github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go (about) 1 package cloudstack 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/terraform" 10 "github.com/xanzy/go-cloudstack/cloudstack" 11 ) 12 13 func TestAccCloudStackNetworkACLRule_basic(t *testing.T) { 14 resource.Test(t, resource.TestCase{ 15 PreCheck: func() { testAccPreCheck(t) }, 16 Providers: testAccProviders, 17 CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy, 18 Steps: []resource.TestStep{ 19 resource.TestStep{ 20 Config: testAccCloudStackNetworkACLRule_basic, 21 Check: resource.ComposeTestCheckFunc( 22 testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.foo"), 23 resource.TestCheckResourceAttr( 24 "cloudstack_network_acl_rule.foo", "rule.#", "3"), 25 resource.TestCheckResourceAttr( 26 "cloudstack_network_acl_rule.foo", "rule.3247834462.action", "allow"), 27 resource.TestCheckResourceAttr( 28 "cloudstack_network_acl_rule.foo", "rule.3247834462.source_cidr", "172.16.100.0/24"), 29 resource.TestCheckResourceAttr( 30 "cloudstack_network_acl_rule.foo", "rule.3247834462.protocol", "tcp"), 31 resource.TestCheckResourceAttr( 32 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.#", "2"), 33 resource.TestCheckResourceAttr( 34 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.1889509032", "80"), 35 resource.TestCheckResourceAttr( 36 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.3638101695", "443"), 37 resource.TestCheckResourceAttr( 38 "cloudstack_network_acl_rule.foo", "rule.3247834462.traffic_type", "ingress"), 39 ), 40 }, 41 }, 42 }) 43 } 44 45 func TestAccCloudStackNetworkACLRule_update(t *testing.T) { 46 resource.Test(t, resource.TestCase{ 47 PreCheck: func() { testAccPreCheck(t) }, 48 Providers: testAccProviders, 49 CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy, 50 Steps: []resource.TestStep{ 51 resource.TestStep{ 52 Config: testAccCloudStackNetworkACLRule_basic, 53 Check: resource.ComposeTestCheckFunc( 54 testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.foo"), 55 resource.TestCheckResourceAttr( 56 "cloudstack_network_acl_rule.foo", "rule.#", "3"), 57 resource.TestCheckResourceAttr( 58 "cloudstack_network_acl_rule.foo", "rule.3247834462.action", "allow"), 59 resource.TestCheckResourceAttr( 60 "cloudstack_network_acl_rule.foo", "rule.3247834462.source_cidr", "172.16.100.0/24"), 61 resource.TestCheckResourceAttr( 62 "cloudstack_network_acl_rule.foo", "rule.3247834462.protocol", "tcp"), 63 resource.TestCheckResourceAttr( 64 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.#", "2"), 65 resource.TestCheckResourceAttr( 66 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.1889509032", "80"), 67 resource.TestCheckResourceAttr( 68 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.3638101695", "443"), 69 resource.TestCheckResourceAttr( 70 "cloudstack_network_acl_rule.foo", "rule.3247834462.traffic_type", "ingress"), 71 ), 72 }, 73 74 resource.TestStep{ 75 Config: testAccCloudStackNetworkACLRule_update, 76 Check: resource.ComposeTestCheckFunc( 77 testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.foo"), 78 resource.TestCheckResourceAttr( 79 "cloudstack_network_acl_rule.foo", "rule.#", "4"), 80 resource.TestCheckResourceAttr( 81 "cloudstack_network_acl_rule.foo", "rule.3247834462.action", "allow"), 82 resource.TestCheckResourceAttr( 83 "cloudstack_network_acl_rule.foo", "rule.3247834462.source_cidr", "172.16.100.0/24"), 84 resource.TestCheckResourceAttr( 85 "cloudstack_network_acl_rule.foo", "rule.3247834462.protocol", "tcp"), 86 resource.TestCheckResourceAttr( 87 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.#", "2"), 88 resource.TestCheckResourceAttr( 89 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.1889509032", "80"), 90 resource.TestCheckResourceAttr( 91 "cloudstack_network_acl_rule.foo", "rule.3247834462.ports.3638101695", "443"), 92 resource.TestCheckResourceAttr( 93 "cloudstack_network_acl_rule.foo", "rule.3247834462.traffic_type", "ingress"), 94 resource.TestCheckResourceAttr( 95 "cloudstack_network_acl_rule.foo", "rule.4267872693.action", "deny"), 96 resource.TestCheckResourceAttr( 97 "cloudstack_network_acl_rule.foo", "rule.4267872693.source_cidr", "10.0.0.0/24"), 98 resource.TestCheckResourceAttr( 99 "cloudstack_network_acl_rule.foo", "rule.4267872693.protocol", "tcp"), 100 resource.TestCheckResourceAttr( 101 "cloudstack_network_acl_rule.foo", "rule.4267872693.ports.#", "2"), 102 resource.TestCheckResourceAttr( 103 "cloudstack_network_acl_rule.foo", "rule.4267872693.ports.1209010669", "1000-2000"), 104 resource.TestCheckResourceAttr( 105 "cloudstack_network_acl_rule.foo", "rule.4267872693.ports.1889509032", "80"), 106 resource.TestCheckResourceAttr( 107 "cloudstack_network_acl_rule.foo", "rule.4267872693.traffic_type", "egress"), 108 ), 109 }, 110 }, 111 }) 112 } 113 114 func testAccCheckCloudStackNetworkACLRulesExist(n string) resource.TestCheckFunc { 115 return func(s *terraform.State) error { 116 rs, ok := s.RootModule().Resources[n] 117 if !ok { 118 return fmt.Errorf("Not found: %s", n) 119 } 120 121 if rs.Primary.ID == "" { 122 return fmt.Errorf("No network ACL rule ID is set") 123 } 124 125 for k, id := range rs.Primary.Attributes { 126 if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") { 127 continue 128 } 129 130 cs := testAccProvider.Meta().(*cloudstack.CloudStackClient) 131 _, count, err := cs.NetworkACL.GetNetworkACLByID(id) 132 133 if err != nil { 134 return err 135 } 136 137 if count == 0 { 138 return fmt.Errorf("Network ACL rule %s not found", k) 139 } 140 } 141 142 return nil 143 } 144 } 145 146 func testAccCheckCloudStackNetworkACLRuleDestroy(s *terraform.State) error { 147 cs := testAccProvider.Meta().(*cloudstack.CloudStackClient) 148 149 for _, rs := range s.RootModule().Resources { 150 if rs.Type != "cloudstack_network_acl_rule" { 151 continue 152 } 153 154 if rs.Primary.ID == "" { 155 return fmt.Errorf("No network ACL rule ID is set") 156 } 157 158 for k, id := range rs.Primary.Attributes { 159 if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") { 160 continue 161 } 162 163 _, _, err := cs.NetworkACL.GetNetworkACLByID(id) 164 if err == nil { 165 return fmt.Errorf("Network ACL rule %s still exists", rs.Primary.ID) 166 } 167 } 168 } 169 170 return nil 171 } 172 173 var testAccCloudStackNetworkACLRule_basic = fmt.Sprintf(` 174 resource "cloudstack_vpc" "foobar" { 175 name = "terraform-vpc" 176 cidr = "%s" 177 vpc_offering = "%s" 178 zone = "%s" 179 } 180 181 resource "cloudstack_network_acl" "foo" { 182 name = "terraform-acl" 183 description = "terraform-acl-text" 184 vpc = "${cloudstack_vpc.foobar.id}" 185 } 186 187 resource "cloudstack_network_acl_rule" "foo" { 188 aclid = "${cloudstack_network_acl.foo.id}" 189 190 rule { 191 action = "allow" 192 source_cidr = "172.18.100.0/24" 193 protocol = "all" 194 traffic_type = "ingress" 195 } 196 197 rule { 198 action = "allow" 199 source_cidr = "172.18.100.0/24" 200 protocol = "icmp" 201 icmp_type = "-1" 202 icmp_code = "-1" 203 traffic_type = "ingress" 204 } 205 206 rule { 207 source_cidr = "172.16.100.0/24" 208 protocol = "tcp" 209 ports = ["80", "443"] 210 traffic_type = "ingress" 211 } 212 }`, 213 CLOUDSTACK_VPC_CIDR_1, 214 CLOUDSTACK_VPC_OFFERING, 215 CLOUDSTACK_ZONE) 216 217 var testAccCloudStackNetworkACLRule_update = fmt.Sprintf(` 218 resource "cloudstack_vpc" "foobar" { 219 name = "terraform-vpc" 220 cidr = "%s" 221 vpc_offering = "%s" 222 zone = "%s" 223 } 224 225 resource "cloudstack_network_acl" "foo" { 226 name = "terraform-acl" 227 description = "terraform-acl-text" 228 vpc = "${cloudstack_vpc.foobar.id}" 229 } 230 231 resource "cloudstack_network_acl_rule" "foo" { 232 aclid = "${cloudstack_network_acl.foo.id}" 233 234 rule { 235 action = "deny" 236 source_cidr = "172.18.100.0/24" 237 protocol = "all" 238 traffic_type = "ingress" 239 } 240 241 rule { 242 action = "deny" 243 source_cidr = "172.18.100.0/24" 244 protocol = "icmp" 245 icmp_type = "-1" 246 icmp_code = "-1" 247 traffic_type = "ingress" 248 } 249 250 rule { 251 action = "allow" 252 source_cidr = "172.16.100.0/24" 253 protocol = "tcp" 254 ports = ["80", "443"] 255 traffic_type = "ingress" 256 } 257 258 rule { 259 action = "deny" 260 source_cidr = "10.0.0.0/24" 261 protocol = "tcp" 262 ports = ["80", "1000-2000"] 263 traffic_type = "egress" 264 } 265 }`, 266 CLOUDSTACK_VPC_CIDR_1, 267 CLOUDSTACK_VPC_OFFERING, 268 CLOUDSTACK_ZONE)