Merge pull request #30829 from hashicorp/t-iam-policy-doc-remove-deprec

iam_policy_document: Remove source_json, override_json
hashicorp · Apr 20, 2023 · 34aaf87 · 34aaf87
2 parents 615866f + 86d77d8
commit 34aaf87
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 112 deletions.
diff --git a/.changelog/30829.txt b/.changelog/30829.txt
@@ -0,0 +1,7 @@
+```release-note:breaking-change
+    data-source/aws_iam_policy_document: `source_json` and `override_json` have been removed -- use `source_policy_documents` and `override_policy_documents`, respectively, instead
+ ```
+
+ ```release-note:note
+ data-source/aws_iam_policy_document: Update configurations to use `source_policy_documents` and `override_policy_documents` instead of `source_json` and `override_json`, respectively, which have been removed
+ ```
diff --git a/internal/service/iam/policy_document_data_source.go b/internal/service/iam/policy_document_data_source.go
@@ -36,12 +36,6 @@ func DataSourcePolicyDocument() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-			"override_json": {
-				Type:         schema.TypeString,
-				Optional:     true,
-				ValidateFunc: validation.StringIsJSON,
-				Deprecated:   "Use the attribute \"override_policy_documents\" instead.",
-			},
 			"override_policy_documents": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -54,12 +48,6 @@ func DataSourcePolicyDocument() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
-			"source_json": {
-				Type:         schema.TypeString,
-				Optional:     true,
-				ValidateFunc: validation.StringIsJSON,
-				Deprecated:   "Use the attribute \"source_policy_documents\" instead.",
-			},
 			"source_policy_documents": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -132,12 +120,6 @@ func dataSourcePolicyDocumentRead(ctx context.Context, d *schema.ResourceData, m
 	var diags diag.Diagnostics
 	mergedDoc := &IAMPolicyDoc{}
 
-	if v, ok := d.GetOk("source_json"); ok {
-		if err := json.Unmarshal([]byte(v.(string)), mergedDoc); err != nil {
-			return sdkdiag.AppendErrorf(diags, "writing IAM Policy Document: %s", err)
-		}
-	}
-
 	if v, ok := d.GetOk("source_policy_documents"); ok && len(v.([]interface{})) > 0 {
 		// generate sid map to assure there are no duplicates in source jsons
 		sidMap := make(map[string]struct{})
@@ -276,16 +258,6 @@ func dataSourcePolicyDocumentRead(ctx context.Context, d *schema.ResourceData, m
 		}
 	}
 
-	// merge in override_json
-	if v, ok := d.GetOk("override_json"); ok {
-		overrideDoc := &IAMPolicyDoc{}
-		if err := json.Unmarshal([]byte(v.(string)), overrideDoc); err != nil {
-			return sdkdiag.AppendErrorf(diags, "writing IAM Policy Document: merging override JSON: %s", err)
-		}
-
-		mergedDoc.Merge(overrideDoc)
-	}
-
 	jsonDoc, err := json.MarshalIndent(mergedDoc, "", "  ")
 	if err != nil {
 		// should never happen if the above code is correct

diff --git a/internal/service/iam/policy_document_data_source_test.go b/internal/service/iam/policy_document_data_source_test.go
@@ -299,52 +299,6 @@ func TestAccIAMPolicyDocumentDataSource_overridePolicyDocumentValidJSON(t *testi
 	})
 }
 
-func TestAccIAMPolicyDocumentDataSource_overrideJSONValidJSON(t *testing.T) {
-	ctx := acctest.Context(t)
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
-		ErrorCheck:               acctest.ErrorCheck(t, iam.EndpointsID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		Steps: []resource.TestStep{
-			{
-				Config:      testAccPolicyDocumentDataSourceConfig_overrideJSON_invalidJSON,
-				ExpectError: regexp.MustCompile(`"override_json" contains an invalid JSON: unexpected end of JSON input`),
-			},
-			{
-				Config: testAccPolicyDocumentDataSourceConfig_overrideJSON_emptyString,
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("data.aws_iam_policy_document.test", "json",
-						testAccPolicyDocumentExpectedJSONNoStatement,
-					),
-				),
-			},
-		},
-	})
-}
-
-func TestAccIAMPolicyDocumentDataSource_sourceJSONValidJSON(t *testing.T) {
-	ctx := acctest.Context(t)
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
-		ErrorCheck:               acctest.ErrorCheck(t, iam.EndpointsID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		Steps: []resource.TestStep{
-			{
-				Config:      testAccPolicyDocumentDataSourceConfig_sourceJSON_invalidJSON,
-				ExpectError: regexp.MustCompile(`"source_json" contains an invalid JSON: unexpected end of JSON input`),
-			},
-			{
-				Config: testAccPolicyDocumentDataSourceConfig_sourceJSON_emptyString,
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("data.aws_iam_policy_document.test", "json",
-						testAccPolicyDocumentExpectedJSONNoStatement,
-					),
-				),
-			},
-		},
-	})
-}
-
 // Reference: https://github.com/hashicorp/terraform-provider-aws/issues/10777
 func TestAccIAMPolicyDocumentDataSource_StatementPrincipalIdentifiers_stringAndSlice(t *testing.T) {
