Add aws_opensearchserverless_security_policy data source

internal/service/opensearchserverless/security_policy_data_source.go

@@ -0,0 +1,72 @@
+package opensearchserverless
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+)
+
+// @SDKDataSource("aws_opensearchserverless_security_policy")
+func DataSourceSecurityPolicy() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceSecurityPolicyRead,
+
+		Schema: map[string]*schema.Schema{
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"policy": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"policy_version": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"type": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourceSecurityPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).OpenSearchServerlessClient(ctx)
+
+	securityPolicyName := d.Get("name").(string)
+	securityPolicyType := d.Get("type").(string)
+	securityPolicy, err := FindSecurityPolicyByNameAndType(ctx, conn, securityPolicyName, securityPolicyType)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading SecurityPolicy with name (%s) and type (%s): %s", securityPolicyName, securityPolicyType, err)
+	}
+
+	policyBytes, err := securityPolicy.Policy.MarshalSmithyDocument()
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading JSON policy document for SecurityPolicy with name %s and type %s: %s", securityPolicyName, securityPolicyType, err)
+	}
+
+	d.SetId(aws.ToString(securityPolicy.Name))
+	d.Set("description", securityPolicy.Description)
+	d.Set("name", securityPolicy.Name)
+	d.Set("policy", string(policyBytes))
+	d.Set("policy_version", securityPolicy.PolicyVersion)
+	d.Set("type", securityPolicy.Type)
+
+	return diags
+}

internal/service/opensearchserverless/security_policy_data_source_test.go

@@ -0,0 +1,65 @@
+package opensearchserverless_test
+
+import (
+	"fmt"
+	"testing"
+
+	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccOpenSearchServerlessSecurityPolicyDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_opensearchserverless_security_policy.test"
+	dataSourceName := "data.aws_opensearchserverless_security_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.OpenSearchServerlessEndpointID)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.OpenSearchServerlessEndpointID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecurityPolicyDataSourceConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "type", resourceName, "type"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "description", resourceName, "description"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "policy", resourceName, "policy"),
+				),
+			},
+		},
+	})
+}
+
+func testAccSecurityPolicyDataSourceConfig_basic(rName string) string {
+	collection := fmt.Sprintf("collection/%s", rName)
+	return fmt.Sprintf(`
+resource "aws_opensearchserverless_security_policy" "test" {
+	name = %[1]q
+	type = "encryption"
+	description = %[1]q
+	policy = jsonencode({
+		"Rules" = [
+		{
+			"Resource" = [
+				%[2]q
+			],
+			"ResourceType" = "collection"
+		}
+		],
+		"AWSOwnedKey" = true
+	})
+}
+
+data "aws_opensearchserverless_security_policy" "test" {
+  name = aws_opensearchserverless_security_policy.test.name
+  type = "encryption"
+}
+`, rName, collection)
+}

website/docs/d/opensearchserverless_security_policy.html.markdown

@@ -0,0 +1,35 @@
+---
+subcategory: "OpenSearch Serverless"
+layout: "aws"
+page_title: "AWS: aws_opensearchserverless_security_policy"
+description: |-
+  Get information on an OpenSearch Serverless Security Policy.
+---
+
+# Data Source: aws_opensearchserverless_security_policy
+
+Use this data source to get information about an AWS OpenSearch Serverless Security Policy.
+
+## Example Usage
+
+```terraform
+data "aws_opensearchserverless_security_policy" "example" {
+  name = "example-security-policy"
+  type = "encryption"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) Name of the policy
+* `type` - (Required) Type of security policy. One of `encryption` or `network`.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `description` - Description of the security policy.
+* `policy` - The JSON policy document without any whitespaces.
+* `policy_version` - Version of the policy.