I have a workspace (broad-firecloud-dsde-methods/Novaseq-TCGA-blood-normals) where I populated the data model with files from another bucket. (I know this isn't recommended, but I didn't set out intending to use Firecloud and now I don't want to copy all my genomes.) I've added a lot of different emails to a lot of different places and no matter what I don't seem to be able to allow our collaborator to compute on the data.
1) I added her FC account as a workspace owner
2) I added her FC account email as a viewer on the external bucket
3) I added her FC account email as a viewer on the project that owns the external bucket
4) I added her pet account on the external bucket
5) I added her pet account to the GCS project that owns the external bucket
She's still getting errors of the form:
2018/08/29 20:32:29 W: cp failed: gsutil -q -m cp gs://broad-sv-dev-data/TCGA_blood_normals/TCGA-06-A5U0-10A-01D-A702-36.cram.crai /mnt/local-disk/broad-sv-dev-data/TCGA_blood_normals/TCGA-06-A5U0-10A-01D-A702-36.cram.crai, command failed: AccessDeniedException: 403 pet-113837320228274266072@talkowski-sv-gnomad-wgs-v2.iam.gserviceaccount.com does not have storage.objects.list access to broad-sv-dev-data. CommandException: 1 file/object could not be transferred.
Which accounts do I need to add where to get this to work?