编辑 Google Storage 对象元数据需要哪些权限？

Question

我有以下 Perl 代码：

  $response = $process->request('PATCH',
                                "https://www.googleapis.com/storage/v1/b/$Bucket/o/$EscapedName",
                                '{"content-type": "image/jpeg"}',
#                                 '{"metadata": {"Content-Type": "image/jpeg"}}',
                                {'Content-Type' => 'application/json'});
  unless ($response->is_success) {
    print "Content-Type: text/plain\n\n";
    print $response->status_line . "\n" . $response->decoded_content . "\n" ;
    exit;
  }

它产生

403 Forbidden
{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "insufficientPermissions",
    "message": "Insufficient Permission"
   }
  ],
  "code": 403,
  "message": "Insufficient Permission"
 }
}

尽管我有：

• 存储管理员
• 存储对象管理
• 存储对象创建器
• 存储对象查看器

为我的用户启用。

为什么它不起作用？

简单的对象上传确实有效，但我无法设置此元数据。

Answer 1

要更新对象元数据需要storage.objects.update 权限。来自Cloud Storage IAM Permissions：

对象权限

...

storage.objects.update    Update object metadata, excluding ACLs.

但roles/storage.objectAdmin 和roles/storage.admin 角色（假设这就是您列出的角色的意思）应该已经包含该权限，因此其他可能在起作用。来自Standard roles：

roles/storage.objectAdmin  Full control over objects, including listing,    storage.objects.*
                           creating, viewing, and deleting objects.
                           Does not grant permission to read or edit 
                           bucket metadata.
roles/storage.admin        Full control of buckets and objects.             storage.buckets.*
                           When applied to an individual bucket, control    storage.objects.*
                           only to the specified bucket and objects within
                           the bucket.

Answer 2

Object 资源中的属性名称是contentType，你传递的是content-type：

https://cloud.google.com/storage/docs/json_api/v1/objects