diff --git a/.changelog/17752.txt b/.changelog/17752.txt new file mode 100644 index 00000000000..f7589b6efc4 --- /dev/null +++ b/.changelog/17752.txt @@ -0,0 +1,3 @@ +```release-note:bug +data-source/aws_iam_policy_document: Keep empty conditions +``` diff --git a/aws/data_source_aws_iam_policy_document.go b/aws/data_source_aws_iam_policy_document.go index f8521c480fe..04b7fc14dcd 100644 --- a/aws/data_source_aws_iam_policy_document.go +++ b/aws/data_source_aws_iam_policy_document.go @@ -311,7 +311,7 @@ func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}, version stri Variable: item["variable"].(string), } out[i].Values, err = dataSourceAwsIamPolicyDocumentReplaceVarsInList( - aws.StringValueSlice(expandStringList(item["values"].([]interface{}))), + aws.StringValueSlice(expandStringListKeepEmpty(item["values"].([]interface{}))), version, ) if err != nil { diff --git a/aws/data_source_aws_iam_policy_document_test.go b/aws/data_source_aws_iam_policy_document_test.go index 8ac7a72c49d..d9af7a3112a 100644 --- a/aws/data_source_aws_iam_policy_document_test.go +++ b/aws/data_source_aws_iam_policy_document_test.go @@ -312,6 +312,7 @@ data "aws_iam_policy_document" "test" { variable = "s3:prefix" values = [ "home/", + "", "home/&{aws:username}/", ] } @@ -394,6 +395,7 @@ func testAccAWSIAMPolicyDocumentExpectedJSON() string { "StringLike": { "s3:prefix": [ "home/", + "", "home/${aws:username}/" ] } diff --git a/aws/structure.go b/aws/structure.go index 1781aa7bb81..6c715cc8203 100644 --- a/aws/structure.go +++ b/aws/structure.go @@ -983,6 +983,16 @@ func expandStringList(configured []interface{}) []*string { return vs } +func expandStringListKeepEmpty(configured []interface{}) []*string { + vs := make([]*string, 0, len(configured)) + for _, v := range configured { + if val, ok := v.(string); ok { + vs = append(vs, aws.String(val)) + } + } + return vs +} + // Takes the result of flatmap.Expand for an array of int64 // and returns a []*int64 func expandInt64List(configured []interface{}) []*int64 {