public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-05 17:52:38 +00:00
Code Issues Projects Releases Wiki Activity
dc95bd3468
terraform-provider-google/website/docs/r/storage_object_access_control.html.markdown
The Magician 0ef9ea8520 Use new output_name variable in Storage Object ACL docs (#3118) 
<!-- This change is generated by MagicModules. -->
/cc @rileykarson
2019-02-28 16:36:56 -08:00

4.7 KiB
Raw Blame History

layout page_title sidebar_current description
google Google: google_storage_object_access_control docs-google-storage-object-access-control The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage.

google_storage_object_access_control

The ObjectAccessControls resources represent the Access Control Lists (ACLs) for objects within Google Cloud Storage. ACLs let you specify who has access to your data and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about ObjectAccessControl, see:

## Example Usage - Storage Object Access Control Public Object 
resource "google_storage_object_access_control" "public_rule" {
  object = "${google_storage_bucket_object.object.output_name}"
  bucket = "${google_storage_bucket.bucket.name}"
  role   = "READER"
  entity = "allUsers"
}

resource "google_storage_bucket" "bucket" {
	name = "static-content-bucket"
}

 resource "google_storage_bucket_object" "object" {
	name   = "public-object"
	bucket = "${google_storage_bucket.bucket.name}"
	source = "../static/img/header-logo.png"
}

Argument Reference

The following arguments are supported:

  • bucket - (Required) The name of the bucket.

  • entity - (Required) The entity holding the permission, in one of the following forms:

    • user-{{userId}}
    • user-{{email}} (such as "user-liz@example.com")
    • group-{{groupId}}
    • group-{{email}} (such as "group-example@googlegroups.com")
    • domain-{{domain}} (such as "domain-example.com")
    • project-team-{{projectId}}
    • allUsers
    • allAuthenticatedUsers

  • object - (Required) The name of the object to apply the access control to.

  • role - (Required) The access permission for the entity.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • domain - The domain associated with the entity.

  • email - The email address associated with the entity.

  • entity_id - The ID for the entity

  • generation - The content generation of the object, if applied to an object.

  • project_team - The project team associated with the entity Structure is documented below.

The project_team block contains:

  • project_number - (Optional) The project team associated with the entity

  • team - (Optional) The team.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

Import

ObjectAccessControl can be imported using any of these accepted formats:

$ terraform import google_storage_object_access_control.default {{bucket}}/{{object}}/{{entity}}

-> If you're importing a resource with beta features, make sure to include -provider=google-beta as an argument so that Terraform uses the correct provider to import your resource.