pulumi
diff --git a/‎examples/bucket-to-bucketv2/Pulumi.yaml renamed to ‎examples/bucket-to-bucket/Pulumi.yaml b/‎examples/bucket-to-bucketv2/Pulumi.yaml renamed to ‎examples/bucket-to-bucket/Pulumi.yaml
diff --git a/‎examples/bucket-to-bucketv2/step1/Pulumi.yaml renamed to ‎examples/bucket-to-bucket/step1/Pulumi.yaml b/‎examples/bucket-to-bucketv2/step1/Pulumi.yaml renamed to ‎examples/bucket-to-bucket/step1/Pulumi.yaml
diff --git a/‎examples/bucketv2-to-bucket/Pulumi.yaml
Lines changed: 182 additions & 0 deletions b/‎examples/bucketv2-to-bucket/Pulumi.yaml
Lines changed: 182 additions & 0 deletions
diff --git a/‎examples/bucketv2-to-bucket/step1/Pulumi.yaml
Lines changed: 165 additions & 0 deletions b/‎examples/bucketv2-to-bucket/step1/Pulumi.yaml
Lines changed: 165 additions & 0 deletions
diff --git a/‎examples/examples_yaml_test.go
Lines changed: 12 additions & 3 deletions b/‎examples/examples_yaml_test.go
Lines changed: 12 additions & 3 deletions
@@ -0,0 +1,182 @@
+name: test-aws-bucket-migration
+runtime: yaml
+resources:
+  provider:
+    type: pulumi:providers:aws
+    options:
+      version: 6.78.0
+  replication:
+    type: aws:iam:Role
+    options:
+      provider: ${provider}
+    properties:
+      name: tf-iam-role-replication-12345
+      assumeRolePolicy: |
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Principal": {
+                "Service": "s3.amazonaws.com"
+              },
+              "Effect": "Allow",
+              "Sid": ""
+            }
+          ]
+        }
+  replicationPolicy:
+    type: aws:iam:Policy
+    options:
+      provider: ${provider}
+    name: replication
+    properties:
+      name: tf-iam-role-policy-replication-12345
+      policy: |
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Action": [
+                "s3:GetReplicationConfiguration",
+                "s3:ListBucket"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                "${migrationBucket.arn}"
+              ]
+            },
+            {
+              "Action": [
+                "s3:GetObjectVersionForReplication",
+                "s3:GetObjectVersionAcl",
+                 "s3:GetObjectVersionTagging"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                "${migrationBucket.arn}/*"
+              ]
+            },
+            {
+              "Action": [
+                "s3:ReplicateObject",
+                "s3:ReplicateDelete",
+                "s3:ReplicateTags"
+              ],
+              "Effect": "Allow",
+              "Resource": "${destinationBucket.arn}/*"
+            }
+          ]
+        }
+  replicationRolePolicyAttachment:
+    type: aws:iam:RolePolicyAttachment
+    name: replication
+    options:
+      provider: ${provider}
+    properties:
+      role: ${replication.name}
+      policyArn: ${replicationPolicy.arn}
+  destinationBucket:
+    type: aws:s3:Bucket
+    options:
+      provider: ${provider}
+    properties:
+      forceDestroy: true
+      versioning:
+        enabled: true
+  loggingBucket:
+    type: aws:s3:Bucket
+    options:
+      provider: ${provider}
+    properties:
+      forceDestroy: true
+  exampleBucketOwnershipControls:
+    type: aws:s3:BucketOwnershipControls
+    options:
+      provider: ${provider}
+    properties:
+      bucket: ${loggingBucket.id}
+      rule:
+        objectOwnership: BucketOwnerPreferred
+  exampleBucketAclV2:
+    type: aws:s3:BucketAclV2
+    properties:
+      bucket: ${loggingBucket.id}
+      acl: log-delivery-write
+    options:
+      provider: ${provider}
+      dependsOn:
+        - ${exampleBucketOwnershipControls}
+  migrationBucket:
+    type: aws:s3:BucketV2
+    properties:
+      forceDestroy: true
+      serverSideEncryptionConfigurations:
+        - rules:
+          - applyServerSideEncryptionByDefaults:
+              - sseAlgorithm: "AES256"
+      corsRules:
+        - allowedHeaders:
+            - '*'
+          allowedMethods:
+            - PUT
+            - POST
+          allowedOrigins:
+            - https://s3-website-test.mydomain.com
+          exposeHeaders:
+            - ETag
+          maxAgeSeconds: 3000
+      lifecycleRules:
+         - id: noncurrent
+           enabled: true
+           expirations:
+             - days: 30
+           noncurrentVersionExpirations:
+             - days: 30
+         - id: log
+           enabled: true
+           prefix: log/
+           tags:
+             rule: log
+             autoclean: 'true'
+           transitions:
+             - days: 30
+               storageClass: STANDARD_IA
+      loggings:
+        - targetBucket: ${loggingBucket.bucket}
+          targetPrefix: /log
+      websites:
+        - indexDocument: index.html
+          errorDocument: error.html
+          routingRules: |
+            [{
+              "Condition": {
+                "KeyPrefixEquals": "docs"
+              },
+              "Redirect": {
+                "ReplaceKeyPrefixWith": "documents/"
+              }
+            }]
+      versionings:
+        - enabled: true
+      replicationConfigurations:
+        - role: ${replication.arn}
+          rules:
+            - id: foobar
+              status: Disabled
+              filters:
+                - tags: {}
+              # sourceSelectionCriterias:
+              #   - sseKmsEncryptedObjects:
+              #       - enabled: false
+              destinations:
+                - bucket: ${destinationBucket.arn}
+                  replicationTimes:
+                    - status: Disabled
+                      minutes: 15
+                  # not testing because we don't want to change the owner
+                  # accessControlTranslation:
+                  metrics:
+                    - status: Disabled
+                      minutes: 15
+
@@ -0,0 +1,165 @@
+name: test-aws-bucket-migration
+runtime: yaml
+resources:
+  replication:
+    type: aws:iam:Role
+    properties:
+      name: tf-iam-role-replication-12345
+      assumeRolePolicy: |
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Principal": {
+                "Service": "s3.amazonaws.com"
+              },
+              "Effect": "Allow",
+              "Sid": ""
+            }
+          ]
+        }
+  replicationPolicy:
+    type: aws:iam:Policy
+    name: replication
+    properties:
+      name: tf-iam-role-policy-replication-12345
+      policy: |
+        {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Action": [
+                "s3:GetReplicationConfiguration",
+                "s3:ListBucket"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                "${migrationBucket.arn}"
+              ]
+            },
+            {
+              "Action": [
+                "s3:GetObjectVersionForReplication",
+                "s3:GetObjectVersionAcl",
+                 "s3:GetObjectVersionTagging"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                "${migrationBucket.arn}/*"
+              ]
+            },
+            {
+              "Action": [
+                "s3:ReplicateObject",
+                "s3:ReplicateDelete",
+                "s3:ReplicateTags"
+              ],
+              "Effect": "Allow",
+              "Resource": "${destinationBucket.arn}/*"
+            }
+          ]
+        }
+  replicationRolePolicyAttachment:
+    type: aws:iam:RolePolicyAttachment
+    name: replication
+    properties:
+      role: ${replication.name}
+      policyArn: ${replicationPolicy.arn}
+  destinationBucket:
+    type: aws:s3:Bucket
+    properties:
+      forceDestroy: true
+      versioning:
+        enabled: true
+  loggingBucket:
+    type: aws:s3:Bucket
+    properties:
+      forceDestroy: true
+  exampleBucketOwnershipControls:
+    type: aws:s3:BucketOwnershipControls
+    properties:
+      bucket: ${loggingBucket.id}
+      rule:
+        objectOwnership: BucketOwnerPreferred
+  exampleBucketAclV2:
+    type: aws:s3:BucketAcl
+    properties:
+      bucket: ${loggingBucket.id}
+      acl: log-delivery-write
+    options:
+      dependsOn:
+        - ${exampleBucketOwnershipControls}
+
+  migrationBucket:
+    type: aws:s3:Bucket
+    properties:
+      forceDestroy: true
+      serverSideEncryptionConfiguration:
+        rule:
+          applyServerSideEncryptionByDefault:
+              sseAlgorithm: "AES256"
+      corsRules:
+        - allowedHeaders:
+            - '*'
+          allowedMethods:
+            - PUT
+            - POST
+          allowedOrigins:
+            - https://s3-website-test.mydomain.com
+          exposeHeaders:
+            - ETag
+          maxAgeSeconds: 3000
+      lifecycleRules:
+         - id: noncurrent
+           enabled: true
+           expiration:
+             days: 30
+           noncurrentVersionExpiration:
+             days: 30
+         - id: log
+           enabled: true
+           prefix: log/
+           tags:
+             rule: log
+             autoclean: 'true'
+           transitions:
+             - days: 30
+               storageClass: STANDARD_IA
+      logging:
+        targetBucket: ${loggingBucket.bucket}
+        targetPrefix: /log
+      website:
+        indexDocument: index.html
+        errorDocument: error.html
+        routingRules: |
+          [{
+            "Condition": {
+              "KeyPrefixEquals": "docs"
+            },
+            "Redirect": {
+              "ReplaceKeyPrefixWith": "documents/"
+            }
+          }]
+      versioning:
+        enabled: true
+      replicationConfiguration:
+        role: ${replication.arn}
+        rules:
+          - id: foobar
+            status: Disabled
+            filter:
+              tags: {}
+            # sourceSelectionCriterias:
+            #   - sseKmsEncryptedObjects:
+            #       - enabled: false
+            destination:
+              bucket: ${destinationBucket.arn}
+              replicationTime:
+                status: Disabled
+                minutes: 15
+              # not testing because we don't want to change the owner
+              # accessControlTranslation:
+              metrics:
+                status: Disabled
+                minutes: 15
@@ -187,12 +187,21 @@ func TestElasticacheReplicationGroupUpgrade(t *testing.T) {
 	testProviderUpgrade(t, filepath.Join("test-programs", "elasticache-replication-group"), nil)
 }
 
-func TestS3BucketToBucketV2Upgrade(t *testing.T) {
-	testProviderUpgrade(t, "bucket-to-bucketv2",
+func TestS3BucketToBucketUpgrade(t *testing.T) {
+	testProviderUpgrade(t, "bucket-to-bucket",
 		&testProviderUpgradeOptions{
 			baselineVersion: "6.78.0",
 		},
-		optproviderupgrade.NewSourcePath(filepath.Join("bucket-to-bucketv2", "step1")),
+		optproviderupgrade.NewSourcePath(filepath.Join("bucket-to-bucket", "step1")),
+	)
+}
+
+func TestS3BucketV2ToBucketV2Upgrade(t *testing.T) {
+	testProviderUpgrade(t, "bucketv2-to-bucket",
+		&testProviderUpgradeOptions{
+			baselineVersion: "6.78.0",
+		},
+		optproviderupgrade.NewSourcePath(filepath.Join("bucketv2-to-bucket", "step1")),
 	)
 }