Merge pull request #358 from terraform-providers/paddy_storage_bucket_acl

storage: make bucket ACLs control the entire resource.
2024-07-21 09:15:57 +00:00 · 2017-09-11 13:51:12 -07:00 · 2017-09-11 13:51:12 -07:00 · 26ec7e04f7
commit 26ec7e04f7
parent a42d59b2c5 5b6df5ee93
1 changed files with 23 additions and 43 deletions
--- a/google/resource_storage_bucket_acl.go
+++ b/google/resource_storage_bucket_acl.go
@ -33,12 +33,14 @@ func resourceStorageBucketAcl() *schema.Resource {
 				Type:          schema.TypeString,
 				Optional:      true,
 				ForceNew:      true,
 				ConflictsWith: []string{"role_entity"},
 			},
 			"role_entity": &schema.Schema{
 				Type:          schema.TypeList,
 				Optional:      true,
 				Elem:          &schema.Schema{Type: schema.TypeString},
 				ConflictsWith: []string{"predefined_acl"},
 			},
 		},
 	}
@ -84,11 +86,6 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 	}
 	if len(predefined_acl) > 0 {
 		if len(role_entity) > 0 {
 			return fmt.Errorf("Error, you cannot specify both " +
 				"\"predefined_acl\" and \"role_entity\"")
 		}
 		res, err := config.clientStorage.Buckets.Get(bucket).Do()
 		if err != nil {
@ -102,8 +99,8 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
 		}
-		return resourceStorageBucketAclRead(d, meta)
+	}
-	} else if len(role_entity) > 0 {
+	if len(role_entity) > 0 {
 		for _, v := range role_entity {
 			pair, err := getRoleEntityPair(v.(string))
@ -121,7 +118,6 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 			}
 		}
 		return resourceStorageBucketAclRead(d, meta)
 	}
 	if len(default_acl) > 0 {
@ -138,10 +134,10 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
 			return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
 		}
 		return resourceStorageBucketAclRead(d, meta)
 	}
-	return nil
+	d.SetId(getBucketAclId(bucket))
 	return resourceStorageBucketAclRead(d, meta)
 }
 func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) error {
@ -149,42 +145,26 @@ func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) erro
 	bucket := d.Get("bucket").(string)
-	// Predefined ACLs cannot easily be parsed once they have been processed
+	// The API offers no way to retrieve predefined ACLs,
-	// by the GCP server
+	// and we can't tell which access controls were created
-	if _, ok := d.GetOk("predefined_acl"); !ok {
+	// by the predefined roles, so...
-		role_entity := make([]interface{}, 0)
+	//
-		re_local := d.Get("role_entity").([]interface{})
+	// This is, needless to say, a bad state of affairs and
-		re_local_map := make(map[string]string)
+	// should be fixed.
-		for _, v := range re_local {
+	if _, ok := d.GetOk("role_entity"); ok {
 			res, err := getRoleEntityPair(v.(string))
 			if err != nil {
 				return fmt.Errorf(
 					"Old state has malformed Role/Entity pair: %v", err)
 			}
 			re_local_map[res.Entity] = res.Role
 		}
 		res, err := config.clientStorage.BucketAccessControls.List(bucket).Do()
 		if err != nil {
 			return handleNotFoundError(err, d, fmt.Sprintf("Storage Bucket ACL for bucket %q", d.Get("bucket").(string)))
 		}
-
+		entities := make([]string, 0, len(res.Items))
-		for _, v := range res.Items {
+		for _, item := range res.Items {
-			log.Printf("[DEBUG]: examining re %s-%s", v.Role, v.Entity)
+			entities = append(entities, item.Role+":"+item.Entity)
 			// We only store updates to the locally defined access controls
 			if _, in := re_local_map[v.Entity]; in {
 				role_entity = append(role_entity, fmt.Sprintf("%s:%s", v.Role, v.Entity))
 				log.Printf("[DEBUG]: saving re %s-%s", v.Role, v.Entity)
 			}
 		}
-		d.Set("role_entity", role_entity)
+		d.Set("role_entity", entities)
 	}
 	d.SetId(getBucketAclId(bucket))
 	return nil
 }