1. Docs
  2. Reference
  3. API
  4. pulumi_gcp
  5. storage

This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

storage

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.storage.AwaitableGetBucketObjectResult(bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, detect_md5hash=None, id=None, md5hash=None, metadata=None, name=None, output_name=None, self_link=None, source=None, storage_class=None)
class pulumi_gcp.storage.AwaitableGetObjectSignedUrlResult(bucket=None, content_md5=None, content_type=None, credentials=None, duration=None, extension_headers=None, http_method=None, id=None, path=None, signed_url=None)
class pulumi_gcp.storage.AwaitableGetProjectServiceAccountResult(email_address=None, id=None, project=None, user_project=None)
class pulumi_gcp.storage.AwaitableGetTransferProjectServieAccountResult(email=None, id=None, project=None)
class pulumi_gcp.storage.Bucket(resource_name, opts=None, bucket_policy_only=None, cors=None, default_event_based_hold=None, encryption=None, force_destroy=None, labels=None, lifecycle_rules=None, location=None, logging=None, name=None, project=None, requester_pays=None, retention_policy=None, storage_class=None, versioning=None, website=None, __props__=None, __name__=None, __opts__=None)

Creates a new bucket in Google cloud storage service (GCS). Once a bucket has been created, its location can’t be changed. ACLs can be applied using the ``storage.BucketACL` <https://www.terraform.io/docs/providers/google/r/storage_bucket_acl.html>`_ resource.

For more information see the official documentation and API.

Note: If the project id is not set on the resource or in the provider block it will be dynamically determined which will require enabling the compute api.

import pulumi
import pulumi_gcp as gcp

static_site = gcp.storage.Bucket("static-site",
    bucket_policy_only=True,
    cors=[{
        "maxAgeSeconds": 3600,
        "method": [
            "GET",
            "HEAD",
            "PUT",
            "POST",
            "DELETE",
        ],
        "origin": ["http://image-store.com"],
        "responseHeader": ["*"],
    }],
    force_destroy=True,
    location="EU",
    website={
        "mainPageSuffix": "index.html",
        "notFoundPage": "404.html",
    })

import pulumi
import pulumi_gcp as gcp

auto_expire = gcp.storage.Bucket("auto-expire",
    force_destroy=True,
    lifecycle_rules=[{
        "action": {
            "type": "Delete",
        },
        "condition": {
            "age": "3",
        },
    }],
    location="US")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket_policy_only (pulumi.Input[bool]) – Enables Bucket Policy Only access to a bucket.

  • cors (pulumi.Input[list]) – The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

  • encryption (pulumi.Input[dict]) – The bucket’s encryption configuration.

  • force_destroy (pulumi.Input[bool]) – When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, the provider will fail that run.

  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to the bucket.

  • lifecycle_rules (pulumi.Input[list]) – The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

  • location (pulumi.Input[str]) – The GCS location

  • logging (pulumi.Input[dict]) – The bucket’s Access & Storage Logs configuration.

  • name (pulumi.Input[str]) – The name of the bucket.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • requester_pays (pulumi.Input[bool]) – Enables Requester Pays on a storage bucket.

  • retention_policy (pulumi.Input[dict]) – Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained. Structure is documented below.

  • storage_class (pulumi.Input[str]) – The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

  • versioning (pulumi.Input[dict]) – The bucket’s Versioning configuration.

  • website (pulumi.Input[dict]) – Configuration if the bucket acts as a website. Structure is documented below.

The cors object supports the following:

  • maxAgeSeconds (pulumi.Input[float]) - The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.

  • methods (pulumi.Input[list]) - The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: “*” is permitted in the list of methods, and means “any method”.

  • origins (pulumi.Input[list]) - The list of Origins eligible to receive CORS response headers. Note: “*” is permitted in the list of origins, and means “any Origin”.

  • responseHeaders (pulumi.Input[list]) - The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.

The encryption object supports the following:

  • defaultKmsKeyName (pulumi.Input[str])

The lifecycle_rules object supports the following:

  • action (pulumi.Input[dict]) - The Lifecycle Rule’s action configuration. A single block of this type is supported. Structure is documented below.

    • storage_class (pulumi.Input[str]) - The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

    • type (pulumi.Input[str]) - The type of the action of this Lifecycle Rule. Supported values include: Delete and SetStorageClass.

  • condition (pulumi.Input[dict]) - The Lifecycle Rule’s condition configuration. A single block of this type is supported. Structure is documented below.

    • age (pulumi.Input[float]) - Minimum age of an object in days to satisfy this condition.

    • createdBefore (pulumi.Input[str]) - Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

    • matchesStorageClasses (pulumi.Input[list]) - Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.

    • numNewerVersions (pulumi.Input[float]) - Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.

    • withState (pulumi.Input[str]) - Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".

The logging object supports the following:

  • logBucket (pulumi.Input[str]) - The bucket that will receive log objects.

  • logObjectPrefix (pulumi.Input[str]) - The object prefix for log objects. If it’s not provided, by default GCS sets this to this bucket’s name.

The retention_policy object supports the following:

  • isLocked (pulumi.Input[bool]) - If set to true, the bucket will be locked and permanently restrict edits to the bucket’s retention policy. Caution: Locking a bucket is an irreversible action.

  • retentionPeriod (pulumi.Input[float]) - The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 2,147,483,647 seconds.

The versioning object supports the following:

  • enabled (pulumi.Input[bool]) - While set to true, versioning is fully enabled for this bucket.

The website object supports the following:

  • mainPageSuffix (pulumi.Input[str]) - Behaves as the bucket’s directory index where missing objects are treated as potential directories.

  • notFoundPage (pulumi.Input[str]) - The custom object to return when a requested resource is not found.

bucket_policy_only: pulumi.Output[bool] = None

Enables Bucket Policy Only access to a bucket.

cors: pulumi.Output[list] = None

The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

  • maxAgeSeconds (float) - The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.

  • methods (list) - The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: “*” is permitted in the list of methods, and means “any method”.

  • origins (list) - The list of Origins eligible to receive CORS response headers. Note: “*” is permitted in the list of origins, and means “any Origin”.

  • responseHeaders (list) - The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.

encryption: pulumi.Output[dict] = None

The bucket’s encryption configuration.

  • defaultKmsKeyName (str)

force_destroy: pulumi.Output[bool] = None

When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, the provider will fail that run.

labels: pulumi.Output[dict] = None

A set of key/value label pairs to assign to the bucket.

lifecycle_rules: pulumi.Output[list] = None

The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

  • action (dict) - The Lifecycle Rule’s action configuration. A single block of this type is supported. Structure is documented below.

    • storage_class (str) - The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

    • type (str) - The type of the action of this Lifecycle Rule. Supported values include: Delete and SetStorageClass.

  • condition (dict) - The Lifecycle Rule’s condition configuration. A single block of this type is supported. Structure is documented below.

    • age (float) - Minimum age of an object in days to satisfy this condition.

    • createdBefore (str) - Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

    • matchesStorageClasses (list) - Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.

    • numNewerVersions (float) - Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.

    • withState (str) - Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".

location: pulumi.Output[str] = None

The GCS location

logging: pulumi.Output[dict] = None

The bucket’s Access & Storage Logs configuration.

  • logBucket (str) - The bucket that will receive log objects.

  • logObjectPrefix (str) - The object prefix for log objects. If it’s not provided, by default GCS sets this to this bucket’s name.

name: pulumi.Output[str] = None

The name of the bucket.

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

requester_pays: pulumi.Output[bool] = None

Enables Requester Pays on a storage bucket.

retention_policy: pulumi.Output[dict] = None

Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained. Structure is documented below.

  • isLocked (bool) - If set to true, the bucket will be locked and permanently restrict edits to the bucket’s retention policy. Caution: Locking a bucket is an irreversible action.

  • retentionPeriod (float) - The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 2,147,483,647 seconds.

The URI of the created resource.

storage_class: pulumi.Output[str] = None

The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

url: pulumi.Output[str] = None

The base URL of the bucket, in the format gs://<bucket-name>.

versioning: pulumi.Output[dict] = None

The bucket’s Versioning configuration.

  • enabled (bool) - While set to true, versioning is fully enabled for this bucket.

website: pulumi.Output[dict] = None

Configuration if the bucket acts as a website. Structure is documented below.

  • mainPageSuffix (str) - Behaves as the bucket’s directory index where missing objects are treated as potential directories.

  • notFoundPage (str) - The custom object to return when a requested resource is not found.

static get(resource_name, id, opts=None, bucket_policy_only=None, cors=None, default_event_based_hold=None, encryption=None, force_destroy=None, labels=None, lifecycle_rules=None, location=None, logging=None, name=None, project=None, requester_pays=None, retention_policy=None, self_link=None, storage_class=None, url=None, versioning=None, website=None)

Get an existing Bucket resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket_policy_only (pulumi.Input[bool]) –

    Enables Bucket Policy Only access to a bucket.

  • cors (pulumi.Input[list]) –

    The bucket’s Cross-Origin Resource Sharing (CORS) configuration. Multiple blocks of this type are permitted. Structure is documented below.

  • encryption (pulumi.Input[dict]) – The bucket’s encryption configuration.

  • force_destroy (pulumi.Input[bool]) – When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, the provider will fail that run.

  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to the bucket.

  • lifecycle_rules (pulumi.Input[list]) –

    The bucket’s Lifecycle Rules configuration. Multiple blocks of this type are permitted. Structure is documented below.

  • location (pulumi.Input[str]) –

    The GCS location

  • logging (pulumi.Input[dict]) –

    The bucket’s Access & Storage Logs configuration.

  • name (pulumi.Input[str]) – The name of the bucket.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • requester_pays (pulumi.Input[bool]) –

    Enables Requester Pays on a storage bucket.

  • retention_policy (pulumi.Input[dict]) – Configuration of the bucket’s data retention policy for how long objects in the bucket should be retained. Structure is documented below.

  • self_link (pulumi.Input[str]) – The URI of the created resource.

  • storage_class (pulumi.Input[str]) –

    The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

  • url (pulumi.Input[str]) – The base URL of the bucket, in the format gs://<bucket-name>.

  • versioning (pulumi.Input[dict]) –

    The bucket’s Versioning configuration.

  • website (pulumi.Input[dict]) – Configuration if the bucket acts as a website. Structure is documented below.

The cors object supports the following:

  • maxAgeSeconds (pulumi.Input[float]) - The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.

  • methods (pulumi.Input[list]) - The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: “*” is permitted in the list of methods, and means “any method”.

  • origins (pulumi.Input[list]) - The list of Origins eligible to receive CORS response headers. Note: “*” is permitted in the list of origins, and means “any Origin”.

  • responseHeaders (pulumi.Input[list]) - The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.

The encryption object supports the following:

  • defaultKmsKeyName (pulumi.Input[str])

The lifecycle_rules object supports the following:

  • action (pulumi.Input[dict]) - The Lifecycle Rule’s action configuration. A single block of this type is supported. Structure is documented below.

    • storage_class (pulumi.Input[str]) - The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE.

    • type (pulumi.Input[str]) - The type of the action of this Lifecycle Rule. Supported values include: Delete and SetStorageClass.

  • condition (pulumi.Input[dict]) - The Lifecycle Rule’s condition configuration. A single block of this type is supported. Structure is documented below.

    • age (pulumi.Input[float]) - Minimum age of an object in days to satisfy this condition.

    • createdBefore (pulumi.Input[str]) - Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

    • matchesStorageClasses (pulumi.Input[list]) - Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.

    • numNewerVersions (pulumi.Input[float]) - Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.

    • withState (pulumi.Input[str]) - Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".

The logging object supports the following:

  • logBucket (pulumi.Input[str]) - The bucket that will receive log objects.

  • logObjectPrefix (pulumi.Input[str]) - The object prefix for log objects. If it’s not provided, by default GCS sets this to this bucket’s name.

The retention_policy object supports the following:

  • isLocked (pulumi.Input[bool]) - If set to true, the bucket will be locked and permanently restrict edits to the bucket’s retention policy. Caution: Locking a bucket is an irreversible action.

  • retentionPeriod (pulumi.Input[float]) - The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 2,147,483,647 seconds.

The versioning object supports the following:

  • enabled (pulumi.Input[bool]) - While set to true, versioning is fully enabled for this bucket.

The website object supports the following:

  • mainPageSuffix (pulumi.Input[str]) - Behaves as the bucket’s directory index where missing objects are treated as potential directories.

  • notFoundPage (pulumi.Input[str]) - The custom object to return when a requested resource is not found.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.BucketACL(resource_name, opts=None, bucket=None, default_acl=None, predefined_acl=None, role_entities=None, __props__=None, __name__=None, __opts__=None)

Authoritatively manages a bucket’s ACLs in Google cloud storage service (GCS). For more information see the official documentation and API.

Bucket ACLs can be managed non authoritatively using the storage_bucket_access_control resource. Do not use these two resources in conjunction to manage the same bucket.

Permissions can be granted either by ACLs or Cloud IAM policies. In general, permissions granted by Cloud IAM policies do not appear in ACLs, and permissions granted by ACLs do not appear in Cloud IAM policies. The only exception is for ACLs applied directly on a bucket and certain bucket-level Cloud IAM policies, as described in Cloud IAM relation to ACLs.

NOTE This resource will not remove the project-owners-<project_id> entity from the OWNER role.

import pulumi
import pulumi_gcp as gcp

image_store = gcp.storage.Bucket("image-store", location="EU")
image_store_acl = gcp.storage.BucketACL("image-store-acl",
    bucket=image_store.name,
    role_entities=[
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

  • default_acl (pulumi.Input[str]) – Configure this ACL to be the default ACL.

  • predefined_acl (pulumi.Input[str]) – The canned GCS ACL to apply. Must be set if role_entity is not.

  • role_entities (pulumi.Input[list]) – List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

bucket: pulumi.Output[str] = None

The name of the bucket it applies to.

default_acl: pulumi.Output[str] = None

Configure this ACL to be the default ACL.

predefined_acl: pulumi.Output[str] = None

The canned GCS ACL to apply. Must be set if role_entity is not.

role_entities: pulumi.Output[list] = None

List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

static get(resource_name, id, opts=None, bucket=None, default_acl=None, predefined_acl=None, role_entities=None)

Get an existing BucketACL resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

  • default_acl (pulumi.Input[str]) – Configure this ACL to be the default ACL.

  • predefined_acl (pulumi.Input[str]) –

    The canned GCS ACL to apply. Must be set if role_entity is not.

  • role_entities (pulumi.Input[list]) –

    List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.BucketAccessControl(resource_name, opts=None, bucket=None, entity=None, role=None, __props__=None, __name__=None, __opts__=None)

Bucket ACLs can be managed authoritatively using the storage_bucket_acl resource. Do not use these two resources in conjunction to manage the same bucket.

The BucketAccessControls resource manages the Access Control List (ACLs) for a single entity/role pairing on a bucket. ACLs let you specify who has access to your data and to what extent.

There are three roles that can be assigned to an entity:

READERs can get the bucket, though no acl property will be returned, and list the bucket’s objects. WRITERs are READERs, and they can insert objects into the bucket and delete the bucket’s objects. OWNERs are WRITERs, and they can get the acl property of a bucket, update a bucket, and call all BucketAccessControls methods on the bucket. For more information, see Access Control, with the caveat that this API uses READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL.

