GCP Cloud plugin Error

Usage and Config
1

Hi All,

After setting up GCP Cloud Plugin. I see below error in the log. Could any assist me on the error:

2021/07/29 11:22:15 -0700 - [info] The plugin has been required to exit
2021/07/29 11:22:15 -0700 - [info] GCPAssetDiscoveryPlugin ends
2021/07/29 11:22:46 -0700 - [info] GCPAssetDiscoveryPlugin 1.4.19 starts on windows-amd64
2021/07/29 11:22:46 -0700 - [info] Plugin Portal with API version 3
2021/07/29 11:22:46 -0700 - [debug] InitProjectsList: initializing projects list
2021/07/29 11:22:46 -0700 - [debug] InitProjectsList: projects list file found at 'C:\Program Files (x86)\BigFix Enterprise\BES Plugin Portal\Plugins\GCPAssetDiscoveryPlugin\projects.json’
2021/07/29 11:22:46 -0700 - [debug] InitProjectsList: upgrading projects list file due to failed parsing of version: Malformed version: 1.4.19
2021/07/29 11:22:46 -0700 - [debug] InitProjectsList: successfully upgraded projects list file to version 1.4.19
2021/07/29 11:22:46 -0700 - [debug] InitProjectsList: projects list successfully initialized
2021/07/29 11:22:47 -0700 - [debug] Queueing refreshAll; totally queued: 1
2021/07/29 11:22:47 -0700 - [debug] The request for refresh All has been added to the bulk. Totally added: 1; in execution: 0
2021/07/29 11:22:47 -0700 - [debug] Commands will be executed in a bulk in 0 seconds
2021/07/29 11:22:47 -0700 - [debug] Triggering a bulk refresh startup
2021/07/29 11:22:47 -0700 - [debug] Executing a bulk of 1 refreshes
2021/07/29 11:22:47 -0700 - [info] Refresh all: Attempting discovery
2021/07/29 11:22:47 -0700 - [debug] Refresh all: using credential set 'hclswbigfixnowsvc’
2021/07/29 11:22:47 -0700 - [debug] GCP full discovery for ‘hclswbigfixnowsvc’ started
2021/07/29 11:22:47 -0700 - [error] Panic Error: runtime error: index out of range [0] with length 0
2021/07/29 11:22:47 -0700 - [error] Stacktrace from panic:
goroutine 36 [running]:
runtime/debug.Stack(0xc0002055e0, 0x2, 0xc00025cd80)
c:/go/src/runtime/debug/stack.go:24 +0xa4
github02platform/CloudBes/bes/common.(*Command).Execute.func1()
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/common/command.go:80 +0xd6
panic(0x6a33a800, 0xc00001ce40)
c:/go/src/runtime/panic.go:679 +0x1c0
github02/platform/CloudBes/bes/gcp-plugin/discovery.(*GCPDiscovery).getServiceAndProjectIDs(0xc0002280c0, 0xc00001a72a, 0x11, 0xc00022a4b0, 0x0, 0x0, 0xc0001fb068, 0x6993a933, 0x0)
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/gcp-plugin/discovery/gcp_discovery.go:90 +0x906
github02/platform/CloudBes/bes/gcp-plugin/discovery.(*GCPDiscovery).Scan(0xc0002280c0, 0xc00001a72a, 0x11, 0x26, 0xc0001fbaa8, 0x1, 0x1, 0x50)
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/gcp-plugin/discovery/gcp_discovery.go:123 +0x4d4
github02/platform/CloudBes/bes/common.RefreshAll(0x6a4dbb80, 0xc0002280e0, 0xc0001ae070)
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/common/runner.go:139 +0x945
github02com/platform/CloudBes/bes/gcp-plugin/runner.(*GCPRunner).Run(0xc0002280e0, 0xc0001ae070)
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/gcp-plugin/runner/gcp_command_runner.go:28 +0x8b
github02com/platform/CloudBes/bes/common.(*Command).Execute(0xc0001ae070, 0x6a4dbb80, 0xc0002280e0)
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/common/command.go:84 +0x68
github02/platform/CloudBes/bes/plugin.executeBulkOfCommands(0xc0000b6790)
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/plugin/bulk_refresh.go:178 +0x6a9
created by github02/platform/CloudBes/bes/plugin.RunPlugin
C:/Jenkins/workspace/BigFix-Cloud-Plugins/CloudBES/go/src/bes/plugin/plugin.go:264 +0x9e8

2021/07/29 11:22:47 -0700 - [debug] Active refreshes after Refresh all end: 0
2021/07/29 11:22:47 -0700 - [debug] Executed a bulk of 1 refreshes. Found 0 new refreshes in the queue
2021/07/29 11:22:47 -0700 - [debug] Finished executing all the bulks of commands

2

Hi Robert,

please check on the GCP Console if the credentials provided to the gcp plugin has the permissions listed in the section Google Cloud Platform plugin at this doc https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_install_cplugins.html, at least for the project id specified in the .json file used for the gcp plugin install.

3

Hi Gaetano,

Thanks for the reply, Yes! the access is given to entire SAAS environment… Admins states that its not a permission issue.

Thanks.

4

Hi Robert,

please, check if the service account related to the credentials you’re using is active and, if that’s the case, try to add your service account as a Member of at least one of the Projects your service account should manage with at least Viewer permissions.

5

Hi Andrea,

Thanks for the reply, Yes! the service account created is active and have all required privileges/permissions.
But still, I see error in the log.

Do we have to specify or modify the projects.json file with the project details ?

Thanks.

6

Hi Robert,

Since your service account is active and have all the required privileges, then try to add your service account as Member of at least one of the Projects your service account manager with at least Viewer permissions. See the image reference below.

gcp_projects
gcp_projects1486×829 92.1 KB

The problem is due to the fact that the list of projects retrieved by the plugin is empty, which should not be since you should manage at least one project with your service account for the plugin to work.

You can check this list with the gcloud projects list command from the Google Cloud SDK Shell. Be sure the activate account that is executing the command is your service account (use gcloud auth list to ascertain that).

reply continues…

7

I’ve attached a picture of this process below to help. You can see from the auth list command that I’ve currently two account configured and the service account is the active one (signaled by the * to the left). The projects list returned consists of two elements that I’ve obfuscated. My guess is that the projects list for your service account will return 0 elements, which is causing the issue. The issue could be solved by adding your service accont as a member of some projects, as stated above (I did so on my environment after reproducing your problem).

gcp_shell
gcp_shell699×297 6.92 KB

By the way, I strongly suggest to open a support ticket even if the above solution works.

Hope this helps.

Andrea

8

Hi Andrea,

Thanks, the service account is been granted viewer access(But the plugin works now and details are fetched via the GCP port. But the GCP admin states the ID had the viewer access already.

Thanks.