I get the following when I attempt to list the buckets for the account I'm logged in with:
$ gsutil ls -l gs://bucket
AccessDeniedException: 403 Forbidden
$ gcloud config list
Your active configuration is: [default]
[compute]
region = us-central1
zone = us-central1-b
[core]
account = [email protected]
disable_usage_reporting = True
project = bar-proj
.. which correctly reflects that I've logged in ( as I expected. )
I can see three buckets at cloud.google.com, and at least one ( let's call it console-bucket, as it was created directly from the console ) has at least these permissions:
project owners-[projectnumber] - owner
user [email protected] - owner
Another one ( lets call it gsutil-bucket ) has at least this permission:
project owners-[projectnumber] - owner
As you might guess, it was created using gsutil ( with the very same permissions that fail to list the bucket. )
It is possible that there could be a proxy issue, but I would find that strange because the gsutil mb command successfully created a bucket that I can see in the console.
Additionally, [email protected] has the role of owner to bar-project, which was configured and displays under project permissions.
... What am I missing?
What call is gsutil trying to make, to what IP, and what port? ( I expect that the port is 443, but if I'm wrong, and it's also not 80, that would explain why it's forbidden ... )
I put so much care into asking the question that I'm going to post the answer that I just found out, by accident.
The command I accidentally entered which told me this was: