ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add acceptance tests

This commit is contained in:
John Engelman 2015-04-18 15:58:08 -05:00 committed by Phil Frost
parent b082117e92
commit 6ee17a8e9e
10 changed files with 786 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
builtin/providers/aws/resource_aws_iam_access_key_test.go Normal file
View File

@ -0,0 +1,117 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSAccessKey_normal(t *testing.T) {
var conf iam.AccessKeyMetadata
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSAccessKeyDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSAccessKeyConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
testAccCheckAWSAccessKeyAttributes(&conf),
),
},
},
})
}
func testAccCheckAWSAccessKeyDestroy(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_access_key" {
continue
}
// Try to get access key
resp, err := iamconn.ListAccessKeys(&iam.ListAccessKeysInput{
UserName: aws.String(rs.Primary.ID),
})
if err == nil {
if len(resp.AccessKeyMetadata) > 0 {
return fmt.Errorf("still exist.")
}
return nil
}
// Verify the error is what we want
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
if ec2err.Code != "NoSuchEntity" {
return err
}
}
return nil
}
func testAccCheckAWSAccessKeyExists(n string, res *iam.AccessKeyMetadata) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Role name is set")
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
resp, err := iamconn.ListAccessKeys(&iam.ListAccessKeysInput{
UserName: aws.String("testuser"),
})
if err != nil {
return err
}
if len(resp.AccessKeyMetadata) != 1 ||
*resp.AccessKeyMetadata[0].UserName != "testuser" {
return fmt.Errorf("User not found not found")
}
*res = *resp.AccessKeyMetadata[0]
return nil
}
}
func testAccCheckAWSAccessKeyAttributes(accessKeyMetadata *iam.AccessKeyMetadata) resource.TestCheckFunc {
return func(s *terraform.State) error {
if *accessKeyMetadata.UserName != "testuser" {
return fmt.Errorf("Bad username: %s", *accessKeyMetadata.UserName)
}
if *accessKeyMetadata.Status != "Active" {
return fmt.Errorf("Bad status: %s", *accessKeyMetadata.Status)
}
return nil
}
}
const testAccAWSAccessKeyConfig = `
resource "aws_iam_user" "a_user" {
name = "testuser"
}
resource "aws_iam_access_key" "a_key" {
user = "${aws_iam_user.a_user.name}"
}
`

8
builtin/providers/aws/resource_aws_iam_group_policy.go
View File

@ -59,7 +59,7 @@ func resourceAwsIamGroupPolicyPut(d *schema.ResourceData, meta interface{}) erro
func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) error { func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn iamconn := meta.(*AWSClient).iamconn
group, name := resourceAwsIamGroupPolicyParseId(d) group, name := resourceAwsIamGroupPolicyParseId(d.Id())
request := &iam.GetGroupPolicyInput{ request := &iam.GetGroupPolicyInput{
PolicyName: aws.String(name), PolicyName: aws.String(name),
@ -89,7 +89,7 @@ func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) err
func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn iamconn := meta.(*AWSClient).iamconn
group, name := resourceAwsIamGroupPolicyParseId(d) group, name := resourceAwsIamGroupPolicyParseId(d.Id())
request := &iam.DeleteGroupPolicyInput{ request := &iam.DeleteGroupPolicyInput{
PolicyName: aws.String(name), PolicyName: aws.String(name),
@ -102,8 +102,8 @@ func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) e
return nil return nil
} }
func resourceAwsIamGroupPolicyParseId(d *schema.ResourceData) (groupName, policyName string) { func resourceAwsIamGroupPolicyParseId(id string) (groupName, policyName string) {
parts := strings.SplitN(d.Id(), ":", 2) parts := strings.SplitN(id, ":", 2)
groupName = parts[0] groupName = parts[0]
policyName = parts[1] policyName = parts[1]
return return

112
builtin/providers/aws/resource_aws_iam_group_policy_test.go Normal file
View File

@ -0,0 +1,112 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSIAMGroupPolicy(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckIAMGroupPolicyDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccIAMGroupPolicyConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckIAMGroupPolicy(
"aws_iam_group.group",
"aws_iam_group_policy.foo",
),
),
},
resource.TestStep{
Config: testAccIAMGroupPolicyConfigUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckIAMGroupPolicy(
"aws_iam_group.group",
"aws_iam_group_policy.bar",
),
),
},
},
})
}
func testAccCheckIAMGroupPolicyDestroy(s *terraform.State) error {
if len(s.RootModule().Resources) > 0 {
return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
}
return nil
}
func testAccCheckIAMGroupPolicy(
iamGroupResource string,
iamGroupPolicyResource string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[iamGroupResource]
if !ok {
return fmt.Errorf("Not Found: %s", iamGroupResource)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
}
policy, ok := s.RootModule().Resources[iamGroupPolicyResource]
if !ok {
return fmt.Errorf("Not Found: %s", iamGroupPolicyResource)
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
group, name := resourceAwsIamGroupPolicyParseId(policy.Primary.ID)
_, err := iamconn.GetGroupPolicy(&iam.GetGroupPolicyInput{
GroupName: aws.String(group),
PolicyName: aws.String(name),
})
if err != nil {
return err
}
return nil
}
}
const testAccIAMGroupPolicyConfig = `
resource "aws_iam_group" "group" {
name = "test_group"
path = "/"
}
resource "aws_iam_group_policy" "foo" {
name = "foo_policy"
group = "${aws_iam_group.group.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
`
const testAccIAMGroupPolicyConfigUpdate = `
resource "aws_iam_group" "group" {
name = "test_group"
path = "/"
}
resource "aws_iam_group_policy" "foo" {
name = "foo_policy"
group = "${aws_iam_group.group.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
resource "aws_iam_group_policy" "bar" {
name = "bar_policy"
group = "${aws_iam_group.group.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
`

106
builtin/providers/aws/resource_aws_iam_group_test.go Normal file
View File

@ -0,0 +1,106 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSGroup_normal(t *testing.T) {
var conf iam.GetGroupOutput
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSGroupDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSGroupConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSGroupExists("aws_iam_group.group", &conf),
testAccCheckAWSGroupAttributes(&conf),
),
},
},
})
}
func testAccCheckAWSGroupDestroy(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iam_group" {
continue
}
// Try to get group
_, err := iamconn.GetGroup(&iam.GetGroupInput{
GroupName: aws.String(rs.Primary.ID),
})
if err == nil {
return fmt.Errorf("still exist.")
}
// Verify the error is what we want
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
if ec2err.Code != "NoSuchEntity" {
return err
}
}
return nil
}
func testAccCheckAWSGroupExists(n string, res *iam.GetGroupOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Group name is set")
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
resp, err := iamconn.GetGroup(&iam.GetGroupInput{
GroupName: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}
*res = *resp
return nil
}
}
func testAccCheckAWSGroupAttributes(group *iam.GetGroupOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
if *group.Group.GroupName != "test-group" {
return fmt.Errorf("Bad name: %s", *group.Group.GroupName)
}
if *group.Group.Path != "/" {
return fmt.Errorf("Bad path: %s", *group.Group.Path)
}
return nil
}
}
const testAccAWSGroupConfig = `
resource "aws_iam_group" "group" {
name = "test-group"
path = "/"
}
`

10
builtin/providers/aws/resource_aws_iam_role_policy.go
View File

@ -59,7 +59,7 @@ func resourceAwsIamRolePolicyPut(d *schema.ResourceData, meta interface{}) error
func resourceAwsIamRolePolicyRead(d *schema.ResourceData, meta interface{}) error { func resourceAwsIamRolePolicyRead(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn iamconn := meta.(*AWSClient).iamconn
role, name := resourceAwsIamRolePolicyParseId(d) role, name := resourceAwsIamRolePolicyParseId(d.Id())
request := &iam.GetRolePolicyInput{ request := &iam.GetRolePolicyInput{
PolicyName: aws.String(name), PolicyName: aws.String(name),
@ -89,7 +89,7 @@ func resourceAwsIamRolePolicyRead(d *schema.ResourceData, meta interface{}) erro
func resourceAwsIamRolePolicyDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsIamRolePolicyDelete(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn iamconn := meta.(*AWSClient).iamconn
role, name := resourceAwsIamRolePolicyParseId(d) role, name := resourceAwsIamRolePolicyParseId(d.Id())
request := &iam.DeleteRolePolicyInput{ request := &iam.DeleteRolePolicyInput{
PolicyName: aws.String(name), PolicyName: aws.String(name),
@ -102,9 +102,9 @@ func resourceAwsIamRolePolicyDelete(d *schema.ResourceData, meta interface{}) er
return nil return nil
} }
func resourceAwsIamRolePolicyParseId(d *schema.ResourceData) (userName, policyName string) { func resourceAwsIamRolePolicyParseId(id string) (roleName, policyName string) {
parts := strings.SplitN(d.Id(), ":", 2) parts := strings.SplitN(id, ":", 2)
userName = parts[0] roleName = parts[0]
policyName = parts[1] policyName = parts[1]
return return
} }

114
builtin/providers/aws/resource_aws_iam_role_policy_test.go Normal file
View File

@ -0,0 +1,114 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSIAMRolePolicy(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckIAMRolePolicyDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccIAMRolePolicyConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckIAMRolePolicy(
"aws_iam_role.role",
"aws_iam_role_policy.foo",
),
),
},
resource.TestStep{
Config: testAccIAMRolePolicyConfigUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckIAMRolePolicy(
"aws_iam_role.role",
"aws_iam_role_policy.bar",
),
),
},
},
})
}
func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error {
if len(s.RootModule().Resources) > 0 {
return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
}
return nil
}
func testAccCheckIAMRolePolicy(
iamRoleResource string,
iamRolePolicyResource string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[iamRoleResource]
if !ok {
return fmt.Errorf("Not Found: %s", iamRoleResource)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
}
policy, ok := s.RootModule().Resources[iamRolePolicyResource]
if !ok {
return fmt.Errorf("Not Found: %s", iamRolePolicyResource)
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
role, name := resourceAwsIamRolePolicyParseId(policy.Primary.ID)
_, err := iamconn.GetRolePolicy(&iam.GetRolePolicyInput{
RoleName: aws.String(role),
PolicyName: aws.String(name),
})
if err != nil {
return err
}
return nil
}
}
const testAccIAMRolePolicyConfig = `
resource "aws_iam_role" "role" {
name = "test_role"
path = "/"
assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Effect\":\"Allow\",\"Sid\":\"\"}]}"
}
resource "aws_iam_role_policy" "foo" {
name = "foo_policy"
role = "${aws_iam_role.role.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
`
const testAccIAMRolePolicyConfigUpdate = `
resource "aws_iam_role" "role" {
name = "test_role"
path = "/"
assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Effect\":\"Allow\",\"Sid\":\"\"}]}"
}
resource "aws_iam_role_policy" "foo" {
name = "foo_policy"
role = "${aws_iam_role.role.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
resource "aws_iam_role_policy" "bar" {
name = "bar_policy"
role = "${aws_iam_role.role.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
`

106
builtin/providers/aws/resource_aws_iam_role_test.go Normal file
View File

@ -0,0 +1,106 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSRole_normal(t *testing.T) {
var conf iam.GetRoleOutput
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRoleDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSRoleConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRoleExists("aws_iam_role.role", &conf),
testAccCheckAWSRoleAttributes(&conf),
),
},
},
})
}
func testAccCheckAWSRoleDestroy(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iam_role" {
continue
}
// Try to get role
_, err := iamconn.GetRole(&iam.GetRoleInput{
RoleName: aws.String(rs.Primary.ID),
})
if err == nil {
return fmt.Errorf("still exist.")
}
// Verify the error is what we want
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
if ec2err.Code != "NoSuchEntity" {
return err
}
}
return nil
}
func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Role name is set")
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
resp, err := iamconn.GetRole(&iam.GetRoleInput{
RoleName: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}
*res = *resp
return nil
}
}
func testAccCheckAWSRoleAttributes(role *iam.GetRoleOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
if *role.Role.RoleName != "test-role" {
return fmt.Errorf("Bad name: %s", *role.Role.RoleName)
}
if *role.Role.Path != "/" {
return fmt.Errorf("Bad path: %s", *role.Role.Path)
}
return nil
}
}
const testAccAWSRoleConfig = `
resource "aws_iam_role" "role" {
name = "test-role"
path = "/"
assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
}
`

8
builtin/providers/aws/resource_aws_iam_user_policy.go
View File

@ -59,7 +59,7 @@ func resourceAwsIamUserPolicyPut(d *schema.ResourceData, meta interface{}) error
func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) error { func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn iamconn := meta.(*AWSClient).iamconn
user, name := resourceAwsIamUserPolicyParseId(d) user, name := resourceAwsIamUserPolicyParseId(d.Id())
request := &iam.GetUserPolicyInput{ request := &iam.GetUserPolicyInput{
PolicyName: aws.String(name), PolicyName: aws.String(name),
@ -89,7 +89,7 @@ func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) erro
func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn iamconn := meta.(*AWSClient).iamconn
user, name := resourceAwsIamUserPolicyParseId(d) user, name := resourceAwsIamUserPolicyParseId(d.Id())
request := &iam.DeleteUserPolicyInput{ request := &iam.DeleteUserPolicyInput{
PolicyName: aws.String(name), PolicyName: aws.String(name),
@ -102,8 +102,8 @@ func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) er
return nil return nil
} }
func resourceAwsIamUserPolicyParseId(d *schema.ResourceData) (userName, policyName string) { func resourceAwsIamUserPolicyParseId(id string) (userName, policyName string) {
parts := strings.SplitN(d.Id(), ":", 2) parts := strings.SplitN(id, ":", 2)
userName = parts[0] userName = parts[0]
policyName = parts[1] policyName = parts[1]
return return

112
builtin/providers/aws/resource_aws_iam_user_policy_test.go Normal file
View File

@ -0,0 +1,112 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSIAMUserPolicy(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckIAMUserPolicyDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccIAMUserPolicyConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckIAMUserPolicy(
"aws_iam_user.user",
"aws_iam_user_policy.foo",
),
),
},
resource.TestStep{
Config: testAccIAMUserPolicyConfigUpdate,
Check: resource.ComposeTestCheckFunc(
testAccCheckIAMUserPolicy(
"aws_iam_user.user",
"aws_iam_user_policy.bar",
),
),
},
},
})
}
func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
if len(s.RootModule().Resources) > 0 {
return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources)
}
return nil
}
func testAccCheckIAMUserPolicy(
iamUserResource string,
iamUserPolicyResource string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[iamUserResource]
if !ok {
return fmt.Errorf("Not Found: %s", iamUserResource)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
}
policy, ok := s.RootModule().Resources[iamUserPolicyResource]
if !ok {
return fmt.Errorf("Not Found: %s", iamUserPolicyResource)
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
username, name := resourceAwsIamUserPolicyParseId(policy.Primary.ID)
_, err := iamconn.GetUserPolicy(&iam.GetUserPolicyInput{
UserName: aws.String(username),
PolicyName: aws.String(name),
})
if err != nil {
return err
}
return nil
}
}
const testAccIAMUserPolicyConfig = `
resource "aws_iam_user" "user" {
name = "test_user"
path = "/"
}
resource "aws_iam_user_policy" "foo" {
name = "foo_policy"
user = "${aws_iam_user.user.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
`
const testAccIAMUserPolicyConfigUpdate = `
resource "aws_iam_user" "user" {
name = "test_user"
path = "/"
}
resource "aws_iam_user_policy" "foo" {
name = "foo_policy"
user = "${aws_iam_user.user.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
resource "aws_iam_user_policy" "bar" {
name = "bar_policy"
user = "${aws_iam_user.user.name}"
policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":\"*\",\"Resource\":\"*\"}}"
}
`

106
builtin/providers/aws/resource_aws_iam_user_test.go Normal file
View File

@ -0,0 +1,106 @@
package aws
import (
"fmt"
"testing"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSUser_normal(t *testing.T) {
var conf iam.GetUserOutput
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSUserDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSUserConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists("aws_iam_user.user", &conf),
testAccCheckAWSUserAttributes(&conf),
),
},
},
})
}
func testAccCheckAWSUserDestroy(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iam_user" {
continue
}
// Try to get user
_, err := iamconn.GetUser(&iam.GetUserInput{
UserName: aws.String(rs.Primary.ID),
})
if err == nil {
return fmt.Errorf("still exist.")
}
// Verify the error is what we want
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
if ec2err.Code != "NoSuchEntity" {
return err
}
}
return nil
}
func testAccCheckAWSUserExists(n string, res *iam.GetUserOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No User name is set")
}
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
resp, err := iamconn.GetUser(&iam.GetUserInput{
UserName: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}
*res = *resp
return nil
}
}
func testAccCheckAWSUserAttributes(user *iam.GetUserOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
if *user.User.UserName != "test-user" {
return fmt.Errorf("Bad name: %s", *user.User.UserName)
}
if *user.User.Path != "/" {
return fmt.Errorf("Bad path: %s", *user.User.Path)
}
return nil
}
}
const testAccAWSUserConfig = `
resource "aws_iam_user" "user" {
name = "test-user"
path = "/"
}
`