Merge pull request #42663 from stefanfreitag/f-aws_verifiedpermissions_policy_store-add-tag-support

feat: add tags implementation

Author: ewbankkit

.changelog/42663.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_verifiedpermissions_policy_store: Add `tags` argument and `tags_all` attribute. This functionality requires the `verifiedpermissions:ListTagsForResource`, `verifiedpermissions:TagResource`, and `verifiedpermissions:UntagResource` IAM permissions
+```
+
+```release-note:enhancement
+data-source/aws_verifiedpermissions_policy_store: Add `tags` attribute. This functionality requires the `verifiedpermissions:ListTagsForResource` IAM permission
+```

internal/service/verifiedpermissions/generate.go

@@ -1,6 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 
+//go:generate go run ../../generate/tags/main.go -ListTags -KVTValues=true -ServiceTagsMap -UpdateTags
 //go:generate go run ../../generate/servicepackage/main.go
 // ONLY generate directives and package declaration! Do not add anything else to this file.
 

internal/service/verifiedpermissions/policy_store.go

@@ -10,26 +10,29 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/verifiedpermissions"
 	awstypes "github.com/aws/aws-sdk-go-v2/service/verifiedpermissions/types"
 	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
-	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
+	sdkid "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 	"github.com/hashicorp/terraform-provider-aws/internal/create"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/fwdiag"
 	"github.com/hashicorp/terraform-provider-aws/internal/framework"
-	"github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
+	fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
 	fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types"
+	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
 // @FrameworkResource("aws_verifiedpermissions_policy_store", name="Policy Store")
+// @Tags(identifierAttribute="arn")
+// @Testing(tagsTest=false)
 func newResourcePolicyStore(context.Context) (resource.ResourceWithConfigure, error) {
 	r := &resourcePolicyStore{}
 
@@ -42,6 +45,7 @@ const (
 
 type resourcePolicyStore struct {
 	framework.ResourceWithConfigure
+	framework.WithImportByID
 }
 
 func (r *resourcePolicyStore) Schema(ctx context.Context, request resource.SchemaRequest, response *resource.SchemaResponse) {
@@ -58,6 +62,8 @@ func (r *resourcePolicyStore) Schema(ctx context.Context, request resource.Schem
 					stringplanmodifier.UseStateForUnknown(),
 				},
 			},
+			names.AttrTags:    tftags.TagsAttribute(),
+			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
 		},
 		Blocks: map[string]schema.Block{
 			"validation_settings": schema.ListNestedBlock{
@@ -82,26 +88,26 @@ func (r *resourcePolicyStore) Schema(ctx context.Context, request resource.Schem
 }
 
 func (r *resourcePolicyStore) Create(ctx context.Context, request resource.CreateRequest, response *resource.CreateResponse) {
-	conn := r.Meta().VerifiedPermissionsClient(ctx)
-	var plan resourcePolicyStoreData
-
-	response.Diagnostics.Append(request.Plan.Get(ctx, &plan)...)
-
+	var data resourcePolicyStoreData
+	response.Diagnostics.Append(request.Plan.Get(ctx, &data)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
 
-	input := &verifiedpermissions.CreatePolicyStoreInput{}
-	response.Diagnostics.Append(flex.Expand(ctx, plan, input)...)
+	conn := r.Meta().VerifiedPermissionsClient(ctx)
 
+	var input verifiedpermissions.CreatePolicyStoreInput
+	response.Diagnostics.Append(fwflex.Expand(ctx, data, &input)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
 
-	clientToken := id.UniqueId()
+	// Additional fields.
+	clientToken := sdkid.UniqueId()
 	input.ClientToken = aws.String(clientToken)
+	input.Tags = getTagsIn(ctx)
 
-	output, err := conn.CreatePolicyStore(ctx, input)
+	output, err := conn.CreatePolicyStore(ctx, &input)
 
 	if err != nil {
 		response.Diagnostics.AddError(
@@ -111,134 +117,123 @@ func (r *resourcePolicyStore) Create(ctx context.Context, request resource.Creat
 		return
 	}
 
-	state := plan
-	state.ID = flex.StringToFramework(ctx, output.PolicyStoreId)
-
-	response.Diagnostics.Append(flex.Flatten(ctx, output, &state)...)
-
+	// Set values for unknowns.
+	response.Diagnostics.Append(fwflex.Flatten(ctx, output, &data)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
+	data.ID = fwflex.StringToFramework(ctx, output.PolicyStoreId)
 
-	response.Diagnostics.Append(response.State.Set(ctx, &state)...)
+	response.Diagnostics.Append(response.State.Set(ctx, &data)...)
 }
 
 func (r *resourcePolicyStore) Read(ctx context.Context, request resource.ReadRequest, response *resource.ReadResponse) {
-	conn := r.Meta().VerifiedPermissionsClient(ctx)
-	var state resourcePolicyStoreData
-
-	response.Diagnostics.Append(request.State.Get(ctx, &state)...)
-
+	var data resourcePolicyStoreData
+	response.Diagnostics.Append(request.State.Get(ctx, &data)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
 
-	output, err := findPolicyStoreByID(ctx, conn, state.ID.ValueString())
+	conn := r.Meta().VerifiedPermissionsClient(ctx)
+
+	output, err := findPolicyStoreByID(ctx, conn, data.ID.ValueString())
 
 	if tfresource.NotFound(err) {
+		response.Diagnostics.Append(fwdiag.NewResourceNotFoundWarningDiagnostic(err))
 		response.State.RemoveResource(ctx)
+
 		return
 	}
 
 	if err != nil {
 		response.Diagnostics.AddError(
-			create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionReading, ResNamePolicyStore, state.PolicyStoreID.ValueString(), err),
+			create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionReading, ResNamePolicyStore, data.PolicyStoreID.ValueString(), err),
 			err.Error(),
 		)
 		return
 	}
 
-	response.Diagnostics.Append(flex.Flatten(ctx, output, &state)...)
-
+	// Set attributes for import.
+	response.Diagnostics.Append(fwflex.Flatten(ctx, output, &data)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
 
-	response.Diagnostics.Append(response.State.Set(ctx, &state)...)
+	response.Diagnostics.Append(response.State.Set(ctx, &data)...)
 }
 
 func (r *resourcePolicyStore) Update(ctx context.Context, request resource.UpdateRequest, response *resource.UpdateResponse) {
-	conn := r.Meta().VerifiedPermissionsClient(ctx)
-	var state, plan resourcePolicyStoreData
-
-	response.Diagnostics.Append(request.State.Get(ctx, &state)...)
-
+	var old, new resourcePolicyStoreData
+	response.Diagnostics.Append(request.State.Get(ctx, &old)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
-
-	response.Diagnostics.Append(request.Plan.Get(ctx, &plan)...)
-
+	response.Diagnostics.Append(request.Plan.Get(ctx, &new)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
 
-	if !plan.Description.Equal(state.Description) || !plan.ValidationSettings.Equal(state.ValidationSettings) {
-		input := &verifiedpermissions.UpdatePolicyStoreInput{}
-		response.Diagnostics.Append(flex.Expand(ctx, plan, input)...)
+	conn := r.Meta().VerifiedPermissionsClient(ctx)
 
+	if !new.Description.Equal(old.Description) || !new.ValidationSettings.Equal(old.ValidationSettings) {
+		var input verifiedpermissions.UpdatePolicyStoreInput
+		response.Diagnostics.Append(fwflex.Expand(ctx, new, &input)...)
 		if response.Diagnostics.HasError() {
 			return
 		}
 
-		output, err := conn.UpdatePolicyStore(ctx, input)
+		_, err := conn.UpdatePolicyStore(ctx, &input)
 
 		if err != nil {
 			response.Diagnostics.AddError(
-				create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionUpdating, ResNamePolicyStore, state.PolicyStoreID.ValueString(), err),
+				create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionUpdating, ResNamePolicyStore, old.PolicyStoreID.ValueString(), err),
 				err.Error(),
 			)
 			return
 		}
-
-		response.Diagnostics.Append(flex.Flatten(ctx, output, &plan)...)
 	}
 
-	response.Diagnostics.Append(response.State.Set(ctx, &plan)...)
+	response.Diagnostics.Append(response.State.Set(ctx, &new)...)
 }
 
 func (r *resourcePolicyStore) Delete(ctx context.Context, request resource.DeleteRequest, response *resource.DeleteResponse) {
-	conn := r.Meta().VerifiedPermissionsClient(ctx)
-	var state resourcePolicyStoreData
-
-	response.Diagnostics.Append(request.State.Get(ctx, &state)...)
-
+	var data resourcePolicyStoreData
+	response.Diagnostics.Append(request.State.Get(ctx, &data)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
 
+	conn := r.Meta().VerifiedPermissionsClient(ctx)
+
 	tflog.Debug(ctx, "deleting Verified Permissions Policy Store", map[string]any{
-		names.AttrID: state.ID.ValueString(),
+		names.AttrID: data.ID.ValueString(),
 	})
 
-	input := &verifiedpermissions.DeletePolicyStoreInput{
-		PolicyStoreId: flex.StringFromFramework(ctx, state.ID),
+	input := verifiedpermissions.DeletePolicyStoreInput{
+		PolicyStoreId: fwflex.StringFromFramework(ctx, data.ID),
 	}
-
-	_, err := conn.DeletePolicyStore(ctx, input)
+	_, err := conn.DeletePolicyStore(ctx, &input)
 
 	if errs.IsA[*awstypes.ResourceNotFoundException](err) {
 		return
 	}
 
 	if err != nil {
 		response.Diagnostics.AddError(
-			create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionDeleting, ResNamePolicyStore, state.PolicyStoreID.ValueString(), err),
+			create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionDeleting, ResNamePolicyStore, data.PolicyStoreID.ValueString(), err),
 			err.Error(),
 		)
 		return
 	}
 }
 
-func (r *resourcePolicyStore) ImportState(ctx context.Context, request resource.ImportStateRequest, response *resource.ImportStateResponse) {
-	resource.ImportStatePassthroughID(ctx, path.Root(names.AttrID), request, response)
-}
-
 type resourcePolicyStoreData struct {
 	ARN                types.String                                        `tfsdk:"arn"`
 	Description        types.String                                        `tfsdk:"description"`
 	ID                 types.String                                        `tfsdk:"id"`
 	PolicyStoreID      types.String                                        `tfsdk:"policy_store_id"`
+	Tags               tftags.Map                                          `tfsdk:"tags"`
+	TagsAll            tftags.Map                                          `tfsdk:"tags_all"`
 	ValidationSettings fwtypes.ListNestedObjectValueOf[validationSettings] `tfsdk:"validation_settings"`
 }
 

internal/service/verifiedpermissions/policy_store_data_source.go

@@ -15,10 +15,12 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/framework"
 	fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
 	fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types"
+	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
 // @FrameworkDataSource("aws_verifiedpermissions_policy_store", name="Policy Store")
+// @Tags(identifierAttribute="arn")
 func newDataSourcePolicyStore(context.Context) (datasource.DataSourceWithConfigure, error) {
 	return &dataSourcePolicyStore{}, nil
 }
@@ -31,8 +33,8 @@ type dataSourcePolicyStore struct {
 	framework.DataSourceWithConfigure
 }
 
-func (d *dataSourcePolicyStore) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
-	resp.Schema = schema.Schema{
+func (d *dataSourcePolicyStore) Schema(ctx context.Context, request datasource.SchemaRequest, response *datasource.SchemaResponse) {
+	response.Schema = schema.Schema{
 		Attributes: map[string]schema.Attribute{
 			names.AttrARN: framework.ARNAttributeComputedOnly(),
 			names.AttrCreatedDate: schema.StringAttribute{
@@ -49,6 +51,7 @@ func (d *dataSourcePolicyStore) Schema(ctx context.Context, req datasource.Schem
 				CustomType: timetypes.RFC3339Type{},
 				Computed:   true,
 			},
+			names.AttrTags: tftags.TagsAttributeComputedOnly(),
 			"validation_settings": schema.ListAttribute{
 				CustomType:  fwtypes.NewListNestedObjectTypeOf[validationSettingsDataSource](ctx),
 				ElementType: fwtypes.NewObjectTypeOf[validationSettingsDataSource](ctx),
@@ -57,32 +60,31 @@ func (d *dataSourcePolicyStore) Schema(ctx context.Context, req datasource.Schem
 		},
 	}
 }
-func (d *dataSourcePolicyStore) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
-	conn := d.Meta().VerifiedPermissionsClient(ctx)
-
+func (d *dataSourcePolicyStore) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) {
 	var data dataSourcePolicyStoreData
-	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
-	if resp.Diagnostics.HasError() {
+	response.Diagnostics.Append(request.Config.Get(ctx, &data)...)
+	if response.Diagnostics.HasError() {
 		return
 	}
 
-	out, err := findPolicyStoreByID(ctx, conn, data.ID.ValueString())
+	conn := d.Meta().VerifiedPermissionsClient(ctx)
+
+	output, err := findPolicyStoreByID(ctx, conn, data.ID.ValueString())
 
 	if err != nil {
-		resp.Diagnostics.AddError(
+		response.Diagnostics.AddError(
 			create.ProblemStandardMessage(names.VerifiedPermissions, create.ErrActionReading, DSNamePolicyStore, data.ID.ValueString(), err),
 			err.Error(),
 		)
 		return
 	}
 
-	resp.Diagnostics.Append(fwflex.Flatten(ctx, out, &data)...)
-
-	if resp.Diagnostics.HasError() {
+	response.Diagnostics.Append(fwflex.Flatten(ctx, output, &data)...)
+	if response.Diagnostics.HasError() {
 		return
 	}
 
-	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+	response.Diagnostics.Append(response.State.Set(ctx, &data)...)
 }
 
 type dataSourcePolicyStoreData struct {
@@ -91,6 +93,7 @@ type dataSourcePolicyStoreData struct {
 	Description        types.String                                                  `tfsdk:"description"`
 	ID                 types.String                                                  `tfsdk:"id"`
 	LastUpdatedDate    timetypes.RFC3339                                             `tfsdk:"last_updated_date"`
+	Tags               tftags.Map                                                    `tfsdk:"tags"`
 	ValidationSettings fwtypes.ListNestedObjectValueOf[validationSettingsDataSource] `tfsdk:"validation_settings"`
 }