storage.objects.*
and storage.buckets.get
permissions are enabled. Otherwise our process will not be able to export the files. You will find below some details on why it needs these permissions.storage.objects.*
: We need permissions to read, write, and delete files. This permission is only for the target export bucket.storage.buckets.get
: We perform a get.bucket
operation as a first step to ensure that the bucket exists (before writing to it) and to get the bucket's metadata. The metadata is used to extract information like bucket location and the storageClass
(more information here) used to handle some operations in the bucket.