Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(identitycenter): add datasource permission set provision accounts #6104

Merged
merged 2 commits into from
Dec 27, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
subcategory: "IAM Identity Center"
layout: "huaweicloud"
page_title: "HuaweiCloud: huaweicloud_identitycenter_permission_set_provisioning_accounts"
description: |-
Use this data source to get the Identity Center permission set provisioning accounts.
---

# huaweicloud_identitycenter_permission_set_provisioning_accounts

Use this data source to get the Identity Center permission set provisioning accounts.

## Example Usage

```hcl
variable "instance_id" {}
variable "permission_set_id" {}

data "huaweicloud_identitycenter_permission_set_provisioning_accounts" "test" {
instance_id = var.instance_id
permission_set_id = var.permission_set_id
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String) Specifies the region in which to query the resource.
If omitted, the provider-level region will be used.

* `instance_id` - (Required, String) Specifies the ID of an IAM Identity Center instance.

* `permission_set_id` - (Required, String) Specifies the ID of a permission set.

* `provisioning_status` - (Optional, String) Specifies the provisioning status of a permission set.
The valid values are as follows:
+ **LATEST_PERMISSION_SET_PROVISIONED**
+ **LATEST_PERMISSION_SET_NOT_PROVISIONED**

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The data source ID.

* `account_ids` - The account ID list.
1 change: 1 addition & 0 deletions huaweicloud/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -870,6 +870,7 @@ func Provider() *schema.Provider {
"huaweicloud_identitycenter_access_control_attribute_configurations": identitycenter.DataSourceAccessControlAttributeConfigurations(),
"huaweicloud_identitycenter_permission_sets": identitycenter.DataSourceIdentitycenterPermissionSets(),
"huaweicloud_identitycenter_account_provisioning_permission_sets": identitycenter.DataSourceAccountProvisioningPermissionSets(),
"huaweicloud_identitycenter_permission_set_provisioning_accounts": identitycenter.DataSourcePermissionSetProvisioningAccounts(),

"huaweicloud_iec_bandwidths": iec.DataSourceBandWidths(),
"huaweicloud_iec_eips": iec.DataSourceEips(),
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package identitycenter

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
)

func TestAccDataSourcePermissionSetProvisioningAccounts_basic(t *testing.T) {
dataSource := "data.huaweicloud_identitycenter_permission_set_provisioning_accounts.test"
rName := acceptance.RandomAccResourceName()
dc := acceptance.InitDataSourceCheck(dataSource)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
acceptance.TestAccPreCheck(t)
luoping-12345 marked this conversation as resolved.
Show resolved Hide resolved
},
ProviderFactories: acceptance.TestAccProviderFactories,
Steps: []resource.TestStep{
{
Config: testDataSourcePermissionSetProvisioningAccounts_basic(rName),
Check: resource.ComposeTestCheckFunc(
dc.CheckResourceExists(),
resource.TestCheckResourceAttrSet(dataSource, "account_ids.#"),
resource.TestCheckOutput("is_provisioning_status_filter_useful", "true"),
),
},
},
})
}

func testDataSourcePermissionSetProvisioningAccounts_basic(name string) string {
return fmt.Sprintf(`
%[1]s

data "huaweicloud_identitycenter_permission_set_provisioning_accounts" "test" {
instance_id = data.huaweicloud_identitycenter_instance.test.id
permission_set_id = huaweicloud_identitycenter_permission_set.test.id
}

data "huaweicloud_identitycenter_permission_set_provisioning_accounts" "provision" {
instance_id = data.huaweicloud_identitycenter_instance.test.id
permission_set_id = huaweicloud_identitycenter_permission_set.test.id
provisioning_status = "LATEST_PERMISSION_SET_PROVISIONED"
}

data "huaweicloud_identitycenter_permission_set_provisioning_accounts" "not_provision" {
instance_id = data.huaweicloud_identitycenter_instance.test.id
permission_set_id = huaweicloud_identitycenter_permission_set.test.id
provisioning_status = "LATEST_PERMISSION_SET_NOT_PROVISIONED"
}

locals {
list_by_provision = data.huaweicloud_identitycenter_permission_set_provisioning_accounts.provision.account_ids
list_by_not_provision = data.huaweicloud_identitycenter_permission_set_provisioning_accounts.not_provision.account_ids
}

output "is_provisioning_status_filter_useful" {
value = length(local.list_by_provision) == 1 && length(local.list_by_not_provision) == 0
}
`, testProvisionPermissionSet_basic(name))
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
// Generated by PMS #495
package identitycenter

import (
"context"
"strings"

"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-uuid"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/tidwall/gjson"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/httphelper"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/schemas"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
)

func DataSourcePermissionSetProvisioningAccounts() *schema.Resource {
return &schema.Resource{
ReadContext: dataSourceIdentitycenterPermissionSetProvisioningAccountsRead,

Schema: map[string]*schema.Schema{
"region": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: `Specifies the region in which to query the resource. If omitted, the provider-level region will be used.`,
},
"instance_id": {
Type: schema.TypeString,
Required: true,
Description: `Specifies the ID of an IAM Identity Center instance.`,
},
"permission_set_id": {
Type: schema.TypeString,
Required: true,
Description: `Specifies the ID of a permission set.`,
},
"provisioning_status": {
Type: schema.TypeString,
Optional: true,
Description: `Specifies the provisioning status of a permission set.`,
},
"account_ids": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Description: `The account ID list.`,
},
},
}
}

type PermissionSetProvisioningAccountsDSWrapper struct {
*schemas.ResourceDataWrapper
Config *config.Config
}

func newPermissionSetProvisioningAccountsDSWrapper(d *schema.ResourceData, meta interface{}) *PermissionSetProvisioningAccountsDSWrapper {
return &PermissionSetProvisioningAccountsDSWrapper{
ResourceDataWrapper: schemas.NewSchemaWrapper(d),
Config: meta.(*config.Config),
}
}

func dataSourceIdentitycenterPermissionSetProvisioningAccountsRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
wrapper := newPermissionSetProvisioningAccountsDSWrapper(d, meta)
lafppsr, err := wrapper.ListAccountsForProvisionedPermissionSet()
if err != nil {
return diag.FromErr(err)
}

id, err := uuid.GenerateUUID()
if err != nil {
return diag.FromErr(err)
}
d.SetId(id)

err = wrapper.listAccountsForProvisionedPermissionSetToSchema(lafppsr)
if err != nil {
return diag.FromErr(err)
}

return nil
}

// @API IDENTITYCENTER GET /v1/instances/{instance_id}/permission-sets/{permission_set_id}/accounts
func (w *PermissionSetProvisioningAccountsDSWrapper) ListAccountsForProvisionedPermissionSet() (*gjson.Result, error) {
client, err := w.NewClient(w.Config, "identitycenter")
if err != nil {
return nil, err
}

uri := "/v1/instances/{instance_id}/permission-sets/{permission_set_id}/accounts"
uri = strings.ReplaceAll(uri, "{instance_id}", w.Get("instance_id").(string))
uri = strings.ReplaceAll(uri, "{permission_set_id}", w.Get("permission_set_id").(string))
params := map[string]any{
"provisioning_status": w.Get("provisioning_status"),
}
params = utils.RemoveNil(params)
return httphelper.New(client).
Method("GET").
URI(uri).
Query(params).
MarkerPager("account_ids", "page_info.next_marker", "marker").
Request().
Result()
}

func (w *PermissionSetProvisioningAccountsDSWrapper) listAccountsForProvisionedPermissionSetToSchema(body *gjson.Result) error {
d := w.ResourceData
mErr := multierror.Append(nil,
d.Set("region", w.Config.GetRegion(w.ResourceData)),
d.Set("account_ids", body.Get("account_ids").Value()),
)
return mErr.ErrorOrNil()
}
Loading