I'm using a multi-container app service where my docker compose needs to retrieve one image from a public repository and another from a private repository, Azure's one
I noticed that if I set the token in configuration settings, its used in both requests, one to the public and one to the private repository.
Is there a way to specify which token gets used so we don't unnecessarily send tokens to public sites?
Related
I have a Firebase (node.js) cloud function that pulls in some data from my app's Firestore database and builds some static content for the web. I'd like that same cloud function to deploy the static content to Firebase hosting via the Firebase Hosting API, creating a static portion of my site with user generated content.
I understand the general flow thanks to the somewhat clear walkthrough, but am stuck on the first step: getting an access token to call the API. Obviously I'm not going to insecurely put my service account key in the cloud function itself, so the example in the walkthrough doesn't apply. And as I understand it, Firebase cloud functions are already associated with a service account, so presumably there's some way to get an access token to call other Google Cloud services from a cloud function.
So how do I get an access token to call the hosting API from a Cloud Function?
There are some red flags that make me think this isn't possible. For example, all of the uses cases in the walkthrough allude to other server environments, as opposed to Google Cloud environments. And yet, this use case is the third bullet in the use case list in the walkthrough.
I've searched extensively here and elsewhere for some guidance, but aren't finding anything. There are some older questions about accessing hosted files from a cloud function that aren't relevant. This promising question from 5 years ago about this exact use case only has dead ends.
You can use the google-auth-library package in Cloud Functions to a get a token as shown below:
import { GoogleAuth } from "google-auth-library";
const token = await new GoogleAuth({
scopes: ["https://www.googleapis.com/auth/cloud-platform"],
}).getAccessToken();
If you use Firebase Admin SDK in the Cloud Functions, then you can get an access token of the default service account as shown below (do ensure the service account has required permissions):
import { initializeApp } from "firebase-admin/app";
const admin = initializeApp();
const token = await admin.options.credential?.getAccessToken();
// ^ Google OAuth2 access token object used to authenticate with Firebase services.
I am using Google Cloud Tasks to create task and Firebase functions to handle it.
I can pass payload to my handler using body parameter
But i am not sure is it secure to pass private data using payload without encoding or better use some cipher?
Also I found this
In App Engine tasks, both the queue and the task handler run within the same Cloud project. Traffic is encrypted during transport and never leaves Google datacenters
but I'm not sure if it applies to this case
Thanks!
All depends what you put behind the word "secure".
Is your data encrypted at rest? Yes, even in Cloud Task (before triggering the task)
Is your data encrypted in transit? Yes, even when Cloud Task trigger your endpoint.
Can someone see the data of a task? Yes, if he has enough right, the user can perform a GET on the task and view its body data.
So, yes it's secure if you set the correct permission to the users. you can cipher the data, with Cloud KMS for example, if the Cloud Task data are private and you don't want that an Ops, that manage Cloud Task, accesses to the private data; but in this case, don't grant the user the permission on CLoud KMS.
Is it possible to create an add-on that can send off the contents of an email into a webservice? I see lots of documentation on add-ons interacting with external webservices and have been able to follow a simple demo about it, but there isn't much I can find about interacting with the emails itself.
I have an add-on in Outlook that grabs the email and sends it off to a webservice, but I want to replicate this in Gmail in some way.
Next, I would also like to know if it's possible to use a different web service based on the user. For example, if I were to deploy this same add-on for a coworker but they needed to send the email to the different service. Is there a configuration file somewhere that controls this?
Lastly, I was also interested in how Gmail add-ons store personalized information, as I feel like it would help clear things up. E.g. how the tasks add-on grabs the right ones for the currently logged in user and where they are stored.
I would be open to any other solutions to this issue.
Communicating with web service
You can use the UrlFetchApp class to connect to any target web service if it can be accessed via HTTP request. If you need to access different web services for different users, you can either do so via storing "user:url" property (see below) or by conditionally changing the URL according to effective user.
Determining the user
You can determine under whose authority the Add-on is running by using a Session class method getEffectiveUser() and getEmail() on the resulting user.
Storing personalized info
As for storing and fetching personalized information, there is a PropertiesService class you can use. Since you want to store info related to end users, you'll need to get a Properties class instance with access to user-specific properties via getUserProperties() method.
Useful links
Gmail Add-ons reference;
PropertiesService class reference;
Guide on PropertiesService usage;
UrlFetchApp class reference;
what does these methods Means in android studio in google map
1).OnMapReadyCallback
2). LocationListener
3). GoogleApiClient.ConnectionCallbacks
4). GoogleApiClient.OnConnectionFailedListener
from Android Developer docs:
LocationListener
public interface LocationListener
android.location.LocationListener
Used for receiving notifications from the LocationManager when the location has changed
it is just like using OnClickListener to detect a user's click, but it listens for changes in location. you can use it to perform a set of instruction when the user have localisation enabled and moves to another location.
GoogleApiClient is The main entry point for Google Play services integration, is what you use to connect the client (user, to the google play services
GoogleApiClient.OnConnectionFailedListener public static interface
GoogleApiClient.OnConnectionFailedListener Provides callbacks for
scenarios that result in a failed attempt to connect the client to the
service.
it is used to define what should happen (just a set of instructions), in case your attempt to connect to the google play services has failed
GoogleApiClient.ConnectionCallbacks public static interface GoogleApiClient.ConnectionCallbacks Provides callbacks that are
called when the client is connected or disconnected from the service
this is very similar to the previous one, but instead of defining what should be done when a the client fails to connect, it defines what should be done, when a connection to the google play services is successfully established, or if a disconnection with the services has been preformed.
as for the rest :
i got this information from the documentation,
i invite you to read it before posting, it contains all the information that you may need, and try to implement the methods your self to understand how they work
We have a client that is using WordPress as a website CMS.
They want to do the following:
Publish 2 types of entries (public and private)
Public entries are available on the web as normal
Private entries are only available via a private URL JSON feed which will be retrieved via in-app purchasing in an iPad app
How can this public/private scenario be accomplished with WordPress?
I believe these 2 URLs supply me with everything I need:
http://codex.wordpress.org/Content_Visibility
http://wordpress.org/extend/plugins/json-api/