github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/alicloud/resource_alicloud_security_group_rule_test.go (about) 1 package alicloud 2 3 import ( 4 "fmt" 5 "github.com/denverdino/aliyungo/common" 6 "github.com/denverdino/aliyungo/ecs" 7 "github.com/hashicorp/terraform/helper/resource" 8 "github.com/hashicorp/terraform/terraform" 9 "log" 10 "strings" 11 "testing" 12 ) 13 14 func TestAccAlicloudSecurityGroupRule_Ingress(t *testing.T) { 15 var pt ecs.PermissionType 16 17 resource.Test(t, resource.TestCase{ 18 PreCheck: func() { 19 testAccPreCheck(t) 20 }, 21 22 // module name 23 IDRefreshName: "alicloud_security_group_rule.ingress", 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 26 Steps: []resource.TestStep{ 27 resource.TestStep{ 28 Config: testAccSecurityGroupRuleIngress, 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckSecurityGroupRuleExists( 31 "alicloud_security_group_rule.ingress", &pt), 32 resource.TestCheckResourceAttr( 33 "alicloud_security_group_rule.ingress", 34 "priority", 35 "1"), 36 resource.TestCheckResourceAttr( 37 "alicloud_security_group_rule.ingress", 38 "nic_type", 39 "internet"), 40 resource.TestCheckResourceAttr( 41 "alicloud_security_group_rule.ingress", 42 "ip_protocol", 43 "tcp"), 44 ), 45 }, 46 }, 47 }) 48 49 } 50 51 func TestAccAlicloudSecurityGroupRule_Egress(t *testing.T) { 52 var pt ecs.PermissionType 53 54 resource.Test(t, resource.TestCase{ 55 PreCheck: func() { 56 testAccPreCheck(t) 57 }, 58 59 // module name 60 IDRefreshName: "alicloud_security_group_rule.egress", 61 Providers: testAccProviders, 62 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 63 Steps: []resource.TestStep{ 64 resource.TestStep{ 65 Config: testAccSecurityGroupRuleEgress, 66 Check: resource.ComposeTestCheckFunc( 67 testAccCheckSecurityGroupRuleExists( 68 "alicloud_security_group_rule.egress", &pt), 69 resource.TestCheckResourceAttr( 70 "alicloud_security_group_rule.egress", 71 "port_range", 72 "80/80"), 73 resource.TestCheckResourceAttr( 74 "alicloud_security_group_rule.egress", 75 "ip_protocol", 76 "udp"), 77 ), 78 }, 79 }, 80 }) 81 82 } 83 84 func TestAccAlicloudSecurityGroupRule_Vpc_Ingress(t *testing.T) { 85 var pt ecs.PermissionType 86 87 resource.Test(t, resource.TestCase{ 88 PreCheck: func() { 89 testAccPreCheck(t) 90 }, 91 92 // module name 93 IDRefreshName: "alicloud_security_group_rule.ingress", 94 Providers: testAccProviders, 95 CheckDestroy: testAccCheckSecurityGroupRuleDestroy, 96 Steps: []resource.TestStep{ 97 resource.TestStep{ 98 Config: testAccSecurityGroupRuleVpcIngress, 99 Check: resource.ComposeTestCheckFunc( 100 testAccCheckSecurityGroupRuleExists( 101 "alicloud_security_group_rule.ingress", &pt), 102 resource.TestCheckResourceAttr( 103 "alicloud_security_group_rule.ingress", 104 "port_range", 105 "1/200"), 106 resource.TestCheckResourceAttr( 107 "alicloud_security_group_rule.ingress", 108 "ip_protocol", 109 "udp"), 110 ), 111 }, 112 }, 113 }) 114 115 } 116 117 func testAccCheckSecurityGroupRuleExists(n string, m *ecs.PermissionType) resource.TestCheckFunc { 118 return func(s *terraform.State) error { 119 rs, ok := s.RootModule().Resources[n] 120 if !ok { 121 return fmt.Errorf("Not found: %s", n) 122 } 123 124 if rs.Primary.ID == "" { 125 return fmt.Errorf("No SecurityGroup Rule ID is set") 126 } 127 128 client := testAccProvider.Meta().