Object change notifications on Google Cloud Platform
I'm following the example on the Google Cloud Platform documentation for Object Change Notifications.
The bucket is owned by one application (
application-1) and the App Engine app that should receive the notification is a separate application (
application-2). Service accounts for both applications are Storage Object Admins for the bucket.
However, I am unable to create a notification channel for to watch the bucket. When I try to use
gsutil to do so, an error is returned:
gsutil notification watchbucket https://application-2.appspot.com gs://bucket Watching bucket gs://bucket/ with application URL https://application-2.appspot.com ... ServiceException: 401 Unauthorized WebHook callback channel: https://appication-2.appspot.com
I have confirmed that the domain (
https://application-2.appspot.com) is verified using the Search Console verification process and is configured as a webhook notification domain for both projects.
I followed another set of service account instructions to configure
gsutil to use the service account, and that appears to have resolved the permissions error.
I created a new service account, though I used a JSON private key (the guide shows a p12 key being used). I then also had to assign Storage Legacy Bucket Owner permission to that service account for the particular bucket, re-authorize the webhook domain, and now watch notifications appear to be working.作者: Will Shepherdson 发布者: 2017 年 12 月 27 日