github.com/jrperritt/terraform@v0.1.1-0.20170525065507-96f391dafc38/builtin/providers/aws/resource_aws_wafregional_ipset_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "reflect" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 11 "github.com/aws/aws-sdk-go/aws" 12 "github.com/aws/aws-sdk-go/aws/awserr" 13 "github.com/aws/aws-sdk-go/service/waf" 14 "github.com/aws/aws-sdk-go/service/wafregional" 15 "github.com/hashicorp/terraform/helper/acctest" 16 ) 17 18 func TestAccAWSWafRegionalIPSet_basic(t *testing.T) { 19 var v waf.IPSet 20 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, 26 Steps: []resource.TestStep{ 27 resource.TestStep{ 28 Config: testAccAWSWafRegionalIPSetConfig(ipsetName), 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &v), 31 resource.TestCheckResourceAttr( 32 "aws_wafregional_ipset.ipset", "name", ipsetName), 33 resource.TestCheckResourceAttr( 34 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.type", "IPV4"), 35 resource.TestCheckResourceAttr( 36 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.value", "192.0.7.0/24"), 37 ), 38 }, 39 }, 40 }) 41 } 42 43 func TestAccAWSWafRegionalIPSet_disappears(t *testing.T) { 44 var v waf.IPSet 45 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 46 resource.Test(t, resource.TestCase{ 47 PreCheck: func() { testAccPreCheck(t) }, 48 Providers: testAccProviders, 49 CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, 50 Steps: []resource.TestStep{ 51 { 52 Config: testAccAWSWafRegionalIPSetConfig(ipsetName), 53 Check: resource.ComposeTestCheckFunc( 54 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &v), 55 testAccCheckAWSWafRegionalIPSetDisappears(&v), 56 ), 57 ExpectNonEmptyPlan: true, 58 }, 59 }, 60 }) 61 } 62 63 func TestAccAWSWafRegionalIPSet_changeNameForceNew(t *testing.T) { 64 var before, after waf.IPSet 65 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 66 ipsetNewName := fmt.Sprintf("ip-set-new-%s", acctest.RandString(5)) 67 68 resource.Test(t, resource.TestCase{ 69 PreCheck: func() { testAccPreCheck(t) }, 70 Providers: testAccProviders, 71 CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, 72 Steps: []resource.TestStep{ 73 { 74 Config: testAccAWSWafRegionalIPSetConfig(ipsetName), 75 Check: resource.ComposeAggregateTestCheckFunc( 76 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &before), 77 resource.TestCheckResourceAttr( 78 "aws_wafregional_ipset.ipset", "name", ipsetName), 79 resource.TestCheckResourceAttr( 80 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.type", "IPV4"), 81 resource.TestCheckResourceAttr( 82 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.value", "192.0.7.0/24"), 83 ), 84 }, 85 { 86 Config: testAccAWSWafRegionalIPSetConfigChangeName(ipsetNewName), 87 Check: resource.ComposeAggregateTestCheckFunc( 88 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &after), 89 resource.TestCheckResourceAttr( 90 "aws_wafregional_ipset.ipset", "name", ipsetNewName), 91 resource.TestCheckResourceAttr( 92 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.type", "IPV4"), 93 resource.TestCheckResourceAttr( 94 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.value", "192.0.7.0/24"), 95 ), 96 }, 97 }, 98 }) 99 } 100 101 func TestAccAWSWafRegionalIPSet_changeDescriptors(t *testing.T) { 102 var before, after waf.IPSet 103 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 104 105 resource.Test(t, resource.TestCase{ 106 PreCheck: func() { testAccPreCheck(t) }, 107 Providers: testAccProviders, 108 CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, 109 Steps: []resource.TestStep{ 110 { 111 Config: testAccAWSWafRegionalIPSetConfig(ipsetName), 112 Check: resource.ComposeAggregateTestCheckFunc( 113 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &before), 114 resource.TestCheckResourceAttr( 115 "aws_wafregional_ipset.ipset", "name", ipsetName), 116 resource.TestCheckResourceAttr( 117 "aws_wafregional_ipset.ipset", "ip_set_descriptor.