github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_opsworks_permission_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/opsworks"
    10  	"github.com/hashicorp/terraform/helper/acctest"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/terraform"
    13  )
    14  
    15  func TestAccAWSOpsworksPermission(t *testing.T) {
    16  	sName := fmt.Sprintf("tf-ops-perm-%d", acctest.RandInt())
    17  	var opsperm opsworks.Permission
    18  	resource.Test(t, resource.TestCase{
    19  		PreCheck:     func() { testAccPreCheck(t) },
    20  		Providers:    testAccProviders,
    21  		CheckDestroy: testAccCheckAwsOpsworksPermissionDestroy,
    22  		Steps: []resource.TestStep{
    23  			resource.TestStep{
    24  				Config: testAccAwsOpsworksPermissionCreate(sName, "true", "true", "iam_only"),
    25  				Check: resource.ComposeTestCheckFunc(
    26  					testAccCheckAWSOpsworksPermissionExists(
    27  						"aws_opsworks_permission.tf-acc-perm", &opsperm),
    28  					testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, true, true, "iam_only"),
    29  					resource.TestCheckResourceAttr(
    30  						"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true",
    31  					),
    32  					resource.TestCheckResourceAttr(
    33  						"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "true",
    34  					),
    35  					resource.TestCheckResourceAttr(
    36  						"aws_opsworks_permission.tf-acc-perm", "level", "iam_only",
    37  					),
    38  				),
    39  			},
    40  			resource.TestStep{
    41  				Config: testAccAwsOpsworksPermissionCreate(sName, "true", "false", "iam_only"),
    42  				Check: resource.ComposeTestCheckFunc(
    43  					testAccCheckAWSOpsworksPermissionExists(
    44  						"aws_opsworks_permission.tf-acc-perm", &opsperm),
    45  					testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, true, false, "iam_only"),
    46  					resource.TestCheckResourceAttr(
    47  						"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true",
    48  					),
    49  					resource.TestCheckResourceAttr(
    50  						"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false",
    51  					),
    52  					resource.TestCheckResourceAttr(
    53  						"aws_opsworks_permission.tf-acc-perm", "level", "iam_only",
    54  					),
    55  				),
    56  			},
    57  			resource.TestStep{
    58  				Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "deny"),
    59  				Check: resource.ComposeTestCheckFunc(
    60  					testAccCheckAWSOpsworksPermissionExists(
    61  						"aws_opsworks_permission.tf-acc-perm", &opsperm),
    62  					testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, false, false, "deny"),
    63  					resource.TestCheckResourceAttr(
    64  						"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false",
    65  					),
    66  					resource.TestCheckResourceAttr(
    67  						"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false",
    68  					),
    69  					resource.TestCheckResourceAttr(
    70  						"aws_opsworks_permission.tf-acc-perm", "level", "deny",
    71  					),
    72  				),
    73  			},
    74  			resource.TestStep{
    75  				Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "show"),
    76  				Check: resource.ComposeTestCheckFunc(
    77  					testAccCheckAWSOpsworksPermissionExists(
    78  						"aws_opsworks_permission.tf-acc-perm", &opsperm),
    79  					testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, false, false, "show"),
    80  					resource.TestCheckResourceAttr(
    81  						"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false",
    82  					),
    83  					resource.TestCheckResourceAttr(
    84  						"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false",
    85  					),
    86  					resource.TestCheckResourceAttr(
    87  						"aws_opsworks_permission.tf-acc-perm", "level", "show",
    88  					),
    89  				),
    90  			},
    91  		},
    92  	})
    93  }
    94  
    95  func testAccCheckAWSOpsworksPermissionExists(
    96  	n string, opsperm *opsworks.Permission) resource.TestCheckFunc {
    97  	return func(s *terraform.State) error {
    98  		rs, ok := s.RootModule().Resources[n]
    99  		if !ok {
   100  			return fmt.Errorf("Not found: %s", n)
   101  		}
   102  
   103  		if rs.Primary.ID == "" {
   104  			return fmt.Errorf("No ID is set")
   105  		}
   106  
   107  		conn := testAccProvider.Meta().(*AWSClient).opsworksconn
   108  
   109  		params := &opsworks.DescribePermissionsInput{
   110  			StackId:    aws.String(rs.Primary.Attributes["stack_id"]),
   111  			IamUserArn: aws.String(rs.Primary.Attributes["user_arn"]),
   112  		}
   113  		resp, err := conn.DescribePermissions(params)
   114  
   115  		if err != nil {
   116  			return err
   117  		}
   118  
   119  		if v := len(resp.Permissions); v != 1 {
   120  			return fmt.Errorf("Expected 1 response returned, got %d", v)
   121  		}
   122  
   123  		*opsperm = *resp.Permissions[0]
   124  
   125  		return nil
   126  	}
   127  }
   128  
   129  func testAccCheckAWSOpsworksCreatePermissionAttributes(
   130  	opsperm *opsworks.Permission, allowSsh bool, allowSudo bool, level string) resource.TestCheckFunc {
   131  	return func(s *terraform.State) error {
   132  		if *opsperm.AllowSsh != allowSsh {
   133  			return fmt.Errorf("Unnexpected allowSsh: %t", *opsperm.AllowSsh)
   134  		}
   135  
   136  		if *opsperm.AllowSudo != allowSudo {
   137  			return fmt.Errorf("Unnexpected allowSudo: %t", *opsperm.AllowSudo)
   138  		}
   139  
   140  		if *opsperm.Level != level {
   141  			return fmt.Errorf("Unnexpected level: %s", *opsperm.Level)
   142  		}
   143  
   144  		return nil
   145  	}
   146  }
   147  
   148  func testAccCheckAwsOpsworksPermissionDestroy(s *terraform.State) error {
   149  	client := testAccProvider.Meta().(*AWSClient).opsworksconn
   150  
   151  	for _, rs := range s.RootModule().Resources {
   152  		if rs.Type != "aws_opsworks_permission" {
   153  			continue
   154  		}
   155  
   156  		req := &opsworks.DescribePermissionsInput{
   157  			IamUserArn: aws.String(rs.Primary.Attributes["user_arn"]),
   158  		}
   159  
   160  		resp, err := client.DescribePermissions(req)
   161  		if err == nil {
   162  			if len(resp.Permissions) > 0 {
   163  				return fmt.Errorf("OpsWorks Permissions still exist.")
   164  			}
   165  		}
   166  
   167  		if awserr, ok := err.(awserr.Error); ok {
   168  			if awserr.Code() != "ResourceNotFoundException" {
   169  				return err
   170  			}
   171  		}
   172  	}
   173  	return nil
   174  }
   175  
   176  func testAccAwsOpsworksPermissionCreate(name, ssh, sudo, level string) string {
   177  	return fmt.Sprintf(`
   178  resource "aws_opsworks_permission" "tf-acc-perm" {
   179    stack_id = "${aws_opsworks_stack.tf-acc.id}"
   180  
   181    allow_ssh = %s
   182    allow_sudo = %s
   183    user_arn = "${aws_opsworks_user_profile.user.user_arn}"
   184    level = "%s"
   185  }
   186  
   187  resource "aws_opsworks_user_profile" "user" {
   188    user_arn = "${aws_iam_user.user.arn}"
   189    ssh_username = "${aws_iam_user.user.name}"
   190  }
   191  
   192  resource "aws_iam_user" "user" {
   193  	name = "%s"
   194  	path = "/"
   195  }
   196  	
   197  %s
   198  `, ssh, sudo, level, name, testAccAwsOpsworksStackConfigVpcCreate(name))
   199  }