319 lines
8.6 KiB
Go
319 lines
8.6 KiB
Go
package azurerm
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
func TestAccAzureRMNetworkSecurityGroup_basic(t *testing.T) {
|
|
rInt := acctest.RandInt()
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccAzureRMNetworkSecurityGroup_basic(rInt),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAzureRMNetworkSecurityGroup_disappears(t *testing.T) {
|
|
rInt := acctest.RandInt()
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccAzureRMNetworkSecurityGroup_basic(rInt),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
|
|
testCheckAzureRMNetworkSecurityGroupDisappears("azurerm_network_security_group.test"),
|
|
),
|
|
ExpectNonEmptyPlan: true,
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAzureRMNetworkSecurityGroup_withTags(t *testing.T) {
|
|
rInt := acctest.RandInt()
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccAzureRMNetworkSecurityGroup_withTags(rInt),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "tags.%", "2"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "tags.environment", "Production"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "tags.cost_center", "MSFT"),
|
|
),
|
|
},
|
|
|
|
{
|
|
Config: testAccAzureRMNetworkSecurityGroup_withTagsUpdate(rInt),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "tags.%", "1"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "tags.environment", "staging"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAzureRMNetworkSecurityGroup_addingExtraRules(t *testing.T) {
|
|
rInt := acctest.RandInt()
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
|
|
Steps: []resource.TestStep{
|
|
{
|
|
Config: testAccAzureRMNetworkSecurityGroup_basic(rInt),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "security_rule.#", "1"),
|
|
),
|
|
},
|
|
|
|
{
|
|
Config: testAccAzureRMNetworkSecurityGroup_anotherRule(rInt),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
|
|
resource.TestCheckResourceAttr(
|
|
"azurerm_network_security_group.test", "security_rule.#", "2"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testCheckAzureRMNetworkSecurityGroupExists(name string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
|
|
rs, ok := s.RootModule().Resources[name]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", name)
|
|
}
|
|
|
|
sgName := rs.Primary.Attributes["name"]
|
|
resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"]
|
|
if !hasResourceGroup {
|
|
return fmt.Errorf("Bad: no resource group found in state for network security group: %s", sgName)
|
|
}
|
|
|
|
conn := testAccProvider.Meta().(*ArmClient).secGroupClient
|
|
|
|
resp, err := conn.Get(resourceGroup, sgName, "")
|
|
if err != nil {
|
|
return fmt.Errorf("Bad: Get on secGroupClient: %s", err)
|
|
}
|
|
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
return fmt.Errorf("Bad: Network Security Group %q (resource group: %q) does not exist", name, resourceGroup)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func testCheckAzureRMNetworkSecurityGroupDisappears(name string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
|
|
rs, ok := s.RootModule().Resources[name]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", name)
|
|
}
|
|
|
|
sgName := rs.Primary.Attributes["name"]
|
|
resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"]
|
|
if !hasResourceGroup {
|
|
return fmt.Errorf("Bad: no resource group found in state for network security group: %s", sgName)
|
|
}
|
|
|
|
conn := testAccProvider.Meta().(*ArmClient).secGroupClient
|
|
|
|
_, err := conn.Delete(resourceGroup, sgName, make(chan struct{}))
|
|
if err != nil {
|
|
return fmt.Errorf("Bad: Delete on secGroupClient: %s", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func testCheckAzureRMNetworkSecurityGroupDestroy(s *terraform.State) error {
