From 6420e84dd7f57759512da04a9c3a15ce57d6ed8f Mon Sep 17 00:00:00 2001
From: Lars With <lars@with.de>
Date: Mon, 12 Aug 2024 11:38:19 +0200
Subject: [PATCH 1/4] implement datasource policy

---
 internal/provider/data_source_policy.go      | 45 ++++++++++++++++++++
 internal/provider/data_source_policy_test.go | 28 ++++++++++++
 internal/provider/provider.go                |  1 +
 3 files changed, 74 insertions(+)
 create mode 100644 internal/provider/data_source_policy.go
 create mode 100644 internal/provider/data_source_policy_test.go

diff --git a/internal/provider/data_source_policy.go b/internal/provider/data_source_policy.go
new file mode 100644
index 00000000..b2caa1c5
--- /dev/null
+++ b/internal/provider/data_source_policy.go
@@ -0,0 +1,45 @@
+package provider
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourcePolicy() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourcePolicyRead,
+		Description: "Customization --- Get policy by name",
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourcePolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	var diags diag.Diagnostics
+	c := m.(*APIClient)
+
+	req := c.client.PoliciesApi.PoliciesAllList(ctx)
+	if s, ok := d.GetOk("name"); ok {
+		req = req.Search(s.(string))
+	}
+
+	res, hr, err := req.Execute()
+	if err != nil {
+		return httpToDiag(d, hr, err)
+	}
+
+	if len(res.Results) < 1 {
+		return diag.Errorf("No matching policy found")
+	}
+	f := res.Results[0]
+	d.SetId(f.Pk)
+	setWrapper(d, "name", f.Name)
+	return diags
+}
diff --git a/internal/provider/data_source_policy_test.go b/internal/provider/data_source_policy_test.go
new file mode 100644
index 00000000..81449125
--- /dev/null
+++ b/internal/provider/data_source_policy_test.go
@@ -0,0 +1,28 @@
+package provider
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccDataSourcePolicy(t *testing.T) {
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourcePolicySimple,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.authentik_stage.default-authentication-flow-password-stage", "name", "default-authentication-flow-password-stage"),
+				),
+			},
+		},
+	})
+}
+
+const testAccDataSourcePolicySimple = `
+data "authentik_policy" "default-authentication-flow-password-stage" {
+  name = "default-authentication-flow-password-stage"
+}
+`
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 70e57332..26956d15 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -151,6 +151,7 @@ func Provider(version string, testing bool) *schema.Provider {
 			"authentik_flow":                             td(dataSourceFlow),
 			"authentik_group":                            td(dataSourceGroup),
 			"authentik_groups":                           td(dataSourceGroups),
+			"authentik_policy":                           td(dataSourcePolicy),
 			"authentik_property_mapping_provider_rac":    td(dataSourcePropertyMappingProviderRAC),
 			"authentik_property_mapping_provider_radius": td(dataSourcePropertyMappingProviderRadius),
 			"authentik_property_mapping_provider_saml":   td(dataSourcePropertyMappingProviderSAML),

From 7c573bf9b18700f891ca0dd3f6c8381803e1d907 Mon Sep 17 00:00:00 2001
From: Lars With <lars@with.de>
Date: Mon, 12 Aug 2024 12:06:21 +0200
Subject: [PATCH 2/4] fix typo

---
 internal/provider/data_source_policy_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/provider/data_source_policy_test.go b/internal/provider/data_source_policy_test.go
index 81449125..7fee5ab7 100644
--- a/internal/provider/data_source_policy_test.go
+++ b/internal/provider/data_source_policy_test.go
@@ -14,7 +14,7 @@ func TestAccDataSourcePolicy(t *testing.T) {
 			{
 				Config: testAccDataSourcePolicySimple,
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("data.authentik_stage.default-authentication-flow-password-stage", "name", "default-authentication-flow-password-stage"),
+					resource.TestCheckResourceAttr("data.authentik_policy.default-authentication-flow-password-stage", "name", "default-authentication-flow-password-stage"),
 				),
 			},
 		},

From 068e974d375a2f2188890aba030ca505821723d0 Mon Sep 17 00:00:00 2001
From: Lars With <lars@with.de>
Date: Mon, 12 Aug 2024 12:25:20 +0200
Subject: [PATCH 3/4] add example

---
 docs/data-sources/policy.md                   | 33 +++++++++++++++++++
 .../authentik_policy/data-source.tf           |  7 ++++
 2 files changed, 40 insertions(+)
 create mode 100644 docs/data-sources/policy.md
 create mode 100644 examples/data-sources/authentik_policy/data-source.tf

diff --git a/docs/data-sources/policy.md b/docs/data-sources/policy.md
new file mode 100644
index 00000000..f1c3e945
--- /dev/null
+++ b/docs/data-sources/policy.md
@@ -0,0 +1,33 @@
+---
+page_title: "authentik_policy Data Source - terraform-provider-authentik"
+subcategory: "Customization"
+description: |-
+  Get policy by name
+---
+
+# authentik_policy (Data Source)
+
+Get policy by name
+
+## Example Usage
+
+```terraform
+# To get the ID of a policy by name
+
+data "authentik_policy" "default-authentication-flow-password-stage" {
+  name = "default-authentication-flow-password-stage"
+}
+
+# Then use `data.authentik_policy.default-authentication-flow-password-stage.id`
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `name` (String) Generated.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
diff --git a/examples/data-sources/authentik_policy/data-source.tf b/examples/data-sources/authentik_policy/data-source.tf
new file mode 100644
index 00000000..2f78bea4
--- /dev/null
+++ b/examples/data-sources/authentik_policy/data-source.tf
@@ -0,0 +1,7 @@
+# To get the ID of a policy by name
+
+data "authentik_policy" "default-authentication-flow-password-stage" {
+  name = "default-authentication-flow-password-stage"
+}
+
+# Then use `data.authentik_policy.default-authentication-flow-password-stage.id`

From 9157fc7e10989709e319ac5ed57680557cf172fd Mon Sep 17 00:00:00 2001
From: Lars With <lars@with.de>
Date: Mon, 12 Aug 2024 12:43:27 +0200
Subject: [PATCH 4/4] add test for not existing policy

---
 internal/provider/data_source_policy_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/internal/provider/data_source_policy_test.go b/internal/provider/data_source_policy_test.go
index 7fee5ab7..062dff21 100644
--- a/internal/provider/data_source_policy_test.go
+++ b/internal/provider/data_source_policy_test.go
@@ -1,6 +1,7 @@
 package provider
 
 import (
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -17,6 +18,10 @@ func TestAccDataSourcePolicy(t *testing.T) {
 					resource.TestCheckResourceAttr("data.authentik_policy.default-authentication-flow-password-stage", "name", "default-authentication-flow-password-stage"),
 				),
 			},
+			{
+				Config:      testAccDataSourcePolicyNotExisting,
+				ExpectError: regexp.MustCompile(`No matching policy found`),
+			},
 		},
 	})
 }
@@ -26,3 +31,9 @@ data "authentik_policy" "default-authentication-flow-password-stage" {
   name = "default-authentication-flow-password-stage"
 }
 `
+
+const testAccDataSourcePolicyNotExisting = `
+data "authentik_policy" "not-exiting-policy" {
+  name = "not-exiting-policy"
+}
+`