github.com/renier/terraform@v0.7.8-0.20161024133817-eb8a9ef5471a/builtin/providers/aws/resource_aws_vpc_endpoint_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/terraform" 14 ) 15 16 func TestAccAWSVpcEndpoint_basic(t *testing.T) { 17 var endpoint ec2.VpcEndpoint 18 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 22 Providers: testAccProviders, 23 CheckDestroy: testAccCheckVpcEndpointDestroy, 24 Steps: []resource.TestStep{ 25 resource.TestStep{ 26 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 27 Check: resource.ComposeTestCheckFunc( 28 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 29 testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"), 30 ), 31 }, 32 }, 33 }) 34 } 35 36 func TestAccAWSVpcEndpoint_withRouteTableAndPolicy(t *testing.T) { 37 var endpoint ec2.VpcEndpoint 38 var routeTable ec2.RouteTable 39 40 resource.Test(t, resource.TestCase{ 41 PreCheck: func() { testAccPreCheck(t) }, 42 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 43 Providers: testAccProviders, 44 CheckDestroy: testAccCheckVpcEndpointDestroy, 45 Steps: []resource.TestStep{ 46 resource.TestStep{ 47 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 48 Check: resource.ComposeTestCheckFunc( 49 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 50 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 51 ), 52 }, 53 resource.TestStep{ 54 Config: testAccVpcEndpointWithRouteTableAndPolicyConfigModified, 55 Check: resource.ComposeTestCheckFunc( 56 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 57 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 58 ), 59 }, 60 }, 61 }) 62 } 63 64 func TestAccAWSVpcEndpoint_WithoutRouteTableOrPolicyConfig(t *testing.T) { 65 var endpoint ec2.VpcEndpoint 66 67 resource.Test(t, resource.TestCase{ 68 PreCheck: func() { testAccPreCheck(t) }, 69 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 70 Providers: testAccProviders, 71 CheckDestroy: testAccCheckVpcEndpointDestroy, 72 Steps: []resource.TestStep{ 73 resource.TestStep{ 74 Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig, 75 Check: resource.ComposeTestCheckFunc( 76 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 77 testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"), 78 ), 79 }, 80 }, 81 }) 82 } 83 84 func testAccCheckVpcEndpointDestroy(s *terraform.State) error { 85 conn := testAccProvider.Meta().(*AWSClient).ec2conn 86 87 for _, rs := range s.RootModule().Resources { 88 if rs.Type != "aws_vpc_endpoint" { 89 continue 90 } 91 92 // Try to find the VPC 93 input := &ec2.DescribeVpcEndpointsInput{ 94 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 95 } 96 resp, err := conn.DescribeVpcEndpoints(input) 97 if err != nil { 98 // Verify the error is what we want 99 if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidVpcEndpointId.NotFound" { 100 continue 101 } 102 return err 103 } 104 if len(resp.VpcEndpoints) > 0 { 105 return fmt.Errorf("VPC Endpoints still exist.") 106 } 107 108 return err 109 } 110 111 return nil 112 } 113 114 func testAccCheckVpcEndpointExists(n string, endpoint *ec2.VpcEndpoint) resource.TestCheckFunc { 115 return func(s *terraform.State) error { 116 rs, ok := s.RootModule().Resources[n] 117 if !ok { 118 return fmt.Errorf("Not found: %s", n) 119 } 120 121 if rs.Primary.ID == "" { 122 return fmt.Errorf("No VPC Endpoint ID is set") 123 } 124 125 conn := testAccProvider.Meta().(*AWSClient).ec2conn 126 input := &ec2.DescribeVpcEndpointsInput{ 127 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 128 } 129 resp, err := conn.DescribeVpcEndpoints(input) 130 if err != nil { 131 return err 132 } 133 if len(resp.VpcEndpoints) == 0 { 134 return fmt.Errorf("VPC Endpoint not found") 135 } 136 137 *endpoint = *resp.VpcEndpoints[0] 138 139 return nil 140 } 141 } 142 143 func testAccCheckVpcEndpointPrefixListAvailable(n string) resource.TestCheckFunc { 144 return func(s *terraform.State) error { 145 rs, ok := s.RootModule().Resources[n] 146 if !ok { 147 return fmt.Errorf("Not found: %s", n) 148 } 149 150 prefixListID := rs.Primary.Attributes["prefix_list_id"] 151 if prefixListID == "" { 152 return fmt.Errorf("Prefix list ID not available") 153 } 154 if !strings.HasPrefix(prefixListID, "pl") { 155 return fmt.Errorf("Prefix list ID does not appear to be a valid value: '%s'", prefixListID) 156 } 157 158 return nil 159 } 160 } 161 162 const testAccVpcEndpointWithRouteTableAndPolicyConfig = ` 163 resource "aws_vpc" "foo" { 164 cidr_block = "10.0.0.0/16" 165 } 166 167 resource "aws_subnet" "foo" { 168 vpc_id = "${aws_vpc.foo.id}" 169 cidr_block = "10.0.1.0/24" 170 } 171 172 resource "aws_vpc_endpoint" "second-private-s3" { 173 vpc_id = "${aws_vpc.foo.id}" 174 service_name = "com.amazonaws.us-west-2.s3" 175 route_table_ids = ["${aws_route_table.default.id}"] 176 policy = <<POLICY 177 { 178 "Version": "2012-10-17", 179 "Statement": [ 180 { 181 "Sid":"AllowAll", 182 "Effect":"Allow", 183 "Principal":"*", 184 "Action":"*", 185 "Resource":"*" 186 } 187 ] 188 } 189 POLICY 190 } 191 192 resource "aws_route_table" "default" { 193 vpc_id = "${aws_vpc.foo.id}" 194 } 195 196 resource "aws_route_table_association" "main" { 197 subnet_id = "${aws_subnet.foo.id}" 198 route_table_id = "${aws_route_table.default.id}" 199 } 200 ` 201 202 const testAccVpcEndpointWithRouteTableAndPolicyConfigModified = ` 203 resource "aws_vpc" "foo" { 204 cidr_block = "10.0.0.0/16" 205 } 206 207 resource "aws_subnet" "foo" { 208 vpc_id = "${aws_vpc.foo.id}" 209 cidr_block = "10.0.1.0/24" 210 } 211 212 resource "aws_vpc_endpoint" "second-private-s3" { 213 vpc_id = "${aws_vpc.foo.id}" 214 service_name = "com.amazonaws.us-west-2.s3" 215 route_table_ids = ["${aws_route_table.default.id}"] 216 policy = <<POLICY 217 { 218 "Version": "2012-10-17", 219 "Statement": [ 220 { 221 "Sid":"AllowAll", 222 "Effect":"Allow", 223 "Principal":"*", 224 "Action":"*", 225 "Resource":"*" 226 } 227 ] 228 } 229 POLICY 230 } 231 232 resource "aws_internet_gateway" "gw" { 233 vpc_id = "${aws_vpc.foo.id}" 234 } 235 236 resource "aws_route_table" "default" { 237 vpc_id = "${aws_vpc.foo.id}" 238 239 route { 240 cidr_block = "0.0.0.0/0" 241 gateway_id = "${aws_internet_gateway.gw.id}" 242 } 243 } 244 245 resource "aws_route_table_association" "main" { 246 subnet_id = "${aws_subnet.foo.id}" 247 route_table_id = "${aws_route_table.default.id}" 248 } 249 ` 250 251 const testAccVpcEndpointWithoutRouteTableOrPolicyConfig = ` 252 resource "aws_vpc" "foo" { 253 cidr_block = "10.0.0.0/16" 254 } 255 256 resource "aws_vpc_endpoint" "second-private-s3" { 257 vpc_id = "${aws_vpc.foo.id}" 258 service_name = "com.amazonaws.us-west-2.s3" 259 } 260 `