 	ctx := acctest.Context(t)
@@ -730,7 +684,7 @@ data "aws_iam_policy_document" "test" {
 }
 
 data "aws_iam_policy_document" "test_source" {
-  source_json = data.aws_iam_policy_document.test.json
+  source_policy_documents = [data.aws_iam_policy_document.test.json]
 
   statement {
     sid       = "SourceJSONTest1"
@@ -885,7 +839,7 @@ var testAccPolicyDocumentSourceListExpectedJSON = `{
 
 var testAccPolicyDocumentDataSourceConfig_blankDeprecated = `
 data "aws_iam_policy_document" "test_source_blank" {
-  source_json = ""
+  source_policy_documents = [""]
 
   statement {
     sid       = "SourceJSONTest2"
@@ -917,7 +871,7 @@ data "aws_iam_policy_document" "test_source" {
 }
 
 data "aws_iam_policy_document" "test_source_conflicting" {
-  source_json = data.aws_iam_policy_document.test_source.json
+  source_policy_documents = [data.aws_iam_policy_document.test_source.json]
 
   statement {
     sid       = "SourceJSONTestConflicting"
@@ -994,7 +948,7 @@ data "aws_iam_policy_document" "override" {
 }
 
 data "aws_iam_policy_document" "test_override" {
-  override_json = data.aws_iam_policy_document.override.json
+  override_policy_documents = [data.aws_iam_policy_document.override.json]
 
   statement {
     actions   = ["ec2:*"]
@@ -1113,8 +1067,8 @@ data "aws_iam_policy_document" "override" {
 }
 
 data "aws_iam_policy_document" "yak_politik" {
-  source_json   = data.aws_iam_policy_document.source.json
-  override_json = data.aws_iam_policy_document.override.json
+  source_policy_documents   = [data.aws_iam_policy_document.source.json]
+  override_policy_documents = [data.aws_iam_policy_document.override.json]
 }
 `
 
@@ -1154,8 +1108,8 @@ data "aws_iam_policy_document" "override" {
 }
 
 data "aws_iam_policy_document" "yak_politik" {
-  source_json   = data.aws_iam_policy_document.source.json
-  override_json = data.aws_iam_policy_document.override.json
+  source_policy_documents   = [data.aws_iam_policy_document.source.json]
+  override_policy_documents = [data.aws_iam_policy_document.override.json]
 }
 `
 
@@ -1539,27 +1493,3 @@ data "aws_iam_policy_document" "test" {
   override_policy_documents = ["{"]
 }
 `
-
-var testAccPolicyDocumentDataSourceConfig_overrideJSON_emptyString = `
-data "aws_iam_policy_document" "test" {
-  override_json = ""
-}
-`
-
-var testAccPolicyDocumentDataSourceConfig_overrideJSON_invalidJSON = `
-data "aws_iam_policy_document" "test" {
-  override_json = "{"
-}
-`
-
-var testAccPolicyDocumentDataSourceConfig_sourceJSON_emptyString = `
-data "aws_iam_policy_document" "test" {
-  source_json = ""
-}
-`
-
-var testAccPolicyDocumentDataSourceConfig_sourceJSON_invalidJSON = `
-data "aws_iam_policy_document" "test" {
-  source_json = "{"
-}
-`
diff --git a/website/docs/d/iam_policy_document.html.markdown b/website/docs/d/iam_policy_document.html.markdown
@@ -486,14 +486,11 @@ data "aws_iam_policy_document" "combined" {
 
 The following arguments are optional:
 
-* `override_json` (Optional, **Deprecated** use the `override_policy_documents` attribute instead) - IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document.
+~> **NOTE:** Statements without a `sid` cannot be overridden. In other words, a statement without a `sid` from `source_policy_documents` cannot be overridden by statements from `override_policy_documents`.
 
-~> **NOTE:** Statements without a `sid` cannot be overridden. In other words, a statement without a `sid` from documents assigned to the `source_json` or `source_policy_documents` arguments cannot be overridden by statements from documents assigned to the `override_json` or `override_policy_documents` arguments.
-
-* `override_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from documents provided in the `source_json` and `source_policy_documents` arguments.  Non-overriding statements will be added to the exported document.
+* `override_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from `source_policy_documents`.  Non-overriding statements will be added to the exported document.
 * `policy_id` (Optional) - ID for the policy document.
-* `source_json` (Optional, **Deprecated** use the `source_policy_documents` attribute instead) - IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.
-* `source_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique `sid`s. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.
+* `source_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` must have unique `sid`s. Statements with the same `sid` from `override_policy_documents` will override source statements.
 * `statement` (Optional) - Configuration block for a policy statement. Detailed below.
 * `version` (Optional) - IAM policy document version. Valid values are `2008-10-17` and `2012-10-17`. Defaults to `2012-10-17`. For more information, see the [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html).