google-cloud-storage roles google-iam google-cloud-iam

Cannot query GCS bucket using StorageAdmin role with conditions

I have created a service account with a roles/storage.admin role on it with the following condition:

resource.name.startsWith(
  "//storage.googleapis.com/projects/_/buckets/rakibs-new-bucket"
)

However, when this service account tries to query anything in the bucket it says the following:

Error: Failed to get existing workspaces: querying Cloud Storage failed: googleapi: Error 403: [email protected] does not have storage.objects.list access to rakibs-new-bucket., forbidden

For reference: I followed this gcloud doc link to construct the resource name of the GCS bucket in the role condition.

Solution

Learned that the domain part was not necessary. Just ommitting the //storage.googleapis.com/ part worked.

resource.name.startsWith(
  "projects/_/buckets/rakibs-new-bucket"
)

Pyspark on GCP Dataproc - Partial reading of data for gzip encoded Cloud Storage files
Deploying an Angular app on Google Cloud with minimal costs
Restricting encrypt/decrypt permissions for a Cloud KMS key with CMEK and Cloud Storage
Firebase Storage and Access-Control-Allow-Origin
How to delete a image file from Google firebase Storage using python
Is there a simple way to host a JSON document you can read and update in Google Cloud Platform?
FTP to Google Storage
Uploading file with python returns Request failed with status code', 403, 'Expected one of', <HTTPStatus.OK: 200>
How to move/copy files from ADLS Containers to GCS Bucket?
Flutter Firebase Storage not woriking: no default bucket
Access google cloud storage bucket from other project using python
Convert paramiko.sftp_file.SFTPFile object to unicode
Translate a document from Cloud Storage to Cloud Storage by nodejs
Google Cloud Storage + Python : Any way to list obj in certain folder in GCS?
In firebase rules how to check in firestore that a record exists in cloudstorage
How to use a proxy with google cloud libraries
What is the mechanism of Terraform state locking when using Google Cloud Platform?
Error: error:1E08010C:DECODER routines::unsupported with Google auth library
How to know when a cloud storage trigger retries?
Least privilege principle to create files in a bucket
Google Cloud CDN json resource ETag missing from response headers
gcloud mistakes event trigger for storage trigger
ValueError: Bucket names must start and end with a number or letter
Google Cloud Storage get signedUrl from CDN npm
What roles are needed to download an object from a Google Storage Bucket
More Detailed Billing Information of GCS Buckets
How to check if file exists in Google Cloud Storage?
Allowing only specific types of objects(image/jpeg) to be transferred during GCP GCS transfer job creation
google.api_core.exceptions.InternalServerError: 500 Failed to process all the documents
How to Resolve Cyclic Dependency Between Google Storage Buckets in Terraform?