Module storage

@pulumi/gcp > storage

Index ▾

storage/bucket.ts storage/bucketACL.ts storage/bucketIAMBinding.ts storage/bucketIAMMember.ts storage/bucketIAMPolicy.ts storage/bucketObject.ts storage/defaultObjectACL.ts storage/defaultObjectAccessControl.ts storage/getBucketObject.ts storage/getObjectSignedUrl.ts storage/getProjectServiceAccount.ts storage/getTransferProjectServieAccount.ts storage/notification.ts storage/objectACL.ts storage/objectAccessControl.ts storage/transferJob.ts storage/zMixins.ts

class Bucket

extends CustomResource

Creates a new bucket in Google cloud storage service (GCS). Once a bucket has been created, its location can’t be changed. ACLs can be applied using the google_storage_bucket_acl resource.

For more information see the official documentation and API.

Note: If the project id is not set on the resource or in the provider block it will be dynamically determined which will require enabling the compute api.

Example Usage

Example creating a private bucket in standard storage, in the EU region.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const image_store = new gcp.storage.Bucket("image-store", {
    location: "EU",
    websites: [{
        mainPageSuffix: "index.html",
        notFoundPage: "404.html",
    }],
});

constructor

new Bucket(name: string, args?: BucketArgs, opts?: pulumi.CustomResourceOptions)

Create a Bucket resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketState, opts?: pulumi.CustomResourceOptions): Bucket

Get an existing Bucket resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method onObjectArchived

onObjectArchived(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when a live version of an object is archived or deleted.

This event is only sent for versioning buckets.

See https://cloud.google.com/storage/docs/object-versioning for more details.

method onObjectDeleted

onObjectDeleted(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when an object is permanently deleted. Depending on the object versioning setting for a bucket this means:

  1. For versioning buckets, this is only sent when a version is permanently deleted (but not when an object is archived).

  2. For non-versioning buckets, this is sent when an object is deleted or overwritten.

See https://cloud.google.com/storage/docs/object-versioning for more details.

method onObjectEvent

onObjectEvent(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args: BucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Generic helper for registering for any event.

method onObjectFinalized

onObjectFinalized(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when a new object is created (or an existing object is overwritten, and a new generation of that object is created) in this bucket.

method onObjectMetadataUpdated

onObjectMetadataUpdated(name: string, handler: BucketEventHandler | BucketEventCallbackFunctionArgs, args?: SimpleBucketEventArgs, opts?: pulumi.ComponentResourceOptions): cloudfunctions.CallbackFunction

Creates and publishes a Cloud Functions that will be triggered when the metadata of an existing object changes.

See https://cloud.google.com/storage/docs/metadata for more details.

property cors

public cors: pulumi.Output<{
    maxAgeSeconds: undefined | number;
    methods: string[];
    origins: string[];
    responseHeaders: string[];
}[] | undefined>;

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

property encryption

public encryption: pulumi.Output<{
    defaultKmsKeyName: string;
} | undefined>;

The bucket’s encryption configuration.

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property labels

public labels: pulumi.Output<{[key: string]: string} | undefined>;

A set of key/value label pairs to assign to the bucket.

property lifecycleRules

public lifecycleRules: pulumi.Output<{
    action: {
        storageClass: undefined | string;
        type: string;
    };
    condition: {
        age: undefined | number;
        createdBefore: undefined | string;
        isLive: boolean;
        matchesStorageClasses: string[];
        numNewerVersions: undefined | number;
        withState: string;
    };
}[] | undefined>;

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

property location

public location: pulumi.Output<string | undefined>;

The GCS location

property logging

public logging: pulumi.Output<{
    logBucket: string;
    logObjectPrefix: string;
} | undefined>;

The bucket’s Access & Storage Logs configuration.

property name

public name: pulumi.Output<string>;

The name of the bucket.

property project

public project: pulumi.Output<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property requesterPays

public requesterPays: pulumi.Output<boolean | undefined>;

Enables Requester Pays on a storage bucket.

public selfLink: pulumi.Output<string>;

The URI of the created resource.

property storageClass

public storageClass: pulumi.Output<string | undefined>;

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

property url

public url: pulumi.Output<string>;

The base URL of the bucket, in the format gs://<bucket-name>.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versioning

public versioning: pulumi.Output<{
    enabled: undefined | false | true;
} | undefined>;

The bucket’s Versioning configuration.

property websites

public websites: pulumi.Output<{
    mainPageSuffix: undefined | string;
    notFoundPage: undefined | string;
}[] | undefined>;

Configuration if the bucket acts as a website. Structure is documented below.

class BucketACL

extends CustomResource

Creates a new bucket ACL in Google cloud storage service (GCS). For more information see the official documentation and API.

Example Usage

Example creating an ACL on a bucket with one owner, and one reader.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const image_store = new gcp.storage.Bucket("image-store", {
    location: "EU",
});
const image_store_acl = new gcp.storage.BucketACL("image-store-acl", {
    bucket: image_store.name,
    roleEntities: [
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ],
});

constructor

new BucketACL(name: string, args: BucketACLArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketACL resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketACLState, opts?: pulumi.CustomResourceOptions): BucketACL

Get an existing BucketACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property defaultAcl

public defaultAcl: pulumi.Output<string | undefined>;

Configure this ACL to be the default ACL.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property predefinedAcl

public predefinedAcl: pulumi.Output<string | undefined>;

The canned GCS ACL to apply. Must be set if role_entity is not.

property roleEntities

public roleEntities: pulumi.Output<string[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketIAMBinding

extends CustomResource

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • google_storage_bucket_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • google_storage_bucket_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • google_storage_bucket_iam_policy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.

Note: google_storage_bucket_iam_binding resources can be used in conjunction with google_storage_bucket_iam_member resources only if they do not grant privilege to the same role.

google_storage_bucket_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.storage.BucketIAMBinding("binding", {
    bucket: "your-bucket-name",
    members: ["user:jane@example.com"],
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.storage.BucketIAMMember("member", {
    bucket: "your-bucket-name",
    member: "user:jane@example.com",
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_policy

When applying a policy that does not include the roles listed below, you lose the default permissions which google adds to your bucket: * roles/storage.legacyBucketOwner * roles/storage.legacyBucketReader

If this happens only an entity with roles/storage.admin privileges can repair this bucket’s policies. It is recommended to include the above roles in policies to get the same behaviour as with the other two options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const foo_policy = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["group:yourgroup@example.com"],
        role: "roles/your-role",
    }],
}));
const member = new gcp.storage.BucketIAMPolicy("member", {
    bucket: "your-bucket-name",
    policyData: foo_policy.policyData,
});

constructor

new BucketIAMBinding(name: string, args: BucketIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMBindingState, opts?: pulumi.CustomResourceOptions): BucketIAMBinding

Get an existing BucketIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketIAMMember

extends CustomResource

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • google_storage_bucket_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • google_storage_bucket_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • google_storage_bucket_iam_policy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.

Note: google_storage_bucket_iam_binding resources can be used in conjunction with google_storage_bucket_iam_member resources only if they do not grant privilege to the same role.

google_storage_bucket_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.storage.BucketIAMBinding("binding", {
    bucket: "your-bucket-name",
    members: ["user:jane@example.com"],
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.storage.BucketIAMMember("member", {
    bucket: "your-bucket-name",
    member: "user:jane@example.com",
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_policy

When applying a policy that does not include the roles listed below, you lose the default permissions which google adds to your bucket: * roles/storage.legacyBucketOwner * roles/storage.legacyBucketReader

If this happens only an entity with roles/storage.admin privileges can repair this bucket’s policies. It is recommended to include the above roles in policies to get the same behaviour as with the other two options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const foo_policy = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["group:yourgroup@example.com"],
        role: "roles/your-role",
    }],
}));
const member = new gcp.storage.BucketIAMPolicy("member", {
    bucket: "your-bucket-name",
    policyData: foo_policy.policyData,
});

constructor

new BucketIAMMember(name: string, args: BucketIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMMemberState, opts?: pulumi.CustomResourceOptions): BucketIAMMember

Get an existing BucketIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketIAMPolicy

extends CustomResource

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • google_storage_bucket_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • google_storage_bucket_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • google_storage_bucket_iam_policy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.

Note: google_storage_bucket_iam_binding resources can be used in conjunction with google_storage_bucket_iam_member resources only if they do not grant privilege to the same role.

google_storage_bucket_iam_binding

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const binding = new gcp.storage.BucketIAMBinding("binding", {
    bucket: "your-bucket-name",
    members: ["user:jane@example.com"],
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_member

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const member = new gcp.storage.BucketIAMMember("member", {
    bucket: "your-bucket-name",
    member: "user:jane@example.com",
    role: "roles/storage.objectViewer",
});

google_storage_bucket_iam_policy

When applying a policy that does not include the roles listed below, you lose the default permissions which google adds to your bucket: * roles/storage.legacyBucketOwner * roles/storage.legacyBucketReader

If this happens only an entity with roles/storage.admin privileges can repair this bucket’s policies. It is recommended to include the above roles in policies to get the same behaviour as with the other two options.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const foo_policy = pulumi.output(gcp.organizations.getIAMPolicy({
    bindings: [{
        members: ["group:yourgroup@example.com"],
        role: "roles/your-role",
    }],
}));
const member = new gcp.storage.BucketIAMPolicy("member", {
    bucket: "your-bucket-name",
    policyData: foo_policy.policyData,
});

constructor

new BucketIAMPolicy(name: string, args: BucketIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketIAMPolicyState, opts?: pulumi.CustomResourceOptions): BucketIAMPolicy

Get an existing BucketIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyData

public policyData: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class BucketObject

extends CustomResource

Creates a new object inside an existing bucket in Google cloud storage service (GCS). ACLs can be applied using the google_storage_object_acl resource. For more information see the official documentation and API.

Example Usage

Example creating a public object in an existing image-store bucket.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const picture = new gcp.storage.BucketObject("picture", {
    bucket: "image-store",
    source: new pulumi.asset.FileArchive("/images/nature/garden-tiger-moth.jpg"),
});

constructor

new BucketObject(name: string, args: BucketObjectArgs, opts?: pulumi.CustomResourceOptions)

Create a BucketObject resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketObjectState, opts?: pulumi.CustomResourceOptions): BucketObject

Get an existing BucketObject resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the containing bucket.

property cacheControl

public cacheControl: pulumi.Output<string | undefined>;

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

public content: pulumi.Output<string | undefined>;

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.

property contentDisposition

public contentDisposition: pulumi.Output<string | undefined>;

Content-Disposition of the object data.

property contentEncoding

public contentEncoding: pulumi.Output<string | undefined>;

Content-Encoding of the object data.

property contentLanguage

public contentLanguage: pulumi.Output<string | undefined>;

Content-Language of the object data.

property contentType

public contentType: pulumi.Output<string>;

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property crc32c

public crc32c: pulumi.Output<string>;

(Computed) Base 64 CRC32 hash of the uploaded data.

property detectMd5hash

public detectMd5hash: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property md5hash

public md5hash: pulumi.Output<string>;

(Computed) Base 64 MD5 hash of the uploaded data.

property name

public name: pulumi.Output<string>;

The name of the object. If you’re interpolating the name of this object, see output_name instead.

property outputName

public outputName: pulumi.Output<string>;

(Computed) The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.

public selfLink: pulumi.Output<string>;

(Computed) A url reference to this object.

property source

public source: pulumi.Output<pulumi.asset.Archive | undefined>;

A path to the data you want to upload. Must be defined if content is not.

property storageClass

public storageClass: pulumi.Output<string>;

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class DefaultObjectACL

extends CustomResource

Authoritatively manages the default object ACLs for a Google Cloud Storage bucket without managing the bucket itself.

Note that for each object, its creator will have the "OWNER" role in addition to the default ACL that has been defined.

For more information see the official documentation and API.

Want fine-grained control over default object ACLs? Use google_storage_default_object_access_control to control individual role entity pairs.

Example Usage

Example creating a default object ACL on a bucket with one owner, and one reader.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const image_store = new gcp.storage.Bucket("image-store", {
    location: "EU",
});
const image_store_default_acl = new gcp.storage.DefaultObjectACL("image-store-default-acl", {
    bucket: image_store.name,
    roleEntities: [
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ],
});

constructor

new DefaultObjectACL(name: string, args: DefaultObjectACLArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultObjectACL resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultObjectACLState, opts?: pulumi.CustomResourceOptions): DefaultObjectACL

Get an existing DefaultObjectACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket it applies to.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property roleEntities

public roleEntities: pulumi.Output<string[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class DefaultObjectAccessControl

extends CustomResource

The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within a Google Cloud Storage bucket when no ACL was provided for that object. ACLs let you specify who has access to your bucket contents and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about DefaultObjectAccessControl, see:

Example Usage - Storage Default Object Access Control Public

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("bucket", {});
const publicRule = new gcp.storage.DefaultObjectAccessControl("public_rule", {
    bucket: bucket.name,
    entity: "allUsers",
    role: "READER",
});

constructor

new DefaultObjectAccessControl(name: string, args: DefaultObjectAccessControlArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultObjectAccessControl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultObjectAccessControlState, opts?: pulumi.CustomResourceOptions): DefaultObjectAccessControl

Get an existing DefaultObjectAccessControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

property domain

public domain: pulumi.Output<string>;

property email

public email: pulumi.Output<string>;

property entity

public entity: pulumi.Output<string>;

property entityId

public entityId: pulumi.Output<string>;

property generation

public generation: pulumi.Output<number>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property object

public object: pulumi.Output<string | undefined>;

property projectTeam

public projectTeam: pulumi.Output<{
    projectNumber: undefined | string;
    team: undefined | string;
}>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Notification

extends CustomResource

Creates a new notification configuration on a specified bucket, establishing a flow of event notifications from GCS to a Cloud Pub/Sub topic. For more information see the official documentation and API.

In order to enable notifications, a special Google Cloud Storage service account unique to the project must have the IAM permission “projects.topics.publish” for a Cloud Pub/Sub topic in the project. To get the service account’s email address, use the google_storage_project_service_account datasource’s email_address value, and see below for an example of enabling notifications by granting the correct IAM permission. See the notifications documentation for more details.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const gcsAccount = pulumi.output(gcp.storage.getProjectServiceAccount({}));
const topic = new gcp.pubsub.Topic("topic", {});
const bucket = new gcp.storage.Bucket("bucket", {});
const binding = new gcp.pubsub.TopicIAMBinding("binding", {
    members: [pulumi.interpolate`serviceAccount:${gcsAccount.emailAddress}`],
    role: "roles/pubsub.publisher",
    topic: topic.name,
});
const notification = new gcp.storage.Notification("notification", {
    bucket: bucket.name,
    customAttributes: {
        "new-attribute": "new-attribute-value",
    },
    eventTypes: [
        "OBJECT_FINALIZE",
        "OBJECT_METADATA_UPDATE",
    ],
    payloadFormat: "JSON_API_V1",
    topic: topic.id,
}, {dependsOn: [binding]});

constructor

new Notification(name: string, args: NotificationArgs, opts?: pulumi.CustomResourceOptions)

Create a Notification resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NotificationState, opts?: pulumi.CustomResourceOptions): Notification

Get an existing Notification resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket.

property customAttributes

public customAttributes: pulumi.Output<{[key: string]: string} | undefined>;

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

property eventTypes

public eventTypes: pulumi.Output<string[] | undefined>;

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property objectNamePrefix

public objectNamePrefix: pulumi.Output<string | undefined>;

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

property payloadFormat

public payloadFormat: pulumi.Output<string>;

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

public selfLink: pulumi.Output<string>;

The URI of the created resource.

property topic

public topic: pulumi.Output<string>;

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ObjectACL

extends CustomResource

Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a google_storage_object_acl sets the acl to the private predefined ACL.

For more information see the official documentation and API.

Want fine-grained control over object ACLs? Use google_storage_object_access_control to control individual role entity pairs.

Example Usage

Create an object ACL with one owner and one reader.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const image_store = new gcp.storage.Bucket("image-store", {
    location: "EU",
});
const image = new gcp.storage.BucketObject("image", {
    bucket: image_store.name,
    source: new pulumi.asset.FileArchive("image1.jpg"),
});
const image_store_acl = new gcp.storage.ObjectACL("image-store-acl", {
    bucket: image_store.name,
    object: image.outputName,
    roleEntities: [
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ],
});

constructor

new ObjectACL(name: string, args: ObjectACLArgs, opts?: pulumi.CustomResourceOptions)

Create a ObjectACL resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ObjectACLState, opts?: pulumi.CustomResourceOptions): ObjectACL

Get an existing ObjectACL resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The name of the bucket the object is stored in.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property object

public object: pulumi.Output<string>;

The name of the object to apply the acl to.

property predefinedAcl

public predefinedAcl: pulumi.Output<string | undefined>;

The “canned” predefined ACL to apply. Must be set if role_entity is not.

property roleEntities

public roleEntities: pulumi.Output<string[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ObjectAccessControl

extends CustomResource

The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about ObjectAccessControl, see:

Example Usage - Storage Object Access Control Public Object

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const bucket = new gcp.storage.Bucket("bucket", {});
const object = new gcp.storage.BucketObject("object", {
    bucket: bucket.name,
    source: new pulumi.asset.FileArchive("../static/img/header-logo.png"),
});
const publicRule = new gcp.storage.ObjectAccessControl("public_rule", {
    bucket: bucket.name,
    entity: "allUsers",
    object: object.outputName,
    role: "READER",
});

constructor

new ObjectAccessControl(name: string, args: ObjectAccessControlArgs, opts?: pulumi.CustomResourceOptions)

Create a ObjectAccessControl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ObjectAccessControlState, opts?: pulumi.CustomResourceOptions): ObjectAccessControl

Get an existing ObjectAccessControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

property domain

public domain: pulumi.Output<string>;

property email

public email: pulumi.Output<string>;

property entity

public entity: pulumi.Output<string>;

property entityId

public entityId: pulumi.Output<string>;

property generation

public generation: pulumi.Output<number>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property object

public object: pulumi.Output<string>;

property projectTeam

public projectTeam: pulumi.Output<{
    projectNumber: undefined | string;
    team: undefined | string;
}>;

property role

public role: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class TransferJob

extends CustomResource

Creates a new Transfer Job in Google Cloud Storage Transfer.

To get more information about Google Cloud Storage Transfer, see:

Example Usage

Example creating a nightly Transfer Job from an AWS S3 Bucket to a GCS bucket.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultTransferProjectServieAccount = pulumi.output(gcp.storage.getTransferProjectServieAccount({
    project: var_project,
}));
const s3_backup_bucketBucket = new gcp.storage.Bucket("s3-backup-bucket", {
    project: var_project,
    storageClass: "NEARLINE",
});
const s3_backup_bucketBucketIAMMember = new gcp.storage.BucketIAMMember("s3-backup-bucket", {
    bucket: var_aws_s3_bucket,
    member: pulumi.interpolate`serviceAccount:${defaultTransferProjectServieAccount.email}`,
    role: "roles/storage.admin",
}, {dependsOn: [s3_backup_bucketBucket]});
const s3_bucket_nightly_backup = new gcp.storage.TransferJob("s3-bucket-nightly-backup", {
    description: "Nightly backup of S3 bucket",
    project: var_project,
    schedule: {
        scheduleEndDate: {
            day: 15,
            month: 1,
            year: 2019,
        },
        scheduleStartDate: {
            day: 1,
            month: 10,
            year: 2018,
        },
        startTimeOfDay: {
            hours: 23,
            minutes: 30,
            nanos: 0,
            seconds: 0,
        },
    },
    transferSpec: {
        awsS3DataSource: {
            awsAccessKey: {
                accessKeyId: var_aws_access_key,
                secretAccessKey: var_aws_secret_key,
            },
            bucketName: var_aws_s3_bucket,
        },
        gcsDataSink: {
            bucketName: `${var_aws_s3_bucket}-backup`,
        },
        objectConditions: {
            excludePrefixes: ["requests.gz"],
            maxTimeElapsedSinceLastModification: "600s",
        },
        transferOptions: {
            deleteObjectsUniqueInSink: false,
        },
    },
}, {dependsOn: [s3_backup_bucketBucketIAMMember]});

constructor

new TransferJob(name: string, args: TransferJobArgs, opts?: pulumi.CustomResourceOptions)

Create a TransferJob resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TransferJobState, opts?: pulumi.CustomResourceOptions): TransferJob

Get an existing TransferJob resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property creationTime

public creationTime: pulumi.Output<string>;

When the Transfer Job was created.

property deletionTime

public deletionTime: pulumi.Output<string>;

When the Transfer Job was deleted.

property description

public description: pulumi.Output<string>;

Unique description to identify the Transfer Job.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lastModificationTime

public lastModificationTime: pulumi.Output<string>;

When the Transfer Job was last modified.

property name

public name: pulumi.Output<string>;

The name of the Transfer Job.

property project

public project: pulumi.Output<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property schedule

public schedule: pulumi.Output<{
    scheduleEndDate: undefined | {
        day: number;
        month: number;
        year: number;
    };
    scheduleStartDate: {
        day: number;
        month: number;
        year: number;
    };
    startTimeOfDay: undefined | {
        hours: number;
        minutes: number;
        nanos: number;
        seconds: number;
    };
}>;

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

property status

public status: pulumi.Output<string | undefined>;

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

property transferSpec

public transferSpec: pulumi.Output<{
    awsS3DataSource: undefined | {
        awsAccessKey: {
            accessKeyId: string;
            secretAccessKey: string;
        };
        bucketName: string;
    };
    gcsDataSink: undefined | {
        bucketName: string;
    };
    gcsDataSource: undefined | {
        bucketName: string;
    };
    httpDataSource: undefined | {
        listUrl: string;
    };
    objectConditions: undefined | {
        excludePrefixes: string[];
        includePrefixes: string[];
        maxTimeElapsedSinceLastModification: undefined | string;
        minTimeElapsedSinceLastModification: undefined | string;
    };
    transferOptions: undefined | {
        deleteObjectsFromSourceAfterTransfer: undefined | false | true;
        deleteObjectsUniqueInSink: undefined | false | true;
        overwriteObjectsAlreadyExistingInSink: undefined | false | true;
    };
}>;

Transfer specification. Structure documented below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getBucketObject

getBucketObject(args?: GetBucketObjectArgs, opts?: pulumi.InvokeOptions): Promise<GetBucketObjectResult>

Gets an existing object inside an existing bucket in Google Cloud Storage service (GCS). See the official documentation and API.

Example Usage

Example picture stored within a folder.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const picture = pulumi.output(gcp.storage.getBucketObject({
    bucket: "image-store",
    name: "folder/butterfly01.jpg",
}));

function getObjectSignedUrl

getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: pulumi.InvokeOptions): Promise<GetObjectSignedUrlResult>

The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.

For more info about signed URL’s is available here.

Full Example

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";

const getUrl = pulumi.output(gcp.storage.getObjectSignedUrl({
    bucket: "fried_chicken",
    contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
    contentType: "text/plain",
    credentials: fs.readFileSync("path/to/credentials.json", "utf-8"),
    duration: "2d",
    extensionHeaders: {
        "x-goog-if-generation-match": 1,
    },
    path: "path/to/file",
}));

function getProjectServiceAccount

getProjectServiceAccount(args?: GetProjectServiceAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectServiceAccountResult>

Get the email address of a project’s unique Google Cloud Storage service account.

Each Google Cloud project has a unique service account for use with Google Cloud Storage. Only this special service account can be used to set up google_storage_notification resources.

For more information see the API reference.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const gcsAccount = pulumi.output(gcp.storage.getProjectServiceAccount({}));
const binding = new gcp.pubsub.TopicIAMBinding("binding", {
    members: [pulumi.interpolate`serviceAccount:${gcsAccount.emailAddress}`],
    role: "roles/pubsub.publisher",
    topic: google_pubsub_topic_topic.name,
});

function getTransferProjectServieAccount

getTransferProjectServieAccount(args?: GetTransferProjectServieAccountArgs, opts?: pulumi.InvokeOptions): Promise<GetTransferProjectServieAccountResult>

Use this data source to retrieve Storage Transfer service account for this project

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultTransferProjectServieAccount = pulumi.output(gcp.storage.getTransferProjectServieAccount({}));

export const defaultAccount = defaultTransferProjectServieAccount.email;

interface BucketACLArgs

The set of arguments for constructing a BucketACL resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property defaultAcl

defaultAcl?: pulumi.Input<string>;

Configure this ACL to be the default ACL.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The canned GCS ACL to apply. Must be set if role_entity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

interface BucketACLState

Input properties used for looking up and filtering BucketACL resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property defaultAcl

defaultAcl?: pulumi.Input<string>;

Configure this ACL to be the default ACL.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The canned GCS ACL to apply. Must be set if role_entity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

interface BucketArgs

The set of arguments for constructing a Bucket resource.

property cors

cors?: pulumi.Input<pulumi.Input<{
    maxAgeSeconds: pulumi.Input<number>;
    methods: pulumi.Input<pulumi.Input<string>[]>;
    origins: pulumi.Input<pulumi.Input<string>[]>;
    responseHeaders: pulumi.Input<pulumi.Input<string>[]>;
}>[]>;

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

property encryption

encryption?: pulumi.Input<{
    defaultKmsKeyName: pulumi.Input<string>;
}>;

The bucket’s encryption configuration.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value label pairs to assign to the bucket.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<{
    action: pulumi.Input<{
        storageClass: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    condition: pulumi.Input<{
        age: pulumi.Input<number>;
        createdBefore: pulumi.Input<string>;
        isLive: pulumi.Input<boolean>;
        matchesStorageClasses: pulumi.Input<pulumi.Input<string>[]>;
        numNewerVersions: pulumi.Input<number>;
        withState: pulumi.Input<string>;
    }>;
}>[]>;

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

property location

location?: pulumi.Input<string>;

The GCS location

property logging

logging?: pulumi.Input<{
    logBucket: pulumi.Input<string>;
    logObjectPrefix: pulumi.Input<string>;
}>;

The bucket’s Access & Storage Logs configuration.

property name

name?: pulumi.Input<string>;

The name of the bucket.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property requesterPays

requesterPays?: pulumi.Input<boolean>;

Enables Requester Pays on a storage bucket.

property storageClass

storageClass?: pulumi.Input<string>;

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

property versioning

versioning?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
}>;

The bucket’s Versioning configuration.

property websites

websites?: pulumi.Input<pulumi.Input<{
    mainPageSuffix: pulumi.Input<string>;
    notFoundPage: pulumi.Input<string>;
}>[]>;

Configuration if the bucket acts as a website. Structure is documented below.

interface BucketContext

extends Context

Shape of the [context] object passed to a Cloud Function when a bucket event fires.

property eventId

eventId: string;

A unique ID for the event. For example: “70172329041928”.

property eventType

eventType: “google.storage.object.finalize” | “google.storage.object.delete” | “google.storage.object.archive” | “google.storage.object.metadataUpdate”;

The type of the event.

property resource

resource: {
    name: string;
    service: “storage.googleapis.com”;
    type: “storage#object”;
};

The resource that emitted the event.

property timestamp

timestamp: string;

The date/time this event was created. For example: “2018-04-09T07:56:12.975Z”.

interface BucketData

Shape of the [data] object passed to a Cloud Function when a bucket event fires.

See https://cloud.google.com/storage/docs/json_api/v1/objects for more details.

property bucket

bucket: string;

property contentType

contentType: string;

property crc32c

crc32c: string;

property etag

etag: string;

property generation

generation: number;

property id

id: string;

property kind

kind: “storage#object”;

property md5Hash

md5Hash: string;
mediaLink: string;

property metadata

metadata: Record<string, string>;

property metageneration

metageneration: number;

property name

name: string;
selfLink: string;

property size

size: number;

property storageClass

storageClass: string;

property timeCreated

timeCreated: string;

property timeStorageClassUpdated

timeStorageClassUpdated: string;

property updated

updated: string;

interface BucketEventArgs

property failurePolicy

failurePolicy?: cloudfunctions.FailurePolicy;

property triggerType

triggerType: “finalize” | “delete” | “archive” | “metadataUpdate”;

interface BucketEventCallbackFunctionArgs

extends CallbackFunctionArgs

Arguments that can be provided to control the Cloud Function created as the serverless endpoint for a bucket event.

property availableMemoryMb

availableMemoryMb?: pulumi.Input<number>;

Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.

property bucket

bucket?: storage.Bucket;

The bucket to use as the sourceArchiveBucket for the generated CloudFunctions Function source to be placed in. A fresh [storage.BucketObject] will be made there containing the serialized code.

property callback

callback?: BucketEventHandler;

property callbackFactory

callbackFactory?: undefined | () => BucketEventHandler;

property codePathOptions

codePathOptions?: pulumi.runtime.CodePathOptions;

Options to control which paths/packages should be included or excluded in the zip file containing the code for the GCP Function.

property description

description?: pulumi.Input<string>;

Description of the function.

property environmentVariables

environmentVariables?: pulumi.Input<{[key: string]: any}>;

A set of key/value environment variable pairs to assign to the function.

property eventTrigger

eventTrigger?: undefined;

property httpsTriggerUrl

httpsTriggerUrl?: undefined;

property labels

labels?: pulumi.Input<{[key: string]: any}>;

A set of key/value label pairs to assign to the function.

property project

project?: pulumi.Input<string>;

Project of the function. If it is not provided, the provider project is used.

property region

region?: pulumi.Input<string>;

Region of function. Currently can be only “us-central1”. If it is not provided, the provider region is used.

property serviceAccountEmail

serviceAccountEmail?: pulumi.Input<string>;

If provided, the self-provided service account to run the function with.

property timeout

timeout?: pulumi.Input<number>;

Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.

property triggerHttp

triggerHttp?: undefined;

interface BucketIAMBindingArgs

The set of arguments for constructing a BucketIAMBinding resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property members

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMBindingState

Input properties used for looking up and filtering BucketIAMBinding resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property members

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMMemberArgs

The set of arguments for constructing a BucketIAMMember resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property member

member: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMMemberState

Input properties used for looking up and filtering BucketIAMMember resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property member

member?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface BucketIAMPolicyArgs

The set of arguments for constructing a BucketIAMPolicy resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property policyData

policyData: pulumi.Input<string>;

interface BucketIAMPolicyState

Input properties used for looking up and filtering BucketIAMPolicy resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the storage bucket’s IAM policy.

property policyData

policyData?: pulumi.Input<string>;

interface BucketObjectArgs

The set of arguments for constructing a BucketObject resource.

property bucket

bucket: pulumi.Input<string>;

The name of the containing bucket.

property cacheControl

cacheControl?: pulumi.Input<string>;

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

content?: pulumi.Input<string>;

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Content-Disposition of the object data.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Content-Encoding of the object data.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

Content-Language of the object data.

property contentType

contentType?: pulumi.Input<string>;

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property detectMd5hash

detectMd5hash?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

The name of the object. If you’re interpolating the name of this object, see output_name instead.

property source

source?: pulumi.Input<pulumi.asset.Archive>;

A path to the data you want to upload. Must be defined if content is not.

property storageClass

storageClass?: pulumi.Input<string>;

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

interface BucketObjectState

Input properties used for looking up and filtering BucketObject resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the containing bucket.

property cacheControl

cacheControl?: pulumi.Input<string>;

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

content?: pulumi.Input<string>;

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.

property contentDisposition

contentDisposition?: pulumi.Input<string>;

Content-Disposition of the object data.

property contentEncoding

contentEncoding?: pulumi.Input<string>;

Content-Encoding of the object data.

property contentLanguage

contentLanguage?: pulumi.Input<string>;

Content-Language of the object data.

property contentType

contentType?: pulumi.Input<string>;

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property crc32c

crc32c?: pulumi.Input<string>;

(Computed) Base 64 CRC32 hash of the uploaded data.

property detectMd5hash

detectMd5hash?: pulumi.Input<string>;

property md5hash

md5hash?: pulumi.Input<string>;

(Computed) Base 64 MD5 hash of the uploaded data.

property name

name?: pulumi.Input<string>;

The name of the object. If you’re interpolating the name of this object, see output_name instead.

property outputName

outputName?: pulumi.Input<string>;

(Computed) The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.

selfLink?: pulumi.Input<string>;

(Computed) A url reference to this object.

property source

source?: pulumi.Input<pulumi.asset.Archive>;

A path to the data you want to upload. Must be defined if content is not.

property storageClass

storageClass?: pulumi.Input<string>;

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

interface BucketState

Input properties used for looking up and filtering Bucket resources.

property cors

cors?: pulumi.Input<pulumi.Input<{
    maxAgeSeconds: pulumi.Input<number>;
    methods: pulumi.Input<pulumi.Input<string>[]>;
    origins: pulumi.Input<pulumi.Input<string>[]>;
    responseHeaders: pulumi.Input<pulumi.Input<string>[]>;
}>[]>;

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

property encryption

encryption?: pulumi.Input<{
    defaultKmsKeyName: pulumi.Input<string>;
}>;

The bucket’s encryption configuration.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.

property labels

labels?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value label pairs to assign to the bucket.

property lifecycleRules

lifecycleRules?: pulumi.Input<pulumi.Input<{
    action: pulumi.Input<{
        storageClass: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    condition: pulumi.Input<{
        age: pulumi.Input<number>;
        createdBefore: pulumi.Input<string>;
        isLive: pulumi.Input<boolean>;
        matchesStorageClasses: pulumi.Input<pulumi.Input<string>[]>;
        numNewerVersions: pulumi.Input<number>;
        withState: pulumi.Input<string>;
    }>;
}>[]>;

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

property location

location?: pulumi.Input<string>;

The GCS location

property logging

logging?: pulumi.Input<{
    logBucket: pulumi.Input<string>;
    logObjectPrefix: pulumi.Input<string>;
}>;

The bucket’s Access & Storage Logs configuration.

property name

name?: pulumi.Input<string>;

The name of the bucket.

property project

project?: pulumi.Input<string>;

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

property requesterPays

requesterPays?: pulumi.Input<boolean>;

Enables Requester Pays on a storage bucket.

selfLink?: pulumi.Input<string>;

The URI of the created resource.

property storageClass

storageClass?: pulumi.Input<string>;

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

property url

url?: pulumi.Input<string>;

The base URL of the bucket, in the format gs://<bucket-name>.

property versioning

versioning?: pulumi.Input<{
    enabled: pulumi.Input<boolean>;
}>;

The bucket’s Versioning configuration.

property websites

websites?: pulumi.Input<pulumi.Input<{
    mainPageSuffix: pulumi.Input<string>;
    notFoundPage: pulumi.Input<string>;
}>[]>;

Configuration if the bucket acts as a website. Structure is documented below.

interface DefaultObjectACLArgs

The set of arguments for constructing a DefaultObjectACL resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket it applies to.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

interface DefaultObjectACLState

Input properties used for looking up and filtering DefaultObjectACL resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket it applies to.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

interface DefaultObjectAccessControlArgs

The set of arguments for constructing a DefaultObjectAccessControl resource.

property bucket

bucket: pulumi.Input<string>;

property entity

entity: pulumi.Input<string>;

property object

object?: pulumi.Input<string>;

property role

interface DefaultObjectAccessControlState

Input properties used for looking up and filtering DefaultObjectAccessControl resources.

property bucket

bucket?: pulumi.Input<string>;

property domain

domain?: pulumi.Input<string>;

property email

email?: pulumi.Input<string>;

property entity

entity?: pulumi.Input<string>;

property entityId

entityId?: pulumi.Input<string>;

property generation

generation?: pulumi.Input<number>;

property object

object?: pulumi.Input<string>;

property projectTeam

projectTeam?: pulumi.Input<{
    projectNumber: pulumi.Input<string>;
    team: pulumi.Input<string>;
}>;

property role

role?: pulumi.Input<string>;

interface GetBucketObjectArgs

A collection of arguments for invoking getBucketObject.

property bucket

bucket?: undefined | string;

The name of the containing bucket.

property name

name?: undefined | string;

The name of the object.

interface GetBucketObjectResult

A collection of values returned by getBucketObject.

property bucket

bucket?: undefined | string;

property cacheControl

cacheControl: string;

(Computed) Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

property content

content: string;

property contentDisposition

contentDisposition: string;

(Computed) Content-Disposition of the object data.

property contentEncoding

contentEncoding: string;

(Computed) Content-Encoding of the object data.

property contentLanguage

contentLanguage: string;

(Computed) Content-Language of the object data.

property contentType

contentType: string;

(Computed) Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

property crc32c

crc32c: string;

(Computed) Base 64 CRC32 hash of the uploaded data.

property detectMd5hash

detectMd5hash: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property md5hash

md5hash: string;

(Computed) Base 64 MD5 hash of the uploaded data.

property name

name?: undefined | string;

property outputName

outputName: string;

property predefinedAcl

predefinedAcl: string;
selfLink: string;

(Computed) A url reference to this object.

property source

source: string;

property storageClass

storageClass: string;

(Computed) The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

interface GetObjectSignedUrlArgs

A collection of arguments for invoking getObjectSignedUrl.

property bucket

bucket: string;

The name of the bucket to read the object from

property contentMd5

contentMd5?: undefined | string;

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

property contentType

contentType?: undefined | string;

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

property credentials

credentials?: undefined | string;

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

property duration

duration?: undefined | string;

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

property extensionHeaders

extensionHeaders?: undefined | {[key: string]: string};

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

property httpMethod

httpMethod?: undefined | string;

What HTTP Method will the signed URL allow (defaults to GET)

property path

path: string;

The full path to the object inside the bucket

interface GetObjectSignedUrlResult

A collection of values returned by getObjectSignedUrl.

property bucket

bucket: string;

property contentMd5

contentMd5?: undefined | string;

property contentType

contentType?: undefined | string;

property credentials

credentials?: undefined | string;

property duration

duration?: undefined | string;

property extensionHeaders

extensionHeaders?: undefined | {[key: string]: string};

property httpMethod

httpMethod?: undefined | string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property path

path: string;

property signedUrl

signedUrl: string;

The signed URL that can be used to access the storage object without authentication.

interface GetProjectServiceAccountArgs

A collection of arguments for invoking getProjectServiceAccount.

property project

project?: undefined | string;

The project the unique service account was created for. If it is not provided, the provider project is used.

property userProject

userProject?: undefined | string;

The project the lookup originates from. This field is used if you are making the request from a different account than the one you are finding the service account for.

interface GetProjectServiceAccountResult

A collection of values returned by getProjectServiceAccount.

property emailAddress

emailAddress: string;

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property project

project: string;

property userProject

userProject?: undefined | string;

interface GetTransferProjectServieAccountArgs

A collection of arguments for invoking getTransferProjectServieAccount.

property project

project?: undefined | string;

The project ID. If it is not provided, the provider project is used.

interface GetTransferProjectServieAccountResult

A collection of values returned by getTransferProjectServieAccount.

property email

email: string;

Email address of the default service account used by Storage Transfer Jobs running in this project

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property project

project: string;

interface NotificationArgs

The set of arguments for constructing a Notification resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket.

property customAttributes

customAttributes?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

property eventTypes

eventTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

property objectNamePrefix

objectNamePrefix?: pulumi.Input<string>;

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

property payloadFormat

payloadFormat: pulumi.Input<string>;

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

property topic

topic: pulumi.Input<string>;

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

interface NotificationState

Input properties used for looking up and filtering Notification resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket.

property customAttributes

customAttributes?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

property eventTypes

eventTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

property objectNamePrefix

objectNamePrefix?: pulumi.Input<string>;

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

property payloadFormat

payloadFormat?: pulumi.Input<string>;

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

selfLink?: pulumi.Input<string>;

The URI of the created resource.

property topic

topic?: pulumi.Input<string>;

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

interface ObjectACLArgs

The set of arguments for constructing a ObjectACL resource.

property bucket

bucket: pulumi.Input<string>;

The name of the bucket the object is stored in.

property object

object: pulumi.Input<string>;

The name of the object to apply the acl to.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The “canned” predefined ACL to apply. Must be set if role_entity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

interface ObjectACLState

Input properties used for looking up and filtering ObjectACL resources.

property bucket

bucket?: pulumi.Input<string>;

The name of the bucket the object is stored in.

property object

object?: pulumi.Input<string>;

The name of the object to apply the acl to.

property predefinedAcl

predefinedAcl?: pulumi.Input<string>;

The “canned” predefined ACL to apply. Must be set if role_entity is not.

property roleEntities

roleEntities?: pulumi.Input<pulumi.Input<string>[]>;

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

interface ObjectAccessControlArgs

The set of arguments for constructing a ObjectAccessControl resource.

property bucket

bucket: pulumi.Input<string>;

property entity

entity: pulumi.Input<string>;

property object

object: pulumi.Input<string>;

property role

interface ObjectAccessControlState

Input properties used for looking up and filtering ObjectAccessControl resources.

property bucket

bucket?: pulumi.Input<string>;

property domain

domain?: pulumi.Input<string>;

property email

email?: pulumi.Input<string>;

property entity

entity?: pulumi.Input<string>;

property entityId

entityId?: pulumi.Input<string>;

property generation

generation?: pulumi.Input<number>;

property object

object?: pulumi.Input<string>;

property projectTeam

projectTeam?: pulumi.Input<{
    projectNumber: pulumi.Input<string>;
    team: pulumi.Input<string>;
}>;

property role

role?: pulumi.Input<string>;

interface SimpleBucketEventArgs

Arguments to control how GCP will respond if the Cloud Function fails. Currently, the only specialized behavior supported is to attempt retrying the Cloud Function. See [cloudfunctions.FailurePolicy] for more information on this.

property failurePolicy

failurePolicy?: cloudfunctions.FailurePolicy;

interface TransferJobArgs

The set of arguments for constructing a TransferJob resource.

property description

description: pulumi.Input<string>;

Unique description to identify the Transfer Job.

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property schedule

schedule: pulumi.Input<{
    scheduleEndDate: pulumi.Input<{
        day: pulumi.Input<number>;
        month: pulumi.Input<number>;
        year: pulumi.Input<number>;
    }>;
    scheduleStartDate: pulumi.Input<{
        day: pulumi.Input<number>;
        month: pulumi.Input<number>;
        year: pulumi.Input<number>;
    }>;
    startTimeOfDay: pulumi.Input<{
        hours: pulumi.Input<number>;
        minutes: pulumi.Input<number>;
        nanos: pulumi.Input<number>;
        seconds: pulumi.Input<number>;
    }>;
}>;

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

property status

status?: pulumi.Input<string>;

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

property transferSpec

transferSpec: pulumi.Input<{
    awsS3DataSource: pulumi.Input<{
        awsAccessKey: pulumi.Input<{
            accessKeyId: pulumi.Input<string>;
            secretAccessKey: pulumi.Input<string>;
        }>;
        bucketName: pulumi.Input<string>;
    }>;
    gcsDataSink: pulumi.Input<{
        bucketName: pulumi.Input<string>;
    }>;
    gcsDataSource: pulumi.Input<{
        bucketName: pulumi.Input<string>;
    }>;
    httpDataSource: pulumi.Input<{
        listUrl: pulumi.Input<string>;
    }>;
    objectConditions: pulumi.Input<{
        excludePrefixes: pulumi.Input<pulumi.Input<string>[]>;
        includePrefixes: pulumi.Input<pulumi.Input<string>[]>;
        maxTimeElapsedSinceLastModification: pulumi.Input<string>;
        minTimeElapsedSinceLastModification: pulumi.Input<string>;
    }>;
    transferOptions: pulumi.Input<{
        deleteObjectsFromSourceAfterTransfer: pulumi.Input<boolean>;
        deleteObjectsUniqueInSink: pulumi.Input<boolean>;
        overwriteObjectsAlreadyExistingInSink: pulumi.Input<boolean>;
    }>;
}>;

Transfer specification. Structure documented below.

interface TransferJobState

Input properties used for looking up and filtering TransferJob resources.

property creationTime

creationTime?: pulumi.Input<string>;

When the Transfer Job was created.

property deletionTime

deletionTime?: pulumi.Input<string>;

When the Transfer Job was deleted.

property description

description?: pulumi.Input<string>;

Unique description to identify the Transfer Job.

property lastModificationTime

lastModificationTime?: pulumi.Input<string>;

When the Transfer Job was last modified.

property name

name?: pulumi.Input<string>;

The name of the Transfer Job.

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property schedule

schedule?: pulumi.Input<{
    scheduleEndDate: pulumi.Input<{
        day: pulumi.Input<number>;
        month: pulumi.Input<number>;
        year: pulumi.Input<number>;
    }>;
    scheduleStartDate: pulumi.Input<{
        day: pulumi.Input<number>;
        month: pulumi.Input<number>;
        year: pulumi.Input<number>;
    }>;
    startTimeOfDay: pulumi.Input<{
        hours: pulumi.Input<number>;
        minutes: pulumi.Input<number>;
        nanos: pulumi.Input<number>;
        seconds: pulumi.Input<number>;
    }>;
}>;

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

property status

status?: pulumi.Input<string>;

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

property transferSpec

transferSpec?: pulumi.Input<{
    awsS3DataSource: pulumi.Input<{
        awsAccessKey: pulumi.Input<{
            accessKeyId: pulumi.Input<string>;
            secretAccessKey: pulumi.Input<string>;
        }>;
        bucketName: pulumi.Input<string>;
    }>;
    gcsDataSink: pulumi.Input<{
        bucketName: pulumi.Input<string>;
    }>;
    gcsDataSource: pulumi.Input<{
        bucketName: pulumi.Input<string>;
    }>;
    httpDataSource: pulumi.Input<{
        listUrl: pulumi.Input<string>;
    }>;
    objectConditions: pulumi.Input<{
        excludePrefixes: pulumi.Input<pulumi.Input<string>[]>;
        includePrefixes: pulumi.Input<pulumi.Input<string>[]>;
        maxTimeElapsedSinceLastModification: pulumi.Input<string>;
        minTimeElapsedSinceLastModification: pulumi.Input<string>;
    }>;
    transferOptions: pulumi.Input<{
        deleteObjectsFromSourceAfterTransfer: pulumi.Input<boolean>;
        deleteObjectsUniqueInSink: pulumi.Input<boolean>;
        overwriteObjectsAlreadyExistingInSink: pulumi.Input<boolean>;
    }>;
}>;

Transfer specification. Structure documented below.

type BucketEventHandler

type BucketEventHandler = cloudfunctions.Callback<BucketData, BucketContext, void>;