Please can you help me, I'm receiving this error when I'm trying to deploy a google cloud function:
HTTP Error: 400, Default service account 'project-name#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.
The command used to deploy is:
firebase deploy --only functions
A temporary solution is fine, but if you can help me to solve it permanently is better.
Thanks in advance.
In my case, the App Engine default service account was deleted. It looks like this: {project_id}#appspot.gserviceaccount.com
So I had to restore the service account like this:
You can now recover the deleted service accounts from https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/undelete
you have to get the UniqueID of the service account from https://console.cloud.google.com/home/activity
Source: https://stackoverflow.com/a/55277567/888881
The API explorer is an easy way to use the IAM API: https://developers.google.com/apis-explorer/#p/
I was struggling to resolve this issue, then I raised a case with Google.
here is a detailed article of my learnings :
https://medium.com/#ashirazee/http-error-400-default-service-account-appspot-gserviceaccount-com-accd178ea32a
Firstly navigate to Google Cloud Platform and view your service accounts.
try and find <project_id>#appspot.gserviceaccount.com' in your list of service accounts for the firebase project, it is linked to the App Engine.
if '#appspot.gserviceaccount.com' is missing you can not deploy anything(SEE EMAIL WITH GOOGLE BELOW), if it isn't, check and see if it's enabled, try disabling it and enabling it again.
#appspot.gserviceaccount.com is pre-installed by default, regardless of a paid account or not. try and recall if at any time you may have deleted it after or before deployment.
Now if you have for any reason deleted it over a period of more than 30 days than you can not retrieve it, and you must create a new firebase project. However, if it is within 30 days you can undelete it.
EMAIL FROM GOOGLE:
Email #1
"
Hello Ali
I am checking the logs of your project, unfortunately the service account was deleted on Ma, there is no chance to recover it nor recreate it
The only workaround available is to create a new project and deploy the service desired there. I know this could not be the best option for you nevertheless it is the way this works by design.
Do not hesitate to write back if you have more questions.
Cheers,"
Email #2,
"Hello Ali
I am glad to read that you have been able to deploy your functions successfully, unfortunately that service account cannot be recovered after 30 days of being deleted and that is the only solution. If you have other questions, please let us know by contacting us again through our support channel.
Cheers,"
lastly here is a helpful command line that will help you debug this, however, it won't help if there is no service account, it'll just highlight the obvious:
firebase deploy --only functions --debug
this was my error:
"HTTP Error: 400, Default service account '<project_id>#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Clo
ud Functions API), or specify a different account."
Following the error message, you could enable the API by console accessing this url and enable the api.
Or by gcloud command:
gcloud services --project <project_id> enable cloudfunctions.googleapis.com
As the other stated, sadly, you need to use the default service account.
If within the 30 days period, you can use this tutorial to find and undelete the service acc: Read this guide to get https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting_a_service_account
You have to enter the commands through the Google Cloud Console (one of the buttons will open a terminal on the right of the top blue app bar)
try to select Google Cloud Platform (GCP) resource location in Setting of Firebase. enter image description here
Related
I have added the role "Cloud Tasks Enqueuer" to my project-id#appspot.gserviceaccount.com service account (see first screenshot). However, when I try and check if the account has permission to call "cloudtasks.tasks.create" it says that the service account lacks the cloudtasks.enquerer role (second screenshot). What is going wrong?
(note: I am adding this role to try and solve my other question, creating Google Cloud Task in a firebase function)
Whoops, turned out that I had two projects with similar names, and I got confused. The firebase project was project-prod created through firebase, and the google cloud project was project created through google cloud.
Therefore, I granted permissions to the correct service account but for the wrong project. The debugger was working correctly!
So, I created an script on google sheets that, basically, selects a set of addresses on a sheet and uses Maps.newGeocoder.geocode() to get geocodes and calculate distances. It works wonderfully, no problems there. However, when I try to authenticate using Maps.setAuthentication(clientId, signingKey);, I just get an error.
I got my credentials from loging into https://console.cloud.google.com/, creating a random project and by going in "Create credentials". When I go into the credentials tab, I can select OAuth2.0 and see clientId and client secret key. I am using these to authenticate. Is it correct? What am I doing wrong? How the hell can I get the credentials? Thanks a lot!
The setAuthentication(clientId, signingKey) method enables the use of an externally established Google Maps APIs Premium Plan account, to leverage additional quota allowances. Your client ID and signing key can be obtained from the Google Enterprise Support Portal.
They are not the same as client ID and client secret key as explained here.
Note that this type of account is not longer available for new customers.
Here some helpful links:
Premium Plan Support
Premium Plan FAQ
I would like to load data to my db hosted on GKE, using cloud function (small ETL needs, Cloud function would be great for that case)
I'm working in the same region. my GKE has an internal load balancer exposing an gcloud internal IP.
the method called is working perfectly when it's from Appengine but when doing it with cloud function I have an connexion error : "can't find client at IP"
I would like to know if it is possible ?
if so, what would be the procedure ?
Many thanks !!
Gab
We just released this feature to Beta. You can get started by following our docs:
https://cloud.google.com/functions/docs/connecting-vpc https://cloud.google.com/appengine/docs/standard/python/connecting-vpc
https://cloud.google.com/vpc/docs/configure-serverless-vpc-access
This is not currently possible as of today.
https://issuetracker.google.com/issues/36859738
Thanks for your feedback.
You are totally right. At the moment the instances are only able to receive such requests via the external IP [1].
I have filed a feature request in your behalf so that this functionality might be considered for future deployments. I cannot guarantee this will be implemented or provide an E.T.A. Nevertheless, rest assured that your feedback is always seriously taken.
We also reached out to our Google Cloud representative who confirmed this was a highly requested feature that was being looked at but was unable to provide an ETA as when it would be released.
I get the following error while trying to create a google container cluster.
An unknown error has occurred in Compute Engine: "EXTERNAL: Google
Compute Engine: Required 'compute.zones.get' permission for
'projects/access-jobs/zones/europe-west2-c'". Error code: "18" RETRY
Can someone please help me out. I am new to google cloud platform
Based on the error message, it looks like you do not have the compute.zones.get permission in the access-jobs project. This permission is required to get information about a zone in GCE.
Required 'compute.zones.get' permission for
'projects/access-jobs/zones/europe-west2-c'"
Enabling the Google Container Engine API
You will need to enable the API. You can visit this URL which will ask you to choose a project and then wait for a few minutes before the API is enabled. After that, you will be able to create the Container Clusters.
IAM Roles and Missing permissions
If you're still getting this error even after enabling the API, you might actually have a permission issue.
You can look at the list of Compute Engine IAM roles to understand the list of permissions any given role has. The account you use to access Google Cloud Platform needs to be granted one of these roles which provides compute.zones.get permission. For creating Cloud Clusters (i.e. Google Container Engine (GKE) clusters), you most likely will need more permissions than just this one. You can look at GKE IAM roles to understand better which role would be most suitable. You can also look at the second option.
Use an account which has been granted project owner / project editor role, so that you can edit your project freely. You might have to check with your project owner/admin if you're not one to get this role granted just like option 1.
In the scenario of scripts that need authentication to run (run as service account, locked down sharing settings, etc) is there a way to authenticate as a Google user via an HTTP tool like cURL, UrlFetchApp, or even PowerShell scripts from Windows Server environments?
You are going to have to do a little leg work on this one.
Firstly, when you publish your apps script, make sure to change the "who has access to the app" to something like "only myself".
Then you need to see what happens when you try to hit that URL from an external service without authenticating. There may be some help from the error codes you are likely to receive.
I imagine you can then use the following documents to Authenticate for Google Services IN GENERAL. Then you will most likely have to pass a sessionID or Accesskey of some sort. I only have a brief understanding of OAuth, but I do imagine that you may be able to set up a more permanent connection between your other server and your particular Google Apps Script.
I hope this helps.
Jacob