google-cloud-python: Permissions problem trying to create a sink

While working on a system test for Sink.create, I’m running into a permissions problem:

>>> sink.create()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "gcloud/logging/sink.py", line 145, in create
    client.connection.api_request(method='PUT', path=self.path, data=data)
  File "gcloud/connection.py", line 343, in api_request
    error_info=method + ' ' + url)
gcloud.exceptions.Forbidden: 403 The caller does not have permission (PUT https://logging.googleapis.com/v2beta1/projects/citric-celerity-697/sinks/test-sink)

Sinks.create is documented to require one of https://www.googleapis.com/auth/logging.admin or https://www.googleapis.com/auth/cloud-platform.

My client is set up with all permissions for the logging API:

>>> client.connection._credentials._scopes
'https://www.googleapis.com/auth/logging.read https://www.googleapis.com/auth/logging.write https://www.googleapis.com/auth/logging.admin https://www.googleapis.com/auth/cloud-platform'

Do I have to do something in the developer control panel to enable sinks?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 25 (22 by maintainers)

Most upvoted comments

@tseaver Adding cloud-logs@google.com as Bucket ACL owner lets us successfully create the Sink in gcloud-ruby. I am closing our similar issue with the documentation PR referenced above.

+1
quartzmo on Mar 17, 2016
Read more comments on GitHub
← google-cloud-python: language: DefaultCredentialsError: Could not automatically determine credentials
google-cloud-python: pip install gcloud causes python to raise errors →