github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/azure/resource_azure_security_group_rule_test.go (about)

     1  package azure
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  
     7  	"github.com/Azure/azure-sdk-for-go/management"
     8  
     9  	"github.com/hashicorp/terraform/helper/resource"
    10  	"github.com/hashicorp/terraform/helper/schema"
    11  	"github.com/hashicorp/terraform/terraform"
    12  )
    13  
    14  var (
    15  	testAcctestingSecurityGroup1     = fmt.Sprintf("%s-%d", testAccSecurityGroupName, 1)
    16  	testAccTestingSecurityGroupHash1 = fmt.Sprintf("%d", schema.HashString(testAcctestingSecurityGroup1))
    17  
    18  	testAcctestingSecurityGroup2     = fmt.Sprintf("%s-%d", testAccSecurityGroupName, 2)
    19  	testAccTestingSecurityGroupHash2 = fmt.Sprintf("%d", schema.HashString(testAcctestingSecurityGroup2))
    20  )
    21  
    22  func TestAccAzureSecurityGroupRuleBasic(t *testing.T) {
    23  	name := "azure_security_group_rule.foo"
    24  
    25  	resource.Test(t, resource.TestCase{
    26  		PreCheck:     func() { testAccPreCheck(t) },
    27  		Providers:    testAccProviders,
    28  		CheckDestroy: testAccCheckAzureSecurityGroupRuleDeleted([]string{testAccSecurityGroupName}),
    29  		Steps: []resource.TestStep{
    30  			resource.TestStep{
    31  				Config: testAccAzureSecurityGroupRuleBasicConfig,
    32  				Check: resource.ComposeTestCheckFunc(
    33  					testAccCheckAzureSecurityGroupRuleExists(name, testAccSecurityGroupName),
    34  					resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"),
    35  					resource.TestCheckResourceAttr(name,
    36  						fmt.Sprintf("security_group_names.%d", schema.HashString(testAccSecurityGroupName)),
    37  						testAccSecurityGroupName),
    38  					resource.TestCheckResourceAttr(name, "type", "Inbound"),
    39  					resource.TestCheckResourceAttr(name, "action", "Deny"),
    40  					resource.TestCheckResourceAttr(name, "priority", "200"),
    41  					resource.TestCheckResourceAttr(name, "source_address_prefix", "100.0.0.0/32"),
    42  					resource.TestCheckResourceAttr(name, "source_port_range", "1000"),
    43  					resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"),
    44  					resource.TestCheckResourceAttr(name, "destination_port_range", "1000"),
    45  					resource.TestCheckResourceAttr(name, "protocol", "TCP"),
    46  				),
    47  			},
    48  		},
    49  	})
    50  }
    51  
    52  func TestAccAzureSecurityGroupRuleAdvanced(t *testing.T) {
    53  	name := "azure_security_group_rule.foo"
    54  
    55  	resource.Test(t, resource.TestCase{
    56  		PreCheck:  func() { testAccPreCheck(t) },
    57  		Providers: testAccProviders,
    58  		CheckDestroy: testAccCheckAzureSecurityGroupRuleDeleted(
    59  			[]string{
    60  				testAcctestingSecurityGroup1,
    61  				testAcctestingSecurityGroup2,
    62  			},
    63  		),
    64  		Steps: []resource.TestStep{
    65  			resource.TestStep{
    66  				Config: testAccAzureSecurityGroupRuleAdvancedConfig,
    67  				Check: resource.ComposeTestCheckFunc(
    68  					testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup1),
    69  					testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup2),
    70  					resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"),
    71  					resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s",
    72  						testAccTestingSecurityGroupHash1), testAcctestingSecurityGroup1),
    73  					resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s",
    74  						testAccTestingSecurityGroupHash2), testAcctestingSecurityGroup2),
    75  					resource.TestCheckResourceAttr(name, "type", "Inbound"),
    76  					resource.TestCheckResourceAttr(name, "action", "Deny"),
    77  					resource.TestCheckResourceAttr(name, "priority", "200"),
    78  					resource.TestCheckResourceAttr(name, "source_address_prefix", "100.0.0.0/32"),
    79  					resource.TestCheckResourceAttr(name, "source_port_range", "1000"),
    80  					resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"),
    81  					resource.TestCheckResourceAttr(name, "destination_port_range", "1000"),
    82  					resource.TestCheckResourceAttr(name, "protocol", "TCP"),
    83  				),
    84  			},
    85  		},
    86  	})
    87  }
    88  
    89  func TestAccAzureSecurityGroupRuleUpdate(t *testing.T) {
    90  	name := "azure_security_group_rule.foo"
    91  
    92  	resource.Test(t, resource.TestCase{
    93  		PreCheck:  func() { testAccPreCheck(t) },
    94  		Providers: testAccProviders,
    95  		CheckDestroy: testAccCheckAzureSecurityGroupRuleDeleted(
    96  			[]string{
    97  				testAcctestingSecurityGroup1,
    98  				testAcctestingSecurityGroup2,
    99  			},
   100  		),
   101  		Steps: []resource.TestStep{
   102  			resource.TestStep{
   103  				Config: testAccAzureSecurityGroupRuleAdvancedConfig,
   104  				Check: resource.ComposeTestCheckFunc(
   105  					testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup1),
   106  					testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup2),
   107  					resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"),
   108  					resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s",
   109  						testAccTestingSecurityGroupHash1), testAcctestingSecurityGroup1),
   110  					resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s",
   111  						testAccTestingSecurityGroupHash2), testAcctestingSecurityGroup2),
   112  					resource.TestCheckResourceAttr(name, "type", "Inbound"),
   113  					resource.TestCheckResourceAttr(name, "action", "Deny"),
   114  					resource.TestCheckResourceAttr(name, "priority", "200"),
   115  					resource.TestCheckResourceAttr(name, "source_address_prefix", "100.0.0.0/32"),
   116  					resource.TestCheckResourceAttr(name, "source_port_range", "1000"),
   117  					resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"),
   118  					resource.TestCheckResourceAttr(name, "destination_port_range", "1000"),
   119  					resource.TestCheckResourceAttr(name, "protocol", "TCP"),
   120  				),
   121  			},
   122  
   123  			resource.TestStep{
   124  				Config: testAccAzureSecurityGroupRuleUpdateConfig,
   125  				Check: resource.ComposeTestCheckFunc(
   126  					testAccCheckAzureSecurityGroupRuleExists(name, testAcctestingSecurityGroup2),
   127  					resource.TestCheckResourceAttr(name, "name", "terraform-secgroup-rule"),
   128  					resource.TestCheckResourceAttr(name, fmt.Sprintf("security_group_names.%s",
   129  						testAccTestingSecurityGroupHash2), testAcctestingSecurityGroup2),
   130  					resource.TestCheckResourceAttr(name, "type", "Outbound"),
   131  					resource.TestCheckResourceAttr(name, "action", "Allow"),
   132  					resource.TestCheckResourceAttr(name, "priority", "100"),
   133  					resource.TestCheckResourceAttr(name, "source_address_prefix", "101.0.0.0/32"),
   134  					resource.TestCheckResourceAttr(name, "source_port_range", "1000"),
   135  					resource.TestCheckResourceAttr(name, "destination_address_prefix", "10.0.0.0/32"),
   136  					resource.TestCheckResourceAttr(name, "destination_port_range", "1001"),
   137  					resource.TestCheckResourceAttr(name, "protocol", "UDP"),
   138  				),
   139  			},
   140  		},
   141  	})
   142  }
   143  
   144  func testAccCheckAzureSecurityGroupRuleExists(name, groupName string) resource.TestCheckFunc {
   145  	return func(s *terraform.State) error {
   146  		resource, ok := s.RootModule().Resources[name]
   147  		if !ok {
   148  			return fmt.Errorf("Azure security group rule not found: %s", name)
   149  		}
   150  
   151  		if resource.Primary.ID == "" {
   152  			return fmt.Errorf("Azure network security group rule ID not set: %s", name)
   153  		}
   154  
   155  		secGroupClient := testAccProvider.Meta().(*Client).secGroupClient
   156  
   157  		secGroup, err := secGroupClient.GetNetworkSecurityGroup(groupName)
   158  		if err != nil {
   159  			return fmt.Errorf("Failed getting network security group details for %q: %s", groupName, err)
   160  		}
   161  
   162  		for _, rule := range secGroup.Rules {
   163  			if rule.Name == resource.Primary.ID {
   164  				return nil
   165  			}
   166  		}
   167  
   168  		return fmt.Errorf("Azure security group rule doesn't exist: %s", name)
   169  	}
   170  }
   171  
   172  func testAccCheckAzureSecurityGroupRuleDeleted(groups []string) resource.TestCheckFunc {
   173  	return func(s *terraform.State) error {
   174  		for _, resource := range s.RootModule().Resources {
   175  			if resource.Type != "azure_security_group_rule" {
   176  				continue
   177  			}
   178  
   179  			if resource.Primary.ID == "" {
   180  				return fmt.Errorf("Azure network security group ID not set.")
   181  			}
   182  
   183  			secGroupClient := testAccProvider.Meta().(*Client).secGroupClient
   184  
   185  			for _, groupName := range groups {
   186  				secGroup, err := secGroupClient.GetNetworkSecurityGroup(groupName)
   187  				if err != nil {
   188  					if !management.IsResourceNotFoundError(err) {
   189  						return fmt.Errorf("Failed getting network security group details for %q: %s", groupName, err)
   190  					}
   191  				}
   192  
   193  				for _, rule := range secGroup.Rules {
   194  					if rule.Name == resource.Primary.ID {
   195  						return fmt.Errorf("Azure network security group rule still exists!")
   196  					}
   197  				}
   198  			}
   199  		}
   200  
   201  		return nil
   202  	}
   203  }
   204  
   205  var testAccAzureSecurityGroupRuleBasicConfig = testAccAzureSecurityGroupConfig + `
   206  resource "azure_security_group_rule" "foo" {
   207  	name = "terraform-secgroup-rule"
   208  	security_group_names = ["${azure_security_group.foo.name}"]
   209  	type = "Inbound"
   210  	action = "Deny"
   211  	priority = 200
   212  	source_address_prefix = "100.0.0.0/32"
   213  	source_port_range = "1000"
   214  	destination_address_prefix = "10.0.0.0/32"
   215  	destination_port_range = "1000"
   216  	protocol = "TCP"
   217  }
   218  `
   219  var testAccAzureSecurityGroupRuleAdvancedConfig = fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "foo", testAcctestingSecurityGroup1) +
   220  	fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "bar", testAcctestingSecurityGroup2) + `
   221  resource "azure_security_group_rule" "foo" {
   222  	name = "terraform-secgroup-rule"
   223  	security_group_names = ["${azure_security_group.foo.name}", "${azure_security_group.bar.name}"]
   224  	type = "Inbound"
   225  	action = "Deny"
   226  	priority = 200
   227  	source_address_prefix = "100.0.0.0/32"
   228  	source_port_range = "1000"
   229  	destination_address_prefix = "10.0.0.0/32"
   230  	destination_port_range = "1000"
   231  	protocol = "TCP"
   232  }
   233  `
   234  
   235  var testAccAzureSecurityGroupRuleUpdateConfig = fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "foo", testAcctestingSecurityGroup1) +
   236  	fmt.Sprintf(testAccAzureSecurityGroupConfigTemplate, "bar", testAcctestingSecurityGroup2) + `
   237  resource "azure_security_group_rule" "foo" {
   238  	name = "terraform-secgroup-rule"
   239  	security_group_names = ["${azure_security_group.bar.name}"]
   240  	type = "Outbound"
   241  	action = "Allow"
   242  	priority = 100
   243  	source_address_prefix = "101.0.0.0/32"
   244  	source_port_range = "1000"
   245  	destination_address_prefix = "10.0.0.0/32"
   246  	destination_port_range = "1001"
   247  	protocol = "UDP"
   248  }
   249  `