github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_iam_access_key_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"strings"
     7  	"testing"
     8  
     9  	"github.com/aws/aws-sdk-go/aws"
    10  	"github.com/aws/aws-sdk-go/aws/awserr"
    11  	"github.com/aws/aws-sdk-go/service/iam"
    12  	"github.com/hashicorp/terraform/helper/acctest"
    13  	"github.com/hashicorp/terraform/helper/resource"
    14  	"github.com/hashicorp/terraform/terraform"
    15  	"github.com/hashicorp/vault/helper/pgpkeys"
    16  )
    17  
    18  func TestAccAWSAccessKey_basic(t *testing.T) {
    19  	var conf iam.AccessKeyMetadata
    20  	rName := fmt.Sprintf("test-user-%d", acctest.RandInt())
    21  
    22  	resource.Test(t, resource.TestCase{
    23  		PreCheck:     func() { testAccPreCheck(t) },
    24  		Providers:    testAccProviders,
    25  		CheckDestroy: testAccCheckAWSAccessKeyDestroy,
    26  		Steps: []resource.TestStep{
    27  			resource.TestStep{
    28  				Config: testAccAWSAccessKeyConfig(rName),
    29  				Check: resource.ComposeTestCheckFunc(
    30  					testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
    31  					testAccCheckAWSAccessKeyAttributes(&conf),
    32  					resource.TestCheckResourceAttrSet("aws_iam_access_key.a_key", "secret"),
    33  				),
    34  			},
    35  		},
    36  	})
    37  }
    38  
    39  func TestAccAWSAccessKey_encrypted(t *testing.T) {
    40  	var conf iam.AccessKeyMetadata
    41  	rName := fmt.Sprintf("test-user-%d", acctest.RandInt())
    42  
    43  	resource.Test(t, resource.TestCase{
    44  		PreCheck:     func() { testAccPreCheck(t) },
    45  		Providers:    testAccProviders,
    46  		CheckDestroy: testAccCheckAWSAccessKeyDestroy,
    47  		Steps: []resource.TestStep{
    48  			resource.TestStep{
    49  				Config: testAccAWSAccessKeyConfig_encrypted(rName, testPubAccessKey1),
    50  				Check: resource.ComposeTestCheckFunc(
    51  					testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
    52  					testAccCheckAWSAccessKeyAttributes(&conf),
    53  					testDecryptSecretKeyAndTest("aws_iam_access_key.a_key", testPrivKey1),
    54  					resource.TestCheckResourceAttr(
    55  						"aws_iam_access_key.a_key", "secret", ""),
    56  					resource.TestCheckResourceAttrSet(
    57  						"aws_iam_access_key.a_key", "encrypted_secret"),
    58  					resource.TestCheckResourceAttrSet(
    59  						"aws_iam_access_key.a_key", "key_fingerprint"),
    60  				),
    61  			},
    62  		},
    63  	})
    64  }
    65  
    66  func testAccCheckAWSAccessKeyDestroy(s *terraform.State) error {
    67  	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    68  
    69  	for _, rs := range s.RootModule().Resources {
    70  		if rs.Type != "aws_access_key" {
    71  			continue
    72  		}
    73  
    74  		// Try to get access key
    75  		resp, err := iamconn.ListAccessKeys(&iam.ListAccessKeysInput{
    76  			UserName: aws.String(rs.Primary.ID),
    77  		})
    78  		if err == nil {
    79  			if len(resp.AccessKeyMetadata) > 0 {
    80  				return fmt.Errorf("still exist.")
