将 Flask BasicHTTPAuth 与 Google Cloud Functions 一起使用
[英]Using Flask BasicHTTPAuth with Google Cloud Functions
问题描述
I'm having difficulty with my Cloud Function in GCP that is simply supposed to return the raw XML stored in a GCS Bucket when invoked with a basic GET request.
我在使用 GCP 中的 Cloud Function 时遇到困难,当使用基本 GET 请求调用时,它应该返回存储在 GCS 存储桶中的原始 XML。 It works fine without any type of authentication, however since I added the Flask-HTTPAuth package to the mix in order to add some measure of security before exposing the endpoint, the application deploys fine, but crashes without any sort of hint as to why as soon as it is invoked.它可以在没有任何类型的身份验证的情况下正常工作,但是由于我将 Flask-HTTPAuth package 添加到混合中,以便在暴露端点之前添加一些安全措施,应用程序部署良好,但崩溃时没有任何关于原因的提示一旦被调用。 The error in SD Logging is as follows: SD Logging 中的错误如下:
severity: "DEBUG"
textPayload: "Function execution took 1847 ms, finished with status: 'crash'"
timestamp: "2020-07-15T17:22:15.158036700Z"
The function in question (anonymized):有问题的 function(匿名):
from flask import Flask, request, jsonify, make_response, abort
from flask_httpauth import HTTPBasicAuth
from google.cloud import storage, secretmanager
import google.cloud.logging
import logging
import sys
app = Flask(__name__)
auth = HTTPBasicAuth()
PROJECT_ID = 'example_project'
GCS_BUCKET = 'example_bucket'
users = ['example_user']
# Instantiate logger
client = google.cloud.logging.Client()
client.get_default_handler()
client.setup_logging()
@auth.verify_password
def verify_password(username, password):
# Instantiate the Secret Manager client.
sm_client = secretmanager.SecretManagerServiceClient()
# Load secrets
name = sm_client.secret_version_path(PROJECT_ID, 'example_secrets_ref', 1)
secrets_pass = sm_client.access_secret_version(name)
passwords = [secrets_pass]
if username in users and password in passwords:
logging.info('auth success')
return username
logging.info('auth fail')
return abort(403)
@app.route('/')
@auth.login_required
def latest_xml():
try:
request_json = request.get_json()#silent=True)
storage_client = storage.Client(project=PROJECT_ID)
bucket = storage_client.get_bucket(GCS_BUCKET)
blob = bucket.get_blob('latest_pull.xml')
latest_xml = blob.download_as_string()
logging.info('Loaded blob from GCS')
return(latest_xml)
except exception as e:
logging.error(str(e))
logging.error("Failed to load blob from GCS")
sys.exit(1)
if __name__ == '__main__':
app.run()
I've tried setting the entrypoint as both the main function as well as the auth function to no avail.我尝试将入口点设置为主 function 以及身份验证 function 无济于事。 My question is: is it possible to even use basic auth in a GCP Cloud Function or am I barking up the wrong tree here?我的问题是:甚至可以在 GCP 云 Function 中使用基本身份验证,还是我在这里叫错了树?
1 个解决方案
解决方案1
3 已采纳 2020-07-22 09:40:56
Your function doesn't enforce the standard signature for http function您的 function 不强制执行http function 的标准签名
def latest_xml(request):
...
Here you use a flask web server, which is not need, and not used by Cloud Functions.在这里,您使用 flask web 服务器,这不是必需的,Cloud Functions 也不使用它。 However, I recommend you to have a look to Cloud Run, and to add a simple and generic Dockerfile to deploy .但是,我建议您查看Cloud Run,并添加一个简单通用的 Dockerfile 来部署。 You can deploy your "function" as-is in a container and to have the same behavior as Cloud Functions.您可以将“功能”按原样部署在容器中,并具有与 Cloud Functions 相同的行为。
EDIT编辑
When you use flask, the request object is global for each request.当您使用 flask 时, request object 对于每个请求都是全局的。 You use it like this:你像这样使用它:
request_json = request.get_json()#silent=True)
With Cloud Functions, this object is caught by the Cloud Functions platform and passed in parameter to your function.使用 Cloud Functions,此 object 会被 Cloud Functions 平台捕获,并将参数传递给您的 function。
In the request object, you have the body of the request, useless in GET for example.在request object 中,您有请求的主体,例如在 GET 中无用。 But also, all the request context: headers, user agent, source ip,...而且,所有请求上下文:标头、用户代理、源 ip、...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.