github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSRolePolicyAttachment_basic(t *testing.T) { 15 var out iam.ListAttachedRolePoliciesOutput 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckAWSRolePolicyAttachmentDestroy, 21 Steps: []resource.TestStep{ 22 resource.TestStep{ 23 Config: testAccAWSRolePolicyAttachConfig, 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckAWSRolePolicyAttachmentExists("aws_iam_role_policy_attachment.test-attach", 1, &out), 26 testAccCheckAWSRolePolicyAttachmentAttributes([]string{"test-policy"}, &out), 27 ), 28 }, 29 resource.TestStep{ 30 Config: testAccAWSRolePolicyAttachConfigUpdate, 31 Check: resource.ComposeTestCheckFunc( 32 testAccCheckAWSRolePolicyAttachmentExists("aws_iam_role_policy_attachment.test-attach", 2, &out), 33 testAccCheckAWSRolePolicyAttachmentAttributes([]string{"test-policy2", "test-policy3"}, &out), 34 ), 35 }, 36 }, 37 }) 38 } 39 func testAccCheckAWSRolePolicyAttachmentDestroy(s *terraform.State) error { 40 return nil 41 } 42 43 func testAccCheckAWSRolePolicyAttachmentExists(n string, c int, out *iam.ListAttachedRolePoliciesOutput) resource.TestCheckFunc { 44 return func(s *terraform.State) error { 45 rs, ok := s.RootModule().Resources[n] 46 if !ok { 47 return fmt.Errorf("Not found: %s", n) 48 } 49 50 if rs.Primary.ID == "" { 51 return fmt.Errorf("No policy name is set") 52 } 53 54 conn := testAccProvider.Meta().(*AWSClient).iamconn 55 role := rs.Primary.Attributes["role"] 56 57 attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{ 58 RoleName: aws.String(role), 59 }) 60 if err != nil { 61 return fmt.Errorf("Error: Failed to get attached policies for role %s (%s)", role, n) 62 } 63 if c != len(attachedPolicies.AttachedPolicies) { 64 return fmt.Errorf("Error: Role (%s) has wrong number of policies attached on initial creation", n) 65 } 66 67 *out = *attachedPolicies 68 return nil 69 } 70 } 71 func testAccCheckAWSRolePolicyAttachmentAttributes(policies []string, out *iam.ListAttachedRolePoliciesOutput) resource.TestCheckFunc { 72 return func(s *terraform.State) error { 73 matched := 0 74 75 for _, p := range policies { 76 for _, ap := range out.AttachedPolicies { 77 // *ap.PolicyArn like arn:aws:iam::111111111111:policy/test-policy 78 parts := strings.Split(*ap.PolicyArn, "/") 79 if len(parts) == 2 && p == parts[1] { 80 matched++ 81 } 82 } 83 } 84 if matched != len(policies) || matched != len(out.AttachedPolicies) { 85 return fmt.Errorf("Error: Number of attached policies was incorrect: expected %d matched policies, matched %d of %d", len(policies), matched, len(out.AttachedPolicies)) 86 } 87 return nil 88 } 89 } 90 91 const testAccAWSRolePolicyAttachConfig = ` 92 resource "aws_iam_role" "role" { 93 name = "test-role" 94 assume_role_policy = <<EOF 95 { 96 "Version": "2012-10-17", 97 "Statement": [ 98 { 99 "Action": "sts:AssumeRole", 100 "Principal": { 101 "Service": "ec2.amazonaws.com" 102 }, 103 "Effect": "Allow", 104 "Sid": "" 105 } 106 ] 107 } 108 EOF 109 } 110 111 resource "aws_iam_policy" "policy" { 112 name = "test-policy" 113 description = "A test policy" 114 policy = <<EOF 115 { 116 "Version": "2012-10-17", 117 "Statement": [ 118 { 119 "Action": [ 120 "iam:ChangePassword" 121 ], 122 "Resource": "*", 123 "Effect": "Allow" 124 } 125 ] 126 } 127 EOF 128 } 129 130 resource "aws_iam_role_policy_attachment" "test-attach" { 131 role = "${aws_iam_role.role.name}" 132 policy_arn = "${aws_iam_policy.policy.arn}" 133 } 134 ` 135 136 const testAccAWSRolePolicyAttachConfigUpdate = ` 137 resource "aws_iam_role" "role" { 138 name = "test-role" 139 assume_role_policy = <<EOF 140 { 141 "Version": "2012-10-17", 142 "Statement": [ 143 { 144 "Action": "sts:AssumeRole", 145 "Principal": { 146 "Service": "ec2.amazonaws.com" 147 }, 148 "Effect": "Allow", 149 "Sid": "" 150 } 151 ] 152 } 153 EOF 154 } 155 156 resource "aws_iam_policy" "policy" { 157 name = "test-policy" 158 description = "A test policy" 159 policy = <<EOF 160 { 161 "Version": "2012-10-17", 162 "Statement": [ 163 { 164 "Action": [ 165 "iam:ChangePassword" 166 ], 167 "Resource": "*", 168 "Effect": "Allow" 169 } 170 ] 171 } 172 EOF 173 } 174 175 resource "aws_iam_policy" "policy2" { 176 name = "test-policy2" 177 description = "A test policy" 178 policy = <<EOF 179 { 180 "Version": "2012-10-17", 181 "Statement": [ 182 { 183 "Action": [ 184 "iam:ChangePassword" 185 ], 186 "Resource": "*", 187 "Effect": "Allow" 188 } 189 ] 190 } 191 EOF 192 } 193 194 resource "aws_iam_policy" "policy3" { 195 name = "test-policy3" 196 description = "A test policy" 197 policy = <<EOF 198 { 199 "Version": "2012-10-17", 200 "Statement": [ 201 { 202 "Action": [ 203 "iam:ChangePassword" 204 ], 205 "Resource": "*", 206 "Effect": "Allow" 207 } 208 ] 209 } 210 EOF 211 } 212 213 resource "aws_iam_role_policy_attachment" "test-attach" { 214 role = "${aws_iam_role.role.name}" 215 policy_arn = "${aws_iam_policy.policy2.arn}" 216 } 217 218 resource "aws_iam_role_policy_attachment" "test-attach2" { 219 role = "${aws_iam_role.role.name}" 220 policy_arn = "${aws_iam_policy.policy3.arn}" 221 } 222 `