ovh · amstuta · Jan 12, 2024 · Jan 2, 2024 · Jan 2, 2024
@@ -0,0 +1,87 @@
+package ovh
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceIamPermissionsGroup() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"urn": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"allow": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"except": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"deny": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"owner": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"created_at": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"updated_at": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+		},
+		ReadContext: datasourceIamPermissionsGroupRead,
+	}
+}
+
+func datasourceIamPermissionsGroupRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	config := meta.(*Config)
+	id := d.Get("urn").(string)
+
+	var pol IamPermissionsGroup
+	err := config.OVHClient.GetWithContext(ctx, "/v2/iam/permissionsGroup/"+url.PathEscape(id), &pol)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	for k, v := range pol.ToMap() {
+		err := d.Set(k, v)
+		if err != nil {
+			return diag.Errorf("key: %s; value: %v; err: %v", k, v, err)
+		}
+	}
+	d.SetId(id)
+	return nil
+}
@@ -0,0 +1,107 @@
+package ovh
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccIamPermissionsGroupDataSource_basic(t *testing.T) {
+	grpName := acctest.RandomWithPrefix(test_prefix)
+
+	desc := "Permissions group created by Terraform Acc"
+	allow := "account:apiovh:iam/policy/*"
+	except := "account:apiovh:iam/policy/delete"
+	deny := "account:apiovh:iam/policy/create"
+
+	preSetup := fmt.Sprintf(
+		testAccIamPermissionsGroupDatasourceConfig_preSetup,
+		grpName,
+		desc,
+		allow,
+		except,
+		deny,
+	)
+	config := fmt.Sprintf(
+		testAccIamPermissionsGroupDatasourceConfig_keys,
+		grpName,
+		desc,
+		allow,
+		except,
+		deny,
+	)
+
+	checks := checkIamPermissionsGroupResourceAttr("ovh_iam_permissions_group.permissions", grpName, desc, allow, except, deny)
+	dataCheck := checkIamPermissionsGroupResourceAttr("data.ovh_iam_permissions_group.permissions", grpName, desc, allow, except, deny)
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheckCredentials(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: preSetup,
+				Check:  resource.ComposeTestCheckFunc(checks...),
+			}, {
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					append(
+						dataCheck,
+						resource.TestCheckOutput("keys_present", "true"),
+					)...,
+				),
+			},
+		},
+	})
+}
+
+func checkIamPermissionsGroupResourceAttr(name, permName, desc, allowAction, exceptAction, denyAction string) []resource.TestCheckFunc {
+	// we are not checking identity urn because they are dynamic and depend on the test account NIC
+	checks := []resource.TestCheckFunc{
+		resource.TestCheckResourceAttr(name, "name", permName),
+		resource.TestCheckResourceAttr(name, "description", desc),
+	}
+	if allowAction != "" {
+		checks = append(checks, resource.TestCheckTypeSetElemAttr(name, "allow.*", allowAction))
+	}
+	if exceptAction != "" {
+		checks = append(checks, resource.TestCheckTypeSetElemAttr(name, "except.*", exceptAction))
+	}
+	if denyAction != "" {
+		checks = append(checks, resource.TestCheckTypeSetElemAttr(name, "deny.*", denyAction))
+	}
+	return checks
+}
+
+const testAccIamPermissionsGroupDatasourceConfig_preSetup = `
+resource "ovh_iam_permissions_group" "permissions" {
+	name        = "%s"
+	description = "%s"
+	allow       = ["%s"]
+	except      = ["%s"]
+	deny        = ["%s"]
+}
+`
+
+const testAccIamPermissionsGroupDatasourceConfig_keys = `
+resource "ovh_iam_permissions_group" "permissions" {
+	name        = "%s"
+	description = "%s"
+	allow       = ["%s"]
+	except      = ["%s"]
+	deny        = ["%s"]
+}
+
+data "ovh_iam_permissions_group" "permissions" {
+	urn = ovh_iam_permissions_group.permissions.urn
+}
+
+
+data "ovh_iam_permissions_groups" "groups" {}
+
+output "keys_present" {
+	value = tostring(
+		contains(data.ovh_iam_permissions_groups.groups.urns, ovh_iam_permissions_group.permissions.urn)
+	)
+}
+`
@@ -0,0 +1,46 @@
+package ovh
+
+import (
+	"context"
+	"sort"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers/hashcode"
+)
+
+func dataSourceIamPermissionsGroups() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"urns": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+		ReadContext: datasourceIamGroupsRead,
+	}
+}
+
+func datasourceIamGroupsRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	config := meta.(*Config)
+
+	var permissionsGroups []IamPermissionsGroup
+	err := config.OVHClient.GetWithContext(ctx, "/v2/iam/permissionsGroup", &permissionsGroups)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	var permGrpUrns []string
+	for _, p := range permissionsGroups {
+		permGrpUrns = append(permGrpUrns, p.Urn)
+	}
+
+	d.Set("urns", permGrpUrns)
+
+	sort.Strings(permGrpUrns)
+	d.SetId(hashcode.Strings(permGrpUrns))
+	return nil
+}
@@ -58,6 +58,13 @@ func dataSourceIamPolicy() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"permissions_groups": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 			"owner": {
 				Type:     schema.TypeString,
 				Computed: true,

@@ -113,6 +113,8 @@ func Provider() *schema.Provider {
 			"ovh_hosting_privatedatabase_user_grant":                  dataSourceHostingPrivateDatabaseUserGrant(),
 			"ovh_hosting_privatedatabase_whitelist":                   dataSourceHostingPrivateDatabaseWhitelist(),
 			"ovh_domain_zone":                                         dataSourceDomainZone(),
+			"ovh_iam_permissions_group":                               dataSourceIamPermissionsGroup(),
+			"ovh_iam_permissions_groups":                              dataSourceIamPermissionsGroups(),
 			"ovh_iam_policies":                                        dataSourceIamPolicies(),
 			"ovh_iam_policy":                                          dataSourceIamPolicy(),
 			"ovh_iam_reference_actions":                               dataSourceIamReferenceActions(),
@@ -201,6 +203,7 @@ func Provider() *schema.Provider {
 			"ovh_hosting_privatedatabase_user_grant":                      resourceHostingPrivateDatabaseUserGrant(),
 			"ovh_hosting_privatedatabase_whitelist":                       resourceHostingPrivateDatabaseWhitelist(),
 			"ovh_iam_policy":                                              resourceIamPolicy(),
+			"ovh_iam_permissions_group":                                   resourceIamPermissionsGroup(),
 			"ovh_iam_resource_group":                                      resourceIamResourceGroup(),
 			"ovh_ip_reverse":                                              resourceIpReverse(),
 			"ovh_ip_service":                                              resourceIpService(),