This problem is more systemic than that. The documentation lacks a step-by-step how-to. I understand that there are a lot of options, but I'm pretty sure my use case is very common:
1. I have a google app engine app 2. I want to call the translation API from that app I figured out how to do that from the translation API docs, but I lacked permission. I could not find any step by step instructions for giving permission. I found this: https://cloud.google.com/translate/docs/setup which pointed me to this: https://cloud.google.com/iam/docs/understanding-roles at which point a normal human is going to be ready to give up. Look at that second page! It's an endless stream of gobledegook. After getting the pointer from Amit that I need to add the role to IAM, I went to IAM & Admin in my console, and selected "roles". Spoiler alert: this is not where you do this. Amit mentioned "service accounts" so I went looking for that. I chose the "Service Accounts" section. I see my service account, and it has a "..." Actions menu. None of those actions are about adding roles. I click on the link for my service account, and see there's a tab for "permissions". Doesn't seem to be anywhere I can give it permissions there. Honestly, I've just given up again. I know that by fumbling around in the console I eventually ended up on a page where it wanted me to type an email address. And I eventually figured out that it wanted the email address of the service account. But for the life of me, I can't find that now. You need to write a how-to for giving an app engine app permission to access an API. Or if such a thing already exists, you need to elevate it to make it findable. -Joshua > On Dec 4, 2020, at 2:17 PM, wesley chun <wes...@gmail.com> wrote: > > Thanks for your feedback Joshua. Can you take a screenshot of the Cloud > Console where you think there should be a message or that is misleading, then > go to the appropriate page in the documentation you think additional > messaging would help, and click on the "Send feedback" button in the upper > right corner of that page? The tool will also let you highlight where on the > docs page your messaging should go. This will greatly help the team analyze > your feedback and take appropriate action as necessary. > > Cheers, > --Wesley > > On Fri, Nov 20, 2020 at 5:33 AM Joshua Smith <mrjoshuaesm...@gmail.com > <mailto:mrjoshuaesm...@gmail.com>> wrote: > That worked. Thank you so much. > > You guys need to work on your documentation. I never could have figured that > out myself. And the process of adding that role to the service account was > also weird. (The UX is asking for the email of a new user, when what I need > to add is a service account that isn’t a new user, and isn’t even really an > email.) > > -Joshua > >> On Nov 19, 2020, at 2:19 PM, 'Amit Sinha' via Google App Engine >> <google-appengine@googlegroups.com >> <mailto:google-appengine@googlegroups.com>> wrote: >> >> Hello Joshua, could you try to add the “Cloud Translation API User” role in >> the service account from IAM? As of this [1] documentation, it includes the >> permission that showing in the error. >> >> [1] >> https://cloud.google.com/iam/docs/understanding-roles#cloud-translation-roles >> >> <https://cloud.google.com/iam/docs/understanding-roles#cloud-translation-roles> >> On Monday, November 16, 2020 at 2:23:03 PM UTC-5 Joshua Smith wrote: >> I don’t think Google could have come up with a more confusing and convoluted >> system for API permission management if they tried. >> >> So I’ve enabled the “cloud translation” API within my project. >> >> I have some Python (2.7, old school) code that goes: >> >> credentials = >> ServiceAccountCredentials.from_json_keyfile_name(CLIENT_SECRETS_FILE, >> scopes=['https://www.googleapis.com/auth/cloud-platform’ >> <https://www.googleapis.com/auth/cloud-platform%E2%80%99>]) >> http_auth = credentials.authorize(Http()) >> service = build("translation", "v3", http=http_auth) >> service.projects().translateText(parent=“projects/my-project-id-here",body={"contents":"bonjour", >> "targetLanguageCode":"en"}).execute() >> >> And I get: >> >> googleapiclient.errors.HttpError: <HttpError 403 when requesting >> https://translation.googleapis.com/v3/projects/ >> <https://translation.googleapis.com/v3/projects/>my-project-id-here:translateText?alt=json >> returned "Cloud IAM permission 'cloudtranslate.generalModels.predict' >> denied."> >> >> So it seems like I need to check some box somewhere to make this work, but I >> can’t figure out where. >> >> The service account in the client secrets file is working fine when I use it >> to hit Google Analytics from the same app. And in fact, my code to access GA >> is almost identical except the scope and service call. >> >> Any ideas? >> >> -Joshua >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google App Engine" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to google-appengine+unsubscr...@googlegroups.com >> <mailto:google-appengine+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/google-appengine/38511647-af55-4440-b8a9-47a2d26e1f42n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/google-appengine/38511647-af55-4440-b8a9-47a2d26e1f42n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to google-appengine+unsubscr...@googlegroups.com > <mailto:google-appengine+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/google-appengine/96693B33-8943-4948-8444-7F9ABAAAB70D%40gmail.com > > <https://groups.google.com/d/msgid/google-appengine/96693B33-8943-4948-8444-7F9ABAAAB70D%40gmail.com?utm_medium=email&utm_source=footer>. > > > -- > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > "A computer never does what you want... only what you tell it." > wesley chun :: @wescpy <http://twitter.com/wescpy> :: Software Architect > & Engineer > Developer Advocate at Google Cloud by day; at night... > Python training & consulting : http://CyberwebConsulting.com > <http://cyberwebconsulting.com/> > "Core Python" books : http://CorePython.com <http://corepython.com/> > Python blog: http://wescpy.blogspot.com <http://wescpy.blogspot.com/> > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to google-appengine+unsubscr...@googlegroups.com > <mailto:google-appengine+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/google-appengine/CAB6eaA6qha4NWpPqtRQvSt3v86vPwJQ02j%3D_UtFT8w5m6KnHGQ%40mail.gmail.com > > <https://groups.google.com/d/msgid/google-appengine/CAB6eaA6qha4NWpPqtRQvSt3v86vPwJQ02j%3D_UtFT8w5m6KnHGQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/8779DD22-2BCF-4834-B50B-57BB5B8B0017%40gmail.com.
