Wednesday, September 23, 2020

Writing Files to the Google Cloud Platform Storage using GO

 


In this post we will review the steps required to write files into the Google Cloud Platform (aka GCP) storage using a GO application.


The application itself is simple:


package main

import (
   "cloud.google.com/go/storage"
   "context"
   "fmt"
)

func main() {
   client, err := storage.NewClient(context.Background())
   if err != nil {
      panic(err)
   }
   bucket := client.Bucket("mybucket")
   object := bucket.Object("myfile")
   writer := object.NewWriter(context.Background())
   data := "this is my file content"
   bytes, err := writer.Write([]byte(data))
   if err != nil {
      panic(err)
   }
   fmt.Print("wrote %v bytes", bytes)
   err = writer.Close()
   if err != nil {
      panic(err)
   }
}



We create a storage client, and write a text data to the file myfile into the mybucket bucket.

Running this application fails with the following error:


could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.


This is since we need to create a service account, and to grant it permissions to this bucket.


To create a service account, open the GCP console, select "IAM & Admin", Service Accounts. Then click on add a new service account, and create it. In this example we create a service account named test-demo-write.





Click Create, Next, and Done.
This means that we do not grant any special permissions in this scope, as we will grant permissions to a specific bucket later.


Next we create a key that will be used for identification as this service account. Select the account, and click on Create Key. Choose JSON, and save the JSON key file locally as my-key.json.





To grant permissions to the bucket, we open the GCP console, Storage, Browser. Then we click on the 3 dots icon next to the related bucket name, and select Edit Bucket Permissions.




Fill in the service account email, and select the role for accessing the bucket. I have created my own role with the following permissions:

  • storage.objects.create
  • storage.objects.delete





Now we can set an environment variable named GOOGLE_APPLICATION_CREDENTIALS to path of the my-key.json, and we can rerun our application, this time successfully.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)