From 3f66347025c774c053cf1e2462cf431d70c3dcc2 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Mon, 15 Feb 2016 14:10:36 +0000
Subject: [PATCH] provider/aws: Add tests for CloudTrail tags

---
 .../aws/resource_aws_cloudtrail_test.go       | 120 ++++++++++++++++++
 builtin/providers/aws/tagsCloudtrail_test.go  |  73 +++++++++++
 2 files changed, 193 insertions(+)
 create mode 100644 builtin/providers/aws/tagsCloudtrail_test.go

diff --git a/builtin/providers/aws/resource_aws_cloudtrail_test.go b/builtin/providers/aws/resource_aws_cloudtrail_test.go
index 77c0ed244..722bcaab1 100644
--- a/builtin/providers/aws/resource_aws_cloudtrail_test.go
+++ b/builtin/providers/aws/resource_aws_cloudtrail_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"log"
 	"math/rand"
 	"testing"
 	"time"
@@ -157,6 +158,53 @@ func TestAccAWSCloudTrail_logValidation(t *testing.T) {
 	})
 }
 
+func TestAccAWSCloudTrail_tags(t *testing.T) {
+	var trail cloudtrail.Trail
+	var trailTags []*cloudtrail.Tag
+	var trailTagsModified []*cloudtrail.Tag
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudTrailDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudTrailConfig_tags,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
+					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "tags.#", "2"),
+					testAccCheckCloudTrailLoadTags(&trail, &trailTags),
+					testAccCheckCloudTrailCheckTags(&trailTags, map[string]string{"Foo": "moo", "Pooh": "hi"}),
+					testAccCheckCloudTrailLogValidationEnabled("aws_cloudtrail.foobar", false, &trail),
+					testAccCheckCloudTrailKmsKeyIdEquals("aws_cloudtrail.foobar", "", &trail),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCloudTrailConfig_tagsModified,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
+					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "tags.#", "3"),
+					testAccCheckCloudTrailLoadTags(&trail, &trailTagsModified),
+					testAccCheckCloudTrailCheckTags(&trailTagsModified, map[string]string{"Foo": "moo", "Moo": "boom", "Pooh": "hi"}),
+					testAccCheckCloudTrailLogValidationEnabled("aws_cloudtrail.foobar", false, &trail),
+					testAccCheckCloudTrailKmsKeyIdEquals("aws_cloudtrail.foobar", "", &trail),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCloudTrailConfig_tagsModifiedAgain,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
+					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "tags.#", "0"),
+					testAccCheckCloudTrailLoadTags(&trail, &trailTagsModified),
+					testAccCheckCloudTrailCheckTags(&trailTagsModified, map[string]string{}),
+					testAccCheckCloudTrailLogValidationEnabled("aws_cloudtrail.foobar", false, &trail),
+					testAccCheckCloudTrailKmsKeyIdEquals("aws_cloudtrail.foobar", "", &trail),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -299,6 +347,25 @@ func testAccCheckAWSCloudTrailDestroy(s *terraform.State) error {
 	return nil
 }
 
+func testAccCheckCloudTrailLoadTags(trail *cloudtrail.Trail, tags *[]*cloudtrail.Tag) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
+		input := cloudtrail.ListTagsInput{
+			ResourceIdList: []*string{trail.TrailARN},
+		}
+		out, err := conn.ListTags(&input)
+		if err != nil {
+			return err
+		}
+		log.Printf("[DEBUG] Received CloudTrail tags during test: %s", out)
+		if len(out.ResourceTagList) > 0 {
+			*tags = out.ResourceTagList[0].TagsList
+		}
+		log.Printf("[DEBUG] Loading CloudTrail tags into a var: %s", *tags)
+		return nil
+	}
+}
+
 var cloudTrailRandInt = rand.New(rand.NewSource(time.Now().UnixNano())).Int()
 
 var testAccAWSCloudTrailConfig = fmt.Sprintf(`
@@ -498,3 +565,56 @@ resource "aws_s3_bucket" "foo" {
 POLICY
 }
 `, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
+
+var testAccAWSCloudTrailConfig_tags_tpl = `
+resource "aws_cloudtrail" "foobar" {
+    name = "tf-acc-trail-log-validation-test"
+    s3_bucket_name = "${aws_s3_bucket.foo.id}"
+    %s
+}
+
+resource "aws_s3_bucket" "foo" {
+	bucket = "tf-test-trail-%d"
+	force_destroy = true
+	policy = <<POLICY
+{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Sid": "AWSCloudTrailAclCheck",
+			"Effect": "Allow",
+			"Principal": "*",
+			"Action": "s3:GetBucketAcl",
+			"Resource": "arn:aws:s3:::tf-test-trail-%d"
+		},
+		{
+			"Sid": "AWSCloudTrailWrite",
+			"Effect": "Allow",
+			"Principal": "*",
+			"Action": "s3:PutObject",
+			"Resource": "arn:aws:s3:::tf-test-trail-%d/*",
+			"Condition": {
+				"StringEquals": {
+					"s3:x-amz-acl": "bucket-owner-full-control"
+				}
+			}
+		}
+	]
+}
+POLICY
+}
+`
+
+var testAccAWSCloudTrailConfig_tags = fmt.Sprintf(testAccAWSCloudTrailConfig_tags_tpl,
+	`tags {
+		Foo = "moo"
+		Pooh = "hi"
+	}`, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
+var testAccAWSCloudTrailConfig_tagsModified = fmt.Sprintf(testAccAWSCloudTrailConfig_tags_tpl,
+	`tags {
+		Foo = "moo"
+		Pooh = "hi"
+		Moo = "boom"
+	}`, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
+var testAccAWSCloudTrailConfig_tagsModifiedAgain = fmt.Sprintf(testAccAWSCloudTrailConfig_tags_tpl,
+	"", cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
diff --git a/builtin/providers/aws/tagsCloudtrail_test.go b/builtin/providers/aws/tagsCloudtrail_test.go
new file mode 100644
index 000000000..860a9bd3d
--- /dev/null
+++ b/builtin/providers/aws/tagsCloudtrail_test.go
@@ -0,0 +1,73 @@
+package aws
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/cloudtrail"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestDiffCloudtrailTags(t *testing.T) {
+	cases := []struct {
+		Old, New       map[string]interface{}
+		Create, Remove map[string]string
+	}{
+		// Basic add/remove
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"bar": "baz",
+			},
+			Create: map[string]string{
+				"bar": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+
+		// Modify
+		{
+			Old: map[string]interface{}{
+				"foo": "bar",
+			},
+			New: map[string]interface{}{
+				"foo": "baz",
+			},
+			Create: map[string]string{
+				"foo": "baz",
+			},
+			Remove: map[string]string{
+				"foo": "bar",
+			},
+		},
+	}
+
+	for i, tc := range cases {
+		c, r := diffTagsCloudtrail(tagsFromMapCloudtrail(tc.Old), tagsFromMapCloudtrail(tc.New))
+		cm := tagsToMapCloudtrail(c)
+		rm := tagsToMapCloudtrail(r)
+		if !reflect.DeepEqual(cm, tc.Create) {
+			t.Fatalf("%d: bad create: %#v", i, cm)
+		}
+		if !reflect.DeepEqual(rm, tc.Remove) {
+			t.Fatalf("%d: bad remove: %#v", i, rm)
+		}
+	}
+}
+
+// testAccCheckCloudTrailCheckTags can be used to check the tags on a trail
+func testAccCheckCloudTrailCheckTags(tags *[]*cloudtrail.Tag, expectedTags map[string]string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if !reflect.DeepEqual(expectedTags, tagsToMapCloudtrail(*tags)) {
+			return fmt.Errorf("Tags mismatch.\nExpected: %#v\nGiven: %#v",
+				expectedTags, tagsToMapCloudtrail(*tags))
+		}
+		return nil
+	}
+}