gcp_storage_bucket – Creates a GCP Bucket¶
New in version 2.6.
Synopsis¶
- The Buckets resource represents a bucket in Google Cloud Storage. There is a single global namespace shared by all buckets. For more information, see Bucket Name Requirements.
- Buckets contain objects which can be accessed by their own methods. In addition to the acl property, buckets contain bucketAccessControls, for use in fine-grained manipulation of an existing bucket’s access controls.
- A bucket is always owned by the project team owners group.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters¶
| Parameter | Choices/Defaults | Comments | |||
|---|---|---|---|---|---|
|
acl
-
|
Access controls on the bucket.
|
||||
|
bucket
-
/ required
|
The name of the bucket.
|
||||
|
domain
-
|
The domain associated with the entity.
|
||||
|
email
-
|
The email address associated with the entity.
|
||||
|
entity
-
/ required
|
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected].
The group [email protected] would be [email protected].
To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
|
||||
|
entity_id
-
|
The ID for the entity.
|
||||
|
id
-
|
The ID of the access-control entry.
|
||||
|
project_team
-
|
The project team associated with the entity.
|
||||
|
project_number
-
|
The project team associated with the entity.
|
||||
|
team
-
|
|
The team.
|
|||
|
role
-
|
|
The access permission for the entity.
|
|||
|
auth_kind
-
/ required
|
|
The type of credential used.
|
|||
|
cors
-
|
The bucket's Cross-Origin Resource Sharing (CORS) configuration.
|
||||
|
max_age_seconds
-
|
The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
|
||||
|
method
-
|
The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
|
||||
|
origin
-
|
The list of Origins eligible to receive CORS response headers.
Note: "*" is permitted in the list of origins, and means "any Origin".
|
||||
|
response_header
-
|
The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.
|
||||
|
default_object_acl
-
added in 2.7 |
Default access controls to apply to new objects when no ACL is provided.
|
||||
|
bucket
-
/ required
|
The name of the bucket.
|
||||
|
domain
-
|
The domain associated with the entity.
|
||||
|
email
-
|
The email address associated with the entity.
|
||||
|
entity
-
/ required
|
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected].
The group [email protected] would be [email protected].
To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
|
||||
|
entity_id
-
|
The ID for the entity.
|
||||
|
generation
-
|
The content generation of the object, if applied to an object.
|
||||
|
id
-
|
The ID of the access-control entry.
|
||||
|
object
-
|
The name of the object, if applied to an object.
|
||||
|
project_team
-
|
The project team associated with the entity.
|
||||
|
project_number
-
|
The project team associated with the entity.
|
||||
|
team
-
|
|
The team.
|
|||
|
role
-
|
|
The access permission for the entity.
|
|||
|
lifecycle
-
|
The bucket's lifecycle configuration.
See https://developers.google.com/storage/docs/lifecycle for more information.
|
||||
|
rule
-
|
A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.
|
||||
|
action
-
|
The action to take.
|
||||
|
storage_class
-
|
Target storage class. Required iff the type of the action is SetStorageClass.
|
||||
|
type
-
|
|
Type of the action. Currently, only Delete and SetStorageClass are supported.
|
|||
|
condition
-
|
The condition(s) under which the action will be taken.
|
||||
|
age_days
-
|
Age of an object (in days). This condition is satisfied when an object reaches the specified age.
|
||||
|
created_before
-
|
A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC.
|
||||
|
is_live
boolean
|
|
Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.
|
|||
|
matches_storage_class
-
|
Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.
|
||||
|
num_newer_versions
-
|
Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.
|
||||
|
location
-
|
The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.
|
||||
|
logging
-
|
The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.
|
||||
|
log_bucket
-
|
The destination bucket where the current bucket's logs should be placed.
|
||||
|
log_object_prefix
-
|
A prefix for log object names.
|
||||
|
metageneration
-
|
The metadata generation of this bucket.
|
||||
|
name
-
|
The name of the bucket.
|
||||
|
owner
-
|
The owner of the bucket. This is always the project team's owner group.
|
||||
|
entity
-
|
The entity, in the form project-owner-projectId.
|
||||
|
entity_id
-
|
The ID for the entity.
|
||||
|
predefined_default_object_acl
-
|
|
Apply a predefined set of default object access controls to this bucket.
Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
- "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access.
- "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access.
- "private": Object owner gets OWNER access.
- "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles.
- "publicRead": Object owner gets OWNER access, and allUsers get READER access.
|
|||
|
project
-
|
Default: null
|
A valid API project identifier.
|
|||
|
scopes
-
|
Array of scopes to be used.
|
||||
|
service_account_email
-
|
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
|
||||
|
service_account_file
-
|
The path of a Service Account JSON file if serviceaccount is selected as type.
|
||||
|
state
-
|
|
Whether the given object should exist in GCP
|
|||
|
storage_class
-
|
|
The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage.
Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.
|
|||
|
versioning
-
|
The bucket's versioning configuration.
|
||||
|
enabled
boolean
|
|
While set to true, versioning is fully enabled for this bucket.
|
|||
|
website
-
|
The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.
|
||||
|
main_page_suffix
-
|
If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
|
||||
|
not_found_page
-
|
If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.
|
||||
Notes¶
Note
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILEenv variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples¶
- name: create a bucket
gcp_storage_bucket:
name: ansible-storage-module
project: "test_project"
auth_kind: "service_account"
service_account_file: "/tmp/auth.pem"
state: present
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |||
|---|---|---|---|---|---|
|
acl
complex
|
success |
Access controls on the bucket.
|
|||
|
bucket
dictionary
|
success |
The name of the bucket.
|
|||
|
domain
string
|
success |
The domain associated with the entity.
|
|||
|
email
string
|
success |
The email address associated with the entity.
|
|||
|
entity
string
|
success |
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected].
The group [email protected] would be [email protected].
To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
|
|||
|
entity_id
string
|
success |
The ID for the entity.
|
|||
|
id
string
|
success |
The ID of the access-control entry.
|
|||
|
project_team
complex
|
success |
The project team associated with the entity.
|
|||
|
project_number
string
|
success |
The project team associated with the entity.
|
|||
|
team
string
|
success |
The team.
|
|||
|
role
string
|
success |
The access permission for the entity.
|
|||
|
cors
complex
|
success |
The bucket's Cross-Origin Resource Sharing (CORS) configuration.
|
|||
|
max_age_seconds
integer
|
success |
The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
|
|||
|
method
list
|
success |
The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
|
|||
|
origin
list
|
success |
The list of Origins eligible to receive CORS response headers.
Note: "*" is permitted in the list of origins, and means "any Origin".
|
|||
|
response_header
list
|
success |
The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.
|
|||
|
default_object_acl
complex
|
success |
Default access controls to apply to new objects when no ACL is provided.
|
|||
|
bucket
dictionary
|
success |
The name of the bucket.
|
|||
|
domain
string
|
success |
The domain associated with the entity.
|
|||
|
email
string
|
success |
The email address associated with the entity.
|
|||
|
entity
string
|
success |
The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected].
The group [email protected] would be [email protected].
To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
|
|||
|
entity_id
string
|
success |
The ID for the entity.
|
|||
|
generation
integer
|
success |
The content generation of the object, if applied to an object.
|
|||
|
id
string
|
success |
The ID of the access-control entry.
|
|||
|
object
string
|
success |
The name of the object, if applied to an object.
|
|||
|
project_team
complex
|
success |
The project team associated with the entity.
|
|||
|
project_number
string
|
success |
The project team associated with the entity.
|
|||
|
team
string
|
success |
The team.
|
|||
|
role
string
|
success |
The access permission for the entity.
|
|||
|
id
string
|
success |
The ID of the bucket. For buckets, the id and name properities are the same.
|
|||
|
lifecycle
complex
|
success |
The bucket's lifecycle configuration.
See https://developers.google.com/storage/docs/lifecycle for more information.
|
|||
|
rule
complex
|
success |
A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.
|
|||
|
action
complex
|
success |
The action to take.
|
|||
|
storage_class
string
|
success |
Target storage class. Required iff the type of the action is SetStorageClass.
|
|||
|
type
string
|
success |
Type of the action. Currently, only Delete and SetStorageClass are supported.
|
|||
|
condition
complex
|
success |
The condition(s) under which the action will be taken.
|
|||
|
age_days
integer
|
success |
Age of an object (in days). This condition is satisfied when an object reaches the specified age.
|
|||
|
created_before
string
|
success |
A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC.
|
|||
|
is_live
boolean
|
success |
Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.
|
|||
|
matches_storage_class
list
|
success |
Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.
|
|||
|
num_newer_versions
integer
|
success |
Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.
|
|||
|
location
string
|
success |
The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.
|
|||
|
logging
complex
|
success |
The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.
|
|||
|
log_bucket
string
|
success |
The destination bucket where the current bucket's logs should be placed.
|
|||
|
log_object_prefix
string
|
success |
A prefix for log object names.
|
|||
|
metageneration
integer
|
success |
The metadata generation of this bucket.
|
|||
|
name
string
|
success |
The name of the bucket.
|
|||
|
owner
complex
|
success |
The owner of the bucket. This is always the project team's owner group.
|
|||
|
entity
string
|
success |
The entity, in the form project-owner-projectId.
|
|||
|
entity_id
string
|
success |
The ID for the entity.
|
|||
|
predefined_default_object_acl
string
|
success |
Apply a predefined set of default object access controls to this bucket.
Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
- "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access.
- "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access.
- "private": Object owner gets OWNER access.
- "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles.
- "publicRead": Object owner gets OWNER access, and allUsers get READER access.
|
|||
|
project
string
|
success |
A valid API project identifier.
|
|||
|
project_number
integer
|
success |
The project number of the project the bucket belongs to.
|
|||
|
storage_class
string
|
success |
The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage.
Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.
|
|||
|
time_created
string
|
success |
The creation time of the bucket in RFC 3339 format.
|
|||
|
updated
string
|
success |
The modification time of the bucket in RFC 3339 format.
|
|||
|
versioning
complex
|
success |
The bucket's versioning configuration.
|
|||
|
enabled
boolean
|
success |
While set to true, versioning is fully enabled for this bucket.
|
|||
|
website
complex
|
success |
The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.
|
|||
|
main_page_suffix
string
|
success |
If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
|
|||
|
not_found_page
string
|
success |
If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.
|
|||
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation you can edit this document to improve it.