Merge pull request #660 from svanharmelen/f-fix-aws-network-acl

Fixing up the tests so they actually pass
This commit is contained in:
Sander van Harmelen 2014-12-12 13:32:30 +01:00
commit afe2cf8580
1 changed files with 70 additions and 70 deletions

View File

@ -71,9 +71,9 @@ func TestAccAWSNetworkAclsOnlyIngressRules(t *testing.T) {
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.rule_no", "2"), "aws_network_acl.foos", "ingress.0.rule_no", "2"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.from_port", "0"), "aws_network_acl.foos", "ingress.0.from_port", "443"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.to_port", "22"), "aws_network_acl.foos", "ingress.0.to_port", "443"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.action", "deny"), "aws_network_acl.foos", "ingress.0.action", "deny"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
@ -84,59 +84,6 @@ func TestAccAWSNetworkAclsOnlyIngressRules(t *testing.T) {
}) })
} }
const testAccAWSNetworkAclIngressConfig = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
}
resource "aws_subnet" "blob" {
cidr_block = "10.1.1.0/24"
vpc_id = "${aws_vpc.foo.id}"
map_public_ip_on_launch = true
}
resource "aws_network_acl" "foos" {
vpc_id = "${aws_vpc.foo.id}"
ingress = {
protocol = "tcp"
rule_no = 1
action = "deny"
cidr_block = "10.2.2.3/18"
from_port = 0
to_port = 22
}
ingress = {
protocol = "tcp"
rule_no = 2
action = "deny"
cidr_block = "10.2.2.3/18"
from_port = 443
to_port = 443
}
subnet_id = "${aws_subnet.blob.id}"
}
`
const testAccAWSNetworkAclIngressConfigChange = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
}
resource "aws_subnet" "blob" {
cidr_block = "10.1.1.0/24"
vpc_id = "${aws_vpc.foo.id}"
map_public_ip_on_launch = true
}
resource "aws_network_acl" "foos" {
vpc_id = "${aws_vpc.foo.id}"
ingress = {
protocol = "tcp"
rule_no = 1
action = "deny"
cidr_block = "10.2.2.3/18"
from_port = 0
to_port = 22
}
subnet_id = "${aws_subnet.blob.id}"
}
`
func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) { func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
var networkAcl ec2.NetworkAcl var networkAcl ec2.NetworkAcl
@ -153,19 +100,21 @@ func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.protocol", "tcp"), "aws_network_acl.foos", "ingress.0.protocol", "tcp"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.rule_no", "1"), "aws_network_acl.foos", "ingress.0.rule_no", "2"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.from_port", "0"), "aws_network_acl.foos", "ingress.0.from_port", "443"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.to_port", "22"), "aws_network_acl.foos", "ingress.0.to_port", "443"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.action", "deny"), "aws_network_acl.foos", "ingress.0.action", "deny"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.cidr_block", "10.2.2.3/18"), "aws_network_acl.foos", "ingress.0.cidr_block", "10.2.2.3/18"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.1.from_port", "443"), "aws_network_acl.foos", "ingress.1.rule_no", "1"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.1.rule_no", "2"), "aws_network_acl.foos", "ingress.1.from_port", "0"),
resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.1.to_port", "22"),
), ),
}, },
resource.TestStep{ resource.TestStep{
@ -176,11 +125,11 @@ func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.protocol", "tcp"), "aws_network_acl.foos", "ingress.0.protocol", "tcp"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.rule_no", "2"), "aws_network_acl.foos", "ingress.0.rule_no", "1"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.from_port", "0"), "aws_network_acl.foos", "ingress.0.from_port", "443"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.to_port", "22"), "aws_network_acl.foos", "ingress.0.to_port", "443"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_network_acl.foos", "ingress.0.action", "deny"), "aws_network_acl.foos", "ingress.0.action", "deny"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
@ -210,8 +159,6 @@ func TestAccAWSNetworkAclsOnlyEgressRules(t *testing.T) {
}) })
} }
func TestAccNetworkAcl_SubnetChange(t *testing.T) { func TestAccNetworkAcl_SubnetChange(t *testing.T) {
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
@ -302,8 +249,10 @@ func testIngressRuleLength(networkAcl *ec2.NetworkAcl, length int) resource.Test
ingressEntries = append(ingressEntries, e) ingressEntries = append(ingressEntries, e)
} }
} }
if len(ingressEntries) != length { // There is always a default rule (ALL Traffic ... DENY)
return fmt.Errorf("Invalid number of ingress entries found; count = %s", len(ingressEntries)) // so we have to increase the lenght by 1
if len(ingressEntries) != length+1 {
return fmt.Errorf("Invalid number of ingress entries found; count = %d", len(ingressEntries))
} }
return nil return nil
} }
@ -354,7 +303,58 @@ func testAccCheckSubnetIsNotAssociatedWithAcl(acl string, subnet string) resourc
} }
} }
const testAccAWSNetworkAclIngressConfig = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
}
resource "aws_subnet" "blob" {
cidr_block = "10.1.1.0/24"
vpc_id = "${aws_vpc.foo.id}"
map_public_ip_on_launch = true
}
resource "aws_network_acl" "foos" {
vpc_id = "${aws_vpc.foo.id}"
ingress = {
protocol = "tcp"
rule_no = 1
action = "deny"
cidr_block = "10.2.2.3/18"
from_port = 0
to_port = 22
}
ingress = {
protocol = "tcp"
rule_no = 2
action = "deny"
cidr_block = "10.2.2.3/18"
from_port = 443
to_port = 443
}
subnet_id = "${aws_subnet.blob.id}"
}
`
const testAccAWSNetworkAclIngressConfigChange = `
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
}
resource "aws_subnet" "blob" {
cidr_block = "10.1.1.0/24"
vpc_id = "${aws_vpc.foo.id}"
map_public_ip_on_launch = true
}
resource "aws_network_acl" "foos" {
vpc_id = "${aws_vpc.foo.id}"
ingress = {
protocol = "tcp"
rule_no = 1
action = "deny"
cidr_block = "10.2.2.3/18"
from_port = 443
to_port = 443
}
subnet_id = "${aws_subnet.blob.id}"
}
`
const testAccAWSNetworkAclEgressConfig = ` const testAccAWSNetworkAclEgressConfig = `
resource "aws_vpc" "foo" { resource "aws_vpc" "foo" {