I've been using Google Cloud endpoints recently with no issues on an old project id. Now I've created a new project id, but when it comes to deploying my old endpoint definitions (openapi.yaml), I keep on getting permission denied errors. Note that I've followed all the auth guides, and created the GKE cluster and deployed my docker containers successfully, but only creating the endpoints is failing.
These are the contents of the openapi.yaml:
type: google.api.Service
config_version: 3
name: myendpoints.endpoints.my-project-id.cloud.goog
title: Hello gRPC API
apis:
- name: helloworld.Greeter
The command I use to deploy this is:
gcloud service-management deploy openapi.yaml --log-http --verbosity=debug
The output of the verbose logs is just too much to print, but the important snippet is at the end:
HttpError: HttpError accessing <https://servicemanagement.googleapis.com/v1/services/myendpoints.endpoints.my-project-id.cloud.goog?alt=json>: response: <{'status': '403', 'content-length': '179', 'x-xss-protection': '1; mode=block', 'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked', 'vary': 'Origin, X-Origin, Referer', 'server': 'ESF', '-content-encoding': 'gzip', 'cache-control': 'private', 'date': 'Sun, 09 Apr 2017 22:55:53 GMT', 'x-frame-options': 'SAMEORIGIN', 'alt-svc': 'quic=":443"; ma=2592000; v="37,36,35"', 'content-type': 'application/json; charset=UTF-8'}>, content <{
"error": {
"code": 403,
"message": "Service 'myendpoints.endpoints.my-project-id.cloud.goog' not found or permission denied.",
"status": "PERMISSION_DENIED"
}
}
>
Please note that 'my-project-id' has been replaced in my commands, but just replaced here for illustration purposes.
Has anyone come across this issue before, and if so, how was it overcome?
Things I've tried:
This are the commands I run when swapping between projects:
> gcloud config set project <project-id>
> gcloud auth login
> gcloud auth application-default login
Again, creating any other resource works, it's just Google Cloud Endpoints failing with a 403.
The region I'm using is: "asia-northeast1-a", and I'm using the owner account to perform these tasks.
Well this was a strange issue to start with, and the solution seems to be more strange. Approx. 12 hours after I created the new project, it started to accept my requests to create a cloud endpoint.
I didn't really do anything to solve it. Not sure how or why, maybe there was another issue at play (on Google's side) ?
So far, I tried again with a new project and had the same issue so it seems that you can't immediately create new google cloud endpoints immediately after creating a project, but after 12+ hours after(?). Any explanations would be appreciated.
Related
Well I am having problems with the self-hosted gateway in an APIM.
I have followe this tutorials:
For create an Azure API Management service: https://learn.microsoft.com/en-us/azure/api-management/get-started-create-service-instance
For provisioning a self-hosted gateway: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-provision-self-hosted-gateway
For deploy it: https://learn.microsoft.com/en-us/azure/api-management/how-to-deploy-self-hosted-gateway-kubernetes
All go well and the self-hosted gateway is running, the LoadBalancer service is good and has an external IP... Even I have this green check:
However, when I visit the Gateway URL: https://apim-example.azure-api.net I got: { "statusCode": 404, "message": "Resource not found" } on the browser.
I dont know why, because I have a Hello world! API example deployed and asingned to the gateway and, if, insteal of make a GET on https://apim-example.azure-api.net/example/kenny, I make the GET using the public Load Balancer IP Of the self-hosted gateway (https://XX.XX.XX.XX/example/kenny) the API response a 200 OK.
Have anyone idea of how to solve this? A lot of thanks!
Following all the given Microsoft documentations, I have created an APIM Instance, Self-hosted Gateway in it and added the Kubernetes deployment in the Gateway:
Then I created the basic Http Trigger in the Azure Function App and imported it in the Azure APIM Instance by adding the Self-Hosted Gateway in the Settings of that API:
Note: For testing purpose, I have unchecked the "Subscription required" option.
However, when I visit the Gateway URL: https://apim-example.azure-api.netI got: { "statusCode": 404, "message": "Resource not found" } on the browser.
As given in this MS Doc, if we access the base URL without APIs, Response Status Code 404 will be displayed.
If API Name is passed to the Self-hosted gateway API of the APIM Instance, then the result is as expected:
I've changed my approach and turned to what worked earlier. I configured an API gateway to call the Google Cloud Functions and it called them with the appropriate permissions when I passed in an api key. I think it's erroring when trying to call the workflow because I didn't specify a resource. Not sure exactly though... It looks like the API key is working, but the OAuth is failing. My OAuth is configured with a fresh connection since I've made the workflow. It's authenticated on my end, I clicked my account in google and everything. I'm 99.99% sure the OAuth is configured correctly. When I called the GCP function with the API Gateway, I didn't have to use OAuth.
Is OAuth a requirement for the Workflows API? Are there any work arounds?
How to specify the params for the Workflow in the API Gateway config?
Named Credential:
Label GoogleCloudFunction
Name GoogleCloudFunction
URL https://workflowexecutions.googleapis.com
Hide Section - AuthenticationAuthentication
Certificate
Identity Type Named Principal
Authentication Protocol OAuth 2.0
Authentication Provider GoogleCloudAuth
Scope https://www.googleapis.com/auth/cloud-platform
Authentication Status Authenticated
Log from API Gateway:
httpRequest: {
latency: "0.039s"
protocol: "http"
requestMethod: "POST"
requestSize: "1269"
requestUrl: "/create-site-tracker-site?key=HIDDEN"
responseSize: "743"
status: 401
}
insertId: "48330ec2-7114-4270-b465-68ae6308bdc34850908905639612439#a1"
jsonPayload: {
api_key: "HIDDEN"
api_key_state: "VERIFIED"
api_version: "1.0.0"
http_status_code: 401
location: "us-central1"
log_message: "1.create_site_tracker_site_0s5865srg8pbr_apigateway_quick_hangout_329722_cloud_goog.CreateSiteFunction is called"
response_code_detail: "via_upstream"
}
API Config
# openapi2-functions.yaml
swagger: '2.0'
info:
title: create-site-tracker-site with auth
description: Create Site in Site Tracker using JSForce
version: 1.0.0
schemes:
- https
produces:
- application/json
paths:
/create-site-tracker-site:
post:
summary: Create Site
operationId: createSiteFunction
x-google-backend:
address: https://workflowexecutions.googleapis.com/v1/projects/us-central1-quick-hangout-329722/locations/us-central1/workflows/create-site-and-project/executions
security:
- api_key: []
responses:
'200':
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
Your HTTP request appears to include no "Authorization" header. Without this it is unlikely that you're call will succeed unless your Cloud Functions permit unauthenticated calls.
It's difficult to understand what you're doing because e.g. "works when I test it manually" is imprecise and provides little information about what you did. I assume (!?) you're using gcloud functions call which authenticates for you.
Please add more detail to your question include the commands that you tried and those that succeed and fail and include error messages.
The majority of Google's services are exposed as REST APIs and so you can invoke almost everything using simple HTTP commands.
Current work around is calling the workflow from a google cloud function, and then calling the function via API Gateway and passing a key. Gross but it works
I am completely new to WSO2 and I am facing the problem described below.
After deploying the API (composite application *.car file) I am unable to invoke the services of the defined endpoints from WSO2 ESB.
The REST API I am trying to invoke is found deployed on a local tomcat installation, and is located at:
http://localhost:8080/CustomerInfoRestService/customers/
To retrieve a json customer object I would simply add the customer id, like so:
http://localhost:8080/CustomerInfoRestService/customers/2
All the services operations (Get, POST, PUT, DELETE) are tested and invoked successfully. For testing I used the tool 'PostMan'.
I created an ESB project using the WSO2 Integration Studio.
First I defined an endpoint with a URI Template of:
http://localhost:8080/CustomerInfoRestService/customers/{uri.var.custId}
Then I defined a REST API. The properties of the API Resource are as follows:
URL-Style: URI_Template
URI-Template: /customers/{custId}
Methods: GET
In the In-Sequence I added a log mediator, having:
Log Category: INFO
Log Level: CUSTOM
and I defined its message as:
Property Name: message
Property value type: LITERAL
Property Value: Welcome to Customer Service
Directly next to the log mediator is a 'Send' mediator, and I included the defined endpoint above.
Then I deploy the composite application as: right-click -> Export Composite Application Project.
I include both the API and and the endpoint in the generated *.car file.
Now to invoke an API request, I call the service using 'curl':
curl -v http://localhost:8280/CustomerInfoRestService/customers/2
and I get the response:
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8280 (#0)
> GET /CustomerInfoRestService/customers/2 HTTP/1.1
> Host: localhost:8280
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Thu, 13 Jun 2019 10:09:06 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
It seems not to be found (404 error)
I followed the WSO2 documentation, specifically the integration tutorial "Sending a Simple Message to a Service" to create this project, for reference it is found at:https://docs.wso2.com/display/EI650/Sending+a+Simple+Message+to+a+Service
Any help is greatly appreciated.
Thanks in advance,
Kind Regards,
This kind of response comes when the API is not deployed or active in the ESB. Did you deploy the car file you created? You did not mention that in your steps. Please make sure that you are able to see the API in the management console (Home -> Service Bus -> API).
I've been doing a google tutorial on how to send web push notifications on Chrome using web-push node module.
The thing is, the tutorial also provides a companion server app that you are supposed to use in order to test sending push notifications from a server to the client.
But, in both the companion app and even when using web-push cli on my local machine, when trying to send a notification I am getting a "Unauthorized Registration" error.
Can't find anything online about this error - what am I doing wrong/ missing?
$ web-push send-notification --endpoint=https://fcm.googleapis.com/fcm/send/<<endpoint-key>>
Error sending push message:
{ [WebPushError: Received unexpected response code]
name: 'WebPushError',
message: 'Received unexpected response code',
statusCode: 400,
headers:
{ 'content-type': 'text/html; charset=UTF-8',
date: 'Fri, 25 Nov 2016 08:54:08 GMT',
expires: 'Fri, 25 Nov 2016 08:54:08 GMT',
'cache-control': 'private, max-age=0',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '1; mode=block',
server: 'GSE',
'alt-svc': 'quic=":443"; ma=2592000; v="36,35,34"',
'accept-ranges': 'none',
vary: 'Accept-Encoding',
connection: 'close' },
body: '<HTML>\n<HEAD>\n<TITLE>UnauthorizedRegistration</TITLE>\n</HEAD>\n<BODY BGCOLOR="#FFFFFF" TEXT="#000000">\n<H1>UnauthorizedRegistration</H1>\n<H2>Error 400</H2>\n</BODY>\n</HTML>\n' }
Have you used any HTTP server to test the code in that tutorial? Further, DNS should be localhost or https:// site. If you are running the HTTP server under some port, better to have 5 digit client side port. Here is linked my project browser push
There's a report of this in the web-push library issue tracker: https://github.com/web-push-libs/web-push/issues/254.
Can you try resetting your clock, like the reporters in that issue did?
Check the field gcm_sender_id in your manifest.json file if it matches exactly with the gcm_sender_id in your google account. I faced a similar problem before and this was the solution to my problem.
I setup 'ice' on my mac as per instruction in Bluemix docs.
I can successfully run 'ice login':
API endpoint: https://api.ng.bluemix.net
Username> XXXXXX#XXX.XXX
Password>
Authenticating...
OK
API endpoint: https://api.ng.bluemix.net (API version: 2.23.0)
User: XXXXXX#XXX.XXX
Org: XXXXXX#XXX.XXX
Space: dev
Authentication with container cloud service at https://api-ice.ng.bluemix.net/v2/containers completed successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at registry-ice.ng.bluemix.net
WARNING: login credentials saved in /Users/giovanni/.dockercfg.
Login Succeeded
but when I issue any other 'ice' command I receive an error.
E.g. 'ice images':
Refreshing cf tokens
Unauthorized failure
Any advice on where to look for logs or what's the issue?
Cheers, Giovanni
Per your comment, the issue appears to be one of not being authorized to access the beta IBM Containers offering. We have just enabled all users queued from yesterday for the beta, so you should be authorized to access the beta service now.
Yep, I confirm that after trying to create a container using Bluemix UI (website) and once received a confirmation email that I was authorised to use Container, 'ice' commands started working.
e.g.
$ ice images
Image Id Created Image Name
d0feae99-b91d-4ce3-bcb4-6128886f6968 Mar 24 03:44:59 2015 registry-ice.ng.bluemix.net/ibmliberty:latest
74831680-1c9c-424e-b8ea-ceede4aa0e40 Mar 24 03:41:24 2015 registry-ice.ng.bluemix.net/ibmnode:latest
Cheers, Giovanni