Question

我有以下Perl代码：

  $response = $process->request('PATCH',
                                "https://www.googleapis.com/storage/v1/b/$Bucket/o/$EscapedName",
                                '{"content-type": "image/jpeg"}',
#                                 '{"metadata": {"Content-Type": "image/jpeg"}}',
                                {'Content-Type' => 'application/json'});
  unless ($response->is_success) {
    print "Content-Type: text/plain\n\n";
    print $response->status_line . "\n" . $response->decoded_content . "\n" ;
    exit;
  }

它产生

403 Forbidden
{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "insufficientPermissions",
    "message": "Insufficient Permission"
   }
  ],
  "code": 403,
  "message": "Insufficient Permission"
 }
}

尽管我有：

存储管理员
存储对象管理
存储对象创建者
存储对象查看器

已为我的用户启用。

为什么不起作用？

简单上传对象确实可行，但我无法设置此元数据。

Answer 1

要更新对象元数据，需要storage.objects.update权限。来自Cloud Storage IAM Permissions：

对象权限

...

storage.objects.update    Update object metadata, excluding ACLs.

但是roles/storage.objectAdmin和roles/storage.admin角色（假设您所列出的角色就是您的意思）应该已经包含了该权限，因此可能还有其他作用。来自Standard roles：

roles/storage.objectAdmin  Full control over objects, including listing,    storage.objects.*
                           creating, viewing, and deleting objects.
                           Does not grant permission to read or edit 
                           bucket metadata.
roles/storage.admin        Full control of buckets and objects.             storage.buckets.*
                           When applied to an individual bucket, control    storage.objects.*
                           only to the specified bucket and objects within
                           the bucket.

Answer 2

“对象”资源中属性的名称为contentType，您正在传递content-type：

https://cloud.google.com/storage/docs/json_api/v1/objects

编辑Google Storage对象元数据需要哪些权限？

2 个答案: