Fixing up the tests so they actually pass
Running the tests without these changes results in this error first: ``` --- FAIL: TestAccAWSNetworkAclsOnlyIngressRulesChange (24.92 seconds) testing.go:121: Step 0 error: Check failed: Invalid number of ingress entries found; count = %!s(int=3) FAIL exit status 1 FAIL github.com/hashicorp/terraform/builtin/providers/aws 24.974s ``` And after fixing that one you also get a few unexpected values due to an expected order mismatch between the items in the set versus the items in the config. Those are also fixed, so the test is passing now.
This commit is contained in:
parent
7a3b4fa7ce
commit
cc4710c952
|
@ -71,9 +71,9 @@ func TestAccAWSNetworkAclsOnlyIngressRules(t *testing.T) {
|
|||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.from_port", "0"),
|
||||
"aws_network_acl.foos", "ingress.0.from_port", "443"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.to_port", "22"),
|
||||
"aws_network_acl.foos", "ingress.0.to_port", "443"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
||||
resource.TestCheckResourceAttr(
|
||||
|
@ -84,59 +84,6 @@ func TestAccAWSNetworkAclsOnlyIngressRules(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
const testAccAWSNetworkAclIngressConfig = `
|
||||
resource "aws_vpc" "foo" {
|
||||
cidr_block = "10.1.0.0/16"
|
||||
}
|
||||
resource "aws_subnet" "blob" {
|
||||
cidr_block = "10.1.1.0/24"
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
map_public_ip_on_launch = true
|
||||
}
|
||||
resource "aws_network_acl" "foos" {
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
ingress = {
|
||||
protocol = "tcp"
|
||||
rule_no = 1
|
||||
action = "deny"
|
||||
cidr_block = "10.2.2.3/18"
|
||||
from_port = 0
|
||||
to_port = 22
|
||||
}
|
||||
ingress = {
|
||||
protocol = "tcp"
|
||||
rule_no = 2
|
||||
action = "deny"
|
||||
cidr_block = "10.2.2.3/18"
|
||||
from_port = 443
|
||||
to_port = 443
|
||||
}
|
||||
subnet_id = "${aws_subnet.blob.id}"
|
||||
}
|
||||
`
|
||||
const testAccAWSNetworkAclIngressConfigChange = `
|
||||
resource "aws_vpc" "foo" {
|
||||
cidr_block = "10.1.0.0/16"
|
||||
}
|
||||
resource "aws_subnet" "blob" {
|
||||
cidr_block = "10.1.1.0/24"
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
map_public_ip_on_launch = true
|
||||
}
|
||||
resource "aws_network_acl" "foos" {
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
ingress = {
|
||||
protocol = "tcp"
|
||||
rule_no = 1
|
||||
action = "deny"
|
||||
cidr_block = "10.2.2.3/18"
|
||||
from_port = 0
|
||||
to_port = 22
|
||||
}
|
||||
subnet_id = "${aws_subnet.blob.id}"
|
||||
}
|
||||
`
|
||||
|
||||
func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
||||
var networkAcl ec2.NetworkAcl
|
||||
|
||||
|
@ -153,19 +100,21 @@ func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
|||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.protocol", "tcp"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.rule_no", "1"),
|
||||
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.from_port", "0"),
|
||||
"aws_network_acl.foos", "ingress.0.from_port", "443"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.to_port", "22"),
|
||||
"aws_network_acl.foos", "ingress.0.to_port", "443"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.cidr_block", "10.2.2.3/18"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.1.from_port", "443"),
|
||||
"aws_network_acl.foos", "ingress.1.rule_no", "1"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.1.rule_no", "2"),
|
||||
"aws_network_acl.foos", "ingress.1.from_port", "0"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.1.to_port", "22"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
|
@ -176,11 +125,11 @@ func TestAccAWSNetworkAclsOnlyIngressRulesChange(t *testing.T) {
|
|||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.protocol", "tcp"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.rule_no", "2"),
|
||||
"aws_network_acl.foos", "ingress.0.rule_no", "1"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.from_port", "0"),
|
||||
"aws_network_acl.foos", "ingress.0.from_port", "443"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.to_port", "22"),
|
||||
"aws_network_acl.foos", "ingress.0.to_port", "443"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_network_acl.foos", "ingress.0.action", "deny"),
|
||||
resource.TestCheckResourceAttr(
|
||||
|
@ -210,8 +159,6 @@ func TestAccAWSNetworkAclsOnlyEgressRules(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
|
||||
|
||||
func TestAccNetworkAcl_SubnetChange(t *testing.T) {
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
|
@ -295,15 +242,17 @@ func testAccCheckAWSNetworkAclExists(n string, networkAcl *ec2.NetworkAcl) resou
|
|||
}
|
||||
|
||||
func testIngressRuleLength(networkAcl *ec2.NetworkAcl, length int) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error{
|
||||
return func(s *terraform.State) error {
|
||||
var ingressEntries []ec2.NetworkAclEntry
|
||||
for _, e := range networkAcl.EntrySet {
|
||||
if e.Egress == false {
|
||||
ingressEntries = append(ingressEntries, e)
|
||||
}
|
||||
}
|
||||
if len(ingressEntries) != length {
|
||||
return fmt.Errorf("Invalid number of ingress entries found; count = %s", len(ingressEntries))
|
||||
// There is always a default rule (ALL Traffic ... DENY)
|
||||
// so we have to increase the lenght by 1
|
||||
if len(ingressEntries) != length+1 {
|
||||
return fmt.Errorf("Invalid number of ingress entries found; count = %d", len(ingressEntries))
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -354,7 +303,58 @@ func testAccCheckSubnetIsNotAssociatedWithAcl(acl string, subnet string) resourc
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
const testAccAWSNetworkAclIngressConfig = `
|
||||
resource "aws_vpc" "foo" {
|
||||
cidr_block = "10.1.0.0/16"
|
||||
}
|
||||
resource "aws_subnet" "blob" {
|
||||
cidr_block = "10.1.1.0/24"
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
map_public_ip_on_launch = true
|
||||
}
|
||||
resource "aws_network_acl" "foos" {
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
ingress = {
|
||||
protocol = "tcp"
|
||||
rule_no = 1
|
||||
action = "deny"
|
||||
cidr_block = "10.2.2.3/18"
|
||||
from_port = 0
|
||||
to_port = 22
|
||||
}
|
||||
ingress = {
|
||||
protocol = "tcp"
|
||||
rule_no = 2
|
||||
action = "deny"
|
||||
cidr_block = "10.2.2.3/18"
|
||||
from_port = 443
|
||||
to_port = 443
|
||||
}
|
||||
subnet_id = "${aws_subnet.blob.id}"
|
||||
}
|
||||
`
|
||||
const testAccAWSNetworkAclIngressConfigChange = `
|
||||
resource "aws_vpc" "foo" {
|
||||
cidr_block = "10.1.0.0/16"
|
||||
}
|
||||
resource "aws_subnet" "blob" {
|
||||
cidr_block = "10.1.1.0/24"
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
map_public_ip_on_launch = true
|
||||
}
|
||||
resource "aws_network_acl" "foos" {
|
||||
vpc_id = "${aws_vpc.foo.id}"
|
||||
ingress = {
|
||||
protocol = "tcp"
|
||||
rule_no = 1
|
||||
action = "deny"
|
||||
cidr_block = "10.2.2.3/18"
|
||||
from_port = 443
|
||||
to_port = 443
|
||||
}
|
||||
subnet_id = "${aws_subnet.blob.id}"
|
||||
}
|
||||
`
|
||||
|
||||
const testAccAWSNetworkAclEgressConfig = `
|
||||
resource "aws_vpc" "foo" {
|
||||
|
|
Loading…
Reference in New Issue