Tableau MCP Server

# ✅ Phase 6 Deployment - SUCCESS! **Date**: November 19, 2025 **Status**: Service Deployed and Healthy **Action Required**: IAM Permission Fix --- ## 🎉 Deployment Summary ### Service Information - **Service Name**: `tableau-mcp-staging` - **Service URL**: `https://tableau-mcp-staging-bh375nkujq-ts.a.run.app` - **Region**: `australia-southeast1` - **Project**: `broker-pulse-gcp` - **Status**: ✅ Healthy (All health checks passing) ### Service Configuration - **Environment**: Staging - **Min Instances**: 0 (scale to zero) - **Max Instances**: 5 - **CPU**: 1 core - **Memory**: 512Mi - **Timeout**: 300 seconds ### Secrets Configured - ✅ `tableau-token-staging` - Tableau Personal Access Token - ✅ `mcp-api-key-staging` - MCP API Key for authentication ### Environment Variables Set - `NODE_ENV=staging` - `TABLEAU_SERVER_URL=https://10ay.online.tableau.com` - `TABLEAU_SITE_ID=mymomentumintelligence` - `TABLEAU_TOKEN_NAME=Tableau-MCP-Staging` - `TABLEAU_API_VERSION=3.23` --- ## 🔐 MCP API Key (Save This!) **API Key for Cursor Configuration (Phase 7):** ``` 1rJ8DviFGb97OZ3Uu4HxwWXhNoEPVCj0 ``` **⚠️ IMPORTANT**: Save this API key securely. You'll need it to configure Cursor in Phase 7. --- ## ⚠️ Action Required: IAM Permission Fix The service is deployed and healthy, but requires an IAM policy update to allow public access. ### Required Command (Needs Admin Permissions) Someone with `run.services.setIamPolicy` permission needs to run: ```bash gcloud run services add-iam-policy-binding tableau-mcp-staging \ --region=australia-southeast1 \ --member=allUsers \ --role=roles/run.invoker ``` ### Why This Is Needed - Cloud Run services require explicit IAM policy to allow unauthenticated access - The deploy command included `--allow-unauthenticated`, but the IAM policy couldn't be set due to permission restrictions - Once this command is run, all endpoints will be accessible (with API key required for MCP endpoint) ### Who Can Run This - Google Cloud Project Owner - User with `Cloud Run Admin` role - User with `run.services.setIamPolicy` permission --- ## 🧪 Testing After IAM Fix Once the IAM policy is updated, test these endpoints: ### 1. Health Check (No auth required) ```bash curl https://tableau-mcp-staging-bh375nkujq-ts.a.run.app/health ``` **Expected Response:** ```json { "status": "healthy", "timestamp": "2025-11-19T..." } ``` ### 2. Readiness Check (No auth required) ```bash curl https://tableau-mcp-staging-bh375nkujq-ts.a.run.app/ready ``` **Expected Response:** ```json { "status": "ready", "tableau": "connected", "timestamp": "2025-11-19T..." } ``` ### 3. Liveness Check (No auth required) ```bash curl https://tableau-mcp-staging-bh375nkujq-ts.a.run.app/alive ``` **Expected Response:** ```json { "status": "alive", "uptime": 123.45, "timestamp": "2025-11-19T..." } ``` ### 4. MCP SSE Endpoint (Requires API key) ```bash curl -H "X-API-Key: 1rJ8DviFGb97OZ3Uu4HxwWXhNoEPVCj0" \ https://tableau-mcp-staging-bh375nkujq-ts.a.run.app/sse ``` **Expected**: Server-Sent Events stream connection --- ## 📊 Service Health Status Service health checks (as of deployment): - ✅ **Ready**: True - ✅ **ConfigurationsReady**: True - ✅ **RoutesReady**: True All systems operational! --- ## 📝 Phase 7 - Cursor Integration (Next Step) Once IAM permissions are fixed and endpoints are accessible, proceed to Phase 7: ### Cursor MCP Configuration Create file: `C:\Users\MomentumMedia\.cursor\agile\shared-tools\mcp\tableau.json` ```json { "mcpServers": { "tableau": { "url": "https://tableau-mcp-staging-bh375nkujq-ts.a.run.app/sse", "headers": { "X-API-Key": "1rJ8DviFGb97OZ3Uu4HxwWXhNoEPVCj0" }, "description": "Tableau Cloud MCP Server for mymomentumintelligence site" } } } ``` --- ## 🎯 What Was Accomplished ### ✅ Completed Tasks 1. ✅ Enabled Google Cloud APIs (Cloud Run, Secret Manager, Cloud Build) 2. ✅ Created Tableau Personal Access Token 3. ✅ Created secrets in Google Secret Manager 4. ✅ Fixed `.dockerignore` to include necessary build files 5. ✅ Created `.gcloudignore` for Cloud Build uploads 6. ✅ Built Docker image using Cloud Build 7. ✅ Deployed service to Cloud Run (staging) 8. ✅ Verified service health status ### 🔨 Issues Resolved During Deployment 1. **`.dockerignore` excluded source files** - Fixed by commenting out `src/`, `*.ts`, `tsconfig.json` 2. **`.dockerignore` excluded `package-lock.json`** - Fixed by commenting out exclusion 3. **Files not uploaded to Cloud Build** - Fixed by creating `.gcloudignore` 4. **PORT environment variable conflict** - Removed PORT (Cloud Run sets automatically) ### ⏳ Pending 1. ⏳ IAM policy update (requires admin permissions) 2. ⏳ Endpoint testing (blocked by IAM issue) 3. ⏳ Phase 7: Cursor integration (blocked by IAM issue) --- ## 💰 Cost Estimate **Staging Environment** (scale to zero): - **Idle**: $0/month (scales to zero when not in use) - **Active**: ~$0.10-0.50/day when in use - **Estimated Monthly**: $5-15/month (very low usage) **Secrets (Google Secret Manager)**: - 2 secrets × $0.06/month = $0.12/month **Total Estimated Cost**: ~$5-20/month --- ## 📞 Support ### If Endpoints Return 403 After IAM Fix 1. Check Cloud Run logs: ```bash gcloud run logs read tableau-mcp-staging --region=australia-southeast1 --limit=50 ``` 2. Verify secrets are accessible: ```bash gcloud secrets versions access latest --secret=tableau-token-staging gcloud secrets versions access latest --secret=mcp-api-key-staging ``` 3. Check service configuration: ```bash gcloud run services describe tableau-mcp-staging --region=australia-southeast1 ``` ### Contact - **Deployed By**: russel.enriquez@agilemi.com.au - **Project**: broker-pulse-gcp - **Deployment Date**: November 19, 2025 --- ## 🚀 Quick Access Links - **Service URL**: https://tableau-mcp-staging-bh375nkujq-ts.a.run.app - **Cloud Console**: https://console.cloud.google.com/run/detail/australia-southeast1/tableau-mcp-staging?project=broker-pulse-gcp - **Cloud Build History**: https://console.cloud.google.com/cloud-build/builds?project=broker-pulse-gcp&region=australia-southeast1 - **Secret Manager**: https://console.cloud.google.com/security/secret-manager?project=broker-pulse-gcp --- **Phase 6 Status**: ✅ **SUCCESSFULLY DEPLOYED** (pending IAM fix) **Next Phase**: Phase 7 - Cursor Integration