feat(obs): import obs resource, unit tests and docs

docs/resources/obs_bucket_acl.md

@@ -0,0 +1,105 @@
+---
+subcategory: "Object Storage Service (OBS)"
+---
+
+# g42cloud_obs_bucket_acl
+
+Manages an OBS bucket acl resource within G42Cloud.
+
+-> **NOTE:** When creating or updating the OBS bucket acl, the original bucket acl will be overwritten. When deleting
+the OBS bucket acl, the full permissions of the bucket owner will be set, and the other permissions will be removed.
+
+## Example Usage
+
+```hcl
+variable "bucket" {}
+variable "account1" {}
+variable "account2" {}
+
+resource "g42cloud_obs_bucket_acl" "test" {
+  bucket = var.bucket
+
+  owner_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+  }
+
+  account_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = var.account1
+  }
+
+  account_permission {
+    access_to_bucket = ["READ"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = var.account2
+  }
+
+  public_permission {
+    access_to_bucket = ["READ", "WRITE"]
+  }
+
+  log_delivery_user_permission {
+    access_to_bucket = ["READ", "WRITE"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+
+  Changing this parameter will create a new resource.
+
+* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket to which to set the acl.
+
+  Changing this parameter will create a new resource.
+
+* `owner_permission` - (Optional, List) Specifies the bucket owner permission. If omitted, the current obs bucket acl
+  owner permission will not be changed.
+  The [permission_struct](#OBSBucketAcl_permission_struct) structure is documented below.
+
+* `public_permission` - (Optional, List) Specifies the public permission.
+  The [permission_struct](#OBSBucketAcl_permission_struct) structure is documented below.
+
+* `log_delivery_user_permission` - (Optional, List) Specifies the log delivery user permission.
+  The [permission_struct](#OBSBucketAcl_permission_struct) structure is documented below.
+
+* `account_permission` - (Optional, List) Specifies the account permissions.
+  The [account_permission_struct](#OBSBucketAcl_account_permission_struct) structure is documented below.
+
+<a name="OBSBucketAcl_permission_struct"></a>
+The `permission_struct` block supports:
+
+* `access_to_bucket` - (Optional, List) Specifies the access to bucket. Valid values are **READ** and **WRITE**.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+<a name="OBSBucketAcl_account_permission_struct"></a>
+The `account_permission_struct` block supports:
+
+* `access_to_bucket` - (Optional, List) Specifies the access to bucket. Valid values are **READ** and **WRITE**.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+* `account_id` - (Required, String) Specifies the account id to authorize. The account id cannot be the bucket owner,
+  and must be unique.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The name of the bucket.
+
+## Import
+
+The obs bucket acl can be imported using the `bucket`, e.g.
+
+```bash
+$ terraform import g42cloud_obs_bucket_acl.test <bucket-name>
+```

docs/resources/obs_bucket_object_acl.md

@@ -0,0 +1,104 @@
+---
+subcategory: "Object Storage Service (OBS)"
+---
+
+# g42cloud_obs_bucket_object_acl
+
+Manages an OBS bucket object acl resource within G42Cloud.
+
+-> **NOTE:** When creating or updating the OBS bucket object acl, the original object acl will be overwritten. When
+deleting the OBS bucket object acl, only the owner permissions will be retained, and the other permissions will be
+removed.
+
+## Example Usage
+
+```hcl
+variable "bucket" {}
+variable "key" {}
+variable "account1" {}
+variable "account2" {}
+
+resource "g42cloud_obs_bucket_object_acl" "test" {
+  bucket = var.bucket
+  key    = var.key
+
+  account_permission {
+    access_to_object = ["READ"]
+    access_to_acl    = ["READ_ACP", "WRITE_ACP"]
+    account_id       = var.account1
+  }
+
+  account_permission {
+    access_to_object = ["READ"]
+    access_to_acl    = ["READ_ACP"]
+    account_id       = var.account2
+  }
+
+  public_permission {
+    access_to_acl = ["READ_ACP", "WRITE_ACP"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+
+  Changing this parameter will create a new resource.
+
+* `bucket` - (Required, String, ForceNew) Specifies the name of the bucket which the object belongs to.
+
+  Changing this parameter will create a new resource.
+
+* `key` - (Required, String, ForceNew) Specifies the name of the object to which to set the acl.
+
+  Changing this parameter will create a new resource.
+
+* `public_permission` - (Optional, List) Specifies the object public permission.
+  The [permission_struct](#OBSBucketObjectAcl_permission_struct) structure is documented below.
+
+* `account_permission` - (Optional, List) Specifies the object account permissions.
+  The [account_permission_struct](#OBSBucketObjectAcl_account_permission_struct) structure is documented below.
+
+<a name="OBSBucketObjectAcl_permission_struct"></a>
+The `permission_struct` block supports:
+
+* `access_to_object` - (Optional, List) Specifies the access to object. Only **READ** supported.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+<a name="OBSBucketObjectAcl_account_permission_struct"></a>
+The `account_permission_struct` block supports:
+
+* `account_id` - (Required, String) Specifies the account id to authorize. The account id cannot be the object owner,
+  and must be unique.
+
+* `access_to_object` - (Optional, List) Specifies the access to object. Only **READ** supported.
+
+* `access_to_acl` - (Optional, List) Specifies the access to acl. Valid values are **READ_ACP** and **WRITE_ACP**.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The name of the bucket object key.
+* `owner_permission` - The object owner permission information.
+  The [owner_permission_struct](#OBSBucketObjectAcl_owner_permission_struct) structure is documented below.
+
+<a name="OBSBucketObjectAcl_owner_permission_struct"></a>
+The `owner_permission_struct` block supports:
+
+* `access_to_object` - The owner object permissions.
+
+* `access_to_acl` - The owner acl permissions.
+
+## Import
+
+The obs bucket object acl can be imported using `bucket` and `key`, separated by a slash, e.g.
+
+```bash
+$ terraform import g42cloud_obs_bucket_object_acl.test <bucket>/<key>
+```

g42cloud/provider.go

@@ -222,7 +222,8 @@ func Provider() *schema.Provider {
 			"g42cloud_nat_gateway":                nat.DataSourcePublicGateway(),
 			"g42cloud_networking_port":            vpc.DataSourceNetworkingPortV2(),
 			"g42cloud_networking_secgroup":        vpc.DataSourceNetworkingSecGroup(),
-			"g42cloud_obs_bucket_object":          obs.DataSourceObsBucketObject(),
+
+			"g42cloud_obs_bucket_object": obs.DataSourceObsBucketObject(),
 
 			"g42cloud_rms_policy_definitions": rms.DataSourcePolicyDefinitions(),
 
@@ -349,14 +350,17 @@ func Provider() *schema.Provider {
 			"g42cloud_modelarts_notebook":               modelarts.ResourceNotebook(),
 			"g42cloud_modelarts_notebook_mount_storage": modelarts.ResourceNotebookMountStorage(),
 
-			"g42cloud_nat_dnat_rule":     nat.ResourcePublicDnatRule(),
-			"g42cloud_nat_gateway":       nat.ResourcePublicGateway(),
-			"g42cloud_nat_snat_rule":     nat.ResourcePublicSnatRule(),
-			"g42cloud_network_acl":       huaweicloud.ResourceNetworkACL(),
-			"g42cloud_network_acl_rule":  huaweicloud.ResourceNetworkACLRule(),
-			"g42cloud_obs_bucket":        obs.ResourceObsBucket(),
-			"g42cloud_obs_bucket_object": obs.ResourceObsBucketObject(),
-			"g42cloud_obs_bucket_policy": obs.ResourceObsBucketPolicy(),
+			"g42cloud_nat_dnat_rule":    nat.ResourcePublicDnatRule(),
+			"g42cloud_nat_gateway":      nat.ResourcePublicGateway(),
+			"g42cloud_nat_snat_rule":    nat.ResourcePublicSnatRule(),
+			"g42cloud_network_acl":      huaweicloud.ResourceNetworkACL(),
+			"g42cloud_network_acl_rule": huaweicloud.ResourceNetworkACLRule(),
+
+			"g42cloud_obs_bucket":            obs.ResourceObsBucket(),
+			"g42cloud_obs_bucket_acl":        obs.ResourceOBSBucketAcl(),
+			"g42cloud_obs_bucket_object":     obs.ResourceObsBucketObject(),
+			"g42cloud_obs_bucket_object_acl": obs.ResourceOBSBucketObjectAcl(),
+			"g42cloud_obs_bucket_policy":     obs.ResourceObsBucketPolicy(),
 
 			"g42cloud_rms_policy_assignment":                  rms.ResourcePolicyAssignment(),
 			"g42cloud_rms_resource_aggregator":                rms.ResourceAggregator(),

g42cloud/services/acceptance/acceptance.go

@@ -63,6 +63,7 @@ var (
 	G42_KMS_ENVIRONMENT = os.Getenv("G42_KMS_ENVIRONMENT")
 
 	G42_ENTERPRISE_MIGRATE_PROJECT_ID_TEST = os.Getenv("G42_ENTERPRISE_MIGRATE_PROJECT_ID_TEST")
+	G42_OBS_DESTINATION_BUCKET             = os.Getenv("G42_OBS_DESTINATION_BUCKET")
 )
 
 // TestAccProviders is a static map containing only the main provider instance.
@@ -501,3 +502,9 @@ func TestAccPreCheckKms(t *testing.T) {
 		t.Skip("This environment does not support KMS tests")
 	}
 }
+
+func TestAccPreCheckOBSDestinationBucket(t *testing.T) {
+	if G42_OBS_DESTINATION_BUCKET == "" {
+		t.Skip("G42_OBS_DESTINATION_BUCKET must be set for OBS destination tests")
+	}
+}