locals {
  name = "tofu-module-aws-iam-user"
}

module "aws_iam_ci_user" {
  providers = {
    aws.core  = aws.all["core"]
    aws.root  = aws.all["root"]
    aws.tests = aws.all["tests"]
  }
  source = "git::ssh://git@git.adyxax.org/adyxax/tofu-module-aws-iam-ci-user?depth=1&ref=1.0.1"

  name = local.name
  tests_policy_statements = jsonencode([
    {
      Action = "iam:*"
      Effect = "Allow"
      Resource = [
        "arn:aws:iam::*:user/tftest-user",
        "arn:aws:iam::*:policy/${local.name}-tftest",
      ]
    },
    {
      # Necessary for removing an IAM user
      Action   = "iam:ListVirtualMFADevices",
      Effect   = "Allow"
      Resource = "*"
    }
  ])
}