Cloud Storage JSON API . objects

Instance Methods

compose(destinationBucket=*, destinationObject=*, body=None, ifGenerationMatch=None, ifMetagenerationMatch=None, userProject=None, destinationPredefinedAcl=None, kmsKeyName=None, provisionalUserProject=None)

Concatenates a list of existing objects into a new object in the same bucket.

copy(sourceBucket=*, sourceObject=*, destinationBucket=*, destinationObject=*, body=None, projection=None, sourceGeneration=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationNotMatch=None, destinationKmsKeyName=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, destinationPredefinedAcl=None, ifSourceGenerationMatch=None, ifSourceMetagenerationMatch=None, ifMetagenerationNotMatch=None)

Copies a source object to a destination object. Optionally overrides metadata.

delete(bucket=*, object=*, ifGenerationNotMatch=None, generation=None, ifMetagenerationMatch=None, userProject=None, ifGenerationMatch=None, provisionalUserProject=None, ifMetagenerationNotMatch=None)

Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.

get(bucket=*, object=*, ifGenerationNotMatch=None, generation=None, ifMetagenerationMatch=None, userProject=None, ifGenerationMatch=None, provisionalUserProject=None, ifMetagenerationNotMatch=None, projection=None)

Retrieves an object or its metadata.

getIamPolicy(bucket=*, object=*, generation=None, userProject=None, provisionalUserProject=None)

Returns an IAM policy for the specified object.

get_media(bucket=*, object=*, ifGenerationNotMatch=None, generation=None, ifMetagenerationMatch=None, userProject=None, ifGenerationMatch=None, provisionalUserProject=None, ifMetagenerationNotMatch=None, projection=None)

Retrieves an object or its metadata.

insert(bucket=*, body=None, projection=None, kmsKeyName=None, media_body=None, predefinedAcl=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, name=None, ifMetagenerationMatch=None, userProject=None, contentEncoding=None, media_mime_type=None, ifMetagenerationNotMatch=None)

Stores a new object and metadata.

list(bucket=*, projection=None, prefix=None, startOffset=None, pageToken=None, endOffset=None, maxResults=None, provisionalUserProject=None, versions=None, userProject=None, delimiter=None, includeTrailingDelimiter=None)

Retrieves a list of objects matching the criteria.

list_next(previous_request=*, previous_response=*)

Retrieves the next page of results.

patch(bucket=*, object=*, body=None, projection=None, generation=None, predefinedAcl=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, ifMetagenerationNotMatch=None)

Patches an object's metadata.

rewrite(sourceBucket=*, sourceObject=*, destinationBucket=*, destinationObject=*, body=None, projection=None, sourceGeneration=None, maxBytesRewrittenPerCall=None, ifSourceGenerationNotMatch=None, ifGenerationMatch=None, ifSourceMetagenerationNotMatch=None, destinationKmsKeyName=None, rewriteToken=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, destinationPredefinedAcl=None, ifSourceGenerationMatch=None, ifSourceMetagenerationMatch=None, ifMetagenerationNotMatch=None)

Rewrites a source object to a destination object. Optionally overrides metadata.

setIamPolicy(bucket=*, object=*, body=None, generation=None, userProject=None, provisionalUserProject=None)

Updates an IAM policy for the specified object.

testIamPermissions(bucket=*, object=*, permissions=*, generation=None, userProject=None, provisionalUserProject=None)

Tests a set of permissions on the given object to see which, if any, are held by the caller.

update(bucket=*, object=*, body=None, projection=None, generation=None, predefinedAcl=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, ifMetagenerationNotMatch=None)

Updates an object's metadata.

watchAll(bucket=*, body=None, projection=None, prefix=None, startOffset=None, pageToken=None, endOffset=None, maxResults=None, provisionalUserProject=None, versions=None, userProject=None, delimiter=None, includeTrailingDelimiter=None)

Watch for changes on all objects in a bucket.

Method Details

compose(destinationBucket=*, destinationObject=*, body=None, ifGenerationMatch=None, ifMetagenerationMatch=None, userProject=None, destinationPredefinedAcl=None, kmsKeyName=None, provisionalUserProject=None)
Concatenates a list of existing objects into a new object in the same bucket.

Args:
  destinationBucket: string, Name of the bucket containing the source objects. The destination object is stored in this bucket. (required)
  destinationObject: string, Name of the new object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  body: object, The request body.
    The object takes the form of:

{ # A Compose request.
    "kind": "storage#composeRequest", # The kind of item this is.
    "destination": { # An object. # Properties of the resulting object.
        "generation": "A String", # The content generation of this object. Used for object versioning.
        "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
        "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
        "mediaLink": "A String", # Media download link.
        "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
        "owner": { # The owner of the object. This will always be the uploader of the object.
          "entityId": "A String", # The ID for the entity.
          "entity": "A String", # The entity, in the form user-userId.
        },
        "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
        "acl": [ # Access controls on the object.
          { # An access-control entry.
            "domain": "A String", # The domain associated with the entity, if any.
            "generation": "A String", # The content generation of the object, if applied to an object.
            "object": "A String", # The name of the object, if applied to an object.
            "bucket": "A String", # The name of the bucket.
            "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
            "entity": "A String", # The entity holding the permission, in one of the following forms:
                # - user-userId
                # - user-email
                # - group-groupId
                # - group-email
                # - domain-domain
                # - project-team-projectId
                # - allUsers
                # - allAuthenticatedUsers Examples:
                # - The user liz@example.com would be user-liz@example.com.
                # - The group example@googlegroups.com would be group-example@googlegroups.com.
                # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
            "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
            "role": "A String", # The access permission for the entity.
            "id": "A String", # The ID of the access-control entry.
            "entityId": "A String", # The ID for the entity, if any.
            "projectTeam": { # The project team associated with the entity, if any.
              "projectNumber": "A String", # The project number.
              "team": "A String", # The team.
            },
            "email": "A String", # The email address associated with the entity, if any.
            "selfLink": "A String", # The link to this access-control entry.
          },
        ],
        "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
        "size": "A String", # Content-Length of the data in bytes.
        "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
        "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
        "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
        "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
        "etag": "A String", # HTTP 1.1 Entity tag for the object.
        "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
        "metadata": { # User-provided metadata, in key/value pairs.
          "a_key": "A String", # An individual metadata entry.
        },
        "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
        "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
        "contentLanguage": "A String", # Content-Language of the object data.
        "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
          "encryptionAlgorithm": "A String", # The encryption algorithm.
          "keySha256": "A String", # SHA256 hash value of the encryption key.
        },
        "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
        "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
        "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
        "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
        "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
        "name": "A String", # The name of the object. Required if not specified by URL parameter.
        "bucket": "A String", # The name of the bucket containing this object.
        "contentEncoding": "A String", # Content-Encoding of the object data.
        "selfLink": "A String", # The link to this object.
        "contentDisposition": "A String", # Content-Disposition of the object data.
        "storageClass": "A String", # Storage class of the object.
      },
    "sourceObjects": [ # The list of source objects that will be concatenated into a single object.
      {
        "generation": "A String", # The generation of this object to use as the source.
        "name": "A String", # The source object's name. All source objects must reside in the same bucket.
        "objectPreconditions": { # Conditions that must be met for this operation to execute.
          "ifGenerationMatch": "A String", # Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.
        },
      },
    ],
  }

  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  destinationPredefinedAcl: string, Apply a predefined set of access controls to the destination object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  kmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.

Returns:
  An object of the form:

    { # An object.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "mediaLink": "A String", # Media download link.
      "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entityId": "A String", # The ID for the entity.
        "entity": "A String", # The entity, in the form user-userId.
      },
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "domain": "A String", # The domain associated with the entity, if any.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "object": "A String", # The name of the object, if applied to an object.
          "bucket": "A String", # The name of the bucket.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "role": "A String", # The access permission for the entity.
          "id": "A String", # The ID of the access-control entry.
          "entityId": "A String", # The ID for the entity, if any.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "email": "A String", # The email address associated with the entity, if any.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "size": "A String", # Content-Length of the data in bytes.
      "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "contentLanguage": "A String", # Content-Language of the object data.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "bucket": "A String", # The name of the bucket containing this object.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "selfLink": "A String", # The link to this object.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "storageClass": "A String", # Storage class of the object.
    }
copy(sourceBucket=*, sourceObject=*, destinationBucket=*, destinationObject=*, body=None, projection=None, sourceGeneration=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationNotMatch=None, destinationKmsKeyName=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, destinationPredefinedAcl=None, ifSourceGenerationMatch=None, ifSourceMetagenerationMatch=None, ifMetagenerationNotMatch=None)
Copies a source object to a destination object. Optionally overrides metadata.

Args:
  sourceBucket: string, Name of the bucket in which to find the source object. (required)
  sourceObject: string, Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  destinationBucket: string, Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  destinationObject: string, Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "mediaLink": "A String", # Media download link.
    "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entityId": "A String", # The ID for the entity.
      "entity": "A String", # The entity, in the form user-userId.
    },
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "domain": "A String", # The domain associated with the entity, if any.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "object": "A String", # The name of the object, if applied to an object.
        "bucket": "A String", # The name of the bucket.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "role": "A String", # The access permission for the entity.
        "id": "A String", # The ID of the access-control entry.
        "entityId": "A String", # The ID for the entity, if any.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "email": "A String", # The email address associated with the entity, if any.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "size": "A String", # Content-Length of the data in bytes.
    "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "contentLanguage": "A String", # Content-Language of the object data.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "bucket": "A String", # The name of the bucket containing this object.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "selfLink": "A String", # The link to this object.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "storageClass": "A String", # Storage class of the object.
  }

  projection: string, Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  sourceGeneration: string, If present, selects a specific revision of the source object (as opposed to the latest version, the default).
  ifSourceGenerationNotMatch: string, Makes the operation conditional on whether the source object's current generation does not match the given value.
  ifSourceMetagenerationNotMatch: string, Makes the operation conditional on whether the source object's current metageneration does not match the given value.
  destinationKmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  ifGenerationMatch: string, Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the destination object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  destinationPredefinedAcl: string, Apply a predefined set of access controls to the destination object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifSourceGenerationMatch: string, Makes the operation conditional on whether the source object's current generation matches the given value.
  ifSourceMetagenerationMatch: string, Makes the operation conditional on whether the source object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the destination object's current metageneration does not match the given value.

Returns:
  An object of the form:

    { # An object.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "mediaLink": "A String", # Media download link.
      "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entityId": "A String", # The ID for the entity.
        "entity": "A String", # The entity, in the form user-userId.
      },
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "domain": "A String", # The domain associated with the entity, if any.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "object": "A String", # The name of the object, if applied to an object.
          "bucket": "A String", # The name of the bucket.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "role": "A String", # The access permission for the entity.
          "id": "A String", # The ID of the access-control entry.
          "entityId": "A String", # The ID for the entity, if any.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "email": "A String", # The email address associated with the entity, if any.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "size": "A String", # Content-Length of the data in bytes.
      "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "contentLanguage": "A String", # Content-Language of the object data.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "bucket": "A String", # The name of the bucket containing this object.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "selfLink": "A String", # The link to this object.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "storageClass": "A String", # Storage class of the object.
    }
delete(bucket=*, object=*, ifGenerationNotMatch=None, generation=None, ifMetagenerationMatch=None, userProject=None, ifGenerationMatch=None, provisionalUserProject=None, ifMetagenerationNotMatch=None)
Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  generation: string, If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
get(bucket=*, object=*, ifGenerationNotMatch=None, generation=None, ifMetagenerationMatch=None, userProject=None, ifGenerationMatch=None, provisionalUserProject=None, ifMetagenerationNotMatch=None, projection=None)
Retrieves an object or its metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.

Returns:
  An object of the form:

    { # An object.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "mediaLink": "A String", # Media download link.
      "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entityId": "A String", # The ID for the entity.
        "entity": "A String", # The entity, in the form user-userId.
      },
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "domain": "A String", # The domain associated with the entity, if any.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "object": "A String", # The name of the object, if applied to an object.
          "bucket": "A String", # The name of the bucket.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "role": "A String", # The access permission for the entity.
          "id": "A String", # The ID of the access-control entry.
          "entityId": "A String", # The ID for the entity, if any.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "email": "A String", # The email address associated with the entity, if any.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "size": "A String", # Content-Length of the data in bytes.
      "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "contentLanguage": "A String", # Content-Language of the object data.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "bucket": "A String", # The name of the bucket containing this object.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "selfLink": "A String", # The link to this object.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "storageClass": "A String", # Storage class of the object.
    }
getIamPolicy(bucket=*, object=*, generation=None, userProject=None, provisionalUserProject=None)
Returns an IAM policy for the specified object.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.

Returns:
  An object of the form:

    { # A bucket/object IAM policy.
    "resourceId": "A String", # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
    "bindings": [ # An association between a role, which comes with a set of permissions, and members who may assume that role.
      {
        "role": "A String", # The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
            # The new IAM roles are:
            # - roles/storage.admin — Full control of Google Cloud Storage resources.
            # - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
            # - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
            # - roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:
            # - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
            # - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
            # - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
            # - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
            # - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
        "members": [ # A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
            # - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
            # - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
            # - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
            # - serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .
            # - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
            # - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
            # - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
            # - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
            # - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
          "A String",
        ],
        "condition": { # Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" # The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
          "title": "A String", # An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
          "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
          "description": "A String", # An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
          "location": "A String", # An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
        },
      },
    ],
    "etag": "A String", # HTTP 1.1  Entity tag for the policy.
    "kind": "storage#policy", # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
    "version": 42, # The IAM policy format version.
  }
get_media(bucket=*, object=*, ifGenerationNotMatch=None, generation=None, ifMetagenerationMatch=None, userProject=None, ifGenerationMatch=None, provisionalUserProject=None, ifMetagenerationNotMatch=None, projection=None)
Retrieves an object or its metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.

Returns:
  The media object as a string.

    
insert(bucket=*, body=None, projection=None, kmsKeyName=None, media_body=None, predefinedAcl=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, name=None, ifMetagenerationMatch=None, userProject=None, contentEncoding=None, media_mime_type=None, ifMetagenerationNotMatch=None)
Stores a new object and metadata.

Args:
  bucket: string, Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "mediaLink": "A String", # Media download link.
    "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entityId": "A String", # The ID for the entity.
      "entity": "A String", # The entity, in the form user-userId.
    },
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "domain": "A String", # The domain associated with the entity, if any.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "object": "A String", # The name of the object, if applied to an object.
        "bucket": "A String", # The name of the bucket.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "role": "A String", # The access permission for the entity.
        "id": "A String", # The ID of the access-control entry.
        "entityId": "A String", # The ID for the entity, if any.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "email": "A String", # The email address associated with the entity, if any.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "size": "A String", # Content-Length of the data in bytes.
    "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "contentLanguage": "A String", # Content-Language of the object data.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "bucket": "A String", # The name of the bucket containing this object.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "selfLink": "A String", # The link to this object.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "storageClass": "A String", # Storage class of the object.
  }

  projection: string, Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  kmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  media_body: string, The filename of the media request body, or an instance of a MediaUpload object.
  predefinedAcl: string, Apply a predefined set of access controls to this object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  name: string, Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  contentEncoding: string, If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.
  media_mime_type: string, The MIME type of the media request body, or an instance of a MediaUpload object.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.

Returns:
  An object of the form:

    { # An object.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "mediaLink": "A String", # Media download link.
      "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entityId": "A String", # The ID for the entity.
        "entity": "A String", # The entity, in the form user-userId.
      },
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "domain": "A String", # The domain associated with the entity, if any.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "object": "A String", # The name of the object, if applied to an object.
          "bucket": "A String", # The name of the bucket.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "role": "A String", # The access permission for the entity.
          "id": "A String", # The ID of the access-control entry.
          "entityId": "A String", # The ID for the entity, if any.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "email": "A String", # The email address associated with the entity, if any.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "size": "A String", # Content-Length of the data in bytes.
      "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "contentLanguage": "A String", # Content-Language of the object data.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "bucket": "A String", # The name of the bucket containing this object.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "selfLink": "A String", # The link to this object.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "storageClass": "A String", # Storage class of the object.
    }
list(bucket=*, projection=None, prefix=None, startOffset=None, pageToken=None, endOffset=None, maxResults=None, provisionalUserProject=None, versions=None, userProject=None, delimiter=None, includeTrailingDelimiter=None)
Retrieves a list of objects matching the criteria.

Args:
  bucket: string, Name of the bucket in which to look for objects. (required)
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  prefix: string, Filter results to objects whose names begin with this prefix.
  startOffset: string, Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  pageToken: string, A previously-returned page token representing part of the larger set of results to view.
  endOffset: string, Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  maxResults: integer, Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  versions: boolean, If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  delimiter: string, Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.
  includeTrailingDelimiter: boolean, If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.

Returns:
  An object of the form:

    { # A list of objects.
    "nextPageToken": "A String", # The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.
    "items": [ # The list of items.
      { # An object.
          "generation": "A String", # The content generation of this object. Used for object versioning.
          "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
          "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
          "mediaLink": "A String", # Media download link.
          "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
          "owner": { # The owner of the object. This will always be the uploader of the object.
            "entityId": "A String", # The ID for the entity.
            "entity": "A String", # The entity, in the form user-userId.
          },
          "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
          "acl": [ # Access controls on the object.
            { # An access-control entry.
              "domain": "A String", # The domain associated with the entity, if any.
              "generation": "A String", # The content generation of the object, if applied to an object.
              "object": "A String", # The name of the object, if applied to an object.
              "bucket": "A String", # The name of the bucket.
              "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
              "entity": "A String", # The entity holding the permission, in one of the following forms:
                  # - user-userId
                  # - user-email
                  # - group-groupId
                  # - group-email
                  # - domain-domain
                  # - project-team-projectId
                  # - allUsers
                  # - allAuthenticatedUsers Examples:
                  # - The user liz@example.com would be user-liz@example.com.
                  # - The group example@googlegroups.com would be group-example@googlegroups.com.
                  # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
              "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
              "role": "A String", # The access permission for the entity.
              "id": "A String", # The ID of the access-control entry.
              "entityId": "A String", # The ID for the entity, if any.
              "projectTeam": { # The project team associated with the entity, if any.
                "projectNumber": "A String", # The project number.
                "team": "A String", # The team.
              },
              "email": "A String", # The email address associated with the entity, if any.
              "selfLink": "A String", # The link to this access-control entry.
            },
          ],
          "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
          "size": "A String", # Content-Length of the data in bytes.
          "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
          "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
          "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
          "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
          "etag": "A String", # HTTP 1.1 Entity tag for the object.
          "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
          "metadata": { # User-provided metadata, in key/value pairs.
            "a_key": "A String", # An individual metadata entry.
          },
          "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
          "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
          "contentLanguage": "A String", # Content-Language of the object data.
          "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
            "encryptionAlgorithm": "A String", # The encryption algorithm.
            "keySha256": "A String", # SHA256 hash value of the encryption key.
          },
          "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
          "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
          "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
          "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
          "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
          "name": "A String", # The name of the object. Required if not specified by URL parameter.
          "bucket": "A String", # The name of the bucket containing this object.
          "contentEncoding": "A String", # Content-Encoding of the object data.
          "selfLink": "A String", # The link to this object.
          "contentDisposition": "A String", # Content-Disposition of the object data.
          "storageClass": "A String", # Storage class of the object.
        },
    ],
    "kind": "storage#objects", # The kind of item this is. For lists of objects, this is always storage#objects.
    "prefixes": [ # The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.
      "A String",
    ],
  }
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call 'execute()' on to request the next
  page. Returns None if there are no more items in the collection.
    
patch(bucket=*, object=*, body=None, projection=None, generation=None, predefinedAcl=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, ifMetagenerationNotMatch=None)
Patches an object's metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "mediaLink": "A String", # Media download link.
    "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entityId": "A String", # The ID for the entity.
      "entity": "A String", # The entity, in the form user-userId.
    },
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "domain": "A String", # The domain associated with the entity, if any.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "object": "A String", # The name of the object, if applied to an object.
        "bucket": "A String", # The name of the bucket.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "role": "A String", # The access permission for the entity.
        "id": "A String", # The ID of the access-control entry.
        "entityId": "A String", # The ID for the entity, if any.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "email": "A String", # The email address associated with the entity, if any.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "size": "A String", # Content-Length of the data in bytes.
    "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "contentLanguage": "A String", # Content-Language of the object data.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "bucket": "A String", # The name of the bucket containing this object.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "selfLink": "A String", # The link to this object.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "storageClass": "A String", # Storage class of the object.
  }

  projection: string, Set of properties to return. Defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  predefinedAcl: string, Apply a predefined set of access controls to this object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request, for Requester Pays buckets.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.

Returns:
  An object of the form:

    { # An object.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "mediaLink": "A String", # Media download link.
      "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entityId": "A String", # The ID for the entity.
        "entity": "A String", # The entity, in the form user-userId.
      },
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "domain": "A String", # The domain associated with the entity, if any.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "object": "A String", # The name of the object, if applied to an object.
          "bucket": "A String", # The name of the bucket.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "role": "A String", # The access permission for the entity.
          "id": "A String", # The ID of the access-control entry.
          "entityId": "A String", # The ID for the entity, if any.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "email": "A String", # The email address associated with the entity, if any.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "size": "A String", # Content-Length of the data in bytes.
      "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "contentLanguage": "A String", # Content-Language of the object data.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "bucket": "A String", # The name of the bucket containing this object.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "selfLink": "A String", # The link to this object.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "storageClass": "A String", # Storage class of the object.
    }
rewrite(sourceBucket=*, sourceObject=*, destinationBucket=*, destinationObject=*, body=None, projection=None, sourceGeneration=None, maxBytesRewrittenPerCall=None, ifSourceGenerationNotMatch=None, ifGenerationMatch=None, ifSourceMetagenerationNotMatch=None, destinationKmsKeyName=None, rewriteToken=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, destinationPredefinedAcl=None, ifSourceGenerationMatch=None, ifSourceMetagenerationMatch=None, ifMetagenerationNotMatch=None)
Rewrites a source object to a destination object. Optionally overrides metadata.

Args:
  sourceBucket: string, Name of the bucket in which to find the source object. (required)
  sourceObject: string, Name of the source object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  destinationBucket: string, Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any. (required)
  destinationObject: string, Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "mediaLink": "A String", # Media download link.
    "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entityId": "A String", # The ID for the entity.
      "entity": "A String", # The entity, in the form user-userId.
    },
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "domain": "A String", # The domain associated with the entity, if any.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "object": "A String", # The name of the object, if applied to an object.
        "bucket": "A String", # The name of the bucket.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "role": "A String", # The access permission for the entity.
        "id": "A String", # The ID of the access-control entry.
        "entityId": "A String", # The ID for the entity, if any.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "email": "A String", # The email address associated with the entity, if any.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "size": "A String", # Content-Length of the data in bytes.
    "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "contentLanguage": "A String", # Content-Language of the object data.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "bucket": "A String", # The name of the bucket containing this object.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "selfLink": "A String", # The link to this object.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "storageClass": "A String", # Storage class of the object.
  }

  projection: string, Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  sourceGeneration: string, If present, selects a specific revision of the source object (as opposed to the latest version, the default).
  maxBytesRewrittenPerCall: string, The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.
  ifSourceGenerationNotMatch: string, Makes the operation conditional on whether the source object's current generation does not match the given value.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifSourceMetagenerationNotMatch: string, Makes the operation conditional on whether the source object's current metageneration does not match the given value.
  destinationKmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  rewriteToken: string, Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the destination object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  destinationPredefinedAcl: string, Apply a predefined set of access controls to the destination object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifSourceGenerationMatch: string, Makes the operation conditional on whether the source object's current generation matches the given value.
  ifSourceMetagenerationMatch: string, Makes the operation conditional on whether the source object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the destination object's current metageneration does not match the given value.

Returns:
  An object of the form:

    { # A rewrite response.
    "objectSize": "A String", # The total size of the object being copied in bytes. This property is always present in the response.
    "kind": "storage#rewriteResponse", # The kind of item this is.
    "resource": { # An object. # A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes.
        "generation": "A String", # The content generation of this object. Used for object versioning.
        "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
        "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
        "mediaLink": "A String", # Media download link.
        "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
        "owner": { # The owner of the object. This will always be the uploader of the object.
          "entityId": "A String", # The ID for the entity.
          "entity": "A String", # The entity, in the form user-userId.
        },
        "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
        "acl": [ # Access controls on the object.
          { # An access-control entry.
            "domain": "A String", # The domain associated with the entity, if any.
            "generation": "A String", # The content generation of the object, if applied to an object.
            "object": "A String", # The name of the object, if applied to an object.
            "bucket": "A String", # The name of the bucket.
            "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
            "entity": "A String", # The entity holding the permission, in one of the following forms:
                # - user-userId
                # - user-email
                # - group-groupId
                # - group-email
                # - domain-domain
                # - project-team-projectId
                # - allUsers
                # - allAuthenticatedUsers Examples:
                # - The user liz@example.com would be user-liz@example.com.
                # - The group example@googlegroups.com would be group-example@googlegroups.com.
                # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
            "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
            "role": "A String", # The access permission for the entity.
            "id": "A String", # The ID of the access-control entry.
            "entityId": "A String", # The ID for the entity, if any.
            "projectTeam": { # The project team associated with the entity, if any.
              "projectNumber": "A String", # The project number.
              "team": "A String", # The team.
            },
            "email": "A String", # The email address associated with the entity, if any.
            "selfLink": "A String", # The link to this access-control entry.
          },
        ],
        "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
        "size": "A String", # Content-Length of the data in bytes.
        "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
        "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
        "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
        "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
        "etag": "A String", # HTTP 1.1 Entity tag for the object.
        "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
        "metadata": { # User-provided metadata, in key/value pairs.
          "a_key": "A String", # An individual metadata entry.
        },
        "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
        "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
        "contentLanguage": "A String", # Content-Language of the object data.
        "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
          "encryptionAlgorithm": "A String", # The encryption algorithm.
          "keySha256": "A String", # SHA256 hash value of the encryption key.
        },
        "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
        "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
        "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
        "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
        "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
        "name": "A String", # The name of the object. Required if not specified by URL parameter.
        "bucket": "A String", # The name of the bucket containing this object.
        "contentEncoding": "A String", # Content-Encoding of the object data.
        "selfLink": "A String", # The link to this object.
        "contentDisposition": "A String", # Content-Disposition of the object data.
        "storageClass": "A String", # Storage class of the object.
      },
    "done": True or False, # true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response.
    "totalBytesRewritten": "A String", # The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.
    "rewriteToken": "A String", # A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy.
  }
setIamPolicy(bucket=*, object=*, body=None, generation=None, userProject=None, provisionalUserProject=None)
Updates an IAM policy for the specified object.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  body: object, The request body.
    The object takes the form of:

{ # A bucket/object IAM policy.
  "resourceId": "A String", # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
  "bindings": [ # An association between a role, which comes with a set of permissions, and members who may assume that role.
    {
      "role": "A String", # The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
          # The new IAM roles are:
          # - roles/storage.admin — Full control of Google Cloud Storage resources.
          # - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
          # - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
          # - roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:
          # - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
          # - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
          # - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
          # - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
          # - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
      "members": [ # A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
          # - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
          # - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
          # - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
          # - serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .
          # - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
          # - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
          # - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
          # - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
          # - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
        "A String",
      ],
      "condition": { # Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" # The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
        "title": "A String", # An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
        "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
        "description": "A String", # An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
        "location": "A String", # An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
      },
    },
  ],
  "etag": "A String", # HTTP 1.1  Entity tag for the policy.
  "kind": "storage#policy", # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
  "version": 42, # The IAM policy format version.
}

  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.

Returns:
  An object of the form:

    { # A bucket/object IAM policy.
    "resourceId": "A String", # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, and projects/_/buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
    "bindings": [ # An association between a role, which comes with a set of permissions, and members who may assume that role.
      {
        "role": "A String", # The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
            # The new IAM roles are:
            # - roles/storage.admin — Full control of Google Cloud Storage resources.
            # - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
            # - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
            # - roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:
            # - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
            # - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
            # - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
            # - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
            # - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
        "members": [ # A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
            # - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
            # - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
            # - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
            # - serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .
            # - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
            # - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
            # - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
            # - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
            # - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
          "A String",
        ],
        "condition": { # Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" # The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
          "title": "A String", # An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
          "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
          "description": "A String", # An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
          "location": "A String", # An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
        },
      },
    ],
    "etag": "A String", # HTTP 1.1  Entity tag for the policy.
    "kind": "storage#policy", # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
    "version": 42, # The IAM policy format version.
  }
testIamPermissions(bucket=*, object=*, permissions=*, generation=None, userProject=None, provisionalUserProject=None)
Tests a set of permissions on the given object to see which, if any, are held by the caller.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  permissions: string, Permissions to test. (required) (repeated)
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.

Returns:
  An object of the form:

    { # A storage.(buckets|objects).testIamPermissions response.
    "kind": "storage#testIamPermissionsResponse", # The kind of item this is.
    "permissions": [ # The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets or objects. The supported permissions are as follows:
        # - storage.buckets.delete — Delete bucket.
        # - storage.buckets.get — Read bucket metadata.
        # - storage.buckets.getIamPolicy — Read bucket IAM policy.
        # - storage.buckets.create — Create bucket.
        # - storage.buckets.list — List buckets.
        # - storage.buckets.setIamPolicy — Update bucket IAM policy.
        # - storage.buckets.update — Update bucket metadata.
        # - storage.objects.delete — Delete object.
        # - storage.objects.get — Read object data and metadata.
        # - storage.objects.getIamPolicy — Read object IAM policy.
        # - storage.objects.create — Create object.
        # - storage.objects.list — List objects.
        # - storage.objects.setIamPolicy — Update object IAM policy.
        # - storage.objects.update — Update object metadata.
      "A String",
    ],
  }
update(bucket=*, object=*, body=None, projection=None, generation=None, predefinedAcl=None, ifGenerationMatch=None, provisionalUserProject=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, userProject=None, ifMetagenerationNotMatch=None)
Updates an object's metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "mediaLink": "A String", # Media download link.
    "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entityId": "A String", # The ID for the entity.
      "entity": "A String", # The entity, in the form user-userId.
    },
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "domain": "A String", # The domain associated with the entity, if any.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "object": "A String", # The name of the object, if applied to an object.
        "bucket": "A String", # The name of the bucket.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "role": "A String", # The access permission for the entity.
        "id": "A String", # The ID of the access-control entry.
        "entityId": "A String", # The ID for the entity, if any.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "email": "A String", # The email address associated with the entity, if any.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "size": "A String", # Content-Length of the data in bytes.
    "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "contentLanguage": "A String", # Content-Language of the object data.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "bucket": "A String", # The name of the bucket containing this object.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "selfLink": "A String", # The link to this object.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "storageClass": "A String", # Storage class of the object.
  }

  projection: string, Set of properties to return. Defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  predefinedAcl: string, Apply a predefined set of access controls to this object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.

Returns:
  An object of the form:

    { # An object.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "mediaLink": "A String", # Media download link.
      "kmsKeyName": "A String", # Cloud KMS Key used to encrypt this object, if the object is encrypted by such a key.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entityId": "A String", # The ID for the entity.
        "entity": "A String", # The entity, in the form user-userId.
      },
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "domain": "A String", # The domain associated with the entity, if any.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "object": "A String", # The name of the object, if applied to an object.
          "bucket": "A String", # The name of the bucket.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "role": "A String", # The access permission for the entity.
          "id": "A String", # The ID of the access-control entry.
          "entityId": "A String", # The ID for the entity, if any.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "email": "A String", # The email address associated with the entity, if any.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "size": "A String", # Content-Length of the data in bytes.
      "timeDeleted": "A String", # The deletion time of the object in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see Hashes and ETags: Best Practices.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see Hashes and ETags: Best Practices.
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "contentLanguage": "A String", # Content-Language of the object data.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "bucket": "A String", # The name of the bucket containing this object.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "selfLink": "A String", # The link to this object.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "storageClass": "A String", # Storage class of the object.
    }
watchAll(bucket=*, body=None, projection=None, prefix=None, startOffset=None, pageToken=None, endOffset=None, maxResults=None, provisionalUserProject=None, versions=None, userProject=None, delimiter=None, includeTrailingDelimiter=None)
Watch for changes on all objects in a bucket.

Args:
  bucket: string, Name of the bucket in which to look for objects. (required)
  body: object, The request body.
    The object takes the form of:

{ # An notification channel used to watch for resource changes.
    "resourceUri": "A String", # A version-specific identifier for the watched resource.
    "kind": "api#channel", # Identifies this as a notification channel used to watch for changes to a resource, which is "api#channel".
    "resourceId": "A String", # An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.
    "payload": True or False, # A Boolean value to indicate whether payload is wanted. Optional.
    "token": "A String", # An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.
    "params": { # Additional parameters controlling delivery channel behavior. Optional.
      "a_key": "A String", # Declares a new parameter by name.
    },
    "expiration": "A String", # Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.
    "address": "A String", # The address where notifications are delivered for this channel.
    "type": "A String", # The type of delivery mechanism used for this channel.
    "id": "A String", # A UUID or similar unique string that identifies this channel.
  }

  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  prefix: string, Filter results to objects whose names begin with this prefix.
  startOffset: string, Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  pageToken: string, A previously-returned page token representing part of the larger set of results to view.
  endOffset: string, Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  maxResults: integer, Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.
  provisionalUserProject: string, The project to be billed for this request if the target bucket is requester-pays bucket.
  versions: boolean, If true, lists all versions of an object as distinct results. The default is false. For more information, see Object Versioning.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  delimiter: string, Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.
  includeTrailingDelimiter: boolean, If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.

Returns:
  An object of the form:

    { # An notification channel used to watch for resource changes.
      "resourceUri": "A String", # A version-specific identifier for the watched resource.
      "kind": "api#channel", # Identifies this as a notification channel used to watch for changes to a resource, which is "api#channel".
      "resourceId": "A String", # An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.
      "payload": True or False, # A Boolean value to indicate whether payload is wanted. Optional.
      "token": "A String", # An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.
      "params": { # Additional parameters controlling delivery channel behavior. Optional.
        "a_key": "A String", # Declares a new parameter by name.
      },
      "expiration": "A String", # Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.
      "address": "A String", # The address where notifications are delivered for this channel.
      "type": "A String", # The type of delivery mechanism used for this channel.
      "id": "A String", # A UUID or similar unique string that identifies this channel.
    }