1

I have activated the service account that has Storage Admin rights. When I run gsutil -d version -1 it shows that it is pointing to the BOTO file. I can run the scheduled task if I'm logged into the server without an issue. If I try and run it while logged out I get

ServiceException: 401 Anonymous caller does not have storage.objects.create access

I know I'm missing something.

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Google\Cloud SDK\cloud_env.bat"" 

gsutil -m mv \\Local Server Share gs://Google Cloud Bucket
TylerH
  • 20,799
  • 66
  • 75
  • 101
Christopher Riker
  • 11
  • 3

1 Answers1

0

The exception indicates that no access token ("Authorization" HTTP header) was sent with the request, which generally means either no BOTO file was loaded, or the BOTO file that was loaded contained no credential settings. Try running gsutil version -l again after you log out, and see if it points to a BOTO file.

bshu
  • 1
  • Everything looks good (see below). I'm not sure how you want me to run the command after I log out. I tried to run it without being logged but nothing writes to the log file. --- pass cloud sdk credentials to gsutil: True config path(s): C:\Users\tmanager\AppData\Roaming\gcloud\legacy_credentials\qnap -backup@upheld-acumen-148821.iam.gserviceaccount.com\.boto – Christopher Riker Sep 26 '18 at 20:05
  • The .BOTO file shows this [Credentials] gs_service_key_file = C:\Users\tmanager\AppData\Roaming\gcloud\legacy_credentials\qnap-backup@upheld-acumen-148821.iam.gserviceaccount.com\adc.json – Christopher Riker Sep 26 '18 at 20:11
  • Could you please clarify what you mean by logging out ? – bshu Sep 26 '18 at 21:01
  • I switched the auth account and the went back to the service account I want. – Christopher Riker Sep 27 '18 at 13:34
  • I installed it fresh on a new server and I still get the same ServiceException: 401 Anonymous caller does not have storage.objects.create access. I ran in from a Windows 10 machine and had no issues. Is there something different I have to do on a Windows Server 2012 R2? – Christopher Riker Sep 27 '18 at 18:58
  • The issue could be that the scheduled task doesn't have permission to access the BOTO file or isn't accessing the right location. The path of the BOTO file you shared seems to be under a user-specific location (C:\Users\tmanager). You can try configuring BOTO_CONFIG environment variable to point to the path of the BOTO file that works (and also check that whoever the task scheduler runs as has permission to access it). Here are some of the instructions for configuring BOTO_CONFIG:https://cloud.google.com/storage/docs/gsutil/commands/config#configuration-file-selection-procedure – bshu Sep 28 '18 at 01:20
  • tmanager has permission to the .boto file and was logged in when the service account was activated. I'm having issues with how to run the BOTO_CONFIG I tried running /etc/projects/my_project_id.boto.cfg;c:\users\tmanager\.boto and it comes back saying it can't find the path specified. I really appreciate your help on this. – Christopher Riker Oct 02 '18 at 18:15