From 23a090783a99b6e1968917c672d9edce2f8e45e1 Mon Sep 17 00:00:00 2001
From: William <3422794+FriedCircuits@users.noreply.github.com>
Date: Wed, 16 Nov 2022 23:47:04 -0800
Subject: [PATCH] add custom policy var (#23)

* add custom policy var
---
 VERSION                                     |  2 +-
 modules/github/actions-secrets/main.tf      | 19 +++++++++++++++++++
 modules/github/actions-secrets/outputs.tf   |  4 ++++
 modules/github/actions-secrets/variables.tf | 10 ++++++++++
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/VERSION b/VERSION
index 12c25cb..3bf8d37 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v0.0.19
+v0.0.20
diff --git a/modules/github/actions-secrets/main.tf b/modules/github/actions-secrets/main.tf
index 83d60d0..bff4a0b 100644
--- a/modules/github/actions-secrets/main.tf
+++ b/modules/github/actions-secrets/main.tf
@@ -88,3 +88,22 @@ resource "aws_iam_user_policy" "github" {
 
   policy = data.aws_iam_policy_document.github[0].json
 }
+
+resource "aws_iam_user_policy" "custom" {
+  count = var.create_aws_iam_user == true ? 1 : 0
+  name  = "custom-policies"
+  user  = aws_iam_user.github[0].name
+
+  policy = data.aws_iam_policy_document.custom[0].json
+}
+data "aws_iam_policy_document" "custom" {
+  count = var.create_aws_iam_user == true ? 1 : 0
+  dynamic "statement" {
+    for_each = { for statement in var.aws_iam_custom_policies : statement.sid => statement }
+    content {
+      sid       = statement.value.sid
+      actions   = statement.value.actions
+      resources = statement.value.resources
+    }
+  }
+}
diff --git a/modules/github/actions-secrets/outputs.tf b/modules/github/actions-secrets/outputs.tf
index 1411660..50bf9af 100644
--- a/modules/github/actions-secrets/outputs.tf
+++ b/modules/github/actions-secrets/outputs.tf
@@ -1,3 +1,7 @@
 output "github_public_key" {
   value = data.github_actions_public_key.public_key
 }
+
+output "aws_iam_user_arn" {
+  value = try(aws_iam_user.github[0].arn, "no iam user")
+}
diff --git a/modules/github/actions-secrets/variables.tf b/modules/github/actions-secrets/variables.tf
index ebcb3d1..738fa87 100644
--- a/modules/github/actions-secrets/variables.tf
+++ b/modules/github/actions-secrets/variables.tf
@@ -32,6 +32,16 @@ variable "aws_iam_user_name" {
   default     = "github-terraform-backend"
 }
 
+variable "aws_iam_custom_policies" {
+  description = "Extra policy statements to add to IAM user."
+  type = list(object({
+    sid       = string
+    actions   = list(string)
+    resources = list(string)
+  }))
+  default = []
+}
+
 variable "terraform_bucket_name" {
   description = "Terraform backend bucket name for IAM policy."
   type        = string