6

I have used AutoMl Vision api from gcp and trained it with my custom dataset. I'm able to get predict the data GCP console but not able to store the predicted output. For the purpose of storing the predicted data output and to use my local data for prediction I tried the python code that was given as part of API which accepts the image file content, project name and bucket name but when I try to run it is showing me the error: google.api_core.exceptions.PermissionDenied: 403 The caller does not have permission cloud sdk error output

Srikanth kante
  • 121
  • 1
  • 2
  • 5
  • How did you give storage permission? – night-gold Mar 15 '19 at 08:10
  • As this is the first I am using GCP not sure what you are asking, can u please give some more information. – Srikanth kante Mar 19 '19 at 08:39
  • To write inside a bucket you must have a storage permission given to the account, either the account used by you python code or a service account used in this specific part for the upload – night-gold Mar 19 '19 at 09:12
  • In addition to what @adm said For points 5 and 6, I had to manually add the service account I had created to the list and assign the role. I think my gcloud version is a later (243.0.0) – Joshua Apr 26 '19 at 14:30

2 Answers2

13

it is simple first the google cloud documentation is not in sync with the code: Please follow these steps:

1) Open command prompt and fire this: set GOOGLE_APPLICATION_CREDENTIALS= /path/to/your/credentials.json (its best to put it in the same folder as google cloud sdk

2) gcloud auth login ( a webpage will be opened saying you are authenticated after you login in to your google account)

3) gcloud config set project YOUR PROJECT_ID

4) gcloud auth activate-service-account YOUR SERVICE ACCOUNT@projectID.iam.gserviceaccount.com

5) gcloud projects add-iam-policy-binding YOUR PROJECT_ID --member serviceAccount: (the service account you used in step 4)

6)gcloud projects add-iam-policy-binding YOUR PROJECT_ID --member user: (the email you have affiliated to your gcloud account)

7) Done.

if you do have any issues creating a service account see this video: create and use service account

Hope it helps :)

sources: i had the same problem

adm
  • 135
  • 10
  • 2
    Step 4: Throws error: `ERROR: (gcloud.auth.activate-service-account) argument --key-file: Must be specified.` – yardstick17 Mar 20 '22 at 10:57
  • to clarify, in steps 5 & 6, the member arguments are a single string, with the literal prefix shown, including the `:`, followed by the email address which identifies the service account (for step 5), or your google email as specified above for step 6. Also, a `--role` arg was required. I used `roles/reader` for my service account, and had previously effectively granted my user account `roles/owner` through the UI. – Joe Germuska Aug 25 '22 at 16:52
  • re @yardstick17's comment i'm guessing they didn't set the `GOOGLE_APPLICATION_CREDENTIALS` env var; I had, and didn't get the given error. – Joe Germuska Aug 25 '22 at 16:53
0

I was facing the same issue until I added "Cloud Datastore persmission" to my service account in order to access firestore data.

Fred Bro
  • 1