https://github.com/osquery/osquery logo
#kolide
Title
# kolide
p

PJ Meyer

08/11/2020, 1:08 PM
hey all, for the google pub/sub logging plugin, how does it use the service account credentials? is it just an env variable
GOOGLE_APPLICATION_CREDENTIALS
with a path to a service account key json?
s

sundsta

08/11/2020, 2:15 PM
Yes
p

PJ Meyer

08/11/2020, 2:27 PM
hmph, is there a way to get more verbose logs? no matter what i'm getting "insufficient scopes" even if it's not pointing to a creds file at all, and on the other side of the spectrum i've oversupplied the service account with GCP permissions to this project hosting the pub/sub
My Pub/Sub envs are as follows, running in Kubernetes.
Copy code
KOLIDE_OSQUERY_STATUS_LOG_PLUGIN: pubsub
KOLIDE_OSQUERY_RESULT_LOG_PLUGIN: pubsub
GOOGLE_APPLICATION_CREDENTIALS: /secrets/pubsub/pubsub.json
KOLIDE_PUBSUB_STATUS_TOPIC: osq-status-REDACTED
KOLIDE_PUBSUB_RESULT_TOPIC: osq-result-REDACTED
KOLIDE_PUBSUB_PROJECT: some-gcp-project
p

PJ Meyer

08/11/2020, 5:05 PM
yeah that's pretty much aligned on my side, hmm, i'll see if the debug logging helps...thanks!!
3 Views