Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue Removing Last IAM Member from Bucket #1210

Closed
ep-tpat opened this issue Nov 9, 2017 · 3 comments
Closed

Issue Removing Last IAM Member from Bucket #1210

ep-tpat opened this issue Nov 9, 2017 · 3 comments

Comments

@ep-tpat
Copy link

ep-tpat commented Nov 9, 2017

In which file did you encounter the issue?

python-docs-samples/storage/cloud-client/iam.py

Did you change the file? If so, how?

No

Describe the issue

I'm trying to create a script that will remove all permissions on a bucket. The issue I'm running into is when trying to run the code below when it is the last permission/member assigned to the bucket. I have the traceback below, which is pointing to the "bucket.set_iam_policy(policy)". It seems the function errors out when there is no permission/member left when trying to set the policy. Is there a fix for this?

def remove_bucket_iam_member(bucket_name, role, member):
storage_client = storage.Client()
bucket = storage_client.bucket(bucket_name)
policy = bucket.get_iam_policy()
policy[role].discard(member)
bucket.set_iam_policy(policy)
print('Removed {} with role {} from {}.'.format(
member, role, bucket_name))

Traceback (most recent call last):
File "/Users/epost/Library/Preferences/PyCharmCE2017.2/scratches/scratch_2.py", line 54, in
remove_bucket_reader(bucketname)
File "/Users/epost/Library/Preferences/PyCharmCE2017.2/scratches/scratch_2.py", line 47, in remove_bucket_reader
bucket.set_iam_policy(policy)
File "/Users/epost/Python-Env/gcpenvironment/lib/python3.5/site-packages/google/cloud/storage/bucket.py", line 1194, in set_iam_policy
_target_object=None)
File "/Users/epost/Python-Env/gcpenvironment/lib/python3.5/site-packages/google/cloud/_http.py", line 293, in api_request
raise exceptions.from_http_response(response)
google.api.core.exceptions.BadRequest: 400 PUT https://www.googleapis.com/storage/v1/b/tpat-1/iam: Must specify one or more bindings in an IAM policy.

Process finished with exit code 1
@ep-tpat
Copy link
Author

ep-tpat commented Dec 20, 2017

Hello, it's been nearly 6 weeks since this issue was opened. I'm hoping to get a response so we can work toward a solution.

I'm simply trying to use the "remove_bucket_iam_member" function to remove legacy permissions on a bucket. However, when the final legacy permission is removed, the command "bucket.set_iam_policy" breaks and throws an error (it also doesn't remove the final legacy permission).

Please let me know what additional information is needed in order to get this fixed.

Thank you for your help, Eric

@theacodes
Copy link
Contributor

Hey @ep-tpat, sorry for the slow response (Holidays.)

It seems this is an issue with the library itself, would you mind filing an issue over on GoogleCloudPlatform/google-cloud-python?

(I can file one for you if you want)

@ep-tpat ep-tpat mentioned this issue Jan 2, 2018
Closed
@ep-tpat
Copy link
Author

ep-tpat commented Jan 2, 2018

@jonparrott, the issue has been recreated. Thanks for your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theacodes @ep-tpat