Merge pull request #3107 from eleith/do-not-require-bucket-permissions-for-init

do not require gs bucket permissions to init repository
This commit is contained in:
Alexander Neumann 2020-11-18 16:53:45 +01:00 committed by GitHub
commit 75eff92b56
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions

View file

@ -0,0 +1,10 @@
Bugfix: Do not require gs bucket permissions when running init
Restic used to require bucket level permissions for the gs backend
in order to initialize a restic repository.
It now allows a gs service account to initialize a repository if the
bucket does exist and the service account has permissions to write/read
to that bucket.
https://github.com/restic/restic/issues/3100

View file

@ -136,6 +136,11 @@ func Create(cfg Config, rt http.RoundTripper) (restic.Backend, error) {
ctx := context.Background()
exists, err := be.bucketExists(ctx, be.bucket)
if err != nil {
if e, ok := err.(*googleapi.Error); ok && e.Code == http.StatusForbidden {
// the bucket might exist!
// however, the client doesn't have storage.bucket.get permission
return be, nil
}
return nil, errors.Wrap(err, "service.Buckets.Get")
}