From 00ee290f2976dad1855168ebf4e7ff1a0efe314c Mon Sep 17 00:00:00 2001
From: Julien Dessaux <julien.dessaux@adyxax.org>
Date: Thu, 17 Apr 2025 16:50:33 +0200
Subject: [PATCH] chore(infrastructure): change the AWS account used for tests

---
 infrastructure/tofu/main.tf | 28 ++++++++++------------------
 main.tftest.hcl             |  2 +-
 2 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/infrastructure/tofu/main.tf b/infrastructure/tofu/main.tf
index 6180f21..ced2b09 100644
--- a/infrastructure/tofu/main.tf
+++ b/infrastructure/tofu/main.tf
@@ -11,28 +11,20 @@ module "aws_iam_ci_user" {
   source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"
 
   name = local.name
-}
-
-resource "aws_iam_policy" "tftest" {
-  provider = aws.all["root"]
-
-  name = "${local.name}-tftest"
-  policy = jsonencode({
-    Statement = [{
+  tests_policy_statements = jsonencode([
+    {
       Action = "iam:*"
       Effect = "Allow"
       Resource = [
         "arn:aws:iam::*:user/tftest-user",
         "arn:aws:iam::*:policy/${local.name}-tftest",
       ]
-    }]
-    Version = "2012-10-17"
-  })
-}
-
-resource "aws_iam_user_policy_attachment" "tftest" {
-  provider = aws.all["root"]
-
-  policy_arn = aws_iam_policy.tftest.arn
-  user       = local.name
+    },
+    {
+      # Necessary for removing an IAM user
+      Action   = "iam:ListVirtualMFADevices",
+      Effect   = "Allow"
+      Resource = "*"
+    }
+  ])
 }
diff --git a/main.tftest.hcl b/main.tftest.hcl
index 1662cf6..f5e0950 100644
--- a/main.tftest.hcl
+++ b/main.tftest.hcl
@@ -1,5 +1,5 @@
 provider "aws" {
-  profile = "root"
+  profile = "tests"
   region  = "eu-west-3"
 }