Merge pull request #31682 from danielw-aws/f-organizational-policies

f organizations policies_for_target

.changelog/31682.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_organizations_policies_for_target
+```

internal/service/organizations/policies_data_source.go

@@ -35,7 +35,7 @@ func dataSourcePoliciesRead(ctx context.Context, d *schema.ResourceData, meta in
 	conn := meta.(*conns.AWSClient).OrganizationsConn(ctx)
 
 	filter := d.Get("filter").(string)
-	policies, err := listPolicies(ctx, conn, filter)
+	policies, err := findPolicies(ctx, conn, filter)
 
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "listing Organizations Policies (%s): %s", filter, err)
@@ -53,7 +53,7 @@ func dataSourcePoliciesRead(ctx context.Context, d *schema.ResourceData, meta in
 	return diags
 }
 
-func listPolicies(ctx context.Context, conn *organizations.Organizations, filter string) ([]*organizations.PolicySummary, error) {
+func findPolicies(ctx context.Context, conn *organizations.Organizations, filter string) ([]*organizations.PolicySummary, error) {
 	input := &organizations.ListPoliciesInput{
 		Filter: aws.String(filter),
 	}

internal/service/organizations/policies_for_target_data_source.go

@@ -0,0 +1,81 @@
+package organizations
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/organizations"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+)
+
+// @SDKDataSource("aws_organizations_policies_for_target")
+func DataSourcePoliciesForTarget() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourcePoliciesForTargetRead,
+
+		Schema: map[string]*schema.Schema{
+			"filter": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"ids": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"target_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourcePoliciesForTargetRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	conn := meta.(*conns.AWSClient).OrganizationsConn(ctx)
+
+	targetID := d.Get("target_id").(string)
+	filter := d.Get("filter").(string)
+	policies, err := findPoliciesForTarget(ctx, conn, targetID, filter)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "listing Organizations Policies (%s) for target (%s): %s", filter, targetID, err)
+	}
+
+	var policyIDs []string
+
+	for _, v := range policies {
+		policyIDs = append(policyIDs, aws.StringValue(v.Id))
+	}
+
+	d.SetId(targetID)
+
+	d.Set("ids", policyIDs)
+
+	return diags
+}
+
+func findPoliciesForTarget(ctx context.Context, conn *organizations.Organizations, targetID string, filter string) ([]*organizations.PolicySummary, error) {
+	input := &organizations.ListPoliciesForTargetInput{
+		Filter:   aws.String(filter),
+		TargetId: aws.String(targetID),
+	}
+	var output []*organizations.PolicySummary
+
+	err := conn.ListPoliciesForTargetPagesWithContext(ctx, input, func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool {
+		output = append(output, page.Policies...)
+
+		return !lastPage
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return output, nil
+}

internal/service/organizations/policies_for_target_data_source_test.go

@@ -0,0 +1,81 @@
+package organizations_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/organizations"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccOrganizationsPoliciesForTargetDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	datasourceName := "data.aws_organizations_policies_for_target.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckOrganizationsAccount(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, organizations.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPoliciesForTargetDataSourceConfig_AttachQuery(rName),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckResourceAttrGreaterThanValue(datasourceName, "ids.#", 0),
+				),
+			},
+		},
+	})
+}
+
+func testAccPoliciesForTargetDataSourceConfig_AttachQuery(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_organizations_organization" "test" {
+  feature_set          = "ALL"
+  enabled_policy_types = ["SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"]
+}
+
+resource "aws_organizations_organizational_unit" "test" {
+  name      = %[1]q
+  parent_id = aws_organizations_organization.test.roots[0].id
+}
+
+resource "aws_organizations_policy" "test" {
+  depends_on = [aws_organizations_organization.test]
+
+  content = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": {
+    "Effect": "Allow",
+    "Action": "*",
+    "Resource": "*"
+  }
+}
+EOF
+
+  name = %[1]q
+}
+
+resource "aws_organizations_policy_attachment" "test" {
+  depends_on = [aws_organizations_policy.test]
+  policy_id  = aws_organizations_policy.test.id
+  target_id  = aws_organizations_organizational_unit.test.id
+}
+
+data "aws_organizations_policies_for_target" "test" {
+  depends_on = [aws_organizations_policy_attachment.test]
+  target_id  = aws_organizations_organizational_unit.test.id
+  filter     = "SERVICE_CONTROL_POLICY"
+}
+
+data "aws_organizations_policy" "test" {
+  policy_id = data.aws_organizations_policies_for_target.test.ids[0]
+}
+`, rName)
+}

website/docs/d/organizations_policies_for_target.html.markdown

@@ -0,0 +1,40 @@
+---
+subcategory: "Organizations"
+layout: "aws"
+page_title: "AWS: aws_organizations_policies_for_target"
+description: |-
+  Terraform data source for managing an AWS Organizations Policies For Target.
+---
+
+# Data Source: aws_organizations_policies_for_target
+
+Terraform data source for managing an AWS Organizations Policies For Target.
+
+## Example Usage
+
+### Basic Usage
+
+```terraform
+data "aws_organizations_organization" "example" {}
+
+data "aws_organizations_policies_for_target" "example" {
+  target_id = data.aws_organizations_organization.example.roots[0].id
+  filter    = "SERVICE_CONTROL_POLICY"
+}
+
+data "aws_organizations_policy" "example" {
+  for_each  = toset(data.aws_organizations_policies_for_target.example.ids)
+  policy_id = each.value
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `target_id` - (Required) The root (string that begins with "r-" followed by 4-32 lowercase letters or digits), account (12 digit string), or Organizational Unit (string starting with "ou-" followed by 4-32 lowercase letters or digits. This string is followed by a second "-" dash and from 8-32 additional lowercase letters or digits.)
+* `filter` - (Required) Must supply one of the 4 different policy filters for a target (SERVICE_CONTROL_POLICY | TAG_POLICY | BACKUP_POLICY | AISERVICES_OPT_OUT_POLICY)
+
+## Attributes Reference
+
+* `ids` - List of all the policy ids found.

website/docs/d/organizations_policy.html.markdown

@@ -17,7 +17,7 @@ Terraform data source for managing an AWS Organizations Policy.
 ```terraform
 data "aws_organizations_organization" "current" {}
 
-data "aws_organizations_oorganizational_policies" "current" {
+data "aws_organizations_policies_for_target" "current" {
   target_id = data.aws_organizations_organization.current.roots[0].id
   filter    = "SERVICE_CONTROL_POLICY"
 }