feat(object): add bucket policy datasource (#1926)

* feat(object): add bucket policy datasource

* documentation

* fix check destroy

* expect non empty plan when replaying cassettes

Author: quantumsheep

docs/data-sources/object_bucket_policy.md

@@ -0,0 +1,30 @@
+---
+subcategory: "Object Storage"
+page_title: "Scaleway: scaleway_object_bucket_policy"
+---
+
+# scaleway_object_bucket_policy
+
+Gets information about the Bucket's policy.
+For more information, see [the documentation](https://www.scaleway.com/en/docs/object-storage-feature/).
+
+## Example Usage
+
+```hcl
+data "scaleway_object_bucket_policy" "main" {
+    bucket = "bucket.test.com"
+}
+```
+
+## Argument Reference
+
+- `bucket` - (Required) The bucket name.
+- `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#zones) in which the Object Storage exists.
+- `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the bucket is associated with.
+
+
+## Attributes Reference
+
+In addition to all above arguments, the following attribute is exported:
+
+* `policy` - The bucket's policy in JSON format.

scaleway/data_source_object_bucket_policy.go

@@ -0,0 +1,74 @@
+package scaleway
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/s3"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
+)
+
+func dataSourceScalewayObjectBucketPolicy() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := datasourceSchemaFromResourceSchema(resourceScalewayObjectBucketPolicy().Schema)
+
+	fixDatasourceSchemaFlags(dsSchema, true, "bucket")
+	addOptionalFieldsToSchema(dsSchema, "region", "project_id")
+
+	return &schema.Resource{
+		ReadContext: dataSourceScalewayObjectBucketPolicyRead,
+		Schema:      dsSchema,
+	}
+}
+
+func dataSourceScalewayObjectBucketPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	s3Client, region, err := s3ClientWithRegion(d, meta)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	bucket := expandID(d.Get("bucket"))
+	tflog.Debug(ctx, fmt.Sprintf("bucket name: %s", bucket))
+
+	_ = d.Set("region", region)
+
+	tflog.Debug(ctx, fmt.Sprintf("[DEBUG] SCW bucket policy, read for bucket: %s", d.Id()))
+	policy, err := s3Client.GetBucketPolicyWithContext(ctx, &s3.GetBucketPolicyInput{
+		Bucket: aws.String(bucket),
+	})
+	if err != nil {
+		if tfawserr.ErrCodeEquals(err, ErrCodeNoSuchBucketPolicy, s3.ErrCodeNoSuchBucket) {
+			return diag.FromErr(fmt.Errorf("bucket %s doesn't exist or has no policy", bucket))
+		}
+
+		return diag.FromErr(fmt.Errorf("couldn't read bucket %s policy: %s", bucket, err))
+	}
+
+	policyString := "{}"
+	if err == nil && policy.Policy != nil {
+		policyString = aws.StringValue(policy.Policy)
+	}
+
+	policyJSON, err := structure.NormalizeJsonString(policyString)
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("policy (%s) is an invalid JSON: %w", policyString, err))
+	}
+
+	_ = d.Set("policy", policyJSON)
+
+	acl, err := s3Client.GetBucketAclWithContext(ctx, &s3.GetBucketAclInput{
+		Bucket: aws.String(bucket),
+	})
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("couldn't read bucket acl: %s", err))
+	}
+	_ = d.Set("project_id", normalizeOwnerID(acl.Owner.ID))
+
+	d.SetId(newRegionalIDString(region, bucket))
+	return nil
+}

scaleway/data_source_object_bucket_policy_test.go

@@ -0,0 +1,68 @@
+package scaleway
+
+import (
+	"fmt"
+	"testing"
+
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccScalewayDataSourceObjectBucketPolicy_Basic(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	bucketName := sdkacctest.RandomWithPrefix("test-acc-scw-obp-data-basic")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayObjectBucketDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_object_bucket" "main" {
+						name = "%[1]s"
+					}
+
+					resource "scaleway_object_bucket_policy" "main" {
+						bucket = scaleway_object_bucket.main.name
+						policy = jsonencode(
+							{
+								Id = "MyPolicy"
+								Statement = [
+									{
+										Action = [
+											"s3:ListBucket",
+											"s3:GetObject",
+										]
+										Effect = "Allow"
+										Principal = {
+											SCW = "*"
+										}
+										Resource  = [
+											"${scaleway_object_bucket.main.name}",
+											"${scaleway_object_bucket.main.name}/*",
+										]
+										Sid = "GrantToEveryone"
+									},
+								]
+								Version = "2012-10-17"
+							}
+						)
+					}
+
+					data "scaleway_object_bucket_policy" "selected" {
+						bucket = scaleway_object_bucket_policy.main.bucket
+					}
+				`, bucketName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.scaleway_object_bucket_policy.selected", "bucket", bucketName),
+					resource.TestCheckResourceAttrSet("data.scaleway_object_bucket_policy.selected", "policy"),
+					resource.TestCheckResourceAttrPair("data.scaleway_object_bucket_policy.selected", "policy", "scaleway_object_bucket_policy.main", "policy"),
+				),
+				ExpectNonEmptyPlan: !*UpdateCassettes,
+			},
+		},
+	})
+}

scaleway/provider.go

@@ -209,6 +209,7 @@ func Provider(config *ProviderConfig) plugin.ProviderFunc {
 				"scaleway_lb_routes":                           dataSourceScalewayLbRoutes(),
 				"scaleway_marketplace_image":                   dataSourceScalewayMarketplaceImage(),
 				"scaleway_object_bucket":                       dataSourceScalewayObjectBucket(),
+				"scaleway_object_bucket_policy":                dataSourceScalewayObjectBucketPolicy(),
 				"scaleway_rdb_acl":                             dataSourceScalewayRDBACL(),
 				"scaleway_rdb_instance":                        dataSourceScalewayRDBInstance(),
 				"scaleway_rdb_database":                        dataSourceScalewayRDBDatabase(),