Skip to content
Advertisement

GAE PHP 7 403 FORBIDDEN error while got URL to upload file

I got some problem while managing migration from PHP5 to PHP7.

Actually, what I was doing with php5, to get an URL where upload a file, was something like this:

$options = [ 'gs_bucket_name' => 'mybucket.appspot.com' ];
$myvar = $_GET['myvar'];

$upload_url = CloudStorageTools::createUploadUrl($myvar, $options);

return $upload_url;

I’ve uploaded the library and now I’m trying to use

GoogleCloudStorageStorageClient

I’ve converted the code above to something like this:

$bucketName = 'mybucket.appspot.com';
$objectName =  $_GET['myvar'];

$storage = new StorageClient([
        'scopes' => [
        'https://www.googleapis.com/auth/iam',
        'https://www.googleapis.com/auth/devstorage.full_control',
        ]
    ]);
    
 $bucket = $storage->bucket($bucketName);
 $object = $bucket->object($objectName);
 $upload_url = $object->signedUrl(
            new DateTime('90 min'),
            [
                    'version' => 'v4',
            ]
    );

 return $upload_url;

I got a 403 FORBIDDEN error

Fatal error: Uncaught GuzzleHttpExceptionClientException: Client error: `POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/myproject@appspot.gserviceaccount.com:signBlob?alt=json` resulted in a `403 Forbidden` response:
{
  "error": {
    "code": 403,
    "message": "IAM Service Account Credentials API has not been used in project 123456 (truncated...) 
....

Some suggestions? In the PHP5 version upload is working (with the older code), so I suppose my app angine service account has the correct permissions setted.

Thanks

Advertisement

Answer

Solved by passing .json file for authentication.

$storage = new StorageClient([
    'projectId' => "my_project",
    'keyFilePath' => 'key/serviceaccount.json', 
]);
User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement