Following this guide , it stops at the deployment step itself.
I'd be looking to apply one last step, which would be an automatic domain mapping setup, that couldbuild would run :
gcloud beta run domain-mapping create --service xxx --domain example.com
The custom domain that we'd be looking to map (above, the example.com placeholder) is handled by google dns, verified on google via the webmaster tools, etc... things works perfectly when don manually via the UI.
However, the cloudbuild service account (the 'user' that will run the domain mapping command) is not the one that have verified the domain. So this last steps can just fail
Is there a role to add to the cloudbuild service account to pass the verification check ? What other process should be used ?
When a user verifies a domain, that domain is only verified to that user's account. However, if you are that user you can enable other users (or service accounts) to add mappings that use that domain by adding them as verified owners.
To do so:
Navigate to the Webmaster Central page:
https://www.google.com/webmasters/verification/home
Under Properties, click the domain for which you want to add a user or service account.
Scroll down to the Verified owners list, click Add an owner, and then enter your Cloud Build service account ID
Once this is done you should be able to run the gcloud beta run domain-mapping create command from Cloud Build successfully.
Related
Hello I can see that hostname (domain) is available on 3rd party providers like GoDaddy etc, however i am unable to purchase it from Azure App Service domain page on portal
here i am trying to purchase Sandeep.com, as you see in screenshot the hostname is available where as it is not showing up in Azure portal from available list of domains.
This is currently a known issue and Product Group is working to fix this along with new UI for App Service Domains that's currently in preview as seen below:
PFB work around to purchase desired available hostnames on Azure Via CLI:
• Please go to portal->click on Azure CLI besides search bar as seen below:
• I selected powershell as seen below:
• Here, I am trying to buy “nihakoneru.com” which is not an option through portal as seen below:
• However, I was able to verify that this domain is available for purchase by running below command in Azure CLI:
"az appservice domain show-terms --hostname nihakoneru.com"
Here is the Doc that has list of commands to use through CLI, I now replaced the values in the JSON file with my contact information (Name, Email, Address etc) from the above doc as seen below and saved it to my local.
• Now let’s go back to the portal->cli and upload this file to cloud shell by clicking on the highlighted below:
• You will see pop up message as below once the file is uploaded:
PFB final command used to purchase domain:
Once the above command is being executed, you will see the state as running for a bit until the process is completed in the backend:
Once the domain purchase is completed you will see the status changing to Finished as below:
I was able to verify that my domain was purchased by going to App Service Domains on portal as seen below:
I hope this helps in the interim as a workaround.
I made a simple Node.js application that is using Google Cloud's Speech to Text API.
I could successfully authenticate locally, but how do I authenticate in production while keeping the credentials privates?
P.S. My application is not using any other server than Google's servers.
The credentials necessary for making client calls are based on a strategy called Application Default Credentials. These can be found through an environment variable called GOOGLE_APPLICATION_CREDENTIALS if the variable is present. If the the variable is not set, then the default credentials can be used. The following article provides detailed guidance on this topic:
Setting Up Authentication for Server to Server Production Applications
If your client is running outside of Google on your own premises (and hence not in a Compute Engine or GKE cluster) then the thinking will likely be that the credentials are contained in a file that is itself content protected by local OS access permissions. For example, contained in a file which has read permission restricted to either the user that runs your application or group that the user is a member of.
You need to be more specific to get more accurate answers
====================
OK, it's all about how you control the permission of your service account and there is a note in that page: "If you are developing a production app, specify more granular permissions than Project > Owner. For more information, see granting roles to service accounts."
You should use a specific service account needed to use this service. I don't have the particular role name(something like AutoML Viewer or Editor), and you need to test a minimum workable role in your Dev ENV.
After which, you can deploy your service into PROD and make sure the key with a 0400 file. So more or less the account can use limited service as expected
For my Azure Web Service, under Properties, the FTP/DEPLOYMENT USER seems to be of the form:
websitename\azuresubscriptiondirectoryname
But under Deployment Center, FTP, Dashboard, it is of the form:
websitename\$websitename
Where do I get the password for the first one, ie FTP/DEPLOYMENT USER?
The first one are user-level deployment credentials, they allow you to deploy any app in your account, as opposed to app-level credentials (the second you mentioned).
Assuming that you haven't configured them yet, you have to open the "Deployment center" section of your App Service. If you have multiple App Services, any of them will do).
Refer to this link for a how-to.
I followed these instructions to deploy to Azure:
And it actually worked, but I get a Guid for a Website URL. How can I hook it up to an Azure website? Something like patrickinmpls.azure.com ?
Adding to #mfanto's comment, you would need to publish your application to production slot and then you'll get a yourservicename.cloudapp.net URL which you can then map to your custom domain name. See this link for more details: http://www.windowsazure.com/en-us/develop/net/common-tasks/custom-dns/.
I am trying to implement a Custom STS as a WebRole to be deployed onto Azure. The problem i have is that how do i generate or write the Federation Metadata.xml file for my Custom STS. if i write it myself can i get the custom reference id and how do i sign it?
Also as my STS is an Azure application ,so when i run it the Azure Emulator it has a URL like http://127.0.0.1:81/ ,so i would using this as the link in the Federation Metadata.xml file but afterwards when i publish the STS onto Azure as a production deployment it would have a URL like http://cloudSts.cloudapp.net so i would have to reflect these changes in my Federation Metadata.xml file,the question here is that after making these changes should i upgrade/publish the package again and then move it onto production or else i can simply upload the changed Federation Metadata.xml file onto ACS(where i have my Custom STS as an IP) and it would work?
Thanks
Here is a post I wrote on how to generate federation metadata dynamically: http://www.syfuhs.net/post/2010/11/03/Generating-Federation-Metadata-Dynamically.aspx
There is a variable in there called 'host' that you would modify. There are a couple ways to do it. You could look at the host header in the HTTP request, but you have to account for when it's not there. Or you could stick it into the role configuration. That would allow you to update it without having to redeploy.