Merge pull request #38213 from hashicorp/f/describe-connector-data-so…

…urce

[New Data Source]: aws_describe_connector

.changelog/38213.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_transfer_connector
+```

internal/service/transfer/connector_data_source.go

@@ -0,0 +1,149 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package transfer
+
+import (
+	"context"
+
+	"github.com/YakDriver/regexache"
+	"github.com/aws/aws-sdk-go-v2/service/transfer"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/framework"
+	"github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
+	fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types"
+	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// @FrameworkDataSource(name="Connector")
+func newDataSourceConnector(context.Context) (datasource.DataSourceWithConfigure, error) {
+	return &dataSourceConnector{}, nil
+}
+
+const (
+	DSNameConnector = "Connector Data Source"
+)
+
+type dataSourceConnector struct {
+	framework.DataSourceWithConfigure
+}
+
+func (d *dataSourceConnector) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { // nosemgrep:ci.meta-in-func-name
+	resp.TypeName = "aws_transfer_connector"
+}
+
+func (d *dataSourceConnector) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			// Connector object was expanded
+			"access_role": schema.StringAttribute{
+				Computed: true,
+			},
+			names.AttrARN: schema.StringAttribute{
+				Computed: true,
+			},
+			"as2_config": schema.ListAttribute{
+				CustomType: fwtypes.NewListNestedObjectTypeOf[dsAs2Config](ctx),
+				Computed:   true,
+			},
+			names.AttrID: schema.StringAttribute{
+				CustomType: fwtypes.RegexpType,
+				Required:   true,
+				Validators: []validator.String{
+					stringvalidator.RegexMatches(regexache.MustCompile(`c-([0-9a-f]{17})`),
+						""),
+					stringvalidator.LengthAtMost(19),
+					stringvalidator.LengthAtLeast(19),
+				},
+			},
+			"logging_role": schema.StringAttribute{
+				Computed: true,
+			},
+			"security_policy_name": schema.StringAttribute{
+				Computed: true,
+			},
+			"service_managed_egress_ip_addresses": schema.ListAttribute{
+				CustomType: fwtypes.ListOfStringType,
+				Computed:   true,
+			},
+			"sftp_config": schema.ListAttribute{
+				CustomType: fwtypes.NewListNestedObjectTypeOf[dsSftpConfig](ctx),
+				Computed:   true,
+			},
+			names.AttrTags: tftags.TagsAttributeComputedOnly(),
+			names.AttrURL: schema.StringAttribute{
+				Computed: true,
+			},
+		},
+	}
+}
+
+func (d *dataSourceConnector) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	conn := d.Meta().TransferClient(ctx)
+
+	var data dsConnectorData
+	var describeConnectorInput transfer.DescribeConnectorInput
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	if !data.ConnectorId.IsNull() || !data.ConnectorId.IsUnknown() {
+		describeConnectorInput.ConnectorId = data.ConnectorId.ValueStringPointer()
+	}
+
+	description, err := conn.DescribeConnector(ctx, &describeConnectorInput)
+
+	if err != nil {
+		resp.Diagnostics.AddError(
+			create.ProblemStandardMessage(names.Transfer, create.ErrActionReading, DSNameConnector, data.SecurityPolicyName.String(), err),
+			err.Error(),
+		)
+		return
+	}
+
+	resp.Diagnostics.Append(flex.Flatten(ctx, description.Connector, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tags := KeyValueTags(ctx, description.Connector.Tags).IgnoreAWS().IgnoreConfig(d.Meta().IgnoreTagsConfig)
+	data.Tags = flex.FlattenFrameworkStringValueMap(ctx, tags.Map())
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+type dsConnectorData struct {
+	Arn                             types.String                                  `tfsdk:"arn"`
+	AccessRole                      types.String                                  `tfsdk:"access_role"`
+	As2Config                       fwtypes.ListNestedObjectValueOf[dsAs2Config]  `tfsdk:"as2_config"`
+	ConnectorId                     fwtypes.Regexp                                `tfsdk:"id"`
+	LoggingRole                     types.String                                  `tfsdk:"logging_role"`
+	SecurityPolicyName              types.String                                  `tfsdk:"security_policy_name"`
+	ServiceManagedEgressIpAddresses fwtypes.ListValueOf[types.String]             `tfsdk:"service_managed_egress_ip_addresses"`
+	SftpConfig                      fwtypes.ListNestedObjectValueOf[dsSftpConfig] `tfsdk:"sftp_config"`
+	Tags                            types.Map                                     `tfsdk:"tags"`
+	Url                             types.String                                  `tfsdk:"url"`
+}
+
+type dsAs2Config struct {
+	BasicAuthSecretId   types.String `tfsdk:"basic_auth_secret_id"`
+	Compression         types.String `tfsdk:"compression"`
+	EncryptionAlgorithm types.String `tfsdk:"encryption_algorithm"`
+	LocalProfileId      types.String `tfsdk:"local_profile_id"`
+	MdnResponse         types.String `tfsdk:"mdn_response"`
+	MdnSigningAlgorithm types.String `tfsdk:"mdn_signing_algorithm"`
+	MessageSubject      types.String `tfsdk:"message_subject"`
+	PartnerProfileId    types.String `tfsdk:"partner_profile_id"`
+	SigningAlgorithm    types.String `tfsdk:"singing_algorithm"`
+}
+
+type dsSftpConfig struct {
+	TrustedHostKeys fwtypes.ListValueOf[types.String] `tfsdk:"trusted_host_keys"`
+	UserSecretId    types.String                      `tfsdk:"user_secret_id"`
+}

internal/service/transfer/connector_data_source_test.go

@@ -0,0 +1,122 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package transfer_test
+
+import (
+	"fmt"
+	"testing"
+
+	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccTransferConnectorDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	if testing.Short() {
+		t.Skip("skipping long-running test in short mode")
+	}
+
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	dataSourceName := "data.aws_transfer_connector.test"
+	resourceName := "aws_transfer_connector.test"
+	url := "http://www.example.com"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.TransferEndpointID)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.TransferServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckConnectorDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConnectorDataSourceConfig_basic(rName, url),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "access_role", resourceName, "access_role"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrARN, resourceName, names.AttrARN),
+					resource.TestCheckResourceAttrPair(dataSourceName, "as2_config.#", resourceName, "as2_config.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrID, resourceName, names.AttrID),
+					resource.TestCheckResourceAttrSet(dataSourceName, "service_managed_egress_ip_addresses.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "sftp_config.#", resourceName, "sftp_config.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrTags, resourceName, names.AttrTags),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrURL, resourceName, names.AttrURL),
+				),
+			},
+		},
+	})
+}
+
+func testAccConnectorDataSourceConfig_basic(rName, url string) string {
+	return fmt.Sprintf(`
+resource "aws_iam_role" "test" {
+  name               = %[1]q
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Principal": {
+      "Service": "transfer.amazonaws.com"
+    },
+    "Action": "sts:AssumeRole"
+  }]
+ }
+EOF
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.id
+
+  policy = <<POLICY
+{
+  "Version":"2012-10-17",
+  "Statement":[{
+    "Sid":"AllowFullAccesstoS3",
+    "Effect":"Allow",
+    "Action":[
+      "s3:*"
+    ],
+    "Resource":"*"
+  }]
+}
+POLICY
+}
+resource "aws_transfer_profile" "local" {
+  as2_id       = %[1]q
+  profile_type = "LOCAL"
+}
+
+resource "aws_transfer_profile" "partner" {
+  as2_id       = %[1]q
+  profile_type = "PARTNER"
+}
+
+resource "aws_transfer_connector" "test" {
+  access_role = aws_iam_role.test.arn
+
+  as2_config {
+    compression           = "DISABLED"
+    encryption_algorithm  = "AES128_CBC"
+    message_subject       = %[1]q
+    local_profile_id      = aws_transfer_profile.local.profile_id
+    mdn_response          = "NONE"
+    mdn_signing_algorithm = "NONE"
+    partner_profile_id    = aws_transfer_profile.partner.profile_id
+    signing_algorithm     = "NONE"
+  }
+
+  url = %[2]q
+}
+data "aws_transfer_connector" "test" {
+  id = aws_transfer_connector.test.id
+}
+
+
+`, rName, url)
+}

tools/tfsdk2fw/go.mod

@@ -92,6 +92,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/costexplorer v1.40.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/costoptimizationhub v1.7.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/customerprofiles v1.39.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/databrew v1.31.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/datasync v1.40.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/datazone v1.12.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/dax v1.21.1 // indirect

