This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud Workstations and Cloud Tasks http endpoint

Posted on 10-22-2022 06:15 AM
lordlele
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I know that Cloud Workstations are still in preview, but they are a great tool for fast developing and onboard new developers. I've all done except for Cloud Tasks HTTP endpoint that never reach the Workstation.

My setup works perfectly when I point Cloud Tasks to HTTP endpoint on Compute Engine (so the whole configuration is correct), but it didn't work when the target HTTP endpoint is on Workstation URL.

I understand that Workstations URL are behind a proxy (live IAP or something similar) but I think there is a way to let the Cloud Tasks service account to pass the authentication of the proxy. I've also added the Cloud Tasks Service Account as Workstation user but nothing change.

There's anything that I'm missing? Any idea?

Solved Solved
0 2 502
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
RobSpies
Staff
Reply posted on --/--/---- --:-- AM

Hey,

Thanks for your interest in the product!
To issue an http request to a workstation, you'll need to generate an access token for an account that has "Cloud Workstation User" role on that workstation. It sounds like your service account already has that permission, so you'll then need to generate an access token via the generateAccessToken API method: https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClust...
Once that is retrieved, you'll need to add an http header called "Authorization" with the value "Bearer $TOKEN"
We'll make sure to add this to our docs.
-Rob

 

W

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
RobSpies
Staff
Reply posted on --/--/---- --:-- AM

Hey,

Thanks for your interest in the product!
To issue an http request to a workstation, you'll need to generate an access token for an account that has "Cloud Workstation User" role on that workstation. It sounds like your service account already has that permission, so you'll then need to generate an access token via the generateAccessToken API method: https://cloud.google.com/workstations/docs/reference/rest/v1beta/projects.locations.workstationClust...
Once that is retrieved, you'll need to add an http header called "Authorization" with the value "Bearer $TOKEN"
We'll make sure to add this to our docs.
-Rob

 

W

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
lordlele
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Rob,

yes I've discovered the generateAccessToken API endpoint by digging in the API (is not mentioned anywhere on the documentation). It works perfectly but I have to disable OIDC token authentication from Cloud Tasks because both use "Authorization" HTTP Header (a minor problem on development machine).

Thanks for answering.

Jump to Solution
0 Likes
Top Solution Authors
View all