I'm trying to deploy a todo-list django app (https://gitlab.com/learning-python8/django-project) in google app engine I have this error message:
ERROR: (gcloud.app.deploy) INVALID_ARGUMENT: could not resolve source: googleapi: Error 403: 1026004585917#cloudbuild.gserviceaccount.com does not have storage.objects.get access to the Google Cloud Storage object., forbidden
Now the project is a way for me to study app deployment in GCP. The project is using an sqlite database for user along with it's todo data. If I understand the error right, It asks me to create a Google Cloud SQL. Would that be the correct process? I will be studying SQL to use online database for this project.
Related
New to GCP and use IAC for our Terraform. I've managed to build most of the initial organisation config in Terraform no problem with the exception of Cloud Identity and Organisation Policies. I'm using gcloud provided login credentials. Whenever I try to build for those two services I get this:
Error creating Group: googleapi: Error 403: Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the cloudidentity.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check https://cloud.google.com/apis/docs/system-parameters.
So in this case i'm using the Google Cloud SDK, so the error makes sense. However, the two options it presents don't work:
Setting a quota project makes no difference
I can't create a service account at the organisational level (and when I create one within a project it can't configure these organisational level constructs)
So how do I go about Terraforming these services?
Thanks.
We are getting this error on-and-off since 01/22 on Composer UI, the airflow dags seems to be running fine, the web UI however having the problem. Google cloud status page indicates there is no issue, changing browser or connection through other wifi / mobile hotspot doesn't help either. Not sure what's going on.
An internal server error occurred while authorizing your request. Error code 1
location: us-central1-c
version: composer-1.7.3-airflow-1.10.2
Cloud Composer is a managed workflow automation tool, so I don't think that you can address this issue directly.
For more context on what is happening, Cloud Composer architecture states that the Airflow Web Server is inside of a Tenant project, which is a isolated environment used for deploying managed services, this is for unified Cloud Identity and Access Management (IAM) access control and an additional layer of data security. Given that the error states that something is failing when authorizing, this issue may be related to the Cloud IAM service.
I recommend you to open a new case from the GCP console in the Support section, and ask for further assistance in this issue.
I started learning Google Cloud Platform recently. So, created a trial account. Can I deploy my learning web application to the VM I created and browse it from my local? I tried running gcloud app deploy from my vm but getting error...
== ERROR: (gcloud.app.deploy) PERMISSION_DENIED: The caller does not have permission==
VM (Compute Engine) and App engine are two different things, you can read more in this answer. gcloud app deploy is app engine utility and used to deploy your application to app engine.
If you have your code in compute engine and want to deploy to app engine, make sure service account associated with your vm has necessary scopes and permissions. Please check this answer.
On addition to that you can start with cloud shell for deploying your web application.
I am trying to upload a file to google cloud storage from a python script on google compute engine and get error below. Script runs fine as google cloud function. What right way to permission bucket ?
Adding new file
403 POST https://www.googleapis.com/upload/storage/v1/b/XXX/o?uploadType=multipart: ('Request failed with status code', 403, 'Expected on
e of', <HTTPStatus.OK: 200>)
You can have a look to this page
You can customize your service account per user this one per default.
However, some libraries perform API call like bucket.list or bucket.get and you have to authorize in addition of storage Object read/write role, the storage admin role. Or create a custom role.
I'm attempting to connect to a Google Cloud SQL instance via a MySQL client which requires me to connect via the Google Cloud proxy. I have followed all instructions on the Google Cloud Docs, yet after running the command to start the proxy (using correct INSTANCE_CONNECTION_NAME and PATH_TO_KEY_FILE), I receive the following error.
Command :
./cloud_sql_proxy -dir=/cloudsql -instances=INSTANCE_CONNECTION_NAME \ - credential_file=PATH_TO_KEY_FILE &
Error :
couldn't connect to "INSTANCE_CONNECTION_NAME": ensure that the account has access to "INSTANCE_CONNECTION_NAME" (and make sure there's no typo in that name). Error during createEphemeral for INSTANCE_CONNECTION_NAME: googleapi: Error 403: Access Not Configured. Cloud SQL Administration API has not been used in project 563584335869 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=563584335869 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry., accessNotConfigured
I have confirmed that the Google Cloud SQL API is enabled on the console for the project, but the weird thing is my project name is not 563584335869, and I have already set the correct project name via the GC CLI to no avail. So when visiting https://console.developers.google.com/apis/api/sqladmin.googleapis.com/overview?project=563584335869, I see:
The API "sqladmin.googleapis.com" doesn't exist or you don't have permission to access it
I also created a service account under the role Cloud SQL Client, and downloaded the private key which PATH_TO_KEY_FILE points to.
Can you confirm that you have enabled the "Cloud SQL API" (sqladmin.googleapis.com) and not "Cloud SQL" API? (sql-component.googleapis.com)?
Can you also give some more information as to your environment? Are you running this from your local machine or are you working in Cloud Shell?