mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-24 23:46:26 -06:00
79557bca80
This will allow us to catch errors at plan time rather than waiting for the API to tell us... Documentation for IAM User NAme Validation - http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html Documentation for IAM Group Name validation - http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_' ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/10/25 13:18:41 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_ -timeout 120m === RUN TestAccAWSIAMGroup_importBasic --- PASS: TestAccAWSIAMGroup_importBasic (13.80s) === RUN TestAccAWSIAMGroup_basic --- PASS: TestAccAWSIAMGroup_basic (23.30s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws37.121s ``` ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_' ✚ ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2016/10/25 13:22:23 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m === RUN TestAccAWSUser_importBasic --- PASS: TestAccAWSUser_importBasic (14.33s) === RUN TestAccAWSUser_basic --- PASS: TestAccAWSUser_basic (25.36s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 39.710s ```
157 lines
3.4 KiB
Go
157 lines
3.4 KiB
Go
package aws
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
"github.com/aws/aws-sdk-go/service/iam"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
func TestValidateIamGroupName(t *testing.T) {
|
|
validNames := []string{
|
|
"test-group",
|
|
"testgroup123",
|
|
"TestGroup",
|
|
"Test-Group",
|
|
"test.group",
|
|
"test.123,group",
|
|
"testgroup@hashicorp",
|
|
}
|
|
for _, v := range validNames {
|
|
_, errors := validateAwsIamGroupName(v, "name")
|
|
if len(errors) != 0 {
|
|
t.Fatalf("%q should be a valid IAM Group name: %q", v, errors)
|
|
}
|
|
}
|
|
|
|
invalidNames := []string{
|
|
"!",
|
|
"/",
|
|
" ",
|
|
":",
|
|
";",
|
|
"testgroup_123",
|
|
"test name",
|
|
"/slash-at-the-beginning",
|
|
"slash-at-the-end/",
|
|
}
|
|
for _, v := range invalidNames {
|
|
_, errors := validateAwsIamGroupName(v, "name")
|
|
if len(errors) == 0 {
|
|
t.Fatalf("%q should be an invalid IAM Group name", v)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAccAWSIAMGroup_basic(t *testing.T) {
|
|
var conf iam.GetGroupOutput
|
|
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccCheckAWSGroupDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testAccAWSGroupConfig,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckAWSGroupExists("aws_iam_group.group", &conf),
|
|
testAccCheckAWSGroupAttributes(&conf, "test-group", "/"),
|
|
),
|
|
},
|
|
resource.TestStep{
|
|
Config: testAccAWSGroupConfig2,
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckAWSGroupExists("aws_iam_group.group2", &conf),
|
|
testAccCheckAWSGroupAttributes(&conf, "test-group2", "/funnypath/"),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testAccCheckAWSGroupDestroy(s *terraform.State) error {
|
|
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
if rs.Type != "aws_iam_group" {
|
|
continue
|
|
}
|
|
|
|
// Try to get group
|
|
_, err := iamconn.GetGroup(&iam.GetGroupInput{
|
|
GroupName: aws.String(rs.Primary.ID),
|
|
})
|
|
if err == nil {
|
|
return fmt.Errorf("still exist.")
|
|
}
|
|
|
|
// Verify the error is what we want
|
|
ec2err, ok := err.(awserr.Error)
|
|
if !ok {
|
|
return err
|
|
}
|
|
if ec2err.Code() != "NoSuchEntity" {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func testAccCheckAWSGroupExists(n string, res *iam.GetGroupOutput) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
rs, ok := s.RootModule().Resources[n]
|
|
if !ok {
|
|
return fmt.Errorf("Not found: %s", n)
|
|
}
|
|
|
|
if rs.Primary.ID == "" {
|
|
return fmt.Errorf("No Group name is set")
|
|
}
|
|
|
|
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
|
|
|
|
resp, err := iamconn.GetGroup(&iam.GetGroupInput{
|
|
GroupName: aws.String(rs.Primary.ID),
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
*res = *resp
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func testAccCheckAWSGroupAttributes(group *iam.GetGroupOutput, name string, path string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
if *group.Group.GroupName != name {
|
|
return fmt.Errorf("Bad name: %s when %s was expected", *group.Group.GroupName, name)
|
|
}
|
|
|
|
if *group.Group.Path != path {
|
|
return fmt.Errorf("Bad path: %s when %s was expected", *group.Group.Path, path)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
const testAccAWSGroupConfig = `
|
|
resource "aws_iam_group" "group" {
|
|
name = "test-group"
|
|
path = "/"
|
|
}
|
|
`
|
|
const testAccAWSGroupConfig2 = `
|
|
resource "aws_iam_group" "group2" {
|
|
name = "test-group2"
|
|
path = "/funnypath/"
|
|
}
|
|
`
|