StorageBucket

Property Value
Google Cloud Service Name Cloud Storage
Google Cloud Service Documentation /storage/docs/
Google Cloud REST Resource Name v1.buckets
Google Cloud REST Resource Documentation /storage/docs/json_api/v1/buckets
Config Connector Resource Short Names gcpstoragebucket
gcpstoragebuckets
storagebucket
Config Connector Service Name storage.googleapis.com
Config Connector Resource Fully Qualified Name storagebuckets.storage.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions Yes
Supports IAM Audit Configs No
IAM External Reference Format

{{name}}

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/force-destroy
cnrm.cloud.google.com/project-id

Spec

Schema

  bucketPolicyOnly: boolean
  cors:
  - maxAgeSeconds: integer
    method:
    - string
    origin:
    - string
    responseHeader:
    - string
  defaultEventBasedHold: boolean
  encryption:
    kmsKeyRef:
      external: string
      name: string
      namespace: string
  lifecycleRule:
  - action:
      storageClass: string
      type: string
    condition:
      age: integer
      createdBefore: string
      matchesStorageClass:
      - string
      numNewerVersions: integer
      withState: string
  location: string
  logging:
    logBucket: string
    logObjectPrefix: string
  requesterPays: boolean
  retentionPolicy:
    isLocked: boolean
    retentionPeriod: integer
  storageClass: string
  uniformBucketLevelAccess: boolean
  versioning:
    enabled: boolean
  website:
    mainPageSuffix: string
    notFoundPage: string
Fields

bucketPolicyOnly

Optional

boolean

DEPRECATED — Please use the uniform_bucket_level_access as this field has been renamed by Google. Enables Bucket Policy Only access to a bucket.

cors

Optional

list (object)

The bucket's Cross-Origin Resource Sharing (CORS) configuration.

cors.[]

Optional

object

cors.[].maxAgeSeconds

Optional

integer

The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.

cors.[].method

Optional

list (string)

The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".

cors.[].method.[]

Optional

string

cors.[].origin

Optional

list (string)

The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".

cors.[].origin.[]

Optional

string

cors.[].responseHeader

Optional

list (string)

The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.

cors.[].responseHeader.[]

Optional

string

defaultEventBasedHold

Optional

boolean

encryption

Optional

object

The bucket's encryption configuration.

encryption.kmsKeyRef

Required*

object

encryption.kmsKeyRef.external

Optional

string

The selfLink of a KMSCryptoKey.

encryption.kmsKeyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

encryption.kmsKeyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

lifecycleRule

Optional

list (object)

The bucket's Lifecycle Rules configuration.

lifecycleRule.[]

Optional

object

lifecycleRule.[].action

Required*

object

The Lifecycle Rule's action configuration. A single block of this type is supported.

lifecycleRule.[].action.storageClass

Optional

string

The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.

lifecycleRule.[].action.type

Required*

string

The type of the action of this Lifecycle Rule. Supported values include: Delete and SetStorageClass.

lifecycleRule.[].condition

Required*

object

The Lifecycle Rule's condition configuration.

lifecycleRule.[].condition.age

Optional

integer

Minimum age of an object in days to satisfy this condition.

lifecycleRule.[].condition.createdBefore

Optional

string

Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

lifecycleRule.[].condition.matchesStorageClass

Optional

list (string)

Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.

lifecycleRule.[].condition.matchesStorageClass.[]

Optional

string

lifecycleRule.[].condition.numNewerVersions

Optional

integer

Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.

lifecycleRule.[].condition.withState

Optional

string

Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".

location

Optional

string

The Google Cloud Storage location

logging

Optional

object

The bucket's Access & Storage Logs configuration.

logging.logBucket

Required*

string

The bucket that will receive log objects.

logging.logObjectPrefix

Optional

string

The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.

requesterPays

Optional

boolean

Enables Requester Pays on a storage bucket.

retentionPolicy

Optional

object

Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.

retentionPolicy.isLocked

Optional

boolean

If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.

retentionPolicy.retentionPeriod

Required*

integer

The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.

storageClass

Optional

string

The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.

uniformBucketLevelAccess

Optional

boolean

Enables uniform bucket-level access on a bucket.

versioning

Optional

object

The bucket's Versioning configuration.

versioning.enabled

Required*

boolean

While set to true, versioning is fully enabled for this bucket.

website

Optional

object

Configuration if the bucket acts as a website.

website.mainPageSuffix

Optional

string

Behaves as the bucket's directory index where missing objects are treated as potential directories.

website.notFoundPage

Optional

string

The custom object to return when a requested resource is not found.

* Field is required when parent field is specified

Status

Schema

  conditions:
  - lastTransitionTime: string
    message: string
    reason: string
    status: string
    type: string
  selfLink: string
  url: string
Fields
conditions

list (object)

Conditions represents the latest available observation of the resource's current state.

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

selfLink

string

The URI of the created resource.

url

string

The base URL of the bucket, in the format gs://.

Sample YAML(s)

Typical Use Case

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: storage.cnrm.cloud.google.com/v1beta1
  kind: StorageBucket
  metadata:
    annotations:
      cnrm.cloud.google.com/force-destroy: "false"
    labels:
      label-one: "value-one"
    # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
    name: ${PROJECT_ID?}-sample
  spec:
    bucketPolicyOnly: true
    lifecycleRule:
      - action:
          type: Delete
        condition:
          age: 7
    versioning:
      enabled: true
    cors:
      - origin: ["http://example.appspot.com"]
        responseHeader: ["Content-Type"]
        method: ["GET", "HEAD", "DELETE"]
        maxAgeSeconds: 3600