diff --git a/.changelog/22890.txt b/.changelog/22890.txt new file mode 100644 index 00000000000..9d0c99d60f6 --- /dev/null +++ b/.changelog/22890.txt @@ -0,0 +1,3 @@ +```release-note:note +data-source/aws_iam_policy_document: The `source_json` and `override_json` attributes have been deprecated. Use the `source_policy_documents` and `override_policy_documents` attributes respectively instead. +``` diff --git a/internal/service/iam/policy_document_data_source.go b/internal/service/iam/policy_document_data_source.go index c33bd0d8088..107dd6a2956 100644 --- a/internal/service/iam/policy_document_data_source.go +++ b/internal/service/iam/policy_document_data_source.go @@ -33,8 +33,9 @@ func DataSourcePolicyDocument() *schema.Resource { Computed: true, }, "override_json": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Deprecated: "Use the attribute \"override_policy_documents\" instead.", }, "override_policy_documents": { Type: schema.TypeList, @@ -46,8 +47,9 @@ func DataSourcePolicyDocument() *schema.Resource { Optional: true, }, "source_json": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Deprecated: "Use the attribute \"source_policy_documents\" instead.", }, "source_policy_documents": { Type: schema.TypeList, diff --git a/internal/service/iam/policy_document_data_source_test.go b/internal/service/iam/policy_document_data_source_test.go index fe778466a3e..703de03de25 100644 --- a/internal/service/iam/policy_document_data_source_test.go +++ b/internal/service/iam/policy_document_data_source_test.go @@ -60,7 +60,7 @@ func TestAccIAMPolicyDocumentDataSource_source(t *testing.T) { Providers: acctest.Providers, Steps: []resource.TestStep{ { - Config: testAccPolicyDocumentSourceConfig, + Config: testAccPolicyDocumentSourceConfigDeprecated, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_source", "json", testAccPolicyDocumentSourceExpectedJSON(), @@ -68,7 +68,7 @@ func TestAccIAMPolicyDocumentDataSource_source(t *testing.T) { ), }, { - Config: testAccPolicyDocumentSourceBlankConfig, + Config: testAccPolicyDocumentSourceBlankConfigDeprecated, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_source_blank", "json", testAccPolicyDocumentSourceBlankExpectedJSON, @@ -104,7 +104,7 @@ func TestAccIAMPolicyDocumentDataSource_sourceConflicting(t *testing.T) { Providers: acctest.Providers, Steps: []resource.TestStep{ { - Config: testAccPolicyDocumentSourceConflictingConfig, + Config: testAccPolicyDocumentSourceConflictingConfigDeprecated, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_source_conflicting", "json", testAccPolicyDocumentSourceConflictingExpectedJSON, @@ -136,7 +136,7 @@ func TestAccIAMPolicyDocumentDataSource_override(t *testing.T) { Providers: acctest.Providers, Steps: []resource.TestStep{ { - Config: testAccPolicyDocumentOverrideConfig, + Config: testAccPolicyDocumentOverrideConfigDeprecated, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.aws_iam_policy_document.test_override", "json", testAccPolicyDocumentOverrideExpectedJSON, @@ -172,7 +172,7 @@ func TestAccIAMPolicyDocumentDataSource_noStatementMerge(t *testing.T) { Providers: acctest.Providers, Steps: []resource.TestStep{ { - Config: testAccPolicyDocumentNoStatementMergeConfig, + Config: testAccPolicyDocumentNoStatementMergeConfigDeprecated, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.aws_iam_policy_document.yak_politik", "json", testAccPolicyDocumentNoStatementMergeExpectedJSON, @@ -190,7 +190,7 @@ func TestAccIAMPolicyDocumentDataSource_noStatementOverride(t *testing.T) { Providers: acctest.Providers, Steps: []resource.TestStep{ { - Config: testAccPolicyDocumentNoStatementOverrideConfig, + Config: testAccPolicyDocumentNoStatementOverrideConfigDeprecated, Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("data.aws_iam_policy_document.yak_politik", "json", testAccPolicyDocumentNoStatementOverrideExpectedJSON, @@ -514,7 +514,7 @@ const testAccPolicyDocumentConfig_SingleConditionValue_ExpectedJSON = `{ ] }` -var testAccPolicyDocumentSourceConfig = ` +var testAccPolicyDocumentSourceConfigDeprecated = ` data "aws_partition" "current" {} data "aws_iam_policy_document" "test" { @@ -757,7 +757,7 @@ var testAccPolicyDocumentSourceListExpectedJSON = `{ ] }` -var testAccPolicyDocumentSourceBlankConfig = ` +var testAccPolicyDocumentSourceBlankConfigDeprecated = ` data "aws_iam_policy_document" "test_source_blank" { source_json = "" @@ -781,7 +781,7 @@ var testAccPolicyDocumentSourceBlankExpectedJSON = `{ ] }` -var testAccPolicyDocumentSourceConflictingConfig = ` +var testAccPolicyDocumentSourceConflictingConfigDeprecated = ` data "aws_iam_policy_document" "test_source" { statement { sid = "SourceJSONTestConflicting" @@ -855,7 +855,7 @@ data "aws_iam_policy_document" "test_source_list_conflicting" { } ` -var testAccPolicyDocumentOverrideConfig = ` +var testAccPolicyDocumentOverrideConfigDeprecated = ` data "aws_partition" "current" {} data "aws_iam_policy_document" "override" { @@ -969,7 +969,7 @@ var testAccPolicyDocumentOverrideListExpectedJSON = `{ ] }` -var testAccPolicyDocumentNoStatementMergeConfig = ` +var testAccPolicyDocumentNoStatementMergeConfigDeprecated = ` data "aws_iam_policy_document" "source" { statement { sid = "" @@ -1010,7 +1010,7 @@ var testAccPolicyDocumentNoStatementMergeExpectedJSON = `{ ] }` -var testAccPolicyDocumentNoStatementOverrideConfig = ` +var testAccPolicyDocumentNoStatementOverrideConfigDeprecated = ` data "aws_iam_policy_document" "source" { statement { sid = "OverridePlaceholder" diff --git a/website/docs/d/iam_policy_document.html.markdown b/website/docs/d/iam_policy_document.html.markdown index 40c870f5bff..692c509ec82 100644 --- a/website/docs/d/iam_policy_document.html.markdown +++ b/website/docs/d/iam_policy_document.html.markdown @@ -119,8 +119,8 @@ data "aws_iam_policy_document" "source" { } } -data "aws_iam_policy_document" "source_json_example" { - source_json = data.aws_iam_policy_document.source.json +data "aws_iam_policy_document" "source_document_example" { + source_policy_documents = [data.aws_iam_policy_document.source.json] statement { sid = "SidToOverride" @@ -135,7 +135,7 @@ data "aws_iam_policy_document" "source_json_example" { } ``` -`data.aws_iam_policy_document.source_json_example.json` will evaluate to: +`data.aws_iam_policy_document.source_document_example.json` will evaluate to: ```json { @@ -172,8 +172,8 @@ data "aws_iam_policy_document" "override" { } } -data "aws_iam_policy_document" "override_json_example" { - override_json = data.aws_iam_policy_document.override.json +data "aws_iam_policy_document" "override_policy_document_example" { + override_policy_documents = [data.aws_iam_policy_document.override.json] statement { actions = ["ec2:*"] @@ -193,7 +193,7 @@ data "aws_iam_policy_document" "override_json_example" { } ``` -`data.aws_iam_policy_document.override_json_example.json` will evaluate to: +`data.aws_iam_policy_document.override_policy_document_example.json` will evaluate to: ```json { @@ -217,7 +217,7 @@ data "aws_iam_policy_document" "override_json_example" { ### Example with Both Source and Override Documents -You can also combine `source_json` and `override_json` in the same document. +You can also combine `source_policy_documents` and `override_policy_documents` in the same document. ```terraform data "aws_iam_policy_document" "source" { @@ -237,8 +237,8 @@ data "aws_iam_policy_document" "override" { } data "aws_iam_policy_document" "politik" { - source_json = data.aws_iam_policy_document.source.json - override_json = data.aws_iam_policy_document.override.json + source_policy_documents = [data.aws_iam_policy_document.source.json] + override_policy_documents = [data.aws_iam_policy_document.override.json] } ``` @@ -421,13 +421,13 @@ data "aws_iam_policy_document" "combined" { The following arguments are optional: -* `override_json` (Optional) - IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document. +* `override_json` (Optional, **Deprecated** use the `override_policy_documents` attribute instead) - IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document. ~> **NOTE:** Statements without a `sid` cannot be overridden. In other words, a statement without a `sid` from documents assigned to the `source_json` or `source_policy_documents` arguments cannot be overridden by statements from documents assigned to the `override_json` or `override_policy_documents` arguments. * `override_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from documents provided in the `source_json` and `source_policy_documents` arguments. Non-overriding statements will be added to the exported document. * `policy_id` (Optional) - ID for the policy document. -* `source_json` (Optional) - IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. +* `source_json` (Optional, **Deprecated** use the `source_policy_documents` attribute instead) - IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. * `source_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique `sid`s. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. * `statement` (Optional) - Configuration block for a policy statement. Detailed below. * `version` (Optional) - IAM policy document version. Valid values are `2008-10-17` and `2012-10-17`. Defaults to `2012-10-17`. For more information, see the [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html).