从Java调用Google Cloud Run [英] Invoke a Google Cloud Run from java
问题描述
我想从外部应用程序调用Cloud Run.外部应用程序用Kotlin(java)编写,并在JDK 11 JVM上运行.它使用服务帐户进行身份验证
I want to invoke a Cloud Run from an external application. The external application is written in Kotlin (java) and run on the JDK 11 JVM. It authenticates using a service account
ServiceAccountCredentials.fromStream(serviceAccount).createScoped("https://www.googleapis.com/auth/cloud-platform")
其中服务帐户是有效的JSON文件.我已经测试了在Google云控制台内调用服务帐户运行的云的权限.
where the service account is is a valid JSON file. I have tested the permissions to invoke a cloud run for the service account inside the google cloud console.
我还没有找到官方的API,所以我使用了Google的GoogleNetHttpTransport来运行HTTP发布请求.为了调用云运行,我尝试使用 HttpCredentialsAdapter
I have not found an official API so I used google's GoogleNetHttpTransport to run an HTTP post request. To invoke the cloud run I have tried to use the HttpCredentialsAdapter
transport.createRequestFactory(HttpCredentialsAdapter(googleCredentials))
.buildPostRequest(GenericUrl(url), JsonHttpContent(JacksonFactory(), data))
我尝试直接使用访问令牌
val headers = HttpHeaders()
googleCredentials.refreshIfExpired()
headers.authorization = "Bearer " + googleCredentials.accessToken.tokenValue
postRequest.headers = headers
而且我尝试使用喷气机服务帐户并使用 jwt请求元数据
And I have tried to use a jet service account and use the jwt request metadata
val headers = HttpHeaders()
jwtCredentials = ServiceAccountJwtAccessCredentials.fromStream(serviceAccount)
jwtCredentials.getRequestMetadata(URI(url)).forEach {
headers.set(it.key, it.value)
}
postRequest.headers = headers
在所有这些情况下,它都会返回此错误
In all these cases it returns this error
[20:35:00 WARN]: Exception in thread "TestThread" com.google.api.client.http.HttpResponseException: 401 Unauthorized
[20:35:00 WARN]: at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1113)
[20:35:00 WARN]: at ***.CloudRun$invoke$3.invokeSuspend(CloudRun.kt:34)
[20:35:00 WARN]: at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
[20:35:00 WARN]: at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
[20:35:00 WARN]: at java.base/java.lang.Thread.run(Thread.java:834)
感谢您的提前支持
推荐答案
我花了一些时间在OAuth2 Java库上,问题出在下面.类 ServiceAccountCredentials
添加一个 AccessToken
作为授权,而类 ServiceAccountJwtAccessCredentials
添加一个自签名 identity令牌
.
I spent time on the OAuth2 Java library and the problem is the following. The class ServiceAccountCredentials
add an AccessToken
as authorization, and the class ServiceAccountJwtAccessCredentials
add a self-signed identity token
.
我会更深入地介绍它,但是现在您可以手动设置标题
I will go deeper into it, but for now you can set the header manually
String myUri = "https://.....";
Credentials credentials = ServiceAccountCredentials
.fromStream(resourceLoader.getResource("classpath:./key.json")
.getInputStream()).createScoped("https://www.googleapis.com/auth/cloud-platform");
String token = ((IdTokenProvider)credentials).idTokenWithAudience(myUri, Collections.EMPTY_LIST).getTokenValue();
HttpRequestFactory factory = new NetHttpTransport().createRequestFactory();
HttpRequest request = factory.buildGetRequest(new GenericUrl(myUri));
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization","Bearer " + token);
request.setHeaders(headers);
HttpResponse httpResponse = request.execute();
System.out.println(CharStreams.toString(new InputStreamReader(httpResponse.getContent(), Charsets.UTF_8)));
片段在这里,但不能一起工作.
The pieces are here, but not work together.
编辑
在GitHub上进行了一些交流之后,谷歌为我提供了解决方案.现在,将自动为标头提供一个经过签名的ID令牌
After some exchange on GitHub, a Google provide me the solution. Now the header is automatically provisioned with a signed id Token
Credentials credentials = ServiceAccountCredentials
.fromStream(resourceLoader.getResource("classpath:./key.json")
.getInputStream()).createScoped("https://www.googleapis.com/auth/cloud-platform");
IdTokenCredentials idTokenCredentials = IdTokenCredentials.newBuilder()
.setIdTokenProvider((ServiceAccountCredentials)credentials)
.setTargetAudience(myUri).build();
HttpRequestFactory factory = new NetHttpTransport().createRequestFactory(new HttpCredentialsAdapter(idTokenCredentials));
HttpRequest request = factory.buildGetRequest(new GenericUrl(myUri));
HttpResponse httpResponse = request.execute();
System.out.println(CharStreams.toString(new InputStreamReader(httpResponse.getContent(), Charsets.UTF_8)));
这篇关于从Java调用Google Cloud Run的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!