Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

What is the best practice for performing healthcheck between my service and a bucket?

See original GitHub issue

I have service with IAM role of Storage Object Admin. I tried to perform health check by requesting the bucket metadata like this:

const storage = new Storage({projectId});

storage.bucket('myBucket').getMetadata();

As a result i got this error: does not have storage.buckets.get access to the Google Cloud Storage bucket. The service doesn’t need higher privileges. So what is the best practice for health check?

Issue Analytics

State:
Created a year ago
Comments:7 (5 by maintainers)

Top GitHub Comments

1reaction

chenelecommented, Jun 30, 2022

thanks @ddelgrosso1 and @shaffeeullah , indeed “Storage Object Admin” should provides full access to bukcets objects but not to the bucket itself. the mentioned service also granted with “Storage Admin” on the specific bucket but still got the same error of “dont have permissions to storage.buckets.get”. i assume the specific operation of ‘storage.buckets.get’ can only be done when you are “Storage Admin” on the entire project, hence can see all buckets.

the main question is, why it doesnt make sense to provide service with ‘Storage Admin’ on ‘mybucket’ and to be able to do something basic like storage.bucket('mybucket').get() or `storage.bucket(‘mybucket’).exists() ’ ? both of them are just failing on the ‘perm denied for storage.buckets.get’. (and only when setting storage admin on the entire project for this service it works).

i can create custom role that will use only grant this specific get permissions on project level, its just seems a bit odd.

as for the healthcheck itself, the question is what is the best practice to check healthiness in microservice (resides on k8s but not bounded to that) in regards to bucket? usually on DB you would check you can connect to it, on bucket i assumed that you should check if bucket exist,or i can grab some information from it. (also possible to actually try to read a dummy file, and for rw to check you can write dummy file but for liveness/readiness its sounds too-much)

10x

0reactions

ddelgrosso1commented, Jul 21, 2022

To date I have been unable to recreate this while locally testing. Additionally, this seems unrelated to anything the library is doing and more related to configuration. I am going to close this as a result. If additional information or debugging steps become available please feel free to reopen.

Top Results From Across the Web

Implementing health checks - AWS - Amazon.com

The ideal health check will test every aspect of server and application health, perhaps even verifying that non-critical supporting processes are running.

Health checks overview | Load Balancing - Google Cloud

Google Cloud offers configurable health checks for Google Cloud load balancer backends, Traffic Director backends, and application-based autohealing for ...

Implement deep health checks - AWS Well-Architected Labs

As discussed previously for distributed systems, a best practice is to make services stateless where possible. This prevents loss of data or availability...

How should I answer a health check? - Polar Squad

Service discovery. A service that maintains a knowledge of available services. · Load balancers · Container and VM orchestration · Liveness check.

How do I create an Amazon Route 53 Health Check? - YouTube

Your browser can't play this video. ... Amazon Web Services ... Support Engineer, shows you how to create an Amazon Route 53 Health...