Google-cloud-python: Upload file to GCS with Storage Object Creator role.

Created on 17 May 2017 · 4Comments · Source: googleapis/google-cloud-python

Is there a way to upload a file to GCS using the python api using a service account with write only privileges?

I'm using the following code to do try this right now:

    client = storage.Client.from_service_account_json(
        service_account_filepath,
        project=key_file_dict['project_id'],
    )
    bucket = self.client.get_bucket(gcs_bucket_name)
    blob = bucket.blob(gcs_filepath)
    blob.upload_from_filename(filepath)

This fails at the following line:

    bucket = self.client.get_bucket(gcs_bucket_name)

I get the following error:

...
google/cloud/storage/client.py", line 173, in get_bucket
    bucket.reload(client=self)
...
google.cloud.exceptions.Forbidden: 403 Caller does not have storage.buckets.get access to bucket aircraft-audio-data.

This is kind of expected as my service account has the "Storage Object Creator" role and nothing else.

question storage

Source

tweeter0830

👍1

Most helpful comment

@tweeter0830 Use client.bucket instead of client.get_bucket. This will simply create a local Bucket object without trying to call storage.buckets.get via the API.

dhermes on 17 May 2017

👍3 🎉2

All 4 comments

@tweeter0830 Use client.bucket instead of client.get_bucket. This will simply create a local Bucket object without trying to call storage.buckets.get via the API.

dhermes on 17 May 2017

👍3 🎉2

Thanks!

tweeter0830 on 17 May 2017

Sure thing. Let us know if there is some other problem I hadn't considered, we're happy to help more.

dhermes on 17 May 2017

Super useful !! Could be a good information to include in the API's documentation !