Converting variable adds additional $ sign sometimes

[mbaeuerle]

Consider having this json file:

{
    "Version": "2012-10-17",
    "Statement": [
      {

        "Sid": "AWSCloudTrailCreateLogStream2014110",
        "Effect": "Allow",
        "Action": [
          "logs:CreateLogStream"
        ],
        "Resource": [
          "arn:aws:logs:${data.aws_region.reg_current.name}:${data.aws_caller_identity.acc_current.account_id}:log-group:${aws_cloudwatch_log_group.trail-log-group.name}:*"
        ]

      },
      {
        "Sid": "AWSCloudTrailPutLogEvents20141101",
        "Effect": "Allow",
        "Action": [
          "logs:PutLogEvents"
        ],
        "Resource": [
          "arn:aws:logs:${data.aws_region.reg_current.name}:${data.aws_caller_identity.acc_current.account_id}:log-group:${aws_cloudwatch_log_group.trail-log-group.name}:*"
        ]
      }
    ]
}

Running iam-policy-json-to-terraform returns this:

data "aws_iam_policy_document" "policy" {
  statement {
    sid       = "AWSCloudTrailCreateLogStream2014110"
    effect    = "Allow"
    resources = ["arn:aws:logs:$${data.aws_region.reg_current.name}:${data.aws_caller_identity.acc_current.account_id}:log-group:${aws_cloudwatch_log_group.trail-log-group.name}:*"]
    actions   = ["logs:CreateLogStream"]
  }

  statement {
    sid       = "AWSCloudTrailPutLogEvents20141101"
    effect    = "Allow"
    resources = ["arn:aws:logs:$${data.aws_region.reg_current.name}:${data.aws_caller_identity.acc_current.account_id}:log-group:${aws_cloudwatch_log_group.trail-log-group.name}:*"]
    actions   = ["logs:PutLogEvents"]
  }
}

Notice how in the resources an extra $ is added to the first variable: "arn:aws:logs:$${data.aws_region.reg_current.name}". The following variables however are correctly converted.

Version: 1.8.0 via Brew OS: MacOS

[flosell]

Hi @mbaeuerle, thanks for calling this out!

This was indeed a bug, an overly-greedy regex. Should be fixed now, check out your example here