when I want to run ./gcp.sh instance_up in google cloud shell says:
Creating a DNS zone myzone with suffix example.com for the network...
<
ERROR: (gcloud.dns.managed-zones.create) User
[OWNER_GMAIL] does not have permission to access
projects instance [hyper-123] (or it may not exist): Forbidden
I also added these roles to owner gmail but not work.
Related
I'm building a DAG that would upload files to Google Drive at the end, utilizing Airflow's GoogleDriveHook. As this is executed using a service account, I use my email as the delegate_to parameter, and enabled domain-wide delegation beforehand. Scope for the email is https://www.googleapis.com/auth/drive.file.
DAG would run just fine if the connection's scope is just that, however, since I use the same Airflow connection for other DAGs that utilizes other GCP services, I would have to use multiple scopes for that aforementioned connection.
For some reason, it would fail during upload on multiple scopes, spewing out:
google.auth.exceptions.RefreshError: ('unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.', '{\n "error": "unauthorized_client",\n "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."\n}')
Though having multiple Airflow connections is not much of a deal-breaker, I guess at this point I'm just curious to why this happens (Airflow 1.10.9)?
I use my email as the delegate_to parameter
Did you use a gsuite domain email?
Did you set up domain wide delegation in GSuite?
Delegate to only works with Gsuite domain emails.
If you want the service account to be able to access you personal non g suite google account. Then you will need to share a directory on your persona drive account and grant the service account access to that directory like you would any other user by sharing the directory with it.
Once files are uploaded they will be owned by the service account you will then need to ensure to insert permissions for that file so that your personal account will then have access to the files.
I want to connect to a network share path '\domainname\folder-name' using domain account, without passing credentials, through my VB6 code.
My legacy VB6 application service (running on server A) currently accesses shared folder (on server B) using local account credentials(stored in encrypted .ini file). This service is running on behalf of 'LocalSystem'.
application is using 'WNetUseConnection' API to connect to shared folder.
To ensure security local account needs to be replaced by 'domain account' and password policy should be CyberArk dynamic password.
Now this credentials can't be stored in .ini file anymore. The idea that I am working on is to get service running on behalf of 'domain account' rather 'LocalSystem'. My thought is if i make service run on behalf of 'domain account, and give relevant permissions to this account on shared folder. Shared path should be accessible to service without providing credentials.
I need help to understand which API shall I use.
The API(s) you'll need for this is WNetAddConnection.
See this example.
I have a spring-boot application to upload and delete a file in Amazon-S3 bucket.
The project is working fine on Windows but when I am trying to upload anything using curl command in linux through putty, it's giving me the access denied exception.
The exception given is :
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied
The screenshot :
You probably didn't setup your AWS credentials for your Linux.
The instructions are here
just make sure your have your aws_access_key_id and aws_secret_access_key
Can you check your using IAM credential and S3 policy setting ?
Credential
Regardless of platforms, it's necessary to use credentials (access key id & secret access key). Please check credential files have same access key id.
S3 policy
S3 policy can handle deny/allow access according to credentials or IP addresses. Do you configure such policy ?
I am getting the error while using google authentication in my web app, everything was working fine but suddenly it started showing the error "Permission denied to generate login hint for target domain." when I am trying to login to my web app.
I am hosting the web app in AWS EC2 instance and I have configured the ec2 public DNS name in my google API manager.
Any help will be much appreciated.
When you set up OAuth for your application, you will need a DNS name that refers to your instance's IP address. You can use the xip.io service to get one; this is a public service offered for free by Basecamp. For instance, the DNS name can be 54.84.49.254.xip.io.
Using a server application with C#, how is it supposed to work when accessing users in the same domain if the authentication is only possible using:
OAuth2Authenticator interface?
I'm able to access the admin of the domain's Drive, but I'm missing the 3 legged OAuth in 2.0.
Looking at this description found at this link: https://developers.google.com/drive/delegation
Since this is not executed as a Service, and is not using Google Apps and cannot then
access: https://www.google.com/a/cpanel/mydomain
Also the IP is not known from where the machine running the server-application.
Currently I'm using: "Client ID for installed applications", and it works. But what I need is to also store files in other users in the same domain.
A other solution that works temporarily is to first store them at the admin domain account and then move them to the user domain account. But this removes the possibility to direct it to a parent/folder at the end user's drive. It will always be stored in root for that end user.
Basically what I want is following:
A Server application is running on a local machine (admin domain account can be used)
The application upload files to different users that are in the same domain, but with their own email address and also then have their own Drive.
Yes, you can do that through 2 legged oauth, which can provide domain-wide authorization.
Here are some links for your reference:
https://developers.google.com/gdata/docs/auth/oauth#2LeggedOAuth
http://support.google.com/a/bin/answer.py?hl=en&answer=2538798