search

googleapis / nodejs-logging

Node.js client for Stackdriver Logging: Store, search, analyze, monitor, and alert on log data and events from Google Cloud Platform and Amazon Web Services (AWS).
https://cloud.google.com/logging/
Apache License 2.0
170 stars 62 forks source link

Logs not appearing in Google Cloud's Logs Explorer for Cloud Run Job #1461

Closed navarrodiego closed 9 months ago

navarrodiego commented 10 months ago

I'm running a NodeJS app that utilizes the @google-cloud/logging library (version 11.0.0). I package this app into a Docker image stored in the Artifact Registry. Subsequently, I use Terraform to create a cloud_run_v2_job resource that references this image.

Within my app, I initialize the logging client like this:

const logging = new Logging();
const log = logging.log('myLog');

Then, I write logs like this:

const message = "My message"
const entry = log.entry({ severity: 'INFO' }, { message });
log.write(entry);

Surprisingly, these logs are not visible in the Logs Explorer. In contrast, if I employ a console.log statement, it appears as expected. To troubleshoot, I wrapped the logging code in a try-catch block:

try {
  const message = "My message"
  const entry = log.entry({ severity: 'INFO' }, { message });
  log.write(entry);
} catch (err) {
  console.log(err)
}

No errors are logged, which suggests that the logging code is executed without issues.

Given these observations, I'm leaning towards a permissions issue. In my Terraform configuration, I attempted to add the appropriate permissions:

data "google_project" "current" {}

resource "google_project_iam_member" "cloudrun_logging_permission" {
  project = data.google_project.current.project_id
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${data.google_project.current.number}-compute@developer.gserviceaccount.com"
}

However, this didn't resolve the issue. I'm not very experienced with IAM and permissions in Google Cloud. Could someone point out if I'm missing something?

cindy-peng commented 10 months ago

Hi @navarrodiego , Thanks for reporting the issue. While looking at this, could you help me understand these questions in your environment?

  1. I noticed that no project_id was configured for logging client when you initialize the client. Is the project_id specified anywhere else? 

    const logging = new Logging();
const log = logging.log('myLog');

    If not, you can refer to this sample code here to configure project_id: https://github.com/googleapis/nodejs-logging#using-the-client-library

  2. Could you check under the IAM page and see if your service account was successfully granted logWriter role? https://pantheon.corp.google.com/iam-admin/iam

  3. In your logs explorer(should be under path projects/your_projectId/logs/myLog), is there any errors like below indicating permission issue?

    PERMISSION_DENIED: Permission 'logging.logEntries.create' denied on resource

    I am suspecting either logging client was not initialized properly or permission was not configured properly on the service account.

cindy-peng commented 9 months ago

Closing issue as this is is suspected to be related to incorrect configuration. @navarrodiego, if you are still running into this issue, feel free to re-open it. Thanks!