How to connect to Google Cloud Storage from Google Cloud Functions NodeJS

Question

I have the following code sample that receives a bufferedImage along with it's mimeType and then uploads it to Google Cloud Storage.

Everything works fine, but for some reason my Google Cloud Function is getting an 403 error from the Storage API.

What do i have to do so that my GC Function has access to GC Storage?

I couldn't find anything in the documentation that would show me how to do this.

const { Storage } = require('@google-cloud/storage');

// Creates a client
const storage = new Storage();

// Lists all buckets in the current project
const buckets = storage.getBuckets();

exports.uploadImage = (bucketName, fileName, imageBuffer, mimeType) => {
  return new Promise((resolve, reject) => {

    let bucket = storage.bucket(bucketName);

    let file = bucket.file(fileName);
    file.save(imageBuffer,
        {
            metadata: { contentType: `image/${mimeType}` },
        },
        ((error) => {
            error ? reject(error) : resolve()
        })
    );
  })
}

here is the error I'm getting

{"code":403,"errors":[{"domain":"global","reason":"forbidden","message":"[email protected] does not have storage.objects.create access to blog/e33f9c9d-65f0-4a7f-8332-29846f770e6d."}],"message":"[email protected] does not have storage.objects.create access to blog/e33f9c9d-65f0-4a7f-8332-29846f770e6d."}

Answer 1

A Cloud Function (CF) is executed by a specific service account (in your case [email protected]). From Runtime service account:

During function execution, Cloud Functions uses the service account [email protected] as an identity.

Since you're getting 403 error when accessing your buckets/files it means they aren't publicly accessible, so you need to give the above-mentioned service account the necessary access permission(s) (at least storage.objects.create, mentioned in the error message) according to the Access Control Option you selected and configured for your storage.