GennadySpb
commented
5 years ago Hi @StupidScience ! There are plans for terraform resources for Yandex Object Storage exist but without ETA right now.
Closed StupidScience closed 3 years ago
GennadySpb
commented
5 years ago Hi @StupidScience ! There are plans for terraform resources for Yandex Object Storage exist but without ETA right now.
GennadySpb
commented
5 years ago @StupidScience I am pleased to announce that bucket support has been released 0.20.0.
StupidScience
commented
5 years ago Thanks for info. I'll give it a try.
StupidScience
commented
5 years ago @GennadySpb is there any way to give permissions for service accounts to buckets via terraform?
GennadySpb
commented
5 years ago @StupidScience right now you could use acl attribute to manage access to buckets.
StupidScience
commented
5 years ago @GennadySpb can't figure out how to grant bucket full control for service account. Can you pls provide an example?
GennadySpb
commented
5 years ago 1) create folder 2) create SA within folder from first step 3) grant "editor" role to that SA 4) create bucket inside folder from first step
StupidScience
commented
5 years ago @GennadySpb with this approach you grant Editor role to folder not bucket. So you need one bucket per folder. Right? But i need to add full control access for service account just to one bucket. So it should be analog for
aws --endpoint-url=https://storage.yandexcloud.net \
s3api put-bucket-acl \
--bucket mybucket \
--grant-full-control id=myserviceaccountidAlso i see no options to define folder that bucket should belong to.
StupidScience
commented
5 years ago So, @GennadySpb, any suggestions?
StupidScience
commented
4 years ago Hi, @GennadySpb Any news here?
alexanderKhaustov
commented
4 years ago Hi I'm afraid the cloud IAM model does not currently support separate access rights for anything more granular than a folder and there are no specific plans for such support.
StupidScience
commented
4 years ago This is already possible to do even with WebUI. And with aws-cli as well. Why is it not possible to do via terraform?
GennadySpb
commented
4 years ago Hi @StupidScience !
I back with news: check release 0.37.0. There is support to manage custom ACL for buckets.
StupidScience
commented
4 years ago @GennadySpb great news. I will give it a try during next week I hope
StupidScience
commented
4 years ago @GennadySpb I see no options to define folder that bucket should belong to. How is it configuring?
GennadySpb
commented
4 years ago @StupidScience so if you have created bucket then it is already belong to some folder.
Or the bucket will belong to the same folder as the service account, the static access key of which used during the creation operation.
StupidScience
commented
4 years ago @GennadySpb sorry for a long silence period. We've tested bucket creation with grant and it works well. However it is not so greatly convenient to have grant inside bucket resource. Especially when you have some grants to buckets for Users not for Service Accounts. So you have to specify all grants in bucket object to make it work.
GennadySpb
commented
4 years ago @StupidScience What a convenient way in your opinion?
yuanlinios
commented
4 years ago @StupidScience, I have the same requirement. Would you please share me an example on how to grant access to a service account inside the bucket resource?
Thanks!
apilikov
commented
3 years ago Closing the issue as there is no updates for a long time.
Do you have any plans for object storage bucket resource? If yes can you please provide any ETA for it?