Home > Software design >  Trying to access GCS bucket but getting a `403 - Forbidden` error message
Trying to access GCS bucket but getting a `403 - Forbidden` error message

Time:03-17

I'm hoping to get help with the right permission settings for accessing my files from a Colab app.

Goal

I'd like to be able to access personal images in a CGS bucket from a Colab python notebook running the "Style Transfer for Arbitrary Styles" demo of Tensorflow.

Situation

I setup a GCS bucket, made it public, and was able to retrieve files and use them in the demo.

To avoid having the GCS bucket publicly accessible, I removed allUsers and changed to my account/email that's tied to both Colab and GCS.

That caused the following error message:

Error Messages

Exception: URL fetch failure on https://storage.googleapis.com/01_bucket-02/Portrait-Ali-02-PXL_20220105_233524809.jpg: 403 -- Forbidden

Other Approaches

I'm trying to understand how I should approach this.

Is it a URL problem?

The 'Authenticated URL' caused the above 403 error.

https://storage.cloud.google.com/01_bucket-02/Portrait_82A6118_r01.png

And the gsutil link:

gs://01_bucket-02/Portrait_82A6118_r01.png

Returned this error message:

Exception: URL fetch failure on gs://01_bucket-02/Portrait_82A6118_r01.png: None -- unknown url type: gs

Authentication setup

For IAM I have a service account in the project, as well as my user account (email: [email protected]) that's tied to both the Colab and GCP accounts.

The Service Account role is Storage Admin. The Service Account has an inheritance from the Project. My user account, my email, is Storage Object Viewer

Assessment

Seems like the Authenticated URL is the right one, and it's a permissions issue.

Is this just about having the right permissions set in GCS, or do I need to call anything in the code before trying to return the image at the GCS URL?

I'd greatly appreciate any help or suggestions in how to troubleshoot this.

Thanks

doug

CodePudding user response:

storage.objects.get is the demand for viewing files from GCS, but it looks like your user account or email already has the right permission.

How should I know my account has the right permission?

I think there's a simple solution to figure it out.

  1. copy your Authenticated URL
  2. Paste on any website and search.

If your current account doesn't have the right permission, that will return @Gmail-account does not have storage.objects.get access to the Google Cloud Storage object.

Or you can visit permission of bucket details to check are your email and service over there and have the right role.

  • Related