I am able to fetch the data from Bigquery using gcs-connector and spark-bigquery-in Spark application. But getting below error while trying to load data into Bigquery in GCP by using spark application.
Exception in thread "main" java.io.IOException: Error getting access token from metadata server at: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token
Code:
df_bigquery.write.format("bigquery").option("credentialsFile", "D://input/absolute-vertex-321015-a78e81ae77a0.json").option("parentProject", "absolute-vertex-321015").option("temporaryGcsBucket","emp_demo_1").save("absolute-vertex-321015.org.employee_loaded")
Any help is deeply appreciated.
Thanks in Advance.
May I help you with this?
This Metadata endpoint /computeMetadata/v1/instance/service-accounts/default/token Returns the auth token that can be used to authenticate your application to other Google Cloud APIs.
As the error is: Exception in thread "main" java.io.IOException: Error getting access token from metadata server at: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token
Use curl to request an access token and send a request to an API:
On the instance where your application runs, query the metadata server for an access token by running the following command:
$ curl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" \
-H "Metadata-Flavor: Google"
The request returns a response similar to:
{
"access_token":"ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_QtAS08i85nHq39HE3C2LTrCARA",
"expires_in":3599,
"token_type":"Bearer"
}
Copy the value of the access_token property from the response and use it to send requests to the API. For example, the following request prints a list of instances in your project from a certain zone:
$ curl https://compute.googleapis.com/compute/v1/projects/[PROJECT_ID]/zones/[ZONE]/instances \
-H "Authorization":"Bearer [ACCESS_TOKEN]"
where:
[PROJECT_ID] is the project ID for this request.
[ZONE] is the zone to list instances from.
[ACCESS_TOKEN] is the access token value you got from step 1.
Note:
You can use the access token only for scopes that you specified when you created the instance. For example, if the instance has been granted only the https://www.googleapis.com/auth/storage-full scope for Cloud Storage, then it can't use the access token to make a request to BigQuery.
For information about the parameters that you can set in your request, see the parameters documentation.
If you want to Authenticating applications with a client library use this reference.
I am happy to help, let me know if these steps resolve your issue.
Related
I am trying to migrate authentication via auth0 from a jvm based solution which uses auth0 rest api to a node based solution using node-auth0.
At present its a 2 step process:
Get token via POST /oauth/token
Get user profile via /userInfo
In the node application, I am constructing AuthenticationClient while providing clientId, clientSecret and domain as AuthenticationClientOptions and able to get the token successfully using passwordGrant but when I use the same authenticationClient object to call getProfile while providing the token obtained from passwordGrant, I get this error:
Request failed with status code 401
What’s confusing is that in Auth0 dashboard, this request is successful.
I am using node-auth0 SDK Version: 2.42.0 on Node 15.14.0
The token obtained via passwordGrant will be processed to respond for userInfo. Hence, the token must have in its audience claim <your-auth0-domain>/userInfo.
I'm able to update/create the function key using the API as per document.
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update-function-secret
My main aim is to update the function key every hour so I'm creating a http trigger (with the above api inside it) and scheduling the trigger.
For testing purpose I stored the url in one parameter.
URL:
'https://management.azure.com/subscriptions/xyz1/resourceGroups/xyz2/providers/Microsoft.Web/sites/func_appname/functions/func_name/keys/poc_testing1?api-version=2021-02-01{"Properties":{"Name": "poc_testing1","Value": "asdsda"}}'
Note: Value here is updating via random gen lib of python
Generated a bearer token using the service principal (which I'm already using to connect my stg acc) storing it in auth_token
header_auth= {'Authorization' : 'Bearer ' + auth_token }
Now running the below command in python
import requests
requests.post(url, headers=header_auth)
I'm getting 403 forbidden error
I'm thinking that it is not because of the bearer token, Did google the error and it is with the IP address. Can someone help me out here
I was referring the (https://learn.microsoft.com/en-us/troubleshoot/azure/general/request-throttling-http-403) doc but I'm not using any APIM service
Till now I referred the doc from MSFT.
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/create-or-update-function-secret
I was able to create new function key.
I'm trying to do the same using python for which I performed the above steps.
Currently ran the above issue steps in my local Visual studio and tried az cli as well but same 403 error.
Why do you want to update the function key every hour?
If you aim to increased security use AzureAD Auth/OAuth2 rather than the function key.
Regarding the 403 error, please ensure you have assigned proper permissions to the service principal which allow the service principal to modify the azure function.
I am using a multi user rest server with ldap based authentication on. I can successfully login , get an access token and perform any number of transactions. Chaincode running for this transaction can also run the queries generate by me. But the issue is I am not able t run this queries directly from my Web browser while using same access token. I am facing this error which says that access_token is invalid or extraneous parameter while running query. But when I try to run query without access token it gives me error as "AUTHORIZATION_REQUIRED" Which as per my understanding is okay. Also this queries are running fine in single user rest server.
Do i need to perform something different while running queries using multi user rest server with access token generated from LDAP.
"{"error":{"statusCode":500,"name":"Error","message":"2 UNKNOWN: error
executing chaincode: transaction returned with failure: Error: Invalid
or extraneous parameter access_token has been
specified","code":2,"metadata":{"_internal_repr":{}},"details":"error
executing chaincode: transaction returned with failure: Error: Invalid
or extraneous parameter access_token has been
specified","stack":"Error: 2 UNKNOWN: error executing chaincode:
transaction returned with failure: Error: Invalid or extraneous
parameter access_token has been specified\n at new
createStatusError
(/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/grpc/src/client.js:64:15)\n at
/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/grpc/src/client.js:583:15"}}"
Actually We have made some changes to make it work actually issue is with the way we were passing the access token. In hyperledger Documents there are 2 ways through which we can pass token :
curl -v http://localhost:3000/api/system/ping?access_token=xxxxx
curl -v -H 'X-Access-Token: xxxxx' http://localhost:3000/api/system/ping
I was using the 1st method to pass access token and all my transactions were working fine but query failed seems access token was passed on to query and it was not able to identify parameter. So I tried second way and was able to run the query. I Suppose Hyperleder forums should mention such limitations.
I'm trying to subscribe an application to a Sharepoint list. The notifications will be sent to the app via webhooks. To do this, you have to make an HTTP POST request to:
https://{your-account}.sharepoint.com/_api/web/lists('{list-guid}')/subscriptions
Body:
{
"resource": "{{ URL of the resource Id }}",
"notificationUrl" : "{{ URL of the endpoint that will process the webhooks }}",
"expirationDateTime" : "2017-09-27T00:00:00+00"
}
The call requires an access token. I obtained the token with curl this way:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "client_id={{ Id of the application registered on Azure Active Directory }}&client_secret={{ Key added on Azure for the app }}&grant_type=client_credentials&resource=https%3A%2F%2F{{ My account }}.sharepoint.com" "https://login.microsoftonline.com/{{ Azure account tenant id}}/oauth2/token"
This returns a token that is included as a header in the POST request. Unfortunately, this request failed with error code 401. Body:
{
"error_description" : "The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."
}
I think the problem is not the token, we tried too many times before it stopped throwing errors related to invalid token data.
Is there a way to debug this error? Any suggestions?
Finally, the problem was the access token, and we were able to get a correct access token. There are two ways to do it, and these methods work for single-tenant application.
Method 1: Two steps without sending the Azure credentials (only app credentials)
Step 1: Request a verification code.
Access this URL. It will redirect you to the redirect_uri passed in the query string, and the query string of the redirect will include a code that will be used to request the token.
https://login.microsoftonline.com/{{ Tenant id }}/oauth2/authorize?client_id={{ Application id }}&response_type=code&redirect_uri={{ URI of the application }}&response_mode=query&resource={{ Resource that you want to access}}&state=12345
Resource example: https%3A%2F%2Fyouraccount.sharepoint.com
Step 2: Request a token
curl -X POST -H "content-type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&client_id={{ Application code }}&code={{ The code received in the last request }}&redirect_uri={{ Same redirect URI }}&resource={{ Same resource}}&client_secret={{ Application key }}" https://login.microsoftonline.com/{{ Tenant id }}/oauth2/token
Method 2: One step, sending the Azure credentials
curl -i -X POST -d "grant_type=password&resource={{ Resource id }}&client_id={{ App id }}&username={{ Azure username }}&password={{ Azure password }}" "https://login.windows.net/{{ Tenant id }}/oauth2/token"
I have successfully registered the twitter connector with my app and created a user. I'm able to send tweets and the test and info apis both work. Only when I try to retrieve messages the connector returns the following result:
{"Status":{"twitter":{"status":417,"info":"417 Connector returned error: 403 Forbidden"}},"messages":{"twitter":null}}
I send the request to /v2/message/retrieve with the following json body:
{"uri": "unified://twitter"}
curl -XPOST https://apiv2.unificationengine.com/v2/message/retrieve -u USER_ACCESSKEY:USER_ACCESSSECRET --data "{\"uri\":\"unified://UNIQUE_CONNECTION_IDENTIFIER\"}" -k
Can you please check if the above command works for you? The 403 error is returned by twitter (https://dev.twitter.com/overview/api/response-codes).
The problem was that my twitter app didn't have DM permissions. I just saw Read & write and thought that would be enough.
If someone has the same problem, go to your app settings, change the permissions and regenerate your personal access token.