From 769af0a440238b5405e04a44e6c38da2b7a4eb6c Mon Sep 17 00:00:00 2001 From: luoping-12345 Date: Tue, 17 Dec 2024 19:16:49 +0800 Subject: [PATCH] feat(identitycenter): add datasource access control attribute configurations --- ...access_control_attribute_configurations.md | 47 +++++++ huaweicloud/provider.go | 7 +- ...s_control_attribute_configurations_test.go | 47 +++++++ ...access_control_attribute_configurations.go | 122 ++++++++++++++++++ 4 files changed, 220 insertions(+), 3 deletions(-) create mode 100644 docs/data-sources/identitycenter_access_control_attribute_configurations.md create mode 100644 huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations_test.go create mode 100644 huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations.go diff --git a/docs/data-sources/identitycenter_access_control_attribute_configurations.md b/docs/data-sources/identitycenter_access_control_attribute_configurations.md new file mode 100644 index 0000000000..d11a8ad0aa --- /dev/null +++ b/docs/data-sources/identitycenter_access_control_attribute_configurations.md @@ -0,0 +1,47 @@ +--- +subcategory: "IAM Identity Center" +layout: "huaweicloud" +page_title: "HuaweiCloud: huaweicloud_identitycenter_access_control_attribute_configurations" +description: |- + Use this data source to get the Identity Center access control attribute configurations. +--- + +# huaweicloud_identitycenter_access_control_attribute_configurations + +Use this data source to get the Identity Center access control attribute configurations. + +## Example Usage + +```hcl +variable "instance_id" {} + +data "huaweicloud_identitycenter_access_control_attribute_configurations" { + instance_id = var.instance_id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `region` - (Optional, String) Specifies the region in which to query the resource. + If omitted, the provider-level region will be used. + +* `instance_id` - (Required, String) Specifies the ID of the IAM Identity Center instance. + +## Attribute Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - The data source ID. + +* `access_control_attributes` - The attributes configured for ABAC in the IAM Identity Center instance. + + The [access_control_attributes](#instance_access_control_attribute_configuration_struct) structure is documented below. + + +The `access_control_attributes` block supports: + +* `value` - The mapping the specified attribute to the identity source. + +* `key` - The name of the attribute associated with the identity in the identity source. diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go index b16211091a..5ffd9a0fb1 100644 --- a/huaweicloud/provider.go +++ b/huaweicloud/provider.go @@ -856,9 +856,10 @@ func Provider() *schema.Provider { "huaweicloud_identity_agencies": iam.DataSourceIdentityAgencies(), "huaweicloud_identity_providers": iam.DataSourceIamIdentityProviders(), - "huaweicloud_identitycenter_instance": identitycenter.DataSourceIdentityCenter(), - "huaweicloud_identitycenter_groups": identitycenter.DataSourceIdentityCenterGroups(), - "huaweicloud_identitycenter_users": identitycenter.DataSourceIdentityCenterUsers(), + "huaweicloud_identitycenter_instance": identitycenter.DataSourceIdentityCenter(), + "huaweicloud_identitycenter_groups": identitycenter.DataSourceIdentityCenterGroups(), + "huaweicloud_identitycenter_users": identitycenter.DataSourceIdentityCenterUsers(), + "huaweicloud_identitycenter_access_control_attribute_configurations": identitycenter.DataSourceAccessControlAttributeConfigurations(), "huaweicloud_iec_bandwidths": iec.DataSourceBandWidths(), "huaweicloud_iec_eips": iec.DataSourceEips(), diff --git a/huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations_test.go b/huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations_test.go new file mode 100644 index 0000000000..1da728313c --- /dev/null +++ b/huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations_test.go @@ -0,0 +1,47 @@ +package identitycenter + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance" +) + +func TestAccDataSourceAccessControlAttributeConfigurations_basic(t *testing.T) { + dataSource := "data.huaweicloud_identitycenter_access_control_attribute_configurations.test" + rName := acceptance.RandomAccResourceName() + dc := acceptance.InitDataSourceCheck(dataSource) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acceptance.TestAccPreCheck(t) + acceptance.TestAccPreCheckMultiAccount(t) + }, + ProviderFactories: acceptance.TestAccProviderFactories, + Steps: []resource.TestStep{ + { + Config: testDataSourceAccessControlAttributeConfigurations_basic(rName), + Check: resource.ComposeTestCheckFunc( + dc.CheckResourceExists(), + resource.TestCheckResourceAttrSet(dataSource, "access_control_attributes.