-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] gcloud-logging #22
Comments
From @jgeewax on September 1, 2015 20:26 PR's are welcome ! :) Seriously though -- I think @stephenplusplus may be able to help answer....? |
I think the next two APIs we want to implement are Resource Manager and logging. A rough guess is probably an ETA of early-Mid October for both. PRs definitely welcome to speed up the process :) |
From @VikramTiwari on September 1, 2015 20:53 @jgeewax @stephenplusplus There's already some work going on with trace, I am guessing that they will also include logs in the lib once everything is stable on the core api end. Best will be to have that whole lib included in this project. As for PRs, step 0 - forking done! 👍 :) |
Awesome, keep us posted! Feel free to send a PR whenever you have something ready to discuss or get feedback on; don't worry about waiting until it's perfect. I'll tackle supporting Resource Manager first, but feel free to ping me for any help with logging. Thanks for helping! |
@VikramTiwari I'm getting started on this. I'll hopefully have a preliminary PR up for review in a couple days. |
From @VikramTiwari on September 15, 2015 16:29 @stephenplusplus Aha! Nice. 😄 Sorry but i have been busy hence couldn't contribute anything. |
No problem at all! Just make sure to leave some time to test it out for us :) |
From @VikramTiwari on September 15, 2015 16:31 haha Alrighty! Committed for that. :) |
@jgeewax running into "The caller does not have permission" API errors while testing my Logging implementation. Specifically, it's a call to https://cloud.google.com/logging/docs/api/ref/rest/v1beta3/projects.sinks/create -- I'm guessing service accounts aren't sufficient for this API? |
From @munangst on September 16, 2015 13:13 The issue is that sinks.create (and also sinks.delete, sinks.update, and logs.delete) requires the caller to be a project owner, and service accounts can't be owners. Our expectation was that typically these operations are infrequent (since they set up long-lived log export destinations) and users would perform them manually as an admin using gcloud or the Developers Console. However, we've gotten some recent feedback that users want to manage log sinks with service accounts (e.g., to allow automation to set up new projects) so we're reconsidering this. We're also planning to support Cloud IAM policies in the future so that you can manage permissions at a level finer than Project Viewer/Editor/Owner. Can you explain a bit more about the use case? Is it feasible to pass the user's credentials for this operation instead of using a service account? |
I can't come up with a specific use case, but in general our library make the upstream APIs available for any of our users to easily fit into theirs. We do run into these one-off/bootstrap procedures from time to time that are best done with a UI (Pub/Sub creating a topic, Storage creating a bucket). In this case, since our library has full support for Storage, and a possible sink can be a bucket, if a user did have a need for programmatic creation of a sink, we can simplify the connection between a new sink and a Bucket destination: var gcloud = require('gcloud')({
projectId: 'my-project-id',
keyFilename: 'path-to-service-account-keyfile.json'
});
var storage = gcloud.storage();
var logging = gcloud.logging();
logging.createSink('new-sink-name', {
destination: storage.bucket('logging')
}, function(err, sink) {}); Internally, that would grant the logging account as an owner on the bucket, create the sink, and give the user programmatic access to make further modifications to the sink (getting/setting metadata, deleting). @jgeewax might be able to speak to specific use cases.
As far as I know, this would be pretty tricky. In production, a user would be using our library headlessly, so I'm not sure how the user auth process would begin. This could just be due to my still-maturing familiarity with all of the auth options, so if anyone can explain how we can easily get the credentials we need, please correct me. |
From @jgeewax on September 20, 2015 12:26
It really should be... For example, the resource manager API only works with user account credentials... so this should look like
And myscript should use the user-creds .... Do we really not do that anywhere in our auth situation? |
We do via https://github.com/google/google-auth-library-nodejs. We get a token successfully this way, and pass it with the request. The response is still "The caller does not have permission" -- does this mean I'm getting a token that doesn't work? Or maybe my project/account needs to be whitelisted? |
From @jgeewax on September 20, 2015 12:41 Or it's pulling credentials from the wrong place? It should work just fine with your credentials coming from |
I had the error wrong, I'm getting "The caller does not have permission" with the service account and "Insufficient Permission" with It seems to be picking them up from the right spot, because if I |
From @jgeewax on September 20, 2015 13:4 Can you execute the API request using the demo thing in the docs pages |
Yes. |
Note that this is similar to googleapis/google-cloud-node#864 (comment) |
@callmehiphop want to give this a shot to see if it's just me? Basically run the system test code from my PR for creating a sink. Make sure you override the auth for the test and provide only a projectId. If you need help getting set up let me know. |
This is from running locally on my development machine after |
From @callmehiphop on September 21, 2015 21:45 I also received a |
@jgeewax another whitelisting issue, maybe. My project ID is nth-circlet-705. |
From @jgeewax on October 20, 2015 12:29 Just FYI, pinged the team, waiting to see what they say |
From @filipjs on October 20, 2015 13:28 Yes, we need the "cloud-platform" scope to work. |
Sorry for the late update, but I actually later confirmed |
From @filipjs on October 20, 2015 13:53 Did you mean "cloud" not "gcloud"? |
Yes, sorry the After some playing around, I was able to create a sink successfully. As you predicted, @filipjs, an intermediary request was getting the error. I'll look into that and open an issue for it if necessary, but it's not one that relates to Logging. Thanks for your help! |
From @filipjs on October 20, 2015 14:33 Great! We also have "log sinks" and "service sinks" but those are going away. |
Good call, and thanks for checking it out! Is there an API update coming soon? If there are any docs available or a changelog you can send over, that'd be helpful. Also, if you don't mind, I'll give you another ping when the PR is closer to completion, but feel free to stay involved as much as you can as it evolves. |
From @munangst on October 20, 2015 15:14 Yes, we're working on some changes that will be released as v2 of the API. The main difference relevant to this issue is that we're simplifying the |
From @munangst on October 20, 2015 15:17 (Also, not to fear, we'll transparently migrate any pre-existing log-level |
To anyone interested, support for Logging in gcloud-node is ready for review. It would be great if you could check out our API docs and leave any comments on the PR: #865. Thanks! |
From @JustinBeckwith on November 30, 2015 16:35 So this is based on the v1 logging API, right? So we don't need to worry about whitelisting? |
From @VikramTiwari on September 1, 2015 20:13
Is there any plan to include logging api in this package? If so what is the expected timeline?
Link: https://cloud.google.com/logging/docs/api/gcloud-logging
Copied from original issue: googleapis/google-cloud-node#842
The text was updated successfully, but these errors were encountered: