From 7ffe041ad5b752e4a72edb7f731ce274f0c54e2d Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Tue, 10 Nov 2020 19:05:54 -0500 Subject: [PATCH] tests/resource/aws_default_security_group: Remove hardcoded us-east-1 handling (#16026) * tests/resource/aws_default_security_group: Remove hardcoded us-east-1 handling Reference: https://github.com/hashicorp/terraform-provider-aws/issues/8316 Reference: https://github.com/hashicorp/terraform-provider-aws/issues/15737 Reference: https://github.com/hashicorp/terraform-provider-aws/issues/15791 Previously in AWS GovCloud (US): ``` === RUN TestAccAWSDefaultSecurityGroup_Classic_basic TestAccAWSDefaultSecurityGroup_Classic_basic: provider_test.go:196: [{0 error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: fc6cf64f-8c40-4e8b-a37c-a82d8c6a69c9 []}] --- FAIL: TestAccAWSDefaultSecurityGroup_Classic_basic (0.40s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSDefaultSecurityGroup_Classic_basic (16.47s) --- SKIP: TestAccAWSDefaultSecurityGroup_Classic_empty (0.00s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- SKIP: TestAccAWSDefaultSecurityGroup_Classic_basic (2.90s) --- SKIP: TestAccAWSDefaultSecurityGroup_Classic_empty (0.00s) ``` * tests/resource/aws_default_security_group: Ensure EC2-Classic ARN checking is separate from regular ARN checking --- ...esource_aws_default_security_group_test.go | 95 +++++++++++++------ 1 file changed, 66 insertions(+), 29 deletions(-) diff --git a/aws/resource_aws_default_security_group_test.go b/aws/resource_aws_default_security_group_test.go index b3c612f94427..1e1e7857ebe1 100644 --- a/aws/resource_aws_default_security_group_test.go +++ b/aws/resource_aws_default_security_group_test.go @@ -2,7 +2,6 @@ package aws import ( "fmt" - "os" "testing" "github.com/aws/aws-sdk-go/aws" @@ -95,23 +94,18 @@ func TestAccAWSDefaultSecurityGroup_Vpc_empty(t *testing.T) { } func TestAccAWSDefaultSecurityGroup_Classic_basic(t *testing.T) { - oldvar := os.Getenv("AWS_DEFAULT_REGION") - os.Setenv("AWS_DEFAULT_REGION", "us-east-1") - defer os.Setenv("AWS_DEFAULT_REGION", oldvar) - var group ec2.SecurityGroup resourceName := "aws_default_security_group.test" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) }, - IDRefreshName: resourceName, - Providers: testAccProviders, - CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy, + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) }, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSDefaultSecurityGroupConfig_Classic, + Config: testAccAWSDefaultSecurityGroupConfig_Classic(), Check: resource.ComposeTestCheckFunc( - testAccCheckAWSDefaultSecurityGroupExists(resourceName, &group), + testAccCheckAWSDefaultSecurityGroupEc2ClassicExists(resourceName, &group), resource.TestCheckResourceAttr(resourceName, "name", "default"), resource.TestCheckResourceAttr(resourceName, "description", "default group"), resource.TestCheckResourceAttr(resourceName, "vpc_id", ""), @@ -124,17 +118,18 @@ func TestAccAWSDefaultSecurityGroup_Classic_basic(t *testing.T) { "cidr_blocks.0": "10.0.0.0/8", }), resource.TestCheckResourceAttr(resourceName, "egress.#", "0"), - testAccCheckAWSDefaultSecurityGroupARN(resourceName, &group), + testAccCheckAWSDefaultSecurityGroupARNEc2Classic(resourceName, &group), testAccCheckResourceAttrAccountID(resourceName, "owner_id"), resource.TestCheckResourceAttr(resourceName, "tags.