github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_iam_role_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSRole_basic(t *testing.T) { 15 var conf iam.GetRoleOutput 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { testAccPreCheck(t) }, 19 Providers: testAccProviders, 20 CheckDestroy: testAccCheckAWSRoleDestroy, 21 Steps: []resource.TestStep{ 22 resource.TestStep{ 23 Config: testAccAWSRoleConfig, 24 Check: resource.ComposeTestCheckFunc( 25 testAccCheckAWSRoleExists("aws_iam_role.role", &conf), 26 testAccCheckAWSRoleAttributes(&conf), 27 ), 28 }, 29 }, 30 }) 31 } 32 33 func TestAccAWSRole_testNameChange(t *testing.T) { 34 var conf iam.GetRoleOutput 35 36 resource.Test(t, resource.TestCase{ 37 PreCheck: func() { testAccPreCheck(t) }, 38 Providers: testAccProviders, 39 CheckDestroy: testAccCheckAWSRoleDestroy, 40 Steps: []resource.TestStep{ 41 resource.TestStep{ 42 Config: testAccAWSRolePre, 43 Check: resource.ComposeTestCheckFunc( 44 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 45 ), 46 }, 47 48 resource.TestStep{ 49 Config: testAccAWSRolePost, 50 Check: resource.ComposeTestCheckFunc( 51 testAccCheckAWSRoleExists("aws_iam_role.role_update_test", &conf), 52 ), 53 }, 54 }, 55 }) 56 } 57 58 func testAccCheckAWSRoleDestroy(s *terraform.State) error { 59 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 60 61 for _, rs := range s.RootModule().Resources { 62 if rs.Type != "aws_iam_role" { 63 continue 64 } 65 66 // Try to get role 67 _, err := iamconn.GetRole(&iam.GetRoleInput{ 68 RoleName: aws.String(rs.Primary.ID), 69 }) 70 if err == nil { 71 return fmt.Errorf("still exist.") 72 } 73 74 // Verify the error is what we want 75 ec2err, ok := err.(awserr.Error) 76 if !ok { 77 return err 78 } 79 if ec2err.Code() != "NoSuchEntity" { 80 return err 81 } 82 } 83 84 return nil 85 } 86 87 func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCheckFunc { 88 return func(s *terraform.State) error { 89 rs, ok := s.RootModule().Resources[n] 90 if !ok { 91 return fmt.Errorf("Not found: %s", n) 92 } 93 94 if rs.Primary.ID == "" { 95 return fmt.Errorf("No Role name is set") 96 } 97 98 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 99 100 resp, err := iamconn.GetRole(&iam.GetRoleInput{ 101 RoleName: aws.String(rs.Primary.ID), 102 }) 103 if err != nil { 104 return err 105 } 106 107 *res = *resp 108 109 return nil 110 } 111 } 112 113 func testAccCheckAWSRoleAttributes(role *iam.GetRoleOutput) resource.TestCheckFunc { 114 return func(s *terraform.State) error { 115 if *role.Role.RoleName != "test-role" { 116 return fmt.Errorf("Bad name: %s", *role.Role.RoleName) 117 } 118 119 if *role.Role.Path != "/" { 120 return fmt.Errorf("Bad path: %s", *role.Role.Path) 121 } 122 return nil 123 } 124 } 125 126 const testAccAWSRoleConfig = ` 127 resource "aws_iam_role" "role" { 128 name = "test-role" 129 path = "/" 130 assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}" 131 } 132 ` 133 134 const testAccAWSRolePre = ` 135 resource "aws_iam_role" "role_update_test" { 136 name = "tf_old_name" 137 path = "/test/" 138 assume_role_policy = <<EOF 139 { 140 "Version": "2012-10-17", 141 "Statement": [ 142 { 143 "Action": "sts:AssumeRole", 144 "Principal": { 145 "Service": "ec2.amazonaws.com" 146 }, 147 "Effect": "Allow", 148 "Sid": "" 149 } 150 ] 151 } 152 EOF 153 } 154 155 resource "aws_iam_role_policy" "role_update_test" { 156 name = "role_update_test" 157 role = "${aws_iam_role.role_update_test.id}" 158 policy = <<EOF 159 { 160 "Version": "2012-10-17", 161 "Statement": [ 162 { 163 "Effect": "Allow", 164 "Action": [ 165 "s3:GetBucketLocation", 166 "s3:ListAllMyBuckets" 167 ], 168 "Resource": "arn:aws:s3:::*" 169 } 170 ] 171 } 172 EOF 173 } 174 175 resource "aws_iam_instance_profile" "role_update_test" { 176 name = "role_update_test" 177 path = "/test/" 178 roles = ["${aws_iam_role.role_update_test.name}"] 179 } 180 181 ` 182 183 const testAccAWSRolePost = ` 184 resource "aws_iam_role" "role_update_test" { 185 name = "tf_new_name" 186 path = "/test/" 187 assume_role_policy = <<EOF 188 { 189 "Version": "2012-10-17", 190 "Statement": [ 191 { 192 "Action": "sts:AssumeRole", 193 "Principal": { 194 "Service": "ec2.amazonaws.com" 195 }, 196 "Effect": "Allow", 197 "Sid": "" 198 } 199 ] 200 } 201 EOF 202 } 203 204 resource "aws_iam_role_policy" "role_update_test" { 205 name = "role_update_test" 206 role = "${aws_iam_role.role_update_test.id}" 207 policy = <<EOF 208 { 209 "Version": "2012-10-17", 210 "Statement": [ 211 { 212 "Effect": "Allow", 213 "Action": [ 214 "s3:GetBucketLocation", 215 "s3:ListAllMyBuckets" 216 ], 217 "Resource": "arn:aws:s3:::*" 218 } 219 ] 220 } 221 EOF 222 } 223 224 resource "aws_iam_instance_profile" "role_update_test" { 225 name = "role_update_test" 226 path = "/test/" 227 roles = ["${aws_iam_role.role_update_test.name}"] 228 } 229 230 `