Search code examples
google-app-engineauthenticationgoogle-cloud-platformgoogle-cloud-endpointsgoogle-cloud-endpoints-v2

How to enable api-key auth for all version when deploying multiple versions to same configuration in Google Clould Endpoint


I deployed 2 versions of openapi.yaml file to Google Cloud Endpoint using the Cloud Endpoint's versioning feature(i.e gcloud service-management deploy openapi_v1.yaml openapi_v2.yaml). Each version of the yaml file contains a version number and basepath different from the other, one endpoint that use api-key authentication, and definition for api-key authentication tag. After deployed to Endpoint, the configuration shows both yaml file, however deploying an api to GAE using this configuration will only have api-key authentication turned on for the newer version.

Does anyone know if this is a known bug, or there is something else I need to do to enable authentication for all versions?

The .yaml file looks like the following. The two versions I used to test on are identical except version and bathpath:

swagger: "2.0"
info:
  description: "This API is used to connect 3rd-party ids to a common user identity"
  version: "0.0.1"
  title: "****"
host: "uie-dot-user-id-exchange.appspot.com"
basePath: "/v0"

...

- "https"
x-google-allow: all

paths:

  ...

  /ids/search:
    get:
      operationId: "id_search"
      produces:
      - "application/json"
      security:
      - api_key: []
      tags:
      - "Ids"
      summary: "Privileged endpoint. Provide any id (3rd party or otherwise) and get a hash of all ids associated with it."
      parameters:
      - in: "query"
        name: "id_type"
        description: "Type of id to search"
        required: true
        type: string
      - in: "query"
        name: "id_value"
        description: "Value of id to search"
        required: true
        type: string
      responses:
        200:
          description: "AssociatedIdsHash"
          schema:
            $ref: '#/definitions/AssociatedIdsHash'
        400:
          description: "Bad request. Requires both id_type and id_value query parameters."
        401:
          description: "Unauthorized. Please provide a valid api-key in the \"api-key\" header."
        404:
          description: "Not found - no entry found for key provided"

...

################ SECURITY DEFINITIONS ################
securityDefinitions:
  # This section configures basic authentication with an API key.
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"

Solution

  • I can replicate this issue and it appears to be a bug.

    What does work is adding the API key restriction on the global level for both versions rather than at the per-path level. Perhaps this workaround will suffice for your use case.

    ...
    security:
    - api_key: []
    path:
    ...