search

m-lab / stats-pipeline

Contains code that processes M-Lab data and provides it in various formats for other use.
Apache License 2.0
14 stars 6 forks source link

Standardize service account roles for stats-pipeline node pool #86

Open stephen-soltesz opened 2 years ago

stephen-soltesz commented 2 years ago

The stats-pipeline nodepool is created with service account authorization. The roles/permissions assigned in our standard projects are very different.

mlab-sandbox

mlab-staging

mlab-oti

These should be the same.

I discovered this by trying to run the staging annotation export query and received permission denied error for base_tables.tcpinfo

{"CompletedSteps":["exports"],"Errors":["Error while exporting tcpinfo: googleapi: Error 403: Access Denied: Table mlab-staging:base_tables.tcpinfo: User does not have permission to query table mlab-staging:base_tables.tcpinfo., accessDenied"]}
stephen-soltesz commented 2 years ago

Autoscaling was not enabled in production data-processing cluster for the stats-pipeline nodepool.