TechQA.

does not have storage.objects.get access to the Google Cloud Storage object

176 views Asked by At

I am trying to download sales report via python code. Here's my code:

import json

from httplib2 import Http

from oauth2client.client import SignedJwtAssertionCredentials

from apiclient.discovery import build

# Change these variables to fit your case

client_email = 'nameofserviceaccount.iam.gserviceaccount.com'

json_file = '/Users/xxx/Downloads/key.json'

cloud_storage_bucket = 'pubsite_prod_rev_XXXXXXX'

report_to_download = 'earnings/earnings_XXXXX.zip'

 
private_key = json.loads(open(json_file).read())['private_key']

credentials = SignedJwtAssertionCredentials(client_email, private_key,'https://www.googleapis.com/auth/devstorage.read_only')

storage = build('storage', 'v1', http=credentials.authorize(Http()))

try:
    response = storage.objects().get(bucket=cloud_storage_bucket, object=report_to_download).execute()
    print(response)
except Exception as e:
    print(f"Error: {e}")

and i get this error: <HttpError 403 when requesting https://storage.googleapis.com/storage/v1/b/pubsite_prod_rev_XXXXXXX/o/earnings%2Fearnings_XXXXXXX.zip?alt=json returned "nameofserviceaccount.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object. Permission 'storage.objects.get' denied on resource (or it may not exist).". Details: "[{'message': "nameofserviceaccount.iam.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object. Permission 'storage.objects.get' denied on resource (or it may not exist).", 'domain': 'global', 'reason': 'forbidden'}]">

Here are other details:

  1. My service account has the following permission: Storage Admin and Storage Object Admin
  2. I have tried deleting and creating my service account, still the same issue.
  3. I have tried editing descriptions of my in app products, still the same issue.
  4. Cloud Storage API is enabled.
  5. I tried removing the Storage Admin role from your service account and then add it again.
  6. I tried giving the service account the Storage Object Viewer role separately.

This used to work when API access was still accessible in Settings in Google Play Console. For some reason, Google did an update on how to add API access and this does not work anymore.

google-cloud-platform google-play google-cloud-storage google-play-console google-developers-console
Original Q&A
0

There are 0 answers

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-PLAY

Related Questions in GOOGLE-CLOUD-STORAGE

Related Questions in GOOGLE-PLAY-CONSOLE

Related Questions in GOOGLE-DEVELOPERS-CONSOLE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions