使用统一存储分区级访问权限

转到概念

本页面介绍了如何对 Cloud Storage 的存储分区启用和停用统一存储分区级访问权限,以及如何检查该功能的状态。

前提条件

在 Cloud Storage 中使用此功能之前,您应该:

  1. 具备足够的权限来查看和更新 Cloud Storage 中的存储分区:

    • 如果您拥有存储分区所属的项目,则您很可能具备所需的权限。

    • 您应对相关存储分区具有 storage.buckets.updatestorage.buckets.get IAM 权限。如需了解如何获取具有这些权限的角色(例如 Storage Admin),请参阅使用 IAM 权限

检查 ACL 使用情况

启用统一存储分区级访问权限之前,请使用 Cloud Monitoring 确保您的存储分区没有将 ACL 用于任何工作流。如需了解详情,请参阅检查对象 ACL 的使用情况

控制台

如需使用 Metrics Explorer 查看受监控资源的指标,请按照以下步骤操作:

  1. 在 Google Cloud Console 中,转到 Monitoring 页面。

    转至 Resources

  2. 在 Monitoring 导航窗格中,点击 Metrics Explorer
  3. 选择配置标签页,然后输入或选择资源类型指标。在各字段中填写以下信息:
    1. 对于 Resource,选择或输入 gcs_bucket
    2. 对于 Metric,选择或输入 ACLs usage
    此受监控资源的完全限定名称为 storage.googleapis.com/authz/acl_operations_count
  4. (可选)如需配置数据的查看方式,请使用过滤条件分组依据聚合器菜单。 例如,如需按存储分区和 ACL 操作对数据进行分组,请针对 Group By 选择 acl_operation 并针对 Aggregator 选择 sum。如需了解详情,请参阅选择指标

如需查看可用于 Cloud Storage 的指标的完整列表,请参阅 storage。如需了解时间序列,请参阅指标、时间序列和资源

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 使用 cURL 调用 Monitoring JSON API:

    curl \
    'https://monitoring.googleapis.com/v3/projects/PROJECT_ID/timeSeries?filter=metric.type%20%3D%20%22storage.googleapis.com%2Fauthz%2Facl_operations_count%22&interval.endTime=END_TIME&interval.startTime=START_TIME' \
    --header 'Authorization: Bearer OAUTH2_TOKEN' \
    --header 'Accept: application/json'
    

    其中:

    • PROJECT_ID 是您要查看其 ACL 使用情况的项目 ID 或编号,例如 my-project
    • END_TIME 是您要查看其 ACL 使用情况的时间范围的结束时间,例如 2019-11-02T15:01:23.045123456Z
    • START_TIME 是您要查看其 ACL 使用情况的时间范围的开始时间,例如 2016-10-02T15:01:23.045123456Z
    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。

如果请求返回空对象 {},则说明您的项目最近没有使用 ACL。

启用统一存储分区级访问权限

如需对您的存储分区启用统一存储分区级访问权限,请执行以下操作:

控制台

  1. 在 Google Cloud Console 中,转到 Cloud Storage 浏览器页面。

    转到浏览器

  2. 在存储分区列表中,点击所需存储分区的名称。

  3. 选择页面顶部附近的权限标签。

  4. 在名为访问权限控制的文本框中,点击切换到统一权限

  5. 在出现的弹出式菜单中,选择统一

  6. 点击保存

如需了解如何获取有关 Cloud Storage 浏览器中失败操作的详细错误信息,请参阅问题排查

gsutil

uniformbucketlevelaccess set 命令中使用 on 选项:

gsutil uniformbucketlevelaccess set on gs://BUCKET_NAME

其中,BUCKET_NAME 为相关存储分区的名称。例如 my-bucket

如果成功,响应将如下所示:

Enabling uniform bucket-level access for gs://test-bucket/...

代码示例

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  gcs::BucketIamConfiguration configuration;
  configuration.uniform_bucket_level_access =
      gcs::UniformBucketLevelAccess{true, {}};
  StatusOr<gcs::BucketMetadata> updated_metadata = client.PatchBucket(
      bucket_name, gcs::BucketMetadataPatchBuilder().SetIamConfiguration(
                       std::move(configuration)));

  if (!updated_metadata) {
    throw std::runtime_error(updated_metadata.status().message());
  }

  std::cout << "Successfully enabled Uniform Bucket Level Access on bucket "
            << updated_metadata->name() << "\n";
}

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档


using Google.Apis.Storage.v1.Data;
using Google.Cloud.Storage.V1;
using System;

public class EnableUniformBucketLevelAccessSample
{
    public Bucket EnableUniformBucketLevelAccess(string bucketName = "your-unique-bucket-name")
    {
        var storage = StorageClient.Create();
        var bucket = storage.GetBucket(bucketName);
        bucket.IamConfiguration.UniformBucketLevelAccess.Enabled = true;
        bucket = storage.UpdateBucket(bucket);

        Console.WriteLine($"Uniform bucket-level access was enabled for {bucketName}.");
        return bucket;
    }
}

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

ctx := context.Background()

bucket := c.Bucket(bucketName)
enableUniformBucketLevelAccess := storage.BucketAttrsToUpdate{
	UniformBucketLevelAccess: &storage.UniformBucketLevelAccess{
		Enabled: true,
	},
}
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
if _, err := bucket.Update(ctx, enableUniformBucketLevelAccess); err != nil {
	return err
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档

// Instantiate a Google Cloud Storage client
Storage storage = StorageOptions.getDefaultInstance().getService();

// The name of a bucket, e.g. "my-bucket"
// String bucketName = "my-bucket";

BucketInfo.IamConfiguration iamConfiguration =
    BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build();
Bucket bucket =
    storage.update(
        BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build());

System.out.println("Uniform bucket-level access was enabled for " + bucketName);

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

// Enables uniform bucket-level access for the bucket
async function enableUniformBucketLevelAccess() {
  await storage.bucket(bucketName).setMetadata({
    iamConfiguration: {
      uniformBucketLevelAccess: {
        enabled: true,
      },
    },
  });

  console.log(`Uniform bucket-level access was enabled for ${bucketName}.`);
}

enableUniformBucketLevelAccess().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Enable uniform bucket-level access.
 *
 * @param string $bucketName The name of your Cloud Storage bucket.
 */
function enable_uniform_bucket_level_access($bucketName)
{
    // $bucketName = 'my-bucket';

    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $bucket->update([
        'iamConfiguration' => [
            'uniformBucketLevelAccess' => [
                'enabled' => true
            ],
        ]
    ]);
    printf('Uniform bucket-level access was enabled for %s' . PHP_EOL, $bucketName);
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def enable_uniform_bucket_level_access(bucket_name):
    """Enable uniform bucket-level access for a bucket"""
    # bucket_name = "my-bucket"

    storage_client = storage.Client()
    bucket = storage_client.get_bucket(bucket_name)

    bucket.iam_configuration.uniform_bucket_level_access_enabled = True
    bucket.patch()

    print(
        "Uniform bucket-level access was enabled for {}.".format(bucket.name)
    )

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

def enable_uniform_bucket_level_access bucket_name:
  # The ID of your GCS bucket
  # bucket_name = "your-unique-bucket-name"

  require "google/cloud/storage"

  storage = Google::Cloud::Storage.new
  bucket  = storage.bucket bucket_name

  bucket.uniform_bucket_level_access = true

  puts "Uniform bucket-level access was enabled for #{bucket_name}."
end

REST API

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 创建一个包含以下信息的 .json 文件:

    {
      "iamConfiguration": {
          "uniformBucketLevelAccess": {
            "enabled": true
          }
      }
    }
  3. 使用 cURL,通过 PATCH Bucket 请求调用 JSON API:

    curl -X PATCH --data-binary @JSON_FILE_NAME.json \
    -H "Authorization: Bearer OAUTH2_TOKEN" \
    -H "Content-Type: application/json" \
    "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    其中:

    • JSON_FILE_NAME 是您在第 2 步中创建的文件的名称。
    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。
    • BUCKET_NAME 是相关存储分区的名称,例如 my-bucket

XML API

XML API 不能用于处理统一存储分区级访问权限。请改用其他 Cloud Storage 工具,例如 gsutil。

查看统一存储分区级访问权限状态

控制台

  1. 在 Google Cloud Console 中,转到 Cloud Storage 浏览器页面。

    转到浏览器

  2. 列显示选项菜单 (列选项图标。) 中,确保选中访问权限控制

  3. 在存储分区列表中,您可以在访问权限控制列中找到每个存储分区的统一存储分区级访问权限状态。

如需了解如何获取有关 Cloud Storage 浏览器中失败操作的详细错误信息,请参阅问题排查

gsutil

使用 uniformbucketlevelaccess get 命令:

gsutil uniformbucketlevelaccess get gs://BUCKET_NAME

其中,BUCKET_NAME 为相关存储分区的名称。例如 my-bucket

如果启用了统一存储分区级访问权限,则响应将类似于如下所示:

Uniform bucket-level access setting for gs://my-bucket/:
    Enabled: True
    LockedTime: LOCK_DATE 

代码示例

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  StatusOr<gcs::BucketMetadata> bucket_metadata =
      client.GetBucketMetadata(bucket_name);

  if (!bucket_metadata) {
    throw std::runtime_error(bucket_metadata.status().message());
  }

  if (bucket_metadata->has_iam_configuration() &&
      bucket_metadata->iam_configuration()
          .uniform_bucket_level_access.has_value()) {
    gcs::UniformBucketLevelAccess uniform_bucket_level_access =
        *bucket_metadata->iam_configuration().uniform_bucket_level_access;

    std::cout << "Uniform Bucket Level Access is enabled for "
              << bucket_metadata->name() << "\n";
    std::cout << "Bucket will be locked on " << uniform_bucket_level_access
              << "\n";
  } else {
    std::cout << "Uniform Bucket Level Access is not enabled for "
              << bucket_metadata->name() << "\n";
  }
}

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档


using Google.Cloud.Storage.V1;
using System;
using static Google.Apis.Storage.v1.Data.Bucket.IamConfigurationData;

public class GetUniformBucketLevelAccessSample
{
    public UniformBucketLevelAccessData GetUniformBucketLevelAccess(
        string bucketName = "your-unique-bucket-name")
    {
        var storage = StorageClient.Create();
        var bucket = storage.GetBucket(bucketName);
        var uniformBucketLevelAccess = bucket.IamConfiguration.UniformBucketLevelAccess;

        bool uniformBucketLevelAccessEnabled = uniformBucketLevelAccess.Enabled ?? false;
        if (uniformBucketLevelAccessEnabled)
        {
            Console.WriteLine($"Uniform bucket-level access is enabled for {bucketName}.");
            Console.WriteLine(
                $"Uniform bucket-level access will be locked on {uniformBucketLevelAccess.LockedTime}.");
        }
        else
        {
            Console.WriteLine($"Uniform bucket-level access is not enabled for {bucketName}.");
        }
        return uniformBucketLevelAccess;
    }
}

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

ctx := context.Background()

ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
attrs, err := c.Bucket(bucketName).Attrs(ctx)
if err != nil {
	return nil, err
}
uniformBucketLevelAccess := attrs.UniformBucketLevelAccess
if uniformBucketLevelAccess.Enabled {
	log.Printf("Uniform bucket-level access is enabled for %q.\n",
		attrs.Name)
	log.Printf("Bucket will be locked on %q.\n",
		uniformBucketLevelAccess.LockedTime)
} else {
	log.Printf("Uniform bucket-level access is not enabled for %q.\n",
		attrs.Name)
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档

// Instantiate a Google Cloud Storage client
Storage storage = StorageOptions.getDefaultInstance().getService();

// The name of a bucket, e.g. "my-bucket"
// String bucketName = "my-bucket";

Bucket bucket = storage.get(bucketName, BucketGetOption.fields(BucketField.IAMCONFIGURATION));
BucketInfo.IamConfiguration iamConfiguration = bucket.getIamConfiguration();

Boolean enabled = iamConfiguration.isUniformBucketLevelAccessEnabled();
Date lockedTime = new Date(iamConfiguration.getUniformBucketLevelAccessLockedTime());

if (enabled != null && enabled) {
  System.out.println("Uniform bucket-level access is enabled for " + bucketName);
  System.out.println("Bucket will be locked on " + lockedTime);
} else {
  System.out.println("Uniform bucket-level access is disabled for " + bucketName);
}

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

async function getUniformBucketLevelAccess() {
  // Gets Bucket Metadata and checks if uniform bucket-level access is enabled.
  const [metadata] = await storage.bucket(bucketName).getMetadata();

  if (metadata.iamConfiguration) {
    const uniformBucketLevelAccess =
      metadata.iamConfiguration.uniformBucketLevelAccess;
    console.log(`Uniform bucket-level access is enabled for ${bucketName}.`);
    console.log(
      `Bucket will be locked on ${uniformBucketLevelAccess.lockedTime}.`
    );
  } else {
    console.log(
      `Uniform bucket-level access is not enabled for ${bucketName}.`
    );
  }
}

getUniformBucketLevelAccess().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Enable uniform bucket-level access.
 *
 * @param string $bucketName The name of your Cloud Storage bucket.
 */
function get_uniform_bucket_level_access($bucketName)
{
    // $bucketName = 'my-bucket';

    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $bucketInformation = $bucket->info();
    $ubla = $bucketInformation['iamConfiguration']['uniformBucketLevelAccess'];
    if ($ubla['enabled']) {
        printf('Uniform bucket-level access is enabled for %s' . PHP_EOL, $bucketName);
        printf('Uniform bucket-level access will be locked on %s' . PHP_EOL, $ubla['LockedTime']);
    } else {
        printf('Uniform bucket-level access is disabled for %s' . PHP_EOL, $bucketName);
    }
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def get_uniform_bucket_level_access(bucket_name):
    """Get uniform bucket-level access for a bucket"""
    # bucket_name = "my-bucket"

    storage_client = storage.Client()
    bucket = storage_client.get_bucket(bucket_name)
    iam_configuration = bucket.iam_configuration

    if iam_configuration.uniform_bucket_level_access_enabled:
        print(
            "Uniform bucket-level access is enabled for {}.".format(
                bucket.name
            )
        )
        print(
            "Bucket will be locked on {}.".format(
                iam_configuration.uniform_bucket_level_locked_time
            )
        )
    else:
        print(
            "Uniform bucket-level access is disabled for {}.".format(
                bucket.name
            )
        )

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

def get_uniform_bucket_level_access bucket_name:
  # The ID of your GCS bucket
  # bucket_name = "your-unique-bucket-name"

  require "google/cloud/storage"

  storage = Google::Cloud::Storage.new
  bucket  = storage.bucket bucket_name

  if bucket.uniform_bucket_level_access?
    puts "Uniform bucket-level access is enabled for #{bucket_name}."
    puts "Bucket will be locked on #{bucket.uniform_bucket_level_access_locked_at}."
  else
    puts "Uniform bucket-level access is disabled for #{bucket_name}."
  end
end

REST API

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 使用 cURL,通过包含所需 fieldsGET Bucket 请求调用 JSON API:

    curl -X GET -H "Authorization: Bearer OAUTH2_TOKEN" \
    "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    其中:

    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。
    • BUCKET_NAME 是相关存储分区的名称,例如 my-bucket

    如果存储分区启用了统一存储分区级访问权限,则响应将类似于如下所示:

    {
      "iamConfiguration": {
          "uniformBucketLevelAccess": {
            "enabled": true,
            "lockedTime": "LOCK_DATE"
          }
        }
      }

XML API

XML API 不能用于处理统一存储分区级访问权限。请改用其他 Cloud Storage 工具,例如 gsutil。

停用统一存储分区级访问权限

您必须先从存储分区的 IAM 政策中移除所有 IAM 条件,然后才能停用统一存储分区级访问权限。

如需对您的存储分区停用统一存储分区级访问权限,请执行以下操作:

控制台

  1. 在 Google Cloud Console 中,转到 Cloud Storage 浏览器页面。

    转到浏览器

  2. 在存储分区列表中,点击所需存储分区的名称。

  3. 选择页面顶部附近的权限标签。

  4. 在名为访问权限控制的文本框中,点击切换到精细控制权限。请注意,该文本框会在启用统一存储分区级访问权限后的 90 天内消失。

  5. 在出现的弹出式菜单中,选择精细

  6. 点击保存

如需了解如何获取有关 Cloud Storage 浏览器中失败操作的详细错误信息,请参阅问题排查

gsutil

uniformbucketlevelaccess set 命令中使用 off 选项:

gsutil uniformbucketlevelaccess set off gs://BUCKET_NAME

其中,BUCKET_NAME 为相关存储分区的名称。例如 my-bucket

如果成功,响应将如下所示:

Disabling uniform bucket-level access for gs://my-bucket/...

代码示例

C++

如需了解详情,请参阅 Cloud Storage C++ API 参考文档

namespace gcs = ::google::cloud::storage;
using ::google::cloud::StatusOr;
[](gcs::Client client, std::string const& bucket_name) {
  gcs::BucketIamConfiguration configuration;
  configuration.uniform_bucket_level_access =
      gcs::UniformBucketLevelAccess{false, {}};
  StatusOr<gcs::BucketMetadata> updated_metadata = client.PatchBucket(
      bucket_name, gcs::BucketMetadataPatchBuilder().SetIamConfiguration(
                       std::move(configuration)));

  if (!updated_metadata) {
    throw std::runtime_error(updated_metadata.status().message());
  }

  std::cout << "Successfully disabled Uniform Bucket Level Access on bucket "
            << updated_metadata->name() << "\n";
}

C#

如需了解详情,请参阅 Cloud Storage C# API 参考文档


using Google.Apis.Storage.v1.Data;
using Google.Cloud.Storage.V1;
using System;

public class DisableUniformBucketLevelAccessSample
{
    public Bucket DisableUniformBucketLevelAccess(string bucketName = "your-unique-bucket-name")
    {
        var storage = StorageClient.Create();
        var bucket = storage.GetBucket(bucketName);
        bucket.IamConfiguration.UniformBucketLevelAccess.Enabled = false;
        bucket.IamConfiguration.BucketPolicyOnly.Enabled = false;
        bucket = storage.UpdateBucket(bucket);

        Console.WriteLine($"Uniform bucket-level access was disabled for {bucketName}.");
        return bucket;
    }
}

Go

如需了解详情,请参阅 Cloud Storage Go API 参考文档

ctx := context.Background()

bucket := c.Bucket(bucketName)
disableUniformBucketLevelAccess := storage.BucketAttrsToUpdate{
	UniformBucketLevelAccess: &storage.UniformBucketLevelAccess{
		Enabled: false,
	},
}
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
if _, err := bucket.Update(ctx, disableUniformBucketLevelAccess); err != nil {
	return err
}

Java

如需了解详情,请参阅 Cloud Storage Java API 参考文档

// Instantiate a Google Cloud Storage client
Storage storage = StorageOptions.getDefaultInstance().getService();

// The name of a bucket, e.g. "my-bucket"
// String bucketName = "my-bucket";

BucketInfo.IamConfiguration iamConfiguration =
    BucketInfo.IamConfiguration.newBuilder()
        .setIsUniformBucketLevelAccessEnabled(false)
        .build();
Bucket bucket =
    storage.update(
        BucketInfo.newBuilder(bucketName).setIamConfiguration(iamConfiguration).build());

System.out.println("Uniform bucket-level access was disabled for " + bucketName);

Node.js

如需了解详情,请参阅 Cloud Storage Node.js API 参考文档

/**
 * TODO(developer): Uncomment the following lines before running the sample.
 */
// The ID of your GCS bucket
// const bucketName = 'your-unique-bucket-name';

// Imports the Google Cloud client library
const {Storage} = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();
async function disableUniformBucketLevelAccess() {
  // Disables uniform bucket-level access for the bucket
  await storage.bucket(bucketName).setMetadata({
    iamConfiguration: {
      uniformBucketLevelAccess: {
        enabled: false,
      },
    },
  });

  console.log(`Uniform bucket-level access was disabled for ${bucketName}.`);
}

disableUniformBucketLevelAccess().catch(console.error);

PHP

如需了解详情,请参阅 Cloud Storage PHP API 参考文档

use Google\Cloud\Storage\StorageClient;

/**
 * Enable uniform bucket-level access.
 *
 * @param string $bucketName The name of your Cloud Storage bucket.
 */
function disable_uniform_bucket_level_access($bucketName)
{
    // $bucketName = 'my-bucket';

    $storage = new StorageClient();
    $bucket = $storage->bucket($bucketName);
    $bucket->update([
        'iamConfiguration' => [
            'uniformBucketLevelAccess' => [
                'enabled' => false
            ],
        ]
    ]);
    printf('Uniform bucket-level access was disabled for %s' . PHP_EOL, $bucketName);
}

Python

如需了解详情,请参阅 Cloud Storage Python API 参考文档

from google.cloud import storage

def disable_uniform_bucket_level_access(bucket_name):
    """Disable uniform bucket-level access for a bucket"""
    # bucket_name = "my-bucket"

    storage_client = storage.Client()
    bucket = storage_client.get_bucket(bucket_name)

    bucket.iam_configuration.uniform_bucket_level_access_enabled = False
    bucket.patch()

    print(
        "Uniform bucket-level access was disabled for {}.".format(bucket.name)
    )

Ruby

如需了解详情,请参阅 Cloud Storage Ruby API 参考文档

def disable_uniform_bucket_level_access bucket_name:
  # The ID of your GCS bucket
  # bucket_name = "your-unique-bucket-name"

  require "google/cloud/storage"

  storage = Google::Cloud::Storage.new
  bucket  = storage.bucket bucket_name

  bucket.uniform_bucket_level_access = false

  puts "Uniform bucket-level access was disabled for #{bucket_name}."
end

REST API

JSON API

  1. OAuth 2.0 Playground 获取授权访问令牌。将 Playground 配置为使用您自己的 OAuth 凭据。
  2. 创建一个包含以下信息的 .json 文件:

    {
      "iamConfiguration": {
          "uniformBucketLevelAccess": {
            "enabled": false
          }
      }
    }
  3. 使用 cURL,通过 PATCH Bucket 请求调用 JSON API:

    curl -X PATCH --data-binary @JSON_FILE_NAME.json \
    -H "Authorization: Bearer OAUTH2_TOKEN" \
    -H "Content-Type: application/json" \
    "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=iamConfiguration"

    其中:

    • JSON_FILE_NAME 是您在第 2 步中创建的文件的名称。
    • OAUTH2_TOKEN 是您在第 1 步中生成的访问令牌。
    • BUCKET_NAME 是相关存储分区的名称,例如 my-bucket

XML API

XML API 不能用于处理统一存储分区级访问权限。请改用其他 Cloud Storage 工具,例如 gsutil。

后续步骤