feat(obs): support logging agency

FlexibleEngineCloud · Mar 20, 2024 · 475bb94 · 475bb94
1 parent 22fd214
commit 475bb94
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 6 deletions.
diff --git a/docs/resources/obs_bucket.md b/docs/resources/obs_bucket.md
@@ -33,6 +33,9 @@ resource "flexibleengine_obs_bucket" "b" {
 ### Enable Logging
 
 ```hcl
+# The agency must be an OBS cloud service agency with the `PutObject` permission.
+variable "agency_name" {}
+
 resource "flexibleengine_obs_bucket" "log_bucket" {
   bucket = "my-tf-log-bucket"
   acl    = "log-delivery-write"
@@ -45,6 +48,7 @@ resource "flexibleengine_obs_bucket" "b" {
   logging {
     target_bucket = flexibleengine_obs_bucket.log_bucket.id
     target_prefix = "log/"
+    agency        = var.agency_name
   }
 }
 ```
@@ -195,8 +199,15 @@ The `logging` object supports:
 
 * `target_bucket` - (Required, String) The name of the bucket that will receive the log objects.
   The acl policy of the target bucket should be `log-delivery-write`.
+
 * `target_prefix` - (Optional, String) To specify a key prefix for log objects.
 
+* `agency` - (Required, String) Specifies the IAM agency of OBS cloud service.
+
+  -> The IAM agency requires the `PutObject` permission for the target bucket.  If default encryption is enabled for the
+  target bucket, the agency also requires the `KMS Administrator` permission in the region where the target bucket is
+  located.
+
 <a name="obs_website"></a>
 The `website` object supports:
 

diff --git a/flexibleengine/resource_flexibleengine_obs_bucket.go b/flexibleengine/resource_flexibleengine_obs_bucket.go
@@ -64,6 +64,12 @@ func resourceObsBucket() *schema.Resource {
 							Optional: true,
 							Default:  "logs/",
 						},
+						"agency": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Computed:    true,
+							Description: "schema: Required",
+						},
 					},
 				},
 			},
@@ -335,7 +341,7 @@ func resourceObsBucketUpdate(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	if d.HasChange("logging") {
-		if err := resourceObsBucketLoggingUpdate(obsClient, d); err != nil {
+		if err := resourceObsBucketLoggingUpdate(obsClientWithSignature, d); err != nil {
 			return err
 		}
 	}
@@ -413,7 +419,7 @@ func resourceObsBucketRead(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	// Read the logging configuration
-	if err := setObsBucketLogging(obsClient, d); err != nil {
+	if err := setObsBucketLogging(obsClientWithSignature, d); err != nil {
 		return err
 	}
 
@@ -562,6 +568,10 @@ func resourceObsBucketLoggingUpdate(obsClient *obs.ObsClient, d *schema.Resource
 		if val := c["target_prefix"].(string); val != "" {
 			loggingStatus.TargetPrefix = val
 		}
+
+		if val := c["agency"].(string); val != "" {
+			loggingStatus.Agency = val
+		}
 	}
 	log.Printf("[DEBUG] set logging of OBS bucket %s: %#v", bucket, loggingStatus)
 
@@ -959,6 +969,9 @@ func setObsBucketLogging(obsClient *obs.ObsClient, d *schema.ResourceData) error
 		if output.TargetPrefix != "" {
 			logging["target_prefix"] = output.TargetPrefix
 		}
+		if output.Agency != "" {
+			logging["agency"] = output.Agency
+		}
 		lcList = append(lcList, logging)
 	}
 	log.Printf("[DEBUG] saving logging configuration of OBS bucket: %s: %#v", bucket, lcList)

diff --git a/flexibleengine/resource_flexibleengine_obs_bucket_test.go b/flexibleengine/resource_flexibleengine_obs_bucket_test.go
@@ -143,7 +143,7 @@ func TestAccObsBucket_logging(t *testing.T) {
 				Config: testAccObsBucketConfigWithLogging(rInt),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckObsBucketExists(resourceName),
-					testAccCheckObsBucketLogging(resourceName, target_bucket, "log/"),
+					testAccCheckObsBucketLogging(resourceName, target_bucket, "log/", "OBS"),
 				),
 			},
 		},
@@ -311,17 +311,17 @@ func testAccCheckObsBucketExists(n string) resource.TestCheckFunc {
 	}
 }
 
-func testAccCheckObsBucketLogging(name, target, prefix string) resource.TestCheckFunc {
+func testAccCheckObsBucketLogging(name, target, prefix, agency string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[name]
 		if !ok {
 			return fmt.Errorf("Not found: %s", name)
 		}
 
 		config := testAccProvider.Meta().(*Config)
-		obsClient, err := config.ObjectStorageClient(OS_REGION_NAME)
+		obsClient, err := config.ObjectStorageClientWithSignature(OS_REGION_NAME)
 		if err != nil {
-			return fmt.Errorf("Error creating FlexibleEngine OBS client: %s", err)
+			return fmt.Errorf("error creating OBS client with signature: %s", err)
 		}
 
 		output, err := obsClient.GetBucketLoggingConfiguration(rs.Primary.ID)
@@ -337,6 +337,10 @@ func testAccCheckObsBucketLogging(name, target, prefix string) resource.TestChec
 			return fmt.Errorf("%s.logging: Attribute 'target_prefix' expected %s, got %s",
 				name, output.TargetPrefix, prefix)
 		}
+		if output.Agency != agency {
+			return fmt.Errorf("%s.logging: Attribute 'agency' expected %s, got %s",
+				name, output.Agency, agency)
+		}
 
 		return nil
 	}
@@ -430,6 +434,7 @@ resource "flexibleengine_obs_bucket" "bucket" {
   logging {
     target_bucket = flexibleengine_obs_bucket.log_bucket.id
     target_prefix = "log/"
+	agency        = "OBS" # Make sure that the agency has the 'PutObject' permission.
   }
 }
 `, randInt, randInt)