1

We would like to automatically create a project ID and install our ULAPPH Cloud Desktop application using the App Engine Admin API (REST) and Golang. https://cloud.google.com/appengine/docs/admin-api/?hl=en_US&_ga=1.265860687.1935695756.1490699302 https://ulapph-public-1.appspot.com/articles?TYPE=ARTICLE&DOC_ID=3&SID=TDSARTL-3

We were able to get a token but when we tried to create a project ID, we get the error below.

[Response OK] Successful connection to Appengine Admin API.
[Token] { "access_token" : "TOKEN_HERE", "expires_in" : 3599, "token_type" : "Bearer" }

[Response Code] 403
[Response Body] { "error": { "code": 403, "message": "Operation not allowed", "status": "PERMISSION_DENIED", "details": [ { "@type": "type.googleapis.com/google.rpc.ResourceInfo", "resourceType": "gae.api", "description": "The \"appengine.applications.create\" permission is required." } ] } }

We are just using the REST API calls. Request for token was successful as you can see above and the scope is ok as well. Now, when we posted the request to create application, we are having the error that says "appengine.application.create" permission required.

How do we specify the permission?

What are the possible reasons why we are getting that error? Do we missed to send a field in JSON or in query?

As per below link, we just need to pass the json containing the id and location. We also just need to pass the token in the Authorization header. The same logic I have used successfully in accessing Youtube, Drive APIs etc so not sure what needs to be done since I have followed the docs available.

I have also posted the same issue in Google Groups and now waiting for their reply.

halfer
  • 19,824
  • 17
  • 99
  • 186
Edwin Vinas
  • 21
  • 2
  • 1
    Welcome to Stack Overflow Pls Go through [How To Ask](https://stackoverflow.com/help/how-to-ask) – Prasad Mar 29 '17 at 03:33
  • Would you add a link to your post in Google Groups? We tend to discourage cross-posting on the web, since it often results in duplication of volunteer effort. – halfer Mar 30 '17 at 10:38

1 Answers1

2

It seems you've given no details about how you set up the account you're using to authorize the request. You'll need to make sure the appengine.applications.create permission is given to the account you're using, as mentioned in the error text. You can use the Google Identity and Access Management (IAM) API for this.

(by the way, I'd given this answer in the original thread, although you didn't reply or seem to take action on it. check it out! this is likely the solution you need!)

Nick
  • 3,581
  • 1
  • 14
  • 36
  • Thanks for the response. Although I was hoping the documentation would have been clearer about how to pass the permission required. As you can see in this REST API documentation in App Engine, it never mentioned about IAM which needs be setup. https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps/create As for the account I used, yes I was able to set it up using IAM and Admin in the Console and tried different settings and even make the accounts as Appengine Admin role. Tried both for a billed and non-billed accounts but same issue. – Edwin Vinas Mar 29 '17 at 20:22
  • Hey @EdwinVinas, you should file a report in the [Public Issue Tracker](http://issuetracker.google.com/) under "Public Trackers > Cloud Platform > Compute > App Engine", and explain the steps you took, link the document you think needs changing, etc., and we'll be able to update the documentation or iron out any issues that might be occurring. – Nick Apr 05 '17 at 21:34
  • Hey @Nick, report has been filed in the said public issue tracker. Thanks! – Edwin Vinas Apr 08 '17 at 21:09
  • Any update? I think the problem is that the **Appengine Admin** role does NOT include the **appengine.applications.create** permission, which I find a bit strange. Creating a custom role with that permission does not seem to work (for me) either. Would be grateful to hear back from somebody that has managed to create an application in google cloud through the API. – Phil Jan 03 '18 at 17:25