"Permission 'logging.logEntries.create' denied on resource (or it may not exist)." error when trying to log to GCP using Flutter

huangapple go评论66阅读模式
英文:

"Permission 'logging.logEntries.create' denied on resource (or it may not exist)." error when trying to log to GCP using Flutter

问题

我正在尝试让我的Flutter应用记录到特定的Google Cloud项目的日志存储桶,而不是开发者控制台。当我运行代码时,我遇到了Permission 'logging.logEntries.create' denied on resource (or it may not exist).的问题。我该如何解决这个问题?以下是用于发布日志的Dart代码。

final logEntry = {
    "jsonPayload": {
      "message": {
        "test": "entry",
        "test 2": "entry 2",
      },
    },
    "logName": logName,
    "resource": {
      "type": "global",
      "labels": {
        "project_id": projectId,
      },
    }
  };

  final url = "https://logging.googleapis.com/v2/entries:write";

  http.Response response = await http.post(
    Uri.parse(url),
    headers: {
      HttpHeaders.contentTypeHeader: 'application/json',
      "X-goog-api-key": apiKey,
    },
    body: json.encode(
      {
        "entries": [logEntry],
      },
    ),
  );

我创建的API密钥没有API限制,但我也尝试将其限制为仅使用日志记录API,但仍然出现相同的错误。

英文:

I'm trying to have my Flutter app log to a specific google cloud project's log bucket instead of the developer console. I'm running into a Permission 'logging.logEntries.create' denied on resource (or it may not exist). when I run the code. How can I fix this? The dart code for posting the log is below.

final logEntry = {
    "jsonPayload": {
      "message": {
        "test": "entry",
        "test 2": "entry 2",
      },
    },
    "logName": logName,
    "resource": {
      "type": "global",
      "labels": {
        "project_id": projectId,
      },
    }
  };

  final url = "https://logging.googleapis.com/v2/entries:write";

  http.Response response = await http.post(
    Uri.parse(url),
    headers: {
      HttpHeaders.contentTypeHeader: 'application/json',
      "X-goog-api-key": apiKey,
    },
    body: json.encode(
      {
        "entries": [logEntry],
      },
    ),
  );

The API key I created has no API restrictions, but I did also try restricting it to only use the logging API, but it still has the same error.

答案1

得分: 3

你需要将 logging.logEntries.create 权限授予你的 Flutter 应用所使用的服务帐号。

Google Cloud 控制台的 IAM 页面,您可以将包含上述权限的角色授予您的服务帐号。

日志编写者 角色包含所需的权限。

或者,如果您使用了自定义角色,您还可以直接将 logging.logEntries.create 权限添加到此自定义角色中。

英文:

You need to give the logging.logEntries.create permission to the Service Account used by your Flutter app.

From the IAM page in Google Cloud console, you will be able to give a role containing the above permission to your Service Account.

The logs writer role contains the required permissions.

Alternatively, if you used a custom role, you can also add directly the logging.logEntries.create permission to this custom role.

答案2

得分: 2

如在文档中所提到:

> 每个项目、组织、计费帐户或接收新日志条目的文件夹都需要具备logging.logEntries.create权限,无论资源是否在logName或个别日志条目中指定。

因此,您需要为您的Flutter应用程序使用的服务帐户授予logging.logEntries.create权限。

您还可以参考访问控制指南中的详细文章。

英文:

As mentioned in the document:

> The permission logging.logEntries.create is needed on each project,
> organization, billing account, or folder that is receiving new log
> entries, whether the resource is specified in logName or in an
> individual log entry.

So, you need to give the logging.logEntries.create permission to the Service Account used by your Flutter app.

You can also refer the detailed article on Access control guide.

huangapple
  • 本文由 发表于 2023年2月6日 14:13:02
  • 转载请务必保留本文链接:https://go.coder-hub.com/75357894.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定