问题描述

我正在测试一个非常基本的发布/订阅订阅.我已将推送端点设置为已通过App Engine中的Python Flex服务部署的应用程序.该服务位于启用了身份识别代理的项目中. IAP配置为允许通过我们的域认证的用户.

I am testing out a very basic Pub/Sub subscription. I have the push endpoint set to an App I have deployed through a Python Flex service in App Engine. The service is in a project with Identity-Aware Proxy enabled. The IAP is configured to allow through users authenticated with our domain.

我的应用程序未处理任何推送请求.

I do not see any of the push requests being processed by my app.

我关闭了IAP保护，然后看到请求已处理.我重新打开它，它们将不再被处理.

I turned off the IAP protection and then I see that the requests are processed. I turn it back on and they are no longer processed.

尝试使Cron服务运行时，IAP存在类似问题；在同一个项目中部署了新的测试应用程序后，该问题便解决了.

I had similar issues with IAP when trying to get a Cron service running; that issue resolved itself after I deployed a new test app in the same project.

有人通过IAP配置推送订阅是否成功?我还尝试过将不同的服务帐户放在IAP访问列表中，但没有一个起作用.

Has anyone had success with configuring a push subscription through IAP? I also experimented with putting different service accounts on the IAP access list and none of them worked.

推荐答案

我遇到了一个非常相似的问题-项目A中的GAE 2nd G标准应用程序(在IAP下进行了连接)无法接收来自以下人员的推送的发布/订阅消息:项目B.

I had a pretty similar issue - a GAE 2nd G standard application in project A, which is wired under IAP, that cannot receive the pushed pub/sub message from project B.

我的解决方法是:

1. 在项目A中设置云功能(触发HTTP)；
2. 设置项目B发布/订阅主题的订阅，以将消息推送到Cloud Function端点上方；
3. 上述Cloud Function就像一个代理进行过滤(根据我的情况ymmv的需要)并将http请求中的Pub/Sub消息转发到GAE应用程序；
4. 由于Cloud Function与GAE应用程序位于同一项目中，因此仅需要为上述http请求添加IAP身份验证(获取从特定SA分配的令牌).
5. Project B IAM中应该有一个Project A的SA设置，它可能至少具有发布/订阅订户和发布/订阅查看器角色.

希望这可能是您的情况的选择.

Hope this could be an option for your case.

这篇关于Google Pub/Sub推送订阅到受IAP保护的App Engine中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！