Score:2

Server

googleapi: Error 403: [email protected] does not have storage.objects.get access to the Google Cloud Storage object

neuberfran

12/2/22, 9:53 PM

I stay trying my project based on this: https://github.com/GoogleCloudPlatform/iot-smart-home-cloud

My issue is:

cloudfunctions.googleapis.com google.cloud.functions.v1.CloudFunctionsService.UpdateFunction projects/casaminha-2e0ca/locations/us-central1/functions/syncOnRemove [email protected] Build failed: could not resolve source: googleapi: Error 403: [email protected] does not have storage.objects.get access to the Google Cloud Storage object., forbidden com.google.net.rpc3.client.RpcClientException: APPLICATION_ERROR;google.devtools.cloudbuild.v1/ArgoAdminV1.CreateBuild;could not resolve source: googleapi: Error 403: [email protected] does not have storage.objects.get access to the Google Cloud Storage object., forbidden;AppErrorCode=3;StartTimeMs=999999999999540;unknown;ResFormat=AUTOMATIC;ServerTimeSec=0.999999999999999;LogBytes=256;Non-

I deleted in 27/jul/2021 cloud build or cloud run (I don't use cloud run in my project) I deleted in GCP console. I thought that was what was giving credential error in my action project on google. Then I started to receive the current error.

I remember that the service account I deleted was associated with google controller only (there was a question mark there)

I think the gcf command will rebuild this. But not sure if this is correct. And I also don't know how to use gcf-sources-<PROJECT_NUMBER>-

I stay trying actions on google, using firestore and GCP.

commands:

firebase --project casaminha-2e0ca functions:config:set cloudiot.region=us-central1

firebase --project casaminha-2e0ca functions:config:set smarthome.id=567617xxxxxxxxxxxxxx9r9upjxxxxxxx0t.apps.googleusercontent.com smarthome.secret=D99999999999

firebase --project casaminha-2e0ca functions:config:set smarthome.key="99999999"

firebase deploy --project casaminha-2e0ca

THis is my project in github:https://github.com/neuberfran/firebasefunction

This is my issueTracker: https://issuetracker.google.com/issues/194942955?pli=1

Can you help

1308

1 + 0

google-cloud-storage

google-cloud-platform

Score:2

Server

JM Gelilio

12/3/22, 4:00 AM

When you are using the Cloud Function the Cloud Build API must be enabled in order to deploy your Cloud Function, it's well documented in the tutorial(Before you begin). The Cloud Build Service Account will automatically generate when you enable the Cloud Build service in your Google Cloud project and it looks like:

[PROJECT-ID]@cloudbuild.gserviceaccount.com

Regarding this:

I deleted in 27/jul/2021 cloud build or cloud run (I don't use cloud run in my project) I deleted in GCP console

Please note, deleting Service Account:

When you delete a service account, applications will no longer have access to Google Cloud resources through that service account.

And based on your issue tracker, it seems the solution is to recover your deleted Service Account. The deleted Service account can recover within 30 days. To undelete or recover, you must find the the numeric ID or ACCOUNT_ID for the deleted service account that you can get in Cloud Logging/Log Explorer, here is the tutorial.

Once you have obtained the numeric ID or the ACCOUNT_ID, run the following in your CLI or Cloud Shell or Cloud SDK:

gcloud beta iam service-accounts undelete ACCOUNT_ID

output:

restoredAccount:
  email: SA_NAME@PROJECT_ID.iam.gserviceaccount.com
  etag: BwWWE7zpApg=
  name: projects/PROJECT_ID/serviceAccounts/SA_NAME@PROJECT_ID.iam.gserviceaccount.com
  oauth2ClientId: '123456789012345678901'
  projectId: PROJECT_ID
  uniqueId: 'ACCOUNT_ID'

UPDATE:

The root cause of the error was missing the `Cloud Build Service Account` permission and it was solved by adding this permission.

0 + 5

neuberfran

12/3/22, 6:01 PM

tks. But not solved yet. I put this: resource.type="service_account" resource.labels.email_id="[email protected]" "DeleteServiceAccount" and this: gcloud beta iam service-accounts undelete 2716495694158255 and the result was not satisfactory. How to solve? https://drive.google.com/drive/folders/1fqX5r9GY09a2zZbsoGbxQZ_6eY9JTSTw?usp=sharing

neuberfran

12/3/22, 7:03 PM

About this part.: [PROJECT-ID]@cloudbuild.gserviceaccount.com (according to the pictures on google drive) I see important differences between the project that is the reason for this thread and another project (which has another type of error). Differences that point to the solution of my issue https://drive.google.com/drive/folders/1oLIU1tDprVIw3rzM8OBpsRwx7ChVdLWp

JM Gelilio

12/3/22, 8:58 PM

Don't use a new project, use the project where you deleted your service account. Before running the undelete command, make sure that you set a Google Cloud project on your CLI using `gcloud config set project [PROJECT_ID]`.

neuberfran

12/4/22, 11:52 PM

Solved. But I didn't have to undelete in service (or anything else from the GCP) that I might have deleted. The google drive images were critical for me to see the difference between 1 new and what was missing in my GCP/AOG service in the GCP console. My [email protected] was missing:Cloud Build Service Account. If you want, please edit something in your answer for me to consider it correct, otherwise I will answer. Thank's

JM Gelilio

12/4/22, 11:57 PM

Glad to know @neuberfran! Upvote on my answer is enough when you feel that it helps you, it still better if you provide your own answer with full details to help others.

JM Gelilio

3/1/23, 7:44 AM

@neuberfran, please post your answer.

Score:0

Server

intotecho

6/9/23, 6:06 AM

In my case, I hadn't delete the service account, just the IAM roles for the service account.

The solution is to go to the IAM page, and add the principal: [PROJECT-ID]@cloudbuild.gserviceaccount.com with role: Cloud Build Service Account

0 + 0

Score:0

Server

Alex Flint

7/29/23, 10:23 PM

In my case I had just recently enabled the Cloud Build API on my project and I merely had to wait an extra 2 minutes and it worked. I'm glad I didn't go messing with the IAM roles in vain while I waited!

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: googleapi: Error 403: [email protected] does not have storage.objects.get access to the Google Cloud Storage object

TH: googleapi: ข้อผิดพลาด 403: [email protected] ไม่มี storage.objects.get เข้าถึงวัตถุ Google Cloud Storage

RO: googleapi: Eroare 403: [email protected] nu are acces storage.objects.get la obiectul Google Cloud Storage

RU: googleapi: ошибка 403: [email protected] не имеет доступа storage.objects.get к объекту Google Cloud Storage

VI: googleapi: Lỗi 403: [email protected] không có quyền truy cập storage.objects.get vào đối tượng Google Cloud Storage

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.