storage

class pulumi_gcp.storage.Bucket(resource_name, opts=None, cors=None, encryption=None, force_destroy=None, labels=None, lifecycle_rules=None, location=None, logging=None, name=None, project=None, storage_class=None, versioning=None, websites=None, __name__=None, __opts__=None)

Creates a new bucket in Google cloud storage service (GCS). Once a bucket has been created, its location can’t be changed. ACLs can be applied using the ``google_storage_bucket_acl` resource <https://www.terraform.io/docs/providers/google/r/storage_bucket_acl.html>`_.

For more information see the official documentation and API.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • cors (pulumi.Input[list]) – The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.
  • encryption (pulumi.Input[dict]) – The bucket’s encryption configuration.
  • force_destroy (pulumi.Input[bool]) – When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.
  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to the bucket.
  • lifecycle_rules (pulumi.Input[list]) – The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.
  • location (pulumi.Input[str]) – The GCS location
  • logging (pulumi.Input[dict]) – The bucket’s Access & Storage Logs configuration.
  • name (pulumi.Input[str]) – The name of the bucket.
  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
  • storage_class (pulumi.Input[str]) – The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.
  • versioning (pulumi.Input[dict]) – The bucket’s Versioning configuration.
  • websites (pulumi.Input[list]) – Configuration if the bucket acts as a website. Structure is documented below.
cors = None

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

encryption = None

The bucket’s encryption configuration.

force_destroy = None

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.

labels = None

A set of key/value label pairs to assign to the bucket.

lifecycle_rules = None

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

location = None

The GCS location

logging = None

The bucket’s Access & Storage Logs configuration.

name = None

The name of the bucket.

project = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The URI of the created resource.

storage_class = None

The Storage Class of the new bucket. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

url = None

The base URL of the bucket, in the format gs://<bucket-name>.

versioning = None

The bucket’s Versioning configuration.

websites = None

Configuration if the bucket acts as a website. Structure is documented below.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.BucketACL(resource_name, opts=None, bucket=None, default_acl=None, predefined_acl=None, role_entities=None, __name__=None, __opts__=None)

Creates a new bucket ACL in Google cloud storage service (GCS). For more information see the official documentation and API.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.
  • default_acl (pulumi.Input[str]) – Configure this ACL to be the default ACL.
  • predefined_acl (pulumi.Input[str]) – The canned GCS ACL to apply. Must be set if role_entity is not.
  • role_entities (pulumi.Input[list]) – List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.
bucket = None

The name of the bucket it applies to.

default_acl = None

Configure this ACL to be the default ACL.

predefined_acl = None

The canned GCS ACL to apply. Must be set if role_entity is not.

role_entities = None

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.BucketIAMBinding(resource_name, opts=None, bucket=None, members=None, role=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • google_storage_bucket_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • google_storage_bucket_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • google_storage_bucket_iam_policy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.
Note: google_storage_bucket_iam_binding resources can be used in conjunction with google_storage_bucket_iam_member resources only if they do not grant privilege to the same role.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

:param pulumi.Input[list] members :param pulumi.Input[str] role: The role that should be applied. Note that custom roles must be of the format

[projects|organizations]/{parent-name}/roles/{role-name}.
bucket = None

The name of the bucket it applies to.

etag = None

(Computed) The etag of the storage bucket’s IAM policy.

role = None

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.BucketIAMMember(resource_name, opts=None, bucket=None, member=None, role=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • google_storage_bucket_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • google_storage_bucket_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • google_storage_bucket_iam_policy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.
Note: google_storage_bucket_iam_binding resources can be used in conjunction with google_storage_bucket_iam_member resources only if they do not grant privilege to the same role.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

:param pulumi.Input[str] member :param pulumi.Input[str] role: The role that should be applied. Note that custom roles must be of the format

[projects|organizations]/{parent-name}/roles/{role-name}.
bucket = None

The name of the bucket it applies to.

etag = None

(Computed) The etag of the storage bucket’s IAM policy.

role = None

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.BucketIAMPolicy(resource_name, opts=None, bucket=None, policy_data=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for storage bucket. Each of these resources serves a different use case:

  • google_storage_bucket_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the storage bucket are preserved.
  • google_storage_bucket_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the storage bucket are preserved.
  • google_storage_bucket_iam_policy: Setting a policy removes all other permissions on the bucket, and if done incorrectly, there’s a real chance you will lock yourself out of the bucket. If possible for your use case, using multiple google_storage_bucket_iam_binding resources will be much safer. See the usage example on how to work with policy correctly.
Note: google_storage_bucket_iam_binding resources can be used in conjunction with google_storage_bucket_iam_member resources only if they do not grant privilege to the same role.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

:param pulumi.Input[str] policy_data

bucket = None

The name of the bucket it applies to.

etag = None

(Computed) The etag of the storage bucket’s IAM policy.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.BucketObject(resource_name, opts=None, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, detect_md5hash=None, name=None, source=None, storage_class=None, __name__=None, __opts__=None)

Creates a new object inside an existing bucket in Google cloud storage service (GCS). ACLs can be applied using the google_storage_object_acl resource.

For more information see

the official documentation and API.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the containing bucket.
  • cache_control (pulumi.Input[str]) – Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600
  • content (pulumi.Input[str]) – Data as string to be uploaded. Must be defined if source is not.
  • content_disposition (pulumi.Input[str]) – Content-Disposition of the object data.
  • content_encoding (pulumi.Input[str]) – Content-Encoding of the object data.
  • content_language (pulumi.Input[str]) – Content-Language of the object data.
  • content_type (pulumi.Input[str]) – Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

:param pulumi.Input[str] detect_md5hash :param pulumi.Input[str] name: The name of the object. :param pulumi.Input[pulumi.Archive] source: A path to the data you want to upload. Must be defined

if content is not.
Parameters:storage_class (pulumi.Input[str]) – The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.
bucket = None

The name of the containing bucket.

cache_control = None

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

content = None

Data as string to be uploaded. Must be defined if source is not.

content_disposition = None

Content-Disposition of the object data.

content_encoding = None

Content-Encoding of the object data.

content_language = None

Content-Language of the object data.

content_type = None

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

crc32c = None

(Computed) Base 64 CRC32 hash of the uploaded data.

md5hash = None

(Computed) Base 64 MD5 hash of the uploaded data.

name = None

The name of the object.

source = None

A path to the data you want to upload. Must be defined if content is not.

storage_class = None

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.DefaultObjectACL(resource_name, opts=None, bucket=None, role_entities=None, __name__=None, __opts__=None)

Creates a new default object ACL in Google Cloud Storage service (GCS). For more information see

Note that for each object, its creator will have the "OWNER" role in addition to the default ACL that has been defined.

For more information see the official documentation and API.

Want fine-grained control over default object ACLs? Use google_storage_default_object_access_control to control individual role entity pairs.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.
  • role_entities (pulumi.Input[list]) – List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details.
bucket = None

The name of the bucket it applies to.

role_entities = None

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.DefaultObjectAccessControl(resource_name, opts=None, bucket=None, entity=None, object=None, role=None, __name__=None, __opts__=None)

The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within a Google Cloud Storage bucket when no ACL was provided for that object. ACLs let you specify who has access to your bucket contents and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about DefaultObjectAccessControl, see:

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[str] bucket :param pulumi.Input[str] entity :param pulumi.Input[str] object :param pulumi.Input[str] role

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.GetObjectSignedUrlResult(signed_url=None, id=None)

A collection of values returned by getObjectSignedUrl.

signed_url = None

The signed URL that can be used to access the storage object without authentication.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.storage.GetProjectServiceAccountResult(email_address=None, project=None, id=None)

A collection of values returned by getProjectServiceAccount.

email_address = None

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.storage.Notification(resource_name, opts=None, bucket=None, custom_attributes=None, event_types=None, object_name_prefix=None, payload_format=None, topic=None, __name__=None, __opts__=None)
Creates a new notification configuration on a specified bucket, establishing a flow of event notifications from GCS to a Cloud Pub/Sub topic.
For more information see

the official documentation and API.

In order to enable notifications, a special Google Cloud Storage service account unique to the project must have the IAM permission “projects.topics.publish” for a Cloud Pub/Sub topic in the project. To get the service account’s email address, use the google_storage_project_service_account datasource’s email_address value, and see below for an example of enabling notifications by granting the correct IAM permission. See the notifications documentation for more details.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket.
  • custom_attributes (pulumi.Input[dict]) – A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription
  • event_types (pulumi.Input[list]) – List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"
  • object_name_prefix (pulumi.Input[str]) – Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.
  • payload_format (pulumi.Input[str]) – The desired content of the Payload. One of "JSON_API_V1" or "NONE".
  • topic (pulumi.Input[str]) – The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.
bucket = None

The name of the bucket.

custom_attributes = None

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

event_types = None

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

object_name_prefix = None

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

payload_format = None

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

The URI of the created resource.

topic = None

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.ObjectACL(resource_name, opts=None, bucket=None, object=None, predefined_acl=None, role_entities=None, __name__=None, __opts__=None)

Creates a new object ACL in Google cloud storage service (GCS). For more information see the official documentation and API.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.
  • object (pulumi.Input[str]) – The name of the object it applies to.
  • predefined_acl (pulumi.Input[str]) –

    The canned GCS ACL to apply. Must be set if role_entity is not.

  • role_entities (pulumi.Input[list]) –

    List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

bucket = None

The name of the bucket it applies to.

object = None

The name of the object it applies to.

predefined_acl = None

The canned GCS ACL to apply. Must be set if role_entity is not.

role_entities = None

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_gcp.storage.ObjectAccessControl(resource_name, opts=None, bucket=None, entity=None, object=None, role=None, __name__=None, __opts__=None)

The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about ObjectAccessControl, see:

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.

:param pulumi.Input[str] bucket :param pulumi.Input[str] entity :param pulumi.Input[str] object :param pulumi.Input[str] role

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_gcp.storage.get_object_signed_url(bucket=None, content_md5=None, content_type=None, credentials=None, duration=None, extension_headers=None, http_method=None, path=None)

The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.

For more info about signed URL’s is available here.

pulumi_gcp.storage.get_project_service_account(project=None, user_project=None)

Get the email address of a project’s unique Google Cloud Storage service account.

Each Google Cloud project has a unique service account for use with Google Cloud Storage. Only this special service account can be used to set up google_storage_notification resources.

For more information see the API reference.