Merge pull request #15167 from hgsgtk/f-canonical_cloudfront_id

feature: new datasource cloudfront_canonical_user_id

.changelog/15167.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_cloudfront_log_delivery_canonical_user_id
+```

aws/data_source_aws_cloudfront_log_delivery_canonical_user_id.go

@@ -0,0 +1,44 @@
+package aws
+
+import (
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	// See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership.
+	defaultCloudFrontLogDeliveryCanonicalUserId = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"
+
+	// See https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership.
+	cnCloudFrontLogDeliveryCanonicalUserId = "a52cb28745c0c06e84ec548334e44bfa7fc2a85c54af20cd59e4969344b7af56"
+)
+
+func dataSourceAwsCloudFrontLogDeliveryCanonicalUserId() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsCloudFrontLogDeliveryCanonicalUserIdRead,
+
+		Schema: map[string]*schema.Schema{
+			"region": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+		},
+	}
+}
+
+func dataSourceAwsCloudFrontLogDeliveryCanonicalUserIdRead(d *schema.ResourceData, meta interface{}) error {
+	canonicalId := defaultCloudFrontLogDeliveryCanonicalUserId
+
+	region := meta.(*AWSClient).region
+	if v, ok := d.GetOk("region"); ok {
+		region = v.(string)
+	}
+
+	if v, ok := endpoints.PartitionForRegion(endpoints.DefaultPartitions(), region); ok && v.ID() == endpoints.AwsCnPartitionID {
+		canonicalId = cnCloudFrontLogDeliveryCanonicalUserId
+	}
+
+	d.SetId(canonicalId)
+
+	return nil
+}

aws/data_source_aws_cloudfront_log_delivery_canonical_user_id_test.go

@@ -0,0 +1,76 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserId_basic(t *testing.T) {
+	dataSourceName := "data.aws_cloudfront_log_delivery_canonical_user_id.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(cloudfront.EndpointsID, t) },
+		ErrorCheck: testAccErrorCheck(t, cloudfront.EndpointsID),
+		Providers:  testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserIdConfig(""),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(dataSourceName, "id", "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserId_default(t *testing.T) {
+	dataSourceName := "data.aws_cloudfront_log_delivery_canonical_user_id.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(cloudfront.EndpointsID, t) },
+		ErrorCheck: testAccErrorCheck(t, cloudfront.EndpointsID),
+		Providers:  testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserIdConfig(endpoints.UsWest2RegionID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(dataSourceName, "id", "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserId_cn(t *testing.T) {
+	dataSourceName := "data.aws_cloudfront_log_delivery_canonical_user_id.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(cloudfront.EndpointsID, t) },
+		ErrorCheck: testAccErrorCheck(t, cloudfront.EndpointsID),
+		Providers:  testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserIdConfig(endpoints.CnNorthwest1RegionID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(dataSourceName, "id", "a52cb28745c0c06e84ec548334e44bfa7fc2a85c54af20cd59e4969344b7af56"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAWSCloudFrontLogDeliveryCanonicalUserIdConfig(region string) string {
+	if region == "" {
+		region = "null"
+	}
+
+	return fmt.Sprintf(`
+data "aws_cloudfront_log_delivery_canonical_user_id" "test" {
+  region = %[1]q
+}
+`, region)
+}

aws/internal/tfresource/errors.go

@@ -27,9 +27,15 @@ func TimedOut(err error) bool {
 // SetLastError sets the LastError field on the error if supported.
 // If lastErr is nil it is ignored.
 func SetLastError(err, lastErr error) {
-	if te := (*resource.TimeoutError)(nil); errors.As(err, &te) && te.LastError == nil {
-		te.LastError = lastErr
-	} else if use := (*resource.UnexpectedStateError)(nil); errors.As(err, &use) && use.LastError == nil {
-		use.LastError = lastErr
+	switch err := err.(type) {
+	case *resource.TimeoutError:
+		if err.LastError == nil {
+			err.LastError = lastErr
+		}
+
+	case *resource.UnexpectedStateError:
+		if err.LastError == nil {
+			err.LastError = lastErr
+		}
 	}
 }

aws/provider.go

@@ -217,6 +217,7 @@ func Provider() *schema.Provider {
 			"aws_cloudfront_cache_policy":                    dataSourceAwsCloudFrontCachePolicy(),
 			"aws_cloudfront_distribution":                    dataSourceAwsCloudFrontDistribution(),
 			"aws_cloudfront_function":                        dataSourceAwsCloudFrontFunction(),
+			"aws_cloudfront_log_delivery_canonical_user_id":  dataSourceAwsCloudFrontLogDeliveryCanonicalUserId(),
 			"aws_cloudfront_origin_request_policy":           dataSourceAwsCloudFrontOriginRequestPolicy(),
 			"aws_cloudhsm_v2_cluster":                        dataSourceCloudHsmV2Cluster(),
 			"aws_cloudtrail_service_account":                 dataSourceAwsCloudTrailServiceAccount(),

website/docs/d/cloudfront_log_delivery_canonical_user_id.html.markdown

@@ -0,0 +1,40 @@
+---
+subcategory: "CloudFront"
+layout: "aws"
+page_title: "AWS: aws_cloudfront_log_delivery_canonical_user_id"
+description: |-
+  Provides the canonical user ID of the AWS `awslogsdelivery` account for CloudFront bucket logging.
+---
+
+# Data Source: aws_cloudfront_log_delivery_canonical_user_id
+
+The CloudFront Log Delivery Canonical User ID data source allows access to the [canonical user ID](http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html) of the AWS `awslogsdelivery` account for CloudFront bucket logging.
+See the [Amazon CloudFront Developer Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) for more information.
+
+## Example Usage
+
+```terraform
+data "aws_cloudfront_log_delivery_canonical_user_id" "example" {}
+
+resource "aws_s3_bucket" "example" {
+  bucket = "example"
+
+  grant {
+    id          = data.aws_cloudfront_log_delivery_canonical_user_id.example.id
+    type        = "CanonicalUser"
+    permissions = ["FULL_CONTROL"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional) The region you'd like the zone for. By default, fetches the current region.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The canonical user ID for the AWS `awslogsdelivery` account in the region.