从Firebase云功能访问Google App Engine端点
[英]Access Google App Engine endpoint from Firebase cloud function
问题描述
I have a firebase cloud function which gets triggered when there is a change in firebase realtime database. 
我有一个firebase云功能,当firebase实时数据库发生更改时会触发该功能。 In the cloud function I want to hit my app engine endpoint. 在云端功能中,我想点击我的应用引擎端点。 The app engine endpoint is configured with security constraint of "admin" only access. 应用引擎端点配置了“仅管理员”访问权限的安全约束。 (Note: the endpoint is deployed in a different app engine project than my firebase cloud function project. Both the projects are deployed in same google cloud account) (请注意:端点部署在与我的Firebase云功能项目不同的App Engine项目中。两个项目都部署在同一个Google Cloud帐户中)
I tried to get the application default credential from the cloud function and used it in the HTTP request to the endpoint but it is getting re-directed to the sign-in page. 我试图从云功能获取应用程序默认凭据,并在HTTP请求中将其用于终结点,但是它正被重定向到登录页面。
What is the role of the application default credential of firebase cloud function? Firebase云功能的应用程序默认凭据的作用是什么? Are there alternate ways of achieving this? 是否有其他方法可以实现这一目标?
Firebase cloud function: Firebase云功能:
const gal = require('google-auth-library');
exports.makeUppercase = functions.database.ref('/{deviceId}/status')
.onWrite(event => {
const auth = new gal.GoogleAuth();
try {
auth.getApplicationDefault().then(
function(res) {
let client = res.credential;
if (client.createScopedRequired && client.createScopedRequired()) {
const scopes = ['https://www.googleapis.com/auth/cloud-platform'];
client = client.createScoped(scopes);
}
console.log(client);
const url = 'https://my-secure-service-dot-my-project.appspot.com/secureEndPoint';
client.request({url}).then(
function(response) {
console.log(response.data);
}
).catch(err => {
console.error(err);
return err;
});
}
).catch(err => {
console.error(err);
return err;
});
} catch (e) {
console.error(e);
}
});
EDIT: I deployed the endpoint in the same project as the cloud function project. 编辑:我将端点部署在与云功能项目相同的项目中。 Still the endpoint access fails 端点访问仍然失败
EDIT: Below is the web.xml portion where the security constraints are specified for the end point: 编辑:下面是web.xml部分,其中为终点指定了安全约束:
<security-constraint> <web-resource-collection> <web-resource-name>all</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
1 个解决方案
解决方案1
0 已采纳 2018-01-24 09:48:42
Here are two working examples for accessing a protected GAE endpoint by using Identity Aware Proxy(IAP) . 这是两个使用Identity Aware Proxy(IAP)访问受保护的GAE端点的工作示例。 Notice : IAP will restrict access to the entire application rather then to specific handlers as with login: admin . 注意 :IAP将限制对整个应用程序的访问,而不是对特定处理程序的访问,如with login: admin 。
According to app.yaml reference for standard login: admin is a medium for a real user to connect to an endpoint using a browser. 根据app.yaml关于标准 login: admin 参考 login: admin是实际用户使用浏览器连接到端点的媒介。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.