GCloud gcsfuse permission denied

Question

Anyone successfully using gcsfuse?

I've tried to remove all default permission to the bucket, and setup a service account:

 gcloud auth activate-service-account to activate serviceaccname

And then running:

gcsfuse --debug_gcs --foreground cloudbuckethere /backup

gcs: Req 0x0: -> ListObjects() (307.880239ms): googleapi: Error 403: xxxxxx-compute@developer.gserviceaccount.com does not have storage.objects.list access

It's weird that it's complaining that the user xxxxx-compute which is not my activated service account:

gcloud auth list

Does show my current service account is active...

I've also granted admin owner, admin object owner, write object, read object to the bucket to my serviceaccname.

If I grant xxxxx-compute to my bucket with all the permission, including legacy permissions, listing seems to work. but writing any file to the directory failed with:

googleapi: Error 403: Insufficient Permission, insufficientPermissions

Anyone have any luck?

Answer 1

I found a solution, not sure if this is a good solution, but it works.

Setup a service account and download the JSON file.

Grant access to the bucket as bucket admin with the above service account name.

Then run add into environment variable, pointing to the path to the service JSON file.

GOOGLE_APPLICATION_CREDENTIALS=/path-to-json/gcloud.json gcsfuse --debug_gcs --foreground bucketname /path-to-mount

Also take note that it may uses large amount of space in the tmp directory by default. Adding flag:

... --temp-dir=/someotherpath

Will really helps if you have limited space in /tmp.