StorageBucket


Property Value
Google Cloud Service Name Cloud Storage
Google Cloud Service Documentation /storage/docs/
Google Cloud REST Resource Name v1.buckets
Google Cloud REST Resource Documentation /storage/docs/json_api/v1/buckets
Config Connector Resource Short Names gcpstoragebucket
gcpstoragebuckets
storagebucket
Config Connector Service Name storage.googleapis.com
Config Connector Resource Fully Qualified Name storagebuckets.storage.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember Yes
Supports IAM Conditions Yes
Supports IAM Audit Configs No
IAM External Reference Format

{{name}}

Config Connector Default Average Reconcile Interval In Seconds 600

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/force-destroy
cnrm.cloud.google.com/project-id

Spec

Schema

autoclass:
  enabled: boolean
bucketPolicyOnly: boolean
cors:
- maxAgeSeconds: integer
  method:
  - string
  origin:
  - string
  responseHeader:
  - string
customPlacementConfig:
  dataLocations:
  - string
defaultEventBasedHold: boolean
encryption:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
lifecycleRule:
- action:
    storageClass: string
    type: string
  condition:
    age: integer
    createdBefore: string
    customTimeBefore: string
    daysSinceCustomTime: integer
    daysSinceNoncurrentTime: integer
    matchesPrefix:
    - string
    matchesStorageClass:
    - string
    matchesSuffix:
    - string
    noncurrentTimeBefore: string
    numNewerVersions: integer
    withState: string
location: string
logging:
  logBucket: string
  logObjectPrefix: string
publicAccessPrevention: string
requesterPays: boolean
resourceID: string
retentionPolicy:
  isLocked: boolean
  retentionPeriod: integer
softDeletePolicy:
  retentionDurationSeconds: integer
storageClass: string
uniformBucketLevelAccess: boolean
versioning:
  enabled: boolean
website:
  mainPageSuffix: string
  notFoundPage: string
Fields

autoclass

Optional

object

The bucket's autoclass configuration.

autoclass.enabled

Required*

boolean

While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.

bucketPolicyOnly

Optional

boolean

DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. Enables Bucket PolicyOnly access to a bucket.

cors

Optional

list (object)

The bucket's Cross-Origin Resource Sharing (CORS) configuration.

cors[]

Optional

object

cors[].maxAgeSeconds

Optional

integer

The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.

cors[].method

Optional

list (string)

The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".

cors[].method[]

Optional

string

cors[].origin

Optional

list (string)

The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".

cors[].origin[]

Optional

string

cors[].responseHeader

Optional

list (string)

The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.

cors[].responseHeader[]

Optional

string

customPlacementConfig

Optional

object

The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.

customPlacementConfig.dataLocations

Required*

list (string)

Immutable. The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.

customPlacementConfig.dataLocations[]

Required*

string

defaultEventBasedHold

Optional

boolean

Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.

encryption

Optional

object

The bucket's encryption configuration.

encryption.kmsKeyRef

Required*

object

encryption.kmsKeyRef.external

Optional

string

Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.

encryption.kmsKeyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

encryption.kmsKeyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

lifecycleRule

Optional

list (object)

The bucket's Lifecycle Rules configuration.

lifecycleRule[]

Optional

object

lifecycleRule[].action

Required*

object

The Lifecycle Rule's action configuration. A single block of this type is supported.

lifecycleRule[].action.storageClass

Optional

string

The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.

lifecycleRule[].action.type

Required*

string

The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.

lifecycleRule[].condition

Required*

object

The Lifecycle Rule's condition configuration.

lifecycleRule[].condition.age

Optional

integer

Minimum age of an object in days to satisfy this condition.

lifecycleRule[].condition.createdBefore

Optional

string

Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

lifecycleRule[].condition.customTimeBefore

Optional

string

Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

lifecycleRule[].condition.daysSinceCustomTime

Optional

integer

Number of days elapsed since the user-specified timestamp set on an object.

lifecycleRule[].condition.daysSinceNoncurrentTime

Optional

integer

Number of days elapsed since the noncurrent timestamp of an object. This condition is relevant only for versioned objects.

lifecycleRule[].condition.matchesPrefix

Optional

list (string)

One or more matching name prefixes to satisfy this condition.

lifecycleRule[].condition.matchesPrefix[]

Optional

string

lifecycleRule[].condition.matchesStorageClass

Optional

list (string)

Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.

lifecycleRule[].condition.matchesStorageClass[]

Optional

string

lifecycleRule[].condition.matchesSuffix

Optional

list (string)

One or more matching name suffixes to satisfy this condition.

lifecycleRule[].condition.matchesSuffix[]

Optional

string

lifecycleRule[].condition.noncurrentTimeBefore

Optional

string

Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.

lifecycleRule[].condition.numNewerVersions

Optional

integer

Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.

lifecycleRule[].condition.withState

Optional

string

Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".

location

Optional

string

Immutable. The Google Cloud Storage location.

logging

Optional

object

The bucket's Access & Storage Logs configuration.

logging.logBucket

Required*

string

The bucket that will receive log objects.

logging.logObjectPrefix

Optional

string

The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.

publicAccessPrevention

Optional

string

Prevents public access to a bucket.

requesterPays

Optional

boolean

Enables Requester Pays on a storage bucket.

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

retentionPolicy

Optional

object

Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.

retentionPolicy.isLocked

Optional

boolean

If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.

retentionPolicy.retentionPeriod

Required*

integer

The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.

softDeletePolicy

Optional

object

The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy.

softDeletePolicy.retentionDurationSeconds

Optional

integer

The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.

storageClass

Optional

string

The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.

uniformBucketLevelAccess

Optional

boolean

Enables uniform bucket-level access on a bucket.

versioning

Optional

object

The bucket's Versioning configuration.

versioning.enabled

Required*

boolean

While set to true, versioning is fully enabled for this bucket.

website

Optional

object

Configuration if the bucket acts as a website.

website.mainPageSuffix

Optional

string

Behaves as the bucket's directory index where missing objects are treated as potential directories.

website.notFoundPage

Optional

string

The custom object to return when a requested resource is not found.

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
observedGeneration: integer
observedState:
  softDeletePolicy:
    effectiveTime: string
    retentionDurationSeconds: integer
selfLink: string
url: string
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

observedState

object

The observed state of the underlying GCP resource.

observedState.softDeletePolicy

object

The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy.

observedState.softDeletePolicy.effectiveTime

string

Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format.

observedState.softDeletePolicy.retentionDurationSeconds

integer

The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.

selfLink

string

The URI of the created resource.

url

string

The base URL of the bucket, in the format gs://.

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  annotations:
    cnrm.cloud.google.com/force-destroy: "false"
  labels:
    label-one: "value-one"
  # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
  name: ${PROJECT_ID?}-sample
spec:
  lifecycleRule:
    - action:
        type: Delete
      condition:
        age: 7
        withState: ANY
  versioning:
    enabled: true
  cors:
    - origin: ["http://example.appspot.com"]
      responseHeader: ["Content-Type"]
      method: ["GET", "HEAD", "DELETE"]
      maxAgeSeconds: 3600
  uniformBucketLevelAccess: true
  softDeletePolicy:
    retentionDurationSeconds: 604800