github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/resource_aws_iam_role_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSIAMRolePolicy_basic(t *testing.T) { 16 role := acctest.RandString(10) 17 policy1 := acctest.RandString(10) 18 policy2 := acctest.RandString(10) 19 20 resource.Test(t, resource.TestCase{ 21 PreCheck: func() { testAccPreCheck(t) }, 22 Providers: testAccProviders, 23 CheckDestroy: testAccCheckIAMRolePolicyDestroy, 24 Steps: []resource.TestStep{ 25 resource.TestStep{ 26 Config: testAccIAMRolePolicyConfig(role, policy1), 27 Check: resource.ComposeTestCheckFunc( 28 testAccCheckIAMRolePolicy( 29 "aws_iam_role.role", 30 "aws_iam_role_policy.foo", 31 ), 32 ), 33 }, 34 resource.TestStep{ 35 Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2), 36 Check: resource.ComposeTestCheckFunc( 37 testAccCheckIAMRolePolicy( 38 "aws_iam_role.role", 39 "aws_iam_role_policy.bar", 40 ), 41 ), 42 }, 43 }, 44 }) 45 } 46 47 func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error { 48 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 49 50 for _, rs := range s.RootModule().Resources { 51 if rs.Type != "aws_iam_role_policy" { 52 continue 53 } 54 55 role, name := resourceAwsIamRolePolicyParseId(rs.Primary.ID) 56 57 request := &iam.GetRolePolicyInput{ 58 PolicyName: aws.String(name), 59 RoleName: aws.String(role), 60 } 61 62 var err error 63 getResp, err := iamconn.GetRolePolicy(request) 64 if err != nil { 65 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 66 // none found, that's good 67 return nil 68 } 69 return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) 70 } 71 72 if getResp != nil { 73 return fmt.Errorf("Found IAM Role, expected none: %s", getResp) 74 } 75 } 76 77 return nil 78 } 79 80 func testAccCheckIAMRolePolicy( 81 iamRoleResource string, 82 iamRolePolicyResource string) resource.TestCheckFunc { 83 return func(s *terraform.State) error { 84 rs, ok := s.RootModule().Resources[iamRoleResource] 85 if !ok { 86 return fmt.Errorf("Not Found: %s", iamRoleResource) 87 } 88 89 if rs.Primary.ID == "" { 90 return fmt.Errorf("No ID is set") 91 } 92 93 policy, ok := s.RootModule().Resources[iamRolePolicyResource] 94 if !ok { 95 return fmt.Errorf("Not Found: %s", iamRolePolicyResource) 96 } 97 98 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 99 role, name := resourceAwsIamRolePolicyParseId(policy.Primary.ID) 100 _, err := iamconn.GetRolePolicy(&iam.GetRolePolicyInput{ 101 RoleName: aws.String(role), 102 PolicyName: aws.String(name), 103 }) 104 105 if err != nil { 106 return err 107 } 108 109 return nil 110 } 111 } 112 113 func testAccIAMRolePolicyConfig(role, policy1 string) string { 114 return fmt.Sprintf(` 115 resource "aws_iam_role" "role" { 116 name = "tf_test_role_%s" 117 path = "/" 118 assume_role_policy = <<EOF 119 { 120 "Version": "2012-10-17", 121 "Statement": [ 122 { 123 "Action": "sts:AssumeRole", 124 "Principal": { 125 "Service": "ec2.amazonaws.com" 126 }, 127 "Effect": "Allow", 128 "Sid": "" 129 } 130 ] 131 } 132 EOF 133 } 134 135 resource "aws_iam_role_policy" "foo" { 136 name = "tf_test_policy_%s" 137 role = "${aws_iam_role.role.name}" 138 policy = <<EOF 139 { 140 "Version": "2012-10-17", 141 "Statement": { 142 "Effect": "Allow", 143 "Action": "*", 144 "Resource": "*" 145 } 146 } 147 EOF 148 } 149 `, role, policy1) 150 } 151 152 func testAccIAMRolePolicyConfigUpdate(role, policy1, policy2 string) string { 153 return fmt.Sprintf(` 154 resource "aws_iam_role" "role" { 155 name = "tf_test_role_%s" 156 path = "/" 157 assume_role_policy = <<EOF 158 { 159 "Version": "2012-10-17", 160 "Statement": [ 161 { 162 "Action": "sts:AssumeRole", 163 "Principal": { 164 "Service": "ec2.amazonaws.com" 165 }, 166 "Effect": "Allow", 167 "Sid": "" 168 } 169 ] 170 } 171 EOF 172 } 173 174 resource "aws_iam_role_policy" "foo" { 175 name = "tf_test_policy_%s" 176 role = "${aws_iam_role.role.name}" 177 policy = <<EOF 178 { 179 "Version": "2012-10-17", 180 "Statement": { 181 "Effect": "Allow", 182 "Action": "*", 183 "Resource": "*" 184 } 185 } 186 EOF 187 } 188 189 resource "aws_iam_role_policy" "bar" { 190 name = "tf_test_policy_2_%s" 191 role = "${aws_iam_role.role.name}" 192 policy = <<EOF 193 { 194 "Version": "2012-10-17", 195 "Statement": { 196 "Effect": "Allow", 197 "Action": "*", 198 "Resource": "*" 199 } 200 } 201 EOF 202 } 203 `, role, policy1, policy2) 204 }