-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
storage: make bucket ACLs control the entire resource. #358
Conversation
Storage bucket ACLs inherited the behaviour of only updating the fields that were set in the config file. Terraform should track all the fields in the resource, whether the user has specified a value for them or not, and correct any drift that may occur. This has manifested in an issue and unexpected behaviour in #50, and this PR restores the expected behaviour.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Question
// | ||
// This is, needless to say, a bad state of affairs and | ||
// should be fixed. | ||
if _, ok := d.GetOk("role_entity"); ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems we're no long reading predefined_acl
at all, is that intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the comment above talks about it briefly. but to expand on it here:
- The resource never actually read
predefined_acl
. - It still does not read
predefined_acl
because it can't.predefined_acl
is just a shorthand used when creating or updating a bucket, and isn't actually returned by any API call. It just gets translated into a predefined list of ACLs (which, sadly, aren't predictable--as far as I can tell), and is never seen again. This meanspredefined_acl
is probably a bad thing to support as such in terraform, but deprecating it entirely felt out of scope for this PR, especially as I think it would take quite a bit of work to replace it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for explaining!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
I think this change broke some tests, can you take a look @paddycarver? |
Investigating this, apologies. |
…ge_bucket_acl storage: make bucket ACLs control the entire resource.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
Storage bucket ACLs inherited the behaviour of only updating the fields
that were set in the config file. Terraform should track all the fields
in the resource, whether the user has specified a value for them or not,
and correct any drift that may occur.
This has manifested in an issue and unexpected behaviour in #50, and
this PR restores the expected behaviour.