ObjectAccessControl

The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about ObjectAccessControl, see:

API documentation
How-to Guides
- Official Documentation

Create a ObjectAccessControl Resource

new ObjectAccessControl(name: string, args: ObjectAccessControlArgs, opts?: CustomResourceOptions);

def ObjectAccessControl(resource_name, opts=None, bucket=None, entity=None, object=None, role=None, __props__=None);

func NewObjectAccessControl(ctx *Context, name string, args ObjectAccessControlArgs, opts ...ResourceOption) (*ObjectAccessControl, error)

public ObjectAccessControl(string name, ObjectAccessControlArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args ObjectAccessControlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ObjectAccessControlArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ObjectAccessControlArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

ObjectAccessControl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ObjectAccessControl resource accepts the following input properties:

Bucket string: The name of the bucket.
Entity string: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
Object string: The name of the object to apply the access control to.
Role string: The access permission for the entity.

Bucket string: The name of the bucket.
Entity string: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
Object string: The name of the object to apply the access control to.
Role string: The access permission for the entity.

bucket string: The name of the bucket.
entity string: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
object string: The name of the object to apply the access control to.
role string: The access permission for the entity.

bucket str: The name of the bucket.
entity str: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
object str: The name of the object to apply the access control to.
role str: The access permission for the entity.

Outputs

All input properties are implicitly available as output properties. Additionally, the ObjectAccessControl resource produces the following output properties:

Domain string: The domain associated with the entity.
Email string: The email address associated with the entity.
EntityId string: The ID for the entity
Generation int: The content generation of the object, if applied to an object.
Id string: The provider-assigned unique ID for this managed resource.
ProjectTeam ObjectAccessControlProjectTeam: The project team associated with the entity

Domain string: The domain associated with the entity.
Email string: The email address associated with the entity.
EntityId string: The ID for the entity
Generation int: The content generation of the object, if applied to an object.
Id string: The provider-assigned unique ID for this managed resource.
ProjectTeam ObjectAccessControlProjectTeam: The project team associated with the entity

domain string: The domain associated with the entity.
email string: The email address associated with the entity.
entityId string: The ID for the entity
generation number: The content generation of the object, if applied to an object.
id string: The provider-assigned unique ID for this managed resource.
projectTeam ObjectAccessControlProjectTeam: The project team associated with the entity

domain str: The domain associated with the entity.
email str: The email address associated with the entity.
entity_id str: The ID for the entity
generation float: The content generation of the object, if applied to an object.
id str: The provider-assigned unique ID for this managed resource.
project_team Dict[ObjectAccessControlProjectTeam]: The project team associated with the entity

Look up an Existing ObjectAccessControl Resource

Get an existing ObjectAccessControl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ObjectAccessControlState, opts?: CustomResourceOptions): ObjectAccessControl

static get(resource_name, id, opts=None, bucket=None, domain=None, email=None, entity=None, entity_id=None, generation=None, object=None, project_team=None, role=None, __props__=None);

func GetObjectAccessControl(ctx *Context, name string, id IDInput, state *ObjectAccessControlState, opts ...ResourceOption) (*ObjectAccessControl, error)

public static ObjectAccessControl Get(string name, Input<string> id, ObjectAccessControlState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Bucket string: The name of the bucket.
Domain string: The domain associated with the entity.
Email string: The email address associated with the entity.
Entity string: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
EntityId string: The ID for the entity
Generation int: The content generation of the object, if applied to an object.
Object string: The name of the object to apply the access control to.
ProjectTeam ObjectAccessControlProjectTeamArgs: The project team associated with the entity
Role string: The access permission for the entity.

Bucket string: The name of the bucket.
Domain string: The domain associated with the entity.
Email string: The email address associated with the entity.
Entity string: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
EntityId string: The ID for the entity
Generation int: The content generation of the object, if applied to an object.
Object string: The name of the object to apply the access control to.
ProjectTeam ObjectAccessControlProjectTeam: The project team associated with the entity
Role string: The access permission for the entity.

bucket string: The name of the bucket.
domain string: The domain associated with the entity.
email string: The email address associated with the entity.
entity string: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
entityId string: The ID for the entity
generation number: The content generation of the object, if applied to an object.
object string: The name of the object to apply the access control to.
projectTeam ObjectAccessControlProjectTeam: The project team associated with the entity
role string: The access permission for the entity.

bucket str: The name of the bucket.
domain str: The domain associated with the entity.
email str: The email address associated with the entity.
entity str: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as “user-liz@example.com”) * group-{{groupId}} * group-{{email}} (such as “group-example@googlegroups.com”) * domain-{{domain}} (such as “domain-example.com”) * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
entity_id str: The ID for the entity
generation float: The content generation of the object, if applied to an object.
object str: The name of the object to apply the access control to.
project_team Dict[ObjectAccessControlProjectTeam]: The project team associated with the entity
role str: The access permission for the entity.

Supporting Types

ObjectAccessControlProjectTeam

See the output API doc for this type.

ProjectNumber string
Team string

ProjectNumber string
Team string

projectNumber string
team string

project_number str
team str

Package Details

Repository: https://github.com/pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud