TechQA.

Permission denied on CloudTasksClient.create_task

105 views Asked by At

I'm trying to use CloudTasksClient.create_task in my Python code to create a task in Google Cloud Tasks via a Firestore trigger, but I'm getting a Permission Error. I'm not sure what's causing the issue. How can I troubleshoot this problem?

Here's the relevant code:

@firestore_fn.on_document_created(
    document="users/{user_id}/Documents/{document_id}",
    min_instances=MIN_INSTANCES)
def trigger_create_document(event: firestore_fn.Event) -> None:
    import json
    from datetime import datetime

    from google.cloud import tasks_v2
    from firebase_functions import params

    user_id = event.params['user_id']
    document_id = event.params['document_id']

    tasks_client = tasks_v2.CloudTasksClient()
    task_queue = tasks_client.queue_path(
        params.PROJECT_ID.value,
        options.SupportedRegion.ASIA_NORTHEAST1,
        "documenttask"
    )
    target_uri = get_function_url("documenttask")
    if target_uri == '':
        return

    schedule_time = datetime.now()

    body = {"data": {
        "user_id": user_id,
        "document_id": document_id,
    }}
    task = tasks_v2.Task(
        http_request={
            "http_method": tasks_v2.HttpMethod.POST,
            "url": target_uri,
            "headers": {"Content-Type": "application/json"},
            "body": json.dumps(body).encode(),
        },
        schedule_time=schedule_time,
    )
    tasks_client.create_task(parent=task_queue, task=task)
    return None

Here is the error message.

[2023-10-26 14:14:01,823][ERROR] Exception on / [POST]
Traceback (most recent call last): File "/layers/google.python.pip/pip/lib/python3.11/site-packages/google/api_core/grpc_helpers.py", line 72, in error_remapped_callable return callable_(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/grpc/_channel.py", line 1030, in __call__
return _end_unary_response_blocking(state, call, False, None)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/grpc/_channel.py", line 910, in _end_unary_response_blocking
raise _InactiveRpcError(state) # pytype: disable=not-instantiable
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.PERMISSION_DENIED
details = "Permission denied on 'locations/supportedregion.asia_northeast1' (or it may not exist)."
debug_error_string = "UNKNOWN:Error received from peer ipv4:142.251.42.202:443 {grpc_message:"Permission denied on \'locations/supportedregion.asia_northeast1\' (or it may not exist).", grpc_status:7, created_time:"2023-10-26T14:14:01.822482107+00:00"}"
>
The above exception was the direct cause of the following exception:
aceback (most recent call last): File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 2190, in wsgi_app response = self.full_dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1486, in full_dispatch_request
rv = self.handle_user_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1484, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1469, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/functions_framework/__init__.py", line 174, in view_func
function(event)
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_functions/firestore_fn.py", line 308, in on_document_created_wrapped
return _firestore_endpoint_handler(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/firebase_functions/firestore_fn.py", line 181, in _firestore_endpoint_handler
func(database_event)
File "/workspace/main.py", line 91, in trigger_create_document
tasks_client.create_task(parent=task_queue, task=task)
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/google/cloud/tasks_v2/services/cloud_tasks/client.py", line 2199, in create_task
response = rpc(
^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/google/api_core/gapic_v1/method.py", line 113, in __call__
return wrapped_func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/google/api_core/timeout.py", line 120, in func_with_timeout
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/layers/google.python.pip/pip/lib/python3.11/site-packages/google/api_core/grpc_helpers.py", line 74, in error_remapped_callable
raise exceptions.from_grpc_error(exc) from exc
google.api_core.exceptions.PermissionDenied: 403 Permission denied on 'locations/supportedregion.asia_northeast1' (or it may not exist).

I've checked IAM closely with some links below, and then it seems OK.

https://firebase.google.com/docs/functions/task-functions?gen=2nd https://cloud.google.com/tasks/docs/reference-access-control

Screenshot of IAM

python google-cloud-platform google-cloud-firestore gcloud google-cloud-tasks
Original Q&A
0

There are 0 answers

Related Questions in PYTHON

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-CLOUD-FIRESTORE

Related Questions in GCLOUD

Related Questions in GOOGLE-CLOUD-TASKS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions