github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/resource_aws_iam_role_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  	"testing"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/iam"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/terraform"
    13  )
    14  
    15  func TestAccAWSRole_basic(t *testing.T) {
    16  	var conf iam.GetRoleOutput
    17  
    18  	resource.Test(t, resource.TestCase{
    19  		PreCheck:     func() { testAccPreCheck(t) },
    20  		Providers:    testAccProviders,
    21  		CheckDestroy: testAccCheckAWSRoleDestroy,
    22  		Steps: []resource.TestStep{
    23  			resource.TestStep{
    24  				Config: testAccAWSRoleConfig,
    25  				Check: resource.ComposeTestCheckFunc(
    26  					testAccCheckAWSRoleExists("aws_iam_role.role", &conf),
    27  					testAccCheckAWSRoleAttributes(&conf),
    28  				),
    29  			},
    30  		},
    31  	})
    32  }
    33  
    34  func TestAccAWSRole_namePrefix(t *testing.T) {
    35  	var conf iam.GetRoleOutput
    36  
    37  	resource.Test(t, resource.TestCase{
    38  		PreCheck:        func() { testAccPreCheck(t) },
    39  		IDRefreshName:   "aws_iam_role.role",
    40  		IDRefreshIgnore: []string{"name_prefix"},
    41  		Providers:       testAccProviders,
    42  		CheckDestroy:    testAccCheckAWSRoleDestroy,
    43  		Steps: []resource.TestStep{
    44  			resource.TestStep{
    45  				Config: testAccAWSRolePrefixNameConfig,
    46  				Check: resource.ComposeTestCheckFunc(
    47  					testAccCheckAWSRoleExists("aws_iam_role.role", &conf),
    48  					testAccCheckAWSRoleGeneratedNamePrefix(
    49  						"aws_iam_role.role", "test-role-"),
    50  				),
    51  			},
    52  		},
    53  	})
    54  }
    55  
    56  func TestAccAWSRole_testNameChange(t *testing.T) {
    57  	var conf iam.GetRoleOutput
    58  
    59  	resource.Test(t, resource.TestCase{
    60  		PreCheck:     func() { testAccPreCheck(t) },
    61  		Providers:    testAccProviders,
    62  		CheckDestroy: testAccCheckAWSRoleDestroy,
    63  		Steps: []resource.TestStep{
    64  			resource.TestStep{
    65  				Config: testAccAWSRolePre,
    66  				Check: resource.ComposeTestCheckFunc(
    67  					testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf),
    68  				),
    69  			},
    70  
    71  			resource.TestStep{
    72  				Config: testAccAWSRolePost,
    73  				Check: resource.ComposeTestCheckFunc(
    74  					testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf),
    75  				),
    76  			},
    77  		},
    78  	})
    79  }
    80  
    81  func testAccCheckAWSRoleDestroy(s *terraform.State) error {
    82  	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    83  
    84  	for _, rs := range s.RootModule().Resources {
    85  		if rs.Type != "aws_iam_role" {
    86  			continue
    87  		}
    88  
    89  		// Try to get role
    90  		_, err := iamconn.GetRole(&iam.GetRoleInput{
    91  			RoleName: aws.String(rs.Primary.ID),
    92  		})
    93  		if err == nil {
    94  			return fmt.Errorf("still exist.")
