GCP - 验证PubSub推送的云端功能https端点的所有权 [英] GCP - Verify ownership of a cloud function https endpoint for a PubSub push
问题描述
我正在试图做的是如何做到这一点,但我们很高兴看到其他人是否有任何想法。这个:
- 我在Google Cloud Platform上托管了2个微服务作为云
函数 - 我的第一个微服务做了一些事情并且激发了一个带有主题[x]的PubSub
消息 - 我想将我的第二个微服务设置为
推送订户主题[x]。我知道我可以通过使用订阅触发器部署
第二个云功能来做到这一点,但我不希望
这样做,因为没有体面的方式来确认/拒绝消息
(请参阅这篇文章: Google云端函数仅适用于Ack Pub /分成功)。 - 因此我将第二个函数部署为具有HTTP触发器。然后,我尝试
将GCP控制台中的推送订阅配置到
端点URL。当然,这不起作用,因为
https:// [cloud-subdomain] .cloudfunctions.net / 不是经过验证的
域名。
我想这是不可能的做我想要的,而是需要创建我的第二个微服务在应用程序引擎或其他地方我可以验证一个域名。
预先感谢!
使用HTML标记方法的网站验证
不仅仅是基于域名注册商的验证,您可以使用列出的任何方法验证您的网站这里。我同意其中大部分这些功能都不适用于云端功能,但可以通过云端功能在几分钟内完成基于HTML标签的验证。
您需要在body属性之前的HTML响应中添加给定的 meta 属性。
示例:
< meta name =google-site-verification content =VERIFICATION_TAG/>
另外,Google会定期验证域名(即使初始成功后),因此您必须继续返回只要您希望验证网址即可。
验证持续多久?
Google会定期检查您的验证是否符合您验证方法的
(例如,通过检查
是否存在HTML标记在您的网站上)。如果验证无法再确认
,那么您对该财产的许可将在特定的宽限期过后到期
。
< h2> 在您的云端功能中实施重试机制
这是与链接的其他答案中介绍的选项相同,IMO更简单。将 currentRetryAttempt 作为请求的一个参数,并在每次将递归重试请求排队回到同一个函数时增加此值。在排队新的重试请求之前,您需要检查 currentRetryAttempt 与 maxRetriesAllowed 值。
与以前的选项不同,它不会对您的云端函数的响应施加任何限制。
Pretty sure there's no way to do this but would be great to reach out to see if anyone else has any ideas.
What I'm trying to do is this:
- I have 2 microservices hosted on Google Cloud Platform as cloud functions
- My first microservices does stuff and fires a PubSub message with topic [x]
- I'd like to set my second microservice up as a push subscriber to the topic [x]. I know I can do this by deploying the 2nd cloud function with a subscription trigger but I don't want to do this as there's no decent way to acknowledge/reject the message (see this post: Google Cloud Functions to only Ack Pub/Sub on success).
- Therefore I've deployed my 2nd function as having a HTTP trigger. I've then tried to configure the push subscription in the GCP console to this endpoint URL. Of course, this isn't working because the https://[cloud-subdomain].cloudfunctions.net/ isn't a verified domain.
I guess it's just not possible to do what I'm trying to and instead need to create my 2nd microservice in app engine or elsewhere where i can verify a domain.
Thanks in advance!
Site Verification using HTML tag method
Not just domain registrar based verification, you can verify your site using any of the methods listed here. I agree most of these will not work with Cloud Functions, but it is possible to get HTML Tag based verification working in matter of minutes with Cloud functions.
You will need to add the given meta attribute in the HTML response just before the body attribute.
Example:
<meta name="google-site-verification" content="VERIFICATION_TAG" />
Also, Google verifies the domain periodically (even after initial success) and hence you will have to continue returning this response as long as you want to have the URL verified.
How long does verification last?
Google periodically checks if your verification is valid in a way appropriate to your verification method (for example, by checking for the presence of an HTML tag on your site). If verification can no longer be confirmed, your permissions on that property will expire after a certain grace period.
Implement retry mechanism within your Cloud function
This is same as the option explained in the other answer you linked, and IMO simpler. Take currentRetryAttempt as one parameter of the request and increment this value every time you queue up a retry request recursively back to the same function when you're timing out. You will need to check currentRetryAttempt against a maxRetriesAllowed value before queuing up a new retry request.
It does not impose any restrictions on the responses from your Cloud function unlike the previous option.
这篇关于GCP - 验证PubSub推送的云端功能https端点的所有权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
