Merge #3233: Allow canned ACLs on S3 remote state.

hashicorp · Oct 4, 2015 · 859c6c5 · 859c6c5
2 parents 0ee282b + 4f7f20b
commit 859c6c5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/state/remote/s3.go b/state/remote/s3.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"log"
 	"os"
 	"strconv"
 
@@ -45,6 +46,11 @@ func s3Factory(conf map[string]string) (Client, error) {
 		serverSideEncryption = v
 	}
 
+	acl := ""
+	if raw, ok := conf["acl"]; ok {
+		acl = raw
+	}
+
 	accessKeyId := conf["access_key"]
 	secretAccessKey := conf["secret_key"]
 
@@ -77,6 +83,7 @@ func s3Factory(conf map[string]string) (Client, error) {
 		bucketName:           bucketName,
 		keyName:              keyName,
 		serverSideEncryption: serverSideEncryption,
+		acl:                  acl,
 	}, nil
 }
 
@@ -85,6 +92,7 @@ type S3Client struct {
 	bucketName           string
 	keyName              string
 	serverSideEncryption bool
+	acl                  string
 }
 
 func (c *S3Client) Get() (*Payload, error) {
@@ -140,6 +148,12 @@ func (c *S3Client) Put(data []byte) error {
 		i.ServerSideEncryption = aws.String("AES256")
 	}
 
+	if c.acl != "" {
+		i.ACL = aws.String(c.acl)
+	}
+
+	log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)
+
 	if _, err := c.nativeClient.PutObject(i); err == nil {
 		return nil
 	} else {

diff --git a/website/source/docs/commands/remote-config.html.markdown b/website/source/docs/commands/remote-config.html.markdown
@@ -57,6 +57,13 @@ The following backends are supported:
   in the `access_key`, `secret_key` and `region` variables
   respectively, but passing credentials this way is not recommended since they
   will be included in cleartext inside the persisted state.
+  Other supported parameters include:
+  * `bucket` - the name of the S3 bucket
+  * `key` - path where to place/look for state file inside the bucket
+  * `encrypt` - whether to enable [server side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+    of the state file
+  * `acl` - [Canned ACL](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
+    to be applied to the state file.
 
 * HTTP - Stores the state using a simple REST client. State will be fetched
   via GET, updated via POST, and purged with DELETE. Requires the `address` variable.