github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_access_key_test.go (about) 1 package aws 2 3 import ( 4 "errors" 5 "fmt" 6 "strings" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/iam" 12 "github.com/hashicorp/terraform/helper/acctest" 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/terraform" 15 "github.com/hashicorp/vault/helper/pgpkeys" 16 ) 17 18 func TestAccAWSAccessKey_basic(t *testing.T) { 19 var conf iam.AccessKeyMetadata 20 rName := fmt.Sprintf("test-user-%d", acctest.RandInt()) 21 22 resource.Test(t, resource.TestCase{ 23 PreCheck: func() { testAccPreCheck(t) }, 24 Providers: testAccProviders, 25 CheckDestroy: testAccCheckAWSAccessKeyDestroy, 26 Steps: []resource.TestStep{ 27 resource.TestStep{ 28 Config: testAccAWSAccessKeyConfig(rName), 29 Check: resource.ComposeTestCheckFunc( 30 testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf), 31 testAccCheckAWSAccessKeyAttributes(&conf), 32 resource.TestCheckResourceAttrSet("aws_iam_access_key.a_key", "secret"), 33 ), 34 }, 35 }, 36 }) 37 } 38 39 func TestAccAWSAccessKey_encrypted(t *testing.T) { 40 var conf iam.AccessKeyMetadata 41 rName := fmt.Sprintf("test-user-%d", acctest.RandInt()) 42 43 resource.Test(t, resource.TestCase{ 44 PreCheck: func() { testAccPreCheck(t) }, 45 Providers: testAccProviders, 46 CheckDestroy: testAccCheckAWSAccessKeyDestroy, 47 Steps: []resource.TestStep{ 48 resource.TestStep{ 49 Config: testAccAWSAccessKeyConfig_encrypted(rName, testPubAccessKey1), 50 Check: resource.ComposeTestCheckFunc( 51 testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf), 52 testAccCheckAWSAccessKeyAttributes(&conf), 53 testDecryptSecretKeyAndTest("aws_iam_access_key.a_key", testPrivKey1), 54 resource.TestCheckNoResourceAttr( 55 "aws_iam_access_key.a_key", "secret"), 56 resource.TestCheckResourceAttrSet( 57 "aws_iam_access_key.a_key", "encrypted_secret"), 58 resource.TestCheckResourceAttrSet( 59 "aws_iam_access_key.a_key", "key_fingerprint"), 60 ), 61 }, 62 }, 63 }) 64 } 65 66 func testAccCheckAWSAccessKeyDestroy(s *terraform.State) error { 67 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 68 69 for _, rs := range s.RootModule().Resources { 70 if rs.Type != "aws_access_key" { 71 continue 72 } 73 74 // Try to get access key 75 resp, err := iamconn.ListAccessKeys(&iam.ListAccessKeysInput{ 76 UserName: aws.String(rs.Primary.ID), 77 }) 78 if err == nil { 79 if len(resp.AccessKeyMetadata) > 0 { 80 return fmt.Errorf("still exist.") 81 } 82 return nil 83 } 84 85 // Verify the error is what we want 86 ec2err, ok := err.(awserr.Error) 87 if !ok { 88 return err 89 } 90 if ec2err.Code() != "NoSuchEntity" { 91 return err 92 } 93 } 94 95 return nil 96 } 97 98 func testAccCheckAWSAccessKeyExists(n string, res *iam.AccessKeyMetadata) resource.TestCheckFunc { 99 return func(s *terraform.State) error { 100 rs, ok := s.RootModule().Resources[n] 101 if !ok { 102 return fmt.Errorf("Not found: %s", n) 103 } 104 105 if rs.Primary.ID == "" { 106 return fmt.Errorf("No Role name is set") 107 } 108 109 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 110 name := rs.Primary.Attributes["user"] 111 112 resp, err := iamconn.ListAccessKeys(&iam.ListAccessKeysInput{ 113 UserName: aws.String(name), 114 }) 115 if err != nil { 116 return err 117 } 118 119 if len(resp.AccessKeyMetadata) != 1 || 120 *resp.AccessKeyMetadata[0].UserName != name { 121 return fmt.Errorf("User not found not found") 122 } 123 124 *res = *resp.AccessKeyMetadata[0] 125 126 return nil 127 } 128 } 129 130 func testAccCheckAWSAccessKeyAttributes(accessKeyMetadata *iam.AccessKeyMetadata) resource.TestCheckFunc { 131 return func(s *terraform.State) error { 132 if !strings.Contains(*accessKeyMetadata.UserName, "test-user") { 133 return fmt.Errorf("Bad username: %s", *accessKeyMetadata.UserName) 134 } 135 136 if *accessKeyMetadata.Status != "Active" { 137 return fmt.Errorf("Bad status: %s", *accessKeyMetadata.Status) 138 } 139 140 return nil 141 } 142 } 143 144 func testDecryptSecretKeyAndTest(nAccessKey, key string) resource.TestCheckFunc { 145 return func(s *terraform.State) error { 146 keyResource, ok := s.RootModule().Resources[nAccessKey] 147 if !ok { 148 return fmt.Errorf("Not found: %s", nAccessKey) 149 } 150 151 password, ok := keyResource.Primary.Attributes["encrypted_secret"] 152 if !ok { 153 return errors.New("No password in state") 154 } 155 156 // We can't verify that the decrypted password is correct, because we don't 157 // have it. We can verify that decrypting it does not error 158 _, err := pgpkeys.DecryptBytes(password, key) 159 if err != nil { 160 return fmt.Errorf("Error decrypting password: %s", err) 161 } 162 163 return nil 164 } 165 } 166 167 func testAccAWSAccessKeyConfig(rName string) string { 168 return fmt.Sprintf(` 169 resource "aws_iam_user" "a_user" { 170 name = "%s" 171 } 172 173 resource "aws_iam_access_key" "a_key" { 174 user = "${aws_iam_user.a_user.name}" 175 } 176 `, rName) 177 } 178 179 func testAccAWSAccessKeyConfig_encrypted(rName, key string) string { 180 return fmt.Sprintf(` 181 resource "aws_iam_user" "a_user" { 182 name = "%s" 183 } 184 185 resource "aws_iam_access_key" "a_key" { 186 user = "${aws_iam_user.a_user.name}" 187 pgp_key = <<EOF 188 %s 189 EOF 190 } 191 `, rName, key) 192 } 193 194 func TestSesSmtpPasswordFromSecretKey(t *testing.T) { 195 cases := []struct { 196 Input string 197 Expected string 198 }{ 199 {"some+secret+key", "AnkqhOiWEcszZZzTMCQbOY1sPGoLFgMH9zhp4eNgSjo4"}, 200 {"another+secret+key", "Akwqr0Giwi8FsQFgW3DXWCC2DiiQ/jZjqLDWK8TeTBgL"}, 201 } 202 203 for _, tc := range cases { 204 actual := sesSmtpPasswordFromSecretKey(&tc.Input) 205 if actual != tc.Expected { 206 t.Fatalf("%q: expected %q, got %q", tc.Input, tc.Expected, actual) 207 } 208 } 209 } 210 211 const testPubAccessKey1 = `mQENBFXbjPUBCADjNjCUQwfxKL+RR2GA6pv/1K+zJZ8UWIF9S0lk7cVIEfJiprzzwiMwBS5cD0da 212 rGin1FHvIWOZxujA7oW0O2TUuatqI3aAYDTfRYurh6iKLC+VS+F7H+/mhfFvKmgr0Y5kDCF1j0T/ 213 063QZ84IRGucR/X43IY7kAtmxGXH0dYOCzOe5UBX1fTn3mXGe2ImCDWBH7gOViynXmb6XNvXkP0f 214 sF5St9jhO7mbZU9EFkv9O3t3EaURfHopsCVDOlCkFCw5ArY+DUORHRzoMX0PnkyQb5OzibkChzpg 215 8hQssKeVGpuskTdz5Q7PtdW71jXd4fFVzoNH8fYwRpziD2xNvi6HABEBAAG0EFZhdWx0IFRlc3Qg 216 S2V5IDGJATgEEwECACIFAlXbjPUCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOfLr44B 217 HbeTo+sH/i7bapIgPnZsJ81hmxPj4W12uvunksGJiC7d4hIHsG7kmJRTJfjECi+AuTGeDwBy84TD 218 cRaOB6e79fj65Fg6HgSahDUtKJbGxj/lWzmaBuTzlN3CEe8cMwIPqPT2kajJVdOyrvkyuFOdPFOE 219 A7bdCH0MqgIdM2SdF8t40k/ATfuD2K1ZmumJ508I3gF39jgTnPzD4C8quswrMQ3bzfvKC3klXRlB 220 C0yoArn+0QA3cf2B9T4zJ2qnvgotVbeK/b1OJRNj6Poeo+SsWNc/A5mw7lGScnDgL3yfwCm1gQXa 221 QKfOt5x+7GqhWDw10q+bJpJlI10FfzAnhMF9etSqSeURBRW5AQ0EVduM9QEIAL53hJ5bZJ7oEDCn 222 aY+SCzt9QsAfnFTAnZJQrvkvusJzrTQ088eUQmAjvxkfRqnv981fFwGnh2+I1Ktm698UAZS9Jt8y 223 jak9wWUICKQO5QUt5k8cHwldQXNXVXFa+TpQWQR5yW1a9okjh5o/3d4cBt1yZPUJJyLKY43Wvptb 224 6EuEsScO2DnRkh5wSMDQ7dTooddJCmaq3LTjOleRFQbu9ij386Do6jzK69mJU56TfdcydkxkWF5N 225 ZLGnED3lq+hQNbe+8UI5tD2oP/3r5tXKgMy1R/XPvR/zbfwvx4FAKFOP01awLq4P3d/2xOkMu4Lu 226 9p315E87DOleYwxk+FoTqXEAEQEAAYkCPgQYAQIACQUCVduM9QIbLgEpCRDny6+OAR23k8BdIAQZ 227 AQIABgUCVduM9QAKCRAID0JGyHtSGmqYB/4m4rJbbWa7dBJ8VqRU7ZKnNRDR9CVhEGipBmpDGRYu 228 lEimOPzLUX/ZXZmTZzgemeXLBaJJlWnopVUWuAsyjQuZAfdd8nHkGRHG0/DGum0l4sKTta3OPGHN 229 C1z1dAcQ1RCr9bTD3PxjLBczdGqhzw71trkQRBRdtPiUchltPMIyjUHqVJ0xmg0hPqFic0fICsr0 230 YwKoz3h9+QEcZHvsjSZjgydKvfLYcm+4DDMCCqcHuJrbXJKUWmJcXR0y/+HQONGrGJ5xWdO+6eJi 231 oPn2jVMnXCm4EKc7fcLFrz/LKmJ8seXhxjM3EdFtylBGCrx3xdK0f+JDNQaC/rhUb5V2XuX6VwoH 232 /AtY+XsKVYRfNIupLOUcf/srsm3IXT4SXWVomOc9hjGQiJ3rraIbADsc+6bCAr4XNZS7moViAAcI 233 PXFv3m3WfUlnG/om78UjQqyVACRZqqAGmuPq+TSkRUCpt9h+A39LQWkojHqyob3cyLgy6z9Q557O 234 9uK3lQozbw2gH9zC0RqnePl+rsWIUU/ga16fH6pWc1uJiEBt8UZGypQ/E56/343epmYAe0a87sHx 235 8iDV+dNtDVKfPRENiLOOc19MmS+phmUyrbHqI91c0pmysYcJZCD3a502X1gpjFbPZcRtiTmGnUKd 236 OIu60YPNE4+h7u2CfYyFPu3AlUaGNMBlvy6PEpU=` 237 238 const testPrivAccessKey1 = `lQOYBFXbjPUBCADjNjCUQwfxKL+RR2GA6pv/1K+zJZ8UWIF9S0lk7cVIEfJiprzzwiMwBS5cD0da 239 rGin1FHvIWOZxujA7oW0O2TUuatqI3aAYDTfRYurh6iKLC+VS+F7H+/mhfFvKmgr0Y5kDCF1j0T/ 240 063QZ84IRGucR/X43IY7kAtmxGXH0dYOCzOe5UBX1fTn3mXGe2ImCDWBH7gOViynXmb6XNvXkP0f 241 sF5St9jhO7mbZU9EFkv9O3t3EaURfHopsCVDOlCkFCw5ArY+DUORHRzoMX0PnkyQb5OzibkChzpg 242 8hQssKeVGpuskTdz5Q7PtdW71jXd4fFVzoNH8fYwRpziD2xNvi6HABEBAAEAB/wL+KX0mdeISEpX 243 oDgt766Key1Kthe8nbEs5dOXIsP7OR7ZPcnE2hy6gftgVFnBGEZnWVN70vmJd6Z5y9d1mI+GecXj 244 UL0EpI0EmohyYDJsHUnght/5ecRNFA+VeNmGPYNQGCeHJyZOiFunGGENpHU7BbubAht8delz37Mx 245 JQgvMyR6AKvg8HKBoQeqV1uMWNJE/vKwV/z1dh1sjK/GFxu05Qaq0GTfAjVLuFOyJTS95yq6gblD 246 jUdbHLp7tBeqIKo9voWCJF5mGOlq3973vVoWETy9b0YYPCE/M7fXmK9dJITHqkROLMW6TgcFeIw4 247 yL5KOBCHk+QGPSvyQN7R7Fd5BADwuT1HZmvg7Y9GjarKXDjxdNemUiHtba2rUzfH6uNmKNQvwQek 248 nma5palNUJ4/dz1aPB21FUBXJF5yWwXEdApl+lIDU0J5m4UD26rqEVRq9Kx3GsX+yfcwObkrSzW6 249 kmnQSB5KI0fIuegMTM+Jxo3pB/mIRwDTMmk+vfzIGyW+7QQA8aFwFLMdKdfLgSGbl5Z6etmOAVQ2 250 Oe2ebegU9z/ewi/Rdt2s9yQiAdGVM8+q15Saz8a+kyS/l1CjNPzr3VpYx1OdZ3gb7i2xoy9GdMYR 251 ZpTq3TuST95kx/9DqA97JrP23G47U0vwF/cg8ixCYF8Fz5dG4DEsxgMwKqhGdW58wMMD/iytkfMk 252 Vk6Z958Rpy7lhlC6L3zpO38767bSeZ8gRRi/NMFVOSGYepKFarnfxcTiNa+EoSVA6hUo1N64nALE 253 sJBpyOoTfKIpz7WwTF1+WogkiYrfM6lHon1+3qlziAcRW0IohM3g2C1i3GWdON4Cl8/PDO3R0E52 254 N6iG/ctNNeMiPe60EFZhdWx0IFRlc3QgS2V5IDGJATgEEwECACIFAlXbjPUCGy8GCwkIBwMCBhUI 255 AgkKCwQWAgMBAh4BAheAAAoJEOfLr44BHbeTo+sH/i7bapIgPnZsJ81hmxPj4W12uvunksGJiC7d 256 4hIHsG7kmJRTJfjECi+AuTGeDwBy84TDcRaOB6e79fj65Fg6HgSahDUtKJbGxj/lWzmaBuTzlN3C 257 Ee8cMwIPqPT2kajJVdOyrvkyuFOdPFOEA7bdCH0MqgIdM2SdF8t40k/ATfuD2K1ZmumJ508I3gF3 258 9jgTnPzD4C8quswrMQ3bzfvKC3klXRlBC0yoArn+0QA3cf2B9T4zJ2qnvgotVbeK/b1OJRNj6Poe 259 o+SsWNc/A5mw7lGScnDgL3yfwCm1gQXaQKfOt5x+7GqhWDw10q+bJpJlI10FfzAnhMF9etSqSeUR 260 BRWdA5gEVduM9QEIAL53hJ5bZJ7oEDCnaY+SCzt9QsAfnFTAnZJQrvkvusJzrTQ088eUQmAjvxkf 261 Rqnv981fFwGnh2+I1Ktm698UAZS9Jt8yjak9wWUICKQO5QUt5k8cHwldQXNXVXFa+TpQWQR5yW1a 262 9okjh5o/3d4cBt1yZPUJJyLKY43Wvptb6EuEsScO2DnRkh5wSMDQ7dTooddJCmaq3LTjOleRFQbu 263 9ij386Do6jzK69mJU56TfdcydkxkWF5NZLGnED3lq+hQNbe+8UI5tD2oP/3r5tXKgMy1R/XPvR/z 264 bfwvx4FAKFOP01awLq4P3d/2xOkMu4Lu9p315E87DOleYwxk+FoTqXEAEQEAAQAH+wVyQXaNwnjQ 265 xfW+M8SJNo0C7e+0d7HsuBTA/d/eP4bj6+X8RaRFVwiMvSAoxsqBNCLJP00qzzKfRQWJseD1H35z 266 UjM7rNVUEL2k1yppyp61S0qj0TdhVUfJDYZqRYonVgRMvzfDTB1ryKrefKenQYL/jGd9VYMnKmWZ 267 6GVk4WWXXx61iOt2HNcmSXKetMM1Mg67woPZkA3fJaXZ+zW0zMu4lTSB7yl3+vLGIFYILkCFnREr 268 drQ+pmIMwozUAt+pBq8dylnkHh6g/FtRfWmLIMDqM1NlyuHRp3dyLDFdTA93osLG0QJblfX54W34 269 byX7a4HASelGi3nPjjOAsTFDkuEEANV2viaWk1CV4ryDrXGmy4Xo32Md+laGPRcVfbJ0mjZjhQsO 270 gWC1tjMs1qZMPhcrKIBCjjdAcAIrGV9h3CXc0uGuez4XxLO+TPBKaS0B8rKhnKph1YZuf+HrOhzS 271 astDnOjNIT+qucCL/qSbdYpj9of3yY61S59WphPOBjoVM3BFBADka6ZCk81gx8jA2E1e9UqQDmdM 272 FZaVA1E7++kqVSFRDJGnq+5GrBTwCJ+sevi+Rvf8Nx4AXvpCdtMBPX9RogsUFcR0pMrKBrgRo/Vg 273 EpuodY2Ef1VtqXR24OxtRf1UwvHKydIsU05rzMAy5uGgQvTzRTXxZFLGUY31wjWqmo9VPQP+PnwA 274 K83EV2kk2bsXwZ9MXg05iXqGQYR4bEc/12v04BtaNaDS53hBDO4JIa3Bnz+5oUoYhb8FgezUKA9I 275 n6RdKTTP1BLAu8titeozpNF07V++dPiSE2wrIVsaNHL1pUwW0ql50titVwe+EglWiCKPtJBcCPUA 276 3oepSPchiDjPqrNCYIkCPgQYAQIACQUCVduM9QIbLgEpCRDny6+OAR23k8BdIAQZAQIABgUCVduM 277 9QAKCRAID0JGyHtSGmqYB/4m4rJbbWa7dBJ8VqRU7ZKnNRDR9CVhEGipBmpDGRYulEimOPzLUX/Z 278 XZmTZzgemeXLBaJJlWnopVUWuAsyjQuZAfdd8nHkGRHG0/DGum0l4sKTta3OPGHNC1z1dAcQ1RCr 279 9bTD3PxjLBczdGqhzw71trkQRBRdtPiUchltPMIyjUHqVJ0xmg0hPqFic0fICsr0YwKoz3h9+QEc 280 ZHvsjSZjgydKvfLYcm+4DDMCCqcHuJrbXJKUWmJcXR0y/+HQONGrGJ5xWdO+6eJioPn2jVMnXCm4 281 EKc7fcLFrz/LKmJ8seXhxjM3EdFtylBGCrx3xdK0f+JDNQaC/rhUb5V2XuX6VwoH/AtY+XsKVYRf 282 NIupLOUcf/srsm3IXT4SXWVomOc9hjGQiJ3rraIbADsc+6bCAr4XNZS7moViAAcIPXFv3m3WfUln 283 G/om78UjQqyVACRZqqAGmuPq+TSkRUCpt9h+A39LQWkojHqyob3cyLgy6z9Q557O9uK3lQozbw2g 284 H9zC0RqnePl+rsWIUU/ga16fH6pWc1uJiEBt8UZGypQ/E56/343epmYAe0a87sHx8iDV+dNtDVKf 285 PRENiLOOc19MmS+phmUyrbHqI91c0pmysYcJZCD3a502X1gpjFbPZcRtiTmGnUKdOIu60YPNE4+h 286 7u2CfYyFPu3AlUaGNMBlvy6PEpU=`