CODEWITHSUNDEEP
google-cloud-platformgoogle-cloud-storage
Jatin
Jatin

Reputation: 14269

GCP cloud storage: 403-Forbidden while executing `Storage.BucketAccessControls.List` request

I am trying to list ACLs for Google cloud storage buckets using the Java client. I am creating the client like this:

  // create client
  GoogleCredential credential = GoogleCredential.fromStream(jsonCredentialsString));

  if(credential.createScopedRequired()) {
    credential = credential.createScoped(StorageScopes.all());
  }

  HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
  JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

  return new Storage.Builder(httpTransport, jsonFactory, credential)
      .setApplicationName("app")
      .build();

Now using this client I get 200 OK to execute Buckets.List request but I get a 403 error while running the Storage.BucketAccessControls.List request.

I am using service account credentials. This is the error I get 

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Forbidden",
    "reason" : "forbidden"
  } ],
  "message" : "Forbidden"
}

What is the correct way to authenticate requests in this case?

Upvotes: 2

Views: 21903

Answers (1)

Robert Lacok
Robert Lacok

Reputation: 4324

Your code is fine. What is causing the 403 are the permissions of your service account. Have a look at how you can authenticate for Storage using IAM. You can also do it on resource level (bucket-by-bucket) to allow for a more granular access.

Basically, to allow any API call to Storage, you can give it a Storage Admin role. The easiest way to do it is by navigating to Console-IAM & Admin.

Upvotes: 5

Related Questions