github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/resource_aws_vpc_endpoint_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSVpcEndpoint_basic(t *testing.T) { 17 var endpoint ec2.VpcEndpoint 18 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 22 Providers: testAccProviders, 23 CheckDestroy: testAccCheckVpcEndpointDestroy, 24 Steps: []resource.TestStep{ 25 resource.TestStep{ 26 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 27 Check: resource.ComposeTestCheckFunc( 28 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 29 testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"), 30 ), 31 }, 32 }, 33 }) 34 } 35 36 func TestAccAWSVpcEndpoint_withRouteTableAndPolicy(t *testing.T) { 37 var endpoint ec2.VpcEndpoint 38 var routeTable ec2.RouteTable 39 40 resource.Test(t, resource.TestCase{ 41 PreCheck: func() { testAccPreCheck(t) }, 42 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 43 Providers: testAccProviders, 44 CheckDestroy: testAccCheckVpcEndpointDestroy, 45 Steps: []resource.TestStep{ 46 resource.TestStep{ 47 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 48 Check: resource.ComposeTestCheckFunc( 49 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 50 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 51 ), 52 }, 53 resource.TestStep{ 54 Config: testAccVpcEndpointWithRouteTableAndPolicyConfigModified, 55 Check: resource.ComposeTestCheckFunc( 56 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 57 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 58 ), 59 }, 60 }, 61 }) 62 } 63 64 func TestAccAWSVpcEndpoint_WithoutRouteTableOrPolicyConfig(t *testing.T) { 65 var endpoint ec2.VpcEndpoint 66 67 resource.Test(t, resource.TestCase{ 68 PreCheck: func() { testAccPreCheck(t) }, 69 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 70 Providers: testAccProviders, 71 CheckDestroy: testAccCheckVpcEndpointDestroy, 72 Steps: []resource.TestStep{ 73 resource.TestStep{ 74 Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig, 75 Check: resource.ComposeTestCheckFunc( 76 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 77 testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"), 78 ), 79 }, 80 }, 81 }) 82 } 83 84 func TestAccAWSVpcEndpoint_removed(t *testing.T) { 85 var endpoint ec2.VpcEndpoint 86 87 // reach out and DELETE the VPC Endpoint outside of Terraform 88 testDestroy := func(*terraform.State) error { 89 conn := testAccProvider.Meta().(*AWSClient).ec2conn 90 input := &ec2.DeleteVpcEndpointsInput{ 91 VpcEndpointIds: []*string{endpoint.VpcEndpointId}, 92 } 93 94 _, err := conn.DeleteVpcEndpoints(input) 95 if err != nil { 96 return err 97 } 98 return nil 99 } 100 101 resource.Test(t, resource.TestCase{ 102 PreCheck: func() { testAccPreCheck(t) }, 103 Providers: testAccProviders, 104 CheckDestroy: testAccCheckVpcEndpointDestroy, 105 Steps: []resource.TestStep{ 106 resource.TestStep{ 107 Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig, 108 Check: resource.ComposeTestCheckFunc( 109 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 110 testDestroy, 111 ), 112 ExpectNonEmptyPlan: true, 113 }, 114 }, 115 }) 116 } 117 118 func testAccCheckVpcEndpointDestroy(s *terraform.State) error { 119 conn := testAccProvider.Meta().(*AWSClient).ec2conn 120 121 for _, rs := range s.RootModule().Resources { 122 if rs.Type != "aws_vpc_endpoint" { 123 continue 124 } 125 126 // Try to find the VPC 127 input := &ec2.DescribeVpcEndpointsInput{ 128 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 129 } 130 resp, err := conn.DescribeVpcEndpoints(input) 131 if err != nil { 132 // Verify the error is what we want 133 if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidVpcEndpointId.NotFound" { 134 continue 135 } 136 return err 137 } 138 if len(resp.VpcEndpoints) > 0 { 139 return fmt.Errorf("VPC Endpoints still exist.") 140 } 141 142 return err 143 } 144 145 return nil 146 } 147 148 func testAccCheckVpcEndpointExists(n string, endpoint *ec2.VpcEndpoint) resource.TestCheckFunc { 149 return func(s *terraform.State) error { 150 rs, ok := s.RootModule().Resources[n] 151 if !ok { 152 return fmt.Errorf("Not found: %s", n) 153 } 154 155 if rs.Primary.ID == "" { 156 return fmt.Errorf("No VPC Endpoint ID is set") 157 } 158 159 conn := testAccProvider.Meta().(*AWSClient).ec2conn 160 input := &ec2.DescribeVpcEndpointsInput{ 161 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 162 } 163 resp, err := conn.DescribeVpcEndpoints(input) 164 if err != nil { 165 return err 166 } 167 if len(resp.VpcEndpoints) == 0 { 168 return fmt.Errorf("VPC Endpoint not found") 169 } 170 171 *endpoint = *resp.VpcEndpoints[0] 172 173 return nil 174 } 175 } 176 177 func testAccCheckVpcEndpointPrefixListAvailable(n string) resource.TestCheckFunc { 178 return func(s *terraform.State) error { 179 rs, ok := s.RootModule().Resources[n] 180 if !ok { 181 return fmt.Errorf("Not found: %s", n) 182 } 183 184 prefixListID := rs.Primary.Attributes["prefix_list_id"] 185 if prefixListID == "" { 186 return fmt.Errorf("Prefix list ID not available") 187 } 188 if !strings.HasPrefix(prefixListID, "pl") { 189 return fmt.Errorf("Prefix list ID does not appear to be a valid value: '%s'", prefixListID) 190 } 191 192 return nil 193 } 194 } 195 196 const testAccVpcEndpointWithRouteTableAndPolicyConfig = ` 197 resource "aws_vpc" "foo" { 198 cidr_block = "10.0.0.0/16" 199 } 200 201 resource "aws_subnet" "foo" { 202 vpc_id = "${aws_vpc.foo.id}" 203 cidr_block = "10.0.1.0/24" 204 } 205 206 resource "aws_vpc_endpoint" "second-private-s3" { 207 vpc_id = "${aws_vpc.foo.id}" 208 service_name = "com.amazonaws.us-west-2.s3" 209 route_table_ids = ["${aws_route_table.default.id}"] 210 policy = <<POLICY 211 { 212 "Version": "2012-10-17", 213 "Statement": [ 214 { 215 "Sid":"AllowAll", 216 "Effect":"Allow", 217 "Principal":"*", 218 "Action":"*", 219 "Resource":"*" 220 } 221 ] 222 } 223 POLICY 224 } 225 226 resource "aws_route_table" "default" { 227 vpc_id = "${aws_vpc.foo.id}" 228 } 229 230 resource "aws_route_table_association" "main" { 231 subnet_id = "${aws_subnet.foo.id}" 232 route_table_id = "${aws_route_table.default.id}" 233 } 234 ` 235 236 const testAccVpcEndpointWithRouteTableAndPolicyConfigModified = ` 237 resource "aws_vpc" "foo" { 238 cidr_block = "10.0.0.0/16" 239 } 240 241 resource "aws_subnet" "foo" { 242 vpc_id = "${aws_vpc.foo.id}" 243 cidr_block = "10.0.1.0/24" 244 } 245 246 resource "aws_vpc_endpoint" "second-private-s3" { 247 vpc_id = "${aws_vpc.foo.id}" 248 service_name = "com.amazonaws.us-west-2.s3" 249 route_table_ids = ["${aws_route_table.default.id}"] 250 policy = <<POLICY 251 { 252 "Version": "2012-10-17", 253 "Statement": [ 254 { 255 "Sid":"AllowAll", 256 "Effect":"Allow", 257 "Principal":"*", 258 "Action":"*", 259 "Resource":"*" 260 } 261 ] 262 } 263 POLICY 264 } 265 266 resource "aws_internet_gateway" "gw" { 267 vpc_id = "${aws_vpc.foo.id}" 268 } 269 270 resource "aws_route_table" "default" { 271 vpc_id = "${aws_vpc.foo.id}" 272 273 route { 274 cidr_block = "0.0.0.0/0" 275 gateway_id = "${aws_internet_gateway.gw.id}" 276 } 277 } 278 279 resource "aws_route_table_association" "main" { 280 subnet_id = "${aws_subnet.foo.id}" 281 route_table_id = "${aws_route_table.default.id}" 282 } 283 ` 284 285 const testAccVpcEndpointWithoutRouteTableOrPolicyConfig = ` 286 resource "aws_vpc" "foo" { 287 cidr_block = "10.0.0.0/16" 288 } 289 290 resource "aws_vpc_endpoint" "second-private-s3" { 291 vpc_id = "${aws_vpc.foo.id}" 292 service_name = "com.amazonaws.us-west-2.s3" 293 } 294 `