google cloud platform - What's the proper IAM role for a service account to write custom metrics to Stackdriver in GCP -


i've created service account , furnished private key in json format (/adc.json). can loaded google-cloud python client via client.from_service_account_json function fine. when tried call monitoring api write custom metric, it's getting 403 error below. 

in [1]: google.cloud import monitoring  in [2]: c = monitoring.client.from_service_account_json('/adc.json')  in [6]: resource = client.resource('gce_instance', labels={'instance_id': '1234567890123456789', 'zone': 'us-central1-f'})  in [7]: metric = client.metric(type_='custom.googleapis.com/my_metric', labels={'status': 'successful'})  in [9]: datetime import datetime  in [10]: end_time = datetime.utcnow()  in [11]: client.write_point(metric=metric, resource=resource, value=3.14, end_time=end_time) --------------------------------------------------------------------------- forbidden                                 traceback (most recent call last) <ipython-input-11-b030f6399aa2> in <module>() ----> 1 client.write_point(metric=metric, resource=resource, value=3.14, end_time=end_time)  /usr/local/lib/python3.5/site-packages/google/cloud/monitoring/client.py in write_point(self, metric, resource, value, end_time, start_time)     599         timeseries = self.time_series(     600             metric, resource, value, end_time, start_time) --> 601         self.write_time_series([timeseries])  /usr/local/lib/python3.5/site-packages/google/cloud/monitoring/client.py in write_time_series(self, timeseries_list)     544                            timeseries in timeseries_list]     545         self._connection.api_request(method='post', path=path, --> 546                                      data={'timeseries': timeseries_dict})     547      548     def write_point(self, metric, resource, value,  /usr/local/lib/python3.5/site-packages/google/cloud/_http.py in api_request(self, method, path, query_params, data, content_type, headers, api_base_url, api_version, expect_json, _target_object)     301         if not 200 <= response.status < 300:     302             raise make_exception(response, content, --> 303                                  error_info=method + ' ' + url)     304      305         string_or_bytes = (six.binary_type, six.text_type)  forbidden: 403 user not authorized access project monitoring records. (post https://monitoring.googleapis.com/v3/projects/my-project/timeseries/)

in gcp's access control panel, didn't see specific predefined role scope stackdriver monitoring api. see screenshot below: enter image description here

i've tried project viewer, service account actor predefined roles, neither worked. hesitatant assigned project editor role service account because feels it's broad of scope stackdriver dedicated service account credential. should correct role assign service account? thanks.

you right it's broad, , working on finer-grained roles, but, of today, "project editor" correct role.

if running on gce vm , omit private key, stackdriver monitoring agent default attempt use vm's default service account. work long vm has https://www.googleapis.com/auth/monitoring.write scope (this should turned on default gce vms these days). see this page detailed description of credentials agent needs.


Comments

Post a Comment

Popular posts from this blog

Command prompt result in label. Python 2.7 -

i want put result(output) of shell command label. command works, label shows "0", however, in command prompt, result shown correctly, need showed in label. doing ubuntu. myg1 = button(root, text="rodyti informacija", command=lambda: gauti()) myg1.pack(side=bottom) def gauti(): imti = tekstas.get("1.0", "end-1c") info = subprocess.call("id '{imti}' ".format(imti=imti), shell=true) w = label(root, text= info) w.pack(side = bottom) subprocess.call() returns exit code of process created (in case 0 success). if want text output of process, should instead call subprocess.check_output() .
Read more

javascript - How do I use URL parameters to change link href on page? -

i change href value of link using url parameters. example: default <a id="dlink" href="link-1">link</a> but, when user goes https://url.com/?dlink=link-2 it swaps out link new link <a id="dlink" href="link-2">link</a> first need value url. if you're not using javascript framework can create function using jquery. please check get url parameter jquery or how query string values in js it. after that, element "a" id , set value there. $("#dlink").attr("href", hreffromparam);
Read more

amazon web services - AWS Route53 Trying To Get Site To Resolve To www -

so have domain nameservers pointed aws route 53. site hosted on ec2 instance , reachable resolves site.com, if input www.site.com. i'm curious how site resolve www.site.com. have under route53 domains hosted zone 2 additional record sets outside of ns , soa: a site.com ec2 elastic ip cname www.site.com ec2 public dns i can reach site using both site.com , www.site.com, resolve site.com. there way make if enter either, resolves www.site.com? at first, both should record set. a site.com ec2 elastic ip www.site.com ec2 elastic ip and need redirect setting in web server (nginx, apache, ..) following. (source: how redirect www non-www nginx on centos 7 ) redirect non-www www if want redirect users plain, non-www domain www domain, add server block: server { server_name example.com; return 301 $scheme://www.example.com$request_uri; } save , exit. configures nginx redirect requests "example.com" "www.example.com". not
Read more