google-cloud-python: gcloud.exceptions.Forbidden: 403 Missing or insufficient permissions.

Hi @dhermes

I am a new user to Google Cloud Platform. I have setup a Google VM Instance. I am facing an authentication issue on Local Machine while running the command.

python manage.py makemigrations

Can you please suggest steps to resolve the same ?

Error Trace:

  File "/constants.py", line 18, in <module>
    table_data = datastore_fetch(project_id, entity_kind)
  File "/datastore_helper.py", line 23, in datastore_fetch
    results = list(query.fetch())
  File "/venv/local/lib/python2.7/site-packages/gcloud/datastore/query.py", line 463, in __iter__
    self.next_page()
  File "/venv/local/lib/python2.7/site-packages/gcloud/datastore/query.py", line 434, in next_page
    transaction_id=transaction and transaction.id,
  File "/venv/local/lib/python2.7/site-packages/gcloud/datastore/connection.py", line 286, in run_query
    _datastore_pb2.RunQueryResponse)
  File "/venv/local/lib/python2.7/site-packages/gcloud/datastore/connection.py", line 124, in _rpc
    data=request_pb.SerializeToString())
  File "/venv/local/lib/python2.7/site-packages/gcloud/datastore/connection.py", line 98, in _request
    raise make_exception(headers, error_status.message, use_json=False)
gcloud.exceptions.Forbidden: 403 Missing or insufficient permissions.

Other Info:

gcloud auth list
Credentialed Accounts:
 - user_account@gmail.com ACTIVE
To set the active account, run:
    $ gcloud config set account `ACCOUNT`

gcloud config list
Your active configuration is: [default]

[core]
account = user_account@gmail.com
disable_usage_reporting = True
project = user_project

Also, Input:

from gcloud import datastore
project_id = settings.GOOGLE_PROJECT_ID
client = datastore.Client(project_id)

print(vars(client.connection.credentials))

Output:

{'scopes': set([]), 'revoke_uri': 'https://accounts.google.com/o/oauth2/revoke', 'access_token': None, 'token_uri': 'https://www.googleapis.com/oauth2/v4/token', 'token_info_uri': None, 'token_response': None, 'invalid': False, 'refresh_token': u'1/t-V_pZicXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'client_id': u'3XXXXXXXX9.apps.googleusercontent.com', 'id_token': None, 'client_secret': u'ZXXXXXXXXXXXXXXXXXXX2', 'token_expiry': None, 'store': None, 'user_agent': 'Python client library'}

Thanks,

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 27 (15 by maintainers)

Most upvoted comments

@naveensinghal GCE credentials are supported out of the box provided you have the correct scopes set. You can see which scopes are set just by using curl to talk to the GCE metadata server.

curl --header "Metadata-Flavor: Google" \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/?recursive=true
+1
dhermes on Oct 11, 2016

Do you have a JSON credentials file?

To run your code outside Google Cloud Platform, such as in your own private datacenter or in another public cloud, you should use Application Default Credentials with explicitly created service accounts:

Use the Google Cloud Platform Console to create a service account, and download its credentials JSON file to your servers. Make sure to keep the file secure. Set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of your downloaded credentials JSON file.

See: https://cloud.google.com/docs/authentication#getting_credentials_for_server-centric_flow

+1
daspecster on Oct 11, 2016
Read more comments on GitHub
← google-cloud-python: GAX API hangs during (second) 'publish'
google-cloud-python: Getting 401 errors after one hour of client usage →