import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * The `scaleway.object.BucketAcl` resource allows you to create and manage Access Control Lists (ACLs) for [Scaleway Object storage](https://www.scaleway.com/en/docs/object-storage/).
 *
 * Refer to the [dedicated documentation](https://www.scaleway.com/en/docs/object-storage/api-cli/bucket-operations/#putbucketacl) for more information on ACLs.
 *
 * > **Note:** `terraform destroy` does not delete the ACL but does remove the resource from the Terraform state.
 *
 * > **Note:** [Account identifiers](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html) are not supported by Scaleway.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as scaleway from "@pulumiverse/scaleway";
 *
 * const someBucket = new scaleway.object.Bucket("some_bucket", {name: "unique-name"});
 * const main = new scaleway.object.BucketAcl("main", {
 *     bucket: mainScalewayObjectBucket.id,
 *     acl: "private",
 * });
 * ```
 *
 * For more information, refer to the [PutBucketAcl API call documentation](https://www.scaleway.com/en/docs/object-storage/api-cli/bucket-operations/#putbucketacl).
 *
 * ### With Grants
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as scaleway from "@pulumiverse/scaleway";
 *
 * const main = new scaleway.object.Bucket("main", {name: "your-bucket"});
 * const mainBucketAcl = new scaleway.object.BucketAcl("main", {
 *     bucket: main.id,
 *     accessControlPolicy: {
 *         grants: [
 *             {
 *                 grantee: {
 *                     id: "<project-id>:<project-id>",
 *                     type: "CanonicalUser",
 *                 },
 *                 permission: "FULL_CONTROL",
 *             },
 *             {
 *                 grantee: {
 *                     id: "<project-id>",
 *                     type: "CanonicalUser",
 *                 },
 *                 permission: "WRITE",
 *             },
 *         ],
 *         owner: {
 *             id: "<project-id>",
 *         },
 *     },
 * });
 * ```
 *
 * ## The ACL
 *
 * Refer to the [official canned ACL documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl_overview.html#canned-acl) for more information on the different roles.
 *
 * ## The access control policy
 *
 * The `accessControlPolicy` configuration block supports the following arguments:
 *
 * * `grant` - (Required) Set of grant configuration blocks documented below.
 * * `owner` - (Required) Configuration block of the bucket owner's display name and ID documented below.
 *
 * ## The grant
 *
 * The `grant` configuration block supports the following arguments:
 *
 * * `grantee` - (Required) Configuration block for the project being granted permissions documented below.
 * * `permission` - (Required) Logging permissions assigned to the grantee for the bucket.
 *
 * ## The permission
 *
 * The following list shows each access policy permissions supported.
 *
 * `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`
 *
 * For more information about ACL permissions in the S3 bucket, see [ACL permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html).
 *
 * ## The owner
 *
 * The `owner` configuration block supports the following arguments:
 *
 * * `id` - (Required) The ID of the project owner.
 * * `displayName` - (Optional) The display name of the owner.
 *
 * ## the grantee
 *
 * The `grantee` configuration block supports the following arguments:
 *
 * * `id` - (Optional) The canonical user ID of the grantee.
 * * `type` - (Required) Type of grantee. Valid values: CanonicalUser, Group.
 * * `uri` - (Optional) The uri of the grantee if type is Group.
 *
 * ## Import
 *
 * Bucket ACLs can be imported using the `{region}/{bucketName}/{acl}` identifier, as shown below:
 *
 * ```sh
 * $ pulumi import scaleway:object/bucketAcl:BucketAcl some_bucket fr-par/some-bucket/private
 * ```
 *
 * > **Important:** The `projectId` attribute has a particular behavior with s3 products because the s3 API is scoped by project.
 * If you are using a project different from the default one, you have to specify the project ID at the end of the import command.
 *
 * ```sh
 * $ pulumi import scaleway:object/bucketAcl:BucketAcl some_bucket fr-par/some-bucket/private@xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
 * ```
 */
export declare class BucketAcl extends pulumi.CustomResource {
    /**
     * Get an existing BucketAcl resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BucketAclState, opts?: pulumi.CustomResourceOptions): BucketAcl;
    /**
     * Returns true if the given object is an instance of BucketAcl.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is BucketAcl;
    /**
     * A configuration block that sets the ACL permissions for an object per grantee documented below.
