Merge pull request #13250 from gmazelier/lakeformation_datalake_settings

Lake Formation Data Lake Settings
hashicorp · Dec 16, 2020 · 0c75bba · 0c75bba
2 parents ef51d91 + 5c97264
commit 0c75bba
Show file tree

Hide file tree

Showing 10 changed files with 750 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,8 +2,10 @@
 
 FEATURES
 
+* **New Data Source:** `aws_lakeformation_data_lake_settings` [GH-13250]
 * **New Resource:** `aws_codestarconnections_connection` [GH-15990]
-* **New Resource:** `aws_lakeformation_resource` ([#13267](https://github.com/hashicorp/terraform-provider-aws/issues/13267))
+* **New Resource:** `aws_lakeformation_data_lake_settings` [GH-13250]
+* **New Resource:** `aws_lakeformation_resource` [GH-13267]
 
 ENHANCEMENTS
 

diff --git a/aws/data_source_aws_lakeformation_data_lake_settings.go b/aws/data_source_aws_lakeformation_data_lake_settings.go
@@ -0,0 +1,105 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/lakeformation"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/hashcode"
+)
+
+func dataSourceAwsLakeFormationDataLakeSettings() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsLakeFormationDataLakeSettingsRead,
+
+		Schema: map[string]*schema.Schema{
+			"catalog_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"create_database_default_permissions": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"permissions": {
+							Type:     schema.TypeSet,
+							Computed: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"principal": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"create_table_default_permissions": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"permissions": {
+							Type:     schema.TypeSet,
+							Computed: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+						},
+						"principal": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"data_lake_admins": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"trusted_resource_owners": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+		},
+	}
+}
+
+func dataSourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).lakeformationconn
+
+	input := &lakeformation.GetDataLakeSettingsInput{}
+
+	if v, ok := d.GetOk("catalog_id"); ok {
+		input.CatalogId = aws.String(v.(string))
+	}
+	d.SetId(fmt.Sprintf("%d", hashcode.String(input.String())))
+
+	output, err := conn.GetDataLakeSettings(input)
+
+	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) {
+		log.Printf("[WARN] Lake Formation data lake settings (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	if err != nil {
+		return fmt.Errorf("error reading Lake Formation data lake settings (%s): %w", d.Id(), err)
+	}
+
+	if output == nil || output.DataLakeSettings == nil {
+		return fmt.Errorf("error reading Lake Formation data lake settings (%s): empty response", d.Id())
+	}
+
+	settings := output.DataLakeSettings
+
+	d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions))
+	d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions))
+	d.Set("data_lake_admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins))
+	d.Set("trusted_resource_owners", flattenStringList(settings.TrustedResourceOwners))
+
+	return nil
+}
diff --git a/aws/data_source_aws_lakeformation_data_lake_settings_test.go b/aws/data_source_aws_lakeformation_data_lake_settings_test.go
@@ -0,0 +1,56 @@
+package aws
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/lakeformation"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAWSLakeFormationDataLakeSettingsDataSource_serial(t *testing.T) {
+	testCases := map[string]func(t *testing.T){
+		"basic": testAccAWSLakeFormationDataLakeSettingsDataSource_basic,
+		// if more tests are added, they should be serial (data catalog is account-shared resource)
+	}
+
+	for name, tc := range testCases {
+		tc := tc
+		t.Run(name, func(t *testing.T) {
+			tc(t)
+		})
+	}
+}
+
+func testAccAWSLakeFormationDataLakeSettingsDataSource_basic(t *testing.T) {
+	callerIdentityName := "data.aws_caller_identity.current"
+	resourceName := "data.aws_lakeformation_data_lake_settings.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(lakeformation.EndpointsID, t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSLakeFormationDataLakeSettingsDataSourceConfig_basic,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(resourceName, "catalog_id", callerIdentityName, "account_id"),
