This document describes how you can view all spans for a trace from a single context, when those spans are generated by applications stored in different Google Cloud projects that are in an organization.
Consider the case where you have Google Cloud projects A
and B
, and
assume that an application hosted by project B
makes a call into
an application hosted by project A
.
If you open the Google Cloud console and select project A
,
then you can only view trace spans generated by the applications hosted
by project A
. With the default configuration, you can't view the trace spans
generated by project B
when it makes a call into project A
.
To view the trace spans generated by project B
when it makes a call into
project A
from the context of project A
, use the cross-project capability of
Trace. By using this capability, when you are viewing trace
data for project A
, you can also view the spans generated by project B
when it performs the calls into project A
.
Configure projects, permissions, and applications
Perform the following configuration steps:
Associate each of your Google Cloud projects with the same organization.
If you create a new project in the context of the organization, then it is automatically created in the organization resource.
If you have a Google Cloud project that isn't part of an organization, then you can move it into your organization. For details, see Migrating existing projects.
-
To get the permissions that you need to view traces across projects, ask your administrator to grant you the following IAM roles on your projects or organization:
-
Cloud Trace User (
roles/cloudtrace.user
) on each project. -
Logging Viewer (
roles/logging.viewer
) on each project. -
Organization Viewer (
roles/resourcemanager.organizationViewer
) on the organization. You have been granted this role when the project selector includes a list of organizations.
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
-
Cloud Trace User (
Configure your applications to write traces to the projects in which they are hosted.
To force cross-project requests to be traced, attach a trace context header to the request.
View trace details across projects
After you have completed the configuration steps, to view traces across Google Cloud projects, do the following:
-
In the Google Cloud console, go to the Trace explorer page:
You can also find this page by using the search bar.
Select the project from which you plan to view your trace data. For example, you might select project
A
.The Trace explorer page opens and displays a scatter plot and a table that show the most recent traces.
To explore a specific trace, select the trace from the scatter plot or from the table, or enter its ID in the Trace ID field.
The Trace Details pane opens and displays all spans that you have permission to view, even when these spans are in different Google Cloud projects that are in the same organization.