feat(obs): import obs resource and add unit test

docs/data-sources/obs_buckets.md

@@ -0,0 +1,45 @@
+---
+subcategory: "Object Storage Service (OBS)"
+---
+
+# flexibleengine_obs_buckets
+
+Use this data source to get all OBS buckets.
+
+```hcl
+data "flexibleengine_obs_buckets" "buckets" {
+  bucket = "your-bucket-name"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) The region in which to obtain the OBS bucket.
+  If omitted, the provider-level region will be used.
+
+* `bucket` - (Optional, String) The name of the OBS bucket.
+
+* `enterprise_project_id` - (Optional, String) The enterprise project id of the OBS bucket.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The ID of the list.
+
+* `buckets` - A list of OBS buckets. The [buckets](#obs_buckets) object structure is documented below.
+
+<a name="obs_buckets"></a>
+The `buckets` block supports:
+
+* `region` - The region where the OBS bucket belongs.
+
+* `bucket` - The name of the OBS bucket.
+
+* `enterprise_project_id` - The enterprise project id of the OBS bucket.
+
+* `storage_class` - The storage class of the OBS bucket.
+
+* `created_at` - The date when the OBS bucket was created.

docs/resources/obs_bucket_object_acl.md

@@ -0,0 +1,104 @@
+---
+subcategory: "Object Storage Service (OBS)"
+---
+
+# flexibleengine_obs_bucket_object_acl
+
+Manages an OBS bucket object acl resource within FlexibleEngine.
+
+-> **NOTE:** When creating or updating the OBS bucket object acl, the original object acl will be overwritten. When
+deleting the OBS bucket object acl, only the owner permissions will be retained, and the other permissions will be
+removed.
+
+## Example Usage
+
+```hcl
+variable "bucket" {}
+variable "key" {}
+variable "account1" {}
+variable "account2" {}
+
+resource "flexibleengine_obs_bucket_object_acl" "test" {
+  bucket = var.bucket
+  key    = var.key
+
+  account_permission {
+    access_to_object = ["READ"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = var.account1
+  }
+
+  account_permission {
+    access_to_object = ["READ"]
+    access_to_acl    = ["READ_ACP"]
+    account_id       = var.account2
+  }
+
+  public_permission {
+    access_to_acl = ["READ_ACP", "WRITE_ACP"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+
+  Changing this parameter will create a new resource.
+
+* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket which the object belongs to.
+
+  Changing this parameter will create a new resource.
+
+* `key` - (Required, String, ForceNew) Specifies the name of the object to which to set the acl.
+
+  Changing this parameter will create a new resource.
+
+* `public_permission` - (Optional, List) Specifies the object public permission.
+  The [public_permission](#permission_struct) structure is documented below.
+
+* `account_permission` - (Optional, List) Specifies the object account permissions.
+  The [account_permission](#account_permission_struct) structure is documented below.
+
+<a name="permission_struct"></a>
+The `public_permission` block supports:
+
+* `access_to_object` - (Optional, List) Specifies the access to object. Only **READ** supported.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+<a name="account_permission_struct"></a>
+The `account_permission` block supports:
+
+* `account_id` - (Required, String) Specifies the account id to authorize. The account id cannot be the object owner,
+  and must be unique.
+
+* `access_to_object` - (Optional, List) Specifies the access to object. Only **READ** supported.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The name of the bucket object key.
+* `owner_permission` - The object owner permission information.
+  The [owner_permission_struct](#OBSBucketObjectAcl_owner_permission_struct) structure is documented below.
+
+<a name="OBSBucketObjectAcl_owner_permission_struct"></a>
+The `owner_permission_struct` block supports:
+
+* `access_to_object` - The owner object permissions.
+
+* `access_to_acl` - The owner acl permissions.
+
+## Import
+
+The obs bucket object acl can be imported using `bucket` and `key`, separated by a slash, e.g.
+
+```bash
+terraform import flexibleengine_obs_bucket_object_acl.test    <bucket>/<key>
+```

