Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix storage notification tests #1913

Merged
merged 2 commits into from
Aug 22, 2018
Merged

Fix storage notification tests #1913

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
570ecc2
Update google_storage_project_service_account to mirror API.
rileykarson Aug 21, 2018
40be439
Fix storage notifications test, clarify docs.
rileykarson Aug 21, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 17 additions & 1 deletion google/data_source_google_storage_project_service_account.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,15 @@ func dataSourceGoogleStorageProjectServiceAccount() *schema.Resource {
Optional: true,
ForceNew: true,
},
"user_project": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
"email_address": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
Expand All @@ -26,12 +35,19 @@ func dataSourceGoogleStorageProjectServiceAccountRead(d *schema.ResourceData, me
return err
}

serviceAccount, err := config.clientStorage.Projects.ServiceAccount.Get(project).Do()
serviceAccountGetRequest := config.clientStorage.Projects.ServiceAccount.Get(project)

if v, ok := d.GetOk("user_project"); ok {
serviceAccountGetRequest = serviceAccountGetRequest.UserProject(v.(string))
}

serviceAccount, err := serviceAccountGetRequest.Do()
if err != nil {
return handleNotFoundError(err, d, "GCS service account not found")
}

d.Set("project", project)
d.Set("email_address", serviceAccount.EmailAddress)

d.SetId(serviceAccount.EmailAddress)

Expand Down
5 changes: 3 additions & 2 deletions google/data_source_google_storage_project_service_account_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,14 @@ func TestAccDataSourceGoogleStorageProjectServiceAccount_basic(t *testing.T) {
{
Config: testAccCheckGoogleStorageProjectServiceAccount_basic,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(resourceName, "id"),
resource.TestCheckResourceAttrSet(resourceName, "email_address"),
),
},
},
})
}

const testAccCheckGoogleStorageProjectServiceAccount_basic = `
data "google_storage_project_service_account" "gcs_account" { }
data "google_storage_project_service_account" "gcs_account" {
}
`
17 changes: 11 additions & 6 deletions google/resource_storage_notification_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ import (
)

var (
gcsServiceAccount = fmt.Sprintf("serviceAccount:%[email protected]", os.Getenv("GOOGLE_PROJECT"))
payload = "JSON_API_V1"
payload = "JSON_API_V1"
)

func TestAccStorageNotification_basic(t *testing.T) {
Expand Down Expand Up @@ -185,14 +184,17 @@ resource "google_storage_bucket" "bucket" {
resource "google_pubsub_topic" "topic" {
name = "%s"
}

// We have to provide GCS default storage account with the permission
// to publish to a Cloud Pub/Sub topic from this project
// Otherwise notification configuration won't work
data "google_storage_project_service_account" "gcs_account" {}

resource "google_pubsub_topic_iam_binding" "binding" {
topic = "${google_pubsub_topic.topic.name}"
role = "roles/pubsub.publisher"

members = ["%s"]
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
}

resource "google_storage_notification" "notification" {
Expand All @@ -210,7 +212,7 @@ resource "google_storage_notification" "notification_with_prefix" {
depends_on = ["google_pubsub_topic_iam_binding.binding"]
}

`, bucketName, topicName, gcsServiceAccount)
`, bucketName, topicName)
}

func testGoogleStorageNotificationOptionalEventsAttributes(bucketName, topicName, topic, eventType1, eventType2 string) string {
Expand All @@ -222,14 +224,17 @@ resource "google_storage_bucket" "bucket" {
resource "google_pubsub_topic" "topic" {
name = "%s"
}

// We have to provide GCS default storage account with the permission
// to publish to a Cloud Pub/Sub topic from this project
// Otherwise notification configuration won't work
data "google_storage_project_service_account" "gcs_account" {}

resource "google_pubsub_topic_iam_binding" "binding" {
topic = "${google_pubsub_topic.topic.name}"
role = "roles/pubsub.publisher"

members = ["%s"]
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
}

resource "google_storage_notification" "notification" {
Expand All @@ -243,5 +248,5 @@ resource "google_storage_notification" "notification" {
depends_on = ["google_pubsub_topic_iam_binding.binding"]
}

`, bucketName, topicName, gcsServiceAccount, eventType1, eventType2)
`, bucketName, topicName, eventType1, eventType2)
}
20 changes: 14 additions & 6 deletions website/docs/d/google_storage_project_service_account.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,13 @@ description: |-

# google\_storage\_project\_service\_account

Use this data source to get the email address of the project's Google Cloud Storage service account.
For more information see
[API](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount).
Get the email address of a project's unique Google Cloud Storage service account.

Each Google Cloud project has a unique service account for use with Google Cloud Storage. Only this
special service account can be used to set up `google_storage_notification` resources.

For more information see
[the API reference](https://cloud.google.com/storage/docs/json_api/v1/projects/serviceAccount).

## Example Usage

Expand All @@ -21,18 +25,22 @@ resource "google_pubsub_topic_iam_binding" "binding" {
topic = "${google_pubsub_topic.topic.name}"
role = "roles/pubsub.publisher"

members = ["${data.google_storage_project_service_account.gcs_account.id}"]
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
}
```

## Argument Reference

The following arguments are supported:

* `project` - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.
* `project` - (Optional) The project the unique service account was created for. If it is not provided, the provider project is used.

* `user_project` - (Optional) The project the lookup originates from. This field is used if you are making the request
from a different account than the one you are finding the service account for.

## Attributes Reference

The following attributes are exported:

* `id` - The ID of the service account, which is its email address
* `email_address` - The email address of the service account. This value is often used to refer to the service account
in order to grant IAM permissions.
47 changes: 27 additions & 20 deletions website/docs/r/storage_notification.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,29 +14,15 @@ Creates a new notification configuration on a specified bucket, establishing a f
and
[API](https://cloud.google.com/storage/docs/json_api/v1/notifications).

In order to enable notifications, a special Google Cloud Storage service account unique to the project
must have the IAM permission "projects.topics.publish" for a Cloud Pub/Sub topic in the project. To get the service
account's email address, use the `google_storage_project_service_account` datasource's `email_address` value, and see below
for an example of enabling notifications by granting the correct IAM permission. See
[the notifications documentation](https://cloud.google.com/storage/docs/gsutil/commands/notification) for more details.

## Example Usage

```hcl
data "google_storage_project_service_account" "gs_account" {}

resource "google_storage_bucket" "bucket" {
name = "default_bucket"
}

resource "google_pubsub_topic" "topic" {
name = "default_topic"
}

// In order to enable notifications, the Google Cloud Storage service account unique to each project
// must have the IAM permission "projects.topics.publish" to a Cloud Pub/Sub topic from this project.
// https://cloud.google.com/storage/docs/gsutil/commands/notification

resource "google_pubsub_topic_iam_binding" "binding" {
topic = "${google_pubsub_topic.topic.name}"
role = "roles/pubsub.publisher"
members = ["serviceAccount:${data.google_storage_project_service_account.gs_account.id}"]
}

resource "google_storage_notification" "notification" {
bucket = "${google_storage_bucket.bucket.name}"
payload_format = "JSON_API_V1"
Expand All @@ -47,6 +33,27 @@ resource "google_storage_notification" "notification" {
}
depends_on = ["google_pubsub_topic_iam_binding.binding"]
}

// Enable notifications by giving the correct IAM permission to the unique service account.

data "google_storage_project_service_account" "gcs_account" {}

resource "google_pubsub_topic_iam_binding" "binding" {
topic = "${google_pubsub_topic.topic.name}"
role = "roles/pubsub.publisher"
members = ["serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"]
}

// End enabling notifications


resource "google_storage_bucket" "bucket" {
name = "default_bucket"
}

resource "google_pubsub_topic" "topic" {
name = "default_topic"
}
```

## Argument Reference
Expand Down