feat(identitycenter): add resource identitycenter access control attr…

…ibute config
huaweicloud · Dec 19, 2024 · 252148b · 252148b
1 parent 818ad5d
commit 252148b
Show file tree

Hide file tree

Showing 4 changed files with 425 additions and 9 deletions.
diff --git a/docs/resources/identitycenter_access_control_attribute_configuration.md b/docs/resources/identitycenter_access_control_attribute_configuration.md
@@ -0,0 +1,53 @@
+---
+subcategory: "IAM Identity Center"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_identitycenter_access_control_attribute_configuration"
+description: |-
+  Manages an Identity Center access control attribute configuration resource within HuaweiCloud.
+---
+
+# huaweicloud_identitycenter_access_control_attribute_configuration
+
+Manages an Identity Center access control attribute configuration resource within HuaweiCloud.
+
+## Example Usage
+
+```hcl
+variable "instance_id" {}
+
+resource "huaweicloud_identitycenter_access_control_attribute_configuration" "test" {
+  instance_id = var.instance_id
+
+  access_control_attributes {
+    key   = "test"
+    value = ["$${user:email}"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+  Changing this creates a new resource.
+
+* `instance_id` - (Required, String, ForceNew) Specifies the ID of the IAM Identity Center instance.
+  Changing this creates a new resource.
+
+* `access_control_attributes` - (Optional, List) Specifies the properties of ABAC configuration in IAM Identity Center instance.
+  The [access_control_attributes](#access_control_attributes) structure is documented below.
+
+<a name="access_control_attributes"></a>
+The `access_control_attributes` block supports:
+
+* `key` - (Required, String) Specifies the name of the attribute associated with the identity in your identity source.
+
+* `value` - (Required, List) Specifies the value used to map the specified attribute to the identity source.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -1764,15 +1764,16 @@ func Provider() *schema.Provider {
 			"huaweicloud_identity_user_token":            iam.ResourceIdentityUserToken(),
 			"huaweicloud_identity_policy":                iam.ResourceIdentityPolicy(),
 
-			"huaweicloud_identitycenter_user":                              identitycenter.ResourceIdentityCenterUser(),
-			"huaweicloud_identitycenter_group":                             identitycenter.ResourceIdentityCenterGroup(),
-			"huaweicloud_identitycenter_group_membership":                  identitycenter.ResourceGroupMembership(),
-			"huaweicloud_identitycenter_permission_set":                    identitycenter.ResourcePermissionSet(),
-			"huaweicloud_identitycenter_system_policy_attachment":          identitycenter.ResourceSystemPolicyAttachment(),
-			"huaweicloud_identitycenter_system_identity_policy_attachment": identitycenter.ResourceSystemIdentityPolicyAttachment(),
-			"huaweicloud_identitycenter_account_assignment":                identitycenter.ResourceIdentityCenterAccountAssignment(),
-			"huaweicloud_identitycenter_custom_policy_attachment":          identitycenter.ResourceCustomPolicyAttachment(),
-			"huaweicloud_identitycenter_custom_role_attachment":            identitycenter.ResourceCustomRoleAttachment(),
+			"huaweicloud_identitycenter_user":                                   identitycenter.ResourceIdentityCenterUser(),
+			"huaweicloud_identitycenter_group":                                  identitycenter.ResourceIdentityCenterGroup(),
+			"huaweicloud_identitycenter_group_membership":                       identitycenter.ResourceGroupMembership(),
+			"huaweicloud_identitycenter_permission_set":                         identitycenter.ResourcePermissionSet(),
+			"huaweicloud_identitycenter_system_policy_attachment":               identitycenter.ResourceSystemPolicyAttachment(),
+			"huaweicloud_identitycenter_system_identity_policy_attachment":      identitycenter.ResourceSystemIdentityPolicyAttachment(),
+			"huaweicloud_identitycenter_account_assignment":                     identitycenter.ResourceIdentityCenterAccountAssignment(),
+			"huaweicloud_identitycenter_custom_policy_attachment":               identitycenter.ResourceCustomPolicyAttachment(),
+			"huaweicloud_identitycenter_custom_role_attachment":                 identitycenter.ResourceCustomRoleAttachment(),
+			"huaweicloud_identitycenter_access_control_attribute_configuration": identitycenter.ResourceAccessControlAttributeConfiguration(),
 
