will google cloud functions 'always' be available via http? - google-cloud-functions

Maybe a strange question, but how long will google support http on cloud functions. Be default the https version of a cloud function will be used ofcourse.
But some IoT devices aren't able to create a secure connection and can only send (already encrypted) data straight to an IP addresses or http urls.
A static IP address pointing to a cloud function is not supported, but I do can send GET requests to the http version of a cloud function endpoint.
The only big thing is: If Google will ever redirect http to https, data will not come in anymore.
Regards, Peter

Your question seems to be asking about the future of Cloud Functions. There is no public roadmap for the development of Cloud Functions, so it's not really possible to say with certainty whether or not HTTP support will ever go away. I suggest contacting Google Cloud support directly if you need a more definitive answer.

Related

Can i use proxy server to redirect POST request to API?

I wrote a web application on Google app script and it works, but for implementation I need to get an API key, to get it I need a white list of ip addresses, unfortunately the
UrlFetchApp.fetch
command has too wide a range of them.
I don't know how to solve this problem maybe you can use a proxy server?
Or if you now how i can use Google cloud for get static ip for my app csript or general static ip for app script

To authenticate the client that invokes Google cloud function in Java

I have a google cloud function in Java.
Client will invoke the function using HTTP trigger URL.
But that is not secure. I have gone through some docs saying that you should pass a token or client ID and then verify it in server side.
Can anyone explain that in detail and please provide a code example if any.
My doubt is to authenticate the client while they invoke the function using Http trigger
This page explains quite well all the capacity that you have to authenticate a requester on Cloud Functions.
If you have users, the best way is to use Firebase Auth (our Google Cloud Identity Platform which is simply a more advance solution than Firebase Auth with more features)
However, you need to grant all you user with cloudfunction.invoker role, to allow them to invoke the Cloud Functions. It could be difficult. You can also perform the check on your side, but in this case you remove the security (filter) layer of google and you have to check all the traffic by yourselves (not really safe, in term of billing and in case of attack).
The latest solution, API keys, is not recommended, especially for the users. But for machine to machine it's sometime the only solution. However, there isn't out of the box solution and for this I wrote an article, that explains how to create a Cloud Endpoint (or now a Cloud API Gateway which is the serverless solution of Cloud Endpoint with ESPv2) to accept API Keys.
With this latest solution, if you change your security definition, you can also accept OAuth2 tokens coming from Firebase Auth (or Cloud Identity Platform), but this time, you don't need to grant all the users on your Cloud Functions IAM role. The token only need to be valid and it's the Cloud Endpoint service account which is used to perform the call (and thus which needs to be authorized on the Cloud Functions).
In addition, because you can accept OAuth2 token, you can also accept non Google token, and thus have your users in any IDP OAuth2 compliant (KeyCloak, Okta,...)
You could use external OAuth server like keycloack (https://github.com/keycloak/keycloak), or use somethging like Json Web Tokens -- https://jwt.io/ -- available for various languages, siutable for microservices.

What is the correct way to protect Google API key for Places service?

First of all I want to use Google Places API for autocomplete. I have created API key and it works fine. I make api calls from client so I need to protect or restrict it. I tried to use HTTP restriction, but it doesn't work with Places API. There are recommendation in the docs to use IP restriction but it requires that some proxy server to make api calls. So which way is right? Do I need proxy server with IP restriction to make api calls? Or is there some way to make secure api calls from client?
Normally, when you are calling the requests from the Client-Side, it should be restricted via HTTP referrers, and IP address restrictions are used when you are calling the requests from the server-side which has a static IP address. If you're calling from the Client-Side and your HTTP restrictions are not working, it will be best to file a support case via https://console.cloud.google.com/google/maps-apis/support in order to open personalized communication channel as this must be an isolated case and might have something to do with your configuration in your GCP console.
I would also recommend to check the sample HTTP restriction below:
example.com
*.example.com
These two will allow your API key to be used in all subdomains and paths in your website.

Google Cloud function send call to app hosted on GKE

I would like to load data to my db hosted on GKE, using cloud function (small ETL needs, Cloud function would be great for that case)
I'm working in the same region. my GKE has an internal load balancer exposing an gcloud internal IP.
the method called is working perfectly when it's from Appengine but when doing it with cloud function I have an connexion error : "can't find client at IP"
I would like to know if it is possible ?
if so, what would be the procedure ?
Many thanks !!
Gab
We just released this feature to Beta. You can get started by following our docs:
https://cloud.google.com/functions/docs/connecting-vpc https://cloud.google.com/appengine/docs/standard/python/connecting-vpc
https://cloud.google.com/vpc/docs/configure-serverless-vpc-access
This is not currently possible as of today.
https://issuetracker.google.com/issues/36859738
Thanks for your feedback.
You are totally right. At the moment the instances are only able to receive such requests via the external IP [1].
I have filed a feature request in your behalf so that this functionality might be considered for future deployments. I cannot guarantee this will be implemented or provide an E.T.A. Nevertheless, rest assured that your feedback is always seriously taken.
We also reached out to our Google Cloud representative who confirmed this was a highly requested feature that was being looked at but was unable to provide an ETA as when it would be released.

CORS for Google Places API

I am designing a geo-location based application and facing the next issues:
Having the location of the user at the moment I simply need to send request to google Places API to get the related establishments using:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=30.26989954982109,-97.73595370200533&radius=100&types=bar&key=myAPIKey
I hate to admit, but it is my first time I face the Cross-Origin-Resource-Sharing and most of the things that are published here regarding CORS don't make sense to me, also the documentation for the API is not very helpful to me since it lacks examples. I would greatly appreciate if anyone could give a descend step-by step explanation how to send requests across domains to retrieve JSON.
At the time of this writing Google Places API does not seem to support CORS. A work around is to enable proxy in your web server. For example, in ngnix, create a new location:
location /maps/ {
proxy_pass https://maps.googleapis.com/maps/;
}
Then, instead of sending an XmlHttpRequest to Google API, send it to your own web server.