Search code examples
google-cloud-functionsapexgoogle-iamgoogle-workflows

How to call Workflows via API Gateway Config?

I've changed my approach and turned to what worked earlier. I configured an API gateway to call the Google Cloud Functions and it called them with the appropriate permissions when I passed in an api key. I think it's erroring when trying to call the workflow because I didn't specify a resource. Not sure exactly though... It looks like the API key is working, but the OAuth is failing. My OAuth is configured with a fresh connection since I've made the workflow. It's authenticated on my end, I clicked my account in google and everything. I'm 99.99% sure the OAuth is configured correctly. When I called the GCP function with the API Gateway, I didn't have to use OAuth.

  1. Is OAuth a requirement for the Workflows API? Are there any work arounds?

  2. How to specify the params for the Workflow in the API Gateway config?

Named Credential:

Label   GoogleCloudFunction
Name    GoogleCloudFunction
URL https://workflowexecutions.googleapis.com
Hide Section - AuthenticationAuthentication
Certificate  
Identity Type   Named Principal
Authentication Protocol OAuth 2.0
Authentication Provider GoogleCloudAuth
Scope   https://www.googleapis.com/auth/cloud-platform
Authentication Status   Authenticated

Log from API Gateway:

httpRequest: {
latency: "0.039s"
protocol: "http"
requestMethod: "POST"
requestSize: "1269"
requestUrl: "/create-site-tracker-site?key=HIDDEN"
responseSize: "743"
status: 401
}
insertId: "48330ec2-7114-4270-b465-68ae6308bdc34850908905639612439@a1"
jsonPayload: {
api_key: "HIDDEN"
api_key_state: "VERIFIED"
api_version: "1.0.0"
http_status_code: 401
location: "us-central1"
log_message: "1.create_site_tracker_site_0s5865srg8pbr_apigateway_quick_hangout_329722_cloud_goog.CreateSiteFunction is called"
response_code_detail: "via_upstream"
}

API Config


# openapi2-functions.yaml
swagger: '2.0'
info:
  title: create-site-tracker-site with auth
  description: Create Site in Site Tracker using JSForce
  version: 1.0.0
schemes:
  - https
produces:
  - application/json
paths:
  /create-site-tracker-site:
    post:
      summary: Create Site
      operationId: createSiteFunction
      x-google-backend:
        address: https://workflowexecutions.googleapis.com/v1/projects/us-central1-quick-hangout-329722/locations/us-central1/workflows/create-site-and-project/executions
      security:
      - api_key: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
securityDefinitions:
  # This section configures basic authentication with an API key.
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"
Solution

  • Current work around is calling the workflow from a google cloud function, and then calling the function via API Gateway and passing a key. Gross but it works