Google Pub/Sub push subscription into IAP-protected App Engine

烈酒焚心 提交于 2020-01-15 01:50:05

问题


I am testing out a very basic Pub/Sub subscription. I have the push endpoint set to an App I have deployed through a Python Flex service in App Engine. The service is in a project with Identity-Aware Proxy enabled. The IAP is configured to allow through users authenticated with our domain.

I do not see any of the push requests being processed by my app.

I turned off the IAP protection and then I see that the requests are processed. I turn it back on and they are no longer processed.

I had similar issues with IAP when trying to get a Cron service running; that issue resolved itself after I deployed a new test app in the same project.

Has anyone had success with configuring a push subscription through IAP? I also experimented with putting different service accounts on the IAP access list and none of them worked.


回答1:


I'm not aware of a way to get Pub/Sub push subscriptions + Flex + IAP working. I wonder... it might work if the subscriber is on Standard.

Some other potential workarounds: - Switch to a Pull subscriber. - Set up a Cloud Functions function as your Pub/Sub subscriber -- https://cloud.google.com/functions/docs/writing/background -- and then in that function pass the request on to the GAE app, using https://cloud.google.com/iap/docs/authentication-howto to authenticate as a service account.

Sorry, I wish I had a better answer for you, but AFAIK those are the options that work today. --Matthew, IAP engineering lead



来源:https://stackoverflow.com/questions/46729915/google-pub-sub-push-subscription-into-iap-protected-app-engine

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!