diff --git a/builtin/providers/aws/data_source_aws_iam_policy_document.go b/builtin/providers/aws/data_source_aws_iam_policy_document.go index ef045df80..8d5051f77 100644 --- a/builtin/providers/aws/data_source_aws_iam_policy_document.go +++ b/builtin/providers/aws/data_source_aws_iam_policy_document.go @@ -24,20 +24,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource { Read: dataSourceAwsIamPolicyDocumentRead, Schema: map[string]*schema.Schema{ - "id": &schema.Schema{ + "policy_id": { Type: schema.TypeString, Optional: true, }, - "statement": &schema.Schema{ - Type: schema.TypeSet, + "statement": { + Type: schema.TypeList, Required: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "id": &schema.Schema{ + "sid": { Type: schema.TypeString, Optional: true, }, - "effect": &schema.Schema{ + "effect": { Type: schema.TypeString, Optional: true, Default: "Allow", @@ -48,20 +48,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource { "not_resources": setOfString, "principals": dataSourceAwsIamPolicyPrincipalSchema(), "not_principals": dataSourceAwsIamPolicyPrincipalSchema(), - "condition": &schema.Schema{ + "condition": { Type: schema.TypeSet, Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "test": &schema.Schema{ + "test": { Type: schema.TypeString, Required: true, }, - "variable": &schema.Schema{ + "variable": { Type: schema.TypeString, Required: true, }, - "values": &schema.Schema{ + "values": { Type: schema.TypeSet, Required: true, Elem: &schema.Schema{ @@ -74,7 +74,7 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource { }, }, }, - "json": &schema.Schema{ + "json": { Type: schema.TypeString, Computed: true, }, @@ -87,11 +87,11 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{} Version: "2012-10-17", } - if policyId, hasPolicyId := d.GetOk("id"); hasPolicyId { + if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId { doc.Id = policyId.(string) } - var cfgStmts = d.Get("statement").(*schema.Set).List() + var cfgStmts = d.Get("statement").([]interface{}) stmts := make([]*IAMPolicyStatement, len(cfgStmts)) doc.Statements = stmts for i, stmtI := range cfgStmts { @@ -100,6 +100,10 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{} Effect: cfgStmt["effect"].(string), } + if sid, ok := cfgStmt["sid"]; ok { + stmt.Sid = sid.(string) + } + if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 { stmt.Actions = iamPolicyDecodeConfigStringList(actions) } diff --git a/builtin/providers/aws/data_source_aws_iam_policy_document_test.go b/builtin/providers/aws/data_source_aws_iam_policy_document_test.go index edd0f8d40..8a2210265 100644 --- a/builtin/providers/aws/data_source_aws_iam_policy_document_test.go +++ b/builtin/providers/aws/data_source_aws_iam_policy_document_test.go @@ -16,7 +16,7 @@ func TestAccAWSIAMPolicyDocument(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testAccAWSIAMPolicyDocumentConfig, Check: resource.ComposeTestCheckFunc( testAccCheckStateValue( @@ -52,7 +52,9 @@ func testAccCheckStateValue(id, name, value string) resource.TestCheckFunc { var testAccAWSIAMPolicyDocumentConfig = ` data "aws_iam_policy_document" "test" { + policy_id = "policy_id" statement { + sid = "1" actions = [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", @@ -110,8 +112,10 @@ data "aws_iam_policy_document" "test" { var testAccAWSIAMPolicyDocumentExpectedJSON = `{ "Version": "2012-10-17", + "Id": "policy_id", "Statement": [ { + "Sid": "1", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", diff --git a/builtin/providers/aws/iam_policy_model.go b/builtin/providers/aws/iam_policy_model.go index e90a08fe4..56ffc9d5c 100644 --- a/builtin/providers/aws/iam_policy_model.go +++ b/builtin/providers/aws/iam_policy_model.go @@ -5,8 +5,8 @@ import ( ) type IAMPolicyDoc struct { - Id string `json:",omitempty"` Version string `json:",omitempty"` + Id string `json:",omitempty"` Statements []*IAMPolicyStatement `json:"Statement"` } diff --git a/website/source/docs/providers/aws/d/iam_policy_document.html.markdown b/website/source/docs/providers/aws/d/iam_policy_document.html.markdown index 036765202..f2e01fe13 100644 --- a/website/source/docs/providers/aws/d/iam_policy_document.html.markdown +++ b/website/source/docs/providers/aws/d/iam_policy_document.html.markdown @@ -17,6 +17,7 @@ such as the `aws_iam_policy` resource. ``` data "aws_iam_policy_document" "example" { statement { + sid = "1" actions = [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", @@ -71,14 +72,14 @@ valid to use literal JSON strings within your configuration, or to use the The following arguments are supported: -* `id` (Optional) - An ID for the policy document. +* `policy_id` (Optional) - An ID for the policy document. * `statement` (Required) - A nested configuration block (described below) configuring one *statement* to be included in the policy document. Each document configuration must have one or more `statement` blocks, which each accept the following arguments: -* `id` (Optional) - An ID for the policy statement. +* `sid` (Optional) - An ID for the policy statement. * `effect` (Optional) - Either "Allow" or "Deny", to specify whether this statement allows or denies the given actions. The default is "Allow". * `actions` (Optional) - A list of actions that this statement either allows