Docs
PackagesGoogle Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi
gcp.storage.ObjectACL
Explore with Pulumi AI
Authoritatively manages the access control list (ACL) for an object in a Google
Cloud Storage (GCS) bucket. Removing a gcp.storage.ObjectACL sets the
acl to the private predefined ACL.
For more information see the official documentation and API.
Want fine-grained control over object ACLs? Use
gcp.storage.ObjectAccessControlto control individual role entity pairs.
Example Usage
Create an object ACL with one owner and one reader.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const image_store = new gcp.storage.Bucket("image-store", {
name: "image-store-bucket",
location: "EU",
});
const image = new gcp.storage.BucketObject("image", {
name: "image1",
bucket: image_store.name,
source: new pulumi.asset.FileAsset("image1.jpg"),
});
const image_store_acl = new gcp.storage.ObjectACL("image-store-acl", {
bucket: image_store.name,
object: image.outputName,
roleEntities: [
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
],
});
import pulumi
import pulumi_gcp as gcp
image_store = gcp.storage.Bucket("image-store",
name="image-store-bucket",
location="EU")
image = gcp.storage.BucketObject("image",
name="image1",
bucket=image_store.name,
source=pulumi.FileAsset("image1.jpg"))
image_store_acl = gcp.storage.ObjectACL("image-store-acl",
bucket=image_store.name,
object=image.output_name,
role_entities=[
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.NewBucket(ctx, "image-store", &storage.BucketArgs{
Name: pulumi.String("image-store-bucket"),
Location: pulumi.String("EU"),
})
if err != nil {
return err
}
image, err := storage.NewBucketObject(ctx, "image", &storage.BucketObjectArgs{
Name: pulumi.String("image1"),
Bucket: image_store.Name,
Source: pulumi.NewFileAsset("image1.jpg"),
})
if err != nil {
return err
}
_, err = storage.NewObjectACL(ctx, "image-store-acl", &storage.ObjectACLArgs{
Bucket: image_store.Name,
Object: image.OutputName,
RoleEntities: pulumi.StringArray{
pulumi.String("OWNER:user-my.email@gmail.com"),
pulumi.String("READER:group-mygroup"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var image_store = new Gcp.Storage.Bucket("image-store", new()
{
Name = "image-store-bucket",
Location = "EU",
});
var image = new Gcp.Storage.BucketObject("image", new()
{
Name = "image1",
Bucket = image_store.Name,
Source = new FileAsset("image1.jpg"),
});
var image_store_acl = new Gcp.Storage.ObjectACL("image-store-acl", new()
{
Bucket = image_store.Name,
Object = image.OutputName,
RoleEntities = new[]
{
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.storage.BucketObject;
import com.pulumi.gcp.storage.BucketObjectArgs;
import com.pulumi.gcp.storage.ObjectACL;
import com.pulumi.gcp.storage.ObjectACLArgs;
import com.pulumi.asset.FileAsset;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var image_store = new Bucket("image-store", BucketArgs.builder()
.name("image-store-bucket")
.location("EU")
.build());
var image = new BucketObject("image", BucketObjectArgs.builder()
.name("image1")
.bucket(image_store.name())
.source(new FileAsset("image1.jpg"))
.build());
var image_store_acl = new ObjectACL("image-store-acl", ObjectACLArgs.builder()
.bucket(image_store.name())
.object(image.outputName())
.roleEntities(
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup")
.build());
}
}
resources:
image-store:
type: gcp:storage:Bucket
properties:
name: image-store-bucket
location: EU
image:
type: gcp:storage:BucketObject
properties:
name: image1
bucket: ${["image-store"].name}
source:
fn::FileAsset: image1.jpg
image-store-acl:
type: gcp:storage:ObjectACL
properties:
bucket: ${["image-store"].name}
object: ${image.outputName}
roleEntities:
- OWNER:user-my.email@gmail.com
- READER:group-mygroup
Create ObjectACL Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ObjectACL(name: string, args: ObjectACLArgs, opts?: CustomResourceOptions);@overload
def ObjectACL(resource_name: str,
args: ObjectACLArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ObjectACL(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
object: Optional[str] = None,
predefined_acl: Optional[str] = None,
role_entities: Optional[Sequence[str]] = None)func NewObjectACL(ctx *Context, name string, args ObjectACLArgs, opts ...ResourceOption) (*ObjectACL, error)public ObjectACL(string name, ObjectACLArgs args, CustomResourceOptions? opts = null)
public ObjectACL(String name, ObjectACLArgs args)
public ObjectACL(String name, ObjectACLArgs args, CustomResourceOptions options)
type: gcp:storage:ObjectACL
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ObjectACLArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ObjectACLArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ObjectACLArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ObjectACLArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ObjectACLArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var objectACLResource = new Gcp.Storage.ObjectACL("objectACLResource", new()
{
Bucket = "string",
Object = "string",
PredefinedAcl = "string",
RoleEntities = new[]
{
"string",
},
});
example, err := storage.NewObjectACL(ctx, "objectACLResource", &storage.ObjectACLArgs{
Bucket: pulumi.String("string"),
Object: pulumi.String("string"),
PredefinedAcl: pulumi.String("string"),
