[英]OpenAPI config for a Graphql backend using GCP API Gateway?
I have an apollo/graphql server sitting behind a GCP API gateway.我有一个位于 GCP API 网关后面的 apollo/graphql 服务器。 Google says it requires an OpenAPI spec to secure endpoints: https://cloud.google.com/api-gateway/docs/get-started-cloud-run#creating_an_api_config
谷歌表示它需要一个 OpenAPI 规范来保护端点: https://cloud.google.com/api-gateway/docs/get-started-cloud-run#creating_an_api_config
But how exactly would this look for securing a single graphql endpoint?但是,这将如何保护单个 graphql 端点? Also, as a side question, is a new API Gateway needed to be created for each Cloud Run/App Engine service?
另外,作为一个附带问题,是否需要为每个 Cloud Run/App Engine 服务创建一个新的 API 网关?
Thanks in advance.提前致谢。
Here's a repo that demonstrates what you want to achieve. 这是一个演示您想要实现的目标的存储库。 It's a GCP API Gateway fronting a GraphQL API on Cloud Run, secured with Identity-Aware Proxy.
它是 Cloud Run 上面向 GraphQL API 的 GCP API 网关,由身份识别代理保护。 Here's the API config from the link:
这是来自链接的 API 配置:
api-spec.yaml api-spec.yaml
swagger: '2.0'
info:
title: gcp-demo-api
description: Sample GraphQL API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
produces:
- application/json
paths:
/:
post:
summary: GraphQL endpoint
operationId: gql
x-google-backend:
address: https://PROJECT_AND_RANDOM_STRING.a.run.app/graphql # App URL/endpoint
jwt_audience: LONG_RANDOM_STRING.apps.googleusercontent.com # IAP client ID
responses:
'200':
description: A successful response
schema:
type: object
To answer your side question, it is important to understand what an API Gateway does.要回答您的附带问题,重要的是要了解 API 网关的作用。 An API Gateway is what stands between your user requests and your collection of backend services so all API requests goes through it.
API 网关位于您的用户请求和后端服务集合之间,因此所有 API 请求都通过它。
Therefore, you don't need to create a new API gateway for each service.因此,您无需为每个服务创建新的 API 网关。 It is possible in API Gateway to serve multiple services such as Cloud Run, App Engine, Cloud Functions, etc. by specifying the backend address on each endpoint.
在 API 网关中,通过在每个端点上指定后端地址,可以为 Cloud Run、App Engine、Cloud Functions 等多种服务提供服务。 Here's a link that further explains the concept.
这是进一步解释该概念的链接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.