404 错误 GCP API 网关多个云 运行 后端
404 errors GCP API gateway multiple cloud run backends
我正在尝试使用集成了 firebase jwt 身份验证的 gcp Api 网关来保护多个云 运行 服务。我首先尝试使用以下架构保护一个 API 并且一切顺利:
# openapi2-run.yaml
swagger: '2.0'
info:
title: memsy-gateway
description: Sample API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
consumes:
- application/json
produces:
- application/json
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app
securityDefinitions:
jwt_auth:
authorizationUrl: ''
flow: 'implicit'
type: 'oauth2'
x-google-issuer: 'https://securetoken.google.com/the-journey-method'
x-google-jwks_uri: 'https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com'
x-google-audiences: 'the-journey-method, https://mnemonic-api-staging-ue.a.run.app'
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
parameters:
- in: body
name: input
description: string to process
schema:
$ref: '#/definitions/InputString'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors
responses:
'200':
description: Success
definitions:
InputString:
type: object
properties:
input:
type: string
title:
type: string
required:
- input
- title
然后我尝试使用以下模式保护两项服务,但现在在配置中的路径上出现 404 错误。我还可以通过他们的云 运行 url 访问后端,而无需任何 jwt 令牌,所以我想知道我的配置有什么问题?
# openapi2-run.yaml
swagger: '2.0'
info:
title: memsy-gateway
description: Sample API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
consumes:
- application/json
produces:
- application/json
securityDefinitions:
jwt_auth:
authorizationUrl: ''
flow: 'implicit'
type: 'oauth2'
x-google-issuer: 'https://securetoken.google.com/the-journey-method'
x-google-jwks_uri: 'https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com'
x-google-audiences: 'the-journey-method, https://mnemonic-api-staging-ue.a.run.app, https://backend-dql-flask-uc.a.run.app'
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app
parameters:
- in: body
name: input
description: string to process
schema:
$ref: '#/definitions/InputString'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors
responses:
'200':
description: Success
/dql/deleteFolder:
post:
security:
- jwt_auth: []
summary: Dql
operationId: deleteFolder
x-google-backend:
address: https://backend-dql-flask-uc.a.run.app
parameters:
- in: body
name: input
description: user and id strings
schema:
$ref: '#/definitions/Dql'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors-dql
responses:
'200':
description: Success
definitions:
InputString:
type: object
properties:
input:
type: string
title:
type: string
required:
- input
- title
Dql:
type: object
properties:
user:
type: string
id:
type: string
required:
- user
- id
老实说,文档并不清楚——通过反复试验,我可以通过将 openapi 定义上的路径与我的网络服务器路由器中的路径相匹配来使其工作,而不是只给 openapi 定义主机,例如:
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app/mnemonic-api
我正在尝试使用集成了 firebase jwt 身份验证的 gcp Api 网关来保护多个云 运行 服务。我首先尝试使用以下架构保护一个 API 并且一切顺利:
# openapi2-run.yaml
swagger: '2.0'
info:
title: memsy-gateway
description: Sample API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
consumes:
- application/json
produces:
- application/json
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app
securityDefinitions:
jwt_auth:
authorizationUrl: ''
flow: 'implicit'
type: 'oauth2'
x-google-issuer: 'https://securetoken.google.com/the-journey-method'
x-google-jwks_uri: 'https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com'
x-google-audiences: 'the-journey-method, https://mnemonic-api-staging-ue.a.run.app'
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
parameters:
- in: body
name: input
description: string to process
schema:
$ref: '#/definitions/InputString'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors
responses:
'200':
description: Success
definitions:
InputString:
type: object
properties:
input:
type: string
title:
type: string
required:
- input
- title
然后我尝试使用以下模式保护两项服务,但现在在配置中的路径上出现 404 错误。我还可以通过他们的云 运行 url 访问后端,而无需任何 jwt 令牌,所以我想知道我的配置有什么问题?
# openapi2-run.yaml
swagger: '2.0'
info:
title: memsy-gateway
description: Sample API on API Gateway with a Cloud Run backend
version: 1.0.0
schemes:
- https
consumes:
- application/json
produces:
- application/json
securityDefinitions:
jwt_auth:
authorizationUrl: ''
flow: 'implicit'
type: 'oauth2'
x-google-issuer: 'https://securetoken.google.com/the-journey-method'
x-google-jwks_uri: 'https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com'
x-google-audiences: 'the-journey-method, https://mnemonic-api-staging-ue.a.run.app, https://backend-dql-flask-uc.a.run.app'
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app
parameters:
- in: body
name: input
description: string to process
schema:
$ref: '#/definitions/InputString'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors
responses:
'200':
description: Success
/dql/deleteFolder:
post:
security:
- jwt_auth: []
summary: Dql
operationId: deleteFolder
x-google-backend:
address: https://backend-dql-flask-uc.a.run.app
parameters:
- in: body
name: input
description: user and id strings
schema:
$ref: '#/definitions/Dql'
responses:
'200':
description: A successful response
schema:
type: object
'400':
description: invalid input, object invalid
options:
operationId: create-cors-dql
responses:
'200':
description: Success
definitions:
InputString:
type: object
properties:
input:
type: string
title:
type: string
required:
- input
- title
Dql:
type: object
properties:
user:
type: string
id:
type: string
required:
- user
- id
老实说,文档并不清楚——通过反复试验,我可以通过将 openapi 定义上的路径与我的网络服务器路由器中的路径相匹配来使其工作,而不是只给 openapi 定义主机,例如:
paths:
/mnemonic-api:
post:
security:
- jwt_auth: []
summary: Mnemonic API
operationId: mnemonics
x-google-backend:
address: https://mnemonic-api-staging-ue.a.run.app/mnemonic-api