github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/test/azure/terraform_azure_nsg_example_test.go

github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/test/azure/terraform_azure_nsg_example_test.go (about)

     1  //go:build azure
     2  // +build azure
     3  
     4  // NOTE: We use build tags to differentiate azure testing because we currently do not have azure access setup for
     5  // CircleCI.
     6  
     7  package test
     8  
     9  import (
    10  	"testing"
    11  
    12  	"github.com/gruntwork-io/terratest/modules/azure"
    13  	"github.com/gruntwork-io/terratest/modules/random"
    14  	"github.com/gruntwork-io/terratest/modules/terraform"
    15  	"github.com/stretchr/testify/assert"
    16  )
    17  
    18  func TestTerraformAzureNsgExample(t *testing.T) {
    19  	t.Parallel()
    20  
    21  	randomPostfixValue := random.UniqueId()
    22  
    23  	// Construct options for TF apply
    24  	terraformOptions := &terraform.Options{
    25  		// The path to where our Terraform code is located
    26  		TerraformDir: "../../examples/azure/terraform-azure-nsg-example",
    27  		Vars: map[string]interface{}{
    28  			"postfix": randomPostfixValue,
    29  		},
    30  	}
    31  
    32  	defer terraform.Destroy(t, terraformOptions)
    33  	terraform.InitAndApply(t, terraformOptions)
    34  
    35  	resourceGroupName := terraform.Output(t, terraformOptions, "resource_group_name")
    36  	nsgName := terraform.Output(t, terraformOptions, "nsg_name")
    37  	sshRuleName := terraform.Output(t, terraformOptions, "ssh_rule_name")
    38  	httpRuleName := terraform.Output(t, terraformOptions, "http_rule_name")
    39  
    40  	// A default NSG has 6 rules, and we have two custom rules for a total of 8
    41  	rules, err := azure.GetAllNSGRulesE(resourceGroupName, nsgName, "")
    42  	assert.NoError(t, err)
    43  	assert.Equal(t, 8, len(rules.SummarizedRules))
    44  
    45  	// We should have a rule for allowing ssh
    46  	sshRule := rules.FindRuleByName(sshRuleName)
    47  
    48  	// That rule should allow port 22 inbound
    49  	assert.True(t, sshRule.AllowsDestinationPort(t, "22"))
    50  
    51  	// But should not allow 80 inbound
    52  	assert.False(t, sshRule.AllowsDestinationPort(t, "80"))
    53  
    54  	// SSh is allowed from any port
    55  	assert.True(t, sshRule.AllowsSourcePort(t, "*"))
    56  
    57  	// We should have a rule for blocking HTTP
    58  	httpRule := rules.FindRuleByName(httpRuleName)
    59  
    60  	// This rule should BLOCK port 80 inbound
    61  	assert.False(t, httpRule.AllowsDestinationPort(t, "80"))
    62  }