Merge branch 'devel' into apigw-features

# Conflicts:
#	go.mod
#	go.sum

docs/resources/obs_bucket_acl.md

@@ -0,0 +1,109 @@
+---
+subcategory: "Object Storage Service (OBS)"
+layout: "opentelekomcloud"
+page_title: "OpenTelekomCloud: opentelekomcloud_obs_bucket_acl"
+sidebar_current: "docs-opentelekomcloud-resource-obs-bucket-acl"
+description: |-
+  Manages a OBS Bucket ACL resource within OpenTelekomCloud.
+---
+
+
+# opentelekomcloud_obs_bucket_acl
+
+Manages an OBS bucket acl resource within OpenTelekomCloud.
+
+-> **NOTE:** When creating or updating the OBS bucket acl, the original bucket acl will be overwritten. When deleting
+the OBS bucket acl, the full permissions of the bucket owner will be set, and the other permissions will be removed.
+
+## Example Usage
+
+```hcl
+variable "bucket" {}
+variable "account1" {}
+variable "account2" {}
+
+resource "opentelekomcloud_obs_bucket_acl" "test" {
+  bucket = var.bucket
+
+  owner_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+  }
+
+  account_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = var.account1
+  }
+
+  account_permission {
+    access_to_bucket = ["READ"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = var.account2
+  }
+
+  public_permission {
+    access_to_bucket = ["READ", "WRITE"]
+  }
+
+  log_delivery_user_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket to which to set the acl.
+
+  Changing this parameter will create a new resource.
+
+* `owner_permission` - (Optional, List) Specifies the bucket owner permission. If omitted, the current obs bucket acl
+  owner permission will not be changed.
+  The [permission_struct](#OBSBucketAcl_permission_struct) structure is documented below.
+
+* `public_permission` - (Optional, List) Specifies the public permission.
+  The [permission_struct](#OBSBucketAcl_permission_struct) structure is documented below.
+
+* `log_delivery_user_permission` - (Optional, List) Specifies the log delivery user permission.
+  The [permission_struct](#OBSBucketAcl_permission_struct) structure is documented below.
+
+* `account_permission` - (Optional, List) Specifies the account permissions.
+  The [account_permission_struct](#OBSBucketAcl_account_permission_struct) structure is documented below.
+
+<a name="OBSBucketAcl_permission_struct"></a>
+The `permission_struct` block supports:
+
+* `access_to_bucket` - (Optional, List) Specifies the access to bucket. Valid values are **READ** and **WRITE**.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+<a name="OBSBucketAcl_account_permission_struct"></a>
+The `account_permission_struct` block supports:
+
+* `access_to_bucket` - (Optional, List) Specifies the access to bucket. Valid values are **READ** and **WRITE**.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+* `account_id` - (Required, String) Specifies the account id to authorize. The account id cannot be the bucket owner,
+  and must be unique.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The name of the bucket.
+
+
+* `region` - The region in which resource is created.
+
+## Import
+
+The obs bucket acl can be imported using the `bucket`, e.g.
+
+```bash
+$ terraform import opentelekomcloud_obs_bucket_acl.test <bucket-name>
+```

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241202125119-7b9c1facc6ac
+	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241202142411-fd6fb8c8c54d
 	github.com/unknwon/com v1.0.1
 	golang.org/x/crypto v0.23.0
 	golang.org/x/sync v0.1.0

go.sum

@@ -156,10 +156,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241129140521-38656d067f56 h1:8IBF5eU0C41SlhfzdyjTajMpuhMX5QEpEPN7f4a7zts=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241129140521-38656d067f56/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241202125119-7b9c1facc6ac h1:LEvCwiMZPdDd+aKjI4tT6vU337lN1qxQpB6548XjeLA=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241202125119-7b9c1facc6ac/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241202142411-fd6fb8c8c54d h1:7bxIT3di/P4VxlwCoc8jkaeQzTh896lbWiHq3UbcA8E=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241202142411-fd6fb8c8c54d/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

