无法执行Cloud Function触发HTTP触发的Cloud Function,它不允许未经身份验证的调用? [英] Unable to perform Cloud Function trigger a HTTP triggered Cloud Function that doesn't allow unauthenticated invocations?
问题描述
我遇到一种情况,我试图创建两个Cloud Function,即CF1和Amp; CF2和我有一个Cloud Scheduler.这两个云功能都启用了身份验证调用.我的流程是Cloud Scheduler将触发CF1. CF1完成后,CF1将触发CF2作为http调用.我已将无法从GCP Scheduler调用Google Cloud Function 引用给从Cloud Scheduler访问经过身份验证的CF1,并且能够访问CF1.但是从CF1访问CF2时出现问题. CF1不会触发CF2,也不会给出任何错误消息.从另一个经过身份验证的Cloud Function访问经过身份验证的Cloud Function时,是否需要遵循任何其他技术.
I have a situation where I am trying to create two Cloud Functions namely CF1 & CF2 and I have one Cloud Scheduler. Both cloud functions are having authenticated invocation enabled. My flow is Cloud Scheduler will trigger CF1. On completion of CF1, the CF1 will trigger CF2 as a http call. I have referred Cannot invoke Google Cloud Function from GCP Scheduler to access authenticated CF1 from Cloud Scheduler and able to access CF1. But I am getting problem when accessing CF2 from CF1. The CF1 does not trigger CF2 and also not giving any error message. Do we need to follow any other technique when accessing authenticated Cloud Function from another authenticated Cloud Function.
CF1代码:
import json
import logging
from requests_futures.sessions import FuturesSession
def main(request):
# To read parameter values from request (url arguments or Json body).
raw_request_data = request.data
string_request_data = raw_request_data.decode("utf-8")
request_json: dict = json.loads(string_request_data)
request_args = request.args
if request_json and 'cf2_endpoint' in request_json:
cf2_endpoint = request_json['cf2_endpoint']
elif request_args and 'cf2_endpoint' in request_args:
cf2_endpoint = request_args['cf2_endpoint']
else:
cf2_endpoint = 'Invalid endpoint for CF2'
logger = logging.getLogger('test')
try:
session = FuturesSession()
session.get("{}".format(cf2_endpoint))
logger.info("First cloud function executed successfully.")
except RuntimeError:
logger.error("Exception occurred {}".format(RuntimeError))
CF2代码:
import logging
def main(request):
logger = logging.getLogger('test')
logger.info("second cloud function executed successfully.")
当前输出日志:
First cloud function executed successfully.
预期的输出日志:
First cloud function executed successfully.
second cloud function executed successfully.
注意:如果我对这两个云功能使用未经身份验证的访问,则同样的流程也可以正常工作.
Note: Same flow is working if I use unauthenticated access to the both cloud functions.
推荐答案
Google Cloud Function提供 REST API接口包含 call 方法的内容,该方法可用于其他Cloud Function HTTP调用. 尽管文档使用Google提供的客户端库,但仍然没有一个用于Python上的Cloud Function.
Google Cloud Function provide REST API interface what include call method that can be used in another Cloud Function HTTP invokation. Although the documentation mention using Google-provided client libraries there is still non one for Cloud Function on Python.
相反,您需要使用常规的Google API客户端库. [这是python之一]. 3
And instead you need to use general Google API Client Libraries. [This is the python one].3
使用这种方法的主要困难可能是对身份验证过程的理解. 通常,您需要提供两件事来构建客户端服务: 凭据和范围.
Probably, the main difficulties while using this approach is an understanding of authentification process. Generally you need provide two things to build a client service: credentials ans scopes.
获取凭据的最简单方法是在应用程序默认凭据(ADC)库上进行中继.与此有关的最严格的文档是:
The simpliest way to get credentials is relay on Application Default Credentials (ADC) library. The rigth documentation about that are:
- https://cloud.google.com/docs/authentication/production
- https://github.com /googleapis/google-api-python-client/blob/master/docs/auth.md
- https://cloud.google.com/docs/authentication/production
- https://github.com/googleapis/google-api-python-client/blob/master/docs/auth.md
获取范围的地方是每个REST API函数文档页面. 就像 OAuth范围:https ://www.googleapis.com/auth/cloud-platform
The place where to get scopes is the each REST API function documentation page. Like, OAuth scope: https://www.googleapis.com/auth/cloud-platform
下面是调用'hello-world'clound功能的完整代码示例. 运行之前:
The complete code example of calling 'hello-world' clound fucntion is below. Before run:
- 在项目中的GCP上创建默认的Cloud Function.
- 保留并注意要使用的默认服务帐户
- 保留默认正文.
- 请注意 project_id ,功能名称,位置部署功能的位置.
- 如果您要在Cloud Function环境之外(例如在本地)调用函数,请根据上述文档设置环境变量GOOGLE_APPLICATION_CREDENTIALS
- 如果您实际上将从另一个Cloud Function调用,则完全不需要配置凭据.
- Notice the project_id, function name, location where you deploy function.
- If you will call function outside Cloud Function environment (locally for instance) setup the environment variable GOOGLE_APPLICATION_CREDENTIALS according the doc mentioned above
- If you will call actualy from another Cloud Function you don't need to configure credentials at all.
from googleapiclient.discovery import build
from googleapiclient.discovery_cache.base import Cache
import google.auth
import pprint as pp
def get_cloud_function_api_service():
class MemoryCache(Cache):
_CACHE = {}
def get(self, url):
return MemoryCache._CACHE.get(url)
def set(self, url, content):
MemoryCache._CACHE[url] = content
scopes = ['https://www.googleapis.com/auth/cloud-platform']
# If the environment variable GOOGLE_APPLICATION_CREDENTIALS is set,
# ADC uses the service account file that the variable points to.
#
# If the environment variable GOOGLE_APPLICATION_CREDENTIALS isn't set,
# ADC uses the default service account that Compute Engine, Google Kubernetes Engine, App Engine, Cloud Run,
# and Cloud Functions provide
#
# see more on https://cloud.google.com/docs/authentication/production
credentials, project_id = google.auth.default(scopes)
service = build('cloudfunctions', 'v1', credentials=credentials, cache=MemoryCache())
return service
google_api_service = get_cloud_function_api_service()
name = 'projects/{project_id}/locations/us-central1/functions/function-1'
body = {
'data': '{ "message": "It is awesome, you are develop on Stack Overflow language!"}' # json passed as a string
}
result_call = google_api_service.projects().locations().functions().call(name=name, body=body).execute()
pp.pprint(result_call)
# expected out out is:
# {'executionId': '3h4c8cb1kwe2', 'result': 'It is awesome, you are develop on Stack Overflow language!'}
这篇关于无法执行Cloud Function触发HTTP触发的Cloud Function,它不允许未经身份验证的调用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
