F organization policy

.changelog/15398.txt

@@ -0,0 +1,3 @@
+```release-note:new-datasource
+aws_organization_policy
+```

internal/service/organizations/policy_data_source.go

@@ -0,0 +1,76 @@
+package organizations
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/organizations"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+)
+
+// @SDKDataSource("aws_organizations_policy")
+func DataSourcePolicy() *schema.Resource {
+	return &schema.Resource{
+		ReadWithoutTimeout: dataSourcePolicyRead,
+
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"aws_managed": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"content": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"policy_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	conn := meta.(*conns.AWSClient).OrganizationsConn()
+
+	policyID := d.Get("policy_id").(string)
+	input := &organizations.DescribePolicyInput{
+		PolicyId: aws.String(policyID),
+	}
+
+	output, err := conn.DescribePolicyWithContext(ctx, input)
+
+	if err != nil {
+		return sdkdiag.AppendErrorf(diags, "reading Organizations Policy (%s): %s", policyID, err)
+	}
+
+	d.SetId(aws.StringValue(output.Policy.PolicySummary.Id))
+	d.Set("arn", output.Policy.PolicySummary.Arn)
+	d.Set("aws_managed", output.Policy.PolicySummary.AwsManaged)
+	d.Set("content", output.Policy.Content)
+	d.Set("description", output.Policy.PolicySummary.Description)
+	d.Set("name", output.Policy.PolicySummary.Name)
+	d.Set("type", output.Policy.PolicySummary.Type)
+
+	return diags
+}

internal/service/organizations/policy_data_source_test.go

@@ -0,0 +1,69 @@
+package organizations_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/organizations"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccOrganizationsPolicyDataSource_UnattachedPolicy(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_organizations_policy.test"
+	dataSourceName := "data.aws_organizations_policy.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckOrganizationsAccount(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, organizations.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPolicyDataSourceConfig_unattachedPolicy(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(resourceName, "id", dataSourceName, "policy_id"),
+					resource.TestCheckResourceAttrPair(resourceName, "arn", dataSourceName, "arn"),
+					resource.TestCheckResourceAttrPair(resourceName, "content", dataSourceName, "content"),
+					resource.TestCheckResourceAttrPair(resourceName, "type", dataSourceName, "type"),
+					resource.TestCheckResourceAttrPair(resourceName, "name", dataSourceName, "name"),
+				),
+			},
+		},
+	})
+}
+
+func testAccPolicyDataSourceConfig_unattachedPolicy(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_organizations_organization" "test" {
+  feature_set          = "ALL"
+  enabled_policy_types = "ALL"
+}
+
+resource "aws_organizations_policy" "test" {
+  depends_on = [aws_organizations_organization.test]
+
+  content = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": {
+    "Effect": "Allow",
+    "Action": "*",
+    "Resource": "*"
+  }
+}
+EOF
+
+  name = %[1]q
+}
+
+data "aws_organizations_policy" "test" {
+  policy_id = aws_organizations_policy.test.id
+}
+`, rName)
+}

website/docs/d/organizations_policy.html.markdown

@@ -0,0 +1,44 @@
+---
+subcategory: "Organizations"
+layout: "aws"
+page_title: "AWS: aws_organizations_policy"
+description: |-
+  Terraform data source for managing an AWS Organizations Policy.
+---
+
+# Data Source: aws_organizations_policy
+
+Terraform data source for managing an AWS Organizations Policy.
+
+## Example Usage
+
+### Basic Usage
+
+```terraform
+data "aws_organizations_organization" "current" {}
+
+data "aws_organizations_oorganizational_policies" "current" {
+  target_id = data.aws_organizations_organization.current.roots[0].id
+  filter    = "SERVICE_CONTROL_POLICY"
+}
+data "aws_organizational_policies" "test" {
+  policy_id = data.aws_organizations_organizational_policies.current.policies[0].id
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `policy_id` - (Required) The unique identifier (ID) of the policy that you want more details on. Policy id starts with a "p-" followed by 8-28 lowercase or uppercase letters, digits, and underscores.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `arn` - The Amazon Resource Name of the policy.
+* `aws_managed` - Indicates if a policy is an AWS managed policy.
+* `content` - The text content of the policy.
+* `description` - The description of the policy.
+* `name` - The friendly name of the policy.
+* `type` - The type of policy values can be `SERVICE_CONTROL_POLICY | TAG_POLICY | BACKUP_POLICY | AISERVICES_OPT_OUT_POLICY`