terraform/builtin/providers/aws/resource_aws_iam_group_test.go

157 lines
3.4 KiB
Go
Raw Normal View History

2015-04-18 22:58:08 +02:00
package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
2015-04-18 22:58:08 +02:00
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
provider/aws: Add validation to IAM User and Group Name This will allow us to catch errors at plan time rather than waiting for the API to tell us... Documentation for IAM User NAme Validation - http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html Documentation for IAM Group Name validation - http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/10/25 13:18:41 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_ -timeout 120m === RUN TestAccAWSIAMGroup_importBasic --- PASS: TestAccAWSIAMGroup_importBasic (13.80s) === RUN TestAccAWSIAMGroup_basic --- PASS: TestAccAWSIAMGroup_basic (23.30s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws37.121s ``` ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚ ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/10/25 13:22:23 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m === RUN TestAccAWSUser_importBasic --- PASS: TestAccAWSUser_importBasic (14.33s) === RUN TestAccAWSUser_basic --- PASS: TestAccAWSUser_basic (25.36s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s ```
2016-10-25 14:18:41 +02:00
func TestValidateIamGroupName(t *testing.T) {
validNames := []string{
"test-group",
"testgroup123",
"TestGroup",
"Test-Group",
"test.group",
"test.123,group",
"testgroup@hashicorp",
}
for _, v := range validNames {
_, errors := validateAwsIamGroupName(v, "name")
if len(errors) != 0 {
t.Fatalf("%q should be a valid IAM Group name: %q", v, errors)
}
}
invalidNames := []string{
"!",
"/",
" ",
":",
";",
"testgroup_123",
"test name",
"/slash-at-the-beginning",
"slash-at-the-end/",
}
for _, v := range invalidNames {
_, errors := validateAwsIamGroupName(v, "name")
if len(errors) == 0 {
t.Fatalf("%q should be an invalid IAM Group name", v)
}
}
}
func TestAccAWSIAMGroup_basic(t *testing.T) {
2015-04-18 22:58:08 +02:00
var conf iam.GetGroupOutput
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSGroupDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSGroupConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSGroupExists("aws_iam_group.group", &conf),
testAccCheckAWSGroupAttributes(&conf, "test-group", "/"),
2015-04-18 22:58:08 +02:00
),
},
resource.TestStep{
Config: testAccAWSGroupConfig2,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSGroupExists("aws_iam_group.group2", &conf),
testAccCheckAWSGroupAttributes(&conf, "test-group2", "/funnypath/"),
),
},
2015-04-18 22:58:08 +02:00
},
})
}
func testAccCheckAWSGroupDestroy(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iam_group" {
continue
}
// Try to get group
_, err := iamconn.GetGroup(&iam.GetGroupInput{
GroupName: aws.String(rs.Primary.ID),
})
if err == nil {
return fmt.Errorf("still exist.")
}
// Verify the error is what we want
ec2err, ok := err.(awserr.Error)
2015-04-18 22:58:08 +02:00
if !ok {
return err
}
if ec2err.Code() != "NoSuchEntity" {
2015-04-18 22:58:08 +02:00
return err
}
}
return nil
}
func testAccCheckAWSGroupExists(n string, res *iam.GetGroupOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Group name is set")
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
resp, err := iamconn.GetGroup(&iam.GetGroupInput{
GroupName: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}
*res = *resp
return nil
}
}
func testAccCheckAWSGroupAttributes(group *iam.GetGroupOutput, name string, path string) resource.TestCheckFunc {
2015-04-18 22:58:08 +02:00
return func(s *terraform.State) error {
if *group.Group.GroupName != name {
return fmt.Errorf("Bad name: %s when %s was expected", *group.Group.GroupName, name)
2015-04-18 22:58:08 +02:00
}
if *group.Group.Path != path {
return fmt.Errorf("Bad path: %s when %s was expected", *group.Group.Path, path)
2015-04-18 22:58:08 +02:00
}
return nil
}
}
const testAccAWSGroupConfig = `
resource "aws_iam_group" "group" {
name = "test-group"
path = "/"
}
`
const testAccAWSGroupConfig2 = `
resource "aws_iam_group" "group2" {
name = "test-group2"
path = "/funnypath/"
}
`