0

I am trying to create a GCS bucket using Deployment Manager using the following resource config:

resources:
- type: storage.v1.bucket
  name: upload-bucket
  properties:
    project: <project-id>
    name: <unique-bucket-name>

However, I get the following error:

- code: RESOURCE_ERROR
  location: /deployments/the-bucket/resources/upload-bucket
  message: '{"ResourceType":"storage.v1.bucket","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"[email protected]
    does not have storage.buckets.get access to upload-bucket.","reason":"forbidden"}],"message":"[email protected]
    does not have storage.buckets.get access to upload-bucket.","statusMessage":"Forbidden","requestPath":"https://www.googleapis.com/storage/v1/b/upload-bucket","httpMethod":"GET","suggestion":"Consider
    granting permissions to [email protected]"}}'

The role of [email protected] is Project Editor by default (which surely has enough permissions?), however I've also tried adding Storage Admin and Project Owner - neither seems to help.

My 2 questions are:

  1. Why it is trying to use this service account?
  2. How can I get Deployment Manager to be able to create a bucket?

Thanks

3 Answers 3

Reset to default
1

I ran into the exact same problem. Allow me to restate Andres S's answer more clearly.

When you wrote

resources:
- type: storage.v1.bucket
  name: upload-bucket
  properties:
    project: <project-id>
    name: <unique-bucket-name>

you probably intended create a bucket called <unique-bucket-name> and figured that upload-bucket would just be a name to refer to this bucket in the Deployment Manager. What GCP actually did was attempt to use upload-bucket as the actual bucket name. As far as I can tell, <unique-bucket-name> is never used. This caused a problem, since someone else already owns the bucket upload-bucket.

2
  • I recommend adding code snippet to your answer and reference it. Kudos for mentioning that Andre is correct but you don't have control over other answers. That one could get edited or deleted and then the context of your answer is broken. Make that change and @ me and I'll upvote your answer because it definitely adds clarity.
    – Rodger
    Commented Mar 12, 2020 at 23:20
  • @Rodger. Done. Thank you!
    – bashkirin
    Commented Mar 13, 2020 at 20:58
1

I recently run into similar issue, where Deployment Manager failed to create the bucket.

I have verified that:

  • the permissions are not an issue as the same deployment contained other bucket that was created.
  • the bucket name is not an issue as I was able to create the bucket manually.

After some googling I found there is other way to create the bucket. Instead of using type: storage.v1.bucket you can also use type: gcp-types/storage-v1:buckets.

So my final solution was to create the bucket like this:

- name: images-bucket
  type: gcp-types/storage-v1:buckets
  properties:
    name: images-my-project-name
    location: "eu"
0

Try this code, I think you are specifying the name twice.

resources:
- type: storage.v1.bucket
  name: <unique-bucket-name>
  properties:
    project: <project-id>
2
  • That was what I originally tried, it gave the same error.
    – tomphp
    Commented Aug 9, 2019 at 22:05
  • The code should work as it is, make sure you are using a unique bucket name, you can also try removing the project property or adding the storageclass property below the project-id in the code example [storageClass: MULTI_REGIONAL]
    – Andres S
    Commented Aug 12, 2019 at 13:09

Not the answer you're looking for? Browse other questions tagged or ask your own question.