mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-06 18:51:13 +00:00
b343829d22
Project number is now set through an environment variable instead of being inferred at runtime using the API.
252 lines
7.5 KiB
Go
252 lines
7.5 KiB
Go
package google
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/helper/acctest"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/terraform"
|
|
)
|
|
|
|
var (
|
|
roleEntityBasic1 = "OWNER:user-paddy@hashicorp.com"
|
|
roleEntityBasic2 = "READER:user-paddy@carvers.co"
|
|
roleEntityBasic3_owner = "OWNER:user-paddy@paddy.io"
|
|
roleEntityBasic3_reader = "READER:user-foran.paddy@gmail.com"
|
|
|
|
roleEntityOwners = "OWNER:project-owners-" + os.Getenv("GOOGLE_PROJECT_NUMBER")
|
|
roleEntityEditors = "OWNER:project-editors-" + os.Getenv("GOOGLE_PROJECT_NUMBER")
|
|
roleEntityViewers = "READER:project-viewers-" + os.Getenv("GOOGLE_PROJECT_NUMBER")
|
|
)
|
|
|
|
func testBucketName() string {
|
|
return fmt.Sprintf("%s-%d", "tf-test-acl-bucket", acctest.RandInt())
|
|
}
|
|
|
|
func TestAccGoogleStorageBucketAcl_basic(t *testing.T) {
|
|
bucketName := testBucketName()
|
|
skipIfEnvNotSet(t, "GOOGLE_PROJECT_NUMBER")
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccGoogleStorageBucketAclDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasic1(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic1),
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic2),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccGoogleStorageBucketAcl_upgrade(t *testing.T) {
|
|
bucketName := testBucketName()
|
|
skipIfEnvNotSet(t, "GOOGLE_PROJECT_NUMBER")
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccGoogleStorageBucketAclDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasic1(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic1),
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic2),
|
|
),
|
|
},
|
|
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasic2(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic2),
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic3_owner),
|
|
),
|
|
},
|
|
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasicDelete(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAclDelete(bucketName, roleEntityBasic1),
|
|
testAccCheckGoogleStorageBucketAclDelete(bucketName, roleEntityBasic2),
|
|
testAccCheckGoogleStorageBucketAclDelete(bucketName, roleEntityBasic3_owner),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccGoogleStorageBucketAcl_downgrade(t *testing.T) {
|
|
bucketName := testBucketName()
|
|
skipIfEnvNotSet(t, "GOOGLE_PROJECT_NUMBER")
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccGoogleStorageBucketAclDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasic2(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic2),
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic3_owner),
|
|
),
|
|
},
|
|
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasic3(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic2),
|
|
testAccCheckGoogleStorageBucketAcl(bucketName, roleEntityBasic3_reader),
|
|
),
|
|
},
|
|
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclBasicDelete(bucketName),
|
|
Check: resource.ComposeTestCheckFunc(
|
|
testAccCheckGoogleStorageBucketAclDelete(bucketName, roleEntityBasic1),
|
|
testAccCheckGoogleStorageBucketAclDelete(bucketName, roleEntityBasic2),
|
|
testAccCheckGoogleStorageBucketAclDelete(bucketName, roleEntityBasic3_owner),
|
|
),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func TestAccGoogleStorageBucketAcl_predefined(t *testing.T) {
|
|
bucketName := testBucketName()
|
|
resource.Test(t, resource.TestCase{
|
|
PreCheck: func() { testAccPreCheck(t) },
|
|
Providers: testAccProviders,
|
|
CheckDestroy: testAccGoogleStorageBucketAclDestroy,
|
|
Steps: []resource.TestStep{
|
|
resource.TestStep{
|
|
Config: testGoogleStorageBucketsAclPredefined(bucketName),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
|
|
func testAccCheckGoogleStorageBucketAclDelete(bucket, roleEntityS string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
roleEntity, _ := getRoleEntityPair(roleEntityS)
|
|
config := testAccProvider.Meta().(*Config)
|
|
|
|
_, err := config.clientStorage.BucketAccessControls.Get(bucket, roleEntity.Entity).Do()
|
|
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
return fmt.Errorf("Error, entity %s still exists", roleEntity.Entity)
|
|
}
|
|
}
|
|
|
|
func testAccCheckGoogleStorageBucketAcl(bucket, roleEntityS string) resource.TestCheckFunc {
|
|
return func(s *terraform.State) error {
|
|
roleEntity, _ := getRoleEntityPair(roleEntityS)
|
|
config := testAccProvider.Meta().(*Config)
|
|
|
|
res, err := config.clientStorage.BucketAccessControls.Get(bucket, roleEntity.Entity).Do()
|
|
|
|
if err != nil {
|
|
return fmt.Errorf("Error retrieving contents of acl for bucket %s: %s", bucket, err)
|
|
}
|
|
|
|
if res.Role != roleEntity.Role {
|
|
return fmt.Errorf("Error, Role mismatch %s != %s", res.Role, roleEntity.Role)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func testAccGoogleStorageBucketAclDestroy(s *terraform.State) error {
|
|
config := testAccProvider.Meta().(*Config)
|
|
|
|
for _, rs := range s.RootModule().Resources {
|
|
if rs.Type != "google_storage_bucket_acl" {
|
|
continue
|
|
}
|
|
|
|
bucket := rs.Primary.Attributes["bucket"]
|
|
|
|
_, err := config.clientStorage.BucketAccessControls.List(bucket).Do()
|
|
|
|
if err == nil {
|
|
return fmt.Errorf("Acl for bucket %s still exists", bucket)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func testGoogleStorageBucketsAclBasic1(bucketName string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_storage_bucket" "bucket" {
|
|
name = "%s"
|
|
}
|
|
|
|
resource "google_storage_bucket_acl" "acl" {
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
|
role_entity = ["%s", "%s", "%s", "%s", "%s"]
|
|
}
|
|
`, bucketName, roleEntityOwners, roleEntityEditors, roleEntityViewers, roleEntityBasic1, roleEntityBasic2)
|
|
}
|
|
|
|
func testGoogleStorageBucketsAclBasic2(bucketName string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_storage_bucket" "bucket" {
|
|
name = "%s"
|
|
}
|
|
|
|
resource "google_storage_bucket_acl" "acl" {
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
|
role_entity = ["%s", "%s", "%s", "%s", "%s"]
|
|
}
|
|
`, bucketName, roleEntityOwners, roleEntityEditors, roleEntityViewers, roleEntityBasic2, roleEntityBasic3_owner)
|
|
}
|
|
|
|
func testGoogleStorageBucketsAclBasicDelete(bucketName string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_storage_bucket" "bucket" {
|
|
name = "%s"
|
|
}
|
|
|
|
resource "google_storage_bucket_acl" "acl" {
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
|
role_entity = []
|
|
}
|
|
`, bucketName)
|
|
}
|
|
|
|
func testGoogleStorageBucketsAclBasic3(bucketName string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_storage_bucket" "bucket" {
|
|
name = "%s"
|
|
}
|
|
|
|
resource "google_storage_bucket_acl" "acl" {
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
|
role_entity = ["%s", "%s", "%s", "%s", "%s"]
|
|
}
|
|
`, bucketName, roleEntityOwners, roleEntityEditors, roleEntityViewers, roleEntityBasic2, roleEntityBasic3_reader)
|
|
}
|
|
|
|
func testGoogleStorageBucketsAclPredefined(bucketName string) string {
|
|
return fmt.Sprintf(`
|
|
resource "google_storage_bucket" "bucket" {
|
|
name = "%s"
|
|
}
|
|
|
|
resource "google_storage_bucket_acl" "acl" {
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
|
predefined_acl = "projectPrivate"
|
|
default_acl = "projectPrivate"
|
|
}
|
|
`, bucketName)
|
|
}
|