Skip to content

Commit

Permalink
tests/provider: Fix hardcoded ARN (DB*)
Browse files Browse the repository at this point in the history
  • Loading branch information
YakDriver committed Oct 20, 2020
1 parent 512f2ab commit e269746
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 29 deletions.
5 changes: 4 additions & 1 deletion aws/data_source_aws_db_instance_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,11 @@ func TestAccAWSDbInstanceDataSource_basic(t *testing.T) {
}

func TestAccAWSDbInstanceDataSource_ec2Classic(t *testing.T) {
hardcodedRegion := "us-east-1" // lintignore:AWSAT003
testAccReachableRegionPreCheck(hardcodedRegion, t)

oldvar := os.Getenv("AWS_DEFAULT_REGION")
os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
os.Setenv("AWS_DEFAULT_REGION", hardcodedRegion)
defer os.Setenv("AWS_DEFAULT_REGION", oldvar)

rInt := acctest.RandInt()
Expand Down
9 changes: 9 additions & 0 deletions aws/provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -528,6 +528,15 @@ func testAccEC2ClassicPreCheck(t *testing.T) {
}
}

// testAccReachableRegionPreCheck checks whether the partition of the current region includes the given region
func testAccReachableRegionPreCheck(region string, t *testing.T) {
if partition, ok := endpoints.PartitionForRegion(endpoints.DefaultPartitions(), testAccGetRegion()); ok {
if _, ok := partition.Regions()[region]; !ok {
t.Skip(fmt.Sprintf("skipping test; partition %s does not have %s region", partition.ID(), region))
}
}
}

func testAccEC2VPCOnlyPreCheck(t *testing.T) {
client := testAccProvider.Meta().(*AWSClient)
platforms := client.supportedplatforms
Expand Down
48 changes: 27 additions & 21 deletions aws/resource_aws_db_instance_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2234,12 +2234,14 @@ func TestAccAWSDBInstance_MinorVersion(t *testing.T) {
}

func TestAccAWSDBInstance_ec2Classic(t *testing.T) {
var v rds.DBInstance
hardcodedRegion := "us-east-1" // lintignore:AWSAT003
testAccReachableRegionPreCheck(hardcodedRegion, t)

oldvar := os.Getenv("AWS_DEFAULT_REGION")
os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
os.Setenv("AWS_DEFAULT_REGION", hardcodedRegion)
defer os.Setenv("AWS_DEFAULT_REGION", oldvar)

var v rds.DBInstance
rInt := acctest.RandInt()

resource.ParallelTest(t, resource.TestCase{
Expand Down Expand Up @@ -3239,6 +3241,8 @@ resource "aws_s3_bucket_object" "xtrabackup_db" {
etag = filemd5("./testdata/mysql-5-6-xtrabackup.tar.gz")
}
data "aws_partition" "current" {}
resource "aws_iam_role" "rds_s3_access_role" {
name = "%[3]s-role"
Expand All @@ -3250,7 +3254,7 @@ resource "aws_iam_role" "rds_s3_access_role" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -3399,8 +3403,7 @@ resource "aws_db_instance" "snapshot" {

func testAccAWSDbInstanceConfig_MonitoringInterval(rName string, monitoringInterval int) string {
return fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -3413,7 +3416,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -3491,8 +3494,7 @@ resource "aws_db_instance" "test" {

func testAccAWSDbInstanceConfig_MonitoringRoleArn(rName string) string {
return fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -3505,7 +3507,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -4047,6 +4049,8 @@ resource "aws_directory_service_directory" "bar" {
}
}
data "aws_partition" "current" {}
resource "aws_iam_role" "role" {
name = "tf-acc-db-instance-mssql-domain-role-%[1]d"
Expand All @@ -4057,7 +4061,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Effect": "Allow",
"Sid": ""
Expand All @@ -4069,7 +4073,7 @@ EOF
resource "aws_iam_role_policy_attachment" "attatch-policy" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
`, rInt))
}
Expand Down Expand Up @@ -4176,6 +4180,8 @@ resource "aws_directory_service_directory" "bar" {
}
}
data "aws_partition" "current" {}
resource "aws_iam_role" "role" {
name = "tf-acc-db-instance-mssql-domain-role-%[1]d"
Expand All @@ -4186,7 +4192,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Effect": "Allow",
"Sid": ""
Expand All @@ -4198,7 +4204,7 @@ EOF
resource "aws_iam_role_policy_attachment" "attatch-policy" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
`, rInt))
}
Expand Down Expand Up @@ -4309,6 +4315,8 @@ resource "aws_directory_service_directory" "foo" {
}
}
data "aws_partition" "current" {}
resource "aws_iam_role" "role" {
name = "tf-acc-db-instance-mssql-domain-role-%[1]d"
Expand All @@ -4319,7 +4327,7 @@ resource "aws_iam_role" "role" {
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "rds.amazonaws.com"
"Service": "rds.${data.aws_partition.current.dns_suffix}"
},
"Effect": "Allow",
"Sid": ""
Expand All @@ -4331,7 +4339,7 @@ EOF
resource "aws_iam_role_policy_attachment" "attatch-policy" {
role = aws_iam_role.role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess"
}
`, rInt))
}
Expand Down Expand Up @@ -5673,8 +5681,7 @@ resource "aws_db_instance" "test" {

