Skip to content

Commit

Permalink
feat(obs): import obs resource and add unit test and docs for 10sp2 p…
Browse files Browse the repository at this point in the history
…roject
  • Loading branch information
Zhukun-Huawei committed Nov 1, 2023
1 parent 02543dd commit 96338c1
Show file tree
Hide file tree
Showing 10 changed files with 1,159 additions and 0 deletions.
48 changes: 48 additions & 0 deletions docs/data-sources/obs_bucket_object.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---
subcategory: "Object Storage Service (OBS)"
---

# flexibleengine_obs_bucket_object

Use this data source to get info of special FlexibleEngine obs object.

```hcl
data "flexibleengine_obs_bucket_object" "object" {
bucket = "my-test-bucket"
key = "new-key"
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String) The region in which to obtain the OBS object. If omitted, the provider-level region will
be used.

* `bucket` - (Required, String) The name of the bucket to put the file in.

* `key` - (Required, String) The name of the object once it is in the bucket.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - the `key` of the resource supplied above.

* `etag` - the ETag generated for the object (an MD5 sum of the object content). When the object is encrypted on the
server side, the ETag value is not the MD5 value of the object, but the unique identifier calculated through the
server-side encryption.

* `size` - the size of the object in bytes.

* `version_id` - a unique version ID value for the object, if bucket versioning is enabled.

* `storage_class` - specifies the storage class of the object.

* `content_type` - a standard MIME type describing the format of the object data, e.g. application/octet-stream. All
Valid MIME Types are valid for this input.

* `body` - The content of an object which is available only for objects which have a human-readable Content-Type
(text/* and application/json) and smaller than **64KB**. This is to prevent printing unsafe characters and
potentially downloading large amount of data.
44 changes: 44 additions & 0 deletions docs/data-sources/obs_buckets.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
subcategory: "Object Storage Service (OBS)"
---

# flexibleengine_obs_buckets

Use this data source to get all OBS buckets.

```hcl
data "flexibleengine_obs_buckets" "buckets" {
bucket = "your-bucket-name"
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String) The region in which to obtain the OBS bucket.
If omitted, the provider-level region will be used.

* `bucket` - (Optional, String) The name of the OBS bucket.

* `enterprise_project_id` - (Optional, String) The enterprise project id of the OBS bucket.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The ID of the list.

* `buckets` - A list of OBS buckets.

The `buckets` block supports:

* `region` - The region where the OBS bucket belongs.

* `bucket` - The name of the OBS bucket.

* `enterprise_project_id` - The enterprise project id of the OBS bucket.

* `storage_class` - The storage class of the OBS bucket.

* `created_at` - The date when the OBS bucket was created.
104 changes: 104 additions & 0 deletions docs/resources/obs_bucket_object_acl.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
---
subcategory: "Object Storage Service (OBS)"
---

# flexibleengine_obs_bucket_object_acl

Manages an OBS bucket object acl resource within FlexibleEngine.

-> **NOTE:** When creating or updating the OBS bucket object acl, the original object acl will be overwritten. When
deleting the OBS bucket object acl, only the owner permissions will be retained, and the other permissions will be
removed.

## Example Usage

```hcl
variable "bucket" {}
variable "key" {}
variable "account1" {}
variable "account2" {}
resource "flexibleengine_obs_bucket_object_acl" "test" {
bucket = var.bucket
key = var.key
account_permission {
access_to_object = ["READ"]
access_to_acl = ["READ_ACP", "WRITE_ACP"]
account_id = var.account1
}
account_permission {
access_to_object = ["READ"]
access_to_acl = ["READ_ACP"]
account_id = var.account2
}
public_permission {
access_to_acl = ["READ_ACP", "WRITE_ACP"]
}
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
If omitted, the provider-level region will be used.

Changing this parameter will create a new resource.

* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket which the object belongs to.

Changing this parameter will create a new resource.

* `key` - (Required, String, ForceNew) Specifies the name of the object to which to set the acl.

Changing this parameter will create a new resource.

* `public_permission` - (Optional, List) Specifies the object public permission.
The [permission_struct](#OBSBucketObjectAcl_permission_struct) structure is documented below.

* `account_permission` - (Optional, List) Specifies the object account permissions.
The [account_permission_struct](#OBSBucketObjectAcl_account_permission_struct) structure is documented below.

<a name="OBSBucketObjectAcl_permission_struct"></a>
The `permission_struct` block supports:

* `access_to_object` - (Optional, List) Specifies the access to object. Only **READ** supported.

* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.

<a name="OBSBucketObjectAcl_account_permission_struct"></a>
The `account_permission_struct` block supports:

* `account_id` - (Required, String) Specifies the account id to authorize. The account id cannot be the object owner,
and must be unique.

* `access_to_object` - (Optional, List) Specifies the access to object. Only **READ** supported.

* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The name of the bucket object key.
* `owner_permission` - The object owner permission information.
The [owner_permission_struct](#OBSBucketObjectAcl_owner_permission_struct) structure is documented below.

<a name="OBSBucketObjectAcl_owner_permission_struct"></a>
The `owner_permission_struct` block supports:

* `access_to_object` - The owner object permissions.

* `access_to_acl` - The owner acl permissions.

## Import

The obs bucket object acl can be imported using `bucket` and `key`, separated by a slash, e.g.

