LinkedIn
Twitter
I have been trying for the last 3 days to enable in-app purchases through a 3rd party service provider. Or two. I tried RevenueCat and Adapty. The instructions are the same for both.
I was able to connect to RevenueCat via their instructions back when I had a personal developer account. Then I made a business account, transferred my app to it, followed the exact same instructions. It worked for a minute, and then became invalid a few minutes later. Then I tried Adapty, and it would not work at all.
I looked into the GCP logs and found this error message, in the below json: One or more users named in the policy do not belong to a permitted customer.
I am aware there is a wait, which I waited, and also a hack to speed it up, which I tried without luck. In the case of the hack, the error message was different (The current user has insufficient permissions to perform the requested operation.), so I think it's a different issue. I have also tried:
changing my role in the organization and the project and creating a new service account with the additional roles:
comparing the creation event log back from when it worked, to the one now. There was no difference
- I was able to connect bitrise via browser role with no problem
This is from the activity log:
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 9,
"message": "One or more users named in the policy do not belong to a permitted customer." // <== 🔴
},
"authenticationInfo": {
"principalEmail": "SERVICE_ACCOUNT_FOR_ADAPTY.iam.gserviceaccount.com",
"serviceAccountKeyName": "//iam.googleapis.com/projects/ABCDE-FGHIJ-######/serviceAccounts/SERVICE_ACCOUNT_FOR_ADAPTY.iam.gserviceaccount.com/keys/######################",
"principalSubject": "serviceAccount:SERVICE_ACCOUNT_FOR_ADAPTY.iam.gserviceaccount.com"
},
"requestMetadata": {
"callerIp": "##.###.###.#",
"callerSuppliedUserAgent": "(gzip),gzip(gfe)",
"requestAttributes": {
"time": "2024-04-15T20:00:08.543016640Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "pubsub.googleapis.com",
"methodName": "google.iam.v1.IAMPolicy.SetIamPolicy",
"authorizationInfo": [
{
"resource": "projects/ABCDE-FGHIJ-######/topics/adapty-prod-########-####-####-####-############",
"permission": "pubsub.topics.setIamPolicy",
"granted": true,
"resourceAttributes": {},
"permissionType": "ADMIN_WRITE"
}
],
"resourceName": "projects/ABCDE-FGHIJ-######/topics/adapty-prod-########-####-####-####-############",
"request": {
"resource": "projects/ABCDE-FGHIJ-######/topics/adapty-prod-########-####-####-####-############",
"@type": "type.googleapis.com/google.iam.v1.SetIamPolicyRequest",
"policy": {
"bindings": [
{
"role": "roles/pubsub.publisher",
"members": [
"serviceAccount:google-play-developer-notifications@system.gserviceaccount.com"
]
}
]
}
}
},
"insertId": "ABCD1234",
"resource": {
"type": "pubsub_topic",
"labels": {
"project_id": "ABCDE-FGHIJ-######",
"topic_id": "projects/ABCDE-FGHIJ-######/topics/adapty-prod-########-####-####-####-############e"
}
},
"timestamp": "2024-04-15T20:00:08.534124734Z",
"severity": "ERROR", // <== 🔴
"logName": "projects/ABCDE-FGHIJ-######/logs/cloudaudit.googleapis.com%2Factivity",
"receiveTimestamp": "2024-04-15T20:00:09.575442323Z"
}
And this is from Google Play Console logs. I think I have tried setting just Account Permissions, and that didn't make a difference either.
I have some insane time pressure right now and this thing is making me freak out. Any help for figuring this out would be greatly appreciated. Greatly greatly appreciated.
Quick edit. I see that the old notification topic was transferred along with my app to the business account. I deleted it, disabled notifications, will disable pub/sub and dev real time notifications apis, then try the whole process again, and maybe that will help...
