使用统一存储分区级访问权限

转到概念

本页面介绍了如何对 Cloud Storage 的存储分区启用和停用统一存储分区级访问权限,以及如何检查该功能的状态。

前提条件

在 Cloud Storage 中使用此功能之前,您应该:

  1. 具备足够的权限来查看和更新 Cloud Storage 中的存储分区:

    • 如果您拥有存储分区所属的项目,则您很可能具备所需的权限。

    • 您应对相关存储分区具有 storage.buckets.updatestorage.buckets.get IAM 权限。如需了解如何获取具有这些权限的角色(例如 Storage Admin),请参阅使用 IAM 权限

检查 ACL 使用情况

启用统一存储分区级访问权限之前,请使用 Cloud Monitoring 确保您的存储分区没有将 ACL 用于任何工作流。如需了解详情,请参阅检查对象 ACL 的使用情况

控制台

如需使用 Metrics Explorer 查看受监控资源的指标,请执行以下操作:

  1. 在 Google Cloud Console 导航窗格中,选择 Monitoring
    转到 Google Cloud Console

    如果这是您第一次为了查看此 Google Cloud 项目的详细信息而访问 Cloud Monitoring,则 Cloud Monitoring 会创建一个工作区。通常,此过程会自动进行,并在几分钟内完成。如果系统提示您选择工作区或创建工作区,请选择“创建”。

  2. 在 Monitoring 导航窗格中,点击 Metrics Explorer
  3. 确保所选标签页为指标
  4. 点击 Find resource type and metric 对应的框,然后从菜单中选择或者输入资源和指标的名称。使用以下信息填写此文本框的各个字段:
    1. 对于 Resource,选择或输入 gcs_bucket
    2. 对于 Metric,选择或输入 ACLs usage
    此受监控资源的完全限定名称为 storage.googleapis.com/authz/acl_operations_count
  5. 使用过滤条件分组依据聚合器 (Aggregator) 菜单修改数据的显示方式。例如,如需按存储分区和 ACL 操作对数据进行分组,请针对分组依据选择 acl_operation 并针对聚合器 (Aggregator) 选择 sum。如需了解详情,请参阅选择指标

如需查看可用于 Cloud Storage 的指标的完整列表,请参阅 storage。如需了解时间序列,请参阅指标、时间序列和资源

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 使用 cURL 调用 Monitoring JSON API:

    curl \
    'https://monitoring.googleapis.com/v3/projects/PROJECT_ID/timeSeries?filter=metric.type%20%3D%20%22storage.googleapis.com%2Fauthz%2Facl_operations_count%22&interval.endTime=END_TIME&interval.startTime=START_TIME' \
    --header 'Authorization: Bearer OAUTH2_TOKEN' \
    --header 'Accept: application/json'
    

    其中:

    • PROJECT_ID 是您要查看其 ACL 使用情况的项目 ID 或编号,例如 my-project
    • END_TIME 是您要查看其 ACL 使用情况的时间范围的结束时间,例如 2019-11-02T15:01:23.045123456Z
    • START_TIME 是您要查看其 ACL 使用情况的时间范围的开始时间,例如 2016-10-02T15:01:23.045123456Z
    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。

如果请求返回空对象 {},则说明您的项目最近没有使用 ACL。

启用统一存储分区级访问权限

如需对您的存储分区启用统一存储分区级访问权限,请执行以下操作:

控制台

  1. 在 Google Cloud Console 中打开 Cloud Storage 浏览器。
    打开 Cloud Storage 浏览器
  2. 在存储分区列表中,点击所需存储分区的名称。

  3. 选择页面顶部附近的权限标签页。

  4. 在以此存储分区使用精细访问权限控制...开头的文本框中,点击修改

  5. 在出现的弹出式菜单中,选择统一

  6. 点击保存

请参阅问题排查,了解如何获取有关 Cloud Storage 浏览器中失败操作的详细错误信息。

gsutil

uniformbucketlevelaccess set 命令中使用 on 选项:

gsutil uniformbucketlevelaccess set on gs://BUCKET_NAME

其中,BUCKET_NAME 为相关存储分区的名称。例如 my-bucket

如果成功,响应将如下所示:

Enabling uniform bucket-level access for gs://test-bucket/...

代码示例

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = google::cloud::storage;
using google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  gcs::BucketIamConfiguration configuration;
  configuration.uniform_bucket_level_access =
      gcs::UniformBucketLevelAccess{true, {}};
  StatusOr<gcs::BucketMetadata> updated_metadata = client.PatchBucket(
      bucket_name, gcs::BucketMetadataPatchBuilder().SetIamConfiguration(
                       std::move(configuration)));

  if (!updated_metadata) {
    throw std::runtime_error(updated_metadata.status().message());
  }

  std::cout << "Successfully enabled Uniform Bucket Level Access on bucket "
            << updated_metadata->name() << "\n";
}

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档

        private void EnableUniformBucketLevelAccess(string bucketName)
        {
            var storage = StorageClient.Create();
            var bucket = storage.GetBucket(bucketName);
            bucket.IamConfiguration.UniformBucketLevelAccess.Enabled = true;
            bucket = storage.UpdateBucket(bucket, new UpdateBucketOptions()
            {
                // Use IfMetagenerationMatch to avoid race conditions.
                IfMetagenerationMatch = bucket.Metageneration,
            });

            Console.WriteLine($"Uniform bucket-level access was enabled for {bucketName}.");
        }

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

ctx := context.Background()

bucket := c.Bucket(bucketName)
enableUniformBucketLevelAccess := storage.BucketAttrsToUpdate{
	UniformBucketLevelAccess: &storage.UniformBucketLevelAccess{
		Enabled: true,
	},
}
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
if _, err := bucket.Update(ctx, enableUniformBucketLevelAccess); err != nil {
	return err
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档

// Instantiate a Google Cloud Storage client
Storage storage = StorageOptions.getDefaultInstance().getService();

// The name of a bucket, e.g. "my-bucket"
// String bucketName = "my-bucket";

BucketInfo.IamConfiguration iamConfiguration =
    BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build();
Bucket bucket =
    storage.update(
        BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build());

System.out.println("Uniform bucket-level access was enabled for " + bucketName);

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// const bucketName = 'Name of a bucket, e.g. my-bucket';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

// Enables uniform bucket-level access for the bucket
async function enableUniformBucketLevelAccess() {
  await storage.bucket(bucketName).setMetadata({
    iamConfiguration: {
      uniformBucketLevelAccess: {
        enabled: true,
      },
    },
  });

  console.log(`Uniform bucket-level access was enabled for ${bucketName}.`);
}

enableUniformBucketLevelAccess().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Enable uniform bucket-level access.
 *
 * @param string $bucketName Name of your Google Cloud Storage bucket.
 *
 * @return void
 */
function enable_uniform_bucket_level_access($bucketName)
{
    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $bucket->update([
        'iamConfiguration' => [
            'uniformBucketLevelAccess' => [
                'enabled' => true
            ],
        ]
    ]);
    printf('Uniform bucket-level access was enabled for %s' . PHP_EOL, $bucketName);
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def enable_uniform_bucket_level_access(bucket_name):
    """Enable uniform bucket-level access for a bucket"""
    # bucket_name = "my-bucket"

    storage_client = storage.Client()
    bucket = storage_client.get_bucket(bucket_name)

    bucket.iam_configuration.uniform_bucket_level_access_enabled = True
    bucket.patch()

    print(
        "Uniform bucket-level access was enabled for {}.".format(bucket.name)
    )

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

# bucket_name = "Name of your Google Cloud Storage bucket"

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket  = storage.bucket bucket_name

bucket.uniform_bucket_level_access = true

puts "Uniform bucket-level access was enabled for #{bucket_name}."

REST API

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 创建一个包含以下信息的 .json 文件:

    {
      "iamConfiguration": {
          "uniformBucketLevelAccess": {
            "enabled": true
          }
      }
    }
  3. 使用 cURL,通过 PATCH Bucket 请求调用 JSON API:

    curl -X PATCH --data-binary @JSON_FILE_NAME.json \
    -H "Authorization: Bearer OAUTH2_TOKEN" \
    -H "Content-Type: application/json" \
    "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    其中:

    • JSON_FILE_NAME 是您在第 2 步中创建的文件的名称。
    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。
    • BUCKET_NAME 是相关存储分区的名称,例如 my-bucket

XML API

XML API 不能用于处理统一存储分区级访问权限。请使用其他 Cloud Storage 工具,例如 gsutil。

查看统一存储分区级访问权限状态

控制台

  1. 在 Google Cloud Console 中打开 Cloud Storage 浏览器。
    打开 Cloud Storage 浏览器
  2. 列显示选项菜单 (列选项图标。) 中,确保选中访问权限控制

  3. 在存储分区列表中,您可以在访问权限控制列中找到每个存储分区的统一存储分区级访问权限状态。

请参阅问题排查,了解如何获取有关 Cloud Storage 浏览器中失败操作的详细错误信息。

gsutil

使用 uniformbucketlevelaccess get 命令:

gsutil uniformbucketlevelaccess get gs://BUCKET_NAME

其中,BUCKET_NAME 为相关存储分区的名称。例如 my-bucket

如果启用了统一存储分区级访问权限,则响应将类似于如下所示:

Uniform bucket-level access setting for gs://my-bucket/:
    Enabled: True
    LockedTime: LOCK_DATE 

代码示例

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = google::cloud::storage;
using google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  StatusOr<gcs::BucketMetadata> bucket_metadata =
      client.GetBucketMetadata(bucket_name);

  if (!bucket_metadata) {
    throw std::runtime_error(bucket_metadata.status().message());
  }

  if (bucket_metadata->has_iam_configuration() &&
      bucket_metadata->iam_configuration()
          .uniform_bucket_level_access.has_value()) {
    gcs::UniformBucketLevelAccess uniform_bucket_level_access =
        *bucket_metadata->iam_configuration().uniform_bucket_level_access;

    std::cout << "Uniform Bucket Level Access is enabled for "
              << bucket_metadata->name() << "\n";
    std::cout << "Bucket will be locked on " << uniform_bucket_level_access
              << "\n";
  } else {
    std::cout << "Uniform Bucket Level Access is not enabled for "
              << bucket_metadata->name() << "\n";
  }
}

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档

        private void GetUniformBucketLevelAccess(string bucketName)
        {
            var storage = StorageClient.Create();
            var bucket = storage.GetBucket(bucketName);
            var uniformBucketLevelAccess = bucket.IamConfiguration.UniformBucketLevelAccess;

            bool? enabledOrNull = uniformBucketLevelAccess?.Enabled;
            bool uniformBucketLevelAccessEnabled =
                enabledOrNull.HasValue ? enabledOrNull.Value : false;
            if (uniformBucketLevelAccessEnabled)
            {
                Console.WriteLine($"Uniform bucket-level access is enabled for {bucketName}.");
                Console.WriteLine(
                    $"Uniform bucket-level access will be locked on {uniformBucketLevelAccess.LockedTime}.");
            }
            else
            {
                Console.WriteLine($"Uniform bucket-level access is not enabled for {bucketName}.");
            }
        }

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

ctx := context.Background()

ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
attrs, err := c.Bucket(bucketName).Attrs(ctx)
if err != nil {
	return nil, err
}
uniformBucketLevelAccess := attrs.UniformBucketLevelAccess
if uniformBucketLevelAccess.Enabled {
	log.Printf("Uniform bucket-level access is enabled for %q.\n",
		attrs.Name)
	log.Printf("Bucket will be locked on %q.\n",
		uniformBucketLevelAccess.LockedTime)
} else {
	log.Printf("Uniform bucket-level access is not enabled for %q.\n",
		attrs.Name)
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档

// Instantiate a Google Cloud Storage client
Storage storage = StorageOptions.getDefaultInstance().getService();

// The name of a bucket, e.g. "my-bucket"
// String bucketName = "my-bucket";

Bucket bucket = storage.get(bucketName, BucketGetOption.fields(BucketField.IAMCONFIGURATION));
BucketInfo.IamConfiguration iamConfiguration = bucket.getIamConfiguration();

Boolean enabled = iamConfiguration.isUniformBucketLevelAccessEnabled();
Date lockedTime = new Date(iamConfiguration.getUniformBucketLevelAccessLockedTime());

if (enabled != null && enabled) {
  System.out.println("Uniform bucket-level access is enabled for " + bucketName);
  System.out.println("Bucket will be locked on " + lockedTime);
} else {
  System.out.println("Uniform bucket-level access is disabled for " + bucketName);
}

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// const bucketName = 'Name of a bucket, e.g. my-bucket';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

async function getUniformBucketLevelAccess() {
  // Gets Bucket Metadata and checks if uniform bucket-level access is enabled.
  const [metadata] = await storage.bucket(bucketName).getMetadata();

  if (metadata.iamConfiguration) {
    const uniformBucketLevelAccess =
      metadata.iamConfiguration.uniformBucketLevelAccess;
    console.log(`Uniform bucket-level access is enabled for ${bucketName}.`);
    console.log(
      `Bucket will be locked on ${uniformBucketLevelAccess.lockedTime}.`
    );
  } else {
    console.log(
      `Uniform bucket-level access is not enabled for ${bucketName}.`
    );
  }
}

getUniformBucketLevelAccess().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Enable uniform bucket-level access.
 *
 * @param string $bucketName Name of your Google Cloud Storage bucket.
 *
 * @return void
 */
function get_uniform_bucket_level_access($bucketName)
{
    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $bucketInformation = $bucket->info();
    $ubla = $bucketInformation['iamConfiguration']['uniformBucketLevelAccess'];
    if ($ubla['enabled']) {
        printf('Uniform bucket-level access is enabled for %s' . PHP_EOL, $bucketName);
        printf('Uniform bucket-level access will be locked on %s' . PHP_EOL, $ubla['LockedTime']);
    } else {
        printf('Uniform bucket-level access is disabled for %s' . PHP_EOL, $bucketName);
    }
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def get_uniform_bucket_level_access(bucket_name):
    """Get uniform bucket-level access for a bucket"""
    # bucket_name = "my-bucket"

    storage_client = storage.Client()
    bucket = storage_client.get_bucket(bucket_name)
    iam_configuration = bucket.iam_configuration

    if iam_configuration.uniform_bucket_level_access_enabled:
        print(
            "Uniform bucket-level access is enabled for {}.".format(
                bucket.name
            )
        )
        print(
            "Bucket will be locked on {}.".format(
                iam_configuration.uniform_bucket_level_locked_time
            )
        )
    else:
        print(
            "Uniform bucket-level access is disabled for {}.".format(
                bucket.name
            )
        )

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

# bucket_name = "Name of your Google Cloud Storage bucket"

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket  = storage.bucket bucket_name

if bucket.uniform_bucket_level_access?
  puts "Uniform bucket-level access is enabled for #{bucket_name}."
  puts "Bucket will be locked on #{bucket.uniform_bucket_level_access_locked_at}."
else
  puts "Uniform bucket-level access is disabled for #{bucket_name}."
end

REST API

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 使用 cURL,通过包含所需 fieldsGET Bucket 请求调用 JSON API:

    curl -X GET -H "Authorization: Bearer OAUTH2_TOKEN" \
    "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    其中:

    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。
    • BUCKET_NAME 是相关存储分区的名称,例如 my-bucket

    如果存储分区启用了统一存储分区级访问权限,则响应将类似于如下所示:

    {
      "iamConfiguration": {
          "uniformBucketLevelAccess": {
            "enabled": true,
            "lockedTime": "LOCK_DATE"
          }
        }
      }

XML API

XML API 不能用于处理统一存储分区级访问权限。请使用其他 Cloud Storage 工具,例如 gsutil。

停用统一存储分区级访问权限

您必须先从存储分区的 IAM 政策中移除所有 IAM 条件,然后才能停用统一存储分区级访问权限。

如需对您的存储分区停用统一存储分区级访问权限,请执行以下操作:

控制台

  1. 在 Google Cloud Console 中打开 Cloud Storage 浏览器。
    打开 Cloud Storage 浏览器
  2. 在存储分区列表中,点击所需存储分区的名称。

  3. 选择页面顶部附近的权限标签页。

  4. 在以此存储分区使用统一访问权限控制...开头的文本框中,点击修改。请注意,该文本框会在启用统一存储分区级访问权限后的 90 天内消失。

  5. 在出现的弹出式菜单中,选择精细

  6. 点击保存

请参阅问题排查,了解如何获取有关 Cloud Storage 浏览器中失败操作的详细错误信息。

gsutil

uniformbucketlevelaccess set 命令中使用 off 选项:

gsutil uniformbucketlevelaccess set off gs://BUCKET_NAME

其中,BUCKET_NAME 为相关存储分区的名称。例如 my-bucket

如果成功,响应将如下所示:

Disabling uniform bucket-level access for gs://my-bucket/...

代码示例

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = google::cloud::storage;
using google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  gcs::BucketIamConfiguration configuration;
  configuration.uniform_bucket_level_access =
      gcs::UniformBucketLevelAccess{false, {}};
  StatusOr<gcs::BucketMetadata> updated_metadata = client.PatchBucket(
      bucket_name, gcs::BucketMetadataPatchBuilder().SetIamConfiguration(
                       std::move(configuration)));

  if (!updated_metadata) {
    throw std::runtime_error(updated_metadata.status().message());
  }

  std::cout << "Successfully disabled Uniform Bucket Level Access on bucket "
            << updated_metadata->name() << "\n";
}

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档

        private void DisableUniformBucketLevelAccess(string bucketName)
        {
            var storage = StorageClient.Create();
            var bucket = storage.GetBucket(bucketName);
            bucket.IamConfiguration.UniformBucketLevelAccess.Enabled = false;
            /** THIS IS A WORKAROUND */
            bucket.IamConfiguration.BucketPolicyOnly.Enabled = false;
            /** THIS IS A WORKAROUND */
            bucket = storage.UpdateBucket(bucket, new UpdateBucketOptions()
            {
                // Use IfMetagenerationMatch to avoid race conditions.
                IfMetagenerationMatch = bucket.Metageneration,
            });

            Console.WriteLine($"Uniform bucket-level access was disabled for {bucketName}.");
        }

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

ctx := context.Background()

bucket := c.Bucket(bucketName)
disableUniformBucketLevelAccess := storage.BucketAttrsToUpdate{
	UniformBucketLevelAccess: &storage.UniformBucketLevelAccess{
		Enabled: false,
	},
}
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
if _, err := bucket.Update(ctx, disableUniformBucketLevelAccess); err != nil {
	return err
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档

// Instantiate a Google Cloud Storage client
Storage storage = StorageOptions.getDefaultInstance().getService();

// The name of a bucket, e.g. "my-bucket"
// String bucketName = "my-bucket";

BucketInfo.IamConfiguration iamConfiguration =
    BucketInfo.IamConfiguration.newBuilder()
        .setIsUniformBucketLevelAccessEnabled(false)
        .build();
Bucket bucket =
    storage.update(
        BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build());

System.out.println("Uniform bucket-level access was disabled for " + bucketName);

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// const bucketName = 'Name of a bucket, e.g. my-bucket';
// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();
async function disableUniformBucketLevelAccess() {
  // Disables uniform bucket-level access for the bucket
  await storage.bucket(bucketName).setMetadata({
    iamConfiguration: {
      uniformBucketLevelAccess: {
        enabled: false,
      },
    },
  });

  console.log(`Uniform bucket-level access was disabled for ${bucketName}.`);
}

disableUniformBucketLevelAccess().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Enable uniform bucket-level access.
 *
 * @param string $bucketName Name of your Google Cloud Storage bucket.
 *
 * @return void
 */
function disable_uniform_bucket_level_access($bucketName)
{
    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $bucket->update([
        'iamConfiguration' => [
            'uniformBucketLevelAccess' => [
                'enabled' => false
            ],
        ]
    ]);
    printf('Uniform bucket-level access was disabled for %s' . PHP_EOL, $bucketName);
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def disable_uniform_bucket_level_access(bucket_name):
    """Disable uniform bucket-level access for a bucket"""
    # bucket_name = "my-bucket"

    storage_client = storage.Client()
    bucket = storage_client.get_bucket(bucket_name)

    bucket.iam_configuration.uniform_bucket_level_access_enabled = False
    bucket.patch()

    print(
        "Uniform bucket-level access was disabled for {}.".format(bucket.name)
    )

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

# bucket_name = "Name of your Google Cloud Storage bucket"

require "google/cloud/storage"

storage = Google::Cloud::Storage.new
bucket  = storage.bucket bucket_name

bucket.uniform_bucket_level_access = false

puts "Uniform bucket-level access was disabled for #{bucket_name}."

REST API

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 创建一个包含以下信息的 .json 文件:

    {
      "iamConfiguration": {
          "uniformBucketLevelAccess": {
            "enabled": false
          }
      }
    }
  3. 使用 cURL,通过 PATCH Bucket 请求调用 JSON API:

    curl -X PATCH --data-binary @JSON_FILE_NAME.json \
    -H "Authorization: Bearer OAUTH2_TOKEN" \
    -H "Content-Type: application/json" \
    "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    其中:

    • JSON_FILE_NAME 是您在第 2 步中创建的文件的名称。
    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。
    • BUCKET_NAME 是相关存储分区的名称,例如 my-bucket

XML API

XML API 不能用于处理统一存储分区级访问权限。请使用其他 Cloud Storage 工具,例如 gsutil。

后续步骤