Google cloud storage: The caller does not have permission

问题

I am trying to rotate key to access GCS bucket using service account and API. I have enabled all roles to my service accounts but still i am getting error as follows.

{
  "code" : 403,
  "errors" : [ {
    "domain" : "global",
    "message" : "The caller does not have permission",
    "reason" : "forbidden"
  } ],
  "message" : "The caller does not have permission",
  "status" : "PERMISSION_DENIED"
}

Here is my code:

public static void main(String[] args) {

        HttpTransport transport;
        try {
            transport = GoogleNetHttpTransport.newTrustedTransport();

        JsonFactory jsonFactory = new JacksonFactory();

        Iam iam = new Iam(transport,jsonFactory,new HttpRequestInitializer() {
            public void initialize(HttpRequest httpRequest) {
                httpRequest.setConnectTimeout(0);
                httpRequest.setReadTimeout(0);
            }
        });

        CreateServiceAccountKeyRequest createServiceAccountKeyRequest = new CreateServiceAccountKeyRequest();

        Create create = iam.projects().serviceAccounts().keys().create("projects/mysampleproject/serviceAccounts/myserviceaccount@newsampleproject-123465.iam.gserviceaccount.com", createServiceAccountKeyRequest);
        create.setKey("AIzaSyC_YlBg_UXEFgdsspbGLvyb-THrTCbbZA");
        ServiceAccountKey serviceAccountKey =create.execute();
        System.out.println(serviceAccountKey.getPrivateKeyData());
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

I tried from my same post. Please can anyone suggest me where i am wrong or how to achieve it in right way?

回答1:

"mysampleproject" needs to match "newsampleproject-123465" in "newsampleproject-123465.iam.gserviceaccount.com"

Also it's worth to try using Google Application Default Credentials

     HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();    
     JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

     // Authenticate using Google Application Default Credentials.
     GoogleCredential c= GoogleCredential.getApplicationDefault();

     Iam iam = new Iam(httpTransport, jsonFactory, credential);

来源：https://stackoverflow.com/questions/40122069/google-cloud-storage-the-caller-does-not-have-permission