GCP - How can I create an HL7v2 store configured with a Pub/Sub topic using curl?

Question

In order to transmit HL7v2 messages over TCP/IP connections using the minimal lower layer protocol (MLLP) I'm following this guide. When I get to the part where I create an HL7v2 store configured with a Pub/Sub topic (here) I get an error.

This is what I typed in my terminal:

curl -X POST \
    --data "{
      'notificationConfigs': [
        {
          'pubsubTopic': 'projects/PROJECT_ID/topics/PUBSUB_TOPIC',
          'filter': ''
        }
      ]
    }" \
    -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
    -H "Content-Type: application/json; charset=utf-8" \
    "https://healthcare.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/hl7V2Stores?hl7V2StoreId=HL7V2_STORE_ID"

This is the error I get:

{
  "error": {
    "code": 403,
    "message": "Permission healthcare.hl7V2Stores.create denied on resource projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID (or it may be malformed or not exist)",
    "status": "PERMISSION_DENIED"
  }
}

The Dataset projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID exists, I double checked it. So, is this somehow related to my permissions (IAM policy) ? I don't understand because I am Administer HL7v2 Stores.

How can I create my Datastore without getting this error ?

Answer 1

I found out that the command gcloud auth application-default print-access-token was not returning the correct token but gcloud auth print-access-token is.

So with the right auth token, the command works and I get the correct response:

{
  "name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/hl7V2Stores/HL7V2_STORE_ID",
  "notificationConfigs": [
    {
      "pubsubTopic": "projects/PROJECT_ID/topics/PUBSUB_TOPIC"
    }
  ]
}