GoogleCloudPlatform · modular-magician · Sep 25, 2019 · Sep 24, 2019 · Sep 24, 2019 · Sep 24, 2019
diff --git a/build/ansible b/build/ansible
diff --git a/build/terraform b/build/terraform
diff --git a/build/terraform-beta b/build/terraform-beta
diff --git a/build/terraform-mapper b/build/terraform-mapper
diff --git a/products/storage/api.yaml b/products/storage/api.yaml
@@ -474,6 +474,7 @@ objects:
         imports: 'name'
         description: 'The name of the bucket.'
         required: true
+        input: true
       - !ruby/object:Api::Type::String
         name: 'domain'
         description: 'The domain associated with the entity.'
@@ -501,9 +502,11 @@ objects:
             To refer to all members of the Google Apps for Business domain
             example.com, the entity would be domain-example.com.
         required: true
+        input: true
       - !ruby/object:Api::Type::String
         name: 'entityId'
         description: 'The ID for the entity'
+        output: true
       # | 'etag' is not applicable for state convergence.
       - !ruby/object:Api::Type::String
         name: 'id'
@@ -512,6 +515,7 @@ objects:
       - !ruby/object:Api::Type::NestedObject
         name: 'projectTeam'
         description: 'The project team associated with the entity'
+        output: true
         properties:
           - !ruby/object:Api::Type::String
             name: 'projectNumber'

diff --git a/products/storage/terraform.yaml b/products/storage/terraform.yaml
@@ -16,7 +16,24 @@ overrides: !ruby/object:Overrides::ResourceOverrides
   Bucket: !ruby/object:Overrides::Terraform::ResourceOverride
     exclude: true
   BucketAccessControl: !ruby/object:Overrides::Terraform::ResourceOverride
-    exclude: true
+    examples:
+    - !ruby/object:Provider::Terraform::Examples
+      name: "storage_bucket_access_control_public_bucket"
+      primary_resource_id: "public_rule"
+      vars:
+        bucket_name: "static-content-bucket"
+    id_format: "{{bucket}}/{{entity}}"
+    import_format: ["{{bucket}}/{{entity}}"]
+    properties:
+      id: !ruby/object:Overrides::Terraform::PropertyOverride
+        exclude: true
+      bucket: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_expand: 'templates/terraform/custom_expand/resourceref_as_string.go.erb'
+      # entityId and projectTeam don't seem to actually part of the schema
+      entityId: !ruby/object:Overrides::Terraform::PropertyOverride
+        exclude: true
+      projectTeam: !ruby/object:Overrides::Terraform::PropertyOverride
+        exclude: true
   ObjectAccessControl: !ruby/object:Overrides::Terraform::ResourceOverride
     examples:
     - !ruby/object:Provider::Terraform::Examples

diff --git a/templates/terraform/examples/storage_bucket_access_control_public_bucket.tf.erb b/templates/terraform/examples/storage_bucket_access_control_public_bucket.tf.erb
@@ -0,0 +1,9 @@
+resource "google_storage_bucket_access_control" "<%= ctx[:primary_resource_id] %>" {
+  bucket = google_storage_bucket.bucket.name
+  role   = "READER"
+  entity = "allUsers"
+}
+
+resource "google_storage_bucket" "bucket" {
+	name = "<%= ctx[:vars]['bucket_name'] %>"
+}
diff --git a/third_party/terraform/tests/resource_storage_bucket_access_control_test.go b/third_party/terraform/tests/resource_storage_bucket_access_control_test.go
@@ -0,0 +1,56 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccStorageBucketAccessControl_update(t *testing.T) {
+	t.Parallel()
+
+	bucketName := testBucketName()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			if errObjectAcl != nil {
+				panic(errObjectAcl)
+			}
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckStorageObjectAccessControlDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testGoogleStorageBucketAccessControlBasic(bucketName, "READER", "allUsers"),
+			},
+			{
+				ResourceName:      "google_storage_bucket_access_control.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testGoogleStorageBucketAccessControlBasic(bucketName, "OWNER", "allUsers"),
+			},
+			{
+				ResourceName:      "google_storage_bucket_access_control.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testGoogleStorageBucketAccessControlBasic(bucketName, role, entity string) string {
+	return fmt.Sprintf(`
+resource "google_storage_bucket_access_control" "default" {
+  bucket = google_storage_bucket.bucket.name
+  role   = "%s"
+  entity = "%s"
+}
+
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+}
+`, role, entity, bucketName)
+}
diff --git a/third_party/terraform/website-compiled/google.erb b/third_party/terraform/website-compiled/google.erb
@@ -1227,6 +1227,10 @@
       <a href="/docs/providers/google/r/storage_bucket.html">google_storage_bucket</a>
       </li>
 
+      <li<%%= sidebar_current("docs-google-storage-bucket-access-control") %>>
+      <a href="/docs/providers/google/r/storage_bucket_access_control.html">google_storage_bucket_access_control</a>
+      </li>
+
       <li<%%= sidebar_current("docs-google-storage-bucket-acl") %>>
       <a href="/docs/providers/google/r/storage_bucket_acl.html">google_storage_bucket_acl</a>
       </li>