I've created my app and SQL container on Google App Engine. All is ready to go, I just need to grant network access to the SQL server from the application. When clicking the Add Item button, then entering the Application ID (I verified through what appears to be an ancient deprecated interface) then clicking save I get the following error:
Could not complete the operation. Dismiss
I've read the instructions and as far as I can tell this is the correct method. It's the same region as the App. Tried us-east and us-west.
I created another SQL instance just in case with the same results.
I checked the dns records of the provided application URL and added the 4 IPv4 and IPv6 addresses that were returned just in case I could do it that way. The app still can't connect to the database.
I'm not sure what to try next, does anybody have an idea how to allow access in this situation?
I created my Project in US-east1 originally, had the same problem as above. Went back and created another project in US-central. This problem "Could not complete the operation. Dismiss" went away. Easy way to tell that it is working, the "Preferred location" will auto populate with "Follow App Engine app", the "App Engine application id" will auto populate with your project app id, the "Authorized App Engine applications" will auto populate with the project app id as well.
Related
I would like to set up a JDBC connection for an app in Google App maker without storing the username/password in the script.
I thought of doing this by storing this information in a spreadsheet that only I have access to. In this case, the developer would have to be used as the execution identity.
But I would actually like the app to run as the user so that I can use the user id to set access permissions/customize what is displayed, editable, etc.
So in summary I would like the app to run as the user but the JDBC connection to be established through my credentials, which should not be shared with anyone.
Is it possible to run different scripts within the same app as different execution identities? If not, what might be a solution to this?
Please can you help me, I'm receiving this error when I'm trying to deploy a google cloud function:
HTTP Error: 400, Default service account 'project-name#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Cloud Functions API), or specify a different account.
The command used to deploy is:
firebase deploy --only functions
A temporary solution is fine, but if you can help me to solve it permanently is better.
Thanks in advance.
In my case, the App Engine default service account was deleted. It looks like this: {project_id}#appspot.gserviceaccount.com
So I had to restore the service account like this:
You can now recover the deleted service accounts from https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts/undelete
you have to get the UniqueID of the service account from https://console.cloud.google.com/home/activity
Source: https://stackoverflow.com/a/55277567/888881
The API explorer is an easy way to use the IAM API: https://developers.google.com/apis-explorer/#p/
I was struggling to resolve this issue, then I raised a case with Google.
here is a detailed article of my learnings :
https://medium.com/#ashirazee/http-error-400-default-service-account-appspot-gserviceaccount-com-accd178ea32a
Firstly navigate to Google Cloud Platform and view your service accounts.
try and find <project_id>#appspot.gserviceaccount.com' in your list of service accounts for the firebase project, it is linked to the App Engine.
if '#appspot.gserviceaccount.com' is missing you can not deploy anything(SEE EMAIL WITH GOOGLE BELOW), if it isn't, check and see if it's enabled, try disabling it and enabling it again.
#appspot.gserviceaccount.com is pre-installed by default, regardless of a paid account or not. try and recall if at any time you may have deleted it after or before deployment.
Now if you have for any reason deleted it over a period of more than 30 days than you can not retrieve it, and you must create a new firebase project. However, if it is within 30 days you can undelete it.
EMAIL FROM GOOGLE:
Email #1
"
Hello Ali
I am checking the logs of your project, unfortunately the service account was deleted on Ma, there is no chance to recover it nor recreate it
The only workaround available is to create a new project and deploy the service desired there. I know this could not be the best option for you nevertheless it is the way this works by design.
Do not hesitate to write back if you have more questions.
Cheers,"
Email #2,
"Hello Ali
I am glad to read that you have been able to deploy your functions successfully, unfortunately that service account cannot be recovered after 30 days of being deleted and that is the only solution. If you have other questions, please let us know by contacting us again through our support channel.
Cheers,"
lastly here is a helpful command line that will help you debug this, however, it won't help if there is no service account, it'll just highlight the obvious:
firebase deploy --only functions --debug
this was my error:
"HTTP Error: 400, Default service account '<project_id>#appspot.gserviceaccount.com' doesn't exist. Please recreate this account (for example by disabling and enabling the Clo
ud Functions API), or specify a different account."
Following the error message, you could enable the API by console accessing this url and enable the api.
Or by gcloud command:
gcloud services --project <project_id> enable cloudfunctions.googleapis.com
As the other stated, sadly, you need to use the default service account.
If within the 30 days period, you can use this tutorial to find and undelete the service acc: Read this guide to get https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting_a_service_account
You have to enter the commands through the Google Cloud Console (one of the buttons will open a terminal on the right of the top blue app bar)
try to select Google Cloud Platform (GCP) resource location in Setting of Firebase. enter image description here
I get the following error while trying to create a google container cluster.
An unknown error has occurred in Compute Engine: "EXTERNAL: Google
Compute Engine: Required 'compute.zones.get' permission for
'projects/access-jobs/zones/europe-west2-c'". Error code: "18" RETRY
Can someone please help me out. I am new to google cloud platform
Based on the error message, it looks like you do not have the compute.zones.get permission in the access-jobs project. This permission is required to get information about a zone in GCE.
Required 'compute.zones.get' permission for
'projects/access-jobs/zones/europe-west2-c'"
Enabling the Google Container Engine API
You will need to enable the API. You can visit this URL which will ask you to choose a project and then wait for a few minutes before the API is enabled. After that, you will be able to create the Container Clusters.
IAM Roles and Missing permissions
If you're still getting this error even after enabling the API, you might actually have a permission issue.
You can look at the list of Compute Engine IAM roles to understand the list of permissions any given role has. The account you use to access Google Cloud Platform needs to be granted one of these roles which provides compute.zones.get permission. For creating Cloud Clusters (i.e. Google Container Engine (GKE) clusters), you most likely will need more permissions than just this one. You can look at GKE IAM roles to understand better which role would be most suitable. You can also look at the second option.
Use an account which has been granted project owner / project editor role, so that you can edit your project freely. You might have to check with your project owner/admin if you're not one to get this role granted just like option 1.
First, I'm not a MS Access developer. However I've got a new job and have to do some MS Access development. I'll be working with another developer who has experience at this; at least more than I have.
One thing he showed me is that users will get into this MS Access application, which goes into the forms, do whatever it is they do there and then bang out of the forms application to get direct access to the tables of the database. (The Access application is a front end to a SQL Server 2005 database.) Since the end users have direct access to the SQL tables, well you can just imagine what sort of mischief they can get into. (The Access application was written by a contractor who left with the application unfinished.)
So my question is this: how can we prevent end users from getting out of the Access application to directly interact with the SQL tables? I would think this is possible, but like I said I'm not an Office developer so I've no idea how it would be done, nor even what sort of things I'd look for.
The Access application is written in MS Access 2007.
#rod
Generally the level of security MS Access is providing is not very impressive. But it gives you some sort of security preventing novice users accessing unwanted information.
look for:
Compiling the database to ACCDE, MDE
provide custom ribbon with your own buttons
Disable the "Navigation" pane : http://www.access-programmers.co.uk/forums/showthread.php?t=187697
Disable the settings via right click.
Use AutoExe function to check if NavigationPAne is deactivated, and reboot database if necessary
Disable the "bypass startup option" key: http://www.access-programmers.co.uk/forums/showthread.php?t=91984
prevent database to load if the DB is not in .accde or .mde format. Again this is within the AutoEXE function to check.
Some useful research/investment would be.
Custom ribbon creator for MS access which will help you to provide your own buttons/ribbons (I used ribboncreator)
Providing membership/user account. since you already have dedicated SQL server you can save user credentials in the back-end tables hiding from front-end. Check user has access by writing stored procedures/functions.
Write function to gather errors, activities and uploads to a LOG table and monitor activities. use web-services + MSXML2.XMLHTTP + async for this task.}
Create a UI for the users to navigate your application. The most basic thing is just a form that has buttons to open all other forms the users need to access in your application.
Then use the ribbon to navigate to "File" -> "Options" -> "Current Database".
Select the form from the step above as "Display form" for the application and then uncheck all the following options "Use Access Special Keys", "Display Navigation Pane", "Allow Full Menus", "Allow Default Shortcut Menus".
This will start you Access application and show the selected form without any of the standard UI for working with tables or the design of other objects in your application.
But please be aware that this is just protection against normal users making accidental mistakes by changing stuff they are not supposed to change. This will not deter a malicious and knowledgeable attacker.
If you want open your application for development, hold down the SHIFT-Key while opening the file.
Another option outside of Access is to deny an AD group with read/write access to your SQL tables the DELETE permission. I was able to do this successfully using Access 2013 and Microsoft SQL Server Management Studio 2012. This post discusses the command.
DENY DELETE ON tablename to [DOMAIN\groupname];
Users in the AD group are able to modify and delete data through the UI we have created, but unable to open the table, select a line, and hit the delete key. They receive the following error: "ODBC--delete on a linked table 'tablename' failed....The DELETE permission was denied on the object ...."
I'm trying to use the WHMCS API / provisioning module to auto-create a mysql database for a new WHM / cPanel client after their order for hosting goes through.
It seems like it should be simple enough to do, but I can't find anything about it in the docs. The WHMCS module is connected to the WHMCS mysql instance, but I would want to be connecting the "main" local mysql instance where the client's data is held.
Would I simply connect to localhost in the provisioning module, and create a new database and user? Or is there a more robust way to handle this without going outside the WHMCS / WHM system.
Please provide examples if possible!
Thanks for any help
I would use whmcs's hooks. A hook is function that is fired as a result of an internal action.
You should look for the invoice items after the invoice is paid but before the email in case you want to send database information if not then after paid should be fine
This would go in billing dir / includes / hooks
and it would look like
function init_InvoicePaidPreEmail($vars) {
// create your db code here be sure to look for the specific invoice item "order for hosting"
}
add_hook("InvoicePaidPreEmail",1,"init_InvoicePaidPreEmail","");