Using PR Build as a Subdomain to Google Cloud Triggered Builds - google-cloud-platform

We are using Google Cloud triggered builds (refer documentation) and are successfully able to see results like:
https://VERSION_ID-dot-PROJECT_ID.appspot.com
We use API keys for Maps etc. and would like to restrict access to websites. For this, there's wild card allowed in API Credentials page (refer documentation) for ex:
https://*.example.com
however, it doesn't allow:
https://*-some-random-string.example.com
We would like to overcome this issue so we can restrict the keys to our PR builds only, how do we do this?
One option would be to have PR builds like:
https://VERSION_ID.PROJECT_ID.appspot.com
so we could use https://*.PROJECT_ID.appspot.com in API Credential restrictions, but I can't figure how to create PR builds as sub domains.
Any help would be much appreciated!

Answering my own question:
GCP does indeed allow patterns in URLs for Credentials:
*-some-random-string.example.com/*
The reason it wasn't working for us was something else, and not this capability.

Related

Terraform UI for non technical CLI users?

I currently have a server build process that uses Terraform and deploys a server all from code.
I'm looking for a web UI with forms that I could either populate specific fields and or do API get commands against a VCenter or wherever the server is being built to populate the specific fields. The fields that get populated would be stored as the variables.tf file and when someone hits submit, it would run the actual Terraform command terraform apply to build the server based on the variables. My guess is the terraform binaries would have to live on there so it could run in the background.
It doesn't have to be some super fancy web page, just something that I could potentially make look cool for Director level folks.
Also, I don't want to use TF enterprise, yet. I've looked into a couple of open source projects (atlantis and terrahub) but none seem to be what I'm looking for.
I'm far from a web developer so any help would be awesome.
You can try with SLD
Stack-Lifecycle-Deployment
I think it has everything that you need
It is very intuitive, it has a web interface and a rest api to easily integrate it with the rest of the applications.

CLI/SDK to create Google-cloud oAuth client

Is it possible to create an OAuth client (https://developers.google.com/identity/protocols/OAuth2) using a script (gcloud or any library)?
Google recommended way (https://developers.google.com/identity/protocols/OAuth2WebServer#creatingcred) is to manually create from https://console.developers.google.com/apis/credentials.
I have multiple apps with different url_redirects like https://a.domain.com, https://b.domain.com https://c.domain.com, https://d.domain.com, this subdomain list is large to manage manually.
I want to automate this process for my use case. I'm not able to find any library to do this.
Update: Endpoint used by GCP console https://clientauthconfig.clients6.google.com/v1/clients and there is related permission also "clientauthconfig.clients.create" but there is no API provided for it.
You would need API client to create new API client anyway. Is it really necessary for you to create it this way? You can rather create multiple "user" credentials for your application using only that one API client.
I think you are looking for something like this, hope Java is good for you.
I've also found the following relevant information that might help you. Link
Also relevant for you. Link
Let me know.

How to configure custom domain for Google Cloud Functions for rendering HTML

So I have deployed a Google Cloud Function to some place like this:
https://us-central1-my-project.cloudfunctions.net/my-function
I can successfully render a dynamic webpage like this:
https://us-central1-my-project.cloudfunctions.net/my-function?slug=foo
Now, I would like to put this behind a regular URL so it works like this:
https://my-domain.com/some-directory/foo
I would like for it to be https instead of http. And notice that I added some-directory above the foo slug, so there is a little bit of rewriting logic there.
So basically go from here to here:
https://us-central1-my-project.cloudfunctions.net/my-function?slug=foo
https://my-domain.com/some-directory/foo
The question is how to do this. Wondering if you could walk me through how to do it which I think would also help future googlers.
When I search "custom domain for google cloud function" I get this which is for "endpoints" or "openapi" or I don't know, but it doesn't quite seem related. However, I went ahead anyways and changed my DNS nameservers to match what they said:
A 198.51.100.0
A 198.51.100.2
A 198.51.100.4
A 198.51.100.6
AAAA 2001:db8:ffff:32::15
AAAA 2001:db8:ffff:34::15
AAAA 2001:db8:ffff:36::15
AAAA 2001:db8:ffff:38::15
But I am lost as to what to do next. The documentation for Google Cloud is nothing compared to AWS which is unfortunate.
This is as close to what I've found so far, but it's still not even close to getting it working. Maybe this is closer to what I want.
Actually, is possible using Endpoints for cloud functions:
https://cloud.google.com/endpoints/docs/openapi/get-started-cloud-functions
After you have running your API or function in Cloud Run you just need to do a mapping with your custom domain (https://cloud.google.com/run/docs/mapping-custom-domains) and redeploy the OpenApi specification with the new host.
This is not possible using Google Cloud Functions deployed in a GCP project.
Currently, the only way to map a custom domain to your HTTP/S triggered functions is by using Firebase Functions and Firebase Hosting.
After creating the custom domain, you can configure the domain to handle HTTPS/S triggered functions.

Whitelist a gcp project a gcloud alpha product

I want to use the new Gcloud Product: Cloud Tasks. It's currently in Alpha. To be able to use, i have to request whitelist of my project for this product. I cannot find a way to do this. Documentations are unspecific. They post a link to google support. But unless you have Silver or Gold support, you don't get any technical help. Meaning, if you have Bronze Level Support only, you get redirected to community sites like this.
My Question: How do i whitelist Cloud Tasks for my gcp project. Whom do i send such a request and how (email, specifiq form provided by gclou?)?
FOUND: https://docs.google.com/forms/d/1g6yRocQ3wtdTArfO4JX8DoqOhYmsoTVgrlFnS0mV1bo/viewform?edit_requested=true
Sadly and by mere luck i found this link in the issue section of GCP Repository on GitHub. There Should be a central place for these kind of products with links to whitelist, release schedules, etc.

jUDDI Installation and configuration

I have installed the basic jUDDI Server in my machine. I am able to Register the Service and able to read my Service info as a new user. I want to restrict the users who wants to look up my services. I want only my clients to access these information. I want to authenticate them so only my clients can view the business, service, tModel, Binding Template information. How can I achieve this? Can any body help me get through this?
Try turning on the setting the requires authentication for the inquiry API. You can find it in the juddiv3.xml config file for the server. Here's the xpath to get you there.
config/juddi/auth/Inquiry=true
Future readers, the documentation is located here for the current release (as of this time of this post)
https://juddi.apache.org/docs/3.3/juddi-guide/html/ch04.html#_administering_users_and_access_control
but the website https://juddi.apache.org/docs.html will get you to whatever is current. The docs (that website) is also available as part of the distribution and (i think) maven artifacts