Error while creating service account in GCP via SDK - google-cloud-platform

I have been using Google's SDKs to perform API calls such as creating a service account, creating service account keys, get the storage buckets, etc.. Recently I'm unable to create a service account due to the below error.
Request:
curl --location --request POST 'https://iam.googleapis.com/v1/projects/myproject/serviceAccounts' \
--header 'Authorization: Bearer <<token>>' \
--header 'Accept-Encoding: gzip' \
--header 'User-Agent: my test Google-API-Java-Client'
c.g.a.c.g.j.GoogleJsonResponseException: 404 Not Found
{
"code" : 404,
"errors" : [ {
"domain" : "global",
"message" : "Not found; Gaia id not found for email xxxxx#myproject.iam.gserviceaccount.com",
"reason" : "notFound"
} ],
"message" : "Not found; Gaia id not found for email xxxxx#myproject.iam.gserviceaccount.com",
"status" : "NOT_FOUND"
}
Why would I require Gaia id while creating service account? Where can I find this id? Any help is appreciated!!

Did you ever remove the service account 'xxxxx#myproject.iam.gserviceaccount.com' which should be the default service account for IAM API, you can recover it within the 30days after the deletion. or just disable it and re-enable it , will recreate the default service account for you. Let me know if it resolved the issue.

It seems that your request needs to have a body
The request body contains data with the following structure:
{
"accountId": string,
"serviceAccount": {
object (ServiceAccount)
}
}
And it is missing in your command.
You can obtain more information in this documentation.
In your case it should be something like:
curl --request POST \
'https://iam.googleapis.com/v1/projects/my-little-project/serviceAccounts?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"accountId":"sa-test","serviceAccount":{"description":"sa-description-test","displayName":"sa-display-testonly"}}' \
--compressed
You can test this API directly in the following link
Also, I have found a similar error, in this stackoverflow case according to this answer this error could be generated if the APIs are not enabled.

Related

"Invalid param: not a Token account" when trying to obtain the balance of USDT account in Solana

I'm trying to get the balance of a random USDT account in Solana. I've tried several public gateways and hasn't successed. Here's one example:
curl --request POST \
--url https://solana-mainnet.g.alchemy.com/v2/demo \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"id": 1,
"jsonrpc": "2.0",
"method": "getTokenAccountBalance",
"params": [
"TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA"
]
}
'
===>
{"jsonrpc":"2.0","error":{"code":-32602,"message":"Invalid param: not a Token account"},"id":1}
Why is it "not a token account"? What's the matter?
Here's an account - https://solscan.io/account/TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA
update 1
this address won't work either, resulting in the same error:
5Xm6nU1Bi6UewCrhJQFk1CAV97ZJaRiFw4tFNhUbXy3u
TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA is the Token Program itself and not a token account. This is a token account:
https://solscan.io/account/2SYZWm9WeCXb7LBX7dqXgk1dfF5Xa7wJobDSLos8urXp

Invalid Credentials using Google Cloud Platform Buckets

We have a bucket in Google Cloud Platform to manage pictures.
I am trying to upload a picture to it using Curl.
Respective to the official documentation linked here, this is the Curl-command I used:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer A_STRING_SUPPOSED_TO_BE_A_KEY" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"
This is the answer we get:
{
"error": {
"code": 401,
"message": "Invalid Credentials",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"locationType": "header",
"location": "Authorization"
}
]
}
}
It seems our key is invalid, we are not sure what to use as Authorization key. Where can we find the OAUTH2.0-key required to make use of the Google Cloud Platform Bucket, do we need to generate it somewhere?
Edit:
We have generated a key using the OAuth 2.0-Playground, and it worked! But the key expires every 3000 seconds...
If you are already authenticated to Google using the gcloud sdk, you can get the key like this:
-H "Authorization: Bearer $(gcloud auth print-identity-token)"
So, using your example above, this should work:
curl -X POST --data-binary #cat.jpeg \
-H "Authorization: Bearer $(gcloud auth print-identity-token)" \
-H "Content-Type: image/jpeg" \
"https://storage.googleapis.com/upload/storage/v1/b/upload_zone/o?uploadType=media&name=cat"

Add new version of secret via REST

I would like to add a new version of a secret via GCP REST API.
Sadly the docs are pretty bland for REST and not even the URLs are spelled out.
I get a response for:
curl -H "authorization: Bearer $(gcloud auth print-access-token)" 'https://secretmanager.googleapis.com/v1beta1/projects/myproject/secrets/foo'
but only 404 for:
curl -H "authorization: Bearer $(gcloud auth print-access-token)" -H 'content-type: application/json' -d '{"payload":{"data":"foo"}}' 'https://secretmanager.googleapis.com/v1beta1/projects/myproject/secrets/foo/addVersion'
Also tried other permutations.
Can anyone tell me how to construct the REST call to add a new version?
Under the Adding a secret version section of the documentation, you can click on the "API" tab and see:
$ curl "https://secretmanager.googleapis.com/v1/projects/PROJECT_ID/secrets/SECRET_ID:addVersion" \
--request "POST" \
--header "authorization: Bearer $(gcloud auth print-access-token)" \
--header "content-type: application/json" \
--header "x-goog-user-project: project-id" \
--data "{\"payload\": {\"data\": \"${SECRET_DATA}\"}}"
Where:
PROJECT_ID is your GCP project ID
SECRET_ID is the name of the secret for which you want to add a version
SECRET_DATA is the base64-encoded secret.
If you pop out the API Explorer the start showing you the actual URL. So it is:
https://secretmanager.googleapis.com/v1beta1/projects/myproject/secrets/foo:addVersion

Why did my POST to AWS API Gateway failed?

I use POSTMAN to test my Cloudformation created APIs
POST https://6pppnxxxh.execute-api.eu-central-1.amazonaws.com/Prod/users
I got
{
"message": "Missing Authentication Token"
}
My prod stage
I doublechecked PROD Invoke URL.
How to solve this problem?
I tried with curl
curl --header "Content-Type: application/json" --request POST --data '{ "emailaddress" : "acj#rambler.ru,"first name" : "Aca","last name" : "Ljubascikic", "password" : "bbbac_96"}' https://6pppnxxxh.execute-api.eu-central-1.amazonaws.com/Prod/users
The same issue
{"message":"Missing Authentication Token"}
How to test from CLI?
According to your screenshot /Prod/users is a PUT method and you are using POST in your command. I would confirm that first.
Hope this helps.

GCP IoTCore won't parse payload using Gateways and HTTP bridge

Steps taken so far
Create a new key pair and use it for the gateway that is about to be created
Create a gateway, let's call it 'my_first_gateway'
Create a new device, let's call it 'gw_device_1'
Associate gw_device_1 with my_first_gateway
Works fine so far.
Now I want to use the HTTP bridge to send gw_device_1's state data to IoTCore via my gateway using my_first_gateway's private key, following this tutorial: https://cloud.google.com/iot/docs/how-tos/gateways/http-bridge#setting_device_state_through_the_gateway
Observation1: the URL in this tutorial seems malformatted, there is a missing double quote at the end of 'delegated_device_id':
curl -X POST -H 'authorization: Bearer GATEWAY_JWT' -H 'content-type: application/json' --data '{"binary_data": "DATA", "gateway_info": {"delegated_device_id: "device-id"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/{project-id}/locations/{cloud-region}/registries/{registry-id}/devices/{gateway-id}:setState'
When I am now replacing all placeholders and replace "DATA" with say "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0" I execute the following curl (the token is obviously not real):
curl -X POST -H 'authorization: Bearer GW_JWT_TOKEN' -H 'content-type: application/json' --data '{"binary_data": "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0=", "gateway_info": {"delegated_device_id": "gw_device_1"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/my_project_id/locations/europe-west1/registries/my_registry/devices/my_first_gateway:setState'
I receive this error:
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"binary_data\": Cannot find field.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Invalid JSON payload received. Unknown name \"binary_data\": Cannot find field."
}
]
}
]
}
}
The fun thing is: There is another 'endpoint' that is used to publish events to IoTCore. It has the same signature but instead of 'setState' it ends with 'publishEvent' (see: https://cloud.google.com/iot/docs/how-tos/gateways/http-bridge#publishing_the_devices_telemetry_events_through_the_gateway).
Executing the exact same request with this method works just fine:
curl -X POST -H 'authorization: Bearer GW_JWT_TOKEN' -H 'content-type: application/json' --data '{"binary_data": "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0=", "gateway_info": {"delegated_device_id": "gw_device_1"}}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/my_project_id/locations/europe-west1/registries/my_registry/devices/my_first_gateway:publishEvent'
Am I missing something?
Any help appreciated.
Actually, the curl that google provides is not correct.
The payload needs to be adapted a bit, the binary_data string needs to be wrapped in an object called 'state'
{ "state": { "binary_data": "ewogICJhUHJvcCI6ICJhVmFsdWUiCn0=" }, "gateway_info": {"delegated_device_id": "gw_device_1"}}
The curl then works as expected.