locals {
  name = "tofu-module-aws-iam-ci-user"
}

module "aws_iam_ci_user" {
  providers = {
    aws.core  = aws.all["core"]
    aws.root  = aws.all["root"]
    aws.tests = aws.all["tests"]
  }
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.0"

  core_policy_statements = jsonencode([
    {
      Action   = "iam:*"
      Effect   = "Allow"
      Resource = "arn:aws:iam::*:role/tftest"
    },
  ])
  name = local.name
  tests_policy_statements = jsonencode([{
    Action   = "iam:*"
    Effect   = "Allow"
    Resource = "arn:aws:iam::*:role/tftest",
  }])
}

resource "aws_iam_policy" "tftest" {
  provider = aws.all["root"]

  name = "${local.name}-tftest"
  policy = jsonencode({
    Statement = [{
      Action = "iam:*"
      Effect = "Allow"
      Resource = [
        "arn:aws:iam::*:user/tftest",
        "arn:aws:iam::*:policy/${local.name}-tftest",
      ]
    }]
    Version = "2012-10-17"
  })
}

resource "aws_iam_user_policy_attachment" "tftest" {
  provider = aws.all["root"]

  policy_arn = aws_iam_policy.tftest.arn
  user       = local.name
}