google::bucket

Creates a Bucket within a specified region.

Example

google::bucket bucket-1
    name: 'example-one'
    location: 'us-central1'
    predefined-acl: 'publicRead'
    default-event-based-hold: true
    storage-class: 'NEARLINE'

    labels: {
        foo: 'bar_1901'
    }

    cors
        max-age-seconds: 3200
        method: ['GET', 'POST']
        origin: ['*']
        response-header: ['application-x-test']
    end

    billing
        requester-pays: false
    end

    iam-configuration
        uniform-bucket-level-access
            enabled: false
        end
    end

    iam-policy
        bindings
            role: 'roles/storage.legacyBucketOwner'
            members: ['projectEditor:<<PROJECT-ID-GOES-HERE>>']
        end

        bindings
            role: 'roles/storage.legacyBucketReader'
            members: ['projectViewer:<<PROJECT-ID-GOES-HERE>>']
        end

        bindings
            role: 'roles/storage.legacyBucketReader'
            members: ['allAuthenticatedUsers']
            condition
                title: 'example bucket iam policy condition'
                expression: 'request.time < timestamp(\"2021-01-01T00:00:00Z\")'
            end
        end
    end

    lifecycle
        rule
            action
                type: 'Delete'
            end
            condition
                age: 7
            end
        end

        rule
            action
                type: 'Delete'
            end

            condition
                num-newer-versions: 10
            end
        end

        rule
            action
                type: 'Delete'
            end

            condition
                is-live: true
                age: 15
            end
        end
    end

    logging
        log-bucket: $(google::bucket logs)
        log-object-prefix: 'gyro'
    end

    retention-policy
        retention-period: 3300
    end

    website
        main-page-suffix: 'index.html'
        not-found-page: '404.jpg'
    end
end

Attributes

Attribute Description
predefined-acl Sets predefined access controls to the bucket. Valid values are authenticatedRead, private, projectPrivate, publicRead and publicReadWrite. See Access Control Lists.
predefined-default-object-acl Set predefined default object access controls to the bucket. Valid values are authenticatedRead, bucketOwnerFullControl, bucketOwnerRead, private, projectPrivate and publicRead. See Access Control Lists.
user-project The project to be billed for this request.
name A unique name for the Bucket conforming to the bucket naming guidelines.
labels map Optional set of up to 64 key:value metadata pairs. Each key:value must conform to Label guidelines.
location The geographic region objects within the bucket will reside. See Bucket locations.
cors list Configure the cross origin request policies (CORS) for the bucket.
billing subresource

Configure the billing for the Bucket.

requester-pays
When true the requester pays setting for this bucket.
default-event-based-hold When true automatically apply an GCP “eventBasedHold”, or object hold, to new objects added to the bucket.
iam-configuration subresource

The bucket’s IAM configuration. See also Cloud Identity and Access Management.

uniform-bucket-level-access subresource

The bucket’s uniform bucket-level access configuration.

enabled
When true access is controlled only by bucket-level or above IAM policies.
iam-policy subresource

The bucket’s IAM Policy. See also Cloud IAM Permissions.

bindings list subresource

The association between the policies’ role and members who may assume that role.

role
The role associated with this binding. (Required)
members list
A list of identifiers for members who may assume the provided role. (Required)
condition subresource
The condition object associated with this binding.
lifecycle subresource

The bucket’s lifecycle configuration. See also Object Lifecycle Management.

rule list subresource

A lifecycle management rule, which is made of an action to take and the condition(s) under which an action will be taken.

action subresource

The action to take for the Rule.

storage-class
Target storage class. Required when action is set to SetStorageClass.
type
Type of the action to take on condition. Valid types are Delete or SetStorageClass.
condition subresource

The condition under which the action will be taken.

age
Age of an object in days.
created-before
A date in RFC-3339 format with only the date part. Ex 2013-01-15.
is-live
Only for versioned objects. When true this condition matches live objects; When false it matches archived objects.
matches-storage-class list
Matches objects having any of the storage classes specified. Valid values are STANDARD, NEARLINE, COLDLINE, MULTI_REGIONAL, REGIONAL or DURABLE_REDUCED_AVAILABILITY.
num-newer-versions
Only for versioned objects. If the value is N, the condition is met when there are at least N versions, including the live version, newer than this version of the object.
logging subresource

The bucket’s logging configuration.

log-bucket
The destination bucket where the current bucket’s logs should be placed.
log-object-prefix
A prefix for log object names.
retention-policy subresource

Minimum age an object in the bucket must reach before it can be deleted or overwritten. See also Retention policies.

retention-period
The duration in seconds that objects need to be retained. Must be greater than 0 and less than 3,155,760,000 (100 years).
storage-class Bucket’s default storage class used whenever no storageClass is specified for a newly-created object. Valid values are STANDARD, NEARLINE, COLDLINE, MULTI-REGIONAL, REGIONAL or DURABLE_REDUCED_AVAILABILITY. Defaults to STANDARD.
versioning subresource The bucket’s versioning configuration.
website subresource

The bucket’s website configuration controlling how the service behaves when accessing bucket contents as a web site.

main-page-suffix
If the requested object path is missing the service will ensure the path has a trailing ‘/’, append the suffix, and attempt to retrieve the resulting object.
not-found-page
If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content

Outputs

Attribute Description
id The generated ID for the bucket.
self-link The generated URI of this bucket.