github.com/peterbale/terraform@v0.9.0-beta2.0.20170315142748-5723acd55547/builtin/providers/aws/resource_aws_network_acl_rule_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strconv" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSNetworkAclRule_basic(t *testing.T) { 16 var networkAcl ec2.NetworkAcl 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, 22 Steps: []resource.TestStep{ 23 { 24 Config: testAccAWSNetworkAclRuleBasicConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl), 27 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.qux", &networkAcl), 28 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.wibble", &networkAcl), 29 ), 30 }, 31 }, 32 }) 33 } 34 35 func TestAccAWSNetworkAclRule_ipv6(t *testing.T) { 36 var networkAcl ec2.NetworkAcl 37 38 resource.Test(t, resource.TestCase{ 39 PreCheck: func() { testAccPreCheck(t) }, 40 Providers: testAccProviders, 41 CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, 42 Steps: []resource.TestStep{ 43 { 44 Config: testAccAWSNetworkAclRuleIpv6Config, 45 Check: resource.ComposeTestCheckFunc( 46 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl), 47 ), 48 }, 49 }, 50 }) 51 } 52 53 func TestResourceAWSNetworkAclRule_validateICMPArgumentValue(t *testing.T) { 54 type testCases struct { 55 Value string 56 ErrCount int 57 } 58 59 invalidCases := []testCases{ 60 { 61 Value: "", 62 ErrCount: 1, 63 }, 64 { 65 Value: "not-a-number", 66 ErrCount: 1, 67 }, 68 { 69 Value: "1.0", 70 ErrCount: 1, 71 }, 72 } 73 74 for _, tc := range invalidCases { 75 _, errors := validateICMPArgumentValue(tc.Value, "icmp_type") 76 if len(errors) != tc.ErrCount { 77 t.Fatalf("Expected %q to trigger a validation error.", tc.Value) 78 } 79 } 80 81 validCases := []testCases{ 82 { 83 Value: "0", 84 ErrCount: 0, 85 }, 86 { 87 Value: "-1", 88 ErrCount: 0, 89 }, 90 { 91 Value: "1", 92 ErrCount: 0, 93 }, 94 } 95 96 for _, tc := range validCases { 97 _, errors := validateICMPArgumentValue(tc.Value, "icmp_type") 98 if len(errors) != tc.ErrCount { 99 t.Fatalf("Expected %q not to trigger a validation error.", tc.Value) 100 } 101 } 102 103 } 104 105 func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error { 106 107 for _, rs := range s.RootModule().Resources { 108 conn := testAccProvider.Meta().(*AWSClient).ec2conn 109 if rs.Type != "aws_network_acl_rule" { 110 continue 111 } 112 113 req := &ec2.DescribeNetworkAclsInput{ 114 NetworkAclIds: []*string{aws.String(rs.Primary.ID)}, 115 } 116 resp, err := conn.DescribeNetworkAcls(req) 117 if err == nil { 118 if len(resp.NetworkAcls) > 0 && *resp.NetworkAcls[0].NetworkAclId == rs.Primary.ID { 119 networkAcl := resp.NetworkAcls[0] 120 if networkAcl.Entries != nil { 121 return fmt.Errorf("Network ACL Entries still exist") 122 } 123 } 124 } 125 126 ec2err, ok := err.(awserr.Error) 127 if !ok { 128 return err 129 } 130 if ec2err.Code() != "InvalidNetworkAclID.NotFound" { 131 return err 132 } 133 } 134 135 return nil 136 } 137 138 func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc { 139 return func(s *terraform.State) error { 140 conn := testAccProvider.Meta().(*AWSClient).ec2conn 141 rs, ok := s.RootModule().Resources[n] 142 if !ok { 143 return fmt.Errorf("Not found: %s", n) 144 } 145 146 if rs.Primary.ID == "" { 147 return fmt.Errorf("No Network ACL Id is set") 148 } 149 150 req := &ec2.DescribeNetworkAclsInput{ 151 NetworkAclIds: []*string{aws.String(rs.Primary.Attributes["network_acl_id"])}, 152 } 153 resp, err := conn.DescribeNetworkAcls(req) 154 if err != nil { 155 return err 156 } 157 if len(resp.NetworkAcls) != 1 { 158 return fmt.Errorf("Network ACL not found") 159 } 160 egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"]) 161 if err != nil { 162 return err 163 } 164 ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64) 165 if err != nil { 166 return err 167 } 168 for _, e := range resp.NetworkAcls[0].Entries { 169 if *e.RuleNumber == ruleNo && *e.Egress == egress { 170 return nil 171 } 172 } 173 return fmt.Errorf("Entry not found: %s", resp.NetworkAcls[0]) 174 } 175 } 176 177 const testAccAWSNetworkAclRuleBasicConfig = ` 178 provider "aws" { 179 region = "us-east-1" 180 } 181 resource "aws_vpc" "foo" { 182 cidr_block = "10.3.0.0/16" 183 } 184 resource "aws_network_acl" "bar" { 185 vpc_id = "${aws_vpc.foo.id}" 186 } 187 resource "aws_network_acl_rule" "baz" { 188 network_acl_id = "${aws_network_acl.bar.id}" 189 rule_number = 200 190 egress = false 191 protocol = "tcp" 192 rule_action = "allow" 193 cidr_block = "0.0.0.0/0" 194 from_port = 22 195 to_port = 22 196 } 197 resource "aws_network_acl_rule" "qux" { 198 network_acl_id = "${aws_network_acl.bar.id}" 199 rule_number = 300 200 protocol = "icmp" 201 rule_action = "allow" 202 cidr_block = "0.0.0.0/0" 203 icmp_type = 0 204 icmp_code = -1 205 } 206 resource "aws_network_acl_rule" "wibble" { 207 network_acl_id = "${aws_network_acl.bar.id}" 208 rule_number = 400 209 protocol = "icmp" 210 rule_action = "allow" 211 cidr_block = "0.0.0.0/0" 212 icmp_type = -1 213 icmp_code = -1 214 } 215 ` 216 217 const testAccAWSNetworkAclRuleIpv6Config = ` 218 resource "aws_vpc" "foo" { 219 cidr_block = "10.3.0.0/16" 220 } 221 resource "aws_network_acl" "bar" { 222 vpc_id = "${aws_vpc.foo.id}" 223 } 224 resource "aws_network_acl_rule" "baz" { 225 network_acl_id = "${aws_network_acl.bar.id}" 226 rule_number = 150 227 egress = false 228 protocol = "tcp" 229 rule_action = "allow" 230 ipv6_cidr_block = "::/0" 231 from_port = 22 232 to_port = 22 233 } 234 235 `