Create cloud run job with JobsClient in node.js. P...

ChelseaBright · 12-24-2024 01:20 AM

Good day,

I am trying to execute a cloud run job with JobsClient in node.js. Below is my code:

export const trigger_cloud_run_job = () => {
    let router = express.Router();
    router.post(
        "/file_upload/trigger_cloud_run_job",
        validationMdw,
        check_auth(),
        async (req: ExtRequest, res) => {
            console.log("run trigger")
            let { modelPath, atlasPath  } = req.body;
            console.log("request body: ", modelPath, atlasPath )

            try {

                const project = `${process.env.GCP_PROJECT_ID}`;
                const location = "europe-west3"

                const jobId = 'benchmark-atlas';
                const parent = `projects/${project}/locations/${location}`;
                
                const {JobsClient} = require('@google-cloud/run').v2;
                const runClient = new JobsClient();

                // the job struct
                const job = {
                    template: {
                    // parallelism: 0,
                    template: {
                        containers: [{
                        image: process.env.IMAGE_URL,
                        resources: {
                            limits: {
                            cpu: "1000m",
                            memory: "512Mi"
                            },
                            cpuIdle: false,
                            startupCpuBoost: false
                        },
                        env: [
                            {
                            name: "modelPath",
                            values: modelPath
                            },
                            {
                            name: "atlasPath",
                            values: atlasPath
                            }
                        ],
                        }],
                        timeout: {
                        seconds: "1800",
                        nanos: 0
                        },
                        maxRetries: 3,
                        serviceAccount: process.env.JOB_SERVICE_ACCOUNT,
                        retries: "maxRetries"
                    }
                    }
                };


                const request = {
                    parent,
                    job,
                    jobId,
                  };

                // Run request
                try {
                    const [operation] = await runClient.createJob(request);
                    const [response] = await operation.promise();
                    console.log(response);
                } catch (error) {
                    if (error.code === 6) {
                      console.log('Job already exists. Skipping creation.');
                    } else {
                      throw error;
                    }
                }

            } catch (error) {
                console.error('Error creating or running Cloud Run Job:', error);
                res.status(500).send({error: error.message});
            }
        });


    return router;
};

When running this I get the following error:

Error creating or running Cloud Run Job: Error: 7 PERMISSION_DENIED: Permission 'run.jobs.create' denied on resource 'projects/{projectID}/locations/europe-west3/jobs/benchmark-atlas' (or resource may not exist).

The serviceAccount specified for the job creation is the compute@developer.gserviceaccount.com (default service account). Thus, it has all the required permissions to create an run a cloud run job. I have also successfully created a job locally with this service account.

gcloud run jobs create benchmark-atlas \
  --image=gcr.io/{projectID}/{image}:latest \
  --region=europe-west3 \
  --project={projectID} \
  --service-account={projectID}-compute@developer.gserviceaccount.com

Is there something that I may be missing? I am fairly new to GCP and therefore would appreciate any guidance you have. Thanks in advance!

ronnelg

Hi @ChelseaBright,

Welcome to Google Cloud Community!

What are the permissions or roles you currently have for your service account? I suggest adding the Cloud Run Source Developer (roles/run.sourceDeveloper) role since you are using container images stored in Artifact Registry. Also, please make sure that the Cloud Run Admin API is enabled. Run this command to make sure that it is enabled, gcloud services list.

Alternatively, try to use the deploy command instead of create and see if it works:

gcloud run jobs deploy JOB_NAME --image IMAGE_URL OPTIONS

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

ChelseaBright

Thank you very much for your reply! I have added the run.developer role to my service account (there is not run.sourceDeveloper). I am now getting the error:

"Permission 'iam.serviceaccounts.actAs' denied on service account {process.env.JOB_SERVICE_ACCOUNT} "

I have added the Service Account User role to the service account specified for process.env.JOB_SERVICE_ACCOUNT and have verified that it is indeed set. I then tried again (multiple times in 20 minute intervals) to rerun but I am getting the same permission error I mentioned above. Please let me know if there is anything else I should do.

As I am not using the command line, but rather Node.js client library, I could not use the deploy command as it seems to not exist in the client library. I have also verified that the cloud run admin API is enabled (by running gcloud services enable run.googleapis.com)

Create cloud run job with JobsClient in node.js. Permission denied