diff --git a/docs/data-sources/resource_identitycenter_system_policy_attachments.md b/docs/data-sources/resource_identitycenter_system_policy_attachments.md new file mode 100644 index 0000000000..4a93762954 --- /dev/null +++ b/docs/data-sources/resource_identitycenter_system_policy_attachments.md @@ -0,0 +1,51 @@ +--- +subcategory: "IAM Identity Center" +layout: "huaweicloud" +page_title: "HuaweiCloud: resource_huaweicloud_identitycenter_system_policy_attachments" +description: |- + Use this data source to get the Identity Center system policy attachments. +--- + +# resource_huaweicloud_identitycenter_system_policy_attachments + +Use this data source to get the Identity Center system policy attachments. + +## Example Usage + +```hcl +variable "instance_id" {} +variable "permission_set_id" {} + +data "resource_huaweicloud_identitycenter_system_policy_attachments" "test" { + instance_id = var.instance_id + permission_set_id = var.permission_set_id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `region` - (Optional, String) Specifies the region in which to query the resource. + If omitted, the provider-level region will be used. + +* `instance_id` - (Required, String) Specifies the ID of an IAM Identity Center instance. + +* `permission_set_id` - (Required, String) Specifies the ID of a permission set. + +## Attribute Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - The data source ID. + +* `attached_managed_roles` - The list of IAM system-defined policies. + + The [attached_managed_roles](#attached_managed_roles_struct) structure is documented below. + + +The `attached_managed_roles` block supports: + +* `role_id` - The ID of the IAM system-defined policy. + +* `role_name` - The name of the IAM system-defined policy. diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go index c357f3c57c..829a12400d 100644 --- a/huaweicloud/provider.go +++ b/huaweicloud/provider.go @@ -877,6 +877,7 @@ func Provider() *schema.Provider { "huaweicloud_identitycenter_permission_sets": identitycenter.DataSourceIdentitycenterPermissionSets(), "huaweicloud_identitycenter_account_provisioning_permission_sets": identitycenter.DataSourceAccountProvisioningPermissionSets(), "huaweicloud_identitycenter_permission_set_provisioning_accounts": identitycenter.DataSourcePermissionSetProvisioningAccounts(), + "resource_huaweicloud_identitycenter_system_policy_attachments": identitycenter.DataSourceIdentitycenterSystemPolicyAttachments(), "huaweicloud_iec_bandwidths": iec.DataSourceBandWidths(), "huaweicloud_iec_eips": iec.DataSourceEips(), diff --git a/huaweicloud/services/acceptance/identitycenter/data_source_resource_huaweicloud_identitycenter_system_policy_attachments_test.go b/huaweicloud/services/acceptance/identitycenter/data_source_resource_huaweicloud_identitycenter_system_policy_attachments_test.go new file mode 100644 index 0000000000..5d95700de5 --- /dev/null +++ b/huaweicloud/services/acceptance/identitycenter/data_source_resource_huaweicloud_identitycenter_system_policy_attachments_test.go @@ -0,0 +1,45 @@ +package identitycenter + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance" +) + +func TestAccDataSourceIdentitycenterSystemPolicyAttachments_basic(t *testing.T) { + dataSource := "data.resource_huaweicloud_identitycenter_system_policy_attachments.test" + rName := acceptance.RandomAccResourceName() + dc := acceptance.InitDataSourceCheck(dataSource) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acceptance.TestAccPreCheck(t) + }, + ProviderFactories: acceptance.TestAccProviderFactories, + Steps: []resource.TestStep{ + { + Config: testDataSourceDataSourceIdentitycenterSystemPolicyAttachments_basic(rName), + Check: resource.ComposeTestCheckFunc( + dc.CheckResourceExists(), + resource.TestCheckResourceAttrSet(rName, "attached_managed_roles.#"), + resource.TestCheckResourceAttrSet(rName, "attached_managed_roles.0.role_id"), + resource.TestCheckResourceAttrSet(rName, "attached_managed_roles.0.role_name"), + ), + }, + }, + }) +} + +func testDataSourceDataSourceIdentitycenterSystemPolicyAttachments_basic(name string) string { + return fmt.Sprintf(` +%[1]s + +data "resource_huaweicloud_identitycenter_system_policy_attachments" "test" { + instance_id = data.huaweicloud_identitycenter_instance.system.id + permission_set_id = huaweicloud_identitycenter_permission_set.test.id +} +`, testSystemPolicyAttachment_basic(name)) +} diff --git a/huaweicloud/services/identitycenter/data_source_resource_huaweicloud_identitycenter_system_policy_attachments.go b/huaweicloud/services/identitycenter/data_source_resource_huaweicloud_identitycenter_system_policy_attachments.go new file mode 100644 index 0000000000..bdb33b667d --- /dev/null +++ b/huaweicloud/services/identitycenter/data_source_resource_huaweicloud_identitycenter_system_policy_attachments.go @@ -0,0 +1,128 @@ +// Generated by PMS #509 +package identitycenter + +import ( + "context" + "strings" + + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/tidwall/gjson" + + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/httphelper" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/schemas" +) + +func DataSourceIdentitycenterSystemPolicyAttachments() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIdentitycenterSystemPolicyAttachmentsRead, + + Schema: map[string]*schema.Schema{ + "region": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `Specifies the region in which to query the resource. If omitted, the provider-level region will be used.`, + }, + "instance_id": { + Type: schema.TypeString, + Required: true, + Description: `Specifies the ID of an IAM Identity Center instance.`, + }, + "permission_set_id": { + Type: schema.TypeString, + Required: true, + Description: `Specifies the ID of a permission set.`, + }, + "attached_managed_roles": { + Type: schema.TypeList, + Computed: true, + Description: `The list of IAM system-defined policies.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "role_id": { + Type: schema.TypeString, + Computed: true, + Description: `The ID of the IAM system-defined policy.`, + }, + "role_name": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the IAM system-defined policy.`, + }, + }, + }, + }, + }, + } +} + +type SystemPolicyAttachmentsDSWrapper struct { + *schemas.ResourceDataWrapper + Config *config.Config +} + +func newSystemPolicyAttachmentsDSWrapper(d *schema.ResourceData, meta interface{}) *SystemPolicyAttachmentsDSWrapper { + return &SystemPolicyAttachmentsDSWrapper{ + ResourceDataWrapper: schemas.NewSchemaWrapper(d), + Config: meta.(*config.Config), + } +} + +func dataSourceIdentitycenterSystemPolicyAttachmentsRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + wrapper := newSystemPolicyAttachmentsDSWrapper(d, meta) + lisManRolInPerSetRst, err := wrapper.ListManagedRolesInPermissionSet() + if err != nil { + return diag.FromErr(err) + } + + id, err := uuid.GenerateUUID() + if err != nil { + return diag.FromErr(err) + } + d.SetId(id) + + err = wrapper.listManagedRolesInPermissionSetToSchema(lisManRolInPerSetRst) + if err != nil { + return diag.FromErr(err) + } + + return nil +} + +// @API IDENTITYCENTER GET /v1/instances/{instance_id}/permission-sets/{permission_set_id}/managed-roles +func (w *SystemPolicyAttachmentsDSWrapper) ListManagedRolesInPermissionSet() (*gjson.Result, error) { + client, err := w.NewClient(w.Config, "identitycenter") + if err != nil { + return nil, err + } + + uri := "/v1/instances/{instance_id}/permission-sets/{permission_set_id}/managed-roles" + uri = strings.ReplaceAll(uri, "{instance_id}", w.Get("instance_id").(string)) + uri = strings.ReplaceAll(uri, "{permission_set_id}", w.Get("permission_set_id").(string)) + return httphelper.New(client). + Method("GET"). + URI(uri). + MarkerPager("attached_managed_roles", "page_info.next_marker", "marker"). + Request(). + Result() +} + +func (w *SystemPolicyAttachmentsDSWrapper) listManagedRolesInPermissionSetToSchema(body *gjson.Result) error { + d := w.ResourceData + mErr := multierror.Append(nil, + d.Set("region", w.Config.GetRegion(w.ResourceData)), + d.Set("attached_managed_roles", schemas.SliceToList(body.Get("attached_managed_roles"), + func(attManRoles gjson.Result) any { + return map[string]any{ + "role_id": attManRoles.Get("role_id").Value(), + "role_name": attManRoles.Get("role_name").Value(), + } + }, + )), + ) + return mErr.ErrorOrNil() +}