I tried to transfer a file from Amazon S3 to Google Cloud Storage using API. I did successfully on the GCP console but when I'm writing a Python script using a service account credential, I got HttpError 403 when requesting https://storagetransfer.googleapis.com/v1/transferJobs?alt=json returned "The caller does not have permission
Also, My service account is already a Storage Object Admin.
The script I'm using
import google.auth
import google_auth_httplib2
import google.oauth2.service_account
from googleapiclient.discovery import build
_DEFAULT_SCOPES = ('https://www.googleapis.com/auth/cloud-platform',)
credentials = (
google.oauth2.service_account.Credentials.from_service_account_file(
key_path, scopes=_DEFAULT_SCOPES)
)
http = httplib2.Http()
http_authorized = google_auth_httplib2.AuthorizedHttp(
credentials, http=http)
conn = build('storagetransfer', 'v1', http=http_authorized, cache_discovery=False)
now = datetime.datetime.utcnow()
project_id='projectid'
transfer_spec = {
'awsS3DataSource': {
'bucketName': 's3_bucket',
'awsAccessKey': {
'accessKeyId': 'key',
'secretAccessKey': 'secret',
}
},
'gcsDataSink': {
'bucketName': 'bucket',
},
'objectConditions': {'includePrefixes': ['PREFIX']},
'transferOptions': {'overwriteObjectsAlreadyExistingInSink': True},
}
transfer_job = {
'status': 'ENABLED',
'projectId': project_id,
'transferSpec': transfer_spec,
'schedule': {
'scheduleStartDate': {
'day': now.day,
'month': now.month,
'year': now.year,
},
'scheduleEndDate': {
'day': now.day,
'month': now.month,
'year': now.year,
}
}
}
job = conn.transferJobs().create(body=transfer_job).execute()
Does anyone know what's missing?
Docs: https://cloud.google.com/storage-transfer/docs/reference/rest/v1/transferJobs/create