     */
    readonly accessControlPolicy: pulumi.Output<outputs.object.BucketAclAccessControlPolicy>;
    /**
     * The canned ACL you want to apply to the bucket. Refer to the [AWS Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl_overview.html#canned-acl) documentation page to find a list of all the supported canned ACLs.
     */
    readonly acl: pulumi.Output<string | undefined>;
    /**
     * The name of the bucket, or its Terraform ID.
     */
    readonly bucket: pulumi.Output<string>;
    /**
     * The project ID of the expected bucket owner.
     */
    readonly expectedBucketOwner: pulumi.Output<string | undefined>;
    /**
     * `projectId`) The ID of the project the bucket is associated with.
     *
     * > **Important:** The `projectId` attribute has a particular behavior with s3 products, because the s3 API is scoped by project.
     * If you are using a project different from the default one, you have to specify the `projectId` for every child resource of the bucket,
     * like bucket ACLs. Otherwise, Terraform will try to create the child resource with the default project ID and you will get a 403 error.
     */
    readonly projectId: pulumi.Output<string>;
    /**
     * The [region](https://www.scaleway.com/en/developers/api/#regions-and-zones) in which the bucket should be created.
     */
    readonly region: pulumi.Output<string | undefined>;
    /**
     * Create a BucketAcl resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: BucketAclArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering BucketAcl resources.
 */
export interface BucketAclState {
    /**
     * A configuration block that sets the ACL permissions for an object per grantee documented below.
     */
    accessControlPolicy?: pulumi.Input<inputs.object.BucketAclAccessControlPolicy | undefined>;
    /**
     * The canned ACL you want to apply to the bucket. Refer to the [AWS Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl_overview.html#canned-acl) documentation page to find a list of all the supported canned ACLs.
     */
    acl?: pulumi.Input<string | undefined>;
    /**
     * The name of the bucket, or its Terraform ID.
     */
    bucket?: pulumi.Input<string | undefined>;
    /**
     * The project ID of the expected bucket owner.
     */
    expectedBucketOwner?: pulumi.Input<string | undefined>;
    /**
     * `projectId`) The ID of the project the bucket is associated with.
     *
     * > **Important:** The `projectId` attribute has a particular behavior with s3 products, because the s3 API is scoped by project.
     * If you are using a project different from the default one, you have to specify the `projectId` for every child resource of the bucket,
     * like bucket ACLs. Otherwise, Terraform will try to create the child resource with the default project ID and you will get a 403 error.
     */
    projectId?: pulumi.Input<string | undefined>;
    /**
     * The [region](https://www.scaleway.com/en/developers/api/#regions-and-zones) in which the bucket should be created.
     */
    region?: pulumi.Input<string | undefined>;
}
/**
 * The set of arguments for constructing a BucketAcl resource.
 */
export interface BucketAclArgs {
    /**
     * A configuration block that sets the ACL permissions for an object per grantee documented below.
     */
    accessControlPolicy?: pulumi.Input<inputs.object.BucketAclAccessControlPolicy | undefined>;
    /**
     * The canned ACL you want to apply to the bucket. Refer to the [AWS Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl_overview.html#canned-acl) documentation page to find a list of all the supported canned ACLs.
     */
    acl?: pulumi.Input<string | undefined>;
    /**
     * The name of the bucket, or its Terraform ID.
     */
    bucket: pulumi.Input<string>;
    /**
     * The project ID of the expected bucket owner.
     */
    expectedBucketOwner?: pulumi.Input<string | undefined>;
    /**
     * `projectId`) The ID of the project the bucket is associated with.
     *
     * > **Important:** The `projectId` attribute has a particular behavior with s3 products, because the s3 API is scoped by project.
     * If you are using a project different from the default one, you have to specify the `projectId` for every child resource of the bucket,
     * like bucket ACLs. Otherwise, Terraform will try to create the child resource with the default project ID and you will get a 403 error.
     */
    projectId?: pulumi.Input<string | undefined>;
    /**
     * The [region](https://www.scaleway.com/en/developers/api/#regions-and-zones) in which the bucket should be created.
     */
    region?: pulumi.Input<string | undefined>;
}
//# sourceMappingURL=bucketAcl.d.ts.map