Score:2

service account with Storage Admin role does not have storage.buckets.get access

US flag

I'm trying to get a bucket on gcp from a pod on kubernetes using python.

Now the service account on that pod has a role of storage admin but for some reason I still get an exception when trying to access that bucket.

IAM: enter image description here Error log:

google.api_core.exceptions.Forbidden: 403 GET https://www.googleapis.com/storage/v1/b/<bucket_name>?projection=noAcl: 874<principal> does not have storage.buckets.get access to the Google Cloud Storage bucket.

Code:

client = storage.Client(project='<project-id>')
client.get_bucket(<bucket_name>)

Does someone has any idea on why something like that could happen? It should have the highest priorities regarding the storage...

Score:1
kp flag

This error can occur below in two ways, Have a look into this solutions and check accordingly :

1.storage.objects.get is the demand for viewing files from GCS, but it looks like your user account or email already has the right permission.

To check the permissions follow the steps below :

copy your Authenticated URL Paste on any website and search. If your current account doesn't have the right permission, that will return @Gmail-account does not have storage.objects.get access to the Google Cloud Storage object Or you can visit permission of bucket details to check are your email and service over there and have the right role.

  1. Every bucket name must be unique. That means that even though you do not have a bucket called "ABC", someone else has it. You can check if this is true by trying to create a bucket with that name, you will receive a message that the bucket name is already taken. That is the reason why you get a 403 error. The bucket belongs to someone else and you do not have access to it.
Ema Il avatar
md
1. if it's a service account how can I check it's permissions? I don't have access to a browser with that service account connected to it 2. if the service account has an admin permissions couldn't it access someone else bucket even tho he's not it's owner?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.