diff --git a/google/provider_storage_gen.go b/google/provider_storage_gen.go index dd76002a..3cef3869 100644 --- a/google/provider_storage_gen.go +++ b/google/provider_storage_gen.go @@ -17,5 +17,6 @@ package google import "github.com/hashicorp/terraform/helper/schema" var GeneratedStorageResourcesMap = map[string]*schema.Resource{ - "google_storage_object_access_control": resourceStorageObjectAccessControl(), + "google_storage_object_access_control": resourceStorageObjectAccessControl(), + "google_storage_default_object_access_control": resourceStorageDefaultObjectAccessControl(), } diff --git a/google/resource_storage_default_object_access_control.go b/google/resource_storage_default_object_access_control.go new file mode 100644 index 00000000..5ae86adb --- /dev/null +++ b/google/resource_storage_default_object_access_control.go @@ -0,0 +1,333 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "log" + "reflect" + "strconv" + + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" +) + +func resourceStorageDefaultObjectAccessControl() *schema.Resource { + return &schema.Resource{ + Create: resourceStorageDefaultObjectAccessControlCreate, + Read: resourceStorageDefaultObjectAccessControlRead, + Update: resourceStorageDefaultObjectAccessControlUpdate, + Delete: resourceStorageDefaultObjectAccessControlDelete, + + Importer: &schema.ResourceImporter{ + State: resourceStorageDefaultObjectAccessControlImport, + }, + + Schema: map[string]*schema.Schema{ + "bucket": { + Type: schema.TypeString, + Required: true, + DiffSuppressFunc: compareSelfLinkOrResourceName, + }, + "entity": { + Type: schema.TypeString, + Required: true, + }, + "role": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"OWNER", "READER"}, false), + }, + "object": { + Type: schema.TypeString, + Optional: true, + }, + "domain": { + Type: schema.TypeString, + Computed: true, + }, + "email": { + Type: schema.TypeString, + Computed: true, + }, + "entity_id": { + Type: schema.TypeString, + Computed: true, + }, + "generation": { + Type: schema.TypeInt, + Computed: true, + }, + "project_team": { + Type: schema.TypeList, + Computed: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "project_number": { + Type: schema.TypeString, + Optional: true, + }, + "team": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{"editors", "owners", "viewers", ""}, false), + }, + }, + }, + }, + }, + } +} + +func resourceStorageDefaultObjectAccessControlCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + obj := make(map[string]interface{}) + bucketProp, err := expandStorageDefaultObjectAccessControlBucket(d.Get("bucket"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("bucket"); !isEmptyValue(reflect.ValueOf(bucketProp)) && (ok || !reflect.DeepEqual(v, bucketProp)) { + obj["bucket"] = bucketProp + } + entityProp, err := expandStorageDefaultObjectAccessControlEntity(d.Get("entity"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("entity"); !isEmptyValue(reflect.ValueOf(entityProp)) && (ok || !reflect.DeepEqual(v, entityProp)) { + obj["entity"] = entityProp + } + objectProp, err := expandStorageDefaultObjectAccessControlObject(d.Get("object"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("object"); !isEmptyValue(reflect.ValueOf(objectProp)) && (ok || !reflect.DeepEqual(v, objectProp)) { + obj["object"] = objectProp + } + roleProp, err := expandStorageDefaultObjectAccessControlRole(d.Get("role"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("role"); !isEmptyValue(reflect.ValueOf(roleProp)) && (ok || !reflect.DeepEqual(v, roleProp)) { + obj["role"] = roleProp + } + + url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl") + if err != nil { + return err + } + + log.Printf("[DEBUG] Creating new DefaultObjectAccessControl: %#v", obj) + res, err := sendRequest(config, "POST", url, obj) + if err != nil { + return fmt.Errorf("Error creating DefaultObjectAccessControl: %s", err) + } + + // Store the ID now + id, err := replaceVars(d, config, "{{bucket}}/{{entity}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + log.Printf("[DEBUG] Finished creating DefaultObjectAccessControl %q: %#v", d.Id(), res) + + return resourceStorageDefaultObjectAccessControlRead(d, meta) +} + +func resourceStorageDefaultObjectAccessControlRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}") + if err != nil { + return err + } + + res, err := sendRequest(config, "GET", url, nil) + if err != nil { + return handleNotFoundError(err, d, fmt.Sprintf("StorageDefaultObjectAccessControl %q", d.Id())) + } + + if err := d.Set("domain", flattenStorageDefaultObjectAccessControlDomain(res["domain"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("email", flattenStorageDefaultObjectAccessControlEmail(res["email"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("entity", flattenStorageDefaultObjectAccessControlEntity(res["entity"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("entity_id", flattenStorageDefaultObjectAccessControlEntityId(res["entityId"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("generation", flattenStorageDefaultObjectAccessControlGeneration(res["generation"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("object", flattenStorageDefaultObjectAccessControlObject(res["object"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("project_team", flattenStorageDefaultObjectAccessControlProjectTeam(res["projectTeam"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + if err := d.Set("role", flattenStorageDefaultObjectAccessControlRole(res["role"])); err != nil { + return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err) + } + + return nil +} + +func resourceStorageDefaultObjectAccessControlUpdate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + obj := make(map[string]interface{}) + bucketProp, err := expandStorageDefaultObjectAccessControlBucket(d.Get("bucket"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("bucket"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, bucketProp)) { + obj["bucket"] = bucketProp + } + entityProp, err := expandStorageDefaultObjectAccessControlEntity(d.Get("entity"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("entity"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, entityProp)) { + obj["entity"] = entityProp + } + objectProp, err := expandStorageDefaultObjectAccessControlObject(d.Get("object"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("object"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, objectProp)) { + obj["object"] = objectProp + } + roleProp, err := expandStorageDefaultObjectAccessControlRole(d.Get("role"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("role"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, roleProp)) { + obj["role"] = roleProp + } + + url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Updating DefaultObjectAccessControl %q: %#v", d.Id(), obj) + _, err = sendRequest(config, "PUT", url, obj) + + if err != nil { + return fmt.Errorf("Error updating DefaultObjectAccessControl %q: %s", d.Id(), err) + } + + return resourceStorageDefaultObjectAccessControlRead(d, meta) +} + +func resourceStorageDefaultObjectAccessControlDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}") + if err != nil { + return err + } + + var obj map[string]interface{} + log.Printf("[DEBUG] Deleting DefaultObjectAccessControl %q", d.Id()) + res, err := sendRequest(config, "DELETE", url, obj) + if err != nil { + return handleNotFoundError(err, d, "DefaultObjectAccessControl") + } + + log.Printf("[DEBUG] Finished deleting DefaultObjectAccessControl %q: %#v", d.Id(), res) + return nil +} + +func resourceStorageDefaultObjectAccessControlImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*Config) + parseImportId([]string{"(?P[^/]+)/(?P[^/]+)"}, d, config) + + // Replace import id for the resource id + id, err := replaceVars(d, config, "{{bucket}}/{{entity}}") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenStorageDefaultObjectAccessControlDomain(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlEmail(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlEntity(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlEntityId(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlGeneration(v interface{}) interface{} { + // Handles the string fixed64 format + if strVal, ok := v.(string); ok { + if intVal, err := strconv.ParseInt(strVal, 10, 64); err == nil { + return intVal + } // let terraform core handle it if we can't convert the string to an int. + } + return v +} + +func flattenStorageDefaultObjectAccessControlObject(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlProjectTeam(v interface{}) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + transformed := make(map[string]interface{}) + transformed["project_number"] = + flattenStorageDefaultObjectAccessControlProjectTeamProjectNumber(original["projectNumber"]) + transformed["team"] = + flattenStorageDefaultObjectAccessControlProjectTeamTeam(original["team"]) + return []interface{}{transformed} +} +func flattenStorageDefaultObjectAccessControlProjectTeamProjectNumber(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlProjectTeamTeam(v interface{}) interface{} { + return v +} + +func flattenStorageDefaultObjectAccessControlRole(v interface{}) interface{} { + return v +} + +func expandStorageDefaultObjectAccessControlBucket(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandStorageDefaultObjectAccessControlEntity(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandStorageDefaultObjectAccessControlObject(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandStorageDefaultObjectAccessControlRole(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) { + return v, nil +} diff --git a/google/resource_storage_default_object_access_control_generated_test.go b/google/resource_storage_default_object_access_control_generated_test.go new file mode 100644 index 00000000..67bd4b5f --- /dev/null +++ b/google/resource_storage_default_object_access_control_generated_test.go @@ -0,0 +1,82 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccStorageDefaultObjectAccessControl_StorageDefaultObjectAccessControlPublicExample(t *testing.T) { + t.Parallel() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckStorageDefaultObjectAccessControlDestroy, + Steps: []resource.TestStep{ + { + Config: testAccStorageDefaultObjectAccessControl_StorageDefaultObjectAccessControlPublicExample(acctest.RandString(10)), + }, + { + ResourceName: "google_storage_default_object_access_control.public_rule", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"bucket"}, + }, + }, + }) +} + +func testAccStorageDefaultObjectAccessControl_StorageDefaultObjectAccessControlPublicExample(val string) string { + return fmt.Sprintf(` +resource "google_storage_default_object_access_control" "public_rule" { + bucket = "${google_storage_bucket.bucket.name}" + role = "READER" + entity = "allUsers" +} + +resource "google_storage_bucket" "bucket" { + name = "static-content-bucket-%s" +} +`, val, + ) +} + +func testAccCheckStorageDefaultObjectAccessControlDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "google_storage_default_object_access_control" { + continue + } + + config := testAccProvider.Meta().(*Config) + + url, err := replaceVarsForTest(rs, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}") + if err != nil { + return err + } + + _, err = sendRequest(config, "GET", url, nil) + if err == nil { + return fmt.Errorf("StorageDefaultObjectAccessControl still exists at %s", url) + } + } + + return nil +} diff --git a/google/resource_storage_default_object_access_control_test.go b/google/resource_storage_default_object_access_control_test.go new file mode 100644 index 00000000..a3fca09c --- /dev/null +++ b/google/resource_storage_default_object_access_control_test.go @@ -0,0 +1,110 @@ +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccStorageDefaultObjectAccessControl_basic(t *testing.T) { + t.Parallel() + + bucketName := testBucketName() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if errObjectAcl != nil { + panic(errObjectAcl) + } + testAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccStorageDefaultObjectAccessControlDestroy, + Steps: []resource.TestStep{ + { + Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "READER", "allUsers"), + }, + { + ResourceName: "google_storage_default_object_access_control.default", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccStorageDefaultObjectAccessControl_update(t *testing.T) { + t.Parallel() + + bucketName := testBucketName() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if errObjectAcl != nil { + panic(errObjectAcl) + } + testAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccStorageDefaultObjectAccessControlDestroy, + Steps: []resource.TestStep{ + { + Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "READER", "allUsers"), + }, + { + ResourceName: "google_storage_default_object_access_control.default", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "OWNER", "allUsers"), + }, + { + ResourceName: "google_storage_default_object_access_control.default", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccStorageDefaultObjectAccessControlDestroy(s *terraform.State) error { + config := testAccProvider.Meta().(*Config) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "google_storage_bucket_acl" { + continue + } + + bucket := rs.Primary.Attributes["bucket"] + entity := rs.Primary.Attributes["entity"] + + rePairs, err := config.clientStorage.DefaultObjectAccessControls.List(bucket).Do() + if err != nil { + return fmt.Errorf("Can't list role entity acl for bucket %s", bucket) + } + + for _, v := range rePairs.Items { + if v.Entity == entity { + return fmt.Errorf("found entity %s as role entity acl entry in bucket %s", entity, bucket) + } + } + + } + + return nil +} + +func testGoogleStorageDefaultObjectAccessControlBasic(bucketName, role, entity string) string { + return fmt.Sprintf(` +resource "google_storage_bucket" "bucket" { + name = "%s" +} + +resource "google_storage_default_object_access_control" "default" { + bucket = "${google_storage_bucket.bucket.name}" + role = "%s" + entity = "%s" +} +`, bucketName, role, entity) +} diff --git a/google/resource_storage_object_access_control_generated_test.go b/google/resource_storage_object_access_control_generated_test.go new file mode 100644 index 00000000..1a051d92 --- /dev/null +++ b/google/resource_storage_object_access_control_generated_test.go @@ -0,0 +1,88 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccStorageObjectAccessControl_StorageObjectAccessControlPublicObjectExample(t *testing.T) { + t.Parallel() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckStorageObjectAccessControlDestroy, + Steps: []resource.TestStep{ + { + Config: testAccStorageObjectAccessControl_StorageObjectAccessControlPublicObjectExample(acctest.RandString(10)), + }, + { + ResourceName: "google_storage_object_access_control.public_rule", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccStorageObjectAccessControl_StorageObjectAccessControlPublicObjectExample(val string) string { + return fmt.Sprintf(` +resource "google_storage_object_access_control" "public_rule" { + object = "${google_storage_bucket_object.object.name}" + bucket = "${google_storage_bucket.bucket.name}" + role = "READER" + entity = "allUsers" +} + +resource "google_storage_bucket" "bucket" { + name = "static-content-bucket-%s" +} + + resource "google_storage_bucket_object" "object" { + name = "public-object-%s" + bucket = "${google_storage_bucket.bucket.name}" + source = "test-fixtures/header-logo.png" +} +`, val, val, + ) +} + +func testAccCheckStorageObjectAccessControlDestroy(s *terraform.State) error { + for _, rs := range s.RootModule().Resources { + if rs.Type != "google_storage_object_access_control" { + continue + } + + config := testAccProvider.Meta().(*Config) + + url, err := replaceVarsForTest(rs, "https://www.googleapis.com/storage/v1/b/{{bucket}}/o/{{object}}/acl/{{entity}}") + if err != nil { + return err + } + + _, err = sendRequest(config, "GET", url, nil) + if err == nil { + return fmt.Errorf("StorageObjectAccessControl still exists at %s", url) + } + } + + return nil +} diff --git a/google/resource_storage_object_access_control_test.go b/google/resource_storage_object_access_control_test.go new file mode 100644 index 00000000..cb2985f8 --- /dev/null +++ b/google/resource_storage_object_access_control_test.go @@ -0,0 +1,125 @@ +package google + +import ( + "fmt" + "io/ioutil" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccStorageObjectAccessControl_basic(t *testing.T) { + t.Parallel() + + bucketName := testBucketName() + objectName := testAclObjectName() + objectData := []byte("data data data") + ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644) + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if errObjectAcl != nil { + panic(errObjectAcl) + } + testAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccStorageObjectAccessControlDestroy, + Steps: []resource.TestStep{ + { + Config: testGoogleStorageObjectAccessControlBasic(bucketName, objectName, "READER", "allUsers"), + }, + { + ResourceName: "google_storage_object_access_control.default", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccStorageObjectAccessControl_update(t *testing.T) { + t.Parallel() + + bucketName := testBucketName() + objectName := testAclObjectName() + objectData := []byte("data data data") + ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644) + resource.Test(t, resource.TestCase{ + PreCheck: func() { + if errObjectAcl != nil { + panic(errObjectAcl) + } + testAccPreCheck(t) + }, + Providers: testAccProviders, + CheckDestroy: testAccStorageObjectAccessControlDestroy, + Steps: []resource.TestStep{ + { + Config: testGoogleStorageObjectAccessControlBasic(bucketName, objectName, "READER", "allUsers"), + }, + { + ResourceName: "google_storage_object_access_control.default", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testGoogleStorageObjectAccessControlBasic(bucketName, objectName, "OWNER", "allUsers"), + }, + { + ResourceName: "google_storage_object_access_control.default", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccStorageObjectAccessControlDestroy(s *terraform.State) error { + config := testAccProvider.Meta().(*Config) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "google_storage_bucket_acl" { + continue + } + + bucket := rs.Primary.Attributes["bucket"] + object := rs.Primary.Attributes["object"] + entity := rs.Primary.Attributes["entity"] + + rePairs, err := config.clientStorage.ObjectAccessControls.List(bucket, object).Do() + if err != nil { + return fmt.Errorf("Can't list role entity acl for object %s in bucket %s", object, bucket) + } + + for _, v := range rePairs.Items { + if v.Entity == entity { + return fmt.Errorf("found entity %s as role entity acl entry for object %s in bucket %s", entity, object, bucket) + } + } + + } + + return nil +} + +func testGoogleStorageObjectAccessControlBasic(bucketName, objectName, role, entity string) string { + return fmt.Sprintf(` +resource "google_storage_bucket" "bucket" { + name = "%s" +} + +resource "google_storage_bucket_object" "object" { + name = "%s" + bucket = "${google_storage_bucket.bucket.name}" + source = "%s" +} + +resource "google_storage_object_access_control" "default" { + object = "${google_storage_bucket_object.object.name}" + bucket = "${google_storage_bucket.bucket.name}" + role = "%s" + entity = "%s" +} +`, bucketName, objectName, tfObjectAcl.Name(), role, entity) +} diff --git a/google/test-fixtures/header-logo.png b/google/test-fixtures/header-logo.png new file mode 100644 index 00000000..7d65c7a1 Binary files /dev/null and b/google/test-fixtures/header-logo.png differ diff --git