Error 403: project-number@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden

Issue

This Content is from Stack Overflow. Question asked by My Car

When I deploy my code to Google Cloud Functions, I’m getting some errors. Here is the terminal:

Deploying function (may take a while - up to 2 minutes)...failed.
ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Build failed: could not resolve source: googleapi: Error 403: project-number@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden
com.google.net.rpc3.client.RpcClientException: <eye3 title='/ArgoAdminNoCloudAudit.CreateBuild, INVALID_ARGUMENT'/> APPLICATION_ERROR;google.devtools.cloudbuild.v1/ArgoAdminNoCloudAudit.CreateBuild;could not resolve source: googleapi: Error 403: project-number@cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden;AppErrorCode=3;StartTimeMs=1662193492422;unknown;ResFormat=AUTOMATIC;ServerTimeSec=0.134693421;LogBytes=256;Non-FailFast;EndUserCredsRequested;EffSecLevel=none;ReqFormat=AUTOMATIC;ReqID=d01f765418c35b2b;GlobalID=0;Server=[2002:a05:6610:e5b:b0:301:a983:723e]:4001

Some code snippet:

const task = {
  httpRequest: {
    httpMethod: "POST",
    url: "https://location-project.cloudfunctions.net/function-name",
  },
};
task.scheduleTime = {
  seconds: 60 + Date.now() / 1000,
};
const payload = {
  data: data,
};
if (payload) {
  task.httpRequest.body = Buffer.from(JSON.stringify(payload)).toString(
    "base64"
  );
  task.httpRequest.headers = {
    "Content-Type": "application/json",
  };
  task.httpRequest.oidcToken = {
    serviceAccountEmail:
      "tutorial-gcf@project.iam.gserviceaccount.com",
  };
}
const parent = client.queuePath(
  "project",
  "location",
  "queue"
);
const request = { parent: parent, task: task };
const [response] = await client.createTask(request);
console.log(`Created task ${response.name}`);

The roles of tutorial-gcf@project.iam.gserviceaccount.com:

Cloud Functions Invoker
Cloud Tasks Service Agent
Storage Object Viewer

Appreciate if someone can advise. Thank you in advance!



Solution

Check the Answers

This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

people found this article helpful. What about you?