hashicorp · roberth-k · Jul 9, 2020 · Jul 9, 2020 · Jul 9, 2020 · Jul 9, 2020
diff --git a/aws/data_source_aws_prefix_list.go b/aws/data_source_aws_prefix_list.go
@@ -3,10 +3,13 @@ package aws
 import (
 	"fmt"
 	"log"
+	"sort"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func dataSourceAwsPrefixList() *schema.Resource {
@@ -29,47 +32,97 @@ func dataSourceAwsPrefixList() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 			"filter": dataSourceFiltersSchema(),
+			"owner_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"address_family": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"max_entries": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"tags": tagsSchemaComputed(),
 		},
 	}
 }
 
 func dataSourceAwsPrefixListRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ec2conn
+	ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig
 
 	filters, filtersOk := d.GetOk("filter")
 
-	req := &ec2.DescribePrefixListsInput{}
+	req := &ec2.DescribeManagedPrefixListsInput{}
 	if filtersOk {
 		req.Filters = buildAwsDataSourceFilters(filters.(*schema.Set))
 	}
 	if prefixListID := d.Get("prefix_list_id"); prefixListID != "" {
 		req.PrefixListIds = aws.StringSlice([]string{prefixListID.(string)})
 	}
-	req.Filters = buildEC2AttributeFilterList(
-		map[string]string{
-			"prefix-list-name": d.Get("name").(string),
-		},
-	)
+	if prefixListName := d.Get("name"); prefixListName.(string) != "" {
+		req.Filters = append(req.Filters, &ec2.Filter{
+			Name:   aws.String("prefix-list-name"),
+			Values: aws.StringSlice([]string{prefixListName.(string)}),
+		})
+	}
 
 	log.Printf("[DEBUG] Reading Prefix List: %s", req)
-	resp, err := conn.DescribePrefixLists(req)
-	if err != nil {
+	resp, err := conn.DescribeManagedPrefixLists(req)
+	switch {
+	case err != nil:
 		return err
-	}
-	if resp == nil || len(resp.PrefixLists) == 0 {
+	case resp == nil || len(resp.PrefixLists) == 0:
 		return fmt.Errorf("no matching prefix list found; the prefix list ID or name may be invalid or not exist in the current region")
+	case len(resp.PrefixLists) > 1:
+		return fmt.Errorf("more than one prefix list matched the given set of criteria")
 	}
 
 	pl := resp.PrefixLists[0]
 
 	d.SetId(*pl.PrefixListId)
 	d.Set("name", pl.PrefixListName)
 
-	cidrs := make([]string, len(pl.Cidrs))
-	for i, v := range pl.Cidrs {
-		cidrs[i] = *v
+	getEntriesInput := ec2.GetManagedPrefixListEntriesInput{
+		PrefixListId: pl.PrefixListId,
+	}
+
+	cidrs := []string(nil)
+
+	err = conn.GetManagedPrefixListEntriesPages(
+		&getEntriesInput, func(output *ec2.GetManagedPrefixListEntriesOutput, last bool) bool {
+			for _, entry := range output.Entries {
+				cidrs = append(cidrs, aws.StringValue(entry.Cidr))
+			}
+			return true
+		})
+	if err != nil {
+		return fmt.Errorf("failed to get entries of prefix list %s: %s", *pl.PrefixListId, err)
+	}
+
+	sort.Strings(cidrs)
+
+	if err := d.Set("cidr_blocks", cidrs); err != nil {
+		return fmt.Errorf("failed to set cidr blocks of prefix list %s: %s", d.Id(), err)
+	}
+
+	d.Set("owner_id", pl.OwnerId)
+	d.Set("address_family", pl.AddressFamily)
+	d.Set("arn", pl.PrefixListArn)
+
+	if actual := aws.Int64Value(pl.MaxEntries); actual > 0 {
+		d.Set("max_entries", actual)
+	}
+
+	if err := d.Set("tags", keyvaluetags.Ec2KeyValueTags(pl.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
+		return fmt.Errorf("failed to set tags of prefix list %s: %s", d.Id(), err)
 	}
-	d.Set("cidr_blocks", cidrs)
 
 	return nil
 }
diff --git a/aws/data_source_aws_prefix_list_test.go b/aws/data_source_aws_prefix_list_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
 	"fmt"
+	"regexp"
 	"strconv"
 	"testing"
 
@@ -69,6 +70,26 @@ func testAccDataSourceAwsPrefixListCheck(name string) resource.TestCheckFunc {
 			return fmt.Errorf("cidr_blocks seem suspiciously low: %d", cidrBlockSize)
 		}
 
