github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/resource_aws_kms_key_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/kms" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSKmsKey_basic(t *testing.T) { 15 var keyBefore, keyAfter kms.KeyMetadata 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckAWSKmsKeyDestroy, 21 Steps: []resource.TestStep{ 22 resource.TestStep{ 23 Config: testAccAWSKmsKey, 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &keyBefore), 26 ), 27 }, 28 resource.TestStep{ 29 Config: testAccAWSKmsKey_removedPolicy, 30 Check: resource.ComposeTestCheckFunc( 31 testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &keyAfter), 32 ), 33 }, 34 }, 35 }) 36 } 37 38 func TestAccAWSKmsKey_isEnabled(t *testing.T) { 39 var key1, key2, key3 kms.KeyMetadata 40 41 resource.Test(t, resource.TestCase{ 42 PreCheck: func() { testAccPreCheck(t) }, 43 Providers: testAccProviders, 44 CheckDestroy: testAccCheckAWSKmsKeyDestroy, 45 Steps: []resource.TestStep{ 46 resource.TestStep{ 47 Config: testAccAWSKmsKey_enabledRotation, 48 Check: resource.ComposeTestCheckFunc( 49 testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key1), 50 resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "true"), 51 testAccCheckAWSKmsKeyIsEnabled(&key1, true), 52 resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "true"), 53 ), 54 }, 55 resource.TestStep{ 56 Config: testAccAWSKmsKey_disabled, 57 Check: resource.ComposeTestCheckFunc( 58 testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key2), 59 resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "false"), 60 testAccCheckAWSKmsKeyIsEnabled(&key2, false), 61 resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "false"), 62 ), 63 }, 64 resource.TestStep{ 65 Config: testAccAWSKmsKey_enabled, 66 Check: resource.ComposeTestCheckFunc( 67 testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key3), 68 resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "true"), 69 testAccCheckAWSKmsKeyIsEnabled(&key3, true), 70 resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "true"), 71 ), 72 }, 73 }, 74 }) 75 } 76 77 func testAccCheckAWSKmsKeyDestroy(s *terraform.State) error { 78 conn := testAccProvider.Meta().(*AWSClient).kmsconn 79 80 for _, rs := range s.RootModule().Resources { 81 if rs.Type != "aws_kms_key" { 82 continue 83 } 84 85 out, err := conn.DescribeKey(&kms.DescribeKeyInput{ 86 KeyId: aws.String(rs.Primary.ID), 87 }) 88 89 if err != nil { 90 return err 91 } 92 93 if *out.KeyMetadata.KeyState == "PendingDeletion" { 94 return nil 95 } 96 97 return fmt.Errorf("KMS key still exists:\n%#v", out.KeyMetadata) 98 } 99 100 return nil 101 } 102 103 func testAccCheckAWSKmsKeyExists(name string, key *kms.KeyMetadata) resource.TestCheckFunc { 104 return func(s *terraform.State) error { 105 rs, ok := s.RootModule().Resources[name] 106 if !ok { 107 return fmt.Errorf("Not found: %s", name) 108 } 109 110 if rs.Primary.ID == "" { 111 return fmt.Errorf("No KMS Key ID is set") 112 } 113 114 conn := testAccProvider.Meta().(*AWSClient).kmsconn 115 116 out, err := conn.DescribeKey(&kms.DescribeKeyInput{ 117 KeyId: aws.String(rs.Primary.ID), 118 }) 119 if err != nil { 120 return err 121 } 122 123 *key = *out.KeyMetadata 124 125 return nil 126 } 127 } 128 129 func testAccCheckAWSKmsKeyIsEnabled(key *kms.KeyMetadata, isEnabled bool) resource.TestCheckFunc { 130 return func(s *terraform.State) error { 131 if *key.Enabled != isEnabled { 132 return fmt.Errorf("Expected key %q to have is_enabled=%t, given %t", 133 *key.Arn, isEnabled, *key.Enabled) 134 } 135 136 return nil 137 } 138 } 139 140 var kmsTimestamp = time.Now().Format(time.RFC1123) 141 var testAccAWSKmsKey = fmt.Sprintf(` 142 resource "aws_kms_key" "foo" { 143 description = "Terraform acc test %s" 144 deletion_window_in_days = 7 145 policy = <<POLICY 146 { 147 "Version": "2012-10-17", 148 "Id": "kms-tf-1", 149 "Statement": [ 150 { 151 "Sid": "Enable IAM User Permissions", 152 "Effect": "Allow", 153 "Principal": { 154 "AWS": "*" 155 }, 156 "Action": "kms:*", 157 "Resource": "*" 158 } 159 ] 160 } 161 POLICY 162 }`, kmsTimestamp) 163 164 var testAccAWSKmsKey_removedPolicy = fmt.Sprintf(` 165 resource "aws_kms_key" "foo" { 166 description = "Terraform acc test %s" 167 deletion_window_in_days = 7 168 }`, kmsTimestamp) 169 170 var testAccAWSKmsKey_enabledRotation = fmt.Sprintf(` 171 resource "aws_kms_key" "bar" { 172 description = "Terraform acc test is_enabled %s" 173 deletion_window_in_days = 7 174 enable_key_rotation = true 175 }`, kmsTimestamp) 176 var testAccAWSKmsKey_disabled = fmt.Sprintf(` 177 resource "aws_kms_key" "bar" { 178 description = "Terraform acc test is_enabled %s" 179 deletion_window_in_days = 7 180 enable_key_rotation = false 181 is_enabled = false 182 }`, kmsTimestamp) 183 var testAccAWSKmsKey_enabled = fmt.Sprintf(` 184 resource "aws_kms_key" "bar" { 185 description = "Terraform acc test is_enabled %s" 186 deletion_window_in_days = 7 187 enable_key_rotation = true 188 is_enabled = true 189 }`, kmsTimestamp)