github.com/ojiry/terraform@v0.8.2-0.20161218223921-e50cec712c4a/builtin/providers/aws/resource_aws_emr_cluster_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/emr" 11 "github.com/hashicorp/terraform/helper/acctest" 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSEMRCluster_basic(t *testing.T) { 17 var jobFlow emr.RunJobFlowOutput 18 r := acctest.RandInt() 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 Providers: testAccProviders, 22 CheckDestroy: testAccCheckAWSEmrDestroy, 23 Steps: []resource.TestStep{ 24 resource.TestStep{ 25 Config: testAccAWSEmrClusterConfig(r), 26 Check: testAccCheckAWSEmrClusterExists("aws_emr_cluster.tf-test-cluster", &jobFlow), 27 }, 28 }, 29 }) 30 } 31 32 func testAccCheckAWSEmrDestroy(s *terraform.State) error { 33 conn := testAccProvider.Meta().(*AWSClient).emrconn 34 35 for _, rs := range s.RootModule().Resources { 36 if rs.Type != "aws_emr_cluster" { 37 continue 38 } 39 40 params := &emr.DescribeClusterInput{ 41 ClusterId: aws.String(rs.Primary.ID), 42 } 43 44 describe, err := conn.DescribeCluster(params) 45 46 if err == nil { 47 if describe.Cluster != nil && 48 *describe.Cluster.Status.State == "WAITING" { 49 return fmt.Errorf("EMR Cluster still exists") 50 } 51 } 52 53 providerErr, ok := err.(awserr.Error) 54 if !ok { 55 return err 56 } 57 58 log.Printf("[ERROR] %v", providerErr) 59 } 60 61 return nil 62 } 63 64 func testAccCheckAWSEmrClusterExists(n string, v *emr.RunJobFlowOutput) resource.TestCheckFunc { 65 return func(s *terraform.State) error { 66 rs, ok := s.RootModule().Resources[n] 67 if !ok { 68 return fmt.Errorf("Not found: %s", n) 69 } 70 if rs.Primary.ID == "" { 71 return fmt.Errorf("No cluster id set") 72 } 73 conn := testAccProvider.Meta().(*AWSClient).emrconn 74 describe, err := conn.DescribeCluster(&emr.DescribeClusterInput{ 75 ClusterId: aws.String(rs.Primary.ID), 76 }) 77 if err != nil { 78 return fmt.Errorf("EMR error: %v", err) 79 } 80 81 if describe.Cluster != nil && 82 *describe.Cluster.Id != rs.Primary.ID { 83 return fmt.Errorf("EMR cluser not found") 84 } 85 86 if describe.Cluster != nil && 87 *describe.Cluster.Status.State != "WAITING" { 88 return fmt.Errorf("EMR cluser is not up yet") 89 } 90 91 return nil 92 } 93 } 94 95 func testAccAWSEmrClusterConfig(r int) string { 96 return fmt.Sprintf(` 97 provider "aws" { 98 region = "us-west-2" 99 } 100 101 resource "aws_emr_cluster" "tf-test-cluster" { 102 name = "emr-test-%d" 103 release_label = "emr-4.6.0" 104 applications = ["Spark"] 105 106 ec2_attributes { 107 subnet_id = "${aws_subnet.main.id}" 108 emr_managed_master_security_group = "${aws_security_group.allow_all.id}" 109 emr_managed_slave_security_group = "${aws_security_group.allow_all.id}" 110 instance_profile = "${aws_iam_instance_profile.emr_profile.arn}" 111 } 112 113 master_instance_type = "m3.xlarge" 114 core_instance_type = "m3.xlarge" 115 core_instance_count = 1 116 117 tags { 118 role = "rolename" 119 dns_zone = "env_zone" 120 env = "env" 121 name = "name-env" 122 } 123 124 keep_job_flow_alive_when_no_steps = true 125 termination_protection = false 126 127 bootstrap_action { 128 path = "s3://elasticmapreduce/bootstrap-actions/run-if" 129 name = "runif" 130 args = ["instance.isMaster=true", "echo running on master node"] 131 } 132 133 configurations = "test-fixtures/emr_configurations.json" 134 135 depends_on = ["aws_main_route_table_association.a"] 136 137 service_role = "${aws_iam_role.iam_emr_default_role.arn}" 138 } 139 140 resource "aws_security_group" "allow_all" { 141 name = "allow_all" 142 description = "Allow all inbound traffic" 143 vpc_id = "${aws_vpc.main.id}" 144 145 ingress { 146 from_port = 0 147 to_port = 0 148 protocol = "-1" 149 cidr_blocks = ["0.0.0.0/0"] 150 } 151 152 egress { 153 from_port = 0 154 to_port = 0 155 protocol = "-1" 156 cidr_blocks = ["0.0.0.0/0"] 157 } 158 159 depends_on = ["aws_subnet.main"] 160 161 lifecycle { 162 ignore_changes = ["ingress", "egress"] 163 } 164 165 tags { 166 name = "emr_test" 167 } 168 } 169 170 resource "aws_vpc" "main" { 171 cidr_block = "168.31.0.0/16" 172 enable_dns_hostnames = true 173 174 tags { 175 name = "emr_test" 176 } 177 } 178 179 resource "aws_subnet" "main" { 180 vpc_id = "${aws_vpc.main.id}" 181 cidr_block = "168.31.0.0/20" 182 183 tags { 184 name = "emr_test" 185 } 186 } 187 188 resource "aws_internet_gateway" "gw" { 189 vpc_id = "${aws_vpc.main.id}" 190 } 191 192 resource "aws_route_table" "r" { 193 vpc_id = "${aws_vpc.main.id}" 194 195 route { 196 cidr_block = "0.0.0.0/0" 197 gateway_id = "${aws_internet_gateway.gw.id}" 198 } 199 } 200 201 resource "aws_main_route_table_association" "a" { 202 vpc_id = "${aws_vpc.main.id}" 203 route_table_id = "${aws_route_table.r.id}" 204 } 205 206 ### 207 208 # IAM things 209 210 ### 211 212 # IAM role for EMR Service 213 resource "aws_iam_role" "iam_emr_default_role" { 214 name = "iam_emr_default_role_%d" 215 216 assume_role_policy = <<EOT 217 { 218 "Version": "2008-10-17", 219 "Statement": [ 220 { 221 "Sid": "", 222 "Effect": "Allow", 223 "Principal": { 224 "Service": "elasticmapreduce.amazonaws.com" 225 }, 226 "Action": "sts:AssumeRole" 227 } 228 ] 229 } 230 EOT 231 } 232 233 resource "aws_iam_role_policy_attachment" "service-attach" { 234 role = "${aws_iam_role.iam_emr_default_role.id}" 235 policy_arn = "${aws_iam_policy.iam_emr_default_policy.arn}" 236 } 237 238 resource "aws_iam_policy" "iam_emr_default_policy" { 239 name = "iam_emr_default_policy_%d" 240 241 policy = <<EOT 242 { 243 "Version": "2012-10-17", 244 "Statement": [{ 245 "Effect": "Allow", 246 "Resource": "*", 247 "Action": [ 248 "ec2:AuthorizeSecurityGroupEgress", 249 "ec2:AuthorizeSecurityGroupIngress", 250 "ec2:CancelSpotInstanceRequests", 251 "ec2:CreateNetworkInterface", 252 "ec2:CreateSecurityGroup", 253 "ec2:CreateTags", 254 "ec2:DeleteNetworkInterface", 255 "ec2:DeleteSecurityGroup", 