0

I want to create a cloud storage bucket programatically using deployment manager, but the deployment fails with the following error:

ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1626165906845-5c6fd413930ca-1a833b6c-81671664]: errors:
- code: RESOURCE_ERROR
  location: /deployments/example-config/resources/storage-bucket
  message: '{"ResourceType":"storage.v1.bucket","ResourceErrorCode":"403","ResourceErrorMessage":{"code":403,"errors":[{"domain":"global","message":"[email protected]
    does not have storage.buckets.get access to the Google Cloud Storage bucket.","reason":"forbidden"}],"message":"[email protected]
    does not have storage.buckets.get access to the Google Cloud Storage bucket.","statusMessage":"Forbidden","requestPath":"https://storage.googleapis.com/storage/v1/b/storage-bucket","httpMethod":"GET","suggestion":"Consider
    granting permissions to [email protected]"}}'

However, I have added roles/storage-admin to the account mentioned in the error, and according to Policy Troubleshooter access is granted for storage.buckets.get API call:

enter image description here

This is the yaml file I use:

imports:
  - path: template.jinja

resources:
  - name: template
    type: template.jinja
    properties:
      storage:
        bucket: qa-bucket-68586

and this is the jinja template:

resources:
  - name: storage-bucket
    type: storage.v1.bucket
    properties:
      kind: storage#bucket
      name: {{ properties["storage"]["bucket"] }}
      location: EU
      projectNumber: {{ env["project_number"] }}
      storageClass: STANDARD
Improve this question
7
  • What happened after you granted the account storage.admin role ? Did the error change ?
    – Wojtek_B
    Jul 13, 2021 at 16:05
  • No, the error remained the same.
    – Carlos Rodriguez
    Jul 13, 2021 at 17:14
  • Is the bucket in a different project? Is the bucket name correct?
    – John Hanley
    Jul 13, 2021 at 19:24
  • Yes, project is the correct one and the name of the bucket is ok.
    – Carlos Rodriguez
    Jul 14, 2021 at 7:00
  • I added the smallest jinja and yaml files that reproduces the problem.
    – Carlos Rodriguez
    Jul 14, 2021 at 7:25

1 Answer 1

Reset to default
0

Based on your question I tried to reproduce your issue but failed - which means I could create storage bucket with DM.

I used more simple approach:

resources:
- type: storage.v1.bucket
  name: tb111
  properties:
    project: proj-name
    name: tb111-1

I wasn't using any variables to pass the project name so maybe it worked.

The result was:

wb@cloudshell:~ (proj-name)$ gcloud deployment-manager deployments create deploy-test111 --config b1.yaml
The fingerprint of the deployment is b'fcW0t5_5DD75iIGyHz='
Waiting for create [operation-1626272156399-fe30b8a9-47-53bbc8c4]...done.
Create operation operation-1626272156399-fe30b8a9-47-53bbc8c4 completed successfully.
NAME   TYPE               STATE      ERRORS  INTENT
tb111  storage.v1.bucket  COMPLETED  []

I can see & access it from the console UI.

Try for the start just "hardcoding" your project name in your jinja files or use mine for start and this should work.

Improve this answer
1
  • Thanks for the suggestion, Wojtek_B. After some trial and error I found the mistake: the problem was with name: storage-bucket. The name of the bucket must be globally unique and storage-bucket was already taken. I made the silly mistake also of having the name property twice (first one with storage-bucket and a second one with {{ properties["storage"]["bucket"] }}). I removed the second one and gave a unique number to the bucket and then it worked. Thanks!
    – Carlos Rodriguez
    Jul 15, 2021 at 12:25

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .