Endpoints v2 management service not usable in local dev server with recent gcloud versions

[clement]

Recently, gcloud changed the way it manages authentication: 

- Old version: the application default credentials used to be generated using the same client id as the main credentials, during either "gcloud init" or "gcloud application (the client id is 32555940559.apps.googleusercontent.com)

- New versions: the application default credentials are generted by using a specific "gcloud auth application-default login", with a different client id: 764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com

The service management API is not enabled for the new client id:

{
  "error": {
    "status": "PERMISSION_DENIED", 
    "message": "Google Service Management API has not been used in project usable-auth-library before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/servicemanagement.googleapis.com/overview?project=usable-auth-library then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.", 
    "code": 403, 
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.Help", 
        "links": [
          {
            "url": "https://console.developers.google.com/apis/api/servicemanagement.googleapis.com/overview?project=usable-auth-library", 
            "description": "Google developers console API activation"
          }
        ]
      }
    ]
  }
}

As a result, the sample app using Endpoints Java framework v2 + Endpoints v2 API management does not work when started using the App Engine dev server, and new developers cannot use apps using the same configuration.

[INFO] com.google.api.config.ServiceConfigException: Failed to fetch service config (status code 403)

[INFO]  at com.google.api.config.ServiceConfigSupplier.fetch(ServiceConfigSupplier.java:138)

[INFO]  at com.google.api.config.ServiceConfigSupplier.get(ServiceConfigSupplier.java:104)

[INFO]  at com.google.api.config.ServiceConfigSupplier.get(ServiceConfigSupplier.java:48)

[INFO]  at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:199)

[INFO]  at com.google.api.config.ServiceConfigFetcher.fetch(ServiceConfigFetcher.java:41)

[INFO]  at com.google.api.control.ServiceManagementConfigFilter$1.load(ServiceManagementConfigFilter.java:33)

[INFO]  at com.google.api.control.ConfigFilter.init(ConfigFilter.java:87)

Switching to the old client id 32555940559.apps.googleusercontent.com in $GCLOUD_DIR/application_default_credentials.json fixes the issue immediatly.

Can someone at Google enable the service management API for the project usable-auth-library / client id 764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com?

[Hong]

Can you explain how do you use application default credentials with your application or tool?

Hong

"This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately"

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/4330ba5a-6ba5-43da-bf8d-2b48ffe47fd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[clement]

Hi Hong,

I don't use application default credentials directly, they are used through AppIdentityService in Google's code here:

https://github.com/cloudendpoints/endpoints-management-java/blob/master/endpoints-service-config/src/main/java/com/google/api/config/ServiceConfigSupplier.java#L150

The service management API was enabled by sepehr@ on the required project, everything now works as expected.

[Hong]

Sep, does the central project has enough quota for this need?

Hong

"This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately"

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/b6d413e5-15d9-435e-a44c-f458ecc59ae8%40googlegroups.com.