199 lines
5.2 KiB
Go
199 lines
5.2 KiB
Go
package azurerm
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
func TestAccAzureRMKeyVault_basic(t *testing.T) {
|
|
ri := acctest.RandInt()
|
|
config := fmt.Sprintf(testAccAzureRMKeyVault_basic, ri, ri)
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testCheckAzureRMKeyVaultDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: config,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMKeyVaultExists("azurerm_key_vault.test"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAzureRMKeyVault_update(t *testing.T) {
|
|
ri := acctest.RandInt()
|
|
preConfig := fmt.Sprintf(testAccAzureRMKeyVault_basic, ri, ri)
|
|
postConfig := fmt.Sprintf(testAccAzureRMKeyVault_update, ri, ri)
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testCheckAzureRMKeyVaultDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: preConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMKeyVaultExists("azurerm_key_vault.test"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "access_policy.0.key_permissions.0", "all"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "access_policy.0.secret_permissions.0", "all"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "tags.environment", "Production"),
|
|
),
|
|
},
|
|
{
|
|
Config: postConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "access_policy.0.key_permissions.0", "get"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "access_policy.0.secret_permissions.0", "get"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "enabled_for_deployment", "true"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "enabled_for_disk_encryption", "true"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "enabled_for_template_deployment", "true"),
|
|
resource.TestCheckResourceAttr("azurerm_key_vault.test", "tags.environment", "Staging"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testCheckAzureRMKeyVaultDestroy(s *terraform.State) error {
|
|
client := testAccProvider.Meta().(*ArmClient).keyVaultClient
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
if rs.Type != "azurerm_key_vault" {
|
|
continue
|
|
}
|
|
|
|
name := rs.Primary.Attributes["name"]
|
|
resourceGroup := rs.Primary.Attributes["resource_group_name"]
|
|
|
|
resp, err := client.Get(resourceGroup, name)
|
|
if err != nil {
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
|
|
if resp.StatusCode != http.StatusNotFound {
|
|
return fmt.Errorf("Key Vault still exists:\n%#v", resp.Properties)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func testCheckAzureRMKeyVaultExists(name string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
// Ensure we have enough information in state to look up in API
|
|
rs, ok := s.RootModule().Resources[name]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", name)
|
|
}
|
|
|
|
vaultName := rs.Primary.Attributes["name"]
|
|
resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"]
|
|
if !hasResourceGroup {
|
|
return fmt.Errorf("Bad: no resource group found in state for vault: %s", vaultName)
|
|
}
|
|
|
|
client := testAccProvider.Meta().(*ArmClient).keyVaultClient
|
|
|
|
resp, err := client.Get(resourceGroup, vaultName)
|
|
if err != nil {
|
|
return fmt.Errorf("Bad: Get on keyVaultClient: %s", err)
|
|
}
|
|
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
return fmt.Errorf("Bad: Vault %q (resource group: %q) does not exist", vaultName, resourceGroup)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
var testAccAzureRMKeyVault_basic = `
|
|
data "azurerm_client_config" "current" {}
|
|
|
|
resource "azurerm_resource_group" "test" {
|
|
name = "acctestRG-%d"
|
|
location = "West US"
|
|
}
|
|
|
|
resource "azurerm_key_vault" "test" {
|
|
name = "vault%d"
|
|
location = "West US"
|
|
resource_group_name = "${azurerm_resource_group.test.name}"
|
|
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
|
|
|
|
sku {
|
|
name = "premium"
|
|
}
|
|
|
|
access_policy {
|
|
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
|
|
object_id = "${data.azurerm_client_config.current.client_id}"
|
|
|
|
key_permissions = [
|
|
"all"
|
|
]
|
|
|
|
secret_permissions = [
|
|
"all"
|
|
]
|
|
}
|
|
|
|
tags {
|
|
environment = "Production"
|
|
}
|
|
}
|
|
`
|
|
|
|
var testAccAzureRMKeyVault_update = `
|
|
data "azurerm_client_config" "current" {}
|
|
|
|
resource "azurerm_resource_group" "test" {
|
|
name = "acctestRG-%d"
|
|
location = "West US"
|
|
}
|
|
|
|
resource "azurerm_key_vault" "test" {
|
|
name = "vault%d"
|
|
location = "West US"
|
|
resource_group_name = "${azurerm_resource_group.test.name}"
|
|
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
|
|
|
|
sku {
|
|
name = "premium"
|
|
}
|
|
|
|
access_policy {
|
|
tenant_id = "${data.azurerm_client_config.current.tenant_id}"
|
|
object_id = "${data.azurerm_client_config.current.client_id}"
|
|
|
|
key_permissions = [
|
|
"get"
|
|
]
|
|
|
|
secret_permissions = [
|
|
"get"
|
|
]
|
|
}
|
|
|
|
enabled_for_deployment = true
|
|
enabled_for_disk_encryption = true
|
|
enabled_for_template_deployment = true
|
|
|
|
tags {
|
|
environment = "Staging"
|
|
}
|
|
}
|
|
`
|