Permission serviceusage.services.use required with userProject parameter included in requests by default

[guyarad]

Regression - some of the GCP projects I'm connecting to, fails with the following error:

Listing directory / failed:
user@email.com does not have serviceusage.services.use access to the Google Cloud project. Domain: global. Reason: forbidden. Forbidden. Please contact your web hosting service provider for assistance.

This is an issue introduced with 8.4.4, as downgrading to 8.4.3 disappears the issue.
I'm guessing that some of the GCP projects have a permission (serviceusage.services.use) not configured in my account.
However, this permission isn't needed for my ongoing work, so I don't see what is required for Cyberduck.

• OS: MacOS 10.15.7 (19H1824)

Log Files
cyberduck-bug.txt

[dkocher]

This is caused by b1dc48d as we now include the userProject query parameter in requests to allow access of buckets that have Requester Pays enabled.

[dkocher]

This can be disabled with setting the configuration option googlestorage.bucket.requesterpays to false.

[guyarad]

@dkocher While this solution indeed works, I'm quite sure it's not the right one. My user has access to the projects. Why would I get access denied? in the requests, the same project is being used for both, the project and and the userProject parameters. That said, a feature should be backward compatible.
There are several reasons this feature should be OFF by default, configurable per connection and visible in the UI:

1. It breaks existing behavior (and it's a minor update).
2. It requires significant configuration on the bucket side (permission, bucket setup etc.).
3. When using multiple projects, it's very plausible to have this feature on for some connections and off for others.
4. Because it's a feature with an impact on usability, and the need for having it per connection, I believe it should be exposed in the connection configuration UI

[dkocher]

The documentation does not imply special permissions are required when including userProject

Buckets that have Requester Pays disabled still accept requests that include a billing project, and charges are applied to the billing project supplied in the request. Consider any billing implications prior to including a billing project in all of your requests.

but it looks like we should include it only when requester pays option is set on the bucket.