diff --git a/examples/sos-bucket-policy/README.md b/examples/sos-bucket-policy/README.md new file mode 100644 index 000000000..4edf9b7e6 --- /dev/null +++ b/examples/sos-bucket-policy/README.md @@ -0,0 +1,19 @@ +# SOS Bucket Policies + +This example demonstrates how to manage Exoscale [SOS Bucket Policies](https://community.exoscale.com/documentation/storage/bucketpolicy/). + +```console +terraform init +terraform apply \ + -var exoscale_api_key=$EXOSCALE_API_KEY \ + -var exoscale_api_secret=$EXOSCALE_API_SECRET + +... + +Outputs: + +my_object_uri = "https://sos-ch-gva-2.exo.io/my-bucket-2da17217-8ef3-254d-429e-08bced1109a5/my-object.txt" + +$ wget -qO- https://sos-ch-gva-2.exo.io/my-bucket-2da17217-8ef3-254d-429e-08bced1109a5/my-object.txt +Hello World! +``` diff --git a/examples/sos-bucket-policy/bucket_policy.json.tpl b/examples/sos-bucket-policy/bucket_policy.json.tpl new file mode 100644 index 000000000..a0bd7a3ad --- /dev/null +++ b/examples/sos-bucket-policy/bucket_policy.json.tpl @@ -0,0 +1,9 @@ +{ + "Version": "exoscale", + "default-service-strategy": "allow", + "services": { + "sos": { + "type": "allow" + } + } +} diff --git a/examples/sos-bucket-policy/main.tf b/examples/sos-bucket-policy/main.tf new file mode 100644 index 000000000..b0b974a28 --- /dev/null +++ b/examples/sos-bucket-policy/main.tf @@ -0,0 +1,32 @@ +# Providers +# -> providers.tf + +# Customizable parameters +locals { + my_zone = "ch-gva-2" + my_bucket = "my-bucket" +} + +# Sample random UUID +resource "random_uuid" "my_uuid" { +} + +# SOS bucket +resource "aws_s3_bucket" "my_bucket" { + bucket = "${local.my_bucket}-${resource.random_uuid.my_uuid.result}" +} + +resource "exoscale_sos_bucket_policy" "my_policy" { + bucket = "${local.my_bucket}-${resource.random_uuid.my_uuid.result}" + policy = templatefile("${path.module}/bucket_policy.json.tpl", {}) + zone = local.my_zone +} + +# Outputs +output "my_object_uri" { + value = format( + "https://sos-%s.exo.io/%s", + aws_s3_bucket.my_bucket.region, + aws_s3_bucket.my_bucket.bucket, + ) +} diff --git a/examples/sos-bucket-policy/providers.tf b/examples/sos-bucket-policy/providers.tf new file mode 100644 index 000000000..6f8bf9553 --- /dev/null +++ b/examples/sos-bucket-policy/providers.tf @@ -0,0 +1,27 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + exoscale = { + source = "exoscale/exoscale" + } + } +} + +variable "exoscale_api_key" { type = string } +variable "exoscale_api_secret" { type = string } +provider "aws" { + access_key = var.exoscale_api_key + secret_key = var.exoscale_api_secret + + region = local.my_zone + endpoints { + s3 = "https://sos-${local.my_zone}.exo.io" + } + + # Disable AWS-specific features + skip_credentials_validation = true + skip_region_validation = true + skip_requesting_account_id = true +} diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go index cc75438d8..866eda3fa 100644 --- a/pkg/provider/provider.go +++ b/pkg/provider/provider.go @@ -22,6 +22,7 @@ import ( "github.com/exoscale/terraform-provider-exoscale/pkg/resources/database" "github.com/exoscale/terraform-provider-exoscale/pkg/resources/iam" "github.com/exoscale/terraform-provider-exoscale/pkg/resources/nlb_service" + "github.com/exoscale/terraform-provider-exoscale/pkg/resources/sos_bucket_policy" "github.com/exoscale/terraform-provider-exoscale/pkg/resources/zones" ) @@ -205,6 +206,7 @@ func (p *ExoscaleProvider) Resources(ctx context.Context) []func() resource.Reso iam.NewResourceAPIKey, block_storage.NewResourceVolume, block_storage.NewResourceSnapshot, + sos_bucket_policy.NewResourceSOSBucketPolicy, } } diff --git a/pkg/resources/sos_bucket_policy/resource.go b/pkg/resources/sos_bucket_policy/resource.go index 627d36582..b3f7afea9 100644 --- a/pkg/resources/sos_bucket_policy/resource.go +++ b/pkg/resources/sos_bucket_policy/resource.go @@ -82,6 +82,9 @@ func (r *ResourceSOSBucketPolicy) Schema(ctx context.Context, req resource.Schem }, }, }, + Blocks: map[string]schema.Block{ + "timeouts": timeouts.BlockAll(ctx), + }, } } @@ -130,7 +133,7 @@ func (r *ResourceSOSBucketPolicy) Create(ctx context.Context, req resource.Creat _, err = sosClient.PutBucketPolicy(ctx, &s3.PutBucketPolicyInput{ Bucket: plan.Bucket.ValueStringPointer(), Policy: plan.Policy.ValueStringPointer(), - }, nil) + }) if err != nil { resp.Diagnostics.AddError( "failed to put bucket policy", @@ -177,7 +180,7 @@ func (r *ResourceSOSBucketPolicy) Read(ctx context.Context, req resource.ReadReq policy, err := sosClient.GetBucketPolicy(ctx, &s3.GetBucketPolicyInput{ Bucket: state.Bucket.ValueStringPointer(), - }, nil) + }) if err != nil { resp.Diagnostics.AddError( "failed to get bucket policy", @@ -230,7 +233,7 @@ func (r *ResourceSOSBucketPolicy) Update(ctx context.Context, req resource.Updat _, err = sosClient.PutBucketPolicy(ctx, &s3.PutBucketPolicyInput{ Bucket: plan.Bucket.ValueStringPointer(), Policy: plan.Policy.ValueStringPointer(), - }, nil) + }) if err != nil { resp.Diagnostics.AddError( "failed to put bucket policy", @@ -280,7 +283,7 @@ func (r *ResourceSOSBucketPolicy) Delete(ctx context.Context, req resource.Delet _, err = sosClient.DeleteBucketPolicy(ctx, &s3.DeleteBucketPolicyInput{ Bucket: state.Bucket.ValueStringPointer(), - }, nil) + }) if err != nil { resp.Diagnostics.AddError( "failed to put bucket policy",