func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iam_user_policy" {
continue
}
role, name := resourceAwsIamRolePolicyParseId(rs.Primary.ID)
request := &iam.GetRolePolicyInput{
PolicyName: aws.String(name),
RoleName: aws.String(role),
}
var err error
getResp, err := iamconn.GetRolePolicy(request)
if err != nil {
if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
// none found, that's good
return nil
}
return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err)
}
if getResp != nil {
return fmt.Errorf("Found IAM Role, expected none: %s", getResp)
}
}
return nil
}
func testAccCheckAWSInspectorTemplateDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).inspectorconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_inspector_assessment_template" {
continue
}
resp, err := conn.DescribeAssessmentTemplates(&inspector.DescribeAssessmentTemplatesInput{
AssessmentTemplateArns: []*string{
aws.String(rs.Primary.ID),
},
})
if err != nil {
if inspectorerr, ok := err.(awserr.Error); ok && inspectorerr.Code() == "InvalidInputException" {
return nil
} else {
return fmt.Errorf("Error finding Inspector Assessment Template: %s", err)
}
}
if len(resp.AssessmentTemplates) > 0 {
return fmt.Errorf("Found Template, expected none: %s", resp)
}
}
return nil
}
func testAccCheckAWSEIPDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_eip" {
continue
}
req := &ec2.DescribeAddressesInput{
PublicIPs: []*string{aws.String(rs.Primary.ID)},
}
describe, err := conn.DescribeAddresses(req)
if err == nil {
if len(describe.Addresses) != 0 &&
*describe.Addresses[0].PublicIP == rs.Primary.ID {
return fmt.Errorf("EIP still exists")
}
}
// Verify the error
providerErr, ok := err.(awserr.Error)
if !ok {
return err
}
if providerErr.Code() != "InvalidAllocationID.NotFound" {
return fmt.Errorf("Unexpected error: %s", err)
}
}
return nil
}
func testAccCheckVcdSNATDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*VCDClient)
for _, rs := range s.RootModule().Resources {
if rs.Type != "vcd_snat" {
continue
}
gatewayName := rs.Primary.Attributes["edge_gateway"]
edgeGateway, err := conn.OrgVdc.FindEdgeGateway(gatewayName)
if err != nil {
return fmt.Errorf("Could not find edge gateway")
}
var found bool
for _, v := range edgeGateway.EdgeGateway.Configuration.EdgeGatewayServiceConfiguration.NatService.NatRule {
if v.RuleType == "SNAT" &&
v.GatewayNatRule.OriginalIP == "10.10.102.0/24" &&
v.GatewayNatRule.OriginalPort == "" &&
v.GatewayNatRule.TranslatedIP == os.Getenv("VCD_EXTERNAL_IP") {
found = true
}
}
if found {
return fmt.Errorf("SNAT rule still exists.")
}
}
return nil
}
func testCheckAzureRMNetworkSecurityRuleDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*ArmClient).secRuleClient
for _, rs := range s.RootModule().Resources {
if rs.Type != "azurerm_network_security_rule" {
continue
}
sgName := rs.Primary.Attributes["network_security_group_name"]
sgrName := rs.Primary.Attributes["name"]
resourceGroup := rs.Primary.Attributes["resource_group_name"]
resp, err := conn.Get(resourceGroup, sgName, sgrName)
if err != nil {
return nil
}
if resp.StatusCode != http.StatusNotFound {
return fmt.Errorf("Network Security Rule still exists:\n%#v", resp.Properties)
}
}
return nil
}
func testAccAwsOpsworksCheckVpc(s *terraform.State) error {
rs, ok := s.RootModule().Resources["aws_opsworks_stack.tf-acc"]
if !ok {
return fmt.Errorf("Not found: %s", "aws_opsworks_stack.tf-acc")
}
if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
}
p := rs.Primary
opsworksconn := testAccProvider.Meta().(*AWSClient).opsworksconn
describeOpts := &opsworks.DescribeStacksInput{
StackIds: []*string{aws.String(p.ID)},
}
resp, err := opsworksconn.DescribeStacks(describeOpts)
if err != nil {
return err
}
if len(resp.Stacks) == 0 {
return fmt.Errorf("No stack %s not found", p.ID)
}
if p.Attributes["vpc_id"] != *resp.Stacks[0].VpcId {
return fmt.Errorf("VPCID Got %s, expected %s", *resp.Stacks[0].VpcId, p.Attributes["vpc_id"])
}
if p.Attributes["default_subnet_id"] != *resp.Stacks[0].DefaultSubnetId {
return fmt.Errorf("VPCID Got %s, expected %s", *resp.Stacks[0].DefaultSubnetId, p.Attributes["default_subnet_id"])
}
return nil
}
func testAccCheckDigitalOceanDropletDestroy(s *terraform.State) error {
client := testAccProvider.Meta().(*godo.Client)
for _, rs := range s.RootModule().Resources {
if rs.Type != "digitalocean_droplet" {
continue
}
id, err := strconv.Atoi(rs.Primary.ID)
if err != nil {
return err
}
// Try to find the Droplet
_, _, err = client.Droplets.Get(id)
// Wait
if err != nil && !strings.Contains(err.Error(), "404") {
return fmt.Errorf(
"Error waiting for droplet (%s) to be destroyed: %s",
rs.Primary.ID, err)
}
}
return nil
}
func testAccCheckAWSSNSTopicDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).snsconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_sns_topic" {
continue
}
// Check if the topic exists by fetching its attributes
params := &sns.GetTopicAttributesInput{
TopicArn: aws.String(rs.Primary.ID),
}
_, err := conn.GetTopicAttributes(params)
if err == nil {
return fmt.Errorf("Topic exists when it should be destroyed!")
}
// Verify the error is an API error, not something else
_, ok := err.(awserr.Error)
if !ok {
return err
}
}
return nil
}
func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_security_group" {
continue
}
// Retrieve our group
req := &ec2.DescribeSecurityGroupsInput{
GroupIds: []*string{aws.String(rs.Primary.ID)},
}
resp, err := conn.DescribeSecurityGroups(req)
if err == nil {
if len(resp.SecurityGroups) > 0 && *resp.SecurityGroups[0].GroupId == rs.Primary.ID {
return fmt.Errorf("Security Group (%s) still exists.", rs.Primary.ID)
}
return nil
}
ec2err, ok := err.(awserr.Error)
if !ok {
return err
}
// Confirm error code is what we want
if ec2err.Code() != "InvalidGroup.NotFound" {
return err
}
}
return nil
}
func testAccCheckDBSubnetGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).rdsconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_db_subnet_group" {
continue
}
// Try to find the resource
resp, err := conn.DescribeDBSubnetGroups(
&rds.DescribeDBSubnetGroupsInput{DBSubnetGroupName: aws.String(rs.Primary.ID)})
if err == nil {
if len(resp.DBSubnetGroups) > 0 {
return fmt.Errorf("still exist.")
}
return nil
}
// Verify the error is what we want
rdserr, ok := err.(awserr.Error)
if !ok {
return err
}
if rdserr.Code() != "DBSubnetGroupNotFoundFault" {
return err
}
}
return nil
}
func testAccCheckAWSAutoscalingLifecycleHookDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).autoscalingconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_autoscaling_group" {
continue
}
params := autoscaling.DescribeLifecycleHooksInput{
AutoScalingGroupName: aws.String(rs.Primary.Attributes["autoscaling_group_name"]),
LifecycleHookNames: []*string{aws.String(rs.Primary.ID)},
}
resp, err := conn.DescribeLifecycleHooks(¶ms)
if err == nil {
if len(resp.LifecycleHooks) != 0 &&
*resp.LifecycleHooks[0].LifecycleHookName == rs.Primary.ID {
return fmt.Errorf("Lifecycle Hook Still Exists: %s", rs.Primary.ID)
}
}
}
return nil
}
func testAccCheckAzureDataDiskDestroy(s *terraform.State) error {
vmDiskClient := testAccProvider.Meta().(*Client).vmDiskClient
for _, rs := range s.RootModule().Resources {
if rs.Type != "azure_data_disk" {
continue
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Disk ID is set")
}
vm := rs.Primary.Attributes["virtual_machine"]
lun, err := strconv.Atoi(rs.Primary.Attributes["lun"])
if err != nil {
return err
}
_, err = vmDiskClient.GetDataDisk(vm, vm, vm, lun)
if err == nil {
return fmt.Errorf("Data disk %s still exists", rs.Primary.ID)
}
if !management.IsResourceNotFoundError(err) {
return err
}
}
return nil
}
func testAccCheckAWSDynamoDbTableDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).dynamodbconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_dynamodb_table" {
continue
}
fmt.Printf("[DEBUG] Checking if DynamoDB table %s exists", rs.Primary.ID)
// Check if queue exists by checking for its attributes
params := &dynamodb.DescribeTableInput{
TableName: aws.String(rs.Primary.ID),
}
_, err := conn.DescribeTable(params)
if err == nil {
return fmt.Errorf("DynamoDB table %s still exists. Failing!", rs.Primary.ID)
}
// Verify the error is what we want
_, ok := err.(awserr.Error)
if !ok {
return err
}
}
return nil
}
func testAccCheckRouteTableDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_route_table" {
continue
}
// Try to find the resource
resp, err := conn.DescribeRouteTables(&ec2.DescribeRouteTablesRequest{
RouteTableIDs: []string{rs.Primary.ID},
})
if err == nil {
if len(resp.RouteTables) > 0 {
return fmt.Errorf("still exist.")
}
return nil
}
// Verify the error is what we want
ec2err, ok := err.(aws.APIError)
if !ok {
return err
}
if ec2err.Code != "InvalidRouteTableID.NotFound" {
return err
}
}
return nil
}
func testAccCheckAWSClusterDestroy(s *terraform.State) error {
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_rds_cluster" {
continue
}
// Try to find the Group
conn := testAccProvider.Meta().(*AWSClient).rdsconn
var err error
resp, err := conn.DescribeDBClusters(
&rds.DescribeDBClustersInput{
DBClusterIdentifier: aws.String(rs.Primary.ID),
})
if err == nil {
if len(resp.DBClusters) != 0 &&
*resp.DBClusters[0].DBClusterIdentifier == rs.Primary.ID {
return fmt.Errorf("DB Cluster %s still exists", rs.Primary.ID)
}
}
// Return nil if the cluster is already destroyed
if awsErr, ok := err.(awserr.Error); ok {
if awsErr.Code() == "DBClusterNotFoundFault" {
return nil
}
}
return err
}
return nil
}
func testAccCheckAppCookieStickinessPolicyDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).elbconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_app_cookie_stickiness_policy" {
continue
}
lbName, _, policyName := resourceAwsAppCookieStickinessPolicyParseId(
rs.Primary.ID)
out, err := conn.DescribeLoadBalancerPolicies(
&elb.DescribeLoadBalancerPoliciesInput{
LoadBalancerName: aws.String(lbName),
PolicyNames: []*string{aws.String(policyName)},
})
if err != nil {
if ec2err, ok := err.(awserr.Error); ok && (ec2err.Code() == "PolicyNotFound" || ec2err.Code() == "LoadBalancerNotFound") {
continue
}
return err
}
if len(out.PolicyDescriptions) > 0 {
return fmt.Errorf("Policy still exists")
}
}
return nil
}
func testAccCheckAWSAutoScalingGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).autoscalingconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_autoscaling_group" {
continue
}
// Try to find the Group
describeGroups, err := conn.DescribeAutoScalingGroups(
&autoscaling.DescribeAutoScalingGroupsInput{
AutoScalingGroupNames: []*string{aws.String(rs.Primary.ID)},
})
if err == nil {
if len(describeGroups.AutoScalingGroups) != 0 &&
*describeGroups.AutoScalingGroups[0].AutoScalingGroupName == rs.Primary.ID {
return fmt.Errorf("AutoScaling Group still exists")
}
}
// Verify the error
ec2err, ok := err.(awserr.Error)
if !ok {
return err
}
if ec2err.Code() != "InvalidGroup.NotFound" {
return err
}
}
return nil
}
func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).iamconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iam_group_membership" {
continue
}
group := rs.Primary.Attributes["group"]
_, err := conn.GetGroup(&iam.GetGroupInput{
GroupName: aws.String(group),
})
if err != nil {
// Verify the error is what we want
if ae, ok := err.(awserr.Error); ok && ae.Code() == "NoSuchEntity" {
continue
}
return err
}
return fmt.Errorf("still exists")
}
return nil
}
func testAccCheckAwsOpsworksStackDestroy(s *terraform.State) error {
opsworksconn := testAccProvider.Meta().(*AWSClient).opsworksconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_opsworks_stack" {
continue
}
req := &opsworks.DescribeStacksInput{
StackIds: []*string{
aws.String(rs.Primary.ID),
},
}
_, err := opsworksconn.DescribeStacks(req)
if err != nil {
if awserr, ok := err.(awserr.Error); ok {
if awserr.Code() == "ResourceNotFoundException" {
// not found, all good
return nil
}
}
return err
}
}
return fmt.Errorf("Fall through error for OpsWorks stack test")
}
func outputsAsString(state *terraform.State) string {
if state == nil {
return ""
}
outputs := state.RootModule().Outputs
outputBuf := new(bytes.Buffer)
if len(outputs) > 0 {
outputBuf.WriteString("[reset][bold][green]\nOutputs:\n\n")
// Output the outputs in alphabetical order
keyLen := 0
keys := make([]string, 0, len(outputs))
for key, _ := range outputs {
keys = append(keys, key)
if len(key) > keyLen {
keyLen = len(key)
}
}
sort.Strings(keys)
for _, k := range keys {
v := outputs[k]
outputBuf.WriteString(fmt.Sprintf(
" %s%s = %s\n",
k,
strings.Repeat(" ", keyLen-len(k)),
v))
}
}
return strings.TrimSpace(outputBuf.String())
}
func testAccCheckAWSDBSecurityGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).rdsconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_db_security_group" {
continue
}
// Try to find the Group
resp, err := conn.DescribeDBSecurityGroups(
&rds.DescribeDBSecurityGroupsInput{
DBSecurityGroupName: aws.String(rs.Primary.ID),
})
if err == nil {
if len(resp.DBSecurityGroups) != 0 &&
*resp.DBSecurityGroups[0].DBSecurityGroupName == rs.Primary.ID {
return fmt.Errorf("DB Security Group still exists")
}
}
// Verify the error
newerr, ok := err.(awserr.Error)
if !ok {
return err
}
if newerr.Code() != "InvalidDBSecurityGroup.NotFound" {
return err
}
}
return nil
}
func testAccCheckAWSAPIGatewayMethodDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).apigateway
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_api_gateway_method" {
continue
}
req := &apigateway.GetMethodInput{
HttpMethod: aws.String("GET"),
ResourceId: aws.String(s.RootModule().Resources["aws_api_gateway_resource.test"].Primary.ID),
RestApiId: aws.String(s.RootModule().Resources["aws_api_gateway_rest_api.test"].Primary.ID),
}
_, err := conn.GetMethod(req)
if err == nil {
return fmt.Errorf("API Gateway Method still exists")
}
aws2err, ok := err.(awserr.Error)
if !ok {
return err
}
if aws2err.Code() != "NotFoundException" {
return err
}
return nil
}
return nil
}
func testAccCheckVpnGatewayDestroy(s *terraform.State) error {
ec2conn := testAccProvider.Meta().(*AWSClient).ec2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_vpn_gateway" {
continue
}
// Try to find the resource
resp, err := ec2conn.DescribeVPNGateways(&ec2.DescribeVPNGatewaysInput{
VPNGatewayIDs: []*string{aws.String(rs.Primary.ID)},
})
if err == nil {
if len(resp.VPNGateways) > 0 {
return fmt.Errorf("still exists")
}
return nil
}
// Verify the error is what we want
ec2err, ok := err.(awserr.Error)
if !ok {
return err
}
if ec2err.Code() != "InvalidVpnGatewayID.NotFound" {
return err
}
}
return nil
}
func testAccCheckSESReceiptRuleSetDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).sesConn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_ses_receipt_rule_set" {
continue
}
params := &ses.DescribeReceiptRuleSetInput{
RuleSetName: aws.String("just-a-test"),
}
_, err := conn.DescribeReceiptRuleSet(params)
if err == nil {
return fmt.Errorf("Receipt rule set %s still exists. Failing!", rs.Primary.ID)
}
// Verify the error is what we want
_, ok := err.(awserr.Error)
if !ok {
return err
}
}
return nil
}
func testAccCheckVpcEndpointDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ec2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_vpc_endpoint" {
continue
}
// Try to find the VPC
input := &ec2.DescribeVpcEndpointsInput{
VpcEndpointIds: []*string{aws.String(rs.Primary.ID)},
}
resp, err := conn.DescribeVpcEndpoints(input)
if err != nil {
// Verify the error is what we want
if ae, ok := err.(awserr.Error); ok && ae.Code() == "InvalidVpcEndpointId.NotFound" {
continue
}
return err
}
if len(resp.VpcEndpoints) > 0 {
return fmt.Errorf("VPC Endpoints still exist.")
