gcp_storage_bucket – Creates a GCP Bucket
gcp_storage_bucket – Creates a GCP Bucket
New in version 2.6.
Synopsis
- The Buckets resource represents a bucket in Google Cloud Storage. There is a single global namespace shared by all buckets. For more information, see Bucket Name Requirements.
- Buckets contain objects which can be accessed by their own methods. In addition to the acl property, buckets contain bucketAccessControls, for use in fine-grained manipulation of an existing bucket’s access controls.
- A bucket is always owned by the project team owners group.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
acl - |
Access controls on the bucket. | ||||
bucket - / required |
The name of the bucket. | ||||
domain - |
The domain associated with the entity. | ||||
- |
The email address associated with the entity. | ||||
entity - / required |
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected]. The group [email protected] would be [email protected]. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. | ||||
entity_id - |
The ID for the entity. | ||||
id - |
The ID of the access-control entry. | ||||
project_team - |
The project team associated with the entity. | ||||
project_number - |
The project team associated with the entity. | ||||
team - |
|
The team. | |||
role - |
|
The access permission for the entity. | |||
auth_kind - / required |
|
The type of credential used. | |||
cors - |
The bucket's Cross-Origin Resource Sharing (CORS) configuration. | ||||
max_age_seconds - |
The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses. | ||||
method - |
The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method". | ||||
origin - |
The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin". | ||||
response_header - |
The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains. | ||||
default_object_acl - added in 2.7 |
Default access controls to apply to new objects when no ACL is provided. | ||||
bucket - / required |
The name of the bucket. | ||||
domain - |
The domain associated with the entity. | ||||
- |
The email address associated with the entity. | ||||
entity - / required |
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected]. The group [email protected] would be [email protected]. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com. | ||||
entity_id - |
The ID for the entity. | ||||
generation - |
The content generation of the object, if applied to an object. | ||||
id - |
The ID of the access-control entry. | ||||
object - |
The name of the object, if applied to an object. | ||||
project_team - |
The project team associated with the entity. | ||||
project_number - |
The project team associated with the entity. | ||||
team - |
|
The team. | |||
role - |
|
The access permission for the entity. | |||
lifecycle - |
The bucket's lifecycle configuration. See https://developers.google.com/storage/docs/lifecycle for more information. | ||||
rule - |
A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken. | ||||
action - |
The action to take. | ||||
storage_class - |
Target storage class. Required iff the type of the action is SetStorageClass. | ||||
type - |
|
Type of the action. Currently, only Delete and SetStorageClass are supported. | |||
condition - |
The condition(s) under which the action will be taken. | ||||
age_days - |
Age of an object (in days). This condition is satisfied when an object reaches the specified age. | ||||
created_before - |
A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC. | ||||
is_live boolean |
|
Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects. | |||
matches_storage_class - |
Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY. | ||||
num_newer_versions - |
Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object. | ||||
location - |
The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list. | ||||
logging - |
The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs. | ||||
log_bucket - |
The destination bucket where the current bucket's logs should be placed. | ||||
log_object_prefix - |
A prefix for log object names. | ||||
metageneration - |
The metadata generation of this bucket. | ||||
name - |
The name of the bucket. | ||||
owner - |
The owner of the bucket. This is always the project team's owner group. | ||||
entity - |
The entity, in the form project-owner-projectId. | ||||
entity_id - |
The ID for the entity. | ||||
predefined_default_object_acl - |
|
Apply a predefined set of default object access controls to this bucket. Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access. - "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access. - "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access. - "private": Object owner gets OWNER access. - "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles. - "publicRead": Object owner gets OWNER access, and allUsers get READER access. | |||
project - |
Default: null |
A valid API project identifier. | |||
scopes - |
Array of scopes to be used. | ||||
service_account_email - |
An optional service account email address if machineaccount is selected and the user does not wish to use the default email. | ||||
service_account_file - |
The path of a Service Account JSON file if serviceaccount is selected as type. | ||||
state - |
|
Whether the given object should exist in GCP | |||
storage_class - |
|
The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes. | |||
versioning - |
The bucket's versioning configuration. | ||||
enabled boolean |
|
While set to true, versioning is fully enabled for this bucket. | |||
website - |
The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information. | ||||
main_page_suffix - |
If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages. | ||||
not_found_page - |
If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result. |
Notes
Note
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILE
env variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAIL
env variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KIND
env variable. - For authentication, you can set scopes using the
GCP_SCOPES
env variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a bucket
gcp_storage_bucket:
name: ansible-storage-module
project: "test_project"
auth_kind: "service_account"
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |||
---|---|---|---|---|---|
acl complex |
success |
Access controls on the bucket.
