Merge pull request #660 from svanharmelen/f-fix-aws-network-acl
Fixing up the tests so they actually pass
This commit is contained in:
commit
afe2cf8580
|
@ -71,9 +71,9 @@ func TestAccAWSNetworkAclsOnlyIngressRules(t *testing.T) {
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.from_port", "0"),
|
"aws_network_acl.foos", "ingress.0.from_port", "443"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.to_port", "22"),
|
"aws_network_acl.foos", "ingress.0.to_port", "443"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
|
@ -84,59 +84,6 @@ func TestAccAWSNetworkAclsOnlyIngressRules(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
const testAccAWSNetworkAclIngressConfig = `
|
|
||||||
resource "aws_vpc" "foo" {
|
|
||||||
cidr_block = "10.1.0.0/16"
|
|
||||||
}
|
|
||||||
resource "aws_subnet" "blob" {
|
|
||||||
cidr_block = "10.1.1.0/24"
|
|
||||||
vpc_id = "${aws_vpc.foo.id}"
|
|
||||||
map_public_ip_on_launch = true
|
|
||||||
}
|
|
||||||
resource "aws_network_acl" "foos" {
|
|
||||||
vpc_id = "${aws_vpc.foo.id}"
|
|
||||||
ingress = {
|
|
||||||
protocol = "tcp"
|
|
||||||
rule_no = 1
|
|
||||||
action = "deny"
|
|
||||||
cidr_block = "10.2.2.3/18"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 22
|
|
||||||
}
|
|
||||||
ingress = {
|
|
||||||
protocol = "tcp"
|
|
||||||
rule_no = 2
|
|
||||||
action = "deny"
|
|
||||||
cidr_block = "10.2.2.3/18"
|
|
||||||
from_port = 443
|
|
||||||
to_port = 443
|
|
||||||
}
|
|
||||||
subnet_id = "${aws_subnet.blob.id}"
|
|
||||||
}
|
|
||||||
`
|
|
||||||
const testAccAWSNetworkAclIngressConfigChange = `
|
|
||||||
resource "aws_vpc" "foo" {
|
|
||||||
cidr_block = "10.1.0.0/16"
|
|
||||||
}
|
|
||||||
resource "aws_subnet" "blob" {
|
|
||||||
cidr_block = "10.1.1.0/24"
|
|
||||||
vpc_id = "${aws_vpc.foo.id}"
|
|
||||||
map_public_ip_on_launch = true
|
|
||||||
}
|
|
||||||
resource "aws_network_acl" "foos" {
|
|
||||||
vpc_id = "${aws_vpc.foo.id}"
|
|
||||||
ingress = {
|
|
||||||
protocol = "tcp"
|
|
||||||
rule_no = 1
|
|
||||||
action = "deny"
|
|
||||||
cidr_block = "10.2.2.3/18"
|
|
||||||
from_port = 0
|
|
||||||
to_port = 22
|
|
||||||
}
|
|
||||||
subnet_id = "${aws_subnet.blob.id}"
|
|
||||||
}
|
|
||||||
`
|
|
||||||
|
|
||||||
func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
||||||
var networkAcl ec2.NetworkAcl
|
var networkAcl ec2.NetworkAcl
|
||||||
|
|
||||||
|
@ -153,19 +100,21 @@ func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.protocol", "tcp"),
|
"aws_network_acl.foos", "ingress.0.protocol", "tcp"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.rule_no", "1"),
|
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.from_port", "0"),
|
"aws_network_acl.foos", "ingress.0.from_port", "443"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.to_port", "22"),
|
"aws_network_acl.foos", "ingress.0.to_port", "443"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.cidr_block", "10.2.2.3/18"),
|
"aws_network_acl.foos", "ingress.0.cidr_block", "10.2.2.3/18"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.1.from_port", "443"),
|
"aws_network_acl.foos", "ingress.1.rule_no", "1"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.1.rule_no", "2"),
|
"aws_network_acl.foos", "ingress.1.from_port", "0"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"aws_network_acl.foos", "ingress.1.to_port", "22"),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
resource.TestStep{
|
resource.TestStep{
|
||||||
|
@ -176,11 +125,11 @@ func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.protocol", "tcp"),
|
"aws_network_acl.foos", "ingress.0.protocol", "tcp"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
"aws_network_acl.foos", "ingress.0.rule_no", "1"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.from_port", "0"),
|
"aws_network_acl.foos", "ingress.0.from_port", "443"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.to_port", "22"),
|
"aws_network_acl.foos", "ingress.0.to_port", "443"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
|
@ -210,8 +159,6 @@ func TestAccAWSNetworkAclsOnlyEgressRules(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
func TestAccNetworkAcl_SubnetChange(t *testing.T) {
|
func TestAccNetworkAcl_SubnetChange(t *testing.T) {
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
|
@ -302,8 +249,10 @@ func testIngressRuleLength(networkAcl *ec2.NetworkAcl, length int) resource.Test
|
||||||
ingressEntries = append(ingressEntries, e)
|
ingressEntries = append(ingressEntries, e)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(ingressEntries) != length {
|
// There is always a default rule (ALL Traffic ... DENY)
|
||||||
return fmt.Errorf("Invalid number of ingress entries found; count = %s", len(ingressEntries))
|
// so we have to increase the lenght by 1
|
||||||
|
if len(ingressEntries) != length+1 {
|
||||||
|
return fmt.Errorf("Invalid number of ingress entries found; count = %d", len(ingressEntries))
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -354,7 +303,58 @@ func testAccCheckSubnetIsNotAssociatedWithAcl(acl string, subnet string) resourc
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const testAccAWSNetworkAclIngressConfig = `
|
||||||
|
resource "aws_vpc" "foo" {
|
||||||
|
cidr_block = "10.1.0.0/16"
|
||||||
|
}
|
||||||
|
resource "aws_subnet" "blob" {
|
||||||
|
cidr_block = "10.1.1.0/24"
|
||||||
|
vpc_id = "${aws_vpc.foo.id}"
|
||||||
|
map_public_ip_on_launch = true
|
||||||
|
}
|
||||||
|
resource "aws_network_acl" "foos" {
|
||||||
|
vpc_id = "${aws_vpc.foo.id}"
|
||||||
|
ingress = {
|
||||||
|
protocol = "tcp"
|
||||||
|
rule_no = 1
|
||||||
|
action = "deny"
|
||||||
|
cidr_block = "10.2.2.3/18"
|
||||||
|
from_port = 0
|
||||||
|
to_port = 22
|
||||||
|
}
|
||||||
|
ingress = {
|
||||||
|
protocol = "tcp"
|
||||||
|
rule_no = 2
|
||||||
|
action = "deny"
|
||||||
|
cidr_block = "10.2.2.3/18"
|
||||||
|
from_port = 443
|
||||||
|
to_port = 443
|
||||||
|
}
|
||||||
|
subnet_id = "${aws_subnet.blob.id}"
|
||||||
|
}
|
||||||
|
`
|
||||||
|
const testAccAWSNetworkAclIngressConfigChange = `
|
||||||
|
resource "aws_vpc" "foo" {
|
||||||
|
cidr_block = "10.1.0.0/16"
|
||||||
|
}
|
||||||
|
resource "aws_subnet" "blob" {
|
||||||
|
cidr_block = "10.1.1.0/24"
|
||||||
|
vpc_id = "${aws_vpc.foo.id}"
|
||||||
|
map_public_ip_on_launch = true
|
||||||
|
}
|
||||||
|
resource "aws_network_acl" "foos" {
|
||||||
|
vpc_id = "${aws_vpc.foo.id}"
|
||||||
|
ingress = {
|
||||||
|
protocol = "tcp"
|
||||||
|
rule_no = 1
|
||||||
|
action = "deny"
|
||||||
|
cidr_block = "10.2.2.3/18"
|
||||||
|
from_port = 443
|
||||||
|
to_port = 443
|
||||||
|
}
|
||||||
|
subnet_id = "${aws_subnet.blob.id}"
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
||||||
const testAccAWSNetworkAclEgressConfig = `
|
const testAccAWSNetworkAclEgressConfig = `
|
||||||
resource "aws_vpc" "foo" {
|
resource "aws_vpc" "foo" {
|
||||||
|
|
Loading…
Reference in New Issue