I am trying to run a python code to create feature store. When I am running I am getting Bigquery.jobs.create permission error. I checked the permissions for my account with gcloud iam roles describe roles/viewer and Bigquery permissions are there.
Now, what mistake I am making and how can I solve this error.
It seems that you need to create BigQuery job. At least the account you are using should have "BigQuery Job User" role.
All the required permissions and roles are mentioned here.
roles/bigquery.user
roles/bigquery.jobUser
roles/bigquery.admin
Click here to go to official documentation page mentioning the above for revised roles/permissions.
Related
guys. I am trying to use MSAL python library to get user roles for an application I already regigered in Azure Active Directory. Please give me enlight me how to get it done in Python code. Thank you!
I figured it out. I followed this post and eventually I foud roles in the id token claims. All I need to do is that I must incloude Groups claim in the token, by changing the application manifest.
I'm unable to create an IBM Cloud action. I have no idea why.
My IBM data that I get in console is as follows:
API endpoint: https://api.eu-gb.bluemix.net
Region: eu-gb
User: my-name#my-company.com
Account: My Name's Account (12fcae9b137946b8bbfe481448612345)
Resource group: Default
CF API endpoint: https://api.eu-gb.bluemix.net (API version: 2.92.0)
Org: my-org
Space: dev
That look fine to me.
When I execute the test action as the docs says here as follows:
ibmcloud wsk action invoke whisk.system/utils/echo -p message hello --result
I get correct result:
{
"message": "hello"
}
But I'm not able to create my own actions.
The folder looks as follows:
Thus there is .zip file that I created with
zip -r as24-crawler.zip virtualenv commmon.py __main__.py
And now when I try to create an action as the docs says here with
ibmcloud wsk action create my-action-name --kind python:3 as24-crawler.zip
I got an error as follows:
error: Unable to create action 'my-action-name': The connection
failed, or timed out. (HTTP status code 413)
Any idea what am I doing wrong?
UPDATE
Is the file size to big? I'm not sure. The error message is not clear but the meaning could be that the file to big is.
They say in the docs that the limit is 48MB. But my created .zip file is 43.6MB. Thus I assume that that not the problem is.
I am one of the guys responsible for IBM Cloud Functions.
We have been looking into this issue and must admit that this is a bug (causing zip files to be rejected even if the are smaller than the documented 48MB limit); we are already working on a fix to get this resolved asap.
In the meantime you may want to have a look at the workaround (which allows you to "outsource" some of your dependencies etc.) described here:
http://jamesthom.as/blog/2017/08/04/large-applications-on-openwhisk/
I hope this helps - feel free to contact me (e.g. via Linkedin/Twitter, see my profile information) directly in case you have further questions or in case you want to discuss anything else.
Thanks for having found and reported this issue and sorry for inconvenience.
it seems according to the return code '413' the provided data used to create the action is too large. To get an indication about the system limits you might want to check IBM Cloud Functions documentation here: https://console.bluemix.net/docs/openwhisk/openwhisk_reference.html#openwhisk_syslimits.
I'm trying to get the User Owner of any particular AWS resource, be it instance, volume, security group etc..
I searched but could not find any helpful information apart from this
Link,
This is what I found closer [The answer suggests we can get the user who created an instance] to what I'm looking for but still couldn't use it as the code mentioned is not complete.
If I consider the code from above mentioned post's answer, the following line
ct_conn = sess.client(service_name='cloudtrail',region_name='us-east-1')
is mentioned without defining the "sess".
AWS will not records any AWS user activities info unless you setup Cloudtrail and send those info to S3 repository.
I am trying to transfer a Google Doc that currently belongs to me and move it to the root of another user's Google Drive. Both account are in the same domain and I'm using a Service Account to access all users.
At first I tried doing this by modifying the permissions. This would give the second user access to the file but it would not place it into the root of their drive or anywhere else. If the user wanted to see it they would have to do a search.
I then found some information that mentioned using the patch method of the files service to change the metadata of the file and thus initiate the transfer, but this hasn't worked.
The only thing I have for certain are the ID's of the root folders belonging to myself and the user I want to transfer the files to. Here's what I tried to do but failed.
# Note: "service" is the connection to the domain service account
service.files().patch(fileId='FILE_ID_GOES_HERE',
body={'parents':[{'isRoot':True,'kind':'drive#parentReference','id':'user_two_root_folder_id'}]},
removeParents=['user_one_root_folder_id'],
addParents=['user_two_root_folder_id'])
I can't tell if anything is wrong because I'm not getting any error messages.
Any ideas as to how to go about this would be greatly appreciated.
OK, I figured it out. It looks like I was just using the wrong API. You have to first insert the new permission then you have to delete the old permission. This will send the file to the root of the new user's Drive.
# Insert new permission first
new_permission = {
'value': 'email_of_new_owner#mydomain.com',
'type': 'user',
'role': 'owner'
}
run_new_permission = service.permissions().insert(fileId='FILE_ID_GOES_HERE',body=new_permission).execute()
# Then delete old permission
service.permissions().delete(fileId='FILE_ID_GOES_HERE', permissionId='PERMISSION_ID_GOES_HERE').execute()
Does it return any kind of error?
I don't think you can "move" the file like that. Try file.insert to his drive then delete from your own.
I have never heard of anyone trying to patch the location of a file to someone else. TBH I can't see how that could work, because you would have to have service authenticated with both your account and his account which is not possible. Even though as you say you are using a service account with access to both account, I seriously drought that the API can support this.
You will need to do this in two steps, insert -> to him Delete -> from you
Update: I just heard from a colleague who is a Google Drive expert, he said he thought it was broken (patching location). He did a quick test and verified this is a broken feature. All it returns is 403 - insufficient permissions
I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require no login whatsover to create the calendar post.
Using OAuth2 I have gotten the actual form and post-creation to work as I want but only when I'm signed in.
This is what I'm doing now, I have:
One registered app, let's call it form-app(.appspot.com)
One Google account, let's call it form-app-admin(#gmail.com) This account owns the Google Calendar that the posts are going in.
One API Project owned by form-app-admin
I have used these and the google-api-python-client library (with its oauth2decorator) as in the Google App Engine-example so when I'm logged in as form-app-admin and surf onto form-app.appspot.com everything works exactly as I want it to but if I am not logged in as form-app-admin, naturally, it doesn't.
So what I would like to do is to kind of grant this permission to write to form-app-admin's primary calendar to the actual app rather than the user currently using the app. Or is there a better way?
The only premises is that anyone (logged into gmail or not) should be able to fill out the form and thus creating a post in some google calendar.
Naturally I would be very thankful if anyone happened to have the appropriate python code to achieve this but primarily I want help figuring out how to go about this since I have very little experience with auth-related stuff.
Thank you for your time!
/Tottish
What you want is the App Identity API. That page shows examples of how to use the API to assert identity to Google APIs.