terraform/builtin/providers/aws/resource_aws_kms_key_test.go

package aws

import (
	"fmt"
	"testing"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/service/kms"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/terraform"
	"github.com/jen20/awspolicyequivalence"
)

func TestAccAWSKmsKey_basic(t *testing.T) {
	var keyBefore, keyAfter kms.KeyMetadata

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSKmsKeyDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSKmsKey,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &keyBefore),
				),
			},
			{
				Config: testAccAWSKmsKey_removedPolicy,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &keyAfter),
				),
			},
		},
	})
}

func TestAccAWSKmsKey_policy(t *testing.T) {
	var key kms.KeyMetadata
	expectedPolicyText := `{"Version":"2012-10-17","Id":"kms-tf-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":"*"},"Action":"kms:*","Resource":"*"}]}`

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSKmsKeyDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSKmsKey,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &key),
					testAccCheckAWSKmsKeyHasPolicy("aws_kms_key.foo", expectedPolicyText),
				),
			},
		},
	})
}

func TestAccAWSKmsKey_isEnabled(t *testing.T) {
	var key1, key2, key3 kms.KeyMetadata

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSKmsKeyDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSKmsKey_enabledRotation,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key1),
					resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "true"),
					testAccCheckAWSKmsKeyIsEnabled(&key1, true),
					resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "true"),
				),
			},
			{
				Config: testAccAWSKmsKey_disabled,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key2),
					resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "false"),
					testAccCheckAWSKmsKeyIsEnabled(&key2, false),
					resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "false"),
				),
			},
			{
				Config: testAccAWSKmsKey_enabled,
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key3),
					resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "true"),
					testAccCheckAWSKmsKeyIsEnabled(&key3, true),
					resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "true"),
				),
			},
		},
	})
}

func testAccCheckAWSKmsKeyHasPolicy(name string, expectedPolicyText string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[name]
		if !ok {
			return fmt.Errorf("Not found: %s", name)
		}

		if rs.Primary.ID == "" {
			return fmt.Errorf("No KMS Key ID is set")
		}

		conn := testAccProvider.Meta().(*AWSClient).kmsconn

		out, err := conn.GetKeyPolicy(&kms.GetKeyPolicyInput{
			KeyId:      aws.String(rs.Primary.ID),
			PolicyName: aws.String("default"),
		})
		if err != nil {
			return err
		}

		actualPolicyText := *out.Policy

		equivalent, err := awspolicy.PoliciesAreEquivalent(actualPolicyText, expectedPolicyText)
		if err != nil {
			return fmt.Errorf("Error testing policy equivalence: %s", err)
		}
		if !equivalent {
			return fmt.Errorf("Non-equivalent policy error:\n\nexpected: %s\n\n     got: %s\n",
				expectedPolicyText, actualPolicyText)
		}

		return nil
	}
}

func testAccCheckAWSKmsKeyDestroy(s *terraform.State) error {
	conn := testAccProvider.Meta().(*AWSClient).kmsconn

	for _, rs := range s.RootModule().Resources {
		if rs.Type != "aws_kms_key" {
			continue
		}

		out, err := conn.DescribeKey(&kms.DescribeKeyInput{
			KeyId: aws.String(rs.Primary.ID),
		})

		if err != nil {
			return err
		}

		if *out.KeyMetadata.KeyState == "PendingDeletion" {
			return nil
		}

		return fmt.Errorf("KMS key still exists:\n%#v", out.KeyMetadata)
	}

	return nil
}

func testAccCheckAWSKmsKeyExists(name string, key *kms.KeyMetadata) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[name]
		if !ok {
			return fmt.Errorf("Not found: %s", name)
		}

		if rs.Primary.ID == "" {
			return fmt.Errorf("No KMS Key ID is set")
		}

		conn := testAccProvider.Meta().(*AWSClient).kmsconn

		out, err := conn.DescribeKey(&kms.DescribeKeyInput{
			KeyId: aws.String(rs.Primary.ID),
		})
		if err != nil {
			return err
		}

		*key = *out.KeyMetadata

		return nil
	}
}

func testAccCheckAWSKmsKeyIsEnabled(key *kms.KeyMetadata, isEnabled bool) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		if *key.Enabled != isEnabled {
			return fmt.Errorf("Expected key %q to have is_enabled=%t, given %t",
				*key.Arn, isEnabled, *key.Enabled)
		}

		return nil
	}
}

var kmsTimestamp = time.Now().Format(time.RFC1123)
var testAccAWSKmsKey = fmt.Sprintf(`
resource "aws_kms_key" "foo" {
    description = "Terraform acc test %s"
    deletion_window_in_days = 7
    policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "kms-tf-1",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    }
  ]
}
POLICY
}`, kmsTimestamp)

var testAccAWSKmsKey_removedPolicy = fmt.Sprintf(`
resource "aws_kms_key" "foo" {
    description = "Terraform acc test %s"
    deletion_window_in_days = 7
}`, kmsTimestamp)

var testAccAWSKmsKey_enabledRotation = fmt.Sprintf(`
resource "aws_kms_key" "bar" {
    description = "Terraform acc test is_enabled %s"
    deletion_window_in_days = 7
    enable_key_rotation = true
}`, kmsTimestamp)
var testAccAWSKmsKey_disabled = fmt.Sprintf(`
resource "aws_kms_key" "bar" {
    description = "Terraform acc test is_enabled %s"
    deletion_window_in_days = 7
    enable_key_rotation = false
    is_enabled = false
}`, kmsTimestamp)
var testAccAWSKmsKey_enabled = fmt.Sprintf(`
resource "aws_kms_key" "bar" {
    description = "Terraform acc test is_enabled %s"
    deletion_window_in_days = 7
    enable_key_rotation = true
    is_enabled = true
}`, kmsTimestamp)
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`package aws`

			`import (`
			`"fmt"`
			`"testing"`
			`"time"`

			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/service/kms"`
			`"github.com/hashicorp/terraform/helper/resource"`
			`"github.com/hashicorp/terraform/terraform"`
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`"github.com/jen20/awspolicyequivalence"`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`)`

			`func TestAccAWSKmsKey_basic(t *testing.T) {`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`var keyBefore, keyAfter kms.KeyMetadata`

aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckAWSKmsKeyDestroy,`
			`Steps: []resource.TestStep{`
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`{`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`Config: testAccAWSKmsKey,`
			`Check: resource.ComposeTestCheckFunc(`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &keyBefore),`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`),`
			`},`
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`{`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`Config: testAccAWSKmsKey_removedPolicy,`
			`Check: resource.ComposeTestCheckFunc(`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &keyAfter),`
			`),`
			`},`
			`},`
			`})`
			`}`

provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`func TestAccAWSKmsKey_policy(t *testing.T) {`
			`var key kms.KeyMetadata`
			expectedPolicyText := `{"Version":"2012-10-17","Id":"kms-tf-1","Statement":[{"Sid":"Enable IAM User Permissions","Effect":"Allow","Principal":{"AWS":""},"Action":"kms:","Resource":"*"}]}`

			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckAWSKmsKeyDestroy,`
			`Steps: []resource.TestStep{`
			`{`
			`Config: testAccAWSKmsKey,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckAWSKmsKeyExists("aws_kms_key.foo", &key),`
			`testAccCheckAWSKmsKeyHasPolicy("aws_kms_key.foo", expectedPolicyText),`
			`),`
			`},`
			`},`
			`})`
			`}`

aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`func TestAccAWSKmsKey_isEnabled(t *testing.T) {`
			`var key1, key2, key3 kms.KeyMetadata`

			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckAWSKmsKeyDestroy,`
			`Steps: []resource.TestStep{`
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`{`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`Config: testAccAWSKmsKey_enabledRotation,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key1),`
			`resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "true"),`
			`testAccCheckAWSKmsKeyIsEnabled(&key1, true),`
			`resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "true"),`
			`),`
			`},`
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`{`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`Config: testAccAWSKmsKey_disabled,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key2),`
			`resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "false"),`
			`testAccCheckAWSKmsKeyIsEnabled(&key2, false),`
			`resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "false"),`
			`),`
			`},`
provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`{`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`Config: testAccAWSKmsKey_enabled,`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckAWSKmsKeyExists("aws_kms_key.bar", &key3),`
			`resource.TestCheckResourceAttr("aws_kms_key.bar", "is_enabled", "true"),`
			`testAccCheckAWSKmsKeyIsEnabled(&key3, true),`
			`resource.TestCheckResourceAttr("aws_kms_key.bar", "enable_key_rotation", "true"),`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`),`
			`},`
			`},`
			`})`
			`}`

provider/aws: Support Policy DiffSuppression in `aws_kms_key` policy Fixes #7495 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSKmsKey_policy' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... \| grep -v /terraform/vendor/) 2016/09/06 10:44:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSKmsKey_policy -timeout 120m === RUN TestAccAWSKmsKey_importBasic --- PASS: TestAccAWSKmsKey_importBasic (166.19s) === RUN TestAccAWSKmsKey_basic --- PASS: TestAccAWSKmsKey_basic (215.33s) === RUN TestAccAWSKmsKey_policy --- PASS: TestAccAWSKmsKey_policy (116.81s) === RUN TestAccAWSKmsKey_isEnabled --- PASS: TestAccAWSKmsKey_isEnabled (1008.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1689.957s ``` 2016-09-06 11:49:02 +02:00			`func testAccCheckAWSKmsKeyHasPolicy(name string, expectedPolicyText string) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`rs, ok := s.RootModule().Resources[name]`
			`if !ok {`
			`return fmt.Errorf("Not found: %s", name)`
			`}`

			`if rs.Primary.ID == "" {`
			`return fmt.Errorf("No KMS Key ID is set")`
			`}`

			`conn := testAccProvider.Meta().(*AWSClient).kmsconn`

			`out, err := conn.GetKeyPolicy(&kms.GetKeyPolicyInput{`
			`KeyId: aws.String(rs.Primary.ID),`
			`PolicyName: aws.String("default"),`
			`})`
			`if err != nil {`
			`return err`
			`}`

			`actualPolicyText := *out.Policy`

			`equivalent, err := awspolicy.PoliciesAreEquivalent(actualPolicyText, expectedPolicyText)`
			`if err != nil {`
			`return fmt.Errorf("Error testing policy equivalence: %s", err)`
			`}`
			`if !equivalent {`
			`return fmt.Errorf("Non-equivalent policy error:\n\nexpected: %s\n\n got: %s\n",`
			`expectedPolicyText, actualPolicyText)`
			`}`

			`return nil`
			`}`
			`}`

aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`func testAccCheckAWSKmsKeyDestroy(s *terraform.State) error {`
			`conn := testAccProvider.Meta().(*AWSClient).kmsconn`

			`for _, rs := range s.RootModule().Resources {`
			`if rs.Type != "aws_kms_key" {`
			`continue`
			`}`

			`out, err := conn.DescribeKey(&kms.DescribeKeyInput{`
			`KeyId: aws.String(rs.Primary.ID),`
			`})`

kms: Treat keys in PendingDeletion state as deleted 2015-12-27 16:17:48 +01:00			`if err != nil {`
			`return err`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`}`

kms: Treat keys in PendingDeletion state as deleted 2015-12-27 16:17:48 +01:00			`if *out.KeyMetadata.KeyState == "PendingDeletion" {`
			`return nil`
			`}`

			`return fmt.Errorf("KMS key still exists:\n%#v", out.KeyMetadata)`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`}`

			`return nil`
			`}`

aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`func testAccCheckAWSKmsKeyExists(name string, key *kms.KeyMetadata) resource.TestCheckFunc {`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`return func(s *terraform.State) error {`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`rs, ok := s.RootModule().Resources[name]`
aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`if !ok {`
			`return fmt.Errorf("Not found: %s", name)`
			`}`

aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			`if rs.Primary.ID == "" {`
			`return fmt.Errorf("No KMS Key ID is set")`
			`}`

			`conn := testAccProvider.Meta().(*AWSClient).kmsconn`

			`out, err := conn.DescribeKey(&kms.DescribeKeyInput{`
			`KeyId: aws.String(rs.Primary.ID),`
			`})`
			`if err != nil {`
			`return err`
			`}`

			`key = out.KeyMetadata`

			`return nil`
			`}`
			`}`

			`func testAccCheckAWSKmsKeyIsEnabled(key *kms.KeyMetadata, isEnabled bool) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`if *key.Enabled != isEnabled {`
			`return fmt.Errorf("Expected key %q to have is_enabled=%t, given %t",`
			`key.Arn, isEnabled, key.Enabled)`
			`}`

aws: kms_key + kms_alias - Add acceptance tests 2015-11-14 18:54:48 +01:00			`return nil`
			`}`
			`}`

			`var kmsTimestamp = time.Now().Format(time.RFC1123)`
			var testAccAWSKmsKey = fmt.Sprintf(`
			`resource "aws_kms_key" "foo" {`
			`description = "Terraform acc test %s"`
			`deletion_window_in_days = 7`
			`policy = <<POLICY`
			`{`
			`"Version": "2012-10-17",`
			`"Id": "kms-tf-1",`
			`"Statement": [`
			`{`
			`"Sid": "Enable IAM User Permissions",`
			`"Effect": "Allow",`
			`"Principal": {`
			`"AWS": "*"`
			`},`
			`"Action": "kms:*",`
			`"Resource": "*"`
			`}`
			`]`
			`}`
			`POLICY`
			}`, kmsTimestamp)

			var testAccAWSKmsKey_removedPolicy = fmt.Sprintf(`
			`resource "aws_kms_key" "foo" {`
			`description = "Terraform acc test %s"`
			`deletion_window_in_days = 7`
			}`, kmsTimestamp)
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00
			var testAccAWSKmsKey_enabledRotation = fmt.Sprintf(`
			`resource "aws_kms_key" "bar" {`
			`description = "Terraform acc test is_enabled %s"`
			`deletion_window_in_days = 7`
			`enable_key_rotation = true`
			}`, kmsTimestamp)
			var testAccAWSKmsKey_disabled = fmt.Sprintf(`
			`resource "aws_kms_key" "bar" {`
			`description = "Terraform acc test is_enabled %s"`
			`deletion_window_in_days = 7`
			`enable_key_rotation = false`
			`is_enabled = false`
			}`, kmsTimestamp)
			var testAccAWSKmsKey_enabled = fmt.Sprintf(`
			`resource "aws_kms_key" "bar" {`
			`description = "Terraform acc test is_enabled %s"`
			`deletion_window_in_days = 7`
			`enable_key_rotation = true`
			`is_enabled = true`
			}`, kmsTimestamp)