» google_storage_object_acl

Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a google_storage_object_acl sets the acl to the private predefined ACL.

For more information see the official documentation and API.

Want fine-grained control over object ACLs? Use google_storage_object_access_control to control individual role entity pairs.

» Example Usage

Create an object ACL with one owner and one reader.

resource "google_storage_bucket" "image-store" {
  name     = "image-store-bucket"
  location = "EU"
}

resource "google_storage_bucket_object" "image" {
  name   = "image1"
  bucket = "${google_storage_bucket.image-store.name}"
  source = "image1.jpg"
}

resource "google_storage_object_acl" "image-store-acl" {
  bucket = "${google_storage_bucket.image-store.name}"
  object = "${google_storage_bucket_object.image.output_name}"

  role_entity = [
    "OWNER:user-my.email@gmail.com",
    "READER:group-mygroup",
  ]
}

» Argument Reference

bucket - (Required) The name of the bucket the object is stored in.
object - (Required) The name of the object to apply the acl to.

predefined_acl - (Optional) The "canned" predefined ACL to apply. Must be set if role_entity is not.
role_entity - (Optional) List of role/entity pairs in the form ROLE:entity. See GCS Object ACL documentation for more details. Must be set if predefined_acl is not.

The object's creator will always have OWNER permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically adds that role/entity pair to your terraform plan results when it is omitted in your config; terraform plan will show the correct final state at every point except for at Create time, where the object role/entity pair is omitted if not explicitly set.

» Attributes Reference

Only the arguments listed above are exposed as attributes.