I have an ExpressJS app running in App Engine standard environment. I have a workflow setup with two GCP projects such that pushes to develop branch deploy to the staging environemnt (1st GCP project) and pushes to main deploy to the live environment (2nd GCP project). During development we experienced no issues with App Engine in the staging project. However, the same code and service account permissions are causing this GaxiosError: Could not refresh access token: Unsuccessful response status code when attempt to upload to storage buckets and this 16 UNAUTHENTICATED: Failed to retrieve auth metadata with error: Could not refresh access token: Unsuccessful response status code. Request failed with status code 500 when attempting to access a secret from the Google Secret Manager. We have another backend service setup in the same way and on the same projects. It also produces the same results (working in stage but not in live environment). I made sure to match the service account permission for the default app engine service account with no luck. Please help with this issue as this is becoming increasingly frustrating as I realize it may be out of my control.
Related
I Have an App Service published and I have created 2 Deployment Slots to test an update. One of them with the configuration cloned and another without clone the configuration
When I test my local project works fine
The publisehd api works fine
But when I publish in any of the slots I get 500 internal server error
And I don´t see any error log here
I don't know where I can see some more information about this problem that I don't understand
Any idea, please?
Thanks
Create an API and publish it with the deployment slots, one with cloned configuration and other without cloned.
Below is the response in local environment.
Below is the response from API after deployed in Azure
*Below is the response in the local browser from API which is published azure *
We need to use the "Ocp-Apim-Subscription-Key" and value "d*****e"
I have an application developed in Node and Angular , wherein I used express and passport for authorising user with Active directory(AD). I have containerised my application and tried running it from a stand-alone VM and it hits the AD and gets SAML response back. But when I deployed the same image inside a Pod , it is not hitting the AD and unable to find any error from passport module .
I tried disabling the AD call and access my application without authorisation enabled in it and it is successful.
Can anyone guide me where exactly the problem is , do I need to take care of any config changes at Kubernetes
Side Note: I’m from Application team and our environment team is taking care of pulling image and deploy inside pod .
I've been successfully deploying my node.js GAE web app for months using gcloud app deploy. It's been a month or so since my last deployment and I've made a few updates since then that I want to get out. So I did my usual
gcloud app deploy
and it uploaded the files and then failed, giving me this error:
(gcloud.app.deploy) Error Response: [5] failed to getGaiaID for "<SERVICE NAME WAS HERE"": generic::not_found: Account disabled: 810593457260
At first I thought it was a payment issue - but my payment info is up to date. The only major change to the code I recall is that between this deploy and the last deployment, I started versioning the project with git and pushing to github.
Does anyone have any ideas? In particular, is there any reason Git or GitHub .git would interfere with a gcloud deployment?
Thanks
So, oddly enough, my account ended up not being disabled. My last three attempts at deploying all occurred at unsecured network locations (airport, hotel, convention center). Apparently, Google gives a disabled account warning when you try to deploy over an unsecure network
Therefore the command gcloud app deploy will not be successful when performed over an unsecure internet network.
Later, attempting to make a deploy over unsecure networks disabled the project in GAE. Since billing was in good standing, they continued to serve my content (and bill for it) but changes to the service were disabled.
To enable them again, follow the instructions:
To enable a service account, at minimum the user must be granted the Service Account Admin role (roles/iam.serviceAccountAdmin) or the Editor basic role (roles/editor)
In the Cloud Console, go to the Service accounts page.
Select the project
Click the name of the service account that you want to enable
Under Service account status, click Enable service account, then click Enable to confirm the change.
Other resources:
How to understand the service accounts
How to create and manage service accounts
I tried running a new code from Azure Pipelines into Azure Web App Bot, configured the application settings appropriately. Yet whenever I tried to test the service in the test chat web I got errors.
Node version: 10.14.1
botbuilder: 4.10.3
Azure Repos + Azure Pipelines deployment
Application Settings
Test in Web Chat
Error messages
There was an error sending this message to your bot. HTTP status code: not found
To troubleshooting this issue, you could check the following points:
1.Navigate to Settings tab, you need to make sure that the Messaging endpoint is Https instead of Http.
Note: It doesn't support the Http website.
2.Navigate to Channels tab, you could check if the Web Chat is in Running state without issues.
3.Navigate to Configuation, you need to make sure that the MicrosoftAppId and MicrosoftAppPassword do not change these after deploying the new code.
If it keeps getting errors, you can even consider creating a new web app bot to redeploy
On the other hand, this is the document I refer to to deploy azure web app bot.
I deploy the new code to Azure App service with the Azure App Service deploy task.
Result:
I have a project in GCP with an App Engine project. I am using Gitlab CI to deploy two separate services to App Engine. I am using the same service account for both deployments with separate keys. Same service account and same project.
For some reason, one of the services (for the frontend) deploys perfectly as expected. The other service (the backend) fails with the error:
ERROR: (gcloud.app.deploy) User [test-appengine-gitlab#vandis-lab.iam.gserviceaccount.com] does not have permission to access project [vandis-lab] (or it may not exist): The caller does not have permission
I can't figure out what the difference between the two are. Both are configured in Gitlab CI in nearly identical formats and the variables have been triple checked. Any idea on why one fails and the other passes?