github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/resource_aws_iam_role_policy_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/acctest"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/terraform"
    13  )
    14  
    15  func TestAccAWSIAMRolePolicy_basic(t *testing.T) {
    16  	role := acctest.RandString(10)
    17  	policy1 := acctest.RandString(10)
    18  	policy2 := acctest.RandString(10)
    19  
    20  	resource.Test(t, resource.TestCase{
    21  		PreCheck:     func() { testAccPreCheck(t) },
    22  		Providers:    testAccProviders,
    23  		CheckDestroy: testAccCheckIAMRolePolicyDestroy,
    24  		Steps: []resource.TestStep{
    25  			resource.TestStep{
    26  				Config: testAccIAMRolePolicyConfig(role, policy1),
    27  				Check: resource.ComposeTestCheckFunc(
    28  					testAccCheckIAMRolePolicy(
    29  						"aws_iam_role.role",
    30  						"aws_iam_role_policy.foo",
    31  					),
    32  				),
    33  			},
    34  			resource.TestStep{
    35  				Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2),
    36  				Check: resource.ComposeTestCheckFunc(
    37  					testAccCheckIAMRolePolicy(
    38  						"aws_iam_role.role",
    39  						"aws_iam_role_policy.bar",
    40  					),
    41  				),
    42  			},
    43  		},
    44  	})
    45  }
    46  
    47  func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error {
    48  	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    49  
    50  	for _, rs := range s.RootModule().Resources {
    51  		if rs.Type != "aws_iam_role_policy" {
    52  			continue
    53  		}
    54  
    55  		role, name := resourceAwsIamRolePolicyParseId(rs.Primary.ID)
    56  
    57  		request := &iam.GetRolePolicyInput{
    58  			PolicyName: aws.String(name),
    59  			RoleName:   aws.String(role),
    60  		}
    61  
    62  		var err error
    63  		getResp, err := iamconn.GetRolePolicy(request)
    64  		if err != nil {
    65  			if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
    66  				// none found, that's good
    67  				return nil
    68  			}
    69  			return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err)
    70  		}
    71  
    72  		if getResp != nil {
    73  			return fmt.Errorf("Found IAM Role, expected none: %s", getResp)
    74  		}
    75  	}
    76  
    77  	return nil
    78  }
    79  
    80  func testAccCheckIAMRolePolicy(
    81  	iamRoleResource string,
    82  	iamRolePolicyResource string) resource.TestCheckFunc {
    83  	return func(s *terraform.State) error {
    84  		rs, ok := s.RootModule().Resources[iamRoleResource]
    85  		if !ok {
    86  			return fmt.Errorf("Not Found: %s", iamRoleResource)
    87  		}
    88  
    89  		if rs.Primary.ID == "" {
    90  			return fmt.Errorf("No ID is set")
    91  		}
    92  
    93  		policy, ok := s.RootModule().Resources[iamRolePolicyResource]
    94  		if !ok {
    95  			return fmt.Errorf("Not Found: %s", iamRolePolicyResource)
    96  		}
    97  
    98  		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    99  		role, name := resourceAwsIamRolePolicyParseId(policy.Primary.ID)
   100  		_, err := iamconn.GetRolePolicy(&iam.GetRolePolicyInput{
   101  			RoleName:   aws.String(role),
   102  			PolicyName: aws.String(name),
   103  		})
   104  
   105  		if err != nil {
   106  			return err
   107  		}
   108  
   109  		return nil
   110  	}
   111  }
   112  
   113  func testAccIAMRolePolicyConfig(role, policy1 string) string {
   114  	return fmt.Sprintf(`
   115  resource "aws_iam_role" "role" {
   116  	name = "tf_test_role_%s"
   117  	path = "/"
   118  	assume_role_policy = <<EOF
   119  {
   120    "Version": "2012-10-17",
   121    "Statement": [
   122      {
   123        "Action": "sts:AssumeRole",
   124        "Principal": {
   125          "Service": "ec2.amazonaws.com"
   126        },
   127        "Effect": "Allow",
   128        "Sid": ""
   129      }
   130    ]
   131  }
   132  EOF
   133  }
   134  
   135  resource "aws_iam_role_policy" "foo" {
   136  	name = "tf_test_policy_%s"
   137  	role = "${aws_iam_role.role.name}"
   138  	policy = <<EOF
   139  {
   140    "Version": "2012-10-17",
   141    "Statement": {
   142      "Effect": "Allow",
   143      "Action": "*",
   144      "Resource": "*"
   145    }
   146  }
   147  EOF
   148  }
   149  `, role, policy1)
   150  }
   151  
   152  func testAccIAMRolePolicyConfigUpdate(role, policy1, policy2 string) string {
   153  	return fmt.Sprintf(`
   154  resource "aws_iam_role" "role" {
   155  	name = "tf_test_role_%s"
   156  	path = "/"
   157  	assume_role_policy = <<EOF
   158  {
   159    "Version": "2012-10-17",
   160    "Statement": [
   161      {
   162        "Action": "sts:AssumeRole",
   163        "Principal": {
   164          "Service": "ec2.amazonaws.com"
   165        },
   166        "Effect": "Allow",
   167        "Sid": ""
   168      }
   169    ]
   170  }
   171  EOF
   172  }
   173  
   174  resource "aws_iam_role_policy" "foo" {
   175  	name = "tf_test_policy_%s"
   176  	role = "${aws_iam_role.role.name}"
   177  	policy = <<EOF
   178  {
   179    "Version": "2012-10-17",
   180    "Statement": {
   181      "Effect": "Allow",
   182      "Action": "*",
   183      "Resource": "*"
   184    }
   185  }
   186  EOF
   187  }
   188  
   189  resource "aws_iam_role_policy" "bar" {
   190  	name = "tf_test_policy_2_%s"
   191  	role = "${aws_iam_role.role.name}"
   192  	policy = <<EOF
   193  {
   194    "Version": "2012-10-17",
   195    "Statement": {
   196      "Effect": "Allow",
   197      "Action": "*",
   198      "Resource": "*"
   199    }
   200  }
   201  EOF
   202  }
   203  `, role, policy1, policy2)
   204  }