I’m trying to have my Flutter app log to a specific google cloud project’s log bucket instead of the developer console. I’m running into a Permission 'logging.logEntries.create' denied on resource (or it may not exist). when I run the code. How can I fix this? The dart code for posting the log is below.
final logEntry = {
"jsonPayload": {
"message": {
"test": "entry",
"test 2": "entry 2",
},
},
"logName": logName,
"resource": {
"type": "global",
"labels": {
"project_id": projectId,
},
}
};
final url = "https://logging.googleapis.com/v2/entries:write";
http.Response response = await http.post(
Uri.parse(url),
headers: {
HttpHeaders.contentTypeHeader: 'application/json',
"X-goog-api-key": apiKey,
},
body: json.encode(
{
"entries": [logEntry],
},
),
);
The API key I created has no API restrictions, but I did also try restricting it to only use the logging API, but it still has the same error.
2
Answers
You need to give the
logging.logEntries.createpermission to the Service Account used by yourFlutterapp.From the
IAMpage inGoogle Cloudconsole, you will be able to give a role containing the above permission to your Service Account.If you used a custom role, you can also add directly the
logging.logEntries.createpermission to this custom role.As mentioned in the document:
So, you need to give the
logging.logEntries.createpermission to the Service Account used by your Flutter app.You can also refer the detailed article on Access control guide.