github.com/ojiry/terraform@v0.8.2-0.20161218223921-e50cec712c4a/builtin/providers/aws/resource_aws_emr_cluster_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"testing"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/emr"
    11  	"github.com/hashicorp/terraform/helper/acctest"
    12  	"github.com/hashicorp/terraform/helper/resource"
    13  	"github.com/hashicorp/terraform/terraform"
    14  )
    15  
    16  func TestAccAWSEMRCluster_basic(t *testing.T) {
    17  	var jobFlow emr.RunJobFlowOutput
    18  	r := acctest.RandInt()
    19  	resource.Test(t, resource.TestCase{
    20  		PreCheck:     func() { testAccPreCheck(t) },
    21  		Providers:    testAccProviders,
    22  		CheckDestroy: testAccCheckAWSEmrDestroy,
    23  		Steps: []resource.TestStep{
    24  			resource.TestStep{
    25  				Config: testAccAWSEmrClusterConfig(r),
    26  				Check:  testAccCheckAWSEmrClusterExists("aws_emr_cluster.tf-test-cluster", &jobFlow),
    27  			},
    28  		},
    29  	})
    30  }
    31  
    32  func testAccCheckAWSEmrDestroy(s *terraform.State) error {
    33  	conn := testAccProvider.Meta().(*AWSClient).emrconn
    34  
    35  	for _, rs := range s.RootModule().Resources {
    36  		if rs.Type != "aws_emr_cluster" {
    37  			continue
    38  		}
    39  
    40  		params := &emr.DescribeClusterInput{
    41  			ClusterId: aws.String(rs.Primary.ID),
    42  		}
    43  
    44  		describe, err := conn.DescribeCluster(params)
    45  
    46  		if err == nil {
    47  			if describe.Cluster != nil &&
    48  				*describe.Cluster.Status.State == "WAITING" {
    49  				return fmt.Errorf("EMR Cluster still exists")
    50  			}
    51  		}
    52  
    53  		providerErr, ok := err.(awserr.Error)
    54  		if !ok {
    55  			return err
    56  		}
    57  
    58  		log.Printf("[ERROR] %v", providerErr)
    59  	}
    60  
    61  	return nil
    62  }
    63  
    64  func testAccCheckAWSEmrClusterExists(n string, v *emr.RunJobFlowOutput) resource.TestCheckFunc {
    65  	return func(s *terraform.State) error {
    66  		rs, ok := s.RootModule().Resources[n]
    67  		if !ok {
    68  			return fmt.Errorf("Not found: %s", n)
    69  		}
    70  		if rs.Primary.ID == "" {
    71  			return fmt.Errorf("No cluster id set")
    72  		}
    73  		conn := testAccProvider.Meta().(*AWSClient).emrconn
    74  		describe, err := conn.DescribeCluster(&emr.DescribeClusterInput{
    75  			ClusterId: aws.String(rs.Primary.ID),
    76  		})
    77  		if err != nil {
    78  			return fmt.Errorf("EMR error: %v", err)
    79  		}
    80  
    81  		if describe.Cluster != nil &&
    82  			*describe.Cluster.Id != rs.Primary.ID {
    83  			return fmt.Errorf("EMR cluser not found")
    84  		}
    85  
    86  		if describe.Cluster != nil &&
    87  			*describe.Cluster.Status.State != "WAITING" {
    88  			return fmt.Errorf("EMR cluser is not up yet")
    89  		}
    90  
    91  		return nil
    92  	}
    93  }
    94  
    95  func testAccAWSEmrClusterConfig(r int) string {
    96  	return fmt.Sprintf(`
    97  provider "aws" {
    98    region = "us-west-2"
    99  }
   100  
   101  resource "aws_emr_cluster" "tf-test-cluster" {
   102    name          = "emr-test-%d"
   103    release_label = "emr-4.6.0"
   104    applications  = ["Spark"]
   105  
   106    ec2_attributes {
   107      subnet_id                         = "${aws_subnet.main.id}"
   108      emr_managed_master_security_group = "${aws_security_group.allow_all.id}"
   109      emr_managed_slave_security_group  = "${aws_security_group.allow_all.id}"
   110      instance_profile                  = "${aws_iam_instance_profile.emr_profile.arn}"
   111    }
   112  
   113    master_instance_type = "m3.xlarge"
   114    core_instance_type   = "m3.xlarge"
   115    core_instance_count  = 1
   116  
   117    tags {
   118      role     = "rolename"
   119      dns_zone = "env_zone"
   120      env      = "env"
   121      name     = "name-env"
   122    }
   123  
   124  	keep_job_flow_alive_when_no_steps = true
