Firebase init hosing:github for organization - firebase

Trying to create a github action connection to firebase, as described here .
After initializing hosting, I ran:
firebase init hosting:github
Got to the stage where got:
For which GitHub repository would you like to set up a GitHub workflow?
Entered the name, and then received:
Error: HTTP Error: 403, Policy update access denied.
The repo is part of an organization.
Read those threads:
https://github.com/firebase/firebase-tools/issues/3143
https://github.com/firebase/firebase-tools/issues/2763
about giving fire base access to the organization, but I already have given access.
Any suggestions how to solve the issue?

Ok, so the problem was that I needed to be an Owner (Editor isn't enough) of the fire base project in order to initialize the Firebase hosting.

Related

terraform GCP VPC connector creation issue

Overview
I tried creating a VPC network, having a subnet and adding a Serverless VPC connector with terraform in GCP. I was following the official guide ( https://cloud.google.com/vpc/docs/configure-serverless-vpc-access#terraform ) and initially everything was working well. After that I accidently commited my JSON key to github, someone stole it and used it for crypto, the project was disabled but shortly after that reinstated
After that my terraform VPC connector creations started to fail. I tried a lot of different things but nothing seems to work(running destroy, changine service accounts, changing names, deleting all of the terraform subfolders, deleting EVERY resource and restarting the process)
The errors I am getting are:
│ Error: Error waiting to create Connector: Error waiting for Creating Connector: Error code 13, message: An internal error occurred: Failed to create a VPC Access connector. Please delete the connector manually.
│
or
│ Error: Error creating Connector: googleapi: Error 409: Requested entity already exists
Today I tried to create VPC connector from the command line(gcloud) and from the UI tool. The errors persisted
Unknown error. Original error message: Operation failed: Insufficient CPU quota in region.
Max throughput of the connector per day over last seven days.
or
An internal error occurred: Failed to create a VPC Access connector. Please delete the connector manually.
errors while deleting:
│ Error: Error waiting for Deleting Network: The network resource 'projects/static-emblem-327016/global/networks/sun-serverless-network' is already being used by 'projects/static-emblem-327016/global/routes/default-route-5cbc9de02e21bb35'
│
I was lookint at this issue https://issuetracker.google.com/issues/164378672 In it I was problems with us-central1 but I tried a couple of different regions and still I have the same issue
Questions:
I am running out of ideas, I was wondering if this is an infrastructural issue, maybe I should dump the project and create a new one ? Where can I check if there are infra issues ? How can I resolve my issue?
I recently get this error Error: Error creating Connector: googleapi: Error 409: Requested entity already exists. So I can explain the root cause and it's fix.
What I was doing is like trying to create a GCP resource (Create PubSub topic) using terraform (plan and then apply).
But before executing the terraform apply, I created the resource manually long time back with the same name. I expected that the terraform plan or terraform apply will not try to create it again since the resource name is same. But instead of Refreshing state, I found it was trying to Creating the resource. The reason it that, terraform does not know about your resource history. Either you need to import your resource history using terraform import command or else delete the manually created resource and then run the terraform apply command.
The message “An internal error occurred: Failed to create a VPC Access connector. Please delete the connector manually” can indicate that you don't have enough resources in your project to create the connector. Please make sure you have enough Resource Quota available in your GCP project.
The message “googleapi: Error 409: Requested entity already exists” indicates that The resource that a client tried to create already exists.
If you want to know what the root cause is, you can check the logs of the VPC Connector creation in the System Event Audit Logs.
System Event audit logs contain log entries for Google Cloud actions that modify the configuration of resources. System Event audit logs are generated by Google systems; they aren't driven by direct user action. System Event audit logs are always written; you can't configure, exclude, or disable them. The instructions to access them are here.
On the other hand, generating and distributing service account keys poses severe security risks to your organization. They are long-lived credentials that are not automatically rotated. These keys can be leaked accidentally or maliciously allow attackers to gain access to your sensitive GCP resources. If you accidentally compromised your JSON Key, please read the recommendations in this link.
If you want to know more about the risk and alternatives to download Service Account, Key please follow this link. Please note that this is not GCP official documentation, so I cannot vouch for its accuracy.
I was able to resolve my issue. It turns out that I had deleted my default compute engine service account in panic. I was able to recover it and everything worked out from there. For more info go here: https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting_a_service_account
you have to identify the default service acc for compute engine and undelete it:
gcloud beta iam service-accounts undelete ACCOUNT_ID

VPC creation problem in aws via terraform

I have been trying to create vpc infrastructure in AWS through terraform I am unable to perform the "Terraform apply" command anyone has a similar problem while using a free trial account.
Error: Error creating VPC: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: 4HZVo3-eWCS-YLhRy55P_0T13F_fPtA29TYrJrSe5_dyPxIcqRbh7_wCcrCZr2cpmb-B5--_fxVaOngBfHD_7yfnPH7NLf1rrqpb7ge1mvQrK8P0Ltfpgpm37nZXezZUoYf1t4peB25aCxnbfeboHpgJjcFnHvqvf5so5G2PufnGZSB4FUZMfdaqppnJ-sNT7b36TonHUDNbLhBVUl5Fwd8d02R-6ZraRYvDx-o4lDfP9xSWs6PMUFXNr1qzruYaeMYMxIe-9kGOQptgBLYZXsxr966ajor-p6aLJAKlIwPGN7Iz7v893oGpGgz_8wxTv4oEb5GnfYOuPOqSyEMLKI69b2JUvVU1m4tCcjKBaHJARP5sIiFSGhh4lb_E0_cKkmmFfKzyET2h8YkSD8U9Lm4rRtGbAEJvIoDZYDkNxlW7W2XvsccmLnQFeSxpLolVhguExkP7DT9uXffJzFEjQn-VkhqKnWlwv0vxIcOcoLP04Li5WAqRRr3l7yK2bYznfg
│ status code: 403, request id: 5c297a4d-7bcf-4bb4-b311-37480e1f26b8
make sure you have properly setup aws credentials and permissions.
check these two files
~/.aws/credentials
~/.aws/config
this docs can help you.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
Did you configure your access keys?
provider "aws" {
region = "us-west-2"
access_key = "my-access-key"
secret_key = "my-secret-key"
}
There are multiple ways to do it (described here).
My above example can be a good start but you don't want to commit those so I recommend to configure the keys in ~/.aws/credentials (like you need them for AWS CLI). The aws provider will pick them up automatically and so you don't need to define them somewhere in your terraform code.

snsdev-dev already exists in stack

Issue:
New amplify project created throws this error:
Error:
Resource Name: SNSRole (AWS::IAM::Role)
Event Type: create
Reason: snsdev-dev already exists in stack arn:aws:cloudformation:eu-west-1:
✖ An error occurred when pushing the resources to the cloud
Resource is not in the state stackUpdateComplete
An error occured during the push operation: Resource is not in the state stackUpdateComplete
Amplify project created as follows:
# mkdir react-rds
# cd react-rds
# amplify init
? Enter a name for the project react-rds
? Enter a name for the environment dev
? Choose your default editor: Visual Studio Code
? Choose the type of app that you're building javascript
Please tell us about your project
? What javascript framework are you using react
⠙ Initializing project in the cloud...
Your project has been successfully initialized and connected to the cloud!
# amplify add auth
Do you want to use the default authentication and security configuration? Default configuration
Warning: you will not be able to edit these selections.
How do you want users to be able to sign in? Username
Do you want to configure advanced settings? No, I am done.
Successfully added resource reactrds0xxxbxde locally
# amplify push
? Are you sure you want to continue? Yes
⠼ Updating resources in the cloud. This may take a few minutes...
CREATE_FAILED SNSRole AWS::IAM::Role Sun May 31 2020 16:35:24 GMT+1000 (Australian Eastern Standard Time) snsdev-dev already exists in stack arn:aws:cloudformation:eu-west-1:4711111:stack/amplify-react-amplified-dev-12110-authreactamplifiedc7111f-1TOaaaaBPI1/e9xxxxx0-9fxx-11ex-97xx6-0acxxxxxee0
CREATE_FAILED amplify-react-rds-dev-163108-authreactrds011de-1PHaaaaaWIJ AWS::CloudFormation::Stack Sun May 31 2020 16:35:24 GMT+1000 (Australian Eastern Standard Time) The following resource(s) failed to create: [SNSRole].
✖ An error occurred when pushing the resources to the cloud
Resource is not in the state stackUpdateComplete
An error occured during the push operation: Resource is not in the state stackUpdateComplete
Then the above error comes on the first push.
Resource already exists error will be popped up if you are trying to create a AWS resource with same name that is already created through another stack and existing.
Check for any duplicate stacks and delete them if not required. Else try to rename the resource
The issue was with the hyphen in the project name.
Look at these two Github issues that deal with this issue:
https://github.com/aws-amplify/amplify-cli/issues/3879
https://github.com/aws-amplify/amplify-cli/issues/3687
I created another project without the hyphen to fix the issue.

Firebase emulator not authenticating suddenly

I opened our firebase functions code today, typed firebase serve as I usually do, but when I called an http function that touches our real-time database, I was greeted with this message:
#firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential","message":"Credential implementation provided to initializeApp() via the \"credential\" property failed to fetch a valid Google OAuth2 access token with the following error: \"Error fetching access token: invalid_grant (Bad Request)\". There are two likely causes: (1) your server time is not properly synced or (2) your certificate key file has been revoked. To solve (1), re-sync the time on your server. To solve (2), make sure the key ID for your key file is still present at https://console.firebase.google.com/iam-admin/serviceaccounts/project. If not, generate a new key file at https://console.firebase.google.com/project/_/settings/serviceaccounts/adminsdk."}
Nothing changed from when I was able to run this last (a couple weeks ago?) and my system time is set to automatic for time and timezone. I ran firebase logout and firebase login and I'm using the parameterless admin.initializeApp();. Has something changed I need to take into account?
I used the information found # https://firebase.google.com/docs/functions/local-emulator to generate and set up a key file # https://console.cloud.google.com/iam-admin/serviceaccounts/details/##################?authuser=0&project=my-project-name by clicking 'create key' at the bottom.
Once the key file was downloaded, I set it with this command line in my projects directory
set GOOGLE_APPLICATION_CREDENTIALS=path\to\key.json
With that done, I was able to run my functions as I expected locally.
I love you all.

Is it supported to create an integrated notebookVM when the workspace is configured to be in a VNET?

Trying to follow doc at secure your experiments but after configuring default workspace storage for VNET access, attempts to create integrated notebook VM fails with what looks like a storage access error.

Create Failed:
Failed to clone samples. Error details: Microsoft.WindowsAzure.Storage This request is not authorized to perform this operation.
thanks,
jim
We are working on adding virtual network support to NotebookVM.
Thanks

Resources