我正在尝试使用 API Gateway 添加 Firebase 身份验证以访问我的 Cloud Run 服务。我正在使用 grpc 访问 Cloud Run 中的服务端点。
type: google.api.Service
config_version: 3
name: myapigateway.my-project.cloud.goog
title: API Gateway + Cloud Run gRPC
backend:
rules:
- selector: "*"
address: "grpcs://mycloudrun-service.run.app"
path_translation: APPEND_PATH_TO_ADDRESS
jwt_audience: "my-project"
usage:
rules:
- selector: "*"
allow_unregistered_calls: false
authentication:
providers:
- id: firebase
jwks_uri: >-
https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com
issuer: "https://securetoken.google.com/my-project"
audiences: my-project
authorization_url: ""
rules:
- selector: "*"
requirements:
- provider_id: firebase
从 CLI运行api-config create时,我收到以下错误。
$ gcloud api-gateway api-configs create v1 --api=cosmos-api --project=my-project --grpc-files=api_descriptor.pb,api_config.yaml
Waiting for API Config [v1] to be created for API [cosmos-api]...failed.
ERROR: (gcloud.api-gateway.api-configs.create) Wait for Service Config creation: API Config's backend has no rules. If using gRPC, be sure to specify the 'rules[]' under the 'Backend' field. See https://cloud.google.com/endpoints/docs/grpc-service-config/reference/rpc/google.api#backendrule for more details.
如您所见,规则在backend. 所以不确定缺少什么。此外,您能否建议这是否是将 Firebase Auth 与 grpc 一起使用的正确方法。我使用与 GCP 中的 REST + Firebase AUth + API Gateway 相同的设置。