"Excon::Error::Forbidden" error when trying to save files to Google Cloud Storage with Fog and Carrierwave

Question

I'm using Carrierwave and Fog to store images on the cloud. I was previously using Amazon S3 for the actual storage, which worked with no issues. But I switched over to Google Cloud Storage, and now I'm getting the following error whenever I try to save anything:

Excon::Error::Forbidden in GalleriesController#create

Expected(200) <=> Actual(403 Forbidden) excon.error.response :body => "InvalidSecurityThe provided security credentials are not valid.Request was not signed or contained a malformed signature" :cookies => [ ] :headers => { "Alt-Svc" => "hq=\":443\"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=\":443\"; ma=2592000; v=\"43,42,39,38,35\"" "Content-Length" => "224" "Content-Type" => "application/xml; charset=UTF-8" "Date" => "Tue, 01 May 2018 22:03:23 GMT" "Server" => "UploadServer" "Vary" => "Origin" "X-GUploader-UploadID" => "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } :host => "[directory].storage.googleapis.com" :local_address => "xxx.xxx.x.xxx" :local_port => xxxxx :path => "/uploads%2Fimage.png" :port => 443 :reason_phrase => "Forbidden" :remote_ip => "xxx.xxx.x.xx" :status => 403 :status_line => "HTTP/1.1 403 Forbidden\r\n"

initializers/carrierwave.rb

CarrierWave.configure do |config|
  config.fog_provider = 'fog/google'
  config.fog_credentials = {
    provider:                         'Google',
    google_storage_access_key_id:     'GOOGxxxxxxxxxxx',
    google_storage_secret_access_key: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  }
  config.fog_directory = 'xxxxxxxxxxx'
  #config.fog_public     = false
  #config.fog_attributes = { cache_control: "public, max-age=#{365.day.to_i}" }
end

Uploader

class PhotoFileUploader < CarrierWave::Uploader::Base
  include CarrierWave::MiniMagick

  storage :fog

  def fix_exif_rotation
    manipulate! do |img|
      img.tap(&:auto_orient)
    end
  end

  process :fix_exif_rotation
  process :resize_to_fit => [800, 56000]

  version :thumb do
    process resize_to_fit: [300, 56000]
  end
end

Gemfile

gem "fog-google"
gem "google-api-client", "> 0.8.5", "< 0.9"
gem "mime-types"

It seems like there's a problem with the key_id or secret_key, but I just copied and pasted both from the Interoperability section on the Google Cloud Storage Settings page. And I have no idea how to test if they're valid. My request is from localhost, if that matters.

I've found a few similar errors on SO, but they're all related to Amazon, and they don't seem to apply to what I'm doing.

Anyone have any ideas for how I can debug this?

Answer 1

You should use a valid directory name in for_directory.

Replace config.fog_directory = '[directory]' with config.fog_directory = 'name_of_fog_folder'.

Hope this will help.

Answer 2

Looking at your error, it seems the host is the reason your call is forbidden. AFAIK, the host should be written as such within your configuration. I believe that the error message is not explicit enough.

Hope this helps.