Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

data-source/aws_iam_policy_document: Add version argument #6699

Merged
merged 1 commit into from
Dec 4, 2018
Merged

data-source/aws_iam_policy_document: Add version argument #6699

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 72 additions & 29 deletions aws/data_source_aws_iam_policy_document.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,15 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
},
},
},
"version": {
Type: schema.TypeString,
Optional: true,
Default: "2012-10-17",
ValidateFunc: validation.StringInSlice([]string{
"2008-10-17",
"2012-10-17",
}, false),
},
"json": {
Type: schema.TypeString,
Computed: true,
Expand All @@ -104,9 +113,9 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
}

// process the current document
doc := &IAMPolicyDoc{}

doc.Version = "2012-10-17"
doc := &IAMPolicyDoc{
Version: d.Get("version").(string),
}

if policyID, hasPolicyID := d.GetOk("policy_id"); hasPolicyID {
doc.Id = policyID.(string)
Expand Down Expand Up @@ -141,26 +150,46 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
}

if resources := cfgStmt["resources"].(*schema.Set).List(); len(resources) > 0 {
stmt.Resources = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(resources),
var err error
stmt.Resources, err = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(resources), doc.Version,
)
if err != nil {
return fmt.Errorf("error reading resources: %s", err)
}
}
if resources := cfgStmt["not_resources"].(*schema.Set).List(); len(resources) > 0 {
stmt.NotResources = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(resources),
if notResources := cfgStmt["not_resources"].(*schema.Set).List(); len(notResources) > 0 {
var err error
stmt.NotResources, err = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(notResources), doc.Version,
)
if err != nil {
return fmt.Errorf("error reading not_resources: %s", err)
}
}

if principals := cfgStmt["principals"].(*schema.Set).List(); len(principals) > 0 {
stmt.Principals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals)
var err error
stmt.Principals, err = dataSourceAwsIamPolicyDocumentMakePrincipals(principals, doc.Version)
if err != nil {
return fmt.Errorf("error reading principals: %s", err)
}
}

if principals := cfgStmt["not_principals"].(*schema.Set).List(); len(principals) > 0 {
stmt.NotPrincipals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals)
if notPrincipals := cfgStmt["not_principals"].(*schema.Set).List(); len(notPrincipals) > 0 {
var err error
stmt.NotPrincipals, err = dataSourceAwsIamPolicyDocumentMakePrincipals(notPrincipals, doc.Version)
if err != nil {
return fmt.Errorf("error reading not_principals: %s", err)
}
}

if conditions := cfgStmt["condition"].(*schema.Set).List(); len(conditions) > 0 {
stmt.Conditions = dataSourceAwsIamPolicyDocumentMakeConditions(conditions)
var err error
stmt.Conditions, err = dataSourceAwsIamPolicyDocumentMakeConditions(conditions, doc.Version)
if err != nil {
return fmt.Errorf("error reading condition: %s", err)
}
}

stmts[i] = stmt
Expand Down Expand Up @@ -196,52 +225,66 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
return nil
}

func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in interface{}) interface{} {
func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in interface{}, version string) (interface{}, error) {
switch v := in.(type) {
case string:
return dataSourceAwsIamPolicyDocumentVarReplacer.Replace(v)
if version == "2008-10-17" && strings.Contains(v, "&{") {
return nil, fmt.Errorf("found &{ sequence in (%s), which is not supported in document version 2008-10-17", v)
}
return dataSourceAwsIamPolicyDocumentVarReplacer.Replace(v), nil
case []string:
out := make([]string, len(v))
for i, item := range v {
if version == "2008-10-17" && strings.Contains(item, "&{") {
return nil, fmt.Errorf("found &{ sequence in (%s), which is not supported in document version 2008-10-17", item)
}
out[i] = dataSourceAwsIamPolicyDocumentVarReplacer.Replace(item)
}
return out
return out, nil
default:
panic("dataSourceAwsIamPolicyDocumentReplaceVarsInList: input not string nor []string")
}
}

func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}) IAMPolicyStatementConditionSet {
func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}, version string) (IAMPolicyStatementConditionSet, error) {
out := make([]IAMPolicyStatementCondition, len(in))
for i, itemI := range in {
var err error
item := itemI.(map[string]interface{})
out[i] = IAMPolicyStatementCondition{
Test: item["test"].(string),
Variable: item["variable"].(string),
Values: dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(
item["values"].(*schema.Set).List(),
),
),
}
out[i].Values, err = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(
item["values"].(*schema.Set).List(),
), version,
)
if err != nil {
return nil, fmt.Errorf("error reading values: %s", err)
}
}
return IAMPolicyStatementConditionSet(out)
return IAMPolicyStatementConditionSet(out), nil
}

func dataSourceAwsIamPolicyDocumentMakePrincipals(in []interface{}) IAMPolicyStatementPrincipalSet {
func dataSourceAwsIamPolicyDocumentMakePrincipals(in []interface{}, version string) (IAMPolicyStatementPrincipalSet, error) {
out := make([]IAMPolicyStatementPrincipal, len(in))
for i, itemI := range in {
var err error
item := itemI.(map[string]interface{})
out[i] = IAMPolicyStatementPrincipal{
Type: item["type"].(string),
Identifiers: dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(
item["identifiers"].(*schema.Set).List(),
),
),
}
out[i].Identifiers, err = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
iamPolicyDecodeConfigStringList(
item["identifiers"].(*schema.Set).List(),
), version,
)
if err != nil {
return nil, fmt.Errorf("error reading identifiers: %s", err)
}
}
return IAMPolicyStatementPrincipalSet(out)
return IAMPolicyStatementPrincipalSet(out), nil
}

func dataSourceAwsIamPolicyPrincipalSchema() *schema.Schema {
Expand Down
Loading