import * as pulumi from "@pulumi/pulumi"; /** * Authoritatively manages the access control list (ACL) for an object in a Google * Cloud Storage (GCS) bucket. Removing a `gcp.storage.ObjectACL` sets the * acl to the `private` [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl). * * For more information see * [the official documentation](https://cloud.google.com/storage/docs/access-control/lists) * and * [API](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls). * * > Want fine-grained control over object ACLs? Use `gcp.storage.ObjectAccessControl` to control individual * role entity pairs. * * ## Example Usage * * Create an object ACL with one owner and one reader. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const image_store = new gcp.storage.Bucket("image-store", { * name: "image-store-bucket", * location: "EU", * }); * const image = new gcp.storage.BucketObject("image", { * name: "image1", * bucket: image_store.name, * source: new pulumi.asset.FileAsset("image1.jpg"), * }); * const image_store_acl = new gcp.storage.ObjectACL("image-store-acl", { * bucket: image_store.name, * object: image.outputName, * roleEntities: [ * "OWNER:user-my.email@gmail.com", * "READER:group-mygroup", * ], * }); * ``` * * ## Import * * This resource does not support import. */ export declare class ObjectACL extends pulumi.CustomResource { /** * Get an existing ObjectACL resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ObjectACLState, opts?: pulumi.CustomResourceOptions): ObjectACL; /** * Returns true if the given object is an instance of ObjectACL. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ObjectACL; /** * The name of the bucket the object is stored in. */ readonly bucket: pulumi.Output; /** * Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE". * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output; /** * The name of the object to apply the acl to. * * - - - */ readonly object: pulumi.Output; /** * The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not. */ readonly predefinedAcl: pulumi.Output; /** * List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. * Must be set if `predefinedAcl` is not. * * > The object's creator will always have `OWNER` permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically * adds that role/entity pair to your `pulumi preview` results when it is omitted in your config; `pulumi preview` will show the correct final state at every point except for at * `Create` time, where the object role/entity pair is omitted if not explicitly set. */ readonly roleEntities: pulumi.Output; /** * Create a ObjectACL resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ObjectACLArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ObjectACL resources. */ export interface ObjectACLState { /** * The name of the bucket the object is stored in. */ bucket?: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE". * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * The name of the object to apply the acl to. * * - - - */ object?: pulumi.Input; /** * The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not. */ predefinedAcl?: pulumi.Input; /** * List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. * Must be set if `predefinedAcl` is not. * * > The object's creator will always have `OWNER` permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically * adds that role/entity pair to your `pulumi preview` results when it is omitted in your config; `pulumi preview` will show the correct final state at every point except for at * `Create` time, where the object role/entity pair is omitted if not explicitly set. */ roleEntities?: pulumi.Input[] | undefined>; } /** * The set of arguments for constructing a ObjectACL resource. */ export interface ObjectACLArgs { /** * The name of the bucket the object is stored in. */ bucket: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to "DELETE". * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * The name of the object to apply the acl to. * * - - - */ object: pulumi.Input; /** * The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not. */ predefinedAcl?: pulumi.Input; /** * List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. * Must be set if `predefinedAcl` is not. * * > The object's creator will always have `OWNER` permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically * adds that role/entity pair to your `pulumi preview` results when it is omitted in your config; `pulumi preview` will show the correct final state at every point except for at * `Create` time, where the object role/entity pair is omitted if not explicitly set. */ roleEntities?: pulumi.Input[] | undefined>; } //# sourceMappingURL=objectACL.d.ts.map