How to grant multiple appengine projects access to the same Cloud Storage bucket?

Question

Google Cloud console allows creating buckets from inside a project and edit the Access Control List. I created a bucket, bucket-foo from one of my apps app1

Now I would like to use the same bucket inside another app2. I am unable to figure out how to allow app2 access to the same bucket that I created under app1.

Answer 1

You can add app2's service account to the bucket's ACL list to allow the app access to the bucket.

First you need to find the app's service account name, which is listed in the Application Settings page in the Admin Console, but it's also just <app-id>@appspot.gservicaccount.com

Then add that that account to the ACL for bucket-foo using gsutil acl ch, by adding app2's service account to the ACL list.

In the end it'll probably be something like this:

gsutil acl ch -u -R [email protected]:WRITE gs://bucket-foo

Answer 2

This Google documentation worked for me: https://cloud.google.com/appengine/docs/python/console/datastoreadmin?hl=lv#restoring_data_to_another_app

Restoring data to another app

If you back up your data using Google Cloud Storage, you can restore backups to apps other than the one used to create the backup.

To restore backup data from one app to a different app:

1. Using the Google Cloud Platform Console, locate the project that has the bucket used for your backups and add the target app (the App Engine default service account email of the app you are restoring to) to the project team with Edit permissions.
2. Make a new backup in your applications whose data is to be copied. The permissions set in the previous step are not retroactive to existing backups, so the target app will not be able to access those earlier backups. The target app can access only backups made after it was given permissions.
3. Optionally, disable Datastore writes for your target app. (This is normally a good idea, to avoid conflicts between the restore and any new data written to the Datastore.)
4. Go to the Admin page for the target app and click Open Datastore Admin.
5. In the textbox next to the button labelled Import Backup Information specify the bucket containing the backup, in the format /gs/my_bucket. This will result in a displayed list of all the backups in that bucket. Alternatively, supply the file handle for a specific backup; the handle can be obtained from the source application by selecting the backup and clicking Info; the file handle appears next to the label Handle.
6. Click Import Backup Information.
7. The resulting selection page shows the available backups for the bucket you specified, unless you specified a backup by its handle. Select the desired backup and click one of the following: Add to Backup List if you want this backup to be retained in the list of available backups for your app. Restore From Backup if you want to restore from this backup but do not want the backup displayed in the list of available backups for your app.
8. In the advisory page that is displayed, notice the list of entities with checkboxes. By default, all of the entities will be restored. Uncheck the checkbox next to each entity that you don't want to restore.
9. Also in the advisory page, notice that the default queue, with its pre-configured performance settings, is used for the restore job. Change this to another queue that you have configured differently if you need different queue performance characteristics.
10. Start the restore by clicking Restore. Notice that a job status page is displayed.
11. If you disabled writes, re-enable Datastore writes for your application.