I’m trying to use Runbook Automation to run SQL against Google BQ tables on different projects to determine what the next action should be for resolution. To query as a specific service account, I need to pass a file from the keystore, but I’m having difficulty accessing it from either a Bash script or an Option. Is there a paved path for plan for having a standard workflow step for running SQL against GCP BQ?
Page 1 / 1
Hi Andrew,
Currently, an option is to use the Google BQ command line in the Rundeck / Runbook Automation script steps. That way, you can create Google BQ command line tool scripts and dispatch SQL against your Google GCP BQ remote nodes.
Regards!
Hi Andrew,
Currently, an option is to use the Google BQ command line in the Rundeck / Runbook Automation script steps. That way, you can create Google BQ command line tool scripts and dispatch SQL against your Google GCP BQ remote nodes.
Regards!
I’m trying this, but the problem comes with the authentication. When I run the following, I haven’t been able to reference the key file that is in Key Store in the script.
gcloud auth activate-service-account --key-file=?
This is preventing the BQ commands from working.
Hello, Andrew.
I see. If you want to pass a file through the script, store it locally (on the rundek server) and refer to it in your script like this answer. Rundeck, by design (and for security reasons), cannot pass keys stored in the Key Storage to steps, only passwords via “Plain Text with Password Input” input as follows:
- defaultTab: nodes
description: ''
executionEnabled: true
id: 824066f5-0d97-46ab-8176-856a5f61d3cb
loglevel: INFO
name: HelloWorld
nodeFilterEditable: false
options:
- name: mypassword
secure: true
storagePath: keys/mypasswd
valueExposed: true
plugins:
ExecutionLifecycle: {}
scheduleEnabled: true
sequence:
commands:
- autoSecureInput: 'false'
passSecureInput: 'false'
script: echo @option.mypassword@
keepgoing: false
strategy: node-first
uuid: 824066f5-0d97-46ab-8176-856a5f61d3cbGreetings.
Hello, Andrew.
I see. If you want to pass a file through the script, store it locally (on the rundek server) and refer to it in your script like this answer. Rundeck, by design (and for security reasons), cannot pass keys stored in the Key Storage to steps, only passwords via “Plain Text with Password Input” input as follows:
- defaultTab: nodes
description: ''
executionEnabled: true
id: 824066f5-0d97-46ab-8176-856a5f61d3cb
loglevel: INFO
name: HelloWorld
nodeFilterEditable: false
options:
- name: mypassword
secure: true
storagePath: keys/mypasswd
valueExposed: true
plugins:
ExecutionLifecycle: {}
scheduleEnabled: true
sequence:
commands:
- autoSecureInput: 'false'
passSecureInput: 'false'
script: echo @option.mypassword@
keepgoing: false
strategy: node-first
uuid: 824066f5-0d97-46ab-8176-856a5f61d3cbGreetings.
I am an runbook automation user, not the admin of the runner, so I can’t store the file locally. Why does runbook automation have Key Storage if we can’t use them in our workflow steps? It sounds like they serve no purpose.
I’m also confused by the YAML above and how this relates to my need for an automation to reference the location of a key file. Is file processing not supported by runbook automation unless you are an admin of the runner?
Also, if the key file is just uploaded to the runner server somewhere, it wouldn’t be protected. I’m confused why the key files provided a location for how to reference them if they can not be referenced. For example:
Storage path: keys/project/AO_DNA_Automation/key_test
The above is provided for my key. Where in Runbook Automation can this be used to reference the key file when it is needed by a workflow step?
Are there any sample YAML files of a workflow step that execute gcloud authentication, followed by a BQ statement that uses that authentication to run a query?
Hi Andrew,
I am an runbook automation user, not the admin of the runner, so I can’t store the file locally. Why does runbook automation have Key Storage if we can’t use them in our workflow steps? It sounds like they serve no purpose.
The Key Storage is designed to store keys and use them to authenticate against Runbook Automation Model Sources/Node Executors. Only passwords can be used on the Workflow steps if you need to use them on your scripts.
Also, if the key file is just uploaded to the runner server somewhere, it wouldn’t be protected. I’m confused why the key files provided a location for how to reference them if they can not be referenced. For example:Storage path: keys/project/AO_DNA_Automation/key_test
Key Storage keys and password are saved on the encrypted backend. Here you can see an example of how are used.
Are there any sample YAML files of a workflow step that execute gcloud authentication, followed by a BQ statement that uses that authentication to run a query?
As a Runbook Automation user, please contact the Runbook Automation dedicated support team, they will help you ASAP.
Regards.
Reply
Login to PagerDuty Commons
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.