Unable to create bucket in google cloud

Question

I want to create bucket in google cloud with Python.

My service account key has the following format:

{
  "type": "service_account",
  "project_id": "project-15891817892",
  "private_key_id": "89347sdjlf56khk",
  "private_key": "-----BEGIN PRIVATE KEY-----\nabcdefghi==\n-----END PRIVATE KEY-----\n",
  "client_email": "starting-account-dslkfjal983475sd@project-15891817892.iam.gserviceaccount.com",
  "client_id": "729387492879034579812",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/starting-account-dslkfjal983475sd%40project-15891817892.iam.gserviceaccount.com"
}

I have added the following roles:

Actions Admin
AutoML Admin
Bigtable Administrator
Cloud Data Fusion Admin
Service Account Admin
Owner
Cloud Run Admin
Service Broker Admin
Service Usage Admin
Storage Admin
Storage HMAC Key Admin
Storage Object Admin
Storage Object Creator
Storage Transfer Admi

Here is the python code:

from google.cloud import storage
import os
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = r'C:\project-934875sddklf32.json'
storage_client = storage.Client()
bucket_name = 'data'
bucket = storage_client.create_bucket(bucket_name)

However, I received the following error:

Traceback (most recent call last):
  File "<pyshell#29>", line 1, in <module>
    list_buckets()
  File "C:\gcloud\test.py", line 109, in list_buckets
    for bucket in buckets:
  File "C:\Program Files\Python37\lib\site-packages\google\api_core\page_iterator.py", line 204, in _items_iter
    for page in self._page_iter(increment=False):
  File "C:\Program Files\Python37\lib\site-packages\google\api_core\page_iterator.py", line 235, in _page_iter
    page = self._next_page()
  File "C:\Program Files\Python37\lib\site-packages\google\api_core\page_iterator.py", line 361, in _next_page
    response = self._get_next_page_response()
  File "C:\Program Files\Python37\lib\site-packages\google\api_core\page_iterator.py", line 411, in _get_next_page_response
    method=self._HTTP_METHOD, path=self.path, query_params=params
  File "C:\Program Files\Python37\lib\site-packages\google\cloud\_http.py", line 393, in api_request
    raise exceptions.from_http_response(response)
google.api_core.exceptions.Forbidden: 403 GET https://www.googleapis.com/storage/v1/b?project-89324y9sdhfks&projection=noAcl: starting-account-934875dlkjfls@project-jsdlkjf9ulsj.iam.gserviceaccount.com does not have storage.buckets.list access to project 2093472972.

Why does this error occur and how to solve it?

Answer 1

Look at your error message

google.api_core.exceptions.Forbidden: 403 GET https://www.googleapis.com/storage/v1/b?project-89324y9sdhfks&projection=noAcl: starting-account-934875dlkjfls@project-jsdlkjf9ulsj.iam.gserviceaccount.com does not have storage.buckets.list access to project 2093472972.

Note the project name:

https://www.googleapis.com/storage/v1/b?project-89324y9sdhfks&

It's not the same as your service account key file: project-15891817892

Your issue is the following: In your environment (cloud shell (I tested on it) or your computer) you have a default project defined in gcloud SDK. You can see it with this command: gcloud config list

You have 2 solutions to solve this:

• When you create your client, add the project name

storage_client = storage.Client('<your project id>')

• When you run your script, be sure that gcloud SDK don't have defined default project, run this:

gcloud config unset project

Your current code works in blank environment (like in a docker container) but not in a dev environment with predefined default project

UPDATE

The bucket name must be globally unique, among all customer of GCP. data bucket name is too common. Try something unique with naming convention or by prefixing by your projectId.