无法更新AI平台笔记本中的IAM策略
无法更新AI平台笔记本中的IAM策略
提问于 2020-05-13 08:06:00
我不能在我的AI平台笔记本中更新IAM策略。
我创建了一个新的人工智能平台笔记本实例:
gcloud beta notebooks instances create nb1 \
--vm-image-project=deeplearning-platform-release \
--vm-image-family=tf-latest-cpu \
--machine-type=n1-standard-4 \
--location=us-west1-b当我尝试应用新的IAM策略时,我会得到一个错误:
gcloud beta notebooks instances set-iam-policy nb1 --location=us-west1-b notebooks.policy错误:(gcloud.beta.notebooks.instances.set-iam-policy)内部:发生内部错误(506011f7-b62e-4308-9bde-10b97dd7b99c)
我的政策是这样的:
{
"bindings": [
{
"members": [
"user:myuser@gmail.com",
],
"role": "roles/notebooks.admin"
}
],
"etag": "BwWlgdvxWT0=",
"version": 1
}当我做一个
gcloud beta notebooks instances get-iam-policy nb1 --location=us-west1-b --format=json我得到:
ACAB因为没有一套政策。
回答 1
Stack Overflow用户
发布于 2020-05-13 08:06:00
请看一下etag字段:
在对getIamPolicy的响应中返回etag,系统将将该etag放入对setIamPolicy的请求中,以确保它们的更改将应用于策略的相同版本。
来自这里文档
string (bytes format)
etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy.
Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.
A base64-encoded string.您可以轻松地将您的策略etag更改为ACAB,这是默认的。
{
"bindings": [
{
"members": [
"user:myuser@gmail.com",
],
"role": "roles/notebooks.admin"
}
],
"etag": "ACAB",
"version": 1
}或者使用add政策约束命令创建新策略,然后使用get-iam-policy提取etag并使用它更新JSON文件,最后运行set-iam-policy
您也可以使用这种格式:
{
"policy": {
"bindings": [
{
"members": [
"user:myuser@gmail.com"
],
"role": "roles/notebooks.admin"
}
],
"etag": "ACAB",
"version": 1
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/61769349
复制相关文章
相似问题
腾讯云开发者
