0

I am trying to mount a bucket using gscfuse, and the command is unable to be run from a service account.

When I run gcloud auth list, the service account is selected.

selected account

However, when I run the command gcsfuse testing_bucket_images "$HOME/mount-folder", I receive the error

daemonize.Run: readFromProcess: sub-process: mountWithArgs: mountWithConn: Mount: mount: running /usr/bin/fusermount: exit status 1

When I debugged the issue with this command gcsfuse --foreground --debug_fuse --debug_fs --debug_gcs --debug_http -o nonempty new_cool_bucket /home/ACCOUNT_NAME_TEMP/path,

this is the response

mountWithArgs: mountWithConn: fs.NewServer: create file system: SetUpBucket: Error in iterating through objects: googleapi: Error 403: ACCOUNT_NAME_TEMP does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist)., forbidden

however, the ACCOUNT_NAME_TEMP is not the service account I am using. It is my google account. How can I run this command with the service account?

vimuth
  • 5,064
  • 33
  • 79
  • 116
ohnodev
  • 1
  • What's the permission of your service account? – guillaume blaquiere May 04 '23 at 07:42
  • Run the command `gcloud auth application-default login` and try again. Applications use ADC (application default credentials) which are a different set of credentials from `gcloud auth login`. The latter authorizes the CLI. – John Hanley May 04 '23 at 17:54
  • @guillaume blaquiere - the service account does have the google cloud storage permission that is needed of storage manager – ohnodev May 04 '23 at 22:10
  • @john haley - when i tried using that, it uses my own credentials, which does not have the permission to manage google storage. Only the service account has the permission. – ohnodev May 04 '23 at 22:11
  • `gcloud auth login` is for the CLI and does not provide credentials for gcsfuse. You will need to correctly setup `gcloud auth application-default login` with an account that has the required IAM roles, use the command flag `--key-file` or the environment variable `GOOGLE_APPLICATION_CREDENTIALS` – John Hanley May 04 '23 at 22:18
  • What are the roles? Cloud Storage permission means nothing! – guillaume blaquiere May 05 '23 at 08:21

0 Answers0