1. Setting public read access for a GCP Storage object

    TypeScript

    Setting public read access to a Google Cloud Storage object can be achieved by modifying the access control list (ACL) of the object or bucket. In this case, we want to grant read access to an object to all users, which can be done by setting the object's ACL to publicRead.

    Below is a Pulumi program written in TypeScript that demonstrates how to set public read access for an object in a Google Cloud Storage bucket. It uses the gcp.storage.BucketObject resource to create an object and the gcp.storage.ObjectAccessControl resource to set the object's ACL.

    In this program, my-bucket is the name of the bucket where the object is stored, and my-object is the name of the object. Replace these with the appropriate names for your bucket and object. The entity is set to 'allUsers', which indicates that anyone on the internet can read the object without authenticating.

    import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; // Create a Google Cloud Storage bucket (if not already existing) const bucket = new gcp.storage.Bucket("my-bucket", { location: "US", }); // Upload an object to the bucket const bucketObject = new gcp.storage.BucketObject("my-object", { bucket: bucket.name, contentType: "text/plain", source: new pulumi.asset.FileAsset("./my-file.txt"), // Local file to be uploaded }); // Set the ACL of the object to 'publicRead' so that the object is publicly accessible const publicReadAcl = new gcp.storage.ObjectAccessControl("publicReadAcl", { bucket: bucket.name, object: bucketObject.name, entity: "allUsers", role: "READER", }); // Export the bucket name and the public URL of the object export const bucketName = bucket.name; export const objectPublicUrl = pulumi.interpolate`https://storage.googleapis.com/${bucket.name}/${bucketObject.name}`;

    Explanation:

    • @pulumi/pulumi and @pulumi/gcp are imported to work with Pulumi and Google Cloud resources.
    • A new bucket is created using gcp.storage.Bucket with my-bucket as its name and 'US' as its location.
    • A new object is created inside the specified bucket using gcp.storage.BucketObject.
      • The name property sets the object's name.
      • The bucket property links the object to the created bucket.
      • The contentType property specifies the type of content (for example, 'text/plain' for text files).
      • The source property uploads a local file to the bucket; ./my-file.txt should be replaced with the path to the file you wish to upload.
    • An ACL entry for the object is then created using gcp.storage.ObjectAccessControl.
      • It binds the allUsers entity to the 'READER' role for the bucket object, effectively setting the object's permission to public read.

    What happens when you run this code:

    • Pulumi provisions a new Google Cloud Storage bucket if it doesn't already exist.
    • The specified file is uploaded to the Storage bucket as an object.
    • The object's ACL is modified to give read access to the public.
    • This object's publicly accessible URL is exported and can be used to access the file.