Skip to content

Commit 6935844

Browse files
saumitra-devsaumitra-dev
committed
feat(tests): iam-role unit tests
1 parent 5501a90 commit 6935844

File tree

1 file changed

+315
-0
lines changed

1 file changed

+315
-0
lines changed

tests/iam_role_unit_tests.tftest.hcl

Lines changed: 315 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,315 @@
1+
provider "aws" {
2+
region = "ap-south-1"
3+
}
4+
5+
################################################################################
6+
# IAM Role
7+
################################################################################
8+
9+
run "iam_role_attributes_match" {
10+
command = plan
11+
12+
module {
13+
source = "./modules/iam-role"
14+
}
15+
16+
variables {
17+
name = "example-name"
18+
description = "example-description"
19+
assume_role_policy = {
20+
Version = "2012-10-17"
21+
Statement = [
22+
{
23+
Action = "sts:AssumeRole"
24+
Effect = "Allow"
25+
Sid = "ExampleAssumeRole"
26+
Principal = {
27+
Service = "service.amazonaws.com"
28+
}
29+
}
30+
]
31+
}
32+
33+
tags = {
34+
Example = "Tag"
35+
}
36+
}
37+
38+
assert {
39+
condition = aws_iam_role.this.name == var.name
40+
error_message = "Name mismatch"
41+
}
42+
43+
assert {
44+
condition = aws_iam_role.this.description == var.description
45+
error_message = "Description mismatch"
46+
}
47+
48+
assert {
49+
condition = aws_iam_role.this.assume_role_policy == jsonencode(var.assume_role_policy)
50+
error_message = "Assume role policy mismatch"
51+
}
52+
53+
assert {
54+
condition = aws_iam_role.this.tags == var.tags
55+
error_message = "Tags mismatch"
56+
}
57+
}
58+
59+
################################################################################
60+
# IAM Policy
61+
################################################################################
62+
63+
run "does_not_create_iam_policy_check" {
64+
command = plan
65+
66+
module {
67+
source = "./modules/iam-role"
68+
}
69+
70+
variables {
71+
name = "example-name"
72+
assume_role_policy = {
73+
Version = "2012-10-17"
74+
Statement = [
75+
{
76+
Action = "sts:AssumeRole"
77+
Effect = "Allow"
78+
Sid = "ExampleAssumeRole"
79+
Principal = {
80+
Service = "service.amazonaws.com"
81+
}
82+
}
83+
]
84+
}
85+
86+
iam_policies = {}
87+
}
88+
89+
assert {
90+
condition = length(aws_iam_policy.this) == 0
91+
error_message = "IAM policy was created"
92+
}
93+
}
94+
95+
run "iam_policy_attributes_match" {
96+
command = plan
97+
98+
module {
99+
source = "./modules/iam-role"
100+
}
101+
102+
variables {
103+
name = "example-name"
104+
assume_role_policy = {
105+
Version = "2012-10-17"
106+
Statement = [
107+
{
108+
Action = "sts:AssumeRole"
109+
Effect = "Allow"
110+
Sid = "ExampleAssumeRole"
111+
Principal = {
112+
Service = "service.amazonaws.com"
113+
}
114+
}
115+
]
116+
}
117+
118+
iam_policies = {
119+
example-policy = {
120+
name = "example-policy-name"
121+
description = "example-policy-description"
122+
policy = {
123+
Version = "2012-10-17"
124+
Statement = []
125+
}
126+
127+
tags = {
128+
ExamplePolicy = "Tag"
129+
}
130+
}
131+
}
132+
}
133+
134+
assert {
135+
condition = length(aws_iam_policy.this) == 1
136+
error_message = "IAM policy was not created"
137+
}
138+
139+
assert {
140+
condition = aws_iam_policy.this["example-policy"].name == var.iam_policies["example-policy"].name
141+
error_message = "Name mismatch"
142+
}
143+
144+
assert {
145+
condition = aws_iam_policy.this["example-policy"].description == var.iam_policies["example-policy"].description
146+
error_message = "Description mismatch"
147+
}
148+
149+
assert {
150+
condition = aws_iam_policy.this["example-policy"].policy == jsonencode(var.iam_policies["example-policy"].policy)
151+
error_message = "Policy mismatch"
152+
}
153+
154+
assert {
155+
condition = aws_iam_policy.this["example-policy"].tags == var.iam_policies["example-policy"].tags
156+
error_message = "Tags mismatch"
157+
}
158+
}
159+
160+
################################################################################
161+
# IAM Role Policy Attachment
162+
################################################################################
163+
164+
run "does_not_create_iam_role_policy_attachment__iam_policies__check" {
165+
command = plan
166+
167+
module {
168+
source = "./modules/iam-role"
169+
}
170+
171+
variables {
172+
name = "example-name"
173+
assume_role_policy = {
174+
Version = "2012-10-17"
175+
Statement = [
176+
{
177+
Action = "sts:AssumeRole"
178+
Effect = "Allow"
179+
Sid = "ExampleAssumeRole"
180+
Principal = {
181+
Service = "service.amazonaws.com"
182+
}
183+
}
184+
]
185+
}
186+
187+
iam_policies = {}
188+
}
189+
190+
assert {
191+
condition = length(aws_iam_role_policy_attachment.iam_policies) == 0
192+
error_message = "IAM role policy attachment was created"
193+
}
194+
}
195+
196+
run "iam_role_policy_attachment__iam_policies__attributes_check" {
197+
command = plan
198+
199+
module {
200+
source = "./modules/iam-role"
201+
}
202+
203+
variables {
204+
name = "example-name"
205+
assume_role_policy = {
206+
Version = "2012-10-17"
207+
Statement = [
208+
{
209+
Action = "sts:AssumeRole"
210+
Effect = "Allow"
211+
Sid = "ExampleAssumeRole"
212+
Principal = {
213+
Service = "service.amazonaws.com"
214+
}
215+
}
216+
]
217+
}
218+
219+
iam_policies = {
220+
example-policy = {
221+
name = "example-policy-name"
222+
description = "example-policy-description"
223+
policy = {
224+
Version = "2012-10-17"
225+
Statement = []
226+
}
227+
228+
tags = {
229+
ExamplePolicy = "Tag"
230+
}
231+
}
232+
}
233+
}
234+
235+
assert {
236+
condition = length(aws_iam_role_policy_attachment.iam_policies) == 1
237+
error_message = "IAM role policy attachment was not created"
238+
}
239+
240+
assert {
241+
condition = aws_iam_role_policy_attachment.iam_policies["example-policy"].role == aws_iam_role.this.name
242+
error_message = "Role mismatch"
243+
}
244+
}
245+
246+
run "does_not_create_iam_role_policy_attachment_check" {
247+
command = plan
248+
249+
module {
250+
source = "./modules/iam-role"
251+
}
252+
253+
variables {
254+
name = "example-name"
255+
assume_role_policy = {
256+
Version = "2012-10-17"
257+
Statement = [
258+
{
259+
Action = "sts:AssumeRole"
260+
Effect = "Allow"
261+
Sid = "ExampleAssumeRole"
262+
Principal = {
263+
Service = "service.amazonaws.com"
264+
}
265+
}
266+
]
267+
}
268+
269+
iam_policy_attachments = {}
270+
}
271+
272+
assert {
273+
condition = length(aws_iam_role_policy_attachment.this) == 0
274+
error_message = "IAM role policy attachment was created"
275+
}
276+
}
277+
278+
run "iam_role_policy_attachment_attributes_check" {
279+
command = plan
280+
281+
module {
282+
source = "./modules/iam-role"
283+
}
284+
285+
variables {
286+
name = "example-name"
287+
assume_role_policy = {
288+
Version = "2012-10-17"
289+
Statement = [
290+
{
291+
Action = "sts:AssumeRole"
292+
Effect = "Allow"
293+
Sid = "ExampleAssumeRole"
294+
Principal = {
295+
Service = "service.amazonaws.com"
296+
}
297+
}
298+
]
299+
}
300+
301+
iam_policy_attachments = {
302+
ExamplePolicy = "arn:aws:iam::aws:policy/ExamplePolicy"
303+
}
304+
}
305+
306+
assert {
307+
condition = length(aws_iam_role_policy_attachment.this) == 1
308+
error_message = "IAM role policy attachment was not created"
309+
}
310+
311+
assert {
312+
condition = aws_iam_role_policy_attachment.this["ExamplePolicy"].role == aws_iam_role.this.name
313+
error_message = "Role mismatch"
314+
}
315+
}

0 commit comments

Comments
 (0)