Geogram
Reputation: 140
Google Cloud API DomainMapping using Firebase Cloud Functions
I am trying to programmatically add a domain mapping to a service using Firebase Cloud Functions. So far was able to get the proper json field format when sending a POST request and receive a 200 success. Here is the body request/response:
Request:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "subdomain.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
}
Response:
{ apiVersion: 'domains.cloudrun.com/v1',
kind: 'DomainMapping',
metadata:
{ name: 'subdomain.example.com',
namespace: '123456789',
selfLink: '/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com',
uid: 'eiv0wr9f-8afec-47fdsf-fdsdc-fjosf0fne78',
resourceVersion: 'FFFJKA+F32',
generation: 1,
creationTimestamp: '2019-11-23T21:07:49.167253Z',
labels: { 'cloud.googleapis.com/location': 'us-central1' },
annotations:
{ 'serving.knative.dev/creator': '[email protected]',
'serving.knative.dev/lastModifier': '[email protected]' } },
spec: { routeName: 'service-name' },
status: {} }"
When checking the status of the DomainMapping, the response message includes "Caller is not authorized to administer the domain " even though the domain is verified with google domains. Is this an IAM issue or something else? Any insight would be helpful.
Here is the full response when requesting the status of the domain mapping:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"name": "subdomain.example.com",
"namespace": "123456789",
"selfLink": "/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com",
"uid": "fdns0fs5-8fw-437f-1514c-n89fwnnav0n",
"resourceVersion": "gn902fnfjd",
"generation": 1,
"creationTimestamp": "2019-11-23T21:07:49.167253Z",
"labels": {
"cloud.googleapis.com/location": "us-central1"
},
"annotations": {
"serving.knative.dev/creator": "[email protected]",
"serving.knative.dev/lastModifier": "[email protected]"
}
},
"spec": {
"routeName": "service-name"
},
"status": {
"conditions": [
{
"type": "Ready",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'subdomain.example.com'. If you own 'subdomain.example.com', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "CertificateProvisioned",
"status": "False",
"reason": "PermissionDenied",
"message": "Certificate will not be provisioned unless the domain is made routable.",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "DomainRoutable",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app'. If you own 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "Retry",
"status": "True",
"reason": "FailedUnknown",
"message": "System will retry after 0:59:59 from lastTransitionTime for attempt 7.",
"lastTransitionTime": "2019-11-23T23:18:06.067Z",
"severity": "Info"
}
],
"observedGeneration": 1
}
}
Upvotes: 0
Views: 746
Answers (1)
Geogram
Reputation: 140
Thanks to the help from @JohnHandley I was able to figure out the submission format using the --log-http flag on google sdk cdi and generate a request:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "domainMapping.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
};
Make sure you also add the service account to the Verified Owners list at google.com/webmasters/verification/home for the domain you are mapping.
Upvotes: 4
Related Questions
- Firebase Auth/unauthorized domain. Domain is not authorized
- Use custom domain for Google Cloud Function
- Use custom domain for firebase function http calls
- How do I serve firebase functions from a custom domain?
- Domain Mapping to point to a tag inside a service on Cloud Run
- Point custom domain to GCP cloud function without Firebase
- Google Cloud Function : Custom Domain via FIrebase
- Firebase function on custom domain without hosting
- Google cloud api for mapping custom domains to app
- Google domains not mapping to my app in GCloud