import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Creates a new bucket in Google cloud storage service (GCS). * Once a bucket has been created, its location can't be changed. * * For more information see * [the official documentation](https://cloud.google.com/storage/docs/overview) * and * [API](https://cloud.google.com/storage/docs/json_api/v1/buckets). * * **Note**: If the project id is not set on the resource or in the provider block it will be dynamically * determined which will require enabling the compute api. * * ## Example Usage * * ### Creating A Private Bucket In Standard Storage, In The EU Region. Bucket Configured As Static Website And CORS Configurations * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const static_site = new gcp.storage.Bucket("static-site", { * name: "image-store.com", * location: "EU", * forceDestroy: true, * uniformBucketLevelAccess: true, * website: { * mainPageSuffix: "index.html", * notFoundPage: "404.html", * }, * cors: [ * { * origins: ["http://image-store.com"], * methods: [ * "GET", * "HEAD", * "PUT", * "POST", * "DELETE", * ], * responseHeaders: ["*"], * maxAgeSeconds: 3600, * }, * { * origins: ["http://image-store.com"], * methods: [ * "GET", * "HEAD", * "PUT", * "POST", * "DELETE", * ], * responseHeaders: ["*"], * maxAgeSeconds: 0, * }, * ], * }); * ``` * * ### Life Cycle Settings For Storage Bucket Objects * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const auto_expire = new gcp.storage.Bucket("auto-expire", { * name: "auto-expiring-bucket", * location: "US", * forceDestroy: true, * lifecycleRules: [ * { * condition: { * age: 3, * }, * action: { * type: "Delete", * }, * }, * { * condition: { * age: 1, * }, * action: { * type: "AbortIncompleteMultipartUpload", * }, * }, * ], * }); * ``` * * ### Life Cycle Settings For Storage Bucket Objects With `Send_age_if_zero` Disabled * When creating a life cycle condition that does not also include an `age` field, a default `age` of 0 will be set. Set the `sendAgeIfZero` flag to `false` to prevent this and avoid any potentially unintended interactions. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const no_age_enabled = new gcp.storage.Bucket("no-age-enabled", { * name: "no-age-enabled-bucket", * location: "US", * forceDestroy: true, * lifecycleRules: [{ * action: { * type: "Delete", * }, * condition: { * daysSinceNoncurrentTime: 3, * sendAgeIfZero: false, * }, * }], * }); * ``` * * ### Enabling Public Access Prevention * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const no_public_access = new gcp.storage.Bucket("no-public-access", { * name: "no-public-access-bucket", * location: "US", * forceDestroy: true, * publicAccessPrevention: "enforced", * }); * ``` * * ### Enabling Hierarchical Namespace * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hns_enabled = new gcp.storage.Bucket("hns-enabled", { * name: "hns-enabled-bucket", * location: "US", * forceDestroy: true, * hierarchicalNamespace: { * enabled: true, * }, * }); * ``` * * ### IP Filter Mode Enabled * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hns_enabled = new gcp.storage.Bucket("hns-enabled", { * name: "hns-enabled-bucket", * location: "US", * forceDestroy: true, * ipFilter: { * mode: "Enabled", * publicNetworkSource: { * allowedIpCidrRanges: [ * "0.0.0.0/0", * "::/0", * ], * }, * }, * }); * ``` * * ### IP Filter Mode Disabled * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hns_enabled = new gcp.storage.Bucket("hns-enabled", { * name: "hns-enabled-bucket", * location: "US", * forceDestroy: true, * ipFilter: { * mode: "Disabled", * publicNetworkSource: { * allowedIpCidrRanges: [ * "0.0.0.0/0", * "::/0", * ], * }, * }, * }); * ``` * * ## Import * * Storage buckets can be imported using the `name` or `project/name`. If the project is not * passed to the import command it will be inferred from the provider block or environment variables. * If it cannot be inferred it will be queried from the Compute API (this will fail if the API is * not enabled). * * * `{{project_id}}/{{bucket}}` * * `{{bucket}}` * * When using the `pulumi import` command, Storage buckets can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:storage/bucket:Bucket default {{bucket}} * $ pulumi import gcp:storage/bucket:Bucket default {{project_id}}/{{bucket}} * ``` * * > **Note:** Terraform will import this resource with `forceDestroy` set to * `false` in state. If you've set it to `true` in config, run `pulumi up` to * update the value set in state. If you delete this resource before updating the * value, objects in the bucket will not be destroyed. */ export declare class Bucket extends pulumi.CustomResource { /** * Get an existing Bucket resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: BucketState, opts?: pulumi.CustomResourceOptions): Bucket; /** * Returns true if the given object is an instance of Bucket. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Bucket; /** * The bucket's [Autoclass](https://cloud.google.com/storage/docs/autoclass) configuration. Structure is documented below. */ readonly autoclass: pulumi.Output; /** * The bucket's [Cross-Origin Resource Sharing (CORS)](https://www.w3.org/TR/cors/) configuration. Multiple blocks of this type are permitted. Structure is documented below. */ readonly cors: pulumi.Output; /** * The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty. Structure is documented below. */ readonly customPlacementConfig: pulumi.Output; /** * Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. */ readonly defaultEventBasedHold: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * Enables [object retention](https://cloud.google.com/storage/docs/object-lock) on a storage bucket. */ readonly enableObjectRetention: pulumi.Output; /** * The bucket's encryption configuration. Structure is documented below. */ readonly encryption: pulumi.Output; /** * When true, before deleting a bucket, delete all objects within the bucket, or Anywhere Caches caching data for that bucket. Otherwise, buckets with objects/caches will fail. Anywhere Cache requires additional permissions to interact with and will be assumed not present when the provider is not permissioned, attempting to delete the bucket anyways. This may result in the objects in the bucket getting destroyed but not the bucket itself if there is a cache in use with the bucket. Force deletion may take a long time to delete buckets with lots of objects or with any Anywhere Caches (80m+). */ readonly forceDestroy: pulumi.Output; /** * The bucket's hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, `uniformBucketLevelAccess` must be enabled on bucket. */ readonly hierarchicalNamespace: pulumi.Output; /** * The bucket IP filtering configuration. Specifies the network sources that can access the bucket, as well as its underlying objects. Structure is documented below. */ readonly ipFilter: pulumi.Output; /** * A map of key/value label pairs to assign to the bucket. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The bucket's [Lifecycle Rules](https://cloud.google.com/storage/docs/lifecycle#configuration) configuration. Multiple blocks of this type are permitted. Structure is documented below. */ readonly lifecycleRules: pulumi.Output; /** * The [GCS location](https://cloud.google.com/storage/docs/bucket-locations). * * - - - */ readonly location: pulumi.Output; /** * The bucket's [Access & Storage Logs](https://cloud.google.com/storage/docs/access-logs) configuration. Structure is documented below. */ readonly logging: pulumi.Output; /** * The name of the bucket. Bucket names must be in lowercase and no more than 63 characters long. You can find the complete list of bucket naming rules [here](https://cloud.google.com/storage/docs/buckets#naming). */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The project number of the project in which the resource belongs. */ readonly projectNumber: pulumi.Output; /** * Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses [public access prevention](https://cloud.google.com/storage/docs/public-access-prevention) only if the bucket is subject to the public access prevention organization policy constraint. Defaults to "inherited". */ readonly publicAccessPrevention: pulumi.Output; /** * The combination of labels configured directly on the resource and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; /** * Enables [Requester Pays](https://cloud.google.com/storage/docs/requester-pays) on a storage bucket. */ readonly requesterPays: pulumi.Output; /** * Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. Structure is documented below. */ readonly retentionPolicy: pulumi.Output; /** * The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. `"DEFAULT"` sets default replication. `"ASYNC_TURBO"` value enables turbo replication, valid for dual-region buckets only. See [Turbo Replication](https://cloud.google.com/storage/docs/managing-turbo-replication) for more information. If rpo is not specified at bucket creation, it defaults to `"DEFAULT"` for dual and multi-region buckets. **NOTE** If used with single-region bucket, It will throw an error. */ readonly rpo: pulumi.Output; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output; /** * The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If the block is not provided, Server side value will be kept which means removal of block won't generate any terraform change. Structure is documented below. */ readonly softDeletePolicy: pulumi.Output; /** * The [Storage Class](https://cloud.google.com/storage/docs/storage-classes) of the new bucket. Supported values include: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`. */ readonly storageClass: pulumi.Output; /** * The creation time of the bucket in RFC 3339 format. */ readonly timeCreated: pulumi.Output; /** * Enables [Uniform bucket-level access](https://cloud.google.com/storage/docs/uniform-bucket-level-access) access to a bucket. */ readonly uniformBucketLevelAccess: pulumi.Output; /** * The time at which the bucket's metadata or IAM policy was last updated, in RFC 3339 format. */ readonly updated: pulumi.Output; /** * The base URL of the bucket, in the format `gs://`. */ readonly url: pulumi.Output; /** * The bucket's [Versioning](https://cloud.google.com/storage/docs/object-versioning) configuration. Structure is documented below. */ readonly versioning: pulumi.Output; /** * Configuration if the bucket acts as a website. Structure is documented below. */ readonly website: pulumi.Output; /** * Create a Bucket resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: BucketArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Bucket resources. */ export interface BucketState { /** * The bucket's [Autoclass](https://cloud.google.com/storage/docs/autoclass) configuration. Structure is documented below. */ autoclass?: pulumi.Input; /** * The bucket's [Cross-Origin Resource Sharing (CORS)](https://www.w3.org/TR/cors/) configuration. Multiple blocks of this type are permitted. Structure is documented below. */ cors?: pulumi.Input[]>; /** * The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty. Structure is documented below. */ customPlacementConfig?: pulumi.Input; /** * Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. */ defaultEventBasedHold?