Skip to content

Commit c56c4b9

Browse files
pjhamptonpjhampton
authored
Merge pull request #3050 from ClickHouse/pjhampton/public-gcs-buckets
[ClickPipes] Add GCS FAQ for public buckets
2 parents 703866d + ee0903b commit c56c4b9

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

docs/en/integrations/data-ingestion/clickpipes/object-storage.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,11 @@ Service Accounts for GCS aren't directly supported. HMAC (IAM) Credentials must
145145
The Service Account permissions attached to the HMAC credentials should be `storage.objects.list` and `storage.objects.get`.
146146

147147
## F.A.Q.
148+
148149
- **Does ClickPipes support GCS buckets prefixed with `gs://`?**
149150

150151
No. For interoprability reasons we ask you to replace your `gs://` bucket prefix with `https://storage.googleapis.com/`.
152+
153+
- **What permissions does a GCS public bucket require?**
154+
155+
`allUsers` requires appropriate role assignment. The `roles/storage.objectViewer` role must be granted at the bucket level. This role provides the `storage.objects.list` permission, which allows ClickPipes to list all objects in the bucket which is required for onboarding and ingestion. This role also includes the `storage.objects.get` permission, which is required to read or download individual objects in the bucket. See: [Google Cloud Access Control](https://cloud.google.com/storage/docs/access-control/iam-roles) for further information.

0 commit comments

Comments
 (0)