feat(iam): add new data source iam_policy

Author: estellesoulard

docs/data-sources/iam_policy.md

@@ -0,0 +1,31 @@
+---
+subcategory: "IAM"
+page_title: "Scaleway: scaleway_iam_policy"
+---
+
+# scaleway_iam_policy
+
+Use this data source to get information on an existing IAM policy based on its ID.
+For more information refer to the [IAM API documentation](https://developers.scaleway.com/en/products/iam/api/).
+
+## Example Usage
+
+```hcl
+# Get policy by id
+data "scaleway_iam_policy" "find_by_id" {
+  policy_id = "11111111-1111-1111-1111-111111111111"
+}
+```
+
+## Argument Reference
+
+- `policy_id` - The ID of the IAM policy.
+
+## Attributes Reference
+
+In addition to all above arguments, the following attributes are exported:
+
+- `id` - The ID of the IAM policy.
+- `created_at` - The date and time of the creation of the IAM policy.
+- `updated_at` - The date and time of the last update of the IAM policy.
+- `editable` - Whether the IAM policy is editable.

internal/acctest/fixtures.go

@@ -57,7 +57,7 @@ func FakeSideProjectProviders(ctx context.Context, tt *TestTools, project *accou
 // CreateFakeIAMManager creates a temporary project with a temporary IAM application and policy manager.
 //
 // The returned function is a cleanup function that should be called when to delete the project.
-func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, FakeSideProjectTerminateFunc, error) {
+func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, *iam.Policy, FakeSideProjectTerminateFunc, error) {
 	terminateFunctions := []FakeSideProjectTerminateFunc{}
 	terminate := func() error {
 		for i := len(terminateFunctions) - 1; i >= 0; i-- {
@@ -81,10 +81,10 @@ func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, FakeSid
 	})
 	if err != nil {
 		if err := terminate(); err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	terminateFunctions = append(terminateFunctions, func() error {
@@ -100,10 +100,10 @@ func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, FakeSid
 	})
 	if err != nil {
 		if err := terminate(); err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	terminateFunctions = append(terminateFunctions, func() error {
@@ -124,10 +124,10 @@ func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, FakeSid
 	})
 	if err != nil {
 		if err := terminate(); err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	terminateFunctions = append(terminateFunctions, func() error {
@@ -142,10 +142,10 @@ func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, FakeSid
 	})
 	if err != nil {
 		if err := terminate(); err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 
-		return nil, nil, nil, err
+		return nil, nil, nil, nil, err
 	}
 
 	terminateFunctions = append(terminateFunctions, func() error {
@@ -154,7 +154,7 @@ func CreateFakeIAMManager(tt *TestTools) (*account.Project, *iam.APIKey, FakeSid
 		})
 	})
 
-	return project, iamAPIKey, terminate, nil
+	return project, iamAPIKey, iamPolicy, terminate, nil
 }
 
 type FakeSideProjectTerminateFunc func() error

internal/services/iam/policy_data_source.go

@@ -0,0 +1,78 @@
+package iam
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/datasource"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/types"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/verify"
+)
+
+func DataSourcePolicy() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := datasource.SchemaFromResourceSchema(ResourcePolicy().Schema)
+	datasource.AddOptionalFieldsToSchema(dsSchema, "name", "organization_id")
+
+	dsSchema["name"].ConflictsWith = []string{"policy_id"}
+	dsSchema["policy_id"] = &schema.Schema{
+		Type:             schema.TypeString,
+		Optional:         true,
+		Description:      "The ID of the policy",
+		ValidateDiagFunc: verify.IsUUID(),
+	}
+
+	return &schema.Resource{
+		ReadContext: DataSourceIamPolicyRead,
+		Schema:      dsSchema,
+	}
+}
+
+func DataSourceIamPolicyRead(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+	iamAPI := NewAPI(m)
+
+	policyID, policyIDExists := d.GetOk("policy_id")
+	if !policyIDExists {
+		policyName := d.Get("name").(string)
+
+		res, err := iamAPI.ListPolicies(&iam.ListPoliciesRequest{
+			PolicyName:     types.ExpandStringPtr(policyName),
+			OrganizationID: *types.ExpandStringPtr(d.Get("organization_id")),
+		}, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		foundPolicy, err := datasource.FindExact(
+			res.Policies,
+			func(s *iam.Policy) bool { return s.Name == policyName },
+			policyName,
+		)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		policyID = foundPolicy.ID
+	}
+
+	d.SetId(policyID.(string))
+
+	err := d.Set("policy_id", policyID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	diags := resourceIamPolicyRead(ctx, d, m)
+	if diags != nil {
+		return append(diags, diag.Errorf("failed to read iam policy state")...)
+	}
+
+	if d.Id() == "" {
+		return diag.Errorf("iam policy (%s) not found", policyID)
+	}
+
+	return nil
+}

internal/services/iam/policy_data_source_test.go

@@ -0,0 +1,76 @@
+package iam_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/acctest"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAccDataSourcePolicy_Basic(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	ctx := t.Context()
+	project, iamAPIKey, iamPolicy, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	require.NoError(t, err)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV6ProviderFactories: acctest.FakeSideProjectProviders(ctx, tt, project, iamAPIKey),
+		CheckDestroy: resource.ComposeAggregateTestCheckFunc(
+			func(_ *terraform.State) error {
+				return terminateFakeSideProject()
+			},
+			testAccCheckIamPolicyDestroy(tt),
+		),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_iam_policy" "main" {
+					  name         = "%s"
+					  description  = "a description"
+					  application_id = "%s"
+					  rule {
+						organization_id      = "%s"
+						permission_set_names = ["IAMManager"]
+					  }
+					  provider = side
+					}
+
+					data "scaleway_iam_policy" "by_name" {
+						name = "${scaleway_iam_policy.main.name}"
+					}
+					
+					data "scaleway_iam_policy" "by_id" {
+						policy_id = "${scaleway_iam_policy.main.id}"
+					}`, iamPolicy.Name, *iamPolicy.ApplicationID, project.OrganizationID),
+				Check: resource.ComposeTestCheckFunc(
+					// Check by name
+					testAccCheckIamPolicyExists(tt, "data.scaleway_iam_policy.by_name"),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_name", "name", iamPolicy.Name),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_name", "description", "a description"),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_name", "application_id", *iamPolicy.ApplicationID),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_name", "rule.0.organization_id", project.OrganizationID),
+					// Check by id
+					testAccCheckIamPolicyExists(tt, "data.scaleway_iam_policy.by_id"),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_id", "name", iamPolicy.Name),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_id", "description", "a description"),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_id", "application_id", *iamPolicy.ApplicationID),
+					resource.TestCheckResourceAttr("data.scaleway_iam_policy.by_id", "rule.0.organization_id", project.OrganizationID),
+
+					// Ensure both refer to the same policy
+					resource.TestCheckResourceAttrPair(
+						"data.scaleway_iam_policy.by_name",
+						"id",
+						"data.scaleway_iam_policy.by_id",
+						"id",
+					),
+				),
+			},
+		},
+	})
+}

internal/services/iam/policy_test.go

@@ -18,7 +18,7 @@ func TestAccPolicy_Basic(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -92,7 +92,7 @@ func TestAccPolicy_NoUpdate(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -155,7 +155,7 @@ func TestAccPolicy_ChangeLinkedEntity(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	randAppName := "tf-tests-scaleway-iam-app-policy-permissions"
@@ -261,7 +261,7 @@ func TestAccPolicy_ChangePermissions(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -352,7 +352,7 @@ func TestAccPolicy_ProjectID(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -418,7 +418,7 @@ func TestAccPolicy_Condition(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -513,7 +513,7 @@ func TestAccPolicy_ChangeRulePrincipal(t *testing.T) {
 	defer tt.Cleanup()
 
 	ctx := t.Context()
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{

internal/services/secret/secret_data_source_test.go

@@ -16,7 +16,7 @@ func TestAccDataSourceSecret_Basic(t *testing.T) {
 
 	ctx := t.Context()
 	secretName := "scalewayDataSourceSecret"
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
+	project, iamAPIKey, _, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
 	require.NoError(t, err)
 
 	resource.ParallelTest(t, resource.TestCase{

provider/sdkv2.go

@@ -281,6 +281,7 @@ func SDKProvider(config *Config) plugin.ProviderFunc {
 				"scaleway_function_namespace":                  function.DataSourceNamespace(),
 				"scaleway_iam_application":                     iam.DataSourceApplication(),
 				"scaleway_iam_group":                           iam.DataSourceGroup(),
+				"scaleway_iam_policy":                          iam.DataSourcePolicy(),
 				"scaleway_iam_ssh_key":                         iam.DataSourceSSHKey(),
 				"scaleway_iam_user":                            iam.DataSourceUser(),
 				"scaleway_iam_api_key":                         iam.DataSourceAPIKey(),

templates/data-sources/iam_policy.md.tmpl

@@ -0,0 +1,31 @@
+---
+subcategory: "IAM"
+page_title: "Scaleway: scaleway_iam_policy"
+---
+
+# scaleway_iam_policy
+
+Use this data source to get information on an existing IAM policy based on its ID.
+For more information refer to the [IAM API documentation](https://developers.scaleway.com/en/products/iam/api/).
+
+## Example Usage
+
+```hcl
+# Get policy by id
+data "scaleway_iam_policy" "find_by_id" {
+  policy_id = "11111111-1111-1111-1111-111111111111"
+}
+```
+
+## Argument Reference
+
+- `policy_id` - The ID of the IAM policy.
+
+## Attributes Reference
+
+In addition to all above arguments, the following attributes are exported:
+
+- `id` - The ID of the IAM policy.
+- `created_at` - The date and time of the creation of the IAM policy.
+- `updated_at` - The date and time of the last update of the IAM policy.
+- `editable` - Whether the IAM policy is editable.