1

I am trying to connect FTC's fmltc(https://github.com/FIRST-Tech-Challenge/fmltc) with Google Cloud and train the datasets for object recognition. I am able to login to fmltc and immediately I got the the error of: Error: iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket.'

I am new to Google Cloud. I googled the error and I am not able to solve the problem. I am also following the instructions of ReadMe.md from https://github.com/FIRST-Tech-Challenge/fmltc carefully.

I searched and found out "storage.buckets.get" is a permission. I could not find which other role can grant this permission since this service account is already "Computer Storage Admin". I don't know if any other role is related to "storage". Appreciate if anyone could give me a hint on this.

Secondly, I tried to create the bucket "XXXXXX.iam.gserviceaccount.com". I got the following:

A bucket name can only use dots (.) to form a valid domain name (e.g., example.com). If you haven't verified that you're authorized to use this domain, you'll have to do so to create this bucket.

The error makes me think I should not do this. Maybe I need to create a kind of Google Cloud Storage bucket that I can assign the permission of storage.buckets.get to. But then I don't know how a random bucket connects to "xxxx.iam.gserviceaccount.com" service account. Really appreciate it if anyone can share advice and opinion on this error.

Thank you!

Improve this question

1 Answer 1

Reset to default
0

There are several IAM roles with the permission storage.buckets.get:

  • Storage Legacy Bucket Reader
  • Storage Legacy Bucket Writer
  • Storage Legacy Bucket Owner
  • Storage Admin

IAM roles for Cloud Storage

You mention the role Computer Storage Admin, which does exist. Do you mean Storage Admin?

If you have the correct role and you receive an error about no permission, you have probably specified the wrong bucket name.

You mentioned the error:

Error: iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket.

iam.gserviceaccount.com is not a valid service account email address. Double check what you are specifying and the error message.

Improve this answer
3
  • The error starts with: xxxxx.iam.gserviceaccount.com does not have storage.buckets.get access to the Google Cloud Storage bucket. xxxx is a unique team name. I realized the 3 Storage Legacy Bucket xxxxx and Storage Admin are associated with storage.buckets.get. I found these four roles in Cloud Storage/bucket. I add the roles in the main project bucket, the same error still exists. I have couple other buckets, but I don't have the xxxxx.iam.gserviceaccount.com in the bucket. Shall I create a bucket for it and then assign the 4 roles for it? Commented Oct 11, 2022 at 15:47
  • I can only assign the roles of Storage Legacy Bucket.XXX in Cloud Storage/Buckets. And the error still exists. So I went to IAM & Admin, and I tried to assign "Permissions for project "XXX". Inside the Principal "xxxxx.iam.gserviceaccount.com" I couldn't find any Storage Legacy Bucket.XXX. Therefore I assigned the closest related to Storage role as "Computer Storage Admin". It is confusing and it seems the roles list in "IAM & Admin" is different in "Cloud Storage/Buckets". Appreciate any advise. Commented Oct 11, 2022 at 18:17
  • @Skippy 1) Double check the bucket name 2) Double check which credentials you are using. 3) Show me a screenshot (in your question) of "Computer Storage Admin". That role does not exist. Commented Oct 11, 2022 at 20:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.