Backup: Disable setting of ACL for Google uploads
Google Cloud Storage supports two types of access controls:
- Uniform bucket level access (https://cloud.google.com/storage/docs/uniform-bucket-level-access)
- Fine-grained bucket level access
When Google uniform bucket level access is enabled, uploading a backup via object storage results in the error:
Google::Apis::ClientError (invalid: Cannot use ACL API to set object policy when object policies are disabled.)
Previously the backup manager passed in public: false
, which would
cause fog-google to attempt to set the ACL of the object to
privateProject
. This must be omitted when uniform
bucket-only policy is used. This is also the default level when
fine-grained bucket level access is used, so specifying the ACL doesn't
add anything.
This mirrors what we did with gitlab-foss!26781 (merged).
Tested with:
- AWS (Minio)
- Google (uniform bucket-only policy)
- Google (fine-grained bucket-only policy)
Closes #35662 (closed)
Edited by Stan Hu