mirror of
https://github.com/opentofu/opentofu.git
synced 2025-02-20 11:48:24 -06:00
e655cbd0fc
When VPC is detached from VPN gateway, its VpcAttachment stays in place just with state changed to "detached". Since terraform was not checking attachment state, it used to think VPC gateway was still attached.
308 lines
7.1 KiB
Go
308 lines
7.1 KiB
Go
package aws
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
"github.com/aws/aws-sdk-go/service/ec2"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
func TestAccAWSVpnGateway_basic(t *testing.T) {
|
|
var v, v2 ec2.VpnGateway
|
|
|
|
testNotEqual := func(*terraform.State) error {
|
|
if len(v.VpcAttachments) == 0 {
|
|
return fmt.Errorf("VPN gateway A is not attached")
|
|
}
|
|
if len(v2.VpcAttachments) == 0 {
|
|
return fmt.Errorf("VPN gateway B is not attached")
|
|
}
|
|
|
|
id1 := v.VpcAttachments[0].VpcId
|
|
id2 := v2.VpcAttachments[0].VpcId
|
|
if id1 == id2 {
|
|
return fmt.Errorf("Both attachment IDs are the same")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
IDRefreshName: "aws_vpn_gateway.foo",
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckVpnGatewayDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccVpnGatewayConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists(
|
|
"aws_vpn_gateway.foo", &v),
|
|
),
|
|
},
|
|
|
|
resource.TestStep{
|
|
Config: testAccVpnGatewayConfigChangeVPC,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists(
|
|
"aws_vpn_gateway.foo", &v2),
|
|
testNotEqual,
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAWSVpnGateway_reattach(t *testing.T) {
|
|
var v ec2.VpnGateway
|
|
|
|
genTestStateFunc := func(expectedState string) func(*terraform.State) error {
|
|
return func(*terraform.State) error {
|
|
if len(v.VpcAttachments) == 0 {
|
|
if expectedState != "detached" {
|
|
return fmt.Errorf("VPN gateway has no VPC attachments")
|
|
}
|
|
} else if len(v.VpcAttachments) == 1 {
|
|
if *v.VpcAttachments[0].State != expectedState {
|
|
return fmt.Errorf("Expected VPC gateway VPC attachment to be in '%s' state, but was not: %s", expectedState, v)
|
|
}
|
|
} else {
|
|
return fmt.Errorf("VPN gateway has unexpected number of VPC attachments(more than 1): %s", v)
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
IDRefreshName: "aws_vpn_gateway.foo",
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckVpnGatewayDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccVpnGatewayConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists(
|
|
"aws_vpn_gateway.foo", &v),
|
|
genTestStateFunc("attached"),
|
|
),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccVpnGatewayConfigDetach,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists(
|
|
"aws_vpn_gateway.foo", &v),
|
|
genTestStateFunc("detached"),
|
|
),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccVpnGatewayConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists(
|
|
"aws_vpn_gateway.foo", &v),
|
|
genTestStateFunc("attached"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAWSVpnGateway_delete(t *testing.T) {
|
|
var vpnGateway ec2.VpnGateway
|
|
|
|
testDeleted := func(r string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
_, ok := s.RootModule().Resources[r]
|
|
if ok {
|
|
return fmt.Errorf("VPN Gateway %q should have been deleted", r)
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
IDRefreshName: "aws_vpn_gateway.foo",
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckVpnGatewayDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccVpnGatewayConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists("aws_vpn_gateway.foo", &vpnGateway)),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccNoVpnGatewayConfig,
|
|
Check: resource.ComposeTestCheckFunc(testDeleted("aws_vpn_gateway.foo")),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccAWSVpnGateway_tags(t *testing.T) {
|
|
var v ec2.VpnGateway
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
IDRefreshName: "aws_vpn_gateway.foo",
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckVpnGatewayDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccCheckVpnGatewayConfigTags,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists("aws_vpn_gateway.foo", &v),
|
|
testAccCheckTags(&v.Tags, "foo", "bar"),
|
|
),
|
|
},
|
|
|
|
resource.TestStep{
|
|
Config: testAccCheckVpnGatewayConfigTagsUpdate,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckVpnGatewayExists("aws_vpn_gateway.foo", &v),
|
|
testAccCheckTags(&v.Tags, "foo", ""),
|
|
testAccCheckTags(&v.Tags, "bar", "baz"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testAccCheckVpnGatewayDestroy(s *terraform.State) error {
|
|
ec2conn := testAccProvider.Meta().(*AWSClient).ec2conn
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
if rs.Type != "aws_vpn_gateway" {
|
|
continue
|
|
}
|
|
|
|
// Try to find the resource
|
|
resp, err := ec2conn.DescribeVpnGateways(&ec2.DescribeVpnGatewaysInput{
|
|
VpnGatewayIds: []*string{aws.String(rs.Primary.ID)},
|
|
})
|
|
if err == nil {
|
|
var v *ec2.VpnGateway
|
|
for _, g := range resp.VpnGateways {
|
|
if *g.VpnGatewayId == rs.Primary.ID {
|
|
v = g
|
|
}
|
|
}
|
|
|
|
if v == nil {
|
|
// wasn't found
|
|
return nil
|
|
}
|
|
|
|
if *v.State != "deleted" {
|
|
return fmt.Errorf("Expected VpnGateway to be in deleted state, but was not: %s", v)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Verify the error is what we want
|
|
ec2err, ok := err.(awserr.Error)
|
|
if !ok {
|
|
return err
|
|
}
|
|
if ec2err.Code() != "InvalidVpnGatewayID.NotFound" {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func testAccCheckVpnGatewayExists(n string, ig *ec2.VpnGateway) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No ID is set")
|
|
}
|
|
|
|
ec2conn := testAccProvider.Meta().(*AWSClient).ec2conn
|
|
resp, err := ec2conn.DescribeVpnGateways(&ec2.DescribeVpnGatewaysInput{
|
|
VpnGatewayIds: []*string{aws.String(rs.Primary.ID)},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if len(resp.VpnGateways) == 0 {
|
|
return fmt.Errorf("VPNGateway not found")
|
|
}
|
|
|
|
*ig = *resp.VpnGateways[0]
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
const testAccNoVpnGatewayConfig = `
|
|
resource "aws_vpc" "foo" {
|
|
cidr_block = "10.1.0.0/16"
|
|
}
|
|
`
|
|
|
|
const testAccVpnGatewayConfig = `
|
|
resource "aws_vpc" "foo" {
|
|
cidr_block = "10.1.0.0/16"
|
|
}
|
|
|
|
resource "aws_vpn_gateway" "foo" {
|
|
vpc_id = "${aws_vpc.foo.id}"
|
|
}
|
|
`
|
|
|
|
const testAccVpnGatewayConfigChangeVPC = `
|
|
resource "aws_vpc" "bar" {
|
|
cidr_block = "10.2.0.0/16"
|
|
}
|
|
|
|
resource "aws_vpn_gateway" "foo" {
|
|
vpc_id = "${aws_vpc.bar.id}"
|
|
}
|
|
`
|
|
|
|
const testAccVpnGatewayConfigDetach = `
|
|
resource "aws_vpc" "foo" {
|
|
cidr_block = "10.1.0.0/16"
|
|
}
|
|
|
|
resource "aws_vpn_gateway" "foo" {
|
|
vpc_id = ""
|
|
}
|
|
`
|
|
|
|
const testAccCheckVpnGatewayConfigTags = `
|
|
resource "aws_vpc" "foo" {
|
|
cidr_block = "10.1.0.0/16"
|
|
}
|
|
|
|
resource "aws_vpn_gateway" "foo" {
|
|
vpc_id = "${aws_vpc.foo.id}"
|
|
tags {
|
|
foo = "bar"
|
|
}
|
|
}
|
|
`
|
|
|
|
const testAccCheckVpnGatewayConfigTagsUpdate = `
|
|
resource "aws_vpc" "foo" {
|
|
cidr_block = "10.1.0.0/16"
|
|
}
|
|
|
|
resource "aws_vpn_gateway" "foo" {
|
|
vpc_id = "${aws_vpc.foo.id}"
|
|
tags {
|
|
bar = "baz"
|
|
}
|
|
}
|
|
`
|