StorageBucketAccessControl
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud Storage |
| Google Cloud Service Documentation | /storage/docs/ |
| Google Cloud REST Resource Name | v1.bucketAccessControls |
| Google Cloud REST Resource Documentation | /storage/docs/json_api/v1/bucketAccessControls |
| Config Connector Resource Short Names | gcpstoragebucketaccesscontrol gcpstoragebucketaccesscontrols storagebucketaccesscontrol |
| Config Connector Service Name | storage.googleapis.com |
| Config Connector Resource Fully Qualified Name | storagebucketaccesscontrols.storage.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
bucketRef:
external: string
name: string
namespace: string
entity: string
role: string
| Fields | |
|---|---|
|
Required |
Reference to the bucket. |
|
Optional |
Allowed value: The `name` field of a `StorageBucket` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Required |
Immutable. The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. |
|
Optional |
The access permission for the entity. Possible values: ["OWNER", "READER", "WRITER"]. |
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
domain: string
email: string
observedGeneration: integer
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
domain |
The domain associated with the entity. |
email |
The email address associated with the entity. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucketAccessControl
metadata:
labels:
label-one: "value-one"
name: storagebucketaccesscontrol-sample
spec:
bucketRef:
name: ${PROJECT_ID?}-bucketaccesscontrol-dep
entity: allAuthenticatedUsers
role: READER
---
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
# StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
name: ${PROJECT_ID?}-bucketaccesscontrol-dep