gcloud throws PERMISSION_DENIED when I try to deploy endpoint configuration
Question
I am trying to deploy endpoint configuration by command:
gcloud endpoints services deploy openapi-functions.yaml \
--project ESP_PROJECT_ID
I got an error:
ERROR: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.
I logged in with command:
gcloud auth login
This is output in terminal after log in:
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth?code_challenge=...
You are now logged in as [user@gmail.com].
Your current project is [PROJECT_ID]. You can change this setting by running:
$ gcloud config set project PROJECT_ID
If I run deploy command again, I got the same error message. What's the issue? Why is PERMISSION_DENIED?
openapi-functions.yaml
swagger: "2.0"
info:
description: "send email function."
title: "send-email"
version: "1.0.0"
host: "REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net"
security:
- api_key: []
schemes:
- https
produces:
- application/json
paths:
/send-email:
get:
summary: Greet a user
operationId: hello
x-google-backend:
address: https://REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net/send-email
protocol: h2
responses:
"200":
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
If I run:
gcloud endpoints services deploy openapi-functions.yaml --project ESP_PROJECT_ID --verbosity='debug'
the output is:
DEBUG: Running [gcloud.endpoints.services.deploy] with arguments: [--project: "PROJECT_ID", --verbosity: "debug", SERVICE_CONFIG_FILE:1: "[u'openapi-functions.yaml']"]
INFO: No JSON detected in service config. Trying YAML...
DEBUG: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'us-central1-PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.
Traceback (most recent call last):
File "/dev/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 983, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run
resources = command_instance.Run(args)
File "/dev/google-cloud-sdk/lib/surface/endpoints/services/deploy.py", line 350, in Run
services_util.CreateService(self.service_name, project_id)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/api_lib/endpoints/services_util.py", line 432, in CreateService
result = client.services.Create(create_request)
File "/dev/google-cloud-sdk/lib/googlecloudsdk/third_party/apis/servicemanagement/v1/servicemanagement_v1_client.py", line 657, in Create
config, request, global_params=global_params)
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 731, in _RunMethod
return self.ProcessHttpResponse(method_config, http_response, request)
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in ProcessHttpResponse
self.__ProcessHttpResponse(method_config, http_response, request))
File "/dev/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 604, in __ProcessHttpResponse
http_response, method_config=method_config, request=request)
HttpForbiddenError: HttpError accessing <https://servicemanagement.googleapis.com/v1/services?alt=json>: response: <{'status': '403', 'content-length': '218', 'x-xss-protection': '0', 'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked', 'vary': 'Origin, X-Origin, Referer', 'server': 'ESF', '-content-encoding': 'gzip', 'cache-control': 'private', 'date': 'Sun, 31 May 2020 20:41:07 GMT', 'x-frame-options': 'SAMEORIGIN', 'alt-svc': 'h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"', 'content-type': 'application/json; charset=UTF-8'}>, content <{
"error": {
"code": 403,
"message": "Ownership for domain name 'us-central1-PROJECT_ID.cloudfunctions.net' on project 'PROJECT_ID' cannot be verified.",
"status": "PERMISSION_DENIED"
}
}
1 answers
solution1
2 ACCPTED 2020-05-28 15:50:06
You are providing the wrong host, the documentation says that the host should be the CLOUD_RUN_HOSTNAME :
In the host field, specify
CLOUD_RUN_HOSTNAME, the hostname portion of the URL that Cloud Run created when you deployed ESPv2 Beta above in Deploying ESPv2 Beta. Don't include the protocol identifier,https://
And you are using host: "REGION-FUNCTIONS_PROJECT_ID.cloudfunctions.net" instead.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
gcloud Firestore import: PERMISSION_DENIED
How to fix ERROR: (gcloud.functions.deploy) PERMISSION_DENIED: Permission 'run.services.setIamPolicy' denied on resource '
"gcloud functions logs read..." gives PERMISSION_DENIED: Permission 'logging.views.access'
Firestore PERMISSION_DENIED
PERMISSION_DENIED Firestore Emulator
firestore: PERMISSION_DENIED: Missing or insufficient permissions
Getting error when trying to add document to firebase using Ionic4 and Angular 6 - Error: PERMISSION_DENIED: Permission denied
Firebase AppCheck on iOS: 403 permission errors - PERMISSION_DENIED
Firebase query returns "PERMISSION_DENIED" but rules work in test console
PERMISSION_DENIED: Cloud IAM permission 'cloudtranslate.generalModels.predict' denied
Related Tags