256 "ec2:DeleteTags", 257 "ec2:DescribeAvailabilityZones", 258 "ec2:DescribeAccountAttributes", 259 "ec2:DescribeDhcpOptions", 260 "ec2:DescribeInstanceStatus", 261 "ec2:DescribeInstances", 262 "ec2:DescribeKeyPairs", 263 "ec2:DescribeNetworkAcls", 264 "ec2:DescribeNetworkInterfaces", 265 "ec2:DescribePrefixLists", 266 "ec2:DescribeRouteTables", 267 "ec2:DescribeSecurityGroups", 268 "ec2:DescribeSpotInstanceRequests", 269 "ec2:DescribeSpotPriceHistory", 270 "ec2:DescribeSubnets", 271 "ec2:DescribeVpcAttribute", 272 "ec2:DescribeVpcEndpoints", 273 "ec2:DescribeVpcEndpointServices", 274 "ec2:DescribeVpcs", 275 "ec2:DetachNetworkInterface", 276 "ec2:ModifyImageAttribute", 277 "ec2:ModifyInstanceAttribute", 278 "ec2:RequestSpotInstances", 279 "ec2:RevokeSecurityGroupEgress", 280 "ec2:RunInstances", 281 "ec2:TerminateInstances", 282 "ec2:DeleteVolume", 283 "ec2:DescribeVolumeStatus", 284 "ec2:DescribeVolumes", 285 "ec2:DetachVolume", 286 "iam:GetRole", 287 "iam:GetRolePolicy", 288 "iam:ListInstanceProfiles", 289 "iam:ListRolePolicies", 290 "iam:PassRole", 291 "s3:CreateBucket", 292 "s3:Get*", 293 "s3:List*", 294 "sdb:BatchPutAttributes", 295 "sdb:Select", 296 "sqs:CreateQueue", 297 "sqs:Delete*", 298 "sqs:GetQueue*", 299 "sqs:PurgeQueue", 300 "sqs:ReceiveMessage" 301 ] 302 }] 303 } 304 EOT 305 } 306 307 # IAM Role for EC2 Instance Profile 308 resource "aws_iam_role" "iam_emr_profile_role" { 309 name = "iam_emr_profile_role_%d" 310 311 assume_role_policy = <<EOT 312 { 313 "Version": "2008-10-17", 314 "Statement": [ 315 { 316 "Sid": "", 317 "Effect": "Allow", 318 "Principal": { 319 "Service": "ec2.amazonaws.com" 320 }, 321 "Action": "sts:AssumeRole" 322 } 323 ] 324 } 325 EOT 326 } 327 328 resource "aws_iam_instance_profile" "emr_profile" { 329 name = "emr_profile_%d" 330 roles = ["${aws_iam_role.iam_emr_profile_role.name}"] 331 } 332 333 resource "aws_iam_role_policy_attachment" "profile-attach" { 334 role = "${aws_iam_role.iam_emr_profile_role.id}" 335 policy_arn = "${aws_iam_policy.iam_emr_profile_policy.arn}" 336 } 337 338 resource "aws_iam_policy" "iam_emr_profile_policy" { 339 name = "iam_emr_profile_policy_%d" 340 341 policy = <<EOT 342 { 343 "Version": "2012-10-17", 344 "Statement": [{ 345 "Effect": "Allow", 346 "Resource": "*", 347 "Action": [ 348 "cloudwatch:*", 349 "dynamodb:*", 350 "ec2:Describe*", 351 "elasticmapreduce:Describe*", 352 "elasticmapreduce:ListBootstrapActions", 353 "elasticmapreduce:ListClusters", 354 "elasticmapreduce:ListInstanceGroups", 355 "elasticmapreduce:ListInstances", 356 "elasticmapreduce:ListSteps", 357 "kinesis:CreateStream", 358 "kinesis:DeleteStream", 359 "kinesis:DescribeStream", 360 "kinesis:GetRecords", 361 "kinesis:GetShardIterator", 362 "kinesis:MergeShards", 363 "kinesis:PutRecord", 364 "kinesis:SplitShard", 365 "rds:Describe*", 366 "s3:*", 367 "sdb:*", 368 "sns:*", 369 "sqs:*" 370 ] 371 }] 372 } 373 EOT 374 } 375 `, r, r, r, r, r, r) 376 }