fix: (storage) added source_md5hash field in bucket object (#14117) (#23267)

modular-magician · web-flow · commit f3928271590c · 2025-06-13T13:31:21.000-07:00
[upstream:e8fa4171a1bed7a0d45d11249b04976c53bd9615]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/14117.txt b/.changelog/14117.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+storage: added `source_md5hash` field in `google_storage_bucket_object`
+```
diff --git a/google/services/storage/resource_storage_bucket_object.go b/google/services/storage/resource_storage_bucket_object.go
@@ -26,6 +26,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
 
@@ -148,9 +149,16 @@ func ResourceStorageBucketObject() *schema.Resource {
 				Description:  `A path to the data you want to upload. Must be defined if content is not.`,
 			},
 
+			"source_md5hash": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: `User-provided md5hash, Base 64 MD5 hash of the object data.`,
+			},
+
 			// Detect changes to local file or changes made outside of Terraform to the file stored on the server.
 			"detect_md5hash": {
-				Type: schema.TypeString,
+				Type:       schema.TypeString,
+				Deprecated: "`detect_md5hash` is deprecated and will be removed in future release. Start using `source_md5hash` instead",
 				// This field is not Computed because it needs to trigger a diff.
 				Optional: true,
 				// Makes the diff message nicer:
@@ -163,6 +171,12 @@ func ResourceStorageBucketObject() *schema.Resource {
 				// 3. Don't suppress the diff iff they don't match
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 					localMd5Hash := ""
+					if d.GetRawConfig().GetAttr("source_md5hash") == cty.UnknownVal(cty.String) {
+						return true
+					}
+					if v, ok := d.GetOk("source_md5hash"); ok && v != "" {
+						return true
+					}
 					if source, ok := d.GetOkExists("source"); ok {
 						localMd5Hash = tpgresource.GetFileMd5Hash(source.(string))
 					}
@@ -408,7 +422,7 @@ func resourceStorageBucketObjectUpdate(d *schema.ResourceData, meta interface{})
 	bucket := d.Get("bucket").(string)
 	name := d.Get("name").(string)
 
-	if d.HasChange("content") || d.HasChange("detect_md5hash") {
+	if d.HasChange("content") || d.HasChange("source_md5hash") || d.HasChange("detect_md5hash") {
 		// The KMS key name are not able to be set on create :
 		// or you get error: Error uploading object test-maarc: googleapi: Error 400: Malformed Cloud KMS crypto key: projects/myproject/locations/myregion/keyRings/mykeyring/cryptoKeys/mykeyname/cryptoKeyVersions/1, invalid
 		d.Set("kms_key_name", nil)
@@ -496,6 +510,9 @@ func resourceStorageBucketObjectRead(d *schema.ResourceData, meta interface{}) e
 	if err := d.Set("detect_md5hash", res.Md5Hash); err != nil {
 		return fmt.Errorf("Error setting detect_md5hash: %s", err)
 	}
+	if err := d.Set("source_md5hash", d.Get("source_md5hash")); err != nil {
+		return fmt.Errorf("Error setting source_md5hash: %s", err)
+	}
 	if err := d.Set("generation", res.Generation); err != nil {
 		return fmt.Errorf("Error setting generation: %s", err)
 	}
@@ -642,6 +659,11 @@ func flattenObjectRetention(objectRetention *storage.ObjectRetention) []map[stri
 
 func resourceStorageBucketObjectCustomizeDiff(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error {
 	localMd5Hash := ""
+
+	if (d.GetRawConfig().GetAttr("source_md5hash") == cty.UnknownVal(cty.String)) || d.HasChange("source_md5hash") {
+		return showDiff(d)
+	}
+
 	if source, ok := d.GetOkExists("source"); ok {
 		localMd5Hash = tpgresource.GetFileMd5Hash(source.(string))
 	}
@@ -656,7 +678,10 @@ func resourceStorageBucketObjectCustomizeDiff(ctx context.Context, d *schema.Res
 	if ok && oldMd5Hash == localMd5Hash {
 		return nil
 	}
+	return showDiff(d)
+}
 
+func showDiff(d *schema.ResourceDiff) error {
 	err := d.SetNewComputed("md5hash")
 	if err != nil {
 		return fmt.Errorf("Error re-setting md5hash: %s", err)
@@ -669,5 +694,6 @@ func resourceStorageBucketObjectCustomizeDiff(ctx context.Context, d *schema.Res
 	if err != nil {
 		return fmt.Errorf("Error re-setting generation: %s", err)
 	}
+
 	return nil
 }
diff --git a/google/services/storage/resource_storage_bucket_object_test.go b/google/services/storage/resource_storage_bucket_object_test.go
@@ -525,6 +525,93 @@ func TestResourceStorageBucketObjectUpdate_ContentChange(t *testing.T) {
 	})
 }
 
+func TestAccStorageObject_sourceMd5Hash(t *testing.T) {
+	t.Parallel()
+
+	bucketName := acctest.TestBucketName(t)
+
+	data := []byte("data data data")
+
+	writeMd5 := func(data []byte) string {
+		h := md5.New()
+		if _, err := h.Write(data); err != nil {
+			t.Errorf("error calculating md5: %v", err)
+		}
+		dataMd5 := base64.StdEncoding.EncodeToString(h.Sum(nil))
+		return dataMd5
+	}
+
+	dataMd5 := writeMd5(data)
+
+	updatedata := []byte("datum")
+	updatedDataMd5 := writeMd5(updatedata)
+
+	testFile := getNewTmpTestFile(t, "tf-test")
+	if err := ioutil.WriteFile(testFile.Name(), data, 0644); err != nil {
+		t.Errorf("error writing file: %v", err)
+	}
+
+	updateMd5 := []byte("sample")
+	newMd5 := writeMd5(updateMd5)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccStorageObjectDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testGoogleStorageBucketsObjectBasic(bucketName, testFile.Name()),
+				Check:  testAccCheckGoogleStorageObject(t, bucketName, objectName, dataMd5),
+			},
+			{
+				PreConfig: func() {
+					if err := ioutil.WriteFile(testFile.Name(), updatedata, 0644); err != nil {
+						t.Errorf("error writing file: %v", err)
+					}
+				},
+				Config: testGoogleStorageBucketsObjectFileMd5(bucketName, testFile.Name(), updatedDataMd5),
+				Check:  testAccCheckGoogleStorageObject(t, bucketName, objectName, updatedDataMd5),
+			},
+			{
+				Config: testGoogleStorageBucketsObjectFileMd5(bucketName, testFile.Name(), newMd5),
+				Check:  testAccCheckGoogleStorageObject(t, bucketName, objectName, updatedDataMd5),
+			},
+		},
+	})
+}
+
+func TestAccStorageObject_knownAfterApply(t *testing.T) {
+	t.Parallel()
+
+	bucketName := acctest.TestBucketName(t)
+	destinationFilePath := getNewTmpTestFile(t, "tf-test-apply-")
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccStorageObjectDestroyProducer(t),
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"local": resource.ExternalProvider{
+				VersionConstraint: "> 2.5.0",
+			},
+		},
+		Steps: []resource.TestStep{
+			{
+				Config: testGoogleStorageBucketObject(bucketName, "first", destinationFilePath.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageValidOutput(t),
+				),
+			},
+			{
+				Config: testGoogleStorageBucketObjectKnownAfterApply(bucketName, "second", destinationFilePath.Name()),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGoogleStorageValidOutput(t),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckGoogleStorageObject(t *testing.T, bucket, object, md5 string) resource.TestCheckFunc {
 	return testAccCheckGoogleStorageObjectWithEncryption(t, bucket, object, md5, "")
 }
@@ -863,3 +950,112 @@ func getNewTmpTestFile(t *testing.T, prefix string) *os.File {
 	}
 	return testFile
 }
+
+func testGoogleStorageBucketsObjectFileMd5(bucketName, sourceFilename, md5hash string) string {
+	return fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+  name     = "%s"
+  location = "US"
+}
+
+resource "google_storage_bucket_object" "bo_1861894" {
+  name           = "%s"
+  source_md5hash = "%s"
+  bucket         = google_storage_bucket.bucket.name
+  source         = "%s"
+}
+`, bucketName, objectName, md5hash, sourceFilename)
+}
+
+func testAccCheckGoogleStorageValidOutput(t *testing.T) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		var root = s.Modules[0]
+		var outputs, ok = root.Outputs["valid"]
+
+		if !ok {
+			return fmt.Errorf("Error: `valid` output missing")
+		}
+
+		if outputs == nil {
+			return fmt.Errorf("Terraform output `valid` does not exists")
+		}
+
+		if outputs.Value == false {
+			return fmt.Errorf("File content is not valid")
+		}
+		return nil
+	}
+}
+
+func testGoogleStorageBucketObject(bucketName, content, filename string) string {
+	return fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+  name     = "%s"
+  location = "US"
+}
+
+resource "google_storage_bucket_object" "changing" {
+  bucket  = google_storage_bucket.bucket.name
+  name    = "dynamic"
+  content = "%s"
+}
+
+resource "local_file" "test" {
+  content  = jsonencode(google_storage_bucket_object.changing.content)
+  filename = "%s"
+}
+
+resource "google_storage_bucket_object" "bo" {
+  source = local_file.test.filename
+  bucket = google_storage_bucket.bucket.name
+  name   = "test-file-bucket"
+}
+
+data "google_storage_bucket_object_content" "bo" {
+  bucket     = google_storage_bucket_object.bo.bucket
+  name       = google_storage_bucket_object.bo.name
+  depends_on = [google_storage_bucket_object.bo]
+}
+
+output "valid" {
+  value = nonsensitive(local_file.test.content) == data.google_storage_bucket_object_content.bo.content
+}
+`, bucketName, content, filename)
+}
+
+func testGoogleStorageBucketObjectKnownAfterApply(bucketName, content, filename string) string {
+	return fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+  name     = "%s"
+  location = "US"
+}
+
+resource "google_storage_bucket_object" "changing" {
+  bucket  = google_storage_bucket.bucket.name
+  name    = "dynamic"
+  content = "%s"
+}
+
+resource "local_file" "test" {
+  content  = jsonencode(google_storage_bucket_object.changing.content)
+  filename = "%s"
+}
+
+resource "google_storage_bucket_object" "bo" {
+  source = local_file.test.filename
+  source_md5hash = local_file.test.content_md5
+  bucket = google_storage_bucket.bucket.name
+  name   = "test-file-bucket"
+}
+
+data "google_storage_bucket_object_content" "bo" {
+  bucket     = google_storage_bucket_object.bo.bucket
+  name       = google_storage_bucket_object.bo.name
+  depends_on = [google_storage_bucket_object.bo]
+}
+
+output "valid" {
+  value = nonsensitive(local_file.test.content) == data.google_storage_bucket_object_content.bo.content
+}
+`, bucketName, content, filename)
+}
diff --git a/website/docs/r/storage_bucket_object.html.markdown b/website/docs/r/storage_bucket_object.html.markdown
@@ -101,6 +101,8 @@ One of the following is required:
 
 * `kms_key_name` - (Optional) The resource name of the Cloud KMS key that will be used to [encrypt](https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys) the object.
 
+* `source_md5hash` - (Optional) User-provided md5hash to trigger replacement of object in storage bucket, Must be Base 64 MD5 hash of the object data. The usual way to set this is filemd5("file.zip"), where "file.zip" is the local filename
+
 ---
 
 <a name="nested_customer_encryption"></a>The `customer_encryption` block supports:

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+storage: added `source_md5hash` field in `google_storage_bucket_object`
	`3`	+```