node: add options --telemetryServiceAccountFile and --telemetryProject

node/cmd/guardiand/node.go

@@ -57,6 +57,7 @@ import (
 	"go.uber.org/zap"
 
 	ipfslog "github.com/ipfs/go-log/v2"
+	googleapi_option "google.golang.org/api/option"
 )
 
 var (
@@ -199,9 +200,11 @@ var (
 	tlsProdEnv  *bool
 
 	disableHeartbeatVerify *bool
-	disableTelemetry       *bool
 
-	telemetryKey *string
+	disableTelemetry            *bool
+	telemetryKey                *string
+	telemetryServiceAccountFile *string
+	telemetryProject            *string
 
 	bigTablePersistenceEnabled *bool
 	bigTableGCPProject         *string
@@ -360,6 +363,10 @@ func init() {
 
 	telemetryKey = NodeCmd.Flags().String("telemetryKey", "",
 		"Telemetry write key")
+	telemetryServiceAccountFile = NodeCmd.Flags().String("telemetryServiceAccountFile", "",
+		"Google Cloud credentials json for accessing Cloud Logging")
+	telemetryProject = NodeCmd.Flags().String("telemetryProject", defaultTelemetryProject,
+		"Google Cloud Project to use for Telemetry logging")
 
 	bigTablePersistenceEnabled = NodeCmd.Flags().Bool("bigTablePersistenceEnabled", false, "Turn on forwarding events to BigTable")
 	bigTableGCPProject = NodeCmd.Flags().String("bigTableGCPProject", "", "Google Cloud project ID for storing events")
@@ -785,6 +792,10 @@ func runNode(cmd *cobra.Command, args []string) {
 		}
 	}
 
+	if *telemetryKey != "" && *telemetryServiceAccountFile != "" {
+		logger.Fatal("Please do not specify both --telemetryKey and --telemetryServiceAccountFile")
+	}
+
 	// Complain about Infura on mainnet.
 	//
 	// As it turns out, Infura has a bug where it would sometimes incorrectly round
@@ -966,17 +977,27 @@ func runNode(cmd *cobra.Command, args []string) {
 		}
 	}
 
-	// Enable unless it is disabled. For devnet, only when --telemetryKey is set.
-	if !*disableTelemetry && (!*unsafeDevMode || *unsafeDevMode && *telemetryKey != "") {
-		logger.Info("Telemetry enabled")
+	var hasTelemetryCredential bool = *telemetryKey != "" || *telemetryServiceAccountFile != ""
 
-		if *telemetryKey == "" {
-			logger.Fatal("Please specify --telemetryKey")
+	// Enable unless it is disabled. For devnet, only when --telemetryKey is set.
+	if !*disableTelemetry && (!*unsafeDevMode || *unsafeDevMode && hasTelemetryCredential) {
+		if !hasTelemetryCredential {
+			logger.Fatal("Please either specify --telemetryKey or --telemetryServiceAccountFile or set --disableTelemetry=false")
 		}
 
-		creds, err := decryptTelemetryServiceAccount()
-		if err != nil {
-			logger.Fatal("Failed to decrypt telemetry service account", zap.Error(err))
+		var options []googleapi_option.ClientOption
+
+		if *telemetryKey != "" {
+			creds, err := decryptTelemetryServiceAccount()
+			if err != nil {
+				logger.Fatal("Failed to decrypt telemetry service account", zap.Error(err))
+			}
+
+			options = append(options, googleapi_option.WithCredentialsJSON(creds))
+		}
+
+		if *telemetryServiceAccountFile != "" {
+			options = append(options, googleapi_option.WithCredentialsFile(*telemetryServiceAccountFile))
 		}
 
 		// Get libp2p peer ID from private key
@@ -986,18 +1007,24 @@ func runNode(cmd *cobra.Command, args []string) {
 			logger.Fatal("Failed to get peer ID from private key", zap.Error(err))
 		}
 
-		tm, err := telemetry.New(context.Background(), telemetryProject, creds, *publicRpcLogToTelemetry, map[string]string{
+		labels := map[string]string{
 			"node_name":     *nodeName,
 			"node_key":      peerID.Pretty(),
 			"guardian_addr": guardianAddr,
 			"network":       *p2pNetworkID,
 			"version":       version.Version(),
-		})
+		}
+
+		tm, err := telemetry.New(context.Background(), *telemetryProject, *publicRpcLogToTelemetry, labels, options...)
 		if err != nil {
 			logger.Fatal("Failed to initialize telemetry", zap.Error(err))
 		}
 		defer tm.Close()
 		logger = tm.WrapLogger(logger)
+
+		logger.Info("Telemetry enabled",
+			zap.String("publicRpcLogDetail", *publicRpcLogDetailStr),
+			zap.Bool("logPublicRpcToTelemetry", *publicRpcLogToTelemetry))
 	} else {
 		logger.Info("Telemetry disabled")
 	}
@@ -1596,7 +1623,7 @@ func decryptTelemetryServiceAccount() ([]byte, error) {
 		return nil, fmt.Errorf("failed to decode: %w", err)
 	}
 
-	ciphertext, err := base64.StdEncoding.DecodeString(telemetryServiceAccount)
+	ciphertext, err := base64.StdEncoding.DecodeString(defaultTelemetryServiceAccountEnc)
 	if err != nil {
 		panic(err)
 	}

node/cmd/guardiand/telemetry.go

@@ -11,9 +11,9 @@ package guardiand
 // By using a separate key, we can keep the configuration decoupled from the telemetry backend,
 // allowing the key to be replaced or even a different provider to be used without changing the config.
 
-const telemetryProject = "projects/wormhole-logging"
+const defaultTelemetryProject = "projects/wormhole-logging"
 
-const telemetryServiceAccount = `
+const defaultTelemetryServiceAccountEnc = `
 RcLwG218oFn9tVWlsl6ZbYQdiny2w13G49Be5UucgwFAdxYP5DilBQhhd0lN900VM25k3joR2VHwtZ90
 GCQQjjbjqQ7Pm9aAkH0Yp3ngHO111IhFm6yCQMYXl+t7hjEN/0rvju19sm+vdLJx1ECzogAnBRFAlf8I
 k1jTzxA+elAWIT6/C6wfFpE69eJbFCKt6g4LnpajOu1OI812gR+3k8r6gyoVUlhUY36RjTjsE/2Fxxz9

node/pkg/telemetry/telemetry.go

@@ -33,12 +33,14 @@ type ExternalLoggerGoogleCloud struct {
 }
 
 func (logger *ExternalLoggerGoogleCloud) log(time time.Time, message json.RawMessage, level zapcore.Level) {
-	logger.Log(google_cloud_logging.Entry{
+	entry := google_cloud_logging.Entry{
 		Timestamp: time,
 		Payload:   message,
 		Severity:  logLevelSeverity[level],
 		Labels:    logger.labels,
-	})
+	}
+	// call google cloud logger
+	logger.Log(entry)
 }
 
 func (logger *ExternalLoggerGoogleCloud) flush() error {
@@ -111,8 +113,8 @@ func NewExternalLogger(skipPrivateLogs bool, externalLogger ExternalLogger) (*Te
 
 // New creates a new Telemetry logger with Google Cloud Logging
 // skipPrivateLogs: if set to `true`, logs with the field zap.Bool("_privateLogEntry", true) will not be logged by telemetry.
-func New(ctx context.Context, project string, serviceAccountJSON []byte, skipPrivateLogs bool, labels map[string]string) (*Telemetry, error) {
-	gc, err := google_cloud_logging.NewClient(ctx, project, option.WithCredentialsJSON(serviceAccountJSON))
+func New(ctx context.Context, project string, skipPrivateLogs bool, labels map[string]string, opts ...option.ClientOption) (*Telemetry, error) {
+	gc, err := google_cloud_logging.NewClient(ctx, project, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("unable to create logging client: %v", err)
 	}