From b7c0199d7c73be77aba6452fdcadf58de10f0b82 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 19 Apr 2023 18:51:53 -0400 Subject: [PATCH 1/4] iam_policy_document: Remove source_json, override_json --- .../iam/policy_document_data_source.go | 28 ------------------- 1 file changed, 28 deletions(-) diff --git a/internal/service/iam/policy_document_data_source.go b/internal/service/iam/policy_document_data_source.go index 24830882685..3c79e46422b 100644 --- a/internal/service/iam/policy_document_data_source.go +++ b/internal/service/iam/policy_document_data_source.go @@ -36,12 +36,6 @@ func DataSourcePolicyDocument() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "override_json": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringIsJSON, - Deprecated: "Use the attribute \"override_policy_documents\" instead.", - }, "override_policy_documents": { Type: schema.TypeList, Optional: true, @@ -54,12 +48,6 @@ func DataSourcePolicyDocument() *schema.Resource { Type: schema.TypeString, Optional: true, }, - "source_json": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringIsJSON, - Deprecated: "Use the attribute \"source_policy_documents\" instead.", - }, "source_policy_documents": { Type: schema.TypeList, Optional: true, @@ -132,12 +120,6 @@ func dataSourcePolicyDocumentRead(ctx context.Context, d *schema.ResourceData, m var diags diag.Diagnostics mergedDoc := &IAMPolicyDoc{} - if v, ok := d.GetOk("source_json"); ok { - if err := json.Unmarshal([]byte(v.(string)), mergedDoc); err != nil { - return sdkdiag.AppendErrorf(diags, "writing IAM Policy Document: %s", err) - } - } - if v, ok := d.GetOk("source_policy_documents"); ok && len(v.([]interface{})) > 0 { // generate sid map to assure there are no duplicates in source jsons sidMap := make(map[string]struct{}) @@ -276,16 +258,6 @@ func dataSourcePolicyDocumentRead(ctx context.Context, d *schema.ResourceData, m } } - // merge in override_json - if v, ok := d.GetOk("override_json"); ok { - overrideDoc := &IAMPolicyDoc{} - if err := json.Unmarshal([]byte(v.(string)), overrideDoc); err != nil { - return sdkdiag.AppendErrorf(diags, "writing IAM Policy Document: merging override JSON: %s", err) - } - - mergedDoc.Merge(overrideDoc) - } - jsonDoc, err := json.MarshalIndent(mergedDoc, "", " ") if err != nil { // should never happen if the above code is correct From 4de25f2e8199667588300836ab6b574c71e46ad7 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 19 Apr 2023 19:04:15 -0400 Subject: [PATCH 2/4] Update tests --- .changelog/30829.txt | 0 .../iam/policy_document_data_source_test.go | 86 ++----------------- 2 files changed, 8 insertions(+), 78 deletions(-) create mode 100644 .changelog/30829.txt diff --git a/.changelog/30829.txt b/.changelog/30829.txt new file mode 100644 index 00000000000..e69de29bb2d diff --git a/internal/service/iam/policy_document_data_source_test.go b/internal/service/iam/policy_document_data_source_test.go index 73883c1d387..f41cd251c28 100644 --- a/internal/service/iam/policy_document_data_source_test.go +++ b/internal/service/iam/policy_document_data_source_test.go @@ -299,52 +299,6 @@ func TestAccIAMPolicyDocumentDataSource_overridePolicyDocumentValidJSON(t *testi }) } -func TestAccIAMPolicyDocumentDataSource_overrideJSONValidJSON(t *testing.T) { - ctx := acctest.Context(t) - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(ctx, t) }, - ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - Steps: []resource.TestStep{ - { - Config: testAccPolicyDocumentDataSourceConfig_overrideJSON_invalidJSON, - ExpectError: regexp.MustCompile(`"override_json" contains an invalid JSON: unexpected end of JSON input`), - }, - { - Config: testAccPolicyDocumentDataSourceConfig_overrideJSON_emptyString, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("data.aws_iam_policy_document.test", "json", - testAccPolicyDocumentExpectedJSONNoStatement, - ), - ), - }, - }, - }) -} - -func TestAccIAMPolicyDocumentDataSource_sourceJSONValidJSON(t *testing.T) { - ctx := acctest.Context(t) - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(ctx, t) }, - ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - Steps: []resource.TestStep{ - { - Config: testAccPolicyDocumentDataSourceConfig_sourceJSON_invalidJSON, - ExpectError: regexp.MustCompile(`"source_json" contains an invalid JSON: unexpected end of JSON input`), - }, - { - Config: testAccPolicyDocumentDataSourceConfig_sourceJSON_emptyString, - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("data.aws_iam_policy_document.test", "json", - testAccPolicyDocumentExpectedJSONNoStatement, - ), - ), - }, - }, - }) -} - // Reference: https://github.com/hashicorp/terraform-provider-aws/issues/10777 func TestAccIAMPolicyDocumentDataSource_StatementPrincipalIdentifiers_stringAndSlice(t *testing.T) { ctx := acctest.Context(t) @@ -730,7 +684,7 @@ data "aws_iam_policy_document" "test" { } data "aws_iam_policy_document" "test_source" { - source_json = data.aws_iam_policy_document.test.json + source_policy_documents = [data.aws_iam_policy_document.test.json] statement { sid = "SourceJSONTest1" @@ -885,7 +839,7 @@ var testAccPolicyDocumentSourceListExpectedJSON = `{ var testAccPolicyDocumentDataSourceConfig_blankDeprecated = ` data "aws_iam_policy_document" "test_source_blank" { - source_json = "" + source_policy_documents = [""] statement { sid = "SourceJSONTest2" @@ -917,7 +871,7 @@ data "aws_iam_policy_document" "test_source" { } data "aws_iam_policy_document" "test_source_conflicting" { - source_json = data.aws_iam_policy_document.test_source.json + source_policy_documents = [data.aws_iam_policy_document.test_source.json] statement { sid = "SourceJSONTestConflicting" @@ -994,7 +948,7 @@ data "aws_iam_policy_document" "override" { } data "aws_iam_policy_document" "test_override" { - override_json = data.aws_iam_policy_document.override.json + override_policy_documents = [data.aws_iam_policy_document.override.json] statement { actions = ["ec2:*"] @@ -1113,8 +1067,8 @@ data "aws_iam_policy_document" "override" { } data "aws_iam_policy_document" "yak_politik" { - source_json = data.aws_iam_policy_document.source.json - override_json = data.aws_iam_policy_document.override.json + source_policy_documents = [data.aws_iam_policy_document.source.json] + override_policy_documents = [data.aws_iam_policy_document.override.json] } ` @@ -1154,8 +1108,8 @@ data "aws_iam_policy_document" "override" { } data "aws_iam_policy_document" "yak_politik" { - source_json = data.aws_iam_policy_document.source.json - override_json = data.aws_iam_policy_document.override.json + source_policy_documents = [data.aws_iam_policy_document.source.json] + override_policy_documents = [data.aws_iam_policy_document.override.json] } ` @@ -1539,27 +1493,3 @@ data "aws_iam_policy_document" "test" { override_policy_documents = ["{"] } ` - -var testAccPolicyDocumentDataSourceConfig_overrideJSON_emptyString = ` -data "aws_iam_policy_document" "test" { - override_json = "" -} -` - -var testAccPolicyDocumentDataSourceConfig_overrideJSON_invalidJSON = ` -data "aws_iam_policy_document" "test" { - override_json = "{" -} -` - -var testAccPolicyDocumentDataSourceConfig_sourceJSON_emptyString = ` -data "aws_iam_policy_document" "test" { - source_json = "" -} -` - -var testAccPolicyDocumentDataSourceConfig_sourceJSON_invalidJSON = ` -data "aws_iam_policy_document" "test" { - source_json = "{" -} -` From e1cfc8b7d9607ba8a76a8b45cdfff7e069cff6fd Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 19 Apr 2023 19:08:09 -0400 Subject: [PATCH 3/4] Add changelog --- .changelog/30829.txt | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.changelog/30829.txt b/.changelog/30829.txt index e69de29bb2d..85c5d500421 100644 --- a/.changelog/30829.txt +++ b/.changelog/30829.txt @@ -0,0 +1,7 @@ +```release-note:breaking-change + data-source/aws_iam_policy_document: `source_json` and `override_json` have been removed -- use `source_policy_documents` and `override_policy_documents`, respectively, instead + ``` + + ```release-note:note + data-source/aws_iam_policy_document: Update configurations to use `source_policy_documents` and `override_policy_documents` instead of `source_json` and `override_json`, respectively, which have been removed + ``` \ No newline at end of file From 86d77d8bc6e0d8f6b24ba107c9f0fa637b017d41 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 19 Apr 2023 19:17:10 -0400 Subject: [PATCH 4/4] Update docs --- website/docs/d/iam_policy_document.html.markdown | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/website/docs/d/iam_policy_document.html.markdown b/website/docs/d/iam_policy_document.html.markdown index 6e6dc2263de..913e54f14eb 100644 --- a/website/docs/d/iam_policy_document.html.markdown +++ b/website/docs/d/iam_policy_document.html.markdown @@ -486,14 +486,11 @@ data "aws_iam_policy_document" "combined" { The following arguments are optional: -* `override_json` (Optional, **Deprecated** use the `override_policy_documents` attribute instead) - IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document. +~> **NOTE:** Statements without a `sid` cannot be overridden. In other words, a statement without a `sid` from `source_policy_documents` cannot be overridden by statements from `override_policy_documents`. -~> **NOTE:** Statements without a `sid` cannot be overridden. In other words, a statement without a `sid` from documents assigned to the `source_json` or `source_policy_documents` arguments cannot be overridden by statements from documents assigned to the `override_json` or `override_policy_documents` arguments. - -* `override_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from documents provided in the `source_json` and `source_policy_documents` arguments. Non-overriding statements will be added to the exported document. +* `override_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from `source_policy_documents`. Non-overriding statements will be added to the exported document. * `policy_id` (Optional) - ID for the policy document. -* `source_json` (Optional, **Deprecated** use the `source_policy_documents` attribute instead) - IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. -* `source_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique `sid`s. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements. +* `source_policy_documents` (Optional) - List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` must have unique `sid`s. Statements with the same `sid` from `override_policy_documents` will override source statements. * `statement` (Optional) - Configuration block for a policy statement. Detailed below. * `version` (Optional) - IAM policy document version. Valid values are `2008-10-17` and `2012-10-17`. Defaults to `2012-10-17`. For more information, see the [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html).