github.com/leeprovoost/terraform@v0.6.10-0.20160119085442-96f3f76118e7/builtin/providers/aws/resource_aws_network_acl_rule_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strconv" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSNetworkAclRule_basic(t *testing.T) { 16 var networkAcl ec2.NetworkAcl 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAWSNetworkAclRuleBasicConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.bar", &networkAcl), 27 ), 28 }, 29 }, 30 }) 31 } 32 33 func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error { 34 35 for _, rs := range s.RootModule().Resources { 36 conn := testAccProvider.Meta().(*AWSClient).ec2conn 37 if rs.Type != "aws_network_acl_rule" { 38 continue 39 } 40 41 req := &ec2.DescribeNetworkAclsInput{ 42 NetworkAclIds: []*string{aws.String(rs.Primary.ID)}, 43 } 44 resp, err := conn.DescribeNetworkAcls(req) 45 if err == nil { 46 if len(resp.NetworkAcls) > 0 && *resp.NetworkAcls[0].NetworkAclId == rs.Primary.ID { 47 networkAcl := resp.NetworkAcls[0] 48 if networkAcl.Entries != nil { 49 return fmt.Errorf("Network ACL Entries still exist") 50 } 51 } 52 } 53 54 ec2err, ok := err.(awserr.Error) 55 if !ok { 56 return err 57 } 58 if ec2err.Code() != "InvalidNetworkAclID.NotFound" { 59 return err 60 } 61 } 62 63 return nil 64 } 65 66 func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc { 67 return func(s *terraform.State) error { 68 conn := testAccProvider.Meta().(*AWSClient).ec2conn 69 rs, ok := s.RootModule().Resources[n] 70 if !ok { 71 return fmt.Errorf("Not found: %s", n) 72 } 73 74 if rs.Primary.ID == "" { 75 return fmt.Errorf("No Network ACL Id is set") 76 } 77 78 req := &ec2.DescribeNetworkAclsInput{ 79 NetworkAclIds: []*string{aws.String(rs.Primary.Attributes["network_acl_id"])}, 80 } 81 resp, err := conn.DescribeNetworkAcls(req) 82 if err != nil { 83 return err 84 } 85 if len(resp.NetworkAcls) != 1 { 86 return fmt.Errorf("Network ACL not found") 87 } 88 egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"]) 89 if err != nil { 90 return err 91 } 92 ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64) 93 if err != nil { 94 return err 95 } 96 for _, e := range resp.NetworkAcls[0].Entries { 97 if *e.RuleNumber == ruleNo && *e.Egress == egress { 98 return nil 99 } 100 } 101 return fmt.Errorf("Entry not found: %s", resp.NetworkAcls[0]) 102 } 103 } 104 105 const testAccAWSNetworkAclRuleBasicConfig = ` 106 provider "aws" { 107 region = "us-east-1" 108 } 109 resource "aws_vpc" "foo" { 110 cidr_block = "10.3.0.0/16" 111 } 112 resource "aws_network_acl" "bar" { 113 vpc_id = "${aws_vpc.foo.id}" 114 } 115 resource "aws_network_acl_rule" "bar" { 116 network_acl_id = "${aws_network_acl.bar.id}" 117 rule_number = 200 118 egress = false 119 protocol = "tcp" 120 rule_action = "allow" 121 cidr_block = "0.0.0.0/0" 122 from_port = 22 123 to_port = 22 124 } 125 `