To get more information about BucketAccessControl, see:

import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket")
public_rule = gcp.storage.BucketAccessControl("publicRule",
    bucket=bucket.name,
    role="READER",
    entity="allUsers")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • entity (pulumi.Input[str]) – The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.

  • role (pulumi.Input[str]) – The access permission for the entity.

bucket: pulumi.Output[str] = None

The name of the bucket.

domain: pulumi.Output[str] = None

The domain associated with the entity.

email: pulumi.Output[str] = None

The email address associated with the entity.

entity: pulumi.Output[str] = None

The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.

role: pulumi.Output[str] = None

The access permission for the entity.

static get(resource_name, id, opts=None, bucket=None, domain=None, email=None, entity=None, role=None)

Get an existing BucketAccessControl resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • domain (pulumi.Input[str]) – The domain associated with the entity.

  • email (pulumi.Input[str]) – The email address associated with the entity.

  • entity (pulumi.Input[str]) – The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.

  • role (pulumi.Input[str]) – The access permission for the entity.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.BucketIAMBinding(resource_name, opts=None, bucket=None, condition=None, members=None, role=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:

  • storage.BucketIAMPolicy: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.

  • storage.BucketIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.

  • storage.BucketIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.

Note: storage.BucketIAMPolicy cannot be used in conjunction with storage.BucketIAMBinding and storage.BucketIAMMember or they will fight over what your policy should be.

Note: storage.BucketIAMBinding resources can be used in conjunction with storage.BucketIAMMember resources only if they do not grant privilege to the same role.

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/storage.admin",
    "members": ["user:jane@example.com"],
}])
policy = gcp.storage.BucketIAMPolicy("policy",
    bucket=google_storage_bucket["default"]["name"],
    policy_data=admin.policy_data)

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/storage.admin",
    "members": ["user:jane@example.com"],
    "condition": {
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    },
}])
policy = gcp.storage.BucketIAMPolicy("policy",
    bucket=google_storage_bucket["default"]["name"],
    policy_data=admin.policy_data)

import pulumi
import pulumi_gcp as gcp

binding = gcp.storage.BucketIAMBinding("binding",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    members=["user:jane@example.com"])

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

binding = gcp.storage.BucketIAMBinding("binding",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    members=["user:jane@example.com"],
    condition={
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    })

import pulumi
import pulumi_gcp as gcp

member = gcp.storage.BucketIAMMember("member",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    member="user:jane@example.com")

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

member = gcp.storage.BucketIAMMember("member",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    member="user:jane@example.com",
    condition={
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • condition (pulumi.Input[dict]) – ) An IAM Condition for a given binding. Structure is documented below.

  • role (pulumi.Input[str]) – The role that should be applied. Only one storage.BucketIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str]) - An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

  • expression (pulumi.Input[str]) - Textual representation of an expression in Common Expression Language syntax.

  • title (pulumi.Input[str]) - A title for the expression, i.e. a short string describing its purpose.

bucket: pulumi.Output[str] = None

Used to find the parent resource to bind the IAM policy to

condition: pulumi.Output[dict] = None

) An IAM Condition for a given binding. Structure is documented below.

  • description (str) - An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

  • expression (str) - Textual representation of an expression in Common Expression Language syntax.

  • title (str) - A title for the expression, i.e. a short string describing its purpose.

etag: pulumi.Output[str] = None

(Computed) The etag of the IAM policy.

role: pulumi.Output[str] = None

The role that should be applied. Only one storage.BucketIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, bucket=None, condition=None, etag=None, members=None, role=None)

Get an existing BucketIAMBinding resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • condition (pulumi.Input[dict]) –

    ) An IAM Condition for a given binding. Structure is documented below.

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • role (pulumi.Input[str]) – The role that should be applied. Only one storage.BucketIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str]) - An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

  • expression (pulumi.Input[str]) - Textual representation of an expression in Common Expression Language syntax.

  • title (pulumi.Input[str]) - A title for the expression, i.e. a short string describing its purpose.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.BucketIAMMember(resource_name, opts=None, bucket=None, condition=None, member=None, role=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:

  • storage.BucketIAMPolicy: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.

  • storage.BucketIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.

  • storage.BucketIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.

Note: storage.BucketIAMPolicy cannot be used in conjunction with storage.BucketIAMBinding and storage.BucketIAMMember or they will fight over what your policy should be.

Note: storage.BucketIAMBinding resources can be used in conjunction with storage.BucketIAMMember resources only if they do not grant privilege to the same role.

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/storage.admin",
    "members": ["user:jane@example.com"],
}])
policy = gcp.storage.BucketIAMPolicy("policy",
    bucket=google_storage_bucket["default"]["name"],
    policy_data=admin.policy_data)

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/storage.admin",
    "members": ["user:jane@example.com"],
    "condition": {
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    },
}])
policy = gcp.storage.BucketIAMPolicy("policy",
    bucket=google_storage_bucket["default"]["name"],
    policy_data=admin.policy_data)

import pulumi
import pulumi_gcp as gcp

binding = gcp.storage.BucketIAMBinding("binding",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    members=["user:jane@example.com"])

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

binding = gcp.storage.BucketIAMBinding("binding",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    members=["user:jane@example.com"],
    condition={
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    })

import pulumi
import pulumi_gcp as gcp

member = gcp.storage.BucketIAMMember("member",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    member="user:jane@example.com")

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

member = gcp.storage.BucketIAMMember("member",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    member="user:jane@example.com",
    condition={
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • condition (pulumi.Input[dict]) –

    ) An IAM Condition for a given binding. Structure is documented below.

  • role (pulumi.Input[str]) – The role that should be applied. Only one storage.BucketIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str]) - An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

  • expression (pulumi.Input[str]) - Textual representation of an expression in Common Expression Language syntax.

  • title (pulumi.Input[str]) - A title for the expression, i.e. a short string describing its purpose.

bucket: pulumi.Output[str] = None

Used to find the parent resource to bind the IAM policy to

condition: pulumi.Output[dict] = None

) An IAM Condition for a given binding. Structure is documented below.

  • description (str) - An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

  • expression (str) - Textual representation of an expression in Common Expression Language syntax.

  • title (str) - A title for the expression, i.e. a short string describing its purpose.

etag: pulumi.Output[str] = None

(Computed) The etag of the IAM policy.

role: pulumi.Output[str] = None

The role that should be applied. Only one storage.BucketIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, bucket=None, condition=None, etag=None, member=None, role=None)

Get an existing BucketIAMMember resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • condition (pulumi.Input[dict]) –

    ) An IAM Condition for a given binding. Structure is documented below.

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • role (pulumi.Input[str]) – The role that should be applied. Only one storage.BucketIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str]) - An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

  • expression (pulumi.Input[str]) - Textual representation of an expression in Common Expression Language syntax.

  • title (pulumi.Input[str]) - A title for the expression, i.e. a short string describing its purpose.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.BucketIAMPolicy(resource_name, opts=None, bucket=None, policy_data=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:

  • storage.BucketIAMPolicy: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.

  • storage.BucketIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.

  • storage.BucketIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.

Note: storage.BucketIAMPolicy cannot be used in conjunction with storage.BucketIAMBinding and storage.BucketIAMMember or they will fight over what your policy should be.

Note: storage.BucketIAMBinding resources can be used in conjunction with storage.BucketIAMMember resources only if they do not grant privilege to the same role.

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/storage.admin",
    "members": ["user:jane@example.com"],
}])
policy = gcp.storage.BucketIAMPolicy("policy",
    bucket=google_storage_bucket["default"]["name"],
    policy_data=admin.policy_data)

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

admin = gcp.organizations.get_iam_policy(binding=[{
    "role": "roles/storage.admin",
    "members": ["user:jane@example.com"],
    "condition": {
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    },
}])
policy = gcp.storage.BucketIAMPolicy("policy",
    bucket=google_storage_bucket["default"]["name"],
    policy_data=admin.policy_data)

import pulumi
import pulumi_gcp as gcp

binding = gcp.storage.BucketIAMBinding("binding",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    members=["user:jane@example.com"])

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

binding = gcp.storage.BucketIAMBinding("binding",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    members=["user:jane@example.com"],
    condition={
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    })

import pulumi
import pulumi_gcp as gcp

member = gcp.storage.BucketIAMMember("member",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    member="user:jane@example.com")

With IAM Conditions:

import pulumi
import pulumi_gcp as gcp

member = gcp.storage.BucketIAMMember("member",
    bucket=google_storage_bucket["default"]["name"],
    role="roles/storage.admin",
    member="user:jane@example.com",
    condition={
        "title": "expires_after_2019_12_31",
        "description": "Expiring at midnight of 2019-12-31",
        "expression": "request.time < timestamp("2020-01-01T00:00:00Z")",
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

bucket: pulumi.Output[str] = None

Used to find the parent resource to bind the IAM policy to

etag: pulumi.Output[str] = None

(Computed) The etag of the IAM policy.

policy_data: pulumi.Output[str] = None

The policy data generated by a organizations.getIAMPolicy data source.

static get(resource_name, id, opts=None, bucket=None, etag=None, policy_data=None)

Get an existing BucketIAMPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.BucketObject(resource_name, opts=None, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, detect_md5hash=None, metadata=None, name=None, source=None, storage_class=None, __props__=None, __name__=None, __opts__=None)

Creates a new object inside an existing bucket in Google cloud storage service (GCS). ACLs can be applied using the storage.ObjectACL resource.

For more information see

the official documentation and API.

import pulumi
import pulumi_gcp as gcp

picture = gcp.storage.BucketObject("picture",
    bucket="image-store",
    source=pulumi.FileAsset("/images/nature/garden-tiger-moth.jpg"))
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the containing bucket.

  • cache_control (pulumi.Input[str]) – Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

  • content (pulumi.Input[str]) – Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive.

  • content_disposition (pulumi.Input[str]) – Content-Disposition of the object data.

  • content_encoding (pulumi.Input[str]) – Content-Encoding of the object data.

  • content_language (pulumi.Input[str]) – Content-Language of the object data.

  • content_type (pulumi.Input[str]) – Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

  • metadata (pulumi.Input[dict]) – User-provided metadata, in key/value pairs.

  • name (pulumi.Input[str]) – The name of the object. If you’re interpolating the name of this object, see output_name instead.

  • pulumi.Archive]] source (pulumi.Input[Union[pulumi.Asset,) – A path to the data you want to upload. Must be defined if content is not.

  • storage_class (pulumi.Input[str]) – The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

bucket: pulumi.Output[str] = None

The name of the containing bucket.

cache_control: pulumi.Output[str] = None

Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

content: pulumi.Output[str] = None

Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive.

content_disposition: pulumi.Output[str] = None

Content-Disposition of the object data.

content_encoding: pulumi.Output[str] = None

Content-Encoding of the object data.

content_language: pulumi.Output[str] = None

Content-Language of the object data.

content_type: pulumi.Output[str] = None

Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

crc32c: pulumi.Output[str] = None

(Computed) Base 64 CRC32 hash of the uploaded data.

md5hash: pulumi.Output[str] = None

(Computed) Base 64 MD5 hash of the uploaded data.

metadata: pulumi.Output[dict] = None

User-provided metadata, in key/value pairs.

name: pulumi.Output[str] = None

The name of the object. If you’re interpolating the name of this object, see output_name instead.

output_name: pulumi.Output[str] = None

(Computed) The name of the object. Use this field in interpolations with storage.ObjectACL to recreate storage.ObjectACL resources when your storage.BucketObject is recreated.

(Computed) A url reference to this object.

source: pulumi.Output[Union[pulumi.Asset, pulumi.Archive]] = None

A path to the data you want to upload. Must be defined if content is not.

storage_class: pulumi.Output[str] = None

The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

static get(resource_name, id, opts=None, bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, detect_md5hash=None, md5hash=None, metadata=None, name=None, output_name=None, self_link=None, source=None, storage_class=None)

Get an existing BucketObject resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the containing bucket.

  • cache_control (pulumi.Input[str]) –

    Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

  • content (pulumi.Input[str]) – Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive.

  • content_disposition (pulumi.Input[str]) –

    Content-Disposition of the object data.

  • content_encoding (pulumi.Input[str]) –

    Content-Encoding of the object data.

  • content_language (pulumi.Input[str]) –

    Content-Language of the object data.

  • content_type (pulumi.Input[str]) –

    Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

  • crc32c (pulumi.Input[str]) – (Computed) Base 64 CRC32 hash of the uploaded data.

  • md5hash (pulumi.Input[str]) – (Computed) Base 64 MD5 hash of the uploaded data.

  • metadata (pulumi.Input[dict]) – User-provided metadata, in key/value pairs.

  • name (pulumi.Input[str]) – The name of the object. If you’re interpolating the name of this object, see output_name instead.

  • output_name (pulumi.Input[str]) – (Computed) The name of the object. Use this field in interpolations with storage.ObjectACL to recreate storage.ObjectACL resources when your storage.BucketObject is recreated.

  • self_link (pulumi.Input[str]) – (Computed) A url reference to this object.

  • pulumi.Archive]] source (pulumi.Input[Union[pulumi.Asset,) – A path to the data you want to upload. Must be defined if content is not.

  • storage_class (pulumi.Input[str]) –

    The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.DefaultObjectACL(resource_name, opts=None, bucket=None, role_entities=None, __props__=None, __name__=None, __opts__=None)

Authoritatively manages the default object ACLs for a Google Cloud Storage bucket without managing the bucket itself.

Note that for each object, its creator will have the "OWNER" role in addition to the default ACL that has been defined.

For more information see the official documentation and API.

Want fine-grained control over default object ACLs? Use storage.DefaultObjectAccessControl to control individual role entity pairs.

import pulumi
import pulumi_gcp as gcp

image_store = gcp.storage.Bucket("image-store", location="EU")
image_store_default_acl = gcp.storage.DefaultObjectACL("image-store-default-acl",
    bucket=image_store.name,
    role_entities=[
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

  • role_entities (pulumi.Input[list]) – List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

bucket: pulumi.Output[str] = None

The name of the bucket it applies to.

role_entities: pulumi.Output[list] = None

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

static get(resource_name, id, opts=None, bucket=None, role_entities=None)

Get an existing DefaultObjectACL resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket it applies to.

  • role_entities (pulumi.Input[list]) –

    List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.DefaultObjectAccessControl(resource_name, opts=None, bucket=None, entity=None, object=None, role=None, __props__=None, __name__=None, __opts__=None)

The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within a Google Cloud Storage bucket when no ACL was provided for that object. ACLs let you specify who has access to your bucket contents and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about DefaultObjectAccessControl, see:

import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket")
public_rule = gcp.storage.DefaultObjectAccessControl("publicRule",
    bucket=bucket.name,
    role="READER",
    entity="allUsers")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • entity (pulumi.Input[str]) – The entity holding the permission, in one of the following forms:

* user-{{userId}}
* user-{{email}} (such as "user-liz@example.com")
* group-{{groupId}}
* group-{{email}} (such as "group-example@googlegroups.com")
* domain-{{domain}} (such as "domain-example.com")
* project-team-{{projectId}}
* allUsers
* allAuthenticatedUsers
Parameters

  • object (pulumi.Input[str]) – The name of the object, if applied to an object.

  • role (pulumi.Input[str]) – The access permission for the entity.

bucket: pulumi.Output[str] = None

The name of the bucket.

domain: pulumi.Output[str] = None

The domain associated with the entity.

email: pulumi.Output[str] = None

The email address associated with the entity.

entity: pulumi.Output[str] = None

The entity holding the permission, in one of the following forms:

  • user-{{userId}}

  • user-{{email}} (such as “user-liz@example.com”)

  • group-{{groupId}}

  • group-{{email}} (such as “group-example@googlegroups.com”)

  • domain-{{domain}} (such as “domain-example.com”)

  • project-team-{{projectId}}

  • allUsers

  • allAuthenticatedUsers

entity_id: pulumi.Output[str] = None

The ID for the entity

generation: pulumi.Output[float] = None

The content generation of the object, if applied to an object.

object: pulumi.Output[str] = None

The name of the object, if applied to an object.

project_team: pulumi.Output[dict] = None

The project team associated with the entity

  • project_number (str)

  • team (str)

role: pulumi.Output[str] = None

The access permission for the entity.

static get(resource_name, id, opts=None, bucket=None, domain=None, email=None, entity=None, entity_id=None, generation=None, object=None, project_team=None, role=None)

Get an existing DefaultObjectAccessControl resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • domain (pulumi.Input[str]) – The domain associated with the entity.

  • email (pulumi.Input[str]) – The email address associated with the entity.

  • entity (pulumi.Input[str]) – The entity holding the permission, in one of the following forms:

* user-{{userId}}
* user-{{email}} (such as "user-liz@example.com")
* group-{{groupId}}
* group-{{email}} (such as "group-example@googlegroups.com")
* domain-{{domain}} (such as "domain-example.com")
* project-team-{{projectId}}
* allUsers
* allAuthenticatedUsers
Parameters

  • entity_id (pulumi.Input[str]) – The ID for the entity

  • generation (pulumi.Input[float]) – The content generation of the object, if applied to an object.

  • object (pulumi.Input[str]) – The name of the object, if applied to an object.

  • project_team (pulumi.Input[dict]) – The project team associated with the entity

  • role (pulumi.Input[str]) – The access permission for the entity.

The project_team object supports the following:

  • project_number (pulumi.Input[str])

  • team (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.GetBucketObjectResult(bucket=None, cache_control=None, content=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, crc32c=None, detect_md5hash=None, id=None, md5hash=None, metadata=None, name=None, output_name=None, self_link=None, source=None, storage_class=None)

A collection of values returned by getBucketObject.

cache_control = None

(Computed) Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600

content_disposition = None

(Computed) Content-Disposition of the object data.

content_encoding = None

(Computed) Content-Encoding of the object data.

content_language = None

(Computed) Content-Language of the object data.

content_type = None

(Computed) Content-Type of the object data. Defaults to “application/octet-stream” or “text/plain; charset=utf-8”.

crc32c = None

(Computed) Base 64 CRC32 hash of the uploaded data.

id = None

The provider-assigned unique ID for this managed resource.

md5hash = None

(Computed) Base 64 MD5 hash of the uploaded data.

(Computed) A url reference to this object.

storage_class = None

(Computed) The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE. If not provided, this defaults to the bucket’s default storage class or to a standard class.

class pulumi_gcp.storage.GetObjectSignedUrlResult(bucket=None, content_md5=None, content_type=None, credentials=None, duration=None, extension_headers=None, http_method=None, id=None, path=None, signed_url=None)

A collection of values returned by getObjectSignedUrl.

id = None

The provider-assigned unique ID for this managed resource.

signed_url = None

The signed URL that can be used to access the storage object without authentication.

class pulumi_gcp.storage.GetProjectServiceAccountResult(email_address=None, id=None, project=None, user_project=None)

A collection of values returned by getProjectServiceAccount.

email_address = None

The email address of the service account. This value is often used to refer to the service account in order to grant IAM permissions.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_gcp.storage.GetTransferProjectServieAccountResult(email=None, id=None, project=None)

A collection of values returned by getTransferProjectServieAccount.

email = None

Email address of the default service account used by Storage Transfer Jobs running in this project

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_gcp.storage.HmacKey(resource_name, opts=None, project=None, service_account_email=None, state=None, __props__=None, __name__=None, __opts__=None)

The hmacKeys resource represents an HMAC key within Cloud Storage. The resource consists of a secret and HMAC key metadata. HMAC keys can be used as credentials for service accounts.

To get more information about HmacKey, see:

Warning: All arguments including the secret value will be stored in the raw state as plain-text. Read more about secrets in state. On import, the secret value will not be retrieved.

Warning: All arguments including secret will be stored in the raw state as plain-text. Read more about secrets in state.

import pulumi
import pulumi_gcp as gcp

service_account = gcp.service_account.Account("serviceAccount", account_id="my-svc-acc")
key = gcp.storage.HmacKey("key", service_account_email=service_account.email)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • service_account_email (pulumi.Input[str]) – The email address of the key’s associated service account.

  • state (pulumi.Input[str]) – The state of the key. Can be set to one of ACTIVE, INACTIVE.

access_id: pulumi.Output[str] = None

The access ID of the HMAC Key.

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

secret: pulumi.Output[str] = None

HMAC secret key material.

service_account_email: pulumi.Output[str] = None

The email address of the key’s associated service account.

state: pulumi.Output[str] = None

The state of the key. Can be set to one of ACTIVE, INACTIVE.

time_created: pulumi.Output[str] = None

‘The creation time of the HMAC key in RFC 3339 format. ‘

updated: pulumi.Output[str] = None

‘The last modification time of the HMAC key metadata in RFC 3339 format.’

static get(resource_name, id, opts=None, access_id=None, project=None, secret=None, service_account_email=None, state=None, time_created=None, updated=None)

Get an existing HmacKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_id (pulumi.Input[str]) – The access ID of the HMAC Key.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • secret (pulumi.Input[str]) – HMAC secret key material.

  • service_account_email (pulumi.Input[str]) – The email address of the key’s associated service account.

  • state (pulumi.Input[str]) – The state of the key. Can be set to one of ACTIVE, INACTIVE.

  • time_created (pulumi.Input[str]) – ‘The creation time of the HMAC key in RFC 3339 format. ‘

  • updated (pulumi.Input[str]) – ‘The last modification time of the HMAC key metadata in RFC 3339 format.’

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.Notification(resource_name, opts=None, bucket=None, custom_attributes=None, event_types=None, object_name_prefix=None, payload_format=None, topic=None, __props__=None, __name__=None, __opts__=None)
Creates a new notification configuration on a specified bucket, establishing a flow of event notifications from GCS to a Cloud Pub/Sub topic.

For more information see

the official documentation and API.

In order to enable notifications, a special Google Cloud Storage service account unique to the project must have the IAM permission “projects.topics.publish” for a Cloud Pub/Sub topic in the project. To get the service account’s email address, use the storage.getProjectServiceAccount datasource’s email_address value, and see below for an example of enabling notifications by granting the correct IAM permission. See the notifications documentation for more details.

