From e5bda11a2db839b0fef3af5e90711266e7cf48f1 Mon Sep 17 00:00:00 2001 From: James Nugent Date: Tue, 25 Oct 2016 16:23:47 -0500 Subject: [PATCH] provider/aws: Add tests with bad keys Add a test with a bad explicitly specified GPG key and a keybase user (that we own) with no public keys. --- ...esource_aws_iam_user_login_profile_test.go | 61 ++++++++++++++++--- 1 file changed, 53 insertions(+), 8 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_user_login_profile_test.go b/builtin/providers/aws/resource_aws_iam_user_login_profile_test.go index d9fd9f33b..fe4b6f3d4 100644 --- a/builtin/providers/aws/resource_aws_iam_user_login_profile_test.go +++ b/builtin/providers/aws/resource_aws_iam_user_login_profile_test.go @@ -4,19 +4,18 @@ import ( "errors" "fmt" "testing" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" - "github.com/davecgh/go-spew/spew" "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" "github.com/hashicorp/vault/helper/pgpkeys" - "log" - "time" + "regexp" ) func TestAccAWSUserLoginProfile_basic(t *testing.T) { @@ -27,7 +26,7 @@ func TestAccAWSUserLoginProfile_basic(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSUserDestroy, + CheckDestroy: testAccCheckAWSUserLoginProfileDestroy, Steps: []resource.TestStep{ { Config: testAccAWSUserLoginProfileConfig(username, "/", testPubKey1), @@ -48,7 +47,7 @@ func TestAccAWSUserLoginProfile_keybase(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSUserDestroy, + CheckDestroy: testAccCheckAWSUserLoginProfileDestroy, Steps: []resource.TestStep{ { Config: testAccAWSUserLoginProfileConfig(username, "/", "keybase:terraformacctest"), @@ -68,17 +67,63 @@ func TestAccAWSUserLoginProfile_keybaseDoesntExist(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testAccCheckAWSUserDestroy, + CheckDestroy: testAccCheckAWSUserLoginProfileDestroy, Steps: []resource.TestStep{ { - // Hope no-one creates this keybase user... + // We own this account but it doesn't have any key associated with it Config: testAccAWSUserLoginProfileConfig(username, "/", "keybase:terraform_nope"), - ExpectError: true, + ExpectError: regexp.MustCompile(`Error retrieving Public Key`), }, }, }) } +func TestAccAWSUserLoginProfile_notAKey(t *testing.T) { + username := fmt.Sprintf("test-user-%d", acctest.RandInt()) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSUserLoginProfileDestroy, + Steps: []resource.TestStep{ + { + // We own this account but it doesn't have any key associated with it + Config: testAccAWSUserLoginProfileConfig(username, "/", "lolimnotakey"), + ExpectError: regexp.MustCompile(`Error encrypting password`), + }, + }, + }) +} + +func testAccCheckAWSUserLoginProfileDestroy(s *terraform.State) error { + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_iam_user_login_profile" { + continue + } + + // Try to get user + _, err := iamconn.GetLoginProfile(&iam.GetLoginProfileInput{ + UserName: aws.String(rs.Primary.ID), + }) + if err == nil { + return fmt.Errorf("still exists.") + } + + // Verify the error is what we want + ec2err, ok := err.(awserr.Error) + if !ok { + return err + } + if ec2err.Code() != "NoSuchEntity" { + return err + } + } + + return nil +} + func testDecryptPasswordAndTest(nProfile, nAccessKey, key string) resource.TestCheckFunc { return func(s *terraform.State) error { profileResource, ok := s.RootModule().Resources[nProfile]