From e52f76a11feae8549d9c584068838e83db60c9c4 Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Tue, 27 Sep 2022 17:20:43 -0700 Subject: [PATCH 1/4] TEST: force breakages in mmv1 --- .../resource_storage_default_object_acl.go | 138 ---------- ...esource_storage_default_object_acl_test.go | 252 ------------------ .../terraform/utils/provider.go.erb | 1 - .../storage_default_object_acl.html.markdown | 59 ---- 4 files changed, 450 deletions(-) delete mode 100644 mmv1/third_party/terraform/resources/resource_storage_default_object_acl.go delete mode 100644 mmv1/third_party/terraform/tests/resource_storage_default_object_acl_test.go delete mode 100644 mmv1/third_party/terraform/website/docs/r/storage_default_object_acl.html.markdown diff --git a/mmv1/third_party/terraform/resources/resource_storage_default_object_acl.go b/mmv1/third_party/terraform/resources/resource_storage_default_object_acl.go deleted file mode 100644 index 83bc08d2eb2e..000000000000 --- a/mmv1/third_party/terraform/resources/resource_storage_default_object_acl.go +++ /dev/null @@ -1,138 +0,0 @@ -package google - -import ( - "fmt" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "google.golang.org/api/storage/v1" -) - -func resourceStorageDefaultObjectAcl() *schema.Resource { - return &schema.Resource{ - Create: resourceStorageDefaultObjectAclCreateUpdate, - Read: resourceStorageDefaultObjectAclRead, - Update: resourceStorageDefaultObjectAclCreateUpdate, - Delete: resourceStorageDefaultObjectAclDelete, - - Schema: map[string]*schema.Schema{ - "bucket": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - }, - - "role_entity": { - Type: schema.TypeSet, - Optional: true, - Computed: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - ValidateFunc: validateRoleEntityPair, - }, - }, - }, - UseJSONNumber: true, - } -} - -func resourceStorageDefaultObjectAclCreateUpdate(d *schema.ResourceData, meta interface{}) error { - config := meta.(*Config) - userAgent, err := generateUserAgentString(d, config.userAgent) - if err != nil { - return err - } - - bucket := d.Get("bucket").(string) - defaultObjectAcl := []*storage.ObjectAccessControl{} - for _, v := range d.Get("role_entity").(*schema.Set).List() { - pair := getValidatedRoleEntityPair(v.(string)) - defaultObjectAcl = append(defaultObjectAcl, &storage.ObjectAccessControl{ - Role: pair.Role, - Entity: pair.Entity, - }) - } - - lockName, err := replaceVars(d, config, "storage/buckets/{{bucket}}") - if err != nil { - return err - } - mutexKV.Lock(lockName) - defer mutexKV.Unlock(lockName) - - res, err := config.NewStorageClient(userAgent).Buckets.Get(bucket).Do() - if err != nil { - return fmt.Errorf("Error reading bucket %s: %v", bucket, err) - } - - // Even with ForceSendFields the empty array wasn't working. Luckily, this is the same thing - if len(defaultObjectAcl) == 0 { - _, err = config.NewStorageClient(userAgent).Buckets.Update(bucket, res).IfMetagenerationMatch(res.Metageneration).PredefinedDefaultObjectAcl("private").Do() - if err != nil { - return fmt.Errorf("Error updating default object acl to empty for bucket %s: %v", bucket, err) - } - } else { - res.DefaultObjectAcl = defaultObjectAcl - _, err = config.NewStorageClient(userAgent).Buckets.Update(bucket, res).IfMetagenerationMatch(res.Metageneration).Do() - if err != nil { - return fmt.Errorf("Error updating default object acl for bucket %s: %v", bucket, err) - } - } - - return resourceStorageDefaultObjectAclRead(d, meta) -} - -func resourceStorageDefaultObjectAclRead(d *schema.ResourceData, meta interface{}) error { - config := meta.(*Config) - userAgent, err := generateUserAgentString(d, config.userAgent) - if err != nil { - return err - } - - bucket := d.Get("bucket").(string) - res, err := config.NewStorageClient(userAgent).Buckets.Get(bucket).Projection("full").Do() - if err != nil { - return handleNotFoundError(err, d, fmt.Sprintf("Default Storage Object ACL for Bucket %q", d.Get("bucket").(string))) - } - - var roleEntities []string - for _, roleEntity := range res.DefaultObjectAcl { - role := roleEntity.Role - entity := roleEntity.Entity - roleEntities = append(roleEntities, fmt.Sprintf("%s:%s", role, entity)) - } - - err = d.Set("role_entity", roleEntities) - if err != nil { - return err - } - - d.SetId(bucket) - return nil -} - -func resourceStorageDefaultObjectAclDelete(d *schema.ResourceData, meta interface{}) error { - config := meta.