Merge pull request #33311 from hashicorp/f-identitystore-restore-filter

identitystore: Restore `filter` argument for Group and User data sources
hashicorp · Sep 5, 2023 · 8a09c3a · 8a09c3a
2 parents 73f90e7 + 6f4f46e
commit 8a09c3a
Show file tree

Hide file tree

Showing 7 changed files with 341 additions and 197 deletions.
diff --git a/.changelog/33311.txt b/.changelog/33311.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+data-source/aws_identitystore_group: Restore `filter` argument to prevent `UnknownOperationException` errors in certain Regions
+```
+
+```release-note:bug
+data-source/aws_identitystore_user: Restore `filter` argument to prevent `UnknownOperationException` errors in certain Regions
+```
diff --git a/internal/service/identitystore/group_data_source.go b/internal/service/identitystore/group_data_source.go
@@ -9,6 +9,7 @@ import (
 	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/identitystore"
+	"github.com/aws/aws-sdk-go-v2/service/identitystore/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -68,7 +69,7 @@ func DataSourceGroup() *schema.Resource {
 						},
 					},
 				},
-				ExactlyOneOf: []string{"alternate_identifier", "group_id"},
+				ConflictsWith: []string{"filter", "group_id"},
 			},
 			"description": {
 				Type:     schema.TypeString,
@@ -94,6 +95,26 @@ func DataSourceGroup() *schema.Resource {
 					},
 				},
 			},
+			"filter": {
+				Deprecated:    "Use the alternate_identifier attribute instead.",
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				AtLeastOneOf:  []string{"alternate_identifier", "filter", "group_id"},
+				ConflictsWith: []string{"alternate_identifier"},
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"attribute_path": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"attribute_value": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
 			"group_id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -102,7 +123,8 @@ func DataSourceGroup() *schema.Resource {
 					validation.StringLenBetween(1, 47),
 					validation.StringMatch(regexache.MustCompile(`^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`), "must match ([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}"),
 				),
-				ExactlyOneOf: []string{"alternate_identifier", "group_id"},
+				AtLeastOneOf:  []string{"alternate_identifier", "filter", "group_id"},
+				ConflictsWith: []string{"alternate_identifier"},
 			},
 			"identity_store_id": {
 				Type:     schema.TypeString,
@@ -125,6 +147,53 @@ func dataSourceGroupRead(ctx context.Context, d *schema.ResourceData, meta inter
 
 	identityStoreID := d.Get("identity_store_id").(string)
 
+	if v, ok := d.GetOk("filter"); ok && len(v.([]interface{})) > 0 {
+		// Use ListGroups for backwards compat.
+		input := &identitystore.ListGroupsInput{
+			IdentityStoreId: aws.String(identityStoreID),
+			Filters:         expandFilters(d.Get("filter").([]interface{})),
+		}
+		paginator := identitystore.NewListGroupsPaginator(conn, input)
+		var results []types.Group
+
+		for paginator.HasMorePages() {
+			page, err := paginator.NextPage(ctx)
+
+			if err != nil {
+				return create.DiagError(names.IdentityStore, create.ErrActionReading, DSNameGroup, identityStoreID, err)
+			}
+
+			for _, group := range page.Groups {
+				if v, ok := d.GetOk("group_id"); ok && v.(string) != aws.ToString(group.GroupId) {
+					continue
+				}
+
+				results = append(results, group)
+			}
+		}
+
+		if len(results) == 0 {
+			return diag.Errorf("no Identity Store Group found matching criteria\n%v; try different search", input.Filters)
+		}
+
+		if len(results) > 1 {
+			return diag.Errorf("multiple Identity Store Groups found matching criteria\n%v; try different search", input.Filters)
+		}
+
+		group := results[0]
+
+		d.SetId(aws.ToString(group.GroupId))
+		d.Set("description", group.Description)
+		d.Set("display_name", group.DisplayName)
+		d.Set("group_id", group.GroupId)
+
+		if err := d.Set("external_ids", flattenExternalIds(group.ExternalIds)); err != nil {
+			return create.DiagError(names.IdentityStore, create.ErrActionSetting, DSNameGroup, d.Id(), err)
+		}
+
+		return nil
+	}
+
 	var groupID string
 
 	if v, ok := d.GetOk("alternate_identifier"); ok && len(v.([]interface{})) > 0 {
@@ -173,3 +242,31 @@ func dataSourceGroupRead(ctx context.Context, d *schema.ResourceData, meta inter
 
 	return nil
 }
+
+func expandFilters(l []interface{}) []types.Filter {
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+
+	filters := make([]types.Filter, 0, len(l))
+	for _, v := range l {
+		tfMap, ok := v.(map[string]interface{})
+		if !ok {
+			continue
+		}
+
+		filter := types.Filter{}
+
+		if v, ok := tfMap["attribute_path"].(string); ok && v != "" {
+			filter.AttributePath = aws.String(v)
+		}
+
+		if v, ok := tfMap["attribute_value"].(string); ok && v != "" {
+			filter.AttributeValue = aws.String(v)
+		}
+
+		filters = append(filters, filter)
+	}
+
+	return filters
+}