Google cloud discovery issue

Hanumant Madan1 · ‎02-06-2023

Hello Everyone,

We are in process of discovering google cloud in ServiceNow and have setup the initial config like service account, credentials, MID server has access to GCP.

Whenever we are selecting MID server and trying to test account it just fails with no details about error.

Need advise on what we should be checking as for testing purpose our GCP team even tried giving our account highest access to GCP and it still failed.

Are we missing any important step here, if not then what should be a way ahead.

Regards,

Hanumant

SiD2 · ‎02-07-2023

Hi @Hanumant Madan1

You must see some pattern logs in the discovery log where test account is performed, check for detailed errors by opening pattern log.

If you don't observe any error or clear info there, you can check the mid agent logs during the same time frame.

Please mark Helpful / Accept Solution so that it helps others with similar questions.

Hanumant Madan1 · ‎02-07-2023

Hi Sid,

Here are logs:

"message" : "2023-02-02 10:42:14: Pattern exit because Graceful Termination, reason: Provided account id is neither a GCP Folder nor a GCP Project Failed Condition(s): [(${projects} : value=) IS NOT EMPTY ]",

{
"name" : "Discovery Log",
"status" : "MIXED",
"children" : [ {
"name" : "Pre Pattern Execution",
"id" : "pre_pattern_execution_script",
"status" : "SUCCESS",
"level" : 2,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Getting pre pattern execution data generated by script."
}, {
"message" : "2023-02-02 10:42:14: setAttribute(service_account,[{discovery_credentials=fe6ab3c11b386d90a2f7dc68ec4bcbed, discovery_source=ServiceNow, datacenter_url=, object_id=instanceprj-bhapp1-npr-01-261720, name=instanceprj-bhapp1-npr-01, sys_class_name=cmdb_ci_cloud_service_account, datacenter_type=cmdb_ci_google_datacenter, account_id=instanceprj-bhapp1-npr-01-261720, is_master_account=false, parent_account=, accessor_account=, existing_access_role_name=, existing_accessor_account_ref=, existing_credentials_ref=}])",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(build_relation_from_host_sys_id,false)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(no_relation,true)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(pattern_runtime_mode,horizontal)",
"severity" : "DEBUG"
} ],
"type" : "NONE"
}, {
"name" : "Selecting Pattern for Execution",
"id" : "set_pattern_name",
"status" : "SUCCESS",
"level" : 2,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Pattern: Google Cloud Platform (GCP) - Validate Service Account"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(pattern,Google Cloud Platform (GCP) - Validate Service Account)",
"severity" : "DEBUG"
} ],
"type" : "NONE"
}, {
"name" : "GCP Service Account Identification",
"status" : "GRACEFUL_TERMINATION",
"children" : [ {
"name" : "Set API version",
"status" : "SUCCESS",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: setAttribute(API_version,v1)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Create Service Account From Input Params",
"status" : "SUCCESS",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Library 'Create Service Account From Input Params' executing",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Create service account table if doesn't exist",
"status" : "NOP",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Step condition is false. step not executed. False Condition(s): [(${service_account} : value=[{discovery_credentials=fe6ab3c11b386d90a2f7dc68ec4bcbed, discovery_source=servicenow, datacenter_ur...) IS EMPTY ]",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Add credentials and account ID to service account table if don't exist",
"status" : "NOP",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Step condition is false. step not executed. False Condition(s): [(${service_account[1].discovery_credentials} : value=fe6ab3c11b386d90a2f7dc68ec4bcbed) IS EMPTY ]",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Verify account ID",
"status" : "SUCCESS",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Check If it's a Folder",
"status" : "MIXED",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: setAttribute(headers,)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(method,GET)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(formatted,true)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(body,)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(url,https://cloudresourcemanager.googleapis.com/v2/folders/instanceprj-bhapp1-npr-01-261720)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(headers,null)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(body,null)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=46, too big. (script_include:GoogleApiCommand; line 238). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=46, too big. (script_include:GoogleApiCommand; line 238)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 29 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Filter ACTIVE Folder",
"status" : "NOP",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Step condition is false. step not executed. False Condition(s): [(${folderInfo} : value=) IS NOT EMPTY ]",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 0 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Fill cmdb_ci_cloud_service_account",
"status" : "NOP",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Step condition is false. step not executed. False Condition(s): [(${folderInfo} : value=) IS NOT EMPTY ]",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 1 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Get Single GCP Account",
"status" : "MIXED",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: setAttribute(headers,)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(method,GET)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(formatted,true)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(body,)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(url,https://cloudresourcemanager.googleapis.com/v3/projects/instanceprj-bhapp1-npr-01-261720)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(headers,null)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(body,null)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Exception occurred while executing operation Cloud REST Query. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=46, too big. (script_include:GoogleApiCommand; line 238). Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: java.security.InvalidKeyException: IOException : DerInputStream.getLength(): lengthTag=46, too big. (script_include:GoogleApiCommand; line 238)",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Execution time: 30 ms",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
}, {
"name" : "Verify if we have any valid response",
"status" : "MIXED",
"level" : 3,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Execution time: 0 ms",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: Pattern exit because Graceful Termination, reason: Provided account id is neither a GCP Folder nor a GCP Project Failed Condition(s): [(${projects} : value=) IS NOT EMPTY ]",
"severity" : "DEBUG"
} ],
"type" : "STEP_TYPE"
} ],
"level" : 2,
"type" : "IDENTIFICATION_SECTION_TYPE"
}, {
"name" : "Target Cleanup",
"id" : "target_cleanup",
"status" : "SUCCESS",
"level" : 2,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Skipped file cleaning on target. In order to activate this behavior, please set \"mid.sa.cleanup.clean_files_on_target\" MID property",
"severity" : "DEBUG"
} ],
"type" : "NONE"
} ],
"level" : 0,
"messages" : [ {
"message" : "2023-02-02 10:42:14: Task is running on MID server instance_MID_PD1C01",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(cmdb_ci_cloud_service_account,[{}])",
"severity" : "DEBUG"
}, {
"message" : "2023-02-02 10:42:14: setAttribute(cmdb_key_value,[{}])",
"severity" : "DEBUG"
} ],
"type" : "NONE"
}

Hanumant Madan1 · ‎02-07-2023

Here is the error I am seeing in pattern logs

Pattern exit because Graceful Termination, reason: Provided account id is neither a GCP Folder nor a GCP Project Failed Condition(s)

lalithya · ‎02-08-2023

Hi Hanumant Madan1,

Do you have a serverless GCP organization schedule? If so please check the Serverless execution pattern and see that the Discovery pattern Launcher Parameter values are set properly. If not please configure the values then you won't get the error