(*AliyunClient) 129 log.Printf("[WARN]get sg rule %s", rs.Primary.ID) 130 parts := strings.Split(rs.Primary.ID, ":") 131 rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[2], parts[3]) 132 133 if err != nil { 134 return err 135 } 136 137 if rule == nil { 138 return fmt.Errorf("SecurityGroup not found") 139 } 140 141 *m = *rule 142 return nil 143 } 144 } 145 146 func testAccCheckSecurityGroupRuleDestroy(s *terraform.State) error { 147 client := testAccProvider.Meta().(*AliyunClient) 148 149 for _, rs := range s.RootModule().Resources { 150 if rs.Type != "alicloud_security_group_rule" { 151 continue 152 } 153 154 parts := strings.Split(rs.Primary.ID, ":") 155 rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[2], parts[3]) 156 157 if rule != nil { 158 return fmt.Errorf("Error SecurityGroup Rule still exist") 159 } 160 161 // Verify the error is what we want 162 if err != nil { 163 // Verify the error is what we want 164 e, _ := err.(*common.Error) 165 if e.ErrorResponse.Code == InvalidSecurityGroupIdNotFound { 166 continue 167 } 168 return err 169 } 170 } 171 172 return nil 173 } 174 175 const testAccSecurityGroupRuleIngress = ` 176 resource "alicloud_security_group" "foo" { 177 name = "sg_foo" 178 } 179 180 resource "alicloud_security_group_rule" "ingress" { 181 type = "ingress" 182 ip_protocol = "tcp" 183 nic_type = "internet" 184 policy = "accept" 185 port_range = "1/200" 186 priority = 1 187 security_group_id = "${alicloud_security_group.foo.id}" 188 cidr_ip = "10.159.6.18/12" 189 } 190 191 192 ` 193 194 const testAccSecurityGroupRuleEgress = ` 195 resource "alicloud_security_group" "foo" { 196 name = "sg_foo" 197 } 198 199 200 resource "alicloud_security_group_rule" "egress" { 201 type = "egress" 202 ip_protocol = "udp" 203 nic_type = "internet" 204 policy = "accept" 205 port_range = "80/80" 206 priority = 1 207 security_group_id = "${alicloud_security_group.foo.id}" 208 cidr_ip = "10.159.6.18/12" 209 } 210 211 ` 212 213 const testAccSecurityGroupRuleVpcIngress = ` 214 resource "alicloud_security_group" "foo" { 215 vpc_id = "${alicloud_vpc.vpc.id}" 216 name = "sg_foo" 217 } 218 219 resource "alicloud_vpc" "vpc" { 220 cidr_block = "10.1.0.0/21" 221 } 222 223 resource "alicloud_security_group_rule" "ingress" { 224 type = "ingress" 225 ip_protocol = "udp" 226 nic_type = "intranet" 227 policy = "accept" 228 port_range = "1/200" 229 priority = 1 230 security_group_id = "${alicloud_security_group.foo.id}" 231 cidr_ip = "10.159.6.18/12" 232 } 233 234 ` 235 236 const testAccSecurityGroupRuleMultiIngress = ` 237 resource "alicloud_security_group" "foo" { 238 name = "sg_foo" 239 } 240 241 resource "alicloud_security_group_rule" "ingress1" { 242 type = "ingress" 243 ip_protocol = "tcp" 244 nic_type = "internet" 245 policy = "accept" 246 port_range = "1/200" 247 priority = 1 248 security_group_id = "${alicloud_security_group.foo.id}" 249 cidr_ip = "10.159.6.18/12" 250 } 251 252 resource "alicloud_security_group_rule" "ingress2" { 253 type = "ingress" 254 ip_protocol = "gre" 255 nic_type = "internet" 256 policy = "accept" 257 port_range = "-1/-1" 258 priority = 1 259 security_group_id = "${alicloud_security_group.foo.id}" 260 cidr_ip = "127.0.1.18/16" 261 } 262 263 `