github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_iam_role_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/iam" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSRole_basic(t *testing.T) { 16 var conf iam.GetRoleOutput 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSRoleDestroy, 22 Steps: []resource.TestStep{ 23 { 24 Config: testAccAWSRoleConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 27 testAccCheckAWSRoleAttributes(&conf), 28 resource.TestCheckResourceAttrSet( 29 "aws_iam_role.role", "create_date", 30 ), 31 ), 32 }, 33 }, 34 }) 35 } 36 37 func TestAccAWSRole_namePrefix(t *testing.T) { 38 var conf iam.GetRoleOutput 39 40 resource.Test(t, resource.TestCase{ 41 PreCheck: func() { testAccPreCheck(t) }, 42 IDRefreshName: "aws_iam_role.role", 43 IDRefreshIgnore: []string{"name_prefix"}, 44 Providers: testAccProviders, 45 CheckDestroy: testAccCheckAWSRoleDestroy, 46 Steps: []resource.TestStep{ 47 { 48 Config: testAccAWSRolePrefixNameConfig, 49 Check: resource.ComposeTestCheckFunc( 50 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 51 testAccCheckAWSRoleGeneratedNamePrefix( 52 "aws_iam_role.role", "test-role-"), 53 ), 54 }, 55 }, 56 }) 57 } 58 59 func TestAccAWSRole_testNameChange(t *testing.T) { 60 var conf iam.GetRoleOutput 61 62 resource.Test(t, resource.TestCase{ 63 PreCheck: func() { testAccPreCheck(t) }, 64 Providers: testAccProviders, 65 CheckDestroy: testAccCheckAWSRoleDestroy, 66 Steps: []resource.TestStep{ 67 { 68 Config: testAccAWSRolePre, 69 Check: resource.ComposeTestCheckFunc( 70 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 71 ), 72 }, 73 74 { 75 Config: testAccAWSRolePost, 76 Check: resource.ComposeTestCheckFunc( 77 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 78 ), 79 }, 80 }, 81 }) 82 } 83 84 func testAccCheckAWSRoleDestroy(s *terraform.State) error { 85 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 86 87 for _, rs := range s.RootModule().Resources { 88 if rs.Type != "aws_iam_role" { 89 continue 90 } 91 92 // Try to get role 93 _, err := iamconn.GetRole(&iam.GetRoleInput{ 94 RoleName: aws.String(rs.Primary.ID), 95 }) 96 if err == nil { 97 return fmt.Errorf("still exist.") 98 } 99 100 // Verify the error is what we want 101 ec2err, ok := err.(awserr.Error) 102 if !ok { 103 return err 104 } 105 if ec2err.Code() != "NoSuchEntity" { 106 return err 107 } 108 } 109 110 return nil 111 } 112 113 func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCheckFunc { 114 return func(s *terraform.State) error { 115 rs, ok := s.RootModule().Resources[n] 116 if !ok { 117 return fmt.Errorf("Not found: %s", n) 118 } 119 120 if rs.Primary.ID == "" { 121 return fmt.Errorf("No Role name is set") 122 } 123 124 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 125 126 resp, err := iamconn.GetRole(&iam.GetRoleInput{ 127 RoleName: aws.String(rs.Primary.ID), 128 }) 129 if err != nil { 130 return err 131 } 132 133 *res = *resp 134 135 return nil 136 } 137 } 138 139 func testAccCheckAWSRoleGeneratedNamePrefix(resource, prefix string) resource.TestCheckFunc { 140 return func(s *terraform.State) error { 141 r, ok := s.RootModule().Resources[resource] 142 if !ok { 143 return fmt.Errorf("Resource not found") 144 } 145 name, ok := r.Primary.Attributes["name"] 146 if !ok { 147 return fmt.Errorf("Name attr not found: %#v", r.Primary.Attributes) 148 } 149 if !strings.HasPrefix(name, prefix) { 150 return fmt.Errorf("Name: %q, does not have prefix: %q", name, prefix) 151 } 152 return nil 153 } 154 } 155 156 func testAccCheckAWSRoleAttributes(role *iam.GetRoleOutput) resource.TestCheckFunc { 157 return func(s *terraform.State) error { 158 if *role.Role.RoleName != "test-role" { 159 return fmt.Errorf("Bad name: %s", *role.Role.RoleName) 160 } 161 162 if *role.Role.Path != "/" { 163 return fmt.Errorf("Bad path: %s", *role.Role.Path) 164 } 165 return nil 166 } 167 } 168 169 const testAccAWSRoleConfig = ` 170 resource "aws_iam_role" "role" { 171 name = "test-role" 172 path = "/" 173 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 174 } 175 ` 176 177 const testAccAWSRolePrefixNameConfig = ` 178 resource "aws_iam_role" "role" { 179 name_prefix = "test-role-" 180 path = "/" 181 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 182 } 183 ` 184 185 const testAccAWSRolePre = ` 186 resource "aws_iam_role" "role_update_test" { 187 name = "tf_old_name" 188 path = "/test/" 189 assume_role_policy = <<EOF 190 { 191 "Version": "2012-10-17", 192 "Statement": [ 193 { 194 "Action": "sts:AssumeRole", 195 "Principal": { 196 "Service": "ec2.amazonaws.com" 197 }, 198 "Effect": "Allow", 199 "Sid": "" 200 } 201 ] 202 } 203 EOF 204 } 205 206 resource "aws_iam_role_policy" "role_update_test" { 207 name = "role_update_test" 208 role = "${aws_iam_role.role_update_test.id}" 209 policy = <<EOF 210 { 211 "Version": "2012-10-17", 212 "Statement": [ 213 { 214 "Effect": "Allow", 215 "Action": [ 216 "s3:GetBucketLocation", 217 "s3:ListAllMyBuckets" 218 ], 219 "Resource": "arn:aws:s3:::*" 220 } 221 ] 222 } 223 EOF 224 } 225 226 resource "aws_iam_instance_profile" "role_update_test" { 227 name = "role_update_test" 228 path = "/test/" 229 roles = ["${aws_iam_role.role_update_test.name}"] 230 } 231 232 ` 233 234 const testAccAWSRolePost = ` 235 resource "aws_iam_role" "role_update_test" { 236 name = "tf_new_name" 237 path = "/test/" 238 assume_role_policy = <<EOF 239 { 240 "Version": "2012-10-17", 241 "Statement": [ 242 { 243 "Action": "sts:AssumeRole", 244 "Principal": { 245 "Service": "ec2.amazonaws.com" 246 }, 247 "Effect": "Allow", 248 "Sid": "" 249 } 250 ] 251 } 252 EOF 253 } 254 255 resource "aws_iam_role_policy" "role_update_test" { 256 name = "role_update_test" 257 role = "${aws_iam_role.role_update_test.id}" 258 policy = <<EOF 259 { 260 "Version": "2012-10-17", 261 "Statement": [ 262 { 263 "Effect": "Allow", 264 "Action": [ 265 "s3:GetBucketLocation", 266 "s3:ListAllMyBuckets" 267 ], 268 "Resource": "arn:aws:s3:::*" 269 } 270 ] 271 } 272 EOF 273 } 274 275 resource "aws_iam_instance_profile" "role_update_test" { 276 name = "role_update_test" 277 path = "/test/" 278 roles = ["${aws_iam_role.role_update_test.name}"] 279 } 280 281 `