|
|
conn := testAccProvider.Meta().(*ArmClient).secGroupClient
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
if rs.Type != "azurerm_network_security_group" {
|
|
continue
|
|
}
|
|
|
|
name := rs.Primary.Attributes["name"]
|
|
resourceGroup := rs.Primary.Attributes["resource_group_name"]
|
|
|
|
resp, err := conn.Get(resourceGroup, name, "")
|
|
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
if resp.StatusCode != http.StatusNotFound {
|
|
return fmt.Errorf("Network Security Group still exists:\n%#v", resp.SecurityGroupPropertiesFormat)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func testAccAzureRMNetworkSecurityGroup_basic(rInt int) string {
|
|
return fmt.Sprintf(`
|
|
resource "azurerm_resource_group" "test" {
|
|
name = "acctestRG-%d"
|
|
location = "West US"
|
|
}
|
|
|
|
resource "azurerm_network_security_group" "test" {
|
|
name = "acceptanceTestSecurityGroup1"
|
|
location = "West US"
|
|
resource_group_name = "${azurerm_resource_group.test.name}"
|
|
|
|
security_rule {
|
|
name = "test123"
|
|
priority = 100
|
|
direction = "Inbound"
|
|
access = "Allow"
|
|
protocol = "Tcp"
|
|
source_port_range = "*"
|
|
destination_port_range = "*"
|
|
source_address_prefix = "*"
|
|
destination_address_prefix = "*"
|
|
}
|
|
}
|
|
`, rInt)
|
|
}
|
|
|
|
func testAccAzureRMNetworkSecurityGroup_anotherRule(rInt int) string {
|
|
return fmt.Sprintf(`
|
|
resource "azurerm_resource_group" "test" {
|
|
name = "acctestRG-%d"
|
|
location = "West US"
|
|
}
|
|
|
|
resource "azurerm_network_security_group" "test" {
|
|
name = "acceptanceTestSecurityGroup1"
|
|
location = "West US"
|
|
resource_group_name = "${azurerm_resource_group.test.name}"
|
|
|
|
security_rule {
|
|
name = "test123"
|
|
priority = 100
|
|
direction = "Inbound"
|
|
access = "Allow"
|
|
protocol = "Tcp"
|
|
source_port_range = "*"
|
|
destination_port_range = "*"
|
|
source_address_prefix = "*"
|
|
destination_address_prefix = "*"
|
|
}
|
|
|
|
security_rule {
|
|
name = "testDeny"
|
|
priority = 101
|
|
direction = "Inbound"
|
|
access = "Deny"
|
|
protocol = "Udp"
|
|
source_port_range = "*"
|
|
destination_port_range = "*"
|
|
source_address_prefix = "*"
|
|
destination_address_prefix = "*"
|
|
}
|
|
}
|
|
`, rInt)
|
|
}
|
|
|
|
func testAccAzureRMNetworkSecurityGroup_withTags(rInt int) string {
|
|
return fmt.Sprintf(`
|
|
resource "azurerm_resource_group" "test" {
|
|
name = "acctestRG-%d"
|
|
location = "West US"
|
|
}
|
|
|
|
resource "azurerm_network_security_group" "test" {
|
|
name = "acceptanceTestSecurityGroup1"
|
|
location = "West US"
|
|
resource_group_name = "${azurerm_resource_group.test.name}"
|
|
|
|
security_rule {
|
|
name = "test123"
|
|
priority = 100
|
|
direction = "Inbound"
|
|
access = "Allow"
|
|
protocol = "Tcp"
|
|
source_port_range = "*"
|
|
destination_port_range = "*"
|
|
source_address_prefix = "*"
|
|
destination_address_prefix = "*"
|
|
}
|
|
|
|
|
|
tags {
|
|
environment = "Production"
|
|
cost_center = "MSFT"
|
|
}
|
|
}
|
|
`, rInt)
|
|
}
|
|
|
|
func testAccAzureRMNetworkSecurityGroup_withTagsUpdate(rInt int) string {
|
|
return fmt.Sprintf(`
|
|
resource "azurerm_resource_group" "test" {
|
|
name = "acctestRG-%d"
|
|
location = "West US"
|
|
}
|
|
|
|
resource "azurerm_network_security_group" "test" {
|
|
name = "acceptanceTestSecurityGroup1"
|
|
location = "West US"
|
|
resource_group_name = "${azurerm_resource_group.test.name}"
|
|
|
|
security_rule {
|
|
name = "test123"
|
|
priority = 100
|
|
direction = "Inbound"
|
|
access = "Allow"
|
|
protocol = "Tcp"
|
|
source_port_range = "*"
|
|
destination_port_range = "*"
|
|
source_address_prefix = "*"
|
|
destination_address_prefix = "*"
|
|
}
|
|
|
|
tags {
|
|
environment = "staging"
|
|
}
|
|
}
|
|
`, rInt)
|
|
}
|