Not access data from Google Play #651
Comments
|
Is that bucket owned by you? If so, are you sure that particular service account (specified in |
|
Yep, the bucket and the app owned by one account. |
|
Hmm. Are you able to list buckets ? var gcloud = require('gcloud');
var storage = gcloud.storage({
projectId: '1xxxxxxxx',
keyFilename: './json_api_key.json'
});
storage.getBuckets(function(err, buckets, next) {
console.log('Buckets were: ', buckets);
}); |
|
The list is empty, the response status of 200. {
response: {
debugId: 1,
headers: {
expires: 'Wed, 10 Jun 2015 13:28:33 GMT',
date: 'Wed, 10 Jun 2015 13:28:33 GMT',
'cache-control': 'private, max-age=0, must-revalidate, no-transform',
vary: 'Origin, X-Origin',
'content-type': 'application/json; charset=UTF-8',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '1; mode=block',
'content-length': '31',
server: 'GSE',
'alternate-protocol': '443:quic,p=1',
connection: 'close'
},
statusCode: 200,
body: '{\n "kind": "storage#buckets"\n}\n'
}
}btw, APIs Explorer (https://cloud.google.com/storage/docs/json_api/v1/buckets/list) shows the same response, the request (https://cloud.google.com/storage/docs/json_api/v1/objects/list) generates a list of files. |
|
This really seems like an access problem for that specific service account... You're 100% certain that the project ID is correct (and owns that bucket)? And that the service account is in that project? What happens if you run |
|
After using the command "gcloud auth login" and comment out the keyFilename property, request responded with 200 status and brought the list of files. It turns out that is not authenticated through a "service_account". I doubled checked and even created another json key, but still won't work. |
|
Gotcha. Do you see the service account in the list on the permissions page? (https://console.developers.google.com/project/_/permissions) |
|
Of course. |
|
Err, that should probably look more like:
|
|
I just ran a quick test to double check this:
The hope was to see if there was some bug on Google's side where maybe they weren't granting access to the bucket if you created the credentials after the fact. It looks like this did exactly what it was supposed to do: I was able to see the bucket listing using the service account. Any other info you can provide to help us track down whether this was a bug or not would be super useful... but I'm out of ideas (outside of simple mistakes like using the wrong |
|
Oh, I have a new version of the console. |
|
We don't have account in Google Cloud Storage and we can't create a bucket :( |
|
This is weird. Just throwing out a couple ideas:
You should see a screen like:
Click the "Generate new JSON key" button and set
What do you mean you don't have an account in Google Cloud Storage? There is no such thing as a Google Cloud Storage account. There are Google accounts and Google Service Accounts. With those two things, and the right credentials, you should be all set to use this library. |
|
FWIW Cloud Storage did see a blip of 500's yesterday on https://status.cloud.google.com/ but, despite the overall vague-ness of the status report, it seems unrelated to the issue presented here. |
|
I re-generated the key: {
"private_key_id": "2xxxxxxxxxxxxxa",
"private_key": "-----BEGIN PRIVATE KEY-----\nBODY\n-----END PRIVATE KEY-----\n",
"client_email": "[email protected]",
"client_id": "1xxxxxx-xxxxxx.apps.googleusercontent.com",
"type": "service_account"
}And nothing has changed. All developers have a personal bucket (like pubsite_prod_rev_*) in the Cloud Storage, but do not have a full account if not buy it. |
|
Is the Cloud Storage API turned on ? https://console.developers.google.com/project/_/apiui/apis/library -> choose your project, then search for "Cloud Storage API" |
|
Have you enabled billing or started a free trial? You cannot use Google Cloud, including Storage, if you don't start the trial, have a credit on your account, or add a credit card to your account for billing. |
|
@jgeewax Of course. |
|
@ryanseys Yes, but I can use Google Cloud, if I'm Android Developer. |
|
That's interesting. So you didn't create the bucket yourself... In that case, can you look at the permissions on the bucket?
If you didn't create it yourself it's possible that your project doesn't have all the right access... You want to make sure your project is listed as an owner and reader in this screen:
|
|
Ahhh... You're given restricted access to that bucket, i.e. cannot create files in it and it's owned by Google and shared with you to get your ratings csv etc. Additionally, you have access to Google Cloud Storage but you cannot do anything with that project because its sole purpose is to provide you your ratings. Try to enable billing or start a trial and create a new project with Google Cloud, then you should be free to create as many buckets and files as you wish. |
|
That's fair, but still... shouldn't downloads not throw a content mismatch? |
|
That is a separate issue that should be addressed separately. |
|
@jgeewax I can't access the browser did not accept a trial. But I can read and download files through the browser: https://console.developers.google.com/storage/browser/pubsite_prod_rev_* I don't want to create an cloud storage account, but i want to get the files via gcloud-node, not using gsutil. :) |
|
OK wait... The issue is his service account does not have access. We're saying that that is expected because the bucket is shared with a specific Google account, not a project? |
|
@beshkenadze : If my previous comment is accurate, then it seems that Android is specifically limiting how you can access that data (that is, Android is saying "we'll put stuff here, and you can access it, and we won't make you pay, but that means you don't get all the features of Cloud Storage") |
|
@jgeewax If I don't have access to the bucket, then why login using gsutil or gcloud (console) authorization works? |
|
Well, I can login via the console and save the token. |
|
That's exactly my point. I think Android is sharing the bucket with you (ie, [email protected]) -- not your project. So you'd need a way to tell Android to share either with your entire project (described above) or with your specific service account (in the e-mail address field for your service account, ie If you want a service account to have access (which, again, I'm not even sure how you'd do that), you likely can't do this for free. I'm asking around to see what I can find, but I don't think this is going to result in the answer you want :( |
|
@beshkenadze : Any chance you can try adding your service account as a user in the Play Devconsole? That is, in the JSON keyfile you'll see an e-mail address... Can you try adding that e-mail to the list of users authorized to your Play account? |
|
@jgeewax Interesting idea, will definitely try! |
|
I'm afraid to jinx it, but seems it works. |
|
Cool -- Glad to hear it. This means your SA will have the same read-only access that you have. You still won't be able to configure notifications, but you can write your gcloud-node scripts in the normal way :) |
|
Yep 👍 |
|
Are you sure that you're not accidentally using the wrong credentials? The Play folks mentioned they're only syncing credentials once per day, so it's unlikely that the service account would have access yet. |
|
Folder with configs is empty, nowhere to take the keys: akira@akira-mbp ~/P/M/R/src> ls -l ~/.config/
total 0
drwxr-xr-x 5 akira staff 170 Aug 10 2014 Transmission Remote GUI
drwx------ 7 akira staff 238 May 26 13:11 configstore
drwx------ 6 akira staff 204 Jul 20 16:30 fish
drwxr-xr-x 3 akira staff 102 Jan 9 2015 robomongo |
|
Double check that your gcloud-node code ( |
|
Without the key file: With the key file: Now, I will remove the account from Google Play and check it again. |
|
Ha -- maybe they are .... misinformed about how often permissions get sync'd ? :-/ I'll ask around.. Thanks @beshkenadze ! |
|
If anything, I can give access to the personal account on GP during the test. |
|
Just give me the email of the service account and I will add it to itself with read access. |
|
Hi @beshkenadze, I'm getting the same issues as you got before. I'm trying to authenticate with gcloud auth login and use the generated json file on gcloud-node. In this case, what projectId have you used? Should I create a new project for this? Thanks in advance. |
|
@hugoduraes hey! You need to use the project_id for which you created the service account. |
|
@beshkenadze So, I create a service account, add its email address to the google play developer account with permissions to view reports, generate a JSON keyfile and use it to access the API? Is this correct? |
|
@hugoduraes Sounds right :) |
|
@beshkenadze Was able to fetch files for a specific bucket. Are you able to get all buckets for the service account? |
|
@hugoduraes I used a particular bucket, it was 'reviews'. |
|
Ok. |
* chore(main): release 3.0.3 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
fix: update proto definitions Source-Link: googleapis/synthtool@0a68e56 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:5b05f26103855c3a15433141389c478d1d3fe088fb5d4e3217c4793f6b3f245e Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/5e903fff-57bb-4395-bb94-8b4d1909dbf6/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@21f1470
refactor!: IPProtocol enum has been renamed to IPProtocolEnum samples: adds generated samples Release-As: v3.1.0
When requesting files from the bucket "pubsite_prod_rev_ххххх" answer is always "Forbidden" (status code 403).
Example code:
The text was updated successfully, but these errors were encountered: