Skip to content

Commit

Permalink
Merge pull request #22890 from hashicorp/td-iam_policy-deprecate
Browse files Browse the repository at this point in the history
d/aws_iam_policy_document: Deprecate source_json, override_json
  • Loading branch information
zhelding authored Feb 2, 2022
2 parents c7d64bd + 4e9d27d commit 244f377
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 27 deletions.
3 changes: 3 additions & 0 deletions .changelog/22890.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:note
data-source/aws_iam_policy_document: The `source_json` and `override_json` attributes have been deprecated. Use the `source_policy_documents` and `override_policy_documents` attributes respectively instead.
```
10 changes: 6 additions & 4 deletions internal/service/iam/policy_document_data_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,9 @@ func DataSourcePolicyDocument() *schema.Resource {
Computed: true,
},
"override_json": {
Type: schema.TypeString,
Optional: true,
Type: schema.TypeString,
Optional: true,
Deprecated: "Use the attribute \"override_policy_documents\" instead.",
},
"override_policy_documents": {
Type: schema.TypeList,
Expand All @@ -46,8 +47,9 @@ func DataSourcePolicyDocument() *schema.Resource {
Optional: true,
},
"source_json": {
Type: schema.TypeString,
Optional: true,
Type: schema.TypeString,
Optional: true,
Deprecated: "Use the attribute \"source_policy_documents\" instead.",
},
"source_policy_documents": {
Type: schema.TypeList,
Expand Down
24 changes: 12 additions & 12 deletions internal/service/iam/policy_document_data_source_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,15 +60,15 @@ func TestAccIAMPolicyDocumentDataSource_source(t *testing.T) {
Providers: acctest.Providers,
Steps: []resource.TestStep{
{
Config: testAccPolicyDocumentSourceConfig,
Config: testAccPolicyDocumentSourceConfigDeprecated,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_source", "json",
testAccPolicyDocumentSourceExpectedJSON(),
),
),
},
{
Config: testAccPolicyDocumentSourceBlankConfig,
Config: testAccPolicyDocumentSourceBlankConfigDeprecated,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_source_blank", "json",
testAccPolicyDocumentSourceBlankExpectedJSON,
Expand Down Expand Up @@ -104,7 +104,7 @@ func TestAccIAMPolicyDocumentDataSource_sourceConflicting(t *testing.T) {
Providers: acctest.Providers,
Steps: []resource.TestStep{
{
Config: testAccPolicyDocumentSourceConflictingConfig,
Config: testAccPolicyDocumentSourceConflictingConfigDeprecated,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_source_conflicting", "json",
testAccPolicyDocumentSourceConflictingExpectedJSON,
Expand Down Expand Up @@ -136,7 +136,7 @@ func TestAccIAMPolicyDocumentDataSource_override(t *testing.T) {
Providers: acctest.Providers,
Steps: []resource.TestStep{
{
Config: testAccPolicyDocumentOverrideConfig,
Config: testAccPolicyDocumentOverrideConfigDeprecated,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_override", "json",
testAccPolicyDocumentOverrideExpectedJSON,
Expand Down Expand Up @@ -172,7 +172,7 @@ func TestAccIAMPolicyDocumentDataSource_noStatementMerge(t *testing.T) {
Providers: acctest.Providers,
Steps: []resource.TestStep{
{
Config: testAccPolicyDocumentNoStatementMergeConfig,
Config: testAccPolicyDocumentNoStatementMergeConfigDeprecated,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_iam_policy_document.yak_politik", "json",
testAccPolicyDocumentNoStatementMergeExpectedJSON,
Expand All @@ -190,7 +190,7 @@ func TestAccIAMPolicyDocumentDataSource_noStatementOverride(t *testing.T) {
Providers: acctest.Providers,
Steps: []resource.TestStep{
{
Config: testAccPolicyDocumentNoStatementOverrideConfig,
Config: testAccPolicyDocumentNoStatementOverrideConfigDeprecated,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("data.aws_iam_policy_document.yak_politik", "json",
testAccPolicyDocumentNoStatementOverrideExpectedJSON,
Expand Down Expand Up @@ -514,7 +514,7 @@ const testAccPolicyDocumentConfig_SingleConditionValue_ExpectedJSON = `{
]
}`

var testAccPolicyDocumentSourceConfig = `
var testAccPolicyDocumentSourceConfigDeprecated = `
data "aws_partition" "current" {}
data "aws_iam_policy_document" "test" {
Expand Down Expand Up @@ -757,7 +757,7 @@ var testAccPolicyDocumentSourceListExpectedJSON = `{
]
}`

var testAccPolicyDocumentSourceBlankConfig = `
var testAccPolicyDocumentSourceBlankConfigDeprecated = `
data "aws_iam_policy_document" "test_source_blank" {
source_json = ""
Expand All @@ -781,7 +781,7 @@ var testAccPolicyDocumentSourceBlankExpectedJSON = `{
]
}`

var testAccPolicyDocumentSourceConflictingConfig = `
var testAccPolicyDocumentSourceConflictingConfigDeprecated = `
data "aws_iam_policy_document" "test_source" {
statement {
sid = "SourceJSONTestConflicting"
Expand Down Expand Up @@ -855,7 +855,7 @@ data "aws_iam_policy_document" "test_source_list_conflicting" {
}
`

var testAccPolicyDocumentOverrideConfig = `
var testAccPolicyDocumentOverrideConfigDeprecated = `
data "aws_partition" "current" {}
data "aws_iam_policy_document" "override" {
Expand Down Expand Up @@ -969,7 +969,7 @@ var testAccPolicyDocumentOverrideListExpectedJSON = `{
]
}`

var testAccPolicyDocumentNoStatementMergeConfig = `
var testAccPolicyDocumentNoStatementMergeConfigDeprecated = `
data "aws_iam_policy_document" "source" {
statement {
sid = ""
Expand Down Expand Up @@ -1010,7 +1010,7 @@ var testAccPolicyDocumentNoStatementMergeExpectedJSON = `{
]
}`

var testAccPolicyDocumentNoStatementOverrideConfig = `
var testAccPolicyDocumentNoStatementOverrideConfigDeprecated = `
data "aws_iam_policy_document" "source" {
statement {
sid = "OverridePlaceholder"
Expand Down
22 changes: 11 additions & 11 deletions website/docs/d/iam_policy_document.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ data "aws_iam_policy_document" "source" {
}
}
data "aws_iam_policy_document" "source_json_example" {
source_json = data.aws_iam_policy_document.source.json
data "aws_iam_policy_document" "source_document_example" {
source_policy_documents = [data.aws_iam_policy_document.source.json]
statement {
sid = "SidToOverride"
Expand All @@ -135,7 +135,7 @@ data "aws_iam_policy_document" "source_json_example" {
}
```

`data.aws_iam_policy_document.source_json_example.json` will evaluate to:
`data.aws_iam_policy_document.source_document_example.json` will evaluate to:

```json
{
Expand Down Expand Up @@ -172,8 +172,8 @@ data "aws_iam_policy_document" "override" {
}
}
data "aws_iam_policy_document" "override_json_example" {
override_json = data.aws_iam_policy_document.override.json
data "aws_iam_policy_document" "override_policy_document_example" {
override_policy_documents = [data.aws_iam_policy_document.override.json]
statement {
actions = ["ec2:*"]
Expand All @@ -193,7 +193,7 @@ data "aws_iam_policy_document" "override_json_example" {
}
```

`data.aws_iam_policy_document.override_json_example.json` will evaluate to:
`data.aws_iam_policy_document.override_policy_document_example.json` will evaluate to:

```json
{
Expand All @@ -217,7 +217,7 @@ data "aws_iam_policy_document" "override_json_example" {

### Example with Both Source and Override Documents

You can also combine `source_json` and `override_json` in the same document.
You can also combine `source_policy_documents` and `override_policy_documents` in the same document.

```terraform
data "aws_iam_policy_document" "source" {
Expand All @@ -237,8 +237,8 @@ data "aws_iam_policy_document" "override" {
}
data "aws_iam_policy_document" "politik" {
source_json = data.aws_iam_policy_document.source.json
override_json = data.aws_iam_policy_document.override.json
source_policy_documents = [data.aws_iam_policy_document.source.json]
override_policy_documents = [data.aws_iam_policy_document.override.json]
}
```

Expand Down Expand Up @@ -421,13 +421,13 @@ data "aws_iam_policy_document" "combined" {

The following arguments are optional:

* `override_json` (Optional) - IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document.
* `override_json` (Optional, **Deprecated** use the `override_policy_documents` attribute instead) - IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document.

~> **NOTE:** Statements without a `sid` cannot be overridden. In other words, a statement without a `sid` from documents assigned to the `source_json` or `source_policy_documents` arguments cannot be overridden by statements from documents assigned to the `override_json` or `override_policy_documents` arguments.

* `override_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from documents provided in the `source_json` and `source_policy_documents` arguments. Non-overriding statements will be added to the exported document.
* `policy_id` (Optional) - ID for the policy document.
* `source_json` (Optional) - IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.
* `source_json` (Optional, **Deprecated** use the `source_policy_documents` attribute instead) - IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.
* `source_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique `sid`s. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.
* `statement` (Optional) - Configuration block for a policy statement. Detailed below.
* `version` (Optional) - IAM policy document version. Valid values are `2008-10-17` and `2012-10-17`. Defaults to `2012-10-17`. For more information, see the [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html).
Expand Down

0 comments on commit 244f377

Please sign in to comment.