How to call Workflows via API Gateway Config? - google-cloud-functions

I've changed my approach and turned to what worked earlier. I configured an API gateway to call the Google Cloud Functions and it called them with the appropriate permissions when I passed in an api key. I think it's erroring when trying to call the workflow because I didn't specify a resource. Not sure exactly though... It looks like the API key is working, but the OAuth is failing. My OAuth is configured with a fresh connection since I've made the workflow. It's authenticated on my end, I clicked my account in google and everything. I'm 99.99% sure the OAuth is configured correctly. When I called the GCP function with the API Gateway, I didn't have to use OAuth.
Is OAuth a requirement for the Workflows API? Are there any work arounds?
How to specify the params for the Workflow in the API Gateway config?
Named Credential:
Label GoogleCloudFunction
Name GoogleCloudFunction
URL https://workflowexecutions.googleapis.com
Hide Section - AuthenticationAuthentication
Certificate
Identity Type Named Principal
Authentication Protocol OAuth 2.0
Authentication Provider GoogleCloudAuth
Scope https://www.googleapis.com/auth/cloud-platform
Authentication Status Authenticated
Log from API Gateway:
httpRequest: {
latency: "0.039s"
protocol: "http"
requestMethod: "POST"
requestSize: "1269"
requestUrl: "/create-site-tracker-site?key=HIDDEN"
responseSize: "743"
status: 401
}
insertId: "48330ec2-7114-4270-b465-68ae6308bdc34850908905639612439#a1"
jsonPayload: {
api_key: "HIDDEN"
api_key_state: "VERIFIED"
api_version: "1.0.0"
http_status_code: 401
location: "us-central1"
log_message: "1.create_site_tracker_site_0s5865srg8pbr_apigateway_quick_hangout_329722_cloud_goog.CreateSiteFunction is called"
response_code_detail: "via_upstream"
}
API Config
# openapi2-functions.yaml
swagger: '2.0'
info:
title: create-site-tracker-site with auth
description: Create Site in Site Tracker using JSForce
version: 1.0.0
schemes:
- https
produces:
- application/json
paths:
/create-site-tracker-site:
post:
summary: Create Site
operationId: createSiteFunction
x-google-backend:
address: https://workflowexecutions.googleapis.com/v1/projects/us-central1-quick-hangout-329722/locations/us-central1/workflows/create-site-and-project/executions
security:
- api_key: []
responses:
'200':
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"

Your HTTP request appears to include no "Authorization" header. Without this it is unlikely that you're call will succeed unless your Cloud Functions permit unauthenticated calls.
It's difficult to understand what you're doing because e.g. "works when I test it manually" is imprecise and provides little information about what you did. I assume (!?) you're using gcloud functions call which authenticates for you.
Please add more detail to your question include the commands that you tried and those that succeed and fail and include error messages.
The majority of Google's services are exposed as REST APIs and so you can invoke almost everything using simple HTTP commands.

Current work around is calling the workflow from a google cloud function, and then calling the function via API Gateway and passing a key. Gross but it works

Related

Self-Hosted Gateway of API Manager 404 error

Well I am having problems with the self-hosted gateway in an APIM.
I have followe this tutorials:
For create an Azure API Management service: https://learn.microsoft.com/en-us/azure/api-management/get-started-create-service-instance
For provisioning a self-hosted gateway: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-provision-self-hosted-gateway
For deploy it: https://learn.microsoft.com/en-us/azure/api-management/how-to-deploy-self-hosted-gateway-kubernetes
All go well and the self-hosted gateway is running, the LoadBalancer service is good and has an external IP... Even I have this green check:
However, when I visit the Gateway URL: https://apim-example.azure-api.net I got: { "statusCode": 404, "message": "Resource not found" } on the browser.
I dont know why, because I have a Hello world! API example deployed and asingned to the gateway and, if, insteal of make a GET on https://apim-example.azure-api.net/example/kenny, I make the GET using the public Load Balancer IP Of the self-hosted gateway (https://XX.XX.XX.XX/example/kenny) the API response a 200 OK.
Have anyone idea of how to solve this? A lot of thanks!
Following all the given Microsoft documentations, I have created an APIM Instance, Self-hosted Gateway in it and added the Kubernetes deployment in the Gateway:
Then I created the basic Http Trigger in the Azure Function App and imported it in the Azure APIM Instance by adding the Self-Hosted Gateway in the Settings of that API:
Note: For testing purpose, I have unchecked the "Subscription required" option.
However, when I visit the Gateway URL: https://apim-example.azure-api.netI got: { "statusCode": 404, "message": "Resource not found" } on the browser.
As given in this MS Doc, if we access the base URL without APIs, Response Status Code 404 will be displayed.
If API Name is passed to the Self-hosted gateway API of the APIM Instance, then the result is as expected:

How to call a Google Cloud Function from Google Cloud Scheduler when ingressSettings = ALLOW_INTERNAL_ONLY?

I have, in the same project, one HTTP Cloud Function and a Cloud Scheduler, that sends a POST request to this function.
I want to allow only requests from within the project to call the Function. However, when I set Ingress Settings to "Allow internal traffic only", the Cloud Scheduler gets "PERMISSION_DENIED"
Here is the error log (edited)
httpRequest: {
status: 403
}
insertId: "insert_id"
jsonPayload: {
#type: "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
jobName: "projects/project_name/locations/location/jobs/cloud_scheduler_job"
status: "PERMISSION_DENIED"
targetType: "HTTP"
url: "https://location-project_name.cloudfunctions.net/cloud_function_name"
}
logName: "projects/project_name/logs/cloudscheduler.googleapis.com%2Fexecutions"
receiveTimestamp: "2020-02-20T13:15:43.134508712Z"
resource: {
labels: {
job_id: "cloud_scheduler_name"
location: "location"
project_id: "project_id"
}
type: "cloud_scheduler_job"
}
severity: "ERROR"
timestamp: "2020-02-20T13:15:43.134508712Z"
}
Link to UI options for ingressSettings
According to the official documentation:
To use Cloud Scheduler your Cloud project must contain an App Engine
app that is located in one of the supported regions. If your project
does not have an App Engine app, you must create one.
Cloud Scheduler overview
Therefore find the location of your app engine application by running:
gcloud app describe
#check for the locationId: europe-west2
Then make sure that you deploy your cloud function with Ingress Settings to "Allow internal traffic only" to the same location as your app engine application.
I deployed a cloud function in the same region as my app engine application and everything worked as expected.
when you use the option "Allow internal traffic only" you need to use some kind of authentication within your Cloud Functions(to avoid this you can use the option "Allow all traffic").
please check the third comment provided in the link: https://serverfault.com/questions/1000987/trigger-google-cloud-functions-from-google-cloud-scheduler-with-private-network

Dialogflow authentication API v2 - HTTP POST

I´m using dialogflow with http request on a project that works in twilio, with the recent need of migration to v2 API of dialogflow the client access token will not work. Reading the new authentication, I generated the json following the instructions in the google cloud docs, but can´t make it works. Because I need to do all the interaction through POST requests to the dialogflow agent, does anyone know how I can generate the authentication token well?
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Thanks
This is the function code that today works to make the http request. The problem is that all the services are in Twilio and i dont have access to the server, for that I cant define the environment variable.
Twilio Function code
Twilio Fuctions uses NodeJs and allow me to install many npm modules, with the following limitation: "Native Packages Not Supported - Functions does not provide a C/C++ compliler required to complie native addon modules. This means modules that depend on node-gyp can not be installed to Functions."
I don´t know if this limitations affect service acount working to me in this case.

WSO2 Enterprise Integrator Unable to call deployed API

I am completely new to WSO2 and I am facing the problem described below.
After deploying the API (composite application *.car file) I am unable to invoke the services of the defined endpoints from WSO2 ESB.
The REST API I am trying to invoke is found deployed on a local tomcat installation, and is located at:
http://localhost:8080/CustomerInfoRestService/customers/
To retrieve a json customer object I would simply add the customer id, like so:
http://localhost:8080/CustomerInfoRestService/customers/2
All the services operations (Get, POST, PUT, DELETE) are tested and invoked successfully. For testing I used the tool 'PostMan'.
I created an ESB project using the WSO2 Integration Studio.
First I defined an endpoint with a URI Template of:
http://localhost:8080/CustomerInfoRestService/customers/{uri.var.custId}
Then I defined a REST API. The properties of the API Resource are as follows:
URL-Style: URI_Template
URI-Template: /customers/{custId}
Methods: GET
In the In-Sequence I added a log mediator, having:
Log Category: INFO
Log Level: CUSTOM
and I defined its message as:
Property Name: message
Property value type: LITERAL
Property Value: Welcome to Customer Service
Directly next to the log mediator is a 'Send' mediator, and I included the defined endpoint above.
Then I deploy the composite application as: right-click -> Export Composite Application Project.
I include both the API and and the endpoint in the generated *.car file.
Now to invoke an API request, I call the service using 'curl':
curl -v http://localhost:8280/CustomerInfoRestService/customers/2
and I get the response:
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8280 (#0)
> GET /CustomerInfoRestService/customers/2 HTTP/1.1
> Host: localhost:8280
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Thu, 13 Jun 2019 10:09:06 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
It seems not to be found (404 error)
I followed the WSO2 documentation, specifically the integration tutorial "Sending a Simple Message to a Service" to create this project, for reference it is found at:https://docs.wso2.com/display/EI650/Sending+a+Simple+Message+to+a+Service
Any help is greatly appreciated.
Thanks in advance,
Kind Regards,
This kind of response comes when the API is not deployed or active in the ESB. Did you deploy the car file you created? You did not mention that in your steps. Please make sure that you are able to see the API in the management console (Home -> Service Bus -> API).

Postman Oauth 2 callback url - Chrome App

I am using The Chrome App for Postman and I am setting up my Access Tokens using OAUTH2. When I fill out the form, I am using the following:
Auth Url: https://[MY_API_URL]/api/authorize
Access Token URL: https://[MY_API_URL]/api/request/token
Client ID: xxxxxxxxxxx
Client Secret: xxxxxxxxxx
Scope: blank
Grant Type: Authorization Code
The callback url in my outh server is set to "https://www.getpostman.com/oauth2/callback"
When I click Request Token, I am taken to the proper Authentication page. When I submit my credentials, a new Chrome tab opens up with a blank page with the url https://app.getpostman.com/oauth2/callback?code=xxxxxxxxxx
I expect that this is supposed to redirect to the app so it can perform the access token request. from the access token url, but nothing is happening. Is this not the right callback uri?
This is an old question and things have changed since.
Google deprecated Chrome Apps, so Postman had to deprecate their old Chrome App client too, and so the old redirection URL (https://www.postman.com/oauth2/callback) no longer works.
According to this, with the more recent versions of Postman, the new redirection URL is https://oauth.pstmn.io/v1/callback.
You have change your permission type. Use Client Credentials instead of Authorization
I also faced same problem.
Just change Grant Type: Authorization Code to Grant Type: Client Credentials.
It worked for me.
Certainly as mentioned in other comments, for client_credentials it would work but for the Implicit or Authorization Code, I used "https://app.getpostman.com/oauth2/callback" as the callback url and it worked. Also it need to be configured in the application settings in oauth provider.
I've been using this callback url:
https://getpostman.com/oauth2/callbackurl