This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Getting "code": 403, "message": "Permission denied on resource \"organizations/\" (or it may not exist)", "status": "PERMISSION_DENIED"

Posted on 06-07-2021 07:32 AM
samirjagdalegcp
New Member
Reply posted on --/--/---- --:-- AM

Hi i am trying to create an Organization on GCP using this document steps at

- https://cloud.google.com/apigee/docs/hybrid/v1.4/precog-provision

Upon running below command at Google Cloud shell 

curl -H "Authorization: Bearer $TOKEN" -X POST -H "content-type:application/json" \
  -d '{
    "name":"'"$ORG_NAME"'",
    "displayName":"'"$ORG_DISPLAY_NAME"'",
    "description":"'"$ORGANIZATION_DESCRIPTION"'",
    "runtimeType":"'"$RUNTIMETYPE"'",
    "analyticsRegion":"'"$ANALYTICS_REGION"'"
  }' \
  "https://apigee.googleapis.com/v1/organizations?parent=projects/$PROJECT_ID"

I am getting below output 

{"name":"organizations/org_name/operations/long_running_operation_ID","metadata":{"@type":"type.googleapis.com/google.cloud.apigee.v1.OperationMetadata","operationType":"INSERT","targetResourceName":"organizations/org_name","state":"IN_PROGRESS"}}

When I check the status of long running operation ID with below command 

curl -H "Authorization: Bearer $TOKEN" \
  "https://apigee.googleapis.com/v1/organizations/$ORG_NAME/operations/$LONG_RUNNING_OPERATION_ID"

I am getting 403 error

$ curl -H "Authorization: Bearer $TOKEN" \ > "https://apigee.googleapis.com/v1/organizations/$ORG_NAME/operations/$LONG_RUNNING_OPERATION_ID" { "error": { "code": 403, "message": "Permission denied on resource \"organizations/org name\" (or it may not exist)", "status": "PERMISSION_DENIED" } }

Tried to refresh the token using below command but still getting same issue

TOKEN=$(gcloud auth print-access-token)

When I hit -

https://apigee.googleapis.com/v1/organizations/org_name

I am getting 

{
  "error": {
    "code": 401,
    "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
    "status": "UNAUTHENTICATED"
  }
}

Can you please help what I am missing here ?

0 4 4,936
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
ylesyuk
New Member
Reply posted on --/--/---- --:-- AM

There are couple of minor problems I can point to, but as you naturally and obviously masked the variable names of 'resolved' commands pasted here, you would need to verify them yourself.

Syntax-wise, It all looks all right for the 1st and 2nd command.

The error message for the 3rd command is clear: you do not provide an authorization header.

-H "Authorization: Bearer $TOKEN"

Can I please suggest you to run echo in front of every command so that you can double check that the parameters and quotations are correctly substituted?

Org provisioning takes 3-4 minutes to finish.

Can you try to open apigee.google.com in your browser and see if you can reach your org?

Posted on --/--/---- --:-- AM
samirjagdalegcp
New Member
In response to ylesyuk
Reply posted on --/--/---- --:-- AM

unable-to-choose-org.pngI made sure to echo the TOKEN but still getting 403.

on https://apigee.google.com/ I am unable to select the organization, please refer the screen shot.

is there any alternate way to authenticate apart from TOKEN generated on google cloud shell ?

I can see the organization but cant get its details using google cloud shell API commands.

curl -H "Authorization: Bearer $TOKEN""https://apigee.googleapis.com/v1/organizations"

Output -

{ "organizations": [ { "organization": "<org_name>", "projectIds": [ "<project_name>" ] } ] }

curl -H "Authorization: Bearer $TOKEN" "https://apigee.googleapis.com/v1/organizations/<org_name>"

Output -

{ "error": { "code": 403, "message": "Permission denied on resource \"organizations/org_name\" (or it may not exist)", "status": "PERMISSION_DENIED" } }

0 Likes

Posted on --/--/---- --:-- AM
ylesyuk
New Member
In response to samirjagdalegcp
Reply posted on --/--/---- --:-- AM

This begins to make sense.

Your Apigee Org is not provisioned for this project.

The $TOKEN is good. If it would be bad, you would get 401 [invalid creds]. 503 means in this case ORG doesn't exist [second explanation].

Can you re-run org provisioning command, please? [the very first one]

0 Likes

Posted on --/--/---- --:-- AM
samirjagdalegcp
New Member
In response to ylesyuk
Reply posted on --/--/---- --:-- AM

This is what I got upon retrying to create an organization

curl -H "Authorization: Bearer $TOKEN" \ > "https://apigee.googleapis.com/v1/organizations/$ORG_NAME/operations/$LONG_RUNNING_OPERATION_ID"

Outcome 1-

{ "name": "organizations/org_name/operations/<long_running_operation_ID>", "metadata": { "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", "operationType": "INSERT", "targetResourceName": "organizations/org_name", "state": "IN_PROGRESS" } }

Outcome 2-

{ "name": "organizations/org_name/operations/<long_running_operation_ID>", "metadata": { "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", "operationType": "INSERT", "targetResourceName": "organizations/org_name", "state": "IN_PROGRESS", "progress": { "description": "Rolling back due to an unexpected error" } } }

Outcome 3 -

{ "name": "organizations/org_name/operations/<long_running_operation_ID>", "metadata": { "@type": "type.googleapis.com/google.cloud.apigee.v1.OperationMetadata", "operationType": "INSERT", "targetResourceName": "organizations/org_name", "state": "FINISHED", "progress": { "description": "Succeeded", "percentDone": 100 } }, "done": true, "error": { "code": 13, "message": "Unexpected error during operation. Try again later" } }

0 Likes