Merge #3233: Allow canned ACLs on S3 remote state.

2015-10-03 17:40:17 -07:00 · 2015-10-03 17:40:17 -07:00 · 859c6c5e68
parent 0ee282bbc2 4f7f20ba23
commit 859c6c5e68
2 changed files with 21 additions and 0 deletions
--- a/state/remote/s3.go
+++ b/state/remote/s3.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"log"
 	"os"
 	"strconv"

@ -45,6 +46,11 @@ func s3Factory(conf map[string]string) (Client, error) {
 		serverSideEncryption = v
 	}

+	acl := ""
+	if raw, ok := conf["acl"]; ok {
+		acl = raw
+	}
+
 	accessKeyId := conf["access_key"]
 	secretAccessKey := conf["secret_key"]

@ -77,6 +83,7 @@ func s3Factory(conf map[string]string) (Client, error) {
 		bucketName:           bucketName,
 		keyName:              keyName,
 		serverSideEncryption: serverSideEncryption,
+		acl:                  acl,
 	}, nil
 }

@ -85,6 +92,7 @@ type S3Client struct {
 	bucketName           string
 	keyName              string
 	serverSideEncryption bool
+	acl                  string
 }

 func (c *S3Client) Get() (*Payload, error) {
@ -140,6 +148,12 @@ func (c *S3Client) Put(data []byte) error {
 		i.ServerSideEncryption = aws.String("AES256")
 	}

+	if c.acl != "" {
+		i.ACL = aws.String(c.acl)
+	}
+
+	log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)
+
 	if _, err := c.nativeClient.PutObject(i); err == nil {
 		return nil
 	} else {
--- a/website/source/docs/commands/remote-config.html.markdown
+++ b/website/source/docs/commands/remote-config.html.markdown
@ -57,6 +57,13 @@ The following backends are supported:
  in the `access_key`, `secret_key` and `region` variables
  respectively, but passing credentials this way is not recommended since they
  will be included in cleartext inside the persisted state.
+  Other supported parameters include:
+  * `bucket` - the name of the S3 bucket
+  * `key` - path where to place/look for state file inside the bucket
+  * `encrypt` - whether to enable [server side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+    of the state file
+  * `acl` - [Canned ACL](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
+    to be applied to the state file.

 * HTTP - Stores the state using a simple REST client. State will be fetched
  via GET, updated via POST, and purged with DELETE. Requires the `address` variable.