Ownership for domain name '**.run.app' on project 'PROJECT_ID' cannot be verified.

[Robin Kurtz]

Attempting to follow the tutorial here: https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-functions

After having successfully deployed my ESPv2 Beta service: https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-functions#deploy_endpoints_proxy, I moved onto configuring my endpoints and ran into a blocker.

ERROR: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'SERVICE_NAME-HASH-uk.a.run.app' on project 'PROJECT_ID' cannot be verified.

I fail to see how the Cloud Run URL is not verified as I've just created it on the same project. 

gcloud run deploy cloud-run-service \                                                                                          

    --image="gcr.io/endpoints-release/endpoints-runtime-serverless:2" \

    --allow-unauthenticated \

    --platform managed \

    --project=PROJECT_ID

Deploying container to Cloud Run service [SERVICE_NAME] in project [PROJECT_ID] region [us-east4]

✓ Deploying new service... Done.

  ✓ Creating Revision...

  ✓ Routing traffic...

  ✓ Setting IAM Policy...

Done.

Service [SERVICE_NAME] revision [SERVICE_NAME-00001-ron] has been deployed and is serving 100 percent of traffic at https://SERVICE_NAME-HASH-uk.a.run.app

OpenAPI Config

swagger: '2.0'

info:

  title: Cloud Endpoints + GCF

  description: Sample API on Cloud Endpoints with a Google Cloud Functions backend

  version: 1.0.0

host: SERVICE_NAME-HASH-uk.a.run.app

schemes:

  - https

produces:

  - application/json

paths:

  /hello:

    get:

      summary: Greet a user

      operationId: hello

      x-google-backend:

        address: https://us-east4-PROJECT_ID.cloudfunctions.net/helloGET

      responses:

        '200':

          description: A successful response

          schema:

            type: string

Any advice is more than welcome

Thanks,

[Robin Kurtz]

I forgot to mention the following troubleshooting;

• I've copied the host several times, I do not believe it's a copy & past issue; no trailing spaces.
• I've confirmed my gcloud config is set to the correct project
• My user has the owner role (however nothing else)
  

gcloud --verbosity=debug endpoints services deploy openapi-functions.yaml \                                             

    --project PROJECT_ID

DEBUG: Running [gcloud.endpoints.services.deploy] with arguments: [--project: "PROJECT_ID", --verbosity: "debug", SERVICE_CONFIG_FILE:1: "[u'openapi-functions.yaml']"]

INFO: No JSON detected in service config. Trying YAML...

DEBUG: (gcloud.endpoints.services.deploy) PERMISSION_DENIED: Ownership for domain name 'SERIVCE_NAME-HASH-uk.a.run.app' on project 'dev-minchem-solvextract' cannot be verified.

Traceback (most recent call last):

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 981, in Execute

    resources = calliope_command.Run(cli=self, args=args)

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 807, in Run

    resources = command_instance.Run(args)

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/surface/endpoints/services/deploy.py", line 350, in Run

    services_util.CreateService(self.service_name, project_id)

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/googlecloudsdk/api_lib/endpoints/services_util.py", line 428, in CreateService

    result = client.services.Create(create_request)

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/googlecloudsdk/third_party/apis/servicemanagement/v1/servicemanagement_v1_client.py", line 649, in Create

    config, request, global_params=global_params)

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 731, in _RunMethod

    return self.ProcessHttpResponse(method_config, http_response, request)

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 737, in ProcessHttpResponse

    self.__ProcessHttpResponse(method_config, http_response, request))

  File "/Users/robinkurtz/_dev/gcloud/google-cloud-sdk/lib/third_party/apitools/base/py/base_api.py", line 604, in __ProcessHttpResponse

    http_response, method_config=method_config, request=request)

HttpForbiddenError: HttpError accessing <https://servicemanagement.googleapis.com/v1/services?alt=json>: response: <{'status': '403', 'content-length': '217', 'x-xss-protection': '0', 'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked', 'vary': 'Origin, X-Origin, Referer', 'server': 'ESF', '-content-encoding': 'gzip', 'cache-control': 'private', 'date': 'Tue, 04 Feb 2020 16:27:18 GMT', 'x-frame-options': 'SAMEORIGIN', 'alt-svc': 'quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000', 'content-type': 'application/json; charset=UTF-8'}>, content <{

  "error": {

    "code": 403,

    "message": "Ownership for domain name 'SERVICE_NAME-HASH-uk.a.run.app' on project 'PROJECT_ID' cannot be verified.",

    "status": "PERMISSION_DENIED"

  }

}

[qiwz...@google.com]

Hi Robin,  I created a bug to Google ServiceManagement team to look into your issue.  Thanks  -Wayne

[qiwz...@google.com]

Hi Robin,  you may have used "us-east4" region for Cloud Run service,  it is a new region, not very stable.  They suggested to use some other stable regions.  Thanks  -Wayne

[Robin Kurtz]

Thank you Wayne,

Unfortunately, the rest of my application is in east4, I'm not sure the impact but I will give it a go. Are you aware of a public status of this? So I can check when this region is more stable.

[Robin Kurtz]

I was able to move forward with the change of the region. Now I am using us-central1

Unfortunately, I've run into another error while trying to "Building a new ESPv2 Beta image" - https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-functions#configure_esp

Using base image: gcr.io/endpoints-release/endpoints-runtime-serverless:2

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

curl: (22) The requested URL returned error: 403

./gcloud_build_image: line 45: Failed to download service config (exit 1)

On Tuesday, February 4, 2020 at 11:53:16 AM UTC-5, Robin Kurtz wrote:

[Wayne Zhang]

Please make sure your gcloud SDK credential has permission to access the endpoint service config.  You can change it by "gcloud auth login",  and test it by

"gcloud endpoints services list"  or "gcloud endpoints configs describe" commands.

--
You received this message because you are subscribed to a topic in the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-cloud-endpoints/Io7jD8S1rYU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/d886cb50-bb1e-431e-9f78-53171cc65efe%40googlegroups.com.

[Teju Nareddy]

This looks like a permission issue. 

Did you login with `gcloud auth login` before running the script? Mentioned in this step

Are you sure all the required services are enabled? Mentioned in this step

Finally, are you sure you are passing in the correct service name to the script?

On Wed, Feb 5, 2020 at 11:21 AM Robin Kurtz <robin...@osedea.com> wrote:

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/d886cb50-bb1e-431e-9f78-53171cc65efe%40googlegroups.com.

--

Teju Nareddy nare...@google.com Software Engineer

[Robin Kurtz]

I found my error... terribly sorry. There was a sneaky character left after my CLOUD_RUN_HOSTNAME arg

[Adam Sherman]

On Tuesday, 4 February 2020 18:25:28 UTC-5, Wayne Zhang wrote:

Hi Robin,  you may have used "us-east4" region for Cloud Run service,  it is a new region, not very stable.  They suggested to use some other stable regions.  Thanks  -Wayne

I just tried this wickedly neat stuff out for the first time and immediately ran into this region problem, found this post on my first search. Bah.

Any idea when this region will be stable? My clients are all in Eastern Canada.

Thanks,

A.

 

[qiwz...@google.com]

Further investigation found that there is a bug in the Cloud Run service, this bug is impacting following regions: 

* europe-west4
* us-west1
* asia-east1
* europe-north1
* us-east4

following regions are not impacted:

* us-central1
* us-east1
* asia-northeast1
* europe-west1

We are currently working on a fix.  Will update the progress here.

Thanks

-Wayne

[qiwz...@google.com]

Update on the bug,  the fix has been released.  It will take 5 days to rollout to all regions.  By Feb. 10,  it should be rollouted to all regions.  Thanks.  -Wayne

[Adam Sherman]

That's great, thanks!

--

You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/8eb2a829-bc0d-44fb-be9e-fef32533b53f%40googlegroups.com.

--

Adam Sherman

+1 613 797 6819