0

I want to transcribe a long audio file to text.

So I created a bucket and set it as private using

gsutil acl set private gs://bucket

then I set the upload only access from a particular account

gsutil acl ch -u myaccount@provider.com:WRITE gs://bucket

then I set the read permission to service account to bucket

gsutil acl ch -u projectname@projectname-a.iam.gserviceaccount.com:R gs://bucket/

then I sent a request using a python program but it returns 403 but if I set the object as public then it returns 200 But I don't want to set the permission as public for files .

Is there anything else I can do ?

Is it compulsory to make the audio file as publicly accessible for text generation?

I followed this to set service account permissions :https://stackoverflow.com/a/45638730/4320263

Abhay
  • 359
  • 1
  • 2
  • 11
  • Where is your python program running on? Your local machine? An app Engine app? And is it trying to write to the bucket? – LundinCast Jun 28 '18 at 08:23
  • @LundinCast Python program is running on local and I am passing bucket object location as payload.Its just sending the POST request to speech API – Abhay Jun 28 '18 at 08:24

1 Answers1

1

Granting a user read permission on a bucket through an ACL doesn't allow the content within to be downloaded, rather just to list the contents. You can either set an ACL read permission on the object itself: 

gsutil acl ch -u projectname@projectname-a.iam.gserviceaccount.com:R gs://bucket/file.xxx

or you can grant Storage Object Viewer IAM policy on the bucket to access the entire bucket's contents.

Stu
  • 148
  • 5