    81  			}
    82  			return nil
    83  		}
    84  
    85  		// Verify the error is what we want
    86  		ec2err, ok := err.(awserr.Error)
    87  		if !ok {
    88  			return err
    89  		}
    90  		if ec2err.Code() != "NoSuchEntity" {
    91  			return err
    92  		}
    93  	}
    94  
    95  	return nil
    96  }
    97  
    98  func testAccCheckAWSAccessKeyExists(n string, res *iam.AccessKeyMetadata) resource.TestCheckFunc {
    99  	return func(s *terraform.State) error {
   100  		rs, ok := s.RootModule().Resources[n]
   101  		if !ok {
   102  			return fmt.Errorf("Not found: %s", n)
   103  		}
   104  
   105  		if rs.Primary.ID == "" {
   106  			return fmt.Errorf("No Role name is set")
   107  		}
   108  
   109  		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
   110  		name := rs.Primary.Attributes["user"]
   111  
   112  		resp, err := iamconn.ListAccessKeys(&iam.ListAccessKeysInput{
   113  			UserName: aws.String(name),
   114  		})
   115  		if err != nil {
   116  			return err
   117  		}
   118  
   119  		if len(resp.AccessKeyMetadata) != 1 ||
   120  			*resp.AccessKeyMetadata[0].UserName != name {
   121  			return fmt.Errorf("User not found not found")
   122  		}
   123  
   124  		*res = *resp.AccessKeyMetadata[0]
   125  
   126  		return nil
   127  	}
   128  }
   129  
   130  func testAccCheckAWSAccessKeyAttributes(accessKeyMetadata *iam.AccessKeyMetadata) resource.TestCheckFunc {
   131  	return func(s *terraform.State) error {
   132  		if !strings.Contains(*accessKeyMetadata.UserName, "test-user") {
   133  			return fmt.Errorf("Bad username: %s", *accessKeyMetadata.UserName)
   134  		}
   135  
   136  		if *accessKeyMetadata.Status != "Active" {
   137  			return fmt.Errorf("Bad status: %s", *accessKeyMetadata.Status)
   138  		}
   139  
   140  		return nil
   141  	}
   142  }
   143  
   144  func testDecryptSecretKeyAndTest(nAccessKey, key string) resource.TestCheckFunc {
   145  	return func(s *terraform.State) error {
   146  		keyResource, ok := s.RootModule().Resources[nAccessKey]
   147  		if !ok {
   148  			return fmt.Errorf("Not found: %s", nAccessKey)
   149  		}
   150  
   151  		password, ok := keyResource.Primary.Attributes["encrypted_secret"]
   152  		if !ok {
   153  			return errors.New("No password in state")
   154  		}
   155  
   156  		// We can't verify that the decrypted password is correct, because we don't
   157  		// have it. We can verify that decrypting it does not error
   158  		_, err := pgpkeys.DecryptBytes(password, key)
   159  		if err != nil {
