github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_vpc_endpoint_test.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "strconv" 6 "strings" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/ec2" 12 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/terraform" 15 ) 16 17 func TestAccAWSVpcEndpoint_basic(t *testing.T) { 18 var endpoint ec2.VpcEndpoint 19 20 resource.Test(t, resource.TestCase{ 21 PreCheck: func() { testAccPreCheck(t) }, 22 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 23 Providers: testAccProviders, 24 CheckDestroy: testAccCheckVpcEndpointDestroy, 25 Steps: []resource.TestStep{ 26 resource.TestStep{ 27 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 28 Check: resource.ComposeTestCheckFunc( 29 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 30 testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"), 31 ), 32 }, 33 }, 34 }) 35 } 36 37 func TestAccAWSVpcEndpoint_withRouteTableAndPolicy(t *testing.T) { 38 var endpoint ec2.VpcEndpoint 39 var routeTable ec2.RouteTable 40 41 resource.Test(t, resource.TestCase{ 42 PreCheck: func() { testAccPreCheck(t) }, 43 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 44 Providers: testAccProviders, 45 CheckDestroy: testAccCheckVpcEndpointDestroy, 46 Steps: []resource.TestStep{ 47 resource.TestStep{ 48 Config: testAccVpcEndpointWithRouteTableAndPolicyConfig, 49 Check: resource.ComposeTestCheckFunc( 50 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 51 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 52 ), 53 }, 54 resource.TestStep{ 55 Config: testAccVpcEndpointWithRouteTableAndPolicyConfigModified, 56 Check: resource.ComposeTestCheckFunc( 57 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 58 testAccCheckRouteTableExists("aws_route_table.default", &routeTable), 59 ), 60 }, 61 }, 62 }) 63 } 64 65 func TestAccAWSVpcEndpoint_WithoutRouteTableOrPolicyConfig(t *testing.T) { 66 var endpoint ec2.VpcEndpoint 67 68 resource.Test(t, resource.TestCase{ 69 PreCheck: func() { testAccPreCheck(t) }, 70 IDRefreshName: "aws_vpc_endpoint.second-private-s3", 71 Providers: testAccProviders, 72 CheckDestroy: testAccCheckVpcEndpointDestroy, 73 Steps: []resource.TestStep{ 74 resource.TestStep{ 75 Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig, 76 Check: resource.ComposeTestCheckFunc( 77 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 78 testAccCheckVpcEndpointPrefixListAvailable("aws_vpc_endpoint.second-private-s3"), 79 ), 80 }, 81 }, 82 }) 83 } 84 85 func TestAccAWSVpcEndpoint_removed(t *testing.T) { 86 var endpoint ec2.VpcEndpoint 87 88 // reach out and DELETE the VPC Endpoint outside of Terraform 89 testDestroy := func(*terraform.State) error { 90 conn := testAccProvider.Meta().(*AWSClient).ec2conn 91 input := &ec2.DeleteVpcEndpointsInput{ 92 VpcEndpointIds: []*string{endpoint.VpcEndpointId}, 93 } 94 95 _, err := conn.DeleteVpcEndpoints(input) 96 if err != nil { 97 return err 98 } 99 return nil 100 } 101 102 resource.Test(t, resource.TestCase{ 103 PreCheck: func() { testAccPreCheck(t) }, 104 Providers: testAccProviders, 105 CheckDestroy: testAccCheckVpcEndpointDestroy, 106 Steps: []resource.TestStep{ 107 resource.TestStep{ 108 Config: testAccVpcEndpointWithoutRouteTableOrPolicyConfig, 109 Check: resource.ComposeTestCheckFunc( 110 testAccCheckVpcEndpointExists("aws_vpc_endpoint.second-private-s3", &endpoint), 111 testDestroy, 112 ), 113 ExpectNonEmptyPlan: true, 114 }, 115 }, 116 }) 117 } 118 119 func testAccCheckVpcEndpointDestroy(s *terraform.State) error { 120 conn := testAccProvider.Meta().(*AWSClient).ec2conn 121 122 for _, rs := range s.RootModule().Resources { 123 if rs.Type != "aws_vpc_endpoint" { 124 continue 125 } 126 127 // Try to find the VPC 128 input := &ec2.DescribeVpcEndpointsInput{ 129 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 130 } 131 resp, err := conn.DescribeVpcEndpoints(input) 132 if err != nil { 133 // Verify the error is what we want 134 if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidVpcEndpointId.NotFound" { 135 continue 136 } 137 return err 138 } 139 if len(resp.VpcEndpoints) > 0 { 140 return fmt.Errorf("VPC Endpoints still exist.") 