From 0c73d46aab0705973a206dedf2f95ad3bf0730ba Mon Sep 17 00:00:00 2001
From: bootswithdefer <github@dotd.com>
Date: Sun, 22 Sep 2024 22:13:25 +0000
Subject: [PATCH] feat(zero_trust_access_groups): data source for cloudflare
 zero trust access groups

---
 .changelog/4812.txt                           |  3 +
 docs/data-sources/zero_trust_access_groups.md | 40 +++++++++
 .../data-source.tf                            |  3 +
 internal/framework/provider/provider.go       |  2 +
 .../zero_trust_access_groups/data_source.go   | 82 +++++++++++++++++++
 .../data_source_test.go                       | 40 +++++++++
 .../service/zero_trust_access_groups/model.go | 15 ++++
 .../zero_trust_access_groups/schema.go        | 41 ++++++++++
 8 files changed, 226 insertions(+)
 create mode 100644 .changelog/4812.txt
 create mode 100644 docs/data-sources/zero_trust_access_groups.md
 create mode 100644 examples/data-sources/cloudflare_zero_trust_access_groups/data-source.tf
 create mode 100644 internal/framework/service/zero_trust_access_groups/data_source.go
 create mode 100644 internal/framework/service/zero_trust_access_groups/data_source_test.go
 create mode 100644 internal/framework/service/zero_trust_access_groups/model.go
 create mode 100644 internal/framework/service/zero_trust_access_groups/schema.go

diff --git a/.changelog/4812.txt b/.changelog/4812.txt
new file mode 100644
index 0000000000..a8fbad9692
--- /dev/null
+++ b/.changelog/4812.txt
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+cloudflare_zero_trust_access_groups
+```
diff --git a/docs/data-sources/zero_trust_access_groups.md b/docs/data-sources/zero_trust_access_groups.md
new file mode 100644
index 0000000000..71bd9709be
--- /dev/null
+++ b/docs/data-sources/zero_trust_access_groups.md
@@ -0,0 +1,40 @@
+---
+page_title: "cloudflare_zero_trust_access_groups Data Source - Cloudflare"
+subcategory: ""
+description: |-
+  Use this data source to look up Zero Trust Access Groups https://developers.cloudflare.com/cloudflare-one/identity/users/groups/.
+  Commonly used as references within cloudflare_zero_trust_access_policy resources.
+---
+
+# cloudflare_zero_trust_access_groups (Data Source)
+
+Use this data source to look up [Zero Trust Access Groups](https://developers.cloudflare.com/cloudflare-one/identity/users/groups/).
+Commonly used as references within [`cloudflare_zero_trust_access_policy`](/docs/providers/cloudflare/r/zero_trust_access_policy.html) resources.
+
+## Example Usage
+
+```terraform
+data "cloudflare_zero_trust_access_groups" "example" {
+  account_id = "f037e56e89293a057740de681ac9abbe"
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) Cloudflare Account ID
+
+### Read-Only
+
+- `groups` (Attributes List) A list of Zero Trust Access Groups. (see [below for nested schema](#nestedatt--groups))
+
+<a id="nestedatt--groups"></a>
+### Nested Schema for `groups`
+
+Read-Only:
+
+- `id` (String) The identifier for this group.
+- `name` (String) The name of the group.
+
+
diff --git a/examples/data-sources/cloudflare_zero_trust_access_groups/data-source.tf b/examples/data-sources/cloudflare_zero_trust_access_groups/data-source.tf
new file mode 100644
index 0000000000..248c332c0e
--- /dev/null
+++ b/examples/data-sources/cloudflare_zero_trust_access_groups/data-source.tf
@@ -0,0 +1,3 @@
+data "cloudflare_zero_trust_access_groups" "example" {
+  account_id = "f037e56e89293a057740de681ac9abbe"
+}
diff --git a/internal/framework/provider/provider.go b/internal/framework/provider/provider.go
index 5330e91b58..2e0dbaae17 100644
--- a/internal/framework/provider/provider.go
+++ b/internal/framework/provider/provider.go
@@ -41,6 +41,7 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/user"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/workers_for_platforms_dispatch_namespace"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/workers_for_platforms_dispatch_namespace_deprecated"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_access_groups"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_access_mtls_hostname_settings"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_infrastructure_access_target"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/zero_trust_risk_behavior"
@@ -409,6 +410,7 @@ func (p *CloudflareProvider) DataSources(ctx context.Context) []func() datasourc
 		dcv_delegation.NewDataSource,
 		infrastructure_access_target_deprecated.NewDataSource,
 		zero_trust_infrastructure_access_target.NewDataSource,
+		zero_trust_access_groups.NewDataSource,
 	}
 }
 
diff --git a/internal/framework/service/zero_trust_access_groups/data_source.go b/internal/framework/service/zero_trust_access_groups/data_source.go
new file mode 100644
index 0000000000..375ac50946
--- /dev/null
+++ b/internal/framework/service/zero_trust_access_groups/data_source.go
@@ -0,0 +1,82 @@
+package zero_trust_access_groups
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/cloudflare/cloudflare-go/v2"
+	"github.com/cloudflare/cloudflare-go/v2/zero_trust"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/muxclient"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var _ datasource.DataSource = &ZeroTrustAccessGroupsDataSource{}
+
+func NewDataSource() datasource.DataSource {
+	return &ZeroTrustAccessGroupsDataSource{}
+}
+
+// ZeroTrustAccessGroupsDataSource defines the data source implementation.
+type ZeroTrustAccessGroupsDataSource struct {
+	client *muxclient.Client
+}
+
+func (d *ZeroTrustAccessGroupsDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_zero_trust_access_groups"
+}
+
+func (d *ZeroTrustAccessGroupsDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*muxclient.Client)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"unexpected resource configure type",
+			fmt.Sprintf("Expected *muxclient.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *ZeroTrustAccessGroupsDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	tflog.Debug(ctx, fmt.Sprintf("Reading Zero Trust Access Group"))
+	var data ZeroTrustAccessGroupsModel
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	params := zero_trust.AccessGroupListParams{
+		AccountID: cloudflare.F(data.AccountID.ValueString()),
+	}
+
+	iter := d.client.V2.ZeroTrust.Access.Groups.ListAutoPaging(ctx, params)
+	var groups []ZeroTrustAccessGroupModel
+
+	for iter.Next() {
+		group := iter.Current()
+
+		groups = append(groups, ZeroTrustAccessGroupModel{
+			ID:   types.StringValue(group.ID),
+			Name: types.StringValue(group.Name),
+		})
+	}
+	if err := iter.Err(); err != nil {
+		resp.Diagnostics.AddError("Failed to fetch Zero Trust Access Groups", err.Error())
+		return
+	}
+
+	data.Groups = groups
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/framework/service/zero_trust_access_groups/data_source_test.go b/internal/framework/service/zero_trust_access_groups/data_source_test.go
new file mode 100644
index 0000000000..484f778272
--- /dev/null
+++ b/internal/framework/service/zero_trust_access_groups/data_source_test.go
@@ -0,0 +1,40 @@
+package zero_trust_access_groups_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccCloudflareAccessGroups_DataSource(t *testing.T) {
+	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+
+	if accountID == "" {
+		t.Fatal("CLOUDFLARE_ACCOUNT_ID must be set for acceptance tests")
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.TestAccPreCheck(t) },
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareZeroTrustAccessGroupsDataSourceConfig(accountID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.cloudflare_zero_trust_access_groups.this", "account_id"),
+					resource.TestCheckResourceAttrSet("data.cloudflare_zero_trust_access_groups.this", "groups.#"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudflareZeroTrustAccessGroupsDataSourceConfig(accountID string) string {
+	return fmt.Sprintf(`
+data "cloudflare_zero_trust_access_groups" "this" {
+    account_id = "%s"
+}
+`, accountID)
+}
diff --git a/internal/framework/service/zero_trust_access_groups/model.go b/internal/framework/service/zero_trust_access_groups/model.go
new file mode 100644
index 0000000000..966bceeb7a
--- /dev/null
+++ b/internal/framework/service/zero_trust_access_groups/model.go
@@ -0,0 +1,15 @@
+package zero_trust_access_groups
+
+import "github.com/hashicorp/terraform-plugin-framework/types"
+
+// ZeroTrustAccessGroupModel describes the data source data model for groups
+type ZeroTrustAccessGroupsModel struct {
+	AccountID types.String                `tfsdk:"account_id"`
+	Groups    []ZeroTrustAccessGroupModel `tfsdk:"groups"`
+}
+
+// ZeroTrustAccessGroupModel describes the data source data model for a group
+type ZeroTrustAccessGroupModel struct {
+	ID   types.String `tfsdk:"id"`
+	Name types.String `tfsdk:"name"`
+}
diff --git a/internal/framework/service/zero_trust_access_groups/schema.go b/internal/framework/service/zero_trust_access_groups/schema.go
new file mode 100644
index 0000000000..584722cfde
--- /dev/null
+++ b/internal/framework/service/zero_trust_access_groups/schema.go
@@ -0,0 +1,41 @@
+package zero_trust_access_groups
+
+import (
+	"context"
+
+	"github.com/MakeNowJust/heredoc/v2"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+)
+
+func (r *ZeroTrustAccessGroupsDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		// This description is used by the documentation generator and the language server.
+		Description: heredoc.Docf(`
+			Use this data source to look up [Zero Trust Access Groups](https://developers.cloudflare.com/cloudflare-one/identity/users/groups/).
+			Commonly used as references within [%s](/docs/providers/cloudflare/r/zero_trust_access_policy.html) resources.
+		`, "`cloudflare_zero_trust_access_policy`"),
+		Attributes: map[string]schema.Attribute{
+			"account_id": schema.StringAttribute{
+				Required:    true,
+				Description: "Cloudflare Account ID",
+			},
+			"groups": schema.ListNestedAttribute{
+				Computed:    true,
+				Description: "A list of Zero Trust Access Groups.",
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"id": schema.StringAttribute{
+							Computed:    true,
+							Description: "The identifier for this group.",
+						},
+						"name": schema.StringAttribute{
+							Computed:    true,
+							Description: "The name of the group.",
+						},
+					},
+				},
+			},
+		},
+	}
+}