package aws import ( "fmt" "testing" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) func TestAccAWSIAMRolePolicy_basic(t *testing.T) { role := acctest.RandString(10) policy1 := acctest.RandString(10) policy2 := acctest.RandString(10) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ resource.TestStep{ Config: testAccIAMRolePolicyConfig(role, policy1), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicy( "aws_iam_role.role", "aws_iam_role_policy.foo", ), ), }, resource.TestStep{ Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicy( "aws_iam_role.role", "aws_iam_role_policy.bar", ), ), }, }, }) } func testAccCheckIAMRolePolicyDestroy(s *terraform.State) error { iamconn := testAccProvider.Meta().(*AWSClient).iamconn for _, rs := range s.RootModule().Resources { if rs.Type != "aws_iam_role_policy" { continue } role, name, err := resourceAwsIamRolePolicyParseId(rs.Primary.ID) if err != nil { return err } request := &iam.GetRolePolicyInput{ PolicyName: aws.String(name), RoleName: aws.String(role), } getResp, err := iamconn.GetRolePolicy(request) if err != nil { if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // none found, that's good return nil } return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) } if getResp != nil { return fmt.Errorf("Found IAM Role, expected none: %s", getResp) } } return nil } func testAccCheckIAMRolePolicy( iamRoleResource string, iamRolePolicyResource string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[iamRoleResource] if !ok { return fmt.Errorf("Not Found: %s", iamRoleResource) } if rs.Primary.ID == "" { return fmt.Errorf("No ID is set") } policy, ok := s.RootModule().Resources[iamRolePolicyResource] if !ok { return fmt.Errorf("Not Found: %s", iamRolePolicyResource) } iamconn := testAccProvider.Meta().(*AWSClient).iamconn role, name, err := resourceAwsIamRolePolicyParseId(policy.Primary.ID) if err != nil { return err } _, err = iamconn.GetRolePolicy(&iam.GetRolePolicyInput{ RoleName: aws.String(role), PolicyName: aws.String(name), }) if err != nil { return err } return nil } } func testAccIAMRolePolicyConfig(role, policy1 string) string { return fmt.Sprintf(` resource "aws_iam_role" "role" { name = "tf_test_role_%s" path = "/" assume_role_policy = <