New Resource: aws_datazone_policy_grant

[aamir296]

Implements the aws_datazone_policy_grant resource for managing DataZone policy grants via AddPolicyGrant/RemovePolicyGrant/ListPolicyGrants APIs. Closes #46764

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

No changes to security controls. This PR adds a new resource that calls existing AWS DataZone APIs (AddPolicyGrant, RemovePolicyGrant, ListPolicyGrants).

Description

Adds the aws_datazone_policy_grant resource to manage AWS DataZone policy grants.

New Resource

• aws_datazone_policy_grant

API Operations

• Create: AddPolicyGrant
• Read: ListPolicyGrants (paginated, match by grantId)
• Delete: RemovePolicyGrant
• No Update (all attributes force replacement)

Features

• Resource Identity with 5 identity attributes (domain_identifier, entity_type, entity_identifier, policy_type, grant_id)
• Enhanced Region Support via framework.WithRegionModel
• All 14 policy detail variants implemented
• 4 principal types (domain_unit, project, group, user)
• Import support via both Resource Identity (Terraform v1.12+) and legacy comma-separated ID
• Idempotent delete (handles already-removed grants gracefully)

Follow-up

A List Resource for aws_datazone_policy_grant will be submitted in a separate follow-up PR once this resource's Resource Identity is merged, as per the List Resource prerequisites.

Relations

Closes #46764

References

• AWS DataZone AddPolicyGrant API
• AWS DataZone RemovePolicyGrant API
• AWS DataZone ListPolicyGrants API

Output from Unit Testing

% go test ./internal/service/datazone/ -v -count=1 -run='TestFlattenPolicyGrant|TestPolicyGrantImportID' -timeout 5m

=== RUN   TestFlattenPolicyGrantDetail_CreateDomainUnit
--- PASS: TestFlattenPolicyGrantDetail_CreateDomainUnit (0.00s)
=== RUN   TestFlattenPolicyGrantDetail_CreateEnvironment
--- PASS: TestFlattenPolicyGrantDetail_CreateEnvironment (0.00s)
=== RUN   TestFlattenPolicyGrantDetail_CreateProjectFromProjectProfile
--- PASS: TestFlattenPolicyGrantDetail_CreateProjectFromProjectProfile (0.00s)
=== RUN   TestFlattenPolicyGrantPrincipal_User_AllUsersGrantFilter
--- PASS: TestFlattenPolicyGrantPrincipal_User_AllUsersGrantFilter (0.00s)
=== RUN   TestFlattenPolicyGrantPrincipal_User_UserIdentifier
--- PASS: TestFlattenPolicyGrantPrincipal_User_UserIdentifier (0.00s)
=== RUN   TestFlattenPolicyGrantPrincipal_Project
--- PASS: TestFlattenPolicyGrantPrincipal_Project (0.00s)
=== RUN   TestFlattenPolicyGrantPrincipal_DomainUnit
--- PASS: TestFlattenPolicyGrantPrincipal_DomainUnit (0.00s)
=== RUN   TestFlattenPolicyGrantPrincipal_Group
--- PASS: TestFlattenPolicyGrantPrincipal_Group (0.00s)
=== RUN   TestPolicyGrantImportID_Parse_Valid
--- PASS: TestPolicyGrantImportID_Parse_Valid (0.00s)
=== RUN   TestPolicyGrantImportID_Parse_TooFewParts
--- PASS: TestPolicyGrantImportID_Parse_TooFewParts (0.00s)
=== RUN   TestPolicyGrantImportID_Parse_TooManyParts
--- PASS: TestPolicyGrantImportID_Parse_TooManyParts (0.00s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/datazone	5.710s

Output from Acceptance Testing

% TF_ACC=1 go test ./internal/service/datazone/ -v -count=1 -parallel=1 -run='TestAccDataZonePolicyGrant_' -timeout 30m

=== RUN   TestAccDataZonePolicyGrant_Identity_basic
=== PAUSE TestAccDataZonePolicyGrant_Identity_basic
=== RUN   TestAccDataZonePolicyGrant_Identity_regionOverride
=== PAUSE TestAccDataZonePolicyGrant_Identity_regionOverride
=== RUN   TestAccDataZonePolicyGrant_basic
=== PAUSE TestAccDataZonePolicyGrant_basic
=== RUN   TestAccDataZonePolicyGrant_disappears
=== PAUSE TestAccDataZonePolicyGrant_disappears
=== RUN   TestAccDataZonePolicyGrant_includeChildDomainUnits
=== PAUSE TestAccDataZonePolicyGrant_includeChildDomainUnits
=== RUN   TestAccDataZonePolicyGrant_projectPrincipal
=== PAUSE TestAccDataZonePolicyGrant_projectPrincipal
=== CONT  TestAccDataZonePolicyGrant_Identity_basic
--- PASS: TestAccDataZonePolicyGrant_Identity_basic (67.97s)
=== CONT  TestAccDataZonePolicyGrant_projectPrincipal
--- PASS: TestAccDataZonePolicyGrant_projectPrincipal (63.82s)
=== CONT  TestAccDataZonePolicyGrant_disappears
--- PASS: TestAccDataZonePolicyGrant_disappears (49.27s)
=== CONT  TestAccDataZonePolicyGrant_includeChildDomainUnits
--- PASS: TestAccDataZonePolicyGrant_includeChildDomainUnits (48.89s)
=== CONT  TestAccDataZonePolicyGrant_basic
--- PASS: TestAccDataZonePolicyGrant_basic (47.47s)
=== CONT  TestAccDataZonePolicyGrant_Identity_regionOverride
--- PASS: TestAccDataZonePolicyGrant_Identity_regionOverride (60.80s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/datazone	344.125s

[github-actions]

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

[github-actions]

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[aamir296]

Hi @justinretzolk , just checking in on this PR. Could you help get this queued for review, or is there anything I can update to help move it forward? Thanks!