Merge pull request #7611 from hashicorp/b-iam-policy-document-fixes

provider/aws: Fix data.aws_iam_policy_document IDs
This commit is contained in:
James Nugent 2016-07-13 12:21:11 -06:00 committed by GitHub
commit 30ff7df954
4 changed files with 25 additions and 16 deletions

View File

@ -24,20 +24,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
Read: dataSourceAwsIamPolicyDocumentRead,
Schema: map[string]*schema.Schema{
"id": &schema.Schema{
"policy_id": {
Type: schema.TypeString,
Optional: true,
},
"statement": &schema.Schema{
Type: schema.TypeSet,
"statement": {
Type: schema.TypeList,
Required: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"id": &schema.Schema{
"sid": {
Type: schema.TypeString,
Optional: true,
},
"effect": &schema.Schema{
"effect": {
Type: schema.TypeString,
Optional: true,
Default: "Allow",
@ -48,20 +48,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
"not_resources": setOfString,
"principals": dataSourceAwsIamPolicyPrincipalSchema(),
"not_principals": dataSourceAwsIamPolicyPrincipalSchema(),
"condition": &schema.Schema{
"condition": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"test": &schema.Schema{
"test": {
Type: schema.TypeString,
Required: true,
},
"variable": &schema.Schema{
"variable": {
Type: schema.TypeString,
Required: true,
},
"values": &schema.Schema{
"values": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
@ -74,7 +74,7 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
},
},
},
"json": &schema.Schema{
"json": {
Type: schema.TypeString,
Computed: true,
},
@ -87,11 +87,11 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
Version: "2012-10-17",
}
if policyId, hasPolicyId := d.GetOk("id"); hasPolicyId {
if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId {
doc.Id = policyId.(string)
}
var cfgStmts = d.Get("statement").(*schema.Set).List()
var cfgStmts = d.Get("statement").([]interface{})
stmts := make([]*IAMPolicyStatement, len(cfgStmts))
doc.Statements = stmts
for i, stmtI := range cfgStmts {
@ -100,6 +100,10 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
Effect: cfgStmt["effect"].(string),
}
if sid, ok := cfgStmt["sid"]; ok {
stmt.Sid = sid.(string)
}
if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 {
stmt.Actions = iamPolicyDecodeConfigStringList(actions)
}

View File

@ -16,7 +16,7 @@ func TestAccAWSIAMPolicyDocument(t *testing.T) {
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
{
Config: testAccAWSIAMPolicyDocumentConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckStateValue(
@ -52,7 +52,9 @@ func testAccCheckStateValue(id, name, value string) resource.TestCheckFunc {
var testAccAWSIAMPolicyDocumentConfig = `
data "aws_iam_policy_document" "test" {
policy_id = "policy_id"
statement {
sid = "1"
actions = [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
@ -110,8 +112,10 @@ data "aws_iam_policy_document" "test" {
var testAccAWSIAMPolicyDocumentExpectedJSON = `{
"Version": "2012-10-17",
"Id": "policy_id",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",

View File

@ -5,8 +5,8 @@ import (
)
type IAMPolicyDoc struct {
Id string `json:",omitempty"`
Version string `json:",omitempty"`
Id string `json:",omitempty"`
Statements []*IAMPolicyStatement `json:"Statement"`
}

View File

@ -17,6 +17,7 @@ such as the `aws_iam_policy` resource.
```
data "aws_iam_policy_document" "example" {
statement {
sid = "1"
actions = [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
@ -71,14 +72,14 @@ valid to use literal JSON strings within your configuration, or to use the
The following arguments are supported:
* `id` (Optional) - An ID for the policy document.
* `policy_id` (Optional) - An ID for the policy document.
* `statement` (Required) - A nested configuration block (described below)
configuring one *statement* to be included in the policy document.
Each document configuration must have one or more `statement` blocks, which
each accept the following arguments:
* `id` (Optional) - An ID for the policy statement.
* `sid` (Optional) - An ID for the policy statement.
* `effect` (Optional) - Either "Allow" or "Deny", to specify whether this
statement allows or denies the given actions. The default is "Allow".
* `actions` (Optional) - A list of actions that this statement either allows