0

I had a java GAE application running using gcloud-java 0.1.4 for some time and wanted to upgrade to gcloud-java 0.1.7/0.2.0, as we are experiences several 404s etc. (another problem). We are using gcloud as we connect to a datastore instance in another GAE application.

But after upgrading the package, our authentication fails. From what I read in release notes, we had to re-enable the datastore-api on the "host" application, so we did but without any results. When "downgrading" again, the application works as intended but still with some stability issues.

Are there other undocumented fixes/methods to get it to work?

My connection code/function looks like (stripped): 

fis = new FileInputStream(Constants.PATH_TO_JSON_KEY);
sac = AuthCredentials.createForJson(fis); 

DatastoreOptions.Builder builder = DatastoreOptions.builder();
builder.projectId(Constants.DATASTORE_PROJECT_ID);
builder.authCredentials(sac);
DatastoreOptions options = builder.build();

return options.service();

EDIT:

Here are the some of the stack traces that I get.

[INFO] apr 17, 2016 6:19:33 PM com.google.datastore.v1beta3.client.DatastoreFactory makeClient
[INFO] com.google.cloud.datastore.DatastoreException: Not authorized.
[INFO]  at com.google.cloud.datastore.spi.DefaultDatastoreRpc.translate(DefaultDatastoreRpc.java:102)
[INFO]  at com.google.cloud.datastore.spi.DefaultDatastoreRpc.runQuery(DefaultDatastoreRpc.java:157)
[INFO]  at com.google.cloud.datastore.DatastoreImpl$1.call(DatastoreImpl.java:92)
[INFO]  at com.google.cloud.datastore.DatastoreImpl$1.call(DatastoreImpl.java:89)
[INFO]  at com.google.cloud.RetryHelper.doRetry(RetryHelper.java:181)
[INFO]  at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:247)
[INFO]  at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:237)
[INFO]  at com.google.cloud.datastore.DatastoreImpl.runQuery(DatastoreImpl.java:88)
[INFO]  at com.google.cloud.datastore.QueryResultsImpl.sendRequest(QueryResultsImpl.java:73)
[INFO]  at com.google.cloud.datastore.QueryResultsImpl.<init>(QueryResultsImpl.java:57)
[INFO]  at com.google.cloud.datastore.DatastoreImpl.run(DatastoreImpl.java:82)
[INFO]  at com.google.cloud.datastore.DatastoreImpl.run(DatastoreImpl.java:73)
.....
[INFO] Caused by: com.google.datastore.v1beta3.client.DatastoreException: Not authorized., code=PERMISSION_DENIED
[INFO]  at com.google.datastore.v1beta3.client.RemoteRpc.makeException(RemoteRpc.java:126)
[INFO]  at com.google.datastore.v1beta3.client.RemoteRpc.makeException(RemoteRpc.java:169)
[INFO]  at com.google.datastore.v1beta3.client.RemoteRpc.call(RemoteRpc.java:89)
[INFO]  at com.google.datastore.v1beta3.client.Datastore.runQuery(Datastore.java:108)
[INFO]  at com.google.cloud.datastore.spi.DefaultDatastoreRpc.runQuery(DefaultDatastoreRpc.java:155)
[INFO]  ... 56 more
Dan McGrath
  • 41,220
  • 11
  • 99
  • 130
Henrik M
  • 11
  • 5
  • Yes, it is enabled both on the "hosting" application and in my application. – Henrik M Apr 15 '16 at 08:31
  • could you share the actual failure messages? Also, it could be helpful to get information about the hosted application. Could you email me directly at pcostello@google.com with your project id? – Patrick Costello Apr 15 '16 at 17:37

2 Answers2

0

Thanks for reporting this issue. I have a couple of follow up questions so that we can get to the bottom of this:

Does the project ID you set (Constants.DATASTORE_PROJECT_ID) contain any prefixes with a tilde, perhaps "s~" or "e~"? Datastore v1beta3 no longer accepts those prefixes; instead you should provide everything after the tilde as your project ID. For example, if your project ID is s~my-project-id-123, you should use just my-project-id-123. This might be the issue if you see an error message similar to: 

com.google.datastore.v1beta3.client.DatastoreFactory makeClient: Not using any credentials
com.google.cloud.datastore.DatastoreException: The project s~my-project-id-123 does not exist.

If that isn't the issue, do you mind providing a stack trace and a copy of the exception text (removing confidential information as necessary). Thanks!

Ajay Kannan
  • 201
  • 2
  • 3
  • Hi Ajay and thank you for asking. The project-ids (both for hosting and target projects) are without any tilde etc, and in a format like: ZZZ-YYY-XXX both of them. – Henrik M Apr 17 '16 at 16:18
  • And I have updated my original post with the stack trace I can. – Henrik M Apr 17 '16 at 16:32
  • Just making sure: 1) Constants.DATASTORE_PROJECT_ID does not start with "s~" or "e~"? 2) Constants.PATH_TO_JSON_KEY is pointing to a key associated with Constants.DATASTORE_PROJECT_ID project? If the answer for both is "Yes", I think you should contact pcostello@google.com (as suggested above) with your project id. – ozarov Apr 17 '16 at 20:31
0

The service account we were using wasnt set setup with the appropriate permissions in the destination application. So we had (from advice from google) re-add the service account as a viewer here: https://console.cloud.google.com/permissions/projectpermissions

I hope this can help others in the future!

Henrik M
  • 11
  • 5