Google group access to persistent buckets

[jnywong]

Opening a new ticket to capture the question below from a ticket that will be closed

---

Thanks for the explanation Erik, I will capture this insight for our Product board.

Regarding cloud permissions, do you happen to know what the Google Group @sgibson91 mentioned above is for then? Here are the relevant infrastructure docs.

Originally posted by @jnywong in #4214 (comment)

[consideRatio]

https://infrastructure.2i2c.org/howto/features/buckets/#allowing-authenticated-access-to-buckets-from-outside-the-jupyterhub

It seems to be for this exact situation, I just wasn't aware - sorry for the confusion!

Looking at details, it seems that there is a google group setup for access to leap as well. I figure whats needed is to verify that the access using this group procedure works all the way - and what I did may bypass your ability to test it - because you were granted permissions in another way.

I think the task concretely is to tweak/verify a procedure to work against a bucket when being granted permissions via the procedure in the listed docs.

[jnywong]

No worries, I am glad we are getting clarity on this mechanism!

That's fine, I can add a dummy test account to the Google group to test this procedure again.

[jnywong]

We have established that serviceusage.services.use project permissions are required to allow application default credentials (ADC) to be recognized.

• @consideRatio to update the Infrastructure Docs with note on serviceusage.services.use

[jnywong]

Two issues opened from this work:

• Update documentation about GCP bucket access via google groups to include granting permissions to incurr cost #4318
• Identify and fix existing setups of access GCP buckets via google groups #4319

Closing this as complete.