When using the GCloud CLI to create the service accounts and keys I get the following error
2018/02/24 22:32:35 New connection for "moodle-proj-10:europe-west2:mysqlinst10"
2018/02/24 22:32:35 couldn't connect to "moodle-proj-10:europe-west2:mysqlinst10": ensure that the account has access to "moodle-proj-10:europe-west2:mysqlinst10" (and make sure there's no typo in that name). Error during createEphemeral for moodle-proj-10:europe-west2:mysqlinst10: googleapi: Error 403: The client is not authorized to make this request., notAuthorized
When I delete the service accounts and corresponding keys are re-create it using the console, the error changes to the error below
2018/02/24 23:21:25 couldn't connect to "moodle-proj-10:europe-west2:mysqlinst10": Post https://www.googleapis.com/sql/v1beta4/projects/moodle-proj-10/instances/mysqlinst10/createEphemeral?alt=json: oauth2: cannot fetch token: 400 Bad Request
Response: {
"error" : "invalid_grant",
"error_description" : "Invalid JWT Signature."
}
Has anyone experienced this?
I had this problem when I followed the command line instructions in this help article
Solution is to delete the original service account and create a new one in the console using this help article.
Related
I am following this tutorial (https://courses.cognitiveclass.ai/courses/course-v1:IBMDeveloperSkillsNetwork+DW0101EN+v1/course/) for machine learning.
In lab 3, I am trying to create predictions in Node-RED. However, to link these I need WML credentials (API key and instance ID). Since, there is no longer a credentials tab in the UI on IBM Cloud I have tried to create the credentials following steps here
https://dataplatform.cloud.ibm.com/docs/content/wsj/analyze-data/ml-authentication.html
This creates an API key but there is no associated instance ID that I can find.
I also tried creating them programmatically following
https://dataplatform.cloud.ibm.com/docs/content/wsj/analyze-data/ml-get-wml-credentials.html?linkInPage=true
but I get the following error
FAILED
Error response from server. Status code: 400; description: 400 Service Broker returned error status code 400.
Is anyone else facing the same issue and know how to resolve it?
Im new to HashiCorp Vault and im Doing the tutorials one by one by far i have cleared installing vault and setting up the server.. I even learnt to create a secret, no problems. Im facing an issue in secret engines.. When i type the command "vault secrets enable -path=kv kv" im getting an error saying "Error enabling: Error making API request.
URL: POST http://127.0.0.1:8200/v1/sys/mounts/kv
Code: 403. Errors:
permission denied"
Can anyone pls help me..
Vault denies access to its API endpoints by default. In order to use /sys/mounts/kv, you'll need to supply the X-Vault-Token header to your HTTP request, and that token must have sufficient permissions at the sys/mounts/kv path.
https://www.vaultproject.io/api-docs/system/mounts#enable-secrets-engine
I have been trying to fetch DB access history using "dbAccessHistory" api but getting the following error :
03-23-2020 06:34:34.201 +0000 ERROR ExecProcessor - message from
"python xxxxx/rest_ta/bin/rest.py" HTTP Request error: 401 Client
Error: Unauthorized
API documentation : https://docs.atlas.mongodb.com/reference/api/access-tracking-get-database-history-clustername/
Please let me know why is the permission error happening.
You may not be including the programmatic keys in your request. I've written a small Python package for test access to a cluster. Install that and try the command:
atlascli --privatekey <your private key>--publickey <your public key> --list
This will list your cluster resources if you have connectivity. Make sure to configure the
API white-list. This is different from the white-list for driver connections.
Created a service account with 1 role : Pub/Sub Publisher.
trying to publish a message to a topic I get :
{ message: 'User not authorized to perform this action.',
domain: 'global',
reason: 'forbidden' }
when using a project-owner service account I succeed in publishing the message.
tried using both google-cloud and googleapis node packages and with both I faced the same behaviour.
What am I doing wrong?
Thanks.
When I went to the specific topic -> permissions , I saw the service account appear as inherit permission , I then added the service account's client_email specifically with the same role (pub/sub publisher) and saw the inherited changed to "mixed" , tried again and succeeded.
I'm getting a not authorized when accessing one of the clusters I created. I can't even delete it.
Error from server at https://gateway.watsonplatform.net/retrieve-and-rank/api/v1/solr_clusters/sc7eb72dcd_f6c6_4608_a9d4_4a406c0bbc2d/solr:
WRRCSH004: Service [9643ff04-1fb4-4c73-b73b-bdf7fea1975a] is not
authorized for cluster [sc7eb72dcd_f6c6_4608_a9d4_4a406c0bbc2d]!
I even tried deleting it from the UI:
How can I request to get it deleted for me?
If you need someone to delete it for you, please open a ticket for Bluemix Support using this URL: http://ibm.biz/bluemixsupport