Merge pull request #7611 from hashicorp/b-iam-policy-document-fixes

provider/aws: Fix data.aws_iam_policy_document IDs

builtin/providers/aws/data_source_aws_iam_policy_document.go

@@ -24,20 +24,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
 		Read: dataSourceAwsIamPolicyDocumentRead,
 
 		Schema: map[string]*schema.Schema{
-			"id": &schema.Schema{
+			"policy_id": {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
-			"statement": &schema.Schema{
+			"statement": {
-				Type:     schema.TypeSet,
+				Type:     schema.TypeList,
 				Required: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"id": &schema.Schema{
+						"sid": {
 							Type:     schema.TypeString,
 							Optional: true,
 						},
-						"effect": &schema.Schema{
+						"effect": {
 							Type:     schema.TypeString,
 							Optional: true,
 							Default:  "Allow",
@@ -48,20 +48,20 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
 						"not_resources":  setOfString,
 						"principals":     dataSourceAwsIamPolicyPrincipalSchema(),
 						"not_principals": dataSourceAwsIamPolicyPrincipalSchema(),
-						"condition": &schema.Schema{
+						"condition": {
 							Type:     schema.TypeSet,
 							Optional: true,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
-									"test": &schema.Schema{
+									"test": {
 										Type:     schema.TypeString,
 										Required: true,
 									},
-									"variable": &schema.Schema{
+									"variable": {
 										Type:     schema.TypeString,
 										Required: true,
 									},
-									"values": &schema.Schema{
+									"values": {
 										Type:     schema.TypeSet,
 										Required: true,
 										Elem: &schema.Schema{
@@ -74,7 +74,7 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
 					},
 				},
 			},
-			"json": &schema.Schema{
+			"json": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
@@ -87,11 +87,11 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
 		Version: "2012-10-17",
 	}
 
-	if policyId, hasPolicyId := d.GetOk("id"); hasPolicyId {
+	if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId {
 		doc.Id = policyId.(string)
 	}
 
-	var cfgStmts = d.Get("statement").(*schema.Set).List()
+	var cfgStmts = d.Get("statement").([]interface{})
 	stmts := make([]*IAMPolicyStatement, len(cfgStmts))
 	doc.Statements = stmts
 	for i, stmtI := range cfgStmts {
@@ -100,6 +100,10 @@ func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}
 			Effect: cfgStmt["effect"].(string),
 		}
 
+		if sid, ok := cfgStmt["sid"]; ok {
+			stmt.Sid = sid.(string)
+		}
+
 		if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 {
 			stmt.Actions = iamPolicyDecodeConfigStringList(actions)
 		}

builtin/providers/aws/data_source_aws_iam_policy_document_test.go

@@ -16,7 +16,7 @@ func TestAccAWSIAMPolicyDocument(t *testing.T) {
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
-			resource.TestStep{
+			{
 				Config: testAccAWSIAMPolicyDocumentConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckStateValue(
@@ -52,7 +52,9 @@ func testAccCheckStateValue(id, name, value string) resource.TestCheckFunc {
 
 var testAccAWSIAMPolicyDocumentConfig = `
 data "aws_iam_policy_document" "test" {
+    policy_id = "policy_id"
     statement {
+    	sid = "1"
         actions = [
             "s3:ListAllMyBuckets",
             "s3:GetBucketLocation",
@@ -110,8 +112,10 @@ data "aws_iam_policy_document" "test" {
 
 var testAccAWSIAMPolicyDocumentExpectedJSON = `{
   "Version": "2012-10-17",
+  "Id": "policy_id",
   "Statement": [
     {
+      "Sid": "1",
       "Effect": "Allow",
       "Action": [
         "s3:GetBucketLocation",

builtin/providers/aws/iam_policy_model.go

@@ -5,8 +5,8 @@ import (
 )
 
 type IAMPolicyDoc struct {
-	Id         string                `json:",omitempty"`
 	Version    string                `json:",omitempty"`
+	Id         string                `json:",omitempty"`
 	Statements []*IAMPolicyStatement `json:"Statement"`
 }
 

website/source/docs/providers/aws/d/iam_policy_document.html.markdown

@@ -17,6 +17,7 @@ such as the `aws_iam_policy` resource.
 ```
 data "aws_iam_policy_document" "example" {
     statement {
+        sid = "1"
         actions = [
             "s3:ListAllMyBuckets",
             "s3:GetBucketLocation",
@@ -71,14 +72,14 @@ valid to use literal JSON strings within your configuration, or to use the
 
 The following arguments are supported:
 
-* `id` (Optional) - An ID for the policy document.
+* `policy_id` (Optional) - An ID for the policy document.
 * `statement` (Required) - A nested configuration block (described below)
   configuring one *statement* to be included in the policy document.
 
 Each document configuration must have one or more `statement` blocks, which
 each accept the following arguments:
 
-* `id` (Optional) - An ID for the policy statement.
+* `sid` (Optional) - An ID for the policy statement.
 * `effect` (Optional) - Either "Allow" or "Deny", to specify whether this
   statement allows or denies the given actions. The default is "Allow".
 * `actions` (Optional) - A list of actions that this statement either allows