Abhijit Anand Abhijit Anand - 1 month ago 32
Python Question

Connecting to Google Cloud Storage using standalone Python script using service account

I am trying to connect to Google Cloud Storage from a standalone python script using a service account. I am running this script from my local system. I have also activated the service account using gcloud auth and added "GOOGLE_APPLICATION_CREDENTIALS" to point to the client_secrets.json file.

The authentication does not work and fails with the following log:

Uploading object..
Traceback (most recent call last):
File "quickstart.py", line 122, in
main(args.bucket, args.filename, args.reader, args.owner)
File "quickstart.py", line 16, in main
resp = upload_object(bucket, filename, readers, owners)
File "quickstart.py", line 43, in upload_object
service = create_service()
File "quickstart.py", line 39, in create_service
return discovery.build('storage', 'v1', http=http_auth)
File "build/bdist.macosx-10.12-intel/egg/oauth2client/util.py", line 137, in positional_wrapper
File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 214, in build
File "build/bdist.macosx-10.12-intel/egg/googleapiclient/discovery.py", line 261, in _retrieve_discovery_doc
File "build/bdist.macosx-10.12-intel/egg/oauth2client/transport.py", line 153, in new_request
File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 765, in _refresh
File "build/bdist.macosx-10.12-intel/egg/oauth2client/client.py", line 797, in _do_refresh_request
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1609, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1351, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1272, in _conn_request
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 1036, in connect
self.disable_ssl_certificate_validation, self.ca_certs)
File "/Library/Python/2.7/site-packages/httplib2-0.9.2-py2.7.egg/httplib2/__init__.py", line 80, in _ssl_wrap_socket
cert_reqs=cert_reqs, ca_certs=ca_certs)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 911, in wrap_socket
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 520, in __init__
IOError: [Errno 13] Permission denied

Here is the code snipped I am trying to run to authenticate:

import oauth2client
from oauth2client.service_account import ServiceAccountCredentials
from httplib2 import Http
from googleapiclient import discovery
import argparse
import filecmp
import json
import tempfile
import logging


def main(bucket, filename, readers=[], owners=[]):
print('Uploading object..')
resp = upload_object(bucket, filename, readers, owners)
print(json.dumps(resp, indent=2))

def create_service():
scopes = ['https://www.googleapis.com/auth/devstorage.read_write']
credentials = ServiceAccountCredentials.from_json_keyfile_name('client_secrets.json', scopes)
http_auth = credentials.authorize(Http())
return discovery.build('storage', 'v1', http=http_auth)

def upload_object(bucket, filename, readers, owners):
service = create_service()

# This is the request body as specified:
# http://g.co/cloud/storage/docs/json_api/v1/objects/insert#request
body = {
'name': filename,

# If specified, create the access control objects and add them to the
# request body
if readers or owners:
body['acl'] = []

for r in readers:
'entity': 'user-%s' % r,
'role': 'READER',
'email': r
for o in owners:
'entity': 'user-%s' % o,
'role': 'OWNER',
'email': o

# Now insert them into the specified bucket as a media insertion.
# http://g.co/dv/resources/api-libraries/documentation/storage/v1/python/latest/storage_v1.objects.html#insert
with open(filename, 'rb') as f:
req = service.objects().insert(
bucket=bucket, body=body,
# You can also just set media_body=filename, but for the sake of
# demonstration, pass in the more generic file handle, which could
# very well be a StringIO or similar.
media_body=http.MediaIoBaseUpload(f, 'application/octet-stream'))
resp = req.execute()

return resp

I tried looking at multiple examples from google developers forum as well as other blogs. All show the same code. Not sure what is going wrong here.


From the error it looks like a simple permissions problem. Did you run the program with root priviges? If not then run the file from the command line with sudo at the beginning.

Note: IDLE doesn't run it with root.