github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/builtin/providers/aws/resource_aws_codepipeline_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "os" 6 "regexp" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/service/codepipeline" 11 "github.com/hashicorp/terraform/helper/acctest" 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSCodePipeline_basic(t *testing.T) { 17 if os.Getenv("GITHUB_TOKEN") == "" { 18 t.Skip("Environment variable GITHUB_TOKEN is not set") 19 } 20 21 name := acctest.RandString(10) 22 23 resource.Test(t, resource.TestCase{ 24 PreCheck: func() { testAccPreCheck(t) }, 25 Providers: testAccProviders, 26 CheckDestroy: testAccCheckAWSCodePipelineDestroy, 27 Steps: []resource.TestStep{ 28 { 29 Config: testAccAWSCodePipelineConfig_basic(name), 30 Check: resource.ComposeTestCheckFunc( 31 testAccCheckAWSCodePipelineExists("aws_codepipeline.bar"), 32 resource.TestCheckResourceAttr("aws_codepipeline.bar", "artifact_store.0.type", "S3"), 33 resource.TestCheckResourceAttr("aws_codepipeline.bar", "artifact_store.0.encryption_key.0.id", "1234"), 34 resource.TestCheckResourceAttr("aws_codepipeline.bar", "artifact_store.0.encryption_key.0.type", "KMS"), 35 ), 36 }, 37 { 38 Config: testAccAWSCodePipelineConfig_basicUpdated(name), 39 Check: resource.ComposeTestCheckFunc( 40 testAccCheckAWSCodePipelineExists("aws_codepipeline.bar"), 41 resource.TestCheckResourceAttr("aws_codepipeline.bar", "artifact_store.0.type", "S3"), 42 resource.TestCheckResourceAttr("aws_codepipeline.bar", "artifact_store.0.encryption_key.0.id", "4567"), 43 resource.TestCheckResourceAttr("aws_codepipeline.bar", "artifact_store.0.encryption_key.0.type", "KMS"), 44 ), 45 }, 46 }, 47 }) 48 } 49 50 func TestAccAWSCodePipeline_deployWithServiceRole(t *testing.T) { 51 if os.Getenv("GITHUB_TOKEN") == "" { 52 t.Skip("Environment variable GITHUB_TOKEN is not set") 53 } 54 55 name := acctest.RandString(10) 56 57 resource.Test(t, resource.TestCase{ 58 PreCheck: func() { testAccPreCheck(t) }, 59 Providers: testAccProviders, 60 CheckDestroy: testAccCheckAWSCodePipelineDestroy, 61 Steps: []resource.TestStep{ 62 { 63 Config: testAccAWSCodePipelineConfig_deployWithServiceRole(name), 64 Check: resource.ComposeTestCheckFunc( 65 testAccCheckAWSCodePipelineExists("aws_codepipeline.bar"), 66 resource.TestCheckResourceAttr("aws_codepipeline.bar", "stage.2.name", "Deploy"), 67 resource.TestCheckResourceAttr("aws_codepipeline.bar", "stage.2.action.0.category", "Deploy"), 68 resource.TestMatchResourceAttr( 69 "aws_codepipeline.bar", "stage.2.action.0.role_arn", 70 regexp.MustCompile("^arn:aws:iam::[0-9]{12}:role/codepipeline-action-role.*")), 71 ), 72 }, 73 }, 74 }) 75 } 76 77 func testAccCheckAWSCodePipelineExists(n string) resource.TestCheckFunc { 78 return func(s *terraform.State) error { 79 rs, ok := s.RootModule().Resources[n] 80 if !ok { 81 return fmt.Errorf("Not found: %s", n) 82 } 83 84 if rs.Primary.ID == "" { 85 return fmt.Errorf("No CodePipeline ID is set") 86 } 87 88 conn := testAccProvider.Meta().(*AWSClient).codepipelineconn 89 90 _, err := conn.GetPipeline(&codepipeline.GetPipelineInput{ 91 Name: aws.String(rs.Primary.ID), 92 }) 93 94 if err != nil { 95 return err 96 } 97 return nil 98 } 99 } 100 101 func testAccCheckAWSCodePipelineDestroy(s *terraform.State) error { 102 conn := testAccProvider.Meta().(*AWSClient).codepipelineconn 103 104 for _, rs := range s.RootModule().Resources { 105 if rs.Type != "aws_codepipeline" { 106 continue 107 } 108 109 _, err := conn.GetPipeline(&codepipeline.GetPipelineInput{ 110 Name: aws.String(rs.Primary.ID), 111 }) 112 113 if err == nil { 114 return fmt.Errorf("Expected AWS CodePipeline to be gone, but was still found") 115 } 116 return nil 117 } 118 119 return fmt.Errorf("Default error in CodePipeline Test") 120 } 121 122 func testAccAWSCodePipelineConfig_basic(rName string) string { 123 return fmt.Sprintf(` 124 resource "aws_s3_bucket" "foo" { 125 bucket = "tf-test-pipeline-%s" 126 acl = "private" 127 } 128 129 resource "aws_iam_role" "codepipeline_role" { 130 name = "codepipeline-role-%s" 131 132 assume_role_policy = <<EOF 133 { 134 "Version": "2012-10-17", 135 "Statement": [ 136 { 137 "Effect": "Allow", 138 "Principal": { 139 "Service": "codepipeline.amazonaws.com" 140 }, 141 "Action": "sts:AssumeRole" 142 } 143 ] 144 } 145 EOF 146 } 147 148 resource "aws_iam_role_policy" "codepipeline_policy" { 149 name = "codepipeline_policy" 150 role = "${aws_iam_role.codepipeline_role.id}" 151 152 policy = <<EOF 153 { 154 "Version": "2012-10-17", 155 "Statement": [ 156 { 157 "Effect":"Allow", 158 "Action": [ 159 "s3:GetObject", 160 "s3:GetObjectVersion", 161 "s3:GetBucketVersioning" 162 ], 163 "Resource": [ 164 "${aws_s3_bucket.foo.arn}", 165 "${aws_s3_bucket.foo.arn}/*" 166 ] 167 }, 168 { 169 "Effect": "Allow", 170 "Action": [ 171 "codebuild:BatchGetBuilds", 172 "codebuild:StartBuild" 173 ], 174 "Resource": "*" 175 } 176 ] 177 } 178 EOF 179 } 180 181 resource "aws_codepipeline" "bar" { 182 name = "test-pipeline-%s" 183 role_arn = "${aws_iam_role.codepipeline_role.arn}" 184 185 artifact_store { 186 location = "${aws_s3_bucket.foo.bucket}" 187 type = "S3" 188 189 encryption_key { 190 id = "1234" 191 type = "KMS" 192 } 193 } 194 195 stage { 196 name = "Source" 197 198 action { 199 name = "Source" 200 category = "Source" 201 owner = "ThirdParty" 202 provider = "GitHub" 203 version = "1" 204 output_artifacts = ["test"] 205 206 configuration { 207 Owner = "lifesum-terraform" 208 Repo = "test" 209 Branch = "master" 210 } 211 } 212 } 213 214 stage { 215 name = "Build" 216 217 action { 218 name = "Build" 219 category = "Build" 220 owner = "AWS" 221 provider = "CodeBuild" 222 input_artifacts = ["test"] 223 version = "1" 224 225 configuration { 226 ProjectName = "test" 227 } 228 } 229 } 230 } 231 `, rName, rName, rName) 232 } 233 234 func testAccAWSCodePipelineConfig_basicUpdated(rName string) string { 235 return fmt.Sprintf(` 236 resource "aws_s3_bucket" "foo" { 237 bucket = "tf-test-pipeline-%s" 238 acl = "private" 239 } 240 241 resource "aws_iam_role" "codepipeline_role" { 242 name = "codepipeline-role-%s" 243 244 assume_role_policy = <<EOF 245 { 246 "Version": "2012-10-17", 247 "Statement": [ 248 { 249 "Effect": "Allow", 250 "Principal": { 251 "Service": "codepipeline.amazonaws.com" 252 }, 253 "Action": "sts:AssumeRole" 254 } 255 ] 256 } 257 EOF 258 } 259 260 resource "aws_iam_role_policy" "codepipeline_policy" { 261 name = "codepipeline_policy" 262 role = "${aws_iam_role.codepipeline_role.id}" 263 264 policy = <<EOF 265 { 266 "Version": "2012-10-17", 267 "Statement": [ 268 { 269 "Effect":"Allow", 270 "Action": [ 271 "s3:GetObject", 272 "s3:GetObjectVersion", 273 "s3:GetBucketVersioning" 274 ], 275 "Resource": [ 276 "${aws_s3_bucket.foo.arn}", 277 "${aws_s3_bucket.foo.arn}/*" 278 ] 279 }, 280 { 281 "Effect": "Allow", 282 "Action": [ 283 "codebuild:BatchGetBuilds", 284 "codebuild:StartBuild" 285 ], 286 "Resource": "*" 287 } 288 ] 289 } 290 EOF 291 } 292 293 resource "aws_codepipeline" "bar" { 294 name = "test-pipeline-%s" 295 role_arn = "${aws_iam_role.codepipeline_role.arn}" 296 297 artifact_store { 298 location = "${aws_s3_bucket.foo.bucket}" 299 type = "S3" 300 301 encryption_key { 302 id = "4567" 303 type = "KMS" 304 } 305 } 306 307 stage { 308 name = "Source" 309 310 action { 311 name = "Source" 312 category = "Source" 313 owner = "ThirdParty" 314 provider = "GitHub" 315 version = "1" 316 output_artifacts = ["bar"] 317 318 configuration { 319 Owner = "foo-terraform" 320 Repo = "bar" 321 Branch = "stable" 322 } 323 } 324 } 325 326 stage { 327 name = "Build" 328 329 action { 330 name = "Build" 331 category = "Build" 332 owner = "AWS" 333 provider = "CodeBuild" 334 input_artifacts = ["bar"] 335 version = "1" 336 337 configuration { 338 ProjectName = "foo" 339 } 340 } 341 } 342 } 343 `, rName, rName, rName) 344 } 345 346 func testAccAWSCodePipelineConfig_deployWithServiceRole(rName string) string { 347 return fmt.Sprintf(` 348 resource "aws_s3_bucket" "foo" { 349 bucket = "tf-test-pipeline-%s" 350 acl = "private" 351 } 352 353 resource "aws_iam_role" "codepipeline_role" { 354 name = "codepipeline-role-%s" 355 356 assume_role_policy = <<EOF 357 { 358 "Version": "2012-10-17", 359 "Statement": [ 360 { 361 "Effect": "Allow", 362 "Principal": { 363 "Service": "codepipeline.amazonaws.com" 364 }, 365 "Action": "sts:AssumeRole" 366 } 367 ] 368 } 369 EOF 370 } 371 372 resource "aws_iam_role_policy" "codepipeline_policy" { 373 name = "codepipeline_policy" 374 role = "${aws_iam_role.codepipeline_role.id}" 375 376 policy = <<EOF 377 { 378 "Version": "2012-10-17", 379 "Statement": [ 380 { 381 "Effect":"Allow", 382 "Action": [ 383 "s3:GetObject", 384 "s3:GetObjectVersion", 385 "s3:GetBucketVersioning" 386 ], 387 "Resource": [ 388 "${aws_s3_bucket.foo.arn}", 389 "${aws_s3_bucket.foo.arn}/*" 390 ] 391 }, 392 { 393 "Effect": "Allow", 394 "Action": [ 395 "codebuild:BatchGetBuilds", 396 "codebuild:StartBuild" 397 ], 398 "Resource": "*" 399 }, 400 { 401 "Effect": "Allow", 402 "Action": [ 403 "sts:AssumeRole" 404 ], 405 "Resource": "${aws_iam_role.codepipeline_action_role.arn}" 406 } 407 ] 408 } 409 EOF 410 } 411 412 data "aws_caller_identity" "current" {} 413 414 resource "aws_iam_role" "codepipeline_action_role" { 415 name = "codepipeline-action-role-%s" 416 417 assume_role_policy = <<EOF 418 { 419 "Version": "2012-10-17", 420 "Statement": [ 421 { 422 "Effect": "Allow", 423 "Principal": { 424 "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" 425 }, 426 "Action": "sts:AssumeRole" 427 } 428 ] 429 } 430 EOF 431 } 432 433 resource "aws_iam_role_policy" "codepipeline_action_policy" { 434 name = "codepipeline_action_policy" 435 role = "${aws_iam_role.codepipeline_action_role.id}" 436 437 policy = <<EOF 438 { 439 "Version": "2012-10-17", 440 "Statement": [ 441 { 442 "Effect":"Allow", 443 "Action": [ 444 "s3:GetObject", 445 "s3:GetObjectVersion", 446 "s3:GetBucketVersioning" 447 ], 448 "Resource": [ 449 "${aws_s3_bucket.foo.arn}", 450 "${aws_s3_bucket.foo.arn}/*" 451 ] 452 } 453 ] 454 } 455 EOF 456 } 457 458 resource "aws_codepipeline" "bar" { 459 name = "test-pipeline-%s" 460 role_arn = "${aws_iam_role.codepipeline_role.arn}" 461 462 artifact_store { 463 location = "${aws_s3_bucket.foo.bucket}" 464 type = "S3" 465 466 encryption_key { 467 id = "4567" 468 type = "KMS" 469 } 470 } 471 472 stage { 473 name = "Source" 474 475 action { 476 name = "Source" 477 category = "Source" 478 owner = "ThirdParty" 479 provider = "GitHub" 480 version = "1" 481 output_artifacts = ["bar"] 482 483 configuration { 484 Owner = "foo-terraform" 485 Repo = "bar" 486 Branch = "stable" 487 } 488 } 489 } 490 491 stage { 492 name = "Build" 493 494 action { 495 name = "Build" 496 category = "Build" 497 owner = "AWS" 498 provider = "CodeBuild" 499 input_artifacts = ["bar"] 500 output_artifacts = ["baz"] 501 version = "1" 502 503 configuration { 504 ProjectName = "foo" 505 } 506 } 507 } 508 509 stage { 510 name = "Deploy" 511 512 action { 513 name = "CreateChangeSet" 514 category = "Deploy" 515 owner = "AWS" 516 provider = "CloudFormation" 517 input_artifacts = ["baz"] 518 role_arn = "${aws_iam_role.codepipeline_action_role.arn}" 519 version = "1" 520 521 configuration { 522 ActionMode = "CHANGE_SET_REPLACE" 523 ChangeSetName = "changeset" 524 StackName = "stack" 525 TemplatePath = "baz::template.yaml" 526 } 527 } 528 }} 529 `, rName, rName, rName, rName) 530 }