Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
p
PJ Meyer
08/11/2020, 1:08 PMhey all, for the google pub/sub logging plugin, how does it use the service account credentials? is it just an env variable
GOOGLE_APPLICATION_CREDENTIALSs
sundsta
08/11/2020, 2:15 PMYes
p
PJ Meyer
08/11/2020, 2:27 PMhmph, is there a way to get more verbose logs? no matter what i'm getting "insufficient scopes" even if it's not pointing to a creds file at all, and on the other side of the spectrum i've oversupplied the service account with GCP permissions to this project hosting the pub/sub
s
sundsta
08/11/2020, 3:52 PMYou can turn on debug logging. https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md#logging_debug
My Pub/Sub envs are as follows, running in Kubernetes.
KOLIDE_OSQUERY_STATUS_LOG_PLUGIN: pubsub
KOLIDE_OSQUERY_RESULT_LOG_PLUGIN: pubsub
GOOGLE_APPLICATION_CREDENTIALS: /secrets/pubsub/pubsub.json
KOLIDE_PUBSUB_STATUS_TOPIC: osq-status-REDACTED
KOLIDE_PUBSUB_RESULT_TOPIC: osq-result-REDACTED
KOLIDE_PUBSUB_PROJECT: some-gcp-projectp
PJ Meyer
08/11/2020, 5:05 PMyeah that's pretty much aligned on my side, hmm, i'll see if the debug logging helps...thanks!!