Please make sure that the service account used to access the cloud storage is Compute Engine service account " [email protected]" with storage object admin role. The API scopes for the storage reader for the vm instance should be read/write.
Please use the document [1] {https://cloud.google.com/container-registry/docs/access-control} for the permissions and roles for the bucket.
Please also provide more details related to your issue like the Permission tab on your cloud console for " gcp-bucket " bucket?
Let's try a simple test by exporting a file from your VM instance to GCS to see if there is any IAM permission or VM scope issue here.
1- Inside the VM instance, run ' gcloud auth list ' to verify if the service account “ [email protected]" is there and active ; if it is not the case, please run ' gcloud config set account [email protected]"
2- If it is not there then we will need to add it to the auth list with their own .json key by following this document [2] {https://cloud.google.com/sdk/gcloud/reference/auth/activate-service-account }, Then you can continue with ' gcloud config set account “ [email protected]"
3- Run the following command to create a sample text file in your Cloud Shell: ' echo "this is a sample file" > sample.txt '
4- You can create another bucket if you don't want to use "gcp-bucket" ' gsutil mb -l us-central1 gs://test '
5- Run the following command to copy the file to the bucket "gcp-bucket
" gsutil cp sample.txt gs://gcp-bucket
6- List the items in the bucket ' gsutil ls gs://YOURBUCKET '
- The idea is to discriminate where the issue is happening: VM Instance, IAM, GCS.
