From cd0f9761daabf4b1610c3884806ea37907e13bf3 Mon Sep 17 00:00:00 2001 From: Sneha Somwanshi Date: Mon, 1 Dec 2014 14:19:05 +0530 Subject: [PATCH] rearranged the tests --- builtin/providers/aws/network_acl_entry.go | 45 ++-- .../providers/aws/network_acl_entry_test.go | 97 ++++---- .../providers/aws/resource_aws_network_acl.go | 63 +++-- .../aws/resource_aws_network_acl_test.go | 222 ++++++++++++------ 4 files changed, 246 insertions(+), 181 deletions(-) diff --git a/builtin/providers/aws/network_acl_entry.go b/builtin/providers/aws/network_acl_entry.go index f692c3f6a..bf53e30b2 100644 --- a/builtin/providers/aws/network_acl_entry.go +++ b/builtin/providers/aws/network_acl_entry.go @@ -1,26 +1,24 @@ package aws import ( - "github.com/mitchellh/goamz/ec2" ) -func expandNetworkAclEntries(configured []interface{}) ([]ec2.NetworkAclEntry) { +func expandNetworkAclEntries(configured []interface{}, entryType string) []ec2.NetworkAclEntry { entries := make([]ec2.NetworkAclEntry, 0, len(configured)) - for _, eRaw := range configured { data := eRaw.(map[string]interface{}) p := extractProtocolInteger(data["protocol"].(string)) e := ec2.NetworkAclEntry{ - Protocol: p, + Protocol: p, PortRange: ec2.PortRange{ - From: data["from_port"].(int), - To: data["to_port"].(int), + From: data["from_port"].(int), + To: data["to_port"].(int), }, - Egress: false, + Egress: (entryType == "egress"), RuleAction: data["action"].(string), RuleNumber: data["rule_no"].(int), - CidrBlock: data["cidr_block"].(string), + CidrBlock: data["cidr_block"].(string), } entries = append(entries, e) } @@ -32,16 +30,16 @@ func expandNetworkAclEntries(configured []interface{}) ([]ec2.NetworkAclEntry) { func flattenNetworkAclEntries(list []ec2.NetworkAclEntry) []map[string]interface{} { entries := make([]map[string]interface{}, 0, len(list)) - for _, entry := range list { + for _, entry := range list { entries = append(entries, map[string]interface{}{ - "from_port": entry.PortRange.From, - "to_port": entry.PortRange.To, - "action": entry.RuleAction, - "rule_no": entry.RuleNumber, - "protocol": extractProtocolString(entry.Protocol), - "cidr_block": entry.CidrBlock, - }) - } + "from_port": entry.PortRange.From, + "to_port": entry.PortRange.To, + "action": entry.RuleAction, + "rule_no": entry.RuleNumber, + "protocol": extractProtocolString(entry.Protocol), + "cidr_block": entry.CidrBlock, + }) + } return entries } @@ -52,20 +50,19 @@ func extractProtocolInteger(protocol string) int { func extractProtocolString(protocol int) string { for key, value := range protocolIntegers() { - if value == protocol{ + if value == protocol { return key } } return "" } - -func protocolIntegers() map[string]int{ - var protocolIntegers = make(map[string]int) +func protocolIntegers() map[string]int { + var protocolIntegers = make(map[string]int) protocolIntegers = map[string]int{ - "udp": 17, - "tcp": 6, - "icmp": 1, + "udp": 17, + "tcp": 6, + "icmp": 1, } return protocolIntegers } diff --git a/builtin/providers/aws/network_acl_entry_test.go b/builtin/providers/aws/network_acl_entry_test.go index c3f8405a4..5c58c9c7d 100644 --- a/builtin/providers/aws/network_acl_entry_test.go +++ b/builtin/providers/aws/network_acl_entry_test.go @@ -10,110 +10,109 @@ import ( func Test_expandNetworkAclEntryJoJo(t *testing.T) { input := []interface{}{ map[string]interface{}{ - "protocol": "tcp", - "from_port": 22, - "to_port": 22, + "protocol": "tcp", + "from_port": 22, + "to_port": 22, "cidr_block": "0.0.0.0/0", - "action": "deny", - "rule_no": 1, + "action": "deny", + "rule_no": 1, }, map[string]interface{}{ - "protocol": "tcp", - "from_port": 443, - "to_port": 443, + "protocol": "tcp", + "from_port": 443, + "to_port": 443, "cidr_block": "0.0.0.0/0", - "action": "deny", - "rule_no": 2, + "action": "deny", + "rule_no": 2, }, } - expanded := expandNetworkAclEntries(input) + expanded := expandNetworkAclEntries(input, "egress") expected := []ec2.NetworkAclEntry{ ec2.NetworkAclEntry{ - Protocol: 6, + Protocol: 6, PortRange: ec2.PortRange{ - From: 22, - To: 22, + From: 22, + To: 22, }, RuleAction: "deny", RuleNumber: 1, - CidrBlock: "0.0.0.0/0", - Egress: false, - IcmpCode:ec2.IcmpCode{Code:0, Type:0}, + CidrBlock: "0.0.0.0/0", + Egress: true, + IcmpCode: ec2.IcmpCode{Code: 0, Type: 0}, }, ec2.NetworkAclEntry{ - Protocol: 6, + Protocol: 6, PortRange: ec2.PortRange{ - From: 443, - To: 443, - }, + From: 443, + To: 443, + }, RuleAction: "deny", RuleNumber: 2, - CidrBlock: "0.0.0.0/0", - Egress: false, - IcmpCode: ec2.IcmpCode{Code:0, Type:0}, + CidrBlock: "0.0.0.0/0", + Egress: true, + IcmpCode: ec2.IcmpCode{Code: 0, Type: 0}, }, - } + } if !reflect.DeepEqual(expanded, expected) { t.Fatalf( "Got:\n\n%#v\n\nExpected:\n\n%#v\n", - expanded[0], + expanded, expected) } } func Test_flattenNetworkAclEntryJoJo(t *testing.T) { - + apiInput := []ec2.NetworkAclEntry{ ec2.NetworkAclEntry{ - Protocol: 6, + Protocol: 6, PortRange: ec2.PortRange{ - From: 22, - To: 22, + From: 22, + To: 22, }, RuleAction: "deny", RuleNumber: 1, - CidrBlock: "0.0.0.0/0", + CidrBlock: "0.0.0.0/0", }, ec2.NetworkAclEntry{ - Protocol: 6, + Protocol: 6, PortRange: ec2.PortRange{ - From: 443, - To: 443, - }, + From: 443, + To: 443, + }, RuleAction: "deny", RuleNumber: 2, - CidrBlock: "0.0.0.0/0", + CidrBlock: "0.0.0.0/0", }, } flattened := flattenNetworkAclEntries(apiInput) expected := []map[string]interface{}{ - map[string]interface{}{ - "protocol": "tcp", - "from_port": 22, - "to_port": 22, + map[string]interface{}{ + "protocol": "tcp", + "from_port": 22, + "to_port": 22, "cidr_block": "0.0.0.0/0", - "action": "deny", - "rule_no": 1, + "action": "deny", + "rule_no": 1, }, map[string]interface{}{ - "protocol": "tcp", - "from_port": 443, - "to_port": 443, + "protocol": "tcp", + "from_port": 443, + "to_port": 443, "cidr_block": "0.0.0.0/0", - "action": "deny", - "rule_no": 2, + "action": "deny", + "rule_no": 2, }, } - if !reflect.DeepEqual(flattened, expected) { t.Fatalf( "Got:\n\n%#v\n\nExpected:\n\n%#v\n", - flattened, + flattened[0], expected) } diff --git a/builtin/providers/aws/resource_aws_network_acl.go b/builtin/providers/aws/resource_aws_network_acl.go index c3f38ba25..82396636b 100644 --- a/builtin/providers/aws/resource_aws_network_acl.go +++ b/builtin/providers/aws/resource_aws_network_acl.go @@ -1,22 +1,22 @@ package aws import ( + "bytes" "fmt" "log" - "bytes" - "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/hashcode" + "github.com/hashicorp/terraform/helper/schema" "github.com/mitchellh/goamz/ec2" ) func resourceAwsNetworkAcl() *schema.Resource { return &schema.Resource{ - Create: resourceAwsNetworkAclCreate, - Read: resourceAwsNetworkAclRead, - Delete: resourceAwsNetworkAclDelete, - Update: resourceAwsNetworkAclUpdate, + Create: resourceAwsNetworkAclCreate, + Read: resourceAwsNetworkAclRead, + Delete: resourceAwsNetworkAclDelete, + Update: resourceAwsNetworkAclUpdate, Schema: map[string]*schema.Schema{ "vpc_id": &schema.Schema{ @@ -98,13 +98,13 @@ func resourceAwsNetworkAcl() *schema.Resource { }, }, Set: resourceAwsNetworkAclEntryHash, - }, + }, }, } } func resourceAwsNetworkAclCreate(d *schema.ResourceData, meta interface{}) error { - + ec2conn := meta.(*AWSClient).ec2conn // Create the Network Acl @@ -123,7 +123,7 @@ func resourceAwsNetworkAclCreate(d *schema.ResourceData, meta interface{}) error log.Printf("[INFO] Network Acl ID: %s", networkAcl.NetworkAclId) // Update our attributes and return - // return nil + // return nil return resourceAwsNetworkAclUpdate(d, meta) } @@ -146,14 +146,13 @@ func resourceAwsNetworkAclRead(d *schema.ResourceData, meta interface{}) error { d.Set("vpc_id", networkAcl.VpcId) for _, e := range networkAcl.EntrySet { - if(e.Egress == true){ + if e.Egress == true { egressEntries = append(egressEntries, e) - } else{ + } else { ingressEntries = append(ingressEntries, e) } } fmt.Printf("appending ingress entries %s", ingressEntries) - fmt.Printf("appending egress entries %s", egressEntries) d.Set("ingress", ingressEntries) @@ -162,33 +161,30 @@ func resourceAwsNetworkAclRead(d *schema.ResourceData, meta interface{}) error { return nil } - func resourceAwsNetworkAclUpdate(d *schema.ResourceData, meta interface{}) error { ec2conn := meta.(*AWSClient).ec2conn - d.Partial(true) - if(d.HasChange("ingress")) { + if d.HasChange("ingress") { err := updateNetworkAclEntries(d, "ingress", ec2conn) - if(err != nil) { + if err != nil { return err } } - if(d.HasChange("egress")) { + if d.HasChange("egress") { err := updateNetworkAclEntries(d, "egress", ec2conn) - if(err != nil){ + if err != nil { return err } } d.Partial(false) - return resourceAwsNetworkAclRead(d, meta) } -func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *ec2.EC2) error{ +func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn *ec2.EC2) error { o, n := d.GetChange(entryType) fmt.Printf("Old : %s", o) @@ -204,25 +200,25 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn * os := o.(*schema.Set) ns := n.(*schema.Set) - toBeDeleted := expandNetworkAclEntries(os.Difference(ns).List()) - toBeCreated := expandNetworkAclEntries(ns.Difference(os).List()) + toBeDeleted := expandNetworkAclEntries(os.Difference(ns).List(), entryType) + toBeCreated := expandNetworkAclEntries(ns.Difference(os).List(), entryType) fmt.Printf("to be created %s", toBeCreated) for _, remove := range toBeDeleted { - // Revoke the old entry - _, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress) - if err != nil { - return fmt.Errorf("Error deleting %s entry: %s", entryType, err) - } + // Revoke the old entry + _, err := ec2conn.DeleteNetworkAclEntry(d.Id(), remove.RuleNumber, remove.Egress) + if err != nil { + return fmt.Errorf("Error deleting %s entry: %s", entryType, err) + } } fmt.Printf("to be deleted %s", toBeDeleted) for _, add := range toBeCreated { - // Authorize the new entry - _, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add) - fmt.Printf("$$$$#### %s", err) - if err != nil { - return fmt.Errorf("Error creating %s entry: %s", entryType, err) - } + // Authorize the new entry + _, err := ec2conn.CreateNetworkAclEntry(d.Id(), &add) + fmt.Printf("$$$$#### %s", err) + if err != nil { + return fmt.Errorf("Error creating %s entry: %s", entryType, err) + } } return nil } @@ -230,7 +226,6 @@ func updateNetworkAclEntries(d *schema.ResourceData, entryType string, ec2conn * func resourceAwsNetworkAclDelete(d *schema.ResourceData, meta interface{}) error { ec2conn := meta.(*AWSClient).ec2conn - log.Printf("[INFO] Deleting Network Acl: %s", d.Id()) if _, err := ec2conn.DeleteNetworkAcl(d.Id()); err != nil { ec2err, ok := err.(*ec2.Error) diff --git a/builtin/providers/aws/resource_aws_network_acl_test.go b/builtin/providers/aws/resource_aws_network_acl_test.go index 26555aff1..b838f1781 100644 --- a/builtin/providers/aws/resource_aws_network_acl_test.go +++ b/builtin/providers/aws/resource_aws_network_acl_test.go @@ -11,79 +11,49 @@ import ( // "github.com/hashicorp/terraform/helper/schema" ) -const testAccAWSNetworkAclIngressConfig = ` -resource "aws_vpc" "foo" { - cidr_block = "10.1.0.0/16" -} -resource "aws_subnet" "blob" { - cidr_block = "10.1.1.0/24" - vpc_id = "${aws_vpc.foo.id}" - map_public_ip_on_launch = true -} -resource "aws_network_acl" "bar" { - vpc_id = "${aws_vpc.foo.id}" - ingress = { - protocol = "tcp" - rule_no = 2 - action = "deny" - cidr_block = "10.2.2.3/18" - from_port = 0 - to_port = 22 - } +func TestAccAWSNetworkAclsWithEgressAndIngressRulesSneha(t *testing.T) { + var networkAcl ec2.NetworkAcl - ingress = { - protocol = "tcp" - rule_no = 1 - action = "deny" - cidr_block = "10.2.10.3/18" - from_port = 443 - to_port = 443 - } + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSNetworkAclDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSNetworkAclEgressNIngressConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSNetworkAclExists("aws_network_acl.bar", &networkAcl), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "ingress.0.protocol", "tcp"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "ingress.0.rule_no", "1"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "ingress.0.from_port", "80"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "ingress.0.to_port", "80"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "ingress.0.action", "allow"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "ingress.0.cidr_block", "10.3.10.3/18"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "egress.0.protocol", "tcp"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "egress.0.rule_no", "2"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "egress.0.from_port", "443"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "egress.0.to_port", "443"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "egress.0.cidr_block", "10.3.2.3/18"), + resource.TestCheckResourceAttr( + "aws_network_acl.bar", "egress.0.action", "allow"), + ), + }, + }, + }) } -` - -const testAccAWSNetworkAclEgressConfig = ` -resource "aws_vpc" "foo" { - cidr_block = "10.2.0.0/16" -} -resource "aws_subnet" "blob" { - cidr_block = "10.2.0.0/24" - vpc_id = "${aws_vpc.foo.id}" - map_public_ip_on_launch = true -} -resource "aws_network_acl" "bar" { - vpc_id = "${aws_vpc.foo.id}" - egress = { - protocol = "tcp" - rule_no = 2 - action = "allow" - cidr_block = "10.2.2.3/18" - from_port = 443 - to_port = 443 - } - - egress = { - protocol = "tcp" - rule_no = 1 - action = "allow" - cidr_block = "10.2.10.3/18" - from_port = 80 - to_port = 80 - } - - egress = { - protocol = "tcp" - rule_no = 3 - action = "allow" - cidr_block = "10.2.10.3/18" - from_port = 22 - to_port = 22 - } -} -` - -func TestAccAWSNetworkAclsIngressSneha(t *testing.T) { +func TestAccAWSNetworkAclsOnlyIngressRulesSneha(t *testing.T) { var networkAcl ec2.NetworkAcl resource.Test(t, resource.TestCase{ @@ -94,15 +64,26 @@ func TestAccAWSNetworkAclsIngressSneha(t *testing.T) { resource.TestStep{ Config: testAccAWSNetworkAclIngressConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSNetworkAclExists("aws_network_acl.bar", &networkAcl), + testAccCheckAWSNetworkAclExists("aws_network_acl.foos", &networkAcl), + resource.TestCheckResourceAttr( + "aws_network_acl.foos", "ingress.0.protocol", "tcp"), + resource.TestCheckResourceAttr( + "aws_network_acl.foos", "ingress.0.rule_no", "2"), + resource.TestCheckResourceAttr( + "aws_network_acl.foos", "ingress.0.from_port", "0"), + resource.TestCheckResourceAttr( + "aws_network_acl.foos", "ingress.0.to_port", "22"), + resource.TestCheckResourceAttr( + "aws_network_acl.foos", "ingress.0.action", "deny"), + resource.TestCheckResourceAttr( + "aws_network_acl.foos", "ingress.0.cidr_block", "10.2.2.3/18"), ), }, }, }) } - -func TestAccAWSNetworkAclsEgressSneha(t *testing.T) { +func TestAccAWSNetworkAclsOnlyEgressRulesSneha(t *testing.T) { var networkAcl ec2.NetworkAcl resource.Test(t, resource.TestCase{ @@ -113,7 +94,7 @@ func TestAccAWSNetworkAclsEgressSneha(t *testing.T) { resource.TestStep{ Config: testAccAWSNetworkAclEgressConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSNetworkAclExists("aws_network_acl.bar", &networkAcl), + testAccCheckAWSNetworkAclExists("aws_network_acl.bond", &networkAcl), ), }, }, @@ -176,3 +157,96 @@ func testAccCheckAWSNetworkAclExists(n string, networkAcl *ec2.NetworkAcl) resou return fmt.Errorf("Network Acls not found") } } + +const testAccAWSNetworkAclIngressConfig = ` +resource "aws_vpc" "foo" { + cidr_block = "10.1.0.0/16" +} +resource "aws_subnet" "blob" { + cidr_block = "10.1.1.0/24" + vpc_id = "${aws_vpc.foo.id}" + map_public_ip_on_launch = true +} +resource "aws_network_acl" "foos" { + vpc_id = "${aws_vpc.foo.id}" + ingress = { + protocol = "tcp" + rule_no = 2 + action = "deny" + cidr_block = "10.2.2.3/18" + from_port = 0 + to_port = 22 + } +} +` + +const testAccAWSNetworkAclEgressConfig = ` +resource "aws_vpc" "foo" { + cidr_block = "10.2.0.0/16" +} +resource "aws_subnet" "blob" { + cidr_block = "10.2.0.0/24" + vpc_id = "${aws_vpc.foo.id}" + map_public_ip_on_launch = true +} +resource "aws_network_acl" "bond" { + vpc_id = "${aws_vpc.foo.id}" + egress = { + protocol = "tcp" + rule_no = 2 + action = "allow" + cidr_block = "10.2.2.3/18" + from_port = 443 + to_port = 443 + } + + egress = { + protocol = "tcp" + rule_no = 1 + action = "allow" + cidr_block = "10.2.10.3/18" + from_port = 80 + to_port = 80 + } + + egress = { + protocol = "tcp" + rule_no = 3 + action = "allow" + cidr_block = "10.2.10.3/18" + from_port = 22 + to_port = 22 + } +} +` + +const testAccAWSNetworkAclEgressNIngressConfig = ` +resource "aws_vpc" "foo" { + cidr_block = "10.3.0.0/16" +} +resource "aws_subnet" "blob" { + cidr_block = "10.3.0.0/24" + vpc_id = "${aws_vpc.foo.id}" + map_public_ip_on_launch = true +} +resource "aws_network_acl" "bar" { + vpc_id = "${aws_vpc.foo.id}" + egress = { + protocol = "tcp" + rule_no = 2 + action = "allow" + cidr_block = "10.3.2.3/18" + from_port = 443 + to_port = 443 + } + + ingress = { + protocol = "tcp" + rule_no = 1 + action = "allow" + cidr_block = "10.3.10.3/18" + from_port = 80 + to_port = 80 + } +} +`