   160  			return fmt.Errorf("Error decrypting password: %s", err)
   161  		}
   162  
   163  		return nil
   164  	}
   165  }
   166  
   167  func testAccAWSAccessKeyConfig(rName string) string {
   168  	return fmt.Sprintf(`
   169  resource "aws_iam_user" "a_user" {
   170          name = "%s"
   171  }
   172  
   173  resource "aws_iam_access_key" "a_key" {
   174          user    = "${aws_iam_user.a_user.name}"
   175  }
   176  `, rName)
   177  }
   178  
   179  func testAccAWSAccessKeyConfig_encrypted(rName, key string) string {
   180  	return fmt.Sprintf(`
   181  resource "aws_iam_user" "a_user" {
   182          name = "%s"
   183  }
   184  
   185  resource "aws_iam_access_key" "a_key" {
   186          user    = "${aws_iam_user.a_user.name}"
   187          pgp_key = <<EOF
   188  %s
   189  EOF
   190  }
   191  `, rName, key)
   192  }
   193  
   194  func TestSesSmtpPasswordFromSecretKey(t *testing.T) {
   195  	cases := []struct {
   196  		Input    string
   197  		Expected string
   198  	}{
   199  		{"some+secret+key", "AnkqhOiWEcszZZzTMCQbOY1sPGoLFgMH9zhp4eNgSjo4"},
   200  		{"another+secret+key", "Akwqr0Giwi8FsQFgW3DXWCC2DiiQ/jZjqLDWK8TeTBgL"},
   201  	}
   202  
   203  	for _, tc := range cases {
   204  		actual := sesSmtpPasswordFromSecretKey(&tc.Input)
   205  		if actual != tc.Expected {
   206  			t.Fatalf("%q: expected %q, got %q", tc.Input, tc.Expected, actual)
   207  		}
   208  	}
   209  }
   210  
   211  const testPubAccessKey1 = `mQENBFXbjPUBCADjNjCUQwfxKL+RR2GA6pv/1K+zJZ8UWIF9S0lk7cVIEfJiprzzwiMwBS5cD0da
   212  rGin1FHvIWOZxujA7oW0O2TUuatqI3aAYDTfRYurh6iKLC+VS+F7H+/mhfFvKmgr0Y5kDCF1j0T/
   213  063QZ84IRGucR/X43IY7kAtmxGXH0dYOCzOe5UBX1fTn3mXGe2ImCDWBH7gOViynXmb6XNvXkP0f
   214  sF5St9jhO7mbZU9EFkv9O3t3EaURfHopsCVDOlCkFCw5ArY+DUORHRzoMX0PnkyQb5OzibkChzpg
   215  8hQssKeVGpuskTdz5Q7PtdW71jXd4fFVzoNH8fYwRpziD2xNvi6HABEBAAG0EFZhdWx0IFRlc3Qg
   216  S2V5IDGJATgEEwECACIFAlXbjPUCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOfLr44B
   217  HbeTo+sH/i7bapIgPnZsJ81hmxPj4W12uvunksGJiC7d4hIHsG7kmJRTJfjECi+AuTGeDwBy84TD
   218  cRaOB6e79fj65Fg6HgSahDUtKJbGxj/lWzmaBuTzlN3CEe8cMwIPqPT2kajJVdOyrvkyuFOdPFOE
   219  A7bdCH0MqgIdM2SdF8t40k/ATfuD2K1ZmumJ508I3gF39jgTnPzD4C8quswrMQ3bzfvKC3klXRlB
   220  C0yoArn+0QA3cf2B9T4zJ2qnvgotVbeK/b1OJRNj6Poeo+SsWNc/A5mw7lGScnDgL3yfwCm1gQXa
   221  QKfOt5x+7GqhWDw10q+bJpJlI10FfzAnhMF9etSqSeURBRW5AQ0EVduM9QEIAL53hJ5bZJ7oEDCn
   222  aY+SCzt9QsAfnFTAnZJQrvkvusJzrTQ088eUQmAjvxkfRqnv981fFwGnh2+I1Ktm698UAZS9Jt8y
   223  jak9wWUICKQO5QUt5k8cHwldQXNXVXFa+TpQWQR5yW1a9okjh5o/3d4cBt1yZPUJJyLKY43Wvptb
   224  6EuEsScO2DnRkh5wSMDQ7dTooddJCmaq3LTjOleRFQbu9ij386Do6jzK69mJU56TfdcydkxkWF5N
   225  ZLGnED3lq+hQNbe+8UI5tD2oP/3r5tXKgMy1R/XPvR/zbfwvx4FAKFOP01awLq4P3d/2xOkMu4Lu
   226  9p315E87DOleYwxk+FoTqXEAEQEAAYkCPgQYAQIACQUCVduM9QIbLgEpCRDny6+OAR23k8BdIAQZ
   227  AQIABgUCVduM9QAKCRAID0JGyHtSGmqYB/4m4rJbbWa7dBJ8VqRU7ZKnNRDR9CVhEGipBmpDGRYu
   228  lEimOPzLUX/ZXZmTZzgemeXLBaJJlWnopVUWuAsyjQuZAfdd8nHkGRHG0/DGum0l4sKTta3OPGHN
   229  C1z1dAcQ1RCr9bTD3PxjLBczdGqhzw71trkQRBRdtPiUchltPMIyjUHqVJ0xmg0hPqFic0fICsr0
   230  YwKoz3h9+QEcZHvsjSZjgydKvfLYcm+4DDMCCqcHuJrbXJKUWmJcXR0y/+HQONGrGJ5xWdO+6eJi
   231  oPn2jVMnXCm4EKc7fcLFrz/LKmJ8seXhxjM3EdFtylBGCrx3xdK0f+JDNQaC/rhUb5V2XuX6VwoH
   232  /AtY+XsKVYRfNIupLOUcf/srsm3IXT4SXWVomOc9hjGQiJ3rraIbADsc+6bCAr4XNZS7moViAAcI
   233  PXFv3m3WfUlnG/om78UjQqyVACRZqqAGmuPq+TSkRUCpt9h+A39LQWkojHqyob3cyLgy6z9Q557O
   234  9uK3lQozbw2gH9zC0RqnePl+rsWIUU/ga16fH6pWc1uJiEBt8UZGypQ/E56/343epmYAe0a87sHx
   235  8iDV+dNtDVKfPRENiLOOc19MmS+phmUyrbHqI91c0pmysYcJZCD3a502X1gpjFbPZcRtiTmGnUKd
   236  OIu60YPNE4+h7u2CfYyFPu3AlUaGNMBlvy6PEpU=`
   237  
   238  const testPrivAccessKey1 = `lQOYBFXbjPUBCADjNjCUQwfxKL+RR2GA6pv/1K+zJZ8UWIF9S0lk7cVIEfJiprzzwiMwBS5cD0da
   239  rGin1FHvIWOZxujA7oW0O2TUuatqI3aAYDTfRYurh6iKLC+VS+F7H+/mhfFvKmgr0Y5kDCF1j0T/
   240  063QZ84IRGucR/X43IY7kAtmxGXH0dYOCzOe5UBX1fTn3mXGe2ImCDWBH7gOViynXmb6XNvXkP0f
   241  sF5St9jhO7mbZU9EFkv9O3t3EaURfHopsCVDOlCkFCw5ArY+DUORHRzoMX0PnkyQb5OzibkChzpg
   242  8hQssKeVGpuskTdz5Q7PtdW71jXd4fFVzoNH8fYwRpziD2xNvi6HABEBAAEAB/wL+KX0mdeISEpX
   243  oDgt766Key1Kthe8nbEs5dOXIsP7OR7ZPcnE2hy6gftgVFnBGEZnWVN70vmJd6Z5y9d1mI+GecXj
   244  UL0EpI0EmohyYDJsHUnght/5ecRNFA+VeNmGPYNQGCeHJyZOiFunGGENpHU7BbubAht8delz37Mx
   245  JQgvMyR6AKvg8HKBoQeqV1uMWNJE/vKwV/z1dh1sjK/GFxu05Qaq0GTfAjVLuFOyJTS95yq6gblD
   246  jUdbHLp7tBeqIKo9voWCJF5mGOlq3973vVoWETy9b0YYPCE/M7fXmK9dJITHqkROLMW6TgcFeIw4
   247  yL5KOBCHk+QGPSvyQN7R7Fd5BADwuT1HZmvg7Y9GjarKXDjxdNemUiHtba2rUzfH6uNmKNQvwQek
   248  nma5palNUJ4/dz1aPB21FUBXJF5yWwXEdApl+lIDU0J5m4UD26rqEVRq9Kx3GsX+yfcwObkrSzW6
   249  kmnQSB5KI0fIuegMTM+Jxo3pB/mIRwDTMmk+vfzIGyW+7QQA8aFwFLMdKdfLgSGbl5Z6etmOAVQ2
   250  Oe2ebegU9z/ewi/Rdt2s9yQiAdGVM8+q15Saz8a+kyS/l1CjNPzr3VpYx1OdZ3gb7i2xoy9GdMYR
   251  ZpTq3TuST95kx/9DqA97JrP23G47U0vwF/cg8ixCYF8Fz5dG4DEsxgMwKqhGdW58wMMD/iytkfMk
   252  Vk6Z958Rpy7lhlC6L3zpO38767bSeZ8gRRi/NMFVOSGYepKFarnfxcTiNa+EoSVA6hUo1N64nALE
   253  sJBpyOoTfKIpz7WwTF1+WogkiYrfM6lHon1+3qlziAcRW0IohM3g2C1i3GWdON4Cl8/PDO3R0E52
   254  N6iG/ctNNeMiPe60EFZhdWx0IFRlc3QgS2V5IDGJATgEEwECACIFAlXbjPUCGy8GCwkIBwMCBhUI
   255  AgkKCwQWAgMBAh4BAheAAAoJEOfLr44BHbeTo+sH/i7bapIgPnZsJ81hmxPj4W12uvunksGJiC7d
   256  4hIHsG7kmJRTJfjECi+AuTGeDwBy84TDcRaOB6e79fj65Fg6HgSahDUtKJbGxj/lWzmaBuTzlN3C
   257  Ee8cMwIPqPT2kajJVdOyrvkyuFOdPFOEA7bdCH0MqgIdM2SdF8t40k/ATfuD2K1ZmumJ508I3gF3
   258  9jgTnPzD4C8quswrMQ3bzfvKC3klXRlBC0yoArn+0QA3cf2B9T4zJ2qnvgotVbeK/b1OJRNj6Poe
   259  o+SsWNc/A5mw7lGScnDgL3yfwCm1gQXaQKfOt5x+7GqhWDw10q+bJpJlI10FfzAnhMF9etSqSeUR
   260  BRWdA5gEVduM9QEIAL53hJ5bZJ7oEDCnaY+SCzt9QsAfnFTAnZJQrvkvusJzrTQ088eUQmAjvxkf
   261  Rqnv981fFwGnh2+I1Ktm698UAZS9Jt8yjak9wWUICKQO5QUt5k8cHwldQXNXVXFa+TpQWQR5yW1a
   262  9okjh5o/3d4cBt1yZPUJJyLKY43Wvptb6EuEsScO2DnRkh5wSMDQ7dTooddJCmaq3LTjOleRFQbu
   263  9ij386Do6jzK69mJU56TfdcydkxkWF5NZLGnED3lq+hQNbe+8UI5tD2oP/3r5tXKgMy1R/XPvR/z
   264  bfwvx4FAKFOP01awLq4P3d/2xOkMu4Lu9p315E87DOleYwxk+FoTqXEAEQEAAQAH+wVyQXaNwnjQ
   265  xfW+M8SJNo0C7e+0d7HsuBTA/d/eP4bj6+X8RaRFVwiMvSAoxsqBNCLJP00qzzKfRQWJseD1H35z
   266  UjM7rNVUEL2k1yppyp61S0qj0TdhVUfJDYZqRYonVgRMvzfDTB1ryKrefKenQYL/jGd9VYMnKmWZ
   267  6GVk4WWXXx61iOt2HNcmSXKetMM1Mg67woPZkA3fJaXZ+zW0zMu4lTSB7yl3+vLGIFYILkCFnREr
   268  drQ+pmIMwozUAt+pBq8dylnkHh6g/FtRfWmLIMDqM1NlyuHRp3dyLDFdTA93osLG0QJblfX54W34
   269  byX7a4HASelGi3nPjjOAsTFDkuEEANV2viaWk1CV4ryDrXGmy4Xo32Md+laGPRcVfbJ0mjZjhQsO
   270  gWC1tjMs1qZMPhcrKIBCjjdAcAIrGV9h3CXc0uGuez4XxLO+TPBKaS0B8rKhnKph1YZuf+HrOhzS
   271  astDnOjNIT+qucCL/qSbdYpj9of3yY61S59WphPOBjoVM3BFBADka6ZCk81gx8jA2E1e9UqQDmdM
   272  FZaVA1E7++kqVSFRDJGnq+5GrBTwCJ+sevi+Rvf8Nx4AXvpCdtMBPX9RogsUFcR0pMrKBrgRo/Vg
   273  EpuodY2Ef1VtqXR24OxtRf1UwvHKydIsU05rzMAy5uGgQvTzRTXxZFLGUY31wjWqmo9VPQP+PnwA
   274  K83EV2kk2bsXwZ9MXg05iXqGQYR4bEc/12v04BtaNaDS53hBDO4JIa3Bnz+5oUoYhb8FgezUKA9I
   275  n6RdKTTP1BLAu8titeozpNF07V++dPiSE2wrIVsaNHL1pUwW0ql50titVwe+EglWiCKPtJBcCPUA
   276  3oepSPchiDjPqrNCYIkCPgQYAQIACQUCVduM9QIbLgEpCRDny6+OAR23k8BdIAQZAQIABgUCVduM
   277  9QAKCRAID0JGyHtSGmqYB/4m4rJbbWa7dBJ8VqRU7ZKnNRDR9CVhEGipBmpDGRYulEimOPzLUX/Z
   278  XZmTZzgemeXLBaJJlWnopVUWuAsyjQuZAfdd8nHkGRHG0/DGum0l4sKTta3OPGHNC1z1dAcQ1RCr
   279  9bTD3PxjLBczdGqhzw71trkQRBRdtPiUchltPMIyjUHqVJ0xmg0hPqFic0fICsr0YwKoz3h9+QEc
   280  ZHvsjSZjgydKvfLYcm+4DDMCCqcHuJrbXJKUWmJcXR0y/+HQONGrGJ5xWdO+6eJioPn2jVMnXCm4
   281  EKc7fcLFrz/LKmJ8seXhxjM3EdFtylBGCrx3xdK0f+JDNQaC/rhUb5V2XuX6VwoH/AtY+XsKVYRf
   282  NIupLOUcf/srsm3IXT4SXWVomOc9hjGQiJ3rraIbADsc+6bCAr4XNZS7moViAAcIPXFv3m3WfUln
   283  G/om78UjQqyVACRZqqAGmuPq+TSkRUCpt9h+A39LQWkojHqyob3cyLgy6z9Q557O9uK3lQozbw2g
   284  H9zC0RqnePl+rsWIUU/ga16fH6pWc1uJiEBt8UZGypQ/E56/343epmYAe0a87sHx8iDV+dNtDVKf
   285  PRENiLOOc19MmS+phmUyrbHqI91c0pmysYcJZCD3a502X1gpjFbPZcRtiTmGnUKdOIu60YPNE4+h
   286  7u2CfYyFPu3AlUaGNMBlvy6PEpU=`