github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_network_acl_rule_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strconv" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSNetworkAclRule_basic(t *testing.T) { 16 var networkAcl ec2.NetworkAcl 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAWSNetworkAclRuleBasicConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl), 27 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.qux", &networkAcl), 28 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.wibble", &networkAcl), 29 ), 30 }, 31 }, 32 }) 33 } 34 35 func TestResourceAWSNetworkAclRule_validateICMPArgumentValue(t *testing.T) { 36 type testCases struct { 37 Value string 38 ErrCount int 39 } 40 41 invalidCases := []testCases{ 42 { 43 Value: "", 44 ErrCount: 1, 45 }, 46 { 47 Value: "not-a-number", 48 ErrCount: 1, 49 }, 50 { 51 Value: "1.0", 52 ErrCount: 1, 53 }, 54 } 55 56 for _, tc := range invalidCases { 57 _, errors := validateICMPArgumentValue(tc.Value, "icmp_type") 58 if len(errors) != tc.ErrCount { 59 t.Fatalf("Expected %q to trigger a validation error.", tc.Value) 60 } 61 } 62 63 validCases := []testCases{ 64 { 65 Value: "0", 66 ErrCount: 0, 67 }, 68 { 69 Value: "-1", 70 ErrCount: 0, 71 }, 72 { 73 Value: "1", 74 ErrCount: 0, 75 }, 76 } 77 78 for _, tc := range validCases { 79 _, errors := validateICMPArgumentValue(tc.Value, "icmp_type") 80 if len(errors) != tc.ErrCount { 81 t.Fatalf("Expected %q not to trigger a validation error.", tc.Value) 82 } 83 } 84 85 } 86 87 func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error { 88 89 for _, rs := range s.RootModule().Resources { 90 conn := testAccProvider.Meta().(*AWSClient).ec2conn 91 if rs.Type != "aws_network_acl_rule" { 92 continue 93 } 94 95 req := &ec2.DescribeNetworkAclsInput{ 96 NetworkAclIds: []*string{aws.String(rs.Primary.ID)}, 97 } 98 resp, err := conn.DescribeNetworkAcls(req) 99 if err == nil { 100 if len(resp.NetworkAcls) > 0 && *resp.NetworkAcls[0].NetworkAclId == rs.Primary.ID { 101 networkAcl := resp.NetworkAcls[0] 102 if networkAcl.Entries != nil { 103 return fmt.Errorf("Network ACL Entries still exist") 104 } 105 } 106 } 107 108 ec2err, ok := err.(awserr.Error) 109 if !ok { 110 return err 111 } 112 if ec2err.Code() != "InvalidNetworkAclID.NotFound" { 113 return err 114 } 115 } 116 117 return nil 118 } 119 120 func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc { 121 return func(s *terraform.State) error { 122 conn := testAccProvider.Meta().(*AWSClient).ec2conn 123 rs, ok := s.RootModule().Resources[n] 124 if !ok { 125 return fmt.Errorf("Not found: %s", n) 126 } 127 128 if rs.Primary.ID == "" { 129 return fmt.Errorf("No Network ACL Id is set") 130 } 131 132 req := &ec2.DescribeNetworkAclsInput{ 133 NetworkAclIds: []*string{aws.String(rs.Primary.Attributes["network_acl_id"])}, 134 } 135 resp, err := conn.DescribeNetworkAcls(req) 136 if err != nil { 137 return err 138 } 139 if len(resp.NetworkAcls) != 1 { 140 return fmt.Errorf("Network ACL not found") 141 } 142 egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"]) 143 if err != nil { 144 return err 145 } 146 ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64) 147 if err != nil { 148 return err 149 } 150 for _, e := range resp.NetworkAcls[0].Entries { 151 if *e.RuleNumber == ruleNo && *e.Egress == egress { 152 return nil 153 } 154 } 155 return fmt.Errorf("Entry not found: %s", resp.NetworkAcls[0]) 156 } 157 } 158 159 const testAccAWSNetworkAclRuleBasicConfig = ` 160 provider "aws" { 161 region = "us-east-1" 162 } 163 resource "aws_vpc" "foo" { 164 cidr_block = "10.3.0.0/16" 165 } 166 resource "aws_network_acl" "bar" { 167 vpc_id = "${aws_vpc.foo.id}" 168 } 169 resource "aws_network_acl_rule" "baz" { 170 network_acl_id = "${aws_network_acl.bar.id}" 171 rule_number = 200 172 egress = false 173 protocol = "tcp" 174 rule_action = "allow" 175 cidr_block = "0.0.0.0/0" 176 from_port = 22 177 to_port = 22 178 } 179 resource "aws_network_acl_rule" "qux" { 180 network_acl_id = "${aws_network_acl.bar.id}" 181 rule_number = 300 182 protocol = "icmp" 183 rule_action = "allow" 184 cidr_block = "0.0.0.0/0" 185 icmp_type = 0 186 icmp_code = -1 187 } 188 resource "aws_network_acl_rule" "wibble" { 189 network_acl_id = "${aws_network_acl.bar.id}" 190 rule_number = 400 191 protocol = "icmp" 192 rule_action = "allow" 193 cidr_block = "0.0.0.0/0" 194 icmp_type = -1 195 icmp_code = -1 196 } 197 `