Merge pull request #9615 from katainaka0503/add-aws-ssm-parameters-by…

…-path-data-source Add datasource ssm_parameters_by_path
hashicorp · Sep 30, 2021 · 7d5b779 · 7d5b779
2 parents 02bc9c7 + 15872fc
commit 7d5b779
Show file tree

Hide file tree

Showing 5 changed files with 202 additions and 0 deletions.
diff --git a/.changelog/9615.txt b/.changelog/9615.txt
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_ssm_parameters_by_path
+```
diff --git a/aws/data_source_aws_ssm_parameters_by_path.go b/aws/data_source_aws_ssm_parameters_by_path.go
@@ -0,0 +1,90 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ssm"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAwsSsmParametersByPath() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsSsmParametersReadByPath,
+
+		Schema: map[string]*schema.Schema{
+			"arns": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"names": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"path": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"types": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"values": {
+				Type:      schema.TypeList,
+				Computed:  true,
+				Sensitive: true,
+				Elem:      &schema.Schema{Type: schema.TypeString},
+			},
+			"with_decryption": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+		},
+	}
+}
+
+func dataSourceAwsSsmParametersReadByPath(d *schema.ResourceData, meta interface{}) error {
+	ssmconn := meta.(*AWSClient).ssmconn
+
+	path := d.Get("path").(string)
+	input := &ssm.GetParametersByPathInput{
+		Path:           aws.String(path),
+		WithDecryption: aws.Bool(d.Get("with_decryption").(bool)),
+	}
+
+	arns := make([]string, 0)
+	names := make([]string, 0)
+	types := make([]string, 0)
+	values := make([]string, 0)
+
+	err := ssmconn.GetParametersByPathPages(input, func(page *ssm.GetParametersByPathOutput, lastPage bool) bool {
+		if page == nil {
+			return !lastPage
+		}
+
+		for _, param := range page.Parameters {
+			arns = append(arns, aws.StringValue(param.ARN))
+			names = append(names, aws.StringValue(param.Name))
+			types = append(types, aws.StringValue(param.Type))
+			values = append(values, aws.StringValue(param.Value))
+		}
+
+		return !lastPage
+	})
+
+	if err != nil {
+		return fmt.Errorf("error getting SSM parameters by path (%s): %w", path, err)
+	}
+
+	d.SetId(path)
+	d.Set("arns", arns)
+	d.Set("names", names)
+	d.Set("types", types)
+	d.Set("values", values)
+
+	return nil
+}
diff --git a/aws/data_source_aws_ssm_parameters_by_path_test.go b/aws/data_source_aws_ssm_parameters_by_path_test.go
@@ -0,0 +1,67 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/ssm"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAWSSsmParametersByPathDataSource_basic(t *testing.T) {
+	resourceName := "data.aws_ssm_parameters_by_path.test"
+	rName1 := acctest.RandomWithPrefix("tf-acc-test")
+	rName2 := acctest.RandomWithPrefix("tf-acc-test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { testAccPreCheck(t) },
+		ErrorCheck: testAccErrorCheck(t, ssm.EndpointsID),
+		Providers:  testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckAwsSsmParametersByPathDataSourceConfig(rName1, rName2, false),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "arns.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "names.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "types.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "values.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "with_decryption", "false"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAwsSsmParametersByPathDataSourceConfig(rName1, rName2 string, withDecryption bool) string {
+	return fmt.Sprintf(`
+resource "aws_ssm_parameter" "test1" {
+  name  = "/%[1]s/param-a"
+  type  = "String"
+  value = "TestValueA"
+}
+
+resource "aws_ssm_parameter" "test2" {
+  name  = "/%[1]s/param-b"
+  type  = "String"
+  value = "TestValueB"
+}
+
+resource "aws_ssm_parameter" "test3" {
+  name  = "/%[2]s/param-c"
+  type  = "String"
+  value = "TestValueC"
+}
+
+data "aws_ssm_parameters_by_path" "test" {
+  path            = "/%[1]s"
+  with_decryption = %[3]t
+
+  depends_on = [
+    aws_ssm_parameter.test1,
+    aws_ssm_parameter.test2,
+    aws_ssm_parameter.test3,
+  ]
+}
+`, rName1, rName2, withDecryption)
+}
diff --git a/aws/provider.go b/aws/provider.go
@@ -431,6 +431,7 @@ func Provider() *schema.Provider {
 			"aws_sqs_queue":                                  dataSourceAwsSqsQueue(),
 			"aws_ssm_document":                               dataSourceAwsSsmDocument(),
 			"aws_ssm_parameter":                              dataSourceAwsSsmParameter(),
+			"aws_ssm_parameters_by_path":                     dataSourceAwsSsmParametersByPath(),
 			"aws_ssm_patch_baseline":                         dataSourceAwsSsmPatchBaseline(),
 			"aws_ssoadmin_instances":                         dataSourceAwsSsoAdminInstances(),
 			"aws_ssoadmin_permission_set":                    dataSourceAwsSsoAdminPermissionSet(),

diff --git a/website/docs/d/ssm_parameters_by_path.html.markdown b/website/docs/d/ssm_parameters_by_path.html.markdown
@@ -0,0 +1,41 @@
+---
+subcategory: "SSM"
+layout: "aws"
+page_title: "AWS: aws_ssm_parameters_by_path"
+description: |-
+  Provides SSM Parameters by path
+---
+
+# Data Source: aws_ssm_parameters_by_path
+
+Provides SSM Parameters by path.
+
+## Example Usage
+
+```terraform
+data "aws_ssm_parameters_by_path" "foo" {
+  path = "/foo"
+}
+```
+
+~> **Note:** The unencrypted value of a SecureString will be stored in the raw state as plain-text.
+[Read more about sensitive data in state](/docs/state/sensitive-data.html).
+
+
+~> **Note:** The data source is currently following the behavior of the [SSM API](https://docs.aws.amazon.com/sdk-for-go/api/service/ssm/#Parameter) to return a string value, regardless of parameter type. For type `StringList`, we can use the built-in [split()](https://www.terraform.io/docs/configuration/functions/split.html) function to get values in a list. Example: `split(",", data.aws_ssm_parameter.subnets.value)`
+
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `path` - (Required) The prefix path of the parameter.
+* `with_decryption` - (Optional) Whether to return decrypted `SecureString` value. Defaults to `true`.
+
+
+In addition to all arguments above, the following attributes are exported:
+
+* `arns` - The ARNs of the parameters.
+* `names` - The names of the parametes.
+* `types` - The types of the parameters.
+* `values` - The value of the parameters.