hashicorp · anGie44 · Sep 7, 2021 · Aug 12, 2021 · Aug 23, 2021 · Aug 23, 2021
@@ -964,6 +964,7 @@ func Provider() *schema.Provider {
 			"aws_proxy_protocol_policy":                               resourceAwsProxyProtocolPolicy(),
 			"aws_qldb_ledger":                                         resourceAwsQLDBLedger(),
 			"aws_quicksight_group":                                    resourceAwsQuickSightGroup(),
+			"aws_quicksight_group_membership":                         resourceAwsQuickSightGroupMembership(),
 			"aws_quicksight_user":                                     resourceAwsQuickSightUser(),
 			"aws_ram_principal_association":                           resourceAwsRamPrincipalAssociation(),
 			"aws_ram_resource_association":                            resourceAwsRamResourceAssociation(),

@@ -0,0 +1,175 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/quicksight"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+func resourceAwsQuickSightGroupMembership() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsQuickSightGroupMembershipCreate,
+		Read:   resourceAwsQuickSightGroupMembershipRead,
+		Delete: resourceAwsQuickSightGroupMembershipDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"aws_account_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+
+			"member_name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"group_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+
+			"namespace": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Default:  "default",
+				ValidateFunc: validation.StringInSlice([]string{
+					"default",
+				}, false),
+			},
+		},
+	}
+}
+
+func resourceAwsQuickSightGroupMembershipCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).quicksightconn
+
+	awsAccountID := meta.(*AWSClient).accountid
+	namespace := d.Get("namespace").(string)
+	groupName := d.Get("group_name").(string)
+
+	if v, ok := d.GetOk("aws_account_id"); ok {
+		awsAccountID = v.(string)
+	}
+
+	createOpts := &quicksight.CreateGroupMembershipInput{
+		AwsAccountId: aws.String(awsAccountID),
+		GroupName:    aws.String(groupName),
+		MemberName:   aws.String(d.Get("member_name").(string)),
+		Namespace:    aws.String(namespace),
+	}
+
+	resp, err := conn.CreateGroupMembership(createOpts)
+	if err != nil {
+		return fmt.Errorf("Error adding QuickSight user to group: %s", err)
+	}
+
+	d.SetId(fmt.Sprintf("%s/%s/%s/%s", awsAccountID, namespace, groupName, aws.StringValue(resp.GroupMember.MemberName)))
+
+	return resourceAwsQuickSightGroupMembershipRead(d, meta)
+}
+
+func resourceAwsQuickSightGroupMembershipRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).quicksightconn
+
+	awsAccountID, namespace, groupName, userName, err := resourceAwsQuickSightGroupMembershipParseID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	listOpts := &quicksight.ListUserGroupsInput{
+		AwsAccountId: aws.String(awsAccountID),
+		Namespace:    aws.String(namespace),
+		UserName:     aws.String(userName),
+	}
+
+	found := false
+
+	for {
+		resp, err := conn.ListUserGroups(listOpts)
+		if isAWSErr(err, quicksight.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] QuickSight User %s is not found", d.Id())
+			d.SetId("")
+			return nil
+		}
+		if err != nil {
+			return fmt.Errorf("Error listing QuickSight User groups (%s): %s", d.Id(), err)
+		}
+
+		for _, group := range resp.GroupList {
+			if *group.GroupName == groupName {
+				found = true
+				break
+			}
+		}
+
+		if found || resp.NextToken == nil {
+			break
+		}
+
+		listOpts.NextToken = resp.NextToken
+	}
+
+	if found {
+		d.Set("aws_account_id", awsAccountID)
+		d.Set("namespace", namespace)
+		d.Set("member_name", userName)
+		d.Set("group_name", groupName)
+	} else {
+		log.Printf("[WARN] QuickSight User-group membership %s is not found", d.Id())
+		d.SetId("")
+	}
+
+	return nil
+}
+
+func resourceAwsQuickSightGroupMembershipDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).quicksightconn
+
+	awsAccountID, namespace, groupName, userName, err := resourceAwsQuickSightGroupMembershipParseID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	deleteOpts := &quicksight.DeleteGroupMembershipInput{
+		AwsAccountId: aws.String(awsAccountID),
+		Namespace:    aws.String(namespace),
+		MemberName:   aws.String(userName),
+		GroupName:    aws.String(groupName),
+	}
+
+	if _, err := conn.DeleteGroupMembership(deleteOpts); err != nil {
+		if isAWSErr(err, quicksight.ErrCodeResourceNotFoundException, "") {
+			return nil
+		}
+		return fmt.Errorf("Error deleting QuickSight User-group membership %s: %s", d.Id(), err)
+	}
+
+	return nil
+}
+
+func resourceAwsQuickSightGroupMembershipParseID(id string) (string, string, string, string, error) {
+	parts := strings.SplitN(id, "/", 4)
+	if len(parts) < 4 || parts[0] == "" || parts[1] == "" || parts[2] == "" || parts[3] == "" {
+		return "", "", "", "", fmt.Errorf("unexpected format of ID (%s), expected AWS_ACCOUNT_ID/NAMESPACE/GROUP_NAME/USER_NAME", id)
+	}
+	return parts[0], parts[1], parts[2], parts[3], nil
+}
@@ -0,0 +1,147 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/quicksight"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccAWSQuickSightGroupMembership_basic(t *testing.T) {
+	groupName := acctest.RandomWithPrefix("tf-acc-test")
+	memberName := "tfacctest" + acctest.RandString(10)
+	resourceName := "aws_quicksight_group_membership.default"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() { testAccPreCheck(t) },
+		// There's no way to actual retrieve a group membership after
+		// the user and group have been destroyed.
