Add support for action control templates (IBM-Cloud#6236)

* Add support for action control templates

Signed-off-by: Rajesh Pirati <[email protected]>

* Add acceptance test cases and examples for action control templates datasource

* incorporated review comments

---------

Signed-off-by: Rajesh Pirati <[email protected]>

Author: Rajesh-Pirati

ibm/provider/provider.go

@@ -444,6 +444,8 @@ func Provider() *schema.Provider {
 			"ibm_iam_policy_assignments":                    iampolicy.DataSourceIBMIAMPolicyAssignments(),
 			"ibm_iam_policy_assignment":                     iampolicy.DataSourceIBMIAMPolicyAssignment(),
 			"ibm_iam_account_settings_external_interaction": iampolicy.DataSourceIBMIAMAccountSettingsExternalInteraction(),
+			"ibm_iam_action_control_template":               iampolicy.DataSourceIBMIAMActionControlTemplate(),
+			"ibm_iam_action_control_template_version":       iampolicy.DataSourceIBMIAMActionControlTemplateVersion(),
 
 			// backup as Service
 			"ibm_is_backup_policy":       vpc.DataSourceIBMIsBackupPolicy(),
@@ -1264,6 +1266,8 @@ func Provider() *schema.Provider {
 			"ibm_iam_policy_template_version":               iampolicy.ResourceIBMIAMPolicyTemplateVersion(),
 			"ibm_iam_policy_assignment":                     iampolicy.ResourceIBMIAMPolicyAssignment(),
 			"ibm_iam_account_settings_external_interaction": iampolicy.ResourceIBMIAMAccountSettingsExternalInteraction(),
+			"ibm_iam_action_control_template":               iampolicy.ResourceIBMIAMActionControlTemplate(),
+			"ibm_iam_action_control_template_version":       iampolicy.ResourceIBMIAMActionControlTemplateVersion(),
 
 			"ibm_is_backup_policy":      vpc.ResourceIBMIsBackupPolicy(),
 			"ibm_is_backup_policy_plan": vpc.ResourceIBMIsBackupPolicyPlan(),

ibm/service/iampolicy/data_source_ibm_iam_action_control_template.go

@@ -0,0 +1,176 @@
+// Copyright IBM Corp. 2023 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package iampolicy
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM/platform-services-go-sdk/iampolicymanagementv1"
+)
+
+func DataSourceIBMIAMActionControlTemplate() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceIBMActionControlTemplateRead,
+
+		Schema: map[string]*schema.Schema{
+			"action_control_templates": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "List of action control templates.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "name of template.",
+						},
+						"description": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "description of template purpose.",
+						},
+						"account_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "account id where this template will be created.",
+						},
+						"version": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Template version.",
+						},
+						"committed": {
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Template version committed status.",
+						},
+						"action_control": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The action control properties that are created in an action resource when the template is assigned.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"service_name": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The service name that the action control refers.",
+									},
+									"description": &schema.Schema{
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: "Description of the action control.",
+									},
+									"actions": &schema.Schema{
+										Type:        schema.TypeSet,
+										Computed:    true,
+										Description: "List of actions to control access.",
+										Elem:        &schema.Schema{Type: schema.TypeString},
+									},
+								},
+							},
+						},
+						"id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The action control template ID.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceIBMActionControlTemplateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamPolicyManagementClient, err := meta.(conns.ClientSession).IAMPolicyManagementV1API()
+	if err != nil {
+		tfErr := flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_iam_action_control_template", "read", "initialize-client")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	userDetails, err := meta.(conns.ClientSession).BluemixUserDetails()
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("Failed to fetch BluemixUserDetails %s", err))
+	}
+
+	accountID := userDetails.UserAccount
+
+	listActionControlTemplatesOptions := &iampolicymanagementv1.ListActionControlTemplatesOptions{}
+
+	listActionControlTemplatesOptions.SetAccountID(accountID)
+
+	var pager *iampolicymanagementv1.ActionControlTemplatesPager
+	pager, err = iamPolicyManagementClient.NewActionControlTemplatesPager(listActionControlTemplatesOptions)
+	if err != nil {
+		tfErr := flex.TerraformErrorf(err, err.Error(), "(Data) ibm_iam_action_control_template", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	allItems, err := pager.GetAll()
+	if err != nil {
+		tfErr := flex.TerraformErrorf(err, fmt.Sprintf("ActionControlTemplatesPager.GetAll() failed %s", err), "(Data) ibm_iam_action_control_template", "read")
+		log.Printf("[DEBUG] %s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	d.SetId(accountID)
+
+	mapSlice := []map[string]interface{}{}
+	for _, modelItem := range allItems {
+		modelMap, err := DataSourceIBMListActionControlTemplatesActionControlTemplateToMap(&modelItem)
+		if err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_iam_action_control_template", "read", "ActionControlTemplates-to-map").GetDiag()
+		}
+		mapSlice = append(mapSlice, modelMap)
+	}
+
+	if err = d.Set("action_control_templates", mapSlice); err != nil {
+		return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting action_control_templates %s", err), "(Data) ibm_iam_action_control_template", "read", "action_control_templates-set").GetDiag()
+	}
+
+	return nil
+}
+
+func DataSourceIBMListActionControlTemplatesActionControlTemplateToMap(model *iampolicymanagementv1.ActionControlTemplate) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	modelMap["name"] = *model.Name
+	if model.Description != nil {
+		modelMap["description"] = *model.Description
+	}
+	modelMap["account_id"] = *model.AccountID
+	if model.Committed != nil {
+		modelMap["committed"] = *model.Committed
+	}
+	if model.ActionControl != nil {
+		actionControlMap, err := DataSourceIBMListActionControlTemplatesTemplateActionControlToMap(model.ActionControl)
+		if err != nil {
+			return modelMap, err
+		}
+		modelMap["action_control"] = []map[string]interface{}{actionControlMap}
+	}
+	if model.ID != nil {
+		modelMap["id"] = *model.ID
+	}
+	modelMap["version"] = *model.Version
+	return modelMap, nil
+}
+
+func DataSourceIBMListActionControlTemplatesTemplateActionControlToMap(model *iampolicymanagementv1.TemplateActionControl) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	modelMap["service_name"] = *model.ServiceName
+	if model.Description != nil {
+		modelMap["description"] = *model.Description
+	}
+	modelMap["actions"] = model.Actions
+	return modelMap, nil
+}

ibm/service/iampolicy/data_source_ibm_iam_action_control_template_test.go

@@ -0,0 +1,36 @@
+// Copyright IBM Corp. 2023 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package iampolicy_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
+)
+
+func TestAccIBMIAMActionControlTemplateDataSourceBasic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMActionControlTemplateDataSourceConfigBasic(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_iam_action_control_template.action_control_template", "id"),
+					resource.TestCheckResourceAttrSet("data.ibm_iam_action_control_template.action_control_template", "action_control_templates.#"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIBMActionControlTemplateDataSourceConfigBasic() string {
+	return fmt.Sprintf(`
+		data "ibm_iam_action_control_template" "action_control_template" {
+			
+		}`)
+}