Access google cloud storage bucket from other project using python

3
votes

lets suppose I have google cloud storage bucket in project X and want to upload object in the bucket which is in project X from Code(Python) which is deployed on project Y. Both project X and Y are under same credentials(login id).

Is it achievable using OAuth2.0 or any other suggestion? I have tried using Service Account,AppAssertionCredentials & OAuth2DecoratorFromClientSecrets but failed.

credentials = GoogleCredentials.get_application_default()
service = discovery.build('storage', 'v1', credentials=credentials)
req = service.objects().insert(
            bucket=bucket_name,
            name=fileName,
            media_body=media)
1
python-2.7google-app-enginegoogle-oauthgoogle-cloud-storage

1 Answers

4
votes

This is a very common use case. You don't need to do anything special in your code to access buckets in other projects. Bucket names are globally unique, so your app will refer to an existing bucket in another project in the same way that it refers to buckets in its own project.

In order for that insert call to succeed, though, you'll need to make the account that is running that code an OWNER of the bucket that you're writing to.

Is that app engine code? App engine code runs as a particular service account. You'll need to grant permission to that service account. Head over to https://console.developers.google.com/permissions/serviceaccounts?project=_ to find out the name of that service account. It's probably something like It's probably [email protected].

Now, using the GCS UI, or via gsutil, give that account full control over the bucket:

gsutil acl ch -u [email protected]:FC gs://myBucketName