I have a website with code that I want to make run periodically (sending e-mails).
My web.xml is as follows:
<servlet-mapping>
<servlet-name>sendEmailsController</servlet-name>
<url-pattern>/cron/sendEmails</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>sendEmailsController</servlet-name>
<servlet-class>sendEmailsController</servlet-class>
</servlet>
I am trying to schedule the code to run through Google Cloud Scheduler, but when I'm editing the 'Service Account' field to insert my xxxxx#gcp-sa-cloudscheduler.iam.gserviceaccount.com, I get a black pop-up saying: Updating job "myJob" failed: Unknown error
I've tried saving the job with the Service Account field left blank and it shows Success, but it doesn't run my code (does not send e-mails), neither prints the logs I left in the code.
Also, I've tried adding the Cloud Scheduler Admin, Cloud Scheduler Job Runner and Cloud Scheduler Service Agent roles to the service account in case it was a problem with the permissions, but it didn't work either.
For Frequency, i'm using * * * * * (every minute), target is HTTP, HTTP Method is GET, and URL is https://myDomain/cron/sendEmails
You might probably used account from "IAM & Admin" in "IAM" tab, but for some it might be working, for some other not. Hard to find, on my testing account I have more than 20 and only 5 where working.
This is error is not showing up when you use account listed in is "Service Accounts" tab (which was just a few instead of many in "IAM&Admin/ IAM").
I have tested it quickly. Trying to add any service account from IAM tab, that is not listed in Service Accounts was giving error.
Than I have added new account like:
scheduler#<my-test-project>.iam.gserviceaccount.com.
Without any permissions I was able to use it in Cloud Scheduler without the error. I suggest to do it the same way.
Related
Trying to list and update the Google calendar ACLs using the code below in Google Apps script interface (script.google.com). I have enabled The Calendar API on the GSuite account and can see the API being hit (with 404s and 403s) in the developer console.
The calendarId listed in the code below is fake but, the one I am using does exist and works fine in the developer portal using the Try this API form.
https://developers.google.com/google-apps/calendar/v3/reference/acl/list
I assume I have the adequate authorization because I am logged in using the the same GSuite account on the developer portal and app scripts interface.
Are there any restrictions on the Google Apps Script environment or OAuth authorization that would prohibit this code from running only in Apps Script?
function test()
{
var calendar_acl_list;
calendar_acl_list = Calendar.Acl.list({calendarId: 'hannibal#domain.com'});
Logger.log('%s', calendars_acl_list);
}
It is possible that my simple code is not correct but, the error does not give enough information to troubleshoot. This is the error displayed in the View>Execution Transcript menu within Apps Script interface.
[17-09-26 14:13:31:492 PDT] Execution failed: Not Found (line 32, file "Code") [0.066 seconds total runtime]
Even though the code above is not working. The code below is:
function test2()
{
var calendars;
calendars = Calendar.CalendarList.list({maxResults: 100});
Logger.log('%s', calendars);
}
The proper usage of the Calendar.Acl.list method is:
calendarId = 'whatever#gmail.com'
calendars_acl_list = Calendar.Acl.list(calendarId);
Logger.log('%s', calendars_acl_list);
We're having trouble verifying our domain for our Google App Engine application.
We have a domain registered with Hostek, where our name servers are currently:
ns-cloud-c1.googledomains.com
ns-cloud-c2.googledomains.com
ns-cloud-c3.googledomains.com
ns-cloud-c4.googledomains.com
I created a DNS zone in Google Cloud and added the TXT record with the value given to me by Google App Engine, but when click "Verify" on the Google side, I get the error
Verification failed for cbcdashboard.com using the DNS TXT record method (less than a minute ago). We couldn't find the verification token in your domain's TXT records. You might need to wait a few minutes before Google sees your changes to the TXT records.
Below that, if I click "Show found DNS TXT records", I see
google-site-verification=<the token I was given>
It seems to see the value, but to not think it's correct. I tried adding it with and without quotes. Any ideas?
I just did a dig and got this:
"google-site-verification=PDmOnhweMP0C1aXpkNh-4kG-Mlhg3o22viWjGm_gn3U"
So it seems like that it's a propagation issue. When you make changes to DNS it does not spread out on the DNS for a while. If you try again to verify does it now work?
As it usually happens, the customer changed their G Suite email password which we were using for sending out emails (on Java#AppEngine). The token has been revoked as expected, and we managed to get everything working on DEV and UAT environments, however PROD for some reason still getting the infamous "invalid grant". I wonder if there's some caching that holds to original Credential in the datastore? Stackdriver doesn't let evaluate the method call so can't see what's inside. We suspect it has something to do with cache but restarting GAE instance (by redeploying) hasn't resolved the issue. Any suggestions are welcome!
This is a bit from the logs:
Caused by: com.google.api.client.auth.oauth2.TokenResponseException: 400
{
"error" : "invalid_grant"
}
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
at com.google.api.client.auth.oauth2.Credential.executeRefreshToken(Credential.java:570)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:859)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
Not sure how it all worked this time, but this sequence seem to work:
pause the queues to avoid "old" token being cached again and again when it tries to resend the email
delete the stored credential from datastore
flush the memcache
re-configure your app to authorize it to have access to your gmail (essentially get the new credential to your datastore)
resume the queue and enjoy
I'm using app engine for windows and when I try to deploy the app to the cloud, I'm asked for a username and password. When I enter the username and password, I get the following error:
Password for xxxxx#xxxxx.xxx: Invalid username or password.
2014-11-06 18:48:41,628 ERROR appcfg.py:2417 An error occurred processing file '': HTTP Error 401: > > > Unauthorized. Aborting.
Error 401: --- begin server output ---
Must authenticate first.
--- end server output ---
2014-11-06 18:48:41 (Process exited with code 1)
Then, I got an email from Google stating, that an attempt was made to login my account and it was blocked. If it wasn't me, take the following steps. But, if it was me:
If this was you
You can switch to an app made by Google such as Gmail to access your account (recommended) or > change your settings at https://www.google.com/settings/security/lesssecureapps so that your >account is no longer protected by modern security standards.
Any ideas? I'd hate to lower my security standards. Is this some sort of bug?
Use OAuth2 rather than a username and password to authenticate when uploading your app.
Looks like you are hitting the same issue as this guy.
As I told him there:
Go here under Account permissions -> Access for less secure apps -> Settings make sure its set to enabled.
Otherwise you will have to use the console.
You might be accessing google servers via some proxy. And google being a LOCATION geek, over-intelligently blocks you. Try authenticating it once, and it should not be a problem from then on, provided proxy or IP addresses does not change frequently. NOTE: i might be completely wrong as well.
I'm trying to use the "Copy to another app" feature of AppEngine and keep getting an error:
Fetch to http://datastore-admin.moo.appspot.com/_ah/remote_api failed with status 302
This is for a Java app but I followed the instructions on setting up a default Python runtime.
I'm 95% sure it's an authentication issue and the call to remote_api is redirecting to the Google login page. Both apps use Google Apps as the authentication mechanism. I've also tried copying to and from a third app we have which uses Google Accounts for authentication.
Notes:
The user account I log in with is an Owner on all three apps. It's a Google Apps account (if that wasn't obvious).
I have a gmail account this is an Owner on all three apps as well. When I log in to the admin console with it, I don't see the datastore admin console at all when I click it.
I'm able to use the remote_api just fine from the command-line after I enter my details
Tried with both the Python remote_api built-in and the Java one.
I've found similar questions/blog posts about this, one of which required logging in from a browser, then manually submitting the ACSID cookie you get after that's done. Can't do that here, obviously.
OK, I think I got this working.
I'll refer to the two appIDs as "source" and "dest".
To enable datastore admin (as you know) you need to upload a Python project with the app.yaml and appengine_config.py files as described in the docs.
Either I misread the docs or there is an error. The "appID" inthe .yaml should be the app ID you are uploading to to enable DS admin.
The other appID in the appengine_config file, specifically this line:
remoteapi_CUSTOM_ENVIRONMENT_AUTHENTICATION = (
'HTTP_X_APPENGINE_INBOUND_APPID', ['appID'])
Should be the appID of the "source", ID the app id of where the data is coming from in the DS copy operation.
I think this line is what allows the source appID to be authenticated as having permissions to write to the "dest" app ID.
So, I changed that .py, uploaded again to my "dest" app ID. To be sure I made this dummy python app as default and left it as that.
Then on the source app ID I tried the DS copy again, and all the copy jobs were kicked off OK - so it seems to have fixed it.