github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_redshift_security_group_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/redshift" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSRedshiftSecurityGroup_ingressCidr(t *testing.T) { 15 var v redshift.ClusterSecurityGroup 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy, 21 Steps: []resource.TestStep{ 22 resource.TestStep{ 23 Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidr, 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 26 resource.TestCheckResourceAttr( 27 "aws_redshift_security_group.bar", "name", "redshift-sg-terraform"), 28 resource.TestCheckResourceAttr( 29 "aws_redshift_security_group.bar", "description", "Managed by Terraform"), 30 resource.TestCheckResourceAttr( 31 "aws_redshift_security_group.bar", "ingress.2735652665.cidr", "10.0.0.1/24"), 32 resource.TestCheckResourceAttr( 33 "aws_redshift_security_group.bar", "ingress.#", "1"), 34 ), 35 }, 36 }, 37 }) 38 } 39 40 func TestAccAWSRedshiftSecurityGroup_updateIngressCidr(t *testing.T) { 41 var v redshift.ClusterSecurityGroup 42 43 resource.Test(t, resource.TestCase{ 44 PreCheck: func() { testAccPreCheck(t) }, 45 Providers: testAccProviders, 46 CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy, 47 Steps: []resource.TestStep{ 48 resource.TestStep{ 49 Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidr, 50 Check: resource.ComposeTestCheckFunc( 51 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 52 resource.TestCheckResourceAttr( 53 "aws_redshift_security_group.bar", "ingress.#", "1"), 54 ), 55 }, 56 57 resource.TestStep{ 58 Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidrAdd, 59 Check: resource.ComposeTestCheckFunc( 60 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 61 resource.TestCheckResourceAttr( 62 "aws_redshift_security_group.bar", "ingress.#", "3"), 63 ), 64 }, 65 66 resource.TestStep{ 67 Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidrReduce, 68 Check: resource.ComposeTestCheckFunc( 69 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 70 resource.TestCheckResourceAttr( 71 "aws_redshift_security_group.bar", "ingress.#", "2"), 72 ), 73 }, 74 }, 75 }) 76 } 77 78 func TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup(t *testing.T) { 79 var v redshift.ClusterSecurityGroup 80 81 resource.Test(t, resource.TestCase{ 82 PreCheck: func() { testAccPreCheck(t) }, 83 Providers: testAccProviders, 84 CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy, 85 Steps: []resource.TestStep{ 86 resource.TestStep{ 87 Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgId, 88 Check: resource.ComposeTestCheckFunc( 89 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 90 resource.TestCheckResourceAttr( 91 "aws_redshift_security_group.bar", "name", "redshift-sg-terraform"), 92 resource.TestCheckResourceAttr( 93 "aws_redshift_security_group.bar", "description", "this is a description"), 94 resource.TestCheckResourceAttr( 95 "aws_redshift_security_group.bar", "ingress.#", "1"), 96 resource.TestCheckResourceAttr( 97 "aws_redshift_security_group.bar", "ingress.2230908922.security_group_name", "terraform_redshift_acceptance_test"), 98 ), 99 }, 100 }, 101 }) 102 } 103 104 func TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup(t *testing.T) { 105 var v redshift.ClusterSecurityGroup 106 107 resource.Test(t, resource.TestCase{ 108 PreCheck: func() { testAccPreCheck(t) }, 109 Providers: testAccProviders, 110 CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy, 111 Steps: []resource.TestStep{ 112 resource.TestStep{ 113 Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgId, 114 Check: resource.ComposeTestCheckFunc( 115 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 116 resource.TestCheckResourceAttr( 117 "aws_redshift_security_group.bar", "ingress.#", "1"), 118 ), 119 }, 120 121 resource.TestStep{ 122 Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgIdAdd, 123 Check: resource.ComposeTestCheckFunc( 124 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 125 resource.TestCheckResourceAttr( 126 "aws_redshift_security_group.bar", "ingress.#", "3"), 127 ), 128 }, 129 130 resource.TestStep{ 131 Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgIdReduce, 132 Check: resource.ComposeTestCheckFunc( 133 testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v), 134 resource.TestCheckResourceAttr( 135 "aws_redshift_security_group.bar", "ingress.#", "2"), 136 ), 137 }, 138 }, 139 }) 140 } 141 142 func testAccCheckAWSRedshiftSecurityGroupExists(n string, v *redshift.ClusterSecurityGroup) resource.TestCheckFunc { 143 return func(s *terraform.State) error { 144 rs, ok := s.RootModule().Resources[n] 145 if !ok { 146 return fmt.Errorf("Not found: %s", n) 147 } 148 149 if rs.Primary.ID == "" { 150 return fmt.Errorf("No Redshift Security Group ID is set") 151 } 152 153 conn := testAccProvider.Meta().(*AWSClient).redshiftconn 154 155 opts := redshift.DescribeClusterSecurityGroupsInput{ 156 ClusterSecurityGroupName: aws.String(rs.Primary.ID), 157 } 158 159 resp, err := conn.DescribeClusterSecurityGroups(&opts) 160 161 if err != nil { 162 return err 163 } 164 165 if len(resp.ClusterSecurityGroups) != 1 || 166 *resp.ClusterSecurityGroups[0].ClusterSecurityGroupName != rs.Primary.ID { 167 return fmt.Errorf("Redshift Security Group not found") 168 } 169 170 *v = *resp.ClusterSecurityGroups[0] 171 172 return nil 173 } 174 } 175 176 func testAccCheckAWSRedshiftSecurityGroupDestroy(s *terraform.State) error { 177 conn := testAccProvider.Meta().(*AWSClient).redshiftconn 178 179 for _, rs := range s.RootModule().Resources { 180 if rs.Type != "aws_redshift_security_group" { 181 continue 182 } 183 184 // Try to find the Group 185 resp, err := conn.DescribeClusterSecurityGroups( 186 &redshift.DescribeClusterSecurityGroupsInput{ 187 ClusterSecurityGroupName: aws.String(rs.Primary.ID), 188 }) 189 190 if err == nil { 191 if len(resp.ClusterSecurityGroups) != 0 && 192 *resp.ClusterSecurityGroups[0].ClusterSecurityGroupName == rs.Primary.ID { 193 return fmt.Errorf("Redshift Security Group still exists") 194 } 195 } 196 197 // Verify the error 198 newerr, ok := err.(awserr.Error) 199 if !ok { 200 return err 201 } 202 if newerr.Code() != "ClusterSecurityGroupNotFound" { 203 return err 204 } 205 } 206 207 return nil 208 } 209 210 func TestResourceAWSRedshiftSecurityGroupNameValidation(t *testing.T) { 211 cases := []struct { 212 Value string 213 ErrCount int 214 }{ 215 { 216 Value: "default", 217 ErrCount: 1, 218 }, 219 { 220 Value: "testing123%%", 221 ErrCount: 1, 222 }, 223 { 224 Value: "TestingSG", 225 ErrCount: 1, 226 }, 227 { 228 Value: randomString(256), 229 ErrCount: 1, 230 }, 231 } 232 233 for _, tc := range cases { 234 _, errors := validateRedshiftSecurityGroupName(tc.Value, "aws_redshift_security_group_name") 235 236 if len(errors) != tc.ErrCount { 237 t.Fatalf("Expected the Redshift Security Group Name to trigger a validation error") 238 } 239 } 240 } 241 242 const testAccAWSRedshiftSecurityGroupConfig_ingressCidr = ` 243 provider "aws" { 244 region = "us-east-1" 245 } 246 247 resource "aws_redshift_security_group" "bar" { 248 name = "redshift-sg-terraform" 249 250 ingress { 251 cidr = "10.0.0.1/24" 252 } 253 }` 254 255 const testAccAWSRedshiftSecurityGroupConfig_ingressCidrAdd = ` 256 provider "aws" { 257 region = "us-east-1" 258 } 259 260 resource "aws_redshift_security_group" "bar" { 261 name = "redshift-sg-terraform" 262 description = "this is a description" 263 264 ingress { 265 cidr = "10.0.0.1/24" 266 } 267 268 ingress { 269 cidr = "10.0.10.1/24" 270 } 271 272 ingress { 273 cidr = "10.0.20.1/24" 274 } 275 }` 276 277 const testAccAWSRedshiftSecurityGroupConfig_ingressCidrReduce = ` 278 provider "aws" { 279 region = "us-east-1" 280 } 281 282 resource "aws_redshift_security_group" "bar" { 283 name = "redshift-sg-terraform" 284 description = "this is a description" 285 286 ingress { 287 cidr = "10.0.0.1/24" 288 } 289 290 ingress { 291 cidr = "10.0.10.1/24" 292 } 293 }` 294 295 const testAccAWSRedshiftSecurityGroupConfig_ingressSgId = ` 296 provider "aws" { 297 region = "us-east-1" 298 } 299 300 resource "aws_security_group" "redshift" { 301 name = "terraform_redshift_acceptance_test" 302 description = "Used in the redshift acceptance tests" 303 304 ingress { 305 protocol = "tcp" 306 from_port = 22 307 to_port = 22 308 cidr_blocks = ["10.0.0.0/8"] 309 } 310 } 311 312 resource "aws_redshift_security_group" "bar" { 313 name = "redshift-sg-terraform" 314 description = "this is a description" 315 316 ingress { 317 security_group_name = "${aws_security_group.redshift.name}" 318 security_group_owner_id = "${aws_security_group.redshift.owner_id}" 319 } 320 }` 321 322 const testAccAWSRedshiftSecurityGroupConfig_ingressSgIdAdd = ` 323 provider "aws" { 324 region = "us-east-1" 325 } 326 327 resource "aws_security_group" "redshift" { 328 name = "terraform_redshift_acceptance_test" 329 description = "Used in the redshift acceptance tests" 330 331 ingress { 332 protocol = "tcp" 333 from_port = 22 334 to_port = 22 335 cidr_blocks = ["10.0.0.0/16"] 336 } 337 } 338 339 resource "aws_security_group" "redshift2" { 340 name = "terraform_redshift_acceptance_test_2" 341 description = "Used in the redshift acceptance tests #2" 342 343 ingress { 344 protocol = "tcp" 345 from_port = 22 346 to_port = 22 347 cidr_blocks = ["10.1.0.0/16"] 348 } 349 } 350 351 resource "aws_security_group" "redshift3" { 352 name = "terraform_redshift_acceptance_test_3" 353 description = "Used in the redshift acceptance tests #3" 354 355 ingress { 356 protocol = "tcp" 357 from_port = 22 358 to_port = 22 359 cidr_blocks = ["10.2.0.0/16"] 360 } 361 } 362 363 resource "aws_redshift_security_group" "bar" { 364 name = "redshift-sg-terraform" 365 description = "this is a description" 366 367 ingress { 368 security_group_name = "${aws_security_group.redshift.name}" 369 security_group_owner_id = "${aws_security_group.redshift.owner_id}" 370 } 371 372 ingress { 373 security_group_name = "${aws_security_group.redshift2.name}" 374 security_group_owner_id = "${aws_security_group.redshift.owner_id}" 375 } 376 377 ingress { 378 security_group_name = "${aws_security_group.redshift3.name}" 379 security_group_owner_id = "${aws_security_group.redshift.owner_id}" 380 } 381 }` 382 383 const testAccAWSRedshiftSecurityGroupConfig_ingressSgIdReduce = ` 384 provider "aws" { 385 region = "us-east-1" 386 } 387 388 resource "aws_security_group" "redshift" { 389 name = "terraform_redshift_acceptance_test" 390 description = "Used in the redshift acceptance tests" 391 392 ingress { 393 protocol = "tcp" 394 from_port = 22 395 to_port = 22 396 cidr_blocks = ["10.0.0.0/16"] 397 } 398 } 399 400 resource "aws_security_group" "redshift2" { 401 name = "terraform_redshift_acceptance_test_2" 402 description = "Used in the redshift acceptance tests #2" 403 404 ingress { 405 protocol = "tcp" 406 from_port = 22 407 to_port = 22 408 cidr_blocks = ["10.1.0.0/16"] 409 } 410 } 411 412 resource "aws_redshift_security_group" "bar" { 413 name = "redshift-sg-terraform" 414 description = "this is a description" 415 416 ingress { 417 security_group_name = "${aws_security_group.redshift.name}" 418 security_group_owner_id = "${aws_security_group.redshift.owner_id}" 419 } 420 421 ingress { 422 security_group_name = "${aws_security_group.redshift2.name}" 423 security_group_owner_id = "${aws_security_group.redshift.owner_id}" 424 } 425 }`