I am facing an problem, Gcp PubSub not pushing message to my registered endpoint. Let me narrate in details the steps I have executed.
Note,
I am not using app engine
I am deploying my simple spring boot app on PCF (Pivotal Cloud Foundry...PaaS) hosted on GCP (IaaS)
Steps:
1st I have created an service account with required permission to access GCP PubSub
Next am using this service account to create/subscribe/register my endpoint to the topic
Next, as expected I have registered & verified my domain ownership & added my push endpoint path say https://example.com with GCP
Deployed my app in Pcf
Test Executed:
I am able to successfully create & subscribe the topic
Successfully registered my push end point like https://example.com/myPushEp with the newly created topic
Successfully able to post message to the topic.
As my push ep is registered with gcp pubsub topic so asa the message is posted it must be pushed into registered endpoint, but unfortunately it not pushing any message to the registered endpoint. I am completely clueless what is the mistake.
Can any one guide me where I am doing the mistakes. Its an simple spring boot rest application, do I am making any mistake in coding or any configuration.
I recommend you looking in Cloud Monitoring, you can use the push metrics, which start with the name "Push Request", to figure out if your messages are being pushed to your endpoint and if your endpoint is returning errors to Pub/Sub.
I faced the same problem and the funny turnout was that it was my server's fail2ban who banned google ip addresses.
One reason might be that the SSL Certificate of your push endpoint might be expired. It took me half a day to figure it out. Pubsub requires a working SSL certificate.
You can look up the type of errors in Google's stack monitoring. If it is a pubsub_interal_push error then most likely it is a certificate issue.
Usually, Google doesn't accept URLs without HTTPS but in my case - I had an HTTP URL. The certificate had an issue.
Related
I'm trying to figure out how to use Cloud Pub/Sub to trigger the sending of an email when a file is added to a storage bucket.
Currently using PHP72 in Google App Engine standard environment. First I created a Topic that creates a message when a file is added to the storage bucket. Then I created a Pull subscription which reads the message. I can view the messages in the GCP console, but what I would like to happen is that I want to be notified by email, preferably with a copy of the file added to the email as an attachment. Is this possible? I tried looking for a solution or tutorial but came up empty.
You can implement the send mail login in a cloud function which will be triggered by Pub/Sub (Node.js,Python,Go).
Using Pub/Sub to trigger a Cloud Function
Instead of using a pull subscription, you should probably use a push subscription with App Engine, combined with one of the third party mail services such as Send Grid or MailJet.
The upload of an object to GCS triggers a message to be sent to the topic, and the push subscription delivers that message to App Engine.
Unfortunately, there aren't any full tutorials asking for exactly what you want, but hopefully this helps. Feel free to request a community tutorial for this by filing an issue on the GCP community toturial repo.
I'm trying to map a custom domain in a Google Appengine project. Following the instructions listed in the Settings > Custom Domain section of the Google Cloud Platform Appengine Console, I'm able to map a subdomain www to my domain, but the mapping fails for the naked domain.
The error thrown up is: "There is an operation pending for this application. Please wait and try again."
I had earlier set up naked domain redirection in G-suite, but the G-suite account was deleted later. However, this error persists.
Has anyone else faced a similar problem?
I try to make a SP hosted on Google app engine, with a third party IdP, and I'm facing multiple problems.
I'm using Spring SAML extension for java. I was able to run the stand alone (not in GAE) demo app, from the official guide http://docs.spring.io/spring-security-saml/docs/1.0.x/reference/html/chapter-quick-start.html using as IdP idp.ssocircle.com.
Now my problem comes whey I tried to integrate this code in my GAE project. When running with GAE I can get to the phase where I'm redirected to do the login on ssocircle.com and from there when I should be redirected back to my page I'm getting this error: "Error 401 Authentication Failed: Error decoding incoming SAML message", and on local GAE server logs I can see this message
"[INFO] Dec 17, 2014 5:21:23 PM org.apache.commons.httpclient.HttpMethodDirector executeWithRetry [INFO] INFO: I/O exception (java.net.SocketException) caught when processing request: Permission denied: Not allowed to issue a socket bind: permission denied."
I was wondering if this is a limitation from GAE regarding sockets: 1) Sockets are available only for paid apps (I don't have a paid app, but could consider this options) 2) You cannot create a listen socket; you can only create outbound sockets. 3) You cannot bind to specific IP addresses or ports. (for me this one sounds like it is my problem).
And whey I tried to deploy on GAE, the app remained in a start-up loop because of other errors regarding "nested exception is java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")", that sounds like another GAE limitation to me.
At some point I was ready to gave up, because I was thinking that SAML Spring extension can't work with GAE, because of limitations present on GAE. But I see you have the same project running as a demo on GAE (or at least I think it is running on GAE because of the appspot part in domain name). https://saml-federation.appspot.com/saml/discovery?returnIDParam=idp&entityID=saml-federation.appspot.com
I would appreciate if you can give me some hints regarding my problems, and best would be if you could help me with the source code of this demo project (could not find it anywhere), and all configuration that is needed for GAE.
I've created a new repository https://github.com/vschafer/spring-security-saml-gae which includes instructions for deployment of Spring SAML applications on Google Application Engine. It also includes classes helping to avoid issues you're facing (sockets and threads).
In order to use it:
include the jar created from the repo in your project
use the provided org.springframework...StaticFilesystemMetadataProvider for loading of your metadata
in case you are using HTTP-Artifact binding replace bean org.springframework...ArtifactResolutionProfileImpl with org.springframework...google.ArtifactResolutionProfileGAE
Please comment if you spot some mistakes in the documentation or code.
I've created the game thru Google Play Developer Console (it is ready for testing, but not published yet).
Two service accounts are added there as testers - myappid#appspot.gserviceaccount.com (Google App Engine service account) and 64436212345-enq9gkd1abcdefghjec2kha39je5ojsc#developer.gserviceaccount.com (manually created service account, it was created before an access to Google Play Game Services API was given). First one is used for production GAE environment, second one is for development environment (run with --appidentity_email_address). Both accounts work well with Google Analytics API.
Now I try to use these accounts to work with Google Play Game Services API.
The following code is used for authorization and works fine:
credentials = AppAssertionCredentials(scope=['https://www.googleapis.com/auth/games', 'https://www.googleapis.com/auth/plus.login'])
http = credentials.authorize(httplib2.Http(memcache))
But I am getting an error when trying to access achievements definition (also tried to get application metadata - got the same issue):
response = service.achievementDefinitions().list().execute()
In development environment I get
<HttpError 404 when requesting https://www.googleapis.com/games/v1/achievements?alt=json returned "The requested application with ID 64436212345 was not found.">
and in production:
<HttpError 500 when requesting https://www.googleapis.com/games/v1/achievements?alt=json returned "">
What is wrong there? Are service accounts supported by Google Play Services API?
Upd. Further analysis showed that 64436212345 is an ID of my GAE application, when an ID of my Google Play application is 760943112345.
So, I went to Google Developer Console for application 760943112345 and added 64436212345-enq9gkd1abcdefghjec2kha39je5ojsc#developer.gserviceaccount.com and myappid#appspot.gserviceaccount.com as the member their. It didn't help.
Then I generated new service account ID there and run GAE locally with this service account. In result, I've started to get
<HttpError 401 when requesting https://www.googleapis.com/games/v1/applications/760943112345?alt=json returned "User has not completed registration.">
Of course, my service account doesn't have Google+ profile.
I am also struggling with service accounts and Google game services, and am stuck at the same point (my service account doesn't have a G+ account).
The only indication I have found in the Google literature (supposedly Updated Jan 22, 2014) says service accounts are not supported:
Warning: Very few Google APIs currently support Service Accounts. Service accounts are >currently supported by the following Google developer services:
Google Cloud Storage
Google Prediction API
Google URL Shortener
Google OAuth 2.0 Authorization Server
Google BigQuery
This is embedded in some google api php client documentation however, so I cannot attest its validity.
Let me know if you have any luck getting this to work and I'll do the same!
Edit: here is the actual answer:
You have to create another API project and link it to your game's project, as explained in Getting Started with the Google Play Games Services Publishing API. The service accounts that you add to your game's project won't work. Also, you have to add this new API project through Google Play Developer Console, and not through Google Developers Console. As far as I remember, you go to the latter to get your key only. This whole situation took me forever to figure out.
I'm keeping the below text for future reference:
Edit: I wrote the answer below, thinking that you did not talk about the Publishing API. But you are, it seems. Or an earlier version of it. I hope the below answer will be useful for people looking to access Management API with a service account:
I struggled with the same and concluded that service accounts do not work with the GPGS Management API, which is the API that deals with achievements and things of that sort. Here are the facts that I used to reach this conclusion:
The only place in GPGS docs that service accounts are mentioned is the Publishing API.
Management API Docs contains descriptions for each function about the authorization requirements such as: "This method is only available to user accounts for your developer console.", while Publishing API Docs have no such descriptions.
The sample app for Management API does not use a service account.
It would be nice if this was a bit clearer in the GPGS docs. The generic Google Cloud docs that they link from GPGS pages made me believe that service accounts would work.
I am attempting to follow the tutorial at: http://www.youtube.com/watch?v=v9TG7OzsZqQ
My Cloud Endpoint REST API works well on my local development machine, but when I deploy to App Engine, I receive errors in my Admin Log that "API serving not allowed for this application".
Is this a paid feature that I must enable billing to receive? If not, is there documentation that explains this issue and how to fix this error?
To use Endpoints in production you need to be accepted into the trusted tester program. You can apply here. Mention this Stack Overflow post in your request and I'll see if I can expedite approval.