From d7a49439ea48dfd91c06830fb5d9419329bd927d Mon Sep 17 00:00:00 2001 From: "John C. Bland II" Date: Thu, 3 Aug 2023 16:39:07 -0500 Subject: [PATCH] Fix `source_policy_documents` combined with `var.policy` being ignored (#201) * fix: source_policy_documents combined with var.policy is ignored * fix readme --------- Co-authored-by: Matt Calhoun --- README.md | 4 ---- main.tf | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/README.md b/README.md index d3e7085a..d7c2a0ad 100644 --- a/README.md +++ b/README.md @@ -111,10 +111,6 @@ We highly recommend that in your code you pin the version to the exact version y using so that your infrastructure remains stable, and update versions in a systematic way so that they do not catch you by surprise. -Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), -the registry shows many of our inputs as required when in fact they are optional. -The table below correctly indicates which inputs are required. - Using a [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html). diff --git a/main.tf b/main.tf index e0ecc56b..aaedd300 100644 --- a/main.tf +++ b/main.tf @@ -459,7 +459,7 @@ data "aws_iam_policy_document" "aggregated_policy" { } resource "aws_s3_bucket_policy" "default" { - count = local.enabled && (var.allow_ssl_requests_only || var.allow_encrypted_uploads_only || length(var.s3_replication_source_roles) > 0 || length(var.privileged_principal_arns) > 0 || length(var.source_policy_documents) > 0) ? 1 : 0 + count = local.enabled && (var.allow_ssl_requests_only || var.allow_encrypted_uploads_only || length(var.s3_replication_source_roles) > 0 || length(var.privileged_principal_arns) > 0 || length(local.source_policy_documents) > 0) ? 1 : 0 bucket = join("", aws_s3_bucket.default[*].id) policy = join("", data.aws_iam_policy_document.aggregated_policy[*].json) depends_on = [aws_s3_bucket_public_access_block.default]