保护HTTP云功能 [英] Securing HTTP cloud function
问题描述
我已按照此教程创建了可公开访问的HTTP云功能.我想用一个简单的API密钥来保护它-可以吗?
I have followed this tutorial to create a publicly accessible HTTP cloud function. I want to secure this, ideally with a simple API Key - is this possible?
关于安全性的文档似乎没有涵盖如何限制行为,尽管提到您可以...
The documentation on securing doesn't seem to cover how to restrict the behaviour, although mentions that you can...
推荐答案
我想用一个简单的API密钥来保护它-可以吗?
I want to secure this, ideally with a simple API Key - is this possible?
Yes, securing an HTTP function is possible, however, API keys aren't as secure as the other authentication methods.
Nevertheless, if you prefer to secure your function using the API keys, you'll need to deploy a Cloud Endpoints proxy and configure your securityDefinitions to enable API key validation.
有关安全性的文档似乎并未涵盖如何限制行为
The documentation on securing doesn't seem to cover how to restrict the behaviour
默认情况下,任何用户或服务都可以调用HTTP函数.但是,您可以配置Cloud 身份和访问管理(IAM) 限制您的HTTP行为.这样,您可以启用仅在请求中提供身份验证凭据时调用HTTP函数的功能.
By default, any user or service can invoke an HTTP function. However, you can configure Cloud Identity and Access Management (IAM) on your HTTP function to restrict this behavior. By doing that, you can enable your HTTP function to be invoked only when authentication credentials are provided in the request.
如上述文档所述,您可以转到 Google Cloud Platform控制台,然后从控制台"菜单移至 Cloud Functions .在那里,您将看到项目中具有的功能:
As the mentioned documentation states, you can go to the Google Cloud Platform Console and move to Cloud Functions from the Console menu. There, you will see the functions that you have in your project:
- 在右上角,您将看到一个字段"显示信息面板"-请选择它.选择适当的功能后,您将可以在此处看到权限标签.
- 通过使用"添加成员"字段,您将能够输入一个或多个需要访问您的功能的身份.从下拉菜单中选择角色后,您就可以添加新成员.
- In the top right corner, you will see a field "Show Info Panel" - please select it. After selecting the appropriate function, you will be able to see there the Permissions tab.
- By using the "Add members" field, you will be able to enter one or more identities that need access to your function. Once you select a role from the drop-down menu, you’ll be able to add a new member.
同一篇文章还介绍了如何 删除 从功能权限中获取现有成员.
The same article also explains how to remove the existing members from function’s permissions.
在这里 有关用户访问控制以及可用角色的更多信息.
Here you can find more information on access control for users along with available roles.
这篇关于保护HTTP云功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
