[WIP] New Data Sources: aws_organizations_*

[brandonstevens]

We have a need for a few data sources for AWS Organizations resources. The included data sources allow us to more easily share resources like S3 Buckets and AMIs across all AWS Accounts within our organization.

Changes proposed in this pull request:

• New Data Source: aws_organizations_organization
• New Data Source: aws_organizations_account_ids
• New Data Source: aws_organizations_account

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccDataSourceAwsOrganizations*'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run=TestAccDataSourceAwsOrganizations* -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccDataSourceAwsOrganizationsAccountIDs_basic
--- PASS: TestAccDataSourceAwsOrganizationsAccountIDs_basic (41.77s)
=== RUN   TestAccDataSourceAwsOrganizationsAccount_basic
--- PASS: TestAccDataSourceAwsOrganizationsAccount_basic (38.51s)
=== RUN   TestAccDataSourceAwsOrganizationsOrganization_basic
--- PASS: TestAccDataSourceAwsOrganizationsOrganization_basic (42.56s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	122.854s

WIP:

For the acceptance tests, I'm not sure of the best way to test features that
require an organization. I currently have the tests creating an organization, but
because I need to use depends_on in the tested data source, the plan check fails.
I'm currently working around this by ignoring the check (ExpectNonEmptyPlan: true).

Output when not ignoring the plan check:

=== RUN   TestAccDataSourceAwsOrganizationsAccount_basic
--- FAIL: TestAccDataSourceAwsOrganizationsAccount_basic (43.06s)
	testing.go:518: Step 0 error: After applying this step and refreshing, the plan was not empty:
		
		DIFF:
		
		CREATE: data.aws_organizations_account.test
		  account_id:                 "" => "<computed>"
		  arn:                        "" => "<computed>"
		  email:                      "" => "<computed>"
		  iam_user_access_to_billing: "" => "<computed>"
		  joined_method:              "" => "<computed>"
		  joined_timestamp:           "" => "<computed>"
		  name:                       "" => "<computed>"
		  role_name:                  "" => "<computed>"
		  status:                     "" => "<computed>"
		CREATE: data.aws_organizations_account_ids.test
		  ids.#: "" => "<computed>"
		
		STATE:
		
		aws_organizations_organization.test:
		  ...

[bflad]

We should ensure that none of this functionality collides with the currently open PRs: #2530, #3604, #4207, #4229, #4384, #4405 -- admittedly I am way behind in getting these Organizations service PRs reviewed, which is why its in such a bad state.

[brandonstevens]

Welp, looks like I contributed to the mess and duplicated the functionality in #2530, #3604, and #4384. Happy to help in any way to get this functionality merged in.

[taiidani]

Any way I could help with this? I was going to create my own PR for that account_ids data source but it turns out there are a couple already here.

[bflad]

Hi @brandonstevens 👋 Thank you very much for your time and contribution here. My apologies for the long silence on this pull request. The support for AWS Organizations has been quite the long process and there were differing implementations offered by various members of the community. In the future, we are hoping that we can host these type of implementation discussions in design issues where the implementation choice is agreed on before we wind up in the same situation of conflicting contributions.

After evaluating all the contributions, we decided to opt for a single aws_organization_organization data source that was able to represent the same functionality as the aws_organization_organization resource. This will allow operators to have a similar experience between these two options and will have the following modes of operation:

• If used in an account that is not part of an Organization, it will return an error
• If used within an Organization but outside the master account, it will return the Organization ID, ARN, and master account ID information
• If used within the Organization master account, it will return all the arguments and attributes available in the aws_organizations_organization resource including all member account information such as account ARNs and account IDs

This new aws_organizations_organization data source has been merged and will release with version 2.21.0 of the Terraform AWS Provider, in about a week. Since the functionality available in this new data source supersedes the need of these data sources, I'm going to close out this pull request.

We really appreciate the time and effort that went into this contribution and we hope to be able to work with you again in the future.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!