github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/google/resource_google_service_account_test.go

github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/google/resource_google_service_account_test.go (about)

     1  package google
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/hashicorp/terraform/helper/acctest"
     8  	"github.com/hashicorp/terraform/helper/resource"
     9  	"github.com/hashicorp/terraform/terraform"
    10  )
    11  
    12  // Test that a service account resource can be created, updated, and destroyed
    13  func TestAccGoogleServiceAccount_basic(t *testing.T) {
    14  	accountId := "a" + acctest.RandString(10)
    15  	displayName := "Terraform Test"
    16  	displayName2 := "Terraform Test Update"
    17  	resource.Test(t, resource.TestCase{
    18  		PreCheck:  func() { testAccPreCheck(t) },
    19  		Providers: testAccProviders,
    20  		Steps: []resource.TestStep{
    21  			// The first step creates a basic service account
    22  			resource.TestStep{
    23  				Config: testAccGoogleServiceAccountBasic(accountId, displayName),
    24  				Check: resource.ComposeTestCheckFunc(
    25  					testAccCheckGoogleServiceAccountExists("google_service_account.acceptance"),
    26  				),
    27  			},
    28  			// The second step updates the service account
    29  			resource.TestStep{
    30  				Config: testAccGoogleServiceAccountBasic(accountId, displayName2),
    31  				Check: resource.ComposeTestCheckFunc(
    32  					testAccCheckGoogleServiceAccountNameModified("google_service_account.acceptance", displayName2),
    33  				),
    34  			},
    35  		},
    36  	})
    37  }
    38  
    39  // Test that a service account resource can be created with a policy, updated,
    40  // and destroyed.
    41  func TestAccGoogleServiceAccount_createPolicy(t *testing.T) {
    42  	accountId := "a" + acctest.RandString(10)
    43  	displayName := "Terraform Test"
    44  	resource.Test(t, resource.TestCase{
    45  		PreCheck:  func() { testAccPreCheck(t) },
    46  		Providers: testAccProviders,
    47  		Steps: []resource.TestStep{
    48  			// The first step creates a basic service account with an IAM policy
    49  			resource.TestStep{
    50  				Config: testAccGoogleServiceAccountPolicy(accountId, projectId),
    51  				Check: resource.ComposeTestCheckFunc(
    52  					testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1),
    53  				),
    54  			},
    55  			// The second step updates the service account with no IAM policy
    56  			resource.TestStep{
    57  				Config: testAccGoogleServiceAccountBasic(accountId, displayName),
    58  				Check: resource.ComposeTestCheckFunc(
    59  					testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 0),
    60  				),
    61  			},
    62  			// The final step re-applies the IAM policy
    63  			resource.TestStep{
    64  				Config: testAccGoogleServiceAccountPolicy(accountId, projectId),
    65  				Check: resource.ComposeTestCheckFunc(
    66  					testAccCheckGoogleServiceAccountPolicyCount("google_service_account.acceptance", 1),
    67  				),
    68  			},
    69  		},
    70  	})
    71  }
    72  
    73  func testAccCheckGoogleServiceAccountPolicyCount(r string, n int) resource.TestCheckFunc {
    74  	return func(s *terraform.State) error {
    75  		c := testAccProvider.Meta().(*Config)
    76  		p, err := getServiceAccountIamPolicy(s.RootModule().Resources[r].Primary.ID, c)
    77  		if err != nil {
    78  			return fmt.Errorf("Failed to retrieve IAM Policy for service account: %s", err)
    79  		}
    80  		if len(p.Bindings) != n {
    81  			return fmt.Errorf("The service account has %v bindings but %v were expected", len(p.Bindings), n)
    82  		}
    83  		return nil
    84  	}
    85  }
    86  
    87  func testAccCheckGoogleServiceAccountExists(r string) resource.TestCheckFunc {
    88  	return func(s *terraform.State) error {
    89  		rs, ok := s.RootModule().Resources[r]
    90  		if !ok {
    91  			return fmt.Errorf("Not found: %s", r)
    92  		}
    93  
    94  		if rs.Primary.ID == "" {
    95  			return fmt.Errorf("No ID is set")
    96  		}
    97  
    98  		return nil
    99  	}
   100  }
   101  
   102  func testAccCheckGoogleServiceAccountNameModified(r, n string) resource.TestCheckFunc {
   103  	return func(s *terraform.State) error {
   104  		rs, ok := s.RootModule().Resources[r]
   105  		if !ok {
   106  			return fmt.Errorf("Not found: %s", r)
   107  		}
   108  
   109  		if rs.Primary.Attributes["display_name"] != n {
   110  			return fmt.Errorf("display_name is %q expected %q", rs.Primary.Attributes["display_name"], n)
   111  		}
   112  
   113  		return nil
   114  	}
   115  }
   116  
   117  func testAccGoogleServiceAccountBasic(account, name string) string {
   118  	t := `resource "google_service_account" "acceptance" {
   119      account_id = "%v"
   120  	display_name = "%v"
   121   }`
   122  	return fmt.Sprintf(t, account, name)
   123  }
   124  
   125  func testAccGoogleServiceAccountPolicy(account, name string) string {
   126  
   127  	t := `resource "google_service_account" "acceptance" {
   128      account_id = "%v"
   129      display_name = "%v"
   130      policy_data = "${data.google_iam_policy.service_account.policy_data}"
   131  }
   132  
   133  data "google_iam_policy" "service_account" {
   134    binding {
   135      role = "roles/iam.serviceAccountActor"
   136      members = [
   137        "serviceAccount:%v@%v.iam.gserviceaccount.com",
   138      ]
   139    }
   140  }`
   141  
   142  	return fmt.Sprintf(t, account, name, account, projectId)
   143  }