cloudflare · bootswithdefer · Sep 22, 2024 · Dec 31, 2024
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+cloudflare_zero_trust_access_groups
+```
@@ -0,0 +1,40 @@
+---
+page_title: "cloudflare_zero_trust_access_groups Data Source - Cloudflare"
+subcategory: ""
+description: |-
+  Use this data source to look up Zero Trust Access Groups https://developers.cloudflare.com/cloudflare-one/identity/users/groups/.
+  Commonly used as references within cloudflare_zero_trust_access_policy resources.
+---
+
+# cloudflare_zero_trust_access_groups (Data Source)
+
+Use this data source to look up [Zero Trust Access Groups](https://developers.cloudflare.com/cloudflare-one/identity/users/groups/).
+Commonly used as references within [`cloudflare_zero_trust_access_policy`](/docs/providers/cloudflare/r/zero_trust_access_policy.html) resources.
+
+## Example Usage
+
+```terraform
+data "cloudflare_zero_trust_access_groups" "example" {
+  account_id = "f037e56e89293a057740de681ac9abbe"
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) Cloudflare Account ID
+
+### Read-Only
+
+- `groups` (Attributes List) A list of Zero Trust Access Groups. (see [below for nested schema](#nestedatt--groups))
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Read-Only:
+
+- `id` (String) The identifier for this group.
+- `name` (String) The name of the group.
+
+
@@ -0,0 +1,3 @@
+data "cloudflare_zero_trust_access_groups" "example" {
+  account_id = "f037e56e89293a057740de681ac9abbe"
+}
@@ -43,6 +43,7 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/user"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/workers_for_platforms_dispatch_namespace"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/workers_for_platforms_dispatch_namespace_deprecated"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_access_groups"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_access_mtls_hostname_settings"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_infrastructure_access_target"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_risk_behavior"
@@ -413,6 +414,7 @@ func (p *CloudflareProvider) DataSources(ctx context.Context) []func() datasourc
 		dcv_delegation.NewDataSource,
 		infrastructure_access_target_deprecated.NewDataSource,
 		zero_trust_infrastructure_access_target.NewDataSource,
+		zero_trust_access_groups.NewDataSource,
 	}
 }
 

@@ -0,0 +1,82 @@
+package zero_trust_access_groups
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/cloudflare/cloudflare-go/v2"
+	"github.com/cloudflare/cloudflare-go/v2/zero_trust"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/muxclient"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var _ datasource.DataSource = &ZeroTrustAccessGroupsDataSource{}
+
+func NewDataSource() datasource.DataSource {
+	return &ZeroTrustAccessGroupsDataSource{}
+}
+
+// ZeroTrustAccessGroupsDataSource defines the data source implementation.
+type ZeroTrustAccessGroupsDataSource struct {
+	client *muxclient.Client
+}
+
+func (d *ZeroTrustAccessGroupsDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_zero_trust_access_groups"
+}
+
+func (d *ZeroTrustAccessGroupsDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*muxclient.Client)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"unexpected resource configure type",
+			fmt.Sprintf("Expected *muxclient.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *ZeroTrustAccessGroupsDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	tflog.Debug(ctx, fmt.Sprintf("Reading Zero Trust Access Group"))
+	var data ZeroTrustAccessGroupsModel
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	params := zero_trust.AccessGroupListParams{
+		AccountID: cloudflare.F(data.AccountID.ValueString()),
+	}
+
+	iter := d.client.V2.ZeroTrust.Access.Groups.ListAutoPaging(ctx, params)
+	var groups []ZeroTrustAccessGroupModel
+
+	for iter.Next() {
+		group := iter.Current()
+
+		groups = append(groups, ZeroTrustAccessGroupModel{
+			ID:   types.StringValue(group.ID),
+			Name: types.StringValue(group.Name),
+		})
+	}
+	if err := iter.Err(); err != nil {
+		resp.Diagnostics.AddError("Failed to fetch Zero Trust Access Groups", err.Error())
+		return
+	}
+
+	data.Groups = groups
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
@@ -0,0 +1,40 @@
+package zero_trust_access_groups_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccCloudflareAccessGroups_DataSource(t *testing.T) {
+	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+
+	if accountID == "" {
+		t.Fatal("CLOUDFLARE_ACCOUNT_ID must be set for acceptance tests")
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.TestAccPreCheck(t) },
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareZeroTrustAccessGroupsDataSourceConfig(accountID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.cloudflare_zero_trust_access_groups.this", "account_id"),
+					resource.TestCheckResourceAttrSet("data.cloudflare_zero_trust_access_groups.this", "groups.#"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudflareZeroTrustAccessGroupsDataSourceConfig(accountID string) string {
+	return fmt.Sprintf(`
+data "cloudflare_zero_trust_access_groups" "this" {
+    account_id = "%s"
+}
+`, accountID)
+}
@@ -0,0 +1,15 @@
+package zero_trust_access_groups
+
+import "github.com/hashicorp/terraform-plugin-framework/types"
+
+// ZeroTrustAccessGroupModel describes the data source data model for groups
+type ZeroTrustAccessGroupsModel struct {
+	AccountID types.String                `tfsdk:"account_id"`
+	Groups    []ZeroTrustAccessGroupModel `tfsdk:"groups"`
+}
+
+// ZeroTrustAccessGroupModel describes the data source data model for a group
+type ZeroTrustAccessGroupModel struct {
+	ID   types.String `tfsdk:"id"`
+	Name types.String `tfsdk:"name"`
+}
@@ -0,0 +1,41 @@
+package zero_trust_access_groups
+
+import (
+	"context"
+
+	"github.com/MakeNowJust/heredoc/v2"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+)
+
+func (r *ZeroTrustAccessGroupsDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		// This description is used by the documentation generator and the language server.
+		Description: heredoc.Docf(`
+			Use this data source to look up [Zero Trust Access Groups](https://developers.cloudflare.com/cloudflare-one/identity/users/groups/).
+			Commonly used as references within [%s](/docs/providers/cloudflare/r/zero_trust_access_policy.html) resources.
+		`, "`cloudflare_zero_trust_access_policy`"),
+		Attributes: map[string]schema.Attribute{
+			"account_id": schema.StringAttribute{
+				Required:    true,
+				Description: "Cloudflare Account ID",
+			},
+			"groups": schema.ListNestedAttribute{
+				Computed:    true,
+				Description: "A list of Zero Trust Access Groups.",
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"id": schema.StringAttribute{
+							Computed:    true,
+							Description: "The identifier for this group.",
+						},
+						"name": schema.StringAttribute{
+							Computed:    true,
+							Description: "The name of the group.",
+						},
+					},
+				},
+			},
+		},
+	}
+}