An argument named "source_policy_documents" is not expected here.

Question

An argument named "source_policy_documents" is not expected here.

bryantbiggs opened this issue 3 years ago · comments

Description

Starting with v1.23 and #77, there is an issue with the secure transport policy as see below:

Error: Unsupported argument

  on .terraform/modules/dynamodb_backup.secondary_dynamodb_backup_bucket/main.tf line 247, in data "aws_iam_policy_document" "combined":
 247:   source_policy_documents = compact([

An argument named "source_policy_documents" is not expected here.

Versions

Terraform:
0.14.9
Provider(s):
3.36.0
Module:
1.23/1.24

Reproduction

Steps to reproduce the behavior:

Code Snippet to Reproduce

data "aws_iam_policy_document" "service_reports_artifact_bucket" {
  statement {
    sid    = "DenyNonSecureTransport"
    effect = "Deny"
    actions = [
      "s3:*"
    ]

    resources = [
      module.service_reports_artifact_bucket.this_s3_bucket_arn,
      "${module.service_reports_artifact_bucket.this_s3_bucket_arn}/*",
    ]

    principals {
      type        = "AWS"
      identifiers = ["*"]
    }

    condition {
      test     = "Bool"
      variable = "aws:SecureTransport"
      values = [
        "false"
      ]
    }
  }
}

module "service_reports_artifact_bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
  version = "~> 1.22"

  bucket = "service-reports-artifacts-something-random"

  attach_policy = true
  policy        = data.aws_iam_policy_document.service_reports_artifact_bucket.json

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true

  server_side_encryption_configuration = {
    rule = {
      apply_server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle_rule = [
    {
      id      = "all"
      enabled = true

      expiration = {
        days = 30
      }

      noncurrent_version_expiration = {
        days = 5
      }
    }
  ]

  tags = module.tags.tags
}

Expected behavior

bucket should be provisioned without issue

Actual behavior

see above

Anton Babenko · Answer 1 · Sat Apr 10 2021 17:08:05 GMT+0800 (China Standard Time)

I see that source_policy_documents was added in v3.28.0 of Terraform AWS provider, so we need to update versions.tf in the module (I will make a PR now), but if you have 3.36.0 already it should not be a problem.

Could you double-check that you are not using a version older than 3.28.0?

Anton Babenko · Answer 2 · Sat Apr 10 2021 17:24:17 GMT+0800 (China Standard Time)

v1.25.0 has been just released. Please give it a try.

Bryant Biggs · Answer 3 · Sun Apr 11 2021 23:50:15 GMT+0800 (China Standard Time)

ah yes, this was my bad - one project is pinned to v3.20 and this was that one project. all good, thanks @antonbabenko !

github-actions · Answer 4 · Sat Oct 29 2022 10:33:34 GMT+0800 (China Standard Time)

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.