Reputation: 836
Django with Google Cloud Storage
I have been trying to implement Google Cloud Storage (media file uploads) for my Django app on Google App Engine using the django-storages package. I have followed all the specification given by the package. I also set the relevant policies and roles for the service account to access the storage bucket but I keep getting the error "anonymous caller does not have storage.objects.get access to the google cloud storage object." when trying to view the images in my html template.
I can only view the images in the template when I include the permission for allUsers in storage bucket settings. Does anybody know how to fix this issue without making your bucket publicly accessible.
Upvotes: 0
Views: 1617
Answers (2)
Reputation: 836
I rechecked my settings and bucket policy configs and they are all correct.I realized that by setting the bucket policy to not public accessible and to be accessed via the custom service account, I was not able to display the file on to the html (via iframe tags) using the source url "https://storage.cloud.google.com/{}/'.format(GS_BUCKET_NAME)". However, I was getting the file object in return. I read the contents of the file and base64 encoded it then rendered the files/images onto the html page and this works.Perhaps if the bucket policy is not set to public, the source url is not meant to be accessed directly or in this case only through the authorized service account.
Upvotes: 1
Reputation: 379
Please check that your credentials are correct. If you are using gsutil, check that the credentials stored in your .boto file are accurate. Also, confirm that gsutil is using the .boto file you expect by using the command gsutil version -l and checking the config path(s) entry.
And if you are using the correct credentials, are your requests being routed through a proxy, using HTTP (instead of HTTPS)? If so, check whether your proxy is configured to remove the Authorization header from such requests. If so, make sure you are using HTTPS instead of HTTP for your requests.
You can refer the Document for storage authentication
You can also validate with below points additionally:
In most cases, the default service accounts are not sufficient to read/write and sign files in GCS, so you will need to create a dedicated service account.
Create a service account.
Make sure your service account has access to the bucket and appropriate permissions.
Ensure this service account is associated to the type of compute being used (Google Compute Engine (GCE), Google Kubernetes Engine (GKE), Google Cloud Run (GCR), etc)
For development use cases, or other instances outside Google infrastructure:
-Create the key and download abc.json file.
-Ensure the key is mounted/available to your running Django app.
-Set an environment variable of GOOGLE_APPLICATION_CREDENTIALS to the
path of the json file.
Alternatively, you can use the setting GS_CREDENTIALS as described in document
django-storages
IAM permissions
Upvotes: 1
Related Questions
- Configure Django and Google Cloud Storage?
- How to use django-google-cloud-storage for GCS in Django on GAE
- configuring google cloud datastore in django project
- How can I use Google cloud Storage with django-storages
- Error using Google Cloud Storage
- How to use Google Cloud Storage in a Django app hosted on Google Compute Engine?
- Python App Engine serving files with Google Cloud Storage
- Uploading to Google Cloud Storage from Django on App Engine
- Google App Engine & Google Storage
- Google Cloud Storage using Python