"A Not Found error"
apenney opened this issue ยท 9 comments
Hi,
I'm trying to consume cloud-functions-runtime-config indirectly, via https://github.com/pendo-io/gcs-s3-sync. While trying to get it working I kept running into:
{ Error: A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified. Requested entity was not found. at Request._callback (/user_code/node_modules/cloud-functions-runtime-config/node_modules/google-auth-library/lib/transporters.js:85:15) at Request.self.callback (/user_code/node_modules/cloud-functions-runtime-config/node_modules/request/request.js:186:22) at emitTwo (events.js:106:13) at Request.emit (events.js:191:7) at Request.<anonymous> (/user_code/node_modules/cloud-functions-runtime-config/node_modules/request/request.js:1163:10) at emitOne (events.js:96:13) at Request.emit (events.js:188:7) at IncomingMessage.<anonymous> (/user_code/node_modules/cloud-functions-runtime-config/node_modules/request/request.js:1085:12) at IncomingMessage.g (events.js:292:16) at emitNone (events.js:91:20) code: 404, errors: [ { message: 'Requested entity was not found.', domain: 'global', reason: 'notFound' } ] }
Digging around I found it's fixed in 1.2.1 of google-auth-library:
googleapis/google-auth-library-nodejs#274
Any chance I can get you to make a 0.4 with updated dependencies on googleapis etc to pull in updated versions of this code? I'd really appreciate it. I'd have just sent a PR but I don't know how to test this code (having never written a line of javascript)!
Yes, its a bit overdue with some dependency updates! ๐
Not sure that will fix this issue though but we can give it a go. Looking at the linked issue the regression only affects google-auth-library-nodejs version 1.2.0 and we are using a much, much older version of that (~0.10.0!).
I'll bump the dependencies and push a new version and if that doesn't solve the problem, steps to reproduce would help a lot!
Well, it didn't hurt, but it didn't help, I'm still struggling to get this to work but I suspect this is my own lack of GCP understanding at this point. All I did was take the repo in the original report (gcs-s3-sync), make a new project and try to follow the instructions (after bumping cloud-functions-runtime-config to 0.4).
After following the instructions I just end up at the same spot:
{ Error: A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified. Requested entity was not found. at createError (/user_code/node_modules/cloud-functions-runtime-config/node_modules/axios/lib/core/createError.js:16:15) at settle (/user_code/node_modules/cloud-functions-runtime-config/node_modules/axios/lib/core/settle.js:18:12) at
I figured out cloud functions use project-id@appspot as their serviceAccount, so I made sure the project had that account in IAM (which it does, with Editor). I'm totally at a loss but I'll keep fiddling from my side, thanks again for how fast you updated everything!
Not sure if it helps but here's a better backtrace. You can see it's specifically on a call to runtimeconfig that we fail:
I syncMyBucket 56224165174527 2018-03-16 16:27:22.588 { Error: A Not Found error was returned while attempting to retrieve an accesstoken for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have any permission scopes specified. Requested entity was not found.
at createError (/user_code/node_modules/cloud-functions-runtime-config/node_modules/axios/lib/core/createError.js:16:15)
at settle (/user_code/node_modules/cloud-functions-runtime-config/node_modules/axios/lib/core/settle.js:18:12)
at IncomingMessage.handleStreamEnd (/user_code/node_modules/cloud-functions-runtime-config/node_modules/axios/lib/adapters/http.js:201:11)
at emitNone (events.js:91:20)
at IncomingMessage.emit (events.js:185:7)
at endReadableNT (_stream_readable.js:974:12)
at _combinedTickCallback (internal/process/next_tick.js:80:11)
at process._tickDomainCallback (internal/process/next_tick.js:128:9)
config:
{ adapter: [Function: httpAdapter],
transformRequest: { '0': [Function: transformRequest] },
transformResponse: { '0': [Function: transformResponse] },
timeout: 0,
xsrfCookieName: 'XSRF-TOKEN',
xsrfHeaderName: 'X-XSRF-TOKEN',
maxContentLength: 2147483648,
validateStatus: [Function],
headers:
{ Accept: 'application/json, text/plain, */*',
Authorization: 'Bearer ya29.c.ElyABfAHy[snip]',
'User-Agent': 'google-api-nodejs-client/1.3.2' },
method: 'get',
url: 'https://runtimeconfig.googleapis.com/v1beta1/projects/apenney-test-playground/configs/ashp-test-bucket/variables/aws-secret-key',
paramsSerializer: [Function],
data: undefined,
params: {} },
request:
ClientRequest {
domain: null,
_events:
{ socket: [Function],
abort: [Function],
aborted: [Function],
error: [Function],
timeout: [Function],
prefinish: [Function: requestOnPrefinish] },
_eventsCount: 6,
_maxListeners: undefined,
output: [],
outputEncodings: [],
outputCallbacks: [],
outputSize: 0,
writable: true,
_last: true,
upgrading: false,
chunkedEncoding: false,
shouldKeepAlive: false,
useChunkedEncodingByDefault: false,
sendDate: false,
_removedHeader: {},
_contentLength: 0,
_hasBody: true,
_trailer: '',
finished: true,
_headerSent: true,
socket:
TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: null,
npnProtocol: false,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 10,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: 'runtimeconfig.googleapis.com',
_readableState: [Object],
readable: false,
domain: null,
_maxListeners: undefined,
_writableState: [Object],
writable: false,
allowHalfOpen: false,
destroyed: true,
_bytesDispatched: 407,
_sockname: null,
_pendingData: null,
_pendingEncoding: '',
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [Circular],
read: [Function],
_consuming: true,
write: [Function: writeAfterFIN],
_idleNext: null,
_idlePrev: null,
_idleTimeout: -1 },
connection:
TLSSocket {
_tlsOptions: [Object],
_secureEstablished: true,
_securePending: false,
_newSessionPending: false,
_controlReleased: true,
_SNICallback: null,
servername: null,
npnProtocol: false,
alpnProtocol: false,
authorized: true,
authorizationError: null,
encrypted: true,
_events: [Object],
_eventsCount: 10,
connecting: false,
_hadError: false,
_handle: null,
_parent: null,
_host: 'runtimeconfig.googleapis.com',
_readableState: [Object],
readable: false,
domain: null,
_maxListeners: undefined,
_writableState: [Object],
writable: false,
allowHalfOpen: false,
destroyed: true,
_bytesDispatched: 407,
_sockname: null,
_pendingData: null,
_pendingEncoding: '',
server: undefined,
_server: null,
ssl: null,
_requestCert: true,
_rejectUnauthorized: true,
parser: null,
_httpMessage: [Circular],
read: [Function],
_consuming: true,
write: [Function: writeAfterF
Perfect, this helps! Before we dig any deeper, please verify that the Runtime Configuration API is enabled for the project. Either using the API Manager or using gcloud:
gcloud service-management enable runtimeconfig.googleapis.comHi @fredriks , I can confirm that the API is definitely enabled (and all calls to it show as errors on the API metrics page.
Cool! Do the config and triggering bucket share the same name? It looks like gcp-s3-sync assumes that and it could explain the Not found error. If not then try changing the value on this line to the name of the config, eg:
const configName = 'my-sync-config';or rename the config to match the bucket name.
That was totally it! I really appreciate your help, especially as I sent you on a wild goose chase with the issue not being in cloud-functions-runtime-config at all. I definitely appreciate all the help, and sent a PR over on the other side to update to 0.4 so we at least get the dependencies bump. :)
Nice, glad it worked out! ๐
Any help concerning this error : ?
Error occurred: { Error: A Forbidden error was returned while attempting to retrieve an access token for the Compute Engine built-in service account. This may be because the Compute Engine instance does not have the correct permission scopes specified