```bash
$ terraform import flexibleengine_obs_bucket_object_acl.test <bucket>/<key>
```
103 changes: 103 additions & 0 deletions docs/resources/obs_bucket_policy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
---
subcategory: "Object Storage Service (OBS)"
---

# flexibleengine_obs_bucket_policy

Attaches a policy to an OBS bucket resource.

-> **NOTE:** When creating or updating the OBS bucket policy, the original policy will be overwritten.

## Example Usage

### Policy with OBS format

```hcl
resource "flexibleengine_obs_bucket" "bucket" {
bucket = "my-test-bucket"
}
resource "flexibleengine_obs_bucket_policy" "policy" {
bucket = flexibleengine_obs_bucket.bucket.id
policy = <<POLICY
{
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": {"ID": "*"},
"Action": ["GetObject"],
"Resource": "my-test-bucket/*"
}
]
}
POLICY
}
```

### Policy with S3 format

```hcl
resource "flexibleengine_obs_bucket" "bucket" {
bucket = "my-test-bucket"
}
resource "flexibleengine_obs_bucket_policy" "s3_policy" {
bucket = flexibleengine_obs_bucket.bucket.id
policy_format = "s3"
policy = <<POLICY
{
"Version": "2008-10-17",
"Id": "MYBUCKETPOLICY",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-test-bucket/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "8.8.8.8/32"}
}
}
]
}
POLICY
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String, ForceNew) The region in which to create the OBS bucket policy resource. If omitted, the
provider-level region will be used. Changing this creates a new OBS bucket policy resource.

* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket to which to apply the policy.

* `policy` - (Required, String) Specifies the text of the bucket policy in JSON format. For more information about obs
format bucket policy,
see the [Developer Guide](https://docs.prod-cloud-ocb.orange-business.com/usermanual/obs/en-us_topic_0045853745.html).

* `policy_format` - (Optional, String) Specifies the policy format, the supported values are *obs* and *s3*. Defaults
to *obs* .

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - Specifies a resource ID in UUID format.

## Import

OBS format bucket policy can be imported using the `<bucket>`, e.g.

```
$ terraform import flexibleengine_obs_bucket_policy.policy <bucket-name>
```

S3 foramt bucket policy can be imported using the `<bucket>` and "s3" by a slash, e.g.

```
$ terraform import flexibleengine_obs_bucket_policy.s3_policy <bucket-name>/s3
```
7 changes: 7 additions & 0 deletions flexibleengine/acceptance/acceptance.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ var (
OS_ACCESS_KEY = os.Getenv("OS_ACCESS_KEY")
OS_SECRET_KEY = os.Getenv("OS_SECRET_KEY")
OS_PROJECT_ID = os.Getenv("OS_PROJECT_ID")
OS_DOMAIN_ID = os.Getenv("OS_DOMAIN_ID")

OS_VPC_ID = os.Getenv("OS_VPC_ID")
OS_NETWORK_ID = os.Getenv("OS_NETWORK_ID")
Expand Down Expand Up @@ -155,3 +156,9 @@ func testAccPreCheckImsBackupId(t *testing.T) {
t.Skip("OS_IMS_BACKUP_ID must be set for IMS whole image with CBR backup id")
}
}

func testAccPrecheckDomainId(t *testing.T) {
if OS_DOMAIN_ID == "" {
t.Skip("OS_DOMAIN_ID must be set for acceptance tests")
}
}
Loading

0 comments on commit 96338c1

Please sign in to comment.