Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_s3_bucket import automatically imports bucket policy #9001

Closed
danielpops opened this issue Jun 14, 2019 · 3 comments · Fixed by #14121
Closed

aws_s3_bucket import automatically imports bucket policy #9001

danielpops opened this issue Jun 14, 2019 · 3 comments · Fixed by #14121
Assignees
@bflad
Labels
documentation Introduces or discusses updates to documentation. service/s3 Issues and PRs that pertain to the s3 service.
Milestone
v3.0.0

Comments

@danielpops
Copy link

When doing terraform import for aws_s3_bucket, terraform will automatically import the bucket policy into a aws_s3_bucket_policy resource with the same name, as show in this terraform import output =>

$ terraform import aws_s3_bucket.THE_BUCKET THE_BUCKET
/Users/dpopes/terraform-0.11/bin/terraform import aws_s3_bucket.THE_BUCKET THE_BUCKET
aws_s3_bucket.THE_BUCKET: Importing from ID "THE_BUCKET"...
aws_s3_bucket.THE_BUCKET: Import complete!
  Imported aws_s3_bucket (ID: THE_BUCKET)
  Imported aws_s3_bucket_policy (ID: THE_BUCKET)
aws_s3_bucket_policy.THE_BUCKET: Refreshing state... (ID: THE_BUCKET)
aws_s3_bucket.THE_BUCKET: Refreshing state... (ID: THE_BUCKET)

Import successful!

This behavior is actually probably desirable, it's just not documented, so it was unexpected and I spent a bunch of time trying to understand why my terraform plan output did not look correct. The current behavior relies on you defining both aws_s3_bucket and aws_s3_bucket_policy with the same name, but that' snot clearly called out as a requirement anywhere.

The fix for this should be a documentation update.
@nywilken nywilken added the service/s3 Issues and PRs that pertain to the s3 service. label Jun 17, 2019
@aeschright aeschright added the needs-triage Waiting for first response or review from a maintainer. label Jun 24, 2019
@ryndaniels ryndaniels added documentation Introduces or discusses updates to documentation. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 25, 2019
@bflad bflad added this to the v3.0.0 milestone Feb 5, 2020
@breathingdust breathingdust mentioned this issue May 20, 2020
Closed
@bflad bflad self-assigned this Jul 9, 2020
bflad added a commit that referenced this issue Jul 9, 2020
@bflad
resource/aws_s3_bucket: Remove automatic aws_s3_bucket_policy import
2dd5d9b 
Reference: #394
Reference: #9001
Reference: #9508
Reference: #12805

Output from acceptance testing:

```
--- PASS: TestAccAWSS3Bucket_acceleration (70.53s)
--- PASS: TestAccAWSS3Bucket_AclToGrant (64.37s)
--- PASS: TestAccAWSS3Bucket_basic (37.90s)
--- PASS: TestAccAWSS3Bucket_Bucket_EmptyString (39.08s)
--- PASS: TestAccAWSS3Bucket_Cors_Delete (32.28s)
--- PASS: TestAccAWSS3Bucket_Cors_EmptyOrigin (39.25s)
--- PASS: TestAccAWSS3Bucket_Cors_Update (68.80s)
--- PASS: TestAccAWSS3Bucket_disableDefaultEncryption_whenDefaultEncryptionIsEnabled (67.23s)
--- PASS: TestAccAWSS3Bucket_enableDefaultEncryption_whenAES256IsUsed (37.19s)
--- PASS: TestAccAWSS3Bucket_enableDefaultEncryption_whenTypical (44.32s)
--- PASS: TestAccAWSS3Bucket_forceDestroy (37.21s)
--- PASS: TestAccAWSS3Bucket_forceDestroyWithEmptyPrefixes (38.50s)
--- PASS: TestAccAWSS3Bucket_forceDestroyWithObjectLockEnabled (37.77s)
--- PASS: TestAccAWSS3Bucket_generatedName (38.80s)
--- PASS: TestAccAWSS3Bucket_GrantToAcl (60.31s)
--- PASS: TestAccAWSS3Bucket_LifecycleBasic (89.67s)
--- PASS: TestAccAWSS3Bucket_LifecycleExpireMarkerOnly (67.52s)
--- PASS: TestAccAWSS3Bucket_LifecycleRule_Expiration_EmptyConfigurationBlock (30.08s)
--- PASS: TestAccAWSS3Bucket_Logging (56.73s)
--- PASS: TestAccAWSS3Bucket_namePrefix (40.92s)
--- PASS: TestAccAWSS3Bucket_objectLock (68.34s)
--- PASS: TestAccAWSS3Bucket_Policy (97.07s)
--- PASS: TestAccAWSS3Bucket_region (34.45s)
--- PASS: TestAccAWSS3Bucket_Replication (159.22s)
--- PASS: TestAccAWSS3Bucket_ReplicationConfiguration_Rule_Destination_AccessControlTranslation (94.18s)
--- PASS: TestAccAWSS3Bucket_ReplicationConfiguration_Rule_Destination_AddAccessControlTranslation (95.79s)
--- PASS: TestAccAWSS3Bucket_ReplicationExpectVersioningValidationError (28.62s)
--- PASS: TestAccAWSS3Bucket_ReplicationSchemaV2 (167.50s)
--- PASS: TestAccAWSS3Bucket_ReplicationWithoutPrefix (55.52s)
--- PASS: TestAccAWSS3Bucket_ReplicationWithoutStorageClass (58.02s)
--- PASS: TestAccAWSS3Bucket_RequestPayer (67.28s)
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (19.65s)
--- PASS: TestAccAWSS3Bucket_tagsWithNoSystemTags (119.32s)
--- PASS: TestAccAWSS3Bucket_tagsWithSystemTags (171.42s)
--- PASS: TestAccAWSS3Bucket_UpdateAcl (65.51s)
--- PASS: TestAccAWSS3Bucket_UpdateGrant (92.38s)
--- PASS: TestAccAWSS3Bucket_Versioning (95.55s)
--- PASS: TestAccAWSS3Bucket_Website_Simple (95.12s)
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (91.21s)
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (65.48s)
```
@bflad bflad mentioned this issue Jul 9, 2020
Merged
bflad added a commit that referenced this issue Jul 13, 2020
@bflad
resource/aws_s3_bucket: Remove automatic aws_s3_bucket_policy import (#…
05fc9c4 
…14121)

Reference: #394
Reference: #9001
Reference: #9508
Reference: #12805

Output from acceptance testing:

```
--- PASS: TestAccAWSS3Bucket_acceleration (70.53s)
--- PASS: TestAccAWSS3Bucket_AclToGrant (64.37s)
--- PASS: TestAccAWSS3Bucket_basic (37.90s)
--- PASS: TestAccAWSS3Bucket_Bucket_EmptyString (39.08s)
--- PASS: TestAccAWSS3Bucket_Cors_Delete (32.28s)
--- PASS: TestAccAWSS3Bucket_Cors_EmptyOrigin (39.25s)
--- PASS: TestAccAWSS3Bucket_Cors_Update (68.80s)
--- PASS: TestAccAWSS3Bucket_disableDefaultEncryption_whenDefaultEncryptionIsEnabled (67.23s)
--- PASS: TestAccAWSS3Bucket_enableDefaultEncryption_whenAES256IsUsed (37.19s)
--- PASS: TestAccAWSS3Bucket_enableDefaultEncryption_whenTypical (44.32s)
--- PASS: TestAccAWSS3Bucket_forceDestroy (37.21s)
--- PASS: TestAccAWSS3Bucket_forceDestroyWithEmptyPrefixes (38.50s)
--- PASS: TestAccAWSS3Bucket_forceDestroyWithObjectLockEnabled (37.77s)
--- PASS: TestAccAWSS3Bucket_generatedName (38.80s)
--- PASS: TestAccAWSS3Bucket_GrantToAcl (60.31s)
--- PASS: TestAccAWSS3Bucket_LifecycleBasic (89.67s)
--- PASS: TestAccAWSS3Bucket_LifecycleExpireMarkerOnly (67.52s)
--- PASS: TestAccAWSS3Bucket_LifecycleRule_Expiration_EmptyConfigurationBlock (30.08s)
--- PASS: TestAccAWSS3Bucket_Logging (56.73s)
--- PASS: TestAccAWSS3Bucket_namePrefix (40.92s)
--- PASS: TestAccAWSS3Bucket_objectLock (68.34s)
--- PASS: TestAccAWSS3Bucket_Policy (97.07s)
--- PASS: TestAccAWSS3Bucket_region (34.45s)
--- PASS: TestAccAWSS3Bucket_Replication (159.22s)
--- PASS: TestAccAWSS3Bucket_ReplicationConfiguration_Rule_Destination_AccessControlTranslation (94.18s)
--- PASS: TestAccAWSS3Bucket_ReplicationConfiguration_Rule_Destination_AddAccessControlTranslation (95.79s)
--- PASS: TestAccAWSS3Bucket_ReplicationExpectVersioningValidationError (28.62s)
--- PASS: TestAccAWSS3Bucket_ReplicationSchemaV2 (167.50s)
--- PASS: TestAccAWSS3Bucket_ReplicationWithoutPrefix (55.52s)
--- PASS: TestAccAWSS3Bucket_ReplicationWithoutStorageClass (58.02s)
--- PASS: TestAccAWSS3Bucket_RequestPayer (67.28s)
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (19.65s)
--- PASS: TestAccAWSS3Bucket_tagsWithNoSystemTags (119.32s)
--- PASS: TestAccAWSS3Bucket_tagsWithSystemTags (171.42s)
--- PASS: TestAccAWSS3Bucket_UpdateAcl (65.51s)
--- PASS: TestAccAWSS3Bucket_UpdateGrant (92.38s)
--- PASS: TestAccAWSS3Bucket_Versioning (95.55s)
--- PASS: TestAccAWSS3Bucket_Website_Simple (95.12s)
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (91.21s)
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (65.48s)
```
@bflad
Copy link
Member

bflad commented Jul 13, 2020
edited

The removal of the automatic aws_s3_bucket_policy resource import during aws_s3_bucket resource import has been merged and will release with version 3.0.0 of the Terraform AWS Provider, likely in two weeks. Please follow the v3.0.0 milestone for tracking the progress of that release. You can use the aws_s3_bucket_policy resource import support to import that resource directly after the provider upgrade, similar to all other Terraform resources that support import. 👍

@ghost
Copy link

ghost commented Jul 31, 2020

This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Aug 13, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Aug 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
documentation Introduces or discusses updates to documentation. service/s3 Issues and PRs that pertain to the s3 service.
Projects
None yet
Milestone
v3.0.0
5 participants
@aeschright @bflad @ryndaniels @nywilken @danielpops