BigQuery API Error: "The project ___ has not enabled BigQuery." - google-cloud-platform

I'm trying to use bigrquery from an interactive R session for the first time. I've installed the R bigrquery package and successfully established a connection. I've authenticated following a redirect from the interactive RStudio session to the web browser for login, so oauth seems to be working correctly. However, when I try to run a query, such as DBI::dbReadTable(con, "A549_raw_merged_TADs")[1:6, ], I get the error Error: The project variant-annotation has not enabled BigQuery. [invalid].
I am sure I need to enable something else in the project on the Google side, but I'm not sure what I need to enable, or how to do that from the web console interface.
Is this documented anywhere, or can anyone here give me instructions?
Note: I have confirmed that the BigQuery API has Activation status of Enabled via the console at https://console.cloud.google.com/apis/api/bigquery-json.googleapis.com/overview, so although my question is the same as Error processing job: Project has not enabled BigQuery, the issue appears to be different.
Additional information: when I check the BigQuery API status via the console link above, there's a notification that "To use this API, you may need credentials. Click 'Create credentials' to get started."
So it may be that my assumption that oauth seems to be working is not correct.

You can enable the BigQuery API with this command gcloud services enable bigquery.googleapis.com, but, since you mention it is already enabled, you may be pointing to a different project.
Feel free to ping me on a new thread if you require assistance on the new issue.

Related

Azure web app and Azure ad http error 500.79 Internal server error

I created my azure web-app and created app registration. and connected Azure AD to my web app. I used express security and I also used advance security with client ID and client secret. I know there is a similar question about this error. but it is not clear answer.
Most likely causes:
IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
Things you can try:
Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.
Check the event logs to see if any additional information was logged.
Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped to a managed handler.
Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.
From your description, I know that the problem is most likely due to the lack of web.config file.
Solution:
It is recommended to ensure that your project can run normally locally.
Continuous deployment is recommended
At present, the reason for your problem is the lack of web.config, which will be automatically created when using git deployment. As shown below.
For more details, you can check my answer in another post.
Azure Web App getting “You do not have permission to view this directory or page.” when launch app

Rstudio Server is Having Issues Deploying an APP

I have some r code and I am having some issues with automatic authentication to access the spreadsheets in a shiny dashboard.
I have set up the servers on a VM and have been able to make r-studio server and shiny-server work. Problem now lies within app deployment. Currently I have been able to do this in a user session. But the problem is not that I am getting redirected to google authentication and it is not allowing me to do that on the server side so the execution halts.
This is shared with all googleAnalyticsR users.
If making a lot of API calls, please:
visit: XXXXXXXXXXXXX
for instructions on setting your own Google Project
2019-05-05 02:55:52> Set API cache
2019-05-05 02:55:52> No environment argument found, looked in
GA_AUTH_FILE
2019-05-05 02:55:52> No httr_oauth_cache file found at sc.httr-
oauth - creating new file.
Error in value[[3L]](cond) :
Authentication options didn't match existing session token and
not interactive session
so unable to manually reauthenticate
Calls: local ... tryCatch -> tryCatchList -> tryCatchOne ->
<Anonymous>
Execution halted
The expected results would not showcase an Execution Halted.
Furthermore on the server itself it is not really allowing me to actually allow for such extensions. So I am curious if someone had any suggestions. I can also offer the code if needed for the actual app.R.
You need to upload the sc.httr-oauth (or whatever you have called it) authentication token that is generated locally to the script's working directory on the server, so the authentication can find it. You should also make sure the permissions for the file lets Shiny update it.
You are seeing an error where its looking for the file but it not being present, it then attempts to re-authenticate by launching a browser but as its not a interactive R session it will fail (you can't log in for the OAuth2 flow)
You can specify the authentication token location in your script via ga_auth("file_location")

Google Admin SDK - watch users with Let's Encrypt secured endpoint

I'm doing PoC of some GSuite custom solution which needs to listen to changes on users resource. I've created a GSuite account, linked it (and verified) with mytestdomain.com. It's also verified in API console. Basically followed instructions from https://developers.google.com/admin-sdk/directory/v1/guides/push
and fulfilled all requirements from there.
Unfortunately when I try to register my web hook I'm getting following error:
Watch request denied by backend [403]
Errors [
Message[Watch request denied by backend] Location[ - ] Reason[watchDenied] Domain[push]
]
I stuck with it and don't know where too look for more details about that error.
I'm using a certificate generated by Let's encrypt, but tested it with https://www.ssllabs.com/ssltest/ and got rank A. How to check if Google API treats Let's Encrypt as trusted CA?
Problem wasn't anyhow related to Let's Encrypt certificates. They're working just fine with Google's push notifications. I've contacted with Google support and with their help I've established that sending a request with showDeleted parameter set to true was a root cause of above problem.
Support guy claimed that documentation was copied from list method and that parameter cannot be used with watch method and they're going to update docs of watch method in API reference. (However it's still there).

