github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/resource_aws_iam_role_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/iam" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSRole_basic(t *testing.T) { 16 var conf iam.GetRoleOutput 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSRoleDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAWSRoleConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 27 testAccCheckAWSRoleAttributes(&conf), 28 ), 29 }, 30 }, 31 }) 32 } 33 34 func TestAccAWSRole_namePrefix(t *testing.T) { 35 var conf iam.GetRoleOutput 36 37 resource.Test(t, resource.TestCase{ 38 PreCheck: func() { testAccPreCheck(t) }, 39 IDRefreshName: "aws_iam_role.role", 40 IDRefreshIgnore: []string{"name_prefix"}, 41 Providers: testAccProviders, 42 CheckDestroy: testAccCheckAWSRoleDestroy, 43 Steps: []resource.TestStep{ 44 resource.TestStep{ 45 Config: testAccAWSRolePrefixNameConfig, 46 Check: resource.ComposeTestCheckFunc( 47 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 48 testAccCheckAWSRoleGeneratedNamePrefix( 49 "aws_iam_role.role", "test-role-"), 50 ), 51 }, 52 }, 53 }) 54 } 55 56 func TestAccAWSRole_testNameChange(t *testing.T) { 57 var conf iam.GetRoleOutput 58 59 resource.Test(t, resource.TestCase{ 60 PreCheck: func() { testAccPreCheck(t) }, 61 Providers: testAccProviders, 62 CheckDestroy: testAccCheckAWSRoleDestroy, 63 Steps: []resource.TestStep{ 64 resource.TestStep{ 65 Config: testAccAWSRolePre, 66 Check: resource.ComposeTestCheckFunc( 67 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 68 ), 69 }, 70 71 resource.TestStep{ 72 Config: testAccAWSRolePost, 73 Check: resource.ComposeTestCheckFunc( 74 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 75 ), 76 }, 77 }, 78 }) 79 } 80 81 func testAccCheckAWSRoleDestroy(s *terraform.State) error { 82 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 83 84 for _, rs := range s.RootModule().Resources { 85 if rs.Type != "aws_iam_role" { 86 continue 87 } 88 89 // Try to get role 90 _, err := iamconn.GetRole(&iam.GetRoleInput{ 91 RoleName: aws.String(rs.Primary.ID), 92 }) 93 if err == nil { 94 return fmt.Errorf("still exist.") 95 } 96 97 // Verify the error is what we want 98 ec2err, ok := err.(awserr.Error) 99 if !ok { 100 return err 101 } 102 if ec2err.Code() != "NoSuchEntity" { 103 return err 104 } 105 } 106 107 return nil 108 } 109 110 func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCheckFunc { 111 return func(s *terraform.State) error { 112 rs, ok := s.RootModule().Resources[n] 113 if !ok { 114 return fmt.Errorf("Not found: %s", n) 115 } 116 117 if rs.Primary.ID == "" { 118 return fmt.Errorf("No Role name is set") 119 } 120 121 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 122 123 resp, err := iamconn.GetRole(&iam.GetRoleInput{ 124 RoleName: aws.String(rs.Primary.ID), 125 }) 126 if err != nil { 127 return err 128 } 129 130 *res = *resp 131 132 return nil 133 } 134 } 135 136 func testAccCheckAWSRoleGeneratedNamePrefix(resource, prefix string) resource.TestCheckFunc { 137 return func(s *terraform.State) error { 138 r, ok := s.RootModule().Resources[resource] 139 if !ok { 140 return fmt.Errorf("Resource not found") 141 } 142 name, ok := r.Primary.Attributes["name"] 143 if !ok { 144 return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes) 145 } 146 if !strings.HasPrefix(name, prefix) { 147 return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix) 148 } 149 return nil 150 } 151 } 152 153 func testAccCheckAWSRoleAttributes(role *iam.GetRoleOutput) resource.TestCheckFunc { 154 return func(s *terraform.State) error { 155 if *role.Role.RoleName != "test-role" { 156 return fmt.Errorf("Bad name: %s", *role.Role.RoleName) 157 } 158 159 if *role.Role.Path != "/" { 160 return fmt.Errorf("Bad path: %s", *role.Role.Path) 161 } 162 return nil 163 } 164 } 165 166 const testAccAWSRoleConfig = ` 167 resource "aws_iam_role" "role" { 168 name = "test-role" 169 path = "/" 170 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 171 } 172 ` 173 174 const testAccAWSRolePrefixNameConfig = ` 175 resource "aws_iam_role" "role" { 176 name_prefix = "test-role-" 177 path = "/" 178 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 179 } 180 ` 181 182 const testAccAWSRolePre = ` 183 resource "aws_iam_role" "role_update_test" { 184 name = "tf_old_name" 185 path = "/test/" 186 assume_role_policy = <<EOF 187 { 188 "Version": "2012-10-17", 189 "Statement": [ 190 { 191 "Action": "sts:AssumeRole", 192 "Principal": { 193 "Service": "ec2.amazonaws.com" 194 }, 195 "Effect": "Allow", 196 "Sid": "" 197 } 198 ] 199 } 200 EOF 201 } 202 203 resource "aws_iam_role_policy" "role_update_test" { 204 name = "role_update_test" 205 role = "${aws_iam_role.role_update_test.id}" 206 policy = <<EOF 207 { 208 "Version": "2012-10-17", 209 "Statement": [ 210 { 211 "Effect": "Allow", 212 "Action": [ 213 "s3:GetBucketLocation", 214 "s3:ListAllMyBuckets" 215 ], 216 "Resource": "arn:aws:s3:::*" 217 } 218 ] 219 } 220 EOF 221 } 222 223 resource "aws_iam_instance_profile" "role_update_test" { 224 name = "role_update_test" 225 path = "/test/" 226 roles = ["${aws_iam_role.role_update_test.name}"] 227 } 228 229 ` 230 231 const testAccAWSRolePost = ` 232 resource "aws_iam_role" "role_update_test" { 233 name = "tf_new_name" 234 path = "/test/" 235 assume_role_policy = <<EOF 236 { 237 "Version": "2012-10-17", 238 "Statement": [ 239 { 240 "Action": "sts:AssumeRole", 241 "Principal": { 242 "Service": "ec2.amazonaws.com" 243 }, 244 "Effect": "Allow", 245 "Sid": "" 246 } 247 ] 248 } 249 EOF 250 } 251 252 resource "aws_iam_role_policy" "role_update_test" { 253 name = "role_update_test" 254 role = "${aws_iam_role.role_update_test.id}" 255 policy = <<EOF 256 { 257 "Version": "2012-10-17", 258 "Statement": [ 259 { 260 "Effect": "Allow", 261 "Action": [ 262 "s3:GetBucketLocation", 263 "s3:ListAllMyBuckets" 264 ], 265 "Resource": "arn:aws:s3:::*" 266 } 267 ] 268 } 269 EOF 270 } 271 272 resource "aws_iam_instance_profile" "role_update_test" { 273 name = "role_update_test" 274 path = "/test/" 275 roles = ["${aws_iam_role.role_update_test.name}"] 276 } 277 278 `