我正在尝试使用Firebase Cloud Functions以编程方式向服务添加域映射。到目前为止,在发送POST请求时能够获得正确的json字段格式,并获得200成功。这是正文请求/响应:
请求:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "subdomain.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
}
响应:
{ apiVersion: 'domains.cloudrun.com/v1',
kind: 'DomainMapping',
metadata:
{ name: 'subdomain.example.com',
namespace: '123456789',
selfLink: '/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com',
uid: 'eiv0wr9f-8afec-47fdsf-fdsdc-fjosf0fne78',
resourceVersion: 'FFFJKA+F32',
generation: 1,
creationTimestamp: '2019-11-23T21:07:49.167253Z',
labels: { 'cloud.googleapis.com/location': 'us-central1' },
annotations:
{ 'serving.knative.dev/creator': '[email protected]',
'serving.knative.dev/lastModifier': '[email protected]' } },
spec: { routeName: 'service-name' },
status: {} }"
[检查DomainMapping的状态时,即使使用Google网域验证了该网域,响应消息仍包含“未授权呼叫者管理该网域”。这是IAM问题还是其他问题?任何见解都会有所帮助。
这是请求域映射状态时的完整响应:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"name": "subdomain.example.com",
"namespace": "123456789",
"selfLink": "/apis/domains.cloudrun.com/v1/namespaces/123456789/domainmappings/subdomain.example.com",
"uid": "fdns0fs5-8fw-437f-1514c-n89fwnnav0n",
"resourceVersion": "gn902fnfjd",
"generation": 1,
"creationTimestamp": "2019-11-23T21:07:49.167253Z",
"labels": {
"cloud.googleapis.com/location": "us-central1"
},
"annotations": {
"serving.knative.dev/creator": "[email protected]",
"serving.knative.dev/lastModifier": "[email protected]"
}
},
"spec": {
"routeName": "service-name"
},
"status": {
"conditions": [
{
"type": "Ready",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'subdomain.example.com'. If you own 'subdomain.example.com', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "CertificateProvisioned",
"status": "False",
"reason": "PermissionDenied",
"message": "Certificate will not be provisioned unless the domain is made routable.",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "DomainRoutable",
"status": "False",
"reason": "PermissionDenied",
"message": "Caller is not authorized to administer the domain 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app'. If you own 'fdsfdsfsf-gsyjtfounzbunfetzf50.a.review.activit.app', you can obtain authorization by verifying ownership of the domain, or any of its parent domains, via the Webmaster Central portal: https://www.google.com/webmasters/verification/verification?domain=subdomain.example.com. We reccomend verifying ownership of the largest scope you wish to use with subdomains (eg. verify 'example.com' if you wish to map 'subdomain.example.com').",
"lastTransitionTime": "2019-11-23T21:07:49.719Z"
},
{
"type": "Retry",
"status": "True",
"reason": "FailedUnknown",
"message": "System will retry after 0:59:59 from lastTransitionTime for attempt 7.",
"lastTransitionTime": "2019-11-23T23:18:06.067Z",
"severity": "Info"
}
],
"observedGeneration": 1
}
}
感谢@JohnHandley的帮助,我能够使用google sdk cdi上的--log-http标志找出提交格式,并生成一个请求:
{
"apiVersion": "domains.cloudrun.com/v1",
"kind": "DomainMapping",
"metadata": {
"annotations": {},
"labels": {},
"name": "domainMapping.example.com",
"namespace": "project-id"
},
"spec": {
"routeName": "service-name"
},
"status": {}
};
请确保您也将服务帐户添加到您要映射的域的google.com/webmasters/verification/home的“已验证所有者”列表中。