Merge pull request #40640 from DerekTBrown/revert-40562-add-validation-for-iam-policy-document-sid

Revert 40562 add validation for iam policy document sid

Author: YakDriver

.changelog/40562.txt

@@ -1,3 +1,3 @@
 ```release-note:enhancement
 data-source/aws_iam_policy_document: Add plan-time validation that the `statement` `sid` is valid, including on alphanumeric characters
-```
+```

.changelog/40639.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+data-source/aws_iam_policy_document: Reverts plan-time validation for `statement` `sid`
+```

internal/service/iam/policy_document_data_source.go

@@ -11,7 +11,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -144,9 +143,10 @@ func dataSourcePolicyDocument() *schema.Resource {
 							"principals":        principalsSchema(),
 							names.AttrResources: setOfStringSchema(),
 							"sid": {
-								Type:         schema.TypeString,
-								Optional:     true,
-								ValidateFunc: validation.StringMatch(regexache.MustCompile(`^[a-zA-Z0-9]*$`), "must only include alphanumeric characters"),
+								// Because policy documents are widely used outside IAM, we don't enforce
+								// IAM validation rules requiring alphanumeric and no spaces.
+								Type:     schema.TypeString,
+								Optional: true,
 							},
 						},
 					},

internal/service/iam/policy_document_data_source_test.go

@@ -236,16 +236,16 @@ func TestAccIAMPolicyDocumentDataSource_overrideList(t *testing.T) {
 	})
 }
 
-func TestAccIAMPolicyDocumentDataSource_validateSid(t *testing.T) {
+func TestAccIAMPolicyDocumentDataSource_invalidSidValid(t *testing.T) {
 	ctx := acctest.Context(t)
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.IAMServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		Steps: []resource.TestStep{
 			{
-				Config:      testAccPolicyDocumentDataSourceConfig_invalidSid,
-				ExpectError: regexache.MustCompile(`must only include alphanumeric characters`),
+				Config:   testAccPolicyDocumentDataSourceConfig_invalidSid,
+				PlanOnly: true,
 			},
 		},
 	})
@@ -1040,7 +1040,7 @@ data "aws_iam_policy_document" "test_source_conflicting" {
 var testAccPolicyDocumentDataSourceConfig_invalidSid = `
 data "aws_iam_policy_document" "test" {
   statement {
-    sid = "Invalid_SID"
+    sid = "Invalid SID"
     actions = [
       "s3:ListAllMyBuckets",
       "s3:GetBucketLocation",