[英]Getting the error : “Retry policy did not allow for a retry” while trying to download contents from azure blob storage using the below python code
[英]Getting an error when trying to use set iam policy method in gcp to update cloud storage policy using python?
尝试将加密器解密器角色添加到存储桶服务帐户时出错。 下面是代码..知道缺少什么吗?
storage_client = storage.Client(credentials=credentials)
sa_name = storage_client.get_service_account_email("project name")
print(sa_name)
bucket = storage_client.get_bucket("bucket name")
policy = bucket.get_iam_policy(requested_policy_version=3)
policy.version = 3
policy.bindings.append({
"role": "roles/cloudkms.cryptoKeyEncrypterDecrypter",
"members": {"serviceAccount:{}".format(sa_name)}
})
bucket.set_iam_policy(policy)
**Error:** google.api_core.exceptions.BadRequest: 400 PUT https://storage.googleapis.com/storage/v1/b/bucketname/iam?prettyPrint=false: Role roles/cloudkms.cryptoKeyEncrypterDecrypter is not supported for this resource.
错误消息XYZ is not supported for this resource表示您正在尝试向不使用该权限或不提供该权限的资源(例如 KMS 密钥)授予权限(角色)的确。
在您的问题中,您尝试将权限roles/cloudkms.cryptoKeyEncrypterDecrypter授予 Google Cloud Storage bucket 。 您将逻辑颠倒过来,您将修改 KMS 资源策略,例如密钥而不是存储桶资源策略。 有关绑定到 KMS 资源的更多详细信息,请参阅以下链接:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.