func testAccAWSDBInstanceConfig_ReplicateSourceDb_Monitoring(rName string, monitoringInterval int) string {
return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -5687,7 +5694,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down Expand Up @@ -6472,8 +6479,7 @@ resource "aws_db_instance" "test" {

func testAccAWSDBInstanceConfig_SnapshotIdentifier_Monitoring(rName string, monitoringInterval int) string {
return composeConfig(testAccAWSDBInstanceConfig_orderableClassMariadb(), fmt.Sprintf(`
data "aws_partition" "current" {
}
data "aws_partition" "current" {}
resource "aws_iam_role" "test" {
name = %[1]q
Expand All @@ -6486,7 +6492,7 @@ resource "aws_iam_role" "test" {
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
"Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}"
},
"Action": "sts:AssumeRole"
}
Expand Down
12 changes: 7 additions & 5 deletions aws/resource_aws_db_option_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -568,7 +568,7 @@ func testAccCheckAWSDBOptionGroupOptionSettingsIAMRole(optionGroup *rds.OptionGr
}

settingValue := aws.StringValue(optionGroup.Options[0].OptionSettings[0].Value)
iamArnRegExp := regexp.MustCompile(`^arn:aws:iam::\d{12}:role/.+`)
iamArnRegExp := regexp.MustCompile(fmt.Sprintf(`^arn:%s:iam::\d{12}:role/.+`, testAccGetPartition()))
if !iamArnRegExp.MatchString(settingValue) {
return fmt.Errorf("Expected option setting to be a valid IAM role but received %s", settingValue)
}
Expand Down Expand Up @@ -733,24 +733,26 @@ resource "aws_db_option_group" "bar" {

func testAccAWSDBOptionGroupOptionSettingsIAMRole(r string) string {
return fmt.Sprintf(`
data "aws_partition" "current" {}
data "aws_iam_policy_document" "rds_assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["rds.amazonaws.com"]
identifiers = ["rds.${data.aws_partition.current.dns_suffix}"]
}
}
}
resource "aws_iam_role" "sql_server_backup" {
name = "rds-backup-%s"
name = "rds-backup-%[1]s"
assume_role_policy = data.aws_iam_policy_document.rds_assume_role.json
}
resource "aws_db_option_group" "bar" {
name = "%s"
name = "%[1]s"
option_group_description = "Test option group for terraform"
engine_name = "sqlserver-ex"
major_engine_version = "14.00"
Expand All @@ -764,7 +766,7 @@ resource "aws_db_option_group" "bar" {
}
}
}
`, r, r)
`, r)
}

func testAccAWSDBOptionGroupOptionSettings_update(r string) string {
Expand Down
7 changes: 5 additions & 2 deletions aws/resource_aws_db_security_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,14 @@ import (
)

func TestAccAWSDBSecurityGroup_basic(t *testing.T) {
var v rds.DBSecurityGroup
hardcodedRegion := "us-east-1" // lintignore:AWSAT003
testAccReachableRegionPreCheck(hardcodedRegion, t)

oldvar := os.Getenv("AWS_DEFAULT_REGION")
os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
os.Setenv("AWS_DEFAULT_REGION", hardcodedRegion)
defer os.Setenv("AWS_DEFAULT_REGION", oldvar)

var v rds.DBSecurityGroup
resourceName := "aws_db_security_group.test"
rName := fmt.Sprintf("tf-acc-%s", acctest.RandString(5))

Expand Down

0 comments on commit e269746

Please sign in to comment.