This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Filestore - Access Control List edit doesn't work in GCP Console

Posted on 06-25-2022 06:37 AM
usergcp
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi all,

I'm trying to update the Access Control List session in Filestore console. When I save it, I receive the confirmation that the changes have been updated but it is not true.

Refreshing the page, the initial configuration is displayed. Also in the Activity Log, the Firestore update log reports the initial configuration and not the updates.

Is anyone experiencing the same issue? 

1 6 728
Topic Labels
6 REPLIES 6

Posted on --/--/---- --:-- AM
Clouds
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Check your permission settings while monitoring your list? https://cloud.google.com/filestore/docs/access-control

Cloud

0 Likes

Posted on --/--/---- --:-- AM
Clouds
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

IAM permissions only control access to Filestore operations, like creating a Filestore instance. To control access to operations on the file share, like read or execute, use POSIX file permissions.

0 Likes

Posted on --/--/---- --:-- AM
usergcp
Bronze 2
Bronze 2
In response to Clouds
Reply posted on --/--/---- --:-- AM

Thank you Clouds for your feedback.

The issue is related the possibility to edit the IP-based access control rules from console (https://cloud.google.com/filestore/docs/editing-instances#instructions_for_editing_an_instance .  Until 2 weeks ago, from GCP console, it was possible change the list of servers (for example add an additional server) and the type of access rule (for example from Admin to Edit). From last week, it is not working , the console show a popup indicating the "filestore was updated" but in reality the changes are not saved.

Posted on --/--/---- --:-- AM
Clouds
Bronze 4
Bronze 4
In response to usergcp
Reply posted on --/--/---- --:-- AM

Look at the IAM roles and permissions, see the Using Firestore roles perhaps this might help you on updating your list if I'm not mistaken?

Posted on --/--/---- --:-- AM
usergcp
Bronze 2
Bronze 2
In response to Clouds
Reply posted on --/--/---- --:-- AM

Thank you.

I verified and I have the required roles/permissions. I tested also with "Project Owner" . 

The additional evidence that is not a permission/role issue is that two weeks ago, without any other changes, it was possible to edit the list. 

I will try to use gcloud command to verify if it can be restricted to a Console limitation or if it is a general behavior .

Thank you.

 

Posted on --/--/---- --:-- AM
usergcp
Bronze 2
Bronze 2
In response to usergcp
Reply posted on --/--/---- --:-- AM

Hi,

only to update on gcloud command test. The "IP-based access control rules" can be updated via gcloud (https://cloud.google.com/sdk/gcloud/reference/beta/filestore/instances/update ). 

The issue seems to be restricted to the GCP console. For some reason it is no longer possible to update the "IP-based access control" rules via console.

Top Labels in this Space
Top Solution Authors
View all