Open N-o-Z opened 3 weeks ago
Thanks for filing this.
From https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers I needed to add the roles/iam.serviceAccountTokenCreator
role in addition to bucket permissions.
First example here was also a useful reference: https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/service_account_access_token
Recently a user tried to use lakectl with pre-signed urls and encountered an error:
From the lakeFS logs we can see:
The user was following the GCP deployment guide We should add a section describing required permissions as we do for AWS