diff --git a/.changelog/35677.txt b/.changelog/35677.txt new file mode 100644 index 00000000000..12cd6f9fc70 --- /dev/null +++ b/.changelog/35677.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +data-source/aws_iam_policy_document: Add `minified_json` attribute +``` diff --git a/internal/service/iam/policy_document_data_source.go b/internal/service/iam/policy_document_data_source.go index 1740aa0c034..4a3e8defbc9 100644 --- a/internal/service/iam/policy_document_data_source.go +++ b/internal/service/iam/policy_document_data_source.go @@ -64,6 +64,10 @@ func dataSourcePolicyDocument() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "minified_json": { + Type: schema.TypeString, + Computed: true, + }, // https://github.com/hashicorp/terraform-provider-aws/issues/31637. "override_json": { Type: schema.TypeString, @@ -309,6 +313,16 @@ func dataSourcePolicyDocumentRead(ctx context.Context, d *schema.ResourceData, m jsonString := string(jsonDoc) d.Set("json", jsonString) + + jsonMinDoc, err := json.Marshal(mergedDoc) + if err != nil { + // should never happen if the above code is correct + return sdkdiag.AppendErrorf(diags, "writing IAM Policy Document: formatting JSON: %s", err) + } + jsonMinString := string(jsonMinDoc) + + d.Set("minified_json", jsonMinString) + d.SetId(strconv.Itoa(create.StringHashcode(jsonString))) return diags diff --git a/internal/service/iam/policy_document_data_source_test.go b/internal/service/iam/policy_document_data_source_test.go index 11a8c71c253..a25b698ea90 100644 --- a/internal/service/iam/policy_document_data_source_test.go +++ b/internal/service/iam/policy_document_data_source_test.go @@ -29,6 +29,9 @@ func TestAccIAMPolicyDocumentDataSource_basic(t *testing.T) { resource.TestCheckResourceAttr("data.aws_iam_policy_document.test", "json", testAccPolicyDocumentExpectedJSON(), ), + resource.TestCheckResourceAttr("data.aws_iam_policy_document.test", "minified_json", + testAccPolicyDocumentExpectedJSONMinified(), + ), ), }, }, @@ -589,6 +592,10 @@ func testAccPolicyDocumentExpectedJSON() string { }`, acctest.Partition()) } +func testAccPolicyDocumentExpectedJSONMinified() string { + return fmt.Sprintf(`{"Version":"2012-10-17","Id":"policy_id","Statement":[{"Sid":"1","Effect":"Allow","Action":["s3:ListAllMyBuckets","s3:GetBucketLocation"],"Resource":"arn:%[1]s:s3:::*"},{"Effect":"Allow","Action":"s3:ListBucket","Resource":"arn:%[1]s:s3:::foo","NotPrincipal":{"AWS":"arn:blahblah:example"},"Condition":{"StringLike":{"s3:prefix":["home/","","home/${aws:username}/"]}}},{"Effect":"Allow","Action":"s3:*","Resource":["arn:%[1]s:s3:::foo/home/${aws:username}/*","arn:%[1]s:s3:::foo/home/${aws:username}"],"Principal":{"AWS":"arn:blahblah:example"}},{"Effect":"Deny","NotAction":"s3:*","NotResource":"arn:%[1]s:s3:::*"},{"Effect":"Allow","Action":"kinesis:*","Principal":{"AWS":"*"}},{"Effect":"Allow","Action":"firehose:*","Principal":"*"}]}`, acctest.Partition()) +} + const testAccPolicyDocumentDataSourceConfig_singleConditionValue = ` data "aws_iam_policy_document" "test" { statement { diff --git a/website/docs/d/iam_policy_document.html.markdown b/website/docs/d/iam_policy_document.html.markdown index 30cf2852ab2..6290c94f7b6 100644 --- a/website/docs/d/iam_policy_document.html.markdown +++ b/website/docs/d/iam_policy_document.html.markdown @@ -536,3 +536,4 @@ The following arguments are required: This data source exports the following attributes in addition to the arguments above: * `json` - Standard JSON policy document rendered based on the arguments above. +* `minified_json` - Minified JSON policy document rendered based on the arguments above.