Google VM not enough permissions to write on mounted bucket

Question

I am running a Google Compute Instance which must be able to connect to read and write to a bucket that is mounted locally.

At the moment, while ssh-ed into the machine I have the permission to read all the files in the directory but not to write them.

Here some more details:

gcloud init
account: PROJECT_NUMBER-compute@developer.gserviceaccount.com

When looking at the IAMs on google platform, this IAM has proprietary role, so that it should be able to access to all the resources in the project.

gcsfuse -o allow_other --file-mode 777 --dir-mode 777 --o nonempty BUCKET LOCAL_DIR

now looking at permissions, all file have (as expected)

ls -lh LOCAL_DIR/
drwxrwxrwx 1 ubuntu ubuntu 0 Jul  2 11:51 folder

However, when running a very simple python code saving a pickle into one of these directories, i get the following error

OSError: [Errno 5] Input/output error: FILENAME

If I run the gcsuse with --foreground flag, the error it produces is

fuse: 2018/07/02 12:31:05.353525 *fuseops.GetXattrOp error: function not implemented
fuse: 2018/07/02 12:31:05.362076 *fuseops.SetInodeAttributesOp error: SetMtime: \
UpdateObject: googleapi: Error 403: Insufficient Permission, insufficientPermissions

Which is weird as the account on the VM has proprietary role.

Any guess on how to overcome this?

Answer 1

Your instance requires the appropriate scopes to access GCS buckets. You can view the scopes through the console or using gcloud compute instances describe [instance_name] | grep scopes -A 10

You must have Storage read/write or https://www.googleapis.com/auth/devstorage.read_write