This guide describes how to create, list, and delete managed folders.
Before you begin
To create and manage managed folders, you must first enable uniform bucket-level access and get the required IAM roles.
Enable uniform bucket-level access
If you haven't already, enable uniform bucket-level access.
Get required roles
To get the permissions that you need to create and manage managed folders,
ask your administrator to grant you the
Storage Folder Admin (roles/storage.folderAdmin
) IAM role on the bucket.
This predefined role contains the permissions required to create and manage managed folders. To see the exact permissions that are required, expand the Required permissions section:
Required permissions
The following permissions are required to create and manage managed folders:
-
To create managed folders:
storage.managedFolders.create
-
To validate newly created managed folders by listing them:
storage.objects.list
-
To list managed folders:
storage.managedFolders.list
-
To get managed folders:
storage.managedFolders.get
-
To move managed folders:
-
storage.managedFolders.delete
(on the source bucket) -
storage.managedFolders.create
(on the destination bucket)
-
-
To delete managed folders:
storage.managedFolders.delete
For information about granting roles on buckets, see Use IAM with buckets.
Create a managed folder
Console
When using the Google Cloud console, you create managed folders by enabling management on folders or simulated folders. The following steps describe how to create a folder or a simulated folder and then enable folder management:
- In the Google Cloud console, go to the Cloud Storage Buckets page.
In the list of buckets, click the name of the bucket you want to create managed folders in.
In the Bucket details page, click Create folder to create a new folder. If the folder you want to convert to a managed folder already exists, skip to the step describing how to access the More options
menu.In the Name field, enter a name for your folder. For naming considerations, see Managed folder names.
Click Create.
Your newly created folder appears in the Folder browser pane.
In the Folder browser pane, click the More options
menu next to the folder you want to convert to a managed folder and click Edit access.The Enable folder management? dialog appears.
Click Enable.
Your folder converts to a managed folder. A Permissions for
MANAGED_FOLDER_NAME
pane appears that displays the IAM policies on the folder by principal and role. To create new IAM policies, see Set an IAM policy on a managed folder.
Command line
To create a managed folder, run the
gcloud storage managed-folders create
command:
gcloud storage managed-folders create gs://BUCKET_NAME/MANAGED_FOLDER_NAME
Where:
BUCKET_NAME
is the name of the bucket in which you want to create a managed folder. For example,my-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder you want to create. For example,my-managed-folder/
.
To confirm that the managed folder was created, run the
gcloud storage managed-folders describe
command:
gcloud storage managed-folders describe gs://BUCKET_NAME/MANAGED_FOLDER_NAME
Where:
BUCKET_NAME
is the name of the bucket in which you created a managed folder.MANAGED_FOLDER_NAME
is the name of the managed folder you created.
Client libraries
For more information, see the
Cloud Storage C++ API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage C# API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Go API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Java API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Node.js API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage PHP API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Python API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Ruby API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
C++
C#
Go
Java
Node.js
PHP
Python
Ruby
REST APIs
JSON API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Use
cURL
to call the JSON API with aPOST
ManagedFolder request:curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -d '{ "name": "MANAGED_FOLDER_NAME" }' \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/managedFolders"
Where:
BUCKET_NAME
is the name of the bucket in which you want to create a managed folder. For example,my-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder you want to create. For example,my-managed-folder/
.
List managed folders
Console
- In the Google Cloud console, go to the Cloud Storage Buckets page.
From the Folder browser pane, use the toggle node
to expand the list of folders within your bucket.
A list displays the folders, simulated folders, and managed folders in your bucket.
Command line
To list managed folders, run the
gcloud storage managed-folders list
command:
gcloud storage managed-folders list gs://BUCKET_NAME
Where:
BUCKET_NAME
is the name of the bucket that contains the managed folders you want to list. For example,my-bucket
.
Note that you can also specify a folder path instead of a bucket name. For example:
gcloud storage managed-folders list gs://my-bucket/folder/
Client libraries
For more information, see the
Cloud Storage C++ API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage C# API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Go API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Java API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Node.js API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage PHP API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Python API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Ruby API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
C++
C#
Go
Java
Node.js
PHP
Python
Ruby
REST APIs
JSON API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Use
cURL
to call the JSON API with a request to list managed folders:curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/managedFolders"
Where
BUCKET_NAME
is the name of the bucket that contains the managed folders you want to list. For example,my-bucket
.
Get the metadata of a managed folder
Command line
To get the metadata of a managed folder, run the
gcloud storage managed-folders describe
command:
gcloud storage managed-folders describe gs://BUCKET_NAME/MANAGED_FOLDER_NAME
Where:
BUCKET_NAME
is the name of the bucket that contains the managed folders you want to list. For example,my-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder you want to retrieve metadata for.
Client libraries
For more information, see the
Cloud Storage C++ API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage C# API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Go API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Java API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Node.js API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage PHP API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Python API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Ruby API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
C++
C#
Go
Java
Node.js
PHP
Python
Ruby
REST APIs
JSON API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Use
cURL
to call the JSON API with a request to get managed folders:curl -X GET -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/managedFolders/MANAGED_FOLDER_NAME"
Where:
BUCKET_NAME
is the name of the bucket that contains the managed folders you want to get. For example,my-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder expressed as a path. For example,example-dir/
. If the managed folder is nested, the slash (/
) character in the managed folder path must be escaped. For example,example-dir1%2Fexample-dir2
.
Move a managed folder
Console
Create a new managed folder in the destination bucket.
Copy the IAM policies from the original managed folder in the source bucket into the new managed folder in the destination bucket.
Copy the objects from the original managed folder in the source bucket to the new managed folder in the destination bucket.
Delete the original managed folder from the source bucket.
Command line
To move managed folders and the objects they contain, run the
gcloud storage mv
command with the --include-managed-folders
option:
gcloud storage mv --include-managed-folders gs://SOURCE_BUCKET_NAME/MANAGED_FOLDER_NAME gs://DESTINATION_BUCKET_NAME/MANAGED_FOLDER_NAME
Where:
SOURCE_BUCKET
is the name of your original bucket. For example,my-source-bucket
`.DESTINATION_BUCKET
is the name of the bucket you are moving your managed folder to. For example,my-destination-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder you're moving. For example,my-managed-folder/
.
REST APIs
JSON API
To move managed folders from one bucket to another, complete the following steps:
Create a new managed folder in the destination bucket.
Copy the IAM policies from the original managed folder in the source bucket to the new managed folder in the destination bucket.
Copy the objects from the original managed folder in the source bucket to the new managed folder in the destination bucket.
Delete the original managed folder from the source bucket.
Delete a managed folder
Console
- In the Google Cloud console, go to the Cloud Storage Buckets page.
In the list of buckets, click the name of the bucket that contains the managed folder you want to delete.
In the Bucket details page, click the More options icon
next to the managed folder you want to delete.Click Delete folder.
To confirm that you want to delete the managed folder, type
DELETE
in Delete field.Click Delete.
The managed folder and its contents, including stored objects and other managed folders, are deleted from your Cloud Storage bucket.
Command line
To delete a managed folder and the objects it contains, run the
gcloud storage rm
command:
gcloud storage rm -r gs://BUCKET_NAME/MANAGED_FOLDER_NAME
Where:
BUCKET_NAME
is the name of the bucket that contains the managed folder you want to delete. For example,my-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder you want to delete. For example,my-managed-folder/
.
Client libraries
For more information, see the
Cloud Storage C++ API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage C# API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Go API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Java API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Node.js API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage PHP API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Python API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
For more information, see the
Cloud Storage Ruby API
reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials.
For more information, see
Set up authentication for client libraries.
C++
C#
Go
Java
Node.js
PHP
Python
Ruby
REST APIs
JSON API
To delete a managed folder, you must first delete the objects within the managed folder.
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Use
cURL
to call the JSON API with aDELETE
ManagedFolder request:curl -X DELETE -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/managedFolders/MANAGED_FOLDER_NAME"
Where:
BUCKET_NAME
is the name of the bucket that contains the managed folder you want to delete. For example,my-bucket
.MANAGED_FOLDER_NAME
is the name of the managed folder you want to delete. For example,my-managed-folder/
.
By default, managed folders must be empty before they can be deleted. To delete a non-empty managed folder, include
allowNonEmpty=true
as a query parameter in your request.
Troubleshooting
For help creating and managing managed folders, refer to the Troubleshooting page.