I am trying to check if a bucket exists in Laravel PHP.
I am getting a 403 on the exists() method. Why?
See line 160 https://github.com/googleapis/google-cloud-php/blob/master/Storage/src/Bucket.php
$storageClient = new \Google\Cloud\Storage\StorageClient([
'projectId' => env('GCS_PROJECT_ID'),
'keyFilePath' => storage_path(env('GCS_KEY_FILE')),
]);
$bucket = $storageClient->bucket('mybucketname');
if (!$bucket->exists()) {
$bucket = $storageClient->createBucket('mybucketname');
}
{ "error": {
"code": 403,
"message": "myaccount#api-project-xxxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to downloads.",
"errors": [ {
"message": "myaccount#api-project-xxxxxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to mybucketname.",
"domain": "global",
"reason": "forbidden"
} ]
} }
Your service account does not have the storage.buckets.get permission. In order to check whether a bucket exists and then create it, assign roles/storage.admin to your service account.
For reference, see:
Cloud IAM roles for Cloud Storage
Cloud IAM permissions for Cloud Storage
Related
I'm trying to upload an image to my Firebase Storage using Laravel (PHP).
public function uploadObject($bucketName, $objectName, $source) {
$projectId = 'cloudestate-d10da';
$storage = new StorageClient([
'projectId' => $projectId,
'keyFilePath' => __DIR__.'/StorageAcc.json'
]);
$file = fopen($source, 'r');
$bucket = $storage->bucket("images");
$object = $bucket->upload($file, [
'name' => $objectName
]);
printf('Uploaded %s to gs://%s/%s' . PHP_EOL, basename($source), $bucketName, $objectName);
}
But when I try to run it I get the following error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "storageacc#cloudestate-d10da.iam.gserviceaccount.com does not have storage.objects.create access to images/testezc.png."
}
],
"code": 403,
"message": "storageacc#cloudestate-d10da.iam.gserviceaccount.com does not have storage.objects.create access to images/testezc.png."
}
}
I also gave my Service Account "Owner" role but didn't seem to fix the error.
First, you must verify that the configuration variables that are used are the same as the project you are trying to run. Try printing the environment variables.
console.log(process.env.FIREBASE_CONFIG)
Firebase establishes by default this configuration. If you want to change this variables you can use.
curl -sL https://firebase.tools | bash
Then proceed to authenticate yourself:
firebase login
Then list the project that are available:
firebase projects:list
To view all the project aliases:
firebase use
Then to match the project configuration variables set the alias you are using to the current local environment.
firebase use <alias>
Finally, verify the configuration variables are those you needed.
How do i create permission on google sheet on docs. Here it's show the error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
here my code. i use php library.
function insertPermission($fileId) {
$client = $this->getClient();
$client->setScopes(Google_Service_Drive::DRIVE);
$service = new Google_Service_Drive($client);
$newPermission = new Google_Service_Drive_Permission(
array(
"role"=> "writer",
"type"=> "domain",)
);
try {
return $service->permissions->create($fileId, $newPermission);
} catch (Exception $e) {
print "An error occurred: " . $e->getMessage();
}
return NULL;
}
After set permisson it's denied and return this error.
The permissions.create method can be used to insert permissions into a file on google drive.
POST https://www.googleapis.com/drive/v3/files/fileId/permissions
{
"role": "writer",
"type": "user",
"emailAddress": "test#test.com"
}
In order to run the above request the currently authenticated user must have been authenticated using the following scopes and of course have permissions on the file already
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.file
insufficientPermissions
Means that the user you are authenticated with either hasn't granted your application permissions to make these changes or they themselves do not have the permissions. First thing i would do would be check the scopes your application has requested and add the scopes needed and re-authenticated the user and try again.
befor i ask i want to introduce my first steps.
I used this for example: PHP Quickstart
Install google/apiclient via composer
Create a project in Google Developers Console
Add credentials to my project
Upload client_secret.json to my webserver
Run the script & enter the code
Credentials saved to /files/php-yt-oauth2.json
This channel's ID is UC_x5XG1OV2P6uZZ5FSM9Ttw. Its title is Google Developers, and it has 125874726 views.
Now i want to list all videos of one playlist:
function playlistItemsListByPlaylistId($service, $part, $params) {
$params = array_filter($params);
$response = $service->playlistItems->listPlaylistItems(
$part,
$params
);
print_r($response);
}
playlistItemsListByPlaylistId($service,
'snippet',
array('maxResults' => 1, 'playlistId' => 'ID'));
An get the following error:
[23-Dec-2017 14:29:59 Europe/Berlin] PHP Fatal error: Uncaught Google_Service_Exception: {
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
in /html/sa/vendor/google/apiclient/src/Google/Http/REST.php:118
I dont know whats going wrong and i hope someone can help me with this issue.
I am unable to delete a folder (created by another person) even if I try to change the rights, I have a console application and the current authenticated user can do the following :
create folders/files
move files
Scopes:
'https://www.googleapis.com/auth/drive',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.appdata',
'https://spreadsheets.google.com/feeds',
Tries:
1.Set permissions to the current user
public function deleteFolder(\Google_Service_Drive_DriveFile $folder)
{
$permission = new \Google_Service_Drive_Permission();
$permission->setRole( 'owner' );
$permission->setType( 'user' );
$permission->setEmailAddress('someId#developer.gserviceaccount.com');
$permission = $this->googleDriveClient->permissions->create( $folder->getId(),$permission,array('transferOwnership'=>true));
$this->googleDriveClient->files->delete($folder->getId());
}
Result:
[Google_Service_Exception] {
"error": {
"errors": [
{
"domain": "global",
"reason": "internalError",
"message": "Internal Error"
}
],
"code": 500,
"message": "Internal Error" } }
2.Set permission type to anyone
public function deleteFolder(\Google_Service_Drive_DriveFile $folder)
{
$permission = new \Google_Service_Drive_Permission();
$permission->setRole( 'owner' );
$permission->setType( 'anyone' );
$permission = $this->googleDriveClient->permissions->create( $folder->getId(),$permission,array('transferOwnership'=>true));
$this->googleDriveClient->files->delete($folder->getId());
}
Result:
[Google_Service_Exception]
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file ."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file." }
}
try 3: Impersonate the creator
$this->googleClient->setAccessType('offline');
$this->googleClient->setSubject('x#domain.com');//if removed everything works
[GuzzleHttp\Exception\ClientException]
Client error: POST https://www.googleapis.com/oauth2/v4/token
resulted in a 401 Unauthorized response:
{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request.",
"error_uri": ""
}
Am I missing something?
Only the owner of the folder can delete the folder.
Use a service account Using OAuth 2.0 for Server to Server Applications, take the identity of the owner of the folder Perform Google Apps Domain-Wide Delegation of Authority.
Once authorized as the owner of the folder it should be possible to delete the folder.
I used Symfony and I need create file in google drive and add access to write for another user to this file. I read google api drive
intsall google/apiclient
and run qiuck star, I get name for my share file. But I not find how to create new file and how to share this file for some user, this is possible ?
I find how to create file and add to quick start
crate file
$fileMetadata = new Google_Service_Drive_DriveFile(array(
'name' => 'Project plan',
'mimeType' => 'application/vnd.google-apps.drive-sdk'));
$file = $service->files->create($fileMetadata, array(
'fields' => 'id'));
printf("File ID: %s\n", $file->id);
but have error
PHP Fatal error: Uncaught exception 'Google_Service_Exception' with message 'Error calling POST https://www.googleapis.com/drive/v3/files?fields=id: (403) Insufficient Permission' in /home/ivan/host/aog-code/vendor/google/apiclient/src/Google/Http/REST.php:110
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
how to correct add file and add to permission for some user to this file ?