Merge pull request #25781 from sasidhar-aws/f-aws_s3_account_public_a…

…ccess_block d/aws_s3_account_public_access_block - new data source
hashicorp · Jul 15, 2022 · 2d06bd4 · 2d06bd4
2 parents 77b5e24 + 6fa9a7e
commit 2d06bd4
Show file tree

Hide file tree

Showing 5 changed files with 164 additions and 0 deletions.
diff --git a/.changelog/25781.txt b/.changelog/25781.txt
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_s3_account_public_access_block
+```
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -833,6 +833,8 @@ func Provider() *schema.Provider {
 			"aws_s3_bucket_objects": s3.DataSourceBucketObjects(), // DEPRECATED: use aws_s3_objects instead
 			"aws_s3_bucket_policy":  s3.DataSourceBucketPolicy(),
 
+			"aws_s3_account_public_access_block": s3control.DataSourceAccountPublicAccessBlock(),
+
 			"aws_sagemaker_prebuilt_ecr_image": sagemaker.DataSourcePrebuiltECRImage(),
 
 			"aws_secretsmanager_random_password": secretsmanager.DataSourceRandomPassword(),

diff --git a/internal/service/s3control/account_public_access_block_data_source.go b/internal/service/s3control/account_public_access_block_data_source.go
@@ -0,0 +1,76 @@
+package s3control
+
+import (
+	"context"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/s3control"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/verify"
+)
+
+func DataSourceAccountPublicAccessBlock() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourceAccountPublicAccessBlockRead,
+
+		Schema: map[string]*schema.Schema{
+			"account_id": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: verify.ValidAccountID,
+			},
+			"block_public_acls": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"block_public_policy": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"ignore_public_acls": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"restrict_public_buckets": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceAccountPublicAccessBlockRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*conns.AWSClient).S3ControlConn
+
+	accountID := meta.(*conns.AWSClient).AccountID
+	if v, ok := d.GetOk("account_id"); ok {
+		accountID = v.(string)
+	}
+
+	input := &s3control.GetPublicAccessBlockInput{
+		AccountId: aws.String(accountID),
+	}
+
+	log.Printf("[DEBUG] Reading Account access block: %s", input)
+
+	output, err := conn.GetPublicAccessBlock(input)
+
+	if err != nil {
+		return diag.Errorf("error reading S3 Account Public Access Block: %s", err)
+	}
+
+	if output == nil || output.PublicAccessBlockConfiguration == nil {
+		return diag.Errorf("error reading S3 Account Public Access Block (%s): missing public access block configuration", accountID)
+	}
+
+	d.SetId(accountID)
+	d.Set("block_public_acls", output.PublicAccessBlockConfiguration.BlockPublicAcls)
+	d.Set("block_public_policy", output.PublicAccessBlockConfiguration.BlockPublicPolicy)
+	d.Set("ignore_public_acls", output.PublicAccessBlockConfiguration.IgnorePublicAcls)
+	d.Set("restrict_public_buckets", output.PublicAccessBlockConfiguration.RestrictPublicBuckets)
+
+	return nil
+}
diff --git a/internal/service/s3control/account_public_access_block_data_source_test.go b/internal/service/s3control/account_public_access_block_data_source_test.go
@@ -0,0 +1,49 @@
+package s3control_test
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/s3control"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccS3ControlAccountPublicAccessBlockDataSource_basic(t *testing.T) {
+	resourceName := "aws_s3_account_public_access_block.test"
+	dataSourceName := "data.aws_s3_account_public_access_block.test"
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ErrorCheck:        acctest.ErrorCheck(t, s3control.EndpointsID),
+		ProviderFactories: acctest.ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAccountPublicAccessBlockDataSourceConfig_basic(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrPair(resourceName, "block_public_acls", dataSourceName, "block_public_acls"),
+					resource.TestCheckResourceAttrPair(resourceName, "block_public_policy", dataSourceName, "block_public_policy"),
+					resource.TestCheckResourceAttrPair(resourceName, "ignore_public_acls", dataSourceName, "ignore_public_acls"),
+					resource.TestCheckResourceAttrPair(resourceName, "restrict_public_buckets", dataSourceName, "restrict_public_buckets"),
+				),
+			},
+		},
+	})
+}
+
+func testAccAccountPublicAccessBlockDataSourceConfig_base() string {
+	return `
+resource "aws_s3_account_public_access_block" "test" {
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+`
+}
+
+func testAccAccountPublicAccessBlockDataSourceConfig_basic() string {
+	return acctest.ConfigCompose(testAccAccountPublicAccessBlockDataSourceConfig_base(), `
+data "aws_s3_account_public_access_block" "test" {
+  depends_on = [aws_s3_account_public_access_block.test]
+}
+`)
+}
diff --git a/website/docs/d/s3_account_public_access_block.html.markdown b/website/docs/d/s3_account_public_access_block.html.markdown
@@ -0,0 +1,34 @@
+---
+subcategory: "S3 Control"
+layout: "aws"
+page_title: "AWS: aws_s3_account_public_access_block"
+description: |-
+  Provides S3 account-level Public Access Block Configuration
+---
+
+# Data Source: aws_s3_account_public_access_block
+
+The S3 account public access block data source returns account-level public access block configuration.
+
+## Example Usage
+
+```terraform
+data "aws_s3_account_public_access_block" "example" {
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `account_id` - (Optional) AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - AWS account ID
+* `block_public_acls` - Whether or not Amazon S3 should block public ACLs for buckets in this account is enabled. Returns as `true` or `false`.
+* `block_public_policy` - Whether or not Amazon S3 should block public bucket policies for buckets in this account is enabled. Returns as `true` or `false`.
+* `ignore_public_acls` - Whether or not Amazon S3 should ignore public ACLs for buckets in this account is enabled. Returns as `true` or `false`.
+* `restrict_public_buckets` - Whether or not Amazon S3 should restrict public bucket policies for buckets in this account is enabled. Returns as `true` or `false`.