Reputation: 211
Not able to configure secrets using cloudbuild.yaml to deploy to cloudrun for the purpose of dialogflow basicauth
I have designed a simple dialogflow and tried to enable basicauth by providing username and password in the code.It works.It is shown below(refer check_auth function):
app.py
The dialogflow works fine with the given username and password.I tried deploying to cloudrun via the CI/CD using cloudbuild.yaml and it works fine.
Now,I want to use secret manager to store the username and password instead of giving it in the code.
So,I created name:secret-username,value:myuser and name:secret-password,value:mypassword in the secret manager .Also,I reference the secrets in cloudrun as shown below:
Secret manager screenshot is shown below:
Also,I made changes to the code as shown below(I am referring the secret name to username instead of hardcoding my username value):
It got deployed successfuly to cloudrun via cloudbuild.But ,Dialogflow does not accept my username and password.It gives unauthenticated error when I dont give any credentials in dialogflow which is expected.But,when I give my username and password as ""myuser" and "mypassword" as mentioned in the secretmanager value,it gives webhookcallfailed:error:unavailable which is shown below:
The cloudbuild.yaml file is given below:
Also,I have enabled all the required permissions(secret manager,serviceaccount,cloudrun) in cloud build settings. Could you please help me out with this?Is this related to any permission issues or anything with the code?
Upvotes: 0
Views: 361
Answers (1)
Reputation: 75810
Can you replace your check_auth function by this one?
def check_auth(username, password):
return username == os.getenv('secret-username') and password == os.getenv('secret-password')
EDIT 1
Your first screenshot, it's clearly mentioned: Exposed as an Environment Variables. Therefore you simply have to read your secrets as an environment variable. In python os.getenv('...')
You can also load secrets as volume (at the end, files in Cloud Run). If you do so, read your secret as file.
Note: Your mistake is one reason for which I don't like python. Your code is buggy with unknown secret-username and secret-password, but no problem, you can deploy it, no check, no compilation!
Upvotes: 2
Related Questions
- Secret in Cloud Build to Cloud run step
- cloud build does not recognize build directory argument
- Google Cloud Platform: secret as build env variable
- Google cloud build with pack and secrets manager not accessing environment variables
- GCP secrets manager: how to give cloudbuild the right permission? I don't see it in the list of service accounts
- Google cloudbuild secrets not substituted
- gcloud alpha run deploy --set-secrets flag does not work: "should be either `latest` or a positive integer"
- Google Cloud Build doesn't substitute values in secrets section of cloudbuild.yaml
- Access google cloud secret inside cloud build yaml
- How to specify secretEnv to cloudbuild.yaml via gcloud cli args or environment variables