Merge pull request #36301 from jeremychauvet/d-cloudfront_origin_acce…

…ss_control

feat: add datasource for Cloudfront Origin Access Control

.changelog/36301.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_cloudfront_origin_access_control
+```

internal/service/cloudfront/origin_access_control_data_source.go

@@ -0,0 +1,104 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package cloudfront
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/framework"
+	fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// @FrameworkDataSource(name="Origin Access Control")
+func newDataSourceOriginAccessControl(_ context.Context) (datasource.DataSourceWithConfigure, error) {
+	d := &dataSourceOriginAccessControl{}
+
+	return d, nil
+}
+
+type dataSourceOriginAccessControl struct {
+	framework.DataSourceWithConfigure
+}
+
+const (
+	DSNameOriginAccessControl = "Origin Access Control Data Source"
+)
+
+func (d *dataSourceOriginAccessControl) Metadata(_ context.Context, _ datasource.MetadataRequest, response *datasource.MetadataResponse) {
+	response.TypeName = "aws_cloudfront_origin_access_control"
+}
+
+func (d *dataSourceOriginAccessControl) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) {
+	response.Schema = schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			names.AttrDescription: schema.StringAttribute{
+				Computed: true,
+			},
+			"etag": schema.StringAttribute{
+				Computed: true,
+			},
+			names.AttrID: schema.StringAttribute{
+				Required: true,
+			},
+			names.AttrName: schema.StringAttribute{
+				Computed: true,
+			},
+			"origin_access_control_origin_type": schema.StringAttribute{
+				Computed: true,
+			},
+			"signing_behavior": schema.StringAttribute{
+				Computed: true,
+			},
+			"signing_protocol": schema.StringAttribute{
+				Computed: true,
+			},
+		},
+	}
+}
+
+func (d *dataSourceOriginAccessControl) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) {
+	conn := d.Meta().CloudFrontClient(ctx)
+	var data dataSourceOriginAccessControlData
+
+	response.Diagnostics.Append(request.Config.Get(ctx, &data)...)
+
+	if response.Diagnostics.HasError() {
+		return
+	}
+
+	output, err := findOriginAccessControlByID(ctx, conn, data.ID.ValueString())
+
+	if err != nil {
+		response.Diagnostics.AddError(
+			create.ProblemStandardMessage(names.CloudFront, create.ErrActionReading, DSNameOriginAccessControl, data.ID.String(), err),
+			err.Error(),
+		)
+		return
+	}
+
+	response.Diagnostics.Append(fwflex.Flatten(ctx, output.OriginAccessControl.OriginAccessControlConfig, &data)...)
+
+	if response.Diagnostics.HasError() {
+		return
+	}
+
+	data.Etag = fwflex.StringToFramework(ctx, output.ETag)
+
+	response.Diagnostics.Append(response.State.Set(ctx, &data)...)
+}
+
+type dataSourceOriginAccessControlData struct {
+	Description                   types.String `tfsdk:"description"`
+	Etag                          types.String `tfsdk:"etag"`
+	ID                            types.String `tfsdk:"id"`
+	Name                          types.String `tfsdk:"name"`
+	OriginAccessControlOriginType types.String `tfsdk:"origin_access_control_origin_type"`
+	SigningBehavior               types.String `tfsdk:"signing_behavior"`
+	SigningProtocol               types.String `tfsdk:"signing_protocol"`
+}

internal/service/cloudfront/origin_access_control_data_source_test.go

@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package cloudfront_test
+
+import (
+	"fmt"
+	"testing"
+
+	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccCloudFrontOriginAccessControlDataSource_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	dataSourceName := "data.aws_cloudfront_origin_access_control.this"
+	resourceName := "aws_cloudfront_origin_access_control.this"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.CloudFrontEndpointID)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.CloudFrontServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckOriginAccessControlDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccOriginAccessControlDataSourceConfig_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(dataSourceName, "etag"),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrDescription, resourceName, names.AttrDescription),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrID, resourceName, names.AttrID),
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrName, resourceName, names.AttrName),
+					resource.TestCheckResourceAttrPair(dataSourceName, "origin_access_control_origin_type", resourceName, "origin_access_control_origin_type"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "signing_behavior", resourceName, "signing_behavior"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "signing_protocol", resourceName, "signing_protocol"),
+				),
+			},
+		},
+	})
+}
+
+func testAccOriginAccessControlDataSourceConfig_basic(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_cloudfront_origin_access_control" "this" {
+  name                              = %[1]q
+  description                       = %[1]q
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+
+data "aws_cloudfront_origin_access_control" "this" {
+  id = aws_cloudfront_origin_access_control.this.id
+}
+`, rName)
+}

website/docs/d/cloudfront_origin_access_control.html.markdown

@@ -0,0 +1,36 @@
+---
+subcategory: "CloudFront"
+layout: "aws"
+page_title: "AWS: aws_cloudfront_origin_access_control"
+description: |-
+  Use this data source to retrieve information for an Amazon CloudFront origin access control config.
+---
+
+# Data Source: aws_cloudfront_origin_access_control
+
+Use this data source to retrieve information for an Amazon CloudFront origin access control config.
+
+## Example Usage
+
+The below example retrieves a CloudFront origin access control config.
+
+```terraform
+data "aws_cloudfront_origin_access_identity" "example" {
+  id = "E2T5VTFBZJ3BJB"
+}
+```
+
+## Argument Reference
+
+* `id` (Required) -  The identifier for the origin access control settings. For example: `E2T5VTFBZJ3BJB`.
+
+## Attribute Reference
+
+This data source exports the following attributes in addition to the arguments above:
+
+* `description` - A description of the origin access control.
+* `etag` - Current version of the origin access control's information. For example: `E2QWRUHAPOMQZL`.
+* `name` - A name to identify the origin access control.
+* `origin_access_control_origin_type` - The type of origin that this origin access control is for.
+* `signing_behavior` - Specifies which requests CloudFront signs.
+* `signing_protocol` - The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests.