10

I'm trying to get the list of the intents in my Dialogflow agent using Dialogflow's V2 APIs but have been getting the following error:

PermissionDenied: 403 IAM permission 'dialogflow.intents.list' on 'projects/xxxx/agent' denied.

I adopted the following steps:

  1. I created a new agent(with V2 APIs enabled) and a new service account for it.
  2. I downloaded the JSON key and set my GOOGLE_APPLICATION_CREDENTIALS variable to its path.

Following is my code:

import dialogflow_v2 as dialogflow

os.environ["GOOGLE_APPLICATION_CREDENTIALS"]="/home/user/folder/service-account-key.json"

client=dialogflow.IntentsClient()

parent = client.project_agent_path('[PROJECT_ID]')

for element in client.list_intents(parent):
    pass

I have made various agents and service accounts and even changed the role from Admin to Client but can't figure out any solution. I tried the following solution but didnt' work

Tried Solution: DialogFlow PermissionDenied: 403 IAM permission 'dialogflow.sessions.detectIntent'

Pranshu Dixit
  • 111
  • 1
  • 1
  • 5
  • I have finally fixed this issue: I was trying to create the service account from a wrong GCP project all the time. The easiest way to make it work is go to the chatbot agent settings and in the *General* tab click the Project ID link in the *GOOGLE PROJECT* section. – Wiktor Stribiżew Jul 02 '21 at 13:22

8 Answers8

13

There is no need for creating a new Agent. You can edit the existing agents IAM.

  1. In Dialogflow's console, go to settings ⚙ > under the general tab, you'll see the project ID section with a Google Cloud link to open the Google Cloud console > Open Google Cloud.
  2. In google cloud, go to IAM Admin > IAM under tab Members. Find the name of your agents and then click on edit.
  3. Give admin permissions to the agent to give permissions to list intent.
Rishabh Batra
  • 648
  • 9
  • 14
5

The problem lies in the IAM section of GCP. Probably you are making a POST request with a role that does not have the necessary authorizations.

  1. Look into your key.json file that contains the field "client_email"
  2. Proceed to the IAM page and set the relevant role with that email to a role that has posting capabilities. (e.g. Admin)

This solved my problem.

BcK
  • 2,548
  • 1
  • 13
  • 27
3
  1. In Dialogflow's console, go to settings ⚙ > under the general tab, you'll see the project ID section with a Google Cloud link to open the Google Cloud console > Open Google Cloud.
  2. (Optional) In the Cloud console, go to the menu icon > APIs & Services > Library. Select any APIs (if any) > Enable.
  3. In Cloud Console > under the menu icon ☰ > APIs & Services > Credentials > Create Credentials > Service Account Key. Under Create service account key, select New Service Account from the dropdown and enter a project name and for role choose Owner > Create.
    • JSON private key file will be downloaded to your local machine that you will need.

For Javascript: In the index.js file you can do service account auth with JWT: 

const serviceAccount = {};       // Starts with {"type": "service_account",...

// Set up Google Calendar Service account credentials
  const serviceAccountAuth = new google.auth.JWT({
  email: serviceAccount.client_email,
  key: serviceAccount.private_key,
  scopes: 'https://www.googleapis.com/auth/xxxxxxx'
});

For Python: There's a Google Auth Python Library available via pip install google-auth and you can check out more here.

Sarah Dwyer
  • 529
  • 5
  • 22
1

When you create the intentClient, use following:

key_file_path = "/home/user/folder/service-account-key.json";
client=dialogflow.IntentsClient({
        keyFilename: key_file_path
})

Intents list

brooksrelyt
  • 3,925
  • 5
  • 31
  • 54
user10996754
  • 11
  • 1
0

This error message is usually thrown when the application is not being authenticated correctly due to several reasons such as missing files, invalid credential paths, incorrect environment variables assignations, among other causes. Keep in mind that when you set an environment variable value in a session, it is reset every time the session is dropped.

Based on this, I recommend you to validate that the credential file and file path are being correctly assigned, as well as follow the Obtaining and providing service account credentials manually guide, in order to explicitly specify your service account file directly into your code; In this way, you will be able to set it permanently and verify if you are passing the service credentials correctly.

Passing the path to the service account key in code example:

def explicit():
from google.cloud import storage

# Explicitly use service account credentials by specifying the private key
# file.
storage_client = storage.Client.from_service_account_json('service_account.json')

# Make an authenticated API request
buckets = list(storage_client.list_buckets())
print(buckets)
Armin_SC
  • 2,130
  • 11
  • 15
  • Hi @Armin_SC, thanks for the reply. I tried your approach but couldn't get it working for dialogflow. Can you please help me by referring to the following link? https://dialogflow.com/docs/reference/v2-auth-setup – Pranshu Dixit Sep 17 '18 at 11:41
  • In case you want to provide credentials separately from your application, I suggest you to set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable by following the [Setting the environment variable](https://cloud.google.com/docs/authentication/getting-started#setting_the_environment_variable) guide steps and create the `.bashrc` file as mentioned in the Dialogflow tutorial you provided previously; otherwise, the variable will apply only to the current shell session, so if you open a new session, set the variable again. – Armin_SC Sep 17 '18 at 14:10
  • I have set the environment variable GOOGLE_APPLICATION_CREDENTIALS too. It is working for listing out the buckets but not for the Dialogflow API – Pranshu Dixit Sep 19 '18 at 10:47
  • 1
    You should to take a look on the [DialogFlow V2 Authentication](https://medium.com/@tzahi/how-to-setup-dialogflow-v2-authentication-programmatically-with-node-js-b37fa4815d89) guide and [StackOverflow](https://stackoverflow.com/questions/52397180/google-cloud-dialogflow-intent-detection-nodejs-example-not-working#52404776) post where is recommended to create the Dialogflow object by using the private_key, client_email information, as well as verify that your account has the required [roles](https://cloud.google.com/iam/docs/understanding-roles#dialogflow_roles) to perform these tasks. – Armin_SC Sep 19 '18 at 14:19
0

Try also to create project in DialogFlow Console https://dialogflow.cloud.google.com/

Marian Turchyn
  • 519
  • 5
  • 6
0

You need to create the following as environment variable googleProjectID: "", dialogFlowSessionID: "anything", dialogFlowSessionLanguageCode: "en-US", googleClientEmail: "", googlePrivateKey:

jonddon
  • 1
0

I think you might have missed the Enable the API section in the documentation setup.

Here is that link: https://cloud.google.com/dialogflow/cx/docs/quick/setup#api

After clicking the link, select the chatbot project you created and fill the necessary instructions given there.

The permissions that I have given for that project are Owner, and editor.

After this, try the code in this link: https://cloud.google.com/dialogflow/es/docs/quick/api#detect_intent You should get a response from your chatbot

Hope this helps!

SenthurLP
  • 124
  • 1
  • 7