/
import_minio_s3_buckets.go
59 lines (44 loc) · 1.69 KB
/
import_minio_s3_buckets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package minio
import (
"context"
"fmt"
awspolicy "github.com/hashicorp/awspolicyequivalence"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
func resourceMinioS3BucketImportState(
ctx context.Context,
d *schema.ResourceData,
meta interface{}) ([]*schema.ResourceData, error) {
if diag := minioReadBucket(ctx, d, meta); diag.HasError() {
return nil, fmt.Errorf("could not read minio bucket")
}
bucketConfig := BucketConfig(d, meta)
conn := meta.(*S3MinioClient).S3Client
bucketObjectLocking, _, _, _, err := conn.GetObjectLockConfig(ctx, d.Id())
object_locking := err == nil && bucketObjectLocking == "Enabled"
_ = d.Set("object_locking", object_locking)
pol, err := conn.GetBucketPolicy(ctx, d.Id())
if err != nil {
return nil, fmt.Errorf("error importing Minio S3 bucket policy: %s", err)
}
if pol == "" {
_ = d.Set("acl", "private")
return []*schema.ResourceData{d}, nil
}
_ = d.Set("acl", policyToACLName(bucketConfig, pol))
return []*schema.ResourceData{d}, nil
}
func policyToACLName(bucketConfig *S3MinioBucket, pol string) string {
defaultPolicies := map[string]string{
"public-read": exportPolicyString(ReadOnlyPolicy(bucketConfig), bucketConfig.MinioBucket),
"public-write": exportPolicyString(WriteOnlyPolicy(bucketConfig), bucketConfig.MinioBucket),
"public-read-write": exportPolicyString(ReadWritePolicy(bucketConfig), bucketConfig.MinioBucket),
"public": exportPolicyString(PublicPolicy(bucketConfig), bucketConfig.MinioBucket),
}
for name, defaultPolicy := range defaultPolicies {
if equivalent, err := awspolicy.PoliciesAreEquivalent(defaultPolicy, pol); err == nil && equivalent {
return name
}
}
return "private"
}