feat(Organizations): add organizations effective policies data source (…

…#5303)
huaweicloud · Aug 1, 2024 · 77a2058 · 77a2058
1 parent 438d4f9
commit 77a2058
Show file tree

Hide file tree

Showing 5 changed files with 239 additions and 0 deletions.
diff --git a/docs/data-sources/organizations_effective_policies.md b/docs/data-sources/organizations_effective_policies.md
@@ -0,0 +1,40 @@
+---
+subcategory: "Organizations"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_organizations_effective_policies"
+description: |-
+  Use this data source to get the effective policies of a specific type for the specified account.
+---
+
+# huaweicloud_organizations_effective_policies
+
+Use this data source to get the effective policies of a specific type for the specified account.
+
+## Example Usage
+
+```hcl
+data "huaweicloud_organizations_effective_policies" "test"{}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the resource.
+  If omitted, the provider-level region will be used.
+
+* `entity_id` - (Required, String) Specifies the unique ID of an account.
+  Currently, the effective policy of the root and organizational units cannot be queried.
+
+* `policy_type` - (Required, String) Specifies the name of a policy type.
+  Currently, the value **tag_policy** is available.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `last_updated_at` - Indicates the time when the effective policy is mostly updated.
+
+* `policy_content` - Indicates the content of the effective policy.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -1028,6 +1028,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_organizations_received_invitations": organizations.DataSourceOrganizationsReceivedInvitations(),
 			"huaweicloud_organizations_services":             organizations.DataSourceOrganizationsServices(),
 			"huaweicloud_organizations_trusted_services":     organizations.DataSourceOrganizationsTrustedServices(),
+			"huaweicloud_organizations_effective_policies":   organizations.DataSourceOrganizationsEffectivePolicies(),
 
 			// Deprecated ongoing (without DeprecationMessage), used by other providers
 			"huaweicloud_vpc_route":                  vpc.DataSourceVpcRouteV2(),

diff --git a/huaweicloud/services/acceptance/acceptance.go b/huaweicloud/services/acceptance/acceptance.go
@@ -189,6 +189,7 @@ var (
 
 	HW_MULTI_ACCOUNT_ENVIRONMENT            = os.Getenv("HW_MULTI_ACCOUNT_ENVIRONMENT")
 	HW_ORGANIZATIONS_OPEN                   = os.Getenv("HW_ORGANIZATIONS_OPEN")
+	HW_ORGANIZATIONS_ACCOUNT_ID             = os.Getenv("HW_ORGANIZATIONS_ACCOUNT_ID")
 	HW_ORGANIZATIONS_ACCOUNT_NAME           = os.Getenv("HW_ORGANIZATIONS_ACCOUNT_NAME")
 	HW_ORGANIZATIONS_INVITE_ACCOUNT_ID      = os.Getenv("HW_ORGANIZATIONS_INVITE_ACCOUNT_ID")
 	HW_ORGANIZATIONS_ORGANIZATIONAL_UNIT_ID = os.Getenv("HW_ORGANIZATIONS_ORGANIZATIONAL_UNIT_ID")
@@ -501,6 +502,13 @@ func TestAccPreCheckOrganizationsOpen(t *testing.T) {
 	}
 }
 
+// lintignore:AT003
+func TestAccPreCheckOrganizationsAccountId(t *testing.T) {
+	if HW_ORGANIZATIONS_ACCOUNT_ID == "" {
+		t.Skip("HW_ORGANIZATIONS_ACCOUNT_ID must be set for the acceptance test")
+	}
+}
+
 // lintignore:AT003
 func TestAccPreCheckOrganizationsAccountName(t *testing.T) {
 	if HW_ORGANIZATIONS_ACCOUNT_NAME == "" {

diff --git a/...acceptance/organizations/data_source_huaweicloud_organizations_effective_policies_test.go b/...acceptance/organizations/data_source_huaweicloud_organizations_effective_policies_test.go
@@ -0,0 +1,75 @@
+package organizations
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourceOrganizationsEffectivePolicies_basic(t *testing.T) {
+	dataSource := "data.huaweicloud_organizations_effective_policies.test"
+	rName := acceptance.RandomAccResourceName()
+	dc := acceptance.InitDataSourceCheck(dataSource)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckMultiAccount(t)
+			acceptance.TestAccPreCheckOrganizationsOpen(t)
+			acceptance.TestAccPreCheckOrganizationsAccountId(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testDataSourceOrganizationsEffectivePolicies_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttrSet(dataSource, "last_updated_at"),
+					resource.TestCheckResourceAttrSet(dataSource, "policy_content"),
+				),
+			},
+		},
+	})
+}
+
+func testDataSourceOrganizationsEffectivePolicies_base(rName string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_organizations_policy" "test"{
+  name        = "%[1]s"
+  type        = "tag_policy"
+  description = "test description"
+  content     = jsonencode(
+    {
+      "tags":{
+        "test_tag":{
+          "tag_key":{
+            "@@assign":"test_tag"
+          }
+        }
+      }
+    }
+  )
+}
+
+resource "huaweicloud_organizations_policy_attach" "test" {
+  policy_id = huaweicloud_organizations_policy.test.id
+  entity_id = "%[2]s"
+}
+`, rName, acceptance.HW_ORGANIZATIONS_ACCOUNT_ID)
+}
+
+func testDataSourceOrganizationsEffectivePolicies_basic(rName string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+data "huaweicloud_organizations_effective_policies" "test" {
+  depends_on = [huaweicloud_organizations_policy_attach.test]
+
+  entity_id   = "%[2]s"
+  policy_type = "tag_policy"
+}
+`, testDataSourceOrganizationsEffectivePolicies_base(rName), acceptance.HW_ORGANIZATIONS_ACCOUNT_ID)
+}
diff --git a/...icloud/services/organizations/data_source_huaweicloud_organizations_effective_policies.go b/...icloud/services/organizations/data_source_huaweicloud_organizations_effective_policies.go
@@ -0,0 +1,115 @@
+// Generated by PMS #282
+package organizations
+
+import (
+	"context"
+
+	"github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/tidwall/gjson"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/httphelper"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/helper/schemas"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
+)
+
+func DataSourceOrganizationsEffectivePolicies() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceOrganizationsEffectivePoliciesRead,
+
+		Schema: map[string]*schema.Schema{
+			"region": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: `Specifies the region in which to query the resource. If omitted, the provider-level region will be used.`,
+			},
+			"entity_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: `Specifies the unique ID of an account.`,
+			},
+			"policy_type": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: `Specifies the name of a policy type.`,
+			},
+			"last_updated_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `Indicates the time when the effective policy is mostly updated.`,
+			},
+			"policy_content": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `Indicates the content of the effective policy.`,
+			},
+		},
+	}
+}
+
+type EffectivePoliciesDSWrapper struct {
+	*schemas.ResourceDataWrapper
+	Config *config.Config
+}
+
+func newEffectivePoliciesDSWrapper(d *schema.ResourceData, meta interface{}) *EffectivePoliciesDSWrapper {
+	return &EffectivePoliciesDSWrapper{
+		ResourceDataWrapper: schemas.NewSchemaWrapper(d),
+		Config:              meta.(*config.Config),
+	}
+}
+
+func dataSourceOrganizationsEffectivePoliciesRead(_ context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	wrapper := newEffectivePoliciesDSWrapper(d, meta)
+	shoEffPolRst, err := wrapper.ShowEffectivePolicies()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = wrapper.showEffectivePoliciesToSchema(shoEffPolRst)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	id, err := uuid.GenerateUUID()
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(id)
+	return nil
+}
+
+// @API Organizations GET /v1/organizations/entities/effective-policies
+func (w *EffectivePoliciesDSWrapper) ShowEffectivePolicies() (*gjson.Result, error) {
+	client, err := w.NewClient(w.Config, "organizations")
+	if err != nil {
+		return nil, err
+	}
+
+	uri := "/v1/organizations/entities/effective-policies"
+	params := map[string]any{
+		"entity_id":   w.Get("entity_id"),
+		"policy_type": w.Get("policy_type"),
+	}
+	params = utils.RemoveNil(params)
+	return httphelper.New(client).
+		Method("GET").
+		URI(uri).
+		Query(params).
+		Request().
+		Result()
+}
+
+func (w *EffectivePoliciesDSWrapper) showEffectivePoliciesToSchema(body *gjson.Result) error {
+	d := w.ResourceData
+	mErr := multierror.Append(nil,
+		d.Set("region", w.Config.GetRegion(w.ResourceData)),
+		d.Set("last_updated_at", body.Get("last_updated_at").Value()),
+		d.Set("policy_content", body.Get("policy_content").Value()),
+	)
+	return mErr.ErrorOrNil()
+}