CODEWITHSUNDEEP
node.jsgoogle-cloud-platformbearer-tokengoogle-cloud-logging
Mugen
Mugen

Reputation: 9095

Using nodejs google cloud logging library with user access token

I'm trying to use the user token (gcloud auth print-access-token) to leverage getting logs using @google-cloud/logging.

Basic code snippet:

import { GetEntriesResponse, Logging } from "@google-cloud/logging";

export async function readLogsAsync() {

  const logging = new Logging();

  const [entries, _, response]: GetEntriesResponse = await logging.getEntries({
    filter: 'resource.type="k8s_container"',
    resourceNames: 'projects/acme',
    autoPaginate: false,
    pageSize: 100
  });
  console.log(entries.length, response.nextPageToken)
}

Similar call in http works with the user token, so I'm assuming there must be some way to communicate it with the node.js api, but I couldn't find an example or documentation.

curl --location --request POST 'https://logging.googleapis.com/v2/entries:list?alt=json' \
--header "Authorization: Bearer $(gcloud auth print-access-token)" \
--header 'Content-Type: application/json' \
--data-raw '{
    "filter": "resource.type=\"k8s_container\"",
    "orderBy": "timestamp desc",
    "pageSize": 100,
    "resourceNames": [
        "projects/amce"
    ]
}'

Upvotes: 0

Views: 1218

Answers (1)

DazWilkin
DazWilkin

Reputation: 40296

You're not authenticating the code.

Google's libraries support a mechanism called Application Default Credentials (ADC).

ADC makes it easy to authenticate code deployed to Google Cloud Platform and when running locally. To run locally, you will need to export GOOGLE_APPLICATION_CREDENTIALS with the path to a Service Account key.

As @guillaume-blaquiere comments, you can effect this behavior using gcloud auth application-default but it is better to use a Service Account.

Upvotes: 1

Related Questions