Downloading app reviews using gsutil and service account

2
votes

play store reviews are accessible in a google storage bucket (gs://pubsite_prod_rev_XXXX/reviews/reviews_*). My [email protected] has access to the play store publishing interface and with this user i can download all the review csv's using gsutil.

Is there a way to download the reviews using a service account (i.e. to authorize a service account to read this bucket)? I have created a project and added a service account but i don't see how i can manage the acl of the bucket with the reviews. Therefore I get AccessDeniedException: 403 Forbidden when trying to access this bucket with the service user.

thanks andre

1
androidgoogle-cloud-storage

1 Answers

1
votes

If you want the service account to have read access to the objects in your bucket you can add the service account to the list of accounts that have permission "can view" from the Cloud Console (https://console.developers.google.com, click on the project you're using, then on Permissions).

If you already tried that and the service account still can't read the objects, the ACLs on the objects must not include the service account. Normally the way this would work is objects get created with a default object ACL that grants read access to project readers (the set of readers that you grant read access to from the Cloud Console). However, if you either changed the default object ACL on the bucket (e.g., using the gsutil defacl command) or changed the ACL on the objects themselves (e.g., by setting the ACL when you upload the objects) that may not be the case. I would start by running:

gsutil acl get gs://your-bucket/one-of-the-objects

and:

gsutil defacl get gs://your-bucket