github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_opsworks_permission_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/opsworks" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSOpsworksPermission(t *testing.T) { 16 sName := fmt.Sprintf("tf-ops-perm-%d", acctest.RandInt()) 17 var opsperm opsworks.Permission 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAwsOpsworksPermissionDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAwsOpsworksPermissionCreate(sName, "true", "true", "iam_only"), 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSOpsworksPermissionExists( 27 "aws_opsworks_permission.tf-acc-perm", &opsperm), 28 testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, true, true, "iam_only"), 29 resource.TestCheckResourceAttr( 30 "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true", 31 ), 32 resource.TestCheckResourceAttr( 33 "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "true", 34 ), 35 resource.TestCheckResourceAttr( 36 "aws_opsworks_permission.tf-acc-perm", "level", "iam_only", 37 ), 38 ), 39 }, 40 resource.TestStep{ 41 Config: testAccAwsOpsworksPermissionCreate(sName, "true", "false", "iam_only"), 42 Check: resource.ComposeTestCheckFunc( 43 testAccCheckAWSOpsworksPermissionExists( 44 "aws_opsworks_permission.tf-acc-perm", &opsperm), 45 testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, true, false, "iam_only"), 46 resource.TestCheckResourceAttr( 47 "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true", 48 ), 49 resource.TestCheckResourceAttr( 50 "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false", 51 ), 52 resource.TestCheckResourceAttr( 53 "aws_opsworks_permission.tf-acc-perm", "level", "iam_only", 54 ), 55 ), 56 }, 57 resource.TestStep{ 58 Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "deny"), 59 Check: resource.ComposeTestCheckFunc( 60 testAccCheckAWSOpsworksPermissionExists( 61 "aws_opsworks_permission.tf-acc-perm", &opsperm), 62 testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, false, false, "deny"), 63 resource.TestCheckResourceAttr( 64 "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false", 65 ), 66 resource.TestCheckResourceAttr( 67 "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false", 68 ), 69 resource.TestCheckResourceAttr( 70 "aws_opsworks_permission.tf-acc-perm", "level", "deny", 71 ), 72 ), 73 }, 74 resource.TestStep{ 75 Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "show"), 76 Check: resource.ComposeTestCheckFunc( 77 testAccCheckAWSOpsworksPermissionExists( 78 "aws_opsworks_permission.tf-acc-perm", &opsperm), 79 testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, false, false, "show"), 80 resource.TestCheckResourceAttr( 81 "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false", 82 ), 83 resource.TestCheckResourceAttr( 84 "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false", 85 ), 86 resource.TestCheckResourceAttr( 87 "aws_opsworks_permission.tf-acc-perm", "level", "show", 88 ), 89 ), 90 }, 91 }, 92 }) 93 } 94 95 func testAccCheckAWSOpsworksPermissionExists( 96 n string, opsperm *opsworks.Permission) resource.TestCheckFunc { 97 return func(s *terraform.State) error { 98 rs, ok := s.RootModule().Resources[n] 99 if !ok { 100 return fmt.Errorf("Not found: %s", n) 101 } 102 103 if rs.Primary.ID == "" { 104 return fmt.Errorf("No ID is set") 105 } 106 107 conn := testAccProvider.Meta().(*AWSClient).opsworksconn 108 109 params := &opsworks.DescribePermissionsInput{ 110 StackId: aws.String(rs.Primary.Attributes["stack_id"]), 111 IamUserArn: aws.String(rs.Primary.Attributes["user_arn"]), 112 } 113 resp, err := conn.DescribePermissions(params) 114 115 if err != nil { 116 return err 117 } 118 119 if v := len(resp.Permissions); v != 1 { 120 return fmt.Errorf("Expected 1 response returned, got %d", v) 121 } 122 123 *opsperm = *resp.Permissions[0] 124 125 return nil 126 } 127 } 128 129 func testAccCheckAWSOpsworksCreatePermissionAttributes( 130 opsperm *opsworks.Permission, allowSsh bool, allowSudo bool, level string) resource.TestCheckFunc { 131 return func(s *terraform.State) error { 132 if *opsperm.AllowSsh != allowSsh { 133 return fmt.Errorf("Unnexpected allowSsh: %t", *opsperm.AllowSsh) 134 } 135 136 if *opsperm.AllowSudo != allowSudo { 137 return fmt.Errorf("Unnexpected allowSudo: %t", *opsperm.AllowSudo) 138 } 139 140 if *opsperm.Level != level { 141 return fmt.Errorf("Unnexpected level: %s", *opsperm.Level) 142 } 143 144 return nil 145 } 146 } 147 148 func testAccCheckAwsOpsworksPermissionDestroy(s *terraform.State) error { 149 client := testAccProvider.Meta().(*AWSClient).opsworksconn 150 151 for _, rs := range s.RootModule().Resources { 152 if rs.Type != "aws_opsworks_permission" { 153 continue 154 } 155 156 req := &opsworks.DescribePermissionsInput{ 157 IamUserArn: aws.String(rs.Primary.Attributes["user_arn"]), 158 } 159 160 resp, err := client.DescribePermissions(req) 161 if err == nil { 162 if len(resp.Permissions) > 0 { 163 return fmt.Errorf("OpsWorks Permissions still exist.") 164 } 165 } 166 167 if awserr, ok := err.(awserr.Error); ok { 168 if awserr.Code() != "ResourceNotFoundException" { 169 return err 170 } 171 } 172 } 173 return nil 174 } 175 176 func testAccAwsOpsworksPermissionCreate(name, ssh, sudo, level string) string { 177 return fmt.Sprintf(` 178 resource "aws_opsworks_permission" "tf-acc-perm" { 179 stack_id = "${aws_opsworks_stack.tf-acc.id}" 180 181 allow_ssh = %s 182 allow_sudo = %s 183 user_arn = "${aws_opsworks_user_profile.user.user_arn}" 184 level = "%s" 185 } 186 187 resource "aws_opsworks_user_profile" "user" { 188 user_arn = "${aws_iam_user.user.arn}" 189 ssh_username = "${aws_iam_user.user.name}" 190 } 191 192 resource "aws_iam_user" "user" { 193 name = "%s" 194 path = "/" 195 } 196 197 %s 198 `, ssh, sudo, level, name, testAccAwsOpsworksStackConfigVpcCreate(name)) 199 }