docs/resources/obs_bucket_policy.md

@@ -0,0 +1,104 @@
+---
+subcategory: "Object Storage Service (OBS)"
+---
+
+# flexibleengine_obs_bucket_policy
+
+Attaches a policy to an OBS bucket resource.
+
+-> **NOTE:** When creating or updating the OBS bucket policy, the original policy will be overwritten.
+
+## Example Usage
+
+### Policy with OBS format
+
+```hcl
+resource "flexibleengine_obs_bucket" "bucket" {
+  bucket = "my-test-bucket"
+}
+
+resource "flexibleengine_obs_bucket_policy" "policy" {
+  bucket = flexibleengine_obs_bucket.bucket.id
+  policy = <<POLICY
+{
+  "Statement": [
+    {
+      "Sid": "AddPerm",
+      "Effect": "Allow",
+      "Principal": {"ID": "*"},
+      "Action": ["GetObject"],
+      "Resource": "my-test-bucket/*"
+    }
+  ]
+}
+POLICY
+}
+```
+
+### Policy with S3 format
+
+```hcl
+resource "flexibleengine_obs_bucket" "bucket" {
+  bucket = "my-test-bucket"
+}
+
+resource "flexibleengine_obs_bucket_policy" "s3_policy" {
+  bucket        = flexibleengine_obs_bucket.bucket.id
+  policy_format = "s3"
+  policy        = <<POLICY
+{
+  "Version": "2008-10-17",
+  "Id": "MYBUCKETPOLICY",
+  "Statement": [
+    {
+      "Sid": "IPAllow",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "s3:*",
+      "Resource": "arn:aws:s3:::my-test-bucket/*",
+      "Condition": {
+        "IpAddress": {"aws:SourceIp": "8.8.8.8/32"}
+      }
+    }
+  ]
+}
+POLICY
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) The region in which to create the OBS bucket policy resource. If omitted, the
+  provider-level region will be used. Changing this creates a new OBS bucket policy resource.
+
+* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket to which to apply the policy.
+  Changing this creates a new obs bucket policy resource.
+
+* `policy` - (Required, String) Specifies the text of the bucket policy in JSON format. For more information about obs
+  format bucket policy,
+  see the [Developer Guide](https://docs.prod-cloud-ocb.orange-business.com/usermanual/obs/en-us_topic_0045853745.html).
+
+* `policy_format` - (Optional, String) Specifies the policy format, the supported values are *obs* and *s3*. Defaults
+  to *obs* .
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - Specifies a resource ID in UUID format.
+
+## Import
+
+OBS format bucket policy can be imported using the `<bucket>`, e.g.
+
+```bash
+terraform import flexibleengine_obs_bucket_policy.policy <bucket-name>
+```
+
+S3 foramt bucket policy can be imported using the `<bucket>` and "s3" by a slash, e.g.
+
+```bash
+terraform import flexibleengine_obs_bucket_policy.s3_policy <bucket-name>/s3
+```

flexibleengine/acceptance/acceptance.go

@@ -21,6 +21,7 @@ var (
 	OS_ACCESS_KEY                 = os.Getenv("OS_ACCESS_KEY")
 	OS_SECRET_KEY                 = os.Getenv("OS_SECRET_KEY")
 	OS_PROJECT_ID                 = os.Getenv("OS_PROJECT_ID")
+	OS_DOMAIN_ID                  = os.Getenv("OS_DOMAIN_ID")
 	OS_ENTERPRISE_PROJECT_ID_TEST = os.Getenv("OS_ENTERPRISE_PROJECT_ID_TEST")
 
 	OS_VPC_ID     = os.Getenv("OS_VPC_ID")
@@ -165,3 +166,9 @@ func testAccPreCheckEpsID(t *testing.T) {
 		t.Skip("The environment variables does not support Enterprise Project ID for acc tests")
 	}
 }
+
+func testAccPrecheckDomainId(t *testing.T) {
+	if OS_DOMAIN_ID == "" {
+		t.Skip("OS_DOMAIN_ID must be set for acceptance tests")
+	}
+}

flexibleengine/acceptance/data_source_flexibleengine_obs_bucket_object_test.go

@@ -163,7 +163,6 @@ func testAccCheckObsBucketObjectExists(n string) resource.TestCheckFunc {
 	}
 }
 
-
 func testAccCheckObsObjectDataSourceExists(n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]

flexibleengine/acceptance/data_source_flexibleengine_obs_buckets_test.go

@@ -0,0 +1,49 @@
+package acceptance
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourceObsBuckets_basic(t *testing.T) {
+	dataSourceName := "data.flexibleengine_obs_buckets.buckets"
+	name := acceptance.RandomAccResourceNameWithDash()
+	dc := acceptance.InitDataSourceCheck(dataSourceName)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckOBS(t)
+		},
+		ProviderFactories: TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccObsBuckets_conf(name),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(dataSourceName, "buckets.0.bucket", name),
+				),
+			},
+		},
+	})
+}
+
+func testAccObsBuckets_conf(name string) string {
+	return fmt.Sprintf(`
+resource "flexibleengine_obs_bucket" "bucket" {
+  bucket        = "%s"
+  storage_class = "STANDARD"
+  acl           = "private"
+}
+
+data "flexibleengine_obs_buckets" "buckets" {
+  bucket = "%s"
+
+  depends_on = [flexibleengine_obs_bucket.bucket]
+}
+`, name, name)
+}

flexibleengine/acceptance/resource_flexibleengine_obs_bucket_acl_test.go

@@ -130,8 +130,8 @@ resource "flexibleengine_obs_bucket_acl" "test" {
   }
 
   account_permission {
-    access_to_acl    = ["READ_ACP"]
-    account_id       = "1000010023"
+    access_to_acl = ["READ_ACP"]
+    account_id    = "1000010023"
   }
 
   public_permission {