github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_iam_group_membership_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/iam" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 func TestAccAWSGroupMembership_basic(t *testing.T) { 14 var group iam.GetGroupOutput 15 16 resource.Test(t, resource.TestCase{ 17 PreCheck: func() { testAccPreCheck(t) }, 18 Providers: testAccProviders, 19 CheckDestroy: testAccCheckAWSGroupMembershipDestroy, 20 Steps: []resource.TestStep{ 21 resource.TestStep{ 22 Config: testAccAWSGroupMemberConfig, 23 Check: resource.ComposeTestCheckFunc( 24 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 25 testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user"}), 26 ), 27 }, 28 29 resource.TestStep{ 30 Config: testAccAWSGroupMemberConfigUpdate, 31 Check: resource.ComposeTestCheckFunc( 32 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 33 testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-two", "test-user-three"}), 34 ), 35 }, 36 37 resource.TestStep{ 38 Config: testAccAWSGroupMemberConfigUpdateDown, 39 Check: resource.ComposeTestCheckFunc( 40 testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), 41 testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-three"}), 42 ), 43 }, 44 }, 45 }) 46 } 47 48 func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { 49 conn := testAccProvider.Meta().(*AWSClient).iamconn 50 51 for _, rs := range s.RootModule().Resources { 52 if rs.Type != "aws_iam_group_membership" { 53 continue 54 } 55 56 group := rs.Primary.Attributes["group"] 57 58 resp, err := conn.GetGroup(&iam.GetGroupInput{ 59 GroupName: aws.String(group), 60 }) 61 if err != nil { 62 // might error here 63 return err 64 } 65 66 users := []string{"test-user", "test-user-two", "test-user-three"} 67 for _, u := range resp.Users { 68 for _, i := range users { 69 if i == *u.UserName { 70 return fmt.Errorf("Error: User (%s) still a member of Group (%s)", i, *resp.Group.GroupName) 71 } 72 } 73 } 74 75 } 76 77 return nil 78 } 79 80 func testAccCheckAWSGroupMembershipExists(n string, g *iam.GetGroupOutput) resource.TestCheckFunc { 81 return func(s *terraform.State) error { 82 rs, ok := s.RootModule().Resources[n] 83 if !ok { 84 return fmt.Errorf("Not found: %s", n) 85 } 86 87 if rs.Primary.ID == "" { 88 return fmt.Errorf("No User name is set") 89 } 90 91 conn := testAccProvider.Meta().(*AWSClient).iamconn 92 gn := rs.Primary.Attributes["group"] 93 94 resp, err := conn.GetGroup(&iam.GetGroupInput{ 95 GroupName: aws.String(gn), 96 }) 97 98 if err != nil { 99 return fmt.Errorf("Error: Group (%s) not found", gn) 100 } 101 102 *g = *resp 103 104 return nil 105 } 106 } 107 108 func testAccCheckAWSGroupMembershipAttributes(group *iam.GetGroupOutput, users []string) resource.TestCheckFunc { 109 return func(s *terraform.State) error { 110 if *group.Group.GroupName != "test-group" { 111 return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group", *group.Group.GroupName) 112 } 113 114 uc := len(users) 115 for _, u := range users { 116 for _, gu := range group.Users { 117 if u == *gu.UserName { 118 uc-- 119 } 120 } 121 } 122 123 if uc > 0 { 124 return fmt.Errorf("Bad group membership count, expected (%d), but only (%d) found", len(users), uc) 125 } 126 return nil 127 } 128 } 129 130 const testAccAWSGroupMemberConfig = ` 131 resource "aws_iam_group" "group" { 132 name = "test-group" 133 path = "/" 134 } 135 136 resource "aws_iam_user" "user" { 137 name = "test-user" 138 path = "/" 139 } 140 141 resource "aws_iam_group_membership" "team" { 142 name = "tf-testing-group-membership" 143 users = ["${aws_iam_user.user.name}"] 144 group = "${aws_iam_group.group.name}" 145 } 146 ` 147 148 const testAccAWSGroupMemberConfigUpdate = ` 149 resource "aws_iam_group" "group" { 150 name = "test-group" 151 path = "/" 152 } 153 154 resource "aws_iam_user" "user" { 155 name = "test-user" 156 path = "/" 157 } 158 159 resource "aws_iam_user" "user_two" { 160 name = "test-user-two" 161 path = "/" 162 } 163 164 resource "aws_iam_user" "user_three" { 165 name = "test-user-three" 166 path = "/" 167 } 168 169 resource "aws_iam_group_membership" "team" { 170 name = "tf-testing-group-membership" 171 users = [ 172 "${aws_iam_user.user_two.name}", 173 "${aws_iam_user.user_three.name}", 174 ] 175 group = "${aws_iam_group.group.name}" 176 } 177 ` 178 179 const testAccAWSGroupMemberConfigUpdateDown = ` 180 resource "aws_iam_group" "group" { 181 name = "test-group" 182 path = "/" 183 } 184 185 resource "aws_iam_user" "user_three" { 186 name = "test-user-three" 187 path = "/" 188 } 189 190 resource "aws_iam_group_membership" "team" { 191 name = "tf-testing-group-membership" 192 users = [ 193 "${aws_iam_user.user_three.name}", 194 ] 195 group = "${aws_iam_group.group.name}" 196 } 197 `