tools/tfsdk2fw/go.sum

@@ -170,6 +170,8 @@ github.com/aws/aws-sdk-go-v2/service/costoptimizationhub v1.7.1 h1:xiY671HwhpknL
 github.com/aws/aws-sdk-go-v2/service/costoptimizationhub v1.7.1/go.mod h1:GYo8fQQfbh6IIxk26pN4x6Dn+pmiLkAcvLXmoDvt8h8=
 github.com/aws/aws-sdk-go-v2/service/customerprofiles v1.39.1 h1:GNt9or/jdZSuwOfjAcJa3OWNsWFmBEnaaa5zm3oXkOE=
 github.com/aws/aws-sdk-go-v2/service/customerprofiles v1.39.1/go.mod h1:Zm4sD1GoMIsgDONpLuVkSt/q0MiJr61ckXen5SUXFH8=
+github.com/aws/aws-sdk-go-v2/service/databrew v1.31.1 h1:A4pF8zI5mPHFbCHRCaY0PE6pY5RZWfqGFptEJ/VkBhU=
+github.com/aws/aws-sdk-go-v2/service/databrew v1.31.1/go.mod h1:zfR3fjCNYab5wbj84lDOT/BCfvYxgxzqpL/KUHgHht4=
 github.com/aws/aws-sdk-go-v2/service/datasync v1.40.1 h1:X4p3u+6ddLBGUeMBrY17SDEqKscJptDVutwb6nxU3Io=
 github.com/aws/aws-sdk-go-v2/service/datasync v1.40.1/go.mod h1:8oB4hGBkkFOl/IFS6KYld4XgtIga3nOkAW9SuNbxdv0=
 github.com/aws/aws-sdk-go-v2/service/datazone v1.12.1 h1:wro8aemBaIJtyqM8jYMN72ZNJ9ScQg/AvhkmWL6/Bg8=

website/docs/d/transfer_connector.html.markdown

@@ -0,0 +1,52 @@
+---
+subcategory: "Transfer Family"
+layout: "aws"
+page_title: "AWS: aws_transfer_connector"
+description: |-
+  Terraform data source for managing an AWS Transfer Family Connector.
+---
+
+# Data Source: aws_transfer_connector
+
+Terraform data source for managing an AWS Transfer Family Connector.
+
+### Basic Usage
+
+```terraform
+data "aws_transfer_connector" "test" {
+  id = "c-xxxxxxxxxxxxxx"
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `id` - (Required) Unique identifier for connector
+
+## Attribute Reference
+
+This data source exports the following attributes in addition to the arguments above:
+
+* `access_role` - ARN of the AWS Identity and Access Management role.
+* `arn` - ARN of the Connector.
+* `as2_config` - Structure containing the parameters for an AS2 connector object. Contains the following attributes:
+    * `basic_auth_secret_id` -  Basic authentication for AS2 connector API. Returns a null value if not set.
+    * `compression` - Specifies whether AS2 file is compressed. Will be ZLIB or DISABLED
+    * `encryption_algorithm` - Algorithm used to encrypt file. Will be AES128_CBC or AES192_CBC or AES256_CBC or DES_EDE3_CBC or NONE.
+    * `local_profile_id` - Unique identifier for AS2 local profile.
+    * `mdn_response` - Used for outbound requests to tell if response is asynchronous or not. Will be either SYNC or NONE.
+    * `mdn_signing_algorithm` - Signing algorithm for MDN response. Will be SHA256 or SHA384 or SHA512 or SHA1 or NONE or DEFAULT.
+    * `message_subject` - Subject HTTP header attribute in outbound AS2 messages to the connector.
+    * `partner_profile_id` - Unique identifier used by connector for partner profile.
+    * `signing_algorithm` - Algorithm used for signing AS2 messages sent with the connector.
+* `logging_role` -  ARN of the IAM role that allows a connector to turn on CLoudwatch logging for Amazon S3 events.
+* `security_policy_name` - Name of security policy.
+* `service_managed_egress_ip_addresses` - List of egress Ip addresses.
+* `sftp_config` - Object containing the following attributes:
+    * `trusted_host_keys` - List of the public portions of the host keys that are used to identify the servers the connector is connected to.
+    * `user_secret_id` - Identifer for the secret in AWS Secrets Manager that contains the SFTP user's private key, and/or password.
+* `tags` - Object containing the following attributes:
+    * `key` - Name of the tag.
+    * `value` - Values associated with the tags key.
+* `url` - URL of the partner's AS2 or SFTP endpoint.