Merge pull request #2 from wayfair/ishashchuk_storage_defaul_acl

Cleaning up storage_default_object_acl
wayfair-archive · Jan 25, 2018 · bca2b1b · bca2b1b
2 parents c702a73 + 5e35381
commit bca2b1b
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 138 deletions.
diff --git a/google/resource_storage_default_object_acl.go b/google/resource_storage_default_object_acl.go
@@ -26,88 +26,75 @@ func resourceStorageDefaultObjectAcl() *schema.Resource {
 				Type:     schema.TypeList,
 				Required: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
+				MinItems: 1,
 			},
 		},
 	}
 }
 
-func getDefaultObjectAclId(bucket string) string {
-	return bucket + "-default-object-acl"
-}
-
 func resourceStorageDefaultObjectAclCreate(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
 	bucket := d.Get("bucket").(string)
-	role_entity := make([]interface{}, 0)
-
-	if v, ok := d.GetOk("role_entity"); ok {
-		role_entity = v.([]interface{})
-	}
+	roleEntity := d.Get("role_entity").([]interface{})
 
-	if len(role_entity) > 0 {
-		for _, v := range role_entity {
-			pair, err := getRoleEntityPair(v.(string))
+	for _, v := range roleEntity {
+		pair, err := getRoleEntityPair(v.(string))
 
-			ObjectAccessControl := &storage.ObjectAccessControl{
-				Role:   pair.Role,
-				Entity: pair.Entity,
-			}
+		ObjectAccessControl := &storage.ObjectAccessControl{
+			Role:   pair.Role,
+			Entity: pair.Entity,
+		}
 
-			log.Printf("[DEBUG]: setting role = %s, entity = %s on bucket %s", pair.Role, pair.Entity, bucket)
+		log.Printf("[DEBUG]: setting role = %s, entity = %s on bucket %s", pair.Role, pair.Entity, bucket)
 
-			_, err = config.clientStorage.DefaultObjectAccessControls.Insert(bucket, ObjectAccessControl).Do()
+		_, err = config.clientStorage.DefaultObjectAccessControls.Insert(bucket, ObjectAccessControl).Do()
 
-			if err != nil {
-				return fmt.Errorf("Error setting Default Object ACL for %s on bucket %s: %v", pair.Entity, bucket, err)
-			}
+		if err != nil {
+			return fmt.Errorf("Error setting Default Object ACL for %s on bucket %s: %v", pair.Entity, bucket, err)
 		}
-
-		return resourceStorageDefaultObjectAclRead(d, meta)
 	}
-	return nil
+	d.SetId(bucket)
+	return resourceStorageDefaultObjectAclRead(d, meta)
 }
 
 func resourceStorageDefaultObjectAclRead(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
 	bucket := d.Get("bucket").(string)
 
-	if _, ok := d.GetOk("role_entity"); ok {
-		role_entity := make([]interface{}, 0)
-		re_local := d.Get("role_entity").([]interface{})
-		re_local_map := make(map[string]string)
-		for _, v := range re_local {
-			res, err := getRoleEntityPair(v.(string))
-
-			if err != nil {
-				return fmt.Errorf(
-					"Old state has malformed Role/Entity pair: %v", err)
-			}
+	roleEntities := make([]interface{}, 0)
+	reLocal := d.Get("role_entity").([]interface{})
+	reLocalMap := make(map[string]string)
+	for _, v := range reLocal {
+		res, err := getRoleEntityPair(v.(string))
 
-			re_local_map[res.Entity] = res.Role
+		if err != nil {
+			return fmt.Errorf(
+				"Old state has malformed Role/Entity pair: %v", err)
 		}
 
-		res, err := config.clientStorage.DefaultObjectAccessControls.List(bucket).Do()
+		reLocalMap[res.Entity] = res.Role
+	}
 
-		if err != nil {
-			return handleNotFoundError(err, d, fmt.Sprintf("Storage Default Object ACL for bucket %q", d.Get("bucket").(string)))
-		}
+	res, err := config.clientStorage.DefaultObjectAccessControls.List(bucket).Do()
 
-		for _, v := range res.Items {
-			role := v.Role
-			entity := v.Entity
-			// We only store updates to the locally defined access controls
-			if _, in := re_local_map[entity]; in {
-				role_entity = append(role_entity, fmt.Sprintf("%s:%s", role, entity))
-				log.Printf("[DEBUG]: saving re %s-%s", v.Role, v.Entity)
-			}
-		}
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("Storage Default Object ACL for bucket %q", d.Get("bucket").(string)))
+	}
 
-		d.Set("role_entity", role_entity)
+	for _, v := range res.Items {
+		role := v.Role
+		entity := v.Entity
+		// We only store updates to the locally defined access controls
+		if _, in := reLocalMap[entity]; in {
+			roleEntities = append(roleEntities, fmt.Sprintf("%s:%s", role, entity))
+			log.Printf("[DEBUG]: saving re %s-%s", v.Role, v.Entity)
+		}
 	}
 
-	d.SetId(getDefaultObjectAclId(bucket))
+	d.Set("role_entity", roleEntities)
+
 	return nil
 }
 
@@ -116,71 +103,70 @@ func resourceStorageDefaultObjectAclUpdate(d *schema.ResourceData, meta interfac
 
 	bucket := d.Get("bucket").(string)
 
-	if d.HasChange("role_entity") {
-		o, n := d.GetChange("role_entity")
-		old_re := o.([]interface{})
-		new_re := n.([]interface{})
+	if !d.HasChange("role_entity") {
+		return nil
+	}
+	o, n := d.GetChange("role_entity")
+	oldRe := o.([]interface{})
+	newRe := n.([]interface{})
+
+	oldReMap := make(map[string]string)
+	for _, v := range oldRe {
+		res, err := getRoleEntityPair(v.(string))
 
-		old_re_map := make(map[string]string)
-		for _, v := range old_re {
-			res, err := getRoleEntityPair(v.(string))
+		if err != nil {
+			return fmt.Errorf(
+				"Old state has malformed Role/Entity pair: %v", err)
+		}
 
-			if err != nil {
-				return fmt.Errorf(
-					"Old state has malformed Role/Entity pair: %v", err)
-			}
+		oldReMap[res.Entity] = res.Role
+	}
 
-			old_re_map[res.Entity] = res.Role
+	for _, v := range newRe {
+		pair, err := getRoleEntityPair(v.(string))
+
+		ObjectAccessControl := &storage.ObjectAccessControl{
+			Role:   pair.Role,
+			Entity: pair.Entity,
 		}
 
-		for _, v := range new_re {
-			pair, err := getRoleEntityPair(v.(string))
-
-			ObjectAccessControl := &storage.ObjectAccessControl{
-				Role:   pair.Role,
-				Entity: pair.Entity,
-			}
-
-			// If the old state is missing for this entity, it needs to
-			// be created. Otherwise it is updated
-			if _, ok := old_re_map[pair.Entity]; ok {
-				_, err = config.clientStorage.DefaultObjectAccessControls.Update(
-					bucket, pair.Entity, ObjectAccessControl).Do()
-			} else {
-				_, err = config.clientStorage.DefaultObjectAccessControls.Insert(
-					bucket, ObjectAccessControl).Do()
-			}
-
-			// Now we only store the keys that have to be removed
-			delete(old_re_map, pair.Entity)
-
-			if err != nil {
-				return fmt.Errorf("Error updating Storage Default Object ACL for bucket %s: %v", bucket, err)
-			}
+		// If the old state is present for the  entity, it is updated
+		// If the old state is missing, it is inserted
+		if _, ok := oldReMap[pair.Entity]; ok {
+			_, err = config.clientStorage.DefaultObjectAccessControls.Update(
+				bucket, pair.Entity, ObjectAccessControl).Do()
+		} else {
+			_, err = config.clientStorage.DefaultObjectAccessControls.Insert(
+				bucket, ObjectAccessControl).Do()
 		}
 
-		for entity, _ := range old_re_map {
-			log.Printf("[DEBUG]: removing entity %s", entity)
-			err := config.clientStorage.DefaultObjectAccessControls.Delete(bucket, entity).Do()
+		// Now we only store the keys that have to be removed
+		delete(oldReMap, pair.Entity)
 
-			if err != nil {
-				return fmt.Errorf("Error updating Storage Default Object ACL for bucket %s: %v", bucket, err)
-			}
+		if err != nil {
+			return fmt.Errorf("Error updating Storage Default Object ACL for bucket %s: %v", bucket, err)
 		}
+	}
+
+	for entity := range oldReMap {
+		log.Printf("[DEBUG]: removing entity %s", entity)
+		err := config.clientStorage.DefaultObjectAccessControls.Delete(bucket, entity).Do()
 
-		return resourceStorageDefaultObjectAclRead(d, meta)
+		if err != nil {
+			return fmt.Errorf("Error updating Storage Default Object ACL for bucket %s: %v", bucket, err)
+		}
 	}
 
-	return nil
+	return resourceStorageDefaultObjectAclRead(d, meta)
 }
 
 func resourceStorageDefaultObjectAclDelete(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*Config)
 
 	bucket := d.Get("bucket").(string)
 
-	re_local := d.Get("role_entity").([]interface{})
-	for _, v := range re_local {
+	reLocal := d.Get("role_entity").([]interface{})
+	for _, v := range reLocal {
 		res, err := getRoleEntityPair(v.(string))
 		if err != nil {
 			return err

diff --git a/google/resource_storage_default_object_acl_test.go b/google/resource_storage_default_object_acl_test.go
@@ -19,7 +19,7 @@ func TestAccGoogleStorageDefaultObjectAcl_basic(t *testing.T) {
 		CheckDestroy: testAccGoogleStorageDefaultObjectAclDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasic1(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic1, roleEntityBasic2),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic2),
@@ -40,25 +40,25 @@ func TestAccGoogleStorageDefaultObjectAcl_upgrade(t *testing.T) {
 		CheckDestroy: testAccGoogleStorageDefaultObjectAclDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasic1(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic1, roleEntityBasic2),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic2),
 				),
 			},
 
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasic2(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic2, roleEntityBasic3_owner),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic3_owner),
 				),
 			},
 
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasicDelete(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasicDelete(bucketName, roleEntityBasic1),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckGoogleStorageDefaultObjectAclDelete(bucketName, roleEntityBasic1),
+					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageDefaultObjectAclDelete(bucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageDefaultObjectAclDelete(bucketName, roleEntityBasic3_reader),
 				),
@@ -78,25 +78,25 @@ func TestAccGoogleStorageDefaultObjectAcl_downgrade(t *testing.T) {
 		CheckDestroy: testAccGoogleStorageDefaultObjectAclDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasic2(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic2, roleEntityBasic3_owner),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic3_owner),
 				),
 			},
 
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasic3(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic2, roleEntityBasic3_reader),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic3_reader),
 				),
 			},
 
 			resource.TestStep{
-				Config: testGoogleStorageDefaultObjectsAclBasicDelete(bucketName),
+				Config: testGoogleStorageDefaultObjectsAclBasicDelete(bucketName, roleEntityBasic1),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckGoogleStorageDefaultObjectAclDelete(bucketName, roleEntityBasic1),
+					testAccCheckGoogleStorageDefaultObjectAcl(bucketName, roleEntityBasic1),
 					testAccCheckGoogleStorageDefaultObjectAclDelete(bucketName, roleEntityBasic2),
 					testAccCheckGoogleStorageDefaultObjectAclDelete(bucketName, roleEntityBasic3_reader),
 				),
@@ -160,46 +160,20 @@ func testAccCheckGoogleStorageDefaultObjectAclDelete(bucket, roleEntityS string)
 	}
 }
 
-func testGoogleStorageDefaultObjectsAclBasicDelete(bucketName string) string {
-	return fmt.Sprintf(`
-resource "google_storage_bucket" "bucket" {
-	name = "%s"
-}
-
-resource "google_storage_default_object_acl" "acl" {
-	bucket = "${google_storage_bucket.bucket.name}"
-	role_entity = []
-}
-`, bucketName)
-}
-
-func testGoogleStorageDefaultObjectsAclBasic1(bucketName string) string {
+func testGoogleStorageDefaultObjectsAclBasicDelete(bucketName, roleEntity string) string {
 	return fmt.Sprintf(`
 resource "google_storage_bucket" "bucket" {
 	name = "%s"
 }
 
 resource "google_storage_default_object_acl" "acl" {
 	bucket = "${google_storage_bucket.bucket.name}"
-	role_entity = ["%s", "%s"]
-}
-`, bucketName, roleEntityBasic1, roleEntityBasic2)
-}
-
-func testGoogleStorageDefaultObjectsAclBasic2(bucketName string) string {
-	return fmt.Sprintf(`
-resource "google_storage_bucket" "bucket" {
-	name = "%s"
-}
-
-resource "google_storage_default_object_acl" "acl" {
-	bucket = "${google_storage_bucket.bucket.name}"
-	role_entity = ["%s", "%s"]
+	role_entity = ["%s"]
 }
-`, bucketName, roleEntityBasic2, roleEntityBasic3_owner)
+`, bucketName, roleEntity)
 }
 
-func testGoogleStorageDefaultObjectsAclBasic3(bucketName string) string {
+func testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntity1, roleEntity2 string) string {
 	return fmt.Sprintf(`
 resource "google_storage_bucket" "bucket" {
 	name = "%s"
@@ -209,5 +183,5 @@ resource "google_storage_default_object_acl" "acl" {
 	bucket = "${google_storage_bucket.bucket.name}"
 	role_entity = ["%s", "%s"]
 }
-`, bucketName, roleEntityBasic2, roleEntityBasic3_reader)
+`, bucketName, roleEntity1, roleEntity2)
 }
diff --git a/website/docs/r/storage_default_object_acl.html.markdown b/website/docs/r/storage_default_object_acl.html.markdown
@@ -8,7 +8,7 @@ description: |-
 
 # google\_storage\_default\_object\_acl
 
-Creates a new default object ACL in Google cloud storage service (GCS). For more information see 
+Creates a new default object ACL in Google Cloud Storage service (GCS). For more information see
 [the official documentation](https://cloud.google.com/storage/docs/access-control/lists) 
 and 
 [API](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls).