-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG: Service account with only LogWriter permission works in Java, not in python #986
Comments
Some additional information to replicate: I took the project https://github.com/googleapis/java-logging-logback/issues XML additions to `pom.xml` <build>
<plugins>
<plugin>
<!-- Build an executable JAR -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.6</version>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
<classpathPrefix>lib/</classpathPrefix>
<mainClass>com.example.logging.logback.Quickstart</mainClass>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<!-- Build an executable JAR with runtime dependencies so that this program can be executed from command line using java -jar command -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.10</version>
<executions>
<execution>
<id>copy-dependencies</id>
<phase>package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/lib</outputDirectory>
<overWriteReleases>false</overWriteReleases>
<overWriteSnapshots>false</overWriteSnapshots>
<overWriteIfNewer>true</overWriteIfNewer>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build> Then did cd samples
mvn package
cd snippets/target
java -cp lib/ -jar logging-logback-snippets-1.2.0.jar Then got the following:
In the same directory ( # Imports the Cloud Logging client library
import google.cloud.logging
from google.cloud.logging.handlers import CloudLoggingHandler, setup_logging
# # Instantiates a client
client = google.cloud.logging.Client()
google_handler = CloudLoggingHandler(client)
# Retrieves a Cloud Logging handler based on the environment
# you're running in and integrates the handler with the
# Python logging module. By default this captures all logs
# at INFO level and higher
client.setup_logging()
# Imports Python standard library logging
import logging
logger = logging.getLogger(__name__)
# The data to log
text = "This is a test"
# Emits the data using the standard logging module It had output that went to the google cloud logging with no problem:
So I know that my permissions are correct - it works with python. Something is wrong with the Java library. |
Thinking about this overnight, you would need to test this with a service account that only has the LogWriter permission. It may also be the case that my work account that I'm using does not have that permission, so maybe the Java code is mixing up what I personally am allowed to do (not write a log) versus what the service account is allowed to do. |
@Dr-Irv , thanks a lot for filing this issue and sorry it took a while to get ti it. Can you please confirm that you use project which has appropriate permissions? |
I've moved on to other things, and project permissions were changed by administrators since then. The bottom line is if you follow the instructions in my comment above at #986 (comment) and create a service account with |
Hi @Dr-Irv , are you still running into this issue? If so, do you mind sharing some details with a latest repro? |
As mentioned here, , I have moved on to other things, and we found some workaround at some point by changing permissions, so it's no longer an issue for me, but I would bet the bug still exists. |
Thanks. I will try to get a repro from #986 (comment) and investigate from there. |
I am getting this message when using the Java client library:
I am using a service account that has the "Logs Writer" permission. I know it works because a simple python app successfully writes to the Google cloud logging project. I am using the
GOOGLE_APPLICATION_CREDENTIALS
environment variable to point to the JSON file that has the token.If I change the environment variable to point to a non-sensical filename, I get this message
This confirms that the Java library is reading the right file.
Why would things work in python and not work in Java with respect to permissions? How can I find out which permission it thinks I am missing?
The text was updated successfully, but these errors were encountered: