Reputation: 1
Permission monitoring.timeSeries.list denied (or the resource may not exist)
I am working with google cloud project (Nodejs server). I need to collect the metrics "monitoring.timeSeries.list" from google cloud using "googleapis".
When i try to request API with my service account Authen Default Credential its return
status: 403,
code: 403,
errors: [
{
message: 'Permission monitoring.timeSeries.list denied (or the resource may not exist).',
domain: 'global',
reason: 'forbidden'
}
],
I have already provided "Owner" Role for that service account and downloaded it's .json file . But When i run API with "gapi" on my browser with my "Owner" user account, it works well.
Code with service account on server with "googleapis":
const authenticate = async () => {
const auth = new google.auth.GoogleAuth({
keyFile: process.env.GOOGLE_APPLICATION_CREDENTIALS,
scopes: [
"https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/monitoring https://www.googleapis.com/auth/monitoring.read",
],
});
const authClient = await auth.getClient();
google.options({ auth: authClient });
return authClient;
};
const queryMetrics = async () => {
try {
const authClient = await authenticate();
const monitoring = google.monitoring({
version: "v3",
auth: authClient,
});
const projectId = instanceData.projectID;
const request = {
name: `projects/${projectId}`,
filter: `metric.type="compute.googleapis.com/instance/cpu/utilization"`,
"interval.startTime": "2024-05-08T03:14:51Z",
"interval.endTime": "2024-05-08T03:15:51Z",
};
const response = await monitoring.projects.timeSeries.list(request);
console.log("Metrics data:", response.data);
} catch (error) {
console.error("Error querying metrics:", error);
}
};
Code with user account on client with "gapi":
const authenticate = () => {
return gapi.auth2.getAuthInstance().signIn({
scope:
"https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/monitoring https://www.googleapis.com/auth/monitoring.read",
});
};
Does this API cannot perform by service account or I did something wrong?. Thank you for reading!
Upvotes: 0
Views: 682
Answers (1)
Reputation: 9
you need to give the monitoring role access to the corresponding IAM user.
Monitoring Viewer role, this role is for only read purposes.
Upvotes: 0
Related Questions
- projects.locations.jobs.create in CloudScheduler fails with InvalidArgument and PermissionDenied
- How to use googleapis google.auth.GoogleAuth() for google API service account in Twilio serverless function?
- Using Google Sheets API on Google Cloud Functions, getClient() not working, function timesout
- With the npm package googleapis how do I get the user's email address after authenticating them?
- How to turn on email forwarding with Google Script