Merge pull request #27762 from roberth-k/fd-aws_identitystore_group-all-attributes

d/aws_identitystore_group: expose all group attributes

Author: ewbankkit

.changelog/27762.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+data-source/aws_identitystore_group: Add `alternate_identifier` argument and `description` attribute
+```
+
+```release-note:note
+data-source/aws_identitystore_group: The `filter` argument has been deprecated. Use the `alternate_identifier` argument instead
+ ```

internal/service/identitystore/group_data_source.go

@@ -2,6 +2,7 @@ package identitystore
 
 import (
 	"context"
+	"errors"
 	"regexp"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -12,6 +13,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
@@ -20,14 +22,83 @@ func DataSourceGroup() *schema.Resource {
 		ReadContext: dataSourceGroupRead,
 
 		Schema: map[string]*schema.Schema{
+			"alternate_identifier": {
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				ConflictsWith: []string{"filter", "group_id"},
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"external_id": {
+							Type:         schema.TypeList,
+							Optional:     true,
+							MaxItems:     1,
+							ExactlyOneOf: []string{"alternate_identifier.0.external_id", "alternate_identifier.0.unique_attribute"},
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"id": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"issuer": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+								},
+							},
+						},
+						"unique_attribute": {
+							Type:         schema.TypeList,
+							Optional:     true,
+							MaxItems:     1,
+							ExactlyOneOf: []string{"alternate_identifier.0.external_id", "alternate_identifier.0.unique_attribute"},
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"attribute_path": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+									"attribute_value": {
+										Type:     schema.TypeString,
+										Required: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"display_name": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
+			"external_ids": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"issuer": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 			"filter": {
-				Type:     schema.TypeSet,
-				Required: true,
+				Deprecated:    "Use the alternate_identifier attribute instead.",
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				AtLeastOneOf:  []string{"alternate_identifier", "filter", "group_id"},
+				ConflictsWith: []string{"alternate_identifier"},
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"attribute_path": {
@@ -41,17 +112,17 @@ func DataSourceGroup() *schema.Resource {
 					},
 				},
 			},
-
 			"group_id": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				AtLeastOneOf:  []string{"alternate_identifier", "filter", "group_id"},
+				ConflictsWith: []string{"alternate_identifier"},
 				ValidateFunc: validation.All(
 					validation.StringLenBetween(1, 47),
 					validation.StringMatch(regexp.MustCompile(`^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`), "must match ([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}"),
 				),
 			},
-
 			"identity_store_id": {
 				Type:     schema.TypeString,
 				Required: true,
@@ -73,76 +144,67 @@ func dataSourceGroupRead(ctx context.Context, d *schema.ResourceData, meta inter
 
 	identityStoreId := d.Get("identity_store_id").(string)
 
-	// Filters has been marked as deprecated in favour of GetGroupId, which
-	// allows only a single filter. Keep using it to maintain backwards
-	// compatibility of the data source.
+	var getGroupIdInput *identitystore.GetGroupIdInput
 
-	input := &identitystore.ListGroupsInput{
-		IdentityStoreId: aws.String(identityStoreId),
-		Filters:         expandFilters(d.Get("filter").(*schema.Set).List()),
+	if v, ok := d.GetOk("alternate_identifier"); ok && len(v.([]interface{})) > 0 {
+		getGroupIdInput = &identitystore.GetGroupIdInput{
+			AlternateIdentifier: expandAlternateIdentifier(v.([]interface{})[0].(map[string]interface{})),
+			IdentityStoreId:     aws.String(identityStoreId),
+		}
+	} else if v, ok := d.GetOk("filter"); ok && len(v.([]interface{})) > 0 {
+		getGroupIdInput = &identitystore.GetGroupIdInput{
+			AlternateIdentifier: &types.AlternateIdentifierMemberUniqueAttribute{
+				Value: *expandUniqueAttribute(v.([]interface{})[0].(map[string]interface{})),
+			},
+			IdentityStoreId: aws.String(identityStoreId),
+		}
 	}
 
-	var results []types.Group
-
-	paginator := identitystore.NewListGroupsPaginator(conn, input)
+	var groupId string
 
-	for paginator.HasMorePages() {
-		page, err := paginator.NextPage(ctx)
+	if getGroupIdInput != nil {
+		output, err := conn.GetGroupId(ctx, getGroupIdInput)
 
 		if err != nil {
-			return create.DiagError(names.IdentityStore, create.ErrActionReading, DSNameGroup, identityStoreId, err)
-		}
-
-		for _, group := range page.Groups {
-			if v, ok := d.GetOk("group_id"); ok && v.(string) != aws.ToString(group.GroupId) {
-				continue
+			var e *types.ResourceNotFoundException
+			if errors.As(err, &e) {
+				return diag.Errorf("no Identity Store Group found matching criteria; try different search")
+			} else {
+				return create.DiagError(names.IdentityStore, create.ErrActionReading, DSNameGroup, identityStoreId, err)
 			}
-
-			results = append(results, group)
 		}
-	}
-
-	if len(results) == 0 {
-		return diag.Errorf("no Identity Store Group found matching criteria\n%v; try different search", input.Filters)
-	}
 
-	if len(results) > 1 {
-		return diag.Errorf("multiple Identity Store Groups found matching criteria\n%v; try different search", input.Filters)
+		groupId = aws.ToString(output.GroupId)
 	}
 
-	group := results[0]
-
-	d.SetId(aws.ToString(group.GroupId))
-	d.Set("display_name", group.DisplayName)
-	d.Set("group_id", group.GroupId)
-
-	return nil
-}
+	if v, ok := d.GetOk("group_id"); ok && v.(string) != "" {
+		if groupId != "" && groupId != v.(string) {
+			// We were given a filter, and it found a group different to this one.
+			return diag.Errorf("no Identity Store Group found matching criteria; try different search")
+		}
 
-func expandFilters(l []interface{}) []types.Filter {
-	if len(l) == 0 || l[0] == nil {
-		return nil
+		groupId = v.(string)
 	}
 
-	filters := make([]types.Filter, 0, len(l))
-	for _, v := range l {
-		tfMap, ok := v.(map[string]interface{})
-		if !ok {
-			continue
+	group, err := findGroupByID(ctx, conn, identityStoreId, groupId)
+
+	if err != nil {
+		if tfresource.NotFound(err) {
+			return diag.Errorf("no Identity Store Group found matching criteria; try different search")
 		}
 
-		filter := types.Filter{}
+		return create.DiagError(names.IdentityStore, create.ErrActionReading, DSNameGroup, identityStoreId, err)
+	}
 
-		if v, ok := tfMap["attribute_path"].(string); ok && v != "" {
-			filter.AttributePath = aws.String(v)
-		}
+	d.SetId(aws.ToString(group.GroupId))
 
-		if v, ok := tfMap["attribute_value"].(string); ok && v != "" {
-			filter.AttributeValue = aws.String(v)
-		}
+	d.Set("description", group.Description)
+	d.Set("display_name", group.DisplayName)
+	d.Set("group_id", group.GroupId)
 
-		filters = append(filters, filter)
+	if err := d.Set("external_ids", flattenExternalIds(group.ExternalIds)); err != nil {
+		return create.DiagError(names.IdentityStore, create.ErrActionSetting, DSNameGroup, d.Id(), err)
 	}
 
-	return filters
+	return nil
 }