feat(identitycenter): add datasource identitycenter permission sets

docs/data-sources/identitycenter_permission_sets.md

@@ -0,0 +1,61 @@
+---
+subcategory: "IAM Identity Center"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_identitycenter_permission_sets"
+description: |-
+  Use this data source to get the Identity Center permission sets.
+---
+
+# huaweicloud_identitycenter_permission_sets
+
+Use this data source to get the Identity Center permission sets.
+
+## Example Usage
+
+```hcl
+variable "instance_id" {}
+
+data "huaweicloud_identitycenter_permission_sets" "test" {
+  instance_id = var.instance_id
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the resource.
+  If omitted, the provider-level region will be used.
+
+* `instance_id` - (Required, String) Specifies the ID of an IAM Identity Center instance.
+
+* `permission_set_id` - (Optional, String) Specifies the ID of a permission set.
+
+* `name` - (Optional, String) Specifies  the name of a permission set.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `permission_sets` - The permission set list.
+
+  The [permission_sets](#permission_sets_struct) structure is documented below.
+
+<a name="permission_sets_struct"></a>
+The `permission_sets` block supports:
+
+* `description` - The description of a permission set.
+
+* `name` - The name of a permission set.
+
+* `permission_set_id` - The ID of a permission set.
+
+* `relay_state` - The redirection of users within an application during the federated authentication.
+
+* `session_duration` - The length of time that the application user sessions are valid.
+
+* `permission_urn` - The URN of a permission set.
+
+* `created_at` - The time when a permission set is created.

huaweicloud/provider.go

@@ -862,6 +862,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_identitycenter_groups":                                  identitycenter.DataSourceIdentityCenterGroups(),
 			"huaweicloud_identitycenter_users":                                   identitycenter.DataSourceIdentityCenterUsers(),
 			"huaweicloud_identitycenter_access_control_attribute_configurations": identitycenter.DataSourceAccessControlAttributeConfigurations(),
+			"huaweicloud_identitycenter_permission_sets":                         identitycenter.DataSourceIdentitycenterPermissionSets(),
 
 			"huaweicloud_iec_bandwidths":     iec.DataSourceBandWidths(),
 			"huaweicloud_iec_eips":           iec.DataSourceEips(),

huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_permission_sets_test.go

@@ -0,0 +1,79 @@
+package identitycenter
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourceIdentitycenterPermissionSets_basic(t *testing.T) {
+	dataSource := "data.huaweicloud_identitycenter_permission_sets.test"
+	rName := acceptance.RandomAccResourceName()
+	dc := acceptance.InitDataSourceCheck(dataSource)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckMultiAccount(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testDataSourceDataSourceIdentitycenterPermissionSets_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttrSet(dataSource, "permission_sets.#"),
+					resource.TestCheckResourceAttrSet(dataSource, "permission_sets.0.permission_set_id"),
+					resource.TestCheckResourceAttrSet(dataSource, "permission_sets.0.name"),
+					resource.TestCheckOutput("is_id_filter_useful", "true"),
+					resource.TestCheckOutput("is_name_filter_useful", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testDataSourceDataSourceIdentitycenterPermissionSets_basic(name string) string {
+	return fmt.Sprintf(`
+%s
+
+data "huaweicloud_identitycenter_permission_sets" "test" {
+  instance_id = data.huaweicloud_identitycenter_instance.system.id
+}
+
+locals {
+  permission_set_id = data.huaweicloud_identitycenter_permission_sets.test.permission_sets[0].permission_set_id
+  name              = data.huaweicloud_identitycenter_permission_sets.test.permission_sets[0].name
+}
+
+data "huaweicloud_identitycenter_permission_sets" "filter_by_id" {
+  instance_id       = data.huaweicloud_identitycenter_instance.system.id
+  permission_set_id = local.permission_set_id
+}
+
+data "huaweicloud_identitycenter_permission_sets" "filter_by_name" {
+  instance_id = data.huaweicloud_identitycenter_instance.system.id
+  name        = local.name
+}
+
+locals {
+  list_by_id   = data.huaweicloud_identitycenter_permission_sets.filter_by_id.permission_sets
+  list_by_name = data.huaweicloud_identitycenter_permission_sets.filter_by_name.permission_sets
+}
+  
+output "is_id_filter_useful" {
+  value = length(local.list_by_id) > 0 && alltrue(
+    [for v in local.list_by_id[*].permission_set_id : v == local.permission_set_id]
+  )
+}
+
+output "is_name_filter_useful" {
+  value = length(local.list_by_name) > 0 && alltrue(
+    [for v in local.list_by_name[*].name : v == local.name]
+  )
+}
+`, testPermissionSet_basic(name))
+}

huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_permission_sets.go

@@ -0,0 +1,173 @@
+// Generated by PMS #484
+package identitycenter
+
+import (
+	"context"
+	"strings"
+
+	"github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/tidwall/gjson"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/httphelper"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/schemas"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
+)
+
+func DataSourceIdentitycenterPermissionSets() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceIdentitycenterPermissionSetsRead,
+
+		Schema: map[string]*schema.Schema{
+			"region": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: `Specifies the region in which to query the resource. If omitted, the provider-level region will be used.`,
+			},
+			"instance_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: `Specifies the ID of an IAM Identity Center instance.`,
+			},
+			"permission_set_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: `Specifies the ID of a permission set.`,
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: `Specifies  the name of a permission set.`,
+			},
+			"permission_sets": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: `The permission set list.`,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"description": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The description of a permission set.`,
+						},
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The name of a permission set.`,
+						},
+						"permission_set_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The ID of a permission set.`,
+						},
+						"relay_state": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The redirection of users within an application during the federated authentication.`,
+						},
+						"session_duration": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The length of time that the application user sessions are valid.`,
+						},
+						"permission_urn": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The URN of a permission set.`,
+						},
+						"created_at": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The time when a permission set is created.`,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+type PermissionSetsDSWrapper struct {
+	*schemas.ResourceDataWrapper
+	Config *config.Config
+}
+
+func newPermissionSetsDSWrapper(d *schema.ResourceData, meta interface{}) *PermissionSetsDSWrapper {
+	return &PermissionSetsDSWrapper{
+		ResourceDataWrapper: schemas.NewSchemaWrapper(d),
+		Config:              meta.(*config.Config),
+	}
+}
+
+func dataSourceIdentitycenterPermissionSetsRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	wrapper := newPermissionSetsDSWrapper(d, meta)
+	lisPerSetRst, err := wrapper.ListPermissionSets()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	id, err := uuid.GenerateUUID()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(id)
+
+	err = wrapper.listPermissionSetsToSchema(lisPerSetRst)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}
+
+// @API IDENTITYCENTER GET /v1/instances/{instance_id}/permission-sets
+func (w *PermissionSetsDSWrapper) ListPermissionSets() (*gjson.Result, error) {
+	client, err := w.NewClient(w.Config, "identitycenter")
+	if err != nil {
+		return nil, err
+	}
+
+	uri := "/v1/instances/{instance_id}/permission-sets"
+	uri = strings.ReplaceAll(uri, "{instance_id}", w.Get("instance_id").(string))
+	params := map[string]any{
+		"permission_set_id": w.Get("permission_set_id"),
+		"name":              w.Get("name"),
+	}
+	params = utils.RemoveNil(params)
+	return httphelper.New(client).
+		Method("GET").
+		URI(uri).
+		Query(params).
+		MarkerPager("permission_sets", " page_info.next_marker", "marker").
+		Request().
+		Result()
+}
+
+func (w *PermissionSetsDSWrapper) listPermissionSetsToSchema(body *gjson.Result) error {
+	d := w.ResourceData
+	mErr := multierror.Append(nil,
+		d.Set("region", w.Config.GetRegion(w.ResourceData)),
+		d.Set("permission_sets", schemas.SliceToList(body.Get("permission_sets"),
+			func(permissionSets gjson.Result) any {
+				return map[string]any{
+					"description":       permissionSets.Get("description").Value(),
+					"name":              permissionSets.Get("name").Value(),
+					"permission_set_id": permissionSets.Get("permission_set_id").Value(),
+					"relay_state":       permissionSets.Get("relay_state").Value(),
+					"session_duration":  permissionSets.Get("session_duration").Value(),
+					"permission_urn":    permissionSets.Get("permission_urn").Value(),
+					"created_at":        w.setPerSetCreDate(permissionSets),
+				}
+			},
+		)),
+	)
+	return mErr.ErrorOrNil()
+}
+
+func (*PermissionSetsDSWrapper) setPerSetCreDate(data gjson.Result) string {
+	return utils.FormatTimeStampRFC3339((data.Get("created_date").Int())/1000, true)
+}