Need Help?

Search our documentation and community forum

Terra is a cloud-native platform for biomedical researchers to access data, run analysis tools, and collaborate.
Terra powers important scientific projects like FireCloud, AnVIL, and BioData Catalyst. Learn more.

Download from SRA tool inputs

Comments

13 comments

  • Avatar
    Jason Cerrato

    Hi Alex,

    Happy to help here. Can you share the workspace where you are seeing this issue with GROUP_FireCloud-Support@firecloud.org by clicking the Share button in your workspace (see the icon with the three dots at the top-right)?

    1. Add GROUP_FireCloud-Support@firecloud.org to the User email field and press Enter on your keyboard
    2. Click Save

    I'll be happy to take a closer look at how this is currently configured and come back with my recommendation for how to resolve it. Are you supplying a gs link to an external (outside of Terra) bucket you have access to? If so, you may need to give your proxy group address, found in your user profile, to the bucket and supply it with the appropriate permissions. You can read more about that here: https://support.terra.bio/hc/en-us/articles/360031023592-Understanding-and-setting-up-a-proxy-group

    Kind regards,

    Jason

    0
    Comment actions Permalink
  • Avatar
    Alex O

    Thanks Jason. Shared, and I'll try that.

    0
    Comment actions Permalink
  • Avatar
    Jason Cerrato

    Hi Alex,

    Let us know how it goes, and if you would like us to take a closer look at the workspace/configuration, please share a link for the workspace. As it is a group, we don't get individual notifications of being added.

    Many thanks,

    Jason

    0
    Comment actions Permalink
  • Avatar
    Alex O

    Sorry about that, just sent the link

    0
    Comment actions Permalink
  • Avatar
    Alex O

    It didn't work, even when I gave it a bucket of its own, and special permissions. Am I missing something?

     

    stderr: 

    AccessDeniedException: 403 pet-103033376147405381377@galaxy-anvil.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.
    AccessDeniedException: 403 pet-103033376147405381377@galaxy-anvil.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.
    AccessDeniedException: 403 pet-103033376147405381377@galaxy-anvil.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.
    0
    Comment actions Permalink
  • Avatar
    Jason Cerrato

    Hi Alex,

    To confirm, you added this address found in your profile to the bucket and gave it storage.objects.list access permissions, is that correct?

    Kind regards,
    Jason

    0
    Comment actions Permalink
  • Avatar
    Alex O

    Yes, as well as the pet account  from that error, just to be sure

    0
    Comment actions Permalink
  • Avatar
    Jason Cerrato

    Hi Alex,

    Thanks for confirming. Our engineer is seeing that the pet account is in your proxy group, so there shouldn't be issues as far as permissions. I'd like to take a closer look at these jobs. Can you point me to your workspace once again?

    Kind regards,

    Jason

    0
    Comment actions Permalink
  • Avatar
    Alex O

    Sent

    0
    Comment actions Permalink
  • Avatar
    Jason Cerrato

    Hi Alex,

    I was able to run this workflow successfully using a clone of the workspace, and one of my own buckets. I will investigate further to see if I can find out why the result is different.

    Kind regards,

    Jason

    0
    Comment actions Permalink
  • Avatar
    Jason Cerrato

    Hi Alex,

    I've confirmed I was able to get a successful run by ensuring my proxy group had these permissions. Can you share a screenshot of your permissions for your proxy group to show that you have given it the same? If you haven't, please provide these permissions on your bucket to your group and try running again to see if we get a different result.

    Kind regards,

    Jason

    0
    Comment actions Permalink
  • Avatar
    Alex O

    I had only given it the Creator role, not the Viewer role. Adding both fixed it right up, thanks!

    0
    Comment actions Permalink
  • Avatar
    Jason Cerrato

    Hi Alex,

    Perfect, glad to hear! If we can assist with anything else, please let us know.

    Kind regards,

    Jason

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk