I cannot say exactly since when we have this problem, since our project is still in development and we only periodically deploy to test things.
In our most recent test the PubSub authentication does not seem to work anymore. When subscribing to a topic, the following error comes up in the logs:
21:10:29.577 Error subscribing to '123456'-topic: googleapi: Error 401: The request does not have valid authentication credentials., unauthorized
This error is new. It worked fine before. We cannot trace it back to any code change on our part.
This error is also not occuring on the devappserver with the PubSub-Emulator.
The subscriber is in the same project as the PubSub-Service. Again, everything here is happening in one project.
Here is some insight into what we are doing:
client, err := pubsub.NewClient(ctx, "lol123", option.WithTokenSource(google.AppEngineTokenSource(ctx, pubsub.ScopePubSub)), option.WithHTTPClient(urlfetch.Client(ctx)))
[...] more code [...]
_, err := client.NewSubscription(ctx, subname, topic, 0, &pubsub.PushConfig{
Endpoint: endpoint,
})
Pretty standard stuff.
Here are things we tried to play with:
Adding a second scope:
option.WithTokenSource(google.AppEngineTokenSource(ctx, pubsub.ScopePubSub, pubsub.ScopeCloudPlatform)
Using the default tokensource:
tokenSource, _ := google.DefaultTokenSource(ctx, pubsub.ScopePubSub)
option.WithTokenSource(tokenSource)
Adding an endpoint, in case https://experimental.pubsub.googleapis.com/ is somehow used:
option.WithEndpoint("https://pubsub.googleapis.com/")
Also, we switched from the previous cloud.WithTokenSource(...)-stuff to the new option.WithTokenSource(...)-libraries. This migration to the new Cloud-Libraries worked well. However, they did not help with the permission problem.
We also played around with every imaginable combination of Service Accounts and Permissions. E.g., the default Appengine Service Account has been added as Owner to all PubSub-Topics. Remember, that this error is new and it worked before and we cannot trace it back to changes on our part.
Any ideas and suggestions? We'll try pretty much anything at this point. ;-)
Related
I work on a full stack application that is composed of:
Django (Django Rest Framework)
React
PostgreSQL database
Redis
Celery
It is deployed through docker. Whole application works well and has no bugs that cannot be traced.
However, when I try to delete Project item from database (this is domain specific), I get error 500 and no specific trace.
I figured this bug out on deployed application. While inspecting Networking tab in Developer Tools I found the request and saw 500 return code. However, nothing was returned in returned in Response.
However, I think something should have been returned. Code is as such:
class ProjectCRUD(GenericAPIView):
# [...]
def delete(self, request, pk):
try:
# [...] code that deletes all referenced values and current project
except ProtectedError as e:
return JsonResponse({
"error": "Project still referenced",
"details": str(e)
}, status=400)
except Exception as e:
return JsonResponse({"error": "Wrong project id"}, status=status.HTTP_400_BAD_REQUEST)
return JsonResponse({
'message': f'Project with id {project_id} was deleted successfully!'
}, status=status.HTTP_204_NO_CONTENT)
# [...]
This "Wrong project id" assumption is by all means bad and this will be refactored as soon as this bug is also found. This code makes sure that if exception is raised, it is caught, something is returned with at least some amount of information given. If exception is not caught, return 204.
So I go to the application, I create a new project, try to delete it and error 500 with nothing in Networking appears.
Next step is trying things locally. I start local server using python manage.py runserver. This doesn't go through docker because redis and celery are not used for this feature. I create a new project, try to delete it and console logs writes 204, which means it passed.
I start docker. Repeat process. Everything works, 204 is returned.
Next I check docker logs of deployed application. This is where it starts to be really weird. Backend logs show 204 as it did locally. Frontend logs show 204 as well. However, client (ie browser) in networking displays error 500.
From searching I concluded that the bug happens somewhere between Frontend and client.
My questions are:
any idea why is this happening
where should I look next in order to catch a bug
So the whole application works as expected except for this feature.
Thanks.
I am seeing an odd intermittent authorization failure on publish. My publisher is running on App Engine Standard (Python). Because of that, I am using the "old" python client library. So the code looks like this:
from googleapiclient.discovery import build
build('pubsub','v1').projects().topics().publish(topic=topic,body=body).execute()
This works just fine. The identity gets picked up and everything is authenticated. However, again intermittently, it will stop working and I get 403 forbidden errors. Then later it will start working again (even with the same topic and body). In the meantime, no code changes, no deployments.
I have had to wrap the publish to catch this error, throw it on a task queue and have the request repeat with decaying frequency until it finally starts working again a few hours later. This is OK in the very short term, but obviously this will not work for us.
To summarize, this is on the publish side, GAE Standard ... it works, then stops working, then works again.
Thanks for any insight or help.
It turns out, of course, that in fact there were deployments when I wasn't aware. So I thought, "no code change - no deployments", but there were deployments. And the issue was that the person making these deployments had an old library (or other dependency) for google_api_python_client. Once corrected, pubsub is working just fine.
The specific action we are trying to performe is to create a charge request with Stripe:
Charge charge = Charge.create(params);
Using Stripe's Java implementation (version 5.35.1) we encounter a APIConnectionException when running the application on the deployed App Engine server. Interestingly, the issue does not occur using App Engine's local dev server.
We contacted Stripe and they said everything is fine on their side. They explained that "this error indicates that your server is not able to contact our API and that it ends up timing out waiting for an answer. Usually, this is due to something misconfigured on your server such as a DNS not redirecting to Stripe properly."
We were wondering if there are some configuration settings on App Engine which cause the problem. However, since there is no specific error message we cound not figure out what might cause the connection problem.
Similar problems which did not provide enough help to resolve this issue: https://issuetracker.google.com/35901039
Thanks for your help!
The problem seems to have solved itself. It occured for a couple of days and since a few hours the exact same code is working fine. Just like in https://issuetracker.google.com/issues/35901039 the problem is suddenly gone for some reason.
I've deployed an app using googles cloud compute engine service.
I get an error when I try to register a new user:
We're sorry, but something went wrong. If you are the application owner check the logs for more information.
I'm in the logs section of the google cloud console and it has all sorts of random logs I can look at but I cant find where the errors that the app coding itself caused caused are put, e.g. I'm sure its a mail configuration problem that is causing the error message for new registered users but I cant fix the problem until I find out what the actual error is.
Where exactly are actual app errors put, because they aren't displayed on the page the like in production on my local computer. (I'm using a rails app if that makes a difference to anything)
All errors are logged in the logging section, try applying filters or sorting the logs by date. Sometimes they take a little while to appear.
Well, I'm having a weird error here:
I'm developing one GAE app to read some Twitter Data, and after read a lot of docs, I have it working on my test server (Running on my pc) but after deploy and test on the real (my appspot domain) it shows this message:
401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or >incorrect. Ensure that you have set valid consumer key/secret, access token/secret, and the >system clock is in sync.
message - Could not authenticate you
code - 32
I've tried to recreate my OAuthAppToken and OAuthAppTokenSecret keys, even changing the permissions to "Write, Read and Direct Messages" and even assingning one Callback URL but nothing seems to work...
I've tried using twitter4j.properties OR using setOAuthConsumer(TW_CONSUMER_KEY, TW_CONSUMER_SECRET) OR a ConfigurationBuilder whith the correct constants and I'm experimenting the same Issue.
I'm working with AppEngine 1.8.3 and Twitter4j 3.0.4
Iv'e been writing on log and the Twitter object seems to be well created... I dont understand why is working on my PC but not on the real app.
On some other post someone says that could be because it needs to use Sync clock.. but he doesn't explains where to change that property...
Did someone had a clue?
Ok, the problem was me (and Twitter.... well..... I really think it was Twitter problem for being so dark on his api messages)...
On testing server I was looking for an existing account and on the cloud I was looking for an inexistent one. So, It was my mistake. But seriously, what about Twitter saying: "Access Forbidden"? That doesn't have any sense...