Module storage

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

Resources

Data Sources

Others

Resources

Resource Bucket

class Bucket extends CustomResource

Creates a new bucket in Google cloud storage service (GCS). Once a bucket has been created, its location can’t be changed. ACLs can be applied using the gcp.storage.BucketACL resource.

For more information see the official documentation and API.

Note: If the project id is not set on the resource or in the provider block it will be dynamically determined which will require enabling the compute api.

Example Usage

Example creating a private bucket in standard storage, in the EU region.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const imageStore = new gcp.storage.Bucket("image-store", {
    location: "EU",
    website: {
        mainPageSuffix: "index.html",
        notFoundPage: "404.html",
    },
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_bucket.html.markdown.

constructor

new Bucket(name: string, args?: BucketArgs, opts?: pulumi.CustomResourceOptions)

Create a Bucket resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketState, opts?: pulumi.CustomResourceOptions): Bucket

Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Bucket. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method onObjectArchived

onObjectArchived(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when a live version of an object is archived or deleted.

This event is only sent for versioning buckets.

See https://cloud.google.com/storage/docs/object-versioning for more details.

method onObjectDeleted

onObjectDeleted(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when an object is permanently deleted. Depending on the object versioning setting for a bucket this means:

  1. For versioning buckets, this is only sent when a version is permanently deleted (but not when an object is archived).

  2. For non-versioning buckets, this is sent when an object is deleted or overwritten.

See https://cloud.google.com/storage/docs/object-versioning for more details.

method onObjectEvent

onObjectEvent(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args: BucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Generic helper for registering for any event.

method onObjectFinalized

onObjectFinalized(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when a new object is created (or an existing object is overwritten, and a new generation of that object is created) in this bucket.

method onObjectMetadataUpdated

onObjectMetadataUpdated(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when the metadata of an existing object changes.

See https://cloud.google.com/storage/docs/metadata for more details.

property bucketPolicyOnly

public bucketPolicyOnly: pulumi.Output<boolean>;

Enables Bucket Policy Only access to a bucket.

property cors

public cors: pulumi.Output<outputs.storage.BucketCor[] | undefined>;

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

property encryption

public encryption: pulumi.Output<outputs.storage.BucketEncryption | undefined>;

The bucket’s encryption configuration.

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, this provider will fail that run.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property labels

public labels: pulumi.Output<{[key: string]: string} | undefined>;

A set of key/value label pairs to assign to the bucket.

property lifecycleRules

public lifecycleRules: pulumi.Output<outputs.storage.BucketLifecycleRule[] | undefined>;

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

property location

public location: pulumi.Output<string | undefined>;

The GCS location

property logging

public logging: pulumi.Output<outputs.storage.BucketLogging | undefined>;

The bucket’s Access & Storage Logs configuration.

property name

public name: pulumi.Output<string>;

The name of the bucket.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property requesterPays

public requesterPays: pulumi.Output<boolean | undefined>;

Enables Requester Pays on a storage bucket.

property retentionPolicy

public retentionPolicy: pulumi.Output<outputs.storage.BucketRetentionPolicy | undefined>;

Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained. Structure is documented below.

public selfLink: pulumi.Output<string>;

The URI of the created resource.

property storageClass

public storageClass: pulumi.Output<string | undefined>;

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

property url

public url: pulumi.Output<string>;

The base URL of the bucket, in the format gs://<bucket-name>.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versioning

public versioning: pulumi.Output<outputs.storage.BucketVersioning | undefined>;

The bucket’s Versioning configuration.

property website

public website: pulumi.Output<outputs.storage.BucketWebsite | undefined>;

Configuration if the bucket acts as a website. Structure is documented below.

Resource BucketACL

class BucketACL extends CustomResource

Creates a new bucket ACL in Google cloud storage service (GCS). For more information see the official documentation and API.

Example Usage

Example creating an ACL on a bucket with one owner, and one reader.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const imageStore = new gcp.storage.Bucket("image-store", {
    location: "EU",
});
const imageStoreAcl = new gcp.storage.BucketACL("image-store-acl", {
    bucket: image_store.name,
    roleEntities: [
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_bucket_acl.html.markdown.

constructor

new BucketACL(name: string, args: BucketACLArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketACL resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketACLState, opts?: pulumi.CustomResourceOptions): BucketACL

Get an existing BucketACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of BucketACL. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property defaultAcl

public defaultAcl: pulumi.Output<string | undefined>;

Configure this ACL to be the default ACL.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property predefinedAcl

public predefinedAcl: pulumi.Output<string | undefined>;

The canned GCS ACL to apply. Must be set if roleEntity is not.

property roleEntities

public roleEntities: pulumi.Output<string[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefinedAcl is not.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketIAMBinding

class BucketIAMBinding extends CustomResource

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • gcp.storage.BucketIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • gcp.storage.BucketIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • gcp.storage.BucketIAMPolicy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple gcp.storage.BucketIAMBinding resources will be much safer. See the usage example on how to work with policy correctly.

Note: gcp.storage.BucketIAMBinding resources can be used in conjunction with gcp.storage.BucketIAMMember resources only if they do not grant privilege to the same role.

google_storage_bucket_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.storage.BucketIAMBinding("binding", {
    bucket: "your-bucket-name",
    members: ["user:jane@example.com"],
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.storage.BucketIAMMember("member", {
    bucket: "your-bucket-name",
    member: "user:jane@example.com",
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_policy

When applying a policy that does not include the roles listed below, you lose the default permissions which google adds to your bucket: * roles/storage.legacyBucketOwner * roles/storage.legacyBucketReader

If this happens only an entity with roles/storage.admin privileges can repair this bucket’s policies. It is recommended to include the above roles in policies to get the same behaviour as with the other two options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const fooPolicy = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["group:yourgroup@example.com"],
        role: "roles/your-role",
    }],
});
const member = new gcp.storage.BucketIAMPolicy("member", {
    bucket: "your-bucket-name",
    policyData: foo_policy.policyData,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_bucket_iam_binding.html.markdown.

constructor

new BucketIAMBinding(name: string, args: BucketIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMBindingState, opts?: pulumi.CustomResourceOptions): BucketIAMBinding

Get an existing BucketIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of BucketIAMBinding. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketIAMMember

class BucketIAMMember extends CustomResource

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • gcp.storage.BucketIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • gcp.storage.BucketIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • gcp.storage.BucketIAMPolicy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple gcp.storage.BucketIAMBinding resources will be much safer. See the usage example on how to work with policy correctly.

Note: gcp.storage.BucketIAMBinding resources can be used in conjunction with gcp.storage.BucketIAMMember resources only if they do not grant privilege to the same role.

google_storage_bucket_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.storage.BucketIAMBinding("binding", {
    bucket: "your-bucket-name",
    members: ["user:jane@example.com"],
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.storage.BucketIAMMember("member", {
    bucket: "your-bucket-name",
    member: "user:jane@example.com",
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_policy

When applying a policy that does not include the roles listed below, you lose the default permissions which google adds to your bucket: * roles/storage.legacyBucketOwner * roles/storage.legacyBucketReader

If this happens only an entity with roles/storage.admin privileges can repair this bucket’s policies. It is recommended to include the above roles in policies to get the same behaviour as with the other two options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const fooPolicy = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["group:yourgroup@example.com"],
        role: "roles/your-role",
    }],
});
const member = new gcp.storage.BucketIAMPolicy("member", {
    bucket: "your-bucket-name",
    policyData: foo_policy.policyData,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_bucket_iam_member.html.markdown.

constructor

new BucketIAMMember(name: string, args: BucketIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMMemberState, opts?: pulumi.CustomResourceOptions): BucketIAMMember

Get an existing BucketIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of BucketIAMMember. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketIAMPolicy

class BucketIAMPolicy extends CustomResource

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • gcp.storage.BucketIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • gcp.storage.BucketIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • gcp.storage.BucketIAMPolicy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple gcp.storage.BucketIAMBinding resources will be much safer. See the usage example on how to work with policy correctly.

Note: gcp.storage.BucketIAMBinding resources can be used in conjunction with gcp.storage.BucketIAMMember resources only if they do not grant privilege to the same role.

google_storage_bucket_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.storage.BucketIAMBinding("binding", {
    bucket: "your-bucket-name",
    members: ["user:jane@example.com"],
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.storage.BucketIAMMember("member", {
    bucket: "your-bucket-name",
    member: "user:jane@example.com",
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_policy

When applying a policy that does not include the roles listed below, you lose the default permissions which google adds to your bucket: * roles/storage.legacyBucketOwner * roles/storage.legacyBucketReader

If this happens only an entity with roles/storage.admin privileges can repair this bucket’s policies. It is recommended to include the above roles in policies to get the same behaviour as with the other two options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const fooPolicy = gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["group:yourgroup@example.com"],
        role: "roles/your-role",
    }],
});
const member = new gcp.storage.BucketIAMPolicy("member", {
    bucket: "your-bucket-name",
    policyData: foo_policy.policyData,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_bucket_iam_policy.html.markdown.

constructor

new BucketIAMPolicy(name: string, args: BucketIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMPolicyState, opts?: pulumi.CustomResourceOptions): BucketIAMPolicy

Get an existing BucketIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of BucketIAMPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource BucketObject

class BucketObject extends CustomResource

Creates a new object inside an existing bucket in Google cloud storage service (GCS). ACLs can be applied using the gcp.storage.ObjectACL resource. For more information see the official documentation and API.

Example Usage

Example creating a public object in an existing image-store bucket.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const picture = new gcp.storage.BucketObject("picture", {
    bucket: "image-store",
    source: new pulumi.asset.FileAsset("/images/nature/garden-tiger-moth.jpg"),
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_bucket_object.html.markdown.

constructor

new BucketObject(name: string, args: BucketObjectArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketObject resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketObjectState, opts?: pulumi.CustomResourceOptions): BucketObject

Get an existing BucketObject resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of BucketObject. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the containing bucket.

property cacheControl

public cacheControl: pulumi.Output<string | undefined>;

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

public content: pulumi.Output<string | undefined>;

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.

property contentDisposition

public contentDisposition: pulumi.Output<string | undefined>;

Content-Disposition of the object data.

property contentEncoding

public contentEncoding: pulumi.Output<string | undefined>;

Content-Encoding of the object data.

property contentLanguage

public contentLanguage: pulumi.Output<string | undefined>;

Content-Language of the object data.

property contentType

public contentType: pulumi.Output<string>;

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property crc32c

public crc32c: pulumi.Output<string>;

(Computed) Base 64 CRC32 hash of the uploaded data.

property detectMd5hash

public detectMd5hash: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property md5hash

public md5hash: pulumi.Output<string>;

(Computed) Base 64 MD5 hash of the uploaded data.

property name

public name: pulumi.Output<string>;

The name of the object. If you’re interpolating the name of this object, see outputName instead.

property outputName

public outputName: pulumi.Output<string>;

(Computed) The name of the object. Use this field in interpolations with gcp.storage.ObjectACL to recreate gcp.storage.ObjectACL resources when your gcp.storage.BucketObject is recreated.

public selfLink: pulumi.Output<string>;

(Computed) A url reference to this object.

property source

public source: pulumi.Output<pulumi.asset.Asset | pulumi.asset.Archive | undefined>;

A path to the data you want to upload. Must be defined if content is not.

property storageClass

public storageClass: pulumi.Output<string>;

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DefaultObjectAccessControl

class DefaultObjectAccessControl extends CustomResource

The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within a Google Cloud Storage bucket when no ACL was provided for that object. ACLs let you specify who has access to your bucket contents and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about DefaultObjectAccessControl, see:

Example Usage - Storage Default Object Access Control Public

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("bucket", {});
const publicRule = new gcp.storage.DefaultObjectAccessControl("publicRule", {
    bucket: bucket.name,
    entity: "allUsers",
    role: "READER",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_default_object_access_control.html.markdown.

constructor

new DefaultObjectAccessControl(name: string, args: DefaultObjectAccessControlArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultObjectAccessControl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultObjectAccessControlState, opts?: pulumi.CustomResourceOptions): DefaultObjectAccessControl

Get an existing DefaultObjectAccessControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of DefaultObjectAccessControl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

property domain

public domain: pulumi.Output<string>;

property email

public email: pulumi.Output<string>;

property entity

public entity: pulumi.Output<string>;

property entityId

public entityId: pulumi.Output<string>;

property generation

public generation: pulumi.Output<number>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property object

public object: pulumi.Output<string | undefined>;

property projectTeam

public projectTeam: pulumi.Output<outputs.storage.DefaultObjectAccessControlProjectTeam>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DefaultObjectACL

class DefaultObjectACL extends CustomResource

Authoritatively manages the default object ACLs for a Google Cloud Storage bucket without managing the bucket itself.

Note that for each object, its creator will have the "OWNER" role in addition to the default ACL that has been defined.

For more information see the official documentation and API.

Want fine-grained control over default object ACLs? Use gcp.storage.DefaultObjectAccessControl to control individual role entity pairs.

Example Usage

Example creating a default object ACL on a bucket with one owner, and one reader.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const imageStore = new gcp.storage.Bucket("image-store", {
    location: "EU",
});
const imageStoreDefaultAcl = new gcp.storage.DefaultObjectACL("image-store-default-acl", {
    bucket: image_store.name,
    roleEntities: [
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_default_object_acl.html.markdown.

constructor

new DefaultObjectACL(name: string, args: DefaultObjectACLArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultObjectACL resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultObjectACLState, opts?: pulumi.CustomResourceOptions): DefaultObjectACL

Get an existing DefaultObjectACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of DefaultObjectACL. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property roleEntities

public roleEntities: pulumi.Output<string[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Notification

class Notification extends CustomResource

Creates a new notification configuration on a specified bucket, establishing a flow of event notifications from GCS to a Cloud Pub/Sub topic. For more information see the official documentation and API.

In order to enable notifications, a special Google Cloud Storage service account unique to the project must have the IAM permission “projects.topics.publish” for a Cloud Pub/Sub topic in the project. To get the service account’s email address, use the gcp.storage.getProjectServiceAccount datasource’s emailAddress value, and see below for an example of enabling notifications by granting the correct IAM permission. See the notifications documentation for more details.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const gcsAccount = gcp.storage.getProjectServiceAccount({});
const topic = new gcp.pubsub.Topic("topic", {});
const bucket = new gcp.storage.Bucket("bucket", {});
const binding = new gcp.pubsub.TopicIAMBinding("binding", {
    members: [`serviceAccount:${gcsAccount.emailAddress}`],
    role: "roles/pubsub.publisher",
    topic: topic.name,
});
const notification = new gcp.storage.Notification("notification", {
    bucket: bucket.name,
    customAttributes: {
        "new-attribute": "new-attribute-value",
    },
    eventTypes: [
        "OBJECT_FINALIZE",
        "OBJECT_METADATA_UPDATE",
    ],
    payloadFormat: "JSON_API_V1",
    topic: topic.id,
}, {dependsOn: [binding]});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_notification.html.markdown.

constructor

new Notification(name: string, args: NotificationArgs, opts?: pulumi.CustomResourceOptions)

Create a Notification resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NotificationState, opts?: pulumi.CustomResourceOptions): Notification

Get an existing Notification resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Notification. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket.

property customAttributes

public customAttributes: pulumi.Output<{[key: string]: string} | undefined>;

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

property eventTypes

public eventTypes: pulumi.Output<string[] | undefined>;

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property objectNamePrefix

public objectNamePrefix: pulumi.Output<string | undefined>;

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

property payloadFormat

public payloadFormat: pulumi.Output<string>;

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

public selfLink: pulumi.Output<string>;

The URI of the created resource.

property topic

public topic: pulumi.Output<string>;

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ObjectAccessControl

class ObjectAccessControl extends CustomResource

The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about ObjectAccessControl, see:

Example Usage - Storage Object Access Control Public Object

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("bucket", {});
const object = new gcp.storage.BucketObject("object", {
    bucket: bucket.name,
    source: new pulumi.asset.FileAsset("../static/img/header-logo.png"),
});
const publicRule = new gcp.storage.ObjectAccessControl("publicRule", {
    bucket: bucket.name,
    entity: "allUsers",
    object: object.outputName,
    role: "READER",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_object_access_control.html.markdown.

constructor

new ObjectAccessControl(name: string, args: ObjectAccessControlArgs, opts?: pulumi.CustomResourceOptions)

Create a ObjectAccessControl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ObjectAccessControlState, opts?: pulumi.CustomResourceOptions): ObjectAccessControl

Get an existing ObjectAccessControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ObjectAccessControl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

property domain

public domain: pulumi.Output<string>;

property email

public email: pulumi.Output<string>;

property entity

public entity: pulumi.Output<string>;

property entityId

public entityId: pulumi.Output<string>;

property generation

public generation: pulumi.Output<number>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property object

public object: pulumi.Output<string>;

property projectTeam

public projectTeam: pulumi.Output<outputs.storage.ObjectAccessControlProjectTeam>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ObjectACL

class ObjectACL extends CustomResource

Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a gcp.storage.ObjectACL sets the acl to the private predefined ACL.

For more information see the official documentation and API.

Want fine-grained control over object ACLs? Use gcp.storage.ObjectAccessControl to control individual role entity pairs.

Example Usage

Create an object ACL with one owner and one reader.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const imageStore = new gcp.storage.Bucket("image-store", {
    location: "EU",
});
const image = new gcp.storage.BucketObject("image", {
    bucket: image_store.name,
    source: new pulumi.asset.FileAsset("image1.jpg"),
});
const imageStoreAcl = new gcp.storage.ObjectACL("image-store-acl", {
    bucket: image_store.name,
    object: image.outputName,
    roleEntities: [
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_object_acl.html.markdown.

constructor

new ObjectACL(name: string, args: ObjectACLArgs, opts?: pulumi.CustomResourceOptions)

Create a ObjectACL resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ObjectACLState, opts?: pulumi.CustomResourceOptions): ObjectACL

Get an existing ObjectACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ObjectACL. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket the object is stored in.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property object

public object: pulumi.Output<string>;

The name of the object to apply the acl to.

property predefinedAcl

public predefinedAcl: pulumi.Output<string | undefined>;

The “canned” predefined ACL to apply. Must be set if roleEntity is not.

property roleEntities

public roleEntities: pulumi.Output<string[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefinedAcl is not.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource TransferJob

class TransferJob extends CustomResource

Creates a new Transfer Job in Google Cloud Storage Transfer.

To get more information about Google Cloud Storage Transfer, see:

Example Usage

Example creating a nightly Transfer Job from an AWS S3 Bucket to a GCS bucket.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultTransferProjectServieAccount = gcp.storage.getTransferProjectServieAccount({
    project: var_project,
});
const s3_backup_bucketBucket = new gcp.storage.Bucket("s3-backup-bucket", {
    project: var_project,
    storageClass: "NEARLINE",
});
const s3_backup_bucketBucketIAMMember = new gcp.storage.BucketIAMMember("s3-backup-bucket", {
    bucket: s3_backup_bucketBucket.name,
    member: `serviceAccount:${defaultTransferProjectServieAccount.email}`,
    role: "roles/storage.admin",
}, {dependsOn: [s3_backup_bucketBucket]});
const s3BucketNightlyBackup = new gcp.storage.TransferJob("s3-bucket-nightly-backup", {
    description: "Nightly backup of S3 bucket",
    project: var_project,
    schedule: {
        scheduleEndDate: {
            day: 15,
            month: 1,
            year: 2019,
        },
        scheduleStartDate: {
            day: 1,
            month: 10,
            year: 2018,
        },
        startTimeOfDay: {
            hours: 23,
            minutes: 30,
            nanos: 0,
            seconds: 0,
        },
    },
    transferSpec: {
        awsS3DataSource: {
            awsAccessKey: {
                accessKeyId: var_aws_access_key,
                secretAccessKey: var_aws_secret_key,
            },
            bucketName: var_aws_s3_bucket,
        },
        gcsDataSink: {
            bucketName: s3_backup_bucketBucket.name,
        },
        objectConditions: {
            excludePrefixes: ["requests.gz"],
            maxTimeElapsedSinceLastModification: "600s",
        },
        transferOptions: {
            deleteObjectsUniqueInSink: false,
        },
    },
}, {dependsOn: [s3_backup_bucketBucketIAMMember]});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/r/storage_transfer_job.html.markdown.

constructor

new TransferJob(name: string, args: TransferJobArgs, opts?: pulumi.CustomResourceOptions)

Create a TransferJob resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TransferJobState, opts?: pulumi.CustomResourceOptions): TransferJob

Get an existing TransferJob resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of TransferJob. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property creationTime

public creationTime: pulumi.Output<string>;

When the Transfer Job was created.

property deletionTime

public deletionTime: pulumi.Output<string>;

When the Transfer Job was deleted.

property description

public description: pulumi.Output<string>;

Unique description to identify the Transfer Job.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lastModificationTime

public lastModificationTime: pulumi.Output<string>;

When the Transfer Job was last modified.

property name

public name: pulumi.Output<string>;

The name of the Transfer Job.

property project

public project: pulumi.Output<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property schedule

public schedule: pulumi.Output<outputs.storage.TransferJobSchedule>;

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

property status

public status: pulumi.Output<string | undefined>;

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

property transferSpec

public transferSpec: pulumi.Output<outputs.storage.TransferJobTransferSpec>;

Transfer specification. Structure documented below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Data Sources

Data Source getBucketObject

getBucketObject(args?: GetBucketObjectArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketObjectResult> & GetBucketObjectResult

Gets an existing object inside an existing bucket in Google Cloud Storage service (GCS). See the official documentation and API.

Example Usage

Example picture stored within a folder.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const picture = gcp.storage.getBucketObject({
    bucket: "image-store",
    name: "folder/butterfly01.jpg",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/storage_bucket_object.html.markdown.

Data Source getObjectSignedUrl

getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: pulumi.InvokeOptions): Promise<GetObjectSignedUrlResult> & GetObjectSignedUrlResult

The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.

For more info about signed URL’s is available here.

Full Example

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";

const getUrl = gcp.storage.getObjectSignedUrl({
    bucket: "friedChicken",
    contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
    contentType: "text/plain",
    credentials: fs.readFileSync("path/to/credentials.json", "utf-8"),
    duration: "2d",
    extensionHeaders: {
        "x-goog-if-generation-match": 1,
    },
    path: "path/to/file",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/storage_object_signed_url.html.markdown.

Data Source getProjectServiceAccount

getProjectServiceAccount(args?: GetProjectServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectServiceAccountResult> & GetProjectServiceAccountResult

Get the email address of a project’s unique Google Cloud Storage service account.

Each Google Cloud project has a unique service account for use with Google Cloud Storage. Only this special service account can be used to set up gcp.storage.Notification resources.

For more information see the API reference.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const gcsAccount = gcp.storage.getProjectServiceAccount({});
const binding = new gcp.pubsub.TopicIAMBinding("binding", {
    members: [`serviceAccount:${gcsAccount.emailAddress}`],
    role: "roles/pubsub.publisher",
    topic: google_pubsub_topic_topic.name,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/storage_project_service_account.html.markdown.

Data Source getTransferProjectServieAccount

getTransferProjectServieAccount(args?: GetTransferProjectServieAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetTransferProjectServieAccountResult> & GetTransferProjectServieAccountResult

Use this data source to retrieve Storage Transfer service account for this project

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultTransferProjectServieAccount = gcp.storage.getTransferProjectServieAccount({});

export const defaultAccount = defaultTransferProjectServieAccount.email;

This content is derived from https://github.com/terraform-providers/terraform-provider-google/blob/master/website/docs/d/storage_transfer_project_service_account.html.markdown.

Others

interface BucketACLArgs

interface BucketACLArgs

The set of arguments for constructing a BucketACL resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property defaultAcl

defaultAcl?: pulumi.Input<string>;

Configure this ACL to be the default ACL.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The canned GCS ACL to apply. Must be set if roleEntity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefinedAcl is not.

interface BucketACLState

interface BucketACLState

Input properties used for looking up and filtering BucketACL resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property defaultAcl

defaultAcl?: pulumi.Input<string>;

Configure this ACL to be the default ACL.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The canned GCS ACL to apply. Must be set if roleEntity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefinedAcl is not.

interface BucketArgs

interface BucketArgs

The set of arguments for constructing a Bucket resource.

property bucketPolicyOnly

bucketPolicyOnly?: pulumi.Input<boolean>;

Enables Bucket Policy Only access to a bucket.

property cors

cors?: pulumi.Input<pulumi.Input<inputs.storage.BucketCor>[]>;

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

property encryption

encryption?: pulumi.Input<inputs.storage.BucketEncryption>;

The bucket’s encryption configuration.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, this provider will fail that run.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value label pairs to assign to the bucket.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<inputs.storage.BucketLifecycleRule>[]>;

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

property location

location?: pulumi.Input<string>;

The GCS location

property logging

logging?: pulumi.Input<inputs.storage.BucketLogging>;

The bucket’s Access & Storage Logs configuration.

property name

name?: pulumi.Input<string>;

The name of the bucket.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property requesterPays

requesterPays?: pulumi.Input<boolean>;

Enables Requester Pays on a storage bucket.

property retentionPolicy

retentionPolicy?: pulumi.Input<inputs.storage.BucketRetentionPolicy>;

Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained. Structure is documented below.

property storageClass

storageClass?: pulumi.Input<string>;

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

property versioning

versioning?: pulumi.Input<inputs.storage.BucketVersioning>;

The bucket’s Versioning configuration.

property website

website?: pulumi.Input<inputs.storage.BucketWebsite>;

Configuration if the bucket acts as a website. Structure is documented below.

interface BucketContext

interface BucketContext extends Context

Shape of the [context] object passed to a Cloud Function when a bucket event fires.

property eventId

eventId: string;

A unique ID for the event. For example: “70172329041928”.

property eventType

eventType: "google.storage.object.finalize" | "google.storage.object.delete" | "google.storage.object.archive" | "google.storage.object.metadataUpdate";

The type of the event.

property resource

resource: {
    name: string;
    service: "storage.googleapis.com";
    type: "storage#object";
};

The resource that emitted the event.

property timestamp

timestamp: string;

The date/time this event was created. For example: “2018-04-09T07:56:12.975Z”.

interface BucketData

interface BucketData

Shape of the [data] object passed to a Cloud Function when a bucket event fires.

See https://cloud.google.com/storage/docs/json_api/v1/objects for more details.

property bucket

bucket: string;

property contentType

contentType: string;

property crc32c

crc32c: string;

property etag

etag: string;

property generation

generation: number;

property id

id: string;

property kind

kind: "storage#object";

property md5Hash

md5Hash: string;
mediaLink: string;

property metadata

metadata: Record<string, string>;

property metageneration

metageneration: number;

property name

name: string;
selfLink: string;

property size

size: number;

property storageClass

storageClass: string;

property timeCreated

timeCreated: string;

property timeStorageClassUpdated

timeStorageClassUpdated: string;

property updated

updated: string;

interface BucketEventArgs

interface BucketEventArgs

property failurePolicy

failurePolicy?: cloudfunctions.FailurePolicy;

property triggerType

triggerType: "finalize" | "delete" | "archive" | "metadataUpdate";

interface BucketEventCallbackFunctionArgs

interface BucketEventCallbackFunctionArgs extends CallbackFunctionArgs

Arguments that can be provided to control the Cloud Function created as the serverless endpoint for a bucket event.

property availableMemoryMb

availableMemoryMb?: pulumi.Input<number>;

Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.

property bucket

bucket?: storage.Bucket;

The bucket to use as the sourceArchiveBucket for the generated CloudFunctions Function source to be placed in. A fresh [storage.BucketObject] will be made there containing the serialized code.

property callback

callback?: BucketEventHandler;

property callbackFactory

callbackFactory?: undefined | () => BucketEventHandler;

property codePathOptions

codePathOptions?: pulumi.runtime.CodePathOptions;

Options to control which paths/packages should be included or excluded in the zip file containing the code for the GCP Function.

property description

description?: pulumi.Input<string>;

Description of the function.

property environmentVariables

environmentVariables?: pulumi.Input<{[key: string]: any}>;

A set of key/value environment variable pairs to assign to the function.

property eventTrigger

eventTrigger?: undefined;

property httpsTriggerUrl

httpsTriggerUrl?: undefined;

property labels

labels?: pulumi.Input<{[key: string]: any}>;

A set of key/value label pairs to assign to the function.

property project

project?: pulumi.Input<string>;

Project of the function. If it is not provided, the provider project is used.

property region

region?: pulumi.Input<string>;

Region of function. Currently can be only “us-central1”. If it is not provided, the provider region is used.

property serviceAccountEmail

serviceAccountEmail?: pulumi.Input<string>;

If provided, the self-provided service account to run the function with.

property timeout

timeout?: pulumi.Input<number>;

Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.

property triggerHttp

triggerHttp?: undefined;

type BucketEventHandler

type BucketEventHandler = cloudfunctions.Callback<BucketData, BucketContext, void>;

interface BucketIAMBindingArgs

interface BucketIAMBindingArgs

The set of arguments for constructing a BucketIAMBinding resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMBindingState

interface BucketIAMBindingState

Input properties used for looking up and filtering BucketIAMBinding resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMMemberArgs

interface BucketIAMMemberArgs

The set of arguments for constructing a BucketIAMMember resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property member

member: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMMemberState

interface BucketIAMMemberState

Input properties used for looking up and filtering BucketIAMMember resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property member

member?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMPolicyArgs

interface BucketIAMPolicyArgs

The set of arguments for constructing a BucketIAMPolicy resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property policyData

policyData: pulumi.Input<string>;

interface BucketIAMPolicyState

interface BucketIAMPolicyState

Input properties used for looking up and filtering BucketIAMPolicy resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property policyData

policyData?: pulumi.Input<string>;

interface BucketObjectArgs

interface BucketObjectArgs

The set of arguments for constructing a BucketObject resource.

property bucket

bucket: pulumi.Input<string>;

The name of the containing bucket.

property cacheControl

cacheControl?: pulumi.Input<string>;

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

content?: pulumi.Input<string>;

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Content-Disposition of the object data.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Content-Encoding of the object data.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

Content-Language of the object data.

property contentType

contentType?: pulumi.Input<string>;

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property detectMd5hash

detectMd5hash?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

The name of the object. If you’re interpolating the name of this object, see outputName instead.

property source

source?: pulumi.Input<pulumi.asset.Asset | pulumi.asset.Archive>;

A path to the data you want to upload. Must be defined if content is not.

property storageClass

storageClass?: pulumi.Input<string>;

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

interface BucketObjectState

interface BucketObjectState

Input properties used for looking up and filtering BucketObject resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the containing bucket.

property cacheControl

cacheControl?: pulumi.Input<string>;

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

content?: pulumi.Input<string>;

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Content-Disposition of the object data.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Content-Encoding of the object data.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

Content-Language of the object data.

property contentType

contentType?: pulumi.Input<string>;

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property crc32c

crc32c?: pulumi.Input<string>;

(Computed) Base 64 CRC32 hash of the uploaded data.

property detectMd5hash

detectMd5hash?: pulumi.Input<string>;

property md5hash

md5hash?: pulumi.Input<string>;

(Computed) Base 64 MD5 hash of the uploaded data.

property name

name?: pulumi.Input<string>;

The name of the object. If you’re interpolating the name of this object, see outputName instead.

property outputName

outputName?: pulumi.Input<string>;

(Computed) The name of the object. Use this field in interpolations with gcp.storage.ObjectACL to recreate gcp.storage.ObjectACL resources when your gcp.storage.BucketObject is recreated.

selfLink?: pulumi.Input<string>;

(Computed) A url reference to this object.

property source

source?: pulumi.Input<pulumi.asset.Asset | pulumi.asset.Archive>;

A path to the data you want to upload. Must be defined if content is not.

property storageClass

storageClass?: pulumi.Input<string>;

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

interface BucketState

interface BucketState

Input properties used for looking up and filtering Bucket resources.

property bucketPolicyOnly

bucketPolicyOnly?: pulumi.Input<boolean>;

Enables Bucket Policy Only access to a bucket.

property cors

cors?: pulumi.Input<pulumi.Input<inputs.storage.BucketCor>[]>;

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

property encryption

encryption?: pulumi.Input<inputs.storage.BucketEncryption>;

The bucket’s encryption configuration.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, this provider will fail that run.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value label pairs to assign to the bucket.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<inputs.storage.BucketLifecycleRule>[]>;

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

property location

location?: pulumi.Input<string>;

The GCS location

property logging

logging?: pulumi.Input<inputs.storage.BucketLogging>;

The bucket’s Access & Storage Logs configuration.

property name

name?: pulumi.Input<string>;

The name of the bucket.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property requesterPays

requesterPays?: pulumi.Input<boolean>;

Enables Requester Pays on a storage bucket.

property retentionPolicy

retentionPolicy?: pulumi.Input<inputs.storage.BucketRetentionPolicy>;

Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained. Structure is documented below.

selfLink?: pulumi.Input<string>;

The URI of the created resource.

property storageClass

storageClass?: pulumi.Input<string>;

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

property url

url?: pulumi.Input<string>;

The base URL of the bucket, in the format gs://<bucket-name>.

property versioning

versioning?: pulumi.Input<inputs.storage.BucketVersioning>;

The bucket’s Versioning configuration.

property website

website?: pulumi.Input<inputs.storage.BucketWebsite>;

Configuration if the bucket acts as a website. Structure is documented below.

interface DefaultObjectAccessControlArgs

interface DefaultObjectAccessControlArgs

The set of arguments for constructing a DefaultObjectAccessControl resource.

property bucket

bucket: pulumi.Input<string>;

property entity

entity: pulumi.Input<string>;

property object

object?: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

interface DefaultObjectAccessControlState

interface DefaultObjectAccessControlState

Input properties used for looking up and filtering DefaultObjectAccessControl resources.

property bucket

bucket?: pulumi.Input<string>;

property domain

domain?: pulumi.Input<string>;

property email

email?: pulumi.Input<string>;

property entity

entity?: pulumi.Input<string>;

property entityId

entityId?: pulumi.Input<string>;

property generation

generation?: pulumi.Input<number>;

property object

object?: pulumi.Input<string>;

property projectTeam

projectTeam?: pulumi.Input<inputs.storage.DefaultObjectAccessControlProjectTeam>;

property role

role?: pulumi.Input<string>;

interface DefaultObjectACLArgs

interface DefaultObjectACLArgs

The set of arguments for constructing a DefaultObjectACL resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

interface DefaultObjectACLState

interface DefaultObjectACLState

Input properties used for looking up and filtering DefaultObjectACL resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

interface GetBucketObjectArgs

interface GetBucketObjectArgs

A collection of arguments for invoking getBucketObject.

property bucket

bucket?: undefined | string;

The name of the containing bucket.

property name

name?: undefined | string;

The name of the object.

interface GetBucketObjectResult

interface GetBucketObjectResult

A collection of values returned by getBucketObject.

property bucket

bucket?: undefined | string;

property cacheControl

cacheControl: string;

(Computed) Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

content: string;

property contentDisposition

contentDisposition: string;

(Computed) Content-Disposition of the object data.

property contentEncoding

contentEncoding: string;

(Computed) Content-Encoding of the object data.

property contentLanguage

contentLanguage: string;

(Computed) Content-Language of the object data.

property contentType

contentType: string;

(Computed) Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property crc32c

crc32c: string;

(Computed) Base 64 CRC32 hash of the uploaded data.

property detectMd5hash

detectMd5hash: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property md5hash

md5hash: string;

(Computed) Base 64 MD5 hash of the uploaded data.

property name

name?: undefined | string;

property outputName

outputName: string;

property predefinedAcl

predefinedAcl: string;
selfLink: string;

(Computed) A url reference to this object.

property source

source: string;

property storageClass

storageClass: string;

(Computed) The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

interface GetObjectSignedUrlArgs

interface GetObjectSignedUrlArgs

A collection of arguments for invoking getObjectSignedUrl.

property bucket

bucket: string;

The name of the bucket to read the object from

property contentMd5

contentMd5?: undefined | string;

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

property contentType

contentType?: undefined | string;

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

property credentials

credentials?: undefined | string;

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

property duration

duration?: undefined | string;

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

property extensionHeaders

extensionHeaders?: undefined | {[key: string]: string};

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

property httpMethod

httpMethod?: undefined | string;

What HTTP Method will the signed URL allow (defaults to GET)

property path

path: string;

The full path to the object inside the bucket

interface GetObjectSignedUrlResult

interface GetObjectSignedUrlResult

A collection of values returned by getObjectSignedUrl.

property bucket

bucket: string;

property contentMd5

contentMd5?: undefined | string;

property contentType

contentType?: undefined | string;

property credentials

credentials?: undefined | string;

property duration

duration?: undefined | string;

property extensionHeaders

extensionHeaders?: undefined | {[key: string]: string};

property httpMethod

httpMethod?: undefined | string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property path

path: string;

property signedUrl

signedUrl: string;

The signed URL that can be used to access the storage object without authentication.

interface GetProjectServiceAccountArgs

interface GetProjectServiceAccountArgs

A collection of arguments for invoking getProjectServiceAccount.

property project

project?: undefined | string;

The project the unique service account was created for. If it is not provided, the provider project is used.

property userProject

userProject?: undefined | string;

The project the lookup originates from. This field is used if you are making the request from a different account than the one you are finding the service account for.

interface GetProjectServiceAccountResult

interface GetProjectServiceAccountResult

A collection of values returned by getProjectServiceAccount.

property emailAddress

emailAddress: string;

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property project

project: string;

property userProject

userProject?: undefined | string;

interface GetTransferProjectServieAccountArgs

interface GetTransferProjectServieAccountArgs

A collection of arguments for invoking getTransferProjectServieAccount.

property project

project?: undefined | string;

The project ID. If it is not provided, the provider project is used.

interface GetTransferProjectServieAccountResult

interface GetTransferProjectServieAccountResult

A collection of values returned by getTransferProjectServieAccount.

property email

email: string;

Email address of the default service account used by Storage Transfer Jobs running in this project

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property project

project: string;

interface NotificationArgs

interface NotificationArgs

The set of arguments for constructing a Notification resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket.

property customAttributes

customAttributes?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

property eventTypes

eventTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

property objectNamePrefix

objectNamePrefix?: pulumi.Input<string>;

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

property payloadFormat

payloadFormat: pulumi.Input<string>;

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

property topic

topic: pulumi.Input<string>;

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

interface NotificationState

interface NotificationState

Input properties used for looking up and filtering Notification resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket.

property customAttributes

customAttributes?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

property eventTypes

eventTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

property objectNamePrefix

objectNamePrefix?: pulumi.Input<string>;

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

property payloadFormat

payloadFormat?: pulumi.Input<string>;

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

selfLink?: pulumi.Input<string>;

The URI of the created resource.

property topic

topic?: pulumi.Input<string>;

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

interface ObjectAccessControlArgs

interface ObjectAccessControlArgs

The set of arguments for constructing a ObjectAccessControl resource.

property bucket

bucket: pulumi.Input<string>;

property entity

entity: pulumi.Input<string>;

property object

object: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

interface ObjectAccessControlState

interface ObjectAccessControlState

Input properties used for looking up and filtering ObjectAccessControl resources.

property bucket

bucket?: pulumi.Input<string>;

property domain

domain?: pulumi.Input<string>;

property email

email?: pulumi.Input<string>;

property entity

entity?: pulumi.Input<string>;

property entityId

entityId?: pulumi.Input<string>;

property generation

generation?: pulumi.Input<number>;

property object

object?: pulumi.Input<string>;

property projectTeam

projectTeam?: pulumi.Input<inputs.storage.ObjectAccessControlProjectTeam>;

property role

role?: pulumi.Input<string>;

interface ObjectACLArgs

interface ObjectACLArgs

The set of arguments for constructing a ObjectACL resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket the object is stored in.

property object

object: pulumi.Input<string>;

The name of the object to apply the acl to.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The “canned” predefined ACL to apply. Must be set if roleEntity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefinedAcl is not.

interface ObjectACLState

interface ObjectACLState

Input properties used for looking up and filtering ObjectACL resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket the object is stored in.

property object

object?: pulumi.Input<string>;

The name of the object to apply the acl to.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The “canned” predefined ACL to apply. Must be set if roleEntity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefinedAcl is not.

interface SimpleBucketEventArgs

interface SimpleBucketEventArgs

Arguments to control how GCP will respond if the Cloud Function fails. Currently, the only specialized behavior supported is to attempt retrying the Cloud Function. See [cloudfunctions.FailurePolicy] for more information on this.

property failurePolicy

failurePolicy?: cloudfunctions.FailurePolicy;

interface TransferJobArgs

interface TransferJobArgs

The set of arguments for constructing a TransferJob resource.

property description

description: pulumi.Input<string>;

Unique description to identify the Transfer Job.

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property schedule

schedule: pulumi.Input<inputs.storage.TransferJobSchedule>;

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

property status

status?: pulumi.Input<string>;

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

property transferSpec

transferSpec: pulumi.Input<inputs.storage.TransferJobTransferSpec>;

Transfer specification. Structure documented below.

interface TransferJobState

interface TransferJobState

Input properties used for looking up and filtering TransferJob resources.

property creationTime

creationTime?: pulumi.Input<string>;

When the Transfer Job was created.

property deletionTime

deletionTime?: pulumi.Input<string>;

When the Transfer Job was deleted.

property description

description?: pulumi.Input<string>;

Unique description to identify the Transfer Job.

property lastModificationTime

lastModificationTime?: pulumi.Input<string>;

When the Transfer Job was last modified.

property name

name?: pulumi.Input<string>;

The name of the Transfer Job.

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property schedule

schedule?: pulumi.Input<inputs.storage.TransferJobSchedule>;

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

property status

status?: pulumi.Input<string>;

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

property transferSpec

transferSpec?: pulumi.Input<inputs.storage.TransferJobTransferSpec>;

Transfer specification. Structure documented below.