This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Apigee X target endpoint and Google Authentication

Posted on 01-17-2024 04:14 PM
ezetina
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi everyone

I'd like to understand something, I'm following this article to create a PSC connection between my ApigeeX organization and my Target project which contains multiple Cloud Run services.

I successfully created the connection between the projects and when creating a new API Proxy to call a Cloud Run service it works for unauthenticated calls; nevertheless when  adding authentication I got:

The URL must be ssl enabled if Authentication is present. 

Please note the service account used for deployment has the serviceAccountUser role in the Apigee org project and run.invoker in the target project.

Per the documentation [1] when working with Southbound PCS targets I have to add this as a target:

 

  <HTTPTargetConnection>
    <URL>http://7.0.8.5:80</URL>
  </HTTPTargetConnection>

 

I have tried to use:

 

  <HTTPTargetConnection>
    <URL>https://7.0.8.5:443</URL>
  </HTTPTargetConnection>

 

But, it is not working, either.

My question is, when using this southbound PSC target how  can I use :

 

<Authentication>
    <GoogleIDToken>
      <Audience useTargetUrl="true"/>
    </GoogleIDToken>
</Authentication>

 

if my endpoint attachment IP is HTTP and not HTTPS?

I add a diagram of my current architecture

arch.png

Any guidance will be appreciated.

@miguelmendoza tagged as I  checked [2].

[1] https://cloud.google.com/apigee/docs/api-platform/troubleshoot/playbooks/network-configuration/conne...

[2] https://www.googlecloudcommunity.com/gc/Apigee/How-to-Load-Balance-Between-Cloud-Run-Targets-in-Apig...

 

Solved Solved
3 24 4,549
Topic Labels
Jump to Solution
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ezetina
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Following this thread here is how I solved it, I  created a target server and pointed to it:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
  <Description/>
  <FaultRules/>
  <PreFlow name="PreFlow">
    <Request/>
    <Response/>
  </PreFlow>
  <PostFlow name="PostFlow">
    <Request/>
    <Response/>
  </PostFlow>
  <Flows/>
  <HTTPTargetConnection>
    <Properties/>
    <LoadBalancer>
      <Server name="my-server"/>
    </LoadBalancer>
    <Authentication>
      <HeaderName>X-Serverless-Authorization</HeaderName>
      <GoogleIDToken>
        <Audience>https://my.run.app</Audience>
      </GoogleIDToken>
    </Authentication>
  </HTTPTargetConnection>
</TargetEndpoint>



View solution in original post

Jump to Solution
Reply
24 REPLIES 24
Top Solution Authors
View all