Console
Start free

gcloud alpha storage buckets update

NAME
gcloud alpha storage buckets update - update bucket settings
SYNOPSIS
gcloud alpha storage buckets update [URL …] [--additional-headers=HEADER=VALUE] [--clear-soft-delete] [--continue-on-error, -c] [--[no-]default-event-based-hold] [--default-storage-class=DEFAULT_STORAGE_CLASS] [--encryption-enforcement-file=ENCRYPTION_ENFORCEMENT_FILE] [--lock-retention-period] [--read-paths-from-stdin, -I] [--recovery-point-objective=SETTING, --rpo=SETTING] [--[no-]requester-pays] [--soft-delete-duration=SOFT_DELETE_DURATION] [--[no-]uniform-bucket-level-access] [--[no-]versioning] [--acl-file=ACL_FILE --add-acl-grant=[ACL_GRANT,…] --canned-acl=PREDEFINED_ACL, --predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL --remove-acl-grant=REMOVE_ACL_GRANT] [--add-default-object-acl-grant=[DEFAULT_OBJECT_ACL_GRANT,…] --default-object-acl-file=DEFAULT_OBJECT_ACL_FILE --predefined-default-object-acl=PREDEFINED_DEFAULT_OBJECT_ACL --remove-default-object-acl-grant=REMOVE_DEFAULT_OBJECT_ACL_GRANT] [--clear-cors     | --cors-file=CORS_FILE] [--clear-default-encryption-key     | --default-encryption-key=DEFAULT_ENCRYPTION_KEY] [--clear-ip-filter     | --ip-filter-file=IP_FILTER_FILE] [--clear-labels     | --labels-file=LABELS_FILE     | --remove-labels=[LABEL_KEYS,…] --update-labels=[LABEL_KEYS_AND_VALUES,…]] [--clear-lifecycle     | --lifecycle-file=LIFECYCLE_FILE] [--clear-log-bucket     | --log-bucket=LOG_BUCKET] [--clear-log-object-prefix     | --log-object-prefix=LOG_OBJECT_PREFIX] [--clear-pap, --clear-public-access-prevention     | --[no-]pap, --[no-]public-access-prevention] [--clear-retention-period     | --retention-period=RETENTION_PERIOD] [--clear-web-error-page     | --web-error-page=WEB_ERROR_PAGE] [--clear-web-main-page-suffix     | --web-main-page-suffix=WEB_MAIN_PAGE_SUFFIX] [--autoclass-terminal-storage-class=AUTOCLASS_TERMINAL_STORAGE_CLASS --[no-]enable-autoclass] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Update a bucket.
EXAMPLES
The following command updates the retention period of a Cloud Storage bucket named "my-bucket" to one year and thirty-six minutes: 
gcloud alpha storage buckets update gs://my-bucket --retention-period=1y36m

The following command clears the retention period of a bucket: 

gcloud alpha storage buckets update gs://my-bucket --clear-retention-period
POSITIONAL ARGUMENTS
[URL …]
Specifies the URLs of the buckets to update.
FLAGS
--additional-headers=HEADER=VALUE
Includes arbitrary headers in storage API calls. Accepts a comma separated list of key=value pairs, e.g. header1=value1,header2=value2. Overrides the default storage/additional_headers property value for this command invocation.
--clear-soft-delete
Clears bucket soft delete settings. Does not affect objects already in soft-deleted state.
--continue-on-error, -c
If any operations are unsuccessful, the command will exit with a non-zero exit status after completing the remaining operations. This flag takes effect only in sequential execution mode (i.e. processor and thread count are set to 1). Parallelism is default.
--[no-]default-event-based-hold
Sets the default value for an event-based hold on the bucket. By setting the default event-based hold on a bucket, newly-created objects inherit that value as their event-based hold (it is not applied retroactively). Use --default-event-based-hold to enable and --no-default-event-based-hold to disable.
--default-storage-class=DEFAULT_STORAGE_CLASS
Sets the default storage class for the bucket.
--encryption-enforcement-file=ENCRYPTION_ENFORCEMENT_FILE
Sets the encryption enforcement configuration for the bucket from a JSON file. This configuration determines restrictions on the types of encryption (GMEK, CMEK, CSEK) allowed for new objects created in the bucket.

The JSON file should contain an object with keys among "gmekEnforcement", "cmekEnforcement", and "csekEnforcement". Each of these keys, if present, should have a "restrictionMode" key, determining whether the corresponding encryption type should be allowed or restricted for new objects.

Valid values for "restrictionMode" are:

Example JSON file content, to enforce only CMEK for new objects: 

{
  "gmekEnforcement": {
    "restrictionMode": "FullyRestricted"
  },
  "cmekEnforcement": {
    "restrictionMode": "NotRestricted"
  },
  "csekEnforcement": {
    "restrictionMode": "FullyRestricted"
  }
}
 Omitted keys will not be sent in the API request. To clear restrictions for a specific encryption-type during an update, set its "restrictionMode" to "NotRestricted". For example, to clear any restrictions on GMEK: { "gmekEnforcement": { "restrictionMode": "NotRestricted" } }
--lock-retention-period
Locks an unlocked retention policy on the buckets. Caution: A locked retention policy cannot be removed from a bucket or reduced in duration. Once locked, deleting the bucket is the only way to "remove" a retention policy.
--read-paths-from-stdin, -I
Read the list of URLs from stdin.
--recovery-point-objective=SETTING, --rpo=SETTING
Sets the recovery point objective of a bucket. This flag can only be used with multi-region and dual-region buckets. DEFAULT option is valid for multi-region and dual-regions buckets. ASYNC_TURBO option is only valid for dual-region buckets. If unspecified when the bucket is created, it defaults to DEFAULT for dual-region and multi-region buckets. For more information, see replication in Cloud Storage. SETTING must be one of: ASYNC_TURBO, DEFAULT.
--[no-]requester-pays
Allows you to configure a Cloud Storage bucket so that the requester pays all costs related to accessing the bucket and its objects. Use --requester-pays to enable and --no-requester-pays to disable.
--soft-delete-duration=SOFT_DELETE_DURATION
Duration to retain soft-deleted objects. For example, "2w1d" is two weeks and one day.
--[no-]uniform-bucket-level-access
Enables or disables uniform bucket-level access for the buckets. Use --uniform-bucket-level-access to enable and --no-uniform-bucket-level-access to disable.
--[no-]versioning
Allows you to configure a Cloud Storage bucket to keep old versions of objects. Use --versioning to enable and --no-versioning to disable.
--acl-file=ACL_FILE
Path to a local JSON or YAML formatted file containing a valid policy. See the ObjectAccessControls resource for a representation of JSON formatted files. The output of gcloud storage [buckets|objects] describe --format="multi(acl:format=json)" is a valid file and can be edited for more fine-grained control.
--add-acl-grant=[ACL_GRANT,…]
Key-value pairs mirroring the JSON accepted by your cloud provider. For example, for Cloud Storage,--add-acl-grant=entity=user-tim@gmail.com,role=OWNER
--canned-acl=PREDEFINED_ACL, --predefined-acl=PREDEFINED_ACL, -a PREDEFINED_ACL
Applies predefined, or "canned," ACLs to a resource. See docs for a list of predefined ACL constants: https://cloud.google.com/storage/docs/access-control/lists#predefined-acl
--remove-acl-grant=REMOVE_ACL_GRANT
Key-value pairs mirroring the JSON accepted by your cloud provider. For example, for Cloud Storage, --remove-acl-grant=ENTITY, where ENTITY has a valid ACL entity format, such as user-tim@gmail.com, group-admins, allUsers, etc.
--add-default-object-acl-grant=[DEFAULT_OBJECT_ACL_GRANT,…]
Adds default object ACL grant. See --add-acl-grant help text for more details.
--default-object-acl-file=DEFAULT_OBJECT_ACL_FILE
Sets the default object ACL from file for the bucket.
--predefined-default-object-acl=PREDEFINED_DEFAULT_OBJECT_ACL
Apply a predefined set of default object access controls tobuckets
--remove-default-object-acl-grant=REMOVE_DEFAULT_OBJECT_ACL_GRANT
Removes default object ACL grant. See --remove-acl-grant help text for more details.
At most one of these can be specified:
--clear-cors
Clears the bucket's CORS settings.
--cors-file=CORS_FILE
Sets the Cross-Origin Resource Sharing (CORS) configuration on a bucket. An example CORS JSON document looks like the following: 
[
  {
    "origin": ["http://origin1.example.com"],
    "responseHeader": ["Content-Type"],
    "method": ["GET"],
    "maxAgeSeconds": 3600
  }
]
 For more information about supported endpoints for CORS, see Cloud Storage CORS support. At most one of these can be specified:
--clear-default-encryption-key
Clears the bucket's default encryption key.
--default-encryption-key=DEFAULT_ENCRYPTION_KEY
Set the default KMS key for the bucket.
At most one of these can be specified:
--clear-ip-filter
Disables and clears IP filter configuration of the bucket.
--ip-filter-file=IP_FILTER_FILE
Sets the IP filter for the bucket. The IP filter is a list of ip ranges that are allowed to access the bucket. For example, The following JSON document shows the IP filter configuration with mode enabled and list of public network sources and vpc network sources: 
{
  "mode": "Enabled",
  "publicNetworkSource": { "allowedIpCidrRanges": ["0.0.0.0/0"] },
  "vpcNetworkSources": [
      {
          "network": "projects/PROJECT_NAME/global/networks/NETWORK_NAME",
          "allowedIpCidrRanges": ["0.0.0.0/0"]
      },
  ]
}
 For more information about supported configurations, see Cloud Storage bucket IP filtering configurations At most one of these can be specified:
--clear-labels
Clear all labels associated with a bucket.
--labels-file=LABELS_FILE
Sets the label configuration for the bucket. An example label JSON document looks like the following: 
{
  "your_label_key": "your_label_value",
  "your_other_label_key": "your_other_label_value"
}
Or at least one of these can be specified:
--remove-labels=[LABEL_KEYS,…]
Remove labels by their key names.
--update-labels=[LABEL_KEYS_AND_VALUES,…]
Add or update labels. Example: --update-labels=key1=value1,key2=value2
At most one of these can be specified:
--clear-lifecycle
Removes all lifecycle configuration for the bucket.
--lifecycle-file=LIFECYCLE_FILE
Sets the lifecycle management configuration on a bucket. For example, The following lifecycle management configuration JSON document specifies that all objects in this bucket that are more than 365 days old are deleted automatically: 
{
  "rule":
  [
    {
      "action": {"type": "Delete"},
      "condition": {"age": 365}
    }
  ]
}
At most one of these can be specified:
--clear-log-bucket
Disables usage and storage logging for the bucket specified in the overall update command.
--log-bucket=LOG_BUCKET
Enables usage and storage logging for the bucket specified in the overall update command, outputting log files to the bucket specified in this flag. Cloud Storage does not validate the existence of the bucket receiving logs. In addition to enabling logging on your bucket, you also need to grant cloud-storage-analytics@google.com write access to the log bucket.
At most one of these can be specified:
--clear-log-object-prefix
Clears the prefix used to determine the naming of log objects in the logging bucket.
--log-object-prefix=LOG_OBJECT_PREFIX
Specifies a prefix for the names of logs generated in the log bucket. The default prefix is the bucket name. If logging is not enabled, this flag has no effect.
At most one of these can be specified:
--clear-pap, --clear-public-access-prevention
Unsets the public access prevention setting on a bucket.
--[no-]pap, --[no-]public-access-prevention
If True, sets public access prevention to "enforced". If False, sets public access prevention to "inherited". Use --public-access-prevention to enable and --no-public-access-prevention to disable.
At most one of these can be specified:
--clear-retention-period
Clears the object retention period for a bucket.
--retention-period=RETENTION_PERIOD
Minimum retention period for objects stored in the bucket, for example --retention-period=P1Y1M1DT5S. Objects added to the bucket cannot be deleted until they've been stored for the specified length of time. Default is no retention period. Only available for Cloud Storage using the JSON API.
At most one of these can be specified:
--clear-web-error-page
Clear website error page if bucket is hosting website.
--web-error-page=WEB_ERROR_PAGE
Cloud Storage allows you to configure a bucket to behave like a static website. A subsequent GET bucket request through a custom domain for a non-existent object serves the specified error page instead of the standard Cloud Storage error.
At most one of these can be specified:
--clear-web-main-page-suffix
Clear website main page suffix if bucket is hosting website.
--web-main-page-suffix=WEB_MAIN_PAGE_SUFFIX
Cloud Storage allows you to configure a bucket to behave like a static website. A subsequent GET bucket request through a custom domain serves the specified "main" page instead of performing the usual bucket listing.
AUTOCLASS FLAGS
--autoclass-terminal-storage-class=AUTOCLASS_TERMINAL_STORAGE_CLASS
The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Only valid if Autoclass is enabled.
--[no-]enable-autoclass
The Autoclass feature automatically selects the best storage class for objects based on access patterns. Use --enable-autoclass to enable and --no-enable-autoclass to disable.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available: 
gcloud storage buckets update