141 } 142 143 return err 144 } 145 146 return nil 147 } 148 149 func testAccCheckVpcEndpointExists(n string, endpoint *ec2.VpcEndpoint) resource.TestCheckFunc { 150 return func(s *terraform.State) error { 151 rs, ok := s.RootModule().Resources[n] 152 if !ok { 153 return fmt.Errorf("Not found: %s", n) 154 } 155 156 if rs.Primary.ID == "" { 157 return fmt.Errorf("No VPC Endpoint ID is set") 158 } 159 160 conn := testAccProvider.Meta().(*AWSClient).ec2conn 161 input := &ec2.DescribeVpcEndpointsInput{ 162 VpcEndpointIds: []*string{aws.String(rs.Primary.ID)}, 163 } 164 resp, err := conn.DescribeVpcEndpoints(input) 165 if err != nil { 166 return err 167 } 168 if len(resp.VpcEndpoints) == 0 { 169 return fmt.Errorf("VPC Endpoint not found") 170 } 171 172 *endpoint = *resp.VpcEndpoints[0] 173 174 return nil 175 } 176 } 177 178 func testAccCheckVpcEndpointPrefixListAvailable(n string) resource.TestCheckFunc { 179 return func(s *terraform.State) error { 180 rs, ok := s.RootModule().Resources[n] 181 if !ok { 182 return fmt.Errorf("Not found: %s", n) 183 } 184 185 prefixListID := rs.Primary.Attributes["prefix_list_id"] 186 if prefixListID == "" { 187 return fmt.Errorf("Prefix list ID not available") 188 } 189 if !strings.HasPrefix(prefixListID, "pl") { 190 return fmt.Errorf("Prefix list ID does not appear to be a valid value: '%s'", prefixListID) 191 } 192 193 var ( 194 cidrBlockSize int 195 err error 196 ) 197 198 if cidrBlockSize, err = strconv.Atoi(rs.Primary.Attributes["cidr_blocks.#"]); err != nil { 199 return err 200 } 201 if cidrBlockSize < 1 { 202 return fmt.Errorf("cidr_blocks seem suspiciously low: %d", cidrBlockSize) 203 } 204 205 return nil 206 } 207 } 208 209 const testAccVpcEndpointWithRouteTableAndPolicyConfig = ` 210 resource "aws_vpc" "foo" { 211 cidr_block = "10.0.0.0/16" 212 } 213 214 resource "aws_subnet" "foo" { 215 vpc_id = "${aws_vpc.foo.id}" 216 cidr_block = "10.0.1.0/24" 217 } 218 219 resource "aws_vpc_endpoint" "second-private-s3" { 220 vpc_id = "${aws_vpc.foo.id}" 221 service_name = "com.amazonaws.us-west-2.s3" 222 route_table_ids = ["${aws_route_table.default.id}"] 223 policy = <<POLICY 224 { 225 "Version": "2012-10-17", 226 "Statement": [ 227 { 228 "Sid":"AllowAll", 229 "Effect":"Allow", 230 "Principal":"*", 231 "Action":"*", 232 "Resource":"*" 233 } 234 ] 235 } 236 POLICY 237 } 238 239 resource "aws_route_table" "default" { 240 vpc_id = "${aws_vpc.foo.id}" 241 } 242 243 resource "aws_route_table_association" "main" { 244 subnet_id = "${aws_subnet.foo.id}" 245 route_table_id = "${aws_route_table.default.id}" 246 } 247 ` 248 249 const testAccVpcEndpointWithRouteTableAndPolicyConfigModified = ` 250 resource "aws_vpc" "foo" { 251 cidr_block = "10.0.0.0/16" 252 } 253 254 resource "aws_subnet" "foo" { 255 vpc_id = "${aws_vpc.foo.id}" 256 cidr_block = "10.0.1.0/24" 257 } 258 259 resource "aws_vpc_endpoint" "second-private-s3" { 260 vpc_id = "${aws_vpc.foo.id}" 261 service_name = "com.amazonaws.us-west-2.s3" 262 route_table_ids = ["${aws_route_table.default.id}"] 263 policy = <<POLICY 264 { 265 "Version": "2012-10-17", 266 "Statement": [ 267 { 268 "Sid":"AllowAll", 269 "Effect":"Allow", 270 "Principal":"*", 271 "Action":"*", 272 "Resource":"*" 273 } 274 ] 275 } 276 POLICY 277 } 278 279 resource "aws_internet_gateway" "gw" { 280 vpc_id = "${aws_vpc.foo.id}" 281 } 282 283 resource "aws_route_table" "default" { 284 vpc_id = "${aws_vpc.foo.id}" 285 286 route { 287 cidr_block = "0.0.0.0/0" 288 gateway_id = "${aws_internet_gateway.gw.id}" 289 } 290 } 291 292 resource "aws_route_table_association" "main" { 293 subnet_id = "${aws_subnet.foo.id}" 294 route_table_id = "${aws_route_table.default.id}" 295 } 296 ` 297 298 const testAccVpcEndpointWithoutRouteTableOrPolicyConfig = ` 299 resource "aws_vpc" "foo" { 300 cidr_block = "10.0.0.0/16" 301 } 302 303 resource "aws_vpc_endpoint" "second-private-s3" { 304 vpc_id = "${aws_vpc.foo.id}" 305 service_name = "com.amazonaws.us-west-2.s3" 306 } 307 `