Google 云 API 使用 Firebase 云函数的域映射
Google Cloud API DomainMapping using Firebase Cloud Functions
我正在尝试使用 Firebase Cloud Functions 以编程方式将域映射添加到服务。到目前为止,在发送 POST 请求并收到 200 成功时,能够获得正确的 json 字段格式。这是正文 request/response:
要求:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "subdomain.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
}
响应:
{ apiVersion: 'domains.cloudrun.com/v1',
kind: 'DomainMapping',
metadata:
{ name: 'subdomain.example.com',
namespace: '123456789',
selfLink: '/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com',
uid: 'eiv0wr9f-8afec-47fdsf-fdsdc-fjosf0fne78',
resourceVersion: 'FFFJKA+F32',
generation: 1,
creationTimestamp: '2019-11-23T21:07:49.167253Z',
labels: { 'cloud.googleapis.com/location': 'us-central1' },
annotations:
{ 'serving.knative.dev/creator': 'project-id@appspot.gserviceaccount.com',
'serving.knative.dev/lastModifier': 'project-id@appspot.gserviceaccount.com' } },
spec: { routeName: 'service-name' },
status: {} }"
检查 DomainMapping 的状态时,响应消息包含 "Caller is not authorized to administer the domain ",即使域已通过 google 个域验证。这是 IAM 问题还是其他问题?任何见解都会有所帮助。
以下是请求域映射状态时的完整响应:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"name": "subdomain.example.com",
"namespace": "123456789",
"selfLink": "/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com",
"uid": "fdns0fs5-8fw-437f-1514c-n89fwnnav0n",
"resourceVersion": "gn902fnfjd",
"generation": 1,
"creationTimestamp": "2019-11-23T21:07:49.167253Z",
"labels": {
"cloud.googleapis.com/location": "us-central1"
},
"annotations": {
"serving.knative.dev/creator": "project-id@appspot.gserviceaccount.com",
"serving.knative.dev/lastModifier": "project-id@appspot.gserviceaccount.com"
}
},
"spec": {
"routeName": "service-name"
},
"status": {
"conditions": [
{
"type": "Ready",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'subdomain.example.com'. If you own 'subdomain.example.com', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "CertificateProvisioned",
"status": "False",
"reason": "PermissionDenied",
"message": "Certificate will not be provisioned unless the domain is made routable.",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "DomainRoutable",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app'. If you own 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "Retry",
"status": "True",
"reason": "FailedUnknown",
"message": "System will retry after 0:59:59 from lastTransitionTime for attempt 7.",
"lastTransitionTime": "2019-11-23T23:18:06.067Z",
"severity": "Info"
}
],
"observedGeneration": 1
}
}
感谢@JohnHandley 的帮助,我能够使用 google sdk cdi 上的 --log-http 标志找出提交格式并生成请求:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "domainMapping.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
};
请确保您还将服务帐户添加到您正在映射的域的 google.com/webmasters/verification/home 的已验证所有者列表中。
我正在尝试使用 Firebase Cloud Functions 以编程方式将域映射添加到服务。到目前为止,在发送 POST 请求并收到 200 成功时,能够获得正确的 json 字段格式。这是正文 request/response:
要求:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "subdomain.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
}
响应:
{ apiVersion: 'domains.cloudrun.com/v1',
kind: 'DomainMapping',
metadata:
{ name: 'subdomain.example.com',
namespace: '123456789',
selfLink: '/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com',
uid: 'eiv0wr9f-8afec-47fdsf-fdsdc-fjosf0fne78',
resourceVersion: 'FFFJKA+F32',
generation: 1,
creationTimestamp: '2019-11-23T21:07:49.167253Z',
labels: { 'cloud.googleapis.com/location': 'us-central1' },
annotations:
{ 'serving.knative.dev/creator': 'project-id@appspot.gserviceaccount.com',
'serving.knative.dev/lastModifier': 'project-id@appspot.gserviceaccount.com' } },
spec: { routeName: 'service-name' },
status: {} }"
检查 DomainMapping 的状态时,响应消息包含 "Caller is not authorized to administer the domain ",即使域已通过 google 个域验证。这是 IAM 问题还是其他问题?任何见解都会有所帮助。
以下是请求域映射状态时的完整响应:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"name": "subdomain.example.com",
"namespace": "123456789",
"selfLink": "/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com",
"uid": "fdns0fs5-8fw-437f-1514c-n89fwnnav0n",
"resourceVersion": "gn902fnfjd",
"generation": 1,
"creationTimestamp": "2019-11-23T21:07:49.167253Z",
"labels": {
"cloud.googleapis.com/location": "us-central1"
},
"annotations": {
"serving.knative.dev/creator": "project-id@appspot.gserviceaccount.com",
"serving.knative.dev/lastModifier": "project-id@appspot.gserviceaccount.com"
}
},
"spec": {
"routeName": "service-name"
},
"status": {
"conditions": [
{
"type": "Ready",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'subdomain.example.com'. If you own 'subdomain.example.com', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "CertificateProvisioned",
"status": "False",
"reason": "PermissionDenied",
"message": "Certificate will not be provisioned unless the domain is made routable.",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "DomainRoutable",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app'. If you own 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "Retry",
"status": "True",
"reason": "FailedUnknown",
"message": "System will retry after 0:59:59 from lastTransitionTime for attempt 7.",
"lastTransitionTime": "2019-11-23T23:18:06.067Z",
"severity": "Info"
}
],
"observedGeneration": 1
}
}
感谢@JohnHandley 的帮助,我能够使用 google sdk cdi 上的 --log-http 标志找出提交格式并生成请求:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "domainMapping.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
};
请确保您还将服务帐户添加到您正在映射的域的 google.com/webmasters/verification/home 的已验证所有者列表中。