No resource group found in IBMCloud - ibm-cloud

I see that, I do not have the Default Resource Group associated to my IBMCloud account. Because of this I can't any resource to my account
When I run command for Viewing resources in a resource group, this is what I see:
PS C:\Users\SURANJANNANDI> ibmcloud resource service-instances -g Default
Retrieving instances with type service_instance in resource group Default in all locations under account Suranjan Nandi's Account as surnandi#in.ibm.com...
FAILED No resource group found
Did anybody have similar issues? Please advise how to fix this.

Try the command: ibmcloud resource groups
Or in the ibm cloud console, https://cloud.ibm.com/, check out the Manage > Account at the top. Click Resource groups on the left and see the list of possible resource groups.

I had this issue. The only way I could have Watson Studio working was through signing up with a new account in the Data Pak portal. There you may also manage your account (which didn't work for me, but may work for you).

Related

Unable To Edit Domain in Cloud DNS

We are using Enterprise GSuite along with Cloud DNS.
We have domains on Cloud DNS and while I can edit other ones, I'm unable to edit one.
Edit as in been able remove unused records but can change values.
I'm logged in with GSuite Admin and GCP project owner email address.
Not sure what could be the issue and need an input/suggestion on what might be the reason and potential solution.
Thanks.
This could happen when DNS zones belong to different projects. In this case, having a Project Owner role is not enough. Project Owner can manage or view the managed zones in the specific project.
To manage zones across projects, you need the DNS Administrator role.
To check roles granted to a particular account, you can use the following command:
$ gcloud projects get-iam-policy <PROJECT> --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:<ACCOUNT>"
Cloud DNS > Doc > Access Control
Cloud IAM > Doc > Understanding roles > Predefined Roles > DNS roles
Cloud DNS > Doc > Overview > Access control
No it wasn't a permission issue as we often religiously define each role following best practices.
The problem was that I was looking for the right solution in the wrong place.
When I select the records in the console, I will be or was looking at the top option which is "DELETE ZONE".
google DNS console UI
I should have been looking at the "Add record set" or "Delete record set" area.
Anyway, the UI should have been more intuitive but I should have been paid more attention. Thanks for your input though.

Is it possible somehow to update/change the Default resource group using ibmcloud cli?

I have searched through ibmcloud cli documentation, but could not find a way, if possible, to update the Default resource group which is automatically set when we create an account on IBM Cloud (https://cloud.ibm.com).
Just want to make sure that this is possible or not.
Thanks!
Yes, you can do it via the ibmcloud cli command after logging in
ibmcloud target -g RESOURCE_GROUP
You can also use -g flag with ibmcloud login command, check this documentation link
As #Vidyasangar mentioned, ibmcloud target -g RESOURCE_GROUP_ID will set the target resource group for your current CLI session.
If you want to create / manage resource groups, you should do so under the ibmcloud resource command (abbreviated):
NAME:
ibmcloud resource - Manage resource groups and resources
USAGE:
ibmcloud resource command [arguments...] [command options]
COMMANDS:
...
group Show details of a resource group
group-create Create a resource group
group-delete Delete an existing resource group
group-update Update an existing resource group
groups List resource groups
...
I hope this helps.

Don't have a default resource group in IBM Cloud

I am using a lite account, where there should be a default resource group.
However, there is nothing in manage > resource groups.
Definitely, I can not create a new one in a lite account.
How can I solve this problem?
By the way, I have verified IBM account by email

Can't create resource group in lite account

For some reason I cannot create a resource group for IBM cloud. The error says I can only create one resource group in a lite account. But unfortunately I do not have any group in there
Could someone give some advice how I should deal with that challenge?
When you open and activate your account, a resource group named "default" is created automatically. You cannot create another one while on lite/free plan. You would need to upgrade.
You can verify the default resource group under : Manage -> Account -> Resource groups

Cloud composer: "PERMISSION_DENIED: The caller does not have permission"

I implemented a few tasks with BashOperator. Ones with "gsutil rm" and "gsutil cp" worked fine. But one with "gcloud alpha firestore export" generates this error:
{bash_operator.py:101} INFO - ERROR: (gcloud.alpha.firestore.export) PERMISSION_DENIED: The caller does not have permission
This command itself works fine in gcloud shell. I tried to give some Firestore related permissions to the service account used by the Composer but it still doesn't work. Any idea
It might be that you don't have permissions for a particular project.
The error I was getting was: PERMISSION_DENIED: Caller does not have required permission to use project project:random-id-11111.
The way I resolved it was by running gcloud config set project 'the-right-project-id' and then the actual gcloud command.
I think you need Cloud Datastore Import Export access. Following are the steps as per current Current Google Cloud platform layout.
https://console.cloud.google.com > Left drawer > IAM & admin > Against user - Edit Icon > Add another role > Data Store > Cloud Datastore Import & Export > Save
Try creating a new service account with the Firestore-related permissions needed and using that on a freshly created environment. https://cloud.google.com/composer/docs/how-to/access-control
Other debugging ideas: * Try ssh-ing into the Kubernetes workers on your Composer environment and running the command. *Is the Firestore API enabled on your project?
Open https://console.cloud.google.com/iam-admin/iam
Find the service account you're using for the backups
Add the Owner role to the service account
It's not really intuitive or logic because there are not permissions or roles for Firestore.
Unfortunately it took me way to long to figure it out. I hope it helps others!
Similar to Roy's answer, the issue for me was that gcloud was set to a different project.
check which project it is set to
gcloud config list
list which projects you have access to
gcloud projects list
set the correct project
gcloud config set project 'foo-project'
Grant firebase admin role to the default service account that your service is using.
Adding Owner role to the service account seems too much privilege for just taking backup.
In IAM & Admin make sure your #appspot.gserviceaccount.com must have access for 3 things:
Cloud Functions Admin
Cloud Datastore Import Export Admin
Storage Admin
you need to set your project first where you are owner
gcloud config set project project-id
You can find your project id by clicking on gcloud console it will be there in popup in project-name-somerandomnumbers
I got caught out on this today. The issue was that I had set up my service account correctly in the IAM settings, but hadn't realised an invitation had been sent to that email address which I needed to accept. Worked immediately once I accepted the invite.