Skip to main content

types

ACL

Grant

A grant resource, used to specify the permission granted and the grantee.

Permission
  • PERMISSION_UNSPECIFIED

  • PERMISSION_FULL_CONTROL

    Allows grantee the PERMISSION_WRITE, PERMISSION_WRITE_ACP, PERMISSION_READ, and PERMISSION_READ_ACP on the bucket. Maps to x-amz-grant-full-control header for bucketPutAcl method of Amazon S3-compatible HTTP API.

  • PERMISSION_WRITE

    Allows grantee to create new objects in the bucket. For the bucket and object owners of existing objects, also allows deletions and overwrites of those objects. Maps to x-amz-grant-write header for bucketPutAcl method of Amazon S3-compatible HTTP API.

  • PERMISSION_WRITE_ACP

    Allows grantee to write the ACL for the bucket. Maps to x-amz-grant-write-acp header for bucketPutAcl method of Amazon S3-compatible HTTP API.

  • PERMISSION_READ

    Allows grantee to list the objects in the bucket. Maps to x-amz-grant-read header for bucketPutAcl method of Amazon S3-compatible HTTP API.

  • PERMISSION_READ_ACP

    Allows grantee to read the bucket ACL Maps to x-amz-grant-read-acp header for bucketPutAcl method of Amazon S3-compatible HTTP API.

GrantType
  • GRANT_TYPE_UNSPECIFIED

  • GRANT_TYPE_ACCOUNT

    A grantee is an account on the platform. For this grantee type, you need to specify the user ID in [Bucket.acl.grants.grantee_id][1] field. To get user ID, see instruction. Maps to using id="*" value for x-amz-grant-* header (bucketPutAcl method of Amazon S3-compatible HTTP API).

  • GRANT_TYPE_ALL_AUTHENTICATED_USERS

    Grantees are all authenticated users, both from your clouds and other users' clouds. Access permission to this group allows any account on the platform to access the resource via a signed (authenticated) request. Maps to using uri="http://acs.amazonaws.com/groups/global/AuthenticatedUsers" value for x-amz-grant-* header (bucketPutAcl method of Amazon S3-compatible HTTP API).

  • GRANT_TYPE_ALL_USERS

    Grantees are all internet users. Access permission to this group allows anyone in the world access to the resource via signed (authenticated) or unsigned (anonymous) requests. Maps to using uri="http://acs.amazonaws.com/groups/global/AllUsers" value for x-amz-grant-* header (bucketPutAcl method of Amazon S3-compatible HTTP API).

permission : Permission

Permission granted by the grant.

grantType : GrantType

The grantee type for the grant.

granteeId : string

ID of the account who is a grantee. Required when the grant_type is GRANT_TYPE_ACCOUNT.

grants : Grant

List of permissions granted and the grantees.

AnonymousAccessFlags

read : google.protobuf.BoolValue

Specifies whether public (anonymous) access to read objects in the bucket is enabled.

list : google.protobuf.BoolValue

Specifies whether public (anonymous) access to the list of objects in the bucket is enabled.

configRead : google.protobuf.BoolValue

Specifies whether public (anonymous) access to read CORS, static website hosting, and object lifecycles settings of the bucket is enabled.

Bucket

A bucket resource. For details about the concept, see documentation.

id : string

ID of the bucket. Always equal to name, which has priority.

name : string

Name of the bucket.

The name is unique within the platform. For naming limitations and rules, see documentation.

folderId : string

ID of the folder that the bucket belongs to.

anonymousAccessFlags : AnonymousAccessFlags

Flags for configuring public (anonymous) access to the bucket's content and settings. For details, see documentation.

defaultStorageClass : string

Default storage class for objects in the bucket. Supported classes are standard storage (STANDARD), cold storage (COLD, STANDARD_IA, NEARLINE all synonyms), and ice storage (ICE and GLACIER are synonyms). For details, see documentation.

versioning : Versioning

Bucket versioning status. For details, see documentation.

maxSize : int64

Maximum size of the bucket, in bytes. For details, see documentation.

policy : google.protobuf.Struct

Bucket policies that set permissions for actions with the bucket, its objects, and groups of objects. For details, see documentation.

acl : ACL

Access control list (ACL) of the bucket. For details, see documentation.

createdAt : google.protobuf.Timestamp

Creation timestamp.

cors : CorsRule

List of rules for cross-domain requests to objects in the bucket (cross-origin resource sharing, CORS). For details, see documentation.

websiteSettings : WebsiteSettings

Configuration for hosting a static website in the bucket. For details, see documentation.

lifecycleRules : LifecycleRule

List of object lifecycle rules for the bucket. For details, see documentation.

tags : Tag

List of tags for the bucket. For details, see documentation.

objectLock : ObjectLock

Configuration for object lock on the bucket. For details about the concept, see documentation.

encryption : Encryption

Configuration for bucket's encryption For detauls, see documentation

BucketStats

A bucket statistics resource.

name : string

Name of the bucket.

maxSize : google.protobuf.Int64Value

Maximum size of the bucket, in bytes.

usedSize : int64

Size of used space in the bucket, in bytes.

storageClassMaxSizes : OptionalSizeByClass

Size of available space in the bucket by storage class, in bytes.

storageClassUsedSizes : SizeByClass

Size of used space in the bucket by storage class, in bytes.

storageClassCounters : CountersByClass

Object-related statistics by storage class and type of upload (simple vs. multipart), in bytes.

defaultStorageClass : google.protobuf.StringValue

Default storage class for objects in the bucket. Supported classes are standard storage (STANDARD), cold storage (COLD, STANDARD_IA, NEARLINE all synonyms), and ice storage (ICE and GLACIER are synonyms). For details, see documentation.

anonymousAccessFlags : AnonymousAccessFlags

Flags for configuring public (anonymous) access to the bucket's content and settings. For details, see documentation.

createdAt : google.protobuf.Timestamp

Bucket creation timestamp.

updatedAt : google.protobuf.Timestamp

Bucket latest update timestamp.

CopyObjectResult

etag : string

Returns the ETag of the new object.

lastModifiedAt : google.protobuf.Timestamp

Creation date of the object.

CorsRule

A CORS rule resource. For details about the concept, see documentation.

Method

List of HTTP methods that are allowed by the CORS rule.

When a client sends a CORS-preflight options request with the Access-Control-Request-Method header (see S3-compatible API reference](https://cloud.yandex.com/docs/storage/s3/api-ref/object/options)), the specified method is checked against the list of the allowed methods. If there is a match, all the allowed methods are listed in the Access-Control-Allow-Methods header of the response.

  • METHOD_UNSPECIFIED

    List of HTTP methods that are allowed by the CORS rule. When a client sends a CORS-preflight options request with the Access-Control-Request-Method header (see S3-compatible API reference](https://cloud.yandex.com/docs/storage/s3/api-ref/object/options)), the specified method is checked against the list of the allowed methods. If there is a match, all the allowed methods are listed in the Access-Control-Allow-Methods header of the response.

  • METHOD_GET

    HTTP GET method.

  • METHOD_HEAD

    HTTP HEAD method.

  • METHOD_POST

    HTTP POST method.

  • METHOD_PUT

    HTTP PUT method.

  • METHOD_DELETE

    HTTP DELETE method.

id : string

ID of the CORS rule.

allowedMethods : Method

List of HTTP methods allowed by the CORS rule.

When a client sends a CORS-preflight options request with the Access-Control-Request-Method header (see S3-compatible API reference), the specified method is checked against the list of the allowed methods. If there is a match, all the allowed methods are listed in the Access-Control-Allow-Methods header of the response.

allowedHeaders : string

List of HTTP headers allowed by the CORS rule.

When a client sends a CORS-preflight options request with the Access-Control-Request-Headers header (see S3-compatible API reference), the specified headers are checked against the list of the allowed headers. If there is a match, the specified headers that are allowed are listed in the Access-Control-Allow-Headers header of the response.

Each string in the list can contain at most one * wildcard character that matches 0 or more characters. For example, x-amz-* value will allow all Amazon S3-compatible headers.

allowedOrigins : string

List of request origins allowed by the CORS rule.

Each string in the list can contain at most one * wildcard character that matches 0 or more characters. For example, http://*.example.com value will allow requests originating from all subdomains of example.com.

exposeHeaders : string

List of headers contained in responses to CORS requests that can be accessed by applications.

maxAgeSeconds : google.protobuf.Int64Value

Time in seconds that a client can cache the response to a CORS-preflight request as identified by the object requested, the HTTP method, and the origin.

Counters

simpleObjectSize : int64

Total size of objects uploaded in single operation, in bytes.

simpleObjectCount : int64

Number of objects uploaded in single operation.

objectsPartsSize : int64

Total size of uploaded parts in incomplete multipart uploads, in bytes.

objectsPartsCount : int64

Number of uploaded parts in incomplete multipart uploads.

multipartObjectsSize : int64

Total size of objects uploaded in multiple parts, in bytes.

multipartObjectsCount : int64

Number of objects uploaded in multiple parts.

activeMultipartCount : int64

Number of incomplete multipart uploads.

CountersByClass

A resource for object-related statistics for a storage class by type of upload (simple vs. multipart).

storageClass : string

Storage class. Supported classes are standard storage (STANDARD), cold storage (COLD, STANDARD_IA, NEARLINE all synonyms), and ice storage (ice and GLACIER are synonyms). For details, see documentation.

counters : Counters

Object-related statistics for the storage class by type of upload.

DeleteObjectError

key : string

The error key.

versionId : string

The version ID of the error.

code : string

The error code is a string that uniquely identifies an error condition.

msg : string

The error message contains a generic description of the error condition in English.

Encryption

EncryptionRule

kmsMasterKeyId : string
sseAlgorithm : string
rules : EncryptionRule

HTTPSConfig

A resource for HTTPS configuration of a bucket.

SourceType

A resource for type of TLS certificate source.

  • SOURCE_TYPE_UNSPECIFIED

    A resource for type of TLS certificate source.

  • SOURCE_TYPE_SELF_MANAGED

    Your certificate, uploaded directly.

  • SOURCE_TYPE_MANAGED_BY_CERTIFICATE_MANAGER

    Certificate managed by Certificate Manager.

name : string

Name of the bucket.

sourceType : SourceType

Type of TLS certificate source.

issuer : google.protobuf.StringValue

Issuer of the TLS certificate.

subject : google.protobuf.StringValue

Subject of the TLS certificate.

dnsNames : string

List of DNS names of the TLS certificate (Subject Alternative Name field).

notBefore : google.protobuf.Timestamp

Start of the TLS certificate validity period (Not Before field).

notAfter : google.protobuf.Timestamp

End of the TLS certificate validity period (Not After field)

certificateId : string

ID of the TLS certificate in Certificate Manager.

To get information about the certificate from Certificate Manager, make a yandex.cloud.certificatemanager.v1.CertificateService.Get request.

LifecycleRule

An object lifecycle rule resource for the bucket. For details about the concept, see documentation.

AfterDays

daysAfterExpiration : google.protobuf.Int64Value

Time period, in number of days from the start of the multipart upload, after which the incomplete upload is aborted.

NoncurrentDeleteMarkers

noncurrentDays : google.protobuf.Int64Value

Time period, in number of days since the version of a delete marker was classified as non-current, after which the delete marker expires.

NoncurrentExpiration

noncurrentDays : google.protobuf.Int64Value

Time period, in number of days since the version of an object was classified as non-current, after which the version expires.

NoncurrentTransition

List of transition rules for non-current versions of objects in a bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED) or suspended (VERSIONING_SUSPENDED).

At transition, the non-current version of the object is transitioned to the specified storage class.

noncurrentDays : google.protobuf.Int64Value

Time period, in number of days since the version of an object was classified as non-current, after which the version is transitioned.

storageClass : string

Storage class to which a non-current version of an object is transitioned from standard storage.

The only supported class is cold storage (COLD, STANDARD_IA, NEARLINE all synonyms). Transitions from cold to standard storage and transitions to or from ice storage are not allowed.

Transition

List of transition rules.

The transition of an object is described as follows.

For the unversioned bucket (Bucket.versioning is VERSIONING_DISABLED), the object is transitioned to the specified storage class.

For the bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED) or suspended (VERSIONING_SUSPENDED), the current version of the object is transitioned to the specified storage class.

date : google.protobuf.Timestamp

Specific date of object transition.

The rule continues to apply even after the date has passed, i.e. any new objects created in the bucket are transitioned immediately.

At most one of date and days fields can be specified.

days : google.protobuf.Int64Value

Time period, in number of days from the creation or modification of the object, after which an object is transitioned.

At most one of days and date fields can be specified.

storageClass : string

Storage class to which an object is transitioned from standard storage.

The only supported class is cold storage (COLD, STANDARD_IA, NEARLINE all synonyms). Transitions from cold to standard storage and transitions to or from ice storage are not allowed.

Expiration

date : google.protobuf.Timestamp

Specific date of object expiration.

The rule continues to apply even after the date has passed, i.e. any new objects created in the bucket expire immediately.

Exactly one of date, days, and expired_object_delete_marker fields can be specified.

days : google.protobuf.Int64Value

Time period, in number of days from the creation or modification of the object, after which an object expires.

Exactly one of days, date, and expired_object_delete_marker fields can be specified.

expiredObjectDeleteMarker : google.protobuf.BoolValue

Indicates whether a delete marker of an object with no non-current versions (referred to as an expired object delete marker) is removed at the object's expiration.

Exactly one of expired_object_delete_marker, date, and days fields can be specified.

RuleFilter

And
prefix : string
objectSizeGreaterThan : google.protobuf.Int64Value
objectSizeLessThan : google.protobuf.Int64Value
tag : Tag
prefix : string

Key prefix that the object must have in order for the rule to apply.

objectSizeGreaterThan : google.protobuf.Int64Value

Size that the object must be greater.

objectSizeLessThan : google.protobuf.Int64Value

Size that the object must be less t.

tag : Tag

Tags that the object's tag set must have for the rule to apply.

andOperator : And

Apply a logical AND to all of the predicates configured inside the And operator.

id : google.protobuf.StringValue

ID of the rule. Provided by the client or generated at creation time.

enabled : bool

Indicates whether the rule is in effect.

filter : RuleFilter

Filter that identifies the objects to which the rule applies.

If not specified, the rule applies to all objects in the bucket.

expiration : Expiration

Expiration rule.

The expiration of an object is described as follows.

For the unversioned bucket (Bucket.versioning is VERSIONING_DISABLED), the object is deleted and cannot be recovered.

For the bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED), the current version of the object (if it exists and is not a delete marker) is retained as a non-current version, and a delete marker becomes the current version of the object.

For the bucket with versioning suspended (Bucket.versioning is VERSIONING_SUSPENDED), the current version of the object is retained as a non-current version if it is not a delete marker, or is removed otherwise, and a delete marker becomes the current version of the object.

transitions : Transition

List of transition rules.

The transition of an object is described as follows.

For the unversioned bucket (Bucket.versioning is VERSIONING_DISABLED), the object is transitioned to the specified storage class.

For the bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED) or suspended (VERSIONING_SUSPENDED), the current version of the object is transitioned to the specified storage class.

abortIncompleteMultipartUpload : AfterDays

Configuration for aborting incomplete multipart uploads.

noncurrentExpiration : NoncurrentExpiration

Expiration rule for non-current versions of objects in a bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED) or suspended (VERSIONING_SUSPENDED).

At expiration, the non-current version of the object is deleted and cannot be recovered.

noncurrentTransitions : NoncurrentTransition

List of transition rules for non-current versions of objects in a bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED) or suspended (VERSIONING_SUSPENDED).

