github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_api_gateway_account_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "regexp" 6 "testing" 7 8 "github.com/aws/aws-sdk-go/service/apigateway" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 func TestAccAWSAPIGatewayAccount_basic(t *testing.T) { 14 var conf apigateway.Account 15 16 expectedRoleArn_first := regexp.MustCompile("[0-9]+") 17 expectedRoleArn_second := regexp.MustCompile("[0-9]+") 18 19 resource.Test(t, resource.TestCase{ 20 PreCheck: func() { testAccPreCheck(t) }, 21 Providers: testAccProviders, 22 CheckDestroy: testAccCheckAWSAPIGatewayAccountDestroy, 23 Steps: []resource.TestStep{ 24 resource.TestStep{ 25 Config: testAccAWSAPIGatewayAccountConfig_updated, 26 Check: resource.ComposeTestCheckFunc( 27 testAccCheckAWSAPIGatewayAccountExists("aws_api_gateway_account.test", &conf), 28 testAccCheckAWSAPIGatewayAccountCloudwatchRoleArn(&conf, expectedRoleArn_first), 29 resource.TestMatchResourceAttr("aws_api_gateway_account.test", "cloudwatch_role_arn", expectedRoleArn_first), 30 ), 31 }, 32 resource.TestStep{ 33 Config: testAccAWSAPIGatewayAccountConfig_updated2, 34 Check: resource.ComposeTestCheckFunc( 35 testAccCheckAWSAPIGatewayAccountExists("aws_api_gateway_account.test", &conf), 36 testAccCheckAWSAPIGatewayAccountCloudwatchRoleArn(&conf, expectedRoleArn_second), 37 resource.TestMatchResourceAttr("aws_api_gateway_account.test", "cloudwatch_role_arn", expectedRoleArn_second), 38 ), 39 }, 40 resource.TestStep{ 41 Config: testAccAWSAPIGatewayAccountConfig_empty, 42 Check: resource.ComposeTestCheckFunc( 43 testAccCheckAWSAPIGatewayAccountExists("aws_api_gateway_account.test", &conf), 44 testAccCheckAWSAPIGatewayAccountCloudwatchRoleArn(&conf, expectedRoleArn_second), 45 ), 46 }, 47 }, 48 }) 49 } 50 51 func testAccCheckAWSAPIGatewayAccountCloudwatchRoleArn(conf *apigateway.Account, expectedArn *regexp.Regexp) resource.TestCheckFunc { 52 return func(s *terraform.State) error { 53 if expectedArn == nil && conf.CloudwatchRoleArn == nil { 54 return nil 55 } 56 if expectedArn == nil && conf.CloudwatchRoleArn != nil { 57 return fmt.Errorf("Expected empty CloudwatchRoleArn, given: %q", *conf.CloudwatchRoleArn) 58 } 59 if expectedArn != nil && conf.CloudwatchRoleArn == nil { 60 return fmt.Errorf("Empty CloudwatchRoleArn, expected: %q", expectedArn) 61 } 62 if !expectedArn.MatchString(*conf.CloudwatchRoleArn) { 63 return fmt.Errorf("CloudwatchRoleArn didn't match. Expected: %q, Given: %q", expectedArn, *conf.CloudwatchRoleArn) 64 } 65 return nil 66 } 67 } 68 69 func testAccCheckAWSAPIGatewayAccountExists(n string, res *apigateway.Account) resource.TestCheckFunc { 70 return func(s *terraform.State) error { 71 rs, ok := s.RootModule().Resources[n] 72 if !ok { 73 return fmt.Errorf("Not found: %s", n) 74 } 75 76 if rs.Primary.ID == "" { 77 return fmt.Errorf("No API Gateway Account ID is set") 78 } 79 80 conn := testAccProvider.Meta().(*AWSClient).apigateway 81 82 req := &apigateway.GetAccountInput{} 83 describe, err := conn.GetAccount(req) 84 if err != nil { 85 return err 86 } 87 if describe == nil { 88 return fmt.Errorf("Got nil account ?!") 89 } 90 91 *res = *describe 92 93 return nil 94 } 95 } 96 97 func testAccCheckAWSAPIGatewayAccountDestroy(s *terraform.State) error { 98 // Intentionally noop 99 // as there is no API method for deleting or resetting account settings 100 return nil 101 } 102 103 const testAccAWSAPIGatewayAccountConfig_empty = ` 104 resource "aws_api_gateway_account" "test" { 105 } 106 ` 107 108 const testAccAWSAPIGatewayAccountConfig_updated = ` 109 resource "aws_api_gateway_account" "test" { 110 cloudwatch_role_arn = "${aws_iam_role.cloudwatch.arn}" 111 } 112 113 resource "aws_iam_role" "cloudwatch" { 114 name = "api_gateway_cloudwatch_global" 115 assume_role_policy = <<EOF 116 { 117 "Version": "2012-10-17", 118 "Statement": [ 119 { 120 "Sid": "", 121 "Effect": "Allow", 122 "Principal": { 123 "Service": "apigateway.amazonaws.com" 124 }, 125 "Action": "sts:AssumeRole" 126 } 127 ] 128 } 129 EOF 130 } 131 132 resource "aws_iam_role_policy" "cloudwatch" { 133 name = "default" 134 role = "${aws_iam_role.cloudwatch.id}" 135 policy = <<EOF 136 { 137 "Version": "2012-10-17", 138 "Statement": [ 139 { 140 "Effect": "Allow", 141 "Action": [ 142 "logs:CreateLogGroup", 143 "logs:CreateLogStream", 144 "logs:DescribeLogGroups", 145 "logs:DescribeLogStreams", 146 "logs:PutLogEvents", 147 "logs:GetLogEvents", 148 "logs:FilterLogEvents" 149 ], 150 "Resource": "*" 151 } 152 ] 153 } 154 EOF 155 } 156 ` 157 const testAccAWSAPIGatewayAccountConfig_updated2 = ` 158 resource "aws_api_gateway_account" "test" { 159 cloudwatch_role_arn = "${aws_iam_role.second.arn}" 160 } 161 162 resource "aws_iam_role" "second" { 163 name = "api_gateway_cloudwatch_global_modified" 164 assume_role_policy = <<EOF 165 { 166 "Version": "2012-10-17", 167 "Statement": [ 168 { 169 "Sid": "", 170 "Effect": "Allow", 171 "Principal": { 172 "Service": "apigateway.amazonaws.com" 173 }, 174 "Action": "sts:AssumeRole" 175 } 176 ] 177 } 178 EOF 179 } 180 181 resource "aws_iam_role_policy" "cloudwatch" { 182 name = "default" 183 role = "${aws_iam_role.second.id}" 184 policy = <<EOF 185 { 186 "Version": "2012-10-17", 187 "Statement": [ 188 { 189 "Effect": "Allow", 190 "Action": [ 191 "logs:CreateLogGroup", 192 "logs:CreateLogStream", 193 "logs:DescribeLogGroups", 194 "logs:DescribeLogStreams", 195 "logs:PutLogEvents", 196 "logs:GetLogEvents", 197 "logs:FilterLogEvents" 198 ], 199 "Resource": "*" 200 } 201 ] 202 } 203 EOF 204 } 205 `