EXPO - ‘exp fetch:ios:certs’ && 'exp: build:ios' - expo

I’m currently trying to deploy a new build with “sdkVersion”: “25.0.0”, however I’m having many issues.
I have an Admin account on the Apple Enterprise Program.
Installed exp -g correctly, did 'exp login', and my app.json file is configured this way:
{
"expo": {
"name": "AppName",
"version": "1.0.0",
"icon": "./app/assets/AppName.png",
"slug": "AppName",
"sdkVersion": "25.0.0",
"privacy": "unlisted",
"orientation": "portrait",
"splash": {
"image": "./app/assets/AppName.png",
"resizeMode": "cover"
},
"ios": {
"bundleIdentifier": "com.group.AppName"
},
"android": {
"package": "com.group.AppName"
}
}
}
When I try to do run exp build:ios I let Expo handle all credentials but in the end I get the following error:
[exp] Error while gathering & validating credentials
[exp] {}
[exp] Reason:You are not allowed to perform this operation. Please check with one of your Team Admins, or, if you need further assistance, please contact Apple Developer Program Support. https://developer.apple.com/support You are not allowed to perform this operation. Please check with one of your Team Admins, or, if you need further assistance, please contact Apple Developer Program Support. https://developer.apple.com/support
I am admin so I really don’t know what this could refer to.
If I try specifying my own p12 Dist and Push certificates then I get this kind of error:
[exp] Error while gathering & validating credentials
[exp] {}
[exp] Reason:No cert available to make provision profile against, raw:"Make sure you were able to make a certificate prior to this step"
And if I try running the command exp fetch:ios:certs I get the following error:
[exp] Retreiving iOS credentials for #community/AppName
[exp] Unable to fetch credentials for this project. Are you sure they exist?
I would greatly appreciate some guidance, I think I am doing something wrong but don’t know what it is.

Even though exp was correctly creating the missing distribution certificates and push certificates for me, it was somehow having a hard time with the provisioning profile. After numerous trials, what worked was to create my certificates and the provisioning profile. Then choose the 'I will provide all the credentials and files needed, Expo does limited validation' option in 'exp build:ios'.
Guides used to create the certificates:
Here for the distribution certificate p12
Here for the push notification certificate p12
Here for the mobileprovision file

‘exp build:ios’ has a flag --apple-enterprise-account that will make things as enterprise and you won’t get that Reason:You are not allowed to perform this operation. message.

Related

Unsure how to configure credentials for AWS Amplify cli user - ready to ditch Amplify

I have a react Amplify App. All I want to do is work on it, push the changes to amplify, etc. These are all standard and basic commands like amplify push.
The problem is that shortly after starting to work on my app ( a month or two ), I was no longer allowed to push, pull, or work on the app from the command line. There is no explanation, and the only error is this ...
An error occurred during the push operation: /
Access Denied
✅ Report saved: /var/folders/8j/db7_b0d90tq8hgpfcxrdlr400000gq/T/storygraf/report-1658279884644.zip
✔ Done
The logs created from the error show this.
error.json
{
"message": "Access Denied",
"code": "AccessDenied",
"region": null,
"time": "2022-07-20T01:20:01.876Z",
"requestId": "DRFVQWYWJAHWZ8JR",
"extendedRequestId": "hFfxnwUjbtG/yBPYG+GW3B+XfzgNiI7KBqZ1vLLwDqs/D9Qo+YfIc9dVOxqpMo8NKDtHlw3Uglk=",
"statusCode": 403,
"retryable": false,
"retryDelay": 60.622127086356855
}
I have two users in my .aws/credentials file. One is the default (which is my work account). The other is called "personal". I have tried to push with
amplify push
amplify push --profile default
amplify push --profile personal
It always results in the same.
I followed the procedure located here under the title "Create environment variables to assume the IAM role and verify access" and entered a new AWS_ACCESS_KEY_ID and a new AWS_SECRET_ACCESS_KEY. When I then run the command ...
aws sts get-caller-id
It returns the correct Arn. However, there is a AWS_SESSION_TOKEN variable that the docs say need to be set, and I have no idea what that is.
Running amplify push under this new profile still results in an error.
I have also tried
AWS_PROFILE=personal aws sts get-caller-identity
Again, this results in the correct settings, but the amplify push still fails for the same reasons.
At this point, i'm ready to drop it and move to something else. I've been debugging this for literally months now and it would be far easier to setup a standard react app on S3 and stand up my resources manually without dealing with this.
Any help is appreciated.
This is the same issue for me. There seems to be no way to reconfigure the CLI once its authentication method is set to profile. I'm trying to change it back to amplify studio and have not been able to crack the code on updating it. Documentation in this area is awful.
In the amplify folder there is a .config directory. There are three files:
local-aws-info.json
local-env-info.json
project-config.json
project-config.json is required, but the local-* files maintain state for your local configuration. Delete these and you can reinit the project and reauthenticate the amplify cli for the environment

Required 'compute.regions.get' permission for 'projects/$project_id/regions/us-central1

I'm pretty new on Google cloud, and I'm trying to use GCloud command line, and I faced the following problem
Error: Forbidden access to resources.
Raw response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Required 'compute.regions.get' permission for 'projects/$project_id/regions/us-central1'"
}
],
"code": 403,
"message": "Required 'compute.regions.get' permission for 'projects/$project_id/regions/us-central1'"
}
}
Can someone help?
Much appreciated
To troubleshoot your issue, please try following:
Where are you running the command: Cloud Shell, Local environment?
If it is local environment, try Cloud Shell instead.
Check that you are using the latest version of gcloud sdk 262.
Did you properly initialize gcloud?
Can you confirm that you have appropriate role to run the command, like editior/owner?
Check if you are using that same location for your products
If above steps don't work, can you share your complete gcloud command to have more context?
Oh, I see where the problem is! When I created the storage, I put the region as "Asia". When I configured it via gcloud init, I put it as "us-central1-a". The "Permission denied" means in this context, I have no permission to access another server region. It is misleading in terms of thinking out the cloud scope. However, the Pawel's answer is more comprehensive, and it is a very good start to lead you to the correct direction.

I'm getting an error creating a AWS AppSync Authenticated DataSource

I working through the Build On Serverless|S2 E4 video and I've gotten to the point of creating an authenticated HTTP datasource using the AWS CLI. I'm getting this error.
Parameter validation failed:
Unknown parameter in httpConfig: "authorizationConfig", must be one of: endpoint
I think I'm using the same information provided in the video, repository and gist, updated for my own aws account. It seems like it's some kind of formatting or missing information error, but, I'm just not seeing the problem.
When I remove the "authorizationConfig" property from the state-machine-datasource.json the command works.
I've reviewed the code against the information in the video as well as documentation and examples here and here provided by aws
This is the command I'm running.
aws appsync create-data-source --api-id {my app sync app id} --name ProcessBookingStateMachine
--type HTTP --http-config file://src/backend/booking/state-machine-datasource.json
--service-role-arn arn:aws:iam::{my account}:role/AppSyncProcessBookingState --profile default
This is my state-machine-datasource.json:
{
"endpoint": "https://states.us-east-2.amazonaws.com",
"authorizationConfig": {
"authorizationType": "AWS_IAM",
"awsIamConfig": {
"signingRegion": "us-east-2",
"signingServiceName": "states"
}
}
}
Thanks,
I needed to update my aws cli to the latest version. The authenticated http datasource is something fairly new I guess.

Deploy Google Cloud Function from Cloud Function

Solved/invalid - see below
I'm trying to deploy a Google Cloud Function from a Google Cloud Function on demand.
However, whatever I try, I get a 403 Forbidden:
HttpError 403 when requesting https://cloudfunctions.googleapis.com/v1/projects/MY_PROJECT/locations/MY_REGION/functions?alt=json returned "The caller does not have permission"
I ended up granting the cloud function service account Project Owner role to make sure it can do anything, yet still I get the same error.
Is this limited intentionally (for example to avoid fork bombs or something) or am I doing something wrong?
Has anyone been able to make this work?
For the record: I ran the same (Python) function locally with Flask using my own account and then it will deploy the new cloud function perfectly, so the code itself seems to be ok.
Update
Code snippet of how I'm trying to deploy the cloud function:
cf_client = discovery.build('cloudfunctions', 'v1')
location = "projects/{MYPROJECT}/locations/europe-west1"
request = {
"name": "projects/{MYPROJECT}/locations/europe-west1/functions/hopper--2376cd24d318cd2d42f000f4f1c31a8f",
"description": "Hopper hopper--2376cd24d318cd2d42f000f4f1c31a8f",
"entryPoint": "pubsub_trigger",
"runtime": "python37",
"availableMemoryMb": 256,
"timeout": "60s",
"sourceArchiveUrl": "gs://staging.{MYPROJECT}.appspot.com/deployment/hopper.zip",
"eventTrigger": {
"eventType": "providers/cloud.pubsub/eventTypes/topic.publish",
"resource": "projects/{MYPROJECT}/topics/hopper-test-input"
},
"environmentVariables": {
"HOPPER_ID": "hopper--2376cd24d318cd2d42f000f4f1c31a8f"
}
}
response = cf_client.projects() \
.locations() \
.functions() \
.create(location=location, body=req) \
.execute()
Update
I feel like such an idiot... it turns out that for some reason I deployed the master function in a different project then the project I gave permissions on. No wonder it didn't work.
The correct answer should be: check that everything is indeed running how/where you expect it to be. Everything was configured correctly and deploying a CF in a CF is not a problem. The project was incorrect, due to a different default project being set on the gcloud utility.

Error Code 413 encountered in Admin SDK Directory API (Users: patch)

I am a G Suite Super Admin. I have set up Google Single Sign On (SSO) for our AWS accounts inside our G Suite. As we have several AWS accounts, we need to run the "Users: patch" (https://developers.google.com/admin-sdk/directory/v1/reference/users/patch#try-it) to include other AWS accounts for Google Single Sign On.
While provisioning additional AWS accounts to Google Single Sign on, we encountered error "Code: 413" after running the above mentioned patch. Details below:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "uploadTooLarge",
"message": "Profile quota is exceeded.: Data is too large for "
}
],
"code": 413,
"message": "Profile quota is exceeded.: Data is too large for "
}
}
What could be the possible cause of this error? Are there any workaround for this? Else, are there other ways to provision multiple AWS accounts using Google Single Sign On?
Thank you in advance for your patience and assistance in this.
Notice what the error is saying. You're probably going way beyond the designated limit. Try using the solution from this SO post which is to:
choose a different SAML ldP. New limit was said to be somewhere
between 2087 - 2315 characters