Use Case : Need to disable a google project using an API .
Also wanted to know whether a project number or project id will help in doing that.
From the Cloud billing API I was able to execute the following command :
curl -X GET
-H "Authorization: Bearer $(gcloud auth print-access-token)"
-H "x-goog-user-project: project-id"
"https://billingbudgets.googleapis.com/v1/billingAccounts/billing-account-id/budgets/budget-id"
I was able to get the project number, however needed to know how to use this project number to disable a project or unlink it from Billing
Related
In this link
https://cloud.google.com/ai-platform/prediction/docs/reference/rest/v1/projects.models/list, there is a "try this API" section.
I have given my project details and clicked on execute, it is not returning the versions or models in my project. it is only giving 200 as the response. I have given ML Engine Admin and ML engine developer as the roles to the IAM. what additional configuration should we do?
It may not have anything to do with your question,
I use "Vertex AI", not "AI Platform".
I was able to get a list of models below.
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://us-central1-aiplatform.googleapis.com/v1/projects/my-project/locations/us-central1/models
https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.models/list
(I thought you wouldn't get it back with code 200 if it was a permission issue.)
The issue is not with the permissions, because if it was it wouldn't return 200 (HTTP is OK). Moreover, the roles that you have assigned havethe sufficient permissions to use that service, which is ml.models.list.
I have tested the Try this API section and it also gave me the 200 response without any model(s) on the response body. I went ahead and called the API directly and it succeeded on giving me the models and versions. You can use the following command:
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://ml.googleapis.com/v1/projects/<YOUR-PROJECT>/models
It seems to be something with the call that the Try this API section is doing, however the API seems to be working as expected.
Now I'm using google cloud functions under our company network policy(on GCP). The policy is to prevent from the external IP.
If I need to execute the function, I should get help from google scheduler or run my code on my local PC which SDK and auth login were installed on.
However, I want other users to use it on the web I'll develop.
So, I found a way by signing in Google end-user singin(?) as this LINK
I was able to get the id_token.But when I sent
curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME -H "Authorization: bearer {ID_TOKEN_FROM_SIGNIN}" on CLI, the result was
Your client does not have permission to the requested URL {MY-FUNCTIONS_URL}
However, when I tried it with curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME -H "Authorization: bearer $(gcloud auth print-identity-token)", the success result arrived.
The difference between two codes was that I used id_token from Google end-user singing or SDK configured the service account key.
Of course, I set the OAuth by inputting the login url on Google IAM.I'm not able to call the functions.
Is there any idea to help me?
My coding skills and familiarity with Google Cloud solutions are limited and I'm trying to consume a Machine Learning model from a chatbot build using the platform Chatfuel.
I've trained a Natural Language Machine learning model using Google NL and I wanted to use this code snippet provided in my model page:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
-H "Content-Type: application/json" \
https://automl.googleapis.com/v1/projects/123456/locations/us-central1/models/ABC123:predict \
-d #request.json
I've then tried to pass this information in Chatbot like this:
The problem is it looks like I need to pass a token (API key seems not possible for this API) and I don't see how from the Chatfuel interface I could obtain a token for each request and pass it in my post request.
Edit: I've seen this post and created a service account but I don't see how to pass the credentials to Chatfuel.
How can I pass Google API service account credential to Chatfuel?
You should make a service account with Google Cloud.
It should give you a JSON with an API key, which is used to generate a new token every hour or so. Using the Google API for whatever server side language you are using (or just using the native http requests), you use the service key (which in general is loaded into your server as a .json file) to fetch a new token every hour; OR you can use Google Apps Script, if they have Chatfuel available (which I'm not sure if they do) and get the token there, and send it to your own app every 30 minutes or so via a trigger.
But the main thing is: using your service API key, you make an HTTP request to a certain api URL (available on with instructions from another page from that link above) every hour or so to generate a new token.
From the docs, that URL appears to be:
POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/SA-4#PROJECT-ID.iam.gserviceaccount.com:generateAccessToken
just replace, "`
SA-4#PROJECT-ID.iam.gserviceaccount.com
`"
with your own service account name
That's about it, its how it works for all Google Cloud APIs
I would be very happy if you could help me.
My problem is after using AutoML Vision UI to train my machine
https://beta-dot-custom-vision.appspot.com/vision/project/select?error_code=MISSING_PERMISSIONS_VIEW_EXISTIENCE&project=hypnotic-surfer-211909
I would like to implement my custom model but do not know how to do that.
In detail, I would like to use the result of PREDICT tab, which is in AutoML Vision UI, as a function namely function A. After that, I have some code in C# which will call function A to use.
Following is what I tried:
In Google Cloud Platform Console, at (PROJECT_NAME)$ directory,
add request.json file (the content of this file was generated by AutoML Vision UI after training model)
run curl command
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
https://automl.googleapis.com/v1beta1/projects/MY_PROJECT_NAME/locations/us-central1/models/ICN1270506624001569882:predict -d #request.json
And here is the message that I got
your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the automl.googleapis.com. We recommend that most server application use service accounts instead. For more information about service accounts and how to use them in your appllication, see https://cloud.google.com/docs/authentication/.
status: PERMISSION_DENIED
Please kindly tell me what I should do.
Thanks & Best Regards,
Using wso2am-2.1.0 we'd like to create an API using the REST services, such as
/api/am/publisher/v0.11/apis
To use the services to search, create and publish an API the access token needs scope apim:api_view apim:api_createapim:api_publish
Seeing the publisher-api.yaml seems the full admin role is required to access these services.
We woudn't like to use the main admin user used by the services risking compromise of a user account with all privileges and mainly the admin user.
Assigning a different user to the admin role doesn't seem to work, tokens created don't hold necessary requested scopes (subsequence calls to the publisher's servicess causes 401 Unauthenticated request). Im I missing something?
It should work. I just did it and here is the output.
bhathiya#bhathiya-x1:/data/products/am/resources$ curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d #payload.json https://localhost:9443/client-registration/v0.11/register -k
{"clientId":"ryUqrib4UAiKtbEt8_HxadTcubYa","clientName":"admin_rest_api_publisher","callBackURL":"www.google.lk","clientSecret":"Q1sTqqd175da8fLaESY6z9h5nuca","isSaasApplication":true,"appOwner":"admin","jsonString":"{\"grant_types\":\"password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"admin_rest_api_publisher\"}"}
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 22:29:11
bhathiya#bhathiya-x1:/data/products/am/resources$ curl -k -d "grant_type=password&username=bhathiya&password=admins&scope=apim:api_view apim:api_create" -u ryUqrib4UAiKtbEt8_HxadTcubYa:Q1sTqqd175da8fLaESY6z9h5nuca https://localhost:8243/token
{"access_token":"1e3f7460-e186-3ded-b4d9-c093e1ceb9df","refresh_token":"be66fe42-2d34-3a34-8576-f7e24388be00","scope":"apim:api_create apim:api_view","token_type":"Bearer","expires_in":3600}
And you can also change roles in publisher-api.yaml.