我正在尝试使用集成了 firebase jwt auth 的 gcp Api 网关来保护多个云运行服务的安全。我首先尝试使用以下架构仅保护一个 API,一切顺利:
# openapi2-run.yaml
swagger: '2.0'
info:
title: memsy-gateway
description: Sample API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
consumes:
- application/json
produces:
- application/json
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app
securityDefinitions:
jwt_auth:
authorizationUrl: ''
flow: 'implicit'
type: 'oauth2'
x-google-issuer: 'https://securetoken.google.com/the-journey-method'
x-google-jwks_uri: 'https://www.googleapis.com/service_accounts/v1/metadata/x509/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="087b6d6b7d7a6d7c67636d66487b717b7c6d65266f7b6d7a7e616b6d696b6b677d667c266b6765" rel="noreferrer noopener nofollow">[email protected]</a>'
x-google-audiences: 'the-journey-method, https://mnemonic-api-staging-ue.a.run.app'
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
parameters:
- in: body
name: input
description: string to process
schema:
$ref: '#/definitions/InputString'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors
responses:
'200':
description: Success
definitions:
InputString:
type: object
properties:
input:
type: string
title:
type: string
required:
- input
- title
然后,我尝试使用以下架构来保护两个服务,但现在在配置中的路径上收到 404 错误。我还可以通过云运行 URL 访问后端,无需任何 jwt token ,所以我想知道我的配置出了什么问题?
# openapi2-run.yaml
swagger: '2.0'
info:
title: memsy-gateway
description: Sample API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
consumes:
- application/json
produces:
- application/json
securityDefinitions:
jwt_auth:
authorizationUrl: ''
flow: 'implicit'
type: 'oauth2'
x-google-issuer: 'https://securetoken.google.com/the-journey-method'
x-google-jwks_uri: 'https://www.googleapis.com/service_accounts/v1/metadata/x509/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e3908680969186978c88868da3909a9097868ecd84908691958a80868280808c968d97cd808c8e" rel="noreferrer noopener nofollow">[email protected]</a>'
x-google-audiences: 'the-journey-method, https://mnemonic-api-staging-ue.a.run.app, https://backend-dql-flask-uc.a.run.app'
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app
parameters:
- in: body
name: input
description: string to process
schema:
$ref: '#/definitions/InputString'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors
responses:
'200':
description: Success
/dql/deleteFolder:
post:
security:
- jwt_auth: []
summary: Dql
operationId: deleteFolder
x-google-backend:
address: https://backend-dql-flask-uc.a.run.app
parameters:
- in: body
name: input
description: user and id strings
schema:
$ref: '#/definitions/Dql'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors-dql
responses:
'200':
description: Success
definitions:
InputString:
type: object
properties:
input:
type: string
title:
type: string
required:
- input
- title
Dql:
type: object
properties:
user:
type: string
id:
type: string
required:
- user
- id
最佳答案
老实说,文档并不清楚 - 经过反复试验,我可以通过将 openapi 定义上的路径与我的网络服务器路由器中的路径匹配来使其工作,而不是只给 openapi 定义主机,例如:
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app/mnemonic-api
关于google-cloud-platform - 404 错误 GCP API 网关多个云运行后端,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68975411/