GCP - 验证 PubSub 推送的云函数 https 端点的所有权 [英] GCP - Verify ownership of a cloud function https endpoint for a PubSub push

问题描述

很确定没有办法做到这一点，但如果有人有任何想法，请联系我们.

Pretty sure there's no way to do this but would be great to reach out to see if anyone else has any ideas.

我想要做的是:

• 我有 2 个作为云托管在 Google Cloud Platform 上的微服务功能
• 我的第一个微服务做了一些事情并触发了一个 PubSub主题为 [x] 的消息
• 我想将我的第二个微服务设置为将订阅者推送到主题 [x].我知道我可以通过部署来做到这一点带有订阅触发器的第二个云功能，但我不想要这样做是因为没有像样的方式来确认/拒绝消息(请参阅此帖子:Google Cloud Functions 仅适用于确认 Pub/Sub 成功).
• 因此，我将第二个函数部署为具有 HTTP 触发器.然后我试过了在 GCP 控制台中将推送订阅配置为此端点 URL.当然，这是行不通的，因为https://[cloud-subdomain].cloudfunctions.net/ 未经验证域.

• I have 2 microservices hosted on Google Cloud Platform as cloud functions
• My first microservices does stuff and fires a PubSub message with topic [x]
• I'd like to set my second microservice up as a push subscriber to the topic [x]. I know I can do this by deploying the 2nd cloud function with a subscription trigger but I don't want to do this as there's no decent way to acknowledge/reject the message (see this post: Google Cloud Functions to only Ack Pub/Sub on success).
• Therefore I've deployed my 2nd function as having a HTTP trigger. I've then tried to configure the push subscription in the GCP console to this endpoint URL. Of course, this isn't working because the https://[cloud-subdomain].cloudfunctions.net/ isn't a verified domain.

我想这是不可能做我想做的事，而是需要在应用引擎或其他地方创建我的第二个微服务，我可以验证域.

I guess it's just not possible to do what I'm trying to and instead need to create my 2nd microservice in app engine or elsewhere where i can verify a domain.

提前致谢！

推荐答案

使用 HTML 的站点验证标签方法

不仅仅是基于域注册商的验证，您还可以使用列出的任何方法来验证您的网站这里.我同意其中大部分不适用于 Cloud Functions，但可以在几分钟内使用 Cloud Functions 获得基于 HTML Tag 的验证.

Site Verification using HTML tag method

Not just domain registrar based verification, you can verify your site using any of the methods listed here. I agree most of these will not work with Cloud Functions, but it is possible to get HTML Tag based verification working in matter of minutes with Cloud functions.

您需要在 HTML 响应中的 body 属性之前添加给定的 meta 属性.

You will need to add the given meta attribute in the HTML response just before the body attribute.

示例:

<meta name="google-site-verification" content="VERIFICATION_TAG" />

此外，Google 会定期验证域(即使在最初成功之后)，因此只要您希望 URL 得到验证，您就必须继续返回此响应.

Also, Google verifies the domain periodically (even after initial success) and hence you will have to continue returning this response as long as you want to have the URL verified.

验证持续多长时间?

Google 会定期检查您的验证是否以某种方式有效适合您的验证方法(例如，通过检查您的网站上存在 HTML 标记).如果验证不能确认时间越长，您对该属性的权限将过期在一定的宽限期之后.

Google periodically checks if your verification is valid in a way appropriate to your verification method (for example, by checking for the presence of an HTML tag on your site). If verification can no longer be confirmed, your permissions on that property will expire after a certain grace period.

在您的云函数中实现重试机制

这与您链接的其他答案中解释的选项相同，并且 IMO 更简单.将 currentRetryAttempt 作为请求的一个参数，并在每次排队重试请求时递增此值，当您超时时递归返回到相同的函数.在排队新的重试请求之前，您需要根据 maxRetriesAllowed 值检查 currentRetryAttempt.

Implement retry mechanism within your Cloud function

This is same as the option explained in the other answer you linked, and IMO simpler. Take currentRetryAttempt as one parameter of the request and increment this value every time you queue up a retry request recursively back to the same function when you're timing out. You will need to check currentRetryAttempt against a maxRetriesAllowed value before queuing up a new retry request.

与前一个选项不同，它不会对来自您的 Cloud 函数的响应施加任何限制.

It does not impose any restrictions on the responses from your Cloud function unlike the previous option.

这篇关于GCP - 验证 PubSub 推送的云函数 https 端点的所有权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！