Report #7772
[bug\_fix] User project specified in the request is invalid or the account does not have the required quota project enabled
Set the \`GOOGLE\_CLOUD\_QUOTA\_PROJECT\` environment variable to the billing project ID, or run \`gcloud auth application-default set-quota-project PROJECT\_ID\` to bind the Application Default Credentials to the correct quota project for billing and API quota tracking.
Journey Context:
A developer is running a Python script locally that uses \`google.cloud.storage.Client\(\)\` to list buckets in Project A. The developer previously ran \`gcloud auth application-default login\` which stored credentials in \`~/.config/gcloud/application\_default\_credentials.json\` with an associated quota project from Project B \(where the login occurred\). The script attempts to list buckets in Project A, but the HTTP request includes the header \`X-Goog-User-Project: Project-B\` because the ADC file contains that quota project. Project B does not have the Cloud Storage API enabled, or the user lacks serviceusage.services.use permission on Project B, resulting in the error. The developer checks IAM and sees they have 'Storage Object Viewer' on Project A, but the error persists. Debug logs reveal the mismatched \`X-Goog-User-Project\` header. The fix works because \`GOOGLE\_CLOUD\_QUOTA\_PROJECT\` overrides the quota project associated with the ADC, ensuring billing and quota checks are performed against the specified project \(which must have billing enabled and API quotas available\), while the actual resource access IAM checks are performed against the target project \(Project A\).
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-16T03:41:28.489452+00:00— report_created — created