Unable to delete Azure Resource Group - azure-resource-manager

I'm trying to delete Ra esource Group or the resources in that group.
Databricks got deleted half-way is now in a failed state and can't be removed
A storage account can't be deleted because of an other resource requiring exclusive access
The Private Endpoint on the Storage Account can't be deleted, because there is no changes possible on the Storage Account - I'm owner on Subscription level
The AKS namespace returns an 'internal server error'
The Log Analytics workspace I can't delete because a SQL solution can be deleted 'ajaxExtended call failed'
Tried using CLI, PowerShell, checked for Locks, re-registered providers, tried moving resources ....

Related

G-cloud sdk --> problems about firebase projects and permissions

I'm developing a backend microservice app with node.js along with #google-cloud/firestore and i'm trying to access my firebase project locally with gcloud-sdk. I've run gcloud init so i can log in and chose the project i need to connect to in order to access the db.
The problem is that, i keep getting 7 PERMISSION_DENIED: Missing or insufficient permissions when i try to make any type of interaction with the db even though i already have all permissions in the project. At the beginning i thought that maybe i was having that problem because i was using a different account that did not have permissions to access these projects, but that didn't make sense because i do not see that account in my list of accounts in the sdk
But, when i gave permissions to the other account that i thought maybe logged in in my sdk, i could access the db, so it was weird, it is like it's stuck with the other account that maybe i added when i first install the sdk.
So, i've tried everything to correct this, i've deleted all accounts from my gcloud sdk, i've deleted the list of configurations, i've uninstalled (twice) the sdk and installed it again (since people that i work with told me that they did this and worked for them, since they had same issue), i've run g cloud init to log in again and all that stuff, and still, when i try to connect to my firebase db, it still says that i still do not have permissions, it's like the account that i'm logging in is not the one that is being saved/used to access my project.
What can i do to make this work ?
EDIT #1 -> How i'm connecting to firebase and sdk commands to connect to the project
Connecting to my project on firestore
import 'reflect-metadata';
import { Firestore } from '#google-cloud/firestore';
import { GCP_PROJECT } from '#util';
export const firestore = new Firestore({ projectId: GCP_PROJECT });
Commands to connect to my project by sdk
-> gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [coordinadora-work] are:
core:
account: diego.cifuentes#coordinadora.com
disable_usage_reporting: 'True'
project: cm-reparto-dev
Pick configuration to use:
[1] Re-initialize this configuration [coordinadora-work] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [coordinadora-work]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for this configuration:
[1] diego.cifuentes#coordinadora.com
[2] Log in with a new account
-> Please enter your numeric choice: 1
You are logged in as: [...my account that is having problems...].
Pick cloud project to use:
...
-> Please enter numeric choice or text value (must exactly match list item): 21
Your current project has been set to: [...project that i'm having problems with...].
-> Do you want to configure a default Compute Region and Zone? (Y/n)? n
Your Google Cloud SDK is configured and ready to use!
The Google Cloud Client libraries use the Application Default Credentials, not the current credentials setup using gcloud auth login.
To setup your Application Default Credentials for local development, simple execute gcloud auth application-default login. This will open a browser window and allow you to select the account to use as default credentials.
Another method is setting the environment variable GOOGLE_APPLICATION_CREDENTIALS to point to a service account key file.
Read more here : https://cloud.google.com/docs/authentication/application-default-credentials
When running in GCP, your credentials will get picked up from the environment, i.e. the service account your Cloud Function is running with.
https://cloud.google.com/docs/authentication/client-libraries

Call Google Cloud API from local Firebase Emulator

I've got a function which uses #google-cloud/language.
The function works when deployed live but when running in the local function emulator it complains
I've done firebase login with my Google account but get the following when running the function:
Error: 7 PERMISSION_DENIED: Cloud Natural Language API has not been used in project XXXXX before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/language.googleapis.com/overview?project=XXXXX then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
XXXXX is a project Id I don't recognise - where has this come from and how can I check if I'm mistaken?
The account I'm authed with firebase locally is already in the Owner role for the project, so either the project ID is wrong, or I need to grant permissions to the user?
What do I need to do?
The solution is to set the environment variable GOOGLE_APPLICATION_CREDENTIALS for authentication:
https://cloud.google.com/docs/authentication/getting-started#windows
And restart all the things due to my ENV variable not being updated.

Cloud build: No permission for signining blobs even though I granted them

I'm trying to build a Java application in cloud build and deploy it to Cloud Run.
I have granted rights to cloud build service account to write blobs
Morover, I have changed default service account for Cloud Run instance, with rights to write blobs.
I'm letting instance figure out service account by doing: FirebaseApp.initializeApp();
When I run my tests, I get:
Caused by: java.io.IOException: Error code 403 trying to sign provided bytes: The caller does not have permission
at com.second.hand.security.jwt.TokenProviderTest.testReturnFalseWhenJWTisMalformed(TokenProviderTest.java:75)
If I print GoogleCredentials.getApplicationDefault(), in Cloud build logs I get ComputeEngineCredentials{..., although I changed Service Account to a different one.
In my local environment, it prints applicationDefaultServiceAccountCredentials{... as expected, since I set GOOGLE_APPLICATION_CREDENTIALS environmental variable
What am I doing wrong? I'm out of ideas

AppMaker error say "The instance must be a 2nd generation SQL database" but it is a 2nd gen

AppMaker gives this error: "The default Google Cloud SQL instance is not setup properly. Please ask a G Suite administrator to check the Google Cloud SQL configuration for your domain. (Reason: App Maker is unable to verify the default Google Cloud SQL instance. The instance must be a 2nd generation SQL database.)"
But the SQL database is a 2nd generation
ALF-experiments instances:
Instance ID Type High availability Location Labels
sgialfmysql MySQL 2nd Gen 5.7 us-central1-a
Connected as the default in admin console
Google Cloud SQL instance setting
Enter the Google Cloud SQL instance connection name to use with App Maker:
alf-experiments:us-central1:sgialfmysql
I have made multiple Cloud instances under multiple project but none seem to be able to connect. I have reviewed the documentation several times to verify that GCP and Cloud SQL are set correctly and they are.

Firebase Service Account for Firestore and Remote Config

I have created/forked a lil Google Apps Script Library to manage Firebase Firestore and Firebase Remote Config called FirebaseGoogleAppsScript. The goal is to simply manage the contents of your collections in an apps script as well as update your remote config.
My issue is I can't get the a service account to do both.
Firebase creates two service accounts upon creating a project:
The first is listed in the Firebase Console -> Project Settings -> Service Accounts. This one I use within my cloud functions to retrieve the Remote Config just fine. However in the Apps Script Project it is unable to retrieve any data from firestore. I tried adding all kinds of roles including Owner and Editor yet no firestore data, but I still can get the RemoteConfig.
The second is only visible in the GCP service accounts and has the title: Firebase Admin SDK Service Agent with the roles Firebase Admin SDK Administrator Service Agent and Service Account Token Creator. This one is able to retrieve all the data from firestore within an Apps Script Project. However in the apps script project I can't get it to retrieve the RemoteConfig even if I add the role Firebase Remote Config Admin.
I have also made my own service account which was able to get the Remote config and just about everything else from Firebase except the Firestore data. Seems only the one service account created by Firebase is able to get any data.
To recreate the issue simply deploy my lil FirebaseGoogleAppsScript project and associate it to the same GCP project Firebase is connected to. There is a test file in it which can recreate the issue assuming you have some data in RemoteConfig and a collection called posts with some docs.
What the heck is going on here? Why can't I make a service account who can access Firestore and RemoteConfig? Any ideas on what to do to create a proper role to do both? Do I really have to use two separate service accounts?

Resources