From 89f0def721c4d0c87c2a3bd790d21dec75ed4252 Mon Sep 17 00:00:00 2001
From: Justin Campbell <justin@justincampbell.me>
Date: Sat, 16 May 2015 06:11:23 -0400
Subject: [PATCH] providers/aws: Normalize S3 bucket policy

AWS always returns a compressed JSON body, without spaces or newlines, so we round-trip the JSON before storing in the state.
---
 .../providers/aws/resource_aws_s3_bucket.go   | 23 +++++++++++++++----
 .../aws/resource_aws_s3_bucket_test.go        |  2 +-
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go
index dc736acda..d615151f1 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket.go
@@ -1,6 +1,7 @@
 package aws
 
 import (
+	"encoding/json"
 	"fmt"
 	"log"
 
@@ -32,8 +33,9 @@ func resourceAwsS3Bucket() *schema.Resource {
 			},
 
 			"policy": &schema.Schema{
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:      schema.TypeString,
+				Optional:  true,
+				StateFunc: normalizeJson,
 			},
 
 			"website": &schema.Schema{
@@ -161,7 +163,7 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 	pol, err := s3conn.GetBucketPolicy(&s3.GetBucketPolicyInput{
 		Bucket: aws.String(d.Id()),
 	})
-	log.Printf("[DEBUG] S3 bucket: %s, read policy: %s", d.Id(), pol)
+	log.Printf("[DEBUG] S3 bucket: %s, read policy: %v", d.Id(), pol)
 	if err != nil {
 		if err := d.Set("policy", ""); err != nil {
 			return err
@@ -171,7 +173,7 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error {
 			if err := d.Set("policy", ""); err != nil {
 				return err
 			}
-		} else if err := d.Set("policy", *v); err != nil {
+		} else if err := d.Set("policy", normalizeJson(*v)); err != nil {
 			return err
 		}
 	}
@@ -387,6 +389,19 @@ func WebsiteEndpointUrl(bucket string, region string) string {
 	return fmt.Sprintf("%s.s3-website-%s.amazonaws.com", bucket, region)
 }
 
+func normalizeJson(jsonString interface{}) string {
+	if jsonString == nil {
+		return ""
+	}
+	j := make(map[string]interface{})
+	err := json.Unmarshal([]byte(jsonString.(string)), &j)
+	if err != nil {
+		return fmt.Sprintf("Error parsing JSON: %s", err)
+	}
+	b, _ := json.Marshal(j)
+	return string(b[:])
+}
+
 func normalizeRegion(region string) string {
 	// Default to us-east-1 if the bucket doesn't have a region:
 	// http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html
diff --git a/builtin/providers/aws/resource_aws_s3_bucket_test.go b/builtin/providers/aws/resource_aws_s3_bucket_test.go
index 0a62a3273..8e601d279 100644
--- a/builtin/providers/aws/resource_aws_s3_bucket_test.go
+++ b/builtin/providers/aws/resource_aws_s3_bucket_test.go
@@ -271,7 +271,7 @@ func testAccCheckAWSS3BucketWebsite(n string, indexDoc string, errorDoc string,
 // within AWS
 var randInt = rand.New(rand.NewSource(time.Now().UnixNano())).Int()
 var testAccWebsiteEndpoint = fmt.Sprintf("tf-test-bucket-%d.s3-website-us-west-2.amazonaws.com", randInt)
-var testAccAWSS3BucketPolicy = fmt.Sprintf(`{"Version":"2008-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"AWS":"*"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::tf-test-bucket-%d/*"}]}`, randInt)
+var testAccAWSS3BucketPolicy = fmt.Sprintf(`{ "Version": "2008-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::tf-test-bucket-%d/*" } ] }`, randInt)
 
 var testAccAWSS3BucketConfig = fmt.Sprintf(`
 resource "aws_s3_bucket" "bucket" {