}
return err
}
return nil
}
func testAccCheckVSphereVirtualMachineDestroy(s *terraform.State) error {
client := testAccProvider.Meta().(*govmomi.Client)
finder := find.NewFinder(client.Client, true)
for _, rs := range s.RootModule().Resources {
if rs.Type != "vsphere_virtual_machine" {
continue
}
dc, err := finder.Datacenter(context.TODO(), rs.Primary.Attributes["datacenter"])
if err != nil {
return fmt.Errorf("error %s", err)
}
dcFolders, err := dc.Folders(context.TODO())
if err != nil {
return fmt.Errorf("error %s", err)
}
_, err = object.NewSearchIndex(client.Client).FindChild(context.TODO(), dcFolders.VmFolder, rs.Primary.Attributes["name"])
if err == nil {
return fmt.Errorf("Record still exists")
}
}
return nil
}
func testAccCheckAWSALBTargetGroupDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).elbv2conn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_alb_target_group" {
continue
}
describe, err := conn.DescribeTargetGroups(&elbv2.DescribeTargetGroupsInput{
TargetGroupArns: []*string{aws.String(rs.Primary.ID)},
})
if err == nil {
if len(describe.TargetGroups) != 0 &&
*describe.TargetGroups[0].TargetGroupArn == rs.Primary.ID {
return fmt.Errorf("Target Group %q still exists", rs.Primary.ID)
}
}
// Verify the error
if isTargetGroupNotFound(err) {
return nil
} else {
return errwrap.Wrapf("Unexpected error checking ALB destroyed: {{err}}", err)
}
}
return nil
}
func testAccCheckCloudStackPortForwardDestroy(s *terraform.State) error {
cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
for _, rs := range s.RootModule().Resources {
if rs.Type != "cloudstack_port_forward" {
continue
}
if rs.Primary.ID == "" {
return fmt.Errorf("No port forward ID is set")
}
for k, id := range rs.Primary.Attributes {
if !strings.Contains(k, "uuid") {
continue
}
_, _, err := cs.Firewall.GetPortForwardingRuleByID(id)
if err == nil {
return fmt.Errorf("Port forward %s still exists", rs.Primary.ID)
}
}
}
return nil
}
func testAccCheckDatadogMetricAlertDestroy(s *terraform.State) error {
client := testAccProvider.Meta().(*datadog.Client)
for _, rs := range s.RootModule().Resources {
for _, v := range strings.Split(rs.Primary.ID, "__") {
if v == "" {
fmt.Printf("Could not parse IDs. %s", v)
return fmt.Errorf("Id not set.")
}
ID, iErr := strconv.Atoi(v)
if iErr != nil {
fmt.Printf("Received error converting string %s", iErr)
return iErr
}
_, err := client.GetMonitor(ID)
if err != nil {
// 404 is what we want, anything else is an error. Sadly our API will return a string like so:
// return errors.New("API error: " + resp.Status)
// For now we'll use unfold :|
if strings.EqualFold(err.Error(), "API error: 404 Not Found") {
continue
} else {
fmt.Errorf("Received an error retrieving monitor %s", err)
}
} else {
fmt.Errorf("Monitor still exists. %s", err)
}
}
}
return nil
}
func testAccCheckAWSLambdaPermissionDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).lambdaconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_lambda_permission" {
continue
}
// IAM is eventually consistent
err := resource.Retry(5*time.Minute, func() error {
err := isLambdaPermissionGone(rs, conn)
if err != nil {
if !strings.HasPrefix(err.Error(), "Error unmarshalling Lambda policy") {
return err
}
return resource.RetryError{Err: err}
}
return nil
})
if err != nil {
return err
}
}
return nil
}