    95  		}
    96  
    97  		// Verify the error is what we want
    98  		ec2err, ok := err.(awserr.Error)
    99  		if !ok {
   100  			return err
   101  		}
   102  		if ec2err.Code() != "NoSuchEntity" {
   103  			return err
   104  		}
   105  	}
   106  
   107  	return nil
   108  }
   109  
   110  func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCheckFunc {
   111  	return func(s *terraform.State) error {
   112  		rs, ok := s.RootModule().Resources[n]
   113  		if !ok {
   114  			return fmt.Errorf("Not found: %s", n)
   115  		}
   116  
   117  		if rs.Primary.ID == "" {
   118  			return fmt.Errorf("No Role name is set")
   119  		}
   120  
   121  		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
   122  
   123  		resp, err := iamconn.GetRole(&iam.GetRoleInput{
   124  			RoleName: aws.String(rs.Primary.ID),
   125  		})
   126  		if err != nil {
   127  			return err
   128  		}
   129  
   130  		*res = *resp
   131  
   132  		return nil
   133  	}
   134  }
   135  
   136  func testAccCheckAWSRoleGeneratedNamePrefix(resource, prefix string) resource.TestCheckFunc {
   137  	return func(s *terraform.State) error {
   138  		r, ok := s.RootModule().Resources[resource]
   139  		if !ok {
   140  			return fmt.Errorf("Resource not found")
   141  		}
   142  		name, ok := r.Primary.Attributes["name"]
   143  		if !ok {
   144  			return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes)
   145  		}
   146  		if !strings.HasPrefix(name, prefix) {
   147  			return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix)
   148  		}
   149  		return nil
   150  	}
   151  }
   152  
   153  func testAccCheckAWSRoleAttributes(role *iam.GetRoleOutput) resource.TestCheckFunc {
   154  	return func(s *terraform.State) error {
   155  		if *role.Role.RoleName != "test-role" {
   156  			return fmt.Errorf("Bad name: %s", *role.Role.RoleName)
   157  		}
   158  
   159  		if *role.Role.Path != "/" {
   160  			return fmt.Errorf("Bad path: %s", *role.Role.Path)
   161  		}
   162  		return nil
   163  	}
   164  }
   165  
   166  const testAccAWSRoleConfig = `
   167  resource "aws_iam_role" "role" {
   168  	name   = "test-role"
   169  	path = "/"
   170  	assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
   171  }
   172  `
   173  
   174  const testAccAWSRolePrefixNameConfig = `
   175  resource "aws_iam_role" "role" {
   176      name_prefix = "test-role-"
   177      path = "/"
   178      assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
   179  }
   180  `
   181  
   182  const testAccAWSRolePre = `
   183  resource "aws_iam_role" "role_update_test" {
   184    name = "tf_old_name"
   185    path = "/test/"
   186    assume_role_policy = <<EOF
   187  {
   188    "Version": "2012-10-17",
   189    "Statement": [
   190      {
   191        "Action": "sts:AssumeRole",
   192        "Principal": {
   193          "Service": "ec2.amazonaws.com"
   194        },
   195        "Effect": "Allow",
   196        "Sid": ""
   197      }
   198    ]
   199  }
   200  EOF
   201  }
   202  
   203  resource "aws_iam_role_policy" "role_update_test" {
   204    name = "role_update_test"
   205    role = "${aws_iam_role.role_update_test.id}"
   206    policy = <<EOF
   207  {
   208    "Version": "2012-10-17",
   209    "Statement": [
   210      {
   211        "Effect": "Allow",
   212        "Action": [
   213          "s3:GetBucketLocation",
   214          "s3:ListAllMyBuckets"
   215        ],
   216        "Resource": "arn:aws:s3:::*"
   217      }
   218    ]
   219  }
   220  EOF
   221  }
   222  
   223  resource "aws_iam_instance_profile" "role_update_test" {
   224    name = "role_update_test"
   225    path = "/test/"
   226    roles = ["${aws_iam_role.role_update_test.name}"]
   227  }
   228  
   229  `
   230  
   231  const testAccAWSRolePost = `
   232  resource "aws_iam_role" "role_update_test" {
   233    name = "tf_new_name"
   234    path = "/test/"
   235    assume_role_policy = <<EOF
   236  {
   237    "Version": "2012-10-17",
   238    "Statement": [
   239      {
   240        "Action": "sts:AssumeRole",
   241        "Principal": {
   242          "Service": "ec2.amazonaws.com"
   243        },
   244        "Effect": "Allow",
   245        "Sid": ""
   246      }
   247    ]
   248  }
   249  EOF
   250  }
   251  
   252  resource "aws_iam_role_policy" "role_update_test" {
   253    name = "role_update_test"
   254    role = "${aws_iam_role.role_update_test.id}"
   255    policy = <<EOF
   256  {
   257    "Version": "2012-10-17",
   258    "Statement": [
   259      {
   260        "Effect": "Allow",
   261        "Action": [
   262          "s3:GetBucketLocation",
   263          "s3:ListAllMyBuckets"
   264        ],
   265        "Resource": "arn:aws:s3:::*"
   266      }
   267    ]
   268  }
   269  EOF
   270  }
   271  
   272  resource "aws_iam_instance_profile" "role_update_test" {
   273    name = "role_update_test"
   274    path = "/test/"
   275    roles = ["${aws_iam_role.role_update_test.name}"]
   276  }
   277  
   278  `