-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add google_storage_default_object_acl resource #992
Conversation
config := meta.(*Config) | ||
|
||
bucket := d.Get("bucket").(string) | ||
role_entity := make([]interface{}, 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: use mixedCaps please for variables (https://github.com/golang/go/wiki/CodeReviewComments#mixed-caps)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll fix the variable naming in the next review, once I get your thoughts on the comment above
Thanks!
ForceNew: true, | ||
}, | ||
|
||
"role_entity": &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd highly recommend just having two separate fields here- one for the role, and the other for the entity. The id for the resource can then be bucket/entity
, which would allow reading back the resource just from the id. If a Terraform user wants to specify multiple default acls, they can just have multiple resources. I'm going to hold off on reviewing the rest of this PR for now since it'll change a lot if you end up going with this approach.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't necessarily think it is a good idea, because it is very likely that users will have multiple default acls. Default acls get applied to the objects only at object creation time, which means that the explicit dependency will need to be set for "google_storage_bucket_object" resource on "google_storage_default_object_acl" resource to ensure that if both of those resources are created simultaneously, the objects always gets created after the default acl is in place. Having multiple resources will make it more complicated to control for those explicit dependencies.
Besides, it seems to me that this resource should be similar in use with google_storage_object_acl, since it essentially does the same thing(sets up object permissions), but on the bucket level. So it seems to me that both should have similar resource declaration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah ok, I can get behind having them be consistent with each other. That's fine then, I'll continue reviewing as-is :)
} | ||
|
||
func getDefaultObjectAclId(bucket string) string { | ||
return bucket + "-default-object-acl" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That suffix isn't really necessary
d.Set("role_entity", role_entity) | ||
} | ||
|
||
d.SetId(getDefaultObjectAclId(bucket)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The id should be set at the end of create, since we want to make sure the state file has some information regardless of whether or not the read succeeded.
role_entity = v.([]interface{}) | ||
} | ||
|
||
if len(role_entity) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's do MinItems: 1 on the schema element for this and then remove this check
bucket := d.Get("bucket").(string) | ||
role_entity := make([]interface{}, 0) | ||
|
||
if v, ok := d.GetOk("role_entity"); ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can just do role_entity := d.Get("role_entity")
, no need for the GetOk
|
||
bucket := d.Get("bucket").(string) | ||
|
||
if _, ok := d.GetOk("role_entity"); ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
bucket := d.Get("bucket").(string) | ||
|
||
if _, ok := d.GetOk("role_entity"); ok { | ||
role_entity := make([]interface{}, 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: roleEntities since it's a list?
Entity: pair.Entity, | ||
} | ||
|
||
// If the old state is missing for this entity, it needs to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: This comment is written as create -> update, but the if statement is update -> create, can it be reworded to match?
|
||
bucket := d.Get("bucket").(string) | ||
|
||
if d.HasChange("role_entity") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since role_entity
is currently the only thing that can change, what do you think about:
if !d.HasChange("role_entity") {
return nil
}
and then the rest of the logic afterward?
`, bucketName) | ||
} | ||
|
||
func testGoogleStorageDefaultObjectsAclBasic1(bucketName string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These three tests are exactly the same except for which vars are filled in for the role_entity. How about something like this:
func testGoogleStorageDefaultObjectAclBasic(bucketName, roleEntity1, roleEntity2 string) string {
return fmt.Sprintf(`
// config here
`, bucketName, roleEntity1, roleEntity2)
|
||
# google\_storage\_default\_object\_acl | ||
|
||
Creates a new default object ACL in Google cloud storage service (GCS). For more information see |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Google Cloud Storage
Cleaning up storage_default_object_acl
Looks good! I just pushed a quick commit to fix up the docs so the link shows up in the sidebar. Merging now. |
* Storage Default Object ACL resource * Fixed the doc * Renamed the resource id. Log change * Complying with go vet * Changes for review * link to default object acl docs in sidebar
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
This addresses issue #64 and adds support for creating storage default object acls (API doc
The resource is similar to an existing resource for storage_object_acl, with the exception of setting up permissions on the bucket level