2015-11-11 14:51:46 -06:00
package aws
import (
2017-02-09 09:55:12 -06:00
2015-11-11 14:51:46 -06:00
func TestAccAWSRedshiftSecurityGroup_ingressCidr(t *testing.T) {
var v redshift.ClusterSecurityGroup
2017-02-09 09:55:12 -06:00
rInt := acctest.RandInt()
2015-11-11 14:51:46 -06:00
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy,
Steps: []resource.TestStep{
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidr(rInt),
2015-11-11 14:51:46 -06:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
2017-02-09 09:55:12 -06:00
"aws_redshift_security_group.bar", "name", fmt.Sprintf("redshift-sg-terraform-%d", rInt)),
2015-11-11 14:51:46 -06:00
2016-04-18 16:06:15 -05:00
"aws_redshift_security_group.bar", "description", "Managed by Terraform"),
2015-11-11 14:51:46 -06:00
"aws_redshift_security_group.bar", "ingress.2735652665.cidr", ""),
"aws_redshift_security_group.bar", "ingress.#", "1"),
2016-03-30 20:13:28 -05:00
func TestAccAWSRedshiftSecurityGroup_updateIngressCidr(t *testing.T) {
var v redshift.ClusterSecurityGroup
2017-02-09 09:55:12 -06:00
rInt := acctest.RandInt()
2016-03-30 20:13:28 -05:00
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy,
Steps: []resource.TestStep{
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidr(rInt),
2016-03-30 20:13:28 -05:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
"aws_redshift_security_group.bar", "ingress.#", "1"),
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidrAdd(rInt),
2016-03-30 20:13:28 -05:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
"aws_redshift_security_group.bar", "ingress.#", "3"),
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressCidrReduce(rInt),
2016-03-30 20:13:28 -05:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
"aws_redshift_security_group.bar", "ingress.#", "2"),
2015-11-11 14:51:46 -06:00
func TestAccAWSRedshiftSecurityGroup_ingressSecurityGroup(t *testing.T) {
var v redshift.ClusterSecurityGroup
2017-02-09 09:55:12 -06:00
rInt := acctest.RandInt()
2015-11-11 14:51:46 -06:00
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy,
Steps: []resource.TestStep{
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgId(rInt),
2015-11-11 14:51:46 -06:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
2017-02-09 09:55:12 -06:00
"aws_redshift_security_group.bar", "name", fmt.Sprintf("redshift-sg-terraform-%d", rInt)),
2015-11-11 14:51:46 -06:00
"aws_redshift_security_group.bar", "description", "this is a description"),
"aws_redshift_security_group.bar", "ingress.#", "1"),
2016-03-30 20:13:28 -05:00
func TestAccAWSRedshiftSecurityGroup_updateIngressSecurityGroup(t *testing.T) {
var v redshift.ClusterSecurityGroup
2017-02-09 09:55:12 -06:00
rInt := acctest.RandInt()
2016-03-30 20:13:28 -05:00
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSRedshiftSecurityGroupDestroy,
Steps: []resource.TestStep{
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgId(rInt),
2016-03-30 20:13:28 -05:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
"aws_redshift_security_group.bar", "ingress.#", "1"),
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgIdAdd(rInt),
2016-03-30 20:13:28 -05:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
"aws_redshift_security_group.bar", "ingress.#", "3"),
2017-02-09 09:55:12 -06:00
Config: testAccAWSRedshiftSecurityGroupConfig_ingressSgIdReduce(rInt),
2016-03-30 20:13:28 -05:00
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSRedshiftSecurityGroupExists("aws_redshift_security_group.bar", &v),
"aws_redshift_security_group.bar", "ingress.#", "2"),
2015-11-11 14:51:46 -06:00
func testAccCheckAWSRedshiftSecurityGroupExists(n string, v *redshift.ClusterSecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
if rs.Primary.ID == "" {
return fmt.Errorf("No Redshift Security Group ID is set")
conn := testAccProvider.Meta().(*AWSClient).redshiftconn
opts := redshift.DescribeClusterSecurityGroupsInput{
ClusterSecurityGroupName: aws.String(rs.Primary.ID),
resp, err := conn.DescribeClusterSecurityGroups(&opts)
if err != nil {
return err
if len(resp.ClusterSecurityGroups) != 1 ||
*resp.ClusterSecurityGroups[0].ClusterSecurityGroupName != rs.Primary.ID {
return fmt.Errorf("Redshift Security Group not found")
*v = *resp.ClusterSecurityGroups[0]
return nil
func testAccCheckAWSRedshiftSecurityGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).redshiftconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_redshift_security_group" {
// Try to find the Group
resp, err := conn.DescribeClusterSecurityGroups(
ClusterSecurityGroupName: aws.String(rs.Primary.ID),
if err == nil {
if len(resp.ClusterSecurityGroups) != 0 &&
*resp.ClusterSecurityGroups[0].ClusterSecurityGroupName == rs.Primary.ID {
return fmt.Errorf("Redshift Security Group still exists")
// Verify the error
newerr, ok := err.(awserr.Error)
if !ok {
return err
2016-01-13 16:58:07 -06:00
if newerr.Code() != "ClusterSecurityGroupNotFound" {
2015-11-11 14:51:46 -06:00
return err
return nil
2015-11-12 03:45:22 -06:00
func TestResourceAWSRedshiftSecurityGroupNameValidation(t *testing.T) {
2015-11-11 14:51:46 -06:00
cases := []struct {
Value string
ErrCount int
Value: "default",
ErrCount: 1,
Value: "testing123%%",
ErrCount: 1,
Value: "TestingSG",
ErrCount: 1,
Value: randomString(256),
ErrCount: 1,
for _, tc := range cases {
_, errors := validateRedshiftSecurityGroupName(tc.Value, "aws_redshift_security_group_name")
if len(errors) != tc.ErrCount {
t.Fatalf("Expected the Redshift Security Group Name to trigger a validation error")
2017-02-09 09:55:12 -06:00
func testAccAWSRedshiftSecurityGroupConfig_ingressCidr(rInt int) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
2015-11-11 14:51:46 -06:00
2017-02-09 09:55:12 -06:00
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform-%d"
2015-11-11 14:51:46 -06:00
2017-02-09 09:55:12 -06:00
ingress {
cidr = ""
}`, rInt)
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
func testAccAWSRedshiftSecurityGroupConfig_ingressCidrAdd(rInt int) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform-%d"
description = "this is a description"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
cidr = ""
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
cidr = ""
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
cidr = ""
}`, rInt)
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
func testAccAWSRedshiftSecurityGroupConfig_ingressCidrReduce(rInt int) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform-%d"
description = "this is a description"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
cidr = ""
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
cidr = ""
}`, rInt)
2015-11-11 14:51:46 -06:00
2017-02-09 09:55:12 -06:00
func testAccAWSRedshiftSecurityGroupConfig_ingressSgId(rInt int) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
2015-11-11 14:51:46 -06:00
2017-02-09 09:55:12 -06:00
resource "aws_security_group" "redshift" {
name = "terraform_redshift_test_%d"
description = "Used in the redshift acceptance tests"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = [""]
2015-11-11 14:51:46 -06:00
2017-02-09 09:55:12 -06:00
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform-%d"
description = "this is a description"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
security_group_name = "${aws_security_group.redshift.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}`, rInt, rInt)
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
func testAccAWSRedshiftSecurityGroupConfig_ingressSgIdAdd(rInt int) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_security_group" "redshift" {
name = "terraform_redshift_test_%d"
description = "Used in the redshift acceptance tests"
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = [""]
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_security_group" "redshift2" {
name = "terraform_redshift_test_2_%d"
description = "Used in the redshift acceptance tests #2"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = [""]
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_security_group" "redshift3" {
name = "terraform_redshift_test_3_%d"
description = "Used in the redshift acceptance tests #3"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = [""]
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform-%d"
description = "this is a description"
ingress {
security_group_name = "${aws_security_group.redshift.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
ingress {
security_group_name = "${aws_security_group.redshift2.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
ingress {
security_group_name = "${aws_security_group.redshift3.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}`, rInt, rInt, rInt, rInt)
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
func testAccAWSRedshiftSecurityGroupConfig_ingressSgIdReduce(rInt int) string {
return fmt.Sprintf(`
provider "aws" {
region = "us-east-1"
resource "aws_security_group" "redshift" {
name = "terraform_redshift_test_%d"
description = "Used in the redshift acceptance tests"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = [""]
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_security_group" "redshift2" {
name = "terraform_redshift_test_2_%d"
description = "Used in the redshift acceptance tests #2"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = [""]
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
resource "aws_redshift_security_group" "bar" {
name = "redshift-sg-terraform-%d"
description = "this is a description"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
security_group_name = "${aws_security_group.redshift.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
2016-03-30 20:13:28 -05:00
2017-02-09 09:55:12 -06:00
ingress {
security_group_name = "${aws_security_group.redshift2.name}"
security_group_owner_id = "${aws_security_group.redshift.owner_id}"
}`, rInt, rInt, rInt)