Interestingly, your code works fine for me on the development server without any application default credentials set, or when setting GOOGLE_APPLICATION_CREDENTIALS to a service account key without any role set.
The name app_default_bucket would be the bucket name returned on the development server with app_identity.get_default_gcs_bucket_name(), but it appears that gcs.open() is calling the production GCS XML API. Could you share the full contents of the source file and the steps you're using to run the app? On Saturday, December 3, 2016 at 12:34:39 PM UTC-5, Mike Lucente wrote: > > I'm getting "Access Denied" trying to open a GCS file for writing. I'm > using these instructions: > https://cloud.google.com/appengine/docs/python/googlecloudstorageclient/read-write-to-cloud-storage. > > Googling not helping much. Thanks in advance. > > Here's my code and the error: > > bucket_name = os.environ.get('BUCKET_NAME', > app_identity.get_default_gcs_bucket_name()) > filename = '/' + bucket_name + '/' + 'myfile' > print filename > gcs_file = gcs.open(filename, > 'w', > content_type='text/plain') > > ForbiddenError: Expect status [201] from Google Storage. But got status > 403. > Path: '/app_default_bucket/myfile'. > Request headers: {'accept-encoding': 'gzip, *', 'content-type': > 'text/plain', 'x-goog-api-version': '2', 'x-goog-resumable': 'start'}. > Response headers: {'server': 'UploadServer', 'vary': 'Origin', > 'content-length': '210', 'x-guploader-uploadid': > 'AEnB2UrEb9QG7lLMhN-Fu_kjPLbVwSuKfufgxIufy37ENZq0bK97IMaPdIuxA0ao4pTfuGAhZyi5hWzG5eqvBKEFk0nwheghJbkH4MlUSgFdKVzkFgt6rO8', > > 'content-type': 'application/xml; charset=UTF-8', 'alt-svc': 'quic=":443"; > ma=2592000; v="36,35,34"', 'date': 'Sat, 03 Dec 2016 17:33:41 GMT'}. > Body: "<?xml version='1.0' > encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access > denied.</Message><Details>Caller does not have storage.objects.create > access to bucket app_default_bucket.</Details></Error>". > Extra info: None. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/5f49f8b0-6b45-45af-a318-e8551a9242ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
