resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
terraform/builtin/providers/aws/resource_aws_opsworks_permi...

200 lines
5.8 KiB
Go
Raw Blame History

package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/opsworks"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSOpsworksPermission(t *testing.T) {
sName := fmt.Sprintf("tf-ops-perm-%d", acctest.RandInt())
var opsperm opsworks.Permission
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsOpsworksPermissionDestroy,
Steps: []resource.TestStep{
{
Config: testAccAwsOpsworksPermissionCreate(sName, "true", "true", "iam_only"),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSOpsworksPermissionExists(
"aws_opsworks_permission.tf-acc-perm", &opsperm),
testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, true, true, "iam_only"),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "true",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "level", "iam_only",
),
),
},
{
Config: testAccAwsOpsworksPermissionCreate(sName, "true", "false", "iam_only"),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSOpsworksPermissionExists(
"aws_opsworks_permission.tf-acc-perm", &opsperm),
testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, true, false, "iam_only"),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "true",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "level", "iam_only",
),
),
},
{
Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "deny"),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSOpsworksPermissionExists(
"aws_opsworks_permission.tf-acc-perm", &opsperm),
testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, false, false, "deny"),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "level", "deny",
),
),
},
{
Config: testAccAwsOpsworksPermissionCreate(sName, "false", "false", "show"),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSOpsworksPermissionExists(
"aws_opsworks_permission.tf-acc-perm", &opsperm),
testAccCheckAWSOpsworksCreatePermissionAttributes(&opsperm, false, false, "show"),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_ssh", "false",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "allow_sudo", "false",
),
resource.TestCheckResourceAttr(
"aws_opsworks_permission.tf-acc-perm", "level", "show",
),
),
},
},
})
}
func testAccCheckAWSOpsworksPermissionExists(
n string, opsperm *opsworks.Permission) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
}
conn := testAccProvider.Meta().(*AWSClient).opsworksconn
params := &opsworks.DescribePermissionsInput{
StackId: aws.String(rs.Primary.Attributes["stack_id"]),
IamUserArn: aws.String(rs.Primary.Attributes["user_arn"]),
}
resp, err := conn.DescribePermissions(params)
if err != nil {
return err
}
if v := len(resp.Permissions); v != 1 {
return fmt.Errorf("Expected 1 response returned, got %d", v)
}
*opsperm = *resp.Permissions[0]
return nil
}
}
func testAccCheckAWSOpsworksCreatePermissionAttributes(
opsperm *opsworks.Permission, allowSsh bool, allowSudo bool, level string) resource.TestCheckFunc {
return func(s *terraform.State) error {
if *opsperm.AllowSsh != allowSsh {
return fmt.Errorf("Unnexpected allowSsh: %t", *opsperm.AllowSsh)
}
if *opsperm.AllowSudo != allowSudo {
return fmt.Errorf("Unnexpected allowSudo: %t", *opsperm.AllowSudo)
}
if *opsperm.Level != level {
return fmt.Errorf("Unnexpected level: %s", *opsperm.Level)
}
return nil
}
}
func testAccCheckAwsOpsworksPermissionDestroy(s *terraform.State) error {
client := testAccProvider.Meta().(*AWSClient).opsworksconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_opsworks_permission" {
continue
}
req := &opsworks.DescribePermissionsInput{
IamUserArn: aws.String(rs.Primary.Attributes["user_arn"]),
}
resp, err := client.DescribePermissions(req)
if err == nil {
if len(resp.Permissions) > 0 {
return fmt.Errorf("OpsWorks Permissions still exist.")
}
}
if awserr, ok := err.(awserr.Error); ok {
if awserr.Code() != "ResourceNotFoundException" {
return err
}
}
}
return nil
}
func testAccAwsOpsworksPermissionCreate(name, ssh, sudo, level string) string {
return fmt.Sprintf(`
resource "aws_opsworks_permission" "tf-acc-perm" {
stack_id = "${aws_opsworks_stack.tf-acc.id}"
allow_ssh = %s
allow_sudo = %s
user_arn = "${aws_opsworks_user_profile.user.user_arn}"
level = "%s"
}
resource "aws_opsworks_user_profile" "user" {
user_arn = "${aws_iam_user.user.arn}"
ssh_username = "${aws_iam_user.user.name}"
}
resource "aws_iam_user" "user" {
name = "%s"
path = "/"
}
%s
`, ssh, sudo, level, name, testAccAwsOpsworksStackConfigVpcCreate(name))
}
Reference in New Issue View Git Blame Copy Permalink