原因:com.google.api.client.googleapis.json.GoogleJsonResponseException: 412 Precondition Failed while removing bucket IAM Member
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 412 Precondition Failed while removing bucket IAM Member
为了从 google 云存储桶中删除身份,我使用了 GCP 示例存储库中提供的示例:here。我想知道我是否遗漏了什么,我有正确的云帐户根凭据以及项目所有权凭据。
政策原文如下:
Policy{
bindings={roles/storage.legacyBucketOwner=[projectOwner:myaccount],
roles/storage.objectAdmin=[serviceAccount:company-kiehn-
log@myaccount.iam.gserviceaccount.com, serviceAccount:company-hammes-
file@myaccount.iam.gserviceaccount.com, serviceAccount:company-howe-
log@myaccount.iam.gserviceaccount.com, serviceAccount:company-doyle-
log@myaccount.iam.gserviceaccount.com, serviceAccount:customer-6a53ee71-95eb-
49b2-8a@myaccount.iam.gserviceaccount.com, serviceAccount:company-kiehn-
file@myaccount.iam.gserviceaccount.com, serviceAccount:company-howe-
file@myaccount.iam.gserviceaccount.com, serviceAccount:company-satterfield-
log@myaccount.iam.gserviceaccount.com, serviceAccount:customer-0c1e8536-8bf5-
46f4-8e@myaccount.iam.gserviceaccount.com, serviceAccount:company-deckow-
log@myaccount.iam.gserviceaccount.com],
roles/storage.legacyBucketReader=[projectViewer:myaccount],
roles/storage.objectViewer=[serviceAccount:company-block-
log@myaccount.iam.gserviceaccount.com]},
etag=CGg=,
version=0}
这是我的代码片段:
读取存储桶策略并提取不需要的身份
Set<Identity> wrongIdentities = new HashSet<Identity>();
Role roler = null;
Policy p = Cache.GCSStorage.getIamPolicy("bucketxyz");
Map<Role, Set<Identity>> policyBindings = p.getBindings();
for (Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) {
Set<Identity> setidentities = entry.getValue();
for (Identity set : setidentities) {
if (!(entry.getKey().getValue()
.equals("serviceAccount:attss@myaccount.iam.gserviceaccount.com"))) {
wrongIdentities.add(set);
}
}
for (Identity identity : wrongIdentities) {
System.out.println("identity: " + identity);
System.out.println(removeBucketIamMember("bucektxyz",
roler, identity, p));
}
}
从策略中删除不需要的身份
public static Policy removeBucketIamMember(String bucketName, Role role,
Identity identity, Policy policy) {
Policy updatedPolicy = Cache.GCSStorage.setIamPolicy(bucketName,
policy.toBuilder().removeIdentity(role, identity).build());
return updatedPolicy;
但是,我看到了错误:
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 412
Precondition Failed
{
"code" : 412,
"errors" : [ {
"domain" : "global",
"location" : "If-Match",
"locationType" : "header",
"message" : "Precondition Failed",
"reason" : "conditionNotMet"
} ],
"message" : "Precondition Failed"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.interceptResponse(AbstractGoogleClientRequest.java:321)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1065)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.setIamPolicy(HttpStorageRpc.java:886)
... 9 more
修改 Cloud Storage 存储桶或对象 IAM 策略时,请务必先阅读该策略。作为策略内容的一部分是一个标签。更新后的政策必须包含相同的标签。标签看起来像:etag=CGg=
.
在这个问题中,政策更新失败,出现 HTTP 错误 412 先决条件失败。此消息是由于策略标记不正确引起的。由于策略更新会替换现有策略,因此此标记有助于防止两个更新相互覆盖。
为了从 google 云存储桶中删除身份,我使用了 GCP 示例存储库中提供的示例:here。我想知道我是否遗漏了什么,我有正确的云帐户根凭据以及项目所有权凭据。
政策原文如下:
Policy{
bindings={roles/storage.legacyBucketOwner=[projectOwner:myaccount],
roles/storage.objectAdmin=[serviceAccount:company-kiehn-
log@myaccount.iam.gserviceaccount.com, serviceAccount:company-hammes-
file@myaccount.iam.gserviceaccount.com, serviceAccount:company-howe-
log@myaccount.iam.gserviceaccount.com, serviceAccount:company-doyle-
log@myaccount.iam.gserviceaccount.com, serviceAccount:customer-6a53ee71-95eb-
49b2-8a@myaccount.iam.gserviceaccount.com, serviceAccount:company-kiehn-
file@myaccount.iam.gserviceaccount.com, serviceAccount:company-howe-
file@myaccount.iam.gserviceaccount.com, serviceAccount:company-satterfield-
log@myaccount.iam.gserviceaccount.com, serviceAccount:customer-0c1e8536-8bf5-
46f4-8e@myaccount.iam.gserviceaccount.com, serviceAccount:company-deckow-
log@myaccount.iam.gserviceaccount.com],
roles/storage.legacyBucketReader=[projectViewer:myaccount],
roles/storage.objectViewer=[serviceAccount:company-block-
log@myaccount.iam.gserviceaccount.com]},
etag=CGg=,
version=0}
这是我的代码片段:
读取存储桶策略并提取不需要的身份
Set<Identity> wrongIdentities = new HashSet<Identity>();
Role roler = null;
Policy p = Cache.GCSStorage.getIamPolicy("bucketxyz");
Map<Role, Set<Identity>> policyBindings = p.getBindings();
for (Map.Entry<Role, Set<Identity>> entry : policyBindings.entrySet()) {
Set<Identity> setidentities = entry.getValue();
for (Identity set : setidentities) {
if (!(entry.getKey().getValue()
.equals("serviceAccount:attss@myaccount.iam.gserviceaccount.com"))) {
wrongIdentities.add(set);
}
}
for (Identity identity : wrongIdentities) {
System.out.println("identity: " + identity);
System.out.println(removeBucketIamMember("bucektxyz",
roler, identity, p));
}
}
从策略中删除不需要的身份
public static Policy removeBucketIamMember(String bucketName, Role role,
Identity identity, Policy policy) {
Policy updatedPolicy = Cache.GCSStorage.setIamPolicy(bucketName,
policy.toBuilder().removeIdentity(role, identity).build());
return updatedPolicy;
但是,我看到了错误:
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 412
Precondition Failed
{
"code" : 412,
"errors" : [ {
"domain" : "global",
"location" : "If-Match",
"locationType" : "header",
"message" : "Precondition Failed",
"reason" : "conditionNotMet"
} ],
"message" : "Precondition Failed"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.interceptResponse(AbstractGoogleClientRequest.java:321)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1065)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.setIamPolicy(HttpStorageRpc.java:886)
... 9 more
修改 Cloud Storage 存储桶或对象 IAM 策略时,请务必先阅读该策略。作为策略内容的一部分是一个标签。更新后的政策必须包含相同的标签。标签看起来像:etag=CGg=
.
在这个问题中,政策更新失败,出现 HTTP 错误 412 先决条件失败。此消息是由于策略标记不正确引起的。由于策略更新会替换现有策略,因此此标记有助于防止两个更新相互覆盖。