RoleEntities: pulumi.StringArray{
pulumi.String("string"),
},
})
var objectACLResource = new ObjectACL("objectACLResource", ObjectACLArgs.builder()
.bucket("string")
.object("string")
.predefinedAcl("string")
.roleEntities("string")
.build());
object_acl_resource = gcp.storage.ObjectACL("objectACLResource",
bucket="string",
object="string",
predefined_acl="string",
role_entities=["string"])
const objectACLResource = new gcp.storage.ObjectACL("objectACLResource", {
bucket: "string",
object: "string",
predefinedAcl: "string",
roleEntities: ["string"],
});
type: gcp:storage:ObjectACL
properties:
bucket: string
object: string
predefinedAcl: string
roleEntities:
- string
ObjectACL Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ObjectACL resource accepts the following input properties:
- Bucket string
- The name of the bucket the object is stored in.
- Object string
- The name of the object to apply the acl to.
- Predefined
Acl string - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - Role
Entities List<string> - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- Bucket string
- The name of the bucket the object is stored in.
- Object string
- The name of the object to apply the acl to.
- Predefined
Acl string - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - Role
Entities []string - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket String
- The name of the bucket the object is stored in.
- object String
- The name of the object to apply the acl to.
- predefined
Acl String - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role
Entities List<String> - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket string
- The name of the bucket the object is stored in.
- object string
- The name of the object to apply the acl to.
- predefined
Acl string - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role
Entities string[] - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket str
- The name of the bucket the object is stored in.
- object str
- The name of the object to apply the acl to.
- predefined_
acl str - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role_
entities Sequence[str] - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket String
- The name of the bucket the object is stored in.
- object String
- The name of the object to apply the acl to.
- predefined
Acl String - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role
Entities List<String> - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
Outputs
All input properties are implicitly available as output properties. Additionally, the ObjectACL resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ObjectACL Resource
Get an existing ObjectACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ObjectACLState, opts?: CustomResourceOptions): ObjectACL@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
bucket: Optional[str] = None,
object: Optional[str] = None,
predefined_acl: Optional[str] = None,
role_entities: Optional[Sequence[str]] = None) -> ObjectACLfunc GetObjectACL(ctx *Context, name string, id IDInput, state *ObjectACLState, opts ...ResourceOption) (*ObjectACL, error)public static ObjectACL Get(string name, Input<string> id, ObjectACLState? state, CustomResourceOptions? opts = null)public static ObjectACL get(String name, Output<String> id, ObjectACLState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Bucket string
- The name of the bucket the object is stored in.
- Object string
- The name of the object to apply the acl to.
- Predefined
Acl string - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - Role
Entities List<string> - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- Bucket string
- The name of the bucket the object is stored in.
- Object string
- The name of the object to apply the acl to.
- Predefined
Acl string - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - Role
Entities []string - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket String
- The name of the bucket the object is stored in.
- object String
- The name of the object to apply the acl to.
- predefined
Acl String - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role
Entities List<String> - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket string
- The name of the bucket the object is stored in.
- object string
- The name of the object to apply the acl to.
- predefined
Acl string - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role
Entities string[] - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket str
- The name of the bucket the object is stored in.
- object str
- The name of the object to apply the acl to.
- predefined_
acl str - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role_
entities Sequence[str] - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
- bucket String
- The name of the bucket the object is stored in.
- object String
- The name of the object to apply the acl to.
- predefined
Acl String - The "canned" predefined ACL to apply. Must be set if
role_entityis not. - role
Entities List<String> - List of role/entity pairs in the form
ROLE:entity. See GCS Object ACL documentation for more details. Must be set ifpredefined_aclis not.
Import
This resource does not support import.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.