Validate `effect` in aws_iam_policy_document data source (#10608)

AWS allows only the case-sensitive strings `Allow` and `Deny` to appear
in the `Effect` fields of IAM policy documents. Catch deviations from
this, including mis-casing, before hitting the API and generating an
error (the error is a generic 400 and doesn't indicate what part of the
policy doc is invalid).
This commit is contained in:
Doug Neal 2016-12-08 15:16:40 +00:00 committed by Paul Stack
parent 9801c65c9e
commit 195b041cd5
1 changed files with 11 additions and 0 deletions

View File

@ -1,6 +1,8 @@
package aws
import (
"fmt"
"encoding/json"
"strings"
@ -41,6 +43,15 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
Type: schema.TypeString,
Optional: true,
Default: "Allow",
ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
switch v.(string) {
case "Allow", "Deny":
return
default:
es = append(es, fmt.Errorf("%q must be either \"Allow\" or \"Deny\"", k))
return
}
},
},
"actions": setOfString,
"not_actions": setOfString,