mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-06-29 06:42:36 +00:00
112 lines
3.3 KiB
Go
112 lines
3.3 KiB
Go
package google
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
"google.golang.org/api/storage/v1"
|
|
)
|
|
|
|
func resourceStorageDefaultObjectAcl() *schema.Resource {
|
|
return &schema.Resource{
|
|
Create: resourceStorageDefaultObjectAclCreateUpdate,
|
|
Read: resourceStorageDefaultObjectAclRead,
|
|
Update: resourceStorageDefaultObjectAclCreateUpdate,
|
|
Delete: resourceStorageDefaultObjectAclDelete,
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
"bucket": {
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"role_entity": {
|
|
Type: schema.TypeSet,
|
|
Optional: true,
|
|
Computed: true,
|
|
Elem: &schema.Schema{
|
|
Type: schema.TypeString,
|
|
ValidateFunc: validateRoleEntityPair,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func resourceStorageDefaultObjectAclCreateUpdate(d *schema.ResourceData, meta interface{}) error {
|
|
config := meta.(*Config)
|
|
|
|
bucket := d.Get("bucket").(string)
|
|
defaultObjectAcl := []*storage.ObjectAccessControl{}
|
|
for _, v := range d.Get("role_entity").(*schema.Set).List() {
|
|
pair := getValidatedRoleEntityPair(v.(string))
|
|
defaultObjectAcl = append(defaultObjectAcl, &storage.ObjectAccessControl{
|
|
Role: pair.Role,
|
|
Entity: pair.Entity,
|
|
})
|
|
}
|
|
|
|
res, err := config.clientStorage.Buckets.Get(bucket).Do()
|
|
if err != nil {
|
|
return fmt.Errorf("Error reading bucket %s: %v", bucket, err)
|
|
}
|
|
|
|
// Even with ForceSendFields the empty array wasn't working. Luckily, this is the same thing
|
|
if len(defaultObjectAcl) == 0 {
|
|
_, err = config.clientStorage.Buckets.Update(bucket, res).IfMetagenerationMatch(res.Metageneration).PredefinedDefaultObjectAcl("private").Do()
|
|
if err != nil {
|
|
return fmt.Errorf("Error updating default object acl to empty for bucket %s: %v", bucket, err)
|
|
}
|
|
} else {
|
|
res.DefaultObjectAcl = defaultObjectAcl
|
|
_, err = config.clientStorage.Buckets.Update(bucket, res).IfMetagenerationMatch(res.Metageneration).Do()
|
|
if err != nil {
|
|
return fmt.Errorf("Error updating default object acl for bucket %s: %v", bucket, err)
|
|
}
|
|
}
|
|
|
|
return resourceStorageDefaultObjectAclRead(d, meta)
|
|
}
|
|
|
|
func resourceStorageDefaultObjectAclRead(d *schema.ResourceData, meta interface{}) error {
|
|
config := meta.(*Config)
|
|
|
|
bucket := d.Get("bucket").(string)
|
|
res, err := config.clientStorage.Buckets.Get(bucket).Projection("full").Do()
|
|
if err != nil {
|
|
return handleNotFoundError(err, d, fmt.Sprintf("Default Storage Object ACL for Bucket %q", d.Get("bucket").(string)))
|
|
}
|
|
|
|
var roleEntities []string
|
|
for _, roleEntity := range res.DefaultObjectAcl {
|
|
role := roleEntity.Role
|
|
entity := roleEntity.Entity
|
|
roleEntities = append(roleEntities, fmt.Sprintf("%s:%s", role, entity))
|
|
}
|
|
|
|
err = d.Set("role_entity", roleEntities)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
d.SetId(bucket)
|
|
return nil
|
|
}
|
|
|
|
func resourceStorageDefaultObjectAclDelete(d *schema.ResourceData, meta interface{}) error {
|
|
config := meta.(*Config)
|
|
|
|
bucket := d.Get("bucket").(string)
|
|
res, err := config.clientStorage.Buckets.Get(bucket).Do()
|
|
if err != nil {
|
|
return fmt.Errorf("Error reading bucket %s: %v", bucket, err)
|
|
}
|
|
|
|
_, err = config.clientStorage.Buckets.Update(bucket, res).IfMetagenerationMatch(res.Metageneration).PredefinedDefaultObjectAcl("private").Do()
|
|
if err != nil {
|
|
return fmt.Errorf("Error deleting (updating to private) default object acl for bucket %s: %v", bucket, err)
|
|
}
|
|
|
|
return nil
|
|
}
|