编程语言
首页 > 编程语言> > php-批量更改Google Cloud Storage ACL权限

php-批量更改Google Cloud Storage ACL权限

作者:互联网

我一直在通过与云端存储桶直接关联的App Engine使用以下ACL属性制作文件.

$options = stream_context_create(['gs'=>['acl'=>'private']]);

如果我要编辑和查看App Engine脚本中的文件,这很好.但是,我希望能够从完全不同的Google App Engine项目ID访问这些文件.甚至是Compute Engine.

通过将当前的ACL设置为私有,我意识到这可能是不可能的.

在具有这些私有ACL文件的存储桶中,我已将存储桶许可权设置为所有者,以获取不同的Project ID,并且对于未设置为私有的文件,它可以正常工作.

我想知道是否可以将存储桶中的所有文件批量更改为正确的ACL.我有数百个文件,很难一一完成.目前,如果我单击一个文件并查看其权限,那么那里什么也没有(因此是私有的).

这就是我尝试使用gsutil从文件中获取特定ACL时得到的结果

$gsutil acl get gs://bucket/file
AccessDeniedException: Access denied. Please ensure you have OWNER permission on gs://bucket/file

这是使用gsutil ch命令添加用户组时得到的信息

$gsutil acl ch -u <project_id>@appspot.gserviceaccount.com:W gs://bucket/file
ERROR 0313 15:29:18.896421 retry_decorator.py] Retrying in 1.00 seconds ...
Traceback (most recent call last):
File "/usr/lib/google-cloud-sdk/platform/gsutil/third_party/retry-decorator/retry_decorator/retry_decorator.py", line 20, in f_retry
return f(*args, **kwargs)
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/commands/acl.py", line 372, in ApplyAclChanges
fields=['acl', 'generation', 'metageneration'])
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/cloud_api_delegator.py", line 199, in GetObjectMetadata
bucket_name, object_name, generation=generation, fields=fields)
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/gcs_json_api.py", line 513, in GetObjectMetadata
generation=generation)
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/gcs_json_api.py", line 1018, in _TranslateExceptionAndRaise
raise translated_exception
AccessDeniedException: AccessDeniedException: 403 Forbidden
ERROR 0313 15:29:19.995003 retry_decorator.py] Retrying in 2.05 seconds ...
Traceback (most recent call last):
File "/usr/lib/google-cloud-sdk/platform/gsutil/third_party/retry-decorator/retry_decorator/retry_decorator.py", line 20, in f_retry
return f(*args, **kwargs)
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/commands/acl.py", line 372, in ApplyAclChanges
fields=['acl', 'generation', 'metageneration'])
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/cloud_api_delegator.py", line 199, in GetObjectMetadata
bucket_name, object_name, generation=generation, fields=fields)
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/gcs_json_api.py", line 513, in GetObjectMetadata
generation=generation)
File "/usr/lib/google-cloud-sdk/platform/gsutil/gslib/gcs_json_api.py", line 1018, in _TranslateExceptionAndRaise
raise translated_exception
AccessDeniedException: AccessDeniedException: 403 Forbidden
AccessDeniedException: 403 Forbidden

我假设我可能必须编写一个运行在我的应用程序引擎中的php脚本,该脚本会遍历每个文件并更改或添加权限?

任何帮助将不胜感激,谢谢.

解决方法:

将ACL设置为私有,只有创建对象的AppEngine服务帐户才能修改ACL.

您可能必须使用one of the API client libraries编写程序并在AppEngine上执行.

另外,我认为默认的GCE服务帐户与AppEngine共享,因此,如果您创建具有devstorage.full_control作用域的VM,我认为您应该能够使用VM中的gsutil修改ACL.

标签:google-cloud-storage,google-app-engine,php
来源: https://codeday.me/bug/20191028/1953452.html