github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/network_acl_entry_test.go (about) 1 package aws 2 3 import ( 4 "reflect" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ec2" 9 ) 10 11 func Test_expandNetworkACLEntry(t *testing.T) { 12 input := []interface{}{ 13 map[string]interface{}{ 14 "protocol": "tcp", 15 "from_port": 22, 16 "to_port": 22, 17 "cidr_block": "0.0.0.0/0", 18 "action": "deny", 19 "rule_no": 1, 20 }, 21 map[string]interface{}{ 22 "protocol": "tcp", 23 "from_port": 443, 24 "to_port": 443, 25 "cidr_block": "0.0.0.0/0", 26 "action": "deny", 27 "rule_no": 2, 28 }, 29 map[string]interface{}{ 30 "protocol": "-1", 31 "from_port": 443, 32 "to_port": 443, 33 "cidr_block": "0.0.0.0/0", 34 "action": "deny", 35 "rule_no": 2, 36 }, 37 } 38 expanded, _ := expandNetworkAclEntries(input, "egress") 39 40 expected := []*ec2.NetworkAclEntry{ 41 &ec2.NetworkAclEntry{ 42 Protocol: aws.String("6"), 43 PortRange: &ec2.PortRange{ 44 From: aws.Int64(22), 45 To: aws.Int64(22), 46 }, 47 RuleAction: aws.String("deny"), 48 RuleNumber: aws.Int64(1), 49 CidrBlock: aws.String("0.0.0.0/0"), 50 Egress: aws.Bool(true), 51 }, 52 &ec2.NetworkAclEntry{ 53 Protocol: aws.String("6"), 54 PortRange: &ec2.PortRange{ 55 From: aws.Int64(443), 56 To: aws.Int64(443), 57 }, 58 RuleAction: aws.String("deny"), 59 RuleNumber: aws.Int64(2), 60 CidrBlock: aws.String("0.0.0.0/0"), 61 Egress: aws.Bool(true), 62 }, 63 &ec2.NetworkAclEntry{ 64 Protocol: aws.String("-1"), 65 PortRange: &ec2.PortRange{ 66 From: aws.Int64(443), 67 To: aws.Int64(443), 68 }, 69 RuleAction: aws.String("deny"), 70 RuleNumber: aws.Int64(2), 71 CidrBlock: aws.String("0.0.0.0/0"), 72 Egress: aws.Bool(true), 73 }, 74 } 75 76 if !reflect.DeepEqual(expanded, expected) { 77 t.Fatalf( 78 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 79 expanded, 80 expected) 81 } 82 83 } 84 85 func Test_flattenNetworkACLEntry(t *testing.T) { 86 87 apiInput := []*ec2.NetworkAclEntry{ 88 &ec2.NetworkAclEntry{ 89 Protocol: aws.String("tcp"), 90 PortRange: &ec2.PortRange{ 91 From: aws.Int64(22), 92 To: aws.Int64(22), 93 }, 94 RuleAction: aws.String("deny"), 95 RuleNumber: aws.Int64(1), 96 CidrBlock: aws.String("0.0.0.0/0"), 97 }, 98 &ec2.NetworkAclEntry{ 99 Protocol: aws.String("tcp"), 100 PortRange: &ec2.PortRange{ 101 From: aws.Int64(443), 102 To: aws.Int64(443), 103 }, 104 RuleAction: aws.String("deny"), 105 RuleNumber: aws.Int64(2), 106 CidrBlock: aws.String("0.0.0.0/0"), 107 }, 108 } 109 flattened := flattenNetworkAclEntries(apiInput) 110 111 expected := []map[string]interface{}{ 112 map[string]interface{}{ 113 "protocol": "tcp", 114 "from_port": int64(22), 115 "to_port": int64(22), 116 "cidr_block": "0.0.0.0/0", 117 "action": "deny", 118 "rule_no": int64(1), 119 }, 120 map[string]interface{}{ 121 "protocol": "tcp", 122 "from_port": int64(443), 123 "to_port": int64(443), 124 "cidr_block": "0.0.0.0/0", 125 "action": "deny", 126 "rule_no": int64(2), 127 }, 128 } 129 130 if !reflect.DeepEqual(flattened, expected) { 131 t.Fatalf( 132 "Got:\n\n%#v\n\nExpected:\n\n%#v\n", 133 flattened, 134 expected) 135 } 136 137 } 138 139 func Test_validatePorts(t *testing.T) { 140 for _, ts := range []struct { 141 to int64 142 from int64 143 expected *expectedPortPair 144 wanted bool 145 }{ 146 {0, 0, &expectedPortPair{0, 0}, true}, 147 {0, 1, &expectedPortPair{0, 0}, false}, 148 } { 149 got := validatePorts(ts.to, ts.from, *ts.expected) 150 if got != ts.wanted { 151 t.Fatalf("Got: %t; Expected: %t\n", got, ts.wanted) 152 } 153 } 154 } 155 156 func Test_validateCIDRBlock(t *testing.T) { 157 for _, ts := range []struct { 158 cidr string 159 shouldErr bool 160 }{ 161 {"10.2.2.0/24", false}, 162 {"10.2.2.0/1234", true}, 163 {"10/24", true}, 164 {"10.2.2.2/24", true}, 165 } { 166 err := validateCIDRBlock(ts.cidr) 167 if ts.shouldErr && err == nil { 168 t.Fatalf("Input '%s' should error but didn't!", ts.cidr) 169 } 170 if !ts.shouldErr && err != nil { 171 t.Fatalf("Got unexpected error for '%s' input: %s", ts.cidr, err) 172 } 173 } 174 }