Wrap try around flatten to allow a map to be passed in (#11)

* Wrap try around flatten Co-authored-by: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>
cloudposse · Dec 20, 2021 · 9dde6d5 · 9dde6d5
1 parent 13b5edc
commit 9dde6d5
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 73 deletions.
diff --git a/.github/auto-release.yml b/.github/auto-release.yml
@@ -47,7 +47,7 @@ template: |
 
 replacers:
 # Remove irrelevant information from Renovate bot
-- search: '/(?<=---\s+)+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
+- search: '/(?<=---\s)\s*^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
   replace: ''
 # Remove Renovate bot banner image
 - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'

diff --git a/README.md b/README.md
@@ -105,22 +105,20 @@ module "iam_policy" {
   # Cloud Posse recommends pinning every module to a specific version
   # version = "x.x.x"
 
-  iam_policy_statements = [
-    {
-      sid        = "ListMyBucket"
+  iam_policy_statements = {
+    ListMyBucket = {
       effect     = "Allow"
       actions    = ["s3:ListBucket"]
       resources  = ["arn:aws:s3:::test"]
       conditions = []
-    },
-    {
-      sid        = "WriteMyBucket"
+    }
+    WriteMyBucket = {
       effect     = "Allow"
       actions    = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
       resources  = ["arn:aws:s3:::test/*"]
       conditions = []
     },
-  ]
+  }
 }
 
 data "aws_iam_policy_document" "assume_role" {

diff --git a/README.yaml b/README.yaml
@@ -77,22 +77,20 @@ usage: |-
     # Cloud Posse recommends pinning every module to a specific version
     # version = "x.x.x"
 
-    iam_policy_statements = [
-      {
-        sid        = "ListMyBucket"
+    iam_policy_statements = {
+      ListMyBucket = {
         effect     = "Allow"
         actions    = ["s3:ListBucket"]
         resources  = ["arn:aws:s3:::test"]
         conditions = []
-      },
-      {
-        sid        = "WriteMyBucket"
+      }
+      WriteMyBucket = {
         effect     = "Allow"
         actions    = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
         resources  = ["arn:aws:s3:::test/*"]
         conditions = []
       },
-    ]
+    }
   }
 
   data "aws_iam_policy_document" "assume_role" {

diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
@@ -8,21 +8,64 @@ stage = "test"
 
 name = "example"
 
-iam_source_json_url = "https://raw.githubusercontent.com/awsdocs/amazon-lookoutmetrics-developer-guide/main/sample-policies/datasource-s3.json"
+iam_source_json_url = "https://raw.githubusercontent.com/awsdocs/amazon-lookoutmetrics-developer-guide/bf564cc29faab95d4171e0edec99e4165e55e954/sample-policies/datasource-s3.json"
 
-iam_policy_statements = [
-  {
-    sid        = "ListMyBucket"
+# source: https://raw.githubusercontent.com/awsdocs/amazon-lookoutmetrics-developer-guide/main/sample-policies/datasource-s3.json
+# {
+#     "Version": "2012-10-17",
+#     "Statement": [
+#         {
+#             "Effect": "Allow",
+#             "Action": [
+#                 "s3:ListBucket",
+#                 "s3:GetBucketAcl"
+#             ],
+#             "Resource": [
+#                 "arn:aws:s3:::${BucketName}"
+#             ]
+#         },
+#         {
+#             "Effect": "Allow",
+#             "Action": [
+#                 "s3:GetObject",
+#                 "s3:GetBucketAcl"
+#             ],
+#             "Resource": [
+#                 "arn:aws:s3:::${BucketName}/*"
+#             ]
+#         },
+#         {
+#             "Effect": "Allow",
+#             "Action": [
+#                 "kms:Decrypt",
+#                 "kms:GenerateDataKey"
+#             ],
+#             "Resource": [
+#                 "arn:aws:kms:::key/*"
+#             ],
+#             "Condition": {
+#                 "ForAllValues:StringLike": {
+#                     "kms:ViaService": "s3.${Region}.amazonaws.com",
+#                     "kms:EncryptionContext:aws:s3:arn": [
+#                         "arn:aws:s3:::${BucketName}"
+#                     ]
+#                 }
+#             }
+#         }
+#     ]
+# }
+
+iam_policy_statements = {
+  ListMyBucket = {
     effect     = "Allow"
     actions    = ["s3:ListBucket"]
     resources  = ["arn:aws:s3:::test"]
     conditions = []
-  },
-  {
-    sid        = "WriteMyBucket"
+  }
+  WriteMyBucket = {
     effect     = "Allow"
     actions    = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
     resources  = ["arn:aws:s3:::test/*"]
     conditions = []
-  },
-]
+  }
+}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -5,9 +5,6 @@ provider "aws" {
 module "iam_policy" {
   source = "../../"
 
-  # source  = "cloudposse/iam-policy/aws"
-  # version = "0.1.0"
-
   iam_source_json_url = var.iam_source_json_url
 
   iam_policy_statements = var.iam_policy_statements
@@ -26,8 +23,8 @@ data "aws_iam_policy_document" "assume_role" {
   }
 }
 
-resource "aws_iam_role" "example" {
-  name               = "hello_role"
+resource "aws_iam_role" "default" {
+  name               = module.this.id
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
 
   inline_policy {

diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -9,7 +9,7 @@ variable "iam_source_json_url" {
 }
 
 variable "iam_policy_statements" {
-  type        = list(any)
+  type        = any
   description = "List of IAM policy statements to use in the policy. This can be used with or instead of the `var.iam_source_json_url`."
   default     = []
 }
diff --git a/main.tf b/main.tf
@@ -17,10 +17,11 @@ data "aws_iam_policy_document" "this" {
   source_json = var.iam_source_json_url != null ? data.http.iam_source_json_url[0].body : var.iam_source_json
 
   dynamic "statement" {
-    for_each = flatten(var.iam_policy_statements)
+    # Only flatten if a list(string) is passed in, otherwise use the map var as-is
+    for_each = try(flatten(var.iam_policy_statements), var.iam_policy_statements)
 
     content {
-      sid    = lookup(statement.value, "sid", null)
+      sid    = lookup(statement.value, "sid", statement.key)
       effect = lookup(statement.value, "effect", null)
 
       actions     = lookup(statement.value, "actions", null)

diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go
@@ -18,8 +18,6 @@ func TestExamplesComplete(t *testing.T) {
 	randID := strconv.Itoa(rand.Intn(100000))
 	attributes := []string{randID}
 
-	exampleInput := "Hello, world!"
-
 	terraformOptions := &terraform.Options{
 		// The path to where our Terraform code is located
 		TerraformDir: "../../examples/complete",
@@ -30,7 +28,6 @@ func TestExamplesComplete(t *testing.T) {
 		// and AWS resources do not interfere with each other
 		Vars: map[string]interface{}{
 			"attributes": attributes,
-			"example":    exampleInput,
 		},
 	}
 	// At the end of the test, run `terraform destroy` to clean up any resources that were created
@@ -40,44 +37,8 @@ func TestExamplesComplete(t *testing.T) {
 	terraform.InitAndApply(t, terraformOptions)
 
 	// Run `terraform output` to get the value of an output variable
-	id := terraform.Output(t, terraformOptions, "id")
-	example := terraform.Output(t, terraformOptions, "example")
-	random := terraform.Output(t, terraformOptions, "random")
+	jsonMap := terraform.OutputRequired(t, terraformOptions, "json")
 
 	// Verify we're getting back the outputs we expect
-	// Ensure we get a random number appended
-	assert.Equal(t, exampleInput+" "+random, example)
-	// Ensure we get the attribute included in the ID
-	assert.Equal(t, "eg-ue2-test-example-"+randID, id)
-
-	// ************************************************************************
-	// This steps below are unusual, not generally part of the testing
-	// but included here as an example of testing this specific module.
-	// This module has a random number that is supposed to change
-	// only when the example changes. So we run it again to ensure
-	// it does not change.
-
-	// This will run `terraform apply` a second time and fail the test if there are any errors
-	terraform.Apply(t, terraformOptions)
-
-	id2 := terraform.Output(t, terraformOptions, "id")
-	example2 := terraform.Output(t, terraformOptions, "example")
-	random2 := terraform.Output(t, terraformOptions, "random")
-
-	assert.Equal(t, id, id2, "Expected `id` to be stable")
-	assert.Equal(t, example, example2, "Expected `example` to be stable")
-	assert.Equal(t, random, random2, "Expected `random` to be stable")
-
-	// Then we run change the example and run it a third time and
-	// verify that the random number changed
-	newExample := "Goodbye"
-	terraformOptions.Vars["example"] = newExample
-	terraform.Apply(t, terraformOptions)
-
-	example3 := terraform.Output(t, terraformOptions, "example")
-	random3 := terraform.Output(t, terraformOptions, "random")
-
-	assert.NotEqual(t, random, random3, "Expected `random` to change when `example` changed")
-	assert.Equal(t, newExample+" "+random3, example3, "Expected `example` to use new random number")
-
+	assert.Greater(t, len(jsonMap), 0)
 }