Implemented bucket & object ACLs, as well as documentation and tests

2024-07-09 11:38:29 +00:00 · 2015-09-16 14:46:46 -04:00 · 2015-09-16 14:46:46 -04:00 · 6460d74300
commit 6460d74300
parent 326c30e6a0
4 changed files with 85 additions and 6 deletions
--- a/r/storage_bucket.html.markdown
+++ b/r/storage_bucket.html.markdown
@ -17,9 +17,8 @@ Example creating a private bucket in standard storage, in the EU region.

 ```
 resource "google_storage_bucket" "image-store" {
-    name = "image-store-bucket"
-    predefined_acl = "projectPrivate"
-    location = "EU"
+	name = "image-store-bucket"
+	location = "EU"
    website {
        main_page_suffix = "index.html"
        not_found_page = "404.html"
@ -33,7 +32,8 @@ resource "google_storage_bucket" "image-store" {
 The following arguments are supported:

 * `name` - (Required) The name of the bucket.
-* `predefined_acl` - (Optional, Default: 'private') The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply.
+* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Please switch
+to `google_storage_bucket_acl.predefined_acl`.
 * `location` - (Optional, Default: 'US') The [GCS location](https://cloud.google.com/storage/docs/bucket-locations) 
 * `force_destroy` - (Optional, Default: false) When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run. 

--- a/r/storage_bucket_acl.html.markdown
+++ b/r/storage_bucket_acl.html.markdown
@ -0,0 +1,36 @@
+---
+layout: "google"
+page_title: "Google: google_storage_bucket_acl"
+sidebar_current: "docs-google-resource-storage-acl"
+description: |-
+  Creates a new bucket ACL in Google Cloud Storage.
+---
+
+# google\_storage\_bucket\_acl
+
+Creates a new bucket ACL in Google cloud storage service(GCS). 
+
+## Example Usage
+
+Example creating an ACL on a bucket with one owner, and one reader.
+
+```
+resource "google_storage_bucket" "image-store" {
+	name = "image-store-bucket"
+	location = "EU"
+}
+
+resource "google_storage_bucket_acl" "image-store-acl" {
+    bucket = "${google_storage_bucket.image_store.name}"
+    role_entity = ["OWNER:user-my.email@gmail.com", 
+        "READER:group-mygroup"]
+}
+
+```
+
+## Argument Reference
+
+* `bucket` - (Required) The name of the bucket it applies to.
+* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if both `role_entity` and `default_acl` are not.
+* `default_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply to future buckets. Must be set both `role_entity` and `predefined_acl` are not.
+* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Bucket ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls)  for more details. Must be set if both `predefined_acl` and `default_acl` are not.
--- a/r/storage_bucket_object.html.markdown
+++ b/r/storage_bucket_object.html.markdown
@ -20,7 +20,6 @@ resource "google_storage_bucket_object" "picture" {
 	name = "butterfly01"
    source = "/images/nature/garden-tiger-moth.jpg"
    bucket = "image-store"
-	predefined_acl = "publicRead"
 }

 ```
@ -32,7 +31,8 @@ The following arguments are supported:
 * `name` - (Required) The name of the object.
 * `bucket` - (Required) The name of the containing bucket.
 * `source` - (Required) A path to the data you want to upload.
-* `predefined_acl` - (Optional, Default: 'projectPrivate') The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply.
+* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply. Please switch 
+to `google_storage_object_acl.predefined_acl`.

 ## Attributes Reference

--- a/r/storage_object_acl.html.markdown
+++ b/r/storage_object_acl.html.markdown
@ -0,0 +1,43 @@
+---
+layout: "google"
+page_title: "Google: google_storage_object_acl"
+sidebar_current: "docs-google-resource-storage-acl"
+description: |-
+  Creates a new object ACL in Google Cloud Storage.
+---
+
+# google\_storage\_object\_acl
+
+Creates a new object ACL in Google cloud storage service (GCS)
+
+## Example Usage
+
+Create an object ACL with one owner and one reader.
+
+```
+resource "google_storage_bucket" "image-store" {
+	name = "image-store-bucket"
+	location = "EU"
+}
+
+resource "google_storage_bucket_object" "image" {
+	name = "image1"
+    bucket = "${google_storage_bucket.name}"
+    source = "image1.jpg"
+}
+
+resource "google_storage_object_acl" "image-store-acl" {
+    bucket = "${google_storage_bucket.image_store.name}"
+    object = "${google_storage_bucket_object.image_store.name}"
+    role_entity = ["OWNER:user-my.email@gmail.com",
+        "READER:group-mygroup"]
+}
+
+```
+
+## Argument Reference
+
+* `bucket` - (Required) The name of the bucket it applies to.
+* `object` - (Required) The name of the object it applies to.
+* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `role_entity` is not.
+* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. Must be set if `predefined_acl` is not.