diff --git a/docs/data-sources/identitycenter_permission_sets.md b/docs/data-sources/identitycenter_permission_sets.md new file mode 100644 index 0000000000..abb27f8e9c --- /dev/null +++ b/docs/data-sources/identitycenter_permission_sets.md @@ -0,0 +1,61 @@ +--- +subcategory: "IAM Identity Center" +layout: "huaweicloud" +page_title: "HuaweiCloud: huaweicloud_identitycenter_permission_sets" +description: |- + Use this data source to get the Identity Center permission sets. +--- + +# huaweicloud_identitycenter_permission_sets + +Use this data source to get the Identity Center permission sets. + +## Example Usage + +```hcl +variable "instance_id" {} + +data "huaweicloud_identitycenter_permission_sets" "test" { + instance_id = var.instance_id +} +``` + +## Argument Reference + +The following arguments are supported: + +* `region` - (Optional, String) Specifies the region in which to query the resource. + If omitted, the provider-level region will be used. + +* `instance_id` - (Required, String) Specifies the ID of an IAM Identity Center instance. + +* `permission_set_id` - (Optional, String) Specifies the ID of a permission set. + +* `name` - (Optional, String) Specifies the name of a permission set. + +## Attribute Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - The data source ID. + +* `permission_sets` - The permission set list. + + The [permission_sets](#permission_sets_struct) structure is documented below. + + +The `permission_sets` block supports: + +* `description` - The description of a permission set. + +* `name` - The name of a permission set. + +* `permission_set_id` - The ID of a permission set. + +* `relay_state` - The redirection of users within an application during the federated authentication. + +* `session_duration` - The length of time that the application user sessions are valid. + +* `permission_urn` - The URN of a permission set. + +* `created_at` - The time when a permission set is created. diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go index 9c22c0634f..213757b34e 100644 --- a/huaweicloud/provider.go +++ b/huaweicloud/provider.go @@ -854,9 +854,10 @@ func Provider() *schema.Provider { "huaweicloud_identity_agencies": iam.DataSourceIdentityAgencies(), "huaweicloud_identity_providers": iam.DataSourceIamIdentityProviders(), - "huaweicloud_identitycenter_instance": identitycenter.DataSourceIdentityCenter(), - "huaweicloud_identitycenter_groups": identitycenter.DataSourceIdentityCenterGroups(), - "huaweicloud_identitycenter_users": identitycenter.DataSourceIdentityCenterUsers(), + "huaweicloud_identitycenter_instance": identitycenter.DataSourceIdentityCenter(), + "huaweicloud_identitycenter_groups": identitycenter.DataSourceIdentityCenterGroups(), + "huaweicloud_identitycenter_users": identitycenter.DataSourceIdentityCenterUsers(), + "huaweicloud_identitycenter_permission_sets": identitycenter.DataSourceIdentitycenterPermissionSets(), "huaweicloud_iec_bandwidths": iec.DataSourceBandWidths(), "huaweicloud_iec_eips": iec.DataSourceEips(), diff --git a/huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_permission_sets_test.go b/huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_permission_sets_test.go new file mode 100644 index 0000000000..3c8a22213d --- /dev/null +++ b/huaweicloud/services/acceptance/identitycenter/data_source_huaweicloud_identitycenter_permission_sets_test.go @@ -0,0 +1,79 @@ +package identitycenter + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance" +) + +func TestAccDataSourceIdentitycenterPermissionSets_basic(t *testing.T) { + dataSource := "data.huaweicloud_identitycenter_permission_sets.test" + rName := acceptance.RandomAccResourceName() + dc := acceptance.InitDataSourceCheck(dataSource) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acceptance.TestAccPreCheck(t) + acceptance.TestAccPreCheckMultiAccount(t) + }, + ProviderFactories: acceptance.TestAccProviderFactories, + Steps: []resource.TestStep{ + { + Config: testDataSourceDataSourceIdentitycenterPermissionSets_basic(rName), + Check: resource.ComposeTestCheckFunc( + dc.CheckResourceExists(), + resource.TestCheckResourceAttrSet(dataSource, "permission_sets.#"), + resource.TestCheckResourceAttrSet(dataSource, "permission_sets.0.permission_set_id"), + resource.TestCheckResourceAttrSet(dataSource, "permission_sets.0.name"), + resource.TestCheckOutput("is_id_filter_useful", "true"), + resource.TestCheckOutput("is_name_filter_useful", "true"), + ), + }, + }, + }) +} + +func testDataSourceDataSourceIdentitycenterPermissionSets_basic(name string) string { + return fmt.Sprintf(` +%s + +data "huaweicloud_identitycenter_permission_sets" "test" { + instance_id = data.huaweicloud_identitycenter_instance.system.id +} + +locals { + permission_set_id = data.huaweicloud_identitycenter_permission_sets.test.permission_sets[0].permission_set_id + name = data.huaweicloud_identitycenter_permission_sets.test.permission_sets[0].name +} + +data "huaweicloud_identitycenter_permission_sets" "filter_by_id" { + instance_id = data.huaweicloud_identitycenter_instance.system.id + permission_set_id = local.permission_set_id +} + +data "huaweicloud_identitycenter_permission_sets" "filter_by_name" { + instance_id = data.huaweicloud_identitycenter_instance.system.id + name = local.name +} + +locals { + list_by_id = data.huaweicloud_identitycenter_permission_sets.filter_by_id.permission_sets + list_by_name = data.huaweicloud_identitycenter_permission_sets.filter_by_name.permission_sets +} + +output "is_id_filter_useful" { + value = length(local.list_by_id) > 0 && alltrue( + [for v in local.list_by_id[*].permission_set_id : v == local.permission_set_id] + ) +} + +output "is_name_filter_useful" { + value = length(local.list_by_name) > 0 && alltrue( + [for v in local.list_by_name[*].name : v == local.name] + ) +} +`, testPermissionSet_basic(name)) +} diff --git a/huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_permission_sets.go b/huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_permission_sets.go new file mode 100644 index 0000000000..261f08cf2f --- /dev/null +++ b/huaweicloud/services/identitycenter/data_source_huaweicloud_identitycenter_permission_sets.go @@ -0,0 +1,173 @@ +// Generated by PMS #484 +package identitycenter + +import ( + "context" + "strings" + + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/tidwall/gjson" + + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/httphelper" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/schemas" + "github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils" +) + +func DataSourceIdentitycenterPermissionSets() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIdentitycenterPermissionSetsRead, + + Schema: map[string]*schema.Schema{ + "region": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `Specifies the region in which to query the resource. If omitted, the provider-level region will be used.`, + }, + "instance_id": { + Type: schema.TypeString, + Required: true, + Description: `Specifies the ID of an IAM Identity Center instance.`, + }, + "permission_set_id": { + Type: schema.TypeString, + Optional: true, + Description: `Specifies the ID of a permission set.`, + }, + "name": { + Type: schema.TypeString, + Optional: true, + Description: `Specifies the name of a permission set.`, + }, + "permission_sets": { + Type: schema.TypeList, + Computed: true, + Description: `The permission set list.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "description": { + Type: schema.TypeString, + Computed: true, + Description: `The description of a permission set.`, + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: `The name of a permission set.`, + }, + "permission_set_id": { + Type: schema.TypeString, + Computed: true, + Description: `The ID of a permission set.`, + }, + "relay_state": { + Type: schema.TypeString, + Computed: true, + Description: `The redirection of users within an application during the federated authentication.`, + }, + "session_duration": { + Type: schema.TypeString, + Computed: true, + Description: `The length of time that the application user sessions are valid.`, + }, + "permission_urn": { + Type: schema.TypeString, + Computed: true, + Description: `The URN of a permission set.`, + }, + "created_at": { + Type: schema.TypeString, + Computed: true, + Description: `The time when a permission set is created.`, + }, + }, + }, + }, + }, + } +} + +type PermissionSetsDSWrapper struct { + *schemas.ResourceDataWrapper + Config *config.Config +} + +func newPermissionSetsDSWrapper(d *schema.ResourceData, meta interface{}) *PermissionSetsDSWrapper { + return &PermissionSetsDSWrapper{ + ResourceDataWrapper: schemas.NewSchemaWrapper(d), + Config: meta.(*config.Config), + } +} + +func dataSourceIdentitycenterPermissionSetsRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + wrapper := newPermissionSetsDSWrapper(d, meta) + lisPerSetRst, err := wrapper.ListPermissionSets() + if err != nil { + return diag.FromErr(err) + } + + id, err := uuid.GenerateUUID() + if err != nil { + return diag.FromErr(err) + } + d.SetId(id) + + err = wrapper.listPermissionSetsToSchema(lisPerSetRst) + if err != nil { + return diag.FromErr(err) + } + + return nil +} + +// @API IDENTITYCENTER GET /v1/instances/{instance_id}/permission-sets +func (w *PermissionSetsDSWrapper) ListPermissionSets() (*gjson.Result, error) { + client, err := w.NewClient(w.Config, "identitycenter") + if err != nil { + return nil, err + } + + uri := "/v1/instances/{instance_id}/permission-sets" + uri = strings.ReplaceAll(uri, "{instance_id}", w.Get("instance_id").(string)) + params := map[string]any{ + "permission_set_id": w.Get("permission_set_id"), + "name": w.Get("name"), + } + params = utils.RemoveNil(params) + return httphelper.New(client). + Method("GET"). + URI(uri). + Query(params). + MarkerPager("permission_sets", " page_info.next_marker", "marker"). + Request(). + Result() +} + +func (w *PermissionSetsDSWrapper) listPermissionSetsToSchema(body *gjson.Result) error { + d := w.ResourceData + mErr := multierror.Append(nil, + d.Set("region", w.Config.GetRegion(w.ResourceData)), + d.Set("permission_sets", schemas.SliceToList(body.Get("permission_sets"), + func(permissionSets gjson.Result) any { + return map[string]any{ + "description": permissionSets.Get("description").Value(), + "name": permissionSets.Get("name").Value(), + "permission_set_id": permissionSets.Get("permission_set_id").Value(), + "relay_state": permissionSets.Get("relay_state").Value(), + "session_duration": permissionSets.Get("session_duration").Value(), + "permission_urn": permissionSets.Get("permission_urn").Value(), + "created_at": w.setPerSetCreDate(permissionSets), + } + }, + )), + ) + return mErr.ErrorOrNil() +} + +func (*PermissionSetsDSWrapper) setPerSetCreDate(data gjson.Result) string { + return utils.FormatTimeStampRFC3339((data.Get("created_date").Int())/1000, true) +}