Unable to activate a Service in a Project using BIM 360 APIs - autodesk-bim360

Question:
After adding a new BIM 360 Docs project using the API, how do I activate it for Document Management using the APIs? Following online tutorial does not yield expected results.
Background:
I was trying to follow a tutorial to create a BIM 360 Docs project and activate it for Document Management, as it's listed here. Project creation itself is a breeze, however the step required to activate a service does not work as outlined.
Here are my individual steps:
Create BIM 360 Project with HTTP POST https://{{ForgeURL}}/hq/v1/accounts/{{AccountId}}/projects
Created project information is returned in the response, including new project id and status, which is pending.
Attempt to add project admin and activate a service as outlined here
i. Add Project Admin - Method 1 - Documentation here lists endpoint capable of adding a project admin to a specific BIM 360 project and service type.
HTTP POST https://{{ForgeURL}}/hq/v1/accounts/{{AccountId}}/projects/{{BIM360ProjectId}}/users
{
"role":"project_admin",
"service_type":"doc_manager",
"company_id":"{{BIM360CompanyId}}",
"email":"user#email.com"
}
Response: HTTP 404 Not Found
{
"code": 1004,
"message": "this project doesn't exist."
}
ii. Add Project Admin - Method 2 - Documentation here lists endpoint capable of adding users (project admin and project user) to a project.
HTTP POST https://{{ForgeURL}}/hq/v2/accounts/{{AccountId}}/projects/{{BIM360ProjectId}}/users/import
[
{
"email": "user#email.com",
"services": {
"document_management": {
"access_level": "admin"
},
"project_administration": {
"access_level": "admin"
}
},
"company_id": "{{BIM360CompanyId}}",
"industry_roles": []
}
]
Response: HTTP 200 OK, but... it's a failure
{
"failure": 1,
"success": 0,
"success_items": [],
"failure_items": [
{
"email": "user#email.com",
"services": {
"document_management": {
"access_level": "admin"
},
"project_administration": {
"access_level": "admin"
}
},
"company_id": "716a5472-a69c-4c07-aa0c-9e54e98ff28f",
"industry_roles": [],
"errors": [
{
"message": "Services [\"document_management\"] are not active or pending in project",
"code": 2000
}
],
"project_id": "1b6f2179-8f2f-4fa7-907b-901aee7224be",
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
]
}
One can see that it complains about Services [\"document_management\"] are not active or pending in project. project_administration had to be included, otherwise it would have also complained about service project_administration required if any access_level is set as admin.
However, I can see the project using BIM 360 Docs web app Account Admin though as Inactive.
Attempt to activate a project using HTTP PATCH https://{{ForgeURL}}/hq/v1/accounts/{{AccountId}}/projects/{{BIM360ProjectId}} returns
{
"code": 1001,
"message": "You cannot change the status of a project that has no project admin."
}
iii. Add Project Admin - Method 3 - Documentation here lists endpoint capable of updating a user’s profile for a project, including the user’s access level for the project (admin or user).
HTTP PATCH https://{{ForgeURL}}/hq/v2/accounts/{{AccountId}}/projects/{{BIM360ProjectId}}/users/{{BIM360UserId}}
{
"services": {
"document_management": {
"access_level": "user"
}
},
"company_id": "{{BIM360CompanyId}}"
}
Response: HTTP 200 OK, but it's a failure
{
"account_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"project_id": "1b6f2179-8f2f-4fa7-907b-901aee7224be",
"error": [
{
"message": "User does not exist in project",
"code": 2000
},
{
"message": "Services [\"document_management\"] are not active or pending in project",
"code": 2000
}
]
}
Long story short, I am unable to add project admin using any of the methods available.
What's more, when I add a Project Administrator there using Project Admin \ Services \ Document Management section the project status turns into Active and I am suddenly able to activate a service as outlined here.

The endpoint documentation has incorrect information pointing to payload containing
"service_types": "field"
creating a BIM 360 project with the project information that is accessible and available for all BIM 360 services, which is not what happens. One has to explicitly specify service type, e.g.
"service_types": "doc_manager"
or according to this documentation
If nothing specified, the project will be created for all the enabled
services in the account.
This allows to add a project admin using a Method 1 outlined in my question.

Related

"Permission 'logging.logEntries.create' denied on resource (or it may not exist)." error when trying to log to GCP using Flutter

I'm trying to have my Flutter app log to a specific google cloud project's log bucket instead of the developer console. I'm running into a Permission 'logging.logEntries.create' denied on resource (or it may not exist). when I run the code. How can I fix this? The dart code for posting the log is below.
final logEntry = {
"jsonPayload": {
"message": {
"test": "entry",
"test 2": "entry 2",
},
},
"logName": logName,
"resource": {
"type": "global",
"labels": {
"project_id": projectId,
},
}
};
final url = "https://logging.googleapis.com/v2/entries:write";
http.Response response = await http.post(
Uri.parse(url),
headers: {
HttpHeaders.contentTypeHeader: 'application/json',
"X-goog-api-key": apiKey,
},
body: json.encode(
{
"entries": [logEntry],
},
),
);
The API key I created has no API restrictions, but I did also try restricting it to only use the logging API, but it still has the same error.
You need to give the logging.logEntries.create permission to the Service Account used by your Flutter app.
From the IAM page in Google Cloud console, you will be able to give a role containing the above permission to your Service Account.
If you used a custom role, you can also add directly the logging.logEntries.create permission to this custom role.
As mentioned in the document:
The permission logging.logEntries.create is needed on each project,
organization, billing account, or folder that is receiving new log
entries, whether the resource is specified in logName or in an
individual log entry.
So, you need to give the logging.logEntries.create permission to the Service Account used by your Flutter app.
You can also refer the detailed article on Access control guide.

Create GitHub service connection using azure rest api giving error

I am trying to create GitHub service connection using azure Devops rest api -
In postman I put following Json Body-
{
"name": "release-1",
"type": "github",
"url": "https://github.com",
"authorization": {
"scheme": "PersonalAccessToken",
"parameters": {
"accessToken": "<Github_Personal_Access_Token>"
}
}
}
This Creates service connection but It gives error when I open service connection in UI and try to verify but if I edit and replace with same Github token In UI then it works. seems like its not taking token I am providing in Json body -
I also see information here on this ongoing issue - https://ljvmiranda921.github.io/notebook/2019/12/28/workaround-azure-github-pat/
I want to automate GitHub service connection creation.
How to create GitHub service connection using Azure Devops rest api ?
How to create GitHub service connection using Azure Devops rest api ?
Are you creating this GitHub service connection?
If so, you should use EndPoints-Create API and your Json Body can follow this format:
{
"authorization": {
"scheme": "Token",
"parameters": {"AccessToken": "YourGitHubPAT"}
},
"data": {},
"description": "",
"name": "YourServiceConnectionName",
"serviceEndpointProjectReferences": [{
"description": "",
"name": "YourServiceConnectionName",
"projectReference": {
"id": "YourProjectID",
"name": "YourProjectName"
}
}],
"type": "github",
"url": "https://github.com",
"isShared": false
}
We should enter the value of YourGitHubPAT, YourServiceConnectionName(twice in two points), YourProjectID and YourProjectName with your own values to make the body work. We can get YourProjectID via Projects-List API.
After running that in PostMan, I can verify it successfully without issues. I guess your issue may have something to do with your parameters. Use
"authorization": {
"scheme": "Token",
"parameters": {"AccessToken": "<Github_Personal_Access_Token>"}
},
Instead of
"authorization": {
"scheme": "PersonalAccessToken",
"parameters": {"accessToken": "<Github_Personal_Access_Token>"}
Update about how to enable grant access to all pipelines:
Dislike other elements like Token, Name and Description, Grant Access Permissions to all pipelines option is managed by another API.
API to enable this option:
https://dev.azure.com/{YourOrganizationName}/{YourProjectName}/_apis/pipelines/pipelinePermissions/endpoint/{YourEndPointID}?api-version=5.1-preview.1
Body:
{
"resource": {
"id": "YourEndPointID",
"type": "endpoint",
"name": ""
},
"pipelines": [],
"allPipelines": {
"authorized": true,
"authorizedBy": null,
"authorizedOn": null
}
}
Note: We need to enter EnterPointID in URL and Body. (Twice!)
In PostMan, you should use PATCH method and application/json type. The YourEndPointID is ServiceConnectionID, you can get this value from EndPoints-Create API's response.
So normally to create a service connection with "Grant Access to All..." enabled, we should run Endpoints-Create first and then run the second API to enable this option.
(And this is the same behavior in Web Portal. When we click Verify and Save button in web browser, it actually also calls these two APIs to complete the process.)

S4HC Extensibility: SCBO_AUTHORIZATION/000: You are not authorized to create instance

I developed a side-by-side app using Java + SAP Cloud SDK (Neo). The app adds records to a custom business object.
The app was working fine when I concluded development in February. Now, I need to do some additional improvements, but I can add records anymore.
I am getting the error SCBO_AUTHORIZATION/000 - You are not authorized to create XXXXXXX instance.
I assigned CBO to a business role, the custom communication scenario along with communication arrangement is in place. I tested already the service (metadata) and the user is not locked.
Here´s the error sent back from the backend:
2020 05 27 19:36:55#+00#ERROR#com.sap.cloud.extensibility.services.CockpitServiceImp##PHENRIQUE#https-jsse-nio-8041-exec-8#na#fzrl99axqb#csccapplication2#web#fzrl99axqb#na#na#na#na#Error building up cockpit. com.sap.cloud.sdk.s4hana.datamodel.odata.helper.ODataVdmErrorResultHandler$ErpODataException: The endpoint responded with HTTP error code 400.
You're not authorized to create CSCCOCKPIT instance.
Full error message:
{
"error": {
"code": "SCBO_AUTHORIZATION/000",
"message": {
"lang": "en",
"value": "You\\u0027re not authorized to create CSCCOCKPIT instance."
},
"innererror": {
"application": {
"component_id": "BC-ESI-ESF-GW",
"service_namespace": "/SAP/",
"service_id": "YY1_CSCCOCKPIT_CDS",
"service_version": "0001"
},
"transactionid": "338BDCAE69170270E005EC3E361F2498",
"timestamp": "20200527193655.5607910",
"Error_Resolution": {
"SAP_Transaction": "For backend administrators: use ADT feed reader \\"SAP Gateway Error Log\\" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details",
"SAP_Note": "See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)"
},
"errordetails": [
{
"code": "SCBO_AUTHORIZATION/000",
"message": "You\\u0027re not authorized to create CSCCOCKPIT instance.",
"propertyref": "",
"severity": "error",
"transition": true,
"target": ""
}
]
}
}
}
Could someone give a clue on where could the issue be?
BR,
Pietro
The error happened because all the fields in the custom business object in S/4Hana Cloud were set as "read-only".

How to impersonate the user in Jira add-on to use Jira REST API on behalf of user

I'm looking for help of somebody who knows something about Jira add-ons.
I'm trying to implement Jira add-on with an ability to create issues on behalf of a user.
So, I completed all steps (as I think) leading me to my goal, but I faced a problem with impersonating. When I try to create an issue using Jira REST API, I receive the following error:
{
"error": "Add-on 'com.example.myapp' disallowed to impersonate the user because 'no valid active user exists'"
}
What was done:
Folowing the getting started tutorial I created the add-on descriptor:
{
"name": "Hello World",
"description": "Atlassian Connect app",
"key": "com.example.myapp",
"baseUrl": "https://url.ngrok.io",
"vendor": {
"name": "Example, Inc.",
"url": "http://example.com"
},
"authentication": {
"type": "jwt"
},
"scopes": [
"act_as_user",
"read",
"write",
],
"lifecycle": {
"installed": "/api/created",
},
"apiVersion": 1
}
I also implemented webhook to handle 'installed' callback from add-on like described here. So, when a user installs the add-on the webhook will receive the following object:
{
'key': 'com.example.myapp',
'clientKey': '<client key>',
'oauthClientId': '<OAuth client ID>',
'publicKey': '<public key>',
'sharedSecret': '<shared secret>',
'serverVersion': '100095',
'pluginsVersion': '1.250.0',
'baseUrl': 'https://<user's domain>.atlassian.net',
'productType': 'jira',
'description': 'Description',
'eventType': 'installed'
}
Using this data I generated JWT signed with the shared secret like described in the tutorial. So, my JWT payload includes the following claims:
{
'iss': 'urn:atlassian:connect:clientid:<OAuth client ID>',
'sub': 'urn:atlassian:connect:useraccountid:<client key>',
'tnt': 'https://<user's domain>.atlassian.net',
'iss': '<created at>',
'exp': '<created at + 1 minute>'
}
The next step I performed is access token generation using auth.atlassian.io/oauth2/token endpoint and the following parameters:
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=<my JWT>&scope=ACT_AS_USER READ WRITE
The result of all these actions is an access token witch I can use to perform REST API requests. But the error described above returned every time I try to create Jira issue performing POST [user's domain].atlassian.net/rest/api/2/issue/ with Authorization: Bearer [access_token] header.
What I've noticed is that account ID in installed callback object (clientKey) has 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' (uuid) format. But when I open my account in Jira (account in witch the add-on is installed) I see that the account ID in URL has 'YYYYYY:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' format. I prepended the subject in my JWT payload with YYYYYY part:
'sub': 'urn:atlassian:connect:useraccountid:'YYYYYY:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
and generated a new access token using this JWT. I've used new access token to create an issue and it was successfully created, the reporter of the issue is a user installed my add-on, just like I wished.
Finally, the question is: where can I find that YYYYYY part for my add-on? How to get it automatically? What I've missed following the tutorials? Any help will be appreciated.
Thank you!

Alexa Skill Won't Play My Streaming Audio

I've been banging my head against the wall on this one for 2 days, and will post the resolution in the hopes it helps someone in the past. I created an Alexa skill to stream a radio station, and just couldn't get it to play, even using the sample code. Finally I just hardcoded the values sent down the wire, and it still didn't work. Here's what I was sending:
{
"version": "1.0",
"response": {
"shouldEndSession": 1,
"response": {
"outputSpeech": {
"text": "Playing Somgwriters island",
"type": "PlainText"
},
"directives": [
{
"playBehavior": "REPLACE_ALL",
"audioItem": {
"stream": {
"url": "http://la2-ssd.myautodj.com:8198/stream.mp3",
"token": "",
"offsetInMilliseconds": 0
}
},
"type": "AudioPlayer.Play"
}
],
"reprompt": {},
"card": {}
}
},
"sessionAttributes": {},
"statusCode": "200"
}
I finally found the cause in their documentation:
audioItem.stream.url:
Identifies the location of audio content at a remote HTTPS location.
The audio file must be hosted at an Internet-accessible HTTPS endpoint. HTTPS is required, and the domain hosting the files must present a valid, trusted SSL certificate. Self-signed certificates cannot be used. Many content hosting services provide this. For example, you could host your files at a service such as Amazon Simple Storage Service (Amazon S3) (an Amazon Web Services offering).