0

I am trying to connect to Google Cloud Storage from a standalone python script using a service account. I am running this script from my local system. I have also activated the service account using gcloud auth and added "GOOGLE_APPLICATION_CREDENTIALS" to point to the client_secrets.json file.

The authentication does not work and fails with the following log:



    Uploading object..
    Traceback (most recent call last):
      File "quickstart.py", line 122, in 
        main(args.bucket, args.filename, args.reader, args.owner)
      File "quickstart.py", line 16, in main
        resp = upload_object(bucket, filename, readers, owners)
      File "quickstart.py", line 43, in upload_object
        service = create_service()
      File "quickstart.py", line 39, in create_service
        return discovery.build('storage', 'v1', http=http_auth)
      File "build/bdist.macosx-10.12-intel/egg/oauth2client/util.py", line 137, in positional_wrapper
      File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 214, in build
      File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 261, in _retrieve_discovery_doc
      File "build/bdist.macosx-10.12-intel/egg/oauth2client/transport.py", line 153, in new_request
      File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 765, in _refresh
      File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 797, in _do_refresh_request
      File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1609, in request
        (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
      File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1351, in _request
        (response, content) = self._conn_request(conn, request_uri, method, body, headers)
      File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1272, in _conn_request
        conn.connect()
      File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1036, in connect
        self.disable_ssl_certificate_validation, self.ca_certs)
      File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 80, in _ssl_wrap_socket
        cert_reqs=cert_reqs, ca_certs=ca_certs)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 911, in wrap_socket
        ciphers=ciphers)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 520, in __init__
        self._context.load_verify_locations(ca_certs)
    IOError: [Errno 13] Permission denied

Here is the code snipped I am trying to run to authenticate:



    import oauth2client
    from oauth2client.service_account import ServiceAccountCredentials
    from httplib2 import Http
    from googleapiclient import discovery
    import argparse
    import filecmp
    import json
    import tempfile
    import logging

    logging.basicConfig(filename='debug.log',level=logging.DEBUG)


    def main(bucket, filename, readers=[], owners=[]):
        print('Uploading object..')
        resp = upload_object(bucket, filename, readers, owners)
        print(json.dumps(resp, indent=2))


    def create_service():
        scopes = ['https://www.googleapis.com/auth/devstorage.read_write']
        credentials = ServiceAccountCredentials.from_json_keyfile_name('client_secrets.json', scopes)
        http_auth = credentials.authorize(Http())
        return discovery.build('storage', 'v1', http=http_auth)


    def upload_object(bucket, filename, readers, owners):
        service = create_service()

        # This is the request body as specified:
        # http://g.co/cloud/storage/docs/json_api/v1/objects/insert#request
        body = {
            'name': filename,
        }

        # If specified, create the access control objects and add them to the
        # request body
        if readers or owners:
            body['acl'] = []

        for r in readers:
            body['acl'].append({
                'entity': 'user-%s' % r,
                'role': 'READER',
                'email': r
            })
        for o in owners:
            body['acl'].append({
                'entity': 'user-%s' % o,
                'role': 'OWNER',
                'email': o
            })

        # Now insert them into the specified bucket as a media insertion.
        # http://g.co/dv/resources/api-libraries/documentation/storage/v1/python/latest/storage_v1.objects.html#insert
        with open(filename, 'rb') as f:
            req = service.objects().insert(
                bucket=bucket, body=body,
                # You can also just set media_body=filename, but for the sake of
                # demonstration, pass in the more generic file handle, which could
                # very well be a StringIO or similar.
                media_body=http.MediaIoBaseUpload(f, 'application/octet-stream'))
            resp = req.execute()

        return resp

I tried looking at multiple examples from google developers forum as well as other blogs. All show the same code. Not sure what is going wrong here.

Improve this question

2 Answers 2

Reset to default
1

From the error it looks like a simple permissions problem. Did you run the program with root priviges? If not then run the file from the command line with sudo at the beginning.

Note: IDLE doesn't run it with root.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

wow! I have recently switched to a MacBook from a windows laptop and have had multiple similar issues, I will keep that in mind from next time. thanks!
0

The last line of the traceback indicates that your Python script cannot access a resource on disk with the correct permissions.

IOError: [Errno 13] Permission denied

A simple fix is to run this script with sudo.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.