mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
URL encode GCS file names (#3381)
<!-- This change is generated by MagicModules. --> Original Author: @chrisst
This commit is contained in:
parent
63216b0c90
commit
d7f97c423d
|
@ -7,7 +7,6 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"google.golang.org/api/cloudkms/v1"
|
"google.golang.org/api/cloudkms/v1"
|
||||||
"google.golang.org/api/iam/v1"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var SharedKeyRing = "tftest-shared-keyring-1"
|
var SharedKeyRing = "tftest-shared-keyring-1"
|
||||||
|
@ -104,96 +103,3 @@ func BootstrapKMSKey(t *testing.T) bootstrappedKMS {
|
||||||
cryptoKey,
|
cryptoKey,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var serviceAccountEmail = "tf-bootstrap-service-account"
|
|
||||||
var serviceAccountDisplay = "Bootstrapped Service Account for Terraform tests"
|
|
||||||
|
|
||||||
// Some tests need a second service account, other than the test runner, to assert functionality on.
|
|
||||||
// This provides a well-known service account that can be used when dynamically creating a service
|
|
||||||
// account isn't an option.
|
|
||||||
func getOrCreateServiceAccount(config Config, project string) (*iam.ServiceAccount, error) {
|
|
||||||
name := fmt.Sprintf("projects/%s/serviceAccounts/%s@%s.iam.gserviceaccount.com", project, serviceAccountEmail, project)
|
|
||||||
log.Printf("[DEBUG] Verifying %s as bootstrapped service account.\n", name)
|
|
||||||
|
|
||||||
sa, err := config.clientIAM.Projects.ServiceAccounts.Get(name).Do()
|
|
||||||
if err != nil && !isGoogleApiErrorWithCode(err, 404) {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
if sa == nil {
|
|
||||||
log.Printf("[DEBUG] Account missing. Creating %s as bootstrapped service account.\n", name)
|
|
||||||
sa = &iam.ServiceAccount{
|
|
||||||
DisplayName: serviceAccountDisplay,
|
|
||||||
}
|
|
||||||
|
|
||||||
r := &iam.CreateServiceAccountRequest{
|
|
||||||
AccountId: serviceAccountEmail,
|
|
||||||
ServiceAccount: sa,
|
|
||||||
}
|
|
||||||
sa, err = config.clientIAM.Projects.ServiceAccounts.Create("projects/"+project, r).Do()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return sa, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// In order to test impersonation we need to grant the testRunner's account the ability to grant tokens
|
|
||||||
// on a different service account. Granting permissions takes time and there is no operation to wait on
|
|
||||||
// so instead this creates a single service account once per test-suite with the correct permissions.
|
|
||||||
// The first time this test is run it will fail, but subsequent runs will succeed.
|
|
||||||
func impersonationServiceAccountPermissions(config Config, sa *iam.ServiceAccount, testRunner string) error {
|
|
||||||
log.Printf("[DEBUG] Setting service account permissions.\n")
|
|
||||||
policy := iam.Policy{
|
|
||||||
Bindings: []*iam.Binding{},
|
|
||||||
}
|
|
||||||
|
|
||||||
binding := &iam.Binding{
|
|
||||||
Role: "roles/iam.serviceAccountTokenCreator",
|
|
||||||
Members: []string{"serviceAccount:" + sa.Email, "serviceAccount:" + testRunner},
|
|
||||||
}
|
|
||||||
policy.Bindings = append(policy.Bindings, binding)
|
|
||||||
|
|
||||||
// Overwrite the roles each time on this service account. This is because this account is
|
|
||||||
// only created for the test suite and will stop snowflaking of permissions to get tests
|
|
||||||
// to run. Overwriting permissions on 1 service account shouldn't affect others.
|
|
||||||
_, err := config.clientIAM.Projects.ServiceAccounts.SetIamPolicy(sa.Name, &iam.SetIamPolicyRequest{
|
|
||||||
Policy: &policy,
|
|
||||||
}).Do()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func BootstrapServiceAccount(t *testing.T, project, testRunner string) string {
|
|
||||||
if v := os.Getenv("TF_ACC"); v == "" {
|
|
||||||
log.Println("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
config := Config{
|
|
||||||
Credentials: getTestCredsFromEnv(),
|
|
||||||
Project: getTestProjectFromEnv(),
|
|
||||||
Region: getTestRegionFromEnv(),
|
|
||||||
Zone: getTestZoneFromEnv(),
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := config.LoadAndValidate(); err != nil {
|
|
||||||
t.Fatalf("Bootstrapping failed. Unable to load test config: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
sa, err := getOrCreateServiceAccount(config, project)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Bootstrapping failed. Cannot retrieve service account, %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
err = impersonationServiceAccountPermissions(config, sa, testRunner)
|
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Bootstrapping failed. Cannot set service account permissions, %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return sa.Email
|
|
||||||
}
|
|
||||||
|
|
|
@ -30,8 +30,8 @@ func TestAccDataSourceGoogleServiceAccountAccessToken_basic(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
resourceName := "data.google_service_account_access_token.default"
|
resourceName := "data.google_service_account_access_token.default"
|
||||||
serviceAccount := getTestServiceAccountFromEnv(t)
|
|
||||||
targetServiceAccountEmail := BootstrapServiceAccount(t, getTestProjectFromEnv(), serviceAccount)
|
targetServiceAccountEmail := getTestServiceAccountFromEnv(t)
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
|
|
@ -2,6 +2,8 @@ package google
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
)
|
)
|
||||||
|
@ -24,6 +26,12 @@ func dataSourceGoogleStorageBucketObjectRead(d *schema.ResourceData, meta interf
|
||||||
bucket := d.Get("bucket").(string)
|
bucket := d.Get("bucket").(string)
|
||||||
name := d.Get("name").(string)
|
name := d.Get("name").(string)
|
||||||
|
|
||||||
|
// URL encode folder names, but to ensure backward compatibility don't url encode
|
||||||
|
// them if they were already encoded manually in config.
|
||||||
|
// see https://github.com/terraform-providers/terraform-provider-google/issues/3176
|
||||||
|
if strings.Contains(name, "/") {
|
||||||
|
name = url.QueryEscape(name)
|
||||||
|
}
|
||||||
// Using REST apis because the storage go client doesn't support folders
|
// Using REST apis because the storage go client doesn't support folders
|
||||||
url := fmt.Sprintf("https://www.googleapis.com/storage/v1/b/%s/o/%s", bucket, name)
|
url := fmt.Sprintf("https://www.googleapis.com/storage/v1/b/%s/o/%s", bucket, name)
|
||||||
|
|
||||||
|
|
|
@ -189,6 +189,7 @@ resource "google_compute_attached_disk" "test" {
|
||||||
resource "google_compute_region_disk" "region" {
|
resource "google_compute_region_disk" "region" {
|
||||||
name = "%s"
|
name = "%s"
|
||||||
region = "us-central1"
|
region = "us-central1"
|
||||||
|
size = 10
|
||||||
replica_zones = ["us-central1-b", "us-central1-a"]
|
replica_zones = ["us-central1-b", "us-central1-a"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user