I have tried to log call stack info through opencensus. I have enabled permission in google account. I am using default credentials method. Stackdriver Trace API is enabled for the corresponding account.
Permission for monitoring.viewer, monitoring.editor and cloudtrace are also given.
Still, we are facing below-mentioned error from client side while pushing the logs.
2019/02/21 12:40:14 Failed to export to Stackdriver: rpc error: code = NotFound desc = Requested entity was not found.
2019/02/21 12:37:47 Failed to export to Stackdriver: rpc error: code = PermissionDenied desc = Permission monitoring.metricDescriptors.create denied (or the resource may not exist).
Related
I am trying to run a simple report on GA4 by using Google Analytics Data API Python client with a regular user credentials:
request = RunReportRequest(
property=f"properties/11111",
dimensions=[Dimension(name=f['name']) for f in report_definition['dimensions']],
metrics=[Metric(name=f['expression']) for f in report_definition['metrics']],
date_ranges=[DateRange(start_date=date, end_date=date)],
)
response = client.run_report(request)
And the client is BetaAnalyticsDataClient as also mentioned in the documentation:
credentials = Credentials(
token=None,
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
client = BetaAnalyticsDataClient(credentials=credentials)
It is not a Service Account so I am using google.oauth2.credentials.Credentials class as same in other Google APIs.
However, this operation is throwing an exception during the run_report function:
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Getting metadata from plugin failed with error: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})"
debug_error_string = "UNKNOWN:Error received from peer analyticsdata.googleapis.com:443 {created_time:"2023-01-14T14:12:10.907813+03:00", grpc_status:14, grpc_message:"Getting metadata from plugin failed with error: (\'invalid_grant: Bad Request\', {\'error\': \'invalid_grant\', \'error_description\': \'Bad Request\'})"}"
>
And when I try to use my access token in the credentials:
credentials = Credentials(
token=config["token"],
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
This time I am getting following error:
google.api_core.exceptions.Unauthenticated: 401 Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
I am sure that my credentials is correct since I am using same account in my other repos.
Also, note that, I tried same operation with a service account and it does not give any error. However, for this purpose, I need to use a regular developer account since the OAuth flow is on a frontend project.
What are the suggestions on that issue? Is it possible to use a developer account in here and if yes, how?
I was able to fix the issue. The app just needs a sign-out sign-in (or refreshing the access token).
I have issues pushing to amplify after adding resource same problem, after adding auth with
amplify add auth
amplify push
I get
Following resources failed
Resource Name: UserPoolClientLambda (AWS::Lambda::Function)
Event Type: create
Reason: AccessDeniedExceptionnull (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException; Request ID: 8434d2a2-4287-4b79-b22f-5d95094436a0; Proxy: null)
× An error occurred when pushing the resources to the cloud
Resource is not in the state stackUpdateComplete
An error occurred during the push operation: Resource is not in the state stackUpdateComplete
How I resolve this ?
PS: amplify cli is version 4.41.2
Finally able to figure it out.
My issue has something to do with my exposed api key case with my users.
I had help from the AWS support. Initially, I was just going to fix my billing payment method, and they mentioned that they locked my account due to the exposed api key. They walked me through it to rotate my API key and I just waited around 3-5 hours to get my account unlocked.
I tried it after following the same steps and it worked
$ amplify add auth
$ amplify push
RealmSwift 2.8.3, Realm Object Server 1.8.1, Xcode 8, Swift 3.1
I can get pretty much everything with the Realm Object Server (ROS) to work with iCloud authentication, but I'm running into an issue when I have a new user authenticate that doesn't yet have an account on my ROS instance.
I'm successfully able to retrieve their iCloud token, but user is nil when I do this:
let credentials = SyncCredentials.cloudKit(token: token)
SyncUser.logIn(with: credentials, server: serverURL) { user, error in
DispatchQueue.main.async{
if user == nil {
//--- Error ---
//This is where I end up. I can see the token in the log but no user object
}else{
//--- Success ---
}
}
}
When I check the error log in my ROS (running on Ubuntu), I get this internal server error (500):
2017-07-12T00:39:39.170Z - warn: auth.cloudkit: Handle request failed with: Error: Request failed with code AUTHENTICATION_FAILED: Authentication failed.
2017-07-12T00:39:39.174Z - warn: [services] internal error: Error: Request failed with code AUTHENTICATION_FAILED: Authentication failed.
at request.catch.err (/usr/lib/nodejs/realm-object-server-developer/.build/src/node/managers/auth/provider/cloudkit.js:131:23)
at process._tickCallback (internal/process/next_tick.js:109:7).
Now just to make sure, I assume that SyncCredentials.cloudKit(token: token) creates a user if that token isn't found on my server and returns a new user object. I don't see anything in the docs about creating a new user vs. authenticating an existing one.
UPDATE
I double-checked all my connections to iCloud, made sure my key_id found in my configuration.yml file is right and that my key matches what I have in my iCloud container.
Now I get a different error. :)
2017-07-12T01:12:54.801Z - warn: auth.cloudkit: Handle request failed with: TypeError: Cannot read property 'reason' of undefined
2017-07-12T01:12:54.809Z - warn: [services] internal error: TypeError: Cannot read property 'reason' of undefined
at signedRequest.then.catch.err (/usr/lib/nodejs/realm-object-server-developer/.build/src/node/managers/auth/provider/cloudkit.js:86:11)
at process._tickCallback (internal/process/next_tick.js:109:7).
According to the docs, account should be created if not existed before
If the credentials are valid, the user is granted access to Realm
Object Server. A new user account is created if the credentials are
not coupled to an existing account.
I guess it's problem with private_key_path in configuration.yml. Try to move .pem file to another location and see if there are any changes.
Also, remember to restart the server after changing the configuration file.
I am creating Platform Application for that I am providing following details:
Application Name = "TestNotification"
Push Application Platform = Apple Development
Push Certificate Type = iOS Push Certificate
Choosing P12 file
Loading Credential from file
Certificate Key
Private Key
And Finally Clicking on Create Platform Application
But I am getting following error:
The AWS Access Key Id needs a subscription for the service (Service: AmazonSNS; Status Code: 403; Error Code: OptInRequired; Request ID: a0b89f4e-f34b-51f2-b4ae-ce136d8b1fe1).
I google out but not able to solve the issue.. Please help.
In my case, Account verification was not completed.
complete the account registrations or varication process by going to
https://portal.aws.amazon.com/billing/signup?type=resubscribe#/resubscribed.
I'm currently working on a website developed with Symfony2 and I need to send messages in an Amazon SQS. In order to do that I added to my composer.json:
"aws/aws-sdk-php": "2.4.*"
Then when I try to create a queue or list queues I've got a 403 error saying:
Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied.
EDIT:
added the full error message
AWS Error Code: AccessDenied, Status Code: 403, AWS Request ID:
2fe34c11-7af8-5445-a768-070159a0953e, AWS Error Type: client, AWS
Error Message: Access to the resource
https://sqs.us-west-2.amazonaws.com/ is denied., User-Agent:
aws-sdk-php2/2.4.11 Guzzle/3.7.4 curl/7.25.0 PHP/5.4.3
Here is a sample code of what I do:
$aws = Aws::factory(array(
'key' => 'my-key',
'secret' => 'my-secret',
'region' => 'us-west-2'
));
$sqs = $aws->get('sqs');
return new Response(var_dump($sqs->listQueues()));
What do I do wrong to get this error ?
After digging I discovered that the account I was using wasn't granted the access to SQS service.
To give a SQS access to an account you have to go to the amazon management console. Then click on IAM. Under this section click on Users and then you can manage permission for each account you created.
Make sure that both the following policies allow access to the SQS queue
Resource (SQS) based policy: The SQS queue should allow your identity to use the queue. You define this using the queue policy (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-sqs-policy). The default queue policy will allow access only to the owner of the queue (owner of the queue is the identity that created the queue).
Identity based policies: The policy for the identity that is accessing the queue should have permission to invoke operations on the queue.
Make sure that the access is not restricted by either one of them.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html
I had the same strange issue, I had everything set up including policies and permission, after a couple of hrs I found out I was getting 403 error because of wrong aws region was configured in my application it was supposed to be ap-south-1 by default it was us-east-1