Hello, first time here. I would like to unit-test an IAM Policy that is build up dynamically using

aws.iam.getPolicyDocument

. However, I’ve noticed that

getPolicyDocument

gets mocked away during unit testing. As a result:

GetPolicyDocumentResult.json

returns undefined in the unit test 😒 Of course I can add something like this in

Mocks.call

:

pulumi.runtime.setMocks({
  newResource: function(resourceType: string, name: string, inputs: any, provider?: string, id?: string) {},
  call:  function(token: string, args: any, provider?: string) {
    switch (token) {
        case 'aws:iam/getPolicyDocument:getPolicyDocument':
          return {
            json: JSON.stringify(args),
          };
      }
      return args;
    },
});

But then the returned IAM Policy json document is not a valid IAM policy. What would be the preferred way of unit testing the result of

getPolicyDocument

? Thank you for your input. As you see the code is written in Typescript.

In general in Pulumi, getPolicyDocument isn't needed. You can assign a simple JSON object (technically of type aws.iam.PolicyDocument) to a Role as its policy (or to anything that has a policy). Would that make testing easier?

Alright. Yes. That makes sense. I haven’t thought about that. I’ll give that a try. I wasn’t aware we could just assign a JSON. For some reason I thought it only accepted json string 🤦‍♂️ Thank you @little-cartoon-10569!

I think: Terraform.

Oh yes. Off course. Good point.