github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_user_policy_test.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/resource"
    11  	"github.com/hashicorp/terraform/terraform"
    12  )
    13  
    14  func TestAccAWSIAMUserPolicy_basic(t *testing.T) {
    15  	resource.Test(t, resource.TestCase{
    16  		PreCheck:     func() { testAccPreCheck(t) },
    17  		Providers:    testAccProviders,
    18  		CheckDestroy: testAccCheckIAMUserPolicyDestroy,
    19  		Steps: []resource.TestStep{
    20  			resource.TestStep{
    21  				Config: testAccIAMUserPolicyConfig,
    22  				Check: resource.ComposeTestCheckFunc(
    23  					testAccCheckIAMUserPolicy(
    24  						"aws_iam_user.user",
    25  						"aws_iam_user_policy.foo",
    26  					),
    27  				),
    28  			},
    29  			resource.TestStep{
    30  				Config: testAccIAMUserPolicyConfigUpdate,
    31  				Check: resource.ComposeTestCheckFunc(
    32  					testAccCheckIAMUserPolicy(
    33  						"aws_iam_user.user",
    34  						"aws_iam_user_policy.bar",
    35  					),
    36  				),
    37  			},
    38  		},
    39  	})
    40  }
    41  
    42  func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
    43  	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    44  
    45  	for _, rs := range s.RootModule().Resources {
    46  		if rs.Type != "aws_iam_user_policy" {
    47  			continue
    48  		}
    49  
    50  		role, name := resourceAwsIamUserPolicyParseId(rs.Primary.ID)
    51  
    52  		request := &iam.GetRolePolicyInput{
    53  			PolicyName: aws.String(name),
    54  			RoleName:   aws.String(role),
    55  		}
    56  
    57  		var err error
    58  		getResp, err := iamconn.GetRolePolicy(request)
    59  		if err != nil {
    60  			if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
    61  				// none found, that's good
    62  				return nil
    63  			}
    64  			return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err)
    65  		}
    66  
    67  		if getResp != nil {
    68  			return fmt.Errorf("Found IAM Role, expected none: %s", getResp)
    69  		}
    70  	}
    71  
    72  	return nil
    73  }
    74  
    75  func testAccCheckIAMUserPolicy(
    76  	iamUserResource string,
    77  	iamUserPolicyResource string) resource.TestCheckFunc {
    78  	return func(s *terraform.State) error {
    79  		rs, ok := s.RootModule().Resources[iamUserResource]
    80  		if !ok {
    81  			return fmt.Errorf("Not Found: %s", iamUserResource)
    82  		}
    83  
    84  		if rs.Primary.ID == "" {
    85  			return fmt.Errorf("No ID is set")
    86  		}
    87  
    88  		policy, ok := s.RootModule().Resources[iamUserPolicyResource]
    89  		if !ok {
    90  			return fmt.Errorf("Not Found: %s", iamUserPolicyResource)
    91  		}
    92  
    93  		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
    94  		username, name := resourceAwsIamUserPolicyParseId(policy.Primary.ID)
    95  		_, err := iamconn.GetUserPolicy(&iam.GetUserPolicyInput{
    96  			UserName:   aws.String(username),
    97  			PolicyName: aws.String(name),
    98  		})
    99  
   100  		if err != nil {
   101  			return err
   102  		}
   103  
   104  		return nil
   105  	}
   106  }
   107  
   108  const testAccIAMUserPolicyConfig = `
   109  resource "aws_iam_user" "user" {
   110  	name = "test_user"
   111  	path = "/"
   112  }
   113  
   114  resource "aws_iam_user_policy" "foo" {
   115  	name = "foo_policy"
   116  	user = "${aws_iam_user.user.name}"
   117  	policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
   118  }
   119  `
   120  
   121  const testAccIAMUserPolicyConfigUpdate = `
   122  resource "aws_iam_user" "user" {
   123  	name = "test_user"
   124  	path = "/"
   125  }
   126  
   127  resource "aws_iam_user_policy" "foo" {
   128  	name = "foo_policy"
   129  	user = "${aws_iam_user.user.name}"
   130  	policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
   131  }
   132  
   133  resource "aws_iam_user_policy" "bar" {
   134  	name = "bar_policy"
   135  	user = "${aws_iam_user.user.name}"
   136  	policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
   137  }
   138  `