Amazon SNS: "Platform credentials are invalid" when re-entering a GCM API key that previously worked

We have been using Amazon SNS to send Android push notifications since April this year.
Pushes have sent with no problem, however there has never been any record of calls to the Cloud Messaging API in the Cloud Console (seems odd?).
Today I created a new API key for the Static Map service (unrelated) and renamed our Cloud Messaging API key (only the name, the key is the same). From this point no pushes have been sent, and trying to create a new platform application (or update the existing one) in AWS results in:
Invalid parameter: Attributes Reason: Platform credentials are invalid (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID:)
I have also tried manually making calls to the https://gcm-http.googleapis.com/gcm/send endpoint using the key which results in Unauthorized (401).
Interestingly, I can make calls to the above endpoint using the key I created today, however they fail on MismatchSenderId.
I can't see a lot of the previous options that the Cloud Console had (server / browser keys, etc) within the API Manager?
For those who are facing this in 2017, here goes a tip:
1 - Go to your firebase console (https://console.firebase.google.com/) click on your project (which you want to use for push notifications)
2 - Click on the "three dots" on the right side of your project name and click on "Settings"
3 - Click on "CLOUD MESSAGING" on the header tabs
4 - Copy the "Server Key" (this one is bigger than your API key)
5 - Paste on the "API Key" input of the AWS Form for "Create platform application"
PS: Note that this is valid only for GCM Push Notifications.
API Key management for GCM has been moved to Firebase Console.
You can create a new Firebase Project (or import an existing cloud project) and you should obtain a new Server Key for Cloud Messaging.
see the updated documentation:
https://developers.google.com/cloud-messaging/android/client#create-an-api-project
and the stack overflow question: Where can I find the API KEY for Firebase Cloud Messaging?
if you still have problems please contact:
https://firebase.google.com/support/contact/troubleshooting
I have been getting the same error when creating Amazon SNS platform application:
Invalid parameter: Attributes Reason: Platform credentials are invalid (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID:)
After reaching out to the Firebase support as suggested by Diego, this is the response I got from Google:
Hope you're doing well and thanks for reaching out to us.
I'm not really familiar with Amazon SNS and looks like their integration is still with GCM, not FCM. If your app implementation is still GCM, then you need to migrate with FCM in order to use the server key in the console. See the instructions here.
Also, Firebase has upgraded the server keys to a new version. We'd recommend to use the server key instead of the legacy server key.
I hope this helps. Let me know if you have any other concerns. Thank you.
This indicates that we'll have to change our app code. We were able to make this work for another app in out organization by creating a new firebase project and using the Legacy server key with Amazon SNS.
At some point we'll definitely upgrade to using FCM but at the moment we have a tight deadline.
Update:
So finally what worked for us is using the 'Server Key' under Project Settings --> Cloud Messaging . The app still uses the GCM implementation. Amazon SNS is happy with this key and generated a GCM platform push application. The pushes work !
Still confused about why the 'Legacy Server Key' does not work for one app but is ok for the other. But I am not digging into it any further.
For those starting a new project and wondering why it is still invalid, make sure the application Key restriction is set to Android apps. In my case, it was at only set to None and when I switched to Android apps, it worked after 5 to 10min after updating it. You'll need to add your package name and SHA-1 certificate fingerprint.

Using DefaultCredentials and DefaultNetworkCredentials

We're having a hard time figuring how these credentials objects work. In fact, they may not work how we expected them to work. Here's an explanation of the current issue.
We got 2 servers that needs to talk with each other through webservices. The first one (let's call it Server01) has a Windows Service running as the NetworkService account. The other one Server02 has ReportingServices running with IIS 6.0. The Windows Service on Server01 is trying to use the Server02 ReportingServices WebService to generate reports and send them by email.
So, here's what we tried so far.
Setting the credentials at runtime (This works perfectly fine):
rs.Credentials = new NetworkCredentials("user", "pass", "domain");
Now, if we could use a generic user all would be fine, however... we are not allowed to. So, we are trying to use the DefaultCredetials or DefaultNetworkCredentials and pass it to the RS Webservice:
rs.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials
Or:
rs.Credentials = System.Net.CredentialCache.DefaultCredentials
Either way won't work. We're always getting 401 Unauthrorized from IIS. Now, what we know is that if we want to give access to a resource logged as NetworkService, we need to grant it to DOMAIN\MachineName$ (http://msdn.microsoft.com/en-us/library/ms998320.aspx):
Granting Access to a Remote SQL Server
If you are accessing a database on another server in the same domain (or in a trusted domain), the Network Service account's network credentials are used to authenticate to the database. The Network Service account's credentials are of the form DomainName\AspNetServer$, where DomainName is the domain of the ASP.NET server and AspNetServer is your Web server name.
For example, if your ASP.NET application runs on a server named SVR1 in the domain CONTOSO, the SQL Server sees a database access request from CONTOSO\SVR1$.
We assumed that granting access the same way with IIS would work. However, it does not. Or at least, something is not set properly for it to authenticate correctly.
So, here are some questions:
We've read about "Impersonating Users" somewhere, do we need to set this somewhere in the Windows Service ?
Is it possible to grant access to the NetworkService built-in account to a remote IIS server ?
Thanks for reading!
All details you need are included in this very old article
In short, when you find it confusing to troubleshoot issues like this, you should first review the technical details behind ASP.NET impersonation carefully.
Here are some things you could check out:
- set an SPN (Service Principal Name) for the reporting service; you can find good examples in google;
- Allow delegation (ClientCredentials.Windows.AllowImpersonationLevel)
Is the problem that you're failing to authenticate to IIS, or failing to authenticate to SSRS? The DOMAIN\MachineName$ account may need to be granted permission in SSRS to run the report you're trying to automate.
SSRS usually does a pretty good job of getting IIS configured correctly, so you shouldn't need to mess with those settings. I double-checked my installation (which is SSRS 2005, things may have worked differently in SSRS 2000 and you didn't say which version you're running), and it's set to use Windows authentication and has impersonation enabled. That means IIS should basically just be authenticating your credentials (validating a correct username/password), not authorizing (determining whether that user has permission to run the report in question). IIS then passes the credentials on to SSRS, which has its own settings for determining what accounts have permission to view reports.
Also, you can automate sending reports on a scheduled basis directly in SSRS, so you may not need the Windows service at all if your scheduling is fairly basic (i.e., daily, weekly, etc.).