2018-10-17 22:38:59 +00:00
|
|
|
---
|
|
|
|
# ----------------------------------------------------------------------------
|
|
|
|
#
|
|
|
|
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
|
|
|
#
|
|
|
|
# ----------------------------------------------------------------------------
|
|
|
|
#
|
|
|
|
# This file is automatically generated by Magic Modules and manual
|
|
|
|
# changes will be clobbered when the file is regenerated.
|
|
|
|
#
|
|
|
|
# Please read more about how to change this file in
|
|
|
|
# .github/CONTRIBUTING.md.
|
|
|
|
#
|
|
|
|
# ----------------------------------------------------------------------------
|
|
|
|
layout: "google"
|
|
|
|
page_title: "Google: google_storage_object_access_control"
|
|
|
|
sidebar_current: "docs-google-storage-object-access-control"
|
|
|
|
description: |-
|
|
|
|
The ObjectAccessControls resources represent the Access Control Lists
|
|
|
|
(ACLs) for objects within Google Cloud Storage.
|
|
|
|
---
|
|
|
|
|
|
|
|
# google\_storage\_object\_access\_control
|
|
|
|
|
|
|
|
The ObjectAccessControls resources represent the Access Control Lists
|
|
|
|
(ACLs) for objects within Google Cloud Storage. ACLs let you specify
|
|
|
|
who has access to your data and to what extent.
|
|
|
|
|
|
|
|
There are two roles that can be assigned to an entity:
|
|
|
|
|
|
|
|
READERs can get an object, though the acl property will not be revealed.
|
|
|
|
OWNERs are READERs, and they can get the acl property, update an object,
|
|
|
|
and call all objectAccessControls methods on the object. The owner of an
|
|
|
|
object is always an OWNER.
|
|
|
|
For more information, see Access Control, with the caveat that this API
|
|
|
|
uses READER and OWNER instead of READ and FULL_CONTROL.
|
|
|
|
|
|
|
|
|
|
|
|
To get more information about ObjectAccessControl, see:
|
|
|
|
|
|
|
|
* [API documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls)
|
|
|
|
* How-to Guides
|
|
|
|
* [Official Documentation](https://cloud.google.com/storage/docs/access-control/create-manage-lists)
|
|
|
|
|
2018-10-30 00:40:56 +00:00
|
|
|
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
|
|
|
|
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=storage_object_access_control_public_object&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
|
|
|
|
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
|
|
|
|
</a>
|
|
|
|
</div>
|
2018-10-19 20:37:03 +00:00
|
|
|
## Example Usage - Storage Object Access Control Public Object
|
|
|
|
|
2018-10-17 22:38:59 +00:00
|
|
|
|
|
|
|
```hcl
|
|
|
|
resource "google_storage_object_access_control" "public_rule" {
|
|
|
|
object = "${google_storage_bucket_object.object.name}"
|
|
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
|
|
|
role = "READER"
|
|
|
|
entity = "allUsers"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_storage_bucket" "bucket" {
|
|
|
|
name = "static-content-bucket"
|
|
|
|
}
|
|
|
|
|
|
|
|
resource "google_storage_bucket_object" "object" {
|
|
|
|
name = "public-object"
|
|
|
|
bucket = "${google_storage_bucket.bucket.name}"
|
2018-10-30 00:40:56 +00:00
|
|
|
source = "../static/img/header-logo.png"
|
2018-10-17 22:38:59 +00:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## Argument Reference
|
|
|
|
|
|
|
|
The following arguments are supported:
|
|
|
|
|
|
|
|
|
|
|
|
* `bucket` -
|
|
|
|
(Required)
|
|
|
|
The name of the bucket.
|
|
|
|
|
|
|
|
* `entity` -
|
|
|
|
(Required)
|
|
|
|
The entity holding the permission, in one of the following forms:
|
|
|
|
* user-{{userId}}
|
|
|
|
* user-{{email}} (such as "user-liz@example.com")
|
|
|
|
* group-{{groupId}}
|
|
|
|
* group-{{email}} (such as "group-example@googlegroups.com")
|
|
|
|
* domain-{{domain}} (such as "domain-example.com")
|
|
|
|
* project-team-{{projectId}}
|
|
|
|
* allUsers
|
|
|
|
* allAuthenticatedUsers
|
|
|
|
|
|
|
|
* `object` -
|
|
|
|
(Required)
|
|
|
|
The name of the object to apply the access control to.
|
|
|
|
|
|
|
|
* `role` -
|
|
|
|
(Required)
|
|
|
|
The access permission for the entity.
|
|
|
|
|
|
|
|
|
|
|
|
- - -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Attributes Reference
|
|
|
|
|
|
|
|
In addition to the arguments listed above, the following computed attributes are exported:
|
|
|
|
|
|
|
|
|
|
|
|
* `domain` -
|
|
|
|
The domain associated with the entity.
|
|
|
|
|
|
|
|
* `email` -
|
|
|
|
The email address associated with the entity.
|
|
|
|
|
|
|
|
* `entity_id` -
|
|
|
|
The ID for the entity
|
|
|
|
|
|
|
|
* `generation` -
|
|
|
|
The content generation of the object, if applied to an object.
|
|
|
|
|
|
|
|
* `project_team` -
|
|
|
|
The project team associated with the entity Structure is documented below.
|
|
|
|
|
|
|
|
|
|
|
|
The `project_team` block contains:
|
|
|
|
|
|
|
|
* `project_number` -
|
|
|
|
(Optional)
|
|
|
|
The project team associated with the entity
|
|
|
|
|
|
|
|
* `team` -
|
|
|
|
(Optional)
|
|
|
|
The team.
|
|
|
|
|
|
|
|
|
|
|
|
## Import
|
|
|
|
|
|
|
|
ObjectAccessControl can be imported using any of these accepted formats:
|
|
|
|
|
|
|
|
```
|
|
|
|
$ terraform import google_storage_object_access_control.default {{bucket}}/{{object}}/{{entity}}
|
|
|
|
```
|