I'm trying to trascript an audio file hosted in a google cloud storage bucket by performing an asyncronous request to google cloud speech. The file is not public. As authentication method, I use service account. Google cloud speech return a permission denied error. With public files, instead, it works.
What can I do? Thanks.
Access control to Cloud Storage can be managed with different options, as detailed in this documentation page.
Using the approach suggested in the accepted answer, you are providing access through an Access Control List (ACL). In general, it is recommended to use Identity and Access Management (IAM) instead, but using ACL is the approach that you want to follow when you need fine-detailed control over individual objects. Using the command gsutil acl ch -u [email protected]:R gs://bucket/object, you provided access to a specific object in your bucket, in this case, the audio file hosted in Cloud Storage.
However, if your idea is to use Speech API with more files stored in Cloud Storage, you should consider granting permissions to your service account using an IAM role of the list such as roles/storage.objectViewer. That way, your service account can have access to the whole bucket and you do not need to grant access for each individual file.
The service account needs permission to read the file. Try this:
$ gsutil acl ch -u [email protected]:R gs://bucket/object
