@pulumi/yandex
Version:
A Pulumi package for creating and managing yandex cloud resources.
576 lines (575 loc) • 20.3 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import { input as inputs, output as outputs } from "./types";
/**
* Allows management of [Yandex.Cloud Storage Bucket](https://cloud.yandex.com/docs/storage/concepts/bucket).
*
* > **Note:** Your need to provide [static access key](https://cloud.yandex.com/docs/iam/concepts/authorization/access-key) (Access and Secret) to create storage client to work with Storage Service. To create them you need Service Account and proper permissions.
*
* ## Example Usage
* ### Simple Private Bucket
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const folderId = "<folder-id>";
* // Create SA
* const sa = new yandex.IamServiceAccount("sa", {folderId: folderId});
* // Grant permissions
* const sa_editor = new yandex.ResourcemanagerFolderIamMember("sa-editor", {
* folderId: folderId,
* role: "storage.editor",
* member: pulumi.interpolate`serviceAccount:${sa.id}`,
* });
* // Create Static Access Keys
* const sa_static_key = new yandex.IamServiceAccountStaticAccessKey("sa-static-key", {
* serviceAccountId: sa.id,
* description: "static access key for object storage",
* });
* // Use keys to create bucket
* const test = new yandex.StorageBucket("test", {
* accessKey: sa_static_key.accessKey,
* secretKey: sa_static_key.secretKey,
* bucket: "tf-test-bucket",
* });
* ```
* ### Static Website Hosting
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const test = new yandex.StorageBucket("test", {
* acl: "public-read",
* bucket: "storage-website-test.hashicorp.com",
* website: {
* errorDocument: "error.html",
* indexDocument: "index.html",
* routingRules: `[{
* "Condition": {
* "KeyPrefixEquals": "docs/"
* },
* "Redirect": {
* "ReplaceKeyPrefixWith": "documents/"
* }
* }]
* `,
* },
* });
* ```
* ### Using ACL policy grants
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const test = new yandex.StorageBucket("test", {
* bucket: "mybucket",
* grants: [
* {
* id: "myuser",
* permissions: ["FULL_CONTROL"],
* type: "CanonicalUser",
* },
* {
* permissions: [
* "READ",
* "WRITE",
* ],
* type: "Group",
* uri: "http://acs.amazonaws.com/groups/global/AllUsers",
* },
* ],
* });
* ```
* ### Using CORS
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const storageBucket = new yandex.StorageBucket("b", {
* acl: "public-read",
* bucket: "s3-website-test.hashicorp.com",
* corsRules: [{
* allowedHeaders: ["*"],
* allowedMethods: [
* "PUT",
* "POST",
* ],
* allowedOrigins: ["https://s3-website-test.hashicorp.com"],
* exposeHeaders: ["ETag"],
* maxAgeSeconds: 3000,
* }],
* });
* ```
* ### Using versioning
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const storageBucket = new yandex.StorageBucket("b", {
* acl: "private",
* bucket: "my-tf-test-bucket",
* versioning: {
* enabled: true,
* },
* });
* ```
* ### Enable Logging
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const logBucket = new yandex.StorageBucket("logBucket", {bucket: "my-tf-log-bucket"});
* const storageBucket = new yandex.StorageBucket("storageBucket", {
* bucket: "my-tf-test-bucket",
* acl: "private",
* loggings: [{
* targetBucket: logBucket.id,
* targetPrefix: "log/",
* }],
* });
* ```
* ### Using object lifecycle
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const bucket = new yandex.StorageBucket("bucket", {
* acl: "private",
* bucket: "my-bucket",
* lifecycleRules: [
* {
* enabled: true,
* expiration: {
* days: 90,
* },
* id: "log",
* prefix: "log/",
* transitions: [{
* days: 30,
* storageClass: "COLD",
* }],
* },
* {
* enabled: true,
* expiration: {
* date: "2020-12-21",
* },
* id: "tmp",
* prefix: "tmp/",
* },
* ],
* });
* const versioningBucket = new yandex.StorageBucket("versioning_bucket", {
* acl: "private",
* bucket: "my-versioning-bucket",
* lifecycleRules: [{
* enabled: true,
* noncurrentVersionExpiration: {
* days: 90,
* },
* noncurrentVersionTransitions: [{
* days: 30,
* storageClass: "COLD",
* }],
* prefix: "config/",
* }],
* versioning: {
* enabled: true,
* },
* });
* ```
* ### Using SSE
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const key_a = new yandex.KmsSymmetricKey("key-a", {
* description: "description for key",
* defaultAlgorithm: "AES_128",
* rotationPeriod: "8760h",
* });
* // equal to 1 year
* const test = new yandex.StorageBucket("test", {
* bucket: "mybucket",
* serverSideEncryptionConfiguration: {
* rule: {
* applyServerSideEncryptionByDefault: {
* kmsMasterKeyId: key_a.id,
* sseAlgorithm: "aws:kms",
* },
* },
* },
* });
* ```
* ### Bucket Policy
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const storageBucket = new yandex.StorageBucket("b", {
* bucket: "my-policy-bucket",
* policy: `{
* "Version": "2012-10-17",
* "Statement": [
* {
* "Effect": "Allow",
* "Principal": "*",
* "Action": "s3:*",
* "Resource": [
* "arn:aws:s3:::my-policy-bucket/*",
* "arn:aws:s3:::my-policy-bucket"
* ]
* },
* {
* "Effect": "Deny",
* "Principal": "*",
* "Action": "s3:PutObject",
* "Resource": [
* "arn:aws:s3:::my-policy-bucket/*",
* "arn:aws:s3:::my-policy-bucket"
* ]
* }
* ]
* }
* `,
* });
* ```
* ### All settings example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as yandex from "@pulumi/yandex";
*
* const logBucket = new yandex.StorageBucket("logBucket", {
* bucket: "my-tf-log-bucket",
* lifecycleRules: [{
* id: "cleanupoldlogs",
* enabled: true,
* expiration: {
* days: 365,
* },
* }],
* });
* const key_a = new yandex.KmsSymmetricKey("key-a", {
* description: "description for key",
* defaultAlgorithm: "AES_128",
* rotationPeriod: "8760h",
* });
* // equal to 1 year
* const allSettings = new yandex.StorageBucket("allSettings", {
* bucket: "example-tf-settings-bucket",
* website: {
* indexDocument: "index.html",
* errorDocument: "error.html",
* },
* lifecycleRules: [
* {
* id: "test",
* enabled: true,
* prefix: "prefix/",
* expiration: {
* days: 30,
* },
* },
* {
* id: "log",
* enabled: true,
* prefix: "log/",
* transitions: [{
* days: 30,
* storageClass: "COLD",
* }],
* expiration: {
* days: 90,
* },
* },
* {
* id: "everything180",
* prefix: "",
* enabled: true,
* expiration: {
* days: 180,
* },
* },
* {
* id: "cleanupoldversions",
* prefix: "config/",
* enabled: true,
* noncurrentVersionTransitions: [{
* days: 30,
* storageClass: "COLD",
* }],
* noncurrentVersionExpiration: {
* days: 90,
* },
* },
* {
* id: "abortmultiparts",
* prefix: "",
* enabled: true,
* abortIncompleteMultipartUploadDays: 7,
* },
* ],
* corsRules: [{
* allowedHeaders: ["*"],
* allowedMethods: [
* "GET",
* "PUT",
* ],
* allowedOrigins: ["https://storage-cloud.example.com"],
* exposeHeaders: ["ETag"],
* maxAgeSeconds: 3000,
* }],
* versioning: {
* enabled: true,
* },
* serverSideEncryptionConfiguration: {
* rule: {
* applyServerSideEncryptionByDefault: {
* kmsMasterKeyId: key_a.id,
* sseAlgorithm: "aws:kms",
* },
* },
* },
* loggings: [{
* targetBucket: logBucket.id,
* targetPrefix: "tf-logs/",
* }],
* });
* ```
*
* ## Import
*
* Storage bucket can be imported using the `bucket`, e.g.
*
* ```sh
* $ pulumi import yandex:index/storageBucket:StorageBucket bucket bucket-name
* ```
*
* `false` in state. If you've set it to `true` in config, run `terraform apply` to update the value set in state. If you delete this resource before updating the value, objects in the bucket will not be destroyed.
*/
export declare class StorageBucket extends pulumi.CustomResource {
/**
* Get an existing StorageBucket resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: StorageBucketState, opts?: pulumi.CustomResourceOptions): StorageBucket;
/**
* Returns true if the given object is an instance of StorageBucket. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is StorageBucket;
/**
* The access key to use when applying changes. If omitted, `storageAccessKey` specified in provider config is used.
*/
readonly accessKey: pulumi.Output<string | undefined>;
/**
* The [predefined ACL](https://cloud.yandex.com/docs/storage/concepts/acl#predefined_acls) to apply. Defaults to `private`. Conflicts with `grant`.
*/
readonly acl: pulumi.Output<string | undefined>;
readonly bucket: pulumi.Output<string>;
/**
* The bucket domain name.
*/
readonly bucketDomainName: pulumi.Output<string>;
/**
* Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`.
*/
readonly bucketPrefix: pulumi.Output<string | undefined>;
/**
* A rule of [Cross-Origin Resource Sharing](https://cloud.yandex.com/docs/storage/cors/) (documented below).
*/
readonly corsRules: pulumi.Output<outputs.StorageBucketCorsRule[] | undefined>;
/**
* A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.
*/
readonly forceDestroy: pulumi.Output<boolean | undefined>;
/**
* An [ACL policy grant](https://cloud.yandex.com/docs/storage/concepts/acl#permissions-types). Conflicts with `acl`.
*/
readonly grants: pulumi.Output<outputs.StorageBucketGrant[] | undefined>;
/**
* A configuration of [object lifecycle management](https://cloud.yandex.com/docs/storage/concepts/lifecycles) (documented below).
*/
readonly lifecycleRules: pulumi.Output<outputs.StorageBucketLifecycleRule[] | undefined>;
/**
* A settings of [bucket logging](https://cloud.yandex.com/docs/storage/concepts/server-logs) (documented below).
*/
readonly loggings: pulumi.Output<outputs.StorageBucketLogging[] | undefined>;
readonly policy: pulumi.Output<string | undefined>;
/**
* The secret key to use when applying changes. If omitted, `storageSecretKey` specified in provider config is used.
*/
readonly secretKey: pulumi.Output<string | undefined>;
/**
* A configuration of server-side encryption for the bucket (documented below)
*/
readonly serverSideEncryptionConfiguration: pulumi.Output<outputs.StorageBucketServerSideEncryptionConfiguration | undefined>;
/**
* A state of [versioning](https://cloud.yandex.com/docs/storage/concepts/versioning) (documented below)
*/
readonly versioning: pulumi.Output<outputs.StorageBucketVersioning>;
/**
* A [website object](https://cloud.yandex.com/docs/storage/concepts/hosting) (documented below).
*/
readonly website: pulumi.Output<outputs.StorageBucketWebsite | undefined>;
/**
* The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
*/
readonly websiteDomain: pulumi.Output<string>;
/**
* The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
*/
readonly websiteEndpoint: pulumi.Output<string>;
/**
* Create a StorageBucket resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: StorageBucketArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering StorageBucket resources.
*/
export interface StorageBucketState {
/**
* The access key to use when applying changes. If omitted, `storageAccessKey` specified in provider config is used.
*/
accessKey?: pulumi.Input<string>;
/**
* The [predefined ACL](https://cloud.yandex.com/docs/storage/concepts/acl#predefined_acls) to apply. Defaults to `private`. Conflicts with `grant`.
*/
acl?: pulumi.Input<string>;
bucket?: pulumi.Input<string>;
/**
* The bucket domain name.
*/
bucketDomainName?: pulumi.Input<string>;
/**
* Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`.
*/
bucketPrefix?: pulumi.Input<string>;
/**
* A rule of [Cross-Origin Resource Sharing](https://cloud.yandex.com/docs/storage/cors/) (documented below).
*/
corsRules?: pulumi.Input<pulumi.Input<inputs.StorageBucketCorsRule>[]>;
/**
* A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.
*/
forceDestroy?: pulumi.Input<boolean>;
/**
* An [ACL policy grant](https://cloud.yandex.com/docs/storage/concepts/acl#permissions-types). Conflicts with `acl`.
*/
grants?: pulumi.Input<pulumi.Input<inputs.StorageBucketGrant>[]>;
/**
* A configuration of [object lifecycle management](https://cloud.yandex.com/docs/storage/concepts/lifecycles) (documented below).
*/
lifecycleRules?: pulumi.Input<pulumi.Input<inputs.StorageBucketLifecycleRule>[]>;
/**
* A settings of [bucket logging](https://cloud.yandex.com/docs/storage/concepts/server-logs) (documented below).
*/
loggings?: pulumi.Input<pulumi.Input<inputs.StorageBucketLogging>[]>;
policy?: pulumi.Input<string>;
/**
* The secret key to use when applying changes. If omitted, `storageSecretKey` specified in provider config is used.
*/
secretKey?: pulumi.Input<string>;
/**
* A configuration of server-side encryption for the bucket (documented below)
*/
serverSideEncryptionConfiguration?: pulumi.Input<inputs.StorageBucketServerSideEncryptionConfiguration>;
/**
* A state of [versioning](https://cloud.yandex.com/docs/storage/concepts/versioning) (documented below)
*/
versioning?: pulumi.Input<inputs.StorageBucketVersioning>;
/**
* A [website object](https://cloud.yandex.com/docs/storage/concepts/hosting) (documented below).
*/
website?: pulumi.Input<inputs.StorageBucketWebsite>;
/**
* The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
*/
websiteDomain?: pulumi.Input<string>;
/**
* The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
*/
websiteEndpoint?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a StorageBucket resource.
*/
export interface StorageBucketArgs {
/**
* The access key to use when applying changes. If omitted, `storageAccessKey` specified in provider config is used.
*/
accessKey?: pulumi.Input<string>;
/**
* The [predefined ACL](https://cloud.yandex.com/docs/storage/concepts/acl#predefined_acls) to apply. Defaults to `private`. Conflicts with `grant`.
*/
acl?: pulumi.Input<string>;
bucket?: pulumi.Input<string>;
/**
* Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`.
*/
bucketPrefix?: pulumi.Input<string>;
/**
* A rule of [Cross-Origin Resource Sharing](https://cloud.yandex.com/docs/storage/cors/) (documented below).
*/
corsRules?: pulumi.Input<pulumi.Input<inputs.StorageBucketCorsRule>[]>;
/**
* A boolean that indicates all objects should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.
*/
forceDestroy?: pulumi.Input<boolean>;
/**
* An [ACL policy grant](https://cloud.yandex.com/docs/storage/concepts/acl#permissions-types). Conflicts with `acl`.
*/
grants?: pulumi.Input<pulumi.Input<inputs.StorageBucketGrant>[]>;
/**
* A configuration of [object lifecycle management](https://cloud.yandex.com/docs/storage/concepts/lifecycles) (documented below).
*/
lifecycleRules?: pulumi.Input<pulumi.Input<inputs.StorageBucketLifecycleRule>[]>;
/**
* A settings of [bucket logging](https://cloud.yandex.com/docs/storage/concepts/server-logs) (documented below).
*/
loggings?: pulumi.Input<pulumi.Input<inputs.StorageBucketLogging>[]>;
policy?: pulumi.Input<string>;
/**
* The secret key to use when applying changes. If omitted, `storageSecretKey` specified in provider config is used.
*/
secretKey?: pulumi.Input<string>;
/**
* A configuration of server-side encryption for the bucket (documented below)
*/
serverSideEncryptionConfiguration?: pulumi.Input<inputs.StorageBucketServerSideEncryptionConfiguration>;
/**
* A state of [versioning](https://cloud.yandex.com/docs/storage/concepts/versioning) (documented below)
*/
versioning?: pulumi.Input<inputs.StorageBucketVersioning>;
/**
* A [website object](https://cloud.yandex.com/docs/storage/concepts/hosting) (documented below).
*/
website?: pulumi.Input<inputs.StorageBucketWebsite>;
/**
* The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
*/
websiteDomain?: pulumi.Input<string>;
/**
* The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
*/
websiteEndpoint?: pulumi.Input<string>;
}