Skip to content

Commit

Permalink
Added missing tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@antroy-madetech
antroy-madetech committed Dec 12, 2024
1 parent 6655b1c commit 918aa5e
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 2 deletions.
17 changes: 16 additions & 1 deletion s3/tests/unit.tftest.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,6 @@ run "aws_s3_bucket_external_role_access_invalid_cyber_sign_off" {
expect_failures = [var.config.external_role_access.cyber_sign_off_by]
}

# TODO assert on the condtion stringLike "arn:aws:iam::${var.config.cross_environment_service_access.test-access.account}:role/${statement.value.application}-${statement.value.environment}-${statement.value.service}-TaskRole-*"
run "aws_s3_bucket_cross_environment_service_access_read_write_unit_test" {
command = plan

Expand All @@ -469,6 +468,22 @@ run "aws_s3_bucket_cross_environment_service_access_read_write_unit_test" {
error_message = "Should be: Allow"
}

assert {
condition = length([for item in data.aws_iam_policy_document.bucket-policy.statement[1].condition : item if item.test == "StringLike"]) == 1
error_message = "condition should have a test: StringLike attribute"
}

assert {
condition = length([for item in data.aws_iam_policy_document.bucket-policy.statement[1].condition : item if item.variable == "aws:PrincipalArn"]) == 1
error_message = "condition should have a variable: aws:PrincipalArn attribute"
}

assert {
condition = length([for item in data.aws_iam_policy_document.bucket-policy.statement[1].condition :
item if item.values == tolist(["arn:aws:iam::123456789012:role/app-test-service-TaskRole-*"])]) == 1
error_message = "condition should have a values: [bucket arn] attribute"
}

assert {
condition = alltrue([
contains(data.aws_iam_policy_document.bucket-policy.statement[1].actions, "s3:Get*"),
Expand Down
1 change: 0 additions & 1 deletion s3/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,6 @@ variable "config" {
validation {
condition = var.config.cross_environment_service_access == null ? true : alltrue([
for k, v in var.config.cross_environment_service_access : (can(regex("^[\\w\\-\\.]+@(businessandtrade.gov.uk|digital.trade.gov.uk)$", v.cyber_sign_off_by)))
# ((length(k) <= 63) && (length(k) >= 3))
])
error_message = "All instances of cross_environment_service_access must be approved by cyber, and a cyber rep's email address entered."
}
Expand Down

0 comments on commit 918aa5e

Please sign in to comment.