-
Notifications
You must be signed in to change notification settings - Fork 591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement IAM API #1192
Comments
/cc @tseaver |
I haven't been able to get through to IAM with gRPC: stephenplusplus/grpc-usage-question#1 // @jgeewax |
@jgeewax for the libraries that use gRPC, there are no IAM endpoints defined within each service's proto files. For an HTTP API like Compute, can you give me an example of a URL where you think I can find an IAM endpoint? I've tried on an autoscaler to test, |
I'm pretty sure that you use the iam_policy.proto file to send the request
with the right resource name, but to the pubsub endpoint... (
https://cloud.google.com/pubsub/reference/rpc/google.iam.v1 and
https://github.com/googleapis/googleapis/blob/master/google/iam/v1/iam_policy.proto
)
No?
|
Pub/Sub is supported using IAM: https://github.com/GoogleCloudPlatform/gcloud-node/blob/master/lib/pubsub/iam.js. It's Logging that's been an issue. Maybe you can take a look at the repo I put together to demonstrate the problem. If it's an easy solution, it should be easy to catch where I went wrong. https://github.com/stephenplusplus/grpc-usage-question -- you can replace the URL at line 19 to send the request to a different "base URL". In my experience, I either get a "Not Implemented" error when I send the request to a Logging URL, or an error like the ones I describe in the issue: stephenplusplus/grpc-usage-question#1 Just worth mentioning, all of the above only affects the gRPC APIs (Logging, PubSub) -- there is still Compute, Resource Manager, and Storage that I don't know how to make IAM requests for. |
The demo looks like it's dealing with resource manager -- which you're
saying is giving you a cancelled error (in the issue), right?
For Logging, I don't see any IAM support there -- what resource are you
trying to :getIamPolicy on ?
|
Yeah, I just wanted to make the repo as easy as possible to reproduce, since everyone should have a "Project" resource (but maybe not a "Sink" or "Log", etc)
I don't see any IAM support either, which is what I'm saying... only Pub/Sub seems to have a way to use IAM. |
I get a var protoOpts = {
service: 'IAMPolicy',
method: 'getIamPolicy'
};
var reqOpts = {
resource: 'a/log/resource'
}; |
Right -- the frame error for gRPC with IAM on Resource Manager is legit,
going to dig more.
The Logging piece... I don't believe it supports IAM. AKA, your work is
done for Logging.... If the REST methods aren't defined in the docs, then
it's not supported.
|
Good - that's what's expected.
|
Cool, thanks for checking into this stuff! |
OK -- Resource Manager's docs are lying : they don't support gRPC today. Carry on. |
Trying to move on with accessing Compute IAM through the IAM gRPC API to get the policy of an Address resource. Let me know what these values should be: Base URL for the IAM request: ? Resource ID: ? gRPC prints this error to the console:
|
Update! I ran it with this base URL:
|
Our support of IAM at this time seems to be complete, in regards to what IAM accessors are available at this point upstream. The issue can stay open for when IAM is opened up for the missing APIs. |
"status: blocked" is removed due to the current status -- pubsub is done, and storage is coming. |
Only Compute remains. Issue opened: googleapis/nodejs-compute#28 |
IAM is currently buried inside of our Pub/Sub code, but should be abstracted to be used with any API that supports it:
Logging(not supported)Resource Manager(not supported)The text was updated successfully, but these errors were encountered: