I cannot enable the integration service on informatica 9.6.1. Error mentioned below.
1: The Service Integration service could not be enabled due to the Error .DOM [10079] .Cannot start service on any node specified for the service.
2: SPC 10013 Process for integration service failed to start. enter image description here
Related
I am trying to add an AppFlow connection to an existing GA4 account, GA4 is already up and running and even pushing data to BigQuery.
However, when I try to create the connection in Appflow to start a flow from GA4 to Redshift. I get this error message
An error occured while creating the connection ga4.
Error authenticating to connector: Failed to validate Connection while attempting "ValidateCredentials with CustomConnector" with connector failure The request failed because the service Source Google Analytics 4 returned the following error: Details: Google Analytics 4 returned error message - Request failed with Status Code: 403, Error Reason: Forbidden. (Service: null; Status Code: 400; Error Code: Client; Request ID: null; Proxy: null)
I have followed this documentation. https://docs.aws.amazon.com/appflow/latest/userguide/connectors-google-analytics-4.html
I was able to create a GA UA connection, but it used a slightly different OAuth Configuration.
My GCP App is set to Production and is External, my Google Analytics API is enabled and the OAuth Web Application creds are created, and the Authorized redirect URIs is set to https://us-east-1.console.aws.amazon.com/appflow/oauth as suggested by the documentation.
When I add the clientID and clientSecret to AppFlow's connection and click connect, I get a google login pop up prompt, and when I login in it asks me to allow amazon.com to access my data and pull data etc, which I do allow, then the pop up disappears and the above error pops up in AWS.
We had this issue and received this response from Amazon - after also enabling GA Admin API the connection worked
I would like to inform you that the user has to enable access to "Google Analytics API" as well as "Google Analytics ADMIN API" for successful connection through GA4 connector.
Therefore, I kindly request you to verify and enable both API's mentioned above if not done already.
I understand that the AWS documentation to setup GA4 with AppFlow only mentions enabling the "Google Analytics API" and not the "Google Analytics Admin API". Hence I will ask the internal team to get it updated. I apologize for the inconvenience you faced due to this issue.
I have a service running on AWS, and I want to publish the message via Pubsub to GCP, so I use the workload identity federation to achieve it. My teammate built a workload identity federation with guidance and generated a JSON file with the type of "external_account." I passed this file with topic id and project id to GCP and tried to publish the message. However, I got an error in service account access token generation.
"message did not publish successfully: message did not publish successfully:
rpc error: code = Unauthenticated desc = transport:
per-RPC creds failed due to error: oauth2/google: unable to generate access token:
Post \"https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/<topic_id>#<project_id>.iam.gserviceaccount.com:generateAccessToken\":
Get \"http://169.254.169.254/latest/meta-data/iam/security-credentials\":
dial tcp 169.254.169.254:80: i/o timeout”
I don't understand what it means. I can say there's a timeout issue, but why? Can someone help me, please? Please share any ideas you have, much appreciated!
--Update
My teammate created all the steps and I think the things like IAM role is created. I followed this document to verify if it work. And it returns the error above.
I have a service to service set up that I completed using the google cloud tutorial (https://cloud.google.com/run/docs/authenticating/service-to-service#nodejs)
Changed the cloudrun Service account to have roles/run.invoker (they both share the same role)
Make a request to get the access token: http://metadata/computeMetadata/v1/instance/service-accounts/default/identity?audience=https://XXXX-XXXX-XXXX-xx.a.run.app'
(failing) Use that access token to make a request at https://XXXX-XXXX-XXXX-xx.a.run.app/my-endpoint with the access token: axios.post('https://XXXX-XXXX-XXXX-xx.a.run.app/my-endpoint', {myData}, {headers: {Authorization: 'Bearer eyJhbGciOiJSUz.....'}})
However, on step 3, making the call to my service, I receive a 403 error, any thoughts on what I missed?
Note: I have tried deploying my invoked service with --allow-unauthenticated and without it. I am not using a custom domain, I am using the CloudRun created url.
PS: If I change the ingress from internal and load balancer to all it works, however I'm not sure if this is correct to do.
The HTTP 403 Forbidden error message when accessing your Cloud Run service means that your client is not authorized to invoke this service.
You have not granted the service account permission to call the receiving service. Your question states that you added roles/run.invoker but the error message indicates you did not complete this step correctly.
Go to the Google Cloud Console.
Select the receiving service (this is the Cloud Run service you are calling).
Click Show Info Panel in the top right corner to show the Permissions tab.
In the Add members field, enter the identity of the calling service.
Select the Cloud Run Invoker role from the Select a role drop-down menu.
Click Add.
Note: When requesting the Identity Token, do not specify the custom domain. Your question's wording is confusing on that point.
[UPDATE]
The OP has enabled internal and load balancer. This requires setting up Serverless VPC Access.
Connecting to a VPC network
Solution was to add a VPC Connector and route all traffic through it. I added this to the deploy script --vpc-egress all-traffic. Originally I had --vpc-egress private-ranges-only to connect to redis MemoryStore, however this was insufficient to connect to my other service (internal only ingress).
Credit to excellent insight from #JohnHanley and #GuillaumeBlaquiere
Interesting Note About NodeJS: My container wouldn't start when I switched the --vpc-egress to all-traffic, and I had no idea why because there were no logs. It turns out running node v16.2 caused some weird issues with --vpc-egress all-traffic that I couldn't debug, so downgrading to 14.7 allowed the container to start.
HTTP cloud scheduler job fails to trigger cloud run endpoint. Created a service account and its provided with cloud scheduler and cloud run admin roles. On cloud run permissions tab the account is given cloud run invoker permission. The cloud run endpoint can be triggered on console and returns successfully. The cloud scheduler job is getting created if no authentication is required and when it sends a request cloud run returns 403 HTTP response. Command used is
gcloud beta scheduler jobs create http *job_name* --schedule="* * * * *" --uri="https://*cloud-run-app-name-*cno4ptsl2q-ew.a.run.app" --http-method=GET --oidc-service-account-email="*project_id_number*#cloudservices.gserviceaccount.com"
On Console when this command is run invalid argument error occurs. When I do it on console creating job failed Unknown Error
OIDC
needs the url in the AUD param, make sure you have it.
best would be to use OAUTH
OAUTH
you need only the service account and scope https://www.googleapis.com/auth/cloud-platform
When you use OIDC authentication, you must specify "OIDC Audience" in your command if you didn't specify in URI.
Refer here to get more info about Cloud scheduler's OIDC audience flag.
It seems that your URI didn't include audience value.
Check attached link and retry creation job after add audience flag in your command.
This is my command which successed to create Cloud scheduler job
gcloud scheduler jobs create http deax-tweets-collection --schedule='* * * * *' \ --uri='https://job-name-cno4ptsl2q-ew.a.run.app' --http-method='GET' \ --oidc-service-account-email='XXXXX#project-id.iam.gserviceaccount.com' \ --oidc-token-audience='https://job-name-cno4ptsl2q-ew.a.run.app'
We are getting following error when we try to edit service provider: Could not add Service Provider. You might be entering a duplicate Service Provider
Steps Followed
Created service provider
Trying to update Inbound Authentication Configuration --> SAML2 Web SSO Configuration --> Configure
Update
We are using version wso2is-5.1.0.
Depending on the version of WSO2 you are using, this was a bug that infrequently came up when the entry for the SAML provider persisted after the Service Provider that used it was deleted. There's a URL that is not documented in the interface where you can fix this. After logging into the interface, go to this URL:
https://yourhost:yourport/carbon/sso-saml/manage_service_providers.jsp
and you should be able to delete the offending SAML provider and configure the service provider.