145bf42806
There are three equivalent forms for expressing "everyone" (including
anonymous) in IAM policies:
- "Principals": "*"
- "Principals": {"AWS": "*"}
- "Principals": {"*": "*"}
The more-constrained syntax used by our aws_iam_policy_document data
source means that the user can only express the latter two of these
directly. However, when returning IAM policies from the API AWS likes to
normalize to the first form, causing unresolvable diffs.
This fixes #9335 by handling the "everyone" case as a special case,
serializing it in JSON as the "*" shorthand form.
This change does *not* address the normalization of hand-written policies
containing such elements. A similar change would need to be made in
the external package github.com/jen20/awspolicyequivalence in order to
avoid the issue for hand-written policies.
|
||
|---|---|---|
| .. | ||
| archive | ||
| atlas | ||
| aws | ||
| azure | ||
| azurerm | ||
| bitbucket | ||
| chef | ||
| clc | ||
| cloudflare | ||
| cloudstack | ||
| cobbler | ||
| consul | ||
| datadog | ||
| digitalocean | ||
| dme | ||
| dnsimple | ||
| docker | ||
| dyn | ||
| fastly | ||
| github | ||
| grafana | ||
| heroku | ||
| influxdb | ||
| librato | ||
| logentries | ||
| mailgun | ||
| mysql | ||
| null | ||
| openstack | ||
| packet | ||
| pagerduty | ||
| postgresql | ||
| powerdns | ||
| rabbitmq | ||
| random | ||
| rundeck | ||
| scaleway | ||
| softlayer | ||
| statuscake | ||
| template | ||
| terraform | ||
| test | ||
| tls | ||
| triton | ||
| ultradns | ||
| vcd | ||
| vsphere | ||