Gallery

Glean Architecture

Glean Collaboration Exercise

Glean architecture

Glean Architecture overview

Areas in which it could go wrong

LOGS

Explore

Glean Collaboration Exercise

Config/Secret Store

DIAGRAM:

⁠

Screen Shot 2023-03-23 at 1.39.59 AM.png

⁠

STEPS:

Are you the IT admin of this company? Do you have admin permissions to the GCP project?

Steps to Validate

Either you or I can ask your IT admin if they can see the Doc.

The IT admin can see the Doc:

It is an issue with the customer’s permissions

Solution: Upgrade the customer’s permissions

Check that the user is provisioned correctly in Okta or Ping

Check that the user’s email domain matches the expected customer domain

⁠

check within Gsuite⁠

whether or not the user is assigned to the correct groups

The IT admin cannot see the Doc:

It be a company wide ACL issue. Like maybe new docs have the wrong ACL permissions.

Check if maybe the firewall configurations and IAM rules are set up correctly

Glean has alerts that detect when the firewall and IAM rules don’t match up so see if broadening up the firewall or changing the IAM rules fixes it

Do any errors pop up?

Inspect element

Right click, and select “inspect element”

⁠

Quick tutorial⁠

if you’ve never used it before

Check the console and Network tab.

Does an error pop up saying anything about a

Cloud Storage⁠

regex match.

Next steps:

Communicate to the customer that this means the query has been blocked by the company query blacklisting controls and they should talk to their IT Admin.

Have you changed your projects permissions recently?

To test this out you can check the

System Audit logs⁠

to see if theres been a change to the system configuration

Check that the customer has not changed the default for any GCP org level constraint for the project

follow this

GCP tutorial⁠

to generate a report of changes relative to an existing service configuration version

Have you changed the secrets to your Connector Handlers and the Identity & Permissions Store

Check to see if you recently rotated the credentials of the service accounts set up for Glean in the SaaS applications and forgot the update Glean with the new credentials

solution:

manually regenerate the secrets, replace the secrets with the new ones, and see if things are fixed then.

Go to the

Secrets manager⁠

⁠

If they are the IT admin, see if they can query within the Identity & Permission store and see if there are any permissions missing

example:

list of permissions for alert-monitoring@askscio.com⁠

⁠

The Customer’s Glean GCP has a “deployer” service account (glean-deployer) that can view the contents in the config Cloud Storage bucket.

Check that they are not running any other services in the GCP project that haven’t been run by the glean team

List the services running in the GCP project -

follow this⁠

⁠

Compare to the

expected architecture⁠

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.