Troubleshoot Assured OSS issues

This page shows you how to resolve issues with Assured Open Source Software.

Authentication errors

This section lists some errors that you might encounter with authentication and provides suggestions about fixing them.

HTTP 403: Permission artifactregistry.mavenartifacts.list denied

The following error message is returned when authentication fails:

{
  "error": {
    "code": 403,
    "message": "Permission 'artifactregistry.mavenartifacts.list' denied on resource '//artifactregistry.googleapis.com/projects/cloud-aoss/locations/us/repositories/cloud-aoss-java' (or it may not exist).",
    "status": "PERMISSION_DENIED",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.ErrorInfo",
        "reason": "IAM_PERMISSION_DENIED",
        "domain": "artifactregistry.googleapis.com",
        "metadata": {
          "permission": "artifactregistry.mavenartifacts.list",
          "resource": "projects/cloud-aoss/locations/us/repositories/cloud-aoss-java"
        }
      }
    ]
  }
}

One of the following reasons can cause this error:

  • You haven't enabled the service account or AWS account ID: Enable the service account or AWS account ID by providing its details in the customer enablement form.

  • You haven't set up Application Default Credentials (ADC): To resolve this issue, make sure that you have set up authentication.

    For more details, see Set up Application Default Credentials.

  • You have set up ADC with incorrect service account: Make sure that the service account you are using is the same service account that you have enabled using the customer enablement form.

HTTP 403: Permission artifactregistry.pythonpackages.list denied

The resolution for this error is the same as that for the HTTP 403 error you receive for Java.

Service account key creation is disabled

You might encounter the following error while trying to generate a service account key for authentication:

Service account key creation is disabled.

The organization policy constraint 'iam.disableServiceAccountKeyCreation' is
enforced. This constraint disables the creation of new service account keys.

To resolve this issue, contact your organization policy administrator and request an exception to the organization policy constraint that disables the creation of service account keys.