github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_user_policy_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/terraform" 12 ) 13 14 func TestAccAWSIAMUserPolicy_basic(t *testing.T) { 15 resource.Test(t, resource.TestCase{ 16 PreCheck: func() { testAccPreCheck(t) }, 17 Providers: testAccProviders, 18 CheckDestroy: testAccCheckIAMUserPolicyDestroy, 19 Steps: []resource.TestStep{ 20 resource.TestStep{ 21 Config: testAccIAMUserPolicyConfig, 22 Check: resource.ComposeTestCheckFunc( 23 testAccCheckIAMUserPolicy( 24 "aws_iam_user.user", 25 "aws_iam_user_policy.foo", 26 ), 27 ), 28 }, 29 resource.TestStep{ 30 Config: testAccIAMUserPolicyConfigUpdate, 31 Check: resource.ComposeTestCheckFunc( 32 testAccCheckIAMUserPolicy( 33 "aws_iam_user.user", 34 "aws_iam_user_policy.bar", 35 ), 36 ), 37 }, 38 }, 39 }) 40 } 41 42 func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error { 43 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 44 45 for _, rs := range s.RootModule().Resources { 46 if rs.Type != "aws_iam_user_policy" { 47 continue 48 } 49 50 role, name := resourceAwsIamUserPolicyParseId(rs.Primary.ID) 51 52 request := &iam.GetRolePolicyInput{ 53 PolicyName: aws.String(name), 54 RoleName: aws.String(role), 55 } 56 57 var err error 58 getResp, err := iamconn.GetRolePolicy(request) 59 if err != nil { 60 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 61 // none found, that's good 62 return nil 63 } 64 return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) 65 } 66 67 if getResp != nil { 68 return fmt.Errorf("Found IAM Role, expected none: %s", getResp) 69 } 70 } 71 72 return nil 73 } 74 75 func testAccCheckIAMUserPolicy( 76 iamUserResource string, 77 iamUserPolicyResource string) resource.TestCheckFunc { 78 return func(s *terraform.State) error { 79 rs, ok := s.RootModule().Resources[iamUserResource] 80 if !ok { 81 return fmt.Errorf("Not Found: %s", iamUserResource) 82 } 83 84 if rs.Primary.ID == "" { 85 return fmt.Errorf("No ID is set") 86 } 87 88 policy, ok := s.RootModule().Resources[iamUserPolicyResource] 89 if !ok { 90 return fmt.Errorf("Not Found: %s", iamUserPolicyResource) 91 } 92 93 iamconn := testAccProvider.Meta().(*AWSClient).iamconn 94 username, name := resourceAwsIamUserPolicyParseId(policy.Primary.ID) 95 _, err := iamconn.GetUserPolicy(&iam.GetUserPolicyInput{ 96 UserName: aws.String(username), 97 PolicyName: aws.String(name), 98 }) 99 100 if err != nil { 101 return err 102 } 103 104 return nil 105 } 106 } 107 108 const testAccIAMUserPolicyConfig = ` 109 resource "aws_iam_user" "user" { 110 name = "test_user" 111 path = "/" 112 } 113 114 resource "aws_iam_user_policy" "foo" { 115 name = "foo_policy" 116 user = "${aws_iam_user.user.name}" 117 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 118 } 119 ` 120 121 const testAccIAMUserPolicyConfigUpdate = ` 122 resource "aws_iam_user" "user" { 123 name = "test_user" 124 path = "/" 125 } 126 127 resource "aws_iam_user_policy" "foo" { 128 name = "foo_policy" 129 user = "${aws_iam_user.user.name}" 130 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 131 } 132 133 resource "aws_iam_user_policy" "bar" { 134 name = "bar_policy" 135 user = "${aws_iam_user.user.name}" 136 policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}" 137 } 138 `