At transition, the non-current version of the object is transitioned to the specified storage class.

noncurrentDeleteMarkers : NoncurrentDeleteMarkers

Expiration rule for non-current delete markers of an objects in a bucket with versioning enabled (Bucket.versioning is VERSIONING_ENABLED) or suspended (VERSIONING_SUSPENDED). Works in the same way as noncurrent_expiration rule, but only for delete markers.

At expiration, the non-current delete marker of the object is deleted and cannot be recovered.

ObjectLock

A resource for Object Lock configuration of a bucket. For details about the concept, see documentation.

ObjectLockStatus

Activity status of the object lock settings on the bucket

  • OBJECT_LOCK_STATUS_UNSPECIFIED

    Activity status of the object lock settings on the bucket

  • OBJECT_LOCK_STATUS_DISABLED

    Activity status of the object lock settings on the bucket

  • OBJECT_LOCK_STATUS_ENABLED

    Activity status of the object lock settings on the bucket

DefaultRetention

Default lock configuration for added objects

Mode

Lock type

  • MODE_UNSPECIFIED

    Lock type

  • MODE_GOVERNANCE

    Lock type

  • MODE_COMPLIANCE

    Lock type

mode : Mode

One of period

  • days : int64

    Number of days for locking

  • years : int64

    Number of years for locking

status : ObjectLockStatus
defaultRetention : DefaultRetention

ObjectLockLegalHold

status : string

Indicates whether the specified object has a legal hold in place.

ObjectLockRetention

mode : string

Indicates the Retention mode for the specified object.

retainUntilDate : google.protobuf.Timestamp

The date on which this object lock retention will expire.

ObjectTag

key : string

Key of the object tag.

value : string

Value of the object tag.

OptionalSizeByClass

A resource for size of available space in a bucket for a storage class.

storageClass : string

Storage class. Supported classes are standard storage (STANDARD), cold storage (COLD, STANDARD_IA, NEARLINE all synonyms), and ice storage (ICE and GLACIER are synonyms). For details, see documentation.

classSize : google.protobuf.Int64Value

Size of available space in the bucket for the storage class.

S3APICopyObjectResponse

Represents a response of the copy object request to S3.

copyObjectResult : CopyObjectResult

Container for all response elements.

requestId : string

Unique request ID.

copySourceVersionId : string

Version ID of the source object that was copied.

versionId : string

Version ID of the newly created copy.

S3APIDeleteObjectResponse

Represents a response of the delete object request to S3.

requestId : string

Unique request ID.

versionId : string

Version ID of the object.

S3APIDeleteObjectTaggingResponse

Represents a response of delete object tagging request to S3.

requestId : string

Unique request ID.

versionId : string

The versionId of the object the tag-set was removed from.

S3APIDeleteObjectsResponse

Represents a response of the delete objects request to S3.

deleted : SuccessfullyDeletedObject

List of successfully deleted objects

errors : DeleteObjectError

List of objects that attempted to be deleted but encountered an error

requestId : string

Unique request ID.

S3APIGetObjectLegalHoldResponse

Represents a response of the get object legal hold request to S3.

requestId : string

Unique request ID.

legalHold : ObjectLockLegalHold

The current legal hold status for the specified object.

S3APIGetObjectResponse

Represents a response of the get object request to S3.

etag : string

MD5 hash of the object.

requestId : string

Unique request ID.

acceptRanges : string

Indicates that a range of bytes was specified in the request.

cacheControl : string

Specifies caching behavior along the request/reply chain.

contentDisposition : string

Specifies presentational information for the object.

contentEncoding : string

Indicates what content encodings have been applied to the object.

contentLanguage : string

The language the content is in.

contentLength : int64

Size of the body in bytes.

contentRange : string

The portion of the object returned in the response.

contentType : string

A standard MIME type describing the format of the object data.

versionId : string

Version ID of the object.

expiresAt : google.protobuf.Timestamp

The date and time at which the object is no longer cacheable.

