github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_flow_log_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ec2" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 func TestAccAWSFlowLog_basic(t *testing.T) { 14 var flowLog ec2.FlowLog 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 Providers: testAccProviders, 19 CheckDestroy: testAccCheckFlowLogDestroy, 20 Steps: []resource.TestStep{ 21 resource.TestStep{ 22 Config: testAccFlowLogConfig_basic, 23 Check: resource.ComposeTestCheckFunc( 24 testAccCheckFlowLogExists("aws_flow_log.test_flow_log", &flowLog), 25 testAccCheckAWSFlowLogAttributes(&flowLog), 26 ), 27 }, 28 }, 29 }) 30 } 31 32 func TestAccAWSFlowLog_subnet(t *testing.T) { 33 var flowLog ec2.FlowLog 34 35 resource.Test(t, resource.TestCase{ 36 PreCheck: func() { testAccPreCheck(t) }, 37 Providers: testAccProviders, 38 CheckDestroy: testAccCheckFlowLogDestroy, 39 Steps: []resource.TestStep{ 40 resource.TestStep{ 41 Config: testAccFlowLogConfig_subnet, 42 Check: resource.ComposeTestCheckFunc( 43 testAccCheckFlowLogExists("aws_flow_log.test_flow_log_subnet", &flowLog), 44 testAccCheckAWSFlowLogAttributes(&flowLog), 45 ), 46 }, 47 }, 48 }) 49 } 50 51 func testAccCheckFlowLogExists(n string, flowLog *ec2.FlowLog) resource.TestCheckFunc { 52 return func(s *terraform.State) error { 53 rs, ok := s.RootModule().Resources[n] 54 if !ok { 55 return fmt.Errorf("Not found: %s", n) 56 } 57 58 if rs.Primary.ID == "" { 59 return fmt.Errorf("No Flow Log ID is set") 60 } 61 62 conn := testAccProvider.Meta().(*AWSClient).ec2conn 63 describeOpts := &ec2.DescribeFlowLogsInput{ 64 FlowLogIds: []*string{aws.String(rs.Primary.ID)}, 65 } 66 resp, err := conn.DescribeFlowLogs(describeOpts) 67 if err != nil { 68 return err 69 } 70 71 if len(resp.FlowLogs) > 0 { 72 *flowLog = *resp.FlowLogs[0] 73 return nil 74 } 75 return fmt.Errorf("No Flow Logs found for id (%s)", rs.Primary.ID) 76 } 77 } 78 79 func testAccCheckAWSFlowLogAttributes(flowLog *ec2.FlowLog) resource.TestCheckFunc { 80 return func(s *terraform.State) error { 81 if flowLog.FlowLogStatus != nil && *flowLog.FlowLogStatus == "ACTIVE" { 82 return nil 83 } 84 if flowLog.FlowLogStatus == nil { 85 return fmt.Errorf("Flow Log status is not ACTIVE, is nil") 86 } else { 87 return fmt.Errorf("Flow Log status is not ACTIVE, got: %s", *flowLog.FlowLogStatus) 88 } 89 } 90 } 91 92 func testAccCheckFlowLogDestroy(s *terraform.State) error { 93 for _, rs := range s.RootModule().Resources { 94 if rs.Type != "aws_flow_log" { 95 continue 96 } 97 98 return nil 99 } 100 101 return nil 102 } 103 104 var testAccFlowLogConfig_basic = ` 105 resource "aws_vpc" "default" { 106 cidr_block = "10.0.0.0/16" 107 tags { 108 Name = "tf-flow-log-test" 109 } 110 } 111 112 resource "aws_subnet" "test_subnet" { 113 vpc_id = "${aws_vpc.default.id}" 114 cidr_block = "10.0.1.0/24" 115 116 tags { 117 Name = "tf-flow-test" 118 } 119 } 120 121 resource "aws_iam_role" "test_role" { 122 name = "test_role" 123 assume_role_policy = <<EOF 124 { 125 "Version": "2012-10-17", 126 "Statement": [ 127 { 128 "Effect": "Allow", 129 "Principal": { 130 "Service": [ 131 "ec2.amazonaws.com" 132 ] 133 }, 134 "Action": [ 135 "sts:AssumeRole" 136 ] 137 } 138 ] 139 } 140 EOF 141 } 142 143 resource "aws_cloudwatch_log_group" "foobar" { 144 name = "foo-bar" 145 } 146 resource "aws_flow_log" "test_flow_log" { 147 # log_group_name needs to exist before hand 148 # until we have a CloudWatch Log Group Resource 149 log_group_name = "tf-test-log-group" 150 iam_role_arn = "${aws_iam_role.test_role.arn}" 151 vpc_id = "${aws_vpc.default.id}" 152 traffic_type = "ALL" 153 } 154 155 resource "aws_flow_log" "test_flow_log_subnet" { 156 # log_group_name needs to exist before hand 157 # until we have a CloudWatch Log Group Resource 158 log_group_name = "${aws_cloudwatch_log_group.foobar.name}" 159 iam_role_arn = "${aws_iam_role.test_role.arn}" 160 subnet_id = "${aws_subnet.test_subnet.id}" 161 traffic_type = "ALL" 162 } 163 ` 164 165 var testAccFlowLogConfig_subnet = ` 166 resource "aws_vpc" "default" { 167 cidr_block = "10.0.0.0/16" 168 tags { 169 Name = "tf-flow-log-test" 170 } 171 } 172 173 resource "aws_subnet" "test_subnet" { 174 vpc_id = "${aws_vpc.default.id}" 175 cidr_block = "10.0.1.0/24" 176 177 tags { 178 Name = "tf-flow-test" 179 } 180 } 181 182 resource "aws_iam_role" "test_role" { 183 name = "test_role" 184 assume_role_policy = <<EOF 185 { 186 "Version": "2012-10-17", 187 "Statement": [ 188 { 189 "Effect": "Allow", 190 "Principal": { 191 "Service": [ 192 "ec2.amazonaws.com" 193 ] 194 }, 195 "Action": [ 196 "sts:AssumeRole" 197 ] 198 } 199 ] 200 } 201 EOF 202 } 203 resource "aws_cloudwatch_log_group" "foobar" { 204 name = "foo-bar" 205 } 206 207 resource "aws_flow_log" "test_flow_log_subnet" { 208 # log_group_name needs to exist before hand 209 # until we have a CloudWatch Log Group Resource 210 log_group_name = "${aws_cloudwatch_log_group.foobar.name}" 211 iam_role_arn = "${aws_iam_role.test_role.arn}" 212 subnet_id = "${aws_subnet.test_subnet.id}" 213 traffic_type = "ALL" 214 } 215 `