mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-05 17:52:38 +00:00
Generate DefaultObjectAccessControl in Terraform (#2358)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
161bbe3ecf
commit
8f6ddefe4f
|
@ -17,5 +17,6 @@ package google
|
|||
import "github.com/hashicorp/terraform/helper/schema"
|
||||
|
||||
var GeneratedStorageResourcesMap = map[string]*schema.Resource{
|
||||
"google_storage_object_access_control": resourceStorageObjectAccessControl(),
|
||||
"google_storage_object_access_control": resourceStorageObjectAccessControl(),
|
||||
"google_storage_default_object_access_control": resourceStorageDefaultObjectAccessControl(),
|
||||
}
|
||||
|
|
333
google/resource_storage_default_object_access_control.go
Normal file
333
google/resource_storage_default_object_access_control.go
Normal file
|
@ -0,0 +1,333 @@
|
|||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// This file is automatically generated by Magic Modules and manual
|
||||
// changes will be clobbered when the file is regenerated.
|
||||
//
|
||||
// Please read more about how to change this file in
|
||||
// .github/CONTRIBUTING.md.
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"reflect"
|
||||
"strconv"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
"github.com/hashicorp/terraform/helper/validation"
|
||||
)
|
||||
|
||||
func resourceStorageDefaultObjectAccessControl() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceStorageDefaultObjectAccessControlCreate,
|
||||
Read: resourceStorageDefaultObjectAccessControlRead,
|
||||
Update: resourceStorageDefaultObjectAccessControlUpdate,
|
||||
Delete: resourceStorageDefaultObjectAccessControlDelete,
|
||||
|
||||
Importer: &schema.ResourceImporter{
|
||||
State: resourceStorageDefaultObjectAccessControlImport,
|
||||
},
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"bucket": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
DiffSuppressFunc: compareSelfLinkOrResourceName,
|
||||
},
|
||||
"entity": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"role": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ValidateFunc: validation.StringInSlice([]string{"OWNER", "READER"}, false),
|
||||
},
|
||||
"object": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"domain": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"email": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"entity_id": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"generation": {
|
||||
Type: schema.TypeInt,
|
||||
Computed: true,
|
||||
},
|
||||
"project_team": {
|
||||
Type: schema.TypeList,
|
||||
Computed: true,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"project_number": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"team": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ValidateFunc: validation.StringInSlice([]string{"editors", "owners", "viewers", ""}, false),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceStorageDefaultObjectAccessControlCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
|
||||
obj := make(map[string]interface{})
|
||||
bucketProp, err := expandStorageDefaultObjectAccessControlBucket(d.Get("bucket"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("bucket"); !isEmptyValue(reflect.ValueOf(bucketProp)) && (ok || !reflect.DeepEqual(v, bucketProp)) {
|
||||
obj["bucket"] = bucketProp
|
||||
}
|
||||
entityProp, err := expandStorageDefaultObjectAccessControlEntity(d.Get("entity"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("entity"); !isEmptyValue(reflect.ValueOf(entityProp)) && (ok || !reflect.DeepEqual(v, entityProp)) {
|
||||
obj["entity"] = entityProp
|
||||
}
|
||||
objectProp, err := expandStorageDefaultObjectAccessControlObject(d.Get("object"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("object"); !isEmptyValue(reflect.ValueOf(objectProp)) && (ok || !reflect.DeepEqual(v, objectProp)) {
|
||||
obj["object"] = objectProp
|
||||
}
|
||||
roleProp, err := expandStorageDefaultObjectAccessControlRole(d.Get("role"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("role"); !isEmptyValue(reflect.ValueOf(roleProp)) && (ok || !reflect.DeepEqual(v, roleProp)) {
|
||||
obj["role"] = roleProp
|
||||
}
|
||||
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] Creating new DefaultObjectAccessControl: %#v", obj)
|
||||
res, err := sendRequest(config, "POST", url, obj)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
|
||||
// Store the ID now
|
||||
id, err := replaceVars(d, config, "{{bucket}}/{{entity}}")
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error constructing id: %s", err)
|
||||
}
|
||||
d.SetId(id)
|
||||
|
||||
log.Printf("[DEBUG] Finished creating DefaultObjectAccessControl %q: %#v", d.Id(), res)
|
||||
|
||||
return resourceStorageDefaultObjectAccessControlRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceStorageDefaultObjectAccessControlRead(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
res, err := sendRequest(config, "GET", url, nil)
|
||||
if err != nil {
|
||||
return handleNotFoundError(err, d, fmt.Sprintf("StorageDefaultObjectAccessControl %q", d.Id()))
|
||||
}
|
||||
|
||||
if err := d.Set("domain", flattenStorageDefaultObjectAccessControlDomain(res["domain"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("email", flattenStorageDefaultObjectAccessControlEmail(res["email"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("entity", flattenStorageDefaultObjectAccessControlEntity(res["entity"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("entity_id", flattenStorageDefaultObjectAccessControlEntityId(res["entityId"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("generation", flattenStorageDefaultObjectAccessControlGeneration(res["generation"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("object", flattenStorageDefaultObjectAccessControlObject(res["object"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("project_team", flattenStorageDefaultObjectAccessControlProjectTeam(res["projectTeam"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
if err := d.Set("role", flattenStorageDefaultObjectAccessControlRole(res["role"])); err != nil {
|
||||
return fmt.Errorf("Error reading DefaultObjectAccessControl: %s", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceStorageDefaultObjectAccessControlUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
|
||||
obj := make(map[string]interface{})
|
||||
bucketProp, err := expandStorageDefaultObjectAccessControlBucket(d.Get("bucket"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("bucket"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, bucketProp)) {
|
||||
obj["bucket"] = bucketProp
|
||||
}
|
||||
entityProp, err := expandStorageDefaultObjectAccessControlEntity(d.Get("entity"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("entity"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, entityProp)) {
|
||||
obj["entity"] = entityProp
|
||||
}
|
||||
objectProp, err := expandStorageDefaultObjectAccessControlObject(d.Get("object"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("object"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, objectProp)) {
|
||||
obj["object"] = objectProp
|
||||
}
|
||||
roleProp, err := expandStorageDefaultObjectAccessControlRole(d.Get("role"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
} else if v, ok := d.GetOkExists("role"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, roleProp)) {
|
||||
obj["role"] = roleProp
|
||||
}
|
||||
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] Updating DefaultObjectAccessControl %q: %#v", d.Id(), obj)
|
||||
_, err = sendRequest(config, "PUT", url, obj)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error updating DefaultObjectAccessControl %q: %s", d.Id(), err)
|
||||
}
|
||||
|
||||
return resourceStorageDefaultObjectAccessControlRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceStorageDefaultObjectAccessControlDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var obj map[string]interface{}
|
||||
log.Printf("[DEBUG] Deleting DefaultObjectAccessControl %q", d.Id())
|
||||
res, err := sendRequest(config, "DELETE", url, obj)
|
||||
if err != nil {
|
||||
return handleNotFoundError(err, d, "DefaultObjectAccessControl")
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] Finished deleting DefaultObjectAccessControl %q: %#v", d.Id(), res)
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceStorageDefaultObjectAccessControlImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
|
||||
config := meta.(*Config)
|
||||
parseImportId([]string{"(?P<bucket>[^/]+)/(?P<entity>[^/]+)"}, d, config)
|
||||
|
||||
// Replace import id for the resource id
|
||||
id, err := replaceVars(d, config, "{{bucket}}/{{entity}}")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error constructing id: %s", err)
|
||||
}
|
||||
d.SetId(id)
|
||||
|
||||
return []*schema.ResourceData{d}, nil
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlDomain(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlEmail(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlEntity(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlEntityId(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlGeneration(v interface{}) interface{} {
|
||||
// Handles the string fixed64 format
|
||||
if strVal, ok := v.(string); ok {
|
||||
if intVal, err := strconv.ParseInt(strVal, 10, 64); err == nil {
|
||||
return intVal
|
||||
} // let terraform core handle it if we can't convert the string to an int.
|
||||
}
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlObject(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlProjectTeam(v interface{}) interface{} {
|
||||
if v == nil {
|
||||
return nil
|
||||
}
|
||||
original := v.(map[string]interface{})
|
||||
transformed := make(map[string]interface{})
|
||||
transformed["project_number"] =
|
||||
flattenStorageDefaultObjectAccessControlProjectTeamProjectNumber(original["projectNumber"])
|
||||
transformed["team"] =
|
||||
flattenStorageDefaultObjectAccessControlProjectTeamTeam(original["team"])
|
||||
return []interface{}{transformed}
|
||||
}
|
||||
func flattenStorageDefaultObjectAccessControlProjectTeamProjectNumber(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlProjectTeamTeam(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenStorageDefaultObjectAccessControlRole(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func expandStorageDefaultObjectAccessControlBucket(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandStorageDefaultObjectAccessControlEntity(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandStorageDefaultObjectAccessControlObject(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandStorageDefaultObjectAccessControlRole(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
|
@ -0,0 +1,82 @@
|
|||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// This file is automatically generated by Magic Modules and manual
|
||||
// changes will be clobbered when the file is regenerated.
|
||||
//
|
||||
// Please read more about how to change this file in
|
||||
// .github/CONTRIBUTING.md.
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/acctest"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccStorageDefaultObjectAccessControl_StorageDefaultObjectAccessControlPublicExample(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckStorageDefaultObjectAccessControlDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testAccStorageDefaultObjectAccessControl_StorageDefaultObjectAccessControlPublicExample(acctest.RandString(10)),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_default_object_access_control.public_rule",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
ImportStateVerifyIgnore: []string{"bucket"},
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccStorageDefaultObjectAccessControl_StorageDefaultObjectAccessControlPublicExample(val string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_storage_default_object_access_control" "public_rule" {
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
role = "READER"
|
||||
entity = "allUsers"
|
||||
}
|
||||
|
||||
resource "google_storage_bucket" "bucket" {
|
||||
name = "static-content-bucket-%s"
|
||||
}
|
||||
`, val,
|
||||
)
|
||||
}
|
||||
|
||||
func testAccCheckStorageDefaultObjectAccessControlDestroy(s *terraform.State) error {
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "google_storage_default_object_access_control" {
|
||||
continue
|
||||
}
|
||||
|
||||
config := testAccProvider.Meta().(*Config)
|
||||
|
||||
url, err := replaceVarsForTest(rs, "https://www.googleapis.com/storage/v1/b/{{bucket}}/defaultObjectAcl/{{entity}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
_, err = sendRequest(config, "GET", url, nil)
|
||||
if err == nil {
|
||||
return fmt.Errorf("StorageDefaultObjectAccessControl still exists at %s", url)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
110
google/resource_storage_default_object_access_control_test.go
Normal file
110
google/resource_storage_default_object_access_control_test.go
Normal file
|
@ -0,0 +1,110 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccStorageDefaultObjectAccessControl_basic(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
bucketName := testBucketName()
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() {
|
||||
if errObjectAcl != nil {
|
||||
panic(errObjectAcl)
|
||||
}
|
||||
testAccPreCheck(t)
|
||||
},
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccStorageDefaultObjectAccessControlDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "READER", "allUsers"),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_default_object_access_control.default",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccStorageDefaultObjectAccessControl_update(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
bucketName := testBucketName()
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() {
|
||||
if errObjectAcl != nil {
|
||||
panic(errObjectAcl)
|
||||
}
|
||||
testAccPreCheck(t)
|
||||
},
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccStorageDefaultObjectAccessControlDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "READER", "allUsers"),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_default_object_access_control.default",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
{
|
||||
Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "OWNER", "allUsers"),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_default_object_access_control.default",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccStorageDefaultObjectAccessControlDestroy(s *terraform.State) error {
|
||||
config := testAccProvider.Meta().(*Config)
|
||||
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "google_storage_bucket_acl" {
|
||||
continue
|
||||
}
|
||||
|
||||
bucket := rs.Primary.Attributes["bucket"]
|
||||
entity := rs.Primary.Attributes["entity"]
|
||||
|
||||
rePairs, err := config.clientStorage.DefaultObjectAccessControls.List(bucket).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Can't list role entity acl for bucket %s", bucket)
|
||||
}
|
||||
|
||||
for _, v := range rePairs.Items {
|
||||
if v.Entity == entity {
|
||||
return fmt.Errorf("found entity %s as role entity acl entry in bucket %s", entity, bucket)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func testGoogleStorageDefaultObjectAccessControlBasic(bucketName, role, entity string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_storage_bucket" "bucket" {
|
||||
name = "%s"
|
||||
}
|
||||
|
||||
resource "google_storage_default_object_access_control" "default" {
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
role = "%s"
|
||||
entity = "%s"
|
||||
}
|
||||
`, bucketName, role, entity)
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// This file is automatically generated by Magic Modules and manual
|
||||
// changes will be clobbered when the file is regenerated.
|
||||
//
|
||||
// Please read more about how to change this file in
|
||||
// .github/CONTRIBUTING.md.
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/acctest"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccStorageObjectAccessControl_StorageObjectAccessControlPublicObjectExample(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckStorageObjectAccessControlDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testAccStorageObjectAccessControl_StorageObjectAccessControlPublicObjectExample(acctest.RandString(10)),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_object_access_control.public_rule",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccStorageObjectAccessControl_StorageObjectAccessControlPublicObjectExample(val string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_storage_object_access_control" "public_rule" {
|
||||
object = "${google_storage_bucket_object.object.name}"
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
role = "READER"
|
||||
entity = "allUsers"
|
||||
}
|
||||
|
||||
resource "google_storage_bucket" "bucket" {
|
||||
name = "static-content-bucket-%s"
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_object" "object" {
|
||||
name = "public-object-%s"
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
source = "test-fixtures/header-logo.png"
|
||||
}
|
||||
`, val, val,
|
||||
)
|
||||
}
|
||||
|
||||
func testAccCheckStorageObjectAccessControlDestroy(s *terraform.State) error {
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "google_storage_object_access_control" {
|
||||
continue
|
||||
}
|
||||
|
||||
config := testAccProvider.Meta().(*Config)
|
||||
|
||||
url, err := replaceVarsForTest(rs, "https://www.googleapis.com/storage/v1/b/{{bucket}}/o/{{object}}/acl/{{entity}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
_, err = sendRequest(config, "GET", url, nil)
|
||||
if err == nil {
|
||||
return fmt.Errorf("StorageObjectAccessControl still exists at %s", url)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
125
google/resource_storage_object_access_control_test.go
Normal file
125
google/resource_storage_object_access_control_test.go
Normal file
|
@ -0,0 +1,125 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccStorageObjectAccessControl_basic(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
bucketName := testBucketName()
|
||||
objectName := testAclObjectName()
|
||||
objectData := []byte("data data data")
|
||||
ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644)
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() {
|
||||
if errObjectAcl != nil {
|
||||
panic(errObjectAcl)
|
||||
}
|
||||
testAccPreCheck(t)
|
||||
},
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccStorageObjectAccessControlDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testGoogleStorageObjectAccessControlBasic(bucketName, objectName, "READER", "allUsers"),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_object_access_control.default",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccStorageObjectAccessControl_update(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
bucketName := testBucketName()
|
||||
objectName := testAclObjectName()
|
||||
objectData := []byte("data data data")
|
||||
ioutil.WriteFile(tfObjectAcl.Name(), objectData, 0644)
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() {
|
||||
if errObjectAcl != nil {
|
||||
panic(errObjectAcl)
|
||||
}
|
||||
testAccPreCheck(t)
|
||||
},
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccStorageObjectAccessControlDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testGoogleStorageObjectAccessControlBasic(bucketName, objectName, "READER", "allUsers"),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_object_access_control.default",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
{
|
||||
Config: testGoogleStorageObjectAccessControlBasic(bucketName, objectName, "OWNER", "allUsers"),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_storage_object_access_control.default",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccStorageObjectAccessControlDestroy(s *terraform.State) error {
|
||||
config := testAccProvider.Meta().(*Config)
|
||||
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "google_storage_bucket_acl" {
|
||||
continue
|
||||
}
|
||||
|
||||
bucket := rs.Primary.Attributes["bucket"]
|
||||
object := rs.Primary.Attributes["object"]
|
||||
entity := rs.Primary.Attributes["entity"]
|
||||
|
||||
rePairs, err := config.clientStorage.ObjectAccessControls.List(bucket, object).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Can't list role entity acl for object %s in bucket %s", object, bucket)
|
||||
}
|
||||
|
||||
for _, v := range rePairs.Items {
|
||||
if v.Entity == entity {
|
||||
return fmt.Errorf("found entity %s as role entity acl entry for object %s in bucket %s", entity, object, bucket)
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func testGoogleStorageObjectAccessControlBasic(bucketName, objectName, role, entity string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_storage_bucket" "bucket" {
|
||||
name = "%s"
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_object" "object" {
|
||||
name = "%s"
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
source = "%s"
|
||||
}
|
||||
|
||||
resource "google_storage_object_access_control" "default" {
|
||||
object = "${google_storage_bucket_object.object.name}"
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
role = "%s"
|
||||
entity = "%s"
|
||||
}
|
||||
`, bucketName, objectName, tfObjectAcl.Name(), role, entity)
|
||||
}
|
BIN
google/test-fixtures/header-logo.png
Normal file
BIN
google/test-fixtures/header-logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 3.3 KiB |
|
@ -0,0 +1,139 @@
|
|||
---
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# This file is automatically generated by Magic Modules and manual
|
||||
# changes will be clobbered when the file is regenerated.
|
||||
#
|
||||
# Please read more about how to change this file in
|
||||
# .github/CONTRIBUTING.md.
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
layout: "google"
|
||||
page_title: "Google: google_storage_default_object_access_control"
|
||||
sidebar_current: "docs-google-storage-default-object-access-control"
|
||||
description: |-
|
||||
The DefaultObjectAccessControls resources represent the Access Control
|
||||
Lists (ACLs) applied to a new object within a Google Cloud Storage bucket
|
||||
when no ACL was provided for that object.
|
||||
---
|
||||
|
||||
# google\_storage\_default\_object\_access\_control
|
||||
|
||||
The DefaultObjectAccessControls resources represent the Access Control
|
||||
Lists (ACLs) applied to a new object within a Google Cloud Storage bucket
|
||||
when no ACL was provided for that object. ACLs let you specify who has
|
||||
access to your bucket contents and to what extent.
|
||||
|
||||
There are two roles that can be assigned to an entity:
|
||||
|
||||
READERs can get an object, though the acl property will not be revealed.
|
||||
OWNERs are READERs, and they can get the acl property, update an object,
|
||||
and call all objectAccessControls methods on the object. The owner of an
|
||||
object is always an OWNER.
|
||||
For more information, see Access Control, with the caveat that this API
|
||||
uses READER and OWNER instead of READ and FULL_CONTROL.
|
||||
|
||||
|
||||
To get more information about DefaultObjectAccessControl, see:
|
||||
|
||||
* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls)
|
||||
* How-to Guides
|
||||
* [Official Documentation](https://cloud.google.com/storage/docs/access-control/create-manage-lists)
|
||||
|
||||
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
|
||||
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=storage_default_object_access_control_public&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
|
||||
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
|
||||
</a>
|
||||
</div>
|
||||
## Example Usage - Storage Default Object Access Control Public
|
||||
|
||||
|
||||
```hcl
|
||||
resource "google_storage_default_object_access_control" "public_rule" {
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
role = "READER"
|
||||
entity = "allUsers"
|
||||
}
|
||||
|
||||
resource "google_storage_bucket" "bucket" {
|
||||
name = "static-content-bucket"
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
|
||||
* `bucket` -
|
||||
(Required)
|
||||
The name of the bucket.
|
||||
|
||||
* `entity` -
|
||||
(Required)
|
||||
The entity holding the permission, in one of the following forms:
|
||||
* user-{{userId}}
|
||||
* user-{{email}} (such as "user-liz@example.com")
|
||||
* group-{{groupId}}
|
||||
* group-{{email}} (such as "group-example@googlegroups.com")
|
||||
* domain-{{domain}} (such as "domain-example.com")
|
||||
* project-team-{{projectId}}
|
||||
* allUsers
|
||||
* allAuthenticatedUsers
|
||||
|
||||
* `role` -
|
||||
(Required)
|
||||
The access permission for the entity.
|
||||
|
||||
|
||||
- - -
|
||||
|
||||
|
||||
* `object` -
|
||||
(Optional)
|
||||
The name of the object, if applied to an object.
|
||||
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
In addition to the arguments listed above, the following computed attributes are exported:
|
||||
|
||||
|
||||
* `domain` -
|
||||
The domain associated with the entity.
|
||||
|
||||
* `email` -
|
||||
The email address associated with the entity.
|
||||
|
||||
* `entity_id` -
|
||||
The ID for the entity
|
||||
|
||||
* `generation` -
|
||||
The content generation of the object, if applied to an object.
|
||||
|
||||
* `project_team` -
|
||||
The project team associated with the entity Structure is documented below.
|
||||
|
||||
|
||||
The `project_team` block contains:
|
||||
|
||||
* `project_number` -
|
||||
(Optional)
|
||||
The project team associated with the entity
|
||||
|
||||
* `team` -
|
||||
(Optional)
|
||||
The team.
|
||||
|
||||
|
||||
## Import
|
||||
|
||||
DefaultObjectAccessControl can be imported using any of these accepted formats:
|
||||
|
||||
```
|
||||
$ terraform import google_storage_default_object_access_control.default {{bucket}}/{{entity}}
|
||||
```
|
|
@ -9,10 +9,18 @@ description: |-
|
|||
# google\_storage\_default\_object\_acl
|
||||
|
||||
Creates a new default object ACL in Google Cloud Storage service (GCS). For more information see
|
||||
|
||||
-> Note that for each object, its creator will have the `"OWNER"` role in addition
|
||||
to the default ACL that has been defined.
|
||||
|
||||
For more information see
|
||||
[the official documentation](https://cloud.google.com/storage/docs/access-control/lists)
|
||||
and
|
||||
[API](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls).
|
||||
|
||||
-> Want fine-grained control over default object ACLs? Use `google_storage_default_object_access_control`
|
||||
to control individual role entity pairs.
|
||||
|
||||
## Example Usage
|
||||
|
||||
Example creating a default object ACL on a bucket with one owner, and one reader.
|
||||
|
|
|
@ -42,7 +42,12 @@ To get more information about ObjectAccessControl, see:
|
|||
* How-to Guides
|
||||
* [Official Documentation](https://cloud.google.com/storage/docs/access-control/create-manage-lists)
|
||||
|
||||
## Example Usage
|
||||
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
|
||||
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=storage_object_access_control_public_object&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
|
||||
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
|
||||
</a>
|
||||
</div>
|
||||
## Example Usage - Storage Object Access Control Public Object
|
||||
|
||||
```hcl
|
||||
resource "google_storage_object_access_control" "public_rule" {
|
||||
|
@ -59,7 +64,7 @@ resource "google_storage_bucket" "bucket" {
|
|||
resource "google_storage_bucket_object" "object" {
|
||||
name = "public-object"
|
||||
bucket = "${google_storage_bucket.bucket.name}"
|
||||
source = "../static/img/header-logo.jpg"
|
||||
source = "../static/img/header-logo.png"
|
||||
}
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user