Reputation: 61
Gcloud ApiError: Insufficient Permission even when the same API wrote the file to Storage
I'm at a loss here. My node code successfully uploaded files to gcloud Storage but can't seem to make the file public or even change the acl.
Fact is that the file was written in gcloud storage, but can't make the same file Public.
The error returned is
{ [ApiError: Insufficient Permission] errors: [ { domain: 'global', reason: 'insufficientPermissions', message: 'Insufficient Permission' } ], code: 403, message: 'Insufficient Permission', response: undefined }
Here's my code (assume that this code is within a STREAM ergo the stdout.pipe)
var gcs = GLOBAL.gcloud.storage();
var bucket = gcs.bucket(GLOBAL.storage_names.products);
var file = bucket.file('images/'+targetValue+'_'+filename);
stdout.pipe(file.createWriteStream())
.on('error', function(err) {
var msg = {
"status":"Error"
"err":err
};
console.log(msg);
})
.on('finish', function() {
// The file upload is complete.
console.log("Successfully uploaded "+targetValue+'_'+filename);
file.acl.add({
entity: 'allUsers',
role: gcs.acl.READER_ROLE
}, function(err, aclObject) {
if(err==null)
{
//stream upload file
file.makePublic();
}else{
console.log("ERROR in ACL Adding");
console.log(err)
}
});
file.makePublic(function(err, apiResponse) {
if(err==null)
{
console.log("File made public");
}else{
console.log("make public error");
console.log(err);
}
});
});
Upvotes: 3
Views: 1561
Answers (1)
Reputation: 5995
While the code doesn't show the problem outright, this may help: WRITER bucket permission can create objects, but you need OWNER object permission to change ACLs on existing objects. Also, the creator of an object isn't automatically granted OWNER object permission (even if they are an OWNER of the bucket) - if you don't specify a predefined ACL when you create the object, Google Cloud Storage always applies the bucket's default object ACL to the newly created object.
So two possible fixes are (1) set the default object ACL on the bucket ahead of time to include your application credentials as OWNER or (2) provide a predefined ACL (such as 'publicRead') at object creation time instead of changing it afterward.
Upvotes: 4
Related Questions
- Write file and then upload to cloud storage - NodeJS
- The caller does not have permission when attempting to use Google Cloud Storage within Cloud Run
- Google cloud Storage ApiError: Required
- Is it possible to write directly to a file hosted in gcp using nodejs
- Google Cloud Storage "invalid upload request" error. Bad request
- Google Cloud Storage - insufficient permission
- google-cloud-storage permission denied in google-app-engine standard
- Create and Share Bucket in gcloud storage using Node.js Client
- Google Cloud Platform file to node server via gcloud
- How to set Google Cloud Storage ACLs with gcloud-node?