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Enables [object retention](https://cloud.google.com/storage/docs/object-lock) on a storage bucket. */ enableObjectRetention?: pulumi.Input; /** * The bucket's encryption configuration. Structure is documented below. */ encryption?: pulumi.Input; /** * When true, before deleting a bucket, delete all objects within the bucket, or Anywhere Caches caching data for that bucket. Otherwise, buckets with objects/caches will fail. Anywhere Cache requires additional permissions to interact with and will be assumed not present when the provider is not permissioned, attempting to delete the bucket anyways. This may result in the objects in the bucket getting destroyed but not the bucket itself if there is a cache in use with the bucket. Force deletion may take a long time to delete buckets with lots of objects or with any Anywhere Caches (80m+). */ forceDestroy?: pulumi.Input; /** * The bucket's hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, `uniformBucketLevelAccess` must be enabled on bucket. */ hierarchicalNamespace?: pulumi.Input; /** * The bucket IP filtering configuration. Specifies the network sources that can access the bucket, as well as its underlying objects. Structure is documented below. */ ipFilter?: pulumi.Input; /** * A map of key/value label pairs to assign to the bucket. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The bucket's [Lifecycle Rules](https://cloud.google.com/storage/docs/lifecycle#configuration) configuration. Multiple blocks of this type are permitted. Structure is documented below. */ lifecycleRules?: pulumi.Input[]>; /** * The [GCS location](https://cloud.google.com/storage/docs/bucket-locations). * * - - - */ location?: pulumi.Input; /** * The bucket's [Access & Storage Logs](https://cloud.google.com/storage/docs/access-logs) configuration. Structure is documented below. */ logging?: pulumi.Input; /** * The name of the bucket. Bucket names must be in lowercase and no more than 63 characters long. You can find the complete list of bucket naming rules [here](https://cloud.google.com/storage/docs/buckets#naming). */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ project?: pulumi.Input; /** * The project number of the project in which the resource belongs. */ projectNumber?: pulumi.Input; /** * Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses [public access prevention](https://cloud.google.com/storage/docs/public-access-prevention) only if the bucket is subject to the public access prevention organization policy constraint. Defaults to "inherited". */ publicAccessPrevention?: pulumi.Input; /** * The combination of labels configured directly on the resource and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Enables [Requester Pays](https://cloud.google.com/storage/docs/requester-pays) on a storage bucket. */ requesterPays?: pulumi.Input; /** * Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. Structure is documented below. */ retentionPolicy?: pulumi.Input; /** * The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. `"DEFAULT"` sets default replication. `"ASYNC_TURBO"` value enables turbo replication, valid for dual-region buckets only. See [Turbo Replication](https://cloud.google.com/storage/docs/managing-turbo-replication) for more information. If rpo is not specified at bucket creation, it defaults to `"DEFAULT"` for dual and multi-region buckets. **NOTE** If used with single-region bucket, It will throw an error. */ rpo?: pulumi.Input; /** * The URI of the created resource. */ selfLink?: pulumi.Input; /** * The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If the block is not provided, Server side value will be kept which means removal of block won't generate any terraform change. Structure is documented below. */ softDeletePolicy?: pulumi.Input; /** * The [Storage Class](https://cloud.google.com/storage/docs/storage-classes) of the new bucket. Supported values include: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`. */ storageClass?: pulumi.Input; /** * The creation time of the bucket in RFC 3339 format. */ timeCreated?: pulumi.Input; /** * Enables [Uniform bucket-level access](https://cloud.google.com/storage/docs/uniform-bucket-level-access) access to a bucket. */ uniformBucketLevelAccess?: pulumi.Input; /** * The time at which the bucket's metadata or IAM policy was last updated, in RFC 3339 format. */ updated?: pulumi.Input; /** * The base URL of the bucket, in the format `gs://`. */ url?: pulumi.Input; /** * The bucket's [Versioning](https://cloud.google.com/storage/docs/object-versioning) configuration. Structure