I am Trying to connect to GCP PUSUB Services using IAM authentication. I want to do this without the .json file.
I tried using
GoogleCredentials credential = GoogleCredentials.getApplicationDefault(() -> httpTransport);
But this is too required application_default_credentials.json file to get Authenticated .
Basically , I want to get Authorized using GCP IAM API to use GCP PUBSUB Services .
Plan - I Want to run a sample Java code from my local , connecting to GCP PUBSUB instance and test and after testing , Deploying the same at GCP container and then test the same PUBSUB.
to Connect to GCP PUBSUB instance from my local system I want to do that Via IAM Authentication mechanism .
Any reference ? Please help
thanks
Application default credentials can be setup with gcloud CLI. Once you install gcloud, gcloud auth application-default login will allow all the client libraries and Spring Cloud GCP modules to get your credentials from the environment.
Related
I'm looking for a way to connect Cloud Run to Firestore without using a service account access key. I have a key set up for my local dev environment to access Firestore. I know you can access Firestore from the account running Cloud Run containers, but haven't been able to find any documentation on how to do this.
The most I could find is using a Workforce Identity Federation but that seems to be focused on connecting external services which isn't my goal.
Edit, forgot to mention I'm using nodejs and am not using firebase, just firestore
Every service in Cloud Run has a service account assigned (default Compute Engine service account), but you can create you own service account and assign it (Recommended), you don't need to download a key.
Cloud Run console
In the IAM section look for datastore permissions instead of Firestore permissions, because Firestore is the 'evolution' of datastore.
Follows the doc for more info: https://cloud.google.com/run/docs/configuring/service-accounts
I am getting "can't be pulled" when I use Cloud Code plugin in VS code to build and deploy an image to a local Kubernetes cluster. There are no errors being logged on GCP, but locally I'm getting the following:
- deployment/<redacted> failed. Error: container <redacted> is waiting to start: gcr.io/<redacted>/<redacted>:latest#sha256:<redacted> can't be pulled.
If your GCR registry is a private registry then you need to configure your local Kubernetes cluster with an imagePullSecret to use to authenticate to GCR. The general process is to create a service account in your GCP project, and then configure the corresponding service account key file as the pull secret.
There are a variety of tutorials, and this one looks pretty good.
Can you try gcloud auth list and check if you are using the right account? To switch account use gcloud auth login <account>
Also make sure you have the right permission : gcloud permission to pull GCP image
Once these two things are in place then you should be able to pull the image for GCR.
Is there a way to get IBM Cloud Compose for RabbitMQ logs using web interface or cli?
There is Syslog-NG for RabbitMQ and it has other cloud logging services namely papertrail and Loggly providing the webinterface along with two IBM Cloud Compose API calls for logs
Get list of available logfiles
GET /2016-07/deployments/:id/logfiles
Get details of a logfile including download link
GET /2016-07/deployments/:id/logfiles/:logfile_id
To make use of the API, you will need a handful of digital assets; a token for your account to access the IBM Cloud API and a foundation endpoint for your queries. Check this link for details on how to get the token, endpoint and example cURL calls
For one process I need this credentials that be in Object Storage in IBM Bluemix, so, How can I get this credentials? Where can I see that?
Thank you very much!
credentials_1 = {
'auth_url':'',
'project':'',
'project_id':'',
'region':'',
'user_id':'',
'domain_id':'',
'domain_name':'',
'username':'',
'password':"",
'container':'',
'filename':''
}
There are a few different Object Storage services on the IBM Cloud. Here is a comparison.
Below is a project with Object Storage. The credentials can be found in the Credentials section and/or Service Credentials of the service instance.
You can create a project with the Object Storage service using the App Service console: https://console.bluemix.net/developer/appservice/create-project?services=Object-Storage
You could also use the cf CLI and run the command cf service-key serviceInstanceName serviceKeyName to get the credentials. You would have to run cf service-keys serviceInstanceName to get a list of the service keys beforehand.
I'm trying to build an automatic sync solution that uses a Google Cloud storage bucket for storing data.
When I install the cloud SDK it asks for my authentication, but obviously I don't want to use my credentials on the client's server, it should be done with a service account with specific permissions, right?
The documentation just says to authenticate with your credentials. What is the security best practice here?
Found it, it's this simple command:
gcloud auth activate-service-account --key-file=credentials.json
And it works! I can upload stuff with PowerShell
The doc is here