https://prefect.io logo
Join Slack
Powered by
Hi Guys, i hope this is the correct place to ask t...
# ask-community
p
Hi Guys, i hope this is the correct place to ask this question. I have an error when running my flow and this is my error message
Copy code
Failed to load and execute Flow's environment: Forbidden('GET <https://storage.googleapis.com/storage/v1/b/bonza-dev-files?projection=noAcl&prettyPrint=false>: Caller does not have storage.buckets.get access to the Google Cloud Storage bucket.')
Background: • Agent: Kubernetes Autopilot • Storage: Google Cloud Storage What i’ve done: 1. I have prepare a service account with 
Storage.Admin
role, i called it 
OLYMPUS_DEV_SA
2. When declaring the storage i have mention this
Copy code
storage = GCS(bucket="bonza-dev-files", project="bonza-dev", secrets=["OLYMPUS_DEV_SA"])
If it helps, i’ve attach the code to this thread Is there a way to debug this? 🙇
Copy code
import time
import random
import prefect
from prefect import task, Flow

from prefect.storage import GCS
from prefect.run_configs import KubernetesRun


@task
def sleep():
    t = random.randint(30,60)
    logger = prefect.context.get("logger")
    <http://logger.info|logger.info>("Sleeping for {} seconds -- START".format(t))
    time.sleep(t)
    <http://logger.info|logger.info>("Sleeping for {} seconds -- FINISH".format(t))

flow_name = "po-k8s-flow-deploy-from-local"
storage = GCS(bucket="bonza-dev-files", project="bonza-dev", secrets=["OLYMPUS_DEV_SA"])
run_config = KubernetesRun(cpu_limit=0.5, memory_limit="1G", labels=["client_po"])

with Flow(
    flow_name,
    run_config=run_config,
    storage=storage
) as flow:
    sleep1 = sleep()
    sleep2 = sleep()
    sleep3 = sleep()

    sleep3.set_upstream(sleep2)
    sleep3.set_upstream(sleep1)

flow.register(project_name="po-test")
m
Hello 👋 As I remember, you need to grant 
Storage Object Admin
role, instead of storage admin, then it should work (after you update secret with new service account key).
2 Views
Open in Slack
PreviousNext
Powered by