diff --git a/.changelog/32226.txt b/.changelog/32226.txt new file mode 100644 index 00000000000..dcec0198a1d --- /dev/null +++ b/.changelog/32226.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +aws_opensearchserverless_security_policy +``` \ No newline at end of file diff --git a/internal/service/opensearchserverless/security_policy_data_source.go b/internal/service/opensearchserverless/security_policy_data_source.go new file mode 100644 index 00000000000..d6b3ffcf513 --- /dev/null +++ b/internal/service/opensearchserverless/security_policy_data_source.go @@ -0,0 +1,92 @@ +package opensearchserverless + +import ( + "context" + "regexp" + "time" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/opensearchserverless/types" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/enum" + "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" +) + +// @SDKDataSource("aws_opensearchserverless_security_policy") +func DataSourceSecurityPolicy() *schema.Resource { + return &schema.Resource{ + ReadWithoutTimeout: dataSourceSecurityPolicyRead, + + Schema: map[string]*schema.Schema{ + "created_date": { + Type: schema.TypeString, + Computed: true, + }, + "description": { + Type: schema.TypeString, + Computed: true, + }, + "last_modified_date": { + Type: schema.TypeString, + Computed: true, + }, + "name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.All( + validation.StringLenBetween(3, 32), + validation.StringMatch(regexp.MustCompile(`^[a-z][a-z0-9-]+$`), `must start with any lower case letter and can include any lower case letter, number, or "-"`), + ), + }, + "policy": { + Type: schema.TypeString, + Computed: true, + }, + "policy_version": { + Type: schema.TypeString, + Computed: true, + }, + "type": { + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: enum.Validate[types.SecurityPolicyType](), + }, + }, + } +} + +func dataSourceSecurityPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + var diags diag.Diagnostics + conn := meta.(*conns.AWSClient).OpenSearchServerlessClient(ctx) + + securityPolicyName := d.Get("name").(string) + securityPolicyType := d.Get("type").(string) + securityPolicy, err := FindSecurityPolicyByNameAndType(ctx, conn, securityPolicyName, securityPolicyType) + + if err != nil { + return sdkdiag.AppendErrorf(diags, "reading OpenSearch Security Policy with name (%s) and type (%s): %s", securityPolicyName, securityPolicyType, err) + } + + policyBytes, err := securityPolicy.Policy.MarshalSmithyDocument() + if err != nil { + return sdkdiag.AppendErrorf(diags, "reading JSON policy document for OpenSearch Security Policy with name %s and type %s: %s", securityPolicyName, securityPolicyType, err) + } + + d.SetId(aws.ToString(securityPolicy.Name)) + d.Set("description", securityPolicy.Description) + d.Set("name", securityPolicy.Name) + d.Set("policy", string(policyBytes)) + d.Set("policy_version", securityPolicy.PolicyVersion) + d.Set("type", securityPolicy.Type) + + createdDate := time.UnixMilli(aws.ToInt64(securityPolicy.CreatedDate)) + d.Set("created_date", createdDate.Format(time.RFC3339)) + + lastModifiedDate := time.UnixMilli(aws.ToInt64(securityPolicy.LastModifiedDate)) + d.Set("last_modified_date", lastModifiedDate.Format(time.RFC3339)) + + return diags +} diff --git a/internal/service/opensearchserverless/security_policy_data_source_test.go b/internal/service/opensearchserverless/security_policy_data_source_test.go new file mode 100644 index 00000000000..ec145902d43 --- /dev/null +++ b/internal/service/opensearchserverless/security_policy_data_source_test.go @@ -0,0 +1,69 @@ +package opensearchserverless_test + +import ( + "fmt" + "testing" + + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/names" +) + +func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_opensearchserverless_security_policy.test" + dataSourceName := "data.aws_opensearchserverless_security_policy.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, names.OpenSearchServerlessEndpointID) + }, + ErrorCheck: acctest.ErrorCheck(t, names.OpenSearchServerlessEndpointID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckSecurityPolicyDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccSecurityPolicyDataSourceConfig_basic(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "type", resourceName, "type"), + resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"), + resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"), + resource.TestCheckResourceAttrPair(dataSourceName, "policy_version", resourceName, "policy_version"), + resource.TestCheckResourceAttrSet(dataSourceName, "created_date"), + resource.TestCheckResourceAttrSet(dataSourceName, "last_modified_date"), + ), + }, + }, + }) +} + +func testAccSecurityPolicyDataSourceConfig_basic(rName string) string { + collection := fmt.Sprintf("collection/%s", rName) + return fmt.Sprintf(` +resource "aws_opensearchserverless_security_policy" "test" { + name = %[1]q + type = "encryption" + description = %[1]q + policy = jsonencode({ + "Rules" = [ + { + "Resource" = [ + %[2]q + ], + "ResourceType" = "collection" + } + ], + "AWSOwnedKey" = true + }) +} + +data "aws_opensearchserverless_security_policy" "test" { + name = aws_opensearchserverless_security_policy.test.name + type = "encryption" +} +`, rName, collection) +} diff --git a/internal/service/opensearchserverless/service_package_gen.go b/internal/service/opensearchserverless/service_package_gen.go index 70f13be6e45..3b45d9c6b3f 100644 --- a/internal/service/opensearchserverless/service_package_gen.go +++ b/internal/service/opensearchserverless/service_package_gen.go @@ -52,7 +52,12 @@ func (p *servicePackage) FrameworkResources(ctx context.Context) []*types.Servic } func (p *servicePackage) SDKDataSources(ctx context.Context) []*types.ServicePackageSDKDataSource { - return []*types.ServicePackageSDKDataSource{} + return []*types.ServicePackageSDKDataSource{ + { + Factory: DataSourceSecurityPolicy, + TypeName: "aws_opensearchserverless_security_policy", + }, + } } func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePackageSDKResource { diff --git a/website/docs/d/opensearchserverless_security_policy.html.markdown b/website/docs/d/opensearchserverless_security_policy.html.markdown new file mode 100644 index 00000000000..75232d6a12b --- /dev/null +++ b/website/docs/d/opensearchserverless_security_policy.html.markdown @@ -0,0 +1,37 @@ +--- +subcategory: "OpenSearch Serverless" +layout: "aws" +page_title: "AWS: aws_opensearchserverless_security_policy" +description: |- + Get information on an OpenSearch Serverless Security Policy. +--- + +# Data Source: aws_opensearchserverless_security_policy + +Use this data source to get information about an AWS OpenSearch Serverless Security Policy. + +## Example Usage + +```terraform +data "aws_opensearchserverless_security_policy" "example" { + name = "example-security-policy" + type = "encryption" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Name of the policy +* `type` - (Required) Type of security policy. One of `encryption` or `network`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `created_date` - The date the security policy was created. +* `description` - Description of the security policy. +* `last_modified_date` - The date the security policy was last modified. +* `policy` - The JSON policy document without any whitespaces. +* `policy_version` - Version of the policy.