Introduction
In this hands-on lab, we are going to demonstrate working with legacy scopes using the default Compute Engine service account on Google Compute Engine.
Solution
Begin by logging in to the GCP Console in an incognito (or other private browser window).
Right click on the Chrome Browser and choose New Incognito Window.
Copy/paste the bucket ID we will be using
- Click the three bars in the top-left to open the menu and click on IAM & admin.
- Verify that the Compute Engine default service account member has the Editor Role.
- Open the top-left menu and select Storage.
- Highlight the Name of the bucket that ends with
scope-laband copy it to another notepad.
First instance – Read Only Storage scope
Create a Compute Engine instance with a Read Only service account scope, and attempt to copy a file to it.
- Navigate to the Compute Engine section, using the menu in the top-left of the page.
- Click Create.
- In the Identity and API access section:
- Access scopes: Set access for each API
- Storage: Read Only
- Click Create
- After about 30 seconds, the Compute Engine instance will show in the VM instances list.
- Click SSH under the Connect section.
- View the Google Cloud SDK configuration:
gcloud config list - Attempt to read contents of the Cloud Storage bucket:
- Note: Be sure to replace
BUCKET_NAMEwith the bucket name we copied in Step 1.gsutil ls gs://BUCKET_NAME
- Attempt to write a file to the same Cloud Storage bucket (this operation will fail). Creating the file will work, but copying it over will not.
touch file1
gsutil cp file1 gs://BUCKET_NAME
- Close the SSH session tab.
exit
Second instance – Read Write Storage scope
In your second instance, attempt to copy a file to the cloud storage bucket. It should succeed.
- Click CREATE INSTANCE.
- In the Identity and API access section:
- Access scopes: Set access for each API
- Storage: Read Write
- Click Create
- After about 30 seconds, the Compute Engine instance will show in the VM instances list.
- Click SSH under the Connect section.
- Attempt to read contents of the Cloud Storage bucket:
Note: Be sure to replaceBUCKET_NAMEwith the bucket name we copied in Step 1.
gsutil ls gs://BUCKET_NAME
- Attempt to write a file to the same Cloud Storage bucket (this copy operation should now succeed).
touch file1
gsutil cp file1 gs://BUCKET_NAME
- Close the SSH session tab.
exit
- Now Go to the Cloud storage bucket, you will see the “file1” there.
Happy Learning !!!
I am sorting out relevant information about gate io recently, and I saw your article, and your creative ideas are of great help to me. However, I have doubts about some creative issues, can you answer them for me? I will continue to pay attention to your reply. Thanks.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Do you mind if I quote a couple of your articles as long asI provide credit and sources back to your website?My blog site is in the very same niche as yours and my users would certainly benefit from some of the information you present here.Please let me know if this okay with you. Thanks!