provider/google: Add CORS support for google_storage_bucket.

builtin/providers/google/resource_storage_bucket.go

@@ -89,6 +89,40 @@ func resourceStorageBucket() *schema.Resource {
 					},
 				},
 			},
+
+			"cors": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"origin": &schema.Schema{
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						"method": &schema.Schema{
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						"response_header": &schema.Schema{
+							Type:     schema.TypeList,
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						"max_age_seconds": &schema.Schema{
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -132,6 +166,10 @@ func resourceStorageBucketCreate(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
+	if v, ok := d.GetOk("cors"); ok {
+		sb.Cors = expandCors(v.(*schema.Set).List())
+	}
+
 	var res *storage.Bucket
 
 	err = resource.Retry(1*time.Minute, func() *resource.RetryError {
@@ -197,6 +235,10 @@ func resourceStorageBucketUpdate(d *schema.ResourceData, meta interface{}) error
 		}
 	}
 
+	if v, ok := d.GetOk("cors"); ok {
+		sb.Cors = expandCors(v.(*schema.Set).List())
+	}
+
 	res, err := config.clientStorage.Buckets.Patch(d.Get("name").(string), sb).Do()
 
 	if err != nil {
@@ -230,6 +272,7 @@ func resourceStorageBucketRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("url", fmt.Sprintf("gs://%s", bucket))
 	d.Set("storage_class", res.StorageClass)
 	d.Set("location", res.Location)
+	d.Set("cors", flattenCors(res.Cors))
 	d.SetId(res.Id)
 	return nil
 }
@@ -295,3 +338,41 @@ func resourceStorageBucketStateImporter(d *schema.ResourceData, meta interface{}
 	d.Set("name", d.Id())
 	return []*schema.ResourceData{d}, nil
 }
+
+func expandCors(configured []interface{}) []*storage.BucketCors {
+	corsRules := make([]*storage.BucketCors, 0, len(configured))
+	for _, raw := range configured {
+		data := raw.(map[string]interface{})
+		corsRule := storage.BucketCors{}
+
+		corsRule.Origin = convertSchemaArrayToStringArray(data["origin"].([]interface{}))
+		corsRule.Method = convertSchemaArrayToStringArray(data["method"].([]interface{}))
+		corsRule.ResponseHeader = convertSchemaArrayToStringArray(data["response_header"].([]interface{}))
+
+		corsRule.MaxAgeSeconds = int64(data["max_age_seconds"].(int))
+		corsRules = append(corsRules, &corsRule)
+	}
+	return corsRules
+}
+
+func convertSchemaArrayToStringArray(input []interface{}) []string {
+	output := make([]string, 0, len(input))
+	for _, val := range input {
+		output = append(output, val.(string))
+	}
+
+	return output
+}
+
+func flattenCors(corsRules []*storage.BucketCors) []map[string]interface{} {
+	corsRulesSchema := make([]map[string]interface{}, 0, len(corsRules))
+	for _, corsRule := range corsRules {
+		data := make(map[string]interface{})
+		data["origin"] = corsRule.Origin
+		data["method"] = corsRule.Method
+		data["response_header"] = corsRule.ResponseHeader
+		data["max_age_seconds"] = corsRule.MaxAgeSeconds
+		corsRulesSchema = append(corsRulesSchema, data)
+	}
+	return corsRulesSchema
+}

builtin/providers/google/resource_storage_bucket_test.go

@@ -188,6 +188,25 @@ func TestAccStorageForceDestroy(t *testing.T) {
 	})
 }
 
+func TestAccStorage_cors(t *testing.T) {
+	bucketName := fmt.Sprintf("tf-test-acl-bucket-%d", acctest.RandInt())
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccGoogleStorageDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleStorageBucketsCors(bucketName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudStorageBucketExists(
+						"google_storage_bucket.bucket", bucketName),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckCloudStorageBucketExists(n string, bucketName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -302,3 +321,17 @@ resource "google_storage_bucket" "bucket" {
 }
 `, bucketName, storageClass, locationBlock)
 }
+
+func testGoogleStorageBucketsCors(bucketName string) string {
+	return fmt.Sprintf(`
+resource "google_storage_bucket" "bucket" {
+	name = "%s"
+	  cors {
+	    origin = ["abc", "def"]
+	    method = ["a1a"]
+	    response_header = ["123", "456", "789"]
+	    max_age_seconds = 10
+	  }
+}
+`, bucketName)
+}

website/source/docs/providers/google/r/storage_bucket.html.markdown

@@ -8,7 +8,7 @@ description: |-
 
 # google\_storage\_bucket
 
-Creates a new bucket in Google cloud storage service(GCS). Currently, it will not change location nor ACL once a bucket has been created with Terraform. For more information see [the official documentation](https://cloud.google.com/storage/docs/overview) and [API](https://cloud.google.com/storage/docs/json_api).
+Creates a new bucket in Google cloud storage service(GCS). Currently, it will not change location nor ACL once a bucket has been created with Terraform. For more information see [the official documentation](https://cloud.google.com/storage/docs/overview) and [API](https://cloud.google.com/storage/docs/json_api/v1/buckets).
 
 
 ## Example Usage
@@ -50,15 +50,27 @@ to `google_storage_bucket_acl.predefined_acl`.
 
 * `storage_class` - (Optional) The [Storage Class](https://cloud.google.com/storage/docs/storage-classes) of the new bucket. Supported values include: `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`.
 
-* `website` - (Optional) Configuration if the bucket acts as a website.
+* `website` - (Optional) Configuration if the bucket acts as a website. Structure is documented below.
 
-The optional `website` block supports:
+* `cors` - (Optional) The bucket's [Cross-Origin Resource Sharing (CORS)](https://www.w3.org/TR/cors/) configuration. Multiple blocks of this type are permitted. Structure is documented below.
+
+The `website` block supports:
 
 * `main_page_suffix` - (Optional) Behaves as the bucket's directory index where
     missing objects are treated as potential directories.
 
 * `not_found_page` - (Optional) The custom object to return when a requested
     resource is not found.
+
+The `cors` block supports:
+
+* `origin` - (Optional) The list of [Origins](https://tools.ietf.org/html/rfc6454) eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".
+
+* `method` - (Optional) The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
+
+* `response_header` - (Optional) 	The list of HTTP headers other than the [simple response headers](https://www.w3.org/TR/cors/#simple-response-header) to give permission for the user-agent to share across domains.
+
+* `max_age_seconds` - (Optional) 	The value, in seconds, to return in the [Access-Control-Max-Age header](https://www.w3.org/TR/cors/#access-control-max-age-response-header) used in preflight responses.
 
 ## Attributes Reference