I have a Datastore instance that contains public data. I want website users to query the database when they visit a particular url. Once the data is fetched, I'll use javascript to aggregate and display the data. It's a static site so I can't do this from a back end.
Is it possible to do this without creating a service account and using credentials? Cloud functions has the allUsers permission and I was hoping there is something similar for Datastore?
If it isn't possible to make the data public, I guess I could use a Cloud function. But I'd like to confirm there isn't a simpler solution first.
This is a use case that's supported with Firestore in Native mode and the Firebase Web SDK (docs).
For Datastore, you are correct. You would need to use a something like a Cloud Function to make a back-end. By default, the Cloud Function service account has permission to access to a Datastore database in the same project.
After looking for a while I think that it is possible to make a Google DataStore database publicly readable, in this link you will find an explanation of how to do that.
Best regards.
Related
I've been googling around, reading the google cloud platform docs but can't find the answer to bulk deleting users from the Identity Platform.
We have a dev application that we use for testing. We want to remove all authenticated users and start fresh. See below the image where I multi select and get no option to delete all the users.
I've searched for gcloud cli commands to do this but with no luck, the documentation on this functionality is not well surfaced.
I would be happy with answers to:
Bulk delete through the G cloud UI
Delete ALL authenticated users through gcloud cli
Delete all users per tenant
You can make use of the Identity Toolkit API for bulk deleting users.
If you read through the Admin APIs guide for Identity Platform on Google Cloud, you will also notice that they recommend using the Admin APIs for user management.
What you are looking for is:
projects.accounts.lookup for looking up all users (or projects.tenants.accounts.lookup if you want to look up for a specific tenant).
projects.accounts.bachDelete for bulk-deleting users in your project (or projects.tenants.accounts.batchDelete if you want to target a specific tenant).
Trying to find a way to add members to google group through google API but any search result always end up in using admin sdk for this. But for using Admin SDK it requires to sign up on Google workspace. Is there any other way to achieve the same without signing up on workspace through simple api call using OAuth.
You are not a Google Workspace user but a Consumer (gmail) user
You do not have access to the Admin SDK (apart from for publicly available methods)
In this case, you can retrieve Google Groups programmatically is via GroupsApp in Google Apps Script.
However, this only allows you to get group / user information, not to create new users.
Unfortunately the latter is a service that is only available for Google Workspace users.
I am running several gcloud services which have assigned urls automatically in following format:
https://SERVICE_NAME-XXXXXXX-ew.a.run.app/
This is not particularly easy to work with and to pass these URLs to clients. Alternative is to use the custom domain, but this needs hardcoding subdomains within DNS records (as far as I understand) and I would like to avoid that and use the default URLs.
What is the best practice to work with these URLs? I can imagine keeping some mapping of service->URL and passing it to clients, but I would like to avoid reinventing the wheels.
Edit: I've released an external tool called runsd that lets you do this. Check it out: https://github.com/ahmetb/runsd
Thanks for this question! The "Service discovery by name" for Cloud Run is very much an active area of work. Though, there are no active timelines we can share yet.
You can see a prototype of me running this on Cloud Run here: https://twitter.com/ahmetb/status/1233147619834118144
APIs like Google Cloud Service Directory linked are geared more towards custom/DIY service discovery you might want to build to your RPC stack such as gRPC. It's more of a managed domain name directory, that you can integrate with your RPC.
If you are interested in participating an alpha for this feature in the future, drop me an email at ahmetb at google.
You can use a beta service Service Directory.
At service deployment
Create your service with a name and the URL as metadata
In your code
Request the service metadata with its name, and get the URL
Use the url
You can't use the endpoint feature of the service because your don't have IP/Port.
However, for now, there is client library and you have to use API directly.
I have learned that Memorystore has full support for Redis protocols but there are some limitations. Please help me address the following challenges.
Unlike Redis Memorystore doesn't seem to support Master-Slave provisioning to incorporate Read Write/Read Only specific requests. Is there any workaround?
Existing Redis setup has password protected authentication mechanism in place? How do we enable Auth config for Memorystore?
Existing application level client codes are written in C++. Is there any workaround to leverage the existing codes to connect Memorystore?
Thanks in advance.
I will try to address your questions individually, for better formatting and in case you have further doubts on them.
As you mentioned and confirmed by a Google Agent here, Memorystore doesn't support Master-Slave provision. For now, it doesn't have a workaround for it as well. I believe opening a Feature Request with Google or answering the above Google Group question might be a good option, to receive an official return from Google.
For you to configure authentication in your Memorystore, you need to create a service account and set an environment variable. The steps to achieve that are the following:
In the Cloud Console, go to the Create service account key page.
Go to the Create Service Account Key page
From the Service account list, select New service account.
In the Service account name field, enter a name.
From the Role list, select Project > Owner.
Click Create. A JSON file that contains your key downloads to your computer.
Set the environment variable using the following command - next is an example: export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/[FILE_NAME].json".
There isn't official support to C++, however, you can use Client Libraries to connect to the API of the language you want. It might be worth it to give it a try with connecting to C++. I found this repository provided by Google, related to C++, that can be used to connect. This seems to be the only available option.
I hope these answers will help you, clarifying your doubts about the product.
Let me know if the information helped you!
I'm trying to create a Dialogflow Agent via API, It require a GCP project that also have to be created via API.
Actually both works well when the end user has already been once in the GCP console and accept the new terms and services.
The problem is that I would like to create the agent without the end user to have to perform any action on Google Cloud Platform.
Before it was possible, but it seems Google added a new terms of services for APIs on the GCP console that pop up the first time the user log in.
My question is, do you think there's any possibility to accepte those terms of services via Oauth or any other possibility?
Seems like Dialogflow still does it well.. so it should be possible :p
TY.
As stated by #John Hanley the user must login to accept the TOS so that the user-entity is bound to the Terms. Here you may find all the information regarding Google APIs Terms of Service.