I have created an API Gateway and created an API config as well associated with it which lists a set of APIs. Now I want to add/modify a set of APIs. How do I update the same API config of this gateway?
I did it using gcloud CLI.
First create a new config using your updated open api spec file:
gcloud api-gateway api-configs create NEW_CONFIG_ID --api=MY_API --openapi-spec=openapi2-functions.yaml
Then update your api gateway with new config:
gcloud api-gateway gateways update MY-GATEWAY --api=MY-API --api-config=NEW_CONFIG_ID --location=YOUR_LOCATION
Referencing the official documentation, it states that:
NOTE: Only the name and labels may be updated on an API config.
Therefore, you would need to create a new API config if you want to add/modify a set of APIs.
The GCP documentation mentions you cannot update an existing API config, only its display name and labels, and you cannot delete an existing API config that is in use by a gateway; meaning you need to create a new API config altogether if your config file has changed.
A workaround I found for this was to:
Create new API config, point to gateway:
gcloud api-gateway api-configs create NEW_CONFIG_ID --api=MY_API --openapi-spec=openapi2-functions.yaml
gcloud api-gateway gateways update MY-GATEWAY --api=MY-API --api-config=NEW_CONFIG_ID --location=YOUR_LOCATION
Delete original config:
gcloud api-gateway api-configs delete OLD_CONFIG_ID --api=MY_API
Redeploy new API config with name of original config, using your updated config file, point to gateway:
gcloud api-gateway api-configs create OLD_CONFIG_ID --api=MY_API --openapi-spec=openapi2-functions.yaml
gcloud api-gateway gateways update MY-GATEWAY --api=MY-API --api-config=OLD_CONFIG_ID --location=YOUR_LOCATION
Delete new config:
gcloud api-gateway api-configs delete NEW_CONFIG_ID --api=MY_API
An awkward workaround but it allows for an automated redeployment of a similarly named API config file in a gateway.
Related
It doesn't seem possible to create an API Gateway config for a gateway i've created using:
gcloud api-gateway apis create test-api --project=acme-prd
Then the following command fails
gcloud api-gateway api-configs create 01 \
--api=test-api --openapi-spec=./acme-web-gateway-v2.yaml \
--project=acme-prd --backend-auth-service-account=svc-owner#acme-prd.iam.gserviceaccount.com
With the error:
ERROR: (gcloud.api-gateway.api-configs.create) FAILED_PRECONDITION: API Gateway Management Service Agent does not have permission to create Service Configs for Service "test-api-3qz6mxqfw7klr.apigateway.acme-prd.cloud.goog", or the Service does not exist.
Noting the service account svc-owner#acme-prd.iam.gserviceaccount.com has Owner privileges on the project.
Is there something I am missing? This is preventing a Terraform deployment. I've used gcloud commands to demonstrate the issue.
Also of note, this does not work in the GCP UI either. :(
Permissions granted to the account being used:
Cheers
KH
To resolve this, you will need to ensure that the Service Agent account has the necessary permissions for the specified service. Check API Gateway Service Account and verify if it has “Service Account User '' role associated with it.The apigateway.apis.create should have owner/editor permissions.
Check the Google Cloud Console or by using command gcloud services list to see if the Gateway API, Service Management API, Service Control API are enabled because these api are prerequisites.You will need to enable it if it is not already enabled.you enable by using below commands:
gcloud services enable apigateway.googleapis.com
gcloud services enable servicemanagement.googleapis.com
gcloud services enable servicecontrol.googleapis.com
Attaching documents for creating an api, Gateway API access , Troubleshooting for your reference.
Edit-1:
I have tried to create an API Gateway config for a gateway using below steps and successfully created an api config
Create an api gateway using below command
gcloud api-gateway apis create test-api
Creating an API config using the below command.
gcloud api-gateway api-configs create 01 --api=test-api --openapi-spec=openapi2-functions.yaml --project=project-id
Output is
waiting for API Config [01] to be created for API [test-api]...done.
I have taken openapi2-functions. Yaml file for this doc. Can you check if your yaml files has any mistakes.
The image below has the api config that i have created.
I have followed this guide, can try to create an api gateway using this and let me know if you have an issues.
When deploying a Python Flask app to AWS Lambda using Zappa
I think you can already do this for your IAM role using "manage_roles", "role_name" and "role_arn" but would be good if you could do it for API Gateway as well, or define the API Gateway settings when you deploy
I'm looking for a way to automate config updates for Google API Gateway, i.e. change config for an existing instance of "API Gateway" in a single step.
What I've tried so far, assuming that new API config name is "my-new-config" and API Gateway name is "my-gateway":
> gcloud beta api-gateway gateways update my-gateway --api-config=my-new-config --location=us-central1
Output:
ERROR: (gcloud.beta.api-gateway.gateways.update) INVALID_ARGUMENT: update_mask does not contain any field paths
> gcloud beta api-gateway gateways update my-gateway --api-config=my-new-config --location=us-central1 --display-name random-string-for-display-name
Output:
Command executes successfully, but config change is not applied.
gcloud version: 333.0.0
OS: Debian linux
I've created 2 tickets in Google's issue tracker (one, two), but there's no activity for them after 3 weeks.
Try with aplha instead of beta and specifying de API ID flag (--api):
gcloud alpha api-gateway gateways update my-gateway --api=api-id --api-config=my-new-config --location=us-central1
You're missing the --api flag in step 2, which seems to be required. It looks like without that specified, it doesn't make the right request.
You try to update api-config of api-gateway, here api is a required flag:
From the docs, when first is specified, second is mandatory:
[--api-config=API_CONFIG : --api=API]
api-config: This flag must be specified if any of the other arguments in this group are specified.
After i've added --api, it was possible to update the gateway with the new api-config
I am new to AWS API Gateways. I created an api named : test-api1. Also, I created a resource named test-resource1. Now I want to change the name of this resource. I couldn't find any option to rename resources.
Is this possible or do I need to create new resource?
The answer to this depends on how you deploy your API. If you use an OpenAPI spec, then you can rename your resource there. If you used a CloudFormation template (or a AWS CDK stack) then you can rename your resource there.
If you merely clicked-together your API in the AWS Management Console (Web UI), then there isn't a way in that Web UI to change the resource's name.
You have to revert to using the AWS CLI for that.
There is the apigateway update-resource AWS CLI command to update the name of an API Gateway API resource.
https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-resource.html
(search for "To rename a resource (pathPart) in an API"):
aws apigateway update-resource --rest-api-id <api-id> --resource-id <resource-id> --patch-operations op=replace,path=/pathPart,value=<new-name>
I am the owner of my newly created organization, I created a project under this organization and linked it to the organization billing account where I have 1000$ in credits. Through the web UI, I am able to spin up clusters, VMs, networks... But when I want to do so through gcloud, I am getting permissions denied. E.g.:
$ gcloud compute networks list
API [compute.googleapis.com] not enabled on project [XXX].
Would you like to enable and retry (this will take a few minutes)?
(y/N)? y
ERROR: (gcloud.compute.networks.create) PERMISSION_DENIED: The caller does not have permission
but I can see in the web UI GCP that the API is clearly enabled (and can be used), it's just the gcloud not letting me work with them. The account under gcloud is exactly the same I am using in the web console - validated by gcloud auth list and:
$ gcloud config configurations describe myproject
is_active: true
name: myproject
properties:
compute:
region: europe-west1
zone: europe-west1-b
core:
account: <my-email>
project: <the-project-I-want>
or
$ gcloud services list
ERROR: (gcloud.services.list) User [<myusername>] does not have permission to access project [myproject] (or it may not exist): The caller does not have permission
It works totally fine with a different account (and different organization/projects), but I didn't set up that one in the past. What should I do? Thanks a lot!
UPDATE:
After gcloud init, at least the gcloud services list started to work. But the rest did not:
$ gcloud services list
NAME TITLE
bigquery-json.googleapis.com BigQuery API
cloudapis.googleapis.com Google Cloud APIs
clouddebugger.googleapis.com Stackdriver Debugger API
cloudtrace.googleapis.com Stackdriver Trace API
compute.googleapis.com Compute Engine API
container.googleapis.com Kubernetes Engine API
containerregistry.googleapis.com Container Registry API
datastore.googleapis.com Cloud Datastore API
logging.googleapis.com Stackdriver Logging API
monitoring.googleapis.com Stackdriver Monitoring API
oslogin.googleapis.com Cloud OS Login API
pubsub.googleapis.com Cloud Pub/Sub API
servicemanagement.googleapis.com Service Management API
serviceusage.googleapis.com Service Usage API
sql-component.googleapis.com Cloud SQL
storage-api.googleapis.com Google Cloud Storage JSON API
storage-component.googleapis.com Google Cloud Storage
$ gcloud compute networks create testing-net --subnet-mode=custom '--description=Network to host testing kubernetes cluster'
API [compute.googleapis.com] not enabled on project [{PROJECT_ID}].
Would you like to enable and retry (this will take a few minutes)?
(y/N)? y
ERROR: (gcloud.compute.networks.create) PERMISSION_DENIED: The caller does not have permission
^ the PROJECT_ID above shows my organization's ID, not the actual project under this org.
So the problem was that I used the wrong project_id when gcloud config set project and gcloud defaulted to organization for some reason.
So I had to find correct project id using gcloud projects list and then use gcloud config set project {PROJECT-ID} (not the project name!)
gcloud init - if you wanted to switch gcloud to work between projects which will configure its settings to point to the right project.