github.com/richardbowden/terraform@v0.6.12-0.20160901200758-30ea22c25211/builtin/providers/aws/resource_aws_network_acl_rule_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strconv" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSNetworkAclRule_basic(t *testing.T) { 16 var networkAcl ec2.NetworkAcl 17 18 resource.Test(t, resource.TestCase{ 19 PreCheck: func() { testAccPreCheck(t) }, 20 Providers: testAccProviders, 21 CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, 22 Steps: []resource.TestStep{ 23 resource.TestStep{ 24 Config: testAccAWSNetworkAclRuleBasicConfig, 25 Check: resource.ComposeTestCheckFunc( 26 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.baz", &networkAcl), 27 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.qux", &networkAcl), 28 testAccCheckAWSNetworkAclRuleExists("aws_network_acl_rule.wibble", &networkAcl), 29 ), 30 }, 31 }, 32 }) 33 } 34 35 func testAccCheckAWSNetworkAclRuleDestroy(s *terraform.State) error { 36 37 for _, rs := range s.RootModule().Resources { 38 conn := testAccProvider.Meta().(*AWSClient).ec2conn 39 if rs.Type != "aws_network_acl_rule" { 40 continue 41 } 42 43 req := &ec2.DescribeNetworkAclsInput{ 44 NetworkAclIds: []*string{aws.String(rs.Primary.ID)}, 45 } 46 resp, err := conn.DescribeNetworkAcls(req) 47 if err == nil { 48 if len(resp.NetworkAcls) > 0 && *resp.NetworkAcls[0].NetworkAclId == rs.Primary.ID { 49 networkAcl := resp.NetworkAcls[0] 50 if networkAcl.Entries != nil { 51 return fmt.Errorf("Network ACL Entries still exist") 52 } 53 } 54 } 55 56 ec2err, ok := err.(awserr.Error) 57 if !ok { 58 return err 59 } 60 if ec2err.Code() != "InvalidNetworkAclID.NotFound" { 61 return err 62 } 63 } 64 65 return nil 66 } 67 68 func testAccCheckAWSNetworkAclRuleExists(n string, networkAcl *ec2.NetworkAcl) resource.TestCheckFunc { 69 return func(s *terraform.State) error { 70 conn := testAccProvider.Meta().(*AWSClient).ec2conn 71 rs, ok := s.RootModule().Resources[n] 72 if !ok { 73 return fmt.Errorf("Not found: %s", n) 74 } 75 76 if rs.Primary.ID == "" { 77 return fmt.Errorf("No Network ACL Id is set") 78 } 79 80 req := &ec2.DescribeNetworkAclsInput{ 81 NetworkAclIds: []*string{aws.String(rs.Primary.Attributes["network_acl_id"])}, 82 } 83 resp, err := conn.DescribeNetworkAcls(req) 84 if err != nil { 85 return err 86 } 87 if len(resp.NetworkAcls) != 1 { 88 return fmt.Errorf("Network ACL not found") 89 } 90 egress, err := strconv.ParseBool(rs.Primary.Attributes["egress"]) 91 if err != nil { 92 return err 93 } 94 ruleNo, err := strconv.ParseInt(rs.Primary.Attributes["rule_number"], 10, 64) 95 if err != nil { 96 return err 97 } 98 for _, e := range resp.NetworkAcls[0].Entries { 99 if *e.RuleNumber == ruleNo && *e.Egress == egress { 100 return nil 101 } 102 } 103 return fmt.Errorf("Entry not found: %s", resp.NetworkAcls[0]) 104 } 105 } 106 107 const testAccAWSNetworkAclRuleBasicConfig = ` 108 provider "aws" { 109 region = "us-east-1" 110 } 111 resource "aws_vpc" "foo" { 112 cidr_block = "10.3.0.0/16" 113 } 114 resource "aws_network_acl" "bar" { 115 vpc_id = "${aws_vpc.foo.id}" 116 } 117 resource "aws_network_acl_rule" "baz" { 118 network_acl_id = "${aws_network_acl.bar.id}" 119 rule_number = 200 120 egress = false 121 protocol = "tcp" 122 rule_action = "allow" 123 cidr_block = "0.0.0.0/0" 124 from_port = 22 125 to_port = 22 126 } 127 resource "aws_network_acl_rule" "qux" { 128 network_acl_id = "${aws_network_acl.bar.id}" 129 rule_number = 300 130 protocol = "icmp" 131 rule_action = "allow" 132 cidr_block = "0.0.0.0/0" 133 icmp_type = 0 134 icmp_code = -1 135 } 136 resource "aws_network_acl_rule" "wibble" { 137 network_acl_id = "${aws_network_acl.bar.id}" 138 rule_number = 400 139 protocol = "icmp" 140 rule_action = "allow" 141 cidr_block = "0.0.0.0/0" 142 icmp_type = -1 143 icmp_code = -1 144 } 145 `