New Data Source: aws_s3_bucket_policy

[yuonoda]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #17649.
Relates #6334.

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccDataSourceS3BucketPolicy_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccDataSourceS3BucketPolicy_basic -timeout 120m
=== RUN   TestAccDataSourceS3BucketPolicy_basic
=== PAUSE TestAccDataSourceS3BucketPolicy_basic
=== CONT  TestAccDataSourceS3BucketPolicy_basic
--- PASS: TestAccDataSourceS3BucketPolicy_basic (94.96s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       99.214s

[svanzoest]

should this be data.aws_s3_bucket_policy.policy.policy?

[zhelding]

Pull request #21306 has significantly refactored the AWS Provider codebase. As a result, most PRs opened prior to the refactor now have merge conflicts that must be resolved before proceeding.

Specifically, PR #21306 relocated the code for all AWS resources and data sources from a single aws directory to a large number of separate directories in internal/service, each corresponding to a particular AWS service. This separation of code has also allowed for us to simplify the names of underlying functions -- while still avoiding namespace collisions.

We recognize that many pull requests have been open for some time without yet being addressed by our maintainers. Therefore, we want to make it clear that resolving these conflicts in no way affects the prioritization of a particular pull request. Once a pull request has been prioritized for review, the necessary changes will be made by a maintainer -- either directly or in collaboration with the pull request author.

For a more complete description of this refactor, including examples of how old filepaths and function names correspond to their new counterparts: please refer to issue #20000.

For a quick guide on how to amend your pull request to resolve the merge conflicts resulting from this refactor and bring it in line with our new code patterns: please refer to our Service Package Refactor Pull Request Guide.

[johnsonaj]

LGTM 🚀

Commercial

% make testacc TESTS=TestAccDataSourceBucketPolicy_ PKG=s3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/s3/... -v -count 1 -parallel 20 -run='TestAccDataSourceBucketPolicy_'  -timeout 180m
=== RUN   TestAccDataSourceBucketPolicy_basic
=== PAUSE TestAccDataSourceBucketPolicy_basic
=== CONT  TestAccDataSourceBucketPolicy_basic
--- PASS: TestAccDataSourceBucketPolicy_basic (16.39s)
PASS

Gov cloud

% make testacc TESTS=TestAccDataSourceBucketPolicy_ PKG=s3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/s3/... -v -count 1 -parallel 20 -run='TestAccDataSourceBucketPolicy_'  -timeout 180m
=== RUN   TestAccDataSourceBucketPolicy_basic
=== PAUSE TestAccDataSourceBucketPolicy_basic
=== CONT  TestAccDataSourceBucketPolicy_basic
--- PASS: TestAccDataSourceBucketPolicy_basic (14.64s)
PASS

[johnsonaj]

@yuonoda Thanks for the contribution! 🎉 👏🏾

[github-actions]

This functionality has been released in v4.11.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[yermulnik]

@yuonoda Could there be an option to not fail but return an empty object (along with a warning message) for when S3 bucket has no bucket policy attached?
My use case is to amend policy of manually created S3 bucket hence I use source_policy_documents parameter within aws_iam_policy_document resource and the input for this parameter is retrieved by means of aws_s3_bucket_policy data source which obviously fails with Error: failed getting S3 bucket policy (my-cool-bucket-name): couldn't find resource when bucket policy doesn't exist at all.
Thanks

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.