ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
terraform/builtin/providers/influxdb/resource_user_test.go

350 lines
8.1 KiB
Go
Raw Normal View History

Improve influxdb provider (#7333) * Improve influxdb provider - reduce public funcs. We should not make things public that don't need to be public - improve tests by verifying remote state - add influxdb_user resource allows you to manage influxdb users: ``` resource "influxdb_user" "admin" { name = "administrator" password = "super-secret" admin = true } ``` and also database specific grants: ``` resource "influxdb_user" "ro" { name = "read-only" password = "read-only" grant { database = "a" privilege = "read" } } ``` * Grant/ revoke admin access properly * Add continuous_query resource see https://docs.influxdata.com/influxdb/v0.13/query_language/continuous_queries/ for the details about continuous queries: ``` resource "influxdb_database" "test" { name = "terraform-test" } resource "influxdb_continuous_query" "minnie" { name = "minnie" database = "${influxdb_database.test.name}" query = "SELECT min(mouse) INTO min_mouse FROM zoo GROUP BY time(30m)" } ```
2016-08-05 08:27:03 +02:00
package influxdb
import (
"fmt"
"testing"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
"github.com/influxdata/influxdb/client"
)
func TestAccInfluxDBUser_admin(t *testing.T) {
resource.Test(t, resource.TestCase{
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccUserConfig_admin,
Check: resource.ComposeTestCheckFunc(
testAccCheckUserExists("influxdb_user.test"),
resource.TestCheckResourceAttr(
"influxdb_user.test", "name", "terraform_test",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "password", "terraform",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "admin", "true",
),
),
},
resource.TestStep{
Config: testAccUserConfig_revoke,
Check: resource.ComposeTestCheckFunc(
testAccCheckUserExists("influxdb_user.test"),
testAccCheckUserNoAdmin("influxdb_user.test"),
resource.TestCheckResourceAttr(
"influxdb_user.test", "name", "terraform_test",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "password", "terraform",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "admin", "false",
),
),
},
},
})
}
func TestAccInfluxDBUser_grant(t *testing.T) {
resource.Test(t, resource.TestCase{
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccUserConfig_grant,
Check: resource.ComposeTestCheckFunc(
testAccCheckUserExists("influxdb_user.test"),
testAccCheckUserGrants("influxdb_user.test", "terraform-green", "READ"),
resource.TestCheckResourceAttr(
"influxdb_user.test", "name", "terraform_test",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "password", "terraform",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "admin", "false",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "grant.#", "1",
),
),
},
resource.TestStep{
Config: testAccUserConfig_grantUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckUserGrants("influxdb_user.test", "terraform-green", "WRITE"),
testAccCheckUserGrants("influxdb_user.test", "terraform-blue", "READ"),
resource.TestCheckResourceAttr(
"influxdb_user.test", "name", "terraform_test",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "password", "terraform",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "admin", "false",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "grant.#", "2",
),
),
},
},
})
}
func TestAccInfluxDBUser_revoke(t *testing.T) {
resource.Test(t, resource.TestCase{
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccUserConfig_grant,
Check: resource.ComposeTestCheckFunc(
testAccCheckUserExists("influxdb_user.test"),
testAccCheckUserGrants("influxdb_user.test", "terraform-green", "READ"),
resource.TestCheckResourceAttr(
"influxdb_user.test", "name", "terraform_test",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "password", "terraform",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "admin", "false",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "grant.#", "1",
),
),
},
resource.TestStep{
Config: testAccUserConfig_revoke,
Check: resource.ComposeTestCheckFunc(
testAccCheckUserGrantsEmpty("influxdb_user.test"),
resource.TestCheckResourceAttr(
"influxdb_user.test", "name", "terraform_test",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "password", "terraform",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "admin", "false",
),
resource.TestCheckResourceAttr(
"influxdb_user.test", "grant.#", "0",
),
),
},
},
})
}
func testAccCheckUserExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No user id set")
}
conn := testAccProvider.Meta().(*client.Client)
query := client.Query{
Command: "SHOW USERS",
}
resp, err := conn.Query(query)
if err != nil {
return err
}
if resp.Err != nil {
return resp.Err
}
for _, result := range resp.Results[0].Series[0].Values {
if result[0] == rs.Primary.Attributes["name"] {
return nil
}
}
return fmt.Errorf("User %q does not exist", rs.Primary.Attributes["name"])
}
}
func testAccCheckUserNoAdmin(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No user id set")
}
conn := testAccProvider.Meta().(*client.Client)
query := client.Query{
Command: "SHOW USERS",
}
resp, err := conn.Query(query)
if err != nil {
return err
}
if resp.Err != nil {
return resp.Err
}
for _, result := range resp.Results[0].Series[0].Values {
if result[0] == rs.Primary.Attributes["name"] {
if result[1].(bool) == true {
return fmt.Errorf("User %q is admin", rs.Primary.ID)
}
return nil
}
}
return fmt.Errorf("User %q does not exist", rs.Primary.Attributes["name"])
}
}
func testAccCheckUserGrantsEmpty(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No user id set")
}
conn := testAccProvider.Meta().(*client.Client)
query := client.Query{
Command: fmt.Sprintf("SHOW GRANTS FOR %s", rs.Primary.Attributes["name"]),
}
resp, err := conn.Query(query)
if err != nil {
return err
}
if resp.Err != nil {
return resp.Err
}
for _, result := range resp.Results[0].Series[0].Values {
if result[1].(string) != "NO PRIVILEGES" {
return fmt.Errorf("User %q still has grants: %#v", rs.Primary.ID, resp.Results[0].Series[0].Values)
}
}
return nil
}
}
func testAccCheckUserGrants(n, database, privilege string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No user id set")
}
conn := testAccProvider.Meta().(*client.Client)
query := client.Query{
Command: fmt.Sprintf("SHOW GRANTS FOR %s", rs.Primary.Attributes["name"]),
}
resp, err := conn.Query(query)
if err != nil {
return err
}
if resp.Err != nil {
return resp.Err
}
for _, result := range resp.Results[0].Series[0].Values {
if result[0].(string) == database && result[1].(string) == privilege {
return nil
}
}
return fmt.Errorf("Privilege %q on %q for %q does not exist", privilege, database, rs.Primary.Attributes["name"])
}
}
var testAccUserConfig_admin = `
resource "influxdb_user" "test" {
name = "terraform_test"
password = "terraform"
admin = true
}
`
var testAccUserConfig_grant = `
resource "influxdb_database" "green" {
name = "terraform-green"
}
resource "influxdb_user" "test" {
name = "terraform_test"
password = "terraform"
grant {
database = "${influxdb_database.green.name}"
privilege = "read"
}
}
`
var testAccUserConfig_revoke = `
resource "influxdb_database" "green" {
name = "terraform-green"
}
resource "influxdb_user" "test" {
name = "terraform_test"
password = "terraform"
admin = false
}
`
var testAccUserConfig_grantUpdate = `
resource "influxdb_database" "green" {
name = "terraform-green"
}
resource "influxdb_database" "blue" {
name = "terraform-blue"
}
resource "influxdb_user" "test" {
name = "terraform_test"
password = "terraform"
grant {
database = "${influxdb_database.green.name}"
privilege = "write"
}
grant {
database = "${influxdb_database.blue.name}"
privilege = "read"
}
}
`