add acl validator to aws s3 bucket resource #15327
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -76,6 +76,14 @@ func resourceAwsS3Bucket() *schema.Resource { | |
| Default: "private", | ||
| Optional: true, | ||
| ConflictsWith: []string{"grant"}, | ||
| ValidateFunc: validation.StringInSlice([]string{ | ||
| s3.BucketCannedACLPrivate, | ||
| s3.BucketCannedACLPublicRead, | ||
| s3.BucketCannedACLPublicReadWrite, | ||
| s3.BucketCannedACLAWSExecRead, | ||
|
There was a problem hiding this comment. I don't think this exists for buckets... For objects, there's There was a problem hiding this comment. https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
It seems to say it works on both There was a problem hiding this comment. The SDK doesn't seem to support it. See https://docs.aws.amazon.com/sdk-for-go/api/service/s3/#pkg-constants. Or if you look at the code directly (https://raw.githubusercontent.com/aws/aws-sdk-go/master/service/s3/api.go), you can take a look at the There was a problem hiding this comment. I see you're correct. Those values are exist at the ObjectCannedACL_Values() function. I dont know the behavior just yet, and would need to test, but in this case, would it be wise to add this validator in if the upstream SDK doesn't support all possible values for a bucket? Wouldn't want to return a validation error when the ACL is perfectly valid. |
||
| s3.BucketCannedACLAuthenticatedRead, | ||
| s3.BucketCannedACLLogDeliveryWrite, | ||
|
There was a problem hiding this comment. This doesn't seem to exist? There was a problem hiding this comment. as in the other comment, yeah you're correct |
||
| }, false), | ||
| }, | ||
|
|
||
| "grant": { | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of hardcoding them, how about just using
s3.BucketCannedACL_Values()?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont really have a preference. But, looking at other validation functions, they seem to list out all the values. I dont think I want to go against the style?
https://github.com/terraform-providers/terraform-provider-aws/blob/0544ae1fe0f788616cc483df8d0e68d3dd36a0ed/aws/resource_aws_s3_bucket.go#L120
https://github.com/terraform-providers/terraform-provider-aws/blob/0544ae1fe0f788616cc483df8d0e68d3dd36a0ed/aws/resource_aws_s3_bucket.go#L406
https://github.com/terraform-providers/terraform-provider-aws/blob/0544ae1fe0f788616cc483df8d0e68d3dd36a0ed/aws/resource_aws_s3_bucket.go#L453
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @NikolaeVarius. We've actually been changing over to the
_Values()functions so that new values are automatically picked up when we update the AWS SDK. We're tracking this in #14601The
_Values()functions were actually added by one of our maintainers in aws/aws-sdk-go#3447 🙂