-
Notifications
You must be signed in to change notification settings - Fork 9.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #31682 from danielw-aws/f-organizational-policies
f organizations policies_for_target
- Loading branch information
Showing
7 changed files
with
212 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:new-data-source | ||
aws_organizations_policies_for_target | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
81 changes: 81 additions & 0 deletions
81
internal/service/organizations/policies_for_target_data_source.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
package organizations | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/service/organizations" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/hashicorp/terraform-provider-aws/internal/conns" | ||
"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" | ||
) | ||
|
||
// @SDKDataSource("aws_organizations_policies_for_target") | ||
func DataSourcePoliciesForTarget() *schema.Resource { | ||
return &schema.Resource{ | ||
ReadWithoutTimeout: dataSourcePoliciesForTargetRead, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"filter": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
}, | ||
"ids": { | ||
Type: schema.TypeList, | ||
Computed: true, | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
}, | ||
"target_id": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func dataSourcePoliciesForTargetRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
var diags diag.Diagnostics | ||
|
||
conn := meta.(*conns.AWSClient).OrganizationsConn(ctx) | ||
|
||
targetID := d.Get("target_id").(string) | ||
filter := d.Get("filter").(string) | ||
policies, err := findPoliciesForTarget(ctx, conn, targetID, filter) | ||
|
||
if err != nil { | ||
return sdkdiag.AppendErrorf(diags, "listing Organizations Policies (%s) for target (%s): %s", filter, targetID, err) | ||
} | ||
|
||
var policyIDs []string | ||
|
||
for _, v := range policies { | ||
policyIDs = append(policyIDs, aws.StringValue(v.Id)) | ||
} | ||
|
||
d.SetId(targetID) | ||
|
||
d.Set("ids", policyIDs) | ||
|
||
return diags | ||
} | ||
|
||
func findPoliciesForTarget(ctx context.Context, conn *organizations.Organizations, targetID string, filter string) ([]*organizations.PolicySummary, error) { | ||
input := &organizations.ListPoliciesForTargetInput{ | ||
Filter: aws.String(filter), | ||
TargetId: aws.String(targetID), | ||
} | ||
var output []*organizations.PolicySummary | ||
|
||
err := conn.ListPoliciesForTargetPagesWithContext(ctx, input, func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool { | ||
output = append(output, page.Policies...) | ||
|
||
return !lastPage | ||
}) | ||
|
||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return output, nil | ||
} |
81 changes: 81 additions & 0 deletions
81
internal/service/organizations/policies_for_target_data_source_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
package organizations_test | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/aws/aws-sdk-go/service/organizations" | ||
sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-testing/helper/resource" | ||
"github.com/hashicorp/terraform-provider-aws/internal/acctest" | ||
) | ||
|
||
func TestAccOrganizationsPoliciesForTargetDataSource_basic(t *testing.T) { | ||
ctx := acctest.Context(t) | ||
datasourceName := "data.aws_organizations_policies_for_target.test" | ||
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { | ||
acctest.PreCheck(ctx, t) | ||
acctest.PreCheckOrganizationsAccount(ctx, t) | ||
}, | ||
ErrorCheck: acctest.ErrorCheck(t, organizations.EndpointsID), | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccPoliciesForTargetDataSourceConfig_AttachQuery(rName), | ||
Check: resource.ComposeTestCheckFunc( | ||
acctest.CheckResourceAttrGreaterThanValue(datasourceName, "ids.#", 0), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccPoliciesForTargetDataSourceConfig_AttachQuery(rName string) string { | ||
return fmt.Sprintf(` | ||
resource "aws_organizations_organization" "test" { | ||
feature_set = "ALL" | ||
enabled_policy_types = ["SERVICE_CONTROL_POLICY", "TAG_POLICY", "BACKUP_POLICY", "AISERVICES_OPT_OUT_POLICY"] | ||
} | ||
resource "aws_organizations_organizational_unit" "test" { | ||
name = %[1]q | ||
parent_id = aws_organizations_organization.test.roots[0].id | ||
} | ||
resource "aws_organizations_policy" "test" { | ||
depends_on = [aws_organizations_organization.test] | ||
content = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": { | ||
"Effect": "Allow", | ||
"Action": "*", | ||
"Resource": "*" | ||
} | ||
} | ||
EOF | ||
name = %[1]q | ||
} | ||
resource "aws_organizations_policy_attachment" "test" { | ||
depends_on = [aws_organizations_policy.test] | ||
policy_id = aws_organizations_policy.test.id | ||
target_id = aws_organizations_organizational_unit.test.id | ||
} | ||
data "aws_organizations_policies_for_target" "test" { | ||
depends_on = [aws_organizations_policy_attachment.test] | ||
target_id = aws_organizations_organizational_unit.test.id | ||
filter = "SERVICE_CONTROL_POLICY" | ||
} | ||
data "aws_organizations_policy" "test" { | ||
policy_id = data.aws_organizations_policies_for_target.test.ids[0] | ||
} | ||
`, rName) | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
40 changes: 40 additions & 0 deletions
40
website/docs/d/organizations_policies_for_target.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
subcategory: "Organizations" | ||
layout: "aws" | ||
page_title: "AWS: aws_organizations_policies_for_target" | ||
description: |- | ||
Terraform data source for managing an AWS Organizations Policies For Target. | ||
--- | ||
|
||
# Data Source: aws_organizations_policies_for_target | ||
|
||
Terraform data source for managing an AWS Organizations Policies For Target. | ||
|
||
## Example Usage | ||
|
||
### Basic Usage | ||
|
||
```terraform | ||
data "aws_organizations_organization" "example" {} | ||
data "aws_organizations_policies_for_target" "example" { | ||
target_id = data.aws_organizations_organization.example.roots[0].id | ||
filter = "SERVICE_CONTROL_POLICY" | ||
} | ||
data "aws_organizations_policy" "example" { | ||
for_each = toset(data.aws_organizations_policies_for_target.example.ids) | ||
policy_id = each.value | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are required: | ||
|
||
* `target_id` - (Required) The root (string that begins with "r-" followed by 4-32 lowercase letters or digits), account (12 digit string), or Organizational Unit (string starting with "ou-" followed by 4-32 lowercase letters or digits. This string is followed by a second "-" dash and from 8-32 additional lowercase letters or digits.) | ||
* `filter` - (Required) Must supply one of the 4 different policy filters for a target (SERVICE_CONTROL_POLICY | TAG_POLICY | BACKUP_POLICY | AISERVICES_OPT_OUT_POLICY) | ||
|
||
## Attributes Reference | ||
|
||
* `ids` - List of all the policy ids found. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters