Share and Secure your Cloud Services: An Introduction to Cloud Endpoints

You are a data scientist or a developer and you want to securely share a model or a Web Service, let’s get started!

Izzat Demnati
Oct 2, 2019 · 9 min read
Image for post
Image for post
Photo by Eric Ward on Unsplash

Solution Overview

Image for post
Image for post
Overview Solution to Share and Secure Cloud Services

Cloud Endpoints: How does it work?

Cloud Endpoints: Step-by-Step

Image for post
Image for post

Deploy Cloud Function

google-cloud-pubsub== 0.41.0
pandas==0.25.1
Flask==1.0.2
main.py
gcloud functions deploy publish_rss_feed_search_message --runtime python37 --trigger-http

Deploy ESP to Cloud Run

gcloud beta run deploy rss-news-search --image=”gcr.io/endpoints-release/endpoints-runtime-serverless:1" --[YOUR GCP PROJECT ID]  --platform managed
Deploying container to Cloud Run service [rss-news-search] in project [YOUR GCP PROJECT ID] region [us-central1]
Deploying new service…
Setting IAM Policy…done
Creating Revision…done
Routing traffic…\
Done.
Service [rss-news-search] revision [rss-news-search-00001] has been deployed and is serving traffic at https://[GENERATED SERVICE HOSTNAME]
Image for post
Image for post
Cloud Run — New Service Added
Image for post
Image for post
Cloud Endpoints — New service added

Create OpenAPI document to describe the API specifications

RSS Search Process — openapi-functions.yaml
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

Deploy Endpoints configuration

gcloud endpoints services deploy openapi-functions.yaml --[YOUR GCP PROJECT ID]

Configure ESP so it can find the configuration for your Endpoints service

gcloud beta run services update rss-news-search -- set-env-vars ENDPOINTS_SERVICE_NAME=[GENERATED SERVICE HOSTNAME] --[YOUR GCP PROJECT ID] -- platform managed
Deploying…
Creating Revision…done
Routing traffic…done
Done.
Service [rss-news-search] revision [rss-news-search-00001] is active and serving traffic at https://[GENERATED SERVICE HOSTNAME]

Grant ESP permissions to invoke the target Cloud Function

gcloud beta functions add-iam-policy-binding publish_rss_feed_search_message --member "serviceAccount:[Default compute service account] --role "roles/cloudfunctions.invoker" --project [YOUR GCP PROJECT ID]
bindings:
- members:
- serviceAccount:[Default compute service account]
role: roles/cloudfunctions.invoker
etag: xxxxxxxxxxx
version: 1

Cloud Endpoints: How to…

Delete a Cloud Endpoints service

Granting access to Enpoints Portal

gcloud beta run services add-iam-policy-binding [GENERATED SERVICE HOSTNAME] --member='[User email]'  --role='roles/run.invoker'

Configure quotas

Deploy a second secured API

gcloud functions deploy read_articles_firestore --runtime python37 --trigger-http
gcloud beta run deploy read-news-articles --image="gcr.io/endpoints-release/endpoints-runtime-serverless:1" --allow-unauthenticated --project=[YOUR GCP PROJECT ID] --platform managed
Read News Articles — openapi-functions.yaml
Image for post
Image for post
Firebase authentication method
gcloud endpoints services deploy openapi-functions.yaml --project [YOUR GCP PROJECT ID]
gcloud beta run services update read-news-articles --set-env-vars ENDPOINTS_SERVICE_NAME=[GENERATED SERVICE HOSTNAME] --project [YOUR GCP PROJECT ID] --platform managed
gcloud beta functions add-iam-policy-binding read_articles_firestore --member "serviceAccount:[Default compute service account] --role "roles/cloudfunctions.invoker" --project [YOUR GCP PROJECT ID]

Test your API

Endpoint Portal

Image for post
Image for post
Image for post
Image for post
Endpoints Developer Portal
Image for post
Image for post
Image for post
Image for post
Create a New API Key
Image for post
Image for post
API Key Created
Image for post
Image for post
Restrict API Key

Let’s test this out!

Test Endpoints Portal APIs

Test your API using Python

# Demo code sample. Not indended for production use.# See instructions for installing Requests module for Python
# http://docs.python-requests.org/en/master/user/install/
import requestsdef execute():
requestUrl = "https://[GENERATED SERVICE HOSTNAME]/readnewsarticlesuser/start"
requestBody = {
"entity": "Apple"
}
requestHeaders = {
"Authorization": "Bearer [YOUR_API_KEY]",
"Accept": "application/json",
"Content-Type": "application/json"
}
request = requests.post(requestUrl, headers=requestHeaders, json=requestBody)print request.contentif __name__ == "__main__":
execute()

Share your work

Last words

Image for post
Image for post
APIs & Services Screen
Image for post
Image for post
Manage API Screen
Image for post
Image for post

I hope you enjoyed this post. Please share your comments, feelings, improvements...

DeltaSharp

Innovative technology solutions tailored to finance