rename to more intuitive name and finish tests
This commit is contained in:
Patrick Gray
parent
7bf27daa64
commit
3266c44b83
|
|
@ -9,8 +9,8 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestAccAWSPolicyAttach_basic(t *testing.T) {
|
func TestAccAWSPolicyAttachment_basic(t *testing.T) {
|
||||||
var policy iam.GetPolicyOutput
|
var out iam.GetPolicyOutput
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
|
@ -20,34 +20,90 @@ func TestAccAWSPolicyAttach_basic(t *testing.T) {
|
||||||
resource.TestStep{
|
resource.TestStep{
|
||||||
Config: testAccAWSPolicyAttachConfig,
|
Config: testAccAWSPolicyAttachConfig,
|
||||||
Check: resource.ComposeTestCheckFunc(
|
Check: resource.ComposeTestCheckFunc(
|
||||||
testAccCheckAWSPolicyAttachmentExists(),
|
testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attachment", 3, &out),
|
||||||
testAccCheckAWSPolicyAttachmentAttributes(),
|
testAccCheckAWSPolicyAttachmentAttributes([]string{"test-user"}, []string{"test-role"}, []string{"test-group"}, &out),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
resource.TestStep{
|
resource.TestStep{
|
||||||
Config: testAccAWSPolicyAttachConfigUpdate,
|
Config: testAccAWSPolicyAttachConfigUpdate,
|
||||||
Check: resource.ComposeTestCheckFunc(
|
Check: resource.ComposeTestCheckFunc(
|
||||||
testAccCheckAWSPolicyAttachmentExists(),
|
testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attachment", 6, &out),
|
||||||
testAccCheckAWSPolicyAttachmentAttributes(),
|
testAccCheckAWSPolicyAttachmentAttributes([]string{"test-user3", "test-user3"}, []string{"test-role2", "test-role3"}, []string{"test-group2", "test-group3"}, &out),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccCheckAWSPolicyAttachmentDestroy(s *terraform.State) error {
|
func testAccCheckAWSPolicyAttachmentDestroy(s *terraform.State) error {
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccCheckAWSPolicyAttachmentExists(s *terraform.State) error {
|
func testAccCheckAWSPolicyAttachmentExists(n string, c int, out *iam.ListEntitiesForPolicyOutput) resource.TestCheckFunc {
|
||||||
conn := testAccProvider.Meta().(*AWSClient).iamconn
|
return func(s *terraform.State) error {
|
||||||
|
rs, ok := s.RootModule().Resources[n]
|
||||||
|
if !ok {
|
||||||
|
return fmt.Errorf("Not found: %s", n)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
if rs.Primary.ID == "" {
|
||||||
|
return fmt.Errorf("No policy name is set")
|
||||||
|
}
|
||||||
|
|
||||||
|
conn := testAccProvider.Meta().(*AWSClient).iamconn
|
||||||
|
arn := rs.Primary.Attributes["policy_arn"]
|
||||||
|
|
||||||
|
resp, err := conn.GetPolicy(&iam.GetPolicyInput{
|
||||||
|
PolicyARN: aws.String(arn),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error: Policy (%s) not found", n)
|
||||||
|
}
|
||||||
|
if c != resp.Policy.AttachmentCount {
|
||||||
|
return fmt.Errorf("Error: Policy (%s) has wrong number of entities attached on initial creation", n)
|
||||||
|
}
|
||||||
|
resp2, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyOutput{
|
||||||
|
PolicyARN: aws.String(arn),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error: Failed to get entities for Policy (%s)", arn)
|
||||||
|
}
|
||||||
|
|
||||||
|
*out = *resp2
|
||||||
|
return nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
func testAccCheckAWSPolicyAttachmentAttributes() error {
|
func testAccCheckAWSPolicyAttachmentAttributes(users []string, roles []string, groups []string, out *iam.ListEntitiesForPolicyOutput) resource.TestCheckFunc {
|
||||||
|
return func(s *terraform.State) error {
|
||||||
|
uc := len(u)
|
||||||
|
rc := len(r)
|
||||||
|
gc := len(g)
|
||||||
|
|
||||||
return nil
|
for _, u := range users {
|
||||||
|
for _, pu := range out.PolicyUsers {
|
||||||
|
if u == *pu.UserName {
|
||||||
|
uc--
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for _, r := range roles {
|
||||||
|
for _, pr := range out.PolicyRoles {
|
||||||
|
if r == *pu.RoleName {
|
||||||
|
rc--
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for _, g := range users {
|
||||||
|
for _, pg := range out.PolicyGroups {
|
||||||
|
if g == *pu.GroupName {
|
||||||
|
gc--
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if uc != 0 || rc != 0 || gc != 0 {
|
||||||
|
return fmt.Errorf("Error: Number of attached users, roles, or groups was incorrect:\n expected %d users and found %d\nexpected %d roles and found %d\nexpected %d groups and found %d", len(users), (len(users) - uc), len(roles), (len(roles) - rc), len(groups), (len(groups) - gc))
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const testAccAWSPolicyAttachConfig = `
|
const testAccAWSPolicyAttachConfig = `
|
||||||
|
|
@ -80,7 +136,7 @@ resource "aws_iam_policy" "policy" {
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_policy_attach" "test-attach" {
|
resource "aws_iam_policy_attachment" "test-attach" {
|
||||||
name = "test-attachment"
|
name = "test-attachment"
|
||||||
users = ["${aws_iam_user.user.name}"]
|
users = ["${aws_iam_user.user.name}"]
|
||||||
roles = ["${aws_iam_role.role.name}"]
|
roles = ["${aws_iam_role.role.name}"]
|
||||||
|
|
@ -137,7 +193,7 @@ resource "aws_iam_policy" "policy" {
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_policy_attach" "test-attach" {
|
resource "aws_iam_policy_attachment" "test-attach" {
|
||||||
name = "test-attachment"
|
name = "test-attachment"
|
||||||
users = [
|
users = [
|
||||||
"${aws_iam_user.user2.name}",
|
"${aws_iam_user.user2.name}",
|
||||||
Loading…
Reference in New Issue