 			"huaweicloud_iec_eip":                 iec.ResourceEip(),
 			"huaweicloud_iec_keypair":             iec.ResourceKeypair(),

diff --git a/...center/resource_huaweicloud_identitycenter_access_control_attribute_configuration_test.go b/...center/resource_huaweicloud_identitycenter_access_control_attribute_configuration_test.go
@@ -0,0 +1,122 @@
+package identitycenter
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/chnsz/golangsdk"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/identitycenter"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
+)
+
+func getAccessControlAttributeConfigurationResourceFunc(cfg *config.Config, state *terraform.ResourceState) (interface{}, error) {
+	region := acceptance.HW_REGION_NAME
+	client, err := cfg.NewServiceClient("identitycenter", region)
+	if err != nil {
+		return nil, fmt.Errorf("error creating Identity Center client: %s", err)
+	}
+
+	resp, err := identitycenter.GetAccessControlAttributeConfiguration(client, state.Primary.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	status := utils.PathSearch("status", resp, "").(string)
+	if status != "ENABLED" {
+		return nil, golangsdk.ErrDefault404{}
+	}
+
+	return resp, nil
+}
+
+func TestAccAccessControlAttributeConfiguration_basic(t *testing.T) {
+	var obj interface{}
+
+	name := acceptance.RandomAccResourceName()
+	rName := "huaweicloud_identitycenter_access_control_attribute_configuration.test"
+
+	rc := acceptance.InitResourceCheck(
+		rName,
+		&obj,
+		getAccessControlAttributeConfigurationResourceFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckMultiAccount(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccessControlAttributeConfiguration_basic(name),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttrPair(rName, "instance_id", "data.huaweicloud_identitycenter_instance.system", "id"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.#", "1"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.0.key", name+"_1"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.0.value.0", "${user:email}"),
+				),
+			},
+			{
+				Config: testAccessControlAttributeConfiguration_update(name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(rName, "instance_id", "data.huaweicloud_identitycenter_instance.system", "id"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.#", "2"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.0.key", name+"_1"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.0.value.0", "${user:email}"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.1.key", name+"_2"),
+					resource.TestCheckResourceAttr(rName, "access_control_attributes.1.value.0", "${user:familyName}"),
+				),
+			},
+			{
+				ResourceName:            rName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"instance_id"},
+			},
+		},
+	})
+}
+
+func testAccessControlAttributeConfiguration_basic(name string) string {
+	return fmt.Sprintf(`
+data "huaweicloud_identitycenter_instance" "system" {}
+
+resource "huaweicloud_identitycenter_access_control_attribute_configuration" "test" {
+  instance_id = data.huaweicloud_identitycenter_instance.system.id
+
+  access_control_attributes {
+    key   = "%[1]s_1"
+    value = ["$${user:email}"]
+  }
+}
+`, name)
+}
+
+func testAccessControlAttributeConfiguration_update(name string) string {
+	return fmt.Sprintf(`
+data "huaweicloud_identitycenter_instance" "system" {}
+
+resource "huaweicloud_identitycenter_access_control_attribute_configuration" "test" {
+  instance_id = data.huaweicloud_identitycenter_instance.system.id
+
+  access_control_attributes {
+    key   = "%[1]s_1"
+    value = ["$${user:email}"]
+  }
+
+  access_control_attributes {
+    key   = "%[1]s_2"
+    value = ["$${user:familyName}"]
+  }
+}
+`, name)
+}