storage.buckets().insert() for xyz.domain.com bucket not working

StackOverflow https://stackoverflow.com/questions/23413355

  •  13-07-2023
  •  | 
  •  

Question

I am using the GCS JSON API via Java and a Service Account. My code to insert objects, delete objects, and copy objects all works great. And I can successfully create new buckets with storage.buckets().insert() so long as the bucket name is NOT based on my domain name (i.e. creating bucket “454393-test-bucket” works, but creating bucket "test334.domain.com" does NOT work). Note that I CAN create domain name based buckets from the developer console when logged in as the project owner with no problem, and can also later insert/copy/delete objects from that bucket via the service account.

There must be something basic I am doing wrong.

Here is my code:

  Bucket newBucket = new Bucket().setName(bucketName);
  storage.buckets().insert(Utils.GAE_PROJECT_NAME, newBucket).execute();

Here is the error I get:

  Uncaught exception from servlet
  com.google.api.client.googleapis.json.GoogleJsonResponseException: 403
  {
    "code" : 403,
    "errors" : [ {
      "domain" : "global",
      "message" : "The bucket you tried to create is a domain name owned by another user.",
      "reason" : "forbidden"
    } ],
    "message" : "The bucket you tried to create is a domain name owned by another user."
  }
Was it helpful?

Solution

The account which verifies ownership of the bucket must be the same account that creates the bucket. If your account is the verified owner of your domain, your account must be used to create the bucket (and not a service account owned by a project owned by your account). When you are creating buckets from the developer console, you're using your own account, which has access.

Good news, though. You can add your service account to the list of owners of the domain, and it will gain this permission. On Webmaster Central, you can add and remove owners for domains.

  1. Go to https://www.google.com/webmasters/verification/home?hl=en
  2. Click on your domain
  3. Click "Add an owner"
  4. Put in the email address of the service account.

More on this is available in the Google Cloud Storage documentation: https://developers.google.com/storage/docs/bucketnaming#verification

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top