github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_role_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/acctest" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/terraform" 13 ) 14 15 func TestAccAWSIAMRolePolicy_basic(t *testing.T) { 16 role := acctest.RandString(10) 17 policy1 := acctest.RandString(10) 18 policy2 := acctest.RandString(10) 19 20 resource.Test(t, resource.TestCase{ 21 PreCheck: func() { testAccPreCheck(t) }, 22 Providers: testAccProviders, 23 CheckDestroy: testAccCheckIAMRolePolicyDestroy, 24 Steps: []resource.TestStep{ 25 resource.TestStep{ 26 Config: testAccIAMRolePolicyConfig(role, policy1), 27 Check: resource.ComposeTestCheckFunc( 28 testAccCheckIAMRolePolicy( 29 "aws_iam_role.role", 30 "aws_iam_role_policy.foo", 31 ), 32 ), 33 }, 34 resource.TestStep{ 35 Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2), 36 Check: resource.ComposeTestCheckFunc( 37 testAccCheckIAMRolePolicy( 38 "aws_iam_role.role", 39 "aws_iam_role_policy.bar", 40 ), 41 ), 42 }, 43 }, 44 }) 45 } 46 47 func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error { 48 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 49 50 for _, rs := range s.RootModule().Resources { 51 if rs.Type != "aws_iam_role_policy" { 52 continue 53 } 54 55 role, name, err := resourceAwsIamRolePolicyParseId(rs.Primary.ID) 56 if err != nil { 57 return err 58 } 59 60 request := &iam.GetRolePolicyInput{ 61 PolicyName: aws.String(name), 62 RoleName: aws.String(role), 63 } 64 65 getResp, err := iamconn.GetRolePolicy(request) 66 if err != nil { 67 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 68 // none found, that's good 69 return nil 70 } 71 return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) 72 } 73 74 if getResp != nil { 75 return fmt.Errorf("Found IAM Role, expected none: %s", getResp) 76 } 77 } 78 79 return nil 80 } 81 82 func testAccCheckIAMRolePolicy( 83 iamRoleResource string, 84 iamRolePolicyResource string) resource.TestCheckFunc { 85 return func(s *terraform.State) error { 86 rs, ok := s.RootModule().Resources[iamRoleResource] 87 if !ok { 88 return fmt.Errorf("Not Found: %s", iamRoleResource) 89 } 90 91 if rs.Primary.ID == "" { 92 return fmt.Errorf("No ID is set") 93 } 94 95 policy, ok := s.RootModule().Resources[iamRolePolicyResource] 96 if !ok { 97 return fmt.Errorf("Not Found: %s", iamRolePolicyResource) 98 } 99 100 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 101 role, name, err := resourceAwsIamRolePolicyParseId(policy.Primary.ID) 102 if err != nil { 103 return err 104 } 105 106 _, err = iamconn.GetRolePolicy(&iam.GetRolePolicyInput{ 107 RoleName: aws.String(role), 108 PolicyName: aws.String(name), 109 }) 110 if err != nil { 111 return err 112 } 113 114 return nil 115 } 116 } 117 118 func testAccIAMRolePolicyConfig(role, policy1 string) string { 119 return fmt.Sprintf(` 120 resource "aws_iam_role" "role" { 121 name = "tf_test_role_%s" 122 path = "/" 123 assume_role_policy = <<EOF 124 { 125 "Version": "2012-10-17", 126 "Statement": [ 127 { 128 "Action": "sts:AssumeRole", 129 "Principal": { 130 "Service": "ec2.amazonaws.com" 131 }, 132 "Effect": "Allow", 133 "Sid": "" 134 } 135 ] 136 } 137 EOF 138 } 139 140 resource "aws_iam_role_policy" "foo" { 141 name = "tf_test_policy_%s" 142 role = "${aws_iam_role.role.name}" 143 policy = <<EOF 144 { 145 "Version": "2012-10-17", 146 "Statement": { 147 "Effect": "Allow", 148 "Action": "*", 149 "Resource": "*" 150 } 151 } 152 EOF 153 } 154 `, role, policy1) 155 } 156 157 func testAccIAMRolePolicyConfigUpdate(role, policy1, policy2 string) string { 158 return fmt.Sprintf(` 159 resource "aws_iam_role" "role" { 160 name = "tf_test_role_%s" 161 path = "/" 162 assume_role_policy = <<EOF 163 { 164 "Version": "2012-10-17", 165 "Statement": [ 166 { 167 "Action": "sts:AssumeRole", 168 "Principal": { 169 "Service": "ec2.amazonaws.com" 170 }, 171 "Effect": "Allow", 172 "Sid": "" 173 } 174 ] 175 } 176 EOF 177 } 178 179 resource "aws_iam_role_policy" "foo" { 180 name = "tf_test_policy_%s" 181 role = "${aws_iam_role.role.name}" 182 policy = <<EOF 183 { 184 "Version": "2012-10-17", 185 "Statement": { 186 "Effect": "Allow", 187 "Action": "*", 188 "Resource": "*" 189 } 190 } 191 EOF 192 } 193 194 resource "aws_iam_role_policy" "bar" { 195 name = "tf_test_policy_2_%s" 196 role = "${aws_iam_role.role.name}" 197 policy = <<EOF 198 { 199 "Version": "2012-10-17", 200 "Statement": { 201 "Effect": "Allow", 202 "Action": "*", 203 "Resource": "*" 204 } 205 } 206 EOF 207 } 208 `, role, policy1, policy2) 209 }