feat: Add boundary_account data source

[moduli]

This PR adds a boundary_account data source

data "boundary_account" "admin" {
  name           = "admin"
  auth_method_id = "ampw_1234567890"
}

Test

resource "boundary_auth_method_password" "ampw" {
  name     = "test"
  type     = "password"
  scope_id = "global"
}

resource "boundary_account_password" "acc_pw" {
  name           = "test"
  login_name     = "foo"
  password       = "foofoofoo"
  auth_method_id = boundary_auth_method_password.ampw.id
}

data "boundary_account" "acc_pw" {
  depends_on     = [boundary_account_password.acc_pw]
  name           = "test"
  auth_method_id = boundary_auth_method_password.ampw.id
}

resource "boundary_account_ldap" "acc_ldap" {
  auth_method_id = "amldap_1234567890"
  login_name     = "einstein"
  name           = "einstein"
  description    = "user account for einstein"
}

data "boundary_account" "acc_ldap" {
  depends_on     = [boundary_account_ldap.acc_ldap]
  name           = "einstein"
  auth_method_id = "amldap_1234567890"
}

output "resource_pw_id" {
  value = boundary_account_password.acc_pw.id
}

output "acc_pw_id" {
  value = data.boundary_account.acc_pw.id
}

output "acc_pw_name" {
  value = data.boundary_account.acc_pw.name
}

output "resource_ldap_id" {
  value = boundary_account_ldap.acc_ldap.id
}

output "acc_ldap_id" {
  value = data.boundary_account.acc_ldap.id
}

Outputs:

acc_ldap_id = "acctldap_nLnSfX5rgC"
acc_pw_id = "acctpw_aZ5OsuPE0k"
acc_pw_name = "test"
resource_ldap_id = "acctldap_nLnSfX5rgC"
resource_pw_id = "acctpw_aZ5OsuPE0k"

[elimt]

If we have the line above that always checks to make sure we only have 1 account (if len(accounts) > 1), do we still need the for loop? Won't there always be only 1 account in the list at this point?

[moduli]

Good point. What do you suggest here?

We could just get rid of that block and go directly to

arr, err := acl.Read(ctx, accounts[0].Id)

[elimt]

For Boundary List calls where we can have multiple items, I wonder if we should also always return 1 time for datasources or return a list which could have either 1 item in it or more than 1 item? Right now we follow a pattern of always returning 1 item for a data source.

Would customers come back to ask for a new datasource that can return all items of a resource based on attributes/filters passed in because they do not want to repeat calls to a datasource to get more data.

I'll leave it to Louis to share his thoughts on this.

cc: @louisruch

[moduli]

Good question. I had similar thoughts. Right now, the current data sources just do a search by name. Is that all we want here? Do we want to filter by other attributes?

Alternatively, we could just start with this current approach for now and iterate in the future.

[louisruch]

As far as I am aware a datasource must always match to a single resource Boundary. This is needed so you can bring in a resource by some filter and then use the id or other values in other resources. And this will be done via tf mapping.

As for future filters I think we definitely will want to use more than just name, but its a great place to start and we can expand as needed.

[elimt]

Minor comment. Otherwise looks good. Thanks 🙏