StorageBucket (original) (raw)

Property	Value
Google Cloud Service Name	Cloud Storage
Google Cloud Service Documentation	/storage/docs/
Google Cloud REST Resource Name	v1.buckets
Google Cloud REST Resource Documentation	</storage/docs/json%5Fapi/v1/buckets>
Config Connector Resource Short Names	gcpstoragebucketgcpstoragebucketsstoragebucket
Config Connector Service Name	storage.googleapis.com
Config Connector Resource Fully Qualified Name	storagebuckets.storage.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember	Yes
Supports IAM Conditions	Yes
Supports IAM Audit Configs	No
IAM External Reference Format	{{name}}
Config Connector Default Average Reconcile Interval In Seconds	600

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/force-destroy
cnrm.cloud.google.com/project-id

Spec

Schema

autoclass:
  enabled: boolean
bucketPolicyOnly: boolean
cors:
- maxAgeSeconds: integer
  method:
  - string
  origin:
  - string
  responseHeader:
  - string
customPlacementConfig:
  dataLocations:
  - string
defaultEventBasedHold: boolean
encryption:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
lifecycleRule:
- action:
    storageClass: string
    type: string
  condition:
    age: integer
    createdBefore: string
    customTimeBefore: string
    daysSinceCustomTime: integer
    daysSinceNoncurrentTime: integer
    matchesPrefix:
    - string
    matchesStorageClass:
    - string
    matchesSuffix:
    - string
    noncurrentTimeBefore: string
    numNewerVersions: integer
    withState: string
location: string
logging:
  logBucket: string
  logObjectPrefix: string
publicAccessPrevention: string
requesterPays: boolean
resourceID: string
retentionPolicy:
  isLocked: boolean
  retentionPeriod: integer
softDeletePolicy:
  retentionDurationSeconds: integer
storageClass: string
uniformBucketLevelAccess: boolean
versioning:
  enabled: boolean
website:
  mainPageSuffix: string
  notFoundPage: string

Fields
autoclass Optional	object The bucket's autoclass configuration.
autoclass.enabled Required*	boolean While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.
bucketPolicyOnly Optional	boolean DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. Enables Bucket PolicyOnly access to a bucket.
cors Optional	list (object) The bucket's Cross-Origin Resource Sharing (CORS) configuration.
cors[] Optional	object
cors[].maxAgeSeconds Optional	integer The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
cors[].method Optional	list (string) The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
cors[].method[] Optional	string
cors[].origin Optional	list (string) The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".
cors[].origin[] Optional	string
cors[].responseHeader Optional	list (string) The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.
cors[].responseHeader[] Optional	string
customPlacementConfig Optional	object The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.
customPlacementConfig.dataLocations Required*	list (string) The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions.
customPlacementConfig.dataLocations[] Required*	string
defaultEventBasedHold Optional	boolean Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.
encryption Optional	object The bucket's encryption configuration.
encryption.kmsKeyRef Required*	object
encryption.kmsKeyRef.external Optional	string Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.
encryption.kmsKeyRef.name Optional	string Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
encryption.kmsKeyRef.namespace Optional	string Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
lifecycleRule Optional	list (object) The bucket's Lifecycle Rules configuration.
lifecycleRule[] Optional	object
lifecycleRule[].action Required*	object The Lifecycle Rule's action configuration. A single block of this type is supported.
lifecycleRule[].action.storageClass Optional	string The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.
lifecycleRule[].action.type Required*	string The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.
lifecycleRule[].condition Required*	object The Lifecycle Rule's condition configuration.
lifecycleRule[].condition.age Optional	integer Minimum age of an object in days to satisfy this condition.
lifecycleRule[].condition.createdBefore Optional	string Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
lifecycleRule[].condition.customTimeBefore Optional	string Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
lifecycleRule[].condition.daysSinceCustomTime Optional	integer Number of days elapsed since the user-specified timestamp set on an object.
lifecycleRule[].condition.daysSinceNoncurrentTime Optional	integer Number of days elapsed since the noncurrent timestamp of an object. This condition is relevant only for versioned objects.
lifecycleRule[].condition.matchesPrefix Optional	list (string) One or more matching name prefixes to satisfy this condition.
lifecycleRule[].condition.matchesPrefix[] Optional	string
lifecycleRule[].condition.matchesStorageClass Optional	list (string) Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
lifecycleRule[].condition.matchesStorageClass[] Optional	string
lifecycleRule[].condition.matchesSuffix Optional	list (string) One or more matching name suffixes to satisfy this condition.
lifecycleRule[].condition.matchesSuffix[] Optional	string
lifecycleRule[].condition.noncurrentTimeBefore Optional	string Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
lifecycleRule[].condition.numNewerVersions Optional	integer Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
lifecycleRule[].condition.withState Optional	string Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
location Optional	string The Google Cloud Storage location.
logging Optional	object The bucket's Access & Storage Logs configuration.
logging.logBucket Required*	string The bucket that will receive log objects.
logging.logObjectPrefix Optional	string The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.
publicAccessPrevention Optional	string Prevents public access to a bucket.
requesterPays Optional	boolean Enables Requester Pays on a storage bucket.
resourceID Optional	string Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.
retentionPolicy Optional	object Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.
retentionPolicy.isLocked Optional	boolean If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.
retentionPolicy.retentionPeriod Required*	integer The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.
softDeletePolicy Optional	object The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy.
softDeletePolicy.retentionDurationSeconds Optional	integer The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.
storageClass Optional	string The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.
uniformBucketLevelAccess Optional	boolean Enables uniform bucket-level access on a bucket.
versioning Optional	object The bucket's Versioning configuration.
versioning.enabled Required*	boolean While set to true, versioning is fully enabled for this bucket.
website Optional	object Configuration if the bucket acts as a website.
website.mainPageSuffix Optional	string Behaves as the bucket's directory index where missing objects are treated as potential directories.
website.notFoundPage Optional	string The custom object to return when a requested resource is not found.

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
observedGeneration: integer
observedState:
  softDeletePolicy:
    effectiveTime: string
    retentionDurationSeconds: integer
selfLink: string
url: string

Fields
conditions	list (object) Conditions represent the latest available observation of the resource's current state.
conditions[]	object
conditions[].lastTransitionTime	string Last time the condition transitioned from one status to another.
conditions[].message	string Human-readable message indicating details about last transition.
conditions[].reason	string Unique, one-word, CamelCase reason for the condition's last transition.
conditions[].status	string Status is the status of the condition. Can be True, False, Unknown.
conditions[].type	string Type is the type of the condition.
observedGeneration	integer ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.
observedState	object The observed state of the underlying GCP resource.
observedState.softDeletePolicy	object The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy.
observedState.softDeletePolicy.effectiveTime	string Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format.
observedState.softDeletePolicy.retentionDurationSeconds	integer The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.
selfLink	string The URI of the created resource.
url	string The base URL of the bucket, in the format gs://.

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  annotations:
    cnrm.cloud.google.com/force-destroy: "false"
  labels:
    label-one: "value-one"
  # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
  name: ${PROJECT_ID?}-sample
spec:
  lifecycleRule:
    - action:
        type: Delete
      condition:
        age: 7
        withState: ANY
  versioning:
    enabled: true
  cors:
    - origin: ["http://example.appspot.com"]
      responseHeader: ["Content-Type"]
      method: ["GET", "HEAD", "DELETE"]
      maxAgeSeconds: 3600
  uniformBucketLevelAccess: true
  softDeletePolicy:
    retentionDurationSeconds: 604800