+		if actual := attr["owner_id"]; actual != "AWS" {
+			return fmt.Errorf("bad owner_id %s", actual)
+		}
+
+		if actual := attr["address_family"]; actual != "IPv4" {
+			return fmt.Errorf("bad address_family %s", actual)
+		}
+
+		if actual := attr["arn"]; actual != "arn:aws:ec2:us-west-2:aws:prefix-list/pl-68a54001" {
+			return fmt.Errorf("bad arn %s", actual)
+		}
+
+		if actual := attr["max_entries"]; actual != "" {
+			return fmt.Errorf("unexpected max_entries %s", actual)
+		}
+
+		if attr["tags.%"] != "0" {
+			return fmt.Errorf("expected 0 tags")
+		}
+
 		return nil
 	}
 }
@@ -98,3 +119,101 @@ data "aws_prefix_list" "s3_by_id" {
   }
 }
 `
+
+func TestAccDataSourceAwsPrefixList_matchesTooMany(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccDataSourceAwsPrefixListConfig_matchesTooMany,
+				ExpectError: regexp.MustCompile(`more than one prefix list matched the given set of criteria`),
+			},
+		},
+	})
+}
+
+const testAccDataSourceAwsPrefixListConfig_matchesTooMany = `
+data "aws_prefix_list" "test" {}
+`
+
+func TestAccDataSourceAwsPrefixList_nameDoesNotOverrideFilter(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				// The vanilla DescribePrefixLists API only supports filtering by
+				// id and name. In this case, the `name` attribute and `prefix-list-id`
+				// filter have been set up such that they conflict, thus proving
+				// that both criteria took effect.
+				Config:      testAccDataSourceAwsPrefixListConfig_nameDoesNotOverrideFilter,
+				ExpectError: regexp.MustCompile(`no matching prefix list found`),
+			},
+		},
+	})
+}
+
+const testAccDataSourceAwsPrefixListConfig_nameDoesNotOverrideFilter = `
+data "aws_prefix_list" "test" {
+  name = "com.amazonaws.us-west-2.s3" 
+  filter {
+    name = "prefix-list-id"
+    values = ["pl-00a54069"]  # com.amazonaws.us-west-2.dynamodb
+  }
+}
+`
+
+func TestAccDataSourceAwsPrefixList_managedPrefixList(t *testing.T) {
+	resourceName := "aws_prefix_list.test"
+	dataSourceName := "data.aws_prefix_list.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSPrefixListDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsPrefixListConfig_managedPrefixList,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(resourceName, "id", dataSourceName, "id"),
+					resource.TestCheckResourceAttrPair(resourceName, "name", dataSourceName, "name"),
+					resource.TestCheckResourceAttrPair(resourceName, "arn", dataSourceName, "arn"),
+					resource.TestCheckResourceAttrPair(resourceName, "owner_id", dataSourceName, "owner_id"),
+					testAccCheckResourceAttrAccountID(dataSourceName, "owner_id"),
+					resource.TestCheckResourceAttrPair(resourceName, "name", dataSourceName, "name"),
+					resource.TestCheckResourceAttrPair(resourceName, "address_family", dataSourceName, "address_family"),
+					resource.TestCheckResourceAttrPair(resourceName, "max_entries", dataSourceName, "max_entries"),
+					resource.TestCheckResourceAttr(dataSourceName, "cidr_blocks.#", "2"),
+					resource.TestCheckResourceAttr(dataSourceName, "cidr_blocks.0", "1.0.0.0/8"),
+					resource.TestCheckResourceAttr(dataSourceName, "cidr_blocks.1", "2.0.0.0/8"),
+					resource.TestCheckResourceAttr(dataSourceName, "tags.%", "2"),
+					resource.TestCheckResourceAttr(dataSourceName, "tags.Key1", "Value1"),
+					resource.TestCheckResourceAttr(dataSourceName, "tags.Key2", "Value2"),
+				),
+			},
+		},
+	})
+}
+
+const testAccDataSourceAwsPrefixListConfig_managedPrefixList = `
+resource "aws_prefix_list" "test" {
+  name           = "tf-test-acc"
+  max_entries    = 5
+  address_family = "IPv4"
+  entry {
+    cidr_block = "1.0.0.0/8"
+  }
+  entry {
+    cidr_block = "2.0.0.0/8"
+  }
+  tags = {
+    Key1 = "Value1"
+    Key2 = "Value2"
+  }
+}
+
+data "aws_prefix_list" "test" {
+  prefix_list_id = aws_prefix_list.test.id
+}
+`
diff --git a/aws/provider.go b/aws/provider.go
@@ -744,6 +744,8 @@ func Provider() terraform.ResourceProvider {
 			"aws_organizations_policy_attachment":                     resourceAwsOrganizationsPolicyAttachment(),
 			"aws_organizations_organizational_unit":                   resourceAwsOrganizationsOrganizationalUnit(),
 			"aws_placement_group":                                     resourceAwsPlacementGroup(),
+			"aws_prefix_list":                                         resourceAwsPrefixList(),
+			"aws_prefix_list_entry":                                   resourceAwsPrefixListEntry(),
 			"aws_proxy_protocol_policy":                               resourceAwsProxyProtocolPolicy(),
 			"aws_qldb_ledger":                                         resourceAwsQLDBLedger(),
 			"aws_quicksight_group":                                    resourceAwsQuickSightGroup(),