d/aws_iam_policy_document(test): duplicated condition config

hashicorp · Aug 18, 2023 · a8c3b26 · a8c3b26
1 parent 19853d7
commit a8c3b26
Showing 1 changed file with 70 additions and 0 deletions.
diff --git a/internal/service/iam/policy_document_data_source_test.go b/internal/service/iam/policy_document_data_source_test.go
@@ -74,6 +74,25 @@ func TestAccIAMPolicyDocumentDataSource_multipleConditionKeys(t *testing.T) {
 	})
 }
 
+func TestAccIAMPolicyDocumentDataSource_duplicateConditionKeys(t *testing.T) {
+	ctx := acctest.Context(t)
+	dataSourceName := "data.aws_iam_policy_document.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, iam.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPolicyDocumentDataSourceConfig_duplicateConditionKeys,
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckResourceAttrEquivalentJSON(dataSourceName, "json", testAccPolicyDocumentConfig_duplicateConditionKeys_ExpectedJSON),
+				),
+			},
+		},
+	})
+}
+
 func TestAccIAMPolicyDocumentDataSource_conditionWithBoolValue(t *testing.T) {
 	ctx := acctest.Context(t)
 	resource.ParallelTest(t, resource.TestCase{
@@ -662,6 +681,57 @@ var testAccPolicyDocumentConfig_multipleConditionKeys_ExpectedJSON = `{
 }
 `
 
+const testAccPolicyDocumentDataSourceConfig_duplicateConditionKeys = `
+data "aws_iam_policy_document" "test" {
+  statement {
+    sid = "DuplicateConditionTest"
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+
+    resources = ["*"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "s3:prefix"
+      values   = ["one/", "two/"]
+    }
+    condition {
+      test     = "StringEquals"
+      variable = "s3:prefix"
+      values   = ["three/"]
+    }
+  }
+}
+`
+
+const testAccPolicyDocumentConfig_duplicateConditionKeys_ExpectedJSON = `{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "DuplicateConditionTest",
+      "Effect": "Allow",
+      "Action": "s3:PutObject",
+      "Resource": "*",
+      "Principal": {
+        "Service": "cloudtrail.amazonaws.com"
+      },
+      "Condition": {
+        "StringEquals": {
+          "s3:prefix": ["one/", "two/", "three/"]
+        }
+      }
+    }
+  ]
+}
+`
+
 var testAccPolicyDocumentDataSourceConfig_deprecated = `
 data "aws_partition" "current" {}