%", "1"), resource.TestCheckResourceAttr(resourceName, "tags.Name", "tf-acc-test"), ), }, { - Config: testAccAWSDefaultSecurityGroupConfig_Classic, + Config: testAccAWSDefaultSecurityGroupConfig_Classic(), PlanOnly: true, }, { + Config: testAccAWSDefaultSecurityGroupConfig_Classic(), ResourceName: resourceName, ImportState: true, ImportStateVerify: true, @@ -150,23 +145,18 @@ func TestAccAWSDefaultSecurityGroup_Classic_empty(t *testing.T) { // Additional references: // * https://github.com/hashicorp/terraform-provider-aws/issues/14631 - oldvar := os.Getenv("AWS_DEFAULT_REGION") - os.Setenv("AWS_DEFAULT_REGION", "us-east-1") - defer os.Setenv("AWS_DEFAULT_REGION", oldvar) - var group ec2.SecurityGroup resourceName := "aws_default_security_group.test" - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) }, - IDRefreshName: resourceName, - Providers: testAccProviders, - CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy, + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccEC2ClassicPreCheck(t) }, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccCheckAWSDefaultSecurityGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSDefaultSecurityGroupConfig_Classic_empty, + Config: testAccAWSDefaultSecurityGroupConfig_Classic_empty(), Check: resource.ComposeTestCheckFunc( - testAccCheckAWSDefaultSecurityGroupExists(resourceName, &group), + testAccCheckAWSDefaultSecurityGroupEc2ClassicExists(resourceName, &group), resource.TestCheckResourceAttr(resourceName, "ingress.#", "0"), resource.TestCheckResourceAttr(resourceName, "egress.#", "0"), ), @@ -209,12 +199,51 @@ func testAccCheckAWSDefaultSecurityGroupExists(n string, group *ec2.SecurityGrou } } +func testAccCheckAWSDefaultSecurityGroupEc2ClassicExists(n string, group *ec2.SecurityGroup) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No EC2 Default Security Group ID is set") + } + + conn := testAccProviderEc2Classic.Meta().(*AWSClient).ec2conn + + input := &ec2.DescribeSecurityGroupsInput{ + GroupIds: []*string{aws.String(rs.Primary.ID)}, + } + + resp, err := conn.DescribeSecurityGroups(input) + + if err != nil { + return fmt.Errorf("error describing EC2 Default Security Group (%s): %w", rs.Primary.ID, err) + } + + if len(resp.SecurityGroups) == 0 || aws.StringValue(resp.SecurityGroups[0].GroupId) != rs.Primary.ID { + return fmt.Errorf("EC2 Default Security Group (%s) not found", rs.Primary.ID) + } + + *group = *resp.SecurityGroups[0] + + return nil + } +} + func testAccCheckAWSDefaultSecurityGroupARN(resourceName string, group *ec2.SecurityGroup) resource.TestCheckFunc { return func(s *terraform.State) error { return testAccCheckResourceAttrRegionalARN(resourceName, "arn", "ec2", fmt.Sprintf("security-group/%s", aws.StringValue(group.GroupId)))(s) } } +func testAccCheckAWSDefaultSecurityGroupARNEc2Classic(resourceName string, group *ec2.SecurityGroup) resource.TestCheckFunc { + return func(s *terraform.State) error { + return testAccCheckResourceAttrRegionalARNEc2Classic(resourceName, "arn", "ec2", fmt.Sprintf("security-group/%s", aws.StringValue(group.GroupId)))(s) + } +} + const testAccAWSDefaultSecurityGroupConfig_Vpc = ` resource "aws_vpc" "test" { cidr_block = "10.1.0.0/16" @@ -261,7 +290,10 @@ resource "aws_default_security_group" "test" { } ` -const testAccAWSDefaultSecurityGroupConfig_Classic = ` +func testAccAWSDefaultSecurityGroupConfig_Classic() string { + return composeConfig( + testAccEc2ClassicRegionProviderConfig(), + ` resource "aws_default_security_group" "test" { ingress { protocol = "6" @@ -274,13 +306,18 @@ resource "aws_default_security_group" "test" { Name = "tf-acc-test" } } -` +`) +} -const testAccAWSDefaultSecurityGroupConfig_Classic_empty = ` +func testAccAWSDefaultSecurityGroupConfig_Classic_empty() string { + return composeConfig( + testAccEc2ClassicRegionProviderConfig(), + ` resource "aws_default_security_group" "test" { # No attributes set. } -` +`) +} func TestAWSDefaultSecurityGroupMigrateState(t *testing.T) { cases := map[string]struct {