NOTE: This resource can affect your storage IAM policy. If you are using this in the same config as your storage IAM policy resources, consider making this resource dependent on those IAM resources via depends_on. This will safeguard against errors due to IAM race conditions.

import pulumi
import pulumi_gcp as gcp

gcs_account = gcp.storage.get_project_service_account()
topic = gcp.pubsub.Topic("topic")
binding = gcp.pubsub.TopicIAMBinding("binding",
    topic=topic.id,
    role="roles/pubsub.publisher",
    members=[f"serviceAccount:{gcs_account.email_address}"])
# End enabling notifications
bucket = gcp.storage.Bucket("bucket")
notification = gcp.storage.Notification("notification",
    bucket=bucket.name,
    payload_format="JSON_API_V1",
    topic=topic.id,
    event_types=[
        "OBJECT_FINALIZE",
        "OBJECT_METADATA_UPDATE",
    ],
    custom_attributes={
        "new-attribute": "new-attribute-value",
    })
# Enable notifications by giving the correct IAM permission to the unique service account.
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • custom_attributes (pulumi.Input[dict]) – A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

  • event_types (pulumi.Input[list]) – List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

  • object_name_prefix (pulumi.Input[str]) – Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

  • payload_format (pulumi.Input[str]) – The desired content of the Payload. One of "JSON_API_V1" or "NONE".

  • topic (pulumi.Input[str]) – The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.

bucket: pulumi.Output[str] = None

The name of the bucket.

custom_attributes: pulumi.Output[dict] = None

A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

event_types: pulumi.Output[list] = None

List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

notification_id: pulumi.Output[str] = None

The ID of the created notification.

object_name_prefix: pulumi.Output[str] = None

Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

payload_format: pulumi.Output[str] = None

The desired content of the Payload. One of "JSON_API_V1" or "NONE".

The URI of the created resource.

topic: pulumi.Output[str] = None

The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.

static get(resource_name, id, opts=None, bucket=None, custom_attributes=None, event_types=None, notification_id=None, object_name_prefix=None, payload_format=None, self_link=None, topic=None)

Get an existing Notification resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • custom_attributes (pulumi.Input[dict]) – A set of key/value attribute pairs to attach to each Cloud PubSub message published for this notification subscription

  • event_types (pulumi.Input[list]) – List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", "OBJECT_DELETE", "OBJECT_ARCHIVE"

  • notification_id (pulumi.Input[str]) – The ID of the created notification.

  • object_name_prefix (pulumi.Input[str]) – Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.

  • payload_format (pulumi.Input[str]) – The desired content of the Payload. One of "JSON_API_V1" or "NONE".

  • self_link (pulumi.Input[str]) – The URI of the created resource.

  • topic (pulumi.Input[str]) – The Cloud PubSub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.ObjectACL(resource_name, opts=None, bucket=None, object=None, predefined_acl=None, role_entities=None, __props__=None, __name__=None, __opts__=None)

Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a storage.ObjectACL sets the acl to the private predefined ACL.

For more information see the official documentation and API.

Want fine-grained control over object ACLs? Use storage.ObjectAccessControl to control individual role entity pairs.

import pulumi
import pulumi_gcp as gcp

image_store = gcp.storage.Bucket("image-store", location="EU")
image = gcp.storage.BucketObject("image",
    bucket=image_store.name,
    source=pulumi.FileAsset("image1.jpg"))
image_store_acl = gcp.storage.ObjectACL("image-store-acl",
    bucket=image_store.name,
    object=image.output_name,
    role_entities=[
        "OWNER:user-my.email@gmail.com",
        "READER:group-mygroup",
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket the object is stored in.

  • object (pulumi.Input[str]) – The name of the object to apply the acl to.

  • predefined_acl (pulumi.Input[str]) –

    The “canned” predefined ACL to apply. Must be set if role_entity is not.

  • role_entities (pulumi.Input[list]) –

    List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

bucket: pulumi.Output[str] = None

The name of the bucket the object is stored in.

object: pulumi.Output[str] = None

The name of the object to apply the acl to.

predefined_acl: pulumi.Output[str] = None

The “canned” predefined ACL to apply. Must be set if role_entity is not.

role_entities: pulumi.Output[list] = None

List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

static get(resource_name, id, opts=None, bucket=None, object=None, predefined_acl=None, role_entities=None)

Get an existing ObjectACL resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket the object is stored in.

  • object (pulumi.Input[str]) – The name of the object to apply the acl to.

  • predefined_acl (pulumi.Input[str]) –

    The “canned” predefined ACL to apply. Must be set if role_entity is not.

  • role_entities (pulumi.Input[list]) –

    List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.ObjectAccessControl(resource_name, opts=None, bucket=None, entity=None, object=None, role=None, __props__=None, __name__=None, __opts__=None)

The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about ObjectAccessControl, see:

import pulumi
import pulumi_gcp as gcp

bucket = gcp.storage.Bucket("bucket")
object = gcp.storage.BucketObject("object",
    bucket=bucket.name,
    source=pulumi.FileAsset("../static/img/header-logo.png"))
public_rule = gcp.storage.ObjectAccessControl("publicRule",
    object=object.output_name,
    bucket=bucket.name,
    role="READER",
    entity="allUsers")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • entity (pulumi.Input[str]) – The entity holding the permission, in one of the following forms:

* user-{{userId}}
* user-{{email}} (such as "user-liz@example.com")
* group-{{groupId}}
* group-{{email}} (such as "group-example@googlegroups.com")
* domain-{{domain}} (such as "domain-example.com")
* project-team-{{projectId}}
* allUsers
* allAuthenticatedUsers
Parameters

  • object (pulumi.Input[str]) – The name of the object to apply the access control to.

  • role (pulumi.Input[str]) – The access permission for the entity.

bucket: pulumi.Output[str] = None

The name of the bucket.

domain: pulumi.Output[str] = None

The domain associated with the entity.

email: pulumi.Output[str] = None

The email address associated with the entity.

entity: pulumi.Output[str] = None

The entity holding the permission, in one of the following forms:

  • user-{{userId}}

  • user-{{email}} (such as “user-liz@example.com”)

  • group-{{groupId}}

  • group-{{email}} (such as “group-example@googlegroups.com”)

  • domain-{{domain}} (such as “domain-example.com”)

  • project-team-{{projectId}}

  • allUsers

  • allAuthenticatedUsers

entity_id: pulumi.Output[str] = None

The ID for the entity

generation: pulumi.Output[float] = None

The content generation of the object, if applied to an object.

object: pulumi.Output[str] = None

The name of the object to apply the access control to.

project_team: pulumi.Output[dict] = None

The project team associated with the entity

  • project_number (str)

  • team (str)

role: pulumi.Output[str] = None

The access permission for the entity.

static get(resource_name, id, opts=None, bucket=None, domain=None, email=None, entity=None, entity_id=None, generation=None, object=None, project_team=None, role=None)

Get an existing ObjectAccessControl resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • bucket (pulumi.Input[str]) – The name of the bucket.

  • domain (pulumi.Input[str]) – The domain associated with the entity.

  • email (pulumi.Input[str]) – The email address associated with the entity.

  • entity (pulumi.Input[str]) – The entity holding the permission, in one of the following forms:

* user-{{userId}}
* user-{{email}} (such as "user-liz@example.com")
* group-{{groupId}}
* group-{{email}} (such as "group-example@googlegroups.com")
* domain-{{domain}} (such as "domain-example.com")
* project-team-{{projectId}}
* allUsers
* allAuthenticatedUsers
Parameters

  • entity_id (pulumi.Input[str]) – The ID for the entity

  • generation (pulumi.Input[float]) – The content generation of the object, if applied to an object.

  • object (pulumi.Input[str]) – The name of the object to apply the access control to.

  • project_team (pulumi.Input[dict]) – The project team associated with the entity

  • role (pulumi.Input[str]) – The access permission for the entity.

The project_team object supports the following:

  • project_number (pulumi.Input[str])

  • team (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.storage.TransferJob(resource_name, opts=None, description=None, project=None, schedule=None, status=None, transfer_spec=None, __props__=None, __name__=None, __opts__=None)

Creates a new Transfer Job in Google Cloud Storage Transfer.

To get more information about Google Cloud Storage Transfer, see:

import pulumi
import pulumi_gcp as gcp

default = gcp.storage.get_transfer_project_servie_account(project=var["project"])
s3_backup_bucket_bucket = gcp.storage.Bucket("s3-backup-bucketBucket",
    storage_class="NEARLINE",
    project=var["project"])
s3_backup_bucket_bucket_iam_member = gcp.storage.BucketIAMMember("s3-backup-bucketBucketIAMMember",
    bucket=s3_backup_bucket_bucket.name,
    role="roles/storage.admin",
    member=f"serviceAccount:{default.email}")
s3_bucket_nightly_backup = gcp.storage.TransferJob("s3-bucket-nightly-backup",
    description="Nightly backup of S3 bucket",
    project=var["project"],
    transfer_spec={
        "object_conditions": {
            "maxTimeElapsedSinceLastModification": "600s",
            "excludePrefixes": ["requests.gz"],
        },
        "transfer_options": {
            "deleteObjectsUniqueInSink": False,
        },
        "aws_s3_data_source": {
            "bucket_name": var["aws_s3_bucket"],
            "aws_access_key": {
                "accessKeyId": var["aws_access_key"],
                "secretAccessKey": var["aws_secret_key"],
            },
        },
        "gcs_data_sink": {
            "bucket_name": s3_backup_bucket_bucket.name,
        },
    },
    schedule={
        "schedule_start_date": {
            "year": 2018,
            "month": 10,
            "day": 1,
        },
        "schedule_end_date": {
            "year": 2019,
            "month": 1,
            "day": 15,
        },
        "start_time_of_day": {
            "hours": 23,
            "minutes": 30,
            "seconds": 0,
            "nanos": 0,
        },
    })
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – Unique description to identify the Transfer Job.

  • project (pulumi.Input[str]) – The project in which the resource belongs. If it is not provided, the provider project is used.

  • schedule (pulumi.Input[dict]) – Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

  • status (pulumi.Input[str]) – Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

  • transfer_spec (pulumi.Input[dict]) – Transfer specification. Structure documented below.

The schedule object supports the following:

  • scheduleEndDate (pulumi.Input[dict]) - The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once. Structure documented below.

    • day (pulumi.Input[float]) - Day of month. Must be from 1 to 31 and valid for the year and month.

    • month (pulumi.Input[float]) - Month of year. Must be from 1 to 12.

    • year (pulumi.Input[float]) - Year of date. Must be from 1 to 9999.

  • scheduleStartDate (pulumi.Input[dict]) - The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day. Structure documented below.

    • day (pulumi.Input[float]) - Day of month. Must be from 1 to 31 and valid for the year and month.

    • month (pulumi.Input[float]) - Month of year. Must be from 1 to 12.

    • year (pulumi.Input[float]) - Year of date. Must be from 1 to 9999.

  • startTimeOfDay (pulumi.Input[dict]) - The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer’s start time in a day is specified in your local timezone. Structure documented below.

    • hours (pulumi.Input[float]) - Hours of day in 24 hour format. Should be from 0 to 23

    • minutes (pulumi.Input[float]) - Minutes of hour of day. Must be from 0 to 59.

    • nanos (pulumi.Input[float]) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

    • seconds (pulumi.Input[float]) - Seconds of minutes of the time. Must normally be from 0 to 59.

The transfer_spec object supports the following:

  • awsS3DataSource (pulumi.Input[dict]) - An AWS S3 data source. Structure documented below.

    • awsAccessKey (pulumi.Input[dict]) - AWS credentials block.

      • accessKeyId (pulumi.Input[str]) - AWS Key ID.

      • secretAccessKey (pulumi.Input[str]) - AWS Secret Access Key.

    • bucket_name (pulumi.Input[str]) - S3 Bucket name.

  • gcsDataSink (pulumi.Input[dict]) - A Google Cloud Storage data sink. Structure documented below.

    • bucket_name (pulumi.Input[str]) - S3 Bucket name.

  • gcsDataSource (pulumi.Input[dict]) - A Google Cloud Storage data source. Structure documented below.

    • bucket_name (pulumi.Input[str]) - S3 Bucket name.

  • httpDataSource (pulumi.Input[dict]) - An HTTP URL data source. Structure documented below.

    • listUrl (pulumi.Input[str]) - The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.

  • objectConditions (pulumi.Input[dict]) - Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects’ last_modification_time do not exclude objects in a data sink. Structure documented below.

    • excludePrefixes (pulumi.Input[list]) - exclude_prefixes must follow the requirements described for include_prefixes. See Requirements.

    • includePrefixes (pulumi.Input[list]) - If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions. See Requirements.

    • maxTimeElapsedSinceLastModification (pulumi.Input[str]) - A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

    • minTimeElapsedSinceLastModification (pulumi.Input[str]) - A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

  • transferOptions (pulumi.Input[dict]) - Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects’ last_modification_time are ignored and do not exclude objects in a data source or a data sink. Structure documented below.

    • deleteObjectsFromSourceAfterTransfer (pulumi.Input[bool]) - Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.

    • deleteObjectsUniqueInSink (pulumi.Input[bool]) - Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.

    • overwriteObjectsAlreadyExistingInSink (pulumi.Input[bool]) - Whether overwriting objects that already exist in the sink is allowed.

creation_time: pulumi.Output[str] = None

When the Transfer Job was created.

deletion_time: pulumi.Output[str] = None

When the Transfer Job was deleted.

description: pulumi.Output[str] = None

Unique description to identify the Transfer Job.

last_modification_time: pulumi.Output[str] = None

When the Transfer Job was last modified.

name: pulumi.Output[str] = None

The name of the Transfer Job.

project: pulumi.Output[str] = None

The project in which the resource belongs. If it is not provided, the provider project is used.

schedule: pulumi.Output[dict] = None

Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

  • scheduleEndDate (dict) - The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once. Structure documented below.

    • day (float) - Day of month. Must be from 1 to 31 and valid for the year and month.

    • month (float) - Month of year. Must be from 1 to 12.

    • year (float) - Year of date. Must be from 1 to 9999.

  • scheduleStartDate (dict) - The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day. Structure documented below.

    • day (float) - Day of month. Must be from 1 to 31 and valid for the year and month.

    • month (float) - Month of year. Must be from 1 to 12.

    • year (float) - Year of date. Must be from 1 to 9999.

  • startTimeOfDay (dict) - The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer’s start time in a day is specified in your local timezone. Structure documented below.

    • hours (float) - Hours of day in 24 hour format. Should be from 0 to 23

    • minutes (float) - Minutes of hour of day. Must be from 0 to 59.

    • nanos (float) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

    • seconds (float) - Seconds of minutes of the time. Must normally be from 0 to 59.

status: pulumi.Output[str] = None

Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

transfer_spec: pulumi.Output[dict] = None

Transfer specification. Structure documented below.

  • awsS3DataSource (dict) - An AWS S3 data source. Structure documented below.

    • awsAccessKey (dict) - AWS credentials block.

      • accessKeyId (str) - AWS Key ID.

      • secretAccessKey (str) - AWS Secret Access Key.

    • bucket_name (str) - S3 Bucket name.

  • gcsDataSink (dict) - A Google Cloud Storage data sink. Structure documented below.

    • bucket_name (str) - S3 Bucket name.

  • gcsDataSource (dict) - A Google Cloud Storage data source. Structure documented below.

    • bucket_name (str) - S3 Bucket name.

  • httpDataSource (dict) - An HTTP URL data source. Structure documented below.

    • listUrl (str) - The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.

  • objectConditions (dict) - Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects’ last_modification_time do not exclude objects in a data sink. Structure documented below.

    • excludePrefixes (list) - exclude_prefixes must follow the requirements described for include_prefixes. See Requirements.