| |||
bucket dictionary |
success |
The name of the bucket.
| |||
domain string |
success |
The domain associated with the entity.
| |||
string |
success |
The email address associated with the entity.
| |||
entity string |
success |
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected]. The group [email protected] would be [email protected]. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
| |||
entity_id string |
success |
The ID for the entity.
| |||
id string |
success |
The ID of the access-control entry.
| |||
project_team complex |
success |
The project team associated with the entity.
| |||
project_number string |
success |
The project team associated with the entity.
| |||
team string |
success |
The team.
| |||
role string |
success |
The access permission for the entity.
| |||
cors complex |
success |
The bucket's Cross-Origin Resource Sharing (CORS) configuration.
| |||
max_age_seconds integer |
success |
The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
| |||
method list |
success |
The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
| |||
origin list |
success |
The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".
| |||
response_header list |
success |
The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.
| |||
default_object_acl complex |
success |
Default access controls to apply to new objects when no ACL is provided.
| |||
bucket dictionary |
success |
The name of the bucket.
| |||
domain string |
success |
The domain associated with the entity.
| |||
string |
success |
The email address associated with the entity.
| |||
entity string |
success |
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected]. The group [email protected] would be [email protected]. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
| |||
entity_id string |
success |
The ID for the entity.
| |||
generation integer |
success |
The content generation of the object, if applied to an object.
| |||
id string |
success |
The ID of the access-control entry.
| |||
object string |
success |
The name of the object, if applied to an object.
| |||
project_team complex |
success |
The project team associated with the entity.
| |||
project_number string |
success |
The project team associated with the entity.
| |||
team string |
success |
The team.
| |||
role string |
success |
The access permission for the entity.
| |||
id string |
success |
The ID of the bucket. For buckets, the id and name properities are the same.
| |||
lifecycle complex |
success |
The bucket's lifecycle configuration. See https://developers.google.com/storage/docs/lifecycle for more information.
| |||
rule complex |
success |
A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.
| |||
action complex |
success |
The action to take.
| |||
storage_class string |
success |
Target storage class. Required iff the type of the action is SetStorageClass.
| |||
type string |
success |
Type of the action. Currently, only Delete and SetStorageClass are supported.
| |||
condition complex |
success |
The condition(s) under which the action will be taken.
| |||
age_days integer |
success |
Age of an object (in days). This condition is satisfied when an object reaches the specified age.
| |||
created_before string |
success |
A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC.
| |||
is_live boolean |
success |
Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.
| |||
matches_storage_class list |
success |
Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.
| |||
num_newer_versions integer |
success |
Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.
| |||
location string |
success |
The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.
| |||
logging complex |
success |
The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.
| |||
log_bucket string |
success |
The destination bucket where the current bucket's logs should be placed.
| |||
log_object_prefix string |
success |
A prefix for log object names.
| |||
metageneration integer |
success |
The metadata generation of this bucket.
| |||
name string |
success |
The name of the bucket.
| |||
owner complex |
success |
The owner of the bucket. This is always the project team's owner group.
| |||
entity string |
success |
The entity, in the form project-owner-projectId.
| |||
entity_id string |
success |
The ID for the entity.
| |||
predefined_default_object_acl string |
success |
Apply a predefined set of default object access controls to this bucket. Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access. - "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access. - "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access. - "private": Object owner gets OWNER access. - "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles. - "publicRead": Object owner gets OWNER access, and allUsers get READER access.
| |||
project string |
success |
A valid API project identifier.
| |||
project_number integer |
success |
The project number of the project the bucket belongs to.
| |||
storage_class string |
success |
The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.
| |||
time_created string |
success |
The creation time of the bucket in RFC 3339 format.
| |||
updated string |
success |
The modification time of the bucket in RFC 3339 format.
| |||
versioning complex |
success |
The bucket's versioning configuration.
| |||
enabled boolean |
success |
While set to true, versioning is fully enabled for this bucket.
| |||
website complex |
success |
The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.
| |||
main_page_suffix string |
success |
If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
| |||
not_found_page string |
success |
If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/gcp_storage_bucket_module.html