a/website/docs/r/storage_default_object_access_control.html.markdown b/website/docs/r/storage_default_object_access_control.html.markdown new file mode 100644 index 00000000..17881b23 --- /dev/null +++ b/website/docs/r/storage_default_object_access_control.html.markdown @@ -0,0 +1,139 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +layout: "google" +page_title: "Google: google_storage_default_object_access_control" +sidebar_current: "docs-google-storage-default-object-access-control" +description: |- + The DefaultObjectAccessControls resources represent the Access Control + Lists (ACLs) applied to a new object within a Google Cloud Storage bucket + when no ACL was provided for that object. +--- + +# google\_storage\_default\_object\_access\_control + +The DefaultObjectAccessControls resources represent the Access Control +Lists (ACLs) applied to a new object within a Google Cloud Storage bucket +when no ACL was provided for that object. ACLs let you specify who has +access to your bucket contents and to what extent. + +There are two roles that can be assigned to an entity: + +READERs can get an object, though the acl property will not be revealed. +OWNERs are READERs, and they can get the acl property, update an object, +and call all objectAccessControls methods on the object. The owner of an +object is always an OWNER. +For more information, see Access Control, with the caveat that this API +uses READER and OWNER instead of READ and FULL_CONTROL. + + +To get more information about DefaultObjectAccessControl, see: + +* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls) +* How-to Guides + * [Official Documentation](https://cloud.google.com/storage/docs/access-control/create-manage-lists) + +
+ + Open in Cloud Shell + +
+## Example Usage - Storage Default Object Access Control Public + + +```hcl +resource "google_storage_default_object_access_control" "public_rule" { + bucket = "${google_storage_bucket.bucket.name}" + role = "READER" + entity = "allUsers" +} + +resource "google_storage_bucket" "bucket" { + name = "static-content-bucket" +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `bucket` - + (Required) + The name of the bucket. + +* `entity` - + (Required) + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + +* `role` - + (Required) + The access permission for the entity. + + +- - - + + +* `object` - + (Optional) + The name of the object, if applied to an object. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + + +* `domain` - + The domain associated with the entity. + +* `email` - + The email address associated with the entity. + +* `entity_id` - + The ID for the entity + +* `generation` - + The content generation of the object, if applied to an object. + +* `project_team` - + The project team associated with the entity Structure is documented below. + + +The `project_team` block contains: + +* `project_number` - + (Optional) + The project team associated with the entity + +* `team` - + (Optional) + The team. + + +## Import + +DefaultObjectAccessControl can be imported using any of these accepted formats: + +``` +$ terraform import google_storage_default_object_access_control.default {{bucket}}/{{entity}} +``` diff --git a/website/docs/r/storage_default_object_acl.html.markdown b/website/docs/r/storage_default_object_acl.html.markdown index 9295575f..413715d3 100644 --- a/website/docs/r/storage_default_object_acl.html.markdown +++ b/website/docs/r/storage_default_object_acl.html.markdown @@ -14,12 +14,14 @@ without managing the bucket itself. -> Note that for each object, its creator will have the `"OWNER"` role in addition to the default ACL that has been defined. - For more information see [the official documentation](https://cloud.google.com/storage/docs/access-control/lists) and [API](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls). +-> Want fine-grained control over default object ACLs? Use `google_storage_default_object_access_control` +to control individual role entity pairs. + ## Example Usage Example creating a default object ACL on a bucket with one owner, and one reader. diff --git a/website/docs/r/storage_object_access_control.html.markdown b/website/docs/r/storage_object_access_control.html.markdown index 31faa226..a2179234 100644 --- a/website/docs/r/storage_object_access_control.html.markdown +++ b/website/docs/r/storage_object_access_control.html.markdown @@ -42,6 +42,11 @@ To get more information about ObjectAccessControl, see: * How-to Guides * [Official Documentation](https://cloud.google.com/storage/docs/access-control/create-manage-lists) +
+ + Open in Cloud Shell + +
## Example Usage - Storage Object Access Control Public Object @@ -60,7 +65,7 @@ resource "google_storage_bucket" "bucket" { resource "google_storage_bucket_object" "object" { name = "public-object" bucket = "${google_storage_bucket.bucket.name}" - source = "../static/img/header-logo.jpg" + source = "../static/img/header-logo.png" } ```