From 322977ab02a029ce08b1ef63d8c70fbc4ca53588 Mon Sep 17 00:00:00 2001 From: Joshua Luo Date: Mon, 26 Jun 2023 13:01:52 -0500 Subject: [PATCH 1/5] Add aws_opensearchserverless_security_policy data source --- .../security_policy_data_source.go | 72 +++++++++++++++++++ .../security_policy_data_source_test.go | 65 +++++++++++++++++ .../service_package_gen.go | 7 +- ...chserverless_security_policy.html.markdown | 35 +++++++++ 4 files changed, 178 insertions(+), 1 deletion(-) create mode 100644 internal/service/opensearchserverless/security_policy_data_source.go create mode 100644 internal/service/opensearchserverless/security_policy_data_source_test.go create mode 100644 website/docs/d/opensearchserverless_security_policy.html.markdown diff --git a/internal/service/opensearchserverless/security_policy_data_source.go b/internal/service/opensearchserverless/security_policy_data_source.go new file mode 100644 index 00000000000..44879f12c38 --- /dev/null +++ b/internal/service/opensearchserverless/security_policy_data_source.go @@ -0,0 +1,72 @@ +package opensearchserverless + +import ( + "context" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" +) + +// @SDKDataSource("aws_opensearchserverless_security_policy") +func DataSourceSecurityPolicy() *schema.Resource { + return &schema.Resource{ + ReadWithoutTimeout: dataSourceSecurityPolicyRead, + + Schema: map[string]*schema.Schema{ + "description": { + Type: schema.TypeString, + Computed: true, + }, + "id": { + Type: schema.TypeString, + Computed: true, + }, + "name": { + Type: schema.TypeString, + Required: true, + }, + "policy": { + Type: schema.TypeString, + Computed: true, + }, + "policy_version": { + Type: schema.TypeString, + Computed: true, + }, + "type": { + Type: schema.TypeString, + Required: true, + }, + }, + } +} + +func dataSourceSecurityPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + var diags diag.Diagnostics + conn := meta.(*conns.AWSClient).OpenSearchServerlessClient(ctx) + + securityPolicyName := d.Get("name").(string) + securityPolicyType := d.Get("type").(string) + securityPolicy, err := FindSecurityPolicyByNameAndType(ctx, conn, securityPolicyName, securityPolicyType) + + if err != nil { + return sdkdiag.AppendErrorf(diags, "reading SecurityPolicy with name (%s) and type (%s): %s", securityPolicyName, securityPolicyType, err) + } + + policyBytes, err := securityPolicy.Policy.MarshalSmithyDocument() + if err != nil { + return sdkdiag.AppendErrorf(diags, "reading JSON policy document for SecurityPolicy with name %s and type %s: %s", securityPolicyName, securityPolicyType, err) + } + + d.SetId(aws.ToString(securityPolicy.Name)) + d.Set("description", securityPolicy.Description) + d.Set("name", securityPolicy.Name) + d.Set("policy", string(policyBytes)) + d.Set("policy_version", securityPolicy.PolicyVersion) + d.Set("type", securityPolicy.Type) + + return diags +} diff --git a/internal/service/opensearchserverless/security_policy_data_source_test.go b/internal/service/opensearchserverless/security_policy_data_source_test.go new file mode 100644 index 00000000000..0fd9b69df3f --- /dev/null +++ b/internal/service/opensearchserverless/security_policy_data_source_test.go @@ -0,0 +1,65 @@ +package opensearchserverless_test + +import ( + "fmt" + "testing" + + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/names" +) + +func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_opensearchserverless_security_policy.test" + dataSourceName := "data.aws_opensearchserverless_security_policy.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, names.OpenSearchServerlessEndpointID) + }, + ErrorCheck: acctest.ErrorCheck(t, names.OpenSearchServerlessEndpointID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccSecurityPolicyDataSourceConfig_basic(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "type", resourceName, "type"), + resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"), + resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"), + ), + }, + }, + }) +} + +func testAccSecurityPolicyDataSourceConfig_basic(rName string) string { + collection := fmt.Sprintf("collection/%s", rName) + return fmt.Sprintf(` +resource "aws_opensearchserverless_security_policy" "test" { + name = %[1]q + type = "encryption" + description = %[1]q + policy = jsonencode({ + "Rules" = [ + { + "Resource" = [ + %[2]q + ], + "ResourceType" = "collection" + } + ], + "AWSOwnedKey" = true + }) +} + +data "aws_opensearchserverless_security_policy" "test" { + name = aws_opensearchserverless_security_policy.test.name + type = "encryption" +} +`, rName, collection) +} diff --git a/internal/service/opensearchserverless/service_package_gen.go b/internal/service/opensearchserverless/service_package_gen.go index 9aa3052f44a..c3a4ca912f0 100644 --- a/internal/service/opensearchserverless/service_package_gen.go +++ b/internal/service/opensearchserverless/service_package_gen.go @@ -43,7 +43,12 @@ func (p *servicePackage) FrameworkResources(ctx context.Context) []*types.Servic } func (p *servicePackage) SDKDataSources(ctx context.Context) []*types.ServicePackageSDKDataSource { - return []*types.ServicePackageSDKDataSource{} + return []*types.ServicePackageSDKDataSource{ + { + Factory: DataSourceSecurityPolicy, + TypeName: "aws_opensearchserverless_security_policy", + }, + } } func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePackageSDKResource { diff --git a/website/docs/d/opensearchserverless_security_policy.html.markdown b/website/docs/d/opensearchserverless_security_policy.html.markdown new file mode 100644 index 00000000000..76c56c559fd --- /dev/null +++ b/website/docs/d/opensearchserverless_security_policy.html.markdown @@ -0,0 +1,35 @@ +--- +subcategory: "OpenSearch Serverless" +layout: "aws" +page_title: "AWS: aws_opensearchserverless_security_policy" +description: |- + Get information on an OpenSearch Serverless Security Policy. +--- + +# Data Source: aws_opensearchserverless_security_policy + +Use this data source to get information about an AWS OpenSearch Serverless Security Policy. + +## Example Usage + +```terraform +data "aws_opensearchserverless_security_policy" "example" { + name = "example-security-policy" + type = "encryption" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Name of the policy +* `type` - (Required) Type of security policy. One of `encryption` or `network`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `description` - Description of the security policy. +* `policy` - The JSON policy document without any whitespaces. +* `policy_version` - Version of the policy. From 304e3fb6ab4cc9b0373d185c929f6584ed0ac60f Mon Sep 17 00:00:00 2001 From: Joshua Luo Date: Mon, 26 Jun 2023 13:01:52 -0500 Subject: [PATCH 2/5] Add aws_opensearchserverless_security_policy data source --- .changelog/32226.txt | 3 ++ .../security_policy_data_source.go | 13 ++++++-- .../security_policy_data_source_test.go | 30 ++++++++++--------- 3 files changed, 30 insertions(+), 16 deletions(-) create mode 100644 .changelog/32226.txt diff --git a/.changelog/32226.txt b/.changelog/32226.txt new file mode 100644 index 00000000000..dcec0198a1d --- /dev/null +++ b/.changelog/32226.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +aws_opensearchserverless_security_policy +``` \ No newline at end of file diff --git a/internal/service/opensearchserverless/security_policy_data_source.go b/internal/service/opensearchserverless/security_policy_data_source.go index 44879f12c38..76847561c36 100644 --- a/internal/service/opensearchserverless/security_policy_data_source.go +++ b/internal/service/opensearchserverless/security_policy_data_source.go @@ -2,11 +2,15 @@ package opensearchserverless import ( "context" + "regexp" "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/opensearchserverless/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/enum" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" ) @@ -27,6 +31,10 @@ func DataSourceSecurityPolicy() *schema.Resource { "name": { Type: schema.TypeString, Required: true, + ValidateFunc: validation.All( + validation.StringLenBetween(3, 32), + validation.StringMatch(regexp.MustCompile(`^[a-z][a-z0-9-]+$`), `must start with any lower case letter and can include any lower case letter, number, or "-"`), + ), }, "policy": { Type: schema.TypeString, @@ -37,8 +45,9 @@ func DataSourceSecurityPolicy() *schema.Resource { Computed: true, }, "type": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateDiagFunc: enum.Validate[types.SecurityPolicyType](), }, }, } diff --git a/internal/service/opensearchserverless/security_policy_data_source_test.go b/internal/service/opensearchserverless/security_policy_data_source_test.go index 0fd9b69df3f..09f5a18486a 100644 --- a/internal/service/opensearchserverless/security_policy_data_source_test.go +++ b/internal/service/opensearchserverless/security_policy_data_source_test.go @@ -23,6 +23,7 @@ func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) { }, ErrorCheck: acctest.ErrorCheck(t, names.OpenSearchServerlessEndpointID), ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckSecurityPolicyDestroy(ctx), Steps: []resource.TestStep{ { Config: testAccSecurityPolicyDataSourceConfig_basic(rName), @@ -31,6 +32,7 @@ func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) { resource.TestCheckResourceAttrPair(dataSourceName, "type", resourceName, "type"), resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"), resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"), + resource.TestCheckResourceAttrPair(dataSourceName, "policy_version", resourceName, "policy_version"), ), }, }, @@ -41,20 +43,20 @@ func testAccSecurityPolicyDataSourceConfig_basic(rName string) string { collection := fmt.Sprintf("collection/%s", rName) return fmt.Sprintf(` resource "aws_opensearchserverless_security_policy" "test" { - name = %[1]q - type = "encryption" - description = %[1]q - policy = jsonencode({ - "Rules" = [ - { - "Resource" = [ - %[2]q - ], - "ResourceType" = "collection" - } - ], - "AWSOwnedKey" = true - }) + name = %[1]q + type = "encryption" + description = %[1]q + policy = jsonencode({ + "Rules" = [ + { + "Resource" = [ + %[2]q + ], + "ResourceType" = "collection" + } + ], + "AWSOwnedKey" = true + }) } data "aws_opensearchserverless_security_policy" "test" { From 3f05e643e1c0141a97b2c6ee8ec7c45b6eda547b Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Fri, 30 Jun 2023 13:27:36 -0500 Subject: [PATCH 3/5] aws_opensearchserverless_security_policy: remove id attribute --- .../opensearchserverless/security_policy_data_source.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/internal/service/opensearchserverless/security_policy_data_source.go b/internal/service/opensearchserverless/security_policy_data_source.go index 76847561c36..8a2bbfb0256 100644 --- a/internal/service/opensearchserverless/security_policy_data_source.go +++ b/internal/service/opensearchserverless/security_policy_data_source.go @@ -24,10 +24,6 @@ func DataSourceSecurityPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, - "id": { - Type: schema.TypeString, - Computed: true, - }, "name": { Type: schema.TypeString, Required: true, @@ -62,12 +58,12 @@ func dataSourceSecurityPolicyRead(ctx context.Context, d *schema.ResourceData, m securityPolicy, err := FindSecurityPolicyByNameAndType(ctx, conn, securityPolicyName, securityPolicyType) if err != nil { - return sdkdiag.AppendErrorf(diags, "reading SecurityPolicy with name (%s) and type (%s): %s", securityPolicyName, securityPolicyType, err) + return sdkdiag.AppendErrorf(diags, "reading OpenSearch Security Policy with name (%s) and type (%s): %s", securityPolicyName, securityPolicyType, err) } policyBytes, err := securityPolicy.Policy.MarshalSmithyDocument() if err != nil { - return sdkdiag.AppendErrorf(diags, "reading JSON policy document for SecurityPolicy with name %s and type %s: %s", securityPolicyName, securityPolicyType, err) + return sdkdiag.AppendErrorf(diags, "reading JSON policy document for OpenSearch Security Policy with name %s and type %s: %s", securityPolicyName, securityPolicyType, err) } d.SetId(aws.ToString(securityPolicy.Name)) From 146a72db21f70b7a95fbd880b6717826fde7afac Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Fri, 30 Jun 2023 13:32:51 -0500 Subject: [PATCH 4/5] aws_opensearchserverless_security_policy: add created and lastModified dates --- .../security_policy_data_source.go | 15 +++++++++++++++ .../security_policy_data_source_test.go | 2 ++ 2 files changed, 17 insertions(+) diff --git a/internal/service/opensearchserverless/security_policy_data_source.go b/internal/service/opensearchserverless/security_policy_data_source.go index 8a2bbfb0256..d6b3ffcf513 100644 --- a/internal/service/opensearchserverless/security_policy_data_source.go +++ b/internal/service/opensearchserverless/security_policy_data_source.go @@ -3,6 +3,7 @@ package opensearchserverless import ( "context" "regexp" + "time" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/opensearchserverless/types" @@ -20,10 +21,18 @@ func DataSourceSecurityPolicy() *schema.Resource { ReadWithoutTimeout: dataSourceSecurityPolicyRead, Schema: map[string]*schema.Schema{ + "created_date": { + Type: schema.TypeString, + Computed: true, + }, "description": { Type: schema.TypeString, Computed: true, }, + "last_modified_date": { + Type: schema.TypeString, + Computed: true, + }, "name": { Type: schema.TypeString, Required: true, @@ -73,5 +82,11 @@ func dataSourceSecurityPolicyRead(ctx context.Context, d *schema.ResourceData, m d.Set("policy_version", securityPolicy.PolicyVersion) d.Set("type", securityPolicy.Type) + createdDate := time.UnixMilli(aws.ToInt64(securityPolicy.CreatedDate)) + d.Set("created_date", createdDate.Format(time.RFC3339)) + + lastModifiedDate := time.UnixMilli(aws.ToInt64(securityPolicy.LastModifiedDate)) + d.Set("last_modified_date", lastModifiedDate.Format(time.RFC3339)) + return diags } diff --git a/internal/service/opensearchserverless/security_policy_data_source_test.go b/internal/service/opensearchserverless/security_policy_data_source_test.go index 09f5a18486a..ec145902d43 100644 --- a/internal/service/opensearchserverless/security_policy_data_source_test.go +++ b/internal/service/opensearchserverless/security_policy_data_source_test.go @@ -33,6 +33,8 @@ func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) { resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"), resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"), resource.TestCheckResourceAttrPair(dataSourceName, "policy_version", resourceName, "policy_version"), + resource.TestCheckResourceAttrSet(dataSourceName, "created_date"), + resource.TestCheckResourceAttrSet(dataSourceName, "last_modified_date"), ), }, }, From eaa8ea91f45f15f5161574a1f8949e00f0dafbe2 Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Fri, 30 Jun 2023 13:36:04 -0500 Subject: [PATCH 5/5] aws_opensearchserverless_security_policy: update documentation --- .../docs/d/opensearchserverless_security_policy.html.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/d/opensearchserverless_security_policy.html.markdown b/website/docs/d/opensearchserverless_security_policy.html.markdown index 76c56c559fd..75232d6a12b 100644 --- a/website/docs/d/opensearchserverless_security_policy.html.markdown +++ b/website/docs/d/opensearchserverless_security_policy.html.markdown @@ -30,6 +30,8 @@ The following arguments are supported: In addition to all arguments above, the following attributes are exported: +* `created_date` - The date the security policy was created. * `description` - Description of the security policy. +* `last_modified_date` - The date the security policy was last modified. * `policy` - The JSON policy document without any whitespaces. * `policy_version` - Version of the policy.