Skip to content

Commit aa42664

Browse files
Laure-diLaure-di
committed
fix(bucket-policy): migration to sdk-v2
1 parent 2c6f055 commit aa42664

File tree

6 files changed

+2170
-1552
lines changed

6 files changed

+2170
-1552
lines changed

internal/provider/provider.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,7 @@ func Provider(config *Config) plugin.ProviderFunc {
195195
"scaleway_object_bucket": object.ResourceBucket(),
196196
"scaleway_object_bucket_acl": object.ResourceBucketACL(),
197197
"scaleway_object_bucket_lock_configuration": object.ResourceLockConfiguration(),
198-
//"scaleway_object_bucket_policy": object.ResourceBucketPolicy(),
198+
"scaleway_object_bucket_policy": object.ResourceBucketPolicy(),
199199
//"scaleway_object_bucket_website_configuration": object.ResourceBucketWebsiteConfiguration(),
200200
"scaleway_rdb_acl": rdb.ResourceACL(),
201201
"scaleway_rdb_database": rdb.ResourceDatabase(),

internal/services/object/bucket_policy.go

Lines changed: 186 additions & 187 deletions
Original file line numberDiff line numberDiff line change
@@ -1,189 +1,188 @@
11
package object
22

3-
//
4-
//import (
5-
// "context"
6-
// "fmt"
7-
// "time"
8-
//
9-
// "github.com/aws/aws-sdk-go/aws"
10-
// "github.com/aws/aws-sdk-go/service/s3"
11-
// "github.com/hashicorp/aws-sdk-go-base/tfawserr"
12-
// "github.com/hashicorp/terraform-plugin-log/tflog"
13-
// "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
14-
// "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
15-
// "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
16-
// "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
17-
// "github.com/scaleway/scaleway-sdk-go/scw"
18-
// "github.com/scaleway/terraform-provider-scaleway/v2/internal/dsf"
19-
// "github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
20-
// "github.com/scaleway/terraform-provider-scaleway/v2/internal/services/account"
21-
//)
22-
//
23-
//func ResourceBucketPolicy() *schema.Resource {
24-
// return &schema.Resource{
25-
// CreateContext: resourceObjectBucketPolicyCreate,
26-
// ReadContext: resourceObjectBucketPolicyRead,
27-
// UpdateContext: resourceObjectBucketPolicyCreate,
28-
// DeleteContext: resourceObjectBucketPolicyDelete,
29-
// Timeouts: &schema.ResourceTimeout{
30-
// Default: schema.DefaultTimeout(defaultObjectBucketTimeout),
31-
// },
32-
// Importer: &schema.ResourceImporter{
33-
// StateContext: schema.ImportStatePassthroughContext,
34-
// },
35-
// Schema: map[string]*schema.Schema{
36-
// "bucket": {
37-
// Type: schema.TypeString,
38-
// Required: true,
39-
// Description: "The bucket's name or regional ID.",
40-
// DiffSuppressFunc: dsf.Locality,
41-
// },
42-
// "policy": {
43-
// Type: schema.TypeString,
44-
// Required: true,
45-
// Description: "The text of the policy.",
46-
// DiffSuppressFunc: SuppressEquivalentPolicyDiffs,
47-
// },
48-
// "region": regional.Schema(),
49-
// "project_id": account.ProjectIDSchema(),
50-
// },
51-
// }
52-
//}
53-
//
54-
//func resourceObjectBucketPolicyCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
55-
// s3Client, region, err := s3ClientWithRegion(ctx, d, m)
56-
// if err != nil {
57-
// return diag.FromErr(err)
58-
// }
59-
//
60-
// regionalID := regional.ExpandID(d.Get("bucket"))
61-
// bucket := regionalID.ID
62-
// bucketRegion := regionalID.Region
63-
// tflog.Debug(ctx, "bucket name: "+bucket)
64-
//
65-
// if bucketRegion != "" && bucketRegion != region {
66-
// s3Client, err = s3ClientForceRegion(ctx, d, m, bucketRegion.String())
67-
// if err != nil {
68-
// return diag.FromErr(err)
69-
// }
70-
// region = bucketRegion
71-
// }
72-
//
73-
// policy, err := structure.NormalizeJsonString(d.Get("policy").(string))
74-
// if err != nil {
75-
// return diag.FromErr(fmt.Errorf("policy (%s) is an invalid JSON: %w", policy, err))
76-
// }
77-
//
78-
// tflog.Debug(ctx, fmt.Sprintf("[DEBUG] SCW bucket: %s, put policy: %s", bucket, policy))
79-
//
80-
// params := &s3.PutBucketPolicyInput{
81-
// Bucket: scw.StringPtr(bucket),
82-
// Policy: scw.StringPtr(policy),
83-
// }
84-
//
85-
// err = retry.RetryContext(ctx, 1*time.Minute, func() *retry.RetryError {
86-
// _, err := s3Client.PutBucketPolicyWithContext(ctx, params)
87-
// if tfawserr.ErrCodeEquals(err, "MalformedPolicy") {
88-
// return retry.RetryableError(err)
89-
// }
90-
// if err != nil {
91-
// return retry.NonRetryableError(err)
92-
// }
93-
// return nil
94-
// })
95-
// if TimedOut(err) {
96-
// _, err = s3Client.PutBucketPolicyWithContext(ctx, params)
97-
// }
98-
//
99-
// if err != nil {
100-
// return diag.FromErr(fmt.Errorf("error putting SCW bucket policy: %s", err))
101-
// }
102-
//
103-
// d.SetId(regional.NewIDString(region, bucket))
104-
//
105-
// return resourceObjectBucketPolicyRead(ctx, d, m)
106-
//}
107-
//
108-
////gocyclo:ignore
109-
//func resourceObjectBucketPolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
110-
// s3Client, region, _, err := s3ClientWithRegionAndName(ctx, d, m, d.Id())
111-
// if err != nil {
112-
// return diag.FromErr(err)
113-
// }
114-
//
115-
// regionalID := regional.ExpandID(d.Id())
116-
// bucket := regionalID.ID
117-
//
118-
// _ = d.Set("region", region)
119-
//
120-
// tflog.Debug(ctx, "[DEBUG] SCW bucket policy, read for bucket: "+d.Id())
121-
// pol, err := s3Client.GetBucketPolicyWithContext(ctx, &s3.GetBucketPolicyInput{
122-
// Bucket: aws.String(bucket),
123-
// })
124-
//
125-
// if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, ErrCodeNoSuchBucketPolicy, s3.ErrCodeNoSuchBucket) {
126-
// tflog.Warn(ctx, fmt.Sprintf("[WARN] SCW Bucket Policy (%s) not found, removing from state", d.Id()))
127-
// d.SetId("")
128-
// return nil
129-
// }
130-
//
131-
// v := ""
132-
// if err == nil && pol.Policy != nil {
133-
// v = aws.StringValue(pol.Policy)
134-
// }
135-
//
136-
// policyToSet, err := SecondJSONUnlessEquivalent(d.Get("policy").(string), v)
137-
// if err != nil {
138-
// return diag.FromErr(fmt.Errorf("while setting policy (%s), encountered: %w", policyToSet, err))
139-
// }
140-
//
141-
// policyToSet, err = structure.NormalizeJsonString(policyToSet)
142-
// if err != nil {
143-
// return diag.FromErr(fmt.Errorf("policy (%s) is an invalid JSON: %w", policyToSet, err))
144-
// }
145-
//
146-
// if err := d.Set("policy", policyToSet); err != nil {
147-
// return diag.FromErr(err)
148-
// }
149-
//
150-
// if err := d.Set("bucket", regionalID.String()); err != nil {
151-
// return diag.FromErr(err)
152-
// }
153-
//
154-
// var diags diag.Diagnostics
155-
// acl, err := s3Client.GetBucketAclWithContext(ctx, &s3.GetBucketAclInput{
156-
// Bucket: aws.String(bucket),
157-
// })
158-
// if err != nil {
159-
// if bucketFound, _ := addReadBucketErrorDiagnostic(&diags, err, "acl", ""); !bucketFound {
160-
// return diags
161-
// }
162-
// } else if acl != nil && acl.Owner != nil {
163-
// _ = d.Set("project_id", NormalizeOwnerID(acl.Owner.ID))
164-
// }
165-
//
166-
// return diags
167-
//}
168-
//
169-
//func resourceObjectBucketPolicyDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
170-
// s3Client, _, bucketName, err := s3ClientWithRegionAndName(ctx, d, m, d.Id())
171-
// if err != nil {
172-
// return diag.FromErr(err)
173-
// }
174-
//
175-
// tflog.Debug(ctx, fmt.Sprintf("scw object bucket: %s, delete policy", bucketName))
176-
// _, err = s3Client.DeleteBucketPolicy(&s3.DeleteBucketPolicyInput{
177-
// Bucket: aws.String(bucketName),
178-
// })
179-
//
180-
// if tfawserr.ErrCodeEquals(err, s3.ErrCodeNoSuchBucket) {
181-
// return nil
182-
// }
183-
//
184-
// if err != nil {
185-
// return diag.FromErr(fmt.Errorf("error deleting SCW Object policy: %s", err))
186-
// }
187-
//
188-
// return nil
189-
//}
3+
import (
4+
"context"
5+
"fmt"
6+
"time"
7+
8+
"github.com/aws/aws-sdk-go-v2/aws"
9+
"github.com/aws/aws-sdk-go-v2/service/s3"
10+
"github.com/hashicorp/aws-sdk-go-base/tfawserr"
11+
"github.com/hashicorp/terraform-plugin-log/tflog"
12+
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
13+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
14+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
15+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
16+
"github.com/scaleway/scaleway-sdk-go/scw"
17+
"github.com/scaleway/terraform-provider-scaleway/v2/internal/dsf"
18+
"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
19+
"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/account"
20+
)
21+
22+
func ResourceBucketPolicy() *schema.Resource {
23+
return &schema.Resource{
24+
CreateContext: resourceObjectBucketPolicyCreate,
25+
ReadContext: resourceObjectBucketPolicyRead,
26+
UpdateContext: resourceObjectBucketPolicyCreate,
27+
DeleteContext: resourceObjectBucketPolicyDelete,
28+
Timeouts: &schema.ResourceTimeout{
29+
Default: schema.DefaultTimeout(defaultObjectBucketTimeout),
30+
},
31+
Importer: &schema.ResourceImporter{
32+
StateContext: schema.ImportStatePassthroughContext,
33+
},
34+
Schema: map[string]*schema.Schema{
35+
"bucket": {
36+
Type: schema.TypeString,
37+
Required: true,
38+
Description: "The bucket's name or regional ID.",
39+
DiffSuppressFunc: dsf.Locality,
40+
},
41+
"policy": {
42+
Type: schema.TypeString,
43+
Required: true,
44+
Description: "The text of the policy.",
45+
DiffSuppressFunc: SuppressEquivalentPolicyDiffs,
46+
},
47+
"region": regional.Schema(),
48+
"project_id": account.ProjectIDSchema(),
49+
},
50+
}
51+
}
52+
53+
func resourceObjectBucketPolicyCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
54+
s3Client, region, err := s3ClientWithRegion(ctx, d, m)
55+
if err != nil {
56+
return diag.FromErr(err)
57+
}
58+
59+
regionalID := regional.ExpandID(d.Get("bucket"))
60+
bucket := regionalID.ID
61+
bucketRegion := regionalID.Region
62+
tflog.Debug(ctx, "bucket name: "+bucket)
63+
64+
if bucketRegion != "" && bucketRegion != region {
65+
s3Client, err = s3ClientForceRegion(ctx, d, m, bucketRegion.String())
66+
if err != nil {
67+
return diag.FromErr(err)
68+
}
69+
region = bucketRegion
70+
}
71+
72+
policy, err := structure.NormalizeJsonString(d.Get("policy").(string))
73+
if err != nil {
74+
return diag.FromErr(fmt.Errorf("policy (%s) is an invalid JSON: %w", policy, err))
75+
}
76+
77+
tflog.Debug(ctx, fmt.Sprintf("[DEBUG] SCW bucket: %s, put policy: %s", bucket, policy))
78+
79+
params := &s3.PutBucketPolicyInput{
80+
Bucket: scw.StringPtr(bucket),
81+
Policy: scw.StringPtr(policy),
82+
}
83+
84+
err = retry.RetryContext(ctx, 1*time.Minute, func() *retry.RetryError {
85+
_, err := s3Client.PutBucketPolicy(ctx, params)
86+
if tfawserr.ErrCodeEquals(err, "MalformedPolicy") {
87+
return retry.RetryableError(err)
88+
}
89+
if err != nil {
90+
return retry.NonRetryableError(err)
91+
}
92+
return nil
93+
})
94+
if TimedOut(err) {
95+
_, err = s3Client.PutBucketPolicy(ctx, params)
96+
}
97+
98+
if err != nil {
99+
return diag.FromErr(fmt.Errorf("error putting SCW bucket policy: %s", err))
100+
}
101+
102+
d.SetId(regional.NewIDString(region, bucket))
103+
104+
return resourceObjectBucketPolicyRead(ctx, d, m)
105+
}
106+
107+
//gocyclo:ignore
108+
func resourceObjectBucketPolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
109+
s3Client, region, _, err := s3ClientWithRegionAndName(ctx, d, m, d.Id())
110+
if err != nil {
111+
return diag.FromErr(err)
112+
}
113+
114+
regionalID := regional.ExpandID(d.Id())
115+
bucket := regionalID.ID
116+
117+
_ = d.Set("region", region)
118+
119+
tflog.Debug(ctx, "[DEBUG] SCW bucket policy, read for bucket: "+d.Id())
120+
pol, err := s3Client.GetBucketPolicy(ctx, &s3.GetBucketPolicyInput{
121+
Bucket: aws.String(bucket),
122+
})
123+
124+
if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, ErrCodeNoSuchBucketPolicy, ErrCodeNoSuchBucket) {
125+
tflog.Warn(ctx, fmt.Sprintf("[WARN] SCW Bucket Policy (%s) not found, removing from state", d.Id()))
126+
d.SetId("")
127+
return nil
128+
}
129+
130+
v := ""
131+
if err == nil && pol.Policy != nil {
132+
v = aws.ToString(pol.Policy)
133+
}
134+
135+
policyToSet, err := SecondJSONUnlessEquivalent(d.Get("policy").(string), v)
136+
if err != nil {
137+
return diag.FromErr(fmt.Errorf("while setting policy (%s), encountered: %w", policyToSet, err))
138+
}
139+
140+
policyToSet, err = structure.NormalizeJsonString(policyToSet)
141+
if err != nil {
142+
return diag.FromErr(fmt.Errorf("policy (%s) is an invalid JSON: %w", policyToSet, err))
143+
}
144+
145+
if err := d.Set("policy", policyToSet); err != nil {
146+
return diag.FromErr(err)
147+
}
148+
149+
if err := d.Set("bucket", regionalID.String()); err != nil {
150+
return diag.FromErr(err)
151+
}
152+
153+
var diags diag.Diagnostics
154+
acl, err := s3Client.GetBucketAcl(ctx, &s3.GetBucketAclInput{
155+
Bucket: aws.String(bucket),
156+
})
157+
if err != nil {
158+
if bucketFound, _ := addReadBucketErrorDiagnostic(&diags, err, "acl", ""); !bucketFound {
159+
return diags
160+
}
161+
} else if acl != nil && acl.Owner != nil {
162+
_ = d.Set("project_id", NormalizeOwnerID(acl.Owner.ID))
163+
}
164+
165+
return diags
166+
}
167+
168+
func resourceObjectBucketPolicyDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
169+
s3Client, _, bucketName, err := s3ClientWithRegionAndName(ctx, d, m, d.Id())
170+
if err != nil {
171+
return diag.FromErr(err)
172+
}
173+
174+
tflog.Debug(ctx, fmt.Sprintf("scw object bucket: %s, delete policy", bucketName))
175+
_, err = s3Client.DeleteBucketPolicy(ctx, &s3.DeleteBucketPolicyInput{
176+
Bucket: aws.String(bucketName),
177+
})
178+
179+
if tfawserr.ErrCodeEquals(err, ErrCodeNoSuchBucket) {
180+
return nil
181+
}
182+
183+
if err != nil {
184+
return diag.FromErr(fmt.Errorf("error deleting SCW Object policy: %s", err))
185+
}
186+
187+
return nil
188+
}

0 commit comments

Comments
 (0)