Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upload fails with uniform access controls #108

Open
bindermuehle opened this issue Jan 15, 2020 · 4 comments
Open

upload fails with uniform access controls #108

bindermuehle opened this issue Jan 15, 2020 · 4 comments

Comments

@bindermuehle
Copy link

The problem is that upload fails if $options['predefinedAcl'] is set and this option is set by default on every upload
GoogleStorageAdapter line 139: protected function getOptionsFromConfig(Config $config)

error message:
"code": 400,
"message": "Cannot use ACL API to set object policy when object policies are disabled."

I don't see a clear cut path to fix this because the bucket cannot be queried for the acl type
$bucket->acl()->get() will fail with a 400 as well on a bucket with uniform access controls

The path forward is either open a bug with at https://github.com/googleapis/google-cloud-php-storage to make the type property somehow accessible.
Another option would be to catch BadRequestHttpException on $bucket->upload and try again with the acl removed. I would consider this inefficient because every request will have to be sent at least twice.

Maybe there are other options and I overlooked something.

@razvanphp
Copy link

Maybe this could be solved like this: https://github.com/googleapis/google-cloud-php/pull/2541/files

@wmather
Copy link

wmather commented Apr 20, 2020

I believe the problem is that change in google-cloud-php means $options['predefinedAcl'] should not exist if the bucket has uniform access control. There is currently no way to control this via the config, as if the visibility is unset, it defaults to sending fine-grained private visibility.

if ($visibility = $config->get('visibility')) {
$options['predefinedAcl'] = $this->getPredefinedAclForVisibility($visibility);
} else {
// if a file is created without an acl, it isn't accessible via the console
// we therefore default to private
$options['predefinedAcl'] = $this->getPredefinedAclForVisibility(AdapterInterface::VISIBILITY_PRIVATE);
}

@maelga
Copy link

maelga commented Jul 20, 2021

#114

@kublermdk
Copy link

I've gone down the path of manually updating what I needed to get this done:
https://www.kublermdk.com/2022/01/29/googlecloud-flysystem-tweaks-to-support-uniform-bucket-level-access/

I assume others of you are doing the same given this has been an issue for so long.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants