GoogleCloudPlatform/document-ai-samples

[docai-ocr-python]

dimroc opened this issue · 1 comments

dimroc commented

One must grant the newly created service my-docai-sa@<PROJECT_ID>.iam.gserviceaccount.com the role of roles/serviceusage.serviceUsageConsumer before they can poll for results in batch_processing.py.

Full error:

Waiting for operation projects/391334096849/locations/us/operations/16860360123428531689 to complete...
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/grpc_helpers.py", line 72, in error_remapped_callable
    return callable_(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/grpc/_channel.py", line 1030, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/usr/local/lib/python3.9/dist-packages/grpc/_channel.py", line 910, in _end_unary_response_blocking
    raise _InactiveRpcError(state)  # pytype: disable=not-instantiable
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.PERMISSION_DENIED
        details = "Caller does not have required permission to use project PROJECT. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=PROJECT and then retry. Propagation of the new permission may take a few minutes."
        debug_error_string = "UNKNOWN:Error received from peer ipv4:74.125.195.95:443 {grpc_message:"Caller does not have required permission to use project PROJECT. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=PROJECT and then retry. Propagation of the new permission may take a few minutes.", grpc_status:7, created_time:"2023-05-05T17:05:35.714308439+00:00"}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/user/batch_processing.py", line 66, in <module>
    operation.result()
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/future/polling.py", line 256, in result
    self._blocking_poll(timeout=timeout, retry=retry, polling=polling)
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/future/polling.py", line 137, in _blocking_poll
    polling(self._done_or_raise)(retry=retry)
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/retry.py", line 349, in retry_wrapped_func
    return retry_target(
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/retry.py", line 191, in retry_target
    return target()
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/future/polling.py", line 119, in _done_or_raise
    if not self.done(retry=retry):
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/operation.py", line 174, in done
    self._refresh_and_update(retry)
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/operation.py", line 162, in _refresh_and_update
    self._operation = self._refresh(retry=retry) if retry else self._refresh()
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/operations_v1/operations_client.py", line 149, in get_operation
    return self._get_operation(
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/gapic_v1/method.py", line 113, in __call__
    return wrapped_func(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/retry.py", line 349, in retry_wrapped_func
    return retry_target(
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/retry.py", line 191, in retry_target
    return target()
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/timeout.py", line 120, in func_with_timeout
    return func(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/google/api_core/grpc_helpers.py", line 74, in error_remapped_callable
    raise exceptions.from_grpc_error(exc) from exc
google.api_core.exceptions.PermissionDenied: 403 Caller does not have required permission to use project PROJECT. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=PROJECT and then retry. Propagation of the new permission may take a few minutes. [links {
  description: "Google developer console IAM admin"
  url: "https://console.developers.google.com/iam-admin/iam/project?project=PROJECT"
}
, reason: "USER_PROJECT_DENIED"
domain: "googleapis.com"
metadata {
  key: "service"
  value: "documentai.googleapis.com"
}
metadata {
  key: "consumer"
  value: "projects/PROJECT"
}
]
holtskinner commented

Updated the codelab to include adding the roles/serviceusage.serviceUsageConsumer role.