSecurityGroupAttributesChanged(&group), 180 ), 181 }, 182 }, 183 }) 184 } 185 186 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error { 187 conn := testAccProvider.Meta().(*AWSClient).ec2conn 188 189 for _, rs := range s.RootModule().Resources { 190 if rs.Type != "aws_security_group" { 191 continue 192 } 193 194 sgs := []ec2.SecurityGroup{ 195 ec2.SecurityGroup{ 196 Id: rs.Primary.ID, 197 }, 198 } 199 200 // Retrieve our group 201 resp, err := conn.SecurityGroups(sgs, nil) 202 if err == nil { 203 if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { 204 return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID) 205 } 206 207 return nil 208 } 209 210 ec2err, ok := err.(*ec2.Error) 211 if !ok { 212 return err 213 } 214 // Confirm error code is what we want 215 if ec2err.Code != "InvalidGroup.NotFound" { 216 return err 217 } 218 } 219 220 return nil 221 } 222 223 func testAccCheckAWSSecurityGroupExists(n string, group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 224 return func(s *terraform.State) error { 225 rs, ok := s.RootModule().Resources[n] 226 if !ok { 227 return fmt.Errorf("Not found: %s", n) 228 } 229 230 if rs.Primary.ID == "" { 231 return fmt.Errorf("No Security Group is set") 232 } 233 234 conn := testAccProvider.Meta().(*AWSClient).ec2conn 235 sgs := []ec2.SecurityGroup{ 236 ec2.SecurityGroup{ 237 Id: rs.Primary.ID, 238 }, 239 } 240 resp, err := conn.SecurityGroups(sgs, nil) 241 if err != nil { 242 return err 243 } 244 245 if len(resp.Groups) > 0 && resp.Groups[0].Id == rs.Primary.ID { 246 247 *group = resp.Groups[0] 248 249 return nil 250 } 251 252 return fmt.Errorf("Security Group not found") 253 } 254 } 255 256 func testAccCheckAWSSecurityGroupAttributes(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 257 return func(s *terraform.State) error { 258 p := ec2.IPPerm{ 259 FromPort: 80, 260 ToPort: 8000, 261 Protocol: "tcp", 262 SourceIPs: []string{"10.0.0.0/8"}, 263 } 264 265 if group.Name != "terraform_acceptance_test_example" { 266 return fmt.Errorf("Bad name: %s", group.Name) 267 } 268 269 if group.Description != "Used in the terraform acceptance tests" { 270 return fmt.Errorf("Bad description: %s", group.Description) 271 } 272 273 if len(group.IPPerms) == 0 { 274 return fmt.Errorf("No IPPerms") 275 } 276 277 // Compare our ingress 278 if !reflect.DeepEqual(group.IPPerms[0], p) { 279 return fmt.Errorf( 280 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 281 group.IPPerms[0], 282 p) 283 } 284 285 return nil 286 } 287 } 288 289 func TestAccAWSSecurityGroup_tags(t *testing.T) { 290 var group ec2.SecurityGroupInfo 291 292 resource.Test(t, resource.TestCase{ 293 PreCheck: func() { testAccPreCheck(t) }, 294 Providers: testAccProviders, 295 CheckDestroy: testAccCheckAWSSecurityGroupDestroy, 296 Steps: []resource.TestStep{ 297 resource.TestStep{ 298 Config: testAccAWSSecurityGroupConfigTags, 299 Check: resource.ComposeTestCheckFunc( 300 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 301 testAccCheckTags(&group.Tags, "foo", "bar"), 302 ), 303 }, 304 305 resource.TestStep{ 306 Config: testAccAWSSecurityGroupConfigTagsUpdate, 307 Check: resource.ComposeTestCheckFunc( 308 testAccCheckAWSSecurityGroupExists("aws_security_group.foo", &group), 309 testAccCheckTags(&group.Tags, "foo", ""), 310 testAccCheckTags(&group.Tags, "bar", "baz"), 311 ), 312 }, 313 }, 314 }) 315 } 316 317 func testAccCheckAWSSecurityGroupAttributesChanged(group *ec2.SecurityGroupInfo) resource.TestCheckFunc { 318 return func(s *terraform.State) error { 319 p := []ec2.IPPerm{ 320 ec2.IPPerm{ 321 FromPort: 80, 322 ToPort: 9000, 323 Protocol: "tcp", 324 SourceIPs: []string{"10.0.0.0/8"}, 325 }, 326 ec2.IPPerm{ 327 FromPort: 80, 328 ToPort: 8000, 329 Protocol: "tcp", 330 SourceIPs: []string{"0.0.0.0/0", "10.0.0.0/8"}, 331 }, 332 } 333 334 if group.Name != "terraform_acceptance_test_example" { 335 return fmt.Errorf("Bad name: %s", group.Name) 336 } 337 338 if group.Description != "Used in the terraform acceptance tests" { 339 return fmt.Errorf("Bad description: %s", group.Description) 340 } 341 342 // Compare our ingress 343 if len(group.IPPerms) != 2 { 344 return fmt.Errorf( 345 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 346 group.IPPerms, 347 p) 348 } 349 350 if group.IPPerms[0].ToPort == 8000 { 351 group.IPPerms[1], group.IPPerms[0] = 352 group.IPPerms[0], group.IPPerms[1] 353 } 354 355 if !reflect.DeepEqual(group.IPPerms, p) { 356 return fmt.Errorf( 357 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 358 group.IPPerms, 359 p) 360 } 361 362 return nil 363 } 364 } 365 366 const testAccAWSSecurityGroupConfig = ` 367 resource "aws_security_group" "web" { 368 name = "terraform_acceptance_test_example" 369 description = "Used in the terraform acceptance tests" 370 371 ingress { 372 protocol = "tcp" 373 from_port = 80 374 to_port = 8000 375 cidr_blocks = ["10.0.0.0/8"] 376 } 377 } 378 ` 379 380 const testAccAWSSecurityGroupConfigChange = ` 381 resource "aws_security_group" "web" { 382 name = "terraform_acceptance_test_example" 383 description = "Used in the terraform acceptance tests" 384 385 ingress { 386 protocol = "tcp" 387 from_port = 80 388 to_port = 9000 389 cidr_blocks = ["10.0.0.0/8"] 390 } 391 392 ingress { 393 protocol = "tcp" 394 from_port = 80 395 to_port = 8000 396 cidr_blocks = ["0.0.0.0/0", "10.0.0.0/8"] 397 } 398 } 399 ` 400 401 const testAccAWSSecurityGroupConfigSelf = ` 402 resource "aws_security_group" "web" { 403 name = "terraform_acceptance_test_example" 404 description = "Used in the terraform acceptance tests" 405 406 ingress { 407 protocol = "tcp" 408 from_port = 80 409 to_port = 8000 410 self = true 411 } 412 } 413 ` 414 415 const testAccAWSSecurityGroupConfigVpc = ` 416 resource "aws_vpc" "foo" { 417 cidr_block = "10.1.0.0/16" 418 } 419 420 resource "aws_security_group" "web" { 421 name = "terraform_acceptance_test_example" 422 description = "Used in the terraform acceptance tests" 423 vpc_id = "${aws_vpc.foo.id}" 424 425 ingress { 426 protocol = "tcp" 427 from_port = 80 428 to_port = 8000 429 cidr_blocks = ["10.0.0.0/8"] 430 } 431 432 egress { 433 protocol = "tcp" 434 from_port = 80 435 to_port = 8000 436 cidr_blocks = ["10.0.0.0/8"] 437 } 438 } 439 ` 440 441 const testAccAWSSecurityGroupConfigMultiIngress = ` 442 resource "aws_security_group" "worker" { 443 name = "terraform_acceptance_test_example_1" 444 description = "Used in the terraform acceptance tests" 445 446 ingress { 447 protocol = "tcp" 448 from_port = 80 449 to_port = 8000 450 cidr_blocks = ["10.0.0.0/8"] 451 } 452 } 453 454 resource "aws_security_group" "web" { 455 name = "terraform_acceptance_test_example_2" 456 description = "Used in the terraform acceptance tests" 457 458 ingress { 459 protocol = "tcp" 460 from_port = 22 461 to_port = 22 462 cidr_blocks = ["10.0.0.0/8"] 463 } 464 465 ingress { 466 protocol = "tcp" 467 from_port = 800 468 to_port = 800 469 cidr_blocks = ["10.0.0.0/8"] 470 } 471 472 ingress { 473 protocol = "tcp" 474 from_port = 80 475 to_port = 8000 476 security_groups = ["${aws_security_group.worker.id}"] 477 } 478 } 479 ` 480 481 const testAccAWSSecurityGroupConfigTags = ` 482 resource "aws_security_group" "foo" { 483 name = "terraform_acceptance_test_example" 484 description = "Used in the terraform acceptance tests" 485 486 ingress { 487 protocol = "tcp" 488 from_port = 80 489 to_port = 8000 490 cidr_blocks = ["10.0.0.0/8"] 491 } 492 493 tags { 494 foo = "bar" 495 } 496 } 497 ` 498 499 const testAccAWSSecurityGroupConfigTagsUpdate = ` 500 resource "aws_security_group" "foo" { 501 name = "terraform_acceptance_test_example" 502 description = "Used in the terraform acceptance tests" 503 504 ingress { 505 protocol = "tcp" 506 from_port = 80 507 to_port = 8000 508 cidr_blocks = ["10.0.0.0/8"] 509 } 510 511 tags { 512 bar = "baz" 513 } 514 } 515 `