opentelekomcloud/acceptance/obs/resource_opentelekomcloud_obs_bucket_acl_test.go

@@ -0,0 +1,142 @@
+package acceptance
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+)
+
+func getOBSBucketAclResourceFunc(conf *cfg.Config, state *terraform.ResourceState) (interface{}, error) {
+	client, err := conf.NewObjectStorageClient(env.OS_REGION_NAME)
+	if err != nil {
+		return nil, fmt.Errorf("error creating OBS client: %s", err)
+	}
+
+	output, err := client.GetBucketAcl(state.Primary.ID)
+	if err != nil {
+		return nil, err
+	}
+	return output, nil
+}
+
+func TestAccOBSBucketAcl_basic(t *testing.T) {
+	var obj interface{}
+
+	bucketName := fmt.Sprintf("bucket-%s", acctest.RandString(3))
+	rName := "opentelekomcloud_obs_bucket_acl.test"
+
+	rc := common.InitResourceCheck(
+		rName,
+		&obj,
+		getOBSBucketAclResourceFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testOBSBucketAcl_basic(bucketName),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "bucket", bucketName),
+					resource.TestCheckResourceAttr(rName, "log_delivery_user_permission.0.access_to_bucket.0", "READ"),
+					resource.TestCheckResourceAttr(rName, "log_delivery_user_permission.0.access_to_bucket.1", "WRITE"),
+					resource.TestCheckResourceAttr(rName, "log_delivery_user_permission.0.access_to_acl.0", "READ_ACP"),
+					resource.TestCheckResourceAttr(rName, "log_delivery_user_permission.0.access_to_acl.1", "WRITE_ACP"),
+					resource.TestCheckResourceAttr(rName, "account_permission.#", "2"),
+					resource.TestCheckResourceAttr(rName, "owner_permission.#", "1"),
+				),
+			},
+			{
+				Config: testOBSBucketAcl_basic_update(bucketName),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "owner_permission.0.access_to_bucket.0", "WRITE"),
+					resource.TestCheckResourceAttr(rName, "owner_permission.0.access_to_acl.0", "WRITE_ACP"),
+					resource.TestCheckResourceAttr(rName, "account_permission.0.access_to_acl.0", "READ_ACP"),
+					resource.TestCheckResourceAttr(rName, "account_permission.0.account_id", "1000010023"),
+					resource.TestCheckResourceAttr(rName, "public_permission.0.access_to_bucket.0", "READ"),
+					resource.TestCheckResourceAttr(rName, "public_permission.0.access_to_bucket.1", "WRITE"),
+					resource.TestCheckResourceAttr(rName, "owner_permission.#", "1"),
+					resource.TestCheckResourceAttr(rName, "public_permission.#", "1"),
+					resource.TestCheckResourceAttr(rName, "account_permission.#", "1"),
+					resource.TestCheckResourceAttr(rName, "log_delivery_user_permission.#", "0"),
+				),
+			},
+			{
+				ResourceName:      rName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testOBSBucketAcl_base(bucketName string) string {
+	return fmt.Sprintf(`
+resource "opentelekomcloud_obs_bucket" "bucket" {
+  bucket        = "%s"
+  storage_class = "STANDARD"
+  acl           = "private"
+}
+`, bucketName)
+}
+
+func testOBSBucketAcl_basic(bucketName string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_obs_bucket_acl" "test" {
+  bucket = opentelekomcloud_obs_bucket.bucket.bucket
+
+  account_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = "1000010020"
+  }
+
+  account_permission {
+    access_to_bucket = ["READ"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = "1000010021"
+  }
+
+  log_delivery_user_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+  }
+}
+`, testOBSBucketAcl_base(bucketName))
+}
+
+func testOBSBucketAcl_basic_update(bucketName string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_obs_bucket_acl" "test" {
+  bucket = opentelekomcloud_obs_bucket.bucket.bucket
+
+  owner_permission {
+    access_to_bucket = ["WRITE"]
+    access_to_acl    = ["WRITE_ACP"]
+  }
+
+  account_permission {
+    access_to_acl = ["READ_ACP"]
+    account_id    = "1000010023"
+  }
+
+  public_permission {
+    access_to_bucket = ["READ", "WRITE"]
+  }
+}
+`, testOBSBucketAcl_base(bucketName))
+}

opentelekomcloud/provider.go

@@ -543,6 +543,7 @@ func Provider() *schema.Provider {
 			"opentelekomcloud_networking_vip_v2":                         vpc.ResourceNetworkingVIPV2(),
 			"opentelekomcloud_networking_vip_associate_v2":               vpc.ResourceNetworkingVIPAssociateV2(),
 			"opentelekomcloud_obs_bucket":                                obs.ResourceObsBucket(),
+			"opentelekomcloud_obs_bucket_acl":                            obs.ResourceOBSBucketAcl(),
 			"opentelekomcloud_obs_bucket_inventory":                      obs.ResourceObsBucketInventory(),
 			"opentelekomcloud_obs_bucket_object":                         obs.ResourceObsBucketObject(),
 			"opentelekomcloud_obs_bucket_policy":                         obs.ResourceObsBucketPolicy(),

opentelekomcloud/services/obs/common.go

@@ -1,5 +1,15 @@
 package obs
 
+import "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+
 const (
 	errCreationClient = "error creating OBS client: %w"
 )
+
+func getDomainID(cfg *cfg.Config) (domainId string) {
+	domainId = cfg.DomainID
+	if domainId == "" {
+		domainId = cfg.DomainClient.DomainID
+	}
+	return
+}