GCS bucket access denied while in GKE node

Question

I am accessing data stored in GCS bucket while running Python within a container in a GKE node within the same project.

I can run gsutil ls without problems, but when I try to access the bucket with Python, I get a permission error:

raise exceptions.from_http_response(response)
google.api_core.exceptions.Forbidden: 403 GET https://storage.googleapis.com/storage/v1/b/xxxxxxxx/o?maxResults=1&projection=noAcl&prefix=test%2F&prettyPrint=false: Caller does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist).

I am listing the GCS bucket using the answer from @Robino in this post. For brevity, I copied it here:

import google.cloud.storage as gcs
client = gcs.Client()

BUCKET_NAME = "abc"
blobs = client.list_blobs(
    BUCKET_NAME,
    prefix="xyz/",  # <- you need the trailing slash
    delimiter="/",
    max_results=1,
)
next(blobs, ...) # Force blobs to load.

score 0 · Answer 1 · answered Feb 03 '23 at 10:53

0

The problem was that the authentication configs were not picked by python. Calling gcloud auth application-default login solved it.

answered Feb 03 '23 at 10:53

Anon1284712

35
3

GCS bucket access denied while in GKE node

1 Answers1