Add aws_s3_bucket_policy data source

[adamrbennett]

Helps with, or otherwise fixes:

#409
#6334

Changes proposed in this pull request:

• Add a data source for S3 bucket policies

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccDataSourceS3BucketPolicy'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -parallel 20 -run TestAccDataSourceS3BucketPolicy -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccDataSourceS3BucketPolicy
=== PAUSE TestAccDataSourceS3BucketPolicy
=== CONT  TestAccDataSourceS3BucketPolicy
--- PASS: TestAccDataSourceS3BucketPolicy (35.38s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	35.438s

Additional notes:

When combined with the source_json or override_json attributes on the aws_iam_policy_document data source, support can now be provided for "merging" bucket policy documents. See markdown document for an example.

[tomasbackman]

This is exactly what I would need right now, to add a new access policy to an existing s3 bucket, and keeping the current permissions (so merging the policies)
So is there any chance this fix (or similar) will be merged to terraform pretty soonish?
Or is there some suggested workaround for adding new policies and keeping the old ones for s3 buckets?

[adamrbennett]

@aeschright Can someone help me get this merged? What can I do? I have clients that use this and it's been quite a burden keeping in sync with upstream for over a year.

[adamrbennett]

@bflad @anGie44 Can someone please respond to me here? I understand that everyone is busy (as am I), but I see new PRs getting reviewed/merged and nobody can even take a couple minutes to at least acknowledge this PR or respond to my questions.

What is the hold up? How can I help get this merged? I'd love to make additional contributions to here, but so far it's just been a complete waste of time and quite a hassle. At this point I've incurred quite a few costs and received no benefit for my efforts here.

Please restore my faith in this repository and its maintainers by at least responding to me.

[abitrolly]

I am not a maintainer, but at the very least this PR needs to be rebased. Then the issue #409 it references is already closed and without an issue to solve people is unlikely to prioritise this according to FAQ https://github.com/terraform-providers/terraform-provider-aws/blob/master/docs/FAQ.md#why-isnt-my-pr-merged-yet

I see two ways here.

1. If the pain point is common, create an issue that explains pain point and the solution in the way that people can understand and upvote - https://github.com/terraform-providers/terraform-provider-aws/blob/master/docs/FAQ.md#how-do-you-decide-what-gets-merged-for-each-release
2. If the pain point is specific to your company, then just buy out the time of maintainers just to work on your problem. Hashicorp is a company after all, and money for companies is a way for prioritising problems such as this.

[adamrbennett]

@abitrolly I would gladly rebase if I thought spending further time on this contribution would lead to value. So far there is no indication that is the case. The maintainers won't even respond.

You mention there is no corresponding issue for this PR, but you must have overlooked #6334. In any case, this PR is to introduce a new data source, surely that's valued in and of itself, irrespective of any outstanding "pain points". AWS releases new services and updates to their APIs all the time -- surely we don't need to wait for pain to justify keeping up with those changes. I think you might be overlooking the fact that not all changes are to address "pain points" -- some PRs are to introduce new value.

I wouldn't "buy time" of the maintainers to "work on my problem" because I have already worked on my problem and solved it with this PR. I have freely contributed value to this project, and I'm not asking for something in return other than the courtesy of a response.

[abitrolly]

@adamenger try to respond to every issue on this tracker for a week helping people without writing code. We'll take your daily job for coding and testing activities, and I will measure your response afterwards. :D

As for the rest of your comments, I am not a TA of this PR. Just saw you request for help on the forum and decided to comment with a courtesy of response. I am sure your contribution is valuable. Open source is just not a free service, but I would open a ticket with AWS support to let them know.

Cheers!

[teamterraform]

Notification of Recent and Upcoming Changes to Contributions

Thank you for this contribution! There have been a few recent development changes that affect this pull request. We apologize for the inconvenience, especially if there have been long review delays up until now. Please note that this is automated message from an unmonitored account. See the FAQ for additional information on the maintainer team and review prioritization.

If you are unable to complete these updates, please leave a comment for the community and maintainers so someone can potentially continue the work. The maintainers will encourage other contributors to use the existing contribution as the base for additional changes as appropriate. Otherwise, contributions that do not receive updated code or comments from the original contributor may be closed in the future so the maintainers can focus on active items.

For the most up to date information about Terraform AWS Provider development, see the Contributing Guide. Additional technical debt changes can be tracked with the technical-debt label on issues.

As part of updating a pull request with these changes, the most current unit testing and linting will run. These may report issues that were not previously reported.

Action Required: Terraform 0.12 Syntax

Reference: #8950
Reference: #14417

Version 3 and later of the Terraform AWS Provider, which all existing contributions would potentially be added, only supports Terraform 0.12 and later. Certain syntax elements of Terraform 0.11 and earlier show deprecation warnings during runs with Terraform 0.12. Documentation and test configurations, such as those including deprecated string interpolations (some_attribute = "${aws_service_thing.example.id}") should be updated to the newer syntax (some_attribute = aws_service_thing.example.id). Contribution testing will automatically fail on older syntax in the near future. Please see the referenced issues for additional information.

Action Required: Terraform Plugin SDK Version 2

Reference: #14551

The Terraform AWS Provider has been upgraded to the latest version of the Terraform Plugin SDK. Generally, most changes to contributions should only involve updating Go import paths in source code files. Please see the referenced issue for additional information.

Removal of website/aws.erb File

Reference: #14712

Any changes to the website/aws.erb file are no longer necessary and should be removed from this contribution to prevent merge issues in the near future when the file is removed from the repository. Please see the referenced issue for additional information.

Upcoming Change of Git Branch Naming

Reference: #14292

Development environments will need their upstream Git branch updated from master to main in the near future. Please see the referenced issue for additional information and scheduling.

Upcoming Change of GitHub Organization

Reference: #14715

This repository will be migrating from https://github.com/terraform-providers/terraform-provider-aws to https://github.com/hashicorp/terraform-provider-aws. No practitioner or developer action is anticipated and most GitHub functionality will automatically redirect to the new location. Go import paths including terraform-providers can remain for now. Please see the referenced issue for additional information and scheduling.

[adamrbennett]

If I had any faith that the maintainers would review this free contribution, and make a decision on it, I would gladly spend my time to bring it up to current standards. Alas, I have lost faith in the maintainers and will no longer be freely contributing my time or efforts here.

Someone else can do the work above, or we can let this PR die as the maintainers would so have it.

[zhelding]

Pull request #21306 has significantly refactored the AWS Provider codebase. As a result, most PRs opened prior to the refactor now have merge conflicts that must be resolved before proceeding.

Specifically, PR #21306 relocated the code for all AWS resources and data sources from a single aws directory to a large number of separate directories in internal/service, each corresponding to a particular AWS service. This separation of code has also allowed for us to simplify the names of underlying functions -- while still avoiding namespace collisions.

We recognize that many pull requests have been open for some time without yet being addressed by our maintainers. Therefore, we want to make it clear that resolving these conflicts in no way affects the prioritization of a particular pull request. Once a pull request has been prioritized for review, the necessary changes will be made by a maintainer -- either directly or in collaboration with the pull request author.

For a more complete description of this refactor, including examples of how old filepaths and function names correspond to their new counterparts: please refer to issue #20000.

For a quick guide on how to amend your pull request to resolve the merge conflicts resulting from this refactor and bring it in line with our new code patterns: please refer to our Service Package Refactor Pull Request Guide.

[ewbankkit]

Superseded by #17738.

[ewbankkit]

@adamrbennett Thanks for the contribution 🎉 👏.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.