I am following the tutorial at https://codelabs.developers.google.com/codelabs/docai-form-parser-v3-python#7 I followed all the steps they specified.....
I used Cloud SDK for the development purpose as specified in the tutorial but then
the code they gave is as follows:
project_id= 'YOUR_PROJECT_ID'
location = 'YOUR_PROJECT_LOCATION' # Format is 'us' or 'eu'
processor_id = 'YOUR_PROCESSOR_ID' # Create processor in Cloud Console
file_path = 'form.pdf' # The local file in your current working directory
from google.cloud import documentai_v1beta3 as documentai
from google.cloud import storage
def process_document(
project_id=project_id, location=location, processor_id=processor_id, file_path=file_path
):
# Instantiates a client
client = documentai.DocumentProcessorServiceClient()
# The full resource name of the processor, e.g.:
# projects/project-id/locations/location/processor/processor-id
# You must create new processors in the Cloud Console first
name = f"projects/{project_id}/locations/{location}/processors/{processor_id}"
with open(file_path, "rb") as image:
image_content = image.read()
# Read the file into memory
document = {"content": image_content, "mime_type": "application/pdf"}
# Configure the process request
request = {"name": name, "document": document}
# Use the Document AI client to process the sample form
result = client.process_document(request=request)
document = result.document
document_text = document.text
print("Document processing complete.")
print("Text: {}".format(document_text))
Then I am calling the function process_document() and the response from GCP I get is this error below
Traceback (most recent call last):
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\google\api_core\grpc_helpers.py", line 67, in error_remapped_callable
return callable_(*args, **kwargs)
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\grpc\_channel.py", line 946, in __call__
return _end_unary_response_blocking(state, call, False, None)
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\grpc\_channel.py", line 849, in _end_unary_response_blocking
raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.PERMISSION_DENIED
details = "Permission 'documentai.processors.processOnline' denied on resource '//documentai.googleapis.com/projects/550698032251/locations/us/processors/640b1155e305c10e' (or it may not exist)."
debug_error_string = "{"created":"@1621998239.448000000","description":"Error received from peer ipv4:172.217.166.170:443","file":"src/core/lib/surface/call.cc","file_line":1067,"grpc_message":"Permission 'documentai.processors.processOnline' denied on resource '//documentai.googleapis.com/projects/550698032251/locations/us/processors/640b1155e305c10e' (or it may not exist).","grpc_status":7}"
>
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT_FormParser.py", line 77, in <module>
process_document_sample(project_id = project_id, location= location, processor_id= processor_id, file_path= file_path)
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT_FormParser.py", line 38, in process_document_sample
result = client.process_document(request=request)
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\google\cloud\documentai_v1\services\document_processor_service\client.py", line 440, in process_document
response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,)
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\google\api_core\gapic_v1\method.py", line 145, in __call__
return wrapped_func(*args, **kwargs)
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\google\api_core\retry.py", line 285, in retry_wrapped_func
return retry_target(
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\google\api_core\retry.py", line 188, in retry_target
return target()
File "C:\Users\91982\GCP_CLCBusinessMSGBOT\CLCBusinessMSGBOT\lib\site-packages\google\api_core\grpc_helpers.py", line 69, in error_remapped_callable
six.raise_from(exceptions.from_grpc_error(exc), exc)
File "<string>", line 3, in raise_from
google.api_core.exceptions.PermissionDenied: 403 Permission 'documentai.processors.processOnline' denied on resource '//documentai.googleapis.com/projects/550698032251/locations/us/processors/640b1155e305c10e' (or it may not exist).
I did set the environment variables as specified & the IAM permissions to my account to access the project is also given with all role of the owner so all the permissions are granted even then the persists
Error message mentiones documentai.processors.processOnline - meaning the mentioned permission is not given but I have all the permissions for the particular service account associated with the Document AI Processor as I have owner role
where am I going wrong and How should I solve this?
I followed the tutorial and I encounter the same error as yours. The tutorial lacks the step to grant the created service account ([email protected]) with Document AI privileges (Step 5). To do this you can run this command:
#Set your project_id by exporting it on a environment variable
export GOOGLE_CLOUD_PROJECT=$(gcloud config get-value core/project)
#Run this command to grand your created service account with Document AI Editor role (read and write)
gcloud projects add-iam-policy-binding ${GOOGLE_CLOUD_PROJECT} --member="serviceAccount:my-docai-sa@${GOOGLE_CLOUD_PROJECT}.iam.gserviceaccount.com" --role="roles/documentai.editor"
#Set environment variable to use the credentials from the created service account
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/key.json"
You can refer to Document AI Roles for more information if you want to control your access to the API. After doing all this, you should no longer encounter this error.
You can check if the role was properly assigned to your service account by invoking this command.
gcloud projects get-iam-policy ${GOOGLE_CLOUD_PROJECT} --flatten=bindings --filter=bindings.role:roles/documentai.editor
It should show the following:
---
auditConfigs:
- auditLogConfigs:
- logType: ADMIN_READ
- logType: DATA_READ
service: cloudsql.googleapis.com
bindings:
members:
- serviceAccount:[email protected]
role: roles/documentai.editor
etag: xxxxxxxx
version: 1