-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate DefaultObjectAccessControl in Terraform #630
Merged
modular-magician
merged 5 commits into
GoogleCloudPlatform:master
from
rileykarson:default-object-access
Oct 30, 2018
Merged
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
04940af
Generate DefaultObjectAccessControl in Terraform
rileykarson c567e3b
Enable OiCS for StorageAccessControl, DefaultStorageAccessControl
rileykarson 7439393
Update complementary docs.
rileykarson 41d1fd5
Fix filetype
rileykarson 1ba5312
Update tracked submodules -> HEAD on Tue Oct 30 01:19:13 UTC 2018
modular-magician File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Submodule terraform
updated
from 6124c2 to c3764b
Submodule terraform-beta
updated
from f05c53 to 896d3d
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
110 changes: 110 additions & 0 deletions
110
provider/terraform/tests/resource_storage_default_object_access_control_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| package google | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "testing" | ||
|
|
||
| "github.com/hashicorp/terraform/helper/resource" | ||
| "github.com/hashicorp/terraform/terraform" | ||
| ) | ||
|
|
||
| func TestAccStorageDefaultObjectAccessControl_basic(t *testing.T) { | ||
| t.Parallel() | ||
|
|
||
| bucketName := testBucketName() | ||
| resource.Test(t, resource.TestCase{ | ||
| PreCheck: func() { | ||
| if errObjectAcl != nil { | ||
| panic(errObjectAcl) | ||
| } | ||
| testAccPreCheck(t) | ||
| }, | ||
| Providers: testAccProviders, | ||
| CheckDestroy: testAccStorageDefaultObjectAccessControlDestroy, | ||
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "READER", "allUsers"), | ||
| }, | ||
| { | ||
| ResourceName: "google_storage_default_object_access_control.default", | ||
| ImportState: true, | ||
| ImportStateVerify: true, | ||
| }, | ||
| }, | ||
| }) | ||
| } | ||
|
|
||
| func TestAccStorageDefaultObjectAccessControl_update(t *testing.T) { | ||
| t.Parallel() | ||
|
|
||
| bucketName := testBucketName() | ||
| resource.Test(t, resource.TestCase{ | ||
| PreCheck: func() { | ||
| if errObjectAcl != nil { | ||
| panic(errObjectAcl) | ||
| } | ||
| testAccPreCheck(t) | ||
| }, | ||
| Providers: testAccProviders, | ||
| CheckDestroy: testAccStorageDefaultObjectAccessControlDestroy, | ||
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "READER", "allUsers"), | ||
| }, | ||
| { | ||
| ResourceName: "google_storage_default_object_access_control.default", | ||
| ImportState: true, | ||
| ImportStateVerify: true, | ||
| }, | ||
| { | ||
| Config: testGoogleStorageDefaultObjectAccessControlBasic(bucketName, "OWNER", "allUsers"), | ||
| }, | ||
| { | ||
| ResourceName: "google_storage_default_object_access_control.default", | ||
| ImportState: true, | ||
| ImportStateVerify: true, | ||
| }, | ||
| }, | ||
| }) | ||
| } | ||
|
|
||
| func testAccStorageDefaultObjectAccessControlDestroy(s *terraform.State) error { | ||
| config := testAccProvider.Meta().(*Config) | ||
|
|
||
| for _, rs := range s.RootModule().Resources { | ||
| if rs.Type != "google_storage_bucket_acl" { | ||
| continue | ||
| } | ||
|
|
||
| bucket := rs.Primary.Attributes["bucket"] | ||
| entity := rs.Primary.Attributes["entity"] | ||
|
|
||
| rePairs, err := config.clientStorage.DefaultObjectAccessControls.List(bucket).Do() | ||
| if err != nil { | ||
| return fmt.Errorf("Can't list role entity acl for bucket %s", bucket) | ||
| } | ||
|
|
||
| for _, v := range rePairs.Items { | ||
| if v.Entity == entity { | ||
| return fmt.Errorf("found entity %s as role entity acl entry in bucket %s", entity, bucket) | ||
| } | ||
| } | ||
|
|
||
| } | ||
|
|
||
| return nil | ||
| } | ||
|
|
||
| func testGoogleStorageDefaultObjectAccessControlBasic(bucketName, role, entity string) string { | ||
| return fmt.Sprintf(` | ||
| resource "google_storage_bucket" "bucket" { | ||
| name = "%s" | ||
| } | ||
|
|
||
| resource "google_storage_default_object_access_control" "default" { | ||
| bucket = "${google_storage_bucket.bucket.name}" | ||
| role = "%s" | ||
| entity = "%s" | ||
| } | ||
| `, bucketName, role, entity) | ||
| } |
File renamed without changes.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
templates/terraform/examples/storage_default_object_access_control_public.tf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| resource "google_storage_default_object_access_control" "<%= ctx[:primary_resource_id] %>" { | ||
| bucket = "${google_storage_bucket.bucket.name}" | ||
| role = "READER" | ||
| entity = "allUsers" | ||
| } | ||
|
|
||
| resource "google_storage_bucket" "bucket" { | ||
| name = "<%= ctx[:vars]['bucket_name'] %>" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does the png need to be checked into source control?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need
somethingto send up to our bucket, and I prefer sending "real" files up to just generating the file at test time. We already have a few static files for ssl certs and cloud functions, so I figure this image can be too.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as we keep the file sizes small and don't change them much it shouldn't be a big deal. Big or frequently changing binary files make git sad.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh yup it is a 16x16 grey image very much on purpose haha. imo tossing 1-2 small images into vcs is fine, if it were any more/any larger it would 100% be time for a more future-proof solution