From e9a98cf0dad9bad4c17aa7deeb657f7e4066aa6d Mon Sep 17 00:00:00 2001
From: Dirk Avery <dirk.avery@gmail.com>
Date: Wed, 10 Feb 2021 18:55:21 -0500
Subject: [PATCH] resource/iam_policy_document: Preserve order of condition
 values

---
 aws/data_source_aws_iam_policy_document.go      | 8 ++++----
 aws/data_source_aws_iam_policy_document_test.go | 8 ++++----
 aws/iam_policy_model.go                         | 2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/aws/data_source_aws_iam_policy_document.go b/aws/data_source_aws_iam_policy_document.go
index a248d66539c..16639969d0b 100644
--- a/aws/data_source_aws_iam_policy_document.go
+++ b/aws/data_source_aws_iam_policy_document.go
@@ -7,6 +7,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/hashcode"
@@ -69,7 +70,7 @@ func dataSourceAwsIamPolicyDocument() *schema.Resource {
 										Required: true,
 									},
 									"values": {
-										Type:     schema.TypeSet,
+										Type:     schema.TypeList,
 										Required: true,
 										Elem: &schema.Schema{
 											Type: schema.TypeString,
@@ -310,9 +311,8 @@ func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}, version stri
 			Variable: item["variable"].(string),
 		}
 		out[i].Values, err = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
-			iamPolicyDecodeConfigStringList(
-				item["values"].(*schema.Set).List(),
-			), version,
+			aws.StringValueSlice(expandStringList(item["values"].([]interface{}))),
+			version,
 		)
 		if err != nil {
 			return nil, fmt.Errorf("error reading values: %s", err)
diff --git a/aws/data_source_aws_iam_policy_document_test.go b/aws/data_source_aws_iam_policy_document_test.go
index 33fcf5ddbc0..8ac7a72c49d 100644
--- a/aws/data_source_aws_iam_policy_document_test.go
+++ b/aws/data_source_aws_iam_policy_document_test.go
@@ -393,8 +393,8 @@ func testAccAWSIAMPolicyDocumentExpectedJSON() string {
       "Condition": {
         "StringLike": {
           "s3:prefix": [
-            "home/${aws:username}/",
-            "home/"
+            "home/",
+            "home/${aws:username}/"
           ]
         }
       }
@@ -560,8 +560,8 @@ func testAccAWSIAMPolicyDocumentSourceExpectedJSON() string {
       "Condition": {
         "StringLike": {
           "s3:prefix": [
-            "home/${aws:username}/",
-            "home/"
+            "home/",
+            "home/${aws:username}/"
           ]
         }
       }
diff --git a/aws/iam_policy_model.go b/aws/iam_policy_model.go
index f2240079e95..22c7fb332ee 100644
--- a/aws/iam_policy_model.go
+++ b/aws/iam_policy_model.go
@@ -170,7 +170,7 @@ func (cs IAMPolicyStatementConditionSet) MarshalJSON() ([]byte, error) {
 			if _, ok := raw[c.Test][c.Variable]; !ok {
 				raw[c.Test][c.Variable] = make([]string, 0, len(i))
 			}
-			sort.Sort(sort.Reverse(sort.StringSlice(i)))
+			// order matters with values so not sorting here
 			raw[c.Test][c.Variable] = append(raw[c.Test][c.Variable].([]string), i...)
 		case string:
 			raw[c.Test][c.Variable] = i