Terraform: Bug: leading whitespace causes aws_iam_policy to incorrectly report valid JSON policies as invalid

Created on 12 Oct 2017  ยท  6Comments  ยท  Source: hashicorp/terraform

Terraform Version

0.10.7, 0.9.11

Terraform Configuration Files

resource "aws_iam_policy" "nodes_sqs_policy" {
    name        = "nodes_sqs_policy"
    description = "nodes SQS"
    policy = <<EOF
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "sqs:GetQueueAttributes"
          ],
          "Resource": [
            "arn:aws:sqs:us-east-1:123123123:myapp-dev-us-east-1*"
          ]
        }
      ]
    }
EOF
}

Expected Behavior

The policy was applied

Actual Behavior

1 error(s) occurred:

* aws_iam_policy.nodes_sqs_policy: "policy" contains an invalid JSON policy

Important Factoids

Removing the whitespace before the first character in the policy allows it to be applied:

data "template_file" "nodes_iam_sqs" {
    name        = "nodes_sqs_policy"
    description = "nodes SQS"
    policy = <<EOF
{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "sqs:GetQueueAttributes"
          ],
          "Resource": [
            "arn:aws:sqs:us-east-1:123123123:myapp-dev-us-east-1*"
          ]
        }
      ]
    }
EOF
}

According to RFC 4627, "Insignificant whitespace is allowed before or after any of the six structural characters."

References

11906 is where the JSON validation was applied.

picture MikeSchuette
👍4

Most helpful comment

The AWS provider has moved out of the main terraform repo, and this bug report has moved here: https://github.com/terraform-providers/terraform-provider-aws/issues/1873

picture MikeSchuette on 1 Aug 2018
👍3

All 6 comments

Aaand this is in the wrong repo.

MikeSchuette picture MikeSchuette on 12 Oct 2017

just ran into this issue, thanks

jlyons18 picture jlyons18 on 10 Jul 2018

lame. Can we please fix? Thanks

woodcockjosh picture woodcockjosh on 31 Jul 2018

The AWS provider has moved out of the main terraform repo, and this bug report has moved here: https://github.com/terraform-providers/terraform-provider-aws/issues/1873

MikeSchuette picture MikeSchuette on 1 Aug 2018
👍3

I had the same problem and got it fixed by removing all the spaces before the left curly brace that is immediately after the <

JoeyGarcia picture JoeyGarcia on 10 Dec 2019

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 11 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rnowosielski picture rnowosielski  ยท  3Comments
sprokopiak picture sprokopiak  ยท  3Comments
Seraf picture Seraf  ยท  3Comments
zeninfinity picture zeninfinity  ยท  3Comments
ketzacoatl picture ketzacoatl  ยท  3Comments