Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Error "Could not verify credential" while trying to add credentials in cloudbreak in GCP

Labels:
avatar
author-rank julia_simon
New Contributor

Created on ‎04-17-2019 03:22 PM - edited ‎09-16-2022 07:19 AM

When I try to add a GCP credential in the UI I get this error:

Failed to verify the credential: Could not verify credential! 403 Forbidden

On console I get this:

# cb credential create from-file --cli-input-json credential.json --name cloudbreakkeyEnter Password: ERROR: status code: 400, message: Failed to verify the credential: Could not verify credential! 403 Forbidden

cb doctor:

# cbd doctor
===> Deployer doctor: Checks your environment, and reports a diagnose.
uname: Linux cbd-deployment-vm 3.10.0-862.3.2.el7.x86_64 #1 SMP Mon May 21 23:36:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
local version:2.9.0
latest release:2.9.0
docker command exists: OK
docker client version: 1.13.1
docker client version: 1.13.1
ping 8.8.8.8 on host: OK
ping github.com on host: OK
ping 8.8.8.8 in container: [ERROR]
ping github.com in container: [ERROR] 

I assume there must be some networking issue but don't know what to look for

EDIT: In the logs I get this stacktrace:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
        at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
        at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
        at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
        at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
        at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1067)
        at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
        at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUsingHead(AbstractGoogleClientRequest.java:406)
        at com.google.api.services.compute.Compute$Regions$List.executeUsingHead(Compute.java)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialVerifier.preCheckOfGooglePermission(GcpCredentialVerifier.java:57)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialVerifier$$FastClassBySpringCGLIB$$a658f442.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:91)
        at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:286)
        at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:163)
        at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:118)
        at org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:152)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialVerifier$$EnhancerBySpringCGLIB$$676bf766.preCheckOfGooglePermission(<generated>)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialConnector.verify(GcpCredentialConnector.java:43)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler.accept(CredentialVerificationHandler.java:43)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler.accept(CredentialVerificationHandler.java:20)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler$$FastClassBySpringCGLIB$$f08a8fcf.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
        at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler$$EnhancerBySpringCGLIB$$d500084f.accept(<generated>)
        at reactor.bus.EventBus$3.accept(EventBus.java:317)
        at reactor.bus.EventBus$3.accept(EventBus.java:310)
        at reactor.bus.routing.ConsumerFilteringRouter.route(ConsumerFilteringRouter.java:72)
        at reactor.bus.routing.TraceableDelegatingRouter.route(TraceableDelegatingRouter.java:51)
        at reactor.bus.EventBus.accept(EventBus.java:591)
        at reactor.bus.EventBus.accept(EventBus.java:63)
        at reactor.core.dispatch.AbstractLifecycleDispatcher.route(AbstractLifecycleDispatcher.java:160)
        at reactor.core.dispatch.MultiThreadDispatcher$MultiThreadTask.run(MultiThreadDispatcher.java:74)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:844)
2,261 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank julia_simon
New Contributor

Created ‎04-22-2019 11:28 AM

In the end I solved this by creating a new service account and editing the instance to be on the new one.

View solution in original post

2,198 Views
0 Kudos
2 REPLIES 2

avatar
author-rank julia_simon
New Contributor

Created ‎04-17-2019 03:23 PM

In the logs I get this stacktrace:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
        at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
        at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
        at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
        at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
        at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1067)
        at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
        at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUsingHead(AbstractGoogleClientRequest.java:406)
        at com.google.api.services.compute.Compute$Regions$List.executeUsingHead(Compute.java)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialVerifier.preCheckOfGooglePermission(GcpCredentialVerifier.java:57)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialVerifier$$FastClassBySpringCGLIB$$a658f442.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:91)
        at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:286)
        at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:163)
        at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:118)
        at org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:152)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialVerifier$$EnhancerBySpringCGLIB$$676bf766.preCheckOfGooglePermission(<generated>)
        at com.sequenceiq.cloudbreak.cloud.gcp.GcpCredentialConnector.verify(GcpCredentialConnector.java:43)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler.accept(CredentialVerificationHandler.java:43)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler.accept(CredentialVerificationHandler.java:20)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler$$FastClassBySpringCGLIB$$f08a8fcf.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
        at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
        at com.sequenceiq.cloudbreak.cloud.handler.CredentialVerificationHandler$$EnhancerBySpringCGLIB$$d500084f.accept(<generated>)
        at reactor.bus.EventBus$3.accept(EventBus.java:317)
        at reactor.bus.EventBus$3.accept(EventBus.java:310)
        at reactor.bus.routing.ConsumerFilteringRouter.route(ConsumerFilteringRouter.java:72)
        at reactor.bus.routing.TraceableDelegatingRouter.route(TraceableDelegatingRouter.java:51)
        at reactor.bus.EventBus.accept(EventBus.java:591)
        at reactor.bus.EventBus.accept(EventBus.java:63)
        at reactor.core.dispatch.AbstractLifecycleDispatcher.route(AbstractLifecycleDispatcher.java:160)
        at reactor.core.dispatch.MultiThreadDispatcher$MultiThreadTask.run(MultiThreadDispatcher.java:74)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:844)

					
				
			
			
				
			
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
					
				
		
			
					
				
		
			
		
			
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	

	
		

			
		
			
					

    2,198 Views


				
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Kudos

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
		

	
	

	
		
			
					
		
	
				
		
			
		
	
	


		

	



		

	

	

	



        

      


			
		
    
            

                

            

        

	
		

		
	

	

	



		
			

	

		
	

	

		
	
		

			      

        



	 
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			
			

	

		

			

	
		
			

		


	

	
		
		

			
				
					
					
				
			
		

	
		
	

	

	

	

	

	

	

	
			
					
				
		

	


	

		
			
					
				
		
			  

    

        

          avatar
        

      

        

          

              author-rank
            
              julia_simon
            
          

          

            
            New Contributor
          

        

        



			Created  
    

	
		
		
		‎04-22-2019
	
		
		11:28 AM
	
	

	
	
	
	
	
	
	
	
	
	
	
	

		
        

      

    

  


		
			
					
		
	
				
		
			
		
			   

		
	
	


		

	

		

			

	
		
			  

					
		

	
		

			
				
					
						

					
					
						
In the end I solved this by creating a new service account and editing the instance to be on the new one.

					
				
			
			
				
			
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
					
				
		
			
					
				
		
			
		
			
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	

	
		

			
		
			
					

    2,199 Views


				
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Kudos

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
			
					
		
	
				
		
			
					
		
			

				

	
	    
	
		
			
		
		
	

		
		
	


			

		
	
				
		
	
		

	
	

	
		
			
					
		
	
				
		
			
		
	
	


		

	



		

	

	

	



        

      


			
		
    
            

                

            

        

	
		

		
	

	

	



		
		
	


	

	




			
				


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


			
		

	

	

				
		
		
			
		
	
	


		

			

	
		
			
  
  


		
			    

        

            Announcements
        

            

                

                    What's New @ Cloudera
                

                

                    Cloudera Data Engineering 1.23: Access Spark from Your Favor...
                

            

            

                

                    What's New @ Cloudera
                

                

                    HBase REST server scaling support is Generally Available
                

            

            

                

                    What's New @ Cloudera
                

                

                    New CLI option in the update-database command
                

            

            

                

                    What's New @ Cloudera
                

                

                    New Action menu item in the Cloudera Operational Database UI
                

            

            

                

                    What's New @ Cloudera
                

                

                    Get the list of supported instance types in the Cloudera Ope...
                

            

        

            View More Announcements