Fix terratest by ensuring IAM roles created by examples/complete are …

…unique for each run.
cloudposse · Dec 13, 2021 · 2cef324 · 2cef324
1 parent 0eab5de
commit 2cef324
Showing 1 changed file with 19 additions and 8 deletions.
diff --git a/examples/complete/deployment.tf b/examples/complete/deployment.tf
@@ -8,18 +8,19 @@ locals {
 
   our_account_id            = local.enabled ? data.aws_caller_identity.current[0].account_id : ""
   our_role_arn_prefix       = "arn:aws:iam::${local.our_account_id}:role"
-  deployment_principal_arns = { for k, v in local.test_deployment_role_prefix_map : format("%v/%v", local.our_role_arn_prefix, k) => v }
+  role_names                = { for k, v in local.test_deployment_role_prefix_map : k => module.role_labels[k].id }
+  deployment_principal_arns = { for k, v in local.role_names: format("%v/%v", local.our_role_arn_prefix, v) => local.test_deployment_role_prefix_map[k] }
 }
 
 data "aws_caller_identity" "current" {
   count = local.enabled ? 1 : 0
 }
 
-
-module "statement_ids" {
+# The following instantiations of null-label require Terraform >= 0.13.0
+module "sid_labels" {
   for_each = local.test_deployment_role_prefix_map
   source   = "cloudposse/label/null"
-  version  = "0.24.1" # requires Terraform >= 0.13.0
+  version  = "0.25.0"
 
   attributes          = split("-", each.key)
   delimiter           = ""
@@ -29,11 +30,21 @@ module "statement_ids" {
   context = module.this.context
 }
 
-data "aws_iam_policy_document" "assume_role" {
+module "role_labels" {
   for_each = local.test_deployment_role_prefix_map
+  source   = "cloudposse/label/null"
+  version  = "0.25.0"
+
+  attributes = concat(split("-", each.key), module.this.attributes)
+
+  context = module.this.context
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  for_each = module.sid_labels
 
   statement {
-    sid = "Enable${module.statement_ids[each.key].id}"
+    sid = "Enable${each.value.id}"
     actions = [
       "sts:AssumeRole",
       "sts:TagSession"
@@ -49,9 +60,9 @@ data "aws_iam_policy_document" "assume_role" {
 
 
 resource "aws_iam_role" "test_role" {
-  for_each = local.test_deployment_role_prefix_map
+  for_each = module.role_labels
 
-  name = each.key
+  name = module.role_labels[each.key].id
 
   assume_role_policy = data.aws_iam_policy_document.assume_role[each.key].json
 }