@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
177 lines • 8.39 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Authoritatively manages the access control list (ACL) for an object in a Google
* Cloud Storage (GCS) bucket. Removing a `gcp.storage.ObjectACL` sets the
* acl to the `private` [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl).
*
* For more information see
* [the official documentation](https://cloud.google.com/storage/docs/access-control/lists)
* and
* [API](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls).
*
* > Want fine-grained control over object ACLs? Use `gcp.storage.ObjectAccessControl` to control individual
* role entity pairs.
*
* ## Example Usage
*
* Create an object ACL with one owner and one reader.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const image_store = new gcp.storage.Bucket("image-store", {
* name: "image-store-bucket",
* location: "EU",
* });
* const image = new gcp.storage.BucketObject("image", {
* name: "image1",
* bucket: image_store.name,
* source: new pulumi.asset.FileAsset("image1.jpg"),
* });
* const image_store_acl = new gcp.storage.ObjectACL("image-store-acl", {
* bucket: image_store.name,
* object: image.outputName,
* roleEntities: [
* "OWNER:user-my.email@gmail.com",
* "READER:group-mygroup",
* ],
* });
* ```
*
* ## Import
*
* This resource does not support import.
*/
export declare class ObjectACL extends pulumi.CustomResource {
/**
* Get an existing ObjectACL resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ObjectACLState, opts?: pulumi.CustomResourceOptions): ObjectACL;
/**
* Returns true if the given object is an instance of ObjectACL. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is ObjectACL;
/**
* The name of the bucket the object is stored in.
*/
readonly bucket: pulumi.Output<string>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
readonly deletionPolicy: pulumi.Output<string>;
/**
* The name of the object to apply the acl to.
*
* - - -
*/
readonly object: pulumi.Output<string>;
/**
* The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not.
*/
readonly predefinedAcl: pulumi.Output<string | undefined>;
/**
* List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details.
* Must be set if `predefinedAcl` is not.
*
* > The object's creator will always have `OWNER` permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically
* adds that role/entity pair to your `pulumi preview` results when it is omitted in your config; `pulumi preview` will show the correct final state at every point except for at
* `Create` time, where the object role/entity pair is omitted if not explicitly set.
*/
readonly roleEntities: pulumi.Output<string[]>;
/**
* Create a ObjectACL resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: ObjectACLArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering ObjectACL resources.
*/
export interface ObjectACLState {
/**
* The name of the bucket the object is stored in.
*/
bucket?: pulumi.Input<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* The name of the object to apply the acl to.
*
* - - -
*/
object?: pulumi.Input<string | undefined>;
/**
* The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not.
*/
predefinedAcl?: pulumi.Input<string | undefined>;
/**
* List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details.
* Must be set if `predefinedAcl` is not.
*
* > The object's creator will always have `OWNER` permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically
* adds that role/entity pair to your `pulumi preview` results when it is omitted in your config; `pulumi preview` will show the correct final state at every point except for at
* `Create` time, where the object role/entity pair is omitted if not explicitly set.
*/
roleEntities?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
/**
* The set of arguments for constructing a ObjectACL resource.
*/
export interface ObjectACLArgs {
/**
* The name of the bucket the object is stored in.
*/
bucket: pulumi.Input<string>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE".
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* The name of the object to apply the acl to.
*
* - - -
*/
object: pulumi.Input<string>;
/**
* The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not.
*/
predefinedAcl?: pulumi.Input<string | undefined>;
/**
* List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details.
* Must be set if `predefinedAcl` is not.
*
* > The object's creator will always have `OWNER` permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically
* adds that role/entity pair to your `pulumi preview` results when it is omitted in your config; `pulumi preview` will show the correct final state at every point except for at
* `Create` time, where the object role/entity pair is omitted if not explicitly set.
*/
roleEntities?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
//# sourceMappingURL=objectACL.d.ts.map