Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

source_policy_documents ignored in certain cases #145

Closed
rstml opened this issue Apr 18, 2022 · 0 comments · Fixed by #147
Closed

source_policy_documents ignored in certain cases #145

rstml opened this issue Apr 18, 2022 · 0 comments · Fixed by #147
Labels
bug 🐛 An issue with the system

Comments

@rstml
Copy link

rstml commented Apr 18, 2022

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

source_policy_documents variable ignored if no other internal source policies are generated, i.e. if all of allow_encrypted_uploads_only, allow_ssl_requests_only are set to false.

I suspect this happens because source_policy_documents below becomes empty and override_policy_documents is being ignored:

terraform-aws-s3-bucket/main.tf

Lines 439 to 444 in 618a71b

data "aws_iam_policy_document" "aggregated_policy" {
count = local.enabled ? 1 : 0
source_policy_documents = data.aws_iam_policy_document.bucket_policy.*.json
override_policy_documents = local.source_policy_documents
}

Expected Behavior

source_policy_documents attached to the bucket.

Steps to Reproduce

Steps to reproduce the behavior:

module "s3_bucket_public_website" {
  source  = "cloudposse/s3-bucket/aws"
  version = "0.49.0"

  name                         = module.s3_public_website_label.id
  acl                          = "private"
  enabled                      = true
  versioning_enabled           = false
  allow_encrypted_uploads_only = false
  allow_ssl_requests_only      = false

  block_public_acls       = false
  block_public_policy     = false
  ignore_public_acls      = false
  restrict_public_buckets = false

  source_policy_documents = [data.aws_iam_policy_document.s3_bucket_public_website_policy.json]
}

Applying terraform doesn't add any source policy document.

Changing allow_encrypted_uploads_only or allow_ssl_requests_only to true fixes the problem.

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

  • OS: MacOS
  • Version:
terraform -version
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.10.0
+ provider registry.terraform.io/hashicorp/local v2.2.2
+ provider registry.terraform.io/hashicorp/null v3.1.1
+ provider registry.terraform.io/hashicorp/random v3.1.2
+ provider registry.terraform.io/hashicorp/time v0.7.2
@rstml rstml added the bug 🐛 An issue with the system label Apr 18, 2022
@Nuru Nuru mentioned this issue Apr 20, 2022
Merged
@Nuru Nuru closed this as completed in #147 Apr 20, 2022
@hudelgado hudelgado mentioned this issue Feb 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bugfix cloudposse/terraform-aws-s3-bucket
1 participant
@rstml