J added all the roles.I still cannot get terraform to build the project.
googlecompute: Error creating instance: googleapi: Error 403: Required 'compute.zones.get' permission for 'pr
ojects/terraform-3/zones/us-central1', forbidden Build 'googlecompute'
errored: Error creating instance: googleapi: Error 403: Required
'compute.zones.get' permis sion for
'projects/terraform-3/zones/us-central1', forbidden
This sort of issue might arise if somehow your cloudservices robot gets removed as a project editor. My best guess is that in your case this is the issue.
This might happen due to API call which has SetIamPolicy that is missing cloudservices robot from the "roles/editor" bindings. SetIamPolicy is a straight PUT, it will override with whatever policy is provided in the request. You can get the list of IAM policies for your project with below command as given in this article.
gcloud projects get-iam-policy [project-id]
From the list, you can check whether below service account has the editor permission or not.
To fix the issue, you can grant the mentioned service account "Editor" permission and check whether that solves the issue or not.
[id]#cloudservices.gserviceaccount.com
Related
I am trying to establish an event subscription via zmq from my locally running sawtooth network. As soon as I start my event-subscriber container, I get the error "interrupted system call".
I am following the example from here https://github.com/danintel/sawtooth-cookiejar/tree/master/events/go
I have tried using validatorUrl as tcp://localhost:4004 tcp://validator-0:4004
note: validator-0 is my local container name for the validator
Also, have tried with the direct IP of the validator container tcp://<IP>:4004
zmqConnection.RecvMsgWithId() is throwing the error.
The error I am getting is exactly at this line https://github.com/danintel/sawtooth-cookiejar/blob/master/events/go/src/events_client.go#L105
Can someone please help for the probable reasons or the way I can debug this one?
I do not know, but one possible cause is this example was recently updated to a new version of Go, 1.11 (from 1.9) after your posting:
https://github.com/danintel/sawtooth-cookiejar/pull/9
Because of this error:
Loading input failed: unsupported version of go: exit status 2: flag provided but not defined: -compiled
The issue was related to inter-pod communication. So the issue was, my event subscriber client was in a completely different pod than the pod where the validator container was running. In that case, we need to used the FQDN of that pod. Refer to the link below.
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-hostname-and-subdomain-fields
I have a trouble to set up a GitLab's account to manage the tasks (issues) inside the PhpStorm from TOOLS > TASKS & CONTEXTS > CONFIGURE SERVERS
What is a TOKEN field ? Where do I find it, I've searched in my Profile on GitLab server but found nothing.
Only thing I have found and tried, is a Personal Access Tokens located here: https://gitlab.com/profile/personal_access_tokens
PERSONAL ACCESS TOKEN was already generated and used but it does not work.
=== UPDATED ===
Error log (I have replaced a real URL path with asterixes because of the privacy)
2017-09-25 19:59:41,023 [7154630] WARN - lij.tasks.impl.TaskManagerImpl - Cannot connect to GitlabRepository(URL='https://gitlab.com/***/***/issues')
com.intellij.tasks.impl.RequestFailedException: Request failed with HTTP error: 404 Not Found.
at com.intellij.tasks.impl.RequestFailedException.forStatusCode(RequestFailedException.java:16)
at com.intellij.tasks.impl.httpclient.TaskResponseUtil$GsonMultipleObjectsDeserializer.handleResponse(TaskResponseUtil.java:173)
at com.intellij.tasks.impl.httpclient.TaskResponseUtil$GsonMultipleObjectsDeserializer.handleResponse(TaskResponseUtil.java:151)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:222)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139)
at com.intellij.tasks.gitlab.GitlabRepository.fetchProjects(GitlabRepository.java:139)
at com.intellij.tasks.gitlab.GitlabRepository.ensureProjectsDiscovered(GitlabRepository.java:254)
at com.intellij.tasks.gitlab.GitlabRepository.fetchIssues(GitlabRepository.java:160)
at com.intellij.tasks.gitlab.GitlabRepository.getIssues(GitlabRepository.java:107)
at com.intellij.tasks.TaskRepository.getIssues(TaskRepository.java:168)
at com.intellij.tasks.impl.TaskManagerImpl.a(TaskManagerImpl.java:783)
at com.intellij.tasks.impl.TaskManagerImpl.b(TaskManagerImpl.java:742)
at com.intellij.tasks.impl.TaskManagerImpl.a(TaskManagerImpl.java:736)
at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:342)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
From what I gather, if you generated the token correctly on the Gitlab side (SETTINGS > ACCESS TOKENS > CREATE PERSONAL ACCESS TOKEN) and inserted it into the token field at TOOLS > TASKS & CONTEXTS > CONFIGURE SERVERS in PhPStorm, it could be a timeout problem.
If you go to SETTINGS(Ctrl+Alt+S) > TASKS and change the CONNECTION TIMEOUT parameter to, say, 20000ms it should work.
Please refer to this post if you have any doubts.
You need to create a new Personal Access Token here https://gitlab.com/profile/personal_access_tokens
and put it in that field.
Have you checked this:
https://confluence.jetbrains.com/display/PhpStorm/Integration+with+an+Issue+Tracking+System+in+PhpStorm
I've been trying to allow a program I am writing to access Google Drive Applications. I have gotten the client secrets information successfully, and have copy and pasted the example code and tried using it to successfully authenticate my program and use the google drive API.
However, when it gets to the line
Credential credential = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()).authorize("user");
I get this error. This error has been posted about before, and I've tried essentially every solution. I've elevated both my program and all the java.exe files to administrator and tried running the program and I still got this error.
The full error is:
Oct 03, 2015 11:48:39 AM com.google.api.client.util.store.FileDataStoreFactory setPermissionsToOwnerOnly
WARNING: unable to change permissions for everybody: D:\directory
Oct 03, 2015 11:48:39 AM com.google.api.client.util.store.FileDataStoreFactory setPermissionsToOwnerOnly
WARNING: unable to change permissions for owner: D:\directory
I've also tried overriding the setPermissionToOwnerOnly when I instantiated the FileDataStoreFactory but that failed as well.
I have tried the following solutions:
http://stackoverflow.com/questions/30634827/warning-unable-to-change-permissions-for-everybody
http://stackoverflow.com/questions/24382069/error-while-executing-google-prediction-api-command-line-sample
https://groups.google.com/forum/#!topic/google-analytics-data-export-api/-7BH7Z40gkw (where the client secret data was hard coded into the program, this is bad, I know, but it didn't work anyway)
I don't know what to do at this point. I am running my program off a flash drive, and I tried running it off my computer as well, but it still failed. I am using NetBeans 8.0.2.
The error comes up as a warning, so maybe there is some way to just ignore the warning and proceed? That could be a solution, but I've researched and I'm not sure if that's a possibility. I am running windows 10 if that matters.
I just ran the Drive REST API example Java Quickstart tutorial through Eclipse and is working fine. It does requires a bit of setup time if you have not install Gradle (also Eclipse Marketplace has a plugin for Gradle).
To your point, I did get the same warning messages. However, it happened for me during the load client secret in the authorize() method.
public static Credential authorize() throws IOException {
// Load client secrets.
InputStream in =
DriveQuickstart.class.getResourceAsStream("/client_secret.json");
GoogleClientSecrets clientSecrets =
GoogleClientSecrets.load(JSON_FACTORY, new InputStreamReader(in));
I suspect this is where your issue is happening. Since, I am not able to see that part from your code snippet, have a look at where your client_secret.json file is located.
Hope this helps. Good luck!
My Windows Store app keeps getting rejected from certification testing and I managed to reproduce a consequent crash when running appverif's LuaPriv-check. I get this output though:
AVRF: failed to create verifier log file \??\C:\Users\xx\AppVerifierLogs\yy.exe.0.dat (status C0000022)
Process Monitor tells me yy.exe got ACCESS DENIED on a CreateFile operation in this folder. I have set full access to all users (the user reported in the log was the same as the owner of the folder). I am running Visual Studio and Application Verifier as Administrator, but this does not seem to apply. What is the correct way of giving user xx full access to this folder on win8? I have attempted to use different log folders for appverify but with no success. Anyone else able to use this tool with Store-apps?
This post describes similar issues. Attempting to run AppVerif –sppath C:\MyLogsLocation as in the suggested workaround gives AVRF: Error: Incorrect image name: <
So does running appverif -enable handles locks -for myapp.exe -sppath c:\MyLogsLocation
It might be a bug in app verifier.
Have a look at these links:
http://social.technet.microsoft.com/Forums/en-US/5ed560c0-76af-401d-8150-8cd1e69d0b8a/why-app-verifier-can-not-create-log-file?forum=windowssdk
http://blogs.msdn.com/b/dougste/archive/2010/01/11/generating-application-verifier-logs-for-web-applications.aspx
0xc000022 is STATUS_ACCESS_DENIED. The process doesn't actually have write permissions, even if it looks like it should. This MSDN blog explains there is a bug in App Verifier so even if you specify -sppath the value won't be honoured unless you first delete the %WINDIR%\system32\config\AppVerifierLogs\ folder.
I am using Jenkins with the source control plugin name UCM ClearCase.
It tries to create a view and fails with the error:
[onlysourcecode] $ cleartool mkview -snapshot -stream ROLE_Test_Project_DevSG#\Vobname -tag SYSTEM_master_Test_ROLE_001_hudson view
Selected Server Storage Location "Views".
cleartool: Error: unable to set access control list for \\server\viewstor\NT+AUTHORITY\SYSTEM\view.1.vws: Access is denied.
cleartool: Error: protection on \\server\viewstor\NT+AUTHORITY\SYSTEM\view.1.vws is out-of-synch with identity.sd and groups.sd
cleartool: Error: Failed to set identity on view: Permission denied
cleartool: Error: unable to set access control list for \\server\viewstor\NT+AUTHORITY\SYSTEM\view.1.vws: Access is denied.
cleartool: Error: \\server\viewstor\NT+AUTHORITY\SYSTEM\view.1.vws: Permission denied
cleartool: Error: Unable to create view "\\server\viewstor\NT+AUTHORITY\SYSTEM\view.1.vws".
FATAL: UCM ClearCase failed. exit code=1
Which basically means it does not have permissions to create a view. Now my questions:
Any ideas on what exactly is the problem here?
What ID is Jenkins using internally. Meaning I have a user ID on the DOMAIN controller where I log in to the machine and run Jenkins. If Jenkins uses that, then why this error as I can create views.
If not, then what ID does it use and how do I get Jenkins to use my domain ID, or else maybe get the internal ID to be a part of the ClearCase AD group.
I guess this is run on a Windows box as a service. Thus it is not run as a domain user.
It appears that jenkins is trying to create a view storage (.vws) in the default location, based on the clearcase configuration on the system.
Perhaps you should choose the Advanced... option in UCM Clearcase and explicitly specify the location for your view storage. There are
Windows view storage directory
Additional mkview arguments
I run jenkins on a linux box where I have specified an explicit location for the .vws file in Additional mkview arguments.
To add to Raghuram's answer, using the system account (NT+AUTHORITY) is tricky, because even if you specify a local view storage,:
that account won't have a CLEARCASE_PRIMARY_GROUP associated with its profile
even if it did, it wouldn't be part of the group referenced by CLEARCASE_PRIMATY_GROUP
That means it won't be able to access the vob storage of the Vob it will need to access within the view.
Anyway, at the very least you should try and configure Slave Service to Run as Domain User.