Google Cloud Storage bucket->exists gives 403

I am trying to check if a bucket exists in Laravel PHP. I am getting a 403 on the exists() method. Why?

See line 160 https://github.com/googleapis/google-cloud-php/blob/master/Storage/src/Bucket.php

$storageClient = new GoogleCloudStorageStorageClient([
    'projectId' => env('GCS_PROJECT_ID'),
    'keyFilePath' => storage_path(env('GCS_KEY_FILE')),
]);
$bucket = $storageClient->bucket('mybucketname');

if (!$bucket->exists()) {
    $bucket = $storageClient->createBucket('mybucketname');
}

{ "error": {
    "code": 403,
    "message": "myaccount@api-project-xxxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to downloads.",
    "errors": [ {
        "message": "myaccount@api-project-xxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to mybucketname.",
        "domain": "global",
        "reason": "forbidden"
    } ]
} }

JavaScript
​x
 
$storageClient = new GoogleCloudStorageStorageClient([    'projectId' => env('GCS_PROJECT_ID'),    'keyFilePath' => storage_path(env('GCS_KEY_FILE')),]);$bucket = $storageClient->bucket('mybucketname');​if (!$bucket->exists()) {    $bucket = $storageClient->createBucket('mybucketname');}​{ "error": {    "code": 403,    "message": "myaccount@api-project-xxxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to downloads.",    "errors": [ {        "message": "myaccount@api-project-xxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to mybucketname.",        "domain": "global",        "reason": "forbidden"    } ]} } ​

Answer

Your service account does not have the storage.buckets.get permission. In order to check whether a bucket exists and then create it, assign roles/storage.admin to your service account.

For reference, see:

Advertisement

Answer