Backup: Disable setting of ACL for Google uploads (!20407) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-disable-google-backup-acl into master Nov 19, 2019

Google Cloud Storage supports two types of access controls:

Uniform bucket level access (https://cloud.google.com/storage/docs/uniform-bucket-level-access)
Fine-grained bucket level access

When Google uniform bucket level access is enabled, uploading a backup via object storage results in the error:

Google::Apis::ClientError (invalid: Cannot use ACL API to set object policy when object policies are disabled.)

Previously the backup manager passed in public: false, which would cause fog-google to attempt to set the ACL of the object to privateProject. This must be omitted when uniform bucket-only policy is used. This is also the default level when fine-grained bucket level access is used, so specifying the ACL doesn't add anything.

This mirrors what we did with gitlab-foss!26781 (merged).

Tested with:

AWS (Minio)
Google (uniform bucket-only policy)
Google (fine-grained bucket-only policy)

Closes #35662 (closed)

Edited Nov 19, 2019 by Stan Hu

Backup: Disable setting of ACL for Google uploads

Merge request reports