Merge pull request #32226 from joshjluo/f-aws_opensearchserverless_security_policy-data-source

Add aws_opensearchserverless_security_policy data source

Author: johnsonaj

.changelog/32226.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_opensearchserverless_security_policy
+```

internal/service/opensearchserverless/security_policy_data_source.go

@@ -0,0 +1,92 @@
+package opensearchserverless
+
+import (
+	"context"
+	"regexp"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/opensearchserverless/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/enum"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+)
+
+// @SDKDataSource("aws_opensearchserverless_security_policy")
+func DataSourceSecurityPolicy() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceSecurityPolicyRead,
+
+		Schema: map[string]*schema.Schema{
+			"created_date": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"last_modified_date": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.All(
+					validation.StringLenBetween(3, 32),
+					validation.StringMatch(regexp.MustCompile(`^[a-z][a-z0-9-]+$`), `must start with any lower case letter and can include any lower case letter, number, or "-"`),
+				),
+			},
+			"policy": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"policy_version": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"type": {
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateDiagFunc: enum.Validate[types.SecurityPolicyType](),
+			},
+		},
+	}
+}
+
+func dataSourceSecurityPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).OpenSearchServerlessClient(ctx)
+
+	securityPolicyName := d.Get("name").(string)
+	securityPolicyType := d.Get("type").(string)
+	securityPolicy, err := FindSecurityPolicyByNameAndType(ctx, conn, securityPolicyName, securityPolicyType)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading OpenSearch Security Policy with name (%s) and type (%s): %s", securityPolicyName, securityPolicyType, err)
+	}
+
+	policyBytes, err := securityPolicy.Policy.MarshalSmithyDocument()
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading JSON policy document for OpenSearch Security Policy with name %s and type %s: %s", securityPolicyName, securityPolicyType, err)
+	}
+
+	d.SetId(aws.ToString(securityPolicy.Name))
+	d.Set("description", securityPolicy.Description)
+	d.Set("name", securityPolicy.Name)
+	d.Set("policy", string(policyBytes))
+	d.Set("policy_version", securityPolicy.PolicyVersion)
+	d.Set("type", securityPolicy.Type)
+
+	createdDate := time.UnixMilli(aws.ToInt64(securityPolicy.CreatedDate))
+	d.Set("created_date", createdDate.Format(time.RFC3339))
+
+	lastModifiedDate := time.UnixMilli(aws.ToInt64(securityPolicy.LastModifiedDate))
+	d.Set("last_modified_date", lastModifiedDate.Format(time.RFC3339))
+
+	return diags
+}

internal/service/opensearchserverless/security_policy_data_source_test.go

@@ -0,0 +1,69 @@
+package opensearchserverless_test
+
+import (
+	"fmt"
+	"testing"
+
+	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_opensearchserverless_security_policy.test"
+	dataSourceName := "data.aws_opensearchserverless_security_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.OpenSearchServerlessEndpointID)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.OpenSearchServerlessEndpointID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckSecurityPolicyDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecurityPolicyDataSourceConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "type", resourceName, "type"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "policy_version", resourceName, "policy_version"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "created_date"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "last_modified_date"),
+				),
+			},
+		},
+	})
+}
+
+func testAccSecurityPolicyDataSourceConfig_basic(rName string) string {
+	collection := fmt.Sprintf("collection/%s", rName)
+	return fmt.Sprintf(`
+resource "aws_opensearchserverless_security_policy" "test" {
+  name        = %[1]q
+  type        = "encryption"
+  description = %[1]q
+  policy = jsonencode({
+    "Rules" = [
+      {
+        "Resource" = [
+          %[2]q
+        ],
+        "ResourceType" = "collection"
+      }
+    ],
+    "AWSOwnedKey" = true
+  })
+}
+
+data "aws_opensearchserverless_security_policy" "test" {
+  name = aws_opensearchserverless_security_policy.test.name
+  type = "encryption"
+}
+`, rName, collection)
+}

internal/service/opensearchserverless/service_package_gen.go

@@ -0,0 +1,37 @@
+---
+subcategory: "OpenSearch Serverless"
+layout: "aws"
+page_title: "AWS: aws_opensearchserverless_security_policy"
+description: |-
+  Get information on an OpenSearch Serverless Security Policy.
+---
+
+# Data Source: aws_opensearchserverless_security_policy
+
+Use this data source to get information about an AWS OpenSearch Serverless Security Policy.
+
+## Example Usage
+
+```terraform
+data "aws_opensearchserverless_security_policy" "example" {
+  name = "example-security-policy"
+  type = "encryption"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Name of the policy
+* `type` - (Required) Type of security policy. One of `encryption` or `network`.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `created_date` - The date the security policy was created.
+* `description` - Description of the security policy.
+* `last_modified_date` - The date the security policy was last modified.
+* `policy` - The JSON policy document without any whitespaces.
+* `policy_version` - Version of the policy.