Setting public read access for a GCP Storage object
TypeScriptSetting public read access to a Google Cloud Storage object can be achieved by modifying the access control list (ACL) of the object or bucket. In this case, we want to grant read access to an object to all users, which can be done by setting the object's ACL to
publicRead
.Below is a Pulumi program written in TypeScript that demonstrates how to set public read access for an object in a Google Cloud Storage bucket. It uses the
gcp.storage.BucketObject
resource to create an object and thegcp.storage.ObjectAccessControl
resource to set the object's ACL.In this program,
my-bucket
is the name of the bucket where the object is stored, andmy-object
is the name of the object. Replace these with the appropriate names for your bucket and object. Theentity
is set to'allUsers'
, which indicates that anyone on the internet can read the object without authenticating.import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; // Create a Google Cloud Storage bucket (if not already existing) const bucket = new gcp.storage.Bucket("my-bucket", { location: "US", }); // Upload an object to the bucket const bucketObject = new gcp.storage.BucketObject("my-object", { bucket: bucket.name, contentType: "text/plain", source: new pulumi.asset.FileAsset("./my-file.txt"), // Local file to be uploaded }); // Set the ACL of the object to 'publicRead' so that the object is publicly accessible const publicReadAcl = new gcp.storage.ObjectAccessControl("publicReadAcl", { bucket: bucket.name, object: bucketObject.name, entity: "allUsers", role: "READER", }); // Export the bucket name and the public URL of the object export const bucketName = bucket.name; export const objectPublicUrl = pulumi.interpolate`https://storage.googleapis.com/${bucket.name}/${bucketObject.name}`;
Explanation:
@pulumi/pulumi
and@pulumi/gcp
are imported to work with Pulumi and Google Cloud resources.- A new bucket is created using
gcp.storage.Bucket
withmy-bucket
as its name and 'US' as its location. - A new object is created inside the specified bucket using
gcp.storage.BucketObject
.- The
name
property sets the object's name. - The
bucket
property links the object to the created bucket. - The
contentType
property specifies the type of content (for example,'text/plain'
for text files). - The
source
property uploads a local file to the bucket;./my-file.txt
should be replaced with the path to the file you wish to upload.
- The
- An ACL entry for the object is then created using
gcp.storage.ObjectAccessControl
.- It binds the
allUsers
entity to the'READER'
role for the bucket object, effectively setting the object's permission to public read.
- It binds the
What happens when you run this code:
- Pulumi provisions a new Google Cloud Storage bucket if it doesn't already exist.
- The specified file is uploaded to the Storage bucket as an object.
- The object's ACL is modified to give read access to the public.
- This object's publicly accessible URL is exported and can be used to access the file.