Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add bucket_policy_only to storage_bucket #1878

Merged
merged 2 commits into from
Jun 4, 2019
Merged

Add bucket_policy_only to storage_bucket #1878

merged 2 commits into from
Jun 4, 2019

Conversation

tysen
Copy link

@tysen tysen commented Jun 4, 2019

Fixes hashicorp/terraform-provider-google#3073

I decided to make bucket_policy_only a top level field because the IamConfiguration block is always returned by the API (even when not provided) and we can't do defaults for complex objects. Happy to know a better way though.

@tysen tysen requested a review from rileykarson June 4, 2019 19:45
@modular-magician
Copy link
Collaborator

Hi! I'm the modular magician, I work on Magic Modules.
This PR seems not to have generated downstream PRs before, as of 469a95d.

Pull request statuses

No diff detected in terraform-google-conversion.
No diff detected in Ansible.
No diff detected in Inspec.

New Pull Requests

I built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed.
depends: hashicorp/terraform-provider-google-beta#809
depends: hashicorp/terraform-provider-google#3783

rileykarson
rileykarson approved these changes Jun 4, 2019
View reviewed changes
Copy link
Member

@rileykarson rileykarson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM- do you think it's worth noting in the docs that bucket_policy_only can't be disabled under most circumstances? Or adding a CustomizeDiff to ForceNew if a user tries to? https://cloud.google.com/storage/docs/bucket-policy-only#reversion

As-is, if you create a bucket with policy only on and then try to disable it, Terraform will error out instead of disabling it. Users will need to reconcile manually which is unfortunate but not necessarily a blocker.

@tysen
Copy link
Author

tysen commented Jun 4, 2019

I don't think ForceNew is a good idea because the field can be reverted for some time after it is set, and Terraform will properly handle it during that time. I think the link provided in the docs provides sufficient information re: the implications of the field.

Ty Larrabee and others added 2 commits June 4, 2019 22:12
@modular-magician
Add bucket_policy_only to storage_bucket
3e449b0
@modular-magician
Update tracked submodules -> HEAD on Tue Jun 4 22:12:39 UTC 2019
99a20ec 
Tracked submodules are build/terraform-beta build/terraform-mapper build/terraform build/ansible build/inspec.
@modular-magician modular-magician merged commit b212c06 into GoogleCloudPlatform:master Jun 4, 2019
@tysen tysen deleted the iam-bucket branch June 4, 2019 22:15
@morgante morgante mentioned this pull request Jul 23, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rileykarson rileykarson rileykarson approved these changes

Assignees
No one assigned
Labels
automerged cla: yes downstream-generated terraform-provider-google terraform-provider-google-beta
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add iam_configuration.bucket_policy_only to google_storage_bucket
4 participants
@tysen @modular-magician @rileykarson @googlebot