+					resource.TestCheckResourceAttr(resourceName, "data_lake_admins.#", "1"),
+					resource.TestCheckResourceAttrPair(resourceName, "data_lake_admins.0", callerIdentityName, "arn"),
+				),
+			},
+		},
+	})
+}
+
+const testAccAWSLakeFormationDataLakeSettingsDataSourceConfig_basic = `
+data "aws_caller_identity" "current" {}
+
+resource "aws_lakeformation_data_lake_settings" "test" {
+  catalog_id       = data.aws_caller_identity.current.account_id
+  data_lake_admins = [data.aws_caller_identity.current.arn]
+}
+
+data "aws_lakeformation_data_lake_settings" "test" {
+  catalog_id = aws_lakeformation_data_lake_settings.test.catalog_id
+}
+`
diff --git a/aws/provider.go b/aws/provider.go
@@ -271,27 +271,28 @@ func Provider() *schema.Provider {
 			"aws_imagebuilder_image_pipeline":                dataSourceAwsImageBuilderImagePipeline(),
 			"aws_imagebuilder_image_recipe":                  dataSourceAwsImageBuilderImageRecipe(),
 			"aws_imagebuilder_infrastructure_configuration":  datasourceAwsImageBuilderInfrastructureConfiguration(),
-			"aws_internet_gateway":                           dataSourceAwsInternetGateway(),
-			"aws_iot_endpoint":                               dataSourceAwsIotEndpoint(),
 			"aws_inspector_rules_packages":                   dataSourceAwsInspectorRulesPackages(),
 			"aws_instance":                                   dataSourceAwsInstance(),
 			"aws_instances":                                  dataSourceAwsInstances(),
+			"aws_internet_gateway":                           dataSourceAwsInternetGateway(),
+			"aws_iot_endpoint":                               dataSourceAwsIotEndpoint(),
 			"aws_ip_ranges":                                  dataSourceAwsIPRanges(),
 			"aws_kinesis_stream":                             dataSourceAwsKinesisStream(),
 			"aws_kms_alias":                                  dataSourceAwsKmsAlias(),
 			"aws_kms_ciphertext":                             dataSourceAwsKmsCiphertext(),
 			"aws_kms_key":                                    dataSourceAwsKmsKey(),
 			"aws_kms_secret":                                 dataSourceAwsKmsSecret(),
 			"aws_kms_secrets":                                dataSourceAwsKmsSecrets(),
+			"aws_lakeformation_data_lake_settings":           dataSourceAwsLakeFormationDataLakeSettings(),
 			"aws_lambda_alias":                               dataSourceAwsLambdaAlias(),
 			"aws_lambda_code_signing_config":                 dataSourceAwsLambdaCodeSigningConfig(),
 			"aws_lambda_function":                            dataSourceAwsLambdaFunction(),
 			"aws_lambda_invocation":                          dataSourceAwsLambdaInvocation(),
 			"aws_lambda_layer_version":                       dataSourceAwsLambdaLayerVersion(),
 			"aws_launch_configuration":                       dataSourceAwsLaunchConfiguration(),
 			"aws_launch_template":                            dataSourceAwsLaunchTemplate(),
-			"aws_lex_bot":                                    dataSourceAwsLexBot(),
 			"aws_lex_bot_alias":                              dataSourceAwsLexBotAlias(),
+			"aws_lex_bot":                                    dataSourceAwsLexBot(),
 			"aws_lex_intent":                                 dataSourceAwsLexIntent(),
 			"aws_lex_slot_type":                              dataSourceAwsLexSlotType(),
 			"aws_mq_broker":                                  dataSourceAwsMqBroker(),
@@ -743,6 +744,7 @@ func Provider() *schema.Provider {
 			"aws_kms_grant":                                           resourceAwsKmsGrant(),
 			"aws_kms_key":                                             resourceAwsKmsKey(),
 			"aws_kms_ciphertext":                                      resourceAwsKmsCiphertext(),
+			"aws_lakeformation_data_lake_settings":                    resourceAwsLakeFormationDataLakeSettings(),
 			"aws_lakeformation_resource":                              resourceAwsLakeFormationResource(),
 			"aws_lambda_alias":                                        resourceAwsLambdaAlias(),
 			"aws_lambda_code_signing_config":                          resourceAwsLambdaCodeSigningConfig(),