github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_elasticsearch_domain_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice" 8 "github.com/hashicorp/terraform/helper/acctest" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 func TestAccAWSElasticSearchDomainPolicy_basic(t *testing.T) { 14 var domain elasticsearch.ElasticsearchDomainStatus 15 ri := acctest.RandInt() 16 policy := `{ 17 "Version": "2012-10-17", 18 "Statement": [ 19 { 20 "Action": "es:*", 21 "Principal": "*", 22 "Effect": "Allow", 23 "Condition": { 24 "IpAddress": {"aws:SourceIp": "127.0.0.1/32"} 25 }, 26 "Resource": "${aws_elasticsearch_domain.example.arn}" 27 } 28 ] 29 }` 30 expectedPolicyTpl := `{ 31 "Version": "2012-10-17", 32 "Statement": [ 33 { 34 "Action": "es:*", 35 "Principal": "*", 36 "Effect": "Allow", 37 "Condition": { 38 "IpAddress": {"aws:SourceIp": "127.0.0.1/32"} 39 }, 40 "Resource": "%s" 41 } 42 ] 43 }` 44 name := fmt.Sprintf("tf-test-%d", ri) 45 46 resource.Test(t, resource.TestCase{ 47 PreCheck: func() { testAccPreCheck(t) }, 48 Providers: testAccProviders, 49 CheckDestroy: testAccCheckESDomainDestroy, 50 Steps: []resource.TestStep{ 51 resource.TestStep{ 52 Config: testAccESDomainPolicyConfig(ri, policy), 53 Check: resource.ComposeTestCheckFunc( 54 testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain), 55 resource.TestCheckResourceAttr("aws_elasticsearch_domain.example", "elasticsearch_version", "2.3"), 56 func(s *terraform.State) error { 57 awsClient := testAccProvider.Meta().(*AWSClient) 58 expectedArn, err := buildESDomainArn(name, awsClient.partition, awsClient.accountid, awsClient.region) 59 if err != nil { 60 return err 61 } 62 expectedPolicy := fmt.Sprintf(expectedPolicyTpl, expectedArn) 63 64 return testAccCheckAwsPolicyMatch("aws_elasticsearch_domain_policy.main", "access_policies", expectedPolicy)(s) 65 }, 66 ), 67 }, 68 }, 69 }) 70 } 71 72 func buildESDomainArn(name, partition, accId, region string) (string, error) { 73 if partition == "" { 74 return "", fmt.Errorf("Unable to construct ES Domain ARN because of missing AWS partition") 75 } 76 if accId == "" { 77 return "", fmt.Errorf("Unable to construct ES Domain ARN because of missing AWS Account ID") 78 } 79 // arn:aws:es:us-west-2:187416307283:domain/example-name 80 return fmt.Sprintf("arn:%s:es:%s:%s:domain/%s", partition, region, accId, name), nil 81 } 82 83 func testAccESDomainPolicyConfig(randInt int, policy string) string { 84 return fmt.Sprintf(` 85 resource "aws_elasticsearch_domain" "example" { 86 domain_name = "tf-test-%d" 87 elasticsearch_version = "2.3" 88 } 89 90 resource "aws_elasticsearch_domain_policy" "main" { 91 domain_name = "${aws_elasticsearch_domain.example.domain_name}" 92 access_policies = <<POLICIES 93 %s 94 POLICIES 95 } 96 `, randInt, policy) 97 }