RBAC: Cannot set role-tag on /my/config

[axisofentropy]

I'm not able to use HTTP PUT to update the role-tag on /my/config.

Reproduction setup, the usual environment variables and also:

function cloudapi() {
    local now=$(date -u '+%a, %d %h %Y %H:%M:%S GMT')
    local signature=$(echo -n "$now" | openssl dgst -sha256 -sign ~/.ssh/id_rsa | openssl enc -e -a | tr -d '\n')
    local url="$SDC_URL$1"
    shift
    curl --silent --insecure \
        --header 'Accept: application/json' \
        --header "accept-version: ~8" \
        --header "Date: $now" \
        --header "Authorization: Signature keyId=\"/$SDC_ACCOUNT/keys/id_rsa\",algorithm=\"rsa-sha256\" $signature" \
        "$@" "$url"
    echo
}

Make sure keyId matches your account's key name. You may need to create an example role too.

Expected output:

$ cloudapi /my/config --request PUT --header "Content-Type: application/json" --data '{"role-tag": ["network-operator"]}'
{"name":"/$SDC_ACCOUNT/config","role-tag":["network-operator"]}

Actual output:

$ cloudapi /my/config --request PUT --header "Content-Type: application/json" --data '{"role-tag": ["network-operator"]}'
{"code":"InvalidArgument","message":"property \"default_network\": is missing and it is required"}

This server is CloudAPI version 9.3.0, apologies if this is already fixed in a newer version.

[axisofentropy]

A bit more info: This account does have a default network configured.

$ cloudapi /my/config
{"default_network":"485aea82-2556-441a-b996-76b7374a7cb8"}

Also if I specify both the existing default_network and a role_tag, I get a different error:

$ cloudapi /my/config --request PUT --header "Content-Type: application/json" --data '{"role-tag": ["network-operator"], "default_network":"485aea82-2556-441a-b996-76b7374a7cb8"}'
{"code":"InvalidArgument","message":"property \"role-tag\": unsupported property"}