google-apis-explorer

projects.locations.jobs.create in CloudScheduler fails with InvalidArgument and PermissionDenied

I'm currently trying to create a CloudScheduler job from golang.

However, it is stuck with an error and I would like to know how to fix it.

The current code looks like this, and is to be run from CloudRun.

const projectID = "hogehoge-project"
const locationID = "asia-northeast1"
const jobBaseUrl = "https://example.com/notify"

func StartToCheckRunnning(jobID string) error {
    ctx := context.Background()
    cloudschedulerService, err := cloudscheduler.NewCloudSchedulerClient(ctx)
    if err != nil {
        log.Fatalf("cloudscheduler.NewCloudSchedulerClient: %v", err)
        return fmt.Errorf("cloudscheduler.NewCloudSchedulerClient: %v", err)
    }
    defer cloudschedulerService.Close()

    queuePath := fmt.Sprintf("projects/%s/locations/%s", projectID, locationID)

    req := &schedulerpb.CreateJobRequest{
        Parent: queuePath,
        Job: &schedulerpb.Job{
            Name:        jobID,
            Description: "managed by the system",
            Target: &schedulerpb.Job_HttpTarget{
                HttpTarget: &schedulerpb.HttpTarget{
                    Uri:        createJobUrl(jobBaseUrl, jobID),
                    HttpMethod: schedulerpb.HttpMethod_POST,
                },
            },
            Schedule: "* * * * *",
            TimeZone: "jst",
        },
    }
    resp, err := cloudschedulerService.CreateJob(ctx, req)
    if err != nil {
        log.Fatalf("cloudschedulerService.CreateJob: %v", err)
        return fmt.Errorf("cloudschedulerService.CreateJob: %v", err)
    }
    // TODO: Use resp.
    _ = resp
    return nil
}

When I run it, I will get the following error.

cloudschedulerService.CreateJob: rpc error: code = InvalidArgument desc = Job name must be formatted: "projects/<PROJECT_ID>/locations/<LOCATION_ID>/jobs/<JOB_ID>".

However, when I change the queuePath to the following, I now get the following error.

queuePath := fmt.Sprintf("projects/%s/locations/%s/jobs/%s", projectID, locationID, jobID)

cloudschedulerService.CreateJob: rpc error: code = PermissionDenied desc = The principal (user or service account) lacks IAM permission "cloudscheduler.jobs.create" for the resource "projects/hogehoge-project/locations/asia-northeast1/jobs/029321cb-467f-491e-852e-0c3df3d49db3" (or the resource may not exist).

Since I am using the CloudRun default service account, there should be no lack of permissions.

By the way, here is what it says to write in this format: projects/PROJECT_ID/locations/LOCATION_ID. https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/scheduler/v1beta1#CreateJobRequest

How can I correctly execute the create request? Thanks.

Solution

  • I solved myself with this code. It was an error in the Name of the Job, not the Parent.

        queuePath := fmt.Sprintf("projects/%s/locations/%s", projectID, locationID)
    namePath := fmt.Sprintf("projects/%s/locations/%s/jobs/%s", projectID, locationID, jobID)

    req := &schedulerpb.CreateJobRequest{
        Parent: queuePath,
        Job: &schedulerpb.Job{
            Name:        namePath,
            Description: "managed by system",
            Target: &schedulerpb.Job_HttpTarget{
                HttpTarget: &schedulerpb.HttpTarget{
                    Uri:        createJobUrl(jobBaseUrl, jobID),
                    HttpMethod: schedulerpb.HttpMethod_POST,
                },
            },
            Schedule: "* * * * *",
            TimeZone: "Asia/Tokyo",
        },
    }