gcloud Firestore import: PERMISSION_DENIED

Question

I am trying to import a bucket containing a Firestore database export into antoher Firebase project. I have been following this guide on how to do this.

When running the gcloud firestore import, I run into the following issue:

ERROR: (gcloud.firestore.import) PERMISSION_DENIED: Service account does not have access to Google Cloud Storage file: /bucket/EXPORT_PREFIX.overall_export_metadata. See https://cloud.google.com/datastore/docs/export-import-entities#permissions for a list of permissions needed. Error details: service-XXX@gcp-sa-firestore.iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket.

I did however use the following command to grant access to the bucket:

gsutil iam ch serviceAccount:SOURCE_PROJECTID@appspot.gserviceaccount.com:admin gs://bucket_name

This did not give me any error whatsoever, so I assume it ran as expected. I triple checked and believe I was working in the correct projects while using these commands.

I think that perhaps the import command is ran with another service account than SOURCE_PROJECTID@appspot.gserviceaccount.com:admin, but am unsure about this or on how to ensure the correct service account is being used.

Any help on resolving this would be highly appreciated! :)

DazWilkin · Accepted Answer

The error message appears to include the Service Account in question:

Error details:
service-XXX@gcp-sa-firestore.iam.gserviceaccount.com
does not have storage.buckets.get access to the Google Cloud Storage bucket.

I think you need to:

gsutil iam ch \
serviceAccount:[service-XXX]@gcp-sa-firestore.iam.gserviceaccount.com:objectViewer \
gs://[bucket-name]

Replacing [service-XXX] and [bucket-name]

gcloud Firestore import: PERMISSION_DENIED

Answers (2)

Related Questions