top of page

Topic_permission_denied Error Fix

Updated: Dec 28, 2022



I have been working on Google Cloud pub sub integrations for a few months and I found it going really smooth until an error pops up on my screen.


So this article may not be for the experts but for those who wants to search for an error and get the answer straight(like me). Let's jump to this new no-nonsense series of error fix.


Error details

While creating a sink to push the logs from Google Cloud Logging to a Pub-Sub service, a screen pops up with a message which is self explanatory.



The message continues with more information such as service account and pub-sub topic name. Logs will not be written to this destination until service account has correct permissions.


If you have sufficient permissions and get notifications of all service based errors in your inbox, you're lucky to see more information on this error.


This message includes exact error code which is Topic_permission_denied and yet again more details.


Solution

Grant publish permission to the service account specified in writerIdentity field in the sink information.

I assume that you know you have to be in the appropriate project before proceeding to the next steps :)

  1. Go to Logging > Logs Router and click on three dots to select 'View sink details'.

  2. Sink details includes a field Writer Identity. Copy the service account from this field.

  3. Go to the Topic page. This topic is the one which is the 'Destination' field in the sink details page.

  4. Select the Topic, validate the correct topic name and click on 'View Permissions' from the manage options(those three dots at right most corner)

5. Click on 'Add Principle' and fill the information as below.

New Principle: <Service account copied from step 2 above>

Remove Keywords "serviceAccount:" from the copied content.


Select A Role: Pub/Sub Publisher


6. Click Save.


Verify the fix


  • Go back to the project and use this logging filter to check sink logs.

resource.type=logging_sink AND resource.labels.name=<your sink name>

  • You should not see any more errors(if this was the only one you have been getting)

  • Alternatively, you could go to the sink configuration and choose the option 'Troubleshoot sink'


Thank you for reading. Let me know if this helps :)


536 views0 comments
Post: Blog2_Post
bottom of page