   125  	termination_protection = false
   126  
   127    bootstrap_action {
   128      path = "s3://elasticmapreduce/bootstrap-actions/run-if"
   129      name = "runif"
   130      args = ["instance.isMaster=true", "echo running on master node"]
   131    }
   132  
   133    configurations = "test-fixtures/emr_configurations.json"
   134  
   135    depends_on = ["aws_main_route_table_association.a"]
   136  
   137    service_role = "${aws_iam_role.iam_emr_default_role.arn}"
   138  }
   139  
   140  resource "aws_security_group" "allow_all" {
   141    name        = "allow_all"
   142    description = "Allow all inbound traffic"
   143    vpc_id      = "${aws_vpc.main.id}"
   144  
   145    ingress {
   146      from_port   = 0
   147      to_port     = 0
   148      protocol    = "-1"
   149      cidr_blocks = ["0.0.0.0/0"]
   150    }
   151  
   152    egress {
   153      from_port   = 0
   154      to_port     = 0
   155      protocol    = "-1"
   156      cidr_blocks = ["0.0.0.0/0"]
   157    }
   158  
   159    depends_on = ["aws_subnet.main"]
   160  
   161    lifecycle {
   162      ignore_changes = ["ingress", "egress"]
   163    }
   164  
   165    tags {
   166      name = "emr_test"
   167    }
   168  }
   169  
   170  resource "aws_vpc" "main" {
   171    cidr_block           = "168.31.0.0/16"
   172    enable_dns_hostnames = true
   173  
   174    tags {
   175      name = "emr_test"
   176    }
   177  }
   178  
   179  resource "aws_subnet" "main" {
   180    vpc_id     = "${aws_vpc.main.id}"
   181    cidr_block = "168.31.0.0/20"
   182  
   183    tags {
   184      name = "emr_test"
   185    }
   186  }
   187  
   188  resource "aws_internet_gateway" "gw" {
   189    vpc_id = "${aws_vpc.main.id}"
   190  }
   191  
   192  resource "aws_route_table" "r" {
   193    vpc_id = "${aws_vpc.main.id}"
   194  
   195    route {
   196      cidr_block = "0.0.0.0/0"
   197      gateway_id = "${aws_internet_gateway.gw.id}"
   198    }
   199  }
   200  
   201  resource "aws_main_route_table_association" "a" {
   202    vpc_id         = "${aws_vpc.main.id}"
   203    route_table_id = "${aws_route_table.r.id}"
   204  }
   205  
   206  ###
   207  
   208  # IAM things
   209  
   210  ###
   211  
   212  # IAM role for EMR Service
   213  resource "aws_iam_role" "iam_emr_default_role" {
   214    name = "iam_emr_default_role_%d"
   215  
   216    assume_role_policy = <<EOT
   217  {
   218    "Version": "2008-10-17",
   219    "Statement": [
   220      {
   221        "Sid": "",
   222        "Effect": "Allow",
   223        "Principal": {
   224          "Service": "elasticmapreduce.amazonaws.com"
   225        },
   226        "Action": "sts:AssumeRole"
   227      }
   228    ]
   229  }
   230  EOT
   231  }
   232  
   233  resource "aws_iam_role_policy_attachment" "service-attach" {
   234    role       = "${aws_iam_role.iam_emr_default_role.id}"
   235    policy_arn = "${aws_iam_policy.iam_emr_default_policy.arn}"
   236  }
   237  
   238  resource "aws_iam_policy" "iam_emr_default_policy" {
   239    name = "iam_emr_default_policy_%d"
   240  
   241    policy = <<EOT
   242  {
   243      "Version": "2012-10-17",
   244      "Statement": [{
   245          "Effect": "Allow",
   246          "Resource": "*",
   247          "Action": [
   248              "ec2:AuthorizeSecurityGroupEgress",
   249              "ec2:AuthorizeSecurityGroupIngress",
   250              "ec2:CancelSpotInstanceRequests",
   251              "ec2:CreateNetworkInterface",
   252              "ec2:CreateSecurityGroup",
   253              "ec2:CreateTags",
   254              "ec2:DeleteNetworkInterface",
   255              "ec2:DeleteSecurityGroup",
   256              "ec2:DeleteTags",
   257              "ec2:DescribeAvailabilityZones",
   258              "ec2:DescribeAccountAttributes",
   259              "ec2:DescribeDhcpOptions",
   260              "ec2:DescribeInstanceStatus",
   261              "ec2:DescribeInstances",
   262              "ec2:DescribeKeyPairs",
   263              "ec2:DescribeNetworkAcls",
   264              "ec2:DescribeNetworkInterfaces",
   265              "ec2:DescribePrefixLists",
   266              "ec2:DescribeRouteTables",
   267              "ec2:DescribeSecurityGroups",
   268              "ec2:DescribeSpotInstanceRequests",
   269              "ec2:DescribeSpotPriceHistory",
   270              "ec2:DescribeSubnets",
   271              "ec2:DescribeVpcAttribute",
   272              "ec2:DescribeVpcEndpoints",
   273              "ec2:DescribeVpcEndpointServices",
   274              "ec2:DescribeVpcs",
   275              "ec2:DetachNetworkInterface",
   276              "ec2:ModifyImageAttribute",
   277              "ec2:ModifyInstanceAttribute",
   278              "ec2:RequestSpotInstances",
   279              "ec2:RevokeSecurityGroupEgress",
   280              "ec2:RunInstances",
   281              "ec2:TerminateInstances",
   282              "ec2:DeleteVolume",
   283              "ec2:DescribeVolumeStatus",
   284              "ec2:DescribeVolumes",
   285              "ec2:DetachVolume",
   286              "iam:GetRole",
   287              "iam:GetRolePolicy",
   288              "iam:ListInstanceProfiles",
   289              "iam:ListRolePolicies",
   290              "iam:PassRole",
   291              "s3:CreateBucket",
   292              "s3:Get*",
   293              "s3:List*",
   294              "sdb:BatchPutAttributes",
   295              "sdb:Select",
   296              "sqs:CreateQueue",
   297              "sqs:Delete*",
   298              "sqs:GetQueue*",
   299              "sqs:PurgeQueue",
   300              "sqs:ReceiveMessage"
   301          ]
   302      }]
   303  }
   304  EOT
   305  }
   306  
   307  # IAM Role for EC2 Instance Profile
   308  resource "aws_iam_role" "iam_emr_profile_role" {
   309    name = "iam_emr_profile_role_%d"
   310  
   311    assume_role_policy = <<EOT
   312  {
   313    "Version": "2008-10-17",
   314    "Statement": [
   315      {
   316        "Sid": "",
   317        "Effect": "Allow",
   318        "Principal": {
   319          "Service": "ec2.amazonaws.com"
   320        },
   321        "Action": "sts:AssumeRole"
   322      }
   323    ]
   324  }
   325  EOT
   326  }
   327  
   328  resource "aws_iam_instance_profile" "emr_profile" {
   329    name  = "emr_profile_%d"
   330    roles = ["${aws_iam_role.iam_emr_profile_role.name}"]
   331  }
   332  
   333  resource "aws_iam_role_policy_attachment" "profile-attach" {
   334    role       = "${aws_iam_role.iam_emr_profile_role.id}"
   335    policy_arn = "${aws_iam_policy.iam_emr_profile_policy.arn}"
   336  }
   337  
   338  resource "aws_iam_policy" "iam_emr_profile_policy" {
   339    name = "iam_emr_profile_policy_%d"
   340  
   341    policy = <<EOT
   342  {
   343      "Version": "2012-10-17",
   344      "Statement": [{
   345          "Effect": "Allow",
   346          "Resource": "*",
   347          "Action": [
   348              "cloudwatch:*",
   349              "dynamodb:*",
   350              "ec2:Describe*",
   351              "elasticmapreduce:Describe*",
   352              "elasticmapreduce:ListBootstrapActions",
   353              "elasticmapreduce:ListClusters",
   354              "elasticmapreduce:ListInstanceGroups",
   355              "elasticmapreduce:ListInstances",
   356              "elasticmapreduce:ListSteps",
   357              "kinesis:CreateStream",
   358              "kinesis:DeleteStream",
   359              "kinesis:DescribeStream",
   360              "kinesis:GetRecords",
   361              "kinesis:GetShardIterator",
   362              "kinesis:MergeShards",
   363              "kinesis:PutRecord",
   364              "kinesis:SplitShard",
   365              "rds:Describe*",
   366              "s3:*",
   367              "sdb:*",
   368              "sns:*",
   369              "sqs:*"
   370          ]
   371      }]
   372  }
   373  EOT
   374  }
   375  `, r, r, r, r, r, r)
   376  }