将 stackdriver logging 与 bunyan 结合使用时,即使在 gcp 的 vm 实例内部也会出现 PERMISSION_DENIED 错误
Getting PERMISSION_DENIED error even inside gcp's vm instance when using stackdriver logging with bunyan
我正在尝试在带有 bunyan 记录器的 nodejs 应用程序中使用 stackdriver 记录器,我正在使用它来记录 graphql 请求,但我一直遇到配置问题,我已经按照@google-cloud/logging-bunyan 文档。
记录器的设置如下:
import { createLogger } from 'bunyan';
import { LoggingBunyan } from '@google-cloud/logging-bunyan';
const streams = [{ stream: process.stdout, level: 'info' as 'info' }];
if (process.env.ENVIRONMENT === 'staging' || process.env.ENVIRONMENT === 'production') {
const loggingBunyan = new LoggingBunyan();
streams.push(loggingBunyan.stream('info'));
}
export const logger = createLogger({
name: 'backend-logger',
streams,
});
用法设置如下:
const logRequests = async (ctx: ParameterizedContext, next: () => Promise<any>) => {
const auth = await authMiddleware(ctx.request);
ctx.state.auth = auth;
const start = Date.now();
await next();
const duration = Date.now() - start;
if (ctx.method === 'POST' && ctx.path === process.env.CLIENT_SERVER_ENDPOINT) {
const { query } = ctx.request.body;
const logData = {
query,
OrganizationId: auth.user?.OrganizationId,
UserId: auth.user?.id,
UserName: auth.user?.name,
duration,
};
if (duration > 200) {
StackLogger.warn(logData);
} else {
StackLogger.info(logData);
}
}
};
记录器只在暂存时设置,问题是,我只得到 nginx-access 日志(以前,我不会得到那个)但不是我传递给记录的内容
当我 运行 使用 PM2 时,我在应该记录
时看到错误
1|api | {"name":"backend-logger","hostname":"backend","pid":6405,"level":30,"msg":"{ logData:\n { query:\n 'mutation LoginMutation(\n $email: String!\n $password: String!\n) {\n login(Email: $email, Password: $password) {\n Token\n }\n}\n',\n OrganizationId: undefined,\n UserId: undefined,\n UserName: undefined,\n duration: 38 } }","time":"2020-01-09T19:17:45.428Z","v":0}
1|api | --> POST /graphql 200 48ms 1.71kb
1|api | You have triggered an unhandledRejection, you may have forgotten to catch a Promise rejection:
1|api | Error: 7 PERMISSION_DENIED: The caller does not have permission
1|api | at Object.callErrorFromStatus (/home/api/sl_api/node_modules/@grpc/grpc-js/src/call.ts:79:24)
1|api | at Http2CallStream.call.on (/home/api/sl_api/node_modules/@grpc/grpc-js/src/client.ts:155:18)
1|api | at Http2CallStream.emit (events.js:203:15)
1|api | at Http2CallStream.EventEmitter.emit (domain.js:448:20)
1|api | at process.nextTick (/home/api/sl_api/node_modules/@grpc/grpc-js/src/call-stream.ts:183:14)
1|api | at process._tickCallback (internal/process/next_tick.js:61:11)
它位于 gcloud VM 实例中,所以我想我有权登录到 stackdriver
所以我设置了一个服务帐户,即使这样日志也没有出现在 stackdriver 中,并且在 stackdrive 中出现相同的错误消息。
有人对如何使这项工作有任何想法吗?谢谢
看到错误 Error: 7 PERMISSION_DENIED: The caller does not have permission,看来您没有使用所需的服务帐户来调用 api。根据 the github page ,先决条件是
- Select 或创建云平台项目。
- Select 或创建云平台项目。
- 启用 Stackdriver 日志记录API。
- Set up authentication with a service account 这样您就可以从本地工作站访问 API。
您还提到您已启用服务帐户,我假设您已根据 access control guide.
提供了正确的访问权限
因此,我想查看 Explict Auth Setup 以确保您为正确的项目和正确的服务帐户调用 API。
注意:我 post 将此作为答案,因为我目前的声誉不支持我对您的 post 发表评论。如果我遗漏了什么或没有任何意义,请随时告诉我。我将相应地对此进行编辑。
我正在尝试在带有 bunyan 记录器的 nodejs 应用程序中使用 stackdriver 记录器,我正在使用它来记录 graphql 请求,但我一直遇到配置问题,我已经按照@google-cloud/logging-bunyan 文档。
记录器的设置如下:
import { createLogger } from 'bunyan';
import { LoggingBunyan } from '@google-cloud/logging-bunyan';
const streams = [{ stream: process.stdout, level: 'info' as 'info' }];
if (process.env.ENVIRONMENT === 'staging' || process.env.ENVIRONMENT === 'production') {
const loggingBunyan = new LoggingBunyan();
streams.push(loggingBunyan.stream('info'));
}
export const logger = createLogger({
name: 'backend-logger',
streams,
});
用法设置如下:
const logRequests = async (ctx: ParameterizedContext, next: () => Promise<any>) => {
const auth = await authMiddleware(ctx.request);
ctx.state.auth = auth;
const start = Date.now();
await next();
const duration = Date.now() - start;
if (ctx.method === 'POST' && ctx.path === process.env.CLIENT_SERVER_ENDPOINT) {
const { query } = ctx.request.body;
const logData = {
query,
OrganizationId: auth.user?.OrganizationId,
UserId: auth.user?.id,
UserName: auth.user?.name,
duration,
};
if (duration > 200) {
StackLogger.warn(logData);
} else {
StackLogger.info(logData);
}
}
};
记录器只在暂存时设置,问题是,我只得到 nginx-access 日志(以前,我不会得到那个)但不是我传递给记录的内容 当我 运行 使用 PM2 时,我在应该记录
时看到错误1|api | {"name":"backend-logger","hostname":"backend","pid":6405,"level":30,"msg":"{ logData:\n { query:\n 'mutation LoginMutation(\n $email: String!\n $password: String!\n) {\n login(Email: $email, Password: $password) {\n Token\n }\n}\n',\n OrganizationId: undefined,\n UserId: undefined,\n UserName: undefined,\n duration: 38 } }","time":"2020-01-09T19:17:45.428Z","v":0}
1|api | --> POST /graphql 200 48ms 1.71kb
1|api | You have triggered an unhandledRejection, you may have forgotten to catch a Promise rejection:
1|api | Error: 7 PERMISSION_DENIED: The caller does not have permission
1|api | at Object.callErrorFromStatus (/home/api/sl_api/node_modules/@grpc/grpc-js/src/call.ts:79:24)
1|api | at Http2CallStream.call.on (/home/api/sl_api/node_modules/@grpc/grpc-js/src/client.ts:155:18)
1|api | at Http2CallStream.emit (events.js:203:15)
1|api | at Http2CallStream.EventEmitter.emit (domain.js:448:20)
1|api | at process.nextTick (/home/api/sl_api/node_modules/@grpc/grpc-js/src/call-stream.ts:183:14)
1|api | at process._tickCallback (internal/process/next_tick.js:61:11)
它位于 gcloud VM 实例中,所以我想我有权登录到 stackdriver 所以我设置了一个服务帐户,即使这样日志也没有出现在 stackdriver 中,并且在 stackdrive 中出现相同的错误消息。
有人对如何使这项工作有任何想法吗?谢谢
看到错误 Error: 7 PERMISSION_DENIED: The caller does not have permission,看来您没有使用所需的服务帐户来调用 api。根据 the github page ,先决条件是
- Select 或创建云平台项目。
- Select 或创建云平台项目。
- 启用 Stackdriver 日志记录API。
- Set up authentication with a service account 这样您就可以从本地工作站访问 API。
您还提到您已启用服务帐户,我假设您已根据 access control guide.
提供了正确的访问权限因此,我想查看 Explict Auth Setup 以确保您为正确的项目和正确的服务帐户调用 API。
注意:我 post 将此作为答案,因为我目前的声誉不支持我对您的 post 发表评论。如果我遗漏了什么或没有任何意义,请随时告诉我。我将相应地对此进行编辑。