Skip to content

Commit

Permalink
Add missing tests for data policy and policy for deploy ssm access
Browse files Browse the repository at this point in the history
  • Loading branch information
@tony-griffin
tony-griffin committed Jan 21, 2025
1 parent af54f02 commit 2f40fb0
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions codebase-pipelines/tests/unit.tftest.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -499,6 +499,16 @@ run "test_iam" {
error_message = "Should be: 'my-app-my-codebase-codebase-pipeline-deploy'"
}

assert {
condition = aws_iam_role_policy.deploy_ssm_access.name == "deploy-ssm-access"
error_message = "Should be: 'deploy-ssm-access'"
}

assert {
condition = aws_iam_role_policy.deploy_ssm_access.role == "my-app-my-codebase-codebase-pipeline-deploy"
error_message = "Should be: 'my-app-my-codebase-codebase-pipeline-deploy'"
}

# CodePipeline
assert {
condition = aws_iam_role.codebase_deploy_pipeline.name == "my-app-my-codebase-codebase-pipeline"
Expand Down Expand Up @@ -753,6 +763,20 @@ run "test_iam_documents" {
])
error_message = "Unexpected actions"
}

# SSM access
assert {
condition = data.aws_iam_policy_document.deploy_ssm_access.statement[0].effect == "Allow"
error_message = "Should be: Allow"
}

assert {
condition = data.aws_iam_policy_document.deploy_ssm_access.statement[0].actions == toset([
"ssm:GetParameter",
"ssm:GetParameters"
])
error_message = "Unexpected actions"
}
}

run "test_codebuild_deploy" {
Expand Down

0 comments on commit 2f40fb0

Please sign in to comment.