github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_cloudtrail_test.go

github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_cloudtrail_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"math/rand"
     6  	"testing"
     7  	"time"
     8  
     9  	"github.com/aws/aws-sdk-go/aws"
    10  	"github.com/aws/aws-sdk-go/service/cloudtrail"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/terraform"
    13  )
    14  
    15  func TestAccAWSCloudTrail_basic(t *testing.T) {
    16  	var trail cloudtrail.Trail
    17  
    18  	resource.Test(t, resource.TestCase{
    19  		PreCheck:     func() { testAccPreCheck(t) },
    20  		Providers:    testAccProviders,
    21  		CheckDestroy: testAccCheckAWSCloudTrailDestroy,
    22  		Steps: []resource.TestStep{
    23  			resource.TestStep{
    24  				Config: testAccAWSCloudTrailConfig,
    25  				Check: resource.ComposeTestCheckFunc(
    26  					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
    27  					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "include_global_service_events", "true"),
    28  				),
    29  			},
    30  			resource.TestStep{
    31  				Config: testAccAWSCloudTrailConfigModified,
    32  				Check: resource.ComposeTestCheckFunc(
    33  					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
    34  					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "s3_key_prefix", "/prefix"),
    35  					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "include_global_service_events", "false"),
    36  				),
    37  			},
    38  		},
    39  	})
    40  }
    41  
    42  func TestAccAWSCloudTrail_enable_logging(t *testing.T) {
    43  	var trail cloudtrail.Trail
    44  
    45  	resource.Test(t, resource.TestCase{
    46  		PreCheck:     func() { testAccPreCheck(t) },
    47  		Providers:    testAccProviders,
    48  		CheckDestroy: testAccCheckAWSCloudTrailDestroy,
    49  		Steps: []resource.TestStep{
    50  			resource.TestStep{
    51  				Config: testAccAWSCloudTrailConfig,
    52  				Check: resource.ComposeTestCheckFunc(
    53  					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
    54  					// AWS will create the trail with logging turned off.
    55  					// Test that "enable_logging" default works.
    56  					testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
    57  				),
    58  			},
    59  			resource.TestStep{
    60  				Config: testAccAWSCloudTrailConfigModified,
    61  				Check: resource.ComposeTestCheckFunc(
    62  					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
    63  					testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
    64  				),
    65  			},
    66  			resource.TestStep{
    67  				Config: testAccAWSCloudTrailConfig,
    68  				Check: resource.ComposeTestCheckFunc(
    69  					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
    70  					testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
    71  				),
    72  			},
    73  		},
    74  	})
    75  }
    76  
    77  func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc {
    78  	return func(s *terraform.State) error {
    79  		rs, ok := s.RootModule().Resources[n]
    80  		if !ok {
    81  			return fmt.Errorf("Not found: %s", n)
    82  		}
    83  
    84  		conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
    85  		params := cloudtrail.DescribeTrailsInput{
    86  			TrailNameList: []*string{aws.String(rs.Primary.ID)},
    87  		}
    88  		resp, err := conn.DescribeTrails(&params)
    89  		if err != nil {
    90  			return err
    91  		}
    92  		if len(resp.TrailList) == 0 {
    93  			return fmt.Errorf("Trail not found")
    94  		}
    95  		*trail = *resp.TrailList[0]
    96  
    97  		return nil
    98  	}
    99  }
   100  
   101  func testAccCheckCloudTrailLoggingEnabled(n string, desired bool, trail *cloudtrail.Trail) resource.TestCheckFunc {
   102  	return func(s *terraform.State) error {
   103  		rs, ok := s.RootModule().Resources[n]
   104  		if !ok {
   105  			return fmt.Errorf("Not found: %s", n)
   106  		}
   107  
   108  		conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
   109  		params := cloudtrail.GetTrailStatusInput{
   110  			Name: aws.String(rs.Primary.ID),
   111  		}
   112  		resp, err := conn.GetTrailStatus(&params)
   113  
   114  		if err != nil {
   115  			return err
   116  		}
   117  		if *resp.IsLogging != desired {
   118  			return fmt.Errorf("Expected logging status %t, given %t", desired, *resp.IsLogging)
   119  		}
   120  
   121  		return nil
   122  	}
   123  }
   124  
   125  func testAccCheckAWSCloudTrailDestroy(s *terraform.State) error {
   126  	conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
   127  
   128  	for _, rs := range s.RootModule().Resources {
   129  		if rs.Type != "aws_cloudtrail" {
   130  			continue
   131  		}
   132  
   133  		params := cloudtrail.DescribeTrailsInput{
   134  			TrailNameList: []*string{aws.String(rs.Primary.ID)},
   135  		}
   136  
   137  		resp, err := conn.DescribeTrails(&params)
   138  
   139  		if err == nil {
   140  			if len(resp.TrailList) != 0 &&
   141  				*resp.TrailList[0].Name == rs.Primary.ID {
   142  				return fmt.Errorf("CloudTrail still exists: %s", rs.Primary.ID)
   143  			}
   144  		}
   145  	}
   146  
   147  	return nil
   148  }
   149  
   150  var cloudTrailRandInt = rand.New(rand.NewSource(time.Now().UnixNano())).Int()
   151  
   152  var testAccAWSCloudTrailConfig = fmt.Sprintf(`
   153  resource "aws_cloudtrail" "foobar" {
   154      name = "tf-trail-foobar"
   155      s3_bucket_name = "${aws_s3_bucket.foo.id}"
   156  }
   157  
   158  resource "aws_s3_bucket" "foo" {
   159  	bucket = "tf-test-trail-%d"
   160  	force_destroy = true
   161  	policy = <<POLICY
   162  {
   163  	"Version": "2012-10-17",
   164  	"Statement": [
   165  		{
   166  			"Sid": "AWSCloudTrailAclCheck",
   167  			"Effect": "Allow",
   168  			"Principal": "*",
   169  			"Action": "s3:GetBucketAcl",
   170  			"Resource": "arn:aws:s3:::tf-test-trail-%d"
   171  		},
   172  		{
   173  			"Sid": "AWSCloudTrailWrite",
   174  			"Effect": "Allow",
   175  			"Principal": "*",
   176  			"Action": "s3:PutObject",
   177  			"Resource": "arn:aws:s3:::tf-test-trail-%d/*",
   178  			"Condition": {
   179  				"StringEquals": {
   180  					"s3:x-amz-acl": "bucket-owner-full-control"
   181  				}
   182  			}
   183  		}
   184  	]
   185  }
   186  POLICY
   187  }
   188  `, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
   189  
   190  var testAccAWSCloudTrailConfigModified = fmt.Sprintf(`
   191  resource "aws_cloudtrail" "foobar" {
   192      name = "tf-trail-foobar"
   193      s3_bucket_name = "${aws_s3_bucket.foo.id}"
   194      s3_key_prefix = "/prefix"
   195      include_global_service_events = false
   196      enable_logging = false
   197  }
   198  
   199  resource "aws_s3_bucket" "foo" {
   200  	bucket = "tf-test-trail-%d"
   201  	force_destroy = true
   202  	policy = <<POLICY
   203  {
   204  	"Version": "2012-10-17",
   205  	"Statement": [
   206  		{
   207  			"Sid": "AWSCloudTrailAclCheck",
   208  			"Effect": "Allow",
   209  			"Principal": "*",
   210  			"Action": "s3:GetBucketAcl",
   211  			"Resource": "arn:aws:s3:::tf-test-trail-%d"
   212  		},
   213  		{
   214  			"Sid": "AWSCloudTrailWrite",
   215  			"Effect": "Allow",
   216  			"Principal": "*",
   217  			"Action": "s3:PutObject",
   218  			"Resource": "arn:aws:s3:::tf-test-trail-%d/*",
   219  			"Condition": {
   220  				"StringEquals": {
   221  					"s3:x-amz-acl": "bucket-owner-full-control"
   222  				}
   223  			}
   224  		}
   225  	]
   226  }
   227  POLICY
   228  }
   229  `, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)