I would be very happy if you could help me.
My problem is after using AutoML Vision UI to train my machine
https://beta-dot-custom-vision.appspot.com/vision/project/select?error_code=MISSING_PERMISSIONS_VIEW_EXISTIENCE&project=hypnotic-surfer-211909
I would like to implement my custom model but do not know how to do that.
In detail, I would like to use the result of PREDICT tab, which is in AutoML Vision UI, as a function namely function A. After that, I have some code in C# which will call function A to use.
Following is what I tried:
In Google Cloud Platform Console, at (PROJECT_NAME)$ directory,
add request.json file (the content of this file was generated by AutoML Vision UI after training model)
run curl command
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
https://automl.googleapis.com/v1beta1/projects/MY_PROJECT_NAME/locations/us-central1/models/ICN1270506624001569882:predict -d #request.json
And here is the message that I got
your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the automl.googleapis.com. We recommend that most server application use service accounts instead. For more information about service accounts and how to use them in your appllication, see https://cloud.google.com/docs/authentication/.
status: PERMISSION_DENIED
Please kindly tell me what I should do.
Thanks & Best Regards,
Related
Use Case : Need to disable a google project using an API .
Also wanted to know whether a project number or project id will help in doing that.
From the Cloud billing API I was able to execute the following command :
curl -X GET
-H "Authorization: Bearer $(gcloud auth print-access-token)"
-H "x-goog-user-project: project-id"
"https://billingbudgets.googleapis.com/v1/billingAccounts/billing-account-id/budgets/budget-id"
I was able to get the project number, however needed to know how to use this project number to disable a project or unlink it from Billing
In this link
https://cloud.google.com/ai-platform/prediction/docs/reference/rest/v1/projects.models/list, there is a "try this API" section.
I have given my project details and clicked on execute, it is not returning the versions or models in my project. it is only giving 200 as the response. I have given ML Engine Admin and ML engine developer as the roles to the IAM. what additional configuration should we do?
It may not have anything to do with your question,
I use "Vertex AI", not "AI Platform".
I was able to get a list of models below.
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://us-central1-aiplatform.googleapis.com/v1/projects/my-project/locations/us-central1/models
https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.models/list
(I thought you wouldn't get it back with code 200 if it was a permission issue.)
The issue is not with the permissions, because if it was it wouldn't return 200 (HTTP is OK). Moreover, the roles that you have assigned havethe sufficient permissions to use that service, which is ml.models.list.
I have tested the Try this API section and it also gave me the 200 response without any model(s) on the response body. I went ahead and called the API directly and it succeeded on giving me the models and versions. You can use the following command:
curl -X GET -H "Authorization: Bearer "$(gcloud auth application-default print-access-token) https://ml.googleapis.com/v1/projects/<YOUR-PROJECT>/models
It seems to be something with the call that the Try this API section is doing, however the API seems to be working as expected.
Now I'm using google cloud functions under our company network policy(on GCP). The policy is to prevent from the external IP.
If I need to execute the function, I should get help from google scheduler or run my code on my local PC which SDK and auth login were installed on.
However, I want other users to use it on the web I'll develop.
So, I found a way by signing in Google end-user singin(?) as this LINK
I was able to get the id_token.But when I sent
curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME -H "Authorization: bearer {ID_TOKEN_FROM_SIGNIN}" on CLI, the result was
Your client does not have permission to the requested URL {MY-FUNCTIONS_URL}
However, when I tried it with curl https://REGION-PROJECT_ID.cloudfunctions.net/FUNCTION_NAME -H "Authorization: bearer $(gcloud auth print-identity-token)", the success result arrived.
The difference between two codes was that I used id_token from Google end-user singing or SDK configured the service account key.
Of course, I set the OAuth by inputting the login url on Google IAM.I'm not able to call the functions.
Is there any idea to help me?
My coding skills and familiarity with Google Cloud solutions are limited and I'm trying to consume a Machine Learning model from a chatbot build using the platform Chatfuel.
I've trained a Natural Language Machine learning model using Google NL and I wanted to use this code snippet provided in my model page:
curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
-H "Content-Type: application/json" \
https://automl.googleapis.com/v1/projects/123456/locations/us-central1/models/ABC123:predict \
-d #request.json
I've then tried to pass this information in Chatbot like this:
The problem is it looks like I need to pass a token (API key seems not possible for this API) and I don't see how from the Chatfuel interface I could obtain a token for each request and pass it in my post request.
Edit: I've seen this post and created a service account but I don't see how to pass the credentials to Chatfuel.
How can I pass Google API service account credential to Chatfuel?
You should make a service account with Google Cloud.
It should give you a JSON with an API key, which is used to generate a new token every hour or so. Using the Google API for whatever server side language you are using (or just using the native http requests), you use the service key (which in general is loaded into your server as a .json file) to fetch a new token every hour; OR you can use Google Apps Script, if they have Chatfuel available (which I'm not sure if they do) and get the token there, and send it to your own app every 30 minutes or so via a trigger.
But the main thing is: using your service API key, you make an HTTP request to a certain api URL (available on with instructions from another page from that link above) every hour or so to generate a new token.
From the docs, that URL appears to be:
POST https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/SA-4#PROJECT-ID.iam.gserviceaccount.com:generateAccessToken
just replace, "`
SA-4#PROJECT-ID.iam.gserviceaccount.com
`"
with your own service account name
That's about it, its how it works for all Google Cloud APIs
Hello I am using below rest api commamd to create a service account key in GCP. Running the command from cloud shell though not sure doing it correctly.
curl POST https://iam.googleapis.com/v1/projects/project_iD/serviceAccounts/serviceaccountID.iam.gserviceaccount.com/keys?key=key generated by API Key credentials
I am a service account admin but when I run this command in cloud shell I get below error. Idealy I have all access for service account still says list permisssion is required. Can anybody help?
curl: (6) Could not resolve host: POST { "error": { "code": 403, "message": "Permission iam.serviceAccountKeys.list is required to perform this operation on service account projects/pserviceaccountID#dev.iam.gserviceaccount.com.", "status": "PERMISSION_DENIED" } }
There are two parts to your error. The first:
curl: (6) Could not resolve host: POST
Is telling you that the curl command cannot look up the hostname "POST" because you omitted the -X parameter, the first part of your command should read:
curl -X POST
Next, the URL you have is not quite the right format, as there should be no URL parameters (in this case the ?key=key portion), as it is a POST request -- the parameters from the API would be included in the body of the request.
However, I suspect even in that case you will have a permission denied error, as curl will not manage the oauth authentication and authorization that is necessary for this request to work -- you're effectively appearing to the API as unauthenticated. I'd recommend in this case that you use one of the client libraries to do the request, or use the gcloud command directly instead of curl. These will both greatly simplify the management of the authentication.
There are examples in C#, Go, Node, Python and others in the documentation for the API itself, take a look here: https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys/create
The documentation for using gcloud to accomplish this is here: https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-gcloud
That said, if you really want to do this with curl from cloud shell (where you have an authenticated gcloud session) this is the sequence of commands you need:
ACCESS_TOKEN="$(gcloud auth print-access-token)"
curl -X POST --header "Authorization: Bearer ${ACCESS_TOKEN}" \
https://iam.googleapis.com/v1/projects/PROJECTID/serviceAccounts/SERVICEACCOUNTNAME#PROJECTID.iam.gserviceaccount.com/keys
If you aren't on a cloud shell machine, you need to make sure you have gcloud auth first:
gcloud auth login
It looks like your service account that's making the request doesn’t have the required permissions. You should either give the SA the required IAM roles described in [1], or you can use your own user by doing gcloud auth login user#email.com to make the call.
You’ll also need the Service Account Key Admin, as SA Admin doesn’t have iam.serviceAccountKeys.list [2].
[1] https://cloud.google.com/iam/docs/creating-managing-service-account-keys#required_permissions
[2] https://cloud.google.com/iam/docs/permissions-reference