    • includePrefixes (list) - If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions. See Requirements.

    • maxTimeElapsedSinceLastModification (str) - A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

    • minTimeElapsedSinceLastModification (str) - A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

  • transferOptions (dict) - Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects’ last_modification_time are ignored and do not exclude objects in a data source or a data sink. Structure documented below.

    • deleteObjectsFromSourceAfterTransfer (bool) - Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.

    • deleteObjectsUniqueInSink (bool) - Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.

    • overwriteObjectsAlreadyExistingInSink (bool) - Whether overwriting objects that already exist in the sink is allowed.

static get(resource_name, id, opts=None, creation_time=None, deletion_time=None, description=None, last_modification_time=None, name=None, project=None, schedule=None, status=None, transfer_spec=None)

Get an existing TransferJob resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • creation_time (pulumi.Input[str]) – When the Transfer Job was created.

  • deletion_time (pulumi.Input[str]) – When the Transfer Job was deleted.

  • description (pulumi.Input[str]) – Unique description to identify the Transfer Job.

  • last_modification_time (pulumi.Input[str]) – When the Transfer Job was last modified.

  • name (pulumi.Input[str]) – The name of the Transfer Job.

  • project (pulumi.Input[str]) – The project in which the resource belongs. If it is not provided, the provider project is used.

  • schedule (pulumi.Input[dict]) – Schedule specification defining when the Transfer Job should be scheduled to start, end and and what time to run. Structure documented below.

  • status (pulumi.Input[str]) – Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.

  • transfer_spec (pulumi.Input[dict]) – Transfer specification. Structure documented below.

The schedule object supports the following:

  • scheduleEndDate (pulumi.Input[dict]) - The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once. Structure documented below.

    • day (pulumi.Input[float]) - Day of month. Must be from 1 to 31 and valid for the year and month.

    • month (pulumi.Input[float]) - Month of year. Must be from 1 to 12.

    • year (pulumi.Input[float]) - Year of date. Must be from 1 to 9999.

  • scheduleStartDate (pulumi.Input[dict]) - The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day. Structure documented below.

    • day (pulumi.Input[float]) - Day of month. Must be from 1 to 31 and valid for the year and month.

    • month (pulumi.Input[float]) - Month of year. Must be from 1 to 12.

    • year (pulumi.Input[float]) - Year of date. Must be from 1 to 9999.

  • startTimeOfDay (pulumi.Input[dict]) - The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer’s start time in a day is specified in your local timezone. Structure documented below.

    • hours (pulumi.Input[float]) - Hours of day in 24 hour format. Should be from 0 to 23

    • minutes (pulumi.Input[float]) - Minutes of hour of day. Must be from 0 to 59.

    • nanos (pulumi.Input[float]) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.

    • seconds (pulumi.Input[float]) - Seconds of minutes of the time. Must normally be from 0 to 59.

The transfer_spec object supports the following:

  • awsS3DataSource (pulumi.Input[dict]) - An AWS S3 data source. Structure documented below.

    • awsAccessKey (pulumi.Input[dict]) - AWS credentials block.

      • accessKeyId (pulumi.Input[str]) - AWS Key ID.

      • secretAccessKey (pulumi.Input[str]) - AWS Secret Access Key.

    • bucket_name (pulumi.Input[str]) - S3 Bucket name.

  • gcsDataSink (pulumi.Input[dict]) - A Google Cloud Storage data sink. Structure documented below.

    • bucket_name (pulumi.Input[str]) - S3 Bucket name.

  • gcsDataSource (pulumi.Input[dict]) - A Google Cloud Storage data source. Structure documented below.

    • bucket_name (pulumi.Input[str]) - S3 Bucket name.

  • httpDataSource (pulumi.Input[dict]) - An HTTP URL data source. Structure documented below.

    • listUrl (pulumi.Input[str]) - The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.

  • objectConditions (pulumi.Input[dict]) - Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects’ last_modification_time do not exclude objects in a data sink. Structure documented below.

    • excludePrefixes (pulumi.Input[list]) - exclude_prefixes must follow the requirements described for include_prefixes. See Requirements.

    • includePrefixes (pulumi.Input[list]) - If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions. See Requirements.

    • maxTimeElapsedSinceLastModification (pulumi.Input[str]) - A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

    • minTimeElapsedSinceLastModification (pulumi.Input[str]) - A duration in seconds with up to nine fractional digits, terminated by ‘s’. Example: “3.5s”.

  • transferOptions (pulumi.Input[dict]) - Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects’ last_modification_time are ignored and do not exclude objects in a data source or a data sink. Structure documented below.

    • deleteObjectsFromSourceAfterTransfer (pulumi.Input[bool]) - Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.

    • deleteObjectsUniqueInSink (pulumi.Input[bool]) - Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.

    • overwriteObjectsAlreadyExistingInSink (pulumi.Input[bool]) - Whether overwriting objects that already exist in the sink is allowed.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_gcp.storage.get_bucket_object(bucket=None, name=None, opts=None)

Gets an existing object inside an existing bucket in Google Cloud Storage service (GCS). See the official documentation and API.

import pulumi
import pulumi_gcp as gcp

picture = gcp.storage.get_bucket_object(bucket="image-store",
    name="folder/butterfly01.jpg")
Parameters

  • bucket (str) – The name of the containing bucket.

  • name (str) – The name of the object.

pulumi_gcp.storage.get_object_signed_url(bucket=None, content_md5=None, content_type=None, credentials=None, duration=None, extension_headers=None, http_method=None, path=None, opts=None)

The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.

For more info about signed URL’s is available here.

import pulumi
import pulumi_gcp as gcp

artifact = gcp.storage.get_object_signed_url(bucket="install_binaries",
    path="path/to/install_file.bin")
vm = gcp.compute.Instance("vm")

import pulumi
import pulumi_gcp as gcp

get_url = gcp.storage.get_object_signed_url(bucket="fried_chicken",
    path="path/to/file",
    content_md5="pRviqwS4c4OTJRTe03FD1w==",
    content_type="text/plain",
    duration="2d",
    credentials=(lambda path: open(path).read())("path/to/credentials.json"),
    extension_headers={
        "x-goog-if-generation-match": 1,
    })
Parameters

  • bucket (str) – The name of the bucket to read the object from

  • content_md5 (str) – The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

  • content_type (str) – If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

  • credentials (str) – What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

  • duration (str) –

    For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

  • extension_headers (dict) – As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

  • http_method (str) – What HTTP Method will the signed URL allow (defaults to GET)

  • path (str) – The full path to the object inside the bucket

pulumi_gcp.storage.get_project_service_account(project=None, user_project=None, opts=None)

Get the email address of a project’s unique Google Cloud Storage service account.

Each Google Cloud project has a unique service account for use with Google Cloud Storage. Only this special service account can be used to set up storage.Notification resources.

For more information see the API reference.

import pulumi
import pulumi_gcp as gcp

gcs_account = gcp.storage.get_project_service_account()
binding = gcp.pubsub.TopicIAMBinding("binding",
    topic=google_pubsub_topic["topic"]["name"],
    role="roles/pubsub.publisher",
    members=[f"serviceAccount:{gcs_account.email_address}"])
Parameters

  • project (str) – The project the unique service account was created for. If it is not provided, the provider project is used.

  • user_project (str) – The project the lookup originates from. This field is used if you are making the request from a different account than the one you are finding the service account for.

pulumi_gcp.storage.get_transfer_project_servie_account(project=None, opts=None)

Use this data source to retrieve Storage Transfer service account for this project

import pulumi
import pulumi_gcp as gcp

default = gcp.storage.get_transfer_project_servie_account()
pulumi.export("defaultAccount", default.email)
Parameters

project (str) – The project ID. If it is not provided, the provider project is used.