is documented below. */ versioning?: pulumi.Input; /** * Configuration if the bucket acts as a website. Structure is documented below. */ website?: pulumi.Input; } /** * The set of arguments for constructing a Bucket resource. */ export interface BucketArgs { /** * The bucket's [Autoclass](https://cloud.google.com/storage/docs/autoclass) configuration. Structure is documented below. */ autoclass?: pulumi.Input; /** * The bucket's [Cross-Origin Resource Sharing (CORS)](https://www.w3.org/TR/cors/) configuration. Multiple blocks of this type are permitted. Structure is documented below. */ cors?: pulumi.Input[]>; /** * The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty. Structure is documented below. */ customPlacementConfig?: pulumi.Input; /** * Whether or not to automatically apply an eventBasedHold to new objects added to the bucket. */ defaultEventBasedHold?: pulumi.Input; /** * Enables [object retention](https://cloud.google.com/storage/docs/object-lock) on a storage bucket. */ enableObjectRetention?: pulumi.Input; /** * The bucket's encryption configuration. Structure is documented below. */ encryption?: pulumi.Input; /** * When true, before deleting a bucket, delete all objects within the bucket, or Anywhere Caches caching data for that bucket. Otherwise, buckets with objects/caches will fail. Anywhere Cache requires additional permissions to interact with and will be assumed not present when the provider is not permissioned, attempting to delete the bucket anyways. This may result in the objects in the bucket getting destroyed but not the bucket itself if there is a cache in use with the bucket. Force deletion may take a long time to delete buckets with lots of objects or with any Anywhere Caches (80m+). */ forceDestroy?: pulumi.Input; /** * The bucket's hierarchical namespace policy, which defines the bucket capability to handle folders in logical structure. Structure is documented below. To use this configuration, `uniformBucketLevelAccess` must be enabled on bucket. */ hierarchicalNamespace?: pulumi.Input; /** * The bucket IP filtering configuration. Specifies the network sources that can access the bucket, as well as its underlying objects. Structure is documented below. */ ipFilter?: pulumi.Input; /** * A map of key/value label pairs to assign to the bucket. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The bucket's [Lifecycle Rules](https://cloud.google.com/storage/docs/lifecycle#configuration) configuration. Multiple blocks of this type are permitted. Structure is documented below. */ lifecycleRules?: pulumi.Input[]>; /** * The [GCS location](https://cloud.google.com/storage/docs/bucket-locations). * * - - - */ location: pulumi.Input; /** * The bucket's [Access & Storage Logs](https://cloud.google.com/storage/docs/access-logs) configuration. Structure is documented below. */ logging?: pulumi.Input; /** * The name of the bucket. Bucket names must be in lowercase and no more than 63 characters long. You can find the complete list of bucket naming rules [here](https://cloud.google.com/storage/docs/buckets#naming). */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. If it * is not provided, the provider project is used. */ project?: pulumi.Input; /** * Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses [public access prevention](https://cloud.google.com/storage/docs/public-access-prevention) only if the bucket is subject to the public access prevention organization policy constraint. Defaults to "inherited". */ publicAccessPrevention?: pulumi.Input; /** * Enables [Requester Pays](https://cloud.google.com/storage/docs/requester-pays) on a storage bucket. */ requesterPays?: pulumi.Input; /** * Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. Structure is documented below. */ retentionPolicy?: pulumi.Input; /** * The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. `"DEFAULT"` sets default replication. `"ASYNC_TURBO"` value enables turbo replication, valid for dual-region buckets only. See [Turbo Replication](https://cloud.google.com/storage/docs/managing-turbo-replication) for more information. If rpo is not specified at bucket creation, it defaults to `"DEFAULT"` for dual and multi-region buckets. **NOTE** If used with single-region bucket, It will throw an error. */ rpo?: pulumi.Input; /** * The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If the block is not provided, Server side value will be kept which means removal of block won't generate any terraform change. Structure is documented below. */ softDeletePolicy?: pulumi.Input; /** * The [Storage Class](https://cloud.google.com/storage/docs/storage-classes) of the new bucket. Supported values include: `STANDARD`, `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`, `ARCHIVE`. */ storageClass?: pulumi.Input; /** * Enables [Uniform bucket-level access](https://cloud.google.com/storage/docs/uniform-bucket-level-access) access to a bucket. */ uniformBucketLevelAccess?: pulumi.Input; /** * The bucket's [Versioning](https://cloud.google.com/storage/docs/object-versioning) configuration. Structure is documented below. */ versioning?: pulumi.Input; /** * Configuration if the bucket acts as a website. Structure is documented below. */ website?: pulumi.Input; }