Troubleshooting

Learn about troubleshooting steps that you might find helpful if you run into problems using the Cloud Healthcare API.

Cannot enable the Cloud Healthcare API

When enabling the Cloud Healthcare API for the first time in your Google Cloud Platform project, you might encounter a permissions error indicating that you don't have permission to enable GCP APIs for your project.

See Enabling and disabling APIs for information on how to enable GCP APIs, including the Cloud Healthcare API.

Cannot authenticate to the Cloud Healthcare API

When calling the Cloud Healthcare API, you might receive an error message indicating that your "Application Default Credentials" are unavailable.

See Authenticating to the API for information on how to configure Application Default Credentials or how to pass in authentication credentials manually to an application or command.

Missing the Cloud Healthcare API service account or Healthcare Service Agent role

The Cloud Healthcare Service Agent service account is automatically created when you enable the Cloud Healthcare API. This is a Google-managed service account. You cannot delete the service account entirely, but under certain circumstances it might not appear in the Cloud Identity and Access Management page and you might encounter issues with the Cloud Healthcare API.

For the Cloud Healthcare API to function correctly and complete tasks like publishing and receiving messages from Cloud Pub/Sub or writing metrics to Stackdriver Logging, the Cloud Healthcare Service Agent service account must exist and must have the Healthcare Service Agent Cloud IAM role.

You can recreate the Cloud Healthcare Service Agent service account or grant it the Healthcare Service Agent Cloud IAM role if you encounter any of the following issues:

  • You cannot find the Cloud Healthcare Service Agent service account in the Cloud Identity and Access Management page.
  • You can find the Cloud Healthcare Service Agent service account, but it does not contain the Healthcare Service Agent role.

Use the gcloud command-line tool to add the healthcare.serviceAgent role to the Cloud Healthcare Service Agent service account using the service account's identifier, which uses the format service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.

To recreate the service account or grant it the Healthcare Service Agent Cloud IAM role, run the gcloud projects add-iam-policy-binding command. To find the PROJECT_ID and PROJECT_NUMBER, see Identifying projects.

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member=serviceAccount:service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com \
    --role=roles/healthcare.serviceAgent

If the request is successful, the command prompt displays a message similar to the following sample:

Updated IAM policy for project [PROJECT_ID].
bindings:
...
- members:
  - serviceAccount:service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com
  role: roles/healthcare.serviceAgent
...
etag: VALUE
version: VALUE

Return to the Cloud Identity and Access Management page again and verify the following:

  • The Member column contains a service account identifier in the format service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.
  • In the same row as the Member column, the Name column contains Cloud Healthcare Service Agent.
  • In the same row as the Member column, the Role column contains Healthcare Service Agent.
Hat Ihnen diese Seite weitergeholfen? Teilen Sie uns Ihr Feedback mit:

Feedback geben zu...

Cloud Healthcare API