Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM permission to run #54

Open
rucciva opened this issue Aug 21, 2023 · 4 comments
Open

IAM permission to run #54

rucciva opened this issue Aug 21, 2023 · 4 comments

Comments

@rucciva
Copy link

rucciva commented Aug 21, 2023
edited
Loading

hi, what is the permission required for an IAM user to be used by this project. currently i give IAM read only access and CES read only access but i still got the following error

recover error: failed to get domain id, No domain id found, please select one of the following solutions:1. Manually specify domain_id when initializing the credentials.2. Use the domain account to grant the current account permissions of the IAM service.3. Use AK/SK of the domain account.

IAM read only access

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "iam:*:get*",
                "iam:*:list*",
                "iam:*:check*"
            ],
            "Effect": "Allow"
        }
    ]
}

CES read only access

{
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "ces:*:get*",
                "ces:*:list*",
                "*:*:get*",
                "*:*:list*"
            ],
            "Effect": "Allow"
        }
    ]
}
@cxl123156
Copy link
Collaborator

CES,RMS,EPS and ELB read access is required

@rucciva
Copy link
Author

rucciva commented Sep 7, 2023

Hi @cxl123156 , thanks for the reply.
i did grant the following permisison as you pointed out but i still got the following error

Screenshot 2023-09-07 at 08 31 48 
  [SYS.RDS-1694049463985-1694050063985] recover error: failed to get domain id, No domain id found, please select one of the following solutions:1. Manually specify domain_id when initializing the credentials.2. Use the domain account to grant the current account permissions of the IAM service.3. Use AK/SK of the domain account.

my clouds.yml setting is following:

global:
 prefix: "huaweicloud"
 port: ":8087"
 metric_path: "/metrics"
 scrape_batch_size: 300

auth:
 auth_url: "https://iam.ap-southeast-4.myhuaweicloud.com/v3"
 access_key: "<redacted>"
 secret_key: "<redacted>"
 user_name: ""
 password: ""
 domain_name: "<redacted>"
 region: "ap-southeast-4"
 project_id: "<redacted>"
 project_name: "ap-southeast-4"

@cxl123156
Copy link
Collaborator

@rucciva which version of cloudeye-exporter did you used?

@rucciva
Copy link
Author

rucciva commented Sep 7, 2023
edited
Loading

hi @cxl123156 , its v2.0.5 with a custom dockerfile here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rucciva @cxl123156