#"), + resource.TestCheckResourceAttr(dataSource, "access_control_attributes.0.key", rName+"_1"), + resource.TestCheckResourceAttr(dataSource, "access_control_attributes.0.value.0", "${user:email}"), + ), + }, + }, + }) +} + +func testDataSourceAccessControlAttributeConfigurations_basic(name string) string { + return fmt.Sprintf(` +%[1]s + +data "huaweicloud_identitycenter_instance" "test" {} + +data "huaweicloud_identitycenter_access_control_attribute_configurations" "test" { + instance_id = data.huaweicloud_identitycenter_instance.test.id +} +`, testAccessControlAttributeConfiguration_basic(name)) +} diff --git a/huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations.go b/huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations.go new file mode 100644 index 0000000000..f3d1315ac8 --- /dev/null +++ b/huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_access_control_attribute_configurations.go @@ -0,0 +1,122 @@ +// Generated by PMS #476 +package identitycenter + +import ( + "context" + "strings" + + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/tidwall/gjson" + + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/httphelper" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/schemas" +) + +func DataSourceAccessControlAttributeConfigurations() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIdentitycenterAccessControlAttributeConfigurationsRead, + + Schema: map[string]*schema.Schema{ + "region": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `Specifies the region in which to query the resource. If omitted, the provider-level region will be used.`, + }, + "instance_id": { + Type: schema.TypeString, + Required: true, + Description: `Specifies the ID of the IAM Identity Center instance.`, + }, + "access_control_attributes": { + Type: schema.TypeList, + Computed: true, + Description: `The attributes configured for ABAC in the IAM Identity Center instance.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "value": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: `The mapping the specified attribute to the identity source.`, + }, + "key": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the attribute associated with the identity in the identity source.`, + }, + }, + }, + }, + }, + } +} + +type AccessControlAttributeConfigurationsDSWrapper struct { + *schemas.ResourceDataWrapper + Config *config.Config +} + +func newAccessControlAttributeConfigurationsDSWrapper(d *schema.ResourceData, meta interface{}) *AccessControlAttributeConfigurationsDSWrapper { + return &AccessControlAttributeConfigurationsDSWrapper{ + ResourceDataWrapper: schemas.NewSchemaWrapper(d), + Config: meta.(*config.Config), + } +} + +func dataSourceIdentitycenterAccessControlAttributeConfigurationsRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + wrapper := newAccessControlAttributeConfigurationsDSWrapper(d, meta) + diacacr, err := wrapper.DescribeInstanceAccessControlAttributeConfiguration() + if err != nil { + return diag.FromErr(err) + } + + id, err := uuid.GenerateUUID() + if err != nil { + return diag.FromErr(err) + } + d.SetId(id) + + err = wrapper.describeInstanceAccessControlAttributeConfigurationToSchema(diacacr) + if err != nil { + return diag.FromErr(err) + } + + return nil +} + +// @API IDENTITYCENTER GET /v1/instances/{instance_id}/access-control-attribute-configuration +func (w *AccessControlAttributeConfigurationsDSWrapper) DescribeInstanceAccessControlAttributeConfiguration() (*gjson.Result, error) { + client, err := w.NewClient(w.Config, "identitycenter") + if err != nil { + return nil, err + } + + uri := "/v1/instances/{instance_id}/access-control-attribute-configuration" + uri = strings.ReplaceAll(uri, "{instance_id}", w.Get("instance_id").(string)) + return httphelper.New(client). + Method("GET"). + URI(uri). + Request(). + Result() +} + +func (w *AccessControlAttributeConfigurationsDSWrapper) describeInstanceAccessControlAttributeConfigurationToSchema(body *gjson.Result) error { + d := w.ResourceData + mErr := multierror.Append(nil, + d.Set("region", w.Config.GetRegion(w.ResourceData)), + d.Set("access_control_attributes", schemas.SliceToList(body.Get("instance_access_control_attribute_configuration.access_control_attributes"), + func(accConAtt gjson.Result) any { + return map[string]any{ + "value": schemas.SliceToStrList(accConAtt.Get("value.source")), + "key": accConAtt.Get("key").Value(), + } + }, + )), + ) + return mErr.ErrorOrNil() +}