terraform-provider-greenhost/digitalocean/resource_digitalocean_firew...

package digitalocean

import (
	"context"
	"fmt"
	"testing"

	"github.com/digitalocean/godo"
	"github.com/hashicorp/terraform/helper/acctest"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/terraform"
)

func TestAccDigitalOceanFirewall_Basic(t *testing.T) {
	tests := []struct {
		description  string
		firewallName string
		config       string
		checkers     []resource.TestCheckFunc
	}{
		{
			description:  "only allow inbound SSH(TCP/22)",
			firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),
			config: `
			resource "digitalocean_firewall" "foobar" {
				name          = "%s"
				inbound_rules = [
				{
					protocol         = "tcp"
					port_range       = "22"
					source_addresses = ["0.0.0.0/0", "::/0"]
				},
				]
			}`,
			checkers: []resource.TestCheckFunc{
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.#", "1"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.port_range", "22"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.0", "0.0.0.0/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.1", "::/0"),
			},
		},
		{
			description:  "only allow outbound SSH(TCP/22)",
			firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),
			config: `
			resource "digitalocean_firewall" "foobar" {
				name          = "%s"
				outbound_rules = [
				{
					protocol              = "tcp"
					port_range            = "22"
					destination_addresses = ["0.0.0.0/0", "::/0"]
				},
				]
			}`,
			checkers: []resource.TestCheckFunc{
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.#", "1"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.port_range", "22"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.0", "0.0.0.0/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.1", "::/0"),
			},
		},
		{
			description:  "only allow inbound SSH(TCP/22) and HTTP(TCP/80)",
			firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),
			config: `
			resource "digitalocean_firewall" "foobar" {
				name          = "%s"
				inbound_rules = [
				{
					protocol         = "tcp"
					port_range       = "22"
					source_addresses = ["0.0.0.0/0", "::/0"]
				},
				{
					protocol         = "tcp"
					port_range       = "80"
					source_addresses = ["1.2.3.0/24", "2002::/16"]
				},
				]
			}`,
			checkers: []resource.TestCheckFunc{
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.port_range", "22"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.0", "0.0.0.0/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.1", "::/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.port_range", "80"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.0", "1.2.3.0/24"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.1", "2002::/16"),
			},
		},
		{
			description:  "only allow outbound SSH(TCP/22) and DNS(UDP/53)",
			firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),
			config: `
			resource "digitalocean_firewall" "foobar" {
				name          = "%s"
				outbound_rules = [
				{
					protocol              = "tcp"
					port_range            = "22"
					destination_addresses = ["192.168.1.0/24", "2002:1001::/48"]
				},
				{
					protocol              = "udp"
					port_range            = "53"
					destination_addresses = ["1.2.3.0/24", "2002::/16"]
				},
				]
			}`,
			checkers: []resource.TestCheckFunc{
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.port_range", "22"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.0", "192.168.1.0/24"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.1", "2002:1001::/48"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.port_range", "53"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.protocol", "udp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.0", "1.2.3.0/24"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.1", "2002::/16"),
			},
		},
		{
			description:  "allow inbound and outbound HTTPS(TCP/443), inbound SSH(TCP/22), and outbound DNS(UDP/53)",
			firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),
			config: `
			resource "digitalocean_firewall" "foobar" {
				name          = "%s"
				inbound_rules = [
				{
					protocol         = "tcp"
					port_range       = "443"
					source_addresses = ["192.168.1.0/24", "2002:1001:1:2::/64"]
				},
				{
					protocol         = "tcp"
					port_range       = "22"
					source_addresses = ["0.0.0.0/0", "::/0"]
				},
				]
				outbound_rules = [
				{
					protocol              = "tcp"
					port_range            = "443"
					destination_addresses = ["192.168.1.0/24", "2002:1001:1:2::/64"]
				},
				{
					protocol              = "udp"
					port_range            = "53"
					destination_addresses = ["0.0.0.0/0", "::/0"]
				},
				]
			}`,
			checkers: []resource.TestCheckFunc{
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.port_range", "443"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.0", "192.168.1.0/24"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.1", "2002:1001:1:2::/64"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.port_range", "22"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.0", "0.0.0.0/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.1", "::/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.port_range", "443"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.protocol", "tcp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.0", "192.168.1.0/24"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.1", "2002:1001:1:2::/64"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.port_range", "53"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.protocol", "udp"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.#", "2"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.0", "0.0.0.0/0"),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.1", "::/0"),
			},
		},
	}

	var firewall godo.Firewall
	for _, tt := range tests {
		t.Run(tt.description, func(t *testing.T) {
			checkers := []resource.TestCheckFunc{
				testAccCheckDigitalOceanFirewallExists("digitalocean_firewall.foobar", &firewall),
				resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "name", tt.firewallName),
			}
			checkers = append(checkers, tt.checkers...)
			resource.Test(t, resource.TestCase{
				PreCheck:     func() { testAccPreCheck(t) },
				Providers:    testAccProviders,
				CheckDestroy: testAccCheckDigitalOceanFirewallDestroy,
				Steps: []resource.TestStep{
					{
						Config: fmt.Sprintf(tt.config, tt.firewallName),
						Check:  resource.ComposeTestCheckFunc(checkers...),
					},
				},
			})
		})
	}
}

func testAccCheckDigitalOceanFirewallDestroy(s *terraform.State) error {
	client := testAccProvider.Meta().(*godo.Client)

	for _, rs := range s.RootModule().Resources {
		if rs.Type != "digitalocean_firewall" {
			continue
		}

		// Try to find the firewall
		_, _, err := client.Firewalls.Get(context.Background(), rs.Primary.ID)

		if err == nil {
			return fmt.Errorf("Firewall still exists")
		}
	}

	return nil
}

func testAccCheckDigitalOceanFirewallExists(n string, firewall *godo.Firewall) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[n]

		if !ok {
			return fmt.Errorf("Not found: %s", n)
		}

		if rs.Primary.ID == "" {
			return fmt.Errorf("No Record ID is set")
		}

		client := testAccProvider.Meta().(*godo.Client)

		foundFirewall, _, err := client.Firewalls.Get(context.Background(), rs.Primary.ID)

		if err != nil {
			return err
		}

		if foundFirewall.ID != rs.Primary.ID {
			return fmt.Errorf("Record not found")
		}

		*firewall = *foundFirewall

		return nil
	}
}
resource_digitalocean_firewall.go: Add DO Cloud Firewalls (#15124) https://www.digitalocean.com/products/cloud-firewalls/ https://blog.digitalocean.com/cloud-firewalls-secure-droplets-by-default/ https://github.com/digitalocean/godo/commit/4fa9e9d999007b447089056a1c581b5594f0f851 air$ go test -v -run TestAccDigitalOceanFirewall === RUN TestAccDigitalOceanFirewall_importBasic === RUN TestAccDigitalOceanFirewall_importBasic/only_allow_inbound_SSH(TCP/22) === RUN TestAccDigitalOceanFirewall_importBasic/only_allow_outbound_SSH(TCP/22) === RUN TestAccDigitalOceanFirewall_importBasic/only_allow_inbound_SSH(TCP/22)_and_HTTP(TCP/80) === RUN TestAccDigitalOceanFirewall_importBasic/only_allow_outbound_SSH(TCP/22)_and_DNS(UDP/53) === RUN TestAccDigitalOceanFirewall_importBasic/allow_inbound_and_outbound_HTTPS(TCP/443),_inbound_SSH(TCP/22),_and_outbound_DNS(UDP/53) --- PASS: TestAccDigitalOceanFirewall_importBasic (19.14s) --- PASS: TestAccDigitalOceanFirewall_importBasic/only_allow_inbound_SSH(TCP/22) (3.89s) --- PASS: TestAccDigitalOceanFirewall_importBasic/only_allow_outbound_SSH(TCP/22) (4.61s) --- PASS: TestAccDigitalOceanFirewall_importBasic/only_allow_inbound_SSH(TCP/22)_and_HTTP(TCP/80) (3.48s) --- PASS: TestAccDigitalOceanFirewall_importBasic/only_allow_outbound_SSH(TCP/22)_and_DNS(UDP/53) (4.05s) --- PASS: TestAccDigitalOceanFirewall_importBasic/allow_inbound_and_outbound_HTTPS(TCP/443),_inbound_SSH(TCP/22),_and_outbound_DNS(UDP/53) (3.11s) === RUN TestAccDigitalOceanFirewall_Basic === RUN TestAccDigitalOceanFirewall_Basic/only_allow_inbound_SSH(TCP/22) === RUN TestAccDigitalOceanFirewall_Basic/only_allow_outbound_SSH(TCP/22) === RUN TestAccDigitalOceanFirewall_Basic/only_allow_inbound_SSH(TCP/22)_and_HTTP(TCP/80) === RUN TestAccDigitalOceanFirewall_Basic/only_allow_outbound_SSH(TCP/22)_and_DNS(UDP/53) === RUN TestAccDigitalOceanFirewall_Basic/allow_inbound_and_outbound_HTTPS(TCP/443),_inbound_SSH(TCP/22),_and_outbound_DNS(UDP/53) --- PASS: TestAccDigitalOceanFirewall_Basic (18.77s) --- PASS: TestAccDigitalOceanFirewall_Basic/only_allow_inbound_SSH(TCP/22) (3.56s) --- PASS: TestAccDigitalOceanFirewall_Basic/only_allow_outbound_SSH(TCP/22) (3.73s) --- PASS: TestAccDigitalOceanFirewall_Basic/only_allow_inbound_SSH(TCP/22)_and_HTTP(TCP/80) (3.21s) --- PASS: TestAccDigitalOceanFirewall_Basic/only_allow_outbound_SSH(TCP/22)_and_DNS(UDP/53) (3.84s) --- PASS: TestAccDigitalOceanFirewall_Basic/allow_inbound_and_outbound_HTTPS(TCP/443),_inbound_SSH(TCP/22),_and_outbound_DNS(UDP/53) (4.43s) PASS ok github.com/terraform-providers/terraform-provider-digitalocean/digitalocean 37.920s air$ 2017-06-06 15:29:54 +00:00			`package digitalocean`

			`import (`
			`"context"`
			`"fmt"`
			`"testing"`

			`"github.com/digitalocean/godo"`
			`"github.com/hashicorp/terraform/helper/acctest"`
			`"github.com/hashicorp/terraform/helper/resource"`
			`"github.com/hashicorp/terraform/terraform"`
			`)`

			`func TestAccDigitalOceanFirewall_Basic(t *testing.T) {`
			`tests := []struct {`
			`description string`
			`firewallName string`
			`config string`
			`checkers []resource.TestCheckFunc`
			`}{`
			`{`
			`description: "only allow inbound SSH(TCP/22)",`
			`firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),`
			config: `
			`resource "digitalocean_firewall" "foobar" {`
			`name = "%s"`
			`inbound_rules = [`
			`{`
			`protocol = "tcp"`
			`port_range = "22"`
			`source_addresses = ["0.0.0.0/0", "::/0"]`
			`},`
			`]`
			}`,
			`checkers: []resource.TestCheckFunc{`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.#", "1"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.port_range", "22"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.0", "0.0.0.0/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.1", "::/0"),`
			`},`
			`},`
			`{`
			`description: "only allow outbound SSH(TCP/22)",`
			`firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),`
			config: `
			`resource "digitalocean_firewall" "foobar" {`
			`name = "%s"`
			`outbound_rules = [`
			`{`
			`protocol = "tcp"`
			`port_range = "22"`
			`destination_addresses = ["0.0.0.0/0", "::/0"]`
			`},`
			`]`
			}`,
			`checkers: []resource.TestCheckFunc{`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.#", "1"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.port_range", "22"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.0", "0.0.0.0/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.1", "::/0"),`
			`},`
			`},`
			`{`
			`description: "only allow inbound SSH(TCP/22) and HTTP(TCP/80)",`
			`firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),`
			config: `
			`resource "digitalocean_firewall" "foobar" {`
			`name = "%s"`
			`inbound_rules = [`
			`{`
			`protocol = "tcp"`
			`port_range = "22"`
			`source_addresses = ["0.0.0.0/0", "::/0"]`
			`},`
			`{`
			`protocol = "tcp"`
			`port_range = "80"`
			`source_addresses = ["1.2.3.0/24", "2002::/16"]`
			`},`
			`]`
			}`,
			`checkers: []resource.TestCheckFunc{`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.port_range", "22"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.0", "0.0.0.0/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.1", "::/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.port_range", "80"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.0", "1.2.3.0/24"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.1", "2002::/16"),`
			`},`
			`},`
			`{`
			`description: "only allow outbound SSH(TCP/22) and DNS(UDP/53)",`
			`firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),`
			config: `
			`resource "digitalocean_firewall" "foobar" {`
			`name = "%s"`
			`outbound_rules = [`
			`{`
			`protocol = "tcp"`
			`port_range = "22"`
			`destination_addresses = ["192.168.1.0/24", "2002:1001::/48"]`
			`},`
			`{`
			`protocol = "udp"`
			`port_range = "53"`
			`destination_addresses = ["1.2.3.0/24", "2002::/16"]`
			`},`
			`]`
			}`,
			`checkers: []resource.TestCheckFunc{`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.port_range", "22"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.0", "192.168.1.0/24"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.1", "2002:1001::/48"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.port_range", "53"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.protocol", "udp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.0", "1.2.3.0/24"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.1", "2002::/16"),`
			`},`
			`},`
			`{`
			`description: "allow inbound and outbound HTTPS(TCP/443), inbound SSH(TCP/22), and outbound DNS(UDP/53)",`
			`firewallName: fmt.Sprintf("foobar-test-terraform-firewall-%s", acctest.RandString(10)),`
			config: `
			`resource "digitalocean_firewall" "foobar" {`
			`name = "%s"`
			`inbound_rules = [`
			`{`
			`protocol = "tcp"`
			`port_range = "443"`
			`source_addresses = ["192.168.1.0/24", "2002:1001:1:2::/64"]`
			`},`
			`{`
			`protocol = "tcp"`
			`port_range = "22"`
			`source_addresses = ["0.0.0.0/0", "::/0"]`
			`},`
			`]`
			`outbound_rules = [`
			`{`
			`protocol = "tcp"`
			`port_range = "443"`
			`destination_addresses = ["192.168.1.0/24", "2002:1001:1:2::/64"]`
			`},`
			`{`
			`protocol = "udp"`
			`port_range = "53"`
			`destination_addresses = ["0.0.0.0/0", "::/0"]`
			`},`
			`]`
			}`,
			`checkers: []resource.TestCheckFunc{`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.port_range", "443"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.0", "192.168.1.0/24"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.0.source_addresses.1", "2002:1001:1:2::/64"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.port_range", "22"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.0", "0.0.0.0/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "inbound_rules.1.source_addresses.1", "::/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.port_range", "443"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.protocol", "tcp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.0", "192.168.1.0/24"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.0.destination_addresses.1", "2002:1001:1:2::/64"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.port_range", "53"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.protocol", "udp"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.#", "2"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.0", "0.0.0.0/0"),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "outbound_rules.1.destination_addresses.1", "::/0"),`
			`},`
			`},`
			`}`

			`var firewall godo.Firewall`
			`for _, tt := range tests {`
			`t.Run(tt.description, func(t *testing.T) {`
			`checkers := []resource.TestCheckFunc{`
			`testAccCheckDigitalOceanFirewallExists("digitalocean_firewall.foobar", &firewall),`
			`resource.TestCheckResourceAttr("digitalocean_firewall.foobar", "name", tt.firewallName),`
			`}`
			`checkers = append(checkers, tt.checkers...)`
			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckDigitalOceanFirewallDestroy,`
			`Steps: []resource.TestStep{`
			`{`
			`Config: fmt.Sprintf(tt.config, tt.firewallName),`
			`Check: resource.ComposeTestCheckFunc(checkers...),`
			`},`
			`},`
			`})`
			`})`
			`}`
			`}`

			`func testAccCheckDigitalOceanFirewallDestroy(s *terraform.State) error {`
			`client := testAccProvider.Meta().(*godo.Client)`

			`for _, rs := range s.RootModule().Resources {`
			`if rs.Type != "digitalocean_firewall" {`
			`continue`
			`}`

			`// Try to find the firewall`
			`_, _, err := client.Firewalls.Get(context.Background(), rs.Primary.ID)`

			`if err == nil {`
			`return fmt.Errorf("Firewall still exists")`
			`}`
			`}`

			`return nil`
			`}`

			`func testAccCheckDigitalOceanFirewallExists(n string, firewall *godo.Firewall) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`rs, ok := s.RootModule().Resources[n]`

			`if !ok {`
			`return fmt.Errorf("Not found: %s", n)`
			`}`

			`if rs.Primary.ID == "" {`
			`return fmt.Errorf("No Record ID is set")`
			`}`

			`client := testAccProvider.Meta().(*godo.Client)`

			`foundFirewall, _, err := client.Firewalls.Get(context.Background(), rs.Primary.ID)`

			`if err != nil {`
			`return err`
			`}`

			`if foundFirewall.ID != rs.Primary.ID {`
			`return fmt.Errorf("Record not found")`
			`}`

			`firewall = foundFirewall`

			`return nil`
			`}`
			`}`