diff --git a/.changelog/38741.txt b/.changelog/38741.txt new file mode 100644 index 00000000000..b7ef8821ceb --- /dev/null +++ b/.changelog/38741.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +aws_ssoadmin_permission_sets +``` \ No newline at end of file diff --git a/internal/service/ssoadmin/permission_set_data_source_test.go b/internal/service/ssoadmin/permission_set_data_source_test.go index c00b9d43a30..55a754253e2 100644 --- a/internal/service/ssoadmin/permission_set_data_source_test.go +++ b/internal/service/ssoadmin/permission_set_data_source_test.go @@ -81,7 +81,7 @@ func TestAccSSOAdminPermissionSetDataSource_nonExistent(t *testing.T) { }) } -func testAccSSOPermissionSetBaseDataSourceConfig(rName string) string { +func testAccSSOPermissionSetDataSourceConfig_base(rName string) string { return fmt.Sprintf(` data "aws_ssoadmin_instances" "test" {} @@ -102,7 +102,7 @@ resource "aws_ssoadmin_permission_set" "test" { func testAccPermissionSetDataSourceConfig_ssoByARN(rName string) string { return acctest.ConfigCompose( - testAccSSOPermissionSetBaseDataSourceConfig(rName), + testAccSSOPermissionSetDataSourceConfig_base(rName), ` data "aws_ssoadmin_permission_set" "test" { instance_arn = tolist(data.aws_ssoadmin_instances.test.arns)[0] @@ -113,7 +113,7 @@ data "aws_ssoadmin_permission_set" "test" { func testAccPermissionSetDataSourceConfig_ssoByName(rName string) string { return acctest.ConfigCompose( - testAccSSOPermissionSetBaseDataSourceConfig(rName), + testAccSSOPermissionSetDataSourceConfig_base(rName), ` data "aws_ssoadmin_permission_set" "test" { instance_arn = tolist(data.aws_ssoadmin_instances.test.arns)[0] diff --git a/internal/service/ssoadmin/permission_sets_data_source.go b/internal/service/ssoadmin/permission_sets_data_source.go new file mode 100644 index 00000000000..a38a9dca974 --- /dev/null +++ b/internal/service/ssoadmin/permission_sets_data_source.go @@ -0,0 +1,84 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package ssoadmin + +import ( + "context" + + "github.com/aws/aws-sdk-go-v2/service/ssoadmin" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-provider-aws/internal/framework" + fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" + fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types" + "github.com/hashicorp/terraform-provider-aws/names" +) + +// @FrameworkDataSource(name="Permission Sets") +func newPermissionSetsDataSource(context.Context) (datasource.DataSourceWithConfigure, error) { + return &permissionSetsDataSource{}, nil +} + +type permissionSetsDataSource struct { + framework.DataSourceWithConfigure +} + +func (*permissionSetsDataSource) Metadata(_ context.Context, request datasource.MetadataRequest, response *datasource.MetadataResponse) { + response.TypeName = "aws_ssoadmin_permission_sets" +} + +func (d *permissionSetsDataSource) Schema(ctx context.Context, request datasource.SchemaRequest, response *datasource.SchemaResponse) { + response.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + names.AttrARNs: schema.ListAttribute{ + ElementType: types.StringType, + Computed: true, + }, + names.AttrID: framework.IDAttribute(), + "instance_arn": schema.StringAttribute{ + CustomType: fwtypes.ARNType, + Required: true, + }, + }, + } +} + +func (d *permissionSetsDataSource) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) { + var data permissionSetsDataSourceModel + response.Diagnostics.Append(request.Config.Get(ctx, &data)...) + if response.Diagnostics.HasError() { + return + } + + conn := d.Meta().SSOAdminClient(ctx) + + var arns []string + input := &ssoadmin.ListPermissionSetsInput{ + InstanceArn: fwflex.StringFromFramework(ctx, data.InstanceARN), + } + pages := ssoadmin.NewListPermissionSetsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if err != nil { + response.Diagnostics.AddError("listing SSO Permission Sets", err.Error()) + + return + } + + arns = append(arns, page.PermissionSets...) + } + + data.ID = fwflex.StringValueToFramework(ctx, data.InstanceARN.ValueString()) + data.ARNs = fwflex.FlattenFrameworkStringValueList(ctx, arns) + + response.Diagnostics.Append(response.State.Set(ctx, &data)...) +} + +type permissionSetsDataSourceModel struct { + ARNs types.List `tfsdk:"arns"` + ID types.String `tfsdk:"id"` + InstanceARN fwtypes.ARN `tfsdk:"instance_arn"` +} diff --git a/internal/service/ssoadmin/permission_sets_data_source_test.go b/internal/service/ssoadmin/permission_sets_data_source_test.go new file mode 100644 index 00000000000..05f73331158 --- /dev/null +++ b/internal/service/ssoadmin/permission_sets_data_source_test.go @@ -0,0 +1,43 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package ssoadmin_test + +import ( + "testing" + + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/names" +) + +func TestAccSSOAdminPermissionSetsDataSource_basic(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + dataSourceName := "data.aws_ssoadmin_permission_sets.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t); acctest.PreCheckSSOAdminInstances(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.SSOAdminServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccPermissionSetsDataSourceConfig_basic(rName), + Check: resource.ComposeTestCheckFunc( + acctest.CheckResourceAttrGreaterThanOrEqualValue(dataSourceName, "arns.#", 1), + ), + }, + }, + }) +} + +func testAccPermissionSetsDataSourceConfig_basic(rName string) string { + return acctest.ConfigCompose(testAccSSOPermissionSetDataSourceConfig_base(rName), ` +data "aws_ssoadmin_permission_sets" "test" { + instance_arn = tolist(data.aws_ssoadmin_instances.test.arns)[0] + + depends_on = [aws_ssoadmin_permission_set.test] +} +`) +} diff --git a/internal/service/ssoadmin/service_package_gen.go b/internal/service/ssoadmin/service_package_gen.go index 36ad7d588d0..00be2d5b975 100644 --- a/internal/service/ssoadmin/service_package_gen.go +++ b/internal/service/ssoadmin/service_package_gen.go @@ -30,6 +30,10 @@ func (p *servicePackage) FrameworkDataSources(ctx context.Context) []*types.Serv Factory: newDataSourcePrincipalApplicationAssignments, Name: "Principal Application Assignments", }, + { + Factory: newPermissionSetsDataSource, + Name: "Permission Sets", + }, } } diff --git a/website/docs/d/ssoadmin_permission_sets.html.markdown b/website/docs/d/ssoadmin_permission_sets.html.markdown new file mode 100644 index 00000000000..e25e2e81822 --- /dev/null +++ b/website/docs/d/ssoadmin_permission_sets.html.markdown @@ -0,0 +1,35 @@ +--- +subcategory: "SSO Admin" +layout: "aws" +page_title: "AWS: aws_ssoadmin_permission_sets" +description: |- + Terraform data source returning the ARN of all AWS SSO Admin Permission Sets. +--- + +# Data Source: aws_ssoadmin_permission_sets + +Terraform data source returning the ARN of all AWS SSO Admin Permission Sets. + +## Example Usage + +### Basic Usage + +```terraform +data "aws_ssoadmin_instances" "example" {} + +data "aws_ssoadmin_permission_sets" "example" { + instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0] +} +``` + +## Argument Reference + +The following arguments are required: + +* `instance_arn` - (Required) ARN of the SSO Instance associated with the permission set. + +## Attribute Reference + +This data source exports the following attributes in addition to the arguments above: + +* `arns` - Set of string contain the ARN of all Permission Sets.