+		CheckDestroy: testAccCheckQuickSightGroupMembershipWaveHandsEverythingsOkay,
+		Providers:    testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSQuickSightGroupMembershipConfig(groupName, memberName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckQuickSightGroupMembershipExists(resourceName),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAWSQuickSightGroupMembership_disappears(t *testing.T) {
+	groupName := acctest.RandomWithPrefix("tf-acc-test")
+	memberName := "tfacctest" + acctest.RandString(10)
+	resourceName := "aws_quicksight_group_membership.default"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		// There's no way to actual retrieve a group membership after
+		// the user and group have been destroyed.
+		CheckDestroy: testAccCheckQuickSightGroupMembershipWaveHandsEverythingsOkay,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSQuickSightGroupMembershipConfig(groupName, memberName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckQuickSightGroupMembershipExists(resourceName),
+					testAccCheckQuickSightGroupMembershipDisappears(groupName, memberName),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
+func testAccCheckQuickSightGroupMembershipWaveHandsEverythingsOkay(s *terraform.State) error {
+	return nil
+}
+
+func testAccCheckQuickSightGroupMembershipExists(resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+
+		awsAccountID, namespace, groupName, userName, err := resourceAwsQuickSightGroupMembershipParseID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).quicksightconn
+
+		input := &quicksight.ListUserGroupsInput{
+			AwsAccountId: aws.String(awsAccountID),
+			Namespace:    aws.String(namespace),
+			UserName:     aws.String(userName),
+		}
+
+		output, err := conn.ListUserGroups(input)
+
+		if err != nil {
+			return err
+		}
+
+		if output == nil || output.GroupList == nil {
+			return fmt.Errorf("QuickSight Group (%s) not found", rs.Primary.ID)
+		}
+
+		for _, group := range output.GroupList {
+			if *group.GroupName == groupName {
+				return nil
+			}
+		}
+
+		return fmt.Errorf("QuickSight Group (%s) not found in user's group list", rs.Primary.ID)
+	}
+}
+
+func testAccCheckQuickSightGroupMembershipDisappears(groupName string, memberName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := testAccProvider.Meta().(*AWSClient).quicksightconn
+
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "aws_quicksight_group_membership" {
+				continue
+			}
+
+			awsAccountID, namespace, groupName, userName, err := resourceAwsQuickSightGroupMembershipParseID(rs.Primary.ID)
+			if err != nil {
+				return err
+			}
+
+			input := &quicksight.DeleteGroupMembershipInput{
+				AwsAccountId: aws.String(awsAccountID),
+				Namespace:    aws.String(namespace),
+				MemberName:   aws.String(userName),
+				GroupName:    aws.String(groupName),
+			}
+
+			if _, err := conn.DeleteGroupMembership(input); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
+
+func testAccAWSQuickSightGroupMembershipConfig(groupName string, memberName string) string {
+	return fmt.Sprintf(`
+%s
+%s
+resource "aws_quicksight_group_membership" "default" {
+  group_name  = aws_quicksight_group.default.group_name
+  member_name = aws_quicksight_user.%s.user_name
+}
+`, testAccAWSQuickSightGroupConfig(groupName), testAccAWSQuickSightUserConfig(memberName), memberName)
+}
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.16
 
 require (
 	github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 // indirect
+	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/aws/aws-sdk-go v1.40.28
 	github.com/beevik/etree v1.1.0
 	github.com/fatih/color v1.9.0 // indirect
@@ -12,6 +13,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-version v1.3.0
+	github.com/hashicorp/hcl/v2 v2.8.2 // indirect
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0
 	github.com/jen20/awspolicyequivalence v1.1.0
 	github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba
@@ -22,6 +24,8 @@ require (
 	github.com/pquerna/otp v1.3.0
 	github.com/shopspring/decimal v1.2.0
 	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
+	golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb // indirect
+	google.golang.org/api v0.34.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 )