(*Config) - userAgent, err := generateUserAgentString(d, config.userAgent) - if err != nil { - return err - } - - lockName, err := replaceVars(d, config, "storage/buckets/{{bucket}}") - if err != nil { - return err - } - mutexKV.Lock(lockName) - defer mutexKV.Unlock(lockName) - - bucket := d.Get("bucket").(string) - res, err := config.NewStorageClient(userAgent).Buckets.Get(bucket).Do() - if err != nil { - return fmt.Errorf("Error reading bucket %s: %v", bucket, err) - } - - _, err = config.NewStorageClient(userAgent).Buckets.Update(bucket, res).IfMetagenerationMatch(res.Metageneration).PredefinedDefaultObjectAcl("private").Do() - if err != nil { - return fmt.Errorf("Error deleting (updating to private) default object acl for bucket %s: %v", bucket, err) - } - - return nil -} diff --git a/mmv1/third_party/terraform/tests/resource_storage_default_object_acl_test.go b/mmv1/third_party/terraform/tests/resource_storage_default_object_acl_test.go deleted file mode 100644 index 42b0befc29b8..000000000000 --- a/mmv1/third_party/terraform/tests/resource_storage_default_object_acl_test.go +++ /dev/null @@ -1,252 +0,0 @@ -package google - -import ( - "fmt" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" -) - -func TestAccStorageDefaultObjectAcl_basic(t *testing.T) { - t.Parallel() - - bucketName := testBucketName(t) - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccStorageDefaultObjectAclDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic1, roleEntityBasic2), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic1), - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic2), - ), - }, - }, - }) -} - -func TestAccStorageDefaultObjectAcl_noRoleEntity(t *testing.T) { - t.Parallel() - - bucketName := testBucketName(t) - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccStorageDefaultObjectAclDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testGoogleStorageDefaultObjectsAclNoRoleEntity(bucketName), - }, - }, - }) -} - -func TestAccStorageDefaultObjectAcl_upgrade(t *testing.T) { - t.Parallel() - - bucketName := testBucketName(t) - - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccStorageDefaultObjectAclDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic1, roleEntityBasic2), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic1), - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic2), - ), - }, - - { - Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic2, roleEntityBasic3_owner), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic2), - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic3_owner), - ), - }, - - { - Config: testGoogleStorageDefaultObjectsAclBasicDelete(bucketName, roleEntityBasic1), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic1), - testAccCheckGoogleStorageDefaultObjectAclDelete(t, bucketName, roleEntityBasic2), - testAccCheckGoogleStorageDefaultObjectAclDelete(t, bucketName, roleEntityBasic3_reader), - ), - }, - }, - }) -} - -func TestAccStorageDefaultObjectAcl_downgrade(t *testing.T) { - t.Parallel() - - bucketName := testBucketName(t) - - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccStorageDefaultObjectAclDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic2, roleEntityBasic3_owner), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic2), - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic3_owner), - ), - }, - - { - Config: testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntityBasic2, roleEntityBasic3_reader), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic2), - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic3_reader), - ), - }, - - { - Config: testGoogleStorageDefaultObjectsAclBasicDelete(bucketName, roleEntityBasic1), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleStorageDefaultObjectAcl(t, bucketName, roleEntityBasic1), - testAccCheckGoogleStorageDefaultObjectAclDelete(t, bucketName, roleEntityBasic2), - testAccCheckGoogleStorageDefaultObjectAclDelete(t, bucketName, roleEntityBasic3_reader), - ), - }, - }, - }) -} - -// Test that we allow the API to reorder our role entities without perma-diffing. -func TestAccStorageDefaultObjectAcl_unordered(t *testing.T) { - t.Parallel() - - bucketName := testBucketName(t) - - vcrTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccStorageDefaultObjectAclDestroyProducer(t), - Steps: []resource.TestStep{ - { - Config: testGoogleStorageDefaultObjectAclUnordered(bucketName), - }, - }, - }) -} - -func testAccCheckGoogleStorageDefaultObjectAcl(t *testing.T, bucket, roleEntityS string) resource.TestCheckFunc { - return func(s *terraform.State) error { - roleEntity, _ := getRoleEntityPair(roleEntityS) - config := googleProviderConfig(t) - - res, err := config.NewStorageClient(config.userAgent).DefaultObjectAccessControls.Get(bucket, - roleEntity.Entity).Do() - - if err != nil { - return fmt.Errorf("Error retrieving contents of storage default Acl for bucket %s: %s", bucket, err) - } - - if res.Role != roleEntity.Role { - return fmt.Errorf("Error, Role mismatch %s != %s", res.Role, roleEntity.Role) - } - - return nil - } -} - -func testAccStorageDefaultObjectAclDestroyProducer(t *testing.T) func(s *terraform.State) error { - return func(s *terraform.State) error { - config := googleProviderConfig(t) - - for _, rs := range s.RootModule().Resources { - - if rs.Type != "google_storage_default_object_acl" { - continue - } - - bucket := rs.Primary.Attributes["bucket"] - - _, err := config.NewStorageClient(config.userAgent).DefaultObjectAccessControls.List(bucket).Do() - if err == nil { - return fmt.Errorf("Default Storage Object Acl for bucket %s still exists", bucket) - } - } - return nil - } -} - -func testAccCheckGoogleStorageDefaultObjectAclDelete(t *testing.T, bucket, roleEntityS string) resource.TestCheckFunc { - return func(s *terraform.State) error { - roleEntity, _ := getRoleEntityPair(roleEntityS) - config := googleProviderConfig(t) - - _, err := config.NewStorageClient(config.userAgent).DefaultObjectAccessControls.Get(bucket, roleEntity.Entity).Do() - - if err != nil { - return nil - } - - return fmt.Errorf("Error, Object Default Acl Entity still exists %s for bucket %s", - roleEntity.Entity, bucket) - } -} - -func testGoogleStorageDefaultObjectsAclBasic(bucketName, roleEntity1, roleEntity2 string) string { - return fmt.Sprintf(` -resource "google_storage_bucket" "bucket" { - name = "%s" - location = "US" -} - -resource "google_storage_default_object_acl" "acl" { - bucket = google_storage_bucket.bucket.name - role_entity = ["%s", "%s"] -} -`, bucketName, roleEntity1, roleEntity2) -} - -func testGoogleStorageDefaultObjectsAclBasicDelete(bucketName, roleEntity string) string { - return fmt.Sprintf(` -resource "google_storage_bucket" "bucket" { - name = "%s" - location = "US" -} - -resource "google_storage_default_object_acl" "acl" { - bucket = google_storage_bucket.bucket.name - role_entity = ["%s"] -} -`, bucketName, roleEntity) -} - -func testGoogleStorageDefaultObjectsAclNoRoleEntity(bucketName string) string { - return fmt.Sprintf(` -resource "google_storage_bucket" "bucket" { - name = "%s" - location = "US" -} - -resource "google_storage_default_object_acl" "acl" { - bucket = google_storage_bucket.bucket.name - role_entity = [] -} -`, bucketName) -} - -func testGoogleStorageDefaultObjectAclUnordered(bucketName string) string { - return fmt.Sprintf(` -resource "google_storage_bucket" "bucket" { - name = "%s" - location = "US" -} - -resource "google_storage_default_object_acl" "acl" { - bucket = google_storage_bucket.bucket.name - role_entity = ["%s", "%s", "%s", "%s", "%s"] -} -`, bucketName, roleEntityBasic1, roleEntityViewers, roleEntityOwners, roleEntityBasic2, roleEntityEditors) -} diff --git a/mmv1/third_party/terraform/utils/provider.go.erb b/mmv1/third_party/terraform/utils/provider.go.erb index f7ffac1648a4..702c015dfd6b 100644 --- a/mmv1/third_party/terraform/utils/provider.go.erb +++ b/mmv1/third_party/terraform/utils/provider.go.erb @@ -458,7 +458,6 @@ end # products.each do "google_storage_bucket_acl": resourceStorageBucketAcl(), "google_storage_bucket_object": resourceStorageBucketObject(), "google_storage_object_acl": resourceStorageObjectAcl(), - "google_storage_default_object_acl": resourceStorageDefaultObjectAcl(), "google_storage_notification": resourceStorageNotification(), "google_storage_transfer_job": resourceStorageTransferJob(), // ####### END handwritten resources ########### diff --git a/mmv1/third_party/terraform/website/docs/r/storage_default_object_acl.html.markdown b/mmv1/third_party/terraform/website/docs/r/storage_default_object_acl.html.markdown deleted file mode 100644 index bc357e9cd95d..000000000000 --- a/mmv1/third_party/terraform/website/docs/r/storage_default_object_acl.html.markdown +++ /dev/null @@ -1,59 +0,0 @@ ---- -subcategory: "Cloud Storage" -page_title: "Google: google_storage_default_object_acl" -description: |- - Authoritatively manages the default object ACLs for a Google Cloud Storage bucket ---- - -# google\_storage\_default\_object\_acl - -Authoritatively manages the default object ACLs for a Google Cloud Storage bucket -without managing the bucket itself. - --> Note that for each object, its creator will have the `"OWNER"` role in addition -to the default ACL that has been defined. - -For more information see -[the official documentation](https://cloud.google.com/storage/docs/access-control/lists) -and -[API](https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls). - --> Want fine-grained control over default object ACLs? Use `google_storage_default_object_access_control` -to control individual role entity pairs. - -## Example Usage - -Example creating a default object ACL on a bucket with one owner, and one reader. - -```hcl -resource "google_storage_bucket" "image-store" { - name = "image-store-bucket" - location = "EU" -} - -resource "google_storage_default_object_acl" "image-store-default-acl" { - bucket = google_storage_bucket.image-store.name - role_entity = [ - "OWNER:user-my.email@gmail.com", - "READER:group-mygroup", - ] -} -``` - -## Argument Reference - -* `bucket` - (Required) The name of the bucket it applies to. - ---- - -* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. -See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. -Omitting the field is the same as providing an empty list. - -## Attributes Reference - -Only the arguments listed above are exposed as attributes. - -## Import - -This resource does not support import. From baf32fb3bcea5d1cc72e30d90da9a10d752abb9d Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Tue, 18 Oct 2022 19:12:41 -0700 Subject: [PATCH 2/4] fix field rules --- tools/breaking-change-detector/rules/rules_field.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/breaking-change-detector/rules/rules_field.go b/tools/breaking-change-detector/rules/rules_field.go index 7b878a928bb7..cd0ab5cc2126 100644 --- a/tools/breaking-change-detector/rules/rules_field.go +++ b/tools/breaking-change-detector/rules/rules_field.go @@ -108,7 +108,7 @@ func fieldRule_BecomingComputedOnly_func(old, new *schema.Schema, mc MessageCont var fieldRule_OptionalComputedToOptional = FieldRule{ name: "Optional and Computed to Optional", - definition: "A field cannot go from Computed + Optional to Optional. On a sequential "apply" the terraform state will have the previously computed value. The value won't be present in the config, thus ultimately causing a diff.", + definition: "A field cannot go from Computed + Optional to Optional. On a sequential `apply` the terraform state will have the previously computed value. The value won't be present in the config, thus ultimately causing a diff.", message: "Field {{field}} transitioned from optional+computed to optional {{resource}}", identifier: "field-oc-to-c", isRuleBreak: fieldRule_OptionalComputedToOptional_func, From d2f10a212e289412c3c65901d4130ae66c49847e Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Tue, 18 Oct 2022 19:34:40 -0700 Subject: [PATCH 3/4] add write suport to github action --- .github/workflows/docker-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 514928593b00..6dcd738b8e8a 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -8,11 +8,11 @@ jobs: if: github.event.label.id == '4598495472' # The unique identifier for the override-breaking-change label.. used in place of name so the name can be modified without breaking usage runs-on: ubuntu-latest permissions: - pull-requests: read + pull-requests: write statuses: write steps: - uses: actions/checkout@v2 - - run: | + - run: | curl -X POST -H "Authorization: token ${{secrets.GITHUB_TOKEN}}" \ -H "Accept: application/vnd.github.v3+json" \ "https://api.github.com/repos/GoogleCloudPlatform/magic-modules/statuses/${{github.event.pull_request.head.sha || github.sha}}" \ From a7b2e3f13b48bee09d664d722e7ef0af493afb99 Mon Sep 17 00:00:00 2001 From: Scott Suarez Date: Wed, 26 Oct 2022 16:16:19 -0700 Subject: [PATCH 4/4] Update docker-image.yml --- .github/workflows/docker-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 6dcd738b8e8a..514928593b00 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -8,11 +8,11 @@ jobs: if: github.event.label.id == '4598495472' # The unique identifier for the override-breaking-change label.. used in place of name so the name can be modified without breaking usage runs-on: ubuntu-latest permissions: - pull-requests: write + pull-requests: read statuses: write steps: - uses: actions/checkout@v2 - - run: | + - run: | curl -X POST -H "Authorization: token ${{secrets.GITHUB_TOKEN}}" \ -H "Accept: application/vnd.github.v3+json" \ "https://api.github.com/repos/GoogleCloudPlatform/magic-modules/statuses/${{github.event.pull_request.head.sha || github.sha}}" \