Closed Bug 1711562 Opened 4 years ago Closed 4 years ago

Add the `moz-fx-data-experiments` project to Looker

Categories

(Data Platform and Tools Graveyard :: Operations, task, P3)

Product:
Data Platform and Tools Graveyard
Component:
Operations
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ascholtz, Assigned: ascholtz)

References

Details

(Whiteboard: [dataplatform])

Attachments

(1 file)

GitHub Pull Request
66 bytes, text/x-github-pull-request
Details | Review

We are planning to move some experimentation related dashboards to Looker. For this, access to tables in moz-fx-data-experiments is required.

Adding workgroup:dataops-managed/looker to https://github.com/mozilla-services/data-sandbox-terraform/blob/main/projects/experiments-analysis/project/main.tf#L59 is probably the correct way to add this access.

Blocks: 1697149
Whiteboard: [data-platform-infra-wg]

(In reply to Wesley Dawson [:whd] from comment #1)

Adding workgroup:dataops-managed/looker to https://github.com/mozilla-services/data-sandbox-terraform/blob/main/projects/experiments-analysis/project/main.tf#L59 is probably the correct way to add this access.

ascholtz - Is this still needed? Do you want to pursue a PR for this?

Points: --- → 2
Flags: needinfo?(ascholtz)
Priority: -- → P3
Assignee: nobody → ascholtz
Flags: needinfo?(ascholtz)

Yes, still needed. I can take this.

Attached file GitHub Pull Request

I've tried creating a view for a table in moz-fx-data-experiments in Looker after adding the workgroup but I am getting a permissions denied error: User does not have permission to query table moz-fx-data-experiments:monitoring.logs. Also the project doesn't show up as "Database" under the telemetry connection. Is there something that is missing here? Does this project need to be added by a Looker admin?

Flags: needinfo?(fbertsch)

It looks like the PR was merged but not applied. The apply process is not automated but is described in the docs for the repo. I ran the following to apply it:

$ cd data-sandbox-terraform/projects/experiments-analysis/project
$ terraform apply
module.project.random_id.project: Refreshing state... [id=OpQ]
module.project.google_project.project: Refreshing state... [id=projects/moz-fx-data-experiments]
google_service_account.partybal: Refreshing state... [id=projects/moz-fx-data-experiments/serviceAccounts/partybal@moz-fx-data-experiments.iam.gserviceaccount.com]
google_storage_bucket.mozanalysis: Refreshing state... [id=mozanalysis]
google_project_service.storage: Refreshing state... [id=moz-fx-data-experiments/storage.googleapis.com]
google_project_iam_binding.project_object_viewer: Refreshing state... [id=moz-fx-data-experiments/roles/storage.objectViewer]
google_project_iam_member.bigquery_dataviewer["serviceAccount:bigquery-grafana-viewer@moz-fx-data-derived-datasets.iam.gserviceaccount.com"]: Refreshing state... [id=moz-fx-data-experiments/roles/bigquery.dataViewer/serviceaccount:bigquery-grafana-viewer@moz-fx-data-derived-datasets.iam.gserviceaccount.com]
google_project_iam_member.bigquery_dataviewer["serviceAccount:bigquery-redash-viewer@mozdata.iam.gserviceaccount.com"]: Refreshing state... [id=moz-fx-data-experiments/roles/bigquery.dataViewer/serviceaccount:bigquery-redash-viewer@mozdata.iam.gserviceaccount.com]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # google_project_iam_member.bigquery_dataviewer["serviceAccount:looker-access@mozdata.iam.gserviceaccount.com"] will be created
  + resource "google_project_iam_member" "bigquery_dataviewer" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:looker-access@mozdata.iam.gserviceaccount.com"
      + project = "moz-fx-data-experiments"
      + role    = "roles/bigquery.dataViewer"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_project_iam_member.bigquery_dataviewer["serviceAccount:looker-access@mozdata.iam.gserviceaccount.com"]: Creating...
google_project_iam_member.bigquery_dataviewer["serviceAccount:looker-access@mozdata.iam.gserviceaccount.com"]: Creation complete after 9s [id=moz-fx-data-experiments/roles/bigquery.dataViewer/serviceaccount:looker-access@mozdata.iam.gserviceaccount.com]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Flags: needinfo?(fbertsch)

Thanks, that worked! I didn't realize this process wasn't automated, good to know.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Product: Data Platform and Tools → Data Platform and Tools Graveyard
Whiteboard: [data-platform-infra-wg] → [dataplatform]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: