googleStorageObjectAcl
Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a googleStorageObjectAcl
sets the acl to the private
predefined ACL.
For more information see the official documentation and API.
-> Want fine-grained control over object ACLs? Use googleStorageObjectAccessControl
to control individual role entity pairs.
Example Usage
Create an object ACL with one owner and one reader.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleStorageBucketImageStore = new google.storageBucket.StorageBucket(
this,
"image-store",
{
location: "EU",
name: "image-store-bucket",
}
);
const googleStorageBucketObjectImage =
new google.storageBucketObject.StorageBucketObject(this, "image", {
bucket: googleStorageBucketImageStore.name,
name: "image1",
source: "image1.jpg",
});
new google.storageObjectAcl.StorageObjectAcl(this, "image-store-acl", {
bucket: googleStorageBucketImageStore.name,
object: googleStorageBucketObjectImage.outputName,
role_entity: ["OWNER:user-my.email@gmail.com", "READER:group-mygroup"],
});
Argument Reference
-
bucket
- (Required) The name of the bucket the object is stored in. -
object
- (Required) The name of the object to apply the acl to.
-
predefinedAcl
- (Optional) The "canned" predefined ACL to apply. Must be set ifroleEntity
is not. -
roleEntity
- (Optional) List of role/entity pairs in the formrole:entity
. See GCS Object ACL documentation for more details. Must be set ifpredefinedAcl
is not.
-> The object's creator will always have owner
permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically adds that role/entity pair to your terraformPlan
results when it is omitted in your config; terraformPlan
will show the correct final state at every point except for at create
time, where the object role/entity pair is omitted if not explicitly set.
Attributes Reference
Only the arguments listed above are exposed as attributes.
Import
This resource does not support import.