#", "1"), 118 resource.TestCheckResourceAttr( 119 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.type", "IPV4"), 120 resource.TestCheckResourceAttr( 121 "aws_wafregional_ipset.ipset", "ip_set_descriptor.4037960608.value", "192.0.7.0/24"), 122 ), 123 }, 124 { 125 Config: testAccAWSWafRegionalIPSetConfigChangeIPSetDescriptors(ipsetName), 126 Check: resource.ComposeAggregateTestCheckFunc( 127 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &after), 128 resource.TestCheckResourceAttr( 129 "aws_wafregional_ipset.ipset", "name", ipsetName), 130 resource.TestCheckResourceAttr( 131 "aws_wafregional_ipset.ipset", "ip_set_descriptor.#", "1"), 132 resource.TestCheckResourceAttr( 133 "aws_wafregional_ipset.ipset", "ip_set_descriptor.115741513.type", "IPV4"), 134 resource.TestCheckResourceAttr( 135 "aws_wafregional_ipset.ipset", "ip_set_descriptor.115741513.value", "192.0.8.0/24"), 136 ), 137 }, 138 }, 139 }) 140 } 141 142 func TestAccAWSWafRegionalIPSet_noDescriptors(t *testing.T) { 143 var ipset waf.IPSet 144 ipsetName := fmt.Sprintf("ip-set-%s", acctest.RandString(5)) 145 146 resource.Test(t, resource.TestCase{ 147 PreCheck: func() { testAccPreCheck(t) }, 148 Providers: testAccProviders, 149 CheckDestroy: testAccCheckAWSWafRegionalIPSetDestroy, 150 Steps: []resource.TestStep{ 151 { 152 Config: testAccAWSWafRegionalIPSetConfig_noDescriptors(ipsetName), 153 Check: resource.ComposeAggregateTestCheckFunc( 154 testAccCheckAWSWafRegionalIPSetExists("aws_wafregional_ipset.ipset", &ipset), 155 resource.TestCheckResourceAttr( 156 "aws_wafregional_ipset.ipset", "name", ipsetName), 157 resource.TestCheckResourceAttr( 158 "aws_wafregional_ipset.ipset", "ip_set_descriptor.#", "0"), 159 ), 160 }, 161 }, 162 }) 163 } 164 165 func TestDiffWafRegionalIpSetDescriptors(t *testing.T) { 166 testCases := []struct { 167 Old []interface{} 168 New []interface{} 169 ExpectedUpdates []*waf.IPSetUpdate 170 }{ 171 { 172 // Change 173 Old: []interface{}{ 174 map[string]interface{}{"type": "IPV4", "value": "192.0.7.0/24"}, 175 }, 176 New: []interface{}{ 177 map[string]interface{}{"type": "IPV4", "value": "192.0.8.0/24"}, 178 }, 179 ExpectedUpdates: []*waf.IPSetUpdate{ 180 &waf.IPSetUpdate{ 181 Action: aws.String(wafregional.ChangeActionDelete), 182 IPSetDescriptor: &waf.IPSetDescriptor{ 183 Type: aws.String("IPV4"), 184 Value: aws.String("192.0.7.0/24"), 185 }, 186 }, 187 &waf.IPSetUpdate{ 188 Action: aws.String(wafregional.ChangeActionInsert), 189 IPSetDescriptor: &waf.IPSetDescriptor{ 190 Type: aws.String("IPV4"), 191 Value: aws.String("192.0.8.0/24"), 192 }, 193 }, 194 }, 195 }, 196 { 197 // Fresh IPSet 198 Old: []interface{}{}, 199 New: []interface{}{ 200 map[string]interface{}{"type": "IPV4", "value": "10.0.1.0/24"}, 201 map[string]interface{}{"type": "IPV4", "value": "10.0.2.0/24"}, 202 map[string]interface{}{"type": "IPV4", "value": "10.0.3.0/24"}, 203 }, 204 ExpectedUpdates: []*waf.IPSetUpdate{ 205 &waf.IPSetUpdate{ 206 Action: aws.String(wafregional.ChangeActionInsert), 207 IPSetDescriptor: &waf.IPSetDescriptor{ 208 Type: aws.String("IPV4"), 209 Value: aws.String("10.0.1.0/24"), 210 }, 211 }, 212 &waf.IPSetUpdate{ 213 Action: aws.String(wafregional.ChangeActionInsert), 214 IPSetDescriptor: &waf.IPSetDescriptor{ 215 Type: aws.String("IPV4"), 216 Value: aws.String("10.0.2.0/24"), 217 }, 218 }, 219 &waf.IPSetUpdate{ 220 Action: aws.String(wafregional.ChangeActionInsert), 221 IPSetDescriptor: &waf.IPSetDescriptor{ 222 Type: aws.String("IPV4"), 223 Value: aws.String("10.0.3.0/24"), 224 }, 225 }, 226 }, 227 }, 228 { 229 // Deletion 230 Old: []interface{}{ 231 map[string]interface{}{"type": "IPV4", "value": "192.0.7.0/24"}, 232 map[string]interface{}{"type": "IPV4", "value": "192.0.8.0/24"}, 233 }, 234 New: []interface{}{}, 235 ExpectedUpdates: []*waf.IPSetUpdate{ 236 &waf.IPSetUpdate{ 237 Action: aws.String(wafregional.ChangeActionDelete), 238 IPSetDescriptor: &waf.IPSetDescriptor{ 239 Type: aws.String("IPV4"), 240 Value: aws.String("192.0.7.0/24"), 241 }, 242 }, 243 &waf.IPSetUpdate{ 244 Action: aws.String(wafregional.ChangeActionDelete), 245 IPSetDescriptor: &waf.IPSetDescriptor{ 246 Type: aws.String("IPV4"), 247 Value: aws.String("192.0.8.0/24"), 248 }, 249 }, 250 }, 251 }, 252 } 253 for i, tc := range testCases { 254 t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { 255 updates := diffWafIpSetDescriptors(tc.Old, tc.New) 256 if !reflect.DeepEqual(updates, tc.ExpectedUpdates) { 257 t.Fatalf("IPSet updates don't match.\nGiven: %s\nExpected: %s", 258 updates, tc.ExpectedUpdates) 259 } 260 }) 261 } 262 } 263 264 func testAccCheckAWSWafRegionalIPSetDisappears(v *waf.IPSet) resource.TestCheckFunc { 265 return func(s *terraform.State) error { 266 conn := testAccProvider.Meta().(*AWSClient).wafregionalconn 267 region := testAccProvider.Meta().(*AWSClient).region 268 269 wr := newWafRegionalRetryer(conn, region) 270 _, err := wr.RetryWithToken(func(token *string) (interface{}, error) { 271 req := &waf.UpdateIPSetInput{ 272 ChangeToken: token, 273 IPSetId: v.IPSetId, 274 } 275 276 for _, IPSetDescriptor := range v.IPSetDescriptors { 277 IPSetUpdate := &waf.IPSetUpdate{ 278 Action: aws.String("DELETE"), 279 IPSetDescriptor: &waf.IPSetDescriptor{ 280 Type: IPSetDescriptor.Type, 281 Value: IPSetDescriptor.Value, 282 }, 283 } 284 req.Updates = append(req.Updates, IPSetUpdate) 285 } 286 287 return conn.UpdateIPSet(req) 288 }) 289 if err != nil { 290 return fmt.Errorf("Error Updating WAF IPSet: %s", err) 291 } 292 293 _, err = wr.RetryWithToken(func(token *string) (interface{}, error) { 294 opts := &waf.DeleteIPSetInput{ 295 ChangeToken: token, 296 IPSetId: v.IPSetId, 297 } 298 return conn.DeleteIPSet(opts) 299 }) 300 if err != nil { 301 return fmt.Errorf("Error Deleting WAF IPSet: %s", err) 302 } 303 return nil 304 } 305 } 306 307 func testAccCheckAWSWafRegionalIPSetDestroy(s *terraform.State) error { 308 for _, rs := range s.RootModule().Resources { 309 if rs.Type != "aws_wafregional_ipset" { 310 continue 311 } 312 313 conn := testAccProvider.Meta().(*AWSClient).wafregionalconn 314 resp, err := conn.GetIPSet( 315 &waf.GetIPSetInput{ 316 IPSetId: aws.String(rs.Primary.ID), 317 }) 318 319 if err == nil { 320 if *resp.IPSet.IPSetId == rs.Primary.ID { 321 return fmt.Errorf("WAF IPSet %s still exists", rs.Primary.ID) 322 } 323 } 324 325 // Return nil if the IPSet is already destroyed 326 if awsErr, ok := err.(awserr.Error); ok { 327 if awsErr.Code() == "WAFNonexistentItemException" { 328 return nil 329 } 330 } 331 332 return err 333 } 334 335 return nil 336 } 337 338 func testAccCheckAWSWafRegionalIPSetExists(n string, v *waf.IPSet) resource.TestCheckFunc { 339 return func(s *terraform.State) error { 340 rs, ok := s.RootModule().Resources[n] 341 if !ok { 342 return fmt.Errorf("Not found: %s", n) 343 } 344 345 if rs.Primary.ID == "" { 346 return fmt.Errorf("No WAF IPSet ID is set") 347 } 348 349 conn := testAccProvider.Meta().(*AWSClient).wafregionalconn 350 resp, err := conn.GetIPSet(&waf.GetIPSetInput{ 351 IPSetId: aws.String(rs.Primary.ID), 352 }) 353 354 if err != nil { 355 return err 356 } 357 358 if *resp.IPSet.IPSetId == rs.Primary.ID { 359 *v = *resp.IPSet 360 return nil 361 } 362 363 return fmt.Errorf("WAF IPSet (%s) not found", rs.Primary.ID) 364 } 365 } 366 367 func testAccAWSWafRegionalIPSetConfig(name string) string { 368 return fmt.Sprintf(` 369 resource "aws_wafregional_ipset" "ipset" { 370 name = "%s" 371 ip_set_descriptor { 372 type = "IPV4" 373 value = "192.0.7.0/24" 374 } 375 }`, name) 376 } 377 378 func testAccAWSWafRegionalIPSetConfigChangeName(name string) string { 379 return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { 380 name = "%s" 381 ip_set_descriptor { 382 type = "IPV4" 383 value = "192.0.7.0/24" 384 } 385 }`, name) 386 } 387 388 func testAccAWSWafRegionalIPSetConfigChangeIPSetDescriptors(name string) string { 389 return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { 390 name = "%s" 391 ip_set_descriptor { 392 type = "IPV4" 393 value = "192.0.8.0/24" 394 } 395 }`, name) 396 } 397 398 func testAccAWSWafRegionalIPSetConfig_noDescriptors(name string) string { 399 return fmt.Sprintf(`resource "aws_wafregional_ipset" "ipset" { 400 name = "%s" 401 }`, name) 402 }