diff --git a/pkg/iac/adapters/terraform/aws/iam/convert.go b/pkg/iac/adapters/terraform/aws/iam/convert.go index f562597b17c6..3a61791e5fb9 100644 --- a/pkg/iac/adapters/terraform/aws/iam/convert.go +++ b/pkg/iac/adapters/terraform/aws/iam/convert.go @@ -208,20 +208,15 @@ func findAllPolicies(modules terraform.Modules, attr *terraform.Attribute) []wra policyDocIDs := attr.AsStringValues().AsStrings() for _, policyDocID := range policyDocIDs { - policyDoc, err := modules.GetBlockById(policyDocID) - if err == nil { - document, err := ConvertTerraformDocument(modules, policyDoc) - if err == nil { + if policyDoc, err := modules.GetBlockById(policyDocID); err == nil { + if document, err := ConvertTerraformDocument(modules, policyDoc); err == nil { documents = append(documents, *document) } - } else { - parsed, err := iamgo.Parse([]byte(unescapeVars(policyDocID))) - if err == nil { - documents = append(documents, wrappedDocument{ - Document: *parsed, - Source: attr, - }) - } + } else if parsed, err := iamgo.Parse([]byte(unescapeVars(policyDocID))); err == nil { + documents = append(documents, wrappedDocument{ + Document: *parsed, + Source: attr, + }) } } return documents diff --git a/pkg/iac/adapters/terraform/aws/iam/policies_test.go b/pkg/iac/adapters/terraform/aws/iam/policies_test.go index bfebf3db636b..aa6b9f9b59f5 100644 --- a/pkg/iac/adapters/terraform/aws/iam/policies_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/policies_test.go @@ -384,6 +384,25 @@ data "aws_iam_policy_document" "policy" { }, }, }, + { + name: "invalid `override_policy_documents` attribute", + terraform: `resource "aws_iam_policy" "test_policy" { + name = "test-policy" + policy = data.aws_iam_policy_document.policy.json +} + +data "aws_iam_policy_document" "policy" { + source_policy_documents = data.aws_iam_policy_document.policy2.json +}`, + expected: []iam.Policy{ + { + Name: iacTypes.String("test-policy", iacTypes.NewTestMetadata()), + Document: iam.Document{ + IsOffset: true, + }, + }, + }, + }, } for _, test := range tests {