run with run.sh
The authentication code inside the api is not strictly required, if the cloud run service is run as --no-allow-unauthenticated With the --no-allow-unauthenticated flag, Google will prevent access to the instance if no proper Authorization header is provided. You can get passed the Authorization by adding the following header int he api call (eg Postman): Authorization: Bearer "id token" This same header is also used internally to get the user's email. In essence this is a double Authentication:
- First by Google requiring Authorization to access the cloud run instance
- Second inside the app where we check again.
Caveat: When performing a api call from a browser, the browser will issue a preflight OPTIONS request. This request does not have the Authorization header (by definition) and thus is forbidden by Google. As a result, the API call fails: https://groups.google.com/g/gce-discussion/c/WQUxKhZORjo?pli=1 The only option is to have the cloud run run as unauthenticated... This could be a solution: https://hodo.dev/posts/post-30-gcp-cloudrun-iap/
The calculations istself are performed by calc_structure.py in ANYstructure Continuous stiffeners calculate much slower due to the minimizing function for zstar in there.
- Put variables in environment file
- Setup build pipeline in GitHub
- Add ABS calculation
sudo docker build --tag eu.gcr.io/tsetools/bucklingapi:latest .
run the container: sudo docker run -d -p 8000:8080 --name bucklingapi --restart always eu.gcr.io/tsetools/bucklingapi
- gcloud auth login
- gcloud config set project tsetools
- create the account manually (needs to be Storage admin to be able to create buckets) and create the key and download it
- gcloud auth activate-service-account containerregistry@tsetools.iam.gserviceaccount.com --key-file=/home/frederik/Downloads/tsetools-0d4100049050.json
- gcloud auth print-access-token | sudo docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io
- sudo docker push eu.gcr.io/tsetools/bucklingapi:latest
- Create a first cloudrun by hand
- gcloud auth activate-service-account cloudrundeploy@tsetools.iam.gserviceaccount.com --key-file=/home/frederik/Downloads/tsetools-40c1865c4850.json
- cloudrundeploy@tsetools.iam.gserviceaccount.com needs to be added as a "service account user" on 512568009958-compute@developer.gserviceaccount.com for the following command to work
- gcloud run deploy bucklingapi --allow-unauthenticated --region europe-west1 --image eu.gcr.io/tsetools/bucklingapi
- don't run --no-allow-unauthenticated since it will give issues with preflight checks performed by the browser (see section authentication via google)