堆栈内存溢出
  简体   繁体   English

为 GCP 认证用户访问 Cloud Run URL

[英]Access Cloud Run URL for GCP authenticated users

 原文  2022-08-24 18:53:40       google-cloud-platform/ google-cloud-run/ google-cloud-iam

问题描述

Using IAM, is there any simple way to let a GCP console logged in user to access a Cloud Run URL?使用 IAM,是否有任何简单的方法可以让 GCP 控制台登录用户访问 Cloud Run URL?

The idea here is to have a lightweight way to protect the access to some URLs for people who are already logged in to the console.这里的想法是有一种轻量级的方式来保护已经登录到控制台的人对某些 URL 的访问。

So I don't want the world to have access, only my GCP users.所以我不希望全世界都可以访问,只有我的 GCP 用户可以访问。

It seems that the options are either:似乎选项是:

  • Setup IAP for Cloud Run => costly (load balancer) and not exactly simple为 Cloud Run 设置 IAP => 成本高(负载均衡器)而且并不简单
  • Setup the container to require authentication, generate a token from the console, use a browser extension and inject the said token on each request.将容器设置为需要身份验证,从控制台生成令牌,使用浏览器扩展并在每个请求中注入所述令牌。

Note: I tried to setup a container as allowing non authenticated calls but removing the allUsers principal from the Invoker role and stick to a particular email address.注意:我尝试将容器设置为允许未经身份验证的调用,但从 Invoker 角色中删除 allUsers 主体并坚持使用特定的 email 地址。 The URL ended up still being available to non authenticated browsers. URL 最终仍可用于未经身份验证的浏览器。

Seems like a very simple use case but unless I am missing something, the options are all over-the-top.似乎是一个非常简单的用例,但除非我遗漏了什么,否则选项都是多余的。

Thanks,谢谢,

1 个解决方案

解决方案1
 0  2022-08-24 21:53:01

Maybe this might work for you (don't necessarily know if it's the best architecture)也许这可能对你有用(不一定知道它是否是最好的架构)

  1. Deploy cloud run and ONLY allow for aunthenticated invocation部署云运行并仅允许经过身份验证的调用

  2. Create a very simple GAE project.创建一个非常简单的 GAE 项目。 Add login: required to app.yaml so that anyone trying to load the app is forced to loginlogin: required添加到app.yaml以便任何尝试加载应用程序的人都被迫登录

  3. Your GAE code can then invoke the cloud run endpoint.然后,您的 GAE 代码可以调用云运行端点。 Your code will generate a token and include it as a header when making the call to the cloud run endpoint.在调用云运行端点时,您的代码将生成一个令牌并将其作为 header 包含在内。 See this documentation请参阅本文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GCP 云运行限制 - GCP Cloud Run Limits 如何给运行在GCP cloud run上的应用授予访问gcp服务的权限 - How to give permission to applications running on GCP cloud run to access gcp services Grafana 中的 GCP 云运行日志 - GCP Cloud Run Logs in Grafana Cloud Run for Anthos 在 GCP 中的部署下不可用 - Cloud Run for Anthos is not available under deployment in GCP Google Cloud Run:从 GCP 外部调用 - Google Cloud Run: Calling from outside GCP GCP,Cloud Run 外部 IP 不工作 - GCP, Cloud Run external IP is not working 使用一个网关访问在 gcp 中运行的云中托管的多项服务 - using one single gateway to access multiple services hosted in cloud run in gcp 是否可以在 GCP 中通过云功能或云运行来触发云内存存储? - Is it possible to trigger cloud memorystore by cloud functions or cloud run in GCP? 将 docker-compose 部署到 Cloud Run 或 GCP? - Deploying docker-compose to Cloud Run OR GCP? GCP Cloud Run:应用程序执行可能失败 - GCP Cloud Run : Application exec likely failed
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM