![](/img/trans.png)
[英]“PERMISSION_DENIED: Missing or insufficient permissions” when firestore function called using google cloud task
[英]Getting PERMISSION_DENIED error even inside gcp's vm instance when using stackdriver logging with bunyan
我正在嘗試在帶有 bunyan logger 的 nodejs 應用程序中使用 stackdriver logger,我正在使用它來記錄 graphql 請求,並且我在配置方面遇到了問題,我遵循了 @google-cloud/logging-bunyan 文檔。
記錄器設置如下:
import { createLogger } from 'bunyan';
import { LoggingBunyan } from '@google-cloud/logging-bunyan';
const streams = [{ stream: process.stdout, level: 'info' as 'info' }];
if (process.env.ENVIRONMENT === 'staging' || process.env.ENVIRONMENT === 'production') {
const loggingBunyan = new LoggingBunyan();
streams.push(loggingBunyan.stream('info'));
}
export const logger = createLogger({
name: 'backend-logger',
streams,
});
用法設置如下:
const logRequests = async (ctx: ParameterizedContext, next: () => Promise<any>) => {
const auth = await authMiddleware(ctx.request);
ctx.state.auth = auth;
const start = Date.now();
await next();
const duration = Date.now() - start;
if (ctx.method === 'POST' && ctx.path === process.env.CLIENT_SERVER_ENDPOINT) {
const { query } = ctx.request.body;
const logData = {
query,
OrganizationId: auth.user?.OrganizationId,
UserId: auth.user?.id,
UserName: auth.user?.name,
duration,
};
if (duration > 200) {
StackLogger.warn(logData);
} else {
StackLogger.info(logData);
}
}
};
記錄器僅在登台時設置,問題是,我只得到 nginx 訪問日志(以前,我不會得到),但不是我傳遞給記錄的日志當我使用 PM2 運行時,我看到錯誤應該登錄
1|api | {"name":"backend-logger","hostname":"backend","pid":6405,"level":30,"msg":"{ logData:\n { query:\n 'mutation LoginMutation(\\n $email: String!\\n $password: String!\\n) {\\n login(Email: $email, Password: $password) {\\n Token\\n }\\n}\\n',\n OrganizationId: undefined,\n UserId: undefined,\n UserName: undefined,\n duration: 38 } }","time":"2020-01-09T19:17:45.428Z","v":0}
1|api | --> POST /graphql 200 48ms 1.71kb
1|api | You have triggered an unhandledRejection, you may have forgotten to catch a Promise rejection:
1|api | Error: 7 PERMISSION_DENIED: The caller does not have permission
1|api | at Object.callErrorFromStatus (/home/api/sl_api/node_modules/@grpc/grpc-js/src/call.ts:79:24)
1|api | at Http2CallStream.call.on (/home/api/sl_api/node_modules/@grpc/grpc-js/src/client.ts:155:18)
1|api | at Http2CallStream.emit (events.js:203:15)
1|api | at Http2CallStream.EventEmitter.emit (domain.js:448:20)
1|api | at process.nextTick (/home/api/sl_api/node_modules/@grpc/grpc-js/src/call-stream.ts:183:14)
1|api | at process._tickCallback (internal/process/next_tick.js:61:11)
它在 gcloud VM 實例中,所以我想我有權限登錄到 stackdriver 所以我設置了一個服務帳戶,即使這樣,日志也不會出現在 stackdriver 中,並且在 stackdrive 中出現相同的錯誤消息。
任何人對如何使這項工作有任何想法? 謝謝
看到錯誤Error: 7 PERMISSION_DENIED: The caller does not have permission
,看來您沒有使用所需的服務帳戶來調用 api。 根據github頁面,先決條件是
您還提到您已啟用服務帳戶,我假設您已根據訪問控制指南提供了正確的訪問權限。
因此,我想查看顯式身份驗證設置,以確保您為正確的項目和正確的服務帳戶調用 API。
注意:我將此作為答案發布,因為我目前的聲譽不支持我對您的帖子發表評論。 如果我錯過了什么或者沒有任何意義,請隨時告訴我。 我將相應地編輯它。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.