/
data_source_object_bucket_policy.go
85 lines (70 loc) · 2.67 KB
/
data_source_object_bucket_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package scaleway
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/hashicorp/aws-sdk-go-base/tfawserr"
"github.com/hashicorp/terraform-plugin-log/tflog"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
"github.com/scaleway/terraform-provider-scaleway/v2/internal/datasource"
"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
)
func DataSourceScalewayObjectBucketPolicy() *schema.Resource {
// Generate datasource schema from resource
dsSchema := datasource.SchemaFromResourceSchema(ResourceScalewayObjectBucketPolicy().Schema)
datasource.FixDatasourceSchemaFlags(dsSchema, true, "bucket")
datasource.AddOptionalFieldsToSchema(dsSchema, "region", "project_id")
return &schema.Resource{
ReadContext: dataSourceScalewayObjectBucketPolicyRead,
Schema: dsSchema,
}
}
func dataSourceScalewayObjectBucketPolicyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
s3Client, region, err := s3ClientWithRegion(d, m)
if err != nil {
return diag.FromErr(err)
}
regionalID := regional.ExpandID(d.Get("bucket"))
bucket := regionalID.ID
bucketRegion := regionalID.Region
tflog.Debug(ctx, "bucket name: "+bucket)
if bucketRegion != "" && bucketRegion != region {
s3Client, err = s3ClientForceRegion(d, m, bucketRegion.String())
if err != nil {
return diag.FromErr(err)
}
region = bucketRegion
}
_ = d.Set("region", region)
tflog.Debug(ctx, "[DEBUG] SCW bucket policy, read for bucket: "+d.Id())
policy, err := s3Client.GetBucketPolicyWithContext(ctx, &s3.GetBucketPolicyInput{
Bucket: aws.String(bucket),
})
if err != nil {
if tfawserr.ErrCodeEquals(err, ErrCodeNoSuchBucketPolicy, s3.ErrCodeNoSuchBucket) {
return diag.FromErr(fmt.Errorf("bucket %s doesn't exist or has no policy", bucket))
}
return diag.FromErr(fmt.Errorf("couldn't read bucket %s policy: %s", bucket, err))
}
policyString := "{}"
if err == nil && policy.Policy != nil {
policyString = aws.StringValue(policy.Policy)
}
policyJSON, err := structure.NormalizeJsonString(policyString)
if err != nil {
return diag.FromErr(fmt.Errorf("policy (%s) is an invalid JSON: %w", policyString, err))
}
_ = d.Set("policy", policyJSON)
acl, err := s3Client.GetBucketAclWithContext(ctx, &s3.GetBucketAclInput{
Bucket: aws.String(bucket),
})
if err != nil {
return diag.FromErr(fmt.Errorf("couldn't read bucket acl: %s", err))
}
_ = d.Set("project_id", normalizeOwnerID(acl.Owner.ID))
d.SetId(regional.NewIDString(region, bucket))
return nil
}