Merge pull request #10312 from terraform-providers/t-aws_iam_server_certificate-remove-tls-provider

bflad · web-flow · commit 306fb88ae07c · 2019-10-09T08:39:51.000-04:00
tests/service/iam: Use internal implementation for TLS key/certificate
diff --git a/aws/data_source_aws_iam_server_certificate_test.go b/aws/data_source_aws_iam_server_certificate_test.go
@@ -39,15 +39,18 @@ func TestResourceSortByExpirationDate(t *testing.T) {
 }
 
 func TestAccAWSDataSourceIAMServerCertificate_basic(t *testing.T) {
-	rInt := acctest.RandInt()
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+
+	key := tlsRsaPrivateKeyPem(2048)
+	certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProvidersWithTLS,
+		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAwsDataIAMServerCertConfig(rInt),
+				Config: testAccAwsDataIAMServerCertConfig(rName, key, certificate),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("aws_iam_server_certificate.test_cert", "arn"),
 					resource.TestCheckResourceAttrSet("data.aws_iam_server_certificate.test", "arn"),
@@ -78,17 +81,20 @@ func TestAccAWSDataSourceIAMServerCertificate_matchNamePrefix(t *testing.T) {
 }
 
 func TestAccAWSDataSourceIAMServerCertificate_path(t *testing.T) {
-	rInt := acctest.RandInt()
+	rName := acctest.RandomWithPrefix("tf-acc-test")
 	path := "/test-path/"
 	pathPrefix := "/test-path/"
 
+	key := tlsRsaPrivateKeyPem(2048)
+	certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProvidersWithTLS,
+		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAwsDataIAMServerCertConfigPath(rInt, path, pathPrefix),
+				Config: testAccAwsDataIAMServerCertConfigPath(rName, path, pathPrefix, key, certificate),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("data.aws_iam_server_certificate.test", "path", path),
 				),
@@ -97,27 +103,36 @@ func TestAccAWSDataSourceIAMServerCertificate_path(t *testing.T) {
 	})
 }
 
-func testAccAwsDataIAMServerCertConfig(rInt int) string {
+func testAccAwsDataIAMServerCertConfig(rName, key, certificate string) string {
 	return fmt.Sprintf(`
-%s
+resource "aws_iam_server_certificate" "test_cert" {
+  name             = "%[1]s"
+  certificate_body = "%[2]s"
+  private_key      = "%[3]s"
+}
 
 data "aws_iam_server_certificate" "test" {
   name   = "${aws_iam_server_certificate.test_cert.name}"
   latest = true
 }
-`, testAccIAMServerCertConfig(rInt))
+`, rName, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
 }
 
-func testAccAwsDataIAMServerCertConfigPath(rInt int, path, pathPrefix string) string {
+func testAccAwsDataIAMServerCertConfigPath(rName, path, pathPrefix, key, certificate string) string {
 	return fmt.Sprintf(`
-%s
+resource "aws_iam_server_certificate" "test_cert" {
+  name             = "%[1]s"
+  path             = "%[2]s"
+  certificate_body = "%[3]s"
+  private_key      = "%[4]s"
+}
 
 data "aws_iam_server_certificate" "test" {
   name        = "${aws_iam_server_certificate.test_cert.name}"
-  path_prefix = "%s"
+  path_prefix = "%[5]s"
   latest      = true
 }
-`, testAccIAMServerCertConfig_path(rInt, path), pathPrefix)
+`, rName, path, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key), pathPrefix)
 }
 
 var testAccAwsDataIAMServerCertConfigMatchNamePrefix = `
diff --git a/aws/resource_aws_iam_server_certificate_test.go b/aws/resource_aws_iam_server_certificate_test.go
@@ -55,29 +55,30 @@ func testSweepIamServerCertificates(region string) error {
 
 func TestAccAWSIAMServerCertificate_basic(t *testing.T) {
 	var cert iam.ServerCertificate
-	rInt := acctest.RandInt()
-	var certBody string
+
 	resourceName := "aws_iam_server_certificate.test_cert"
-	resourceId := fmt.Sprintf("terraform-test-cert-%d", rInt)
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+
+	key := tlsRsaPrivateKeyPem(2048)
+	certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProvidersWithTLS,
+		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccIAMServerCertConfig(rInt),
+				Config: testAccIAMServerCertConfig(rName, key, certificate),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists(resourceName, &cert),
-					getCertBody(&certBody),
-					testAccCheckAWSServerCertAttributes(&cert, &certBody),
+					testAccCheckAWSServerCertAttributes(&cert, &certificate),
 				),
 			},
 			{
 				ResourceName:      resourceName,
 				ImportState:       true,
 				ImportStateVerify: true,
-				ImportStateId:     resourceId,
+				ImportStateId:     rName,
 				ImportStateVerifyIgnore: []string{
 					"private_key"},
 			},
@@ -87,20 +88,22 @@ func TestAccAWSIAMServerCertificate_basic(t *testing.T) {
 
 func TestAccAWSIAMServerCertificate_name_prefix(t *testing.T) {
 	var cert iam.ServerCertificate
-	var certBody string
+
 	resourceName := "aws_iam_server_certificate.test_cert"
 
+	key := tlsRsaPrivateKeyPem(2048)
+	certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProvidersWithTLS,
+		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccIAMServerCertConfig_random(),
+				Config: testAccIAMServerCertConfig_random(key, certificate),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists(resourceName, &cert),
-					getCertBody(&certBody),
-					testAccCheckAWSServerCertAttributes(&cert, &certBody),
+					testAccCheckAWSServerCertAttributes(&cert, &certificate),
 				),
 			},
 		},
@@ -111,6 +114,9 @@ func TestAccAWSIAMServerCertificate_disappears(t *testing.T) {
 	var cert iam.ServerCertificate
 	resourceName := "aws_iam_server_certificate.test_cert"
 
+	key := tlsRsaPrivateKeyPem(2048)
+	certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
+
 	testDestroyCert := func(*terraform.State) error {
 		// reach out and DELETE the Cert
 		conn := testAccProvider.Meta().(*AWSClient).iamconn
@@ -127,11 +133,11 @@ func TestAccAWSIAMServerCertificate_disappears(t *testing.T) {
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProvidersWithTLS,
+		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccIAMServerCertConfig_random(),
+				Config: testAccIAMServerCertConfig_random(key, certificate),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCertExists(resourceName, &cert),
 					testDestroyCert,
@@ -180,6 +186,40 @@ func TestAccAWSIAMServerCertificate_file(t *testing.T) {
 	})
 }
 
+func TestAccAWSIAMServerCertificate_Path(t *testing.T) {
+	var cert iam.ServerCertificate
+
+	resourceName := "aws_iam_server_certificate.test_cert"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+
+	key := tlsRsaPrivateKeyPem(2048)
+	certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMServerCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccIAMServerCertConfig_path(rName, "/test/", key, certificate),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCertExists(resourceName, &cert),
+					testAccCheckAWSServerCertAttributes(&cert, &certificate),
+					resource.TestCheckResourceAttr(resourceName, "path", "/test/"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateId:     rName,
+				ImportStateVerifyIgnore: []string{
+					"private_key"},
+			},
+		},
+	})
+}
+
 func testAccCheckCertExists(n string, cert *iam.ServerCertificate) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -206,22 +246,9 @@ func testAccCheckCertExists(n string, cert *iam.ServerCertificate) resource.Test
 	}
 }
 
-func getCertBody(body *string) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		for _, rs := range s.RootModule().Resources {
-			if rs.Type != "tls_self_signed_cert" {
-				continue
-			}
-
-			*body = rs.Primary.Attributes["cert_pem"]
-		}
-		return nil
-	}
-}
-
 func testAccCheckAWSServerCertAttributes(cert *iam.ServerCertificate, certBody *string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-		if !strings.Contains(*cert.ServerCertificateMetadata.ServerCertificateName, "terraform-test-cert") {
+		if !strings.Contains(*cert.ServerCertificateMetadata.ServerCertificateName, "tf-acc-test") {
 			return fmt.Errorf("Bad Server Cert Name: %s", *cert.ServerCertificateMetadata.ServerCertificateName)
 		}
 
@@ -258,65 +285,35 @@ func testAccCheckIAMServerCertificateDestroy(s *terraform.State) error {
 	return nil
 }
 
-const testAccTLSServerCert = `
-resource "tls_private_key" "example" {
-  algorithm = "RSA"
-}
-
-resource "tls_self_signed_cert" "example" {
-  key_algorithm   = "RSA"
-  private_key_pem = "${tls_private_key.example.private_key_pem}"
-
-  subject {
-    common_name  = "example.com"
-    organization = "ACME Examples, Inc"
-  }
-
-  validity_period_hours = 12
-
-  allowed_uses = [
-    "key_encipherment",
-    "digital_signature",
-    "server_auth",
-  ]
-}
-`
-
-func testAccIAMServerCertConfig(rInt int) string {
+func testAccIAMServerCertConfig(rName, key, certificate string) string {
 	return fmt.Sprintf(`
-%s
-
 resource "aws_iam_server_certificate" "test_cert" {
-  name             = "terraform-test-cert-%d"
-  certificate_body = "${tls_self_signed_cert.example.cert_pem}"
-  private_key      = "${tls_private_key.example.private_key_pem}"
+  name             = "%[1]s"
+  certificate_body = "%[2]s"
+  private_key      = "%[3]s"
 }
-`, testAccTLSServerCert, rInt)
+`, rName, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
 }
 
-func testAccIAMServerCertConfig_random() string {
+func testAccIAMServerCertConfig_random(key, certificate string) string {
 	return fmt.Sprintf(`
-%s 
-
 resource "aws_iam_server_certificate" "test_cert" {
-  name_prefix = "terraform-test-cert"
-  certificate_body = "${tls_self_signed_cert.example.cert_pem}"
-  private_key      = "${tls_private_key.example.private_key_pem}"
+  name_prefix      = "tf-acc-test"
+  certificate_body = "%[1]s"
+  private_key      = "%[2]s"
 }
-`, testAccTLSServerCert)
+`, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
 }
 
-func testAccIAMServerCertConfig_path(rInt int, path string) string {
+func testAccIAMServerCertConfig_path(rName, path, key, certificate string) string {
 	return fmt.Sprintf(`
-%s
-
 resource "aws_iam_server_certificate" "test_cert" {
-  name             = "terraform-test-cert-%d"
-  path             = "%s"
-  certificate_body = "${tls_self_signed_cert.example.cert_pem}"
-  private_key      = "${tls_private_key.example.private_key_pem}"
+  name             = "%[1]s"
+  path             = "%[2]s"
+  certificate_body = "%[3]s"
+  private_key      = "%[4]s"
 }
-`, testAccTLSServerCert, rInt, path)
+`, rName, path, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
 }
 
 // iam-ssl-unix-line-endings
