First attempt to replace template_file

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 4.3.3
+current_version = 5.0.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

README.md

@@ -365,11 +365,9 @@ statement {
 
 At the moment, testing is manual:
 
-```
-# Replace "xxx" with an actual AWS profile, then execute the integration tests.
-export AWS_PROFILE=xxx 
-make terraform/pytest PYTEST_ARGS="-v --nomock"
-```
+Start the mockstack test environment: make mockstack/up
+Run the tests:  make mockstack/pytest
+Shutdown mockstack after testing:  make mockstack/clean
 
 ## Authors
 

modules/_internal/runner/main.tf

@@ -37,30 +37,6 @@ locals {
 
 # IAM resources for CodeBuild
 
-data "template_file" "codebuild_policy_override" {
-  template = var.policy_override
-
-  vars = {
-    repo_name  = var.repo_name
-    partition  = data.aws_partition.current.partition
-    region     = data.aws_region.current.name
-    account_id = data.aws_caller_identity.current.account_id
-  }
-}
-
-data "template_file" "policy_arns" {
-  count = length(var.policy_arns)
-
-  template = var.policy_arns[count.index]
-
-  vars = {
-    repo_name  = var.repo_name
-    partition  = data.aws_partition.current.partition
-    region     = data.aws_region.current.name
-    account_id = data.aws_caller_identity.current.account_id
-  }
-}
-
 data "aws_iam_policy_document" "codebuild_assume_role" {
   statement {
     actions = ["sts:AssumeRole"]
@@ -73,7 +49,7 @@ data "aws_iam_policy_document" "codebuild_assume_role" {
 }
 
 data "aws_iam_policy_document" "codebuild" {
-  override_policy_documents = compact([data.template_file.codebuild_policy_override.rendered])
+  override_json = var.policy_override
 
   statement {
     actions = [
@@ -109,7 +85,7 @@ resource "aws_iam_role_policy" "codebuild" {
 data "aws_iam_policy" "codebuild" {
   count = length(var.policy_arns)
 
-  arn = data.template_file.policy_arns[count.index].rendered
+  arn = var.policy_arns[count.index]
 }
 
 resource "aws_iam_role_policy_attachment" "codebuild" {
@@ -172,8 +148,4 @@ resource "aws_codebuild_project" "this" {
     location  = local.repo_url
     buildspec = var.buildspec
   }
-
-  lifecycle {
-    ignore_changes = [project_visibility]
-  }
 }

tests/branch/main.tf

@@ -8,26 +8,26 @@ module "test_branch" {
     compute_type = "BUILD_GENERAL1_LARGE"
   }
 
-  policy_override = <<-OVERRIDE
+  policy_override = jsonencode(
     {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Action": "codecommit:GitPush",
-                "Condition": {
-                    "StringLikeIfExists": {
-                        "codecommit:References": [
-                            "refs/tags/*"
-                        ]
-                    }
-                },
-                "Effect": "Allow",
-                "Resource": "arn:${data.aws_partition.current.partition}:codecommit:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${local.repo_name}",
-                "Sid": ""
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Action" : "codecommit:GitPush",
+          "Condition" : {
+            "StringLikeIfExists" : {
+              "codecommit:References" : [
+                "refs/tags/*"
+              ]
             }
-        ]
+          },
+          "Effect" : "Allow",
+          "Resource" : "arn:${data.aws_partition.current.partition}:codecommit:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${local.repo_name}",
+          "Sid" : ""
+        }
+      ]
     }
-    OVERRIDE
+  )
 }
 
 locals {

tests/main/main.tf

@@ -9,26 +9,26 @@ module "test_branch" {
     compute_type = "BUILD_GENERAL1_LARGE"
   }
 
-  policy_override = <<-OVERRIDE
+  policy_override = jsonencode(
     {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Action": "codecommit:GitPush",
-                "Condition": {
-                    "StringLikeIfExists": {
-                        "codecommit:References": [
-                            "refs/tags/*"
-                        ]
-                    }
-                },
-                "Effect": "Allow",
-                "Resource": "arn:${data.aws_partition.current.partition}:codecommit:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${local.branch_repo_name}",
-                "Sid": ""
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Action" : "codecommit:GitPush",
+          "Condition" : {
+            "StringLikeIfExists" : {
+              "codecommit:References" : [
+                "refs/tags/*"
+              ]
             }
-        ]
+          },
+          "Effect" : "Allow",
+          "Resource" : "arn:${data.aws_partition.current.partition}:codecommit:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${local.branch_repo_name}",
+          "Sid" : ""
+        }
+      ]
     }
-    OVERRIDE
+  )
 }
 
 module "test_review" {