Solved: Extension callout policy

sharath1 · 03-27-2023 09:00 PM

Hi Team,

We want to log the request and responses into GCP Logging in apigee edge cloud using extension callout policy. Since we have followed all the pre-requisites suggested in the doc[1] but unable to log the data into GCP where in the execution of callout policy i.e., result variable will come out as true but no data will be found in GCP. While checking for issue found below logs in Edge UI under extension tab can someone help in resolving this. I already gave log writer and log admin permission to my Id not sure why it is permission error still.

[1]--https://docs.apigee.com/api-platform/reference/extensions/google-cloud-logging/google-cloud-logging-...

stderr 2023-03-27 13:02:49.930 errorInfoMetadata: { permission: 'logging.logEntries.create' } }
stderr 2023-03-27 13:02:49.930 domain: 'iam.googleapis.com',
stderr 2023-03-27 13:02:49.930 reason: 'IAM_PERMISSION_DENIED',
stderr 2023-03-27 13:02:49.930 domain: 'iam.googleapis.com' } ],
stderr 2023-03-27 13:02:49.930 reason: 'IAM_PERMISSION_DENIED',

Thanks in advance.

sharath1

Yeah initially I tried giving permission(logs.writer) to my individual id and later gave it to the SA that is created for logging purpose which solved the issue.

View solution in original post

apickelsimer

When you deploy the Cloud Logging Extension, make sure you have correctly input the GCP Project ID and Credential. This service account is the one that needs the appropriate IAM permissions for Cloud Logging. Can you confirm?

sharath1

Yeah initially I tried giving permission(logs.writer) to my individual id and later gave it to the SA that is created for logging purpose which solved the issue.