github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_iam_role_policy_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/acctest"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/terraform"
    13  )
    14  
    15  func TestAccAWSIAMRolePolicy_basic(t *testing.T) {
    16  	role := acctest.RandString(10)
    17  	policy1 := acctest.RandString(10)
    18  	policy2 := acctest.RandString(10)
    19  
    20  	resource.Test(t, resource.TestCase{
    21  		PreCheck:     func() { testAccPreCheck(t) },
    22  		Providers:    testAccProviders,
    23  		CheckDestroy: testAccCheckIAMRolePolicyDestroy,
    24  		Steps: []resource.TestStep{
    25  			resource.TestStep{
    26  				Config: testAccIAMRolePolicyConfig(role, policy1),
    27  				Check: resource.ComposeTestCheckFunc(
    28  					testAccCheckIAMRolePolicy(
    29  						"aws_iam_role.role",
    30  						"aws_iam_role_policy.foo",
    31  					),
    32  				),
    33  			},
    34  			resource.TestStep{
    35  				Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2),
    36  				Check: resource.ComposeTestCheckFunc(
    37  					testAccCheckIAMRolePolicy(
    38  						"aws_iam_role.role",
    39  						"aws_iam_role_policy.bar",
    40  					),
    41  				),
    42  			},
    43  		},
    44  	})
    45  }
    46  
    47  func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error {
    48  	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    49  
    50  	for _, rs := range s.RootModule().Resources {
    51  		if rs.Type != "aws_iam_role_policy" {
    52  			continue
    53  		}
    54  
    55  		role, name, err := resourceAwsIamRolePolicyParseId(rs.Primary.ID)
    56  		if err != nil {
    57  			return err
    58  		}
    59  
    60  		request := &iam.GetRolePolicyInput{
    61  			PolicyName: aws.String(name),
    62  			RoleName:   aws.String(role),
    63  		}
    64  
    65  		getResp, err := iamconn.GetRolePolicy(request)
    66  		if err != nil {
    67  			if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
    68  				// none found, that's good
    69  				return nil
    70  			}
    71  			return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err)
    72  		}
    73  
    74  		if getResp != nil {
    75  			return fmt.Errorf("Found IAM Role, expected none: %s", getResp)
    76  		}
    77  	}
    78  
    79  	return nil
    80  }
    81  
    82  func testAccCheckIAMRolePolicy(
    83  	iamRoleResource string,
    84  	iamRolePolicyResource string) resource.TestCheckFunc {
    85  	return func(s *terraform.State) error {
    86  		rs, ok := s.RootModule().Resources[iamRoleResource]
    87  		if !ok {
    88  			return fmt.Errorf("Not Found: %s", iamRoleResource)
    89  		}
    90  
    91  		if rs.Primary.ID == "" {
    92  			return fmt.Errorf("No ID is set")
    93  		}
    94  
    95  		policy, ok := s.RootModule().Resources[iamRolePolicyResource]
    96  		if !ok {
    97  			return fmt.Errorf("Not Found: %s", iamRolePolicyResource)
    98  		}
    99  
   100  		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
   101  		role, name, err := resourceAwsIamRolePolicyParseId(policy.Primary.ID)
   102  		if err != nil {
   103  			return err
   104  		}
   105  
   106  		_, err = iamconn.GetRolePolicy(&iam.GetRolePolicyInput{
   107  			RoleName:   aws.String(role),
   108  			PolicyName: aws.String(name),
   109  		})
   110  		if err != nil {
   111  			return err
   112  		}
   113  
   114  		return nil
   115  	}
   116  }
   117  
   118  func testAccIAMRolePolicyConfig(role, policy1 string) string {
   119  	return fmt.Sprintf(`
   120  resource "aws_iam_role" "role" {
   121  	name = "tf_test_role_%s"
   122  	path = "/"
   123  	assume_role_policy = <<EOF
   124  {
   125    "Version": "2012-10-17",
   126    "Statement": [
   127      {
   128        "Action": "sts:AssumeRole",
   129        "Principal": {
   130          "Service": "ec2.amazonaws.com"
   131        },
   132        "Effect": "Allow",
   133        "Sid": ""
   134      }
   135    ]
   136  }
   137  EOF
   138  }
   139  
   140  resource "aws_iam_role_policy" "foo" {
   141  	name = "tf_test_policy_%s"
   142  	role = "${aws_iam_role.role.name}"
   143  	policy = <<EOF
   144  {
   145    "Version": "2012-10-17",
   146    "Statement": {
   147      "Effect": "Allow",
   148      "Action": "*",
   149      "Resource": "*"
   150    }
   151  }
   152  EOF
   153  }
   154  `, role, policy1)
   155  }
   156  
   157  func testAccIAMRolePolicyConfigUpdate(role, policy1, policy2 string) string {
   158  	return fmt.Sprintf(`
   159  resource "aws_iam_role" "role" {
   160  	name = "tf_test_role_%s"
   161  	path = "/"
   162  	assume_role_policy = <<EOF
   163  {
   164    "Version": "2012-10-17",
   165    "Statement": [
   166      {
   167        "Action": "sts:AssumeRole",
   168        "Principal": {
   169          "Service": "ec2.amazonaws.com"
   170        },
   171        "Effect": "Allow",
   172        "Sid": ""
   173      }
   174    ]
   175  }
   176  EOF
   177  }
   178  
   179  resource "aws_iam_role_policy" "foo" {
   180  	name = "tf_test_policy_%s"
   181  	role = "${aws_iam_role.role.name}"
   182  	policy = <<EOF
   183  {
   184    "Version": "2012-10-17",
   185    "Statement": {
   186      "Effect": "Allow",
   187      "Action": "*",
   188      "Resource": "*"
   189    }
   190  }
   191  EOF
   192  }
   193  
   194  resource "aws_iam_role_policy" "bar" {
   195  	name = "tf_test_policy_2_%s"
   196  	role = "${aws_iam_role.role.name}"
   197  	policy = <<EOF
   198  {
   199    "Version": "2012-10-17",
   200    "Statement": {
   201      "Effect": "Allow",
   202      "Action": "*",
   203      "Resource": "*"
   204    }
   205  }
   206  EOF
   207  }
   208  `, role, policy1, policy2)
   209  }