lastModifiedAt : google.protobuf.Timestamp

Date and time when the object was last modified.

metadata : string

Object user-defined metadata.

storageClass : string

Provides storage class information of the object.

serverSideEncryption : string

Encryption algorithm used to encrypt the object.

sseKmsKeyId : string

ID of the key KMS.

objectLockMode : string

Type of retention put on the object.

objectLockRetainUntilDate : google.protobuf.Timestamp

Date and time until which the object is retained

objectLockLegalHoldStatus : string

Type of legal hold put on the object

S3APIGetObjectRetentionResponse

Represents a response of the get object retention request to S3.

requestId : string

Unique request ID.

retention : ObjectLockRetention

An object retention settings.

S3APIGetObjectTaggingResponse

Represents a response of get object tagging request to S3.

requestId : string

Unique request ID.

versionId : string

The versionId of the object for which you got the tagging information.

tagSet : ObjectTag

Contains the tag set.

S3APIPutObjectLegalHoldResponse

Represents a response of the put object retention request to S3.

requestId : string

Unique request ID.

S3APIPutObjectResponse

Represents a response of the put object request to S3.

etag : string

MD5 hash of the object.

requestId : string

Unique request ID.

versionId : string

Version ID of the object.

S3APIPutObjectRetentionResponse

Represents a response of the put object retention request to S3.

requestId : string

Unique request ID.

S3APIPutObjectTaggingResponse

Represents a response of put object tagging request to S3.

requestId : string

Unique request ID.

versionId : string

The versionId of the object the tag-set was added to.

SizeByClass

A resource for size of used space in a bucket for a storage class.

storageClass : string

Storage class. Supported classes are standard storage (STANDARD), cold storage (COLD, STANDARD_IA, NEARLINE all synonyms), and ice storage (ICE and GLACIER are synonyms). For details, see documentation.

classSize : int64

Size of used space in the bucket for the storage class.

SuccessfullyDeletedObject

key : string

The name of the deleted object.

versionId : string

The version ID of the deleted object.

deleteMarker : bool

Specifies whether the versioned object that was permanently deleted was (true) or was not (false) a delete marker.

deleteMarkerVersionId : string

The version ID of the delete marker created as a result of the DELETE operation.

Tag

key : string

Key of the bucket tag.

value : string

Value of the bucket tag.

WebsiteSettings

Protocol

  • PROTOCOL_UNSPECIFIED

  • PROTOCOL_HTTP

    http scheme.

  • PROTOCOL_HTTPS

    https scheme.

Scheme

A configuration resource for redirecting all requests sent to the website.

protocol : Protocol

Scheme of the redirect URI.

hostname : string

Hostname of the redirect URI.

Condition

httpErrorCodeReturnedEquals : string

HTTP status code (number only) that must match for the redirect to apply.

keyPrefixEquals : string

Prefix of the object key from which requests are redirected.

Redirect

hostname : string

Hostname of the redirect URI.

httpRedirectCode : string

HTTP status code of the redirect response.

Default value: "301".

protocol : Protocol

Scheme of the redirect URI.

replaceKeyPrefixWith : string

Substitution for the prefix of the object key specified in Condition.key_prefix_equals.

At most one of replace_key_prefix_with and replace_key_with can be specified.

replaceKeyWith : string

New object key.

At most one of replace_key_with and replace_key_prefix_with can be specified.

RoutingRule

List of redirect rules.

condition : Condition

Redirect condition.

redirect : Redirect

Redirect instructions.

index : string

Key of the index page object that is returned when a response is made to the root of the website.

Either index or redirect_all_requests must be specified in order for the bucket to host a static website.

If specified, the index page object must be located in the root of the bucket.

error : string

Key of the error page object that is returned when an error occurs.

redirectAllRequests : Scheme

Configuration for redirecting all requests sent to the website.

Either redirect_all_requests or index must be specified in order for the bucket to host a static website. If redirect_all_requests is specified, it must be the only field in Bucket.website_settings.

routingRules : RoutingRule

List of redirect rules.