Skip to content
This repository has been archived by the owner on Dec 11, 2022. It is now read-only.

Authentication by GCE Service Account not working #198

Closed
adv4000 opened this issue Feb 7, 2020 · 4 comments
Closed

Authentication by GCE Service Account not working #198

adv4000 opened this issue Feb 7, 2020 · 4 comments

Comments

@adv4000
Copy link
Contributor

adv4000 commented Feb 7, 2020
edited
Loading

Bug Report

Authentication by GCE Service Account not working

Expected Behavior

Able to authenticate Grafana to BigQuery using Attached GCE Service Account

Actual Behavior

After selection Authentication Type: GCE Default Service Account
And click on Test getting the following error:

BigQuery: Invalid project ID ''. 
Project IDs must contain 6-63 lowercase letters, digits, or dashes.
Some project IDs also include domain name separated by a colon.
IDs must start with a letter and may not end with a dash.

image

Confirmed that Project ID is Correct.
My Service Account which I have created has Project Owner permissions, and able to access BigQuery.

If I will generate JSON key for this ServiceAccount and will upload it, authentication type Google JWT File test passing and all working fine.
image

Steps to Reproduce the Problem

  1. Create ServiceAccount with Owner permissions
  2. Launch Google Cloud Instance with this ServiceAccount Attached and scope set to "cloud-platform"
  3. Install Grafana and BigQuery Plugin
  4. Try add DataSource BigQuery and select Authentication Type: GCE Default Service Account
  5. Enter ProjectID /or leave empty
  6. Click Save and Test.

Specifications

  • Version: 1.0.5
  • Platform: Linux Ubuntu 18
  • Grafana Version: Open Source v6.6.1
@avivl
Copy link
Contributor

avivl commented Feb 9, 2020

@adv4000 You don't need to create a default service account.
It is used when you install Grafana on a Google VM and the service account will be used from the VM

@adv4000
Copy link
Contributor Author

adv4000 commented Feb 9, 2020
edited
Loading

@avivl I'am using Terraform to provision Google Compute VM and have to create my ServiceAccount for it.
My ServiceAccount has enough permission to access BigQuery but Plugin not using attached ServiceAccount, like ignoring it.

@avivl
Copy link
Contributor

avivl commented Feb 10, 2020

The default service account for compute is in the format of PROJECT_NUMBER-compute@developer.gserviceaccount.com It is not something that you create by yourself
https://cloud.google.com/iam/docs/service-accounts

@adv4000
Copy link
Contributor Author

adv4000 commented Feb 10, 2020

@avivl In your documentation you have this:

  1. First of all, you need to create a Service Account that can be used by the GCE virtual machine. See detailed instructions on how to do that here.
  2. Make sure the GCE virtual machine instance is being run as the service account that you just created. See instructions here.
  3. Allow access to the BigQuery API scope. See instructions here.

Maybe just replace this with Only Default Service Account will work.

@avivl avivl closed this as completed Feb 11, 2020
@daquinoaldo daquinoaldo mentioned this issue Apr 23, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@avivl @adv4000