From c94815d56d93fc22a363109437223551334bb7f3 Mon Sep 17 00:00:00 2001 From: clint shryock Date: Mon, 4 Jan 2016 14:09:16 -0600 Subject: [PATCH] provider/aws: Update some IAM tests --- .../aws/resource_aws_iam_role_policy_test.go | 30 +++++++++++++++++-- .../resource_aws_iam_saml_provider_test.go | 25 ++++++++++++++-- .../aws/resource_aws_iam_user_policy_test.go | 30 +++++++++++++++++-- 3 files changed, 79 insertions(+), 6 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_role_policy_test.go b/builtin/providers/aws/resource_aws_iam_role_policy_test.go index 219c676eb..3f3256435 100644 --- a/builtin/providers/aws/resource_aws_iam_role_policy_test.go +++ b/builtin/providers/aws/resource_aws_iam_role_policy_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" @@ -39,8 +40,33 @@ func TestAccAWSIAMRolePolicy_basic(t *testing.T) { } func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error { - if len(s.RootModule().Resources) > 0 { - return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources) + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_iam_role_policy" { + continue + } + + role, name := resourceAwsIamRolePolicyParseId(rs.Primary.ID) + + request := &iam.GetRolePolicyInput{ + PolicyName: aws.String(name), + RoleName: aws.String(role), + } + + var err error + getResp, err := iamconn.GetRolePolicy(request) + if err != nil { + if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { + // none found, that's good + return nil + } + return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) + } + + if getResp != nil { + return fmt.Errorf("Found IAM Role, expected none: %s", getResp) + } } return nil diff --git a/builtin/providers/aws/resource_aws_iam_saml_provider_test.go b/builtin/providers/aws/resource_aws_iam_saml_provider_test.go index 63ed39588..4118a062a 100644 --- a/builtin/providers/aws/resource_aws_iam_saml_provider_test.go +++ b/builtin/providers/aws/resource_aws_iam_saml_provider_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" @@ -33,8 +34,28 @@ func TestAccAWSIAMSamlProvider_basic(t *testing.T) { } func testAccCheckIAMSamlProviderDestroy(s *terraform.State) error { - if len(s.RootModule().Resources) > 0 { - return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources) + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_iam_saml_provider" { + continue + } + + input := &iam.GetSAMLProviderInput{ + SAMLProviderArn: aws.String(rs.Primary.ID), + } + out, err := iamconn.GetSAMLProvider(input) + if err != nil { + if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { + // none found, that's good + return nil + } + return fmt.Errorf("Error reading IAM SAML Provider, out: %s, err: %s", out, err) + } + + if out != nil { + return fmt.Errorf("Found IAM SAML Provider, expected none: %s", out) + } } return nil diff --git a/builtin/providers/aws/resource_aws_iam_user_policy_test.go b/builtin/providers/aws/resource_aws_iam_user_policy_test.go index f5c520180..019d82506 100644 --- a/builtin/providers/aws/resource_aws_iam_user_policy_test.go +++ b/builtin/providers/aws/resource_aws_iam_user_policy_test.go @@ -5,6 +5,7 @@ import ( "testing" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" @@ -39,8 +40,33 @@ func TestAccAWSIAMUserPolicy_basic(t *testing.T) { } func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error { - if len(s.RootModule().Resources) > 0 { - return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources) + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_iam_user_policy" { + continue + } + + role, name := resourceAwsIamRolePolicyParseId(rs.Primary.ID) + + request := &iam.GetRolePolicyInput{ + PolicyName: aws.String(name), + RoleName: aws.String(role), + } + + var err error + getResp, err := iamconn.GetRolePolicy(request) + if err != nil { + if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { + // none found, that's good + return nil + } + return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) + } + + if getResp != nil { + return fmt.Errorf("Found IAM Role, expected none: %s", getResp) + } } return nil