Property | Value |
---|---|
Google Cloud Service Name | Cloud Storage |
Google Cloud Service Documentation | /storage/docs/ |
Google Cloud REST Resource Name | v1.bucketAccessControls |
Google Cloud REST Resource Documentation | /storage/docs/json_api/v1/bucketAccessControls |
Config Connector Resource Short Names | gcpstoragebucketaccesscontrol gcpstoragebucketaccesscontrols storagebucketaccesscontrol |
Config Connector Service Name | storage.googleapis.com |
Config Connector Resource Fully Qualified Name | storagebucketaccesscontrols.storage.cnrm.cloud.google.com |
Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
Custom Resource Definition Properties
Spec
Schema
bucketRef:
external: string
name: string
namespace: string
entity: string
role: string
Fields | |
---|---|
Required |
Reference to the bucket. |
Optional |
The name of a StorageBucket. |
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
Required |
Immutable. The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. |
Optional |
The access permission for the entity. Possible values: ["OWNER", "READER", "WRITER"] |
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
domain: string
email: string
Fields | |
---|---|
conditions |
Conditions represents the latest available observation of the resource's current state. |
conditions.[] |
|
conditions.[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions.[].message |
Human-readable message indicating details about last transition. |
conditions.[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions.[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions.[].type |
Type is the type of the condition. |
domain |
The domain associated with the entity. |
email |
The email address associated with the entity. |
Sample YAML(s)
Typical Use Case
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucketAccessControl
metadata:
labels:
label-one: "value-one"
name: storagebucketaccesscontrol-sample
spec:
bucketRef:
name: ${PROJECT_ID?}-bucketaccesscontrol-dep
entity: allAuthenticatedUsers
role: READER
---
apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
# StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
name: ${PROJECT_ID?}-bucketaccesscontrol-dep