@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; /** * Bucket ACLs can be managed authoritatively using the * `storageBucketAcl` resource. Do not use these two resources in conjunction to manage the same bucket. * * The BucketAccessControls resource manages the Access Control List * (ACLs) for a single entity/role pairing on a bucket. ACLs let you specify who * has access to your data and to what extent. * * There are three roles that can be assigned to an entity: * * READERs can get the bucket, though no acl property will be returned, and * list the bucket's objects. WRITERs are READERs, and they can insert * objects into the bucket and delete the bucket's objects. OWNERs are * WRITERs, and they can get the acl property of a bucket, update a bucket, * and call all BucketAccessControls methods on the bucket. For more * information, see Access Control, with the caveat that this API uses * READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL. * * To get more information about BucketAccessControl, see: * * * [API documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls) * * How-to Guides * * [Official Documentation](https://cloud.google.com/storage/docs/access-control/lists) * * ## Example Usage * * ### Storage Bucket Access Control Public Bucket * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const bucket = new gcp.storage.Bucket("bucket", { * name: "static-content-bucket", * location: "US", * }); * const publicRule = new gcp.storage.BucketAccessControl("public_rule", { * bucket: bucket.name, * role: "READER", * entity: "allUsers", * }); * ``` * * ## Import * * BucketAccessControl can be imported using any of these accepted formats: * * * `{{bucket}}/{{entity}}` * * When using the `pulumi import` command, BucketAccessControl can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:storage/bucketAccessControl:BucketAccessControl default {{bucket}}/{{entity}} * ``` */ export declare class BucketAccessControl extends pulumi.CustomResource { /** * Get an existing BucketAccessControl resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketAccessControlState, opts?: pulumi.CustomResourceOptions): BucketAccessControl; /** * Returns true if the given object is an instance of BucketAccessControl. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is BucketAccessControl; /** * The name of the bucket. */ readonly bucket: pulumi.Output<string>; /** * The domain associated with the entity. */ readonly domain: pulumi.Output<string>; /** * The email address associated with the entity. */ readonly email: pulumi.Output<string>; /** * The entity holding the permission, in one of the following forms: * user-userId * user-email * group-groupId * group-email * domain-domain * project-team-projectId * allUsers * allAuthenticatedUsers * Examples: * The user liz@example.com would be user-liz@example.com. * The group example@googlegroups.com would be * group-example@googlegroups.com. * To refer to all members of the Google Apps for Business domain * example.com, the entity would be domain-example.com. */ readonly entity: pulumi.Output<string>; /** * The access permission for the entity. * Possible values are: `OWNER`, `READER`, `WRITER`. */ readonly role: pulumi.Output<string | undefined>; /** * Create a BucketAccessControl resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: BucketAccessControlArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering BucketAccessControl resources. */ export interface BucketAccessControlState { /** * The name of the bucket. */ bucket?: pulumi.Input<string>; /** * The domain associated with the entity. */ domain?: pulumi.Input<string>; /** * The email address associated with the entity. */ email?: pulumi.Input<string>; /** * The entity holding the permission, in one of the following forms: * user-userId * user-email * group-groupId * group-email * domain-domain * project-team-projectId * allUsers * allAuthenticatedUsers * Examples: * The user liz@example.com would be user-liz@example.com. * The group example@googlegroups.com would be * group-example@googlegroups.com. * To refer to all members of the Google Apps for Business domain * example.com, the entity would be domain-example.com. */ entity?: pulumi.Input<string>; /** * The access permission for the entity. * Possible values are: `OWNER`, `READER`, `WRITER`. */ role?: pulumi.Input<string>; } /** * The set of arguments for constructing a BucketAccessControl resource. */ export interface BucketAccessControlArgs { /** * The name of the bucket. */ bucket: pulumi.Input<string>; /** * The entity holding the permission, in one of the following forms: * user-userId * user-email * group-groupId * group-email * domain-domain * project-team-projectId * allUsers * allAuthenticatedUsers * Examples: * The user liz@example.com would be user-liz@example.com. * The group example@googlegroups.com would be * group-example@googlegroups.com. * To refer to all members of the Google Apps for Business domain * example.com, the entity would be domain-example.com. */ entity: pulumi.Input<string>; /** * The access permission for the entity. * Possible values are: `OWNER`, `READER`, `WRITER`. */ role?: pulumi.Input<string>; }