Cloud Storage JSON API . objects

Instance Methods

bulkRestore(bucket, body=None)

Initiates a long-running bulk restore operation on the specified bucket.

close()

Close httplib2 connections.

compose(destinationBucket, destinationObject, body=None, destinationPredefinedAcl=None, ifGenerationMatch=None, ifMetagenerationMatch=None, kmsKeyName=None, userProject=None)

Concatenates a list of existing objects into a new object in the same bucket.

copy(sourceBucket, sourceObject, destinationBucket, destinationObject, body=None, destinationKmsKeyName=None, destinationPredefinedAcl=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, ifSourceGenerationMatch=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationMatch=None, ifSourceMetagenerationNotMatch=None, projection=None, sourceGeneration=None, userProject=None)

Copies a source object to a destination object. Optionally overrides metadata.

delete(bucket, object, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, userProject=None)

Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.

get(bucket, object, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, projection=None, restoreToken=None, softDeleted=None, userProject=None)

Retrieves an object or its metadata.

getIamPolicy(bucket, object, generation=None, userProject=None)

Returns an IAM policy for the specified object.

get_media(bucket, object, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, projection=None, restoreToken=None, softDeleted=None, userProject=None)

Retrieves an object or its metadata.

insert(bucket, body=None, contentEncoding=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, kmsKeyName=None, media_body=None, media_mime_type=None, name=None, predefinedAcl=None, projection=None, userProject=None)

Stores a new object and metadata.

list(bucket, delimiter=None, endOffset=None, includeFoldersAsPrefixes=None, includeTrailingDelimiter=None, matchGlob=None, maxResults=None, pageToken=None, prefix=None, projection=None, softDeleted=None, startOffset=None, userProject=None, versions=None)

Retrieves a list of objects matching the criteria.

list_next()

Retrieves the next page of results.

move(bucket, sourceObject, destinationObject, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, ifSourceGenerationMatch=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationMatch=None, ifSourceMetagenerationNotMatch=None, userProject=None)

Moves the source object to the destination object in the same bucket.

patch(bucket, object, body=None, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, overrideUnlockedRetention=None, predefinedAcl=None, projection=None, userProject=None)

Patches an object's metadata.

restore(bucket, object, generation, copySourceAcl=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, projection=None, restoreToken=None, userProject=None)

Restores a soft-deleted object.

rewrite(sourceBucket, sourceObject, destinationBucket, destinationObject, body=None, destinationKmsKeyName=None, destinationPredefinedAcl=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, ifSourceGenerationMatch=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationMatch=None, ifSourceMetagenerationNotMatch=None, maxBytesRewrittenPerCall=None, projection=None, rewriteToken=None, sourceGeneration=None, userProject=None)

Rewrites a source object to a destination object. Optionally overrides metadata.

setIamPolicy(bucket, object, body=None, generation=None, userProject=None)

Updates an IAM policy for the specified object.

testIamPermissions(bucket, object, permissions, generation=None, userProject=None)

Tests a set of permissions on the given object to see which, if any, are held by the caller.

update(bucket, object, body=None, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, overrideUnlockedRetention=None, predefinedAcl=None, projection=None, userProject=None)

Updates an object's metadata.

watchAll(bucket, body=None, delimiter=None, endOffset=None, includeTrailingDelimiter=None, maxResults=None, pageToken=None, prefix=None, projection=None, startOffset=None, userProject=None, versions=None)

Watch for changes on all objects in a bucket.

Method Details

bulkRestore(bucket, body=None)
Initiates a long-running bulk restore operation on the specified bucket.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  body: object, The request body.
    The object takes the form of:

{ # A bulk restore objects request.
  "allowOverwrite": True or False, # If false (default), the restore will not overwrite live objects with the same name at the destination. This means some deleted objects may be skipped. If true, live objects will be overwritten resulting in a noncurrent object (if versioning is enabled). If versioning is not enabled, overwriting the object will result in a soft-deleted object. In either case, if a noncurrent object already exists with the same name, a live version can be written without issue.
  "copySourceAcl": True or False, # If true, copies the source object's ACL; otherwise, uses the bucket's default object ACL. The default is false.
  "matchGlobs": [ # Restores only the objects matching any of the specified glob(s). If this parameter is not specified, all objects will be restored within the specified time range.
    "A String",
  ],
  "softDeletedAfterTime": "A String", # Restores only the objects that were soft-deleted after this time.
  "softDeletedBeforeTime": "A String", # Restores only the objects that were soft-deleted before this time.
}


Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is "false", it means the operation is still in progress. If "true", the operation is completed, and either "error" or "response" is available.
  "error": { # The "Status" type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each "Status" message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English.
  },
  "kind": "storage#operation", # The kind of item this is. For operations, this is always storage#operation.
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the "name" should be a resource name ending with "operations/{operationId}".
  "response": { # The normal response of the operation in case of success. If the original method returns no data on success, such as "Delete", the response is google.protobuf.Empty. If the original method is standard Get/Create/Update, the response should be the resource. For other methods, the response should have the type "XxxResponse", where "Xxx" is the original method name. For example, if the original method name is "TakeSnapshot()", the inferred response type is "TakeSnapshotResponse".
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "selfLink": "A String", # The link to this long running operation.
}
close()
Close httplib2 connections.
compose(destinationBucket, destinationObject, body=None, destinationPredefinedAcl=None, ifGenerationMatch=None, ifMetagenerationMatch=None, kmsKeyName=None, userProject=None)
Concatenates a list of existing objects into a new object in the same bucket.

Args:
  destinationBucket: string, Name of the bucket containing the source objects. The destination object is stored in this bucket. (required)
  destinationObject: string, Name of the new object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  body: object, The request body.
    The object takes the form of:

{ # A Compose request.
  "destination": { # An object. # Properties of the resulting object.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "bucket": "A String", # The name of the bucket.
        "domain": "A String", # The domain associated with the entity, if any.
        "email": "A String", # The email address associated with the entity, if any.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "entityId": "A String", # The ID for the entity, if any.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "id": "A String", # The ID of the access-control entry.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "object": "A String", # The name of the object, if applied to an object.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "role": "A String", # The access permission for the entity.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "bucket": "A String", # The name of the bucket containing this object.
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "contentLanguage": "A String", # Content-Language of the object data.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
    "mediaLink": "A String", # Media download link.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entity": "A String", # The entity, in the form user-userId.
      "entityId": "A String", # The ID for the entity.
    },
    "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
    "retention": { # A collection of object level retention parameters.
      "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
      "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
    },
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "selfLink": "A String", # The link to this object.
    "size": "A String", # Content-Length of the data in bytes.
    "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
    "storageClass": "A String", # Storage class of the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeFinalized": "A String", # The time when the object was finalized.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
  },
  "kind": "storage#composeRequest", # The kind of item this is.
  "sourceObjects": [ # The list of source objects that will be concatenated into a single object.
    {
      "generation": "A String", # The generation of this object to use as the source.
      "name": "A String", # The source object's name. All source objects must reside in the same bucket.
      "objectPreconditions": { # Conditions that must be met for this operation to execute.
        "ifGenerationMatch": "A String", # Only perform the composition if the generation of the source object that would be used matches this value. If this value and a generation are both specified, they must be the same value or the call will fail.
      },
    },
  ],
}

  destinationPredefinedAcl: string, Apply a predefined set of access controls to the destination object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  kmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
copy(sourceBucket, sourceObject, destinationBucket, destinationObject, body=None, destinationKmsKeyName=None, destinationPredefinedAcl=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, ifSourceGenerationMatch=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationMatch=None, ifSourceMetagenerationNotMatch=None, projection=None, sourceGeneration=None, userProject=None)
Copies a source object to a destination object. Optionally overrides metadata.

Args:
  sourceBucket: string, Name of the bucket in which to find the source object. (required)
  sourceObject: string, Name of the source object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  destinationBucket: string, Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any.For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  destinationObject: string, Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}

  destinationKmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  destinationPredefinedAcl: string, Apply a predefined set of access controls to the destination object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifGenerationMatch: string, Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the destination object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the destination object's current metageneration does not match the given value.
  ifSourceGenerationMatch: string, Makes the operation conditional on whether the source object's current generation matches the given value.
  ifSourceGenerationNotMatch: string, Makes the operation conditional on whether the source object's current generation does not match the given value.
  ifSourceMetagenerationMatch: string, Makes the operation conditional on whether the source object's current metageneration matches the given value.
  ifSourceMetagenerationNotMatch: string, Makes the operation conditional on whether the source object's current metageneration does not match the given value.
  projection: string, Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  sourceGeneration: string, If present, selects a specific revision of the source object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
delete(bucket, object, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, userProject=None)
Deletes an object and its metadata. Deletions are permanent if versioning is not enabled for the bucket, or if the generation parameter is used.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  generation: string, If present, permanently deletes a specific revision of this object (as opposed to the latest version, the default).
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
get(bucket, object, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, projection=None, restoreToken=None, softDeleted=None, userProject=None)
Retrieves an object or its metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  restoreToken: string, Restore token used to differentiate soft-deleted objects with the same name and generation. Only applicable for hierarchical namespace buckets and if softDeleted is set to true. This parameter is optional, and is only required in the rare case when there are multiple soft-deleted objects with the same name and generation.
  softDeleted: boolean, If true, only soft-deleted object versions will be listed. The default is false. For more information, see [Soft Delete](https://cloud.google.com/storage/docs/soft-delete).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
getIamPolicy(bucket, object, generation=None, userProject=None)
Returns an IAM policy for the specified object.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # A bucket/object/managedFolder IAM policy.
  "bindings": [ # An association between a role, which comes with a set of permissions, and members who may assume that role.
    {
      "condition": { # Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" # The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
        "description": "A String", # An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
        "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
        "location": "A String", # An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
        "title": "A String", # An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
      },
      "members": [ # A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
          # - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
          # - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
          # - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
          # - serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .
          # - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
          # - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
          # - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
          # - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
          # - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
        "A String",
      ],
      "role": "A String", # The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
          # The new IAM roles are:
          # - roles/storage.admin — Full control of Google Cloud Storage resources.
          # - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
          # - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
          # - roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:
          # - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
          # - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
          # - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
          # - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
          # - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
    },
  ],
  "etag": "A String", # HTTP 1.1  Entity tag for the policy.
  "kind": "storage#policy", # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
  "resourceId": "A String", # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, projects/_/buckets/bucket/objects/object for objects, and projects/_/buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
  "version": 42, # The IAM policy format version.
}
get_media(bucket, object, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, projection=None, restoreToken=None, softDeleted=None, userProject=None)
Retrieves an object or its metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  restoreToken: string, Restore token used to differentiate soft-deleted objects with the same name and generation. Only applicable for hierarchical namespace buckets and if softDeleted is set to true. This parameter is optional, and is only required in the rare case when there are multiple soft-deleted objects with the same name and generation.
  softDeleted: boolean, If true, only soft-deleted object versions will be listed. The default is false. For more information, see [Soft Delete](https://cloud.google.com/storage/docs/soft-delete).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  The media object as a string.

    
insert(bucket, body=None, contentEncoding=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, kmsKeyName=None, media_body=None, media_mime_type=None, name=None, predefinedAcl=None, projection=None, userProject=None)
Stores a new object and metadata.

Args:
  bucket: string, Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any. (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}

  contentEncoding: string, If set, sets the contentEncoding property of the final object to this value. Setting this parameter is equivalent to setting the contentEncoding metadata property. This can be useful when uploading an object with uploadType=media to indicate the encoding of the content being uploaded.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  kmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  media_body: string, The filename of the media request body, or an instance of a MediaUpload object.
  media_mime_type: string, The MIME type of the media request body, or an instance of a MediaUpload object.
  name: string, Name of the object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding).
  predefinedAcl: string, Apply a predefined set of access controls to this object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  projection: string, Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
list(bucket, delimiter=None, endOffset=None, includeFoldersAsPrefixes=None, includeTrailingDelimiter=None, matchGlob=None, maxResults=None, pageToken=None, prefix=None, projection=None, softDeleted=None, startOffset=None, userProject=None, versions=None)
Retrieves a list of objects matching the criteria.

Args:
  bucket: string, Name of the bucket in which to look for objects. (required)
  delimiter: string, Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.
  endOffset: string, Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  includeFoldersAsPrefixes: boolean, Only applicable if delimiter is set to '/'. If true, will also include folders and managed folders (besides objects) in the returned prefixes.
  includeTrailingDelimiter: boolean, If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.
  matchGlob: string, Filter results to objects and prefixes that match this glob pattern.
  maxResults: integer, Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.
  pageToken: string, A previously-returned page token representing part of the larger set of results to view.
  prefix: string, Filter results to objects whose names begin with this prefix.
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  softDeleted: boolean, If true, only soft-deleted object versions will be listed. The default is false. For more information, see [Soft Delete](https://cloud.google.com/storage/docs/soft-delete).
  startOffset: string, Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  versions: boolean, If true, lists all versions of an object as distinct results. The default is false. For more information, see [Object Versioning](https://cloud.google.com/storage/docs/object-versioning).

Returns:
  An object of the form:

    { # A list of objects.
  "items": [ # The list of items.
    { # An object.
      "acl": [ # Access controls on the object.
        { # An access-control entry.
          "bucket": "A String", # The name of the bucket.
          "domain": "A String", # The domain associated with the entity, if any.
          "email": "A String", # The email address associated with the entity, if any.
          "entity": "A String", # The entity holding the permission, in one of the following forms:
              # - user-userId
              # - user-email
              # - group-groupId
              # - group-email
              # - domain-domain
              # - project-team-projectId
              # - allUsers
              # - allAuthenticatedUsers Examples:
              # - The user liz@example.com would be user-liz@example.com.
              # - The group example@googlegroups.com would be group-example@googlegroups.com.
              # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
          "entityId": "A String", # The ID for the entity, if any.
          "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
          "generation": "A String", # The content generation of the object, if applied to an object.
          "id": "A String", # The ID of the access-control entry.
          "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
          "object": "A String", # The name of the object, if applied to an object.
          "projectTeam": { # The project team associated with the entity, if any.
            "projectNumber": "A String", # The project number.
            "team": "A String", # The team.
          },
          "role": "A String", # The access permission for the entity.
          "selfLink": "A String", # The link to this access-control entry.
        },
      ],
      "bucket": "A String", # The name of the bucket containing this object.
      "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
      "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
      "contentDisposition": "A String", # Content-Disposition of the object data.
      "contentEncoding": "A String", # Content-Encoding of the object data.
      "contentLanguage": "A String", # Content-Language of the object data.
      "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
      "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
      "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
      "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
        "encryptionAlgorithm": "A String", # The encryption algorithm.
        "keySha256": "A String", # SHA256 hash value of the encryption key.
      },
      "etag": "A String", # HTTP 1.1 Entity tag for the object.
      "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
      "generation": "A String", # The content generation of this object. Used for object versioning.
      "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
      "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
      "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
      "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
      "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
      "mediaLink": "A String", # Media download link.
      "metadata": { # User-provided metadata, in key/value pairs.
        "a_key": "A String", # An individual metadata entry.
      },
      "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
      "name": "A String", # The name of the object. Required if not specified by URL parameter.
      "owner": { # The owner of the object. This will always be the uploader of the object.
        "entity": "A String", # The entity, in the form user-userId.
        "entityId": "A String", # The ID for the entity.
      },
      "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
      "retention": { # A collection of object level retention parameters.
        "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
        "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
      },
      "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
      "selfLink": "A String", # The link to this object.
      "size": "A String", # Content-Length of the data in bytes.
      "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
      "storageClass": "A String", # Storage class of the object.
      "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
      "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
      "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
      "timeFinalized": "A String", # The time when the object was finalized.
      "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
      "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
    },
  ],
  "kind": "storage#objects", # The kind of item this is. For lists of objects, this is always storage#objects.
  "nextPageToken": "A String", # The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results.
  "prefixes": [ # The list of prefixes of objects matching-but-not-listed up to and including the requested delimiter.
    "A String",
  ],
}
list_next()
Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.
        
move(bucket, sourceObject, destinationObject, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, ifSourceGenerationMatch=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationMatch=None, ifSourceMetagenerationNotMatch=None, userProject=None)
Moves the source object to the destination object in the same bucket.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  sourceObject: string, Name of the source object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  destinationObject: string, Name of the destination object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  ifGenerationMatch: string, Makes the operation conditional on whether the destination object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object. `ifGenerationMatch` and `ifGenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the destination object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.`ifGenerationMatch` and `ifGenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the destination object's current metageneration matches the given value. `ifMetagenerationMatch` and `ifMetagenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the destination object's current metageneration does not match the given value. `ifMetagenerationMatch` and `ifMetagenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifSourceGenerationMatch: string, Makes the operation conditional on whether the source object's current generation matches the given value. `ifSourceGenerationMatch` and `ifSourceGenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifSourceGenerationNotMatch: string, Makes the operation conditional on whether the source object's current generation does not match the given value. `ifSourceGenerationMatch` and `ifSourceGenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifSourceMetagenerationMatch: string, Makes the operation conditional on whether the source object's current metageneration matches the given value. `ifSourceMetagenerationMatch` and `ifSourceMetagenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  ifSourceMetagenerationNotMatch: string, Makes the operation conditional on whether the source object's current metageneration does not match the given value. `ifSourceMetagenerationMatch` and `ifSourceMetagenerationNotMatch` conditions are mutually exclusive: it's an error for both of them to be set in the request.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
patch(bucket, object, body=None, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, overrideUnlockedRetention=None, predefinedAcl=None, projection=None, userProject=None)
Patches an object's metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}

  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  overrideUnlockedRetention: boolean, Must be true to remove the retention configuration, reduce its unlocked retention period, or change its mode from unlocked to locked.
  predefinedAcl: string, Apply a predefined set of access controls to this object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  projection: string, Set of properties to return. Defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  userProject: string, The project to be billed for this request, for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
restore(bucket, object, generation, copySourceAcl=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, projection=None, restoreToken=None, userProject=None)
Restores a soft-deleted object.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  generation: string, Selects a specific revision of this object. (required)
  copySourceAcl: boolean, If true, copies the source object's ACL; otherwise, uses the bucket's default object ACL. The default is false.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's one live generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether none of the object's live generations match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's one live metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether none of the object's live metagenerations match the given value.
  projection: string, Set of properties to return. Defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  restoreToken: string, Restore token used to differentiate sof-deleted objects with the same name and generation. Only applicable for hierarchical namespace buckets. This parameter is optional, and is only required in the rare case when there are multiple soft-deleted objects with the same name and generation.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
rewrite(sourceBucket, sourceObject, destinationBucket, destinationObject, body=None, destinationKmsKeyName=None, destinationPredefinedAcl=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, ifSourceGenerationMatch=None, ifSourceGenerationNotMatch=None, ifSourceMetagenerationMatch=None, ifSourceMetagenerationNotMatch=None, maxBytesRewrittenPerCall=None, projection=None, rewriteToken=None, sourceGeneration=None, userProject=None)
Rewrites a source object to a destination object. Optionally overrides metadata.

Args:
  sourceBucket: string, Name of the bucket in which to find the source object. (required)
  sourceObject: string, Name of the source object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  destinationBucket: string, Name of the bucket in which to store the new object. Overrides the provided object metadata's bucket value, if any. (required)
  destinationObject: string, Name of the new object. Required when the object metadata is not otherwise provided. Overrides the object metadata's name value, if any. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}

  destinationKmsKeyName: string, Resource name of the Cloud KMS key, of the form projects/my-project/locations/global/keyRings/my-kr/cryptoKeys/my-key, that will be used to encrypt the object. Overrides the object metadata's kms_key_name value, if any.
  destinationPredefinedAcl: string, Apply a predefined set of access controls to the destination object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the destination object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the destination object's current metageneration does not match the given value.
  ifSourceGenerationMatch: string, Makes the operation conditional on whether the source object's current generation matches the given value.
  ifSourceGenerationNotMatch: string, Makes the operation conditional on whether the source object's current generation does not match the given value.
  ifSourceMetagenerationMatch: string, Makes the operation conditional on whether the source object's current metageneration matches the given value.
  ifSourceMetagenerationNotMatch: string, Makes the operation conditional on whether the source object's current metageneration does not match the given value.
  maxBytesRewrittenPerCall: string, The maximum number of bytes that will be rewritten per rewrite request. Most callers shouldn't need to specify this parameter - it is primarily in place to support testing. If specified the value must be an integral multiple of 1 MiB (1048576). Also, this only applies to requests where the source and destination span locations and/or storage classes. Finally, this value must not change across rewrite calls else you'll get an error that the rewriteToken is invalid.
  projection: string, Set of properties to return. Defaults to noAcl, unless the object resource specifies the acl property, when it defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  rewriteToken: string, Include this field (from the previous rewrite response) on each rewrite request after the first one, until the rewrite response 'done' flag is true. Calls that provide a rewriteToken can omit all other request fields, but if included those fields must match the values provided in the first rewrite request.
  sourceGeneration: string, If present, selects a specific revision of the source object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # A rewrite response.
  "done": True or False, # true if the copy is finished; otherwise, false if the copy is in progress. This property is always present in the response.
  "kind": "storage#rewriteResponse", # The kind of item this is.
  "objectSize": "A String", # The total size of the object being copied in bytes. This property is always present in the response.
  "resource": { # An object. # A resource containing the metadata for the copied-to object. This property is present in the response only when copying completes.
    "acl": [ # Access controls on the object.
      { # An access-control entry.
        "bucket": "A String", # The name of the bucket.
        "domain": "A String", # The domain associated with the entity, if any.
        "email": "A String", # The email address associated with the entity, if any.
        "entity": "A String", # The entity holding the permission, in one of the following forms:
            # - user-userId
            # - user-email
            # - group-groupId
            # - group-email
            # - domain-domain
            # - project-team-projectId
            # - allUsers
            # - allAuthenticatedUsers Examples:
            # - The user liz@example.com would be user-liz@example.com.
            # - The group example@googlegroups.com would be group-example@googlegroups.com.
            # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
        "entityId": "A String", # The ID for the entity, if any.
        "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
        "generation": "A String", # The content generation of the object, if applied to an object.
        "id": "A String", # The ID of the access-control entry.
        "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
        "object": "A String", # The name of the object, if applied to an object.
        "projectTeam": { # The project team associated with the entity, if any.
          "projectNumber": "A String", # The project number.
          "team": "A String", # The team.
        },
        "role": "A String", # The access permission for the entity.
        "selfLink": "A String", # The link to this access-control entry.
      },
    ],
    "bucket": "A String", # The name of the bucket containing this object.
    "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
    "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
    "contentDisposition": "A String", # Content-Disposition of the object data.
    "contentEncoding": "A String", # Content-Encoding of the object data.
    "contentLanguage": "A String", # Content-Language of the object data.
    "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
    "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
    "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
    "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
      "encryptionAlgorithm": "A String", # The encryption algorithm.
      "keySha256": "A String", # SHA256 hash value of the encryption key.
    },
    "etag": "A String", # HTTP 1.1 Entity tag for the object.
    "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
    "generation": "A String", # The content generation of this object. Used for object versioning.
    "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
    "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
    "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
    "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
    "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
    "mediaLink": "A String", # Media download link.
    "metadata": { # User-provided metadata, in key/value pairs.
      "a_key": "A String", # An individual metadata entry.
    },
    "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
    "name": "A String", # The name of the object. Required if not specified by URL parameter.
    "owner": { # The owner of the object. This will always be the uploader of the object.
      "entity": "A String", # The entity, in the form user-userId.
      "entityId": "A String", # The ID for the entity.
    },
    "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
    "retention": { # A collection of object level retention parameters.
      "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
      "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
    },
    "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
    "selfLink": "A String", # The link to this object.
    "size": "A String", # Content-Length of the data in bytes.
    "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
    "storageClass": "A String", # Storage class of the object.
    "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
    "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
    "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
    "timeFinalized": "A String", # The time when the object was finalized.
    "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
    "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
  },
  "rewriteToken": "A String", # A token to use in subsequent requests to continue copying data. This token is present in the response only when there is more data to copy.
  "totalBytesRewritten": "A String", # The total bytes written so far, which can be used to provide a waiting user with a progress indicator. This property is always present in the response.
}
setIamPolicy(bucket, object, body=None, generation=None, userProject=None)
Updates an IAM policy for the specified object.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  body: object, The request body.
    The object takes the form of:

{ # A bucket/object/managedFolder IAM policy.
  "bindings": [ # An association between a role, which comes with a set of permissions, and members who may assume that role.
    {
      "condition": { # Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" # The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
        "description": "A String", # An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
        "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
        "location": "A String", # An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
        "title": "A String", # An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
      },
      "members": [ # A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
          # - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
          # - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
          # - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
          # - serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .
          # - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
          # - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
          # - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
          # - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
          # - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
        "A String",
      ],
      "role": "A String", # The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
          # The new IAM roles are:
          # - roles/storage.admin — Full control of Google Cloud Storage resources.
          # - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
          # - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
          # - roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:
          # - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
          # - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
          # - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
          # - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
          # - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
    },
  ],
  "etag": "A String", # HTTP 1.1  Entity tag for the policy.
  "kind": "storage#policy", # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
  "resourceId": "A String", # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, projects/_/buckets/bucket/objects/object for objects, and projects/_/buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
  "version": 42, # The IAM policy format version.
}

  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # A bucket/object/managedFolder IAM policy.
  "bindings": [ # An association between a role, which comes with a set of permissions, and members who may assume that role.
    {
      "condition": { # Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0" # The condition that is associated with this binding. NOTE: an unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
        "description": "A String", # An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
        "expression": "A String", # Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
        "location": "A String", # An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
        "title": "A String", # An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
      },
      "members": [ # A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
          # - allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
          # - allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
          # - user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
          # - serviceAccount:emailid — An email address that represents a service account. For example,  serviceAccount:my-other-app@appspot.gserviceaccount.com .
          # - group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
          # - domain:domain — A Google Apps domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
          # - projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
          # - projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
          # - projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
        "A String",
      ],
      "role": "A String", # The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
          # The new IAM roles are:
          # - roles/storage.admin — Full control of Google Cloud Storage resources.
          # - roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
          # - roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
          # - roles/storage.objectAdmin — Full control of Google Cloud Storage objects.   The legacy IAM roles are:
          # - roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
          # - roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
          # - roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
          # - roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
          # - roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
    },
  ],
  "etag": "A String", # HTTP 1.1  Entity tag for the policy.
  "kind": "storage#policy", # The kind of item this is. For policies, this is always storage#policy. This field is ignored on input.
  "resourceId": "A String", # The ID of the resource to which this policy belongs. Will be of the form projects/_/buckets/bucket for buckets, projects/_/buckets/bucket/objects/object for objects, and projects/_/buckets/bucket/managedFolders/managedFolder. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input.
  "version": 42, # The IAM policy format version.
}
testIamPermissions(bucket, object, permissions, generation=None, userProject=None)
Tests a set of permissions on the given object to see which, if any, are held by the caller.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  permissions: string, Permissions to test. (required) (repeated)
  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # A storage.(buckets|objects|managedFolders).testIamPermissions response.
  "kind": "storage#testIamPermissionsResponse", # The kind of item this is.
  "permissions": [ # The permissions held by the caller. Permissions are always of the format storage.resource.capability, where resource is one of buckets, objects, or managedFolders. The supported permissions are as follows:
      # - storage.buckets.delete — Delete bucket.
      # - storage.buckets.get — Read bucket metadata.
      # - storage.buckets.getIamPolicy — Read bucket IAM policy.
      # - storage.buckets.create — Create bucket.
      # - storage.buckets.list — List buckets.
      # - storage.buckets.setIamPolicy — Update bucket IAM policy.
      # - storage.buckets.update — Update bucket metadata.
      # - storage.objects.delete — Delete object.
      # - storage.objects.get — Read object data and metadata.
      # - storage.objects.getIamPolicy — Read object IAM policy.
      # - storage.objects.create — Create object.
      # - storage.objects.list — List objects.
      # - storage.objects.setIamPolicy — Update object IAM policy.
      # - storage.objects.update — Update object metadata.
      # - storage.managedFolders.delete — Delete managed folder.
      # - storage.managedFolders.get — Read managed folder metadata.
      # - storage.managedFolders.getIamPolicy — Read managed folder IAM policy.
      # - storage.managedFolders.create — Create managed folder.
      # - storage.managedFolders.list — List managed folders.
      # - storage.managedFolders.setIamPolicy — Update managed folder IAM policy.
    "A String",
  ],
}
update(bucket, object, body=None, generation=None, ifGenerationMatch=None, ifGenerationNotMatch=None, ifMetagenerationMatch=None, ifMetagenerationNotMatch=None, overrideUnlockedRetention=None, predefinedAcl=None, projection=None, userProject=None)
Updates an object's metadata.

Args:
  bucket: string, Name of the bucket in which the object resides. (required)
  object: string, Name of the object. For information about how to URL encode object names to be path safe, see [Encoding URI Path Parts](https://cloud.google.com/storage/docs/request-endpoints#encoding). (required)
  body: object, The request body.
    The object takes the form of:

{ # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}

  generation: string, If present, selects a specific revision of this object (as opposed to the latest version, the default).
  ifGenerationMatch: string, Makes the operation conditional on whether the object's current generation matches the given value. Setting to 0 makes the operation succeed only if there are no live versions of the object.
  ifGenerationNotMatch: string, Makes the operation conditional on whether the object's current generation does not match the given value. If no live object exists, the precondition fails. Setting to 0 makes the operation succeed only if there is a live version of the object.
  ifMetagenerationMatch: string, Makes the operation conditional on whether the object's current metageneration matches the given value.
  ifMetagenerationNotMatch: string, Makes the operation conditional on whether the object's current metageneration does not match the given value.
  overrideUnlockedRetention: boolean, Must be true to remove the retention configuration, reduce its unlocked retention period, or change its mode from unlocked to locked.
  predefinedAcl: string, Apply a predefined set of access controls to this object.
    Allowed values
      authenticatedRead - Object owner gets OWNER access, and allAuthenticatedUsers get READER access.
      bucketOwnerFullControl - Object owner gets OWNER access, and project team owners get OWNER access.
      bucketOwnerRead - Object owner gets OWNER access, and project team owners get READER access.
      private - Object owner gets OWNER access.
      projectPrivate - Object owner gets OWNER access, and project team members get access according to their roles.
      publicRead - Object owner gets OWNER access, and allUsers get READER access.
  projection: string, Set of properties to return. Defaults to full.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.

Returns:
  An object of the form:

    { # An object.
  "acl": [ # Access controls on the object.
    { # An access-control entry.
      "bucket": "A String", # The name of the bucket.
      "domain": "A String", # The domain associated with the entity, if any.
      "email": "A String", # The email address associated with the entity, if any.
      "entity": "A String", # The entity holding the permission, in one of the following forms:
          # - user-userId
          # - user-email
          # - group-groupId
          # - group-email
          # - domain-domain
          # - project-team-projectId
          # - allUsers
          # - allAuthenticatedUsers Examples:
          # - The user liz@example.com would be user-liz@example.com.
          # - The group example@googlegroups.com would be group-example@googlegroups.com.
          # - To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
      "entityId": "A String", # The ID for the entity, if any.
      "etag": "A String", # HTTP 1.1 Entity tag for the access-control entry.
      "generation": "A String", # The content generation of the object, if applied to an object.
      "id": "A String", # The ID of the access-control entry.
      "kind": "storage#objectAccessControl", # The kind of item this is. For object access control entries, this is always storage#objectAccessControl.
      "object": "A String", # The name of the object, if applied to an object.
      "projectTeam": { # The project team associated with the entity, if any.
        "projectNumber": "A String", # The project number.
        "team": "A String", # The team.
      },
      "role": "A String", # The access permission for the entity.
      "selfLink": "A String", # The link to this access-control entry.
    },
  ],
  "bucket": "A String", # The name of the bucket containing this object.
  "cacheControl": "A String", # Cache-Control directive for the object data. If omitted, and the object is accessible to all anonymous users, the default will be public, max-age=3600.
  "componentCount": 42, # Number of underlying components that make up this object. Components are accumulated by compose operations.
  "contentDisposition": "A String", # Content-Disposition of the object data.
  "contentEncoding": "A String", # Content-Encoding of the object data.
  "contentLanguage": "A String", # Content-Language of the object data.
  "contentType": "A String", # Content-Type of the object data. If an object is stored without a Content-Type, it is served as application/octet-stream.
  "crc32c": "A String", # CRC32c checksum, as described in RFC 4960, Appendix B; encoded using base64 in big-endian byte order. For more information about using the CRC32c checksum, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "customTime": "A String", # A timestamp in RFC 3339 format specified by the user for an object.
  "customerEncryption": { # Metadata of customer-supplied encryption key, if the object is encrypted by such a key.
    "encryptionAlgorithm": "A String", # The encryption algorithm.
    "keySha256": "A String", # SHA256 hash value of the encryption key.
  },
  "etag": "A String", # HTTP 1.1 Entity tag for the object.
  "eventBasedHold": True or False, # Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any). One sample use case of this flag is for banks to hold loan documents for at least 3 years after loan is paid in full. Here, bucket-level retention is 3 years and the event is the loan being paid in full. In this example, these objects will be held intact for any number of years until the event has occurred (event-based hold on the object is released) and then 3 more years after that. That means retention duration of the objects begins from the moment event-based hold transitioned from true to false.
  "generation": "A String", # The content generation of this object. Used for object versioning.
  "hardDeleteTime": "A String", # This is the time (in the future) when the soft-deleted object will no longer be restorable. It is equal to the soft delete time plus the current soft delete retention duration of the bucket.
  "id": "A String", # The ID of the object, including the bucket name, object name, and generation number.
  "kind": "storage#object", # The kind of item this is. For objects, this is always storage#object.
  "kmsKeyName": "A String", # Not currently supported. Specifying the parameter causes the request to fail with status code 400 - Bad Request.
  "md5Hash": "A String", # MD5 hash of the data; encoded using base64. For more information about using the MD5 hash, see [Data Validation and Change Detection](https://cloud.google.com/storage/docs/data-validation).
  "mediaLink": "A String", # Media download link.
  "metadata": { # User-provided metadata, in key/value pairs.
    "a_key": "A String", # An individual metadata entry.
  },
  "metageneration": "A String", # The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
  "name": "A String", # The name of the object. Required if not specified by URL parameter.
  "owner": { # The owner of the object. This will always be the uploader of the object.
    "entity": "A String", # The entity, in the form user-userId.
    "entityId": "A String", # The ID for the entity.
  },
  "restoreToken": "A String", # Restore token used to differentiate deleted objects with the same name and generation. This field is only returned for deleted objects in hierarchical namespace buckets.
  "retention": { # A collection of object level retention parameters.
    "mode": "A String", # The bucket's object retention mode, can only be Unlocked or Locked.
    "retainUntilTime": "A String", # A time in RFC 3339 format until which object retention protects this object.
  },
  "retentionExpirationTime": "A String", # A server-determined value that specifies the earliest time that the object's retention period expires. This value is in RFC 3339 format. Note 1: This field is not provided for objects with an active event-based hold, since retention expiration is unknown until the hold is removed. Note 2: This value can be provided even when temporary hold is set (so that the user can reason about policy without having to first unset the temporary hold).
  "selfLink": "A String", # The link to this object.
  "size": "A String", # Content-Length of the data in bytes.
  "softDeleteTime": "A String", # The time at which the object became soft-deleted in RFC 3339 format.
  "storageClass": "A String", # Storage class of the object.
  "temporaryHold": True or False, # Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites. A common use case of this flag is regulatory investigations where objects need to be retained while the investigation is ongoing. Note that unlike event-based hold, temporary hold does not impact retention expiration time of an object.
  "timeCreated": "A String", # The creation time of the object in RFC 3339 format.
  "timeDeleted": "A String", # The time at which the object became noncurrent in RFC 3339 format. Will be returned if and only if this version of the object has been deleted.
  "timeFinalized": "A String", # The time when the object was finalized.
  "timeStorageClassUpdated": "A String", # The time at which the object's storage class was last changed. When the object is initially created, it will be set to timeCreated.
  "updated": "A String", # The modification time of the object metadata in RFC 3339 format. Set initially to object creation time and then updated whenever any metadata of the object changes. This includes changes made by a requester, such as modifying custom metadata, as well as changes made by Cloud Storage on behalf of a requester, such as changing the storage class based on an Object Lifecycle Configuration.
}
watchAll(bucket, body=None, delimiter=None, endOffset=None, includeTrailingDelimiter=None, maxResults=None, pageToken=None, prefix=None, projection=None, startOffset=None, userProject=None, versions=None)
Watch for changes on all objects in a bucket.

Args:
  bucket: string, Name of the bucket in which to look for objects. (required)
  body: object, The request body.
    The object takes the form of:

{ # An notification channel used to watch for resource changes.
  "address": "A String", # The address where notifications are delivered for this channel.
  "expiration": "A String", # Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.
  "id": "A String", # A UUID or similar unique string that identifies this channel.
  "kind": "api#channel", # Identifies this as a notification channel used to watch for changes to a resource, which is "api#channel".
  "params": { # Additional parameters controlling delivery channel behavior. Optional.
    "a_key": "A String", # Declares a new parameter by name.
  },
  "payload": True or False, # A Boolean value to indicate whether payload is wanted. Optional.
  "resourceId": "A String", # An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.
  "resourceUri": "A String", # A version-specific identifier for the watched resource.
  "token": "A String", # An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.
  "type": "A String", # The type of delivery mechanism used for this channel.
}

  delimiter: string, Returns results in a directory-like mode. items will contain only objects whose names, aside from the prefix, do not contain delimiter. Objects whose names, aside from the prefix, contain delimiter will have their name, truncated after the delimiter, returned in prefixes. Duplicate prefixes are omitted.
  endOffset: string, Filter results to objects whose names are lexicographically before endOffset. If startOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  includeTrailingDelimiter: boolean, If true, objects that end in exactly one instance of delimiter will have their metadata included in items in addition to prefixes.
  maxResults: integer, Maximum number of items plus prefixes to return in a single page of responses. As duplicate prefixes are omitted, fewer total results may be returned than requested. The service will use this parameter or 1,000 items, whichever is smaller.
  pageToken: string, A previously-returned page token representing part of the larger set of results to view.
  prefix: string, Filter results to objects whose names begin with this prefix.
  projection: string, Set of properties to return. Defaults to noAcl.
    Allowed values
      full - Include all properties.
      noAcl - Omit the owner, acl property.
  startOffset: string, Filter results to objects whose names are lexicographically equal to or after startOffset. If endOffset is also set, the objects listed will have names between startOffset (inclusive) and endOffset (exclusive).
  userProject: string, The project to be billed for this request. Required for Requester Pays buckets.
  versions: boolean, If true, lists all versions of an object as distinct results. The default is false. For more information, see [Object Versioning](https://cloud.google.com/storage/docs/object-versioning).

Returns:
  An object of the form:

    { # An notification channel used to watch for resource changes.
  "address": "A String", # The address where notifications are delivered for this channel.
  "expiration": "A String", # Date and time of notification channel expiration, expressed as a Unix timestamp, in milliseconds. Optional.
  "id": "A String", # A UUID or similar unique string that identifies this channel.
  "kind": "api#channel", # Identifies this as a notification channel used to watch for changes to a resource, which is "api#channel".
  "params": { # Additional parameters controlling delivery channel behavior. Optional.
    "a_key": "A String", # Declares a new parameter by name.
  },
  "payload": True or False, # A Boolean value to indicate whether payload is wanted. Optional.
  "resourceId": "A String", # An opaque ID that identifies the resource being watched on this channel. Stable across different API versions.
  "resourceUri": "A String", # A version-specific identifier for the watched resource.
  "token": "A String", # An arbitrary string delivered to the target address with each notification delivered over this channel. Optional.
  "type": "A String", # The type of delivery mechanism used for this channel.
}