This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Service account stopped working

Posted on 01-24-2023 09:30 AM
arik
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I've been using a service account to load data into my gcp bucket.
It was working fine for a year, and suddenly I started getting a permission saying:

AccessDeniedException: 403 ***@***.iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket. Permission 'storage.buckets.get' denied on resource (or it may not exist).

I checked the service account roles, and it has "Storage Object Admin"  
In addition it wasn't changed recently.

Any idea what's the issue here?

Solved Solved
0 9 6,616
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
arik
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thanks again @kolban , I found the root cause.
On my local machine I was running gsutil version 4.59. 
I assumed the cause might be that github actions use the lates gsutil version each time it runs.
So I updated my local gsutil version to latest, which is 5.18.
And voila... now it failed locally as well.
On the old version, gsutil wasn't asking for the storage.buckets.get permission. (verified that on the gcp bucket access logs)

Adding this permission to my service account solved the issue.

Thanks for the help!

View solution in original post

Jump to Solution
9 REPLIES 9
Top Labels in this Space
Top Solution Authors
View all