mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-18 20:52:58 -06:00
provider/aws: Fix IDs in aws_iam_policy_document
We cannot use the "id" field to represent policy ID, because it is used internally by Terraform. Also change the "id" field within a statement to "sid" for consistency with the generated JSON.
This commit is contained in:
parent
788bff46e2
commit
28438daeb4
@ -24,20 +24,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
|
||||
Read: dataSourceAwsIamPolicyDocumentRead,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"id": &schema.Schema{
|
||||
"policy_id": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"statement": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
"statement": {
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"id": &schema.Schema{
|
||||
"sid": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"effect": &schema.Schema{
|
||||
"effect": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "Allow",
|
||||
@ -48,20 +48,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
|
||||
"not_resources": setOfString,
|
||||
"principals": dataSourceAwsIamPolicyPrincipalSchema(),
|
||||
"not_principals": dataSourceAwsIamPolicyPrincipalSchema(),
|
||||
"condition": &schema.Schema{
|
||||
"condition": {
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"test": &schema.Schema{
|
||||
"test": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"variable": &schema.Schema{
|
||||
"variable": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"values": &schema.Schema{
|
||||
"values": {
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Elem: &schema.Schema{
|
||||
@ -74,7 +74,7 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
|
||||
},
|
||||
},
|
||||
},
|
||||
"json": &schema.Schema{
|
||||
"json": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
@ -87,11 +87,11 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
|
||||
Version: "2012-10-17",
|
||||
}
|
||||
|
||||
if policyId, hasPolicyId := d.GetOk("id"); hasPolicyId {
|
||||
if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId {
|
||||
doc.Id = policyId.(string)
|
||||
}
|
||||
|
||||
var cfgStmts = d.Get("statement").(*schema.Set).List()
|
||||
var cfgStmts = d.Get("statement").([]interface{})
|
||||
stmts := make([]*IAMPolicyStatement, len(cfgStmts))
|
||||
doc.Statements = stmts
|
||||
for i, stmtI := range cfgStmts {
|
||||
@ -100,6 +100,10 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
|
||||
Effect: cfgStmt["effect"].(string),
|
||||
}
|
||||
|
||||
if sid, ok := cfgStmt["sid"]; ok {
|
||||
stmt.Sid = sid.(string)
|
||||
}
|
||||
|
||||
if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 {
|
||||
stmt.Actions = iamPolicyDecodeConfigStringList(actions)
|
||||
}
|
||||
|
@ -16,7 +16,7 @@ func TestAccAWSIAMPolicyDocument(t *testing.T) {
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
{
|
||||
Config: testAccAWSIAMPolicyDocumentConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckStateValue(
|
||||
@ -52,7 +52,9 @@ func testAccCheckStateValue(id, name, value string) resource.TestCheckFunc {
|
||||
|
||||
var testAccAWSIAMPolicyDocumentConfig = `
|
||||
data "aws_iam_policy_document" "test" {
|
||||
policy_id = "policy_id"
|
||||
statement {
|
||||
sid = "1"
|
||||
actions = [
|
||||
"s3:ListAllMyBuckets",
|
||||
"s3:GetBucketLocation",
|
||||
@ -110,8 +112,10 @@ data "aws_iam_policy_document" "test" {
|
||||
|
||||
var testAccAWSIAMPolicyDocumentExpectedJSON = `{
|
||||
"Version": "2012-10-17",
|
||||
"Id": "policy_id",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "1",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"s3:GetBucketLocation",
|
||||
|
@ -5,8 +5,8 @@ import (
|
||||
)
|
||||
|
||||
type IAMPolicyDoc struct {
|
||||
Id string `json:",omitempty"`
|
||||
Version string `json:",omitempty"`
|
||||
Id string `json:",omitempty"`
|
||||
Statements []*IAMPolicyStatement `json:"Statement"`
|
||||
}
|
||||
|
||||
|
@ -17,6 +17,7 @@ such as the `aws_iam_policy` resource.
|
||||
```
|
||||
data "aws_iam_policy_document" "example" {
|
||||
statement {
|
||||
sid = "1"
|
||||
actions = [
|
||||
"s3:ListAllMyBuckets",
|
||||
"s3:GetBucketLocation",
|
||||
@ -71,14 +72,14 @@ valid to use literal JSON strings within your configuration, or to use the
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `id` (Optional) - An ID for the policy document.
|
||||
* `policy_id` (Optional) - An ID for the policy document.
|
||||
* `statement` (Required) - A nested configuration block (described below)
|
||||
configuring one *statement* to be included in the policy document.
|
||||
|
||||
Each document configuration must have one or more `statement` blocks, which
|
||||
each accept the following arguments:
|
||||
|
||||
* `id` (Optional) - An ID for the policy statement.
|
||||
* `sid` (Optional) - An ID for the policy statement.
|
||||
* `effect` (Optional) - Either "Allow" or "Deny", to specify whether this
|
||||
statement allows or denies the given actions. The default is "Allow".
|
||||
* `actions` (Optional) - A list of actions that this statement either allows
|
||||
|
Loading…
Reference in New Issue
Block a user