From 2e83eb1cfeae05cfdffec23bfe00db828622148c Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Fri, 2 Dec 2016 12:53:06 +0100 Subject: [PATCH] fix #9104 (#10394) --- .../aws/resource_aws_opsworks_permission.go | 12 ++-- .../resource_aws_opsworks_permission_test.go | 57 ++++++++++++++++--- 2 files changed, 56 insertions(+), 13 deletions(-) diff --git a/builtin/providers/aws/resource_aws_opsworks_permission.go b/builtin/providers/aws/resource_aws_opsworks_permission.go index 5b7833eb7..457441f0b 100644 --- a/builtin/providers/aws/resource_aws_opsworks_permission.go +++ b/builtin/providers/aws/resource_aws_opsworks_permission.go @@ -14,8 +14,8 @@ import ( func resourceAwsOpsworksPermission() *schema.Resource { return &schema.Resource{ - Create: resourceAwsOpsworksPermissionCreate, - Update: resourceAwsOpsworksPermissionCreate, + Create: resourceAwsOpsworksSetPermission, + Update: resourceAwsOpsworksSetPermission, Delete: resourceAwsOpsworksPermissionDelete, Read: resourceAwsOpsworksPermissionRead, @@ -105,10 +105,11 @@ func resourceAwsOpsworksPermissionRead(d *schema.ResourceData, meta interface{}) found = true d.SetId(id) d.Set("id", id) - d.Set("allow_ssh", permission.AllowSudo) - d.Set("allow_sodo", permission.AllowSudo) + d.Set("allow_ssh", permission.AllowSsh) + d.Set("allow_sudo", permission.AllowSudo) d.Set("user_arn", permission.IamUserArn) d.Set("stack_id", permission.StackId) + d.Set("level", permission.Level) } } @@ -121,12 +122,13 @@ func resourceAwsOpsworksPermissionRead(d *schema.ResourceData, meta interface{}) return nil } -func resourceAwsOpsworksPermissionCreate(d *schema.ResourceData, meta interface{}) error { +func resourceAwsOpsworksSetPermission(d *schema.ResourceData, meta interface{}) error { client := meta.(*AWSClient).opsworksconn req := &opsworks.SetPermissionInput{ AllowSudo: aws.Bool(d.Get("allow_sudo").(bool)), AllowSsh: aws.Bool(d.Get("allow_ssh").(bool)), + Level: aws.String(d.Get("level").(string)), IamUserArn: aws.String(d.Get("user_arn").(string)), StackId: aws.String(d.Get("stack_id").(string)), } diff --git a/builtin/providers/aws/resource_aws_opsworks_permission_test.go b/builtin/providers/aws/resource_aws_opsworks_permission_test.go index 38f149d45..0f70284ec 100644 --- a/builtin/providers/aws/resource_aws_opsworks_permission_test.go +++ b/builtin/providers/aws/resource_aws_opsworks_permission_test.go @@ -9,14 +9,13 @@ import ( ) func TestAccAWSOpsworksPermission(t *testing.T) { - rName := fmt.Sprintf("test-user-%d", acctest.RandInt()) - roleName := fmt.Sprintf("tf-ops-user-profile-%d", acctest.RandInt()) + sName := fmt.Sprintf("tf-ops-perm-%d", acctest.RandInt()) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ resource.TestStep{ - Config: testAccAwsOpsworksPermissionCreate(rName, roleName), + Config: testAccAwsOpsworksPermissionCreate(sName, "true", "true", "iam_only"), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr( "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true", @@ -29,19 +28,61 @@ func TestAccAWSOpsworksPermission(t *testing.T) { ), ), }, + resource.TestStep{ + Config: testAccAwsOpsworksPermissionCreate(sName, "true", "false", "iam_only"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true", + ), + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false", + ), + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "level", "iam_only", + ), + ), + }, + resource.TestStep{ + Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "deny"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false", + ), + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false", + ), + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "level", "deny", + ), + ), + }, + resource.TestStep{ + Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "show"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false", + ), + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false", + ), + resource.TestCheckResourceAttr( + "aws_opsworks_permission.tf-acc-perm", "level", "show", + ), + ), + }, }, }) } -func testAccAwsOpsworksPermissionCreate(rn, roleName string) string { +func testAccAwsOpsworksPermissionCreate(name, ssh, sudo, level string) string { return fmt.Sprintf(` resource "aws_opsworks_permission" "tf-acc-perm" { stack_id = "${aws_opsworks_stack.tf-acc.id}" - allow_ssh = true - allow_sudo = true + allow_ssh = %s + allow_sudo = %s user_arn = "${aws_opsworks_user_profile.user.user_arn}" - level = "iam_only" + level = "%s" } resource "aws_opsworks_user_profile" "user" { @@ -55,5 +96,5 @@ resource "aws_iam_user" "user" { } %s -`, rn, testAccAwsOpsworksStackConfigNoVpcCreate(rn)) +`, ssh, sudo, level, name, testAccAwsOpsworksStackConfigVpcCreate(name)) }