Cloud data fusion Permission denied due to datastream.connectionProfiles.discover - google-cloud-dataproc

I am trying to create a cloud data fusion replication job from oracle to bigquery. Receiving the below error.
Failed to connect to the database due to below error :
io.grpc.StatusRuntimeException: PERMISSION_DENIED: Permission
'datastream.connectionProfiles.discover' denied on
'projects/<>/locations/us-central1/connectionProfiles'
Following the steps mentioned in the official google documentation.
I was able to grant the Datastream Admin role to the dataproc service account.
The cloud data fusion service account is not available in this project's IAM page. Not sure how to assign "Datastream Admin role" to the data fusion service account.
Any help is appreciated..

Found it we assign roles by the above way.

Related

AzCopy Blob Storage List Containers Permission Denied

I'm using RBAC to perform a blob copy operation: the service principal which azcopy is logged in as has the Storage Blob Data Contributor role for my subscription (listed as a requirement here)... however, I get a permission denied exception as follows:
As you can see, the failing operation is to list the storage account containers (line 68 and 74)
I appreciate this isn't easy to debug without further info... but I'm pretty stumped, so if anyone has had a similar issue, I'd be very grateful for any observations/past experiences :)
Edit: please note that azcopy reports successful authentication:
INFO: SPN Auth via secret succeeded.
INFO: Scanning...
INFO: Authenticating to destination using Azure AD
INFO: Authenticating to source using Azure AD
Found this in the API docs:
Now, what's interesting here is that my service principal already had Owner permission on the subscription (infra pipeline stands up resources and assigns permissions etc.) - so I initially discounted this from being the issue... then, on a hunch, I assigned the Storage Blob Data Owner role directly on the storage account... and Voila - it worked!!

Google Cloud Composer Environment Setup Error: Connect to Google Cloud Storage

I am trying to create an environment in Google Cloud Composer. Link here
When creating the environment from scratch and selecting all the default fields, the following error appears:
CREATE operation on this environment failed 22 hours ago with the following error message:
CREATE operation failed. Composer Agent failed with: Cloud Storage Assertions Failed: Unable to write to GCS bucket.
GCS bucket write check failed.
I then created a google cloud storage bucket within the same project to see if that would help and the same error still appears.
Has anyone been able successfully create a Google Cloud Composer environment and if so please provide guidance on why this error message continues to appear?
Update: Need to update permissions to allow access it seems like. Here is a screenshot of my permissions page but not editable.
It seems like you haven't given the required IAM policies to the service account. I would advise you to read more about the IAM policies on Google Cloud here
When it comes to the permissions of the bucket, there are permissions like the Storage Object Admin that might fit your needs.

NodeRED bluemix/IBM Cloud starter installation fails with IAM error

The installation of the NodeRED bluemix/IBM Cloud starter application fails with an IAM error message complaining about insufficient rights:
FAILED
Server error, status code: 502, error code: 10001, message: Service broker error: You do not have the required permission to create an instance. You must be assigned the IAM Editor role or higher. Contact the account owner to update your access.
Does anybody know how to fix this issue?
Looks like you don’t have proper IAM access permission. If you are the owner of the account, you can set the required permissions following the steps in this link .If you are not the owner ask the account owner for the permissions.
For best practices, refer this solution tutorial
The issue was actually related to the fact that the bluemix starter application tries to create a lite plan instance of cloudant. In my case, that was not possible because there already was such an instance and you are allowed only one per CF organization.
The solution was to patch the pipeline.yml to create a standard plan instance:
cf create-service cloudantNoSQLDB Standard "${CLOUDANT_NAME}"

Error Uploading CSV to Google Cloud Storage through Cloud SQL API

I have some data in Google Cloud SQL, which I am trying to transfer to Google Cloud Storage using Cloud SQL API(beta) (export) function. For this, I have installed jupyter notebook on google compute engine and I am running the python code (to connect to cloud sql API and export the date to cloud storage in a csv file) on that.
The python code does not throw any error and also there is no error body in API response. However, the API's response says "u'status': u'PENDING'" and I see the following error (in logs of Cloud SQL Dashboard) :
error uploading CSV file to GCS: gs://[BUCKET_NAME]/[FILE_NAME].csv: Access denied for account [SERVICE_ACCOUNT_NAME]#speckle-umbrella-11.iam.gserviceaccount.com (permission issue?)
How do I ensure I have all the relevant access for the account ([SERVICE_ACCOUNT_NAME]#speckle-umbrella-11.iam.gserviceaccount.com) ? I am unable to locate this account or give myself access to this .
By default Google Compute Engine instances have read only scope for Google Cloud Storage.
You should confirm that the Google Compute Engine instance scope is set to read/write.
You need to grant the Cloud SQL instance service account access to your bucket. Visit the export documentation and click the GCLOUD (2ND GEN) tab which will show you the commands you need to use.
The command to grant the service account access to the bucket is
gsutil acl ch -u [SERVICE_ACCOUNT_ADDRESS]:W gs://[BUCKET_NAME]

Unable to create Kubernetes Cluster on IBM Bluemix

I have been trying to create a Kubernetes Cluster with my Bluemix account owner but always getting the following error upon creation:
IBM Cloud Infrastructure exception: Your account is currently prohibited from order 'Computing Instances'.
Any idea what the issue is? There seems to be no direct way to getting support from Public Bluemix to address this issue. We opened a ticket but it has not been addressed.
You should contact IBM Bluemix Support for this kind of question. Before you login to the Bluemix Console, there is a Support link.
From the look of the exception. It seen like you are trying to create a "second" kubernetes cluster. If this is what you are trying to do, you will need a SoftLayer account; or your ID in your SoftLayer account is not setup properly.
You need admin rights to create clusters in Bluemix. Just makes sure that you get the admin status and it should work for you. The normal permissions granted to you are that of an user. Hope this helps