0

I am following this tutorial to build a Cloud Function that triggers a DAG run. I have run into a permission issue. Upon the function being triggered and thus trying to run the DAG, I get a permission error message. It reads as follows:

Service account does not have permission to access the IAP-protected application.

I have followed the recommendation in the tutorial to have a service account with the Composer User role. What am I missing?

Note: I am calling Airflow version 2's Stable REST API and my Composer is version 1.

-Diana

Diana Vazquez Romo
  • 152
  • 1
  • 1
  • 11

1 Answers1

0

I found a perhaps duplicate question here: Receiving HTTP 401 when accessing Cloud Composer's Airflow Rest API

As Seng Cheong noted in their answer, the reason for this error is that Google Cloud seems to have issues adding service account IDs that are longer than 64 characters to the Airflow list of users. Upon changing my service account ID to one <= 64 characters, I was able to trigger the DAG successfully. If you can't make your service account ID shorter, then Google documentation suggests adding the "numeric user id" corresponding to your service account directly. The steps for how to do so can be found here: https://cloud.google.com/composer/docs/access-airflow-api#access_airflow_rest_api_using_a_service_account

Best of luck friend

Diana Vazquez Romo
  • 152
  • 1
  • 1
  • 11