I'm trying to create a dataflow in Java with Gradle. I've created a gradle task to upload the job to GCP via the DataflowRunner and set my credentials via environment "GOOGLE_APPLICATION_CREDENTIALS", "....json", but when I view the job, all I see is:
Workflow failed. Causes: There was a problem refreshing your credentials. Please check:
1. Dataflow API is enabled for your project.
2. There is a robot service account for your project:
service-[project number]#dataflow-service-producer-prod.iam.gserviceaccount.com
should have access to your project.
If this account does not appear in the permissions tab for your project, contact Dataflow support.
I've already made sure the dataflow API is enabled for my project and that the service account exists and has editor and Cloud Dataflow Service Agent roles. I've tested with my code and the sample code on the getting started page, same issue.
This issue can be triggerd if the Compute Engine default service account in the Google Cloud project is disabled:
The status should show a green tick.
When you first use Dataflow in a new GCP project, you need to enable the API (Step 3 in the Quickstart), it could take few minutes. During this step a couple of service accounts are created:
Cloud Dataflow service account: service-<project-number>#dataflow-service-producer-prod.iam.gserviceaccount.com.
Controller service account: <project-number>-compute#developer.gserviceaccount.com.
The first account is the one in the error. I would think that you have not enabled the Dataflow API or you executed the job while the API was being enabled. As you mentioned you verified this, the nex step is checking if the default service accounts were modified, let's say, they were recreated or the default permissions changed. These revisions also apply for the Controller service account.
In addition, please don't forget to assign the proper permissions to the account that execute the Dataflow job.
UPDATE:
If the issue persists, it is probable that the service accounts were corrupted somehow, in which case, it is recommended to create a new GCP project with fresh service accounts or Contact Cloud Support.
Related
I'm using GitHub App to build an automation that processes requests to provide access to repositories for select users. The App is authenticated using an installation access token which expires after an hour of creation. I'm using org.kohsuke.github-api library. Is there a way to refresh this token ?
I have tried to schedule a job to run the code creating installation access token on an hourly basis. I would like to know if there is any other way to do this?
I was wondering if there is a way to Link a Broker realm user to the provider through the keycloak library in spring boot.
Situation:
When we log in with a user through the realm provider, keycloak identifies their existence in the broker (or creates them) and then an email is sent to the accounts link.
But the way I use keycloak, I have a service responsible for creating these to customize them for the application. In other words, when a user is created through this SpringBoot service, the idea is to check the existence of the realm provider and link the user created in the broker there.
Question:
Is it possible to link the broker's account with an existing one in the provider programmatically?
Additional:
it is possible to add the link directly through the admin console, so there must be a way to do it programmatically.
Image of manual creation of account link in admin console
I tried using the setSocialLinks method or the setFederatedIdentities method but it doesn't seem to work.
FederatedIdentityRepresentation federatedIdentity = new FederatedIdentityRepresentation();
federatedIdentity.setIdentityProvider(super.getProviderRealmName());
federatedIdentity.setUserId(providerUserId);
federatedIdentity.setUserName(user.getUsername());
user.setFederatedIdentities(Collections.singletonList(federatedIdentity));
Response brokerResult = brokerUserResource.create(user);
Well, there's an option to do it automatically already on the Authentication flow configuration
I made a service of Cloud Run for Anthos on GKE. And Then, I want to make it connect to the Firestore on a Project of a diffrent Organization. How can it make connect to Firestore?
I created a service of Cloud Run for Anthos on GKE on ProjectA of OrganizationA.
The programming language of the service of Cloud Run is Java, google-cloud-firestore library.
And, I created a Firestore DB on ProjectB of OrganizationB(No organization).
And then, tried to acces the Cloud Run Service to FirestoreDB, I got the error message like blow.
{"message":"Internal Server Error: com.google.api.gax.rpc.PermissionDeniedException: io.grpc.StatusRuntimeException: PERMISSION_DENIED: Missing or insufficient permissions."}
All depends your requirement. According with this page, grant the service account with roles/datastore.user or roles/datastore.viewer in the IAM section of the project B (click on Add and paste the email of the service account).
According with your GKE deployment, service account can be the default compute service account (<projectNumber>-compute#developer.gserviceaccount.com) or something else if you have customized your cluster/workload Identity
What I need to do is to create an application in which few of the segments should be invisible for user in published version.However when user checkouts In App billing purchase module he would be able to access these segments(Which is basically a number of Screens).
As of Now I am able to integrate the Standard In-App billing demo application in my application.But I am still confused how to make these Segments available for the purchaser as soon as he successfully checkout through In-App billing module. I am afraid of publishing app as it is recommended as per Android Developer Guide. I've a perception in my mind that how it would be working but want to take live experience.
Can anybody tell me the proper procedure and guidance for testing the Application apparently before it to be delivered to client.
Any help would be highly appretiated.
Go through with this link :
Implementing In-app Billing (IAB Version 3)
It is having good explanation with good piece of example code.
You can set up test accounts also to test in-app before delivered to client.
Setting Up Test Accounts
Thanks.
You are allowed to enter demo users for In app billing. You can enter the email ids with testing privileges there.
Go to Settings tab in Developer Console where you'll find "Gmail accounts with testing access", which is defined as:
License Testing - In addition to the owner of this console the following users will get the License test response from the application. They can also make in-app purchases from APKs that have been uploaded but not been published yet.
I'm developing an application based on java which allows one to manage jenkins jobs remotely.
How can I insert svn user and password when creating a new job?
I am not aware of any method of doing so, however you can have the master cache credentials after authenticating successfully once.
This can be found under: Manage Jenkins>Configure System>Subversion. Just check the box which specifies "Update default Subversion credentials cache after successful authentication".
If you have multiple repositories this won't help, but if your jobs use the same repo then you should be able to create a new job via the api without explicitly specifying the SVN credentials.