hashicorp · YakDriver · May 14, 2021 · May 7, 2021 · May 7, 2021 · May 7, 2021
@@ -0,0 +1,7 @@
+```release-note:new-resource
+aws_servicecatalog_organizations_access
+```
+
+```release-note:new-resource
+aws_servicecatalog_portfolio_share
+```
@@ -50,3 +50,18 @@ func TestSkipIfEmpty(t testing.T, name string, usageMessage string) string {
 
 	return value
 }
+
+// TestSkipIfAllEmpty verifies that at least one environment variable is non-empty or skips the test.
+//
+// If at lease one environment variable is non-empty, returns the first name and value.
+func TestSkipIfAllEmpty(t testing.T, names []string, usageMessage string) (string, string) {
+	t.Helper()
+
+	name, value, err := RequireOneOf(names, usageMessage)
+	if err != nil {
+		t.Skipf("skipping test because %s.", err)
+		return "", ""
+	}
+
+	return name, value
+}
@@ -0,0 +1,25 @@
+package finder
+
+import (
+	"github.com/aws/aws-sdk-go/service/organizations"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func Organization(conn *organizations.Organizations) (*organizations.Organization, error) {
+	input := &organizations.DescribeOrganizationInput{}
+
+	output, err := conn.DescribeOrganization(input)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil || output.Organization == nil {
+		return nil, &resource.NotFoundError{
+			Message:     "Empty result",
+			LastRequest: input,
+		}
+	}
+
+	return output.Organization, nil
+}
@@ -0,0 +1,37 @@
+package finder
+
+import (
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/servicecatalog"
+)
+
+func PortfolioShare(conn *servicecatalog.ServiceCatalog, portfolioID, shareType, principalID string) (*servicecatalog.PortfolioShareDetail, error) {
+	input := &servicecatalog.DescribePortfolioSharesInput{
+		PortfolioId: aws.String(portfolioID),
+		Type:        aws.String(shareType),
+	}
+	var result *servicecatalog.PortfolioShareDetail
+
+	err := conn.DescribePortfolioSharesPages(input, func(page *servicecatalog.DescribePortfolioSharesOutput, lastPage bool) bool {
+		if page == nil {
+			return !lastPage
+		}
+
+		for _, deet := range page.PortfolioShareDetails {
+			if deet == nil {
+				continue
+			}
+
+			if strings.Contains(principalID, aws.StringValue(deet.PrincipalId)) {
+				result = deet
+				return false
+			}
+		}
+
+		return !lastPage
+	})
+
+	return result, err
+}
@@ -0,0 +1,20 @@
+package servicecatalog
+
+import (
+	"fmt"
+	"strings"
+)
+
+func PortfolioShareParseResourceID(id string) (string, string, string, error) {
+	parts := strings.SplitN(id, ":", 3)
+
+	if len(parts) != 3 || parts[0] == "" || parts[1] == "" || parts[2] == "" {
+		return "", "", "", fmt.Errorf("unexpected format of ID (%s), expected portfolioID:type:principalID", id)
+	}
+
+	return parts[0], parts[1], parts[2], nil
+}
+
+func PortfolioShareCreateResourceID(portfolioID, shareType, principalID string) string {
+	return strings.Join([]string{portfolioID, shareType, principalID}, ":")
+}
@@ -7,6 +7,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/servicecatalog"
 	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/servicecatalog/finder"
 )
 
 func ProductStatus(conn *servicecatalog.ServiceCatalog, acceptLanguage, productID string) resource.StateRefreshFunc {
@@ -68,3 +69,74 @@ func TagOptionStatus(conn *servicecatalog.ServiceCatalog, id string) resource.St
 		return output.TagOptionDetail, servicecatalog.StatusAvailable, err
 	}
 }
+
+func PortfolioShareStatusWithToken(conn *servicecatalog.ServiceCatalog, token string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		input := &servicecatalog.DescribePortfolioShareStatusInput{
+			PortfolioShareToken: aws.String(token),
+		}
+		output, err := conn.DescribePortfolioShareStatus(input)
+
+		if tfawserr.ErrCodeEquals(err, servicecatalog.ErrCodeResourceNotFoundException) {
+			return nil, StatusNotFound, err
+		}
+
+		if err != nil {
+			return nil, servicecatalog.ShareStatusError, fmt.Errorf("error describing portfolio share status: %w", err)
+		}
+
+		if output == nil {
+			return nil, StatusUnavailable, fmt.Errorf("error describing portfolio share status: empty response")
+		}
+
+		return output, aws.StringValue(output.Status), err
+	}
+}
+
+func PortfolioShareStatus(conn *servicecatalog.ServiceCatalog, portfolioID, shareType, principalID string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		output, err := finder.PortfolioShare(conn, portfolioID, shareType, principalID)
+
+		if tfawserr.ErrCodeEquals(err, servicecatalog.ErrCodeResourceNotFoundException) {
+			return nil, StatusNotFound, err
+		}
+
+		if err != nil {
+			return nil, servicecatalog.ShareStatusError, fmt.Errorf("error finding portfolio share: %w", err)
+		}
+
+		if output == nil {
+			return nil, StatusNotFound, &resource.NotFoundError{
+				Message: fmt.Sprintf("error finding portfolio share (%s:%s:%s): empty response", portfolioID, shareType, principalID),
+			}
+		}
+
+		if !aws.BoolValue(output.Accepted) {
+			return output, servicecatalog.ShareStatusInProgress, err
+		}
+
+		return output, servicecatalog.ShareStatusCompleted, err
+	}
+}
+
+func OrganizationsAccessStatus(conn *servicecatalog.ServiceCatalog) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		input := &servicecatalog.GetAWSOrganizationsAccessStatusInput{}
+
+		output, err := conn.GetAWSOrganizationsAccessStatus(input)
+
+		if tfawserr.ErrCodeEquals(err, servicecatalog.ErrCodeResourceNotFoundException) {
+			return nil, StatusNotFound, err
+		}
+
+		if err != nil {
+			return nil, OrganizationAccessStatusError, fmt.Errorf("error getting Organizations Access: %w", err)
+		}
+
+		if output == nil {
+			return nil, StatusUnavailable, fmt.Errorf("error getting Organizations Access: empty response")
+		}
+
+		return output, aws.StringValue(output.AccessStatus), err
+	}
+}
@@ -3,9 +3,11 @@ package waiter
 import (
 	"time"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/servicecatalog"
 	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource"
 )
 
 const (
@@ -15,11 +17,17 @@ const (
 	TagOptionReadyTimeout  = 3 * time.Minute
 	TagOptionDeleteTimeout = 3 * time.Minute
 
+	PortfolioShareCreateTimeout = 3 * time.Minute
+
+	OrganizationsAccessStableTimeout = 3 * time.Minute
+
 	StatusNotFound    = "NOT_FOUND"
 	StatusUnavailable = "UNAVAILABLE"
 
 	// AWS documentation is wrong, says that status will be "AVAILABLE" but it is actually "CREATED"
 	ProductStatusCreated = "CREATED"
+
+	OrganizationAccessStatusError = "ERROR"
 )
 
 func ProductReady(conn *servicecatalog.ServiceCatalog, acceptLanguage, productID string) (*servicecatalog.DescribeProductAsAdminOutput, error) {
@@ -44,7 +52,7 @@ func ProductDeleted(conn *servicecatalog.ServiceCatalog, acceptLanguage, product
 		Pending: []string{servicecatalog.StatusCreating, servicecatalog.StatusAvailable, ProductStatusCreated, StatusUnavailable},
 		Target:  []string{StatusNotFound},
 		Refresh: ProductStatus(conn, acceptLanguage, productID),
-		Timeout: ProductReadyTimeout,
+		Timeout: ProductDeleteTimeout,
 	}
 
 	_, err := stateConf.WaitForState()
@@ -89,3 +97,104 @@ func TagOptionDeleted(conn *servicecatalog.ServiceCatalog, id string) error {
 
 	return err
 }
+
+func PortfolioShareReady(conn *servicecatalog.ServiceCatalog, portfolioID, shareType, principalID string, acceptRequired bool) (*servicecatalog.PortfolioShareDetail, error) {
+	targets := []string{servicecatalog.ShareStatusCompleted}
+
+	if !acceptRequired {
+		targets = append(targets, servicecatalog.ShareStatusInProgress)
+	}
+
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{servicecatalog.ShareStatusNotStarted, servicecatalog.ShareStatusInProgress, StatusNotFound, StatusUnavailable},
+		Target:  targets,
+		Refresh: PortfolioShareStatus(conn, portfolioID, shareType, principalID),
+		Timeout: PortfolioShareCreateTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*servicecatalog.PortfolioShareDetail); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func PortfolioShareCreatedWithToken(conn *servicecatalog.ServiceCatalog, token string, acceptRequired bool) (*servicecatalog.DescribePortfolioShareStatusOutput, error) {
+	targets := []string{servicecatalog.ShareStatusCompleted}
+
+	if !acceptRequired {
+		targets = append(targets, servicecatalog.ShareStatusInProgress)
+	}
+
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{servicecatalog.ShareStatusNotStarted, servicecatalog.ShareStatusInProgress, StatusNotFound, StatusUnavailable},
+		Target:  targets,
+		Refresh: PortfolioShareStatusWithToken(conn, token),
+		Timeout: PortfolioShareCreateTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*servicecatalog.DescribePortfolioShareStatusOutput); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func PortfolioShareDeleted(conn *servicecatalog.ServiceCatalog, portfolioID, shareType, principalID string) (*servicecatalog.PortfolioShareDetail, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{servicecatalog.ShareStatusNotStarted, servicecatalog.ShareStatusInProgress, servicecatalog.ShareStatusCompleted, StatusUnavailable},
+		Target:  []string{StatusNotFound},
+		Refresh: PortfolioShareStatus(conn, portfolioID, shareType, principalID),
+		Timeout: PortfolioShareCreateTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if tfresource.NotFound(err) {
+		return nil, nil
+	}
+
+	if output, ok := outputRaw.(*servicecatalog.PortfolioShareDetail); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func PortfolioShareDeletedWithToken(conn *servicecatalog.ServiceCatalog, token string) (*servicecatalog.DescribePortfolioShareStatusOutput, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{servicecatalog.ShareStatusNotStarted, servicecatalog.ShareStatusInProgress, StatusNotFound, StatusUnavailable},
+		Target:  []string{servicecatalog.ShareStatusCompleted},
+		Refresh: PortfolioShareStatusWithToken(conn, token),
+		Timeout: PortfolioShareCreateTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*servicecatalog.DescribePortfolioShareStatusOutput); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func OrganizationsAccessStable(conn *servicecatalog.ServiceCatalog) (string, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{servicecatalog.AccessStatusUnderChange, StatusNotFound, StatusUnavailable},
+		Target:  []string{servicecatalog.AccessStatusEnabled, servicecatalog.AccessStatusDisabled},
+		Refresh: OrganizationsAccessStatus(conn),
+		Timeout: OrganizationsAccessStableTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*servicecatalog.GetAWSOrganizationsAccessStatusOutput); ok {
+		return aws.StringValue(output.AccessStatus), err
+	}
+
+	return "", err
+}
@@ -0,0 +1,25 @@
+package finder
+
+import (
+	"github.com/aws/aws-sdk-go/service/sts"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func CallerIdentity(conn *sts.STS) (*sts.GetCallerIdentityOutput, error) {
+	input := &sts.GetCallerIdentityInput{}
+
+	output, err := conn.GetCallerIdentity(input)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil {
+		return nil, &resource.NotFoundError{
+			Message:     "Empty result",
+			LastRequest: input,
+		}
+	}
+
+	return output, nil
+}
@@ -1005,7 +1005,9 @@ func Provider() *schema.Provider {
 			"aws_securityhub_organization_admin_account":              resourceAwsSecurityHubOrganizationAdminAccount(),
 			"aws_securityhub_product_subscription":                    resourceAwsSecurityHubProductSubscription(),
 			"aws_securityhub_standards_subscription":                  resourceAwsSecurityHubStandardsSubscription(),
+			"aws_servicecatalog_organizations_access":                 resourceAwsServiceCatalogOrganizationsAccess(),
 			"aws_servicecatalog_portfolio":                            resourceAwsServiceCatalogPortfolio(),
+			"aws_servicecatalog_portfolio_share":                      resourceAwsServiceCatalogPortfolioShare(),
 			"aws_servicecatalog_product":                              resourceAwsServiceCatalogProduct(),
 			"aws_servicecatalog_tag_option":                           resourceAwsServiceCatalogTagOption(),
 			"aws_service_discovery_http_namespace":                    resourceAwsServiceDiscoveryHttpNamespace(),