- What Grafana version and what operating system are you using?
Grafana Cloud, using Grafana Agent installed on a Mac Client
- What are you trying to achieve?
Using logcli or the HTTP REST API to access the Loki logs datasource
This is being provisioned using the config.yml on the device
and uses basic auth to post log data to the cloud instance
- How are you trying to achieve it?
Currently Im able to add log read permissions to the API key along with granting datasource access to enable me to run queries on the log datasource. That works fine however Im well aware that giving a API client token read and write to a datasource is not best practice and is something I only want to do in testing.
- What happened?
This enables me to get direct access to the log data posted from clients.
Id like to be able to access the datasource using a secondary account so I can remove the extra permissions added to the token. I thought perhaps a service account would be the route but it only has access to the datasource config not the data source itself from what I can see.
- What did you expect to happen?
To be able to authenticate against the datasource itself using another API Key or a service account. Is that possible?
- Can you copy/paste the configuration(s) that you are having problems with?
This is how Im currently accessing the datasource using the api key generated when the datasource was created
curl --location ‘https://logs-prod-***.grafana.net/loki/api/v1/query_range’
–header ‘Authorization: Basic ******’
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
Did you follow any online instructions? If so, what is the URL?