Request to Google Endpoints Quickstart API Fails with a 503 - google-app-engine

I am working through the Quickstart for Cloud Endpoints Frameworks on Google App Engine. After deploying the app I try to send a request to the API as outlined in the Quickstart:
curl -H "Content-Type: application/json" -X POST -d '{"content":"Hello world!"}' https://[my-app].appspot.com/_ah/api/echo/v1/echo
It returns the following error message:
{
"error": {
"code": 503,
"errors": [
{
"domain": "global",
"message": "Internal Server Error",
"reason": "backendError"
}
],
"message": "Internal Server Error"
}
}
There are 4 APIs created in the endpoints-frameworks-v2/echo sample. I get the same error message when I go to the API explorer and try to test the first 3 APIs. The last API get_user_email works as expected after after I authorise and execute it.
Any help would be great.

It turned out to be a valadation error with what I was entering:
ValidationError: Expected type <type 'unicode'> for field content, found (None, None) (type <type 'tuple'>)
After I put in the expected type there was no issues.

Related

Getting 403 trying to call Google Cloud Endpoints API hosted on App Engine Java 8, dev app server

Running an App Engine Java 8 app with Google Cloud Endpoints. I've generated the openapi.json, deployed it to my Endpoints Portal, and can see the API in my portal, with the various methods and resources listed correctly.
I'm running the dev app server locally in IntelliJ using the Cloud Code plugin. When I run it, it opens a browser tab that gives me an Error 403, with the following stack trace (abbreviated):
SEVERE: direct send of a check request service_name: "my-project-redacted.appspot.com"
operation {
operation_id: "11b8f9a6-c9cb-4895-95fb-8bb39176efb9"
operation_name: "1.my_project_dot_appspot_com.MyAPI"
consumer_id: "project:my-project"
start_time {
seconds: 1596075164
nanos: 812000000
}
end_time {
seconds: 1596075164
nanos: 812000000
}
labels {
key: "servicecontrol.googleapis.com/caller_ip"
value: "127.0.0.1"
}
labels {
key: "servicecontrol.googleapis.com/user_agent"
value: "ESP"
}
labels {
key: "servicecontrol.googleapis.com/service_agent"
value: "EF_JAVA/1.0.12"
}
}
failed
endpoints.repackaged.com.google.api.client.http.HttpResponseException: 403
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"errors": [
{
"message": "The caller does not have permission",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.newExceptionOnError(AbstractGoogleClientRequest.java:456)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
at endpoints.repackaged.com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1065)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.google.api.control.Client.check(Client.java:205)
It's worth noting that the API seems to work -- I have the iOS simulator connecting to my local dev app server and making Endpoints calls. I'm just tired of seeing the 403 in my browser every time I start the dev app server, and fear it may portend some similar issue in production when I eventually push this new service.
This error indicates that there is something wrong with the permissions or that the Service Control API is disabled in your project, so in order to fix it you can:
Make sure your service has access to servicecontrol.googleapis.com enabled by running the following command on Cloud Shell:
gcloud services enable servicecontrol.googleapis.com
Double check ENDPOINTS_SERVICE_NAME parameter in your appengine-web.xml file, it should look like this:
<env-var name="ENDPOINTS_SERVICE_NAME" value="$PROJECT"/>
Check if OpenAPI specs are deployed to Cloud, you can check it by running this command on Cloud Shell:
gcloud endpoints configs list --service=$PROJECT
Double check if the Service account running your instance has the proper IAM roles.

Calling Google IAM generateAccessToken API always returns error

I'm facing the issue where I am not able to generate an Access Token for Google IAM Service Account using this method .
I've got my personal OAuth2 access token using:
gcloud auth application-default print-access-token
I've got all the necessary roles (roles/iam.serviceAccountTokenCreator) but when I cURL the API I always get an error response:
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT"
}
}
This is how full curl request looks like:
curl -X POST --header 'Content-Type: application/json' --header 'authorization: Bearer ya29.AASDSADASDASDi9C1yAXXXXXXZzLtDDrCAzblqF_qi5sKvMZcHieBADASDASDTNJiOKrqJBffb4Moh3gTgiTbDgMIF1XDQU5JZ31aACs0aUbI4wgeqV2Q' https://iamcredentials.googleapis.com/v1/projects/<PROJECT_NAME>/serviceAccounts/<SA_NAME>#<PROJECT_NAME>.iam.gserviceaccount.com:generateAccessToken -d '{"scope": ["https://www.googleapis.com/auth/cloud-platform"]}'
Thanks
You have two problems in your API call.
The Service Account Name is a path parameter and must be URL encoded. The # character is not valid. Use %40 in its place (as an example of correct encoding).
The URI specifies a PROJECT_NAME. This is not correct. You need to use a - (hyphen/dash character). Example projects/-/serviceAccounts.
You also need to have the permission iam.serviceAccounts.getAccessToken attached to one of the roles that are assigned to the account that created the request Access Token use in this API request. This will cause a different error if incorrect. Just a tip as you get to the next step.

gcloud app deploy doesn't fail but doesn't deploy

I'm trying to deploy my GAE application via termina with the following command: gcloud --project my-project-id --version staging app deploy
It gives me no errors, the only output I get is:
Google Cloud SDK 183.0.0
bq 2.0.27
core 2017.12.08
gsutil 4.28
But the deploy doesn't actually work (I changed some text on one of the API returns just to see if it was changing in the actual URL I access).
Any idea what's going on or how to debug it?
EDIT:
I managed to get an error now:
{
"error": {
"code": 403,
"message": "Operation not allowed",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ResourceInfo",
"resourceType": "gae.api",
"description": "The \"appengine.applications.get\" permission is required."
}
]
}
}
DEBUG: (gcloud.app.deploy) Permissions error fetching application
[apps/darwin-ms-transfer]. Please make sure you are using the correct
project ID and that you have permission to view applications on the
project.
And I did check the permissions, I do have the appengine.applications.get permission based on the service account's roles.

Google App Engine Task Queue: googleapi: Error 500: Backend Error

I've defined a pull queue for my app engine application and want to fill it from outside via the REST api.
Unfortunately it doesn't work, I always get an error 500: backend error.
Even if I try to fill it with the api explorer from the documentation.
It responses:
500 Internal Server Error
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Backend Error"
}
],
"code": 500,
"message": "Backend Error"
}
}
Any idea how to solve it?
Can you paste your code that is doing the leasing? One common mistake is forgetting to include the s~ in your App Engine Project. For example, if your application ID is my-awesome-app, then you are calling
tq.get(project='my-awesome-app', taskqueue=PULL_QUEUE_NAME...
when you should be calling
tq.get(project='s~my-awesome-app', taskqueue=PULL_QUEUE_NAME...
(thanks to bossylobster for this original answer: pull queues authorization from compute)
Also it turns out you must supply the queueName in the JSON body, in addition to payloadBase64, as discovered by Frank Ren in this thread

Getting and using a google glass oauth2 access token from an android app

I am trying to get a glass access token to post to the glass timeline from within an android application. the user is able to select some information and send that to his glass device.
String token = GoogleAuthUtil.getToken(activity, mEmail, activity.getString(R.string.glass_token_scope));
where mEmail is the google glass user's Google Account email, and scope is:
oauth2:https://www.googleapis.com/auth/glass.timeline https://www.googleapis.com/auth/glass.location https://www.googleapis.com/auth/userinfo.profile
(oauth2: ...)
I am using the Google AuthUtil and it does return an access token, too. But when I use the access token, the API responds with 401 Unauthorized:
D/demo (10804): Response Code: 401
D/demo (10804): {
D/demo (10804): "error": {
D/demo (10804): "errors": [
D/demo (10804): {
D/demo (10804): "domain": "global",
D/demo (10804): "reason": "authError",
D/demo (10804): "message": "Invalid Credentials",
D/demo (10804): "locationType": "header",
D/demo (10804): "location": "Authorization"
D/demo (10804): }
D/demo (10804): ],
D/demo (10804): "code": 401,
D/demo (10804): "message": "Invalid Credentials"
D/demo (10804): }
D/demo (10804): }
I've successfully also setup the server-side Oauth2 flow and with the resulting access token I can successfully create a timeline post from a a little local script.
It really seems that the access token returned from the Android Authutil cannot be used with the Glass Mirror API. I checked back to the Google APIs console and see that you can create some Android specific client ids. So I created a client ID for an androdi application and also setup the simple API access for android. For the SHA1 fingerprint I used the debug certificate's SHA1.
Has anyone succeeded on getting a Glass token on Android and has been successfully making a request from the android phone with that token?
For the actual request I using a plain HttpURLConnection - could that be the issue?
HttpURLConnection con = (HttpURLConnection)new URL(URI_TIMELINE).openConnection();
con.setRequestMethod("POST");
con.setDoOutput(true);
con.setRequestProperty("Authorization", "Bearer " + token);
con.setRequestProperty("Content-Type", "application/json");
con.getOutputStream().write(content.toString().getBytes("UTF-8"));
Thx!
In order to get a valid OAuth 2.0 token on Android, you will need to use the Google Play Services APIs, especially the GoogleAuthUtil class.
You will also need to register your certificate on the APIs Console; I would suggest checking out the Drive SDK Quickstart for Android that describes those steps.

Resources