Add aws_opensearchserverless_security_policy data source

Author: Joshua Luo

.changelog/32226.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_opensearchserverless_security_policy
+```

internal/service/opensearchserverless/security_policy_data_source.go

@@ -2,11 +2,15 @@ package opensearchserverless
 
 import (
 	"context"
+	"regexp"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/opensearchserverless/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/enum"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
 )
 
@@ -27,6 +31,10 @@ func DataSourceSecurityPolicy() *schema.Resource {
 			"name": {
 				Type:     schema.TypeString,
 				Required: true,
+				ValidateFunc: validation.All(
+					validation.StringLenBetween(3, 32),
+					validation.StringMatch(regexp.MustCompile(`^[a-z][a-z0-9-]+$`), `must start with any lower case letter and can include any lower case letter, number, or "-"`),
+				),
 			},
 			"policy": {
 				Type:     schema.TypeString,
@@ -37,8 +45,9 @@ func DataSourceSecurityPolicy() *schema.Resource {
 				Computed: true,
 			},
 			"type": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateDiagFunc: enum.Validate[types.SecurityPolicyType](),
 			},
 		},
 	}

internal/service/opensearchserverless/security_policy_data_source_test.go

@@ -23,6 +23,7 @@ func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) {
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.OpenSearchServerlessEndpointID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckSecurityPolicyDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
 				Config: testAccSecurityPolicyDataSourceConfig_basic(rName),
@@ -31,6 +32,7 @@ func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(dataSourceName, "type", resourceName, "type"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "policy_version", resourceName, "policy_version"),
 				),
 			},
 		},
@@ -41,20 +43,20 @@ func testAccSecurityPolicyDataSourceConfig_basic(rName string) string {
 	collection := fmt.Sprintf("collection/%s", rName)
 	return fmt.Sprintf(`
 resource "aws_opensearchserverless_security_policy" "test" {
-	name = %[1]q
-	type = "encryption"
-	description = %[1]q
-	policy = jsonencode({
-		"Rules" = [
-		{
-			"Resource" = [
-				%[2]q
-			],
-			"ResourceType" = "collection"
-		}
-		],
-		"AWSOwnedKey" = true
-	})
+  name        = %[1]q
+  type        = "encryption"
+  description = %[1]q
+  policy = jsonencode({
+    "Rules" = [
+      {
+        "Resource" = [
+          %[2]q
+        ],
+        "ResourceType" = "collection"
+      }
+    ],
+    "AWSOwnedKey" = true
+  })
 }
 
 data "aws_opensearchserverless_security_policy" "test" {