Authoritatively manages the access control list (ACL) for an object in a Google
Cloud Storage (GCS) bucket. Removing a google_storage_object_acl
sets the
acl to the private
predefined ACL.
For more information see the official documentation and API.
Create an object ACL with one owner and one reader.
resource "google_storage_bucket" "image-store" {
name = "image-store-bucket"
location = "EU"
}
resource "google_storage_bucket_object" "image" {
name = "image1"
bucket = google_storage_bucket.image-store.name
source = "image1.jpg"
}
resource "google_storage_object_acl" "image-store-acl" {
bucket = google_storage_bucket.image-store.name
object = google_storage_bucket_object.image.output_name
role_entity = [
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
]
}
bucket
- (Required) The name of the bucket the object is stored in.
object
- (Required) The name of the object to apply the acl to.
predefined_acl
- (Optional) The "canned" predefined ACL to apply. Must be set if role_entity
is not.
role_entity
- (Optional) List of role/entity pairs in the form ROLE:entity
. See GCS Object ACL documentation for more details.
Must be set if predefined_acl
is not.
Only the arguments listed above are exposed as attributes.
This resource does not support import.