Merge pull request #176 from cloud-neutral-toolkit/codex/remove-source_json-from-iam-policy-documents

Replace source_json usage in IAM policy documents
2025-12-11 01:00:11 +08:00 · 2025-12-11 01:00:11 +08:00 · 3d6d1172ce
commit 3d6d1172ce
parent 5cb45e9bae 35a97cc888
2 changed files with 33 additions and 27 deletions
--- a/iac-template/terraform-hcl-standard/ali-cloud/bootstrap/lock/main.tf
+++ b/iac-template/terraform-hcl-standard/ali-cloud/bootstrap/lock/main.tf
@ -23,9 +23,9 @@ provider "alicloud" {
 }

 resource "alicloud_ots_instance" "this" {
-  instance_name = var.instance_name
-  description   = "Terraform state locking"
-  accessed_by   = "Any"
+  name        = var.instance_name
+  description = "Terraform state locking"
+  accessed_by = "Any"
 }

 resource "alicloud_ots_table" "lock" {
--- a/iac-template/terraform-hcl-standard/aws-cloud/bootstrap/identity/main.tf
+++ b/iac-template/terraform-hcl-standard/aws-cloud/bootstrap/identity/main.tf
@ -2,13 +2,15 @@
 # IAM Role: Terraform Deploy Role
 # ----------------------------------------
 data "aws_iam_policy_document" "terraform_deploy_assume_role" {
-  source_json = templatefile(
-    "${path.module}/policies/terraform-deploy-assume-role.json",
-    {
-      account_id          = local.account.account_id
-      terraform_user_name = local.config_terraform_user
-    }
-  )
+  override_policy_documents = [
+    templatefile(
+      "${path.module}/policies/terraform-deploy-assume-role.json",
+      {
+        account_id          = local.account.account_id
+        terraform_user_name = local.config_terraform_user
+      }
+    )
+  ]
 }

 resource "aws_iam_role" "terraform_deploy_role" {
@ -28,16 +30,18 @@ resource "aws_iam_role" "terraform_deploy_role" {
 }

 data "aws_iam_policy_document" "terraform_deploy_inline" {
-  source_json = templatefile(
-    "${path.module}/policies/terraform-deploy-inline-policy.json",
-    {
-      account_id  = local.account.account_id
-      bucket_name = local.state_bucket_name
-      region      = local.config_region
-      role_name   = local.role_name
-      table_name  = local.lock_table_name
-    }
-  )
+  override_policy_documents = [
+    templatefile(
+      "${path.module}/policies/terraform-deploy-inline-policy.json",
+      {
+        account_id  = local.account.account_id
+        bucket_name = local.state_bucket_name
+        region      = local.config_region
+        role_name   = local.role_name
+        table_name  = local.lock_table_name
+      }
+    )
+  ]
 }

 resource "aws_iam_role_policy" "terraform_deploy_role_policy" {
@ -61,13 +65,15 @@ resource "aws_iam_user" "terraform_user" {
 # IAM User Policy: 最小权限
 # ----------------------------------------
 data "aws_iam_policy_document" "terraform_user" {
-  source_json = templatefile(
-    "${path.module}/policies/terraform-user-assume-role.json",
-    {
-      account_id = local.account.account_id
-      role_name  = local.role_name
-    }
-  )
+  override_policy_documents = [
+    templatefile(
+      "${path.module}/policies/terraform-user-assume-role.json",
+      {
+        account_id = local.account.account_id
+        role_name  = local.role_name
+      }
+    )
+  ]
 }

 resource "aws_iam_user_policy" "terraform_user_policy" {