github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  	"testing"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/resource"
    11  	"github.com/hashicorp/terraform/terraform"
    12  )
    13  
    14  func TestAccAWSRolePolicyAttachment_basic(t *testing.T) {
    15  	var out iam.ListAttachedRolePoliciesOutput
    16  
    17  	resource.Test(t, resource.TestCase{
    18  		PreCheck:     func() { testAccPreCheck(t) },
    19  		Providers:    testAccProviders,
    20  		CheckDestroy: testAccCheckAWSRolePolicyAttachmentDestroy,
    21  		Steps: []resource.TestStep{
    22  			resource.TestStep{
    23  				Config: testAccAWSRolePolicyAttachConfig,
    24  				Check: resource.ComposeTestCheckFunc(
    25  					testAccCheckAWSRolePolicyAttachmentExists("aws_iam_role_policy_attachment.test-attach", 1, &out),
    26  					testAccCheckAWSRolePolicyAttachmentAttributes([]string{"test-policy"}, &out),
    27  				),
    28  			},
    29  			resource.TestStep{
    30  				Config: testAccAWSRolePolicyAttachConfigUpdate,
    31  				Check: resource.ComposeTestCheckFunc(
    32  					testAccCheckAWSRolePolicyAttachmentExists("aws_iam_role_policy_attachment.test-attach", 2, &out),
    33  					testAccCheckAWSRolePolicyAttachmentAttributes([]string{"test-policy2", "test-policy3"}, &out),
    34  				),
    35  			},
    36  		},
    37  	})
    38  }
    39  func testAccCheckAWSRolePolicyAttachmentDestroy(s *terraform.State) error {
    40  	return nil
    41  }
    42  
    43  func testAccCheckAWSRolePolicyAttachmentExists(n string, c int, out *iam.ListAttachedRolePoliciesOutput) resource.TestCheckFunc {
    44  	return func(s *terraform.State) error {
    45  		rs, ok := s.RootModule().Resources[n]
    46  		if !ok {
    47  			return fmt.Errorf("Not found: %s", n)
    48  		}
    49  
    50  		if rs.Primary.ID == "" {
    51  			return fmt.Errorf("No policy name is set")
    52  		}
    53  
    54  		conn := testAccProvider.Meta().(*AWSClient).iamconn
    55  		role := rs.Primary.Attributes["role"]
    56  
    57  		attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{
    58  			RoleName: aws.String(role),
    59  		})
    60  		if err != nil {
    61  			return fmt.Errorf("Error: Failed to get attached policies for role %s (%s)", role, n)
    62  		}
    63  		if c != len(attachedPolicies.AttachedPolicies) {
    64  			return fmt.Errorf("Error: Role (%s) has wrong number of policies attached on initial creation", n)
    65  		}
    66  
    67  		*out = *attachedPolicies
    68  		return nil
    69  	}
    70  }
    71  func testAccCheckAWSRolePolicyAttachmentAttributes(policies []string, out *iam.ListAttachedRolePoliciesOutput) resource.TestCheckFunc {
    72  	return func(s *terraform.State) error {
    73  		matched := 0
    74  
    75  		for _, p := range policies {
    76  			for _, ap := range out.AttachedPolicies {
    77  				// *ap.PolicyArn like arn:aws:iam::111111111111:policy/test-policy
    78  				parts := strings.Split(*ap.PolicyArn, "/")
    79  				if len(parts) == 2 && p == parts[1] {
    80  					matched++
    81  				}
    82  			}
    83  		}
    84  		if matched != len(policies) || matched != len(out.AttachedPolicies) {
    85  			return fmt.Errorf("Error: Number of attached policies was incorrect: expected %d matched policies, matched %d of %d", len(policies), matched, len(out.AttachedPolicies))
    86  		}
    87  		return nil
    88  	}
    89  }
    90  
    91  const testAccAWSRolePolicyAttachConfig = `
    92  resource "aws_iam_role" "role" {
    93      name = "test-role"
    94  	  assume_role_policy = <<EOF
    95  {
    96    "Version": "2012-10-17",
    97    "Statement": [
    98      {
    99        "Action": "sts:AssumeRole",
   100        "Principal": {
   101          "Service": "ec2.amazonaws.com"
   102        },
   103        "Effect": "Allow",
   104        "Sid": ""
   105      }
   106    ]
   107  }
   108  EOF
   109  }
   110  
   111  resource "aws_iam_policy" "policy" {
   112      name = "test-policy"
   113      description = "A test policy"
   114      policy = <<EOF
   115  {
   116    "Version": "2012-10-17",
   117    "Statement": [
   118      {
   119        "Action": [
   120          "iam:ChangePassword"
   121        ],
   122        "Resource": "*",
   123        "Effect": "Allow"
   124      }
   125    ]
   126  }
   127  EOF
   128  }
   129  
   130  resource "aws_iam_role_policy_attachment" "test-attach" {
   131      role = "${aws_iam_role.role.name}"
   132      policy_arn = "${aws_iam_policy.policy.arn}"
   133  }
   134  `
   135  
   136  const testAccAWSRolePolicyAttachConfigUpdate = `
   137  resource "aws_iam_role" "role" {
   138      name = "test-role"
   139  	  assume_role_policy = <<EOF
   140  {
   141    "Version": "2012-10-17",
   142    "Statement": [
   143      {
   144        "Action": "sts:AssumeRole",
   145        "Principal": {
   146          "Service": "ec2.amazonaws.com"
   147        },
   148        "Effect": "Allow",
   149        "Sid": ""
   150      }
   151    ]
   152  }
   153  EOF
   154  }
   155  
   156  resource "aws_iam_policy" "policy" {
   157      name = "test-policy"
   158      description = "A test policy"
   159      policy = <<EOF
   160  {
   161    "Version": "2012-10-17",
   162    "Statement": [
   163      {
   164        "Action": [
   165          "iam:ChangePassword"
   166        ],
   167        "Resource": "*",
   168        "Effect": "Allow"
   169      }
   170    ]
   171  }
   172  EOF
   173  }
   174  
   175  resource "aws_iam_policy" "policy2" {
   176      name = "test-policy2"
   177      description = "A test policy"
   178      policy = <<EOF
   179  {
   180    "Version": "2012-10-17",
   181    "Statement": [
   182      {
   183        "Action": [
   184          "iam:ChangePassword"
   185        ],
   186        "Resource": "*",
   187        "Effect": "Allow"
   188      }
   189    ]
   190  }
   191  EOF
   192  }
   193  
   194  resource "aws_iam_policy" "policy3" {
   195      name = "test-policy3"
   196      description = "A test policy"
   197      policy = <<EOF
   198  {
   199    "Version": "2012-10-17",
   200    "Statement": [
   201      {
   202        "Action": [
   203          "iam:ChangePassword"
   204        ],
   205        "Resource": "*",
   206        "Effect": "Allow"
   207      }
   208    ]
   209  }
   210  EOF
   211  }
   212  
   213  resource "aws_iam_role_policy_attachment" "test-attach" {
   214      role = "${aws_iam_role.role.name}"
   215      policy_arn = "${aws_iam_policy.policy2.arn}"
   216  }
   217  
   218  resource "aws_iam_role_policy_attachment" "test-attach2" {
   219      role = "${aws_iam_role.role.name}"
   220      policy_arn = "${aws_iam_policy.policy3.arn}"
   221  }
   222  `