Merge pull request #31354 from hashicorp/td-iam-policy-doc-multiple-c…

…ondition-keys datasource/aws_iam_policy_document: Add test for multiple condition keys
hashicorp · May 25, 2023 · c957c95 · c957c95
2 parents 05e9bf7 + cc1be6c
commit c957c95
Showing 1 changed file with 71 additions and 0 deletions.
diff --git a/internal/service/iam/policy_document_data_source_test.go b/internal/service/iam/policy_document_data_source_test.go
@@ -52,6 +52,25 @@ func TestAccIAMPolicyDocumentDataSource_singleConditionValue(t *testing.T) {
 	})
 }
 
+func TestAccIAMPolicyDocumentDataSource_multipleConditionKeys(t *testing.T) {
+	ctx := acctest.Context(t)
+	dataSourceName := "data.aws_iam_policy_document.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, iam.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPolicyDocumentDataSourceConfig_multipleConditionKeys,
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckResourceAttrEquivalentJSON(dataSourceName, "json", testAccPolicyDocumentConfig_multipleConditionKeys_ExpectedJSON),
+				),
+			},
+		},
+	})
+}
+
 func TestAccIAMPolicyDocumentDataSource_conditionWithBoolValue(t *testing.T) {
 	ctx := acctest.Context(t)
 	resource.ParallelTest(t, resource.TestCase{
@@ -588,6 +607,58 @@ const testAccPolicyDocumentConfig_SingleConditionValue_ExpectedJSON = `{
   ]
 }`
 
+const testAccPolicyDocumentDataSourceConfig_multipleConditionKeys = `
+data "aws_iam_policy_document" "test" {
+  statement {
+    sid = "AWSCloudTrailWrite20150319"
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+
+    resources = ["*"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values   = ["bucket-owner-full-control"]
+    }
+    condition {
+      test     = "StringEquals"
+      variable = "aws:SourceArn"
+      values   = ["some-other-value"]
+    }
+  }
+}
+`
+
+var testAccPolicyDocumentConfig_multipleConditionKeys_ExpectedJSON = `{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "AWSCloudTrailWrite20150319",
+      "Effect": "Allow",
+      "Action": "s3:PutObject",
+      "Resource": "*",
+      "Principal": {
+        "Service": "cloudtrail.amazonaws.com"
+      },
+      "Condition": {
+        "StringEquals": {
+          "s3:x-amz-acl": "bucket-owner-full-control",
+          "aws:SourceArn": "some-other-value"
+        }
+      }
+    }
+  ]
+}
+`
+
 var testAccPolicyDocumentDataSourceConfig_deprecated = `
 data "aws_partition" "current" {}