googleapis / google-cloud-node

Google Cloud Client Library for Node.js
https://cloud.google.com/nodejs
Apache License 2.0
2.92k stars 592 forks source link

[@google-cloud/retail] Unable to make requests to desired project via SearchServiceClient #4339

Open cq-fpietron opened 1 year ago

cq-fpietron commented 1 year ago

Environment details

Steps to reproduce

Hello,

I am trying to setup an app that consumes the google-cloud retail API using the Node.js SDK. The SDK is authorized using a SA private key, via GOOGLE_APPLICATION_CREDENTIALS env. The SA has access to multiple projects, one of which has the Retail API enabled.

However, no matter how explicitly I specify which project I want the requests sent to, they are being sent to an another project anyway. My sample code looks something like this:

  const searchServiceClient = new SearchServiceClient({
    projectId: 'desired-project-id',
  });

  const [results, request, response] = await searchServiceClient.search(
    {
      placement: 'placement',
      query: 'query',
      visitorId: 'some-user-id',
      offset: 0,
      pageSize: 1,
      userInfo: {
        userId: 'some-user-id',
      },
    },
    { autoPaginate: false, maxResults: 1 }
  );

Even though I specify the projectId twice - once in the SearchServiceClient constructor and another time within placement, the requests end up being sent to a project different than desired-project-id.

I have tried multiple solutions, from hacking the project_id field in SA credentials, to ensuring the GOOGLE_CLOUD_PROJECT env is not set by accident. Nothing seemed to work with the Retail SDK.

I encountered similar problems with a different SDK previously, however then specifying the projectId in the constructor seemed to solve the issue. With the Retail SDK, I was only able to make it work with my own Application Default Credentials, but that's not a feasible option for remote environments.

piotrostr commented 1 year ago

The issue is caused by the slightly ambiguous error message. It might have one think that the requests are targeting a wrong project. In fact, the Retail API has to be enabled for the project from where the requests are sent from as well. After that the issue is fixed.

gcloud services enable retail.googleapis.com --project $THE_OTHER_PROJECT

The error message for reference:

{
  code: 7,
  details: 'Retail API has not been used in project $THE_OTHER_PROJECT before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/retail.googleapis.com/overview?project=$THE_OTHER_PROJECT then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.',
   ...
}
sofisl commented 1 year ago

@cq-fpietron does this resolve your issue?

cq-fpietron commented 1 year ago

@sofisl in my case not really. We ended up using separate credentials for different services, which is not ideal in our scenario. The issue still remains (if you have a service account that has permissions for multiple projects, specifying the projectId has no effect).