I'm trying to follow this guide https://cloud.google.com/speech/docs/getting-started to call GAE speech to text api through curl. But it doesn't seem to work.
I've setup a project and enabled speech to text api. But then when I try to active the service account it fails. I've run diagnostics, tried different accounts, verified the json file (has email), tried gcloud beta init :-(
bash-3.2$ gcloud auth activate-service-account account#project.iam.gserviceaccount.com --key-file=project.json
ERROR: (gcloud.auth.activate-service-account) Failed to activate the given service account. Please ensure provided key file is valid.
The next step though 'gcloud auth print-access-token' returns a token.
But the final step (curl) returns this -
{
"error": {
"code": 403,
"message": "Google Cloud Speech API has not been used in project google.com:cloudsdktool before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/speech.googleapis.com/overview?project=google.com:cloudsdktool then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/speech.googleapis.com/overview?project=google.com:cloudsdktool"
}
]
}
]
}
}
The problem seems to lie in the project(google.com:cloudsdktool instead of mine) used to authenticate the incoming request.
I'm guessing the call to activate-service-account is causing this?
You are getting the error message for google.com:cloudsdktool project because the command you ran with curl gcloud auth print-access-token was using your user account credentials (created by gcloud auth login) and not service account (as you point out that step failed for you).
The command to activate service account is correct (btw you do not need to provide the account, as one from the file will be used)
$ gcloud auth activate-service-account --key-file=project.json
Make sure your project.json is correct file in the right format format. You can create this json key file either in
in https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=YOUR_PROJECT_NAME
gcloud iam service-accounts keys create, see reference guide.
The file will look like
{
"private_key_id": "....",
"private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
"client_email": "...",
"client_id": "...",
"type": "service_account"
}
Note that client_email will be used for ACCOUNT in activate-service-account command.
Related
I was trying the above api in postman. Here is the request json:
{
"input":{
"text":"Flutter is awesome!"
},
"voice":{
"languageCode":"en-gb",
"name":"en-GB-Standard-A",
"ssmlGender":"FEMALE"
},
"audioConfig":{
"audioEncoding":"MP3"
}
}
for auth, i chose Bearer in postman auth and first executed the following command in my terminal to get the token:
gcloud auth application-default print-access-token
i pasted this token in auth header, and i received the following response :
{
"error": {
"code": 403,
"message": "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the texttospeech.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check https://cloud.google.com/apis/docs/system-parameters.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "SERVICE_DISABLED",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/12345678910",
"service": "texttospeech.googleapis.com"
}
}
]
}
}
I am very new to GCP in general and don't know how to navigate this issue. For additional context, i am trying to make a REST API call where i send the text and get a base64encoded string containig audio back. Any help is appreciated.
This is confusing/complex but the error is helpful:
Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the texttospeech.googleapis.com.
NOTE You can try this method using Google's APIs Explorer at this link
text.synthesize.
The issue is that gcloud is an OAuth2 application and tokens issued by gcloud either using gcloud auth print-[access|identity]-token and gcloud auth application-default print-access-token are issued against a Google-managed project (that Google provides for gcloud) and -- importantly -- not one of your own projects.
Google wants to provide gcloud for its users but does not want to provide arbitrary API access (for free) to its users. Hence the "not supported" part of the error.
The solution (as described) is that you should:
Use (or create) your own Google Project
Enable the Text-to-Speech service (API) in this project
Create a Service Account and key
gcloud auth activate-service-account providing the Service Account key
gcloud auth print-access-token to get an access token to invoke the API
See the following link for the steps:
https://cloud.google.com/text-to-speech/docs/libraries
I've previously developed simple GAS projects that read csv files and inserted them into a BigQuery table and I don't recall using any special authentication since both projects were under my account. However, I'm now getting an error when trying to insert.
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"method": "google.cloud.bigquery.v2.JobService.GetJob",
"service": "bigquery.googleapis.com"
}
}
]
}
}
One difference is that I am now using a personal google account, whereas before I was using a work account, though I haven't seen anything that mentions this distinction for calling BigQuery from GAS.
I've found some blogs that seem to address how to implement an oauth2 auth, but I'm wondering if something has changed in the past ~8months that now necessitates a more explicit auth for BigQuery calls? This doco doesn't mention anything about authenticating - https://developers.google.com/apps-script/advanced/bigquery.
edit:
This was for a csv load/insert job. I remembered that I was previously doing array inserts, and the auth for that job has not changed so I am able to successfully execute those jobs. No idea why the auth is different for a csv-blob job, but hopefully this will save others some time.
The BigQuery API uses OAuth 2.0 access tokens to authorize requests and grant temporary access to the API. In this case, I recommend using a service account to authenticate the API. You can follow these steps to create an account.
If you are using BigQuery client Libraries, you can set up the authentication. If not, you need to follow these steps.
Also, you must have permission to load data into bigquery. You need the following IA permission.
bigquery.tables.create
bigquery.tables.updateData
bigquery.tables.update
bigquery.jobs.create
If you are in cloud storage, you need the following permissions.
storage.objects.get
storage.objects.list (required if you are using a URI wildcard)
I'm trying to create a new project using GCP's API and link it to a billing account.
I have a service account I use to authenticate to GCP, this service account is a part of project1.
This service account has the following permission on the organization level:
Billing Account User
Project Billing Manager
I also tried to give this service account Organization Administrator, which didn't help as it isn't a permissions issue.
Using the API I've created a new project - project 2, and I was able to enable Cloud Billing API and Deployment Manager API for project 2.
For some reason, when I'm trying to follow the API reference on how to enable billing for a GCP project, the request fails with 403 (Permission Denied).
Here is a sample request I'm trying to make:
curl --location --request PUT 'https://cloudbilling.googleapis.com/v1/projects/project2/billingInfo' --header 'Authorization: Bearer ya29.blablabla' --header 'Content-Type: application/json' --data-raw '{"billingAccountName": "billingAccounts/1234-9248-4321"}'
The reason this request fails is that for some reason it is trying to link project1 (where the service account resides) to this billing account instead of project2.
Here is the response I'm getting:
{ "error": {
"code": 403,
"message": "Cloud Billing API has not been used in project project1_number before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview?project=project1_number
then retry. If you enabled this API recently, wait a few minutes for
the action to propagate to our systems and retry.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developers console API activation",
"url": "https://console.developers.google.com/apis/api/cloudbilling.googleapis.com/overview?project=project1_number"
}
]
},
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "SERVICE_DISABLED",
"domain": "googleapis.com",
"metadata": {
"service": "cloudbilling.googleapis.com",
"consumer": "projects/project1_number"
}
}
] } }
If I'm trying to enable the billing API for project1, I'm starting to get 400's with "Unexpected token" message.
Is there a way (using the API) to link project2 to my billing account using a service account that resides on project1?
You have two problems:
The Billing API is not enabled.
The service account does not have permission to access the Billing API.
To enable the Billing API, you must use an identity that has the role Service Usage Admin aka roles/serviceusage.serviceUsageAdmin
Use the Google Cloud Console GUI or use the CLI example:
gcloud services enable cloudbilling.googleapis.com
Is there a way (using the API) to link project2 to my billing account
using a service account that resides on project1?
Using an API, No. Using the GUI, Yes. To allow a service account to access a Billing Account you must complete this task in the Billing Account GUI. For personal Google Cloud Accounts, you cannot add additional members (the limit is one identity).
Tip: If you are expecting to be able to access billing data, you will not be able to. Instead, enable Google Cloud Billing export to BigQuery and then execute queries to retrieve billing data.
This is my first time executing a Google Script as an API executable. I am trying to run it from an Amazon Web-Services micro-server within a HTML file on my server directory. Basically the script is as follows:
function doGet(e){
return HtmlService.createHtmlOutput("Hello World!");
};
To do this, I made use of the JavaScript QuickStart tutorial offered by Google here:
https://developers.google.com/apps-script/guides/rest/quickstart/js#step_2_set_up_the_sample
The thing is that whenever I run the executable, I get an error of code 401 telling me that my script is unauthenticated. The error looks like this:
Error calling API:
{
"error": {
"code": 401,
"message": "ScriptError",
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.apps.script.v1.ExecutionError",
"errorMessage": "Authorization is required to perform that action.",
"errorType": "ScriptError"
}
]
}
}
I've tried the following quick-fixes:
Adding the credentials into my Google API Manager with reference to my domain.
Setting the latest deployment of my API executable to be accessible by anyone.
Adding ports to the domain I am running the script from via the API Manager credentials, though it shouldn't be necessary. (I've tested ports 8000, 8080 & 80)
Note also, the domain I am accessing the executable from is given as a plain IP (e.g. XXX.XXX.XXX.XXX). Not sure whether this affects the issue, however I thought it'd be worth mentioning if the error concerns my credential set-up.
Working with Google Plus API, I have enabled the google+ api in developer console and regenrated the appkey multiple times and trying to access the profile using profile.get but everytime i am getting the following issue:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
],
"code": 403,
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project."
}
}
Here is the link, i am trying to do:
https://www.googleapis.com/plus/v1/people/113377691202864347297?key={myKey}
passing my generated key for that domain, i am getting the above error. why it is not working
Screenshot of Enabled API's
I am guessing you're using the wrong API key. The API key is not a client ID or a client secret - it shouldn't have '.' in it. In the new console (https://developers.google.com/console) they are generated under the Credentials > Public API Access section and should look something like 'AIzaSyC-iPgOiU2hSqnpjc-KrtHpwThsWh_hQdO'.
If you've made one make sure that the allowable IP addresses or browser URLs (depending on key type) include the one you're making the call from. I included a screenshot of the key section below.
Which jar should i include for retrieving public posts of user.
Iam using google+ v1 api jars but there seems to be some problem with json. It is not able to resolve it.