Tests and docs for AWS CloudTrail "enable_logging"
Add acceptance tests for creation, enable, and disable logging. Add option to docs and example.
This commit is contained in:
parent
52db098292
commit
f98dbbb580
|
@ -39,6 +39,39 @@ func TestAccAWSCloudTrail_basic(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestAccAWSCloudTrail_enable_logging(t *testing.T) {
|
||||
var trail cloudtrail.Trail
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckAWSCloudTrailDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudTrailConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
|
||||
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudTrailConfigModified,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
|
||||
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudTrailConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
|
||||
testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[n]
|
||||
|
@ -63,6 +96,30 @@ func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.Te
|
|||
}
|
||||
}
|
||||
|
||||
func testAccCheckCloudTrailLoggingEnabled(n string, desired bool, trail *cloudtrail.Trail) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[n]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", n)
|
||||
}
|
||||
|
||||
conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
|
||||
params := cloudtrail.GetTrailStatusInput{
|
||||
Name: aws.String(rs.Primary.ID),
|
||||
}
|
||||
resp, err := conn.GetTrailStatus(¶ms)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if *resp.IsLogging != desired {
|
||||
return fmt.Errorf("Logging status is incorrect")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckAWSCloudTrailDestroy(s *terraform.State) error {
|
||||
conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
|
||||
|
||||
|
@ -134,6 +191,7 @@ resource "aws_cloudtrail" "foobar" {
|
|||
s3_bucket_name = "${aws_s3_bucket.foo.id}"
|
||||
s3_key_prefix = "/prefix"
|
||||
include_global_service_events = false
|
||||
enable_logging = true
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "foo" {
|
||||
|
|
|
@ -16,6 +16,7 @@ resource "aws_cloudtrail" "foobar" {
|
|||
name = "tf-trail-foobar"
|
||||
s3_bucket_name = "${aws_s3_bucket.foo.id}"
|
||||
s3_key_prefix = "/prefix"
|
||||
enable_logging = true
|
||||
include_global_service_events = false
|
||||
}
|
||||
|
||||
|
@ -63,6 +64,7 @@ The following arguments are supported:
|
|||
endpoint to assume to write to a user’s log group.
|
||||
* `cloud_watch_logs_group_arn` - (Optional) Specifies a log group name using an Amazon Resource Name (ARN),
|
||||
that represents the log group to which CloudTrail logs will be delivered.
|
||||
* `enable_logging` - (Optional) Enables logging for the trail. Defaults to `false`.
|
||||
* `include_global_service_events` - (Optional) Specifies whether the trail is publishing events
|
||||
from global services such as IAM to the log files. Defaults to `true`.
|
||||
* `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic
|
||||
|
|
Loading…
Reference in New Issue