Error: 7 PERMISSION_DENIED: The caller does not have permission

Question

Error: 7 PERMISSION_DENIED: The caller does not have permission

Closed this issue 3 years ago · 3 comments

Hi,

I can't for the life of me figure out what I'm doing wrong.

I've got the key for the service account in the json file which was downloaded when creating the key.
The service account has StorageAdmin role on the bucket
But still I get this:

node ./sftp-gcs.js --bucket=developer-1-*********-storage-bucket --service-account-key-file /opt/sftp-gcs/keys/developer-1*********.json --port=2223 --public-key-file=./keys/id_rsa.pub
2021-08-19T19:20:26.907Z info: [sftp-gcs] ****************************************
2021-08-19T19:20:26.932Z info: [sftp-gcs] *** Google Cloud Storage SFTP Server ***
2021-08-19T19:20:26.933Z info: [sftp-gcs] ****************************************
2021-08-19T19:20:26.933Z info: [sftp-gcs] Using bucket: gs://developer-1-cdp-customercloud-adobe-storage-bucket
2021-08-19T19:20:26.934Z info: [sftp-gcs] Listening on port 2223
2021-08-19T19:20:26.934Z info: [sftp-gcs] Username: Not set
2021-08-19T19:20:26.934Z info: [sftp-gcs] Password: Not set
2021-08-19T19:20:26.934Z info: [sftp-gcs] Public key file: ./keys/id_rsa.pub
2021-08-19T19:20:26.934Z info: [sftp-gcs] Service account key file: /opt/sftp-gcs/keys/developer-1***********.json
(node:25465) UnhandledPromiseRejectionWarning: Error: 7 PERMISSION_DENIED: The caller does not have permission
    at Object.callErrorFromStatus (/opt/sftp-gcs/node_modules/@grpc/grpc-js/build/src/call.js:31:26)
    at Object.onReceiveStatus (/opt/sftp-gcs/node_modules/@grpc/grpc-js/build/src/client.js:176:52)
    at Object.onReceiveStatus (/opt/sftp-gcs/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:342:141)
    at Object.onReceiveStatus (/opt/sftp-gcs/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:305:181)
    at process.nextTick (/opt/sftp-gcs/node_modules/@grpc/grpc-js/build/src/call-stream.js:124:78)
    at process._tickCallback (internal/process/next_tick.js:61:11)

Answer 1 · 2021-08-19T20:27:03.000Z

Howdy my friend ... just a quick "ack" to say that I've seen the post. Does the error show up immediately or does it show up after you try and run some SFTP client command? Feel free to email me at kolban@google.com if you wish to share info privately while we debug.

Answer 2 · 2021-08-20T07:58:16.000Z

Good morning @kolban-google, and thank you for the quick response. It took me until about midnight local time, but I found the problem and wanted to share. It turns out the error was actually coming from the logging, not the bucket.
GoogleCloudPlatform/functions-framework-nodejs#159
I will write a PR for the repo documentation about needed permissions for the service account. Please keep this Issue open for now, and I will link my PR to it.

Answer 3 · 2021-08-20T13:19:41.000Z

TY sir. Appreciate the contribution. I'll look too and see if we can't have better error reporting ... maybe I can trap the PERMISSION_DENIED error in the code and provide a summary list of what may cause it.