github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/resource_aws_load_balancer_backend_server_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/elb" 10 11 tlsprovider "github.com/hashicorp/terraform/builtin/providers/tls" 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSLoadBalancerBackendServerPolicy_basic(t *testing.T) { 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: map[string]terraform.ResourceProvider{ 20 "aws": testAccProvider, 21 "tls": tlsprovider.Provider(), 22 }, 23 CheckDestroy: testAccCheckAWSLoadBalancerBackendServerPolicyDestroy, 24 Steps: []resource.TestStep{ 25 resource.TestStep{ 26 Config: testAccAWSLoadBalancerBackendServerPolicyConfig_basic0, 27 Check: resource.ComposeTestCheckFunc( 28 testAccCheckAWSLoadBalancerPolicyState("aws_elb.test-lb", "aws_load_balancer_policy.test-pubkey-policy0"), 29 testAccCheckAWSLoadBalancerPolicyState("aws_elb.test-lb", "aws_load_balancer_policy.test-backend-auth-policy0"), 30 testAccCheckAWSLoadBalancerBackendServerPolicyState("test-aws-policies-lb", "test-backend-auth-policy0", true), 31 ), 32 }, 33 resource.TestStep{ 34 Config: testAccAWSLoadBalancerBackendServerPolicyConfig_basic1, 35 Check: resource.ComposeTestCheckFunc( 36 testAccCheckAWSLoadBalancerPolicyState("aws_elb.test-lb", "aws_load_balancer_policy.test-pubkey-policy0"), 37 testAccCheckAWSLoadBalancerPolicyState("aws_elb.test-lb", "aws_load_balancer_policy.test-pubkey-policy1"), 38 testAccCheckAWSLoadBalancerPolicyState("aws_elb.test-lb", "aws_load_balancer_policy.test-backend-auth-policy0"), 39 testAccCheckAWSLoadBalancerBackendServerPolicyState("test-aws-policies-lb", "test-backend-auth-policy0", true), 40 ), 41 }, 42 resource.TestStep{ 43 Config: testAccAWSLoadBalancerBackendServerPolicyConfig_basic2, 44 Check: resource.ComposeTestCheckFunc( 45 testAccCheckAWSLoadBalancerBackendServerPolicyState("test-aws-policies-lb", "test-backend-auth-policy0", false), 46 ), 47 }, 48 }, 49 }) 50 } 51 52 func policyInBackendServerPolicies(str string, list []string) bool { 53 for _, v := range list { 54 if v == str { 55 return true 56 } 57 } 58 return false 59 } 60 61 func testAccCheckAWSLoadBalancerBackendServerPolicyDestroy(s *terraform.State) error { 62 conn := testAccProvider.Meta().(*AWSClient).elbconn 63 64 for _, rs := range s.RootModule().Resources { 65 switch { 66 case rs.Type == "aws_load_balancer_policy": 67 loadBalancerName, policyName := resourceAwsLoadBalancerBackendServerPoliciesParseId(rs.Primary.ID) 68 out, err := conn.DescribeLoadBalancerPolicies( 69 &elb.DescribeLoadBalancerPoliciesInput{ 70 LoadBalancerName: aws.String(loadBalancerName), 71 PolicyNames: []*string{aws.String(policyName)}, 72 }) 73 if err != nil { 74 if ec2err, ok := err.(awserr.Error); ok && (ec2err.Code() == "PolicyNotFound" || ec2err.Code() == "LoadBalancerNotFound") { 75 continue 76 } 77 return err 78 } 79 if len(out.PolicyDescriptions) > 0 { 80 return fmt.Errorf("Policy still exists") 81 } 82 case rs.Type == "aws_load_balancer_backend_policy": 83 loadBalancerName, policyName := resourceAwsLoadBalancerBackendServerPoliciesParseId(rs.Primary.ID) 84 out, err := conn.DescribeLoadBalancers( 85 &elb.DescribeLoadBalancersInput{ 86 LoadBalancerNames: []*string{aws.String(loadBalancerName)}, 87 }) 88 if err != nil { 89 if ec2err, ok := err.(awserr.Error); ok && (ec2err.Code() == "LoadBalancerNotFound") { 90 continue 91 } 92 return err 93 } 94 for _, backendServer := range out.LoadBalancerDescriptions[0].BackendServerDescriptions { 95 policyStrings := []string{} 96 for _, pol := range backendServer.PolicyNames { 97 policyStrings = append(policyStrings, *pol) 98 } 99 if policyInBackendServerPolicies(policyName, policyStrings) { 100 return fmt.Errorf("Policy still exists and is assigned") 101 } 102 } 103 default: 104 continue 105 } 106 } 107 return nil 108 } 109 110 func testAccCheckAWSLoadBalancerBackendServerPolicyState(loadBalancerName string, loadBalancerBackendAuthPolicyName string, assigned bool) resource.TestCheckFunc { 111 return func(s *terraform.State) error { 112 elbconn := testAccProvider.Meta().(*AWSClient).elbconn 113 114 loadBalancerDescription, err := elbconn.DescribeLoadBalancers(&elb.DescribeLoadBalancersInput{ 115 LoadBalancerNames: []*string{aws.String(loadBalancerName)}, 116 }) 117 if err != nil { 118 return err 119 } 120 121 for _, backendServer := range loadBalancerDescription.LoadBalancerDescriptions[0].BackendServerDescriptions { 122 policyStrings := []string{} 123 for _, pol := range backendServer.PolicyNames { 124 policyStrings = append(policyStrings, *pol) 125 } 126 if policyInBackendServerPolicies(loadBalancerBackendAuthPolicyName, policyStrings) != assigned { 127 if assigned { 128 return fmt.Errorf("Policy no longer assigned %s not in %+v", loadBalancerBackendAuthPolicyName, policyStrings) 129 } else { 130 return fmt.Errorf("Policy exists and is assigned") 131 } 132 } 133 } 134 135 return nil 136 } 137 } 138 139 const testAccAWSLoadBalancerBackendServerPolicyConfig_basic0 = ` 140 resource "tls_private_key" "example0" { 141 algorithm = "RSA" 142 } 143 144 resource "tls_self_signed_cert" "test-cert0" { 145 key_algorithm = "RSA" 146 private_key_pem = "${tls_private_key.example0.private_key_pem}" 147 148 subject { 149 common_name = "example.com" 150 organization = "ACME Examples, Inc" 151 } 152 153 validity_period_hours = 12 154 155 allowed_uses = [ 156 "key_encipherment", 157 "digital_signature", 158 "server_auth", 159 ] 160 } 161 162 resource "aws_iam_server_certificate" "test-iam-cert0" { 163 name_prefix = "test_cert_" 164 certificate_body = "${tls_self_signed_cert.test-cert0.cert_pem}" 165 private_key = "${tls_private_key.example0.private_key_pem}" 166 } 167 168 resource "aws_elb" "test-lb" { 169 name = "test-aws-policies-lb" 170 availability_zones = ["us-west-2a"] 171 172 listener { 173 instance_port = 443 174 instance_protocol = "https" 175 lb_port = 443 176 lb_protocol = "https" 177 ssl_certificate_id = "${aws_iam_server_certificate.test-iam-cert0.arn}" 178 } 179 180 tags { 181 Name = "tf-acc-test" 182 } 183 } 184 185 resource "aws_load_balancer_policy" "test-pubkey-policy0" { 186 load_balancer_name = "${aws_elb.test-lb.name}" 187 policy_name = "test-pubkey-policy0" 188 policy_type_name = "PublicKeyPolicyType" 189 policy_attribute = { 190 name = "PublicKey" 191 value = "${replace(replace(replace(tls_private_key.example0.public_key_pem, "\n", ""), "-----BEGIN PUBLIC KEY-----", ""), "-----END PUBLIC KEY-----", "")}" 192 } 193 } 194 195 resource "aws_load_balancer_policy" "test-backend-auth-policy0" { 196 load_balancer_name = "${aws_elb.test-lb.name}" 197 policy_name = "test-backend-auth-policy0" 198 policy_type_name = "BackendServerAuthenticationPolicyType" 199 policy_attribute = { 200 name = "PublicKeyPolicyName" 201 value = "${aws_load_balancer_policy.test-pubkey-policy0.policy_name}" 202 } 203 } 204 205 resource "aws_load_balancer_backend_server_policy" "test-backend-auth-policies-443" { 206 load_balancer_name = "${aws_elb.test-lb.name}" 207 instance_port = 443 208 policy_names = [ 209 "${aws_load_balancer_policy.test-backend-auth-policy0.policy_name}" 210 ] 211 } 212 ` 213 214 const testAccAWSLoadBalancerBackendServerPolicyConfig_basic1 = ` 215 resource "tls_private_key" "example0" { 216 algorithm = "RSA" 217 } 218 219 resource "tls_self_signed_cert" "test-cert0" { 220 key_algorithm = "RSA" 221 private_key_pem = "${tls_private_key.example0.private_key_pem}" 222 223 subject { 224 common_name = "example.com" 225 organization = "ACME Examples, Inc" 226 } 227 228 validity_period_hours = 12 229 230 allowed_uses = [ 231 "key_encipherment", 232 "digital_signature", 233 "server_auth", 234 ] 235 } 236 237 resource "tls_private_key" "example1" { 238 algorithm = "RSA" 239 } 240 241 resource "tls_self_signed_cert" "test-cert1" { 242 key_algorithm = "RSA" 243 private_key_pem = "${tls_private_key.example1.private_key_pem}" 244 245 subject { 246 common_name = "example.com" 247 organization = "ACME Examples, Inc" 248 } 249 250 validity_period_hours = 12 251 252 allowed_uses = [ 253 "key_encipherment", 254 "digital_signature", 255 "server_auth", 256 ] 257 } 258 259 resource "aws_iam_server_certificate" "test-iam-cert0" { 260 name_prefix = "test_cert_" 261 certificate_body = "${tls_self_signed_cert.test-cert0.cert_pem}" 262 private_key = "${tls_private_key.example0.private_key_pem}" 263 } 264 265 resource "aws_elb" "test-lb" { 266 name = "test-aws-policies-lb" 267 availability_zones = ["us-west-2a"] 268 269 listener { 270 instance_port = 443 271 instance_protocol = "https" 272 lb_port = 443 273 lb_protocol = "https" 274 ssl_certificate_id = "${aws_iam_server_certificate.test-iam-cert0.arn}" 275 } 276 277 tags { 278 Name = "tf-acc-test" 279 } 280 } 281 282 resource "aws_load_balancer_policy" "test-pubkey-policy0" { 283 load_balancer_name = "${aws_elb.test-lb.name}" 284 policy_name = "test-pubkey-policy0" 285 policy_type_name = "PublicKeyPolicyType" 286 policy_attribute = { 287 name = "PublicKey" 288 value = "${replace(replace(replace(tls_private_key.example0.public_key_pem, "\n", ""), "-----BEGIN PUBLIC KEY-----", ""), "-----END PUBLIC KEY-----", "")}" 289 } 290 } 291 292 resource "aws_load_balancer_policy" "test-pubkey-policy1" { 293 load_balancer_name = "${aws_elb.test-lb.name}" 294 policy_name = "test-pubkey-policy1" 295 policy_type_name = "PublicKeyPolicyType" 296 policy_attribute = { 297 name = "PublicKey" 298 value = "${replace(replace(replace(tls_private_key.example1.public_key_pem, "\n", ""), "-----BEGIN PUBLIC KEY-----", ""), "-----END PUBLIC KEY-----", "")}" 299 } 300 } 301 302 resource "aws_load_balancer_policy" "test-backend-auth-policy0" { 303 load_balancer_name = "${aws_elb.test-lb.name}" 304 policy_name = "test-backend-auth-policy0" 305 policy_type_name = "BackendServerAuthenticationPolicyType" 306 policy_attribute = { 307 name = "PublicKeyPolicyName" 308 value = "${aws_load_balancer_policy.test-pubkey-policy1.policy_name}" 309 } 310 } 311 312 resource "aws_load_balancer_backend_server_policy" "test-backend-auth-policies-443" { 313 load_balancer_name = "${aws_elb.test-lb.name}" 314 instance_port = 443 315 policy_names = [ 316 "${aws_load_balancer_policy.test-backend-auth-policy0.policy_name}" 317 ] 318 } 319 ` 320 321 const testAccAWSLoadBalancerBackendServerPolicyConfig_basic2 = ` 322 resource "tls_private_key" "example0" { 323 algorithm = "RSA" 324 } 325 326 resource "tls_self_signed_cert" "test-cert0" { 327 key_algorithm = "RSA" 328 private_key_pem = "${tls_private_key.example0.private_key_pem}" 329 330 subject { 331 common_name = "example.com" 332 organization = "ACME Examples, Inc" 333 } 334 335 validity_period_hours = 12 336 337 allowed_uses = [ 338 "key_encipherment", 339 "digital_signature", 340 "server_auth", 341 ] 342 } 343 344 resource "tls_private_key" "example1" { 345 algorithm = "RSA" 346 } 347 348 resource "tls_self_signed_cert" "test-cert1" { 349 key_algorithm = "RSA" 350 private_key_pem = "${tls_private_key.example1.private_key_pem}" 351 352 subject { 353 common_name = "example.com" 354 organization = "ACME Examples, Inc" 355 } 356 357 validity_period_hours = 12 358 359 allowed_uses = [ 360 "key_encipherment", 361 "digital_signature", 362 "server_auth", 363 ] 364 } 365 366 resource "aws_iam_server_certificate" "test-iam-cert0" { 367 name_prefix = "test_cert_" 368 certificate_body = "${tls_self_signed_cert.test-cert0.cert_pem}" 369 private_key = "${tls_private_key.example0.private_key_pem}" 370 } 371 372 resource "aws_elb" "test-lb" { 373 name = "test-aws-policies-lb" 374 availability_zones = ["us-west-2a"] 375 376 listener { 377 instance_port = 443 378 instance_protocol = "https" 379 lb_port = 443 380 lb_protocol = "https" 381 ssl_certificate_id = "${aws_iam_server_certificate.test-iam-cert0.arn}" 382 } 383 384 tags { 385 Name = "tf-acc-test" 386 } 387 } 388 `