mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-21 17:25:56 +00:00
Merge pull request #358 from terraform-providers/paddy_storage_bucket_acl
storage: make bucket ACLs control the entire resource.
This commit is contained in:
commit
26ec7e04f7
|
@ -33,12 +33,14 @@ func resourceStorageBucketAcl() *schema.Resource {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
|
ConflictsWith: []string{"role_entity"},
|
||||||
},
|
},
|
||||||
|
|
||||||
"role_entity": &schema.Schema{
|
"role_entity": &schema.Schema{
|
||||||
Type: schema.TypeList,
|
Type: schema.TypeList,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
Elem: &schema.Schema{Type: schema.TypeString},
|
Elem: &schema.Schema{Type: schema.TypeString},
|
||||||
|
ConflictsWith: []string{"predefined_acl"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -84,11 +86,6 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(predefined_acl) > 0 {
|
if len(predefined_acl) > 0 {
|
||||||
if len(role_entity) > 0 {
|
|
||||||
return fmt.Errorf("Error, you cannot specify both " +
|
|
||||||
"\"predefined_acl\" and \"role_entity\"")
|
|
||||||
}
|
|
||||||
|
|
||||||
res, err := config.clientStorage.Buckets.Get(bucket).Do()
|
res, err := config.clientStorage.Buckets.Get(bucket).Do()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -102,8 +99,8 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
|
return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return resourceStorageBucketAclRead(d, meta)
|
}
|
||||||
} else if len(role_entity) > 0 {
|
if len(role_entity) > 0 {
|
||||||
for _, v := range role_entity {
|
for _, v := range role_entity {
|
||||||
pair, err := getRoleEntityPair(v.(string))
|
pair, err := getRoleEntityPair(v.(string))
|
||||||
|
|
||||||
|
@ -121,7 +118,6 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return resourceStorageBucketAclRead(d, meta)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(default_acl) > 0 {
|
if len(default_acl) > 0 {
|
||||||
|
@ -138,10 +134,10 @@ func resourceStorageBucketAclCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
|
return fmt.Errorf("Error updating bucket %s: %v", bucket, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return resourceStorageBucketAclRead(d, meta)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
d.SetId(getBucketAclId(bucket))
|
||||||
|
return resourceStorageBucketAclRead(d, meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) error {
|
func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
@ -149,42 +145,26 @@ func resourceStorageBucketAclRead(d *schema.ResourceData, meta interface{}) erro
|
||||||
|
|
||||||
bucket := d.Get("bucket").(string)
|
bucket := d.Get("bucket").(string)
|
||||||
|
|
||||||
// Predefined ACLs cannot easily be parsed once they have been processed
|
// The API offers no way to retrieve predefined ACLs,
|
||||||
// by the GCP server
|
// and we can't tell which access controls were created
|
||||||
if _, ok := d.GetOk("predefined_acl"); !ok {
|
// by the predefined roles, so...
|
||||||
role_entity := make([]interface{}, 0)
|
//
|
||||||
re_local := d.Get("role_entity").([]interface{})
|
// This is, needless to say, a bad state of affairs and
|
||||||
re_local_map := make(map[string]string)
|
// should be fixed.
|
||||||
for _, v := range re_local {
|
if _, ok := d.GetOk("role_entity"); ok {
|
||||||
res, err := getRoleEntityPair(v.(string))
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf(
|
|
||||||
"Old state has malformed Role/Entity pair: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
re_local_map[res.Entity] = res.Role
|
|
||||||
}
|
|
||||||
|
|
||||||
res, err := config.clientStorage.BucketAccessControls.List(bucket).Do()
|
res, err := config.clientStorage.BucketAccessControls.List(bucket).Do()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return handleNotFoundError(err, d, fmt.Sprintf("Storage Bucket ACL for bucket %q", d.Get("bucket").(string)))
|
return handleNotFoundError(err, d, fmt.Sprintf("Storage Bucket ACL for bucket %q", d.Get("bucket").(string)))
|
||||||
}
|
}
|
||||||
|
entities := make([]string, 0, len(res.Items))
|
||||||
for _, v := range res.Items {
|
for _, item := range res.Items {
|
||||||
log.Printf("[DEBUG]: examining re %s-%s", v.Role, v.Entity)
|
entities = append(entities, item.Role+":"+item.Entity)
|
||||||
// We only store updates to the locally defined access controls
|
|
||||||
if _, in := re_local_map[v.Entity]; in {
|
|
||||||
role_entity = append(role_entity, fmt.Sprintf("%s:%s", v.Role, v.Entity))
|
|
||||||
log.Printf("[DEBUG]: saving re %s-%s", v.Role, v.Entity)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
d.Set("role_entity", role_entity)
|
d.Set("role_entity", entities)
|
||||||
}
|
}
|
||||||
|
|
||||||
d.SetId(getBucketAclId(bucket))
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user