[CC-27470] add folder data source

This change adds the folder data source and associated tests. There was
previously a folder resource only.  The new data source can find a
folder using either a path string or the ID of the folder.  For example:

    data "cockroach_folder" "team1" {
      path = "/prod/team1"
    }

    data "cockroach_folder" "prod" {
      id = var.prod_folder_id
    }

A custom validator for the folder parent_id was also added as part of
the validators to provide better validation and messaging for that
attribute.

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- The
+  [cockroach_folder](https://registry.terraform.io/providers/cockroachdb/cockroach/latest/docs/data-sources/folder)
+  data source was added.
+
 - The `user_role_grant` resource was added to allow management of a single role
   grant.  This resource will not affect other role grants. See
   [user_role_grants](https://registry.terraform.io/providers/cockroachdb/cockroach/latest/docs/resources/user_role_grant)

docs/data-sources/folder.md

@@ -0,0 +1,28 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "cockroach_folder Data Source - terraform-provider-cockroach"
+subcategory: ""
+description: |-
+  CockroachDB Cloud folder.
+---
+
+# cockroach_folder (Data Source)
+
+CockroachDB Cloud folder.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (String) The id the folder.
+- `path` (String) An absolute path to the folder. Trailing slashes are optional. (i.e. /folder1/folder2)
+
+### Read-Only
+
+- `name` (String) Name of the cluster.
+- `parent_id` (String) The ID of the folders's parent folder. 'root' is used for a folder at the root level.
+
+

examples/data-sources/cockroach_folder/data-source.tf

@@ -0,0 +1,11 @@
+variable "prod_folder_id" {
+  type = string
+}
+
+data "cockroach_folder" "team1" {
+  path = "/prod/team1"
+}
+
+data "cockroach_folder" "prod" {
+  id = var.prod_folder_id
+}

examples/workflows/cockroach_folder/main.tf

@@ -8,13 +8,6 @@ variable "folder_child_name" {
   nullable = false
 }
 
-// Get a service account's user id by visiting its detail page. 
-// The user id is in the url like "/service-accounts/{service account user id}".
-variable "service_account_user_id" {
-  type     = string
-  nullable = false
-}
-
 variable "cluster_name" {
   type     = string
   nullable = false
@@ -49,40 +42,32 @@ provider "cockroach" {
   # export COCKROACH_API_KEY with the cockroach cloud API Key
 }
 
-resource "cockroach_folder" "example-folder-parent" {
+resource "cockroach_folder" "example_folder_parent" {
   name      = var.folder_parent_name
   parent_id = "root"
 }
 
-resource "cockroach_folder" "example-folder-child" {
+resource "cockroach_folder" "example_folder_child" {
   name      = var.folder_child_name
-  parent_id = cockroach_folder.example-folder-parent.id
+  parent_id = cockroach_folder.example_folder_parent.id
+}
+
+resource "cockroach_user_role_grant" "folder_admin_grant" {
+  user_id = cockroach_cluster.example.creator_id
+  role = {
+    role_name     = "FOLDER_ADMIN",
+    resource_type = "FOLDER",
+    resource_id   = cockroach_folder.example_folder_parent.id
+  }
 }
 
-resource "cockroach_user_role_grants" "example-service-account" {
-  user_id = var.service_account_user_id
-  roles = [
-    {
-      role_name     = "ORG_MEMBER",
-      resource_type = "ORGANIZATION",
-      resource_id   = ""
-    },
-    {
-      role_name     = "FOLDER_MOVER",
-      resource_type = "ORGANIZATION",
-      resource_id   = ""
-    },
-    {
-      role_name     = "FOLDER_ADMIN",
-      resource_type = "FOLDER",
-      resource_id   = cockroach_folder.example-folder-parent.id
-    },
-    {
-      role_name     = "CLUSTER_CREATOR",
-      resource_type = "FOLDER",
-      resource_id   = cockroach_folder.example-folder-parent.id
-    },
-  ]
+resource "cockroach_user_role_grant" "cluster_creator_grant" {
+  user_id = cockroach_cluster.example.creator_id
+  role = {
+    role_name     = "CLUSTER_CREATOR",
+    resource_type = "FOLDER",
+    resource_id   = cockroach_folder.example_folder_parent.id
+  }
 }
 
 resource "cockroach_cluster" "example" {
@@ -92,5 +77,13 @@ resource "cockroach_cluster" "example" {
     spend_limit = var.serverless_spend_limit
   }
   regions   = [for r in var.cloud_provider_regions : { name = r }]
-  parent_id = cockroach_folder.example-folder-parent.id
+  parent_id = cockroach_folder.example_folder_parent.id
+}
+
+data "cockroach_folder" "child_folder_by_path" {
+  path = format("/%s/%s", cockroach_folder.example_folder_parent.name, cockroach_folder.example_folder_child.name)
+}
+
+output "child_folder_computed_path" {
+  value = data.cockroach_folder.child_folder_by_path.path
 }

internal/provider/cluster_resource.go

@@ -26,6 +26,7 @@ import (
 	"time"
 
 	"github.com/cockroachdb/cockroach-cloud-sdk-go/pkg/client"
+	"github.com/cockroachdb/terraform-provider-cockroach/internal/validators"
 	"github.com/hashicorp/terraform-plugin-framework-validators/resourcevalidator"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/path"
@@ -37,6 +38,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/objectplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
@@ -241,6 +243,9 @@ func (r *clusterResource) Schema(
 				Computed:            true,
 				Optional:            true,
 				MarkdownDescription: "The ID of the cluster's parent folder. 'root' is used for a cluster at the root level.",
+				Validators: []validator.String{
+					validators.FolderParentID(),
+				},
 			},
 		},
 	}
@@ -387,11 +392,6 @@ func (r *clusterResource) Create(
 
 	if !(plan.ParentId.IsNull() || plan.ParentId.IsUnknown()) {
 		parentID := plan.ParentId.ValueString()
-		if parentID == "" {
-			resp.Diagnostics.AddError("Invalid parent_id",
-				"If set, the parent_id must be a folder ID or 'root' for a root level cluster.")
-			return
-		}
 		if parentID != "root" {
 			_, _, err := r.provider.service.GetFolder(ctx, parentID)
 			if err != nil {
@@ -724,11 +724,6 @@ func (r *clusterResource) Update(
 	// Parent Id
 	if !(plan.ParentId.IsNull() || plan.ParentId.IsUnknown()) {
 		parentID := plan.ParentId.ValueString()
-		if plan.ParentId.ValueString() == "" {
-			resp.Diagnostics.AddError("Invalid parent_id",
-				"If set, the parent_id must be a folder ID or 'root' for a root level cluster.")
-			return
-		}
 		if parentID != "root" {
 			_, _, err := r.provider.service.GetFolder(ctx, parentID)
 			if err != nil {

internal/provider/folder_data_source.go

@@ -0,0 +1,178 @@
+/*
+Copyright 2024 The Cockroach Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/cockroachdb/cockroach-cloud-sdk-go/pkg/client"
+	"github.com/hashicorp/terraform-plugin-framework-validators/datasourcevalidator"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+	_ datasource.DataSource              = &folderDataSource{}
+	_ datasource.DataSourceWithConfigure = &folderDataSource{}
+)
+
+type folderDataSource struct {
+	provider *provider
+}
+
+func (d *folderDataSource) Schema(
+	_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse,
+) {
+	resp.Schema = schema.Schema{
+		Description: "A CockroachDB Cloud folder. Folders can contain clusters or other folders.  They can be used to group resources together for the purposes of access control, organization or fine grained invoicing.",
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				MarkdownDescription: "The id the folder.",
+				Optional:            true,
+				Validators:          []validator.String{uuidValidator},
+			},
+			"path": schema.StringAttribute{
+				MarkdownDescription: "An absolute path to the folder. Trailing slashes are optional. (i.e. /folder1/folder2)",
+				Optional:            true,
+			},
+			"name": schema.StringAttribute{
+				MarkdownDescription: "Name of the folder.",
+				Computed:            true,
+			},
+			"parent_id": schema.StringAttribute{
+				Computed:            true,
+				MarkdownDescription: "The ID of the folders's parent folder. 'root' is used for a folder at the root level.",
+			},
+		},
+	}
+}
+
+func (r *folderDataSource) ConfigValidators(ctx context.Context) []datasource.ConfigValidator {
+	return []datasource.ConfigValidator{
+		datasourcevalidator.ExactlyOneOf(
+			path.MatchRoot("path"),
+			path.MatchRoot("id"),
+		),
+	}
+}
+
+func (d *folderDataSource) Metadata(
+	_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse,
+) {
+	resp.TypeName = req.ProviderTypeName + "_folder"
+}
+
+func (d *folderDataSource) Configure(
+	_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse,
+) {
+	if req.ProviderData == nil {
+		return
+	}
+	var ok bool
+	if d.provider, ok = req.ProviderData.(*provider); !ok {
+		resp.Diagnostics.AddError("Internal provider error",
+			fmt.Sprintf("Error in Configure: expected %T but got %T", provider{}, req.ProviderData))
+	}
+}
+
+func (d *folderDataSource) Read(
+	ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse,
+) {
+	if d.provider == nil || !d.provider.configured {
+		addConfigureProviderErr(&resp.Diagnostics)
+		return
+	}
+
+	var folderDataSource FolderDataSourceModel
+	diags := req.Config.Get(ctx, &folderDataSource)
+
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		resp.Diagnostics.AddWarning("Error loading the folder", "")
+		return
+	}
+
+	var folder *client.FolderResource
+	if !folderDataSource.ID.IsNull() {
+		folderID := folderDataSource.ID.ValueString()
+
+		var httpResp *http.Response
+		var err error
+		folder, httpResp, err = d.provider.service.GetFolder(ctx, folderID)
+		if httpResp != nil && httpResp.StatusCode == http.StatusNotFound {
+			resp.Diagnostics.AddError(
+				"Folder not found",
+				fmt.Sprintf("Couldn't find a folder with ID %s", folderID))
+			return
+		}
+		if err != nil {
+			resp.Diagnostics.AddError(
+				"Error fetching folder",
+				fmt.Sprintf("Unexpected error while retrieving folder: %v", formatAPIErrorMessage(err)))
+			return
+		}
+
+	} else if !folderDataSource.Path.IsNull() {
+		path := folderDataSource.Path.ValueString()
+		apiResp, _, err := d.provider.service.ListFolders(ctx, &client.ListFoldersOptions{Path: &path})
+		if err != nil {
+			resp.Diagnostics.AddError(
+				"Error fetching folders",
+				fmt.Sprintf("Unexpected error while retrieving folder: %v", formatAPIErrorMessage(err)))
+			return
+		}
+		if len(apiResp.Folders) == 0 {
+			resp.Diagnostics.AddError(
+				"Folder not found",
+				fmt.Sprintf("Couldn't find a folder with path %s", path))
+			return
+		}
+		folder = &apiResp.Folders[0]
+	}
+
+	folderDataSource.ID = types.StringValue(folder.ResourceId)
+	folderDataSource.Name = types.StringValue(folder.Name)
+	folderDataSource.ParentId = types.StringValue(folder.ParentId)
+	if folderDataSource.Path.IsNull() {
+		folderDataSource.Path = types.StringValue(buildFolderPathString(folder))
+	}
+
+	diags = resp.State.Set(ctx, folderDataSource)
+	resp.Diagnostics.Append(diags...)
+}
+
+func buildFolderPathString(folder *client.FolderResource) string {
+	var sb strings.Builder
+	sb.WriteString("/")
+	for _, segment := range folder.Path {
+		sb.WriteString(*segment.Name)
+		sb.WriteString("/")
+	}
+	sb.WriteString(folder.Name)
+	return sb.String()
+}
+
+func NewFolderDataSource() datasource.DataSource {
+	return &folderDataSource{}
+}