github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/resource_aws_flow_log_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ec2" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 func TestAccAWSFlowLog_basic(t *testing.T) { 14 var flowLog ec2.FlowLog 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 IDRefreshName: "aws_flow_log.test_flow_log", 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckFlowLogDestroy, 21 Steps: []resource.TestStep{ 22 resource.TestStep{ 23 Config: testAccFlowLogConfig_basic, 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckFlowLogExists("aws_flow_log.test_flow_log", &flowLog), 26 testAccCheckAWSFlowLogAttributes(&flowLog), 27 ), 28 }, 29 }, 30 }) 31 } 32 33 func TestAccAWSFlowLog_subnet(t *testing.T) { 34 var flowLog ec2.FlowLog 35 36 resource.Test(t, resource.TestCase{ 37 PreCheck: func() { testAccPreCheck(t) }, 38 IDRefreshName: "aws_flow_log.test_flow_log_subnet", 39 Providers: testAccProviders, 40 CheckDestroy: testAccCheckFlowLogDestroy, 41 Steps: []resource.TestStep{ 42 resource.TestStep{ 43 Config: testAccFlowLogConfig_subnet, 44 Check: resource.ComposeTestCheckFunc( 45 testAccCheckFlowLogExists("aws_flow_log.test_flow_log_subnet", &flowLog), 46 testAccCheckAWSFlowLogAttributes(&flowLog), 47 ), 48 }, 49 }, 50 }) 51 } 52 53 func testAccCheckFlowLogExists(n string, flowLog *ec2.FlowLog) resource.TestCheckFunc { 54 return func(s *terraform.State) error { 55 rs, ok := s.RootModule().Resources[n] 56 if !ok { 57 return fmt.Errorf("Not found: %s", n) 58 } 59 60 if rs.Primary.ID == "" { 61 return fmt.Errorf("No Flow Log ID is set") 62 } 63 64 conn := testAccProvider.Meta().(*AWSClient).ec2conn 65 describeOpts := &ec2.DescribeFlowLogsInput{ 66 FlowLogIds: []*string{aws.String(rs.Primary.ID)}, 67 } 68 resp, err := conn.DescribeFlowLogs(describeOpts) 69 if err != nil { 70 return err 71 } 72 73 if len(resp.FlowLogs) > 0 { 74 *flowLog = *resp.FlowLogs[0] 75 return nil 76 } 77 return fmt.Errorf("No Flow Logs found for id (%s)", rs.Primary.ID) 78 } 79 } 80 81 func testAccCheckAWSFlowLogAttributes(flowLog *ec2.FlowLog) resource.TestCheckFunc { 82 return func(s *terraform.State) error { 83 if flowLog.FlowLogStatus != nil && *flowLog.FlowLogStatus == "ACTIVE" { 84 return nil 85 } 86 if flowLog.FlowLogStatus == nil { 87 return fmt.Errorf("Flow Log status is not ACTIVE, is nil") 88 } else { 89 return fmt.Errorf("Flow Log status is not ACTIVE, got: %s", *flowLog.FlowLogStatus) 90 } 91 } 92 } 93 94 func testAccCheckFlowLogDestroy(s *terraform.State) error { 95 for _, rs := range s.RootModule().Resources { 96 if rs.Type != "aws_flow_log" { 97 continue 98 } 99 100 return nil 101 } 102 103 return nil 104 } 105 106 var testAccFlowLogConfig_basic = ` 107 resource "aws_vpc" "default" { 108 cidr_block = "10.0.0.0/16" 109 tags { 110 Name = "tf-flow-log-test" 111 } 112 } 113 114 resource "aws_subnet" "test_subnet" { 115 vpc_id = "${aws_vpc.default.id}" 116 cidr_block = "10.0.1.0/24" 117 118 tags { 119 Name = "tf-flow-test" 120 } 121 } 122 123 resource "aws_iam_role" "test_role" { 124 name = "test_role" 125 assume_role_policy = <<EOF 126 { 127 "Version": "2012-10-17", 128 "Statement": [ 129 { 130 "Effect": "Allow", 131 "Principal": { 132 "Service": [ 133 "ec2.amazonaws.com" 134 ] 135 }, 136 "Action": [ 137 "sts:AssumeRole" 138 ] 139 } 140 ] 141 } 142 EOF 143 } 144 145 resource "aws_cloudwatch_log_group" "foobar" { 146 name = "foo-bar" 147 } 148 resource "aws_flow_log" "test_flow_log" { 149 # log_group_name needs to exist before hand 150 # until we have a CloudWatch Log Group Resource 151 log_group_name = "tf-test-log-group" 152 iam_role_arn = "${aws_iam_role.test_role.arn}" 153 vpc_id = "${aws_vpc.default.id}" 154 traffic_type = "ALL" 155 } 156 157 resource "aws_flow_log" "test_flow_log_subnet" { 158 # log_group_name needs to exist before hand 159 # until we have a CloudWatch Log Group Resource 160 log_group_name = "${aws_cloudwatch_log_group.foobar.name}" 161 iam_role_arn = "${aws_iam_role.test_role.arn}" 162 subnet_id = "${aws_subnet.test_subnet.id}" 163 traffic_type = "ALL" 164 } 165 ` 166 167 var testAccFlowLogConfig_subnet = ` 168 resource "aws_vpc" "default" { 169 cidr_block = "10.0.0.0/16" 170 tags { 171 Name = "tf-flow-log-test" 172 } 173 } 174 175 resource "aws_subnet" "test_subnet" { 176 vpc_id = "${aws_vpc.default.id}" 177 cidr_block = "10.0.1.0/24" 178 179 tags { 180 Name = "tf-flow-test" 181 } 182 } 183 184 resource "aws_iam_role" "test_role" { 185 name = "test_role" 186 assume_role_policy = <<EOF 187 { 188 "Version": "2012-10-17", 189 "Statement": [ 190 { 191 "Effect": "Allow", 192 "Principal": { 193 "Service": [ 194 "ec2.amazonaws.com" 195 ] 196 }, 197 "Action": [ 198 "sts:AssumeRole" 199 ] 200 } 201 ] 202 } 203 EOF 204 } 205 resource "aws_cloudwatch_log_group" "foobar" { 206 name = "foo-bar" 207 } 208 209 resource "aws_flow_log" "test_flow_log_subnet" { 210 # log_group_name needs to exist before hand 211 # until we have a CloudWatch Log Group Resource 212 log_group_name = "${aws_cloudwatch_log_group.foobar.name}" 213 iam_role_arn = "${aws_iam_role.test_role.arn}" 214 subnet_id = "${aws_subnet.test_subnet.id}" 215 traffic_type = "ALL" 216 } 217 `