Search code examples
javagoogle-cloud-platformgoogle-cloud-storagemicronautmicronautgcp

401 unauthorised while creating google storage bucket using Micronaut java

Micronaut documentation support for google cloud https://micronaut-projects.github.io/micronaut-gcp/2.0.x/guide/

Setting up GCP Support

implementation("io.micronaut.gcp:micronaut-gcp-common:2.0.2")

Setting the credential in application.yml

gcp:
  credentials:
    location: classpath:googleStorageKey.json

googleStorageKey.json is located on the same directory as application.yml file

The google service account file contains the below data

{
  "type": "service_account",
  "project_id": "fetebird",
  "private_key_id": "cf93ffffffjjhjyyuyu144842f20dc055763aa665",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEv--REDACTED--4XOs=\n-----END PRIVATE KEY-----\n",
  "client_email": "fetebirdstorage@fetebird.iam.gserviceaccount.com",
  "client_id": "106425305070351254286",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/fetebirdstorage%40fetebird.iam.gserviceaccount.com"
}

Here is the code I used to create the bucket with options

public Observable<Void> createBucketWithStorageClassAndLocation() {
        Storage storage = StorageOptions.newBuilder().setProjectId(googleUploadObjectConfiguration.projectId()).build().getService();
        StorageClass storageClass = StorageClass.COLDLINE;
        try {
            Bucket bucket =
                    storage.create(
                            BucketInfo.newBuilder(googleUploadObjectConfiguration.bucketName())
                                    .setStorageClass(storageClass)
                                    .setLocation(googleUploadObjectConfiguration.locationName())
                                    .build());
            LOG.info(String.format("Created bucket %s in %s with storage class %s", bucket.getName(), bucket.getLocation(), bucket.getStorageClass()));
        } catch (Exception ex) {
            LOG.error(ex.getMessage());
        }
        return Observable.empty();
    }

Reference - https://cloud.google.com/storage/docs/samples/storage-create-bucket-clss-location

Exception

401 Unauthorized
POST https://storage.googleapis.com/storage/v1/b?project=fetebird&projection=full

![enter image description here

Inside the Storage.options the credentials are null, that is the reason I am getting 401. It should pick the credential from the application.yml file location.

Where I am making mistake?

Followed the instruction from here https://cloud.google.com/docs/authentication/production#automatically

After exposing this command

export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/my-key.json"

Still not able to authenticate, I think I am missing something.

Service account permission enter image description here

gcloud projects add-iam-policy-binding --member=serviceAccount:fetebird-storage@fetebird.iam.gserviceaccount.com --role=roles/storage.admin fetebird

enter image description here

Solution

  • Try to configure correctly your IDE runtime environment

    • Edit your runtime config enter image description here

    • Then add your environment variable in the dedicated field

    enter image description here

    • And validate.

    Try again and let me know!