This PR changes the API calls made by the internal function UpsertBucket, previously this function would call CreateBucket and then if that returned a AlreadyExists/Conflict status code it would call UpdateBucket to set the bucket labels and description on the bucket. This lead to failures with bucket level service principals because the principal would be scoped to only access the existing bucket, and so Packer would error out because of making an unauthorized request.
To handle this I have changed UpsertBucket to call GetBucket first, if GetBucket 404s the method then calls Create, if GetBucket succeeds it calls UpdateBucket, and if GetBucket fails with a non 404 status code Packer exits with the error from GetBucket.
This PR changes the API calls made by the internal function
UpsertBucket
, previously this function would call CreateBucket and then if that returned a AlreadyExists/Conflict status code it would call UpdateBucket to set the bucket labels and description on the bucket. This lead to failures with bucket level service principals because the principal would be scoped to only access the existing bucket, and so Packer would error out because of making an unauthorized request.To handle this I have changed UpsertBucket to call GetBucket first, if GetBucket 404s the method then calls Create, if GetBucket succeeds it calls UpdateBucket, and if GetBucket fails with a non 404 status code Packer exits with the error from GetBucket.