github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/data_source_aws_iam_policy_document_test.go (about) 1 package aws 2 3 import ( 4 "testing" 5 6 "fmt" 7 "github.com/hashicorp/terraform/helper/resource" 8 "github.com/hashicorp/terraform/terraform" 9 ) 10 11 func TestAccAWSIAMPolicyDocument(t *testing.T) { 12 // This really ought to be able to be a unit test rather than an 13 // acceptance test, but just instantiating the AWS provider requires 14 // some AWS API calls, and so this needs valid AWS credentials to work. 15 resource.Test(t, resource.TestCase{ 16 PreCheck: func() { testAccPreCheck(t) }, 17 Providers: testAccProviders, 18 Steps: []resource.TestStep{ 19 { 20 Config: testAccAWSIAMPolicyDocumentConfig, 21 Check: resource.ComposeTestCheckFunc( 22 testAccCheckStateValue( 23 "data.aws_iam_policy_document.test", 24 "json", 25 testAccAWSIAMPolicyDocumentExpectedJSON, 26 ), 27 ), 28 }, 29 }, 30 }) 31 } 32 33 func testAccCheckStateValue(id, name, value string) resource.TestCheckFunc { 34 return func(s *terraform.State) error { 35 rs, ok := s.RootModule().Resources[id] 36 if !ok { 37 return fmt.Errorf("Not found: %s", id) 38 } 39 if rs.Primary.ID == "" { 40 return fmt.Errorf("No ID is set") 41 } 42 43 v := rs.Primary.Attributes[name] 44 if v != value { 45 return fmt.Errorf( 46 "Value for %s is %s, not %s", name, v, value) 47 } 48 49 return nil 50 } 51 } 52 53 var testAccAWSIAMPolicyDocumentConfig = ` 54 data "aws_iam_policy_document" "test" { 55 policy_id = "policy_id" 56 statement { 57 sid = "1" 58 actions = [ 59 "s3:ListAllMyBuckets", 60 "s3:GetBucketLocation", 61 ] 62 resources = [ 63 "arn:aws:s3:::*", 64 ] 65 } 66 67 statement { 68 actions = [ 69 "s3:ListBucket", 70 ] 71 resources = [ 72 "arn:aws:s3:::foo", 73 ] 74 condition { 75 test = "StringLike" 76 variable = "s3:prefix" 77 values = [ 78 "home/", 79 "home/&{aws:username}/", 80 ] 81 } 82 83 not_principals { 84 type = "AWS" 85 identifiers = ["arn:blahblah:example"] 86 } 87 } 88 89 statement { 90 actions = [ 91 "s3:*", 92 ] 93 resources = [ 94 "arn:aws:s3:::foo/home/&{aws:username}", 95 "arn:aws:s3:::foo/home/&{aws:username}/*", 96 ] 97 principals { 98 type = "AWS" 99 identifiers = ["arn:blahblah:example"] 100 } 101 } 102 103 statement { 104 effect = "Deny" 105 not_actions = ["s3:*"] 106 not_resources = ["arn:aws:s3:::*"] 107 } 108 109 } 110 ` 111 112 var testAccAWSIAMPolicyDocumentExpectedJSON = `{ 113 "Version": "2012-10-17", 114 "Id": "policy_id", 115 "Statement": [ 116 { 117 "Sid": "1", 118 "Effect": "Allow", 119 "Action": [ 120 "s3:ListAllMyBuckets", 121 "s3:GetBucketLocation" 122 ], 123 "Resource": "arn:aws:s3:::*" 124 }, 125 { 126 "Sid": "", 127 "Effect": "Allow", 128 "Action": "s3:ListBucket", 129 "Resource": "arn:aws:s3:::foo", 130 "NotPrincipal": { 131 "AWS": "arn:blahblah:example" 132 }, 133 "Condition": { 134 "StringLike": { 135 "s3:prefix": [ 136 "home/${aws:username}/", 137 "home/" 138 ] 139 } 140 } 141 }, 142 { 143 "Sid": "", 144 "Effect": "Allow", 145 "Action": "s3:*", 146 "Resource": [ 147 "arn:aws:s3:::foo/home/${aws:username}/*", 148 "arn:aws:s3:::foo/home/${aws:username}" 149 ], 150 "Principal": { 151 "AWS": "arn:blahblah:example" 152 } 153 }, 154 { 155 "Sid": "", 156 "Effect": "Deny", 157 "NotAction": "s3:*", 158 "NotResource": "arn:aws:s3:::*" 159 } 160 ] 161 }`