lemon-monkey-228
01/26/2022, 1:18 PMorange-policeman-59119
01/28/2022, 7:47 PMprojects.IAMPolicy
will be authoritative for the entire GCP project and all buckets under it. I think that's best practice.
if you mean ACLs on the bucket, which I think is confusingly also called IAM in the cloud console, we have a storage.BucketACL
and storage.ObjectACL
, though I think you may need to experiment to see how that interacts with IAMPolicy.lemon-monkey-228
01/31/2022, 9:57 AMgoogle-native
and my issues were (IIRC) that I had to get the current IAM policy for the bucket, make any changes (ie. append an allusers
entry), then apply that back to the bucket.
But, I couldn't figure out how to do this after the bucket was created as these calls simply ran ever time, and would throw an exception if the bucket did not already exist.
I tried with some .then
calls (in attempts to make a dependency graph) but I wasn't sure how to do it, and the only way I made this succeed was to create the bucket with 1 run then add the ACL change in later runorange-policeman-59119
01/31/2022, 5:24 PM