mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
Fix storage notification tests (#1913)
* Update google_storage_project_service_account to mirror API. * Fix storage notifications test, clarify docs.
This commit is contained in:
parent
35ab6d1671
commit
fbad37ebff
|
@ -14,6 +14,15 @@ func dataSourceGoogleStorageProjectServiceAccount() *schema.Resource {
|
||||||
Optional: true,
|
Optional: true,
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
},
|
},
|
||||||
|
"user_project": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
ForceNew: true,
|
||||||
|
},
|
||||||
|
"email_address": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -26,12 +35,19 @@ func dataSourceGoogleStorageProjectServiceAccountRead(d *schema.ResourceData, me
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
serviceAccount, err := config.clientStorage.Projects.ServiceAccount.Get(project).Do()
|
serviceAccountGetRequest := config.clientStorage.Projects.ServiceAccount.Get(project)
|
||||||
|
|
||||||
|
if v, ok := d.GetOk("user_project"); ok {
|
||||||
|
serviceAccountGetRequest = serviceAccountGetRequest.UserProject(v.(string))
|
||||||
|
}
|
||||||
|
|
||||||
|
serviceAccount, err := serviceAccountGetRequest.Do()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return handleNotFoundError(err, d, "GCS service account not found")
|
return handleNotFoundError(err, d, "GCS service account not found")
|
||||||
}
|
}
|
||||||
|
|
||||||
d.Set("project", project)
|
d.Set("project", project)
|
||||||
|
d.Set("email_address", serviceAccount.EmailAddress)
|
||||||
|
|
||||||
d.SetId(serviceAccount.EmailAddress)
|
d.SetId(serviceAccount.EmailAddress)
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ func TestAccDataSourceGoogleStorageProjectServiceAccount_basic(t *testing.T) {
|
||||||
{
|
{
|
||||||
Config: testAccCheckGoogleStorageProjectServiceAccount_basic,
|
Config: testAccCheckGoogleStorageProjectServiceAccount_basic,
|
||||||
Check: resource.ComposeTestCheckFunc(
|
Check: resource.ComposeTestCheckFunc(
|
||||||
resource.TestCheckResourceAttrSet(resourceName, "id"),
|
resource.TestCheckResourceAttrSet(resourceName, "email_address"),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -26,5 +26,6 @@ func TestAccDataSourceGoogleStorageProjectServiceAccount_basic(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const testAccCheckGoogleStorageProjectServiceAccount_basic = `
|
const testAccCheckGoogleStorageProjectServiceAccount_basic = `
|
||||||
data "google_storage_project_service_account" "gcs_account" { }
|
data "google_storage_project_service_account" "gcs_account" {
|
||||||
|
}
|
||||||
`
|
`
|
||||||
|
|
|
@ -13,8 +13,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
gcsServiceAccount = fmt.Sprintf("serviceAccount:%s@gs-project-accounts.iam.gserviceaccount.com", os.Getenv("GOOGLE_PROJECT"))
|
payload = "JSON_API_V1"
|
||||||
payload = "JSON_API_V1"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestAccStorageNotification_basic(t *testing.T) {
|
func TestAccStorageNotification_basic(t *testing.T) {
|
||||||
|
@ -185,14 +184,17 @@ resource "google_storage_bucket" "bucket" {
|
||||||
resource "google_pubsub_topic" "topic" {
|
resource "google_pubsub_topic" "topic" {
|
||||||
name = "%s"
|
name = "%s"
|
||||||
}
|
}
|
||||||
|
|
||||||
// We have to provide GCS default storage account with the permission
|
// We have to provide GCS default storage account with the permission
|
||||||
// to publish to a Cloud Pub/Sub topic from this project
|
// to publish to a Cloud Pub/Sub topic from this project
|
||||||
// Otherwise notification configuration won't work
|
// Otherwise notification configuration won't work
|
||||||
|
data "google_storage_project_service_account" "gcs_account" {}
|
||||||
|
|
||||||
resource "google_pubsub_topic_iam_binding" "binding" {
|
resource "google_pubsub_topic_iam_binding" "binding" {
|
||||||
topic = "${google_pubsub_topic.topic.name}"
|
topic = "${google_pubsub_topic.topic.name}"
|
||||||
role = "roles/pubsub.publisher"
|
role = "roles/pubsub.publisher"
|
||||||
|
|
||||||
members = ["%s"]
|
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_storage_notification" "notification" {
|
resource "google_storage_notification" "notification" {
|
||||||
|
@ -210,7 +212,7 @@ resource "google_storage_notification" "notification_with_prefix" {
|
||||||
depends_on = ["google_pubsub_topic_iam_binding.binding"]
|
depends_on = ["google_pubsub_topic_iam_binding.binding"]
|
||||||
}
|
}
|
||||||
|
|
||||||
`, bucketName, topicName, gcsServiceAccount)
|
`, bucketName, topicName)
|
||||||
}
|
}
|
||||||
|
|
||||||
func testGoogleStorageNotificationOptionalEventsAttributes(bucketName, topicName, topic, eventType1, eventType2 string) string {
|
func testGoogleStorageNotificationOptionalEventsAttributes(bucketName, topicName, topic, eventType1, eventType2 string) string {
|
||||||
|
@ -222,14 +224,17 @@ resource "google_storage_bucket" "bucket" {
|
||||||
resource "google_pubsub_topic" "topic" {
|
resource "google_pubsub_topic" "topic" {
|
||||||
name = "%s"
|
name = "%s"
|
||||||
}
|
}
|
||||||
|
|
||||||
// We have to provide GCS default storage account with the permission
|
// We have to provide GCS default storage account with the permission
|
||||||
// to publish to a Cloud Pub/Sub topic from this project
|
// to publish to a Cloud Pub/Sub topic from this project
|
||||||
// Otherwise notification configuration won't work
|
// Otherwise notification configuration won't work
|
||||||
|
data "google_storage_project_service_account" "gcs_account" {}
|
||||||
|
|
||||||
resource "google_pubsub_topic_iam_binding" "binding" {
|
resource "google_pubsub_topic_iam_binding" "binding" {
|
||||||
topic = "${google_pubsub_topic.topic.name}"
|
topic = "${google_pubsub_topic.topic.name}"
|
||||||
role = "roles/pubsub.publisher"
|
role = "roles/pubsub.publisher"
|
||||||
|
|
||||||
members = ["%s"]
|
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_storage_notification" "notification" {
|
resource "google_storage_notification" "notification" {
|
||||||
|
@ -243,5 +248,5 @@ resource "google_storage_notification" "notification" {
|
||||||
depends_on = ["google_pubsub_topic_iam_binding.binding"]
|
depends_on = ["google_pubsub_topic_iam_binding.binding"]
|
||||||
}
|
}
|
||||||
|
|
||||||
`, bucketName, topicName, gcsServiceAccount, eventType1, eventType2)
|
`, bucketName, topicName, eventType1, eventType2)
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,9 +8,13 @@ description: |-
|
||||||
|
|
||||||
# google\_storage\_project\_service\_account
|
# google\_storage\_project\_service\_account
|
||||||
|
|
||||||
Use this data source to get the email address of the project's Google Cloud Storage service account.
|
Get the email address of a project's unique Google Cloud Storage service account.
|
||||||
For more information see
|
|
||||||
[API](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount).
|
Each Google Cloud project has a unique service account for use with Google Cloud Storage. Only this
|
||||||
|
special service account can be used to set up `google_storage_notification` resources.
|
||||||
|
|
||||||
|
For more information see
|
||||||
|
[the API reference](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount).
|
||||||
|
|
||||||
## Example Usage
|
## Example Usage
|
||||||
|
|
||||||
|
@ -21,7 +25,7 @@ resource "google_pubsub_topic_iam_binding" "binding" {
|
||||||
topic = "${google_pubsub_topic.topic.name}"
|
topic = "${google_pubsub_topic.topic.name}"
|
||||||
role = "roles/pubsub.publisher"
|
role = "roles/pubsub.publisher"
|
||||||
|
|
||||||
members = ["${data.google_storage_project_service_account.gcs_account.id}"]
|
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -29,10 +33,14 @@ resource "google_pubsub_topic_iam_binding" "binding" {
|
||||||
|
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `project` - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.
|
* `project` - (Optional) The project the unique service account was created for. If it is not provided, the provider project is used.
|
||||||
|
|
||||||
|
* `user_project` - (Optional) The project the lookup originates from. This field is used if you are making the request
|
||||||
|
from a different account than the one you are finding the service account for.
|
||||||
|
|
||||||
## Attributes Reference
|
## Attributes Reference
|
||||||
|
|
||||||
The following attributes are exported:
|
The following attributes are exported:
|
||||||
|
|
||||||
* `id` - The ID of the service account, which is its email address
|
* `email_address` - The email address of the service account. This value is often used to refer to the service account
|
||||||
|
in order to grant IAM permissions.
|
||||||
|
|
|
@ -14,29 +14,15 @@ Creates a new notification configuration on a specified bucket, establishing a f
|
||||||
and
|
and
|
||||||
[API](https://cloud.google.com/storage/docs/json_api/v1/notifications).
|
[API](https://cloud.google.com/storage/docs/json_api/v1/notifications).
|
||||||
|
|
||||||
|
In order to enable notifications, a special Google Cloud Storage service account unique to the project
|
||||||
|
must have the IAM permission "projects.topics.publish" for a Cloud Pub/Sub topic in the project. To get the service
|
||||||
|
account's email address, use the `google_storage_project_service_account` datasource's `email_address` value, and see below
|
||||||
|
for an example of enabling notifications by granting the correct IAM permission. See
|
||||||
|
[the notifications documentation](https://cloud.google.com/storage/docs/gsutil/commands/notification) for more details.
|
||||||
|
|
||||||
## Example Usage
|
## Example Usage
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
data "google_storage_project_service_account" "gs_account" {}
|
|
||||||
|
|
||||||
resource "google_storage_bucket" "bucket" {
|
|
||||||
name = "default_bucket"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_pubsub_topic" "topic" {
|
|
||||||
name = "default_topic"
|
|
||||||
}
|
|
||||||
|
|
||||||
// In order to enable notifications, the Google Cloud Storage service account unique to each project
|
|
||||||
// must have the IAM permission "projects.topics.publish" to a Cloud Pub/Sub topic from this project.
|
|
||||||
// https://cloud.google.com/storage/docs/gsutil/commands/notification
|
|
||||||
|
|
||||||
resource "google_pubsub_topic_iam_binding" "binding" {
|
|
||||||
topic = "${google_pubsub_topic.topic.name}"
|
|
||||||
role = "roles/pubsub.publisher"
|
|
||||||
members = ["serviceAccount:${data.google_storage_project_service_account.gs_account.id}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_storage_notification" "notification" {
|
resource "google_storage_notification" "notification" {
|
||||||
bucket = "${google_storage_bucket.bucket.name}"
|
bucket = "${google_storage_bucket.bucket.name}"
|
||||||
payload_format = "JSON_API_V1"
|
payload_format = "JSON_API_V1"
|
||||||
|
@ -47,6 +33,27 @@ resource "google_storage_notification" "notification" {
|
||||||
}
|
}
|
||||||
depends_on = ["google_pubsub_topic_iam_binding.binding"]
|
depends_on = ["google_pubsub_topic_iam_binding.binding"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Enable notifications by giving the correct IAM permission to the unique service account.
|
||||||
|
|
||||||
|
data "google_storage_project_service_account" "gcs_account" {}
|
||||||
|
|
||||||
|
resource "google_pubsub_topic_iam_binding" "binding" {
|
||||||
|
topic = "${google_pubsub_topic.topic.name}"
|
||||||
|
role = "roles/pubsub.publisher"
|
||||||
|
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
|
||||||
|
}
|
||||||
|
|
||||||
|
// End enabling notifications
|
||||||
|
|
||||||
|
|
||||||
|
resource "google_storage_bucket" "bucket" {
|
||||||
|
name = "default_bucket"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_pubsub_topic" "topic" {
|
||||||
|
name = "default_topic"
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## Argument Reference
|
## Argument Reference
|
||||||
|
|
Loading…
Reference in New Issue
Block a user