CODEWITHSUNDEEP
google-cloud-storagegoogle-oauth
Etibar - a tea bar
Etibar - a tea bar

Reputation: 1962

Accessing Google Cloud Storage from Grails Application

from grails application I would like to create a blob in bucket. I already created bucket in google cloud, created service account and gave owner access to the bucket to the same service account. Later created service account key project-id-c4b144.json and it holds all the credentials. 

StorageOptions storageOptions = StorageOptions.newBuilder()
                            .setCredentials(ServiceAccountCredentials
                            .fromStream(new FileInputStream("/home/etibar/Downloads/project-id-c4b144.json"))) // setting credentials
                            .setProjectId("project-id") //setting project id, in reality it is different
                            .build()
                    Storage storage=storageOptions.getService()
                    BlobId blobId = BlobId.of("dispatching-photos", "blob_name")
                    BlobInfo blobInfo = BlobInfo.newBuilder(blobId).setContentType("text/plain").build()
                    Blob blob = storage.create(blobInfo, "Hello, Cloud Storage!".getBytes(StandardCharsets.UTF_8))

When I run this code, I get a json error message back. 

Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "Caller does not have storage.objects.create access to bucket dispatching-photos.",
    "reason" : "forbidden"
  } ],
  "message" : "Caller does not have storage.objects.create access to bucket dispatching-photos."
}

| Grails Version: 3.2.10 | Groovy Version: 2.4.10 | JVM Version: 1.8.0_131

google-cloud-datastore:1.2.1

google-auth-library-oauth2-http:0.7.1

google-cloud-storage:1.2.2

Upvotes: 1

Views: 311

Answers (1)

mhouglum
mhouglum

Reputation: 2593

Concerning the service account that json file corresponds to -- I'm betting either:

A) the bucket you're trying to access is owned by a different project than the one where you have that account set as a storage admin

or B) you're setting permissions for a different service account than what that json file corresponds to

Upvotes: 1

Related Questions