Google Cloud - does not have storage.buckets.get access to the Google Cloud Storage bucket

0
votes

I have a service account that has Storage Admin role. When I try to use client.lookup_bucket('xyz') I get the following access error:

google.api_core.exceptions.Forbidden: 403 GET https://storage.googleapis.com/storage/v1/b/xyz?projection=noAcl: <svc_account> does not have storage.buckets.get access to the Google Cloud Storage bucket.

xyz is a bucket that does not exist. I am able to access an existing bucket. But according to documentation - lookup_bucket will get a bucket by name, returning None if not found.

Can anyone tell me why I get the Forbidden error even though I have Storage Admin role (I even tried Owner role for the entire project and I still get the same error)

1
google-cloud-platformgoogle-cloud-storage
Does someone else (another project you do not control) own this bucket?John Hanley
Doesnt seem like it. I dont see any other project on my console but then again I might not have access. Could you tell me how this works. I am authenticating it using the client API which means I am providing the project id. So why will it complain about a bucket in a different project?Fizi
If I own bucket xyz, you will get permission error 403. My comment is, do you own the bucket? If not, do not make assumptions that someone else does not already own it. Look at Samuel's answer below to determine if the bucket name is available.John Hanley
thanks. makes sense now. I was under the impression that bucket names are universal under a project and hence my confusionFizi

1 Answers

3
votes

As you can see here "Every bucket name must be unique". That means that even though you do not have a bucket called "xyz", someone else has it. You can check if this is true by trying to create a bucket with that name, you will receive a message as the below image shows. That is the reason why you get a 403 error. The bucket belongs to someone else and you do not have access to it.

enter image description here