Skip to content

Commit

Permalink
tests/resource/aws_default_security_group: Remove hardcoded us-east-1…
Browse files Browse the repository at this point in the history
… handling (#16026)

* tests/resource/aws_default_security_group: Remove hardcoded us-east-1 handling

Reference: #8316
Reference: #15737
Reference: #15791

Previously in AWS GovCloud (US):

```
=== RUN   TestAccAWSDefaultSecurityGroup_Classic_basic
TestAccAWSDefaultSecurityGroup_Classic_basic: provider_test.go:196: [{0 error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
  status code: 403, request id: fc6cf64f-8c40-4e8b-a37c-a82d8c6a69c9  []}]
--- FAIL: TestAccAWSDefaultSecurityGroup_Classic_basic (0.40s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSDefaultSecurityGroup_Classic_basic (16.47s)
--- SKIP: TestAccAWSDefaultSecurityGroup_Classic_empty (0.00s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- SKIP: TestAccAWSDefaultSecurityGroup_Classic_basic (2.90s)
--- SKIP: TestAccAWSDefaultSecurityGroup_Classic_empty (0.00s)
```

* tests/resource/aws_default_security_group: Ensure EC2-Classic ARN checking is separate from regular ARN checking
  • Loading branch information
bflad authored Nov 11, 2020
1 parent f66074b commit 7ffe041
Showing 1 changed file with 66 additions and 29 deletions.
95 changes: 66 additions & 29 deletions aws/resource_aws_default_security_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package aws

import (
"fmt"
"os"
"testing"

"github.com/aws/aws-sdk-go/aws"
Expand Down Expand Up @@ -95,23 +94,18 @@ func TestAccAWSDefaultSecurityGroup_Vpc_empty(t *testing.T) {
}

func TestAccAWSDefaultSecurityGroup_Classic_basic(t *testing.T) {
oldvar := os.Getenv("AWS_DEFAULT_REGION")
os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
defer os.Setenv("AWS_DEFAULT_REGION", oldvar)

var group ec2.SecurityGroup
resourceName := "aws_default_security_group.test"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
IDRefreshName: resourceName,
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy,
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
ProviderFactories: testAccProviderFactories,
CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSDefaultSecurityGroupConfig_Classic,
Config: testAccAWSDefaultSecurityGroupConfig_Classic(),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSDefaultSecurityGroupExists(resourceName, &group),
testAccCheckAWSDefaultSecurityGroupEc2ClassicExists(resourceName, &group),
resource.TestCheckResourceAttr(resourceName, "name", "default"),
resource.TestCheckResourceAttr(resourceName, "description", "default group"),
resource.TestCheckResourceAttr(resourceName, "vpc_id", ""),
Expand All @@ -124,17 +118,18 @@ func TestAccAWSDefaultSecurityGroup_Classic_basic(t *testing.T) {
"cidr_blocks.0": "10.0.0.0/8",
}),
resource.TestCheckResourceAttr(resourceName, "egress.#", "0"),
testAccCheckAWSDefaultSecurityGroupARN(resourceName, &group),
testAccCheckAWSDefaultSecurityGroupARNEc2Classic(resourceName, &group),
testAccCheckResourceAttrAccountID(resourceName, "owner_id"),
resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
resource.TestCheckResourceAttr(resourceName, "tags.Name", "tf-acc-test"),
),
},
{
Config: testAccAWSDefaultSecurityGroupConfig_Classic,
Config: testAccAWSDefaultSecurityGroupConfig_Classic(),
PlanOnly: true,
},
{
Config: testAccAWSDefaultSecurityGroupConfig_Classic(),
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
Expand All @@ -150,23 +145,18 @@ func TestAccAWSDefaultSecurityGroup_Classic_empty(t *testing.T) {
// Additional references:
// * https://github.com/hashicorp/terraform-provider-aws/issues/14631

oldvar := os.Getenv("AWS_DEFAULT_REGION")
os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
defer os.Setenv("AWS_DEFAULT_REGION", oldvar)

var group ec2.SecurityGroup
resourceName := "aws_default_security_group.test"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
IDRefreshName: resourceName,
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy,
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) },
ProviderFactories: testAccProviderFactories,
CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSDefaultSecurityGroupConfig_Classic_empty,
Config: testAccAWSDefaultSecurityGroupConfig_Classic_empty(),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSDefaultSecurityGroupExists(resourceName, &group),
testAccCheckAWSDefaultSecurityGroupEc2ClassicExists(resourceName, &group),
resource.TestCheckResourceAttr(resourceName, "ingress.#", "0"),
resource.TestCheckResourceAttr(resourceName, "egress.#", "0"),
),
Expand Down Expand Up @@ -209,12 +199,51 @@ func testAccCheckAWSDefaultSecurityGroupExists(n string, group *ec2.SecurityGrou
}
}

func testAccCheckAWSDefaultSecurityGroupEc2ClassicExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}

if rs.Primary.ID == "" {
return fmt.Errorf("No EC2 Default Security Group ID is set")
}

conn := testAccProviderEc2Classic.Meta().(*AWSClient).ec2conn

input := &ec2.DescribeSecurityGroupsInput{
GroupIds: []*string{aws.String(rs.Primary.ID)},
}

resp, err := conn.DescribeSecurityGroups(input)

if err != nil {
return fmt.Errorf("error describing EC2 Default Security Group (%s): %w", rs.Primary.ID, err)
}

if len(resp.SecurityGroups) == 0 || aws.StringValue(resp.SecurityGroups[0].GroupId) != rs.Primary.ID {
return fmt.Errorf("EC2 Default Security Group (%s) not found", rs.Primary.ID)
}

*group = *resp.SecurityGroups[0]

return nil
}
}

func testAccCheckAWSDefaultSecurityGroupARN(resourceName string, group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
return testAccCheckResourceAttrRegionalARN(resourceName, "arn", "ec2", fmt.Sprintf("security-group/%s", aws.StringValue(group.GroupId)))(s)
}
}

func testAccCheckAWSDefaultSecurityGroupARNEc2Classic(resourceName string, group *ec2.SecurityGroup) resource.TestCheckFunc {
return func(s *terraform.State) error {
return testAccCheckResourceAttrRegionalARNEc2Classic(resourceName, "arn", "ec2", fmt.Sprintf("security-group/%s", aws.StringValue(group.GroupId)))(s)
}
}

const testAccAWSDefaultSecurityGroupConfig_Vpc = `
resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
Expand Down Expand Up @@ -261,7 +290,10 @@ resource "aws_default_security_group" "test" {
}
`

const testAccAWSDefaultSecurityGroupConfig_Classic = `
func testAccAWSDefaultSecurityGroupConfig_Classic() string {
return composeConfig(
testAccEc2ClassicRegionProviderConfig(),
`
resource "aws_default_security_group" "test" {
ingress {
protocol = "6"
Expand All @@ -274,13 +306,18 @@ resource "aws_default_security_group" "test" {
Name = "tf-acc-test"
}
}
`
`)
}

const testAccAWSDefaultSecurityGroupConfig_Classic_empty = `
func testAccAWSDefaultSecurityGroupConfig_Classic_empty() string {
return composeConfig(
testAccEc2ClassicRegionProviderConfig(),
`
resource "aws_default_security_group" "test" {
# No attributes set.
}
`
`)
}

func TestAWSDefaultSecurityGroupMigrateState(t *testing.T) {
cases := map[string]struct {
Expand Down

0 comments on commit 7ffe041

Please sign in to comment.