@@ -32,87 +32,87 @@ run "github_providers" {
3232 }
3333}
3434
35- // run "gitlab_providers" {
36- // command = plan
37-
38- // module {
39- // source = "./modules/role"
40- // }
41-
42- // variables {
43- // name = "common"
44- // description = "Test role using GitLab OIDC provider"
45- // repository = "appvia/something"
46- // common_provider = "gitlab"
47-
48- // permission_boundary_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
49-
50- // read_only_policy_arns = [
51- // "arn:aws:iam::aws:policy/ReadOnlyAccess",
52- // ]
53-
54- // read_write_policy_arns = [
55- // "arn:aws:iam::aws:policy/AdministratorAccess",
56- // ]
57- // }
58- // }
59-
60- // run "custom_providers" {
61- // command = plan
62-
63- // module {
64- // source = "./modules/role"
65- // }
66-
67- // variables {
68- // name = "custom"
69- // description = "Test role using custom OIDC provider"
70- // repository = "appvia/something"
71-
72- // custom_provider = {
73- // url = "https://token.actions.githubusercontent.com"
74- // audiences = ["test"]
75- // subject_branch_mapping = "repo={repo},branch={ref}"
76- // subject_tag_mapping = "repo={repo},tag={ref}"
77- // }
78-
79- // permission_boundary_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
80-
81- // read_only_inline_policies = {
82- // ReadOnly = jsonencode({
83- // "Version" : "2012-10-17",
84- // "Statement" : [
85- // {
86- // "Sid" : "ReadOnlyActions",
87- // "Effect" : "Allow",
88- // "Action" : [
89- // "ec2:Describe*",
90- // "ec2:Get*",
91- // "ec2:ListImagesInRecycleBin",
92- // "ec2:ListSnapshotsInRecycleBin",
93- // "ec2:SearchLocalGatewayRoutes",
94- // "ec2:SearchTransitGatewayRoutes",
95- // "s3:DescribeJob",
96- // "s3:Get*",
97- // "s3:List*",
98- // ],
99- // "Resource" : "*"
100- // }
101- // ]
102- // })
103- // }
104-
105- // read_write_inline_policies = {
106- // AdministratorAccess = jsonencode({
107- // "Version" : "2012-10-17",
108- // "Statement" : [
109- // {
110- // "Effect" : "Allow",
111- // "Action" : "*",
112- // "Resource" : "*"
113- // }
114- // ]
115- // })
116- // }
117- // }
118- // }
35+ run "gitlab_providers" {
36+ command =
37+
38+ module {
39+ source = " ./modules/role"
40+ }
41+
42+ variables {
43+ name = " common"
44+ description = " Test role using GitLab OIDC provider"
45+ repository = " appvia/something"
46+ common_provider = " gitlab"
47+
48+ permission_boundary_arn = " arn:aws:iam::aws:policy/AdministratorAccess"
49+
50+ read_only_policy_arns =
51+ " arn:aws:iam::aws:policy/ReadOnlyAccess"
52+ ]
53+
54+ read_write_policy_arns =
55+ " arn:aws:iam::aws:policy/AdministratorAccess"
56+ ]
57+ }
58+ }
59+
60+ run "custom_providers" {
61+ command =
62+
63+ module {
64+ source = " ./modules/role"
65+ }
66+
67+ variables {
68+ name = " custom"
69+ description = " Test role using custom OIDC provider"
70+ repository = " appvia/something"
71+
72+ custom_provider =
73+ url = " https://token.actions.githubusercontent.com"
74+ audiences = [" test"
75+ subject_branch_mapping = " repo={repo},branch={ref}"
76+ subject_tag_mapping = " repo={repo},tag={ref}"
77+ }
78+
79+ permission_boundary_arn = " arn:aws:iam::aws:policy/AdministratorAccess"
80+
81+ read_only_inline_policies =
82+ ReadOnly = jsonencode ({
83+ " Version" : " 2012-10-17"
84+ " Statement" : [
85+ {
86+ " Sid" : " ReadOnlyActions"
87+ " Effect" : " Allow"
88+ " Action" : [
89+ " ec2:Describe*"
90+ " ec2:Get*"
91+ " ec2:ListImagesInRecycleBin"
92+ " ec2:ListSnapshotsInRecycleBin"
93+ " ec2:SearchLocalGatewayRoutes"
94+ " ec2:SearchTransitGatewayRoutes"
95+ " s3:DescribeJob"
96+ " s3:Get*"
97+ " s3:List*"
98+ ],
99+ " Resource" : " *"
100+ }
101+ ]
102+ })
103+ }
104+
105+ read_write_inline_policies =
106+ AdministratorAccess = jsonencode ({
107+ " Version" : " 2012-10-17"
108+ " Statement" : [
109+ {
110+ " Effect" : " Allow"
111+ " Action" : " *"
112+ " Resource" : " *"
113+ }
114+ ]
115+ })
116+ }
117+ }
118+ }
0 commit comments