Access to Google Cloud Storage is denied and MapReduce. Can't add service account to developer list
I am running a MapReduce job on Google App Engine with similar configuration:
MapReduceSettings.Builder()
.setBucketName("my-bucket")
.setWorkerQueueName(QUEUE_NAME)
.setModule(MODULE)
.build();
The bucket is used for temporary data using App Engine itself.
The problem is when I run the job, it fails with the following stacktrace command:
com.sun.jersey.spi.container.ContainerResponse mapMappableContainerException: The RuntimeException could not be mapped to a response, re-throwing to the HTTP container
java.lang.RuntimeException: Writeable Bucket 'my-bucket' test failed. See http://developers.google.com/appengine/docs/java/googlecloudstorageclient/activate for more information on how to setup Google Cloude storage.
at com.google.appengine.tools.mapreduce.MapReduceSettings.verifyAndSetBucketName(MapReduceSettings.java:134)
at com.google.appengine.tools.mapreduce.MapReduceSettings.<init>(MapReduceSettings.java:89)
at com.google.appengine.tools.mapreduce.MapReduceSettings.<init>(MapReduceSettings.java:31)
at com.google.appengine.tools.mapreduce.MapReduceSettings$Builder.build(MapReduceSettings.java:83)
at
...
...
Caused by: com.google.appengine.tools.cloudstorage.NonRetriableException: java.lang.RuntimeException: Server replied with 403, verify ACLs are set correctly on the object and bucket: Request: DELETE https://storage.googleapis.com/my-bucket/2f249469-c77a-4540-bbbd-45fcd27d7600.tmp
User-Agent: App Engine GCS Client
no content
Response: 403 with 111 bytes of content
Content-Type: application/xml; charset=UTF-8
Content-Length: 111
Vary: Origin
Date: Tue, 12 Aug 2014 18:20:20 GMT
Expires: Tue, 12 Aug 2014 18:20:20 GMT
Cache-Control: private, max-age=0
Server: UploadServer ("Built on Jul 31 2014 18:25:34 (1406856334)")
Alternate-Protocol: 443:quic
X-Google-Cache-Control: remote-fetch
Via: HTTP/1.1 GWA
<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>
I already tried to add the service account name ( name-of-my-app@appspot.gserviceaccount.com ) as a team member but next to the user it keeps talking
Invitation sent. Waiting for an answer.
How do I add the service account to the developer list so that I can access my bucket?
thank
source to share
I solved it with the gsutils command line tool:
gsutil acl ch -u name-of-my-app@appspot.gserviceaccount.com:WRITE gs://my-bucket
According to Google Storage documentation, sometimes it is not possible to add a service account to the developer list, even if they don't say why
Note. In some cases, you may not be able to add a service account as a team member. If you are unable to add the service account, use an alternative method, bucket ACLs, as described below.
source to share