Google-cloud-node: auth error: Caller does not have storage.buckets.create access to project
running the basic storage example, have followed the auth instructions as well and get the error as listed below. Have googled it but very few comments on it and no suggestions as to where the problem might be?
var fs = require('fs');
// Authenticating on a per-API-basis. You don't need to do this if you auth on a
// global basis (see Authentication section above).
var gcs = storage({
projectId: 'grape-spaceship-123',
keyFilename: '/path/to/keyfile.json'
});
// Create a new bucket.
gcs.createBucket('my-new-bucket', function(err, bucket) {
if (!err) {
// "my-new-bucket" was successfully created.
}
});
errors:
[ { domain: 'global',
reason: 'forbidden',
message: 'Caller does not have storage.buckets.create access to project**.' } ],
response: undefined,
message: 'Caller does not have storage.buckets.create access to project**.' }
hosusan6
All 8 comments
That is an error related to IAM permissions. You will have to grant the appropriate permissions to the service account you are using to authenticate with @google-cloud/storage. The IAM page in the console is here: https://console.cloud.google.com/iam-admin/iam/project
stephenplusplus
on 14 Jul 2017
@stephenplusplus just wonder, I've been working with one project and then switched to the other project.
I did gcloud auth login
gcloud container clusters get-credentials --region us-central1 cluster-1
and gcloud config set project <project-id>
But still, when I run my node application google is trying to use my old account
Any ideas why? And how can I clear this cache?
vladyslav2
on 6 Sep 2018
We don't cache anything, so that's a bit of a mystery. Maybe you have to gcloud auth revoke?
stephenplusplus
on 7 Sep 2018
@stephenplusplus currently I found workaround by using GOOGLE_APPLICATION_CREDENTIALS env
doing:
gcloud auth revoke
gcloud auth login
does not have any effect
PS As I told before right now I'm using a new account and I do not use the old account anymore, so I cannot revoke the old one
PSS Any possibility that account hardcoded in the code somewhere? By then why GOOGLE_APPLICATION_CREDENTIALS works?
vladyslav2
on 7 Sep 2018
Sorry, I misunderstood your earlier comment to list the complete steps you go through, however, they only start when you attempt to switch accounts.
The account isn't hardcoded. GOOGLE_APPLICATION_CREDENTIALS is recognized. Could you create a new issue with complete reproduction steps?
stephenplusplus
on 7 Sep 2018
The account isn't hardcoded.
I mean - maybe in the application I'm working with a google account is hardcoded, i.e. its my issue - not yours
Could you create a new issue with complete reproduction steps?
Yes, i'll try
thank you for help!
vladyslav2
on 7 Sep 2018
I had the same problem and it works for me after running:
gcloud auth application-default login
dmarell
on 21 Mar 2019
gcloud auth login - This command resolved error for me -
anonymous caller does not have storage.objects.create access
deependra1984
on 20 Oct 2020
Related issues
arbesfeld
路
4Comments
positlabs
路
3Comments
chadbr
路
3Comments
charly37
路
3Comments
vvzen
路
4Comments
Most helpful comment
That is an error related to IAM permissions. You will have to grant the appropriate permissions to the service account you are using to authenticate with
@google-cloud/storage. The IAM page in the console is here: https://console.cloud.google.com/iam-admin/iam/project