Merge pull request #182 from volcengine/Feat/tos-acl

Feat/tos acl

Author: msq177

common/common_volcengine_tos_utils.go

@@ -19,6 +19,9 @@ func mergeTosPublicAcl(acl string, param *map[string]interface{}, ownerId string
 	}()
 
 	switch acl {
+	case "default":
+		(*param)["IsDefault"] = true
+		return
 	case "private":
 		m := map[string]interface{}{
 			"Grantee": map[string]interface{}{
@@ -136,6 +139,11 @@ func ConvertTosPublicAcl() FieldResponseConvert {
 	return func(i interface{}) interface{} {
 		owner, _ := ObtainSdkValue("Owner.ID", i)
 		grants, _ := ObtainSdkValue("Grants", i)
+		isDefault, _ := ObtainSdkValue("IsDefault", i)
+		if isDefaultAcl, ok := isDefault.(bool); ok && isDefaultAcl {
+			return "default"
+		}
+
 		var (
 			read  bool
 			write bool

common/common_volcengine_version.go

@@ -2,5 +2,5 @@ package common
 
 const (
 	TerraformProviderName    = "terraform-provider-volcengine"
-	TerraformProviderVersion = "0.0.157"
+	TerraformProviderVersion = "0.0.158"
 )

example/tosBucket/main.tf

@@ -1,8 +1,10 @@
 resource "volcengine_tos_bucket" "default" {
-  bucket_name = "tf-acc-test-bucket"
-#  storage_class ="IA"
-  public_acl = "private"
-  enable_version = true
+  bucket_name          = "tf-acc-test-bucket-0123-3"
+#  storage_class        = "IA"
+  public_acl           = "private"
+  az_redundancy        = "multi-az"
+  enable_version       = true
+  bucket_acl_delivered = true
   account_acl {
     account_id = "1"
     permission = "READ"
@@ -13,7 +15,7 @@ resource "volcengine_tos_bucket" "default" {
   }
   project_name = "default"
   tags {
-    key = "k1"
+    key   = "k1"
     value = "v1"
   }
-}
+}

example/volume/main.tf

@@ -1,4 +1,4 @@
-data "volcengine_zones" "foo"{
+data "volcengine_zones" "foo" {
 }
 
 resource "volcengine_vpc" "foo" {
@@ -8,70 +8,71 @@ resource "volcengine_vpc" "foo" {
 
 resource "volcengine_subnet" "foo" {
   subnet_name = "acc-test-subnet"
-  cidr_block = "172.16.0.0/24"
-  zone_id = data.volcengine_zones.foo.zones[0].id
-  vpc_id = volcengine_vpc.foo.id
+  cidr_block  = "172.16.0.0/24"
+  zone_id     = data.volcengine_zones.foo.zones[0].id
+  vpc_id      = volcengine_vpc.foo.id
 }
 
 resource "volcengine_security_group" "foo" {
   security_group_name = "acc-test-security-group"
-  vpc_id = volcengine_vpc.foo.id
+  vpc_id              = volcengine_vpc.foo.id
 }
 
 data "volcengine_images" "foo" {
-  os_type = "Linux"
-  visibility = "public"
+  os_type          = "Linux"
+  visibility       = "public"
   instance_type_id = "ecs.g1.large"
 }
 
 resource "volcengine_ecs_instance" "foo" {
-  instance_name = "acc-test-ecs"
-  description = "acc-test"
-  host_name = "tf-acc-test"
-  image_id = data.volcengine_images.foo.images[0].image_id
-  instance_type = "ecs.g1.large"
-  password = "93f0cb0614Aab12"
+  instance_name        = "acc-test-ecs"
+  description          = "acc-test"
+  host_name            = "tf-acc-test"
+  image_id             = data.volcengine_images.foo.images[0].image_id
+  instance_type        = "ecs.g1.large"
+  password             = "93f0cb0614Aab12"
   instance_charge_type = "PrePaid"
-  period = 1
-  system_volume_type = "ESSD_PL0"
-  system_volume_size = 40
-  subnet_id = volcengine_subnet.foo.id
-  security_group_ids = [volcengine_security_group.foo.id]
-  project_name = "default"
+  period               = 1
+  system_volume_type   = "ESSD_PL0"
+  system_volume_size   = 40
+  subnet_id            = volcengine_subnet.foo.id
+  security_group_ids   = [volcengine_security_group.foo.id]
+  project_name         = "default"
   tags {
-    key = "k1"
+    key   = "k1"
     value = "v1"
   }
 }
 
 resource "volcengine_volume" "PreVolume" {
-  volume_name = "acc-test-volume"
-  volume_type = "ESSD_PL0"
-  description = "acc-test"
-  kind = "data"
-  size = 40
-  zone_id = data.volcengine_zones.foo.zones[0].id
-  volume_charge_type = "PrePaid"
-  instance_id = volcengine_ecs_instance.foo.id
-  project_name = "default"
+  volume_name          = "acc-test-volume"
+  volume_type          = "ESSD_PL0"
+  description          = "acc-test"
+  kind                 = "data"
+  size                 = 40
+  zone_id              = data.volcengine_zones.foo.zones[0].id
+  volume_charge_type   = "PrePaid"
+  instance_id          = volcengine_ecs_instance.foo.id
+  project_name         = "default"
   delete_with_instance = true
   tags {
-    key = "k1"
+    key   = "k1"
     value = "v1"
   }
 }
 
 resource "volcengine_volume" "PostVolume" {
-  volume_name = "acc-test-volume"
-  volume_type = "ESSD_PL0"
-  description = "acc-test"
-  kind = "data"
-  size = 40
-  zone_id = data.volcengine_zones.foo.zones[0].id
+  volume_name        = "acc-test-volume"
+  volume_type        = "ESSD_PL0"
+  description        = "acc-test"
+  kind               = "data"
+  size               = 40
+#  snapshot_id        = "snap-3vydtmc0fl3qunm4****"
+  zone_id            = data.volcengine_zones.foo.zones[0].id
   volume_charge_type = "PostPaid"
-  project_name = "default"
+  project_name       = "default"
   tags {
-    key = "k1"
+    key   = "k1"
     value = "v1"
   }
 }

volcengine/ebs/volume/resource_volcengine_volume.go

@@ -73,6 +73,13 @@ func ResourceVolcengineVolume() *schema.Resource {
 				Description: "The ID of the instance to which the created volume is automatically attached. " +
 					"When use this field to attach ecs instance, the attached volume cannot be deleted by terraform, please use `terraform state rm volcengine_volume.resource_name` command to remove it from terraform state file and management.",
 			},
+			"snapshot_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Description: "The id of the snapshot. When creating a volume using snapshots, this field is required.\n" +
+					"When importing resources, this attribute will not be imported. If this attribute is set, please use lifecycle and ignore_changes ignore changes in fields.",
+			},
 			"volume_charge_type": {
 				Type:     schema.TypeString,
 				Optional: true,

volcengine/tos/bucket/resource_volcengine_tos_bucket.go

@@ -80,6 +80,13 @@ func ResourceVolcengineTosBucket() *schema.Resource {
 				Optional:    true,
 				Description: "The flag of enable tos version.",
 			},
+			"az_redundancy": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Default:     "single-az",
+				Description: "The AZ redundancy of the Tos Bucket. Default is `single-az`. Valid values: `single-az`, `multi-az`.",
+			},
 			"project_name": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -143,6 +150,14 @@ func ResourceVolcengineTosBucket() *schema.Resource {
 				},
 				Set: ve.TosAccountAclHash,
 			},
+			"bucket_acl_delivered": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Computed:    true,
+				Description: "Whether to enable the default inheritance bucket ACL function for objects. Default is false.",
+			},
+
+			// computed fields
 			"creation_date": {
 				Type:        schema.TypeString,
 				Computed:    true,

volcengine/tos/bucket/service_volcengine_tos_bucket.go

@@ -112,6 +112,9 @@ func (s *VolcengineTosBucketService) ReadResource(resourceData *schema.ResourceD
 		if header.Get("X-Tos-Storage-Class") != "" {
 			data["StorageClass"] = header.Get("X-Tos-Storage-Class")
 		}
+		if header.Get("X-Tos-Az-Redundancy") != "" {
+			data["AzRedundancy"] = header.Get("X-Tos-Az-Redundancy")
+		}
 	}
 
 	action = "GetBucketAcl"
@@ -129,6 +132,7 @@ func (s *VolcengineTosBucketService) ReadResource(resourceData *schema.ResourceD
 	if acl, ok = (*resp)[ve.BypassResponse].(map[string]interface{}); ok {
 		data["PublicAcl"] = acl
 		data["AccountAcl"] = acl
+		data["BucketAclDelivered"] = acl["BucketAclDelivered"]
 	}
 
 	action = "GetBucketVersioning"
@@ -251,6 +255,13 @@ func (s *VolcengineTosBucketService) CreateResource(resourceData *schema.Resourc
 						Type: ve.HeaderParam,
 					},
 				},
+				"az_redundancy": {
+					ConvertType: ve.ConvertDefault,
+					TargetField: "x-tos-az-redundancy",
+					SpecialParam: &ve.SpecialParam{
+						Type: ve.HeaderParam,
+					},
+				},
 				"project_name": {
 					ConvertType: ve.ConvertDefault,
 					TargetField: "x-tos-project-name",
@@ -347,6 +358,10 @@ func (s *VolcengineTosBucketService) CreateResource(resourceData *schema.Resourc
 						},
 					},
 				},
+				"bucket_acl_delivered": {
+					ConvertType: ve.ConvertDefault,
+					TargetField: "BucketAclDelivered",
+				},
 			},
 			BeforeCall:  s.beforePutBucketAcl(),
 			ExecuteCall: s.executePutBucketAcl(),
@@ -425,6 +440,7 @@ func (s *VolcengineTosBucketService) ModifyResource(data *schema.ResourceData, r
 	var grant = []string{
 		"public_acl",
 		"account_acl",
+		"bucket_acl_delivered",
 	}
 	for _, v := range grant {
 		if data.HasChange(v) {
@@ -464,6 +480,11 @@ func (s *VolcengineTosBucketService) ModifyResource(data *schema.ResourceData, r
 							},
 							ForceGet: true,
 						},
+						"bucket_acl_delivered": {
+							ConvertType: ve.ConvertDefault,
+							TargetField: "BucketAclDelivered",
+							ForceGet:    true,
+						},
 					},
 					BeforeCall:  s.beforePutBucketAcl(),
 					ExecuteCall: s.executePutBucketAcl(),

volcengine/tos/object/resource_volcengine_tos_object.go

@@ -100,9 +100,10 @@ func ResourceVolcengineTosObject() *schema.Resource {
 					"public-read-write",
 					"authenticated-read",
 					"bucket-owner-read",
+					"default",
 				}, false),
 				Default:     "private",
-				Description: "The public acl control of object.Valid value is private|public-read|public-read-write|authenticated-read|bucket-owner-read.",
+				Description: "The public acl control of object. Valid value is private|public-read|public-read-write|authenticated-read|bucket-owner-read|default. `default` means to enable the default inheritance bucket ACL function for the object.",
 			},
 			"storage_class": {
 				Type:     schema.TypeString,
@@ -124,6 +125,12 @@ func ResourceVolcengineTosObject() *schema.Resource {
 				Set:         schema.HashString,
 				Description: "The version ids of the object if exist.",
 			},
+			"is_default": {
+				Type: schema.TypeBool,
+				//Optional:    true,
+				Computed:    true,
+				Description: "Whether to enable the default inheritance bucket ACL function for the object.",
+			},
 			"account_acl": {
 				Type:        schema.TypeSet,
 				Optional:    true,

volcengine/tos/object/service_volcengine_tos_object.go

@@ -189,6 +189,7 @@ func (s *VolcengineTosObjectService) ReadResource(resourceData *schema.ResourceD
 	if acl, ok = (*resp)[ve.BypassResponse].(map[string]interface{}); ok {
 		data["PublicAcl"] = acl
 		data["AccountAcl"] = acl
+		data["IsDefault"] = acl["IsDefault"]
 	}
 
 	action = "GetBucketVersioning"
@@ -327,6 +328,7 @@ func (s *VolcengineTosObjectService) ModifyResource(data *schema.ResourceData, r
 		var grant = []string{
 			"public_acl",
 			"account_acl",
+			//"is_default",
 		}
 		for _, v := range grant {
 			if data.HasChange(v) {
@@ -642,6 +644,11 @@ func (s *VolcengineTosObjectService) createOrUpdateObjectAcl(resourceData *schem
 						},
 					},
 				},
+				//"is_default": {
+				//	ConvertType: ve.ConvertDefault,
+				//	TargetField: "IsDefault",
+				//	ForceGet:    true,
+				//},
 			},
 			BeforeCall:  s.beforePutObjectAcl(),
 			ExecuteCall: s.executePutObjectAcl(),

website/docs/r/tos_bucket.html.markdown

@@ -11,10 +11,12 @@ Provides a resource to manage tos bucket
 ## Example Usage
 ```hcl
 resource "volcengine_tos_bucket" "default" {
-  bucket_name = "tf-acc-test-bucket"
-  #  storage_class ="IA"
-  public_acl     = "private"
-  enable_version = true
+  bucket_name = "tf-acc-test-bucket-0123-3"
+  #  storage_class        = "IA"
+  public_acl           = "private"
+  az_redundancy        = "multi-az"
+  enable_version       = true
+  bucket_acl_delivered = true
   account_acl {
     account_id = "1"
     permission = "READ"
@@ -34,6 +36,8 @@ resource "volcengine_tos_bucket" "default" {
 The following arguments are supported:
 * `bucket_name` - (Required, ForceNew) The name of the bucket.
 * `account_acl` - (Optional) The user set of grant full control.
+* `az_redundancy` - (Optional, ForceNew) The AZ redundancy of the Tos Bucket. Default is `single-az`. Valid values: `single-az`, `multi-az`.
+* `bucket_acl_delivered` - (Optional) Whether to enable the default inheritance bucket ACL function for objects. Default is false.
 * `enable_version` - (Optional) The flag of enable tos version.
 * `project_name` - (Optional) The ProjectName of the Tos Bucket. Default is `default`.
 * `public_acl` - (Optional) The public acl control of object.